[freenet-chat] Freenet 0,5 or 0,7
NextGen$: Idon't think you should call people trolls who are merely trying to expose theweaknesses of freenet to make it better. Isn't that what you guys want us to do? We're all in the same boat here. You stated that you believe computer based attacks on Freenet are much easier than social engineering, and therefore support the factthat freenet should be an invite only network. But, I don't think this model's going to work, for several reasons: First, the guiding principle behind freenet right now is anonymity in the numbers of a large number of users doing all sorts of different things. They may easily know you're using freenet, butit'sextremely difficult to prove WHAT you downloaded. In other word it's very difficult to getspecific evidence against a specific freenet user. True, if freenet becomes illegal, the opennet may not work, but what's the worse that's going to happen? They put up a national firewall making freenet unusable, orfreenet users will just get a message from their ISP saying they better stop or they'll be kicked off. This may not happen until 3-5 years from now, even though it may be illegal on paper in France already. The darknet concept does not provide this sort of anonymity, you are exposed to the people you "trust", I haven't heard a single response to the question: what happens if someone in your darknet gets busted or a spy manages to infiltrate by joining? They instantly have reasonable grounds to assume that you are engaged in the same activity, since you're part of the same ring. This should be enough to bust you as well. They also now have the ability to specifically monitor WHAT you downloaded. Plus your "trusted" friend could easily rat on you. And that's that. How can you underestimate the importance of this? In contrast in opennet if a user gets busted, yes they may get a seedfile of hundreds of different users in many different countries all engaged in differentactivities. That's nice, they know all these people are using freenet, but it will not give them specific evidence against anyone, unless they do some extremely complex traffic analysis, spanning multiple countries and ISPs. And your comment about social engineering being more difficult, that doesn't really apply to today's situation, since right now all it takes is going on IRC to join. When is freenet planning to go underground then? I guess the entire 0,7 testing group will have to break into groups of darknets of 2-3-4 people that trust each other in real life. If it goes underground with a few hundred hard core enthusiasts, where's the fresh content going to come from? And half will be left outside without a darknet. I personally willhave to form a one person darknet then. Van ---Original Message--- From: NextGen$ Date: 08/28/06 19:46:46 To: [EMAIL PROTECTED] Cc: chat@freenetproject.org Subject: Re: [freenet-chat] Freenet 0,5 or 0,7 * [EMAIL PROTECTED] [EMAIL PROTECTED] [2006-08-28 12:51:28]: On 8/28/06, NextGen$ [EMAIL PROTECTED] wrote: * [EMAIL PROTECTED] [EMAIL PROTECTED] [2006-08-28 11:13:24]: [snip.] On 8/28/06, NextGen$ [EMAIL PROTECTED] wrote: * - [EMAIL PROTECTED] [2006-08-27 19:45:27]: How do you explain that all terrorist cells haven't been busted so ? Um...they're small groups of people that know and trust each other really well. And they're isolated. That'd be like having a few hundred 50-100 person darknets with no communication between them and people only invite the people they've known for many, many years. You shouldn't connect to people you don't trust, full stop. If I only connected to people I trust I'd end up with a darknet of 2. That's not very useful. That's usefull. Also, it just isn't realistic to think that people will know others in real life that they can trust with the kind of things they need anonymity for. A minority of people will have such connections, but the majority will not! This will mean that for freenet to be viable it will always need to have a public mechanism for joining. That's debatable... Gmail hadn't and has been successfull. How the hell can you even CONSIDER comparing Gmail to freenet? Gmail isn't anonymous. Gmail is an invite-only system as freenet Freenet isn't really invite only. how so ? If I invite a government agent to Gmail, that's not gonna screw me over. It won't on freenet either... It might. Well, there's no possibility of that at all on Gmail. Why do you think they keep who has introduced you then ? I bet that it's a convenient way of fighting against spam. The catch a spammer and ensure that his "invitees" aren't spammer. I don't have to send a file to someone to get them to join Gmail. You've to send them a mail, wich is kinda the same thing. ehh...not really. You just type their email addy in a box. We could have the same thing on freenet. Maybe we will. There's no s
[freenet-chat] Freenet 0,5 or 0,7
Thanks for your response, you've convinced me on most points. I still have two questions: So what you're saying is that ifa singledirect peer becomes a traitor, it would not necessarily leadto instant knowledge of what your are downloading, only if most of your direct peersbecome traitors and work together. So I imagine, this would mean that the more direct peersan individualhas, thesafer he is. But,most freenet userswould probably not have more than 1 or 2 or 3 in real life. First question: So once real life possibilities are exhausted, where can onefind enough direct peers to be safe? What's going to happen is there's going to be a well integrated main darknetand a lot of these smaller darknets that aren't able to integrate because none of the membersknows anyone in the main darknet. So they'll ceaseto exist. I might as well have 15 direct peers I trust, if none of us knows someone in the big darknet, there's nothing we can do. Therefore only people already integrated into the main darknet will be able to invitenew members, meaning