>>>>> "E" == Eric <[EMAIL PROTECTED]> writes:
>> I don't think we're on the same page on this. In my mind, VERY
>> FEW PEOPLE would know about my node's existence at all -- only
>> folks that I'd made out-of-band agreements with.
E> How anonymous is that? I thought the point is that you have no
E> idea who you are getting the data from or who requested the
E> data. By putting those sorts of measures into effect, we make
E> each cluster a target. People will try to gain trust, become
E> accepted into the cluster, than take advantage of the
E> vulnerabilities. I would much rather have anonymity.
OK, I still think I'm not explaining myself well enough.
Consider this simple network:
A - B - C - D - E
In this config, A only knows about node B, B only knows about A and C,
C only knows about B and D, and E only knows about D. However, A can
request a key from B that actually lives on E. The data will get
pulled over to the A through B. A _can't_ know that it originally came
from E.
I can get a widely distributed network while each node only knows
about and connects to a few other nodes. This is a good thing.
Note that I don't have to set up a trust between A and E. A and E
don't make direct connections to each other at all. Just A and B have
to trust each other. As long as B trusts some OTHER people, and THEY
trust OTHER people, and so on and so on, the network stays connected.
>> I don't think it would be a popularity contest at all. Even if
>> I was very trustworthy, I wouldn't set up an agreement with YOU
>> if you were untrustworthy.
E> It seems pretty elitist to deny requests to a computer because
E> they aren't on your list.
Damn straight. I don't like cops, lawyers, haX0rs or pheds, and I'm
real elitist about letting them connect to my node.
E> Freenet, to me, seems to be built around the principles of free
E> speech and free access to information to anyone. Trust lists
E> seem to impede the flow of information.
Yes, they do, but I don't think in the way you say. The probability is
that nodes will be less "bushy," with fewer references to other
nodes. This will make the chances of a request timing out higher. The
fixit for this is to increase the default HTL, as best as I can figger
out.
E> One last qualm before I shut up: Suppose an FBI agent outside
E> of your trust list requests data from the gateway to your
E> private network.
He gets rejected (remember, no connects from untrusted nodes). But for
the sake of your question, let's take it as a given that I've set up a
public gateway without restricting who can connect to that gateway.
E> The agent now knows for sure that it comes from someone inside
E> of that network (although finding out who is in that network
E> might be tough).
Of course not! My gateway would really suck if it only sent queries
INTO the subnet. Example:
Z
|
|
(elsewhere) --B-------C-------D-- (elsewhere)
|
|
+--+--+--+--+
| | | | |
E F G H I
Let's say that the phed is at Z, I'm C. E, F, G, H, I are in my
subnet. B and D are my trusted peers. Z sends me a request. I could
either route that request into my subnet or out to B or D. So Z can't
KNOW that the data came from my subnet.
---8<---
Let me reiterate that there are two concepts going on here:
1) "private networks," "clusters," "subnets"
A gateway node stands between a group of nodes and the greater
Freenet. Whenever a StoreData message passes through the gateway
from the greater Freenet to the protected group, or from the
protected group to the greater Freenet, the gateway rewrites the
dataSource so that it appears that the data came from the gateway.
This keeps "outside" addresses out of the routing tables of the
protected nodes, and "inside" addresses out of the routing tables
of outside nodes. In other words, it keeps the addresses of the
"protected" nodes hidden from the outside world, and vice versa.
2) Don't Talk To Strangers
A node (gateway, protected, otherwise) has a list of other nodes it
allows to connect to it, and that it connects to. Connections from
nodes not on the list are rejected. If it receives a StoreData with
a dataSource different from the node it received from, it changes
the source to the node it received from.
This prevents the node from being entrapped by some hostile
exterior node. An FBI node can't request a child porn document from
my node, have me request it from downstream nodes, then put me in
jail for providing him with child porn.
It also may help against some other attacks.
Both of these make for slower networks. However, they decrease the
propagation of addresses, and make nodes (not publishers or readers)
more anonymous.
~Mr. Bad
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/\____/\ Mr. Bad <[EMAIL PROTECTED]>
\ / Pigdog Journal | http://pigdog.org/ | *Stay*Real*Bad*
| (X \x)
( ((**) "If it's not bad, don't do it.
\ <vvv> If it's not crazy, don't say it." - Ben Franklin
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Freenet-dev mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
