Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On Wed, 13 Jul 2005 14:53:38 +0200, you wrote: > > Matthew Toseland <[EMAIL PROTECTED]> wrote: > > > > I assume that the inserting node gets more blame than the surrounding > > > nodes and that blame does not stick around forever. Maybe for a very > > > long time, but definitely not forever. > > > > > > So I can surround my "inserter" with one (as above) or more layers of > > > nodes which act as "blame absorbers". > > > > > > When I insert evil stuff my "inserter" will be blamed for it. The nodes > > > next to it will get some fraction of the blame, but definitely less. > > > the nodes on the outer layer will get nearly no blame. > > > > They will get no blame, unless they oppose the complaint. > > They could even support the complaint. The "inserter" is expendable. Wrong. Inserters, Users (viewers / downloaders) and node operators are every one NOT expendable at all. - -- My gpg public key (0x92769D7E) can be found on my freesite: http://127.00.1:/[EMAIL PROTECTED]/mytwoce nts/23//m2ckey.html (you must be running freenet for this link to work) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) - GPGshell v3.44 iD8DBQFC1VFyz+9G5ZJ2nX4RAzH+AKD8rzoFT/pUypspt2It86qXr+ZTQACg7DKG BmzVjtvbdOz2C4GW2m5hnZU= =Q3JV -END PGP SIGNATURE- ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [Tech] Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
You're ignoring the readers. And the testers. On Wed, Jul 13, 2005 at 11:50:40AM -0400, Ken Snider wrote: > Matthew Toseland wrote: > >Which is *definitionally* bad. Even though the lack of censorship means > >the people who would most benefit from Freenet can't use it, only the > >people who don't care (because they're entirely amoral), or think the > >benefit outweighs the cost (because they're hardline libertarians like > >us). > > You keep saying that, I just don't see it as true. > > If someone wants to use freenet to distribute "morally" sound but "legally" > unsound information, and needs it out there badly enough (think freedom > fighter, etc), they *will* use freenet, regardless of the moral quality of > the other content on the medium. To them, I believe it's likely that > they'll care more about the anonymity and reliability of the network, > rather than what else is in transit. > > Ys, even *if* that means running a node that may otherwise carry > objectionable content (because, as you've pointed out, it'll likely not > only be illegal for them to run the node, but illegal for them to dissimate > their information. In that situation, are they *really* going to be worried > about CP charges?) > > --Ken. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [Tech] Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
Matthew Toseland wrote: Which is *definitionally* bad. Even though the lack of censorship means the people who would most benefit from Freenet can't use it, only the people who don't care (because they're entirely amoral), or think the benefit outweighs the cost (because they're hardline libertarians like us). You keep saying that, I just don't see it as true. If someone wants to use freenet to distribute "morally" sound but "legally" unsound information, and needs it out there badly enough (think freedom fighter, etc), they *will* use freenet, regardless of the moral quality of the other content on the medium. To them, I believe it's likely that they'll care more about the anonymity and reliability of the network, rather than what else is in transit. Ys, even *if* that means running a node that may otherwise carry objectionable content (because, as you've pointed out, it'll likely not only be illegal for them to run the node, but illegal for them to dissimate their information. In that situation, are they *really* going to be worried about CP charges?) --Ken. ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
On Wed, Jul 13, 2005 at 04:00:25PM +0200, Rainer Kupke wrote: > Matthew Toseland <[EMAIL PROTECTED]> wrote: > > > > How long would it take for the community to identify the outer layer of > > > "evilnet"? > > > Even a single person should be able to protect the "inserter" with 4-6 > > > layers of "blame absorbers". > > > > It would be obvious that every single evil insert has gone through that > > person's node. > > One of that person's nodes. And nobody would know that the nodes belong > to the same person. Oh, they would. Because the only way to get onto a network is to connect to people who know you. This means you have a severely limited number of connections to the rest of the network. This is a property of any darknet. > > > Because he has one node that connects to the rest of the network. > > After I establish my first node on a darknet I can create a new node and > have it connect to my first node. If the net is somewhat popular I > should be able to find people who want to join. I give them the address > of my new node. Sooner or later some of the newbies will make > connections to other nodes. Now my new node is established on the > network and I can start establishing the next one. You'll be severely limited nonetheless. > > Once I have a few established nodes I cut the connections between them > and use them to form the outer layer of my "evilnet". -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
