On Friday 03 December 2010 16:03:26 Matthew Toseland wrote:
> On Friday 03 December 2010 14:09:04 Matthew Toseland wrote:
> > When a new opennet node is created, we create 40 ConnectionTokens.
> >
> > A ConnectionToken is basically just a public/private keypair.
> >
> > In order to validate the tokens and thus be able to use them, we ask 5
> > seednodes to sign our tokens. The seednodes require CAPTCHAs or some
> > similar basic scarcity mechanism that can be dealt with during the
> > installation process (one CAPTCHA per node, to sign the whole batch of
> > tokens). Unlike WoT CAPTCHAs, these can be generated once for each
> > challenge, with limits on how many can be sent per connection and IP
> > address (no more than N over period T). These limits could perhaps be
> > shared between the seednodes, possibly stored on Freenet in a similar
> > mechanism to what is described below. CAPTCHAs would also have a time
> > limit, to make it harder to reuse them or farm them out. Also, we can use
> > any kind of centralised or networked captcha - for instance, the
> > OCR-of-ancient-texts form - because the seednodes are not even pretending
> > to be invisible. If you need to be invisible you need to use darknet,
> > period.
>
> http://motherjones.com/kevin-drum/2010/08/price-captcha
> Most of the sites are in russian, this one's in english:
> http://www.beatcaptchas.com/prices.html
>
> If we say $8/1000 captcha's, as on this site, assuming that's on the high end
> based on the market analysis above, and if we say each introduction requires
> one successful captcha for each of the 5 nodes, that means for $80 you can
> introduce 2,000 nodes i.e. be able to use 80,000 connections, for a cost of
> $0.001 per connection.
>
> So there is very little point in trying to protect this - or Freetalk! - with
> CAPTCHAs.
>
> IP address scarcity may be an option however.
>
> If an attacker needs a separate IP address for every group of 40 connections,
> how much will this cost him? A fast freenet node, 40 connections with 3KB/sec
> each, would be quite high monthly transfer, so cheaper personal VPN services
> might not be enough ... otoh there are a LOT of such services, and most of
> them allow p2p. Say you need 12,000 connections, and you're limiting each to
> 20 connections to limit bandwidth usage, that might be $6000-$12000/mo ... It
> is likely that this is significantly higher than the cost if there is no IP
> scarcity limitation... There will be difficulties scaling up both on the
> other hand I bet that any entity attacking an 80,000 node network probably
> has cheaper ways to get IP addresses than an average end user does...
>
Even to reach the point where VPNs would be relevant, we'd have to globally
prohibit large numbers of IPs in the same range. I'm not sure we can do this?
What if we have a lot of people on the same ISP all using Freenet?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20101203/34d6bc7e/attachment.pgp>