the majority of newusers will not be able to join the darknet, and be left out in the open(net). Second question: Is there a solution to this, or will most people infact not be able to benefit from darknet? One possible idea: If someone has enough direct peers, then it would be safe for him to take on a few unknown newbies and make them intodirect peers, and this could be a way to allow unknown members (or unintegrated darknets) to join. ---Original Message--- From: David Sowder (Zothar) Date: 08/29/06 20:09:44 To: chat@freenetproject.org Cc: - Subject: Re: [freenet-chat] Freenet 0,5 or 0,7 - wrote: NextGen$: I don't think you should call people trolls who are merely trying to expose the weaknesses of freenet to make it better. Isn't that what you guys want us to do? We're all in the same boat here. You stated that you believe computer based attacks on Freenet are much easier than social engineering, and therefore support the fact that freenet should be an invite only network. True darknet: the target node can only be attacked socially assuming that: 1) "the bad guys" don't know which machines are running a Freenet node (i.e. they don't know what machine to target for a node) if there is in-packet signature on Freenet traffic an the Freenet packets are indistinguishable from other Internet traffic 2) "the bad guys" haven't confiscated a direct peer of the target node Opennet: the target node can be attacked electronically because: 1) the target node will potentially connect to anyone who wants a connection 2) "the bad guys" simply need to pretend to be a lot of anyones But, I don't think this model's going to work, for several reasons: First, the guiding principle behind freenet right now is anonymity in the numbers of a large number of users doing all sorts of different things. They may easily know you're using freenet, but it's extremely difficult to prove WHAT you downloaded. In other word it's very difficult to get specific evidence against a specific freenet user. True darknet anonymity: 1) the target node's traffic is anonymous to all non-direct peers, including "the bad guys" (unless they manage to get a direct peer with the target node), assuming the attackability points I mentioned above 2) the target node's traffic is anonymous to the direct peers in the sense that all or most of target node's direct peers would have to collaborate using statistical attacks to determine what the target node requested, inserted or stored 3) I'm not sure about this part, but "the bad guys" may not even be able to know what was contained in the traffic going through them unless they also had the URI of the resources being requested or inserted (i.e., if they don't have the decrypt keys, they don't know what's in the packet) Opennet anonymity: 1) the target node's traffic is anonymous in the same way that 1, 2 and 3 of "True darknet anonymity" above are still true, but becoming all or most of the peers for a target node is automatable, unlike true darknet, which requires humans to initiate each peering relationship. True, if freenet becomes illegal, the opennet may not work, but what's the worse that's going to happen? They put up a national firewall making freenet unusable, or freenet users will just get a message from their ISP saying they better stop or they'll be kicked off. This may not happen until 3-5 years from now, even though it may be illegal on paper in France already. Depends on what kind of illegal we're talking about.Some places, the penalties may be much more severe than others. The darknet concept does not provide this sort of anonymity, you are exposed to the people you "trust", I haven't heard a single response to the question: what happens if someone in your darknet gets busted or a spy manages to infiltrate by joining? They instant
Re: [freenet-chat] Freenet 0,5 or 0,7
On Tue, Aug 29, 2006 at 06:43:07PM +0200, - wrote: You stated that you believe computer based attacks on Freenet are much easier than social engineering, and therefore support the fact that freenet should be an invite only network. But, I don't think this model's going to work, for several reasons: First, the guiding principle behind freenet right now is anonymity in the numbers of a large number of users doing all sorts of different things. They may easily know you're using freenet, but it's extremely difficult to prove WHAT you downloaded. In other word it's very difficult to get specific evidence against a specific freenet user. It's not *that* difficult. There are correlation attacks, and there is the whole caching issue - either your peers can tell what you've requested for sure (don't cache locally), or your peers *and* anyone who seizes your store can tell (cache locally). True, if freenet becomes illegal, the opennet may not work, but what's the worse that's going to happen? They put up a national firewall making freenet unusable, or freenet users will just get a message from their ISP saying they better stop or they'll be kicked off. This may not happen until 3-5 years from now, even though it may be illegal on paper in France already. And if we aren't ready to switch to a pure darknet, what then? The darknet concept does not provide this sort of anonymity, you are exposed to the people you trust, Not significantly more than your exposure to people you _don't_ trust on opennet. It's pretty much the same thing, except on darknet you choose who to trust; on opennet you have no choice. I haven't heard a single response to the question: what happens if someone in your darknet gets busted or a spy manages to infiltrate by joining? They instantly have reasonable grounds to assume that you are engaged in the same activity, since you're part of the same ring. This should be enough to bust you as well. Or they could just check who you've been emailing/SMSing/calling lately. Which is why they have data retention, wiretapping etc powers. They also now have