Matthew Toseland <[EMAIL PROTECTED]> wrote: > > How long would it take for the community to identify the outer layer of > > "evilnet"? > > Even a single person should be able to protect the "inserter" with 4-6 > > layers of "blame absorbers". > > It would be obvious that every single evil insert has gone through that > person's node. One of that person's nodes. And nobody would know that the nodes belong to the same person. > Because he has one node that connects to the rest of the network. After I establish my first node on a darknet I can create a new node and have it connect to my first node. If the net is somewhat popular I should be able to find people who want to join. I give them the address of my new node. Sooner or later some of the newbies will make connections to other nodes. Now my new node is established on the network and I can start establishing the next one. Once I have a few established nodes I cut the connections between them and use them to form the outer layer of my "evilnet". ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
On Wed, Jul 13, 2005 at 02:53:38PM +0200, Rainer Kupke wrote: > Matthew Toseland <[EMAIL PROTECTED]> wrote: > > > > I assume that the inserting node gets more blame than the surrounding > > > nodes and that blame does not stick around forever. Maybe for a very > > > long time, but definitely not forever. > > > > > > So I can surround my "inserter" with one (as above) or more layers of > > > nodes which act as "blame absorbers". > > > > > > When I insert evil stuff my "inserter" will be blamed for it. The nodes > > > next to it will get some fraction of the blame, but definitely less. > > > the nodes on the outer layer will get nearly no blame. > > > > They will get no blame, unless they oppose the complaint. > > They could even support the complaint. The "inserter" is expendable. > > > > Before the nodes on my outer layer get blamed for talking to evil nodes > > > I shutdown the core of my little "evilnet" and replace it with new > > > nodes. > > > > If complaints are repeatedly held up against new nodes connected to a > > specific small number of nodes, it should be possible for the community > > to notice this and take action against _them_. > > They are expendable unless they belong to the outer layer. > > The inner layers can be replaced every two weeks, the outer layers every > year or so. Obviously I have to keep the outermost layer. > > > The network topology has to be open for premix routing to work, and the > > node which was punished is revealed when a complaint is upheld. > > How long would it take for the community to identify the outer layer of > "evilnet"? > Even a single person should be able to protect the "inserter" with 4-6 > layers of "blame absorbers". It would be obvious that every single evil insert has gone through that person's node. Because he has one node that connects to the rest of the network. The blame absorbers only connect to his node, and to other blame absorbers, and to the nodes which send the data out. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
Matthew Toseland <[EMAIL PROTECTED]> wrote: > > I assume that the inserting node gets more blame than the surrounding > > nodes and that blame does not stick around forever. Maybe for a very > > long time, but definitely not forever. > > > > So I can surround my "inserter" with one (as above) or more layers of > > nodes which act as "blame absorbers". > > > > When I insert evil stuff my "inserter" will be blamed for it. The nodes > > next to it will get some fraction of the blame, but definitely less. > > the nodes on the outer layer will get nearly no blame. > > They will get no blame, unless they oppose the complaint. They could even support the complaint. The "inserter" is expendable. > > Before the nodes on my outer layer get blamed for talking to evil nodes > > I shutdown the core of my little "evilnet" and replace it with new > > nodes. > > If complaints are repeatedly held up against new nodes connected to a > specific small number of nodes, it should be possible for the community > to notice this and take action against _them_. They are expendable unless they belong to the outer layer. The inner layers can be replaced every two weeks, the outer layers every year or so. Obviously I have to keep the outermost layer. > The network topology has to be open for premix routing to work, and the > node which was punished is revealed when a complaint is upheld. How long would it take for the community to identify the outer layer of "evilnet"? Even a single person should be able to protect the "inserter" with 4-6 layers of "blame absorbers". ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
