> > > Anyone in fear of having their Freenet shutdown *must have* this
> > > option.
> > No. There may be a way to address this concern, but this definitely isn't
> > it. It creates bottlenecks and central points of failure, and reduces
> > Freenet's ability to scale.
> Substantiate such claims. I've refuted your claims that clusters hurt the
> network already. My position is that clusters 1) don't break Freenet,
> 2) are the only way to stop MediaEnforcer-style attacks, 3) don't have to
> hurt Freenet efficiency at all if implemented properly.
Why are clusters better than just finding a server that you trust and
connecting to it using your client? This is functionality that is already
in Freenet and which doesn't create these crazy mini-gnutellas.
> So your answer is that there is no threat? I think you're presuming an
> overly weak attacker.
My official answer is that Freenet protects the anonymity of producers and
consumers of information, but not the actual operators of Freenet
nodes. The same is true of systems like Mixmaster which claim to be even
more strict than Freenet in terms of their security. My unofficial answer
is that any ISP who tries to do 64,000 DH key-exchanges with any of their
customers won't be in business for much longer.
> > scan would not be able to confirm the presence of a Freenet node without
> > the appropriate public key! Much more likely that they would just run a
> > Freenet node and harvest IP addresses from it.
>
> A very easy attack which can only be defeated by rejecting connections
> from unknown hosts.
But an attack which would allow them to harvest only a very small number
of IP addresses relative to the entire network, most of which will
probably not be within range of their shut-down ability (ie. gutsy
domestic universities, foreign universities, or small companies with their
own internet uplink with the types of connections that can't be cancelled
at a whim).
> A cluster acts just like a node, so it doesn't mess anything up.
So why should it not just be a node with clients hanging off it?
> Freenet will not become widely deployed if people are scared to use
> it.
Just like people were scared to use Napster?
> Therefore, it is imperative that protection be given to individual
> users.
My first answer is that protecting the anonymity of Freenet node operators
was never an aim of this project.
If someone wants to create such a system then they should write some
software which uses steganography to allow the transmission of hidden
encrypted messages through phone conversations which is resistent to
third-world quality phone-lines, and with precautions against
Tempest-style monitoring etc etc.
My second answer is that there is safety in numbers. Widely deploying
Freenet all over the world is the best defence against this.
My third answer is that this is a much bigger issue than whether people
can run Freenet nodes. Internet access is increasingly important, an
essential service. Your water company cannot arbitrarily cut-off your
water without a darn good reason. Internet access should be the same, and
I don't think that this is something we should just work-around in
software.
Ian.
PGP signature