the ability to specifically monitor WHAT you downloaded. How so? Plus your trusted friend could easily rat on you. And that's that. Sure, treachery is a big problem. Opennet is a bigger problem; treachery is more expensive than harvesting, it's more expensive even than harvesting+ubernodes+sybil etc attacks on an opennet. How can you underestimate the importance of this? In contrast in opennet if a user gets busted, yes they may get a seedfile of hundreds of different users in many different countries all engaged in different activities. That's nice, they know all these people are using freenet, but it will not give them specific evidence against anyone, unless they do some extremely complex traffic analysis, spanning multiple countries and ISPs. The authorities don't need to bust anybody. All they need to do is download the node, harvest, and they can quickly get a picture of all nodes worldwide - including those within their jurisdiction. And your comment about social engineering being more difficult, that doesn't really apply to today's situation, since right now all it takes is going on IRC to join. When is freenet planning to go underground then? #freenet-refs is for bootstrapping and testing. It's a sort of pseudo-opennet. True darknet underground connections happen through other means. I guess the entire 0,7 testing group will have to break into groups of darknets of 2-3-4 people that trust each other in real life. Why must darknets be so small? I see no reason at all to expect them to be that small. I see every reason to expect true darknets to grow and amalgamate. If it goes underground with a few hundred hard core enthusiasts, where's the fresh content going to come from? Relies on the bogus assumption above. And half will be left outside without a darknet. I personally will have to form a one person darknet then. Van -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Freenet 0,5 or 0,7
* - [EMAIL PROTECTED] [2006-08-27 19:45:27]: I'd like to add to the 0.5 vs 0.7 discussion in the support list, which we were asked to move here, so I hope the people from support are reading this! Trolls don't need to be on @support, that's for sure :) Regarding the social networks, the models that exist probably apply to national systems only, and probably to a certain social class within that, so I'm not convinced that they would have any meaning for an underground internet network. I.E. how would a darknet of chinese dissidents link up with freedom fighters in an oppressive latin american regime? And how would any of these link up with a darknet of german kids wishing to download warez or whatever? But here's the big question: what mechanism can freenet have, for protecting members of a darknet, when a darknet is infiltrated by a hostile node? When I talked about infiltrating the darknet, I did not mean breaking it from the outside with some super computers, (which I'm sure is harder to do with 0,7 than with 0,5), I simply meant posing as an inside person and joining it, or simply busting one member and capturing his computer. see below :) Toad (I believe) replied to this saying that I might as well hang myself if I think that there's noone I can trust in life. But come on, that's not the point, everyone knows that spies take on false identities and infiltrate every kind of illegal network. That's what they get paid for. How do you explain that all terrorist cells haven't been busted so ? Also, it just isn't realistic to think that people will know others in real life that they can trust with the kind of things they need anonymity for. A minority of people will have such connections, but the majority will not! This will mean that for freenet to be viable it will always need to have a public mechanism for joining. That's debatable... Gmail hadn't and has been successfull. So, again the question is: What mechanism will 0,7 have for protecting members of the darknet if one of the nodes is spy? I think this issue seriously needs to be solved! It's the purpose of premix-routing : protecting the first few hops. Might be implemented in freenet 0.8. Keep in mind that the known attacks agaisnt freenet are only probablilistic ones ... It's likely that your have inserted/downloaded that key : it's always a matter of plausible deniability. Are the bad guys really going to spend millions on high tech computers to break a network, when all they have to do is join it? Thinking we can keep them out is absurd! Any current member of 0,7 could just as well be or become a spy or a narc or whatever. You seems to missunderstand the point : you should wonder why would opennet be more secure... and will see that it's not. On opennet a governement is likely to be able to compromize the seednode file and replace it with only governement powered nodes. On darknet it's not doable. Social engeenering is always more costy than technical/automatable processes. Moreover a government doesn't need to infiltrate such a network ; shuting it down is often enough... And any opennet network is harvestable, meaning that it can be trivially attacked blacklisting on country's firewall the list of IP addresses known to be running freenet. On darknet we ask people to choose who they trust, on opennet we choose for them trying to optimize the network topology. NextGen$ ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Freenet 0,5 or 0,7