Matthew Toseland <[EMAIL PROTECTED]> wrote: > On Wed, Jul 13, 2005 at 11:52:00AM +0200, Rainer Kupke wrote: > > Matthew Toseland <[EMAIL PROTECTED]> wrote: > > > > [voting against nodes that insert objectionable content] > > > > After a night of sleep I came up with two strategies to defeat your > > idea: > > > > First strategy: > > 1. run several small nodes and never use them to insert stuff. These > > nodes are "good citizerns". > > This is perfectly valid. You can run a node. > > > > 2. Create a new node N > > > > 3. Use N to insert content > > > > 4. Delete N before reprimands hit. > > This is quite possible, however I don't see how you are going to be able > to repeat it, due to the nature of a darknet. Also it might hurt the > people you connected through. I assume that the inserting node gets more blame than the surrounding nodes and that blame does not stick around forever. Maybe for a very long time, but definitely not forever. So I can surround my "inserter" with one (as above) or more layers of nodes which act as "blame absorbers". When I insert evil stuff my "inserter" will be blamed for it. The nodes next to it will get some fraction of the blame, but definitely less. the nodes on the outer layer will get nearly no blame. Before the nodes on my outer layer get blamed for talking to evil nodes I shutdown the core of my little "evilnet" and replace it with new nodes. ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
On Wed, Jul 13, 2005 at 01:41:37PM +0200, Rainer Kupke wrote: > Matthew Toseland <[EMAIL PROTECTED]> wrote: > > On Wed, Jul 13, 2005 at 11:52:00AM +0200, Rainer Kupke wrote: > > > Matthew Toseland <[EMAIL PROTECTED]> wrote: > > > > > > [voting against nodes that insert objectionable content] > > > > > > After a night of sleep I came up with two strategies to defeat your > > > idea: > > > > > > First strategy: > > > 1. run several small nodes and never use them to insert stuff. These > > > nodes are "good citizerns". > > > > This is perfectly valid. You can run a node. > > > > > > 2. Create a new node N > > > > > > 3. Use N to insert content > > > > > > 4. Delete N before reprimands hit. > > > > This is quite possible, however I don't see how you are going to be able > > to repeat it, due to the nature of a darknet. Also it might hurt the > > people you connected through. > > I assume that the inserting node gets more blame than the surrounding > nodes and that blame does not stick around forever. Maybe for a very > long time, but definitely not forever. > > So I can surround my "inserter" with one (as above) or more layers of > nodes which act as "blame absorbers". > > When I insert evil stuff my "inserter" will be blamed for it. The nodes > next to it will get some fraction of the blame, but definitely less. > the nodes on the outer layer will get nearly no blame. They will get no blame, unless they oppose the complaint. > > Before the nodes on my outer layer get blamed for talking to evil nodes > I shutdown the core of my little "evilnet" and replace it with new > nodes. If complaints are repeatedly held up against new nodes connected to a specific small number of nodes, it should be possible for the community to notice this and take action against _them_. The network topology has to be open for premix routing to work, and the node which was punished is revealed when a complaint is upheld. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
What a terrible idea. Censorship by majority is still censorship. Ian. On 11 Jul 2005, at 16:17, Matthew Toseland wrote: Here's a really whacky idea I came up with on the train back from Strasbourg (please read the whole email before flaming me): Personally I support Freenet being uncensorable and providing untraceability for posters, because there is no way to prevent censorship abuses by the powerful (including governments and corporations), while still allowing censorship to prevent e.g. child porn. I propose below a means that could provide some form of self regulation, under locally democratic control, which would provide a powerful deterrent to people posting objectionable materials. This is only possible because of the trust relationships underlying a scalable darknet such as Freenet 0.7/Dark. There is an argument that unpopular content will fall out of the current Freenet; it won't if the original insertor keeps on pushing it back in. Maybe, just maybe, we can have our cake and eat it too. The result would be that freenet could be far more mainstream, usable by far more people (e.g. oppressed religious groups in china are likely to object to all the kiddy porn on freenet), and its content would reflect what its users want rather than what the state wants. Definition: Premix ID: - Each node has two identities. One is its pubkey and physical location to connect to it. This is only given out to its immediate peers, and they may not forward it, on a darknet. The second is its premix pubkey. This is the key which is used to encrypt premix-routed traffic which is sent through the node. This is public, along with the node's connections, in order for premix routing to work through the darknet - we have to expose the network topology in order for premix routing to work. Client C finds some content he finds objectionable. He sends out a Complaint to his friend nodes. This contains a pointer to the objectionable content, and possibly C's premix ID (I'm not decided on this bit). Users can then verify the complaint - voting for it to be upheld or not and for what sanctions to be applied. If it is not upheld by enough nodes it is not propagated, so complaint spamming will be severely limited. Each node can decide whether the complaint is upheld. It will take into account its own vote if any (weight 1), the votes of its friend nodes (weight 1), and the votes of those nodes connected to its friend nodes (probably weighted 1/n where n is the number of nodes connected to a given friend node). There would be turnout requirements (say 2/3), and supermajority requirements which depend on what sanction is called for. If the complaint is upheld, then the network will attempt to trace the insertor, and possibly any requestors, of the data: If a node was on the insert path, AND it considers the complaint to have been upheld, it will check its records and attempt to trace the request. As will the next node on the chain. The original insertor will be found, and its premix ID exposed. Possible sanctions are: - Reprimand; upheld complaint is recorded on the node's record - Premix disconnect; node may no longer use premix routing - Full disconnect; node may not remain connected to the network. Requires a larger supermajority. - Blow the node; node's IP address is broadcast (endangers the network itself, would require 80% or so majority, and could be turned off on some networks). The idea here is that we produce a deterrant. Nodes won't insert content regarded as bad by the majority of a particular network, because of the risks involved, and therefore complaints should be rare. The content itself would be blocked, but only after the vote, which could take a reasonable time - say 2 weeks - during which any interested individuals could inspect the objectionable content (many will simply follow others, but this is not a problem as the content _is_ available; provided the system works, complaints will be rare and people will not have to browse through filth on a regular basis). This should keep the whole process accountable. If the original insertor is not found, we can get as close as possible. Since there will likely be several blocks to trace (even if the objectionable content is a single file), and since we know the network topology, we can do some form of correlation attack - and narrow it down to a particular area of the network. If it is one node, we can take the above sanctions; if it is a group of nodes (or a particular link or set of links), then we can break those connections and fork the network into two disconnected darknets with different standards (it should be reasonably easy to determine this given enough data to trace). Votes would have to be public for this to work (at least, public to nearby nodes). There is no secret ballot. On the other hand, since we are assuming that Freenet nodes are illegal in any case in the
Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
On Wed, Jul 13, 2005 at 11:08:25AM +0100, Ian Clarke wrote: > What a terrible idea. Censorship by majority is still censorship. Personally I've always taken the view that censorship is not evil in and of itself, but that the powerful must not be allowed to wield it to suppress criticism of themselves. The proposal puts the power of censorship back in the hands of the majority (in a given community), lets people who don't like the community's standards go elsewhere (en bloc), and creates an effective deterrent. > > Ian. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
Which is *definitionally* bad. Even though the lack of censorship means the people who would most benefit from Freenet can't use it, only the people who don't care (because they're entirely amoral), or think the benefit outweighs the cost (because they're hardline libertarians like us). On Wed, Jul 13, 2005 at 11:08:25AM +0100, Ian Clarke wrote: > What a terrible idea. Censorship by majority is still censorship. > > Ian. > > On 11 Jul 2005, at 16:17, Matthew Toseland wrote: > > >Here's a really whacky idea I came up with on the train back from > >Strasbourg (please read the whole email before flaming me): > > > >Personally I support Freenet being uncensorable and providing > >untraceability for posters, because there is no way to prevent > >censorship abuses by the powerful (including governments and > >corporations), while still allowing censorship to prevent e.g. > >child porn. I propose below a means that could provide some form of > >self > >regulation, under locally democratic control, which would provide a > >powerful deterrent to people posting objectionable materials. This is > >only possible because of the trust relationships underlying a scalable > >darknet such as Freenet 0.7/Dark. There is an argument that unpopular > >content will fall out of the current Freenet; it won't if the original > >insertor keeps on pushing it back in. Maybe, just maybe, we can > >have our > >cake and eat it too. The result would be that freenet could be far > >more > >mainstream, usable by far more people (e.g. oppressed religious > >groups in > >china are likely to object to all the kiddy porn on freenet), and its > >content would reflect what its users want rather than what the state > >wants. > > > >Definition: Premix ID: > >- Each node has two identities. One is its pubkey and physical > >location > > to connect to it. This is only given out to its immediate peers, and > > they may not forward it, on a darknet. The second is its premix > > pubkey. This is the key which is used to encrypt premix-routed > >traffic > > which is sent through the node. This is public, along with the > >node's > > connections, in order for premix routing to work through the > >darknet - > > we have to expose the network topology in order for premix > >routing to > > work. > > > >Client C finds some content he finds objectionable. > >He sends out a Complaint to his friend nodes. This contains a > >pointer to > >the objectionable content, and possibly C's premix ID (I'm not decided > >on this bit). > >Users can then verify the complaint - voting for it to be upheld or > >not > >and for what sanctions to be applied. If it is not upheld by enough > >nodes it is not propagated, so complaint spamming will be severely > >limited. > >Each node can decide whether the complaint is upheld. It will take > >into > >account its own vote if any (weight 1), the votes of its friend nodes > >(weight 1), and the votes of those nodes connected to its friend nodes > >(probably weighted 1/n where n is the number of nodes connected to a > >given friend node). There would be turnout requirements (say 2/3), and > >supermajority requirements which depend on what sanction is called > >for. > > > >If the complaint is upheld, then the network will attempt to trace the > >insertor, and possibly any requestors, of the data: > > > >If a node was on the insert path, AND it considers the complaint to > >have > >been upheld, it will check its records and attempt to trace the > >request. > >As will the next node on the chain. The original insertor will be > >found, > >and its premix ID exposed. Possible sanctions are: > >- Reprimand; upheld complaint is recorded on the node's record > >- Premix disconnect; node may no longer use premix routing > >- Full disconnect; node may not remain connected to the network. > > Requires a larger supermajority. > >- Blow the node; node's IP address is broadcast (endangers the network > > itself, would require 80% or so majority, and could be turned off on > > some networks). > > > >The idea here is that we produce a deterrant. Nodes won't insert > >content > >regarded as bad by the majority of a particular network, because of > >the > >risks involved, and therefore complaints should be rare. The content > >itself would be blocked, but only after the vote, which could take a > >reasonable time - say 2 weeks - during which any interested > >individuals > >could inspect the objectionable content (many will simply follow > >others, > >but this is not a problem as the content _is_ available; provided the > >system works, complaints will be rare and people will not have to > >browse > >through filth on a regular basis). This should keep the whole process > >accountable. > > > >If the original insertor is not found, we can get as close as > >possible. > >Since there will likely be several blocks to trace (even if the > >objectionable content is a single file), and since we know the ne
Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
On Wed, Jul 13, 2005 at 11:52:00AM +0200, Rainer Kupke wrote: > Matthew Toseland <[EMAIL PROTECTED]> wrote: > > [voting against nodes that insert objectionable content] > > After a night of sleep I came up with two strategies to defeat your > idea: > > First strategy: > 1. run several small nodes and never use them to insert stuff. These > nodes are "good citizerns". This is perfectly valid. You can run a node. > > 2. Create a new node N > > 3. Use N to insert content > > 4. Delete N before reprimands hit. This is quite possible, however I don't see how you are going to be able to repeat it, due to the nature of a darknet. Also it might hurt the people you connected through. > > > Second strategy: > Spread the blame! > Create a new data format that uses data inserted by other people as a > one time pad to encrypt your data before insertion. > > Inserting: > 1. Create your document (m). > 2. Find some data (n,o,p,...) that is at least as large as your >document. >Be careful to pick (n,o,p,...) so that it is difficult to tell which >piece is m (Parts of splitfiles or encrypted documents should work) > 3. Calculate m' = m XOR n XOR o XOR p ... > 4. Publish m'. > > Retrieving: > 1. Retrieve m',n,o,p,... > 2. Calculate m = m' XOR n XOR o XOR p ... > > Now you need to reprimand the creators of multiple documents just to get > at one. Variants of this have been around forever. It is likely that we could identify which parts were most recent, given an upheld complaint. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
I'm not sure that what you suggest is possible or helpful... It is inevitable that content's popularity will vary from time to time... And with per node failure tables it should be possible to find it on the occasional somewhat-off-specialization node with a big store given enough requests... On Tue, Jul 12, 2005 at 08:34:13PM +0200, Rainer Kupke wrote: > Matthew Toseland <[EMAIL PROTECTED]> wrote: > > > On Tue, Jul 12, 2005 at 04:06:08PM +0200, Rainer Kupke wrote: > > > > When a node drops data have it remember the hash for a *long* time. If > > > > somebody tries to reinsert the data just act as if the insertion was > > > > successfull and ignore it. > > > Well, sometimes it's legitimate to reinsert data... > > It is still not impossible to reinsert data. It just depends on the > value of "long time". > > There is only a problem for data that has "recently" fallen out of the > net. > > > How about this variant of my suggestion: > If somebody tries to reinsert the data forward the insert as always, but > never cache the data yourself. > > The insert will be routed as always. > If all nodes in the "target area" have the data blacklisted it will not > be inserted. > On the first reinsert there should be some nodes that don't have it > blacklisted. > The result should be good enough, especially if there are people waiting > for the data (and generating requests until it shows up). > > Subsequent inserts will become more and more difficult as more nodes > blacklist the data. > > Obviously the value of "long time" must be large enough that all nodes > in the "target area" eventually blacklist unpopular data if it is > reinserted in short intervals. > > Maybe "long time" should be dependent on how often the data has dropped > out of the net. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
Well, sometimes it's legitimate to reinsert data... On Tue, Jul 12, 2005 at 04:06:08PM +0200, Rainer Kupke wrote: > Matthew Toseland <[EMAIL PROTECTED]> wrote: > > > > When a node drops data have it remember the hash for a *long* time. If > > > somebody tries to reinsert the data just act as if the insertion was > > > successfull and ignore it. > > > > What if they just insert it locally on their own node and then propagate > > it by requests? > > If my understanding of request routing is correct a request will be > routed toward the region of the net where the requested data *should* > reside. > > They will be able to insert their data on their own node. > To propagate the data they have to make requests to other nodes. Those > requests will be routed toward the region of the net where the requested > data *should* reside and fail there. > > The only exception is when they control nodes that are right where the > data should reside. Then they can insert locally and propagate the data > with a few requests from random nodes. > > Unless they operate lots of nodes they won't be able to do this for a > relevant portion of their data. > > > We can't interfere with requests propagating data without dire > > consequences, and only dealing with inserts would be impotent. > > I don't suggest to change the behaviour of requests. > > If an insert is unable to place the data where requests will find it the > requests will fail and the data will not propagate. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
[freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
Matthew Toseland <[EMAIL PROTECTED]> wrote: > > When a node drops data have it remember the hash for a *long* time. If > > somebody tries to reinsert the data just act as if the insertion was > > successfull and ignore it. > > What if they just insert it locally on their own node and then propagate > it by requests? If my understanding of request routing is correct a request will be routed toward the region of the net where the requested data *should* reside. They will be able to insert their data on their own node. To propagate the data they have to make requests to other nodes. Those requests will be routed toward the region of the net where the requested data *should* reside and fail there. The only exception is when they control nodes that are right where the data should reside. Then they can insert locally and propagate the data with a few requests from random nodes. Unless they operate lots of nodes they won't be able to do this for a relevant portion of their data. > We can't interfere with requests propagating data without dire > consequences, and only dealing with inserts would be impotent. I don't suggest to change the behaviour of requests. If an insert is unable to place the data where requests will find it the requests will fail and the data will not propagate. ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
On Tue, Jul 12, 2005 at 01:03:08PM +0200, Rainer Kupke wrote: > Matthew Toseland <[EMAIL PROTECTED]> wrote: > > > There is an argument that unpopular content will fall out of the current > > Freenet; it won't if the original insertor keeps on pushing it back in. > > What if you simply make it more difficult to push stuff back in? > > When a node drops data have it remember the hash for a *long* time. If > somebody tries to reinsert the data just act as if the insertion was > successfull and ignore it. What if they just insert it locally on their own node and then propagate it by requests? We can't interfere with requests propagating data without dire consequences, and only dealing with inserts would be impotent. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
[freenet-chat] Crazy idea: How trust in darknets enables secure democratic censorship
Here's a really whacky idea I came up with on the train back from Strasbourg (please read the whole email before flaming me): Personally I support Freenet being uncensorable and providing untraceability for posters, because there is no way to prevent censorship abuses by the powerful (including governments and corporations), while still allowing censorship to prevent e.g. child porn. I propose below a means that could provide some form of self regulation, under locally democratic control, which would provide a powerful deterrent to people posting objectionable materials. This is only possible because of the trust relationships underlying a scalable darknet such as Freenet 0.7/Dark. There is an argument that unpopular content will fall out of the current Freenet; it won't if the original insertor keeps on pushing it back in. Maybe, just maybe, we can have our cake and eat it too. The result would be that freenet could be far more mainstream, usable by far more people (e.g. oppressed religious groups in china are likely to object to all the kiddy porn on freenet), and its content would reflect what its users want rather than what the state wants. Definition: Premix ID: - Each node has two identities. One is its pubkey and physical location to connect to it. This is only given out to its immediate peers, and they may not forward it, on a darknet. The second is its premix pubkey. This is the key which is used to encrypt premix-routed traffic which is sent through the node. This is public, along with the node's connections, in order for premix routing to work through the darknet - we have to expose the network topology in order for premix routing to work. Client C finds some content he finds objectionable. He sends out a Complaint to his friend nodes. This contains a pointer to the objectionable content, and possibly C's premix ID (I'm not decided on this bit). Users can then verify the complaint - voting for it to be upheld or not and for what sanctions to be applied. If it is not upheld by enough nodes it is not propagated, so complaint spamming will be severely limited. Each node can decide whether the complaint is upheld. It will take into account its own vote if any (weight 1), the votes of its friend nodes (weight 1), and the votes of those nodes connected to its friend nodes (probably weighted 1/n where n is the number of nodes connected to a given friend node). There would be turnout requirements (say 2/3), and supermajority requirements which depend on what sanction is called for. If the complaint is upheld, then the network will attempt to trace the insertor, and possibly any requestors, of the data: If a node was on the insert path, AND it considers the complaint to have been upheld, it will check its records and attempt to trace the request. As will the next node on the chain. The original insertor will be found, and its premix ID exposed. Possible sanctions are: - Reprimand; upheld complaint is recorded on the node's record - Premix disconnect; node may no longer use premix routing - Full disconnect; node may not remain connected to the network. Requires a larger supermajority. - Blow the node; node's IP address is broadcast (endangers the network itself, would require 80% or so majority, and could be turned off on some networks). The idea here is that we produce a deterrant. Nodes won't insert content regarded as bad by the majority of a particular network, because of the risks involved, and therefore complaints should be rare. The content itself would be blocked, but only after the vote, which could take a reasonable time - say 2 weeks - during which any interested individuals could inspect the objectionable content (many will simply follow others, but this is not a problem as the content _is_ available; provided the system works, complaints will be rare and people will not have to browse through filth on a regular basis). This should keep the whole process accountable. If the original insertor is not found, we can get as close as possible. Since there will likely be several blocks to trace (even if the objectionable content is a single file), and since we know the network topology, we can do some form of correlation attack - and narrow it down to a particular area of the network. If it is one node, we can take the above sanctions; if it is a group of nodes (or a particular link or set of links), then we can break those connections and fork the network into two disconnected darknets with different standards (it should be reasonably easy to determine this given enough data to trace). Votes would have to be public for this to work (at least, public to nearby nodes). There is no secret ballot. On the other hand, since we are assuming that Freenet nodes are illegal in any case in the long term on a darknet, and since nobody who isn't trusted by you can find your IP address, people should be able to vote in accordance with their consciences. Technical forms of voterigging w