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2006-08-28 11:13:24]: On 8/28/06, NextGen$ [EMAIL PROTECTED] wrote: * - [EMAIL PROTECTED] [2006-08-27 19:45:27]: I'd like to add to the 0.5 vs 0.7 discussion in the support list, which we were asked to move here, so I hope the people from support are reading this! Trolls don't need to be on @support, that's for sure :) It's a good way to be noticed :) Regarding the social networks, the models that exist probably apply to national systems only, and probably to a certain social class within that, so I'm not convinced that they would have any meaning for an underground internet network. I.E. how would a darknet of chinese dissidents link up with freedom fighters in an oppressive latin american regime? And how would any of these link up with a darknet of german kids wishing to download warez or whatever? But here's the big question: what mechanism can freenet have, for protecting members of a darknet, when a darknet is infiltrated by a hostile node? When I talked about infiltrating the darknet, I did not mean breaking it from the outside with some super computers, (which I'm sure is harder to do with 0,7 than with 0,5), I simply meant posing as an inside person and joining it, or simply busting one member and capturing his computer. see below :) Toad (I believe) replied to this saying that I might as well hang myself if I think that there's noone I can trust in life. But come on, that's not the point, everyone knows that spies take on false identities and infiltrate every kind of illegal network. That's what they get paid for. How do you explain that all terrorist cells haven't been busted so ? Um...they're small groups of people that know and trust each other really well. And they're isolated. That'd be like having a few hundred 50-100 person darknets with no communication between them and people only invite the people they've known for many, many years. You shouldn't connect to people you don't trust, full stop. Also, it just isn't realistic to think that people will know others in real life that they can trust with the kind of things they need anonymity for. A minority of people will have such connections, but the majority will not! This will mean that for freenet to be viable it will always need to have a public mechanism for joining. That's debatable... Gmail hadn't and has been successfull. How the hell can you even CONSIDER comparing Gmail to freenet? Gmail isn't anonymous. Gmail is an invite-only system as freenet If I invite a government agent to Gmail, that's not gonna screw me over. It won't on freenet either... It might. I don't have to send a file to someone to get them to join Gmail. You've to send them a mail, wich is kinda the same thing. There's no security risk with just sending Gmail invites to random people. If the fact of running freenet is illegal in your country opennet won't help at all ;) Nothing anyone does on Gmail is illegal. At least not if they're smart. Nothing anyone does on freenet is illegal. At least not if they're smart. Gmail and Freenet...that's like comparing my computer to a lego block. I don't get the metaphor :$ So, again the question is: What mechanism will 0,7 have for protecting members of the darknet if one of the nodes is spy? I think this issue seriously needs to be solved! It's the purpose of premix-routing : protecting the first few hops. Might be implemented in freenet 0.8. MIGHT be implemented in 0.8? 0.8 is most likely about two years away. What do we do until then? Pray? Connect only to trusted friends... On darknet you choose your friends, on opennet we choose them for you! Meaning that opennet WILL be even less secure than the current darknet ;) Keep in mind that the known attacks agaisnt freenet are only probablilistic ones ... It's likely that your have inserted/downloaded that key : it's always a matter of plausible deniability. Are the bad guys really going to spend millions on high tech computers to break a network, when all they have to do is join it? Thinking we can keep them out is absurd! Any current member of 0,7 could just as well be or become a spy or a narc or whatever. You seems to missunderstand the point : you should wonder why would opennet be more secure... and will see that it's not. I wonder why a darknet is more secure...and see that it's not. Can't you read what I'm writting ? :) On opennet a governement is likely to be able to compromize the seednode file and replace it with only governement powered nodes. On darknet it's not doable. Social engeenering is always more costy than technical/automatable processes. Moreover a government doesn't need to infiltrate such a network ; shuting it down is often enough... And any opennet network is harvestable, meaning that it can be trivially
Re: [freenet-chat] Freenet 0,5 or 0,7
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2006-08-28 12:51:28]: On 8/28/06, NextGen$ [EMAIL PROTECTED] wrote: * [EMAIL PROTECTED] [EMAIL PROTECTED] [2006-08-28 11:13:24]: [snip.] On 8/28/06, NextGen$ [EMAIL PROTECTED] wrote: * - [EMAIL PROTECTED] [2006-08-27 19:45:27]: How do you explain that all terrorist cells haven't been busted so ? Um...they're small groups of people that know and trust each other really well. And they're isolated. That'd be like having a few hundred 50-100 person darknets with no communication between them and people only invite the people they've known for many, many years. You shouldn't connect to people you don't trust, full stop. If I only connected to people I trust I'd end up with a darknet of 2. That's not very useful. That's usefull. Also, it just isn't realistic to think that people will know others in real life that they can trust with the kind of things they need anonymity for. A minority of people will have such connections, but the majority will not! This will mean that for freenet to be viable it will always need to have a public mechanism for joining. That's debatable... Gmail hadn't and has been successfull. How the hell can you even CONSIDER comparing Gmail to freenet? Gmail isn't anonymous. Gmail is an invite-only system as freenet Freenet isn't really invite only. how so ? If I invite a government agent to Gmail, that's not gonna screw me over. It won't on freenet either... It might. Well, there's no possibility of that at all on Gmail. Why do you think they keep who has introduced you then ? I bet that it's a convenient way of fighting against spam. The catch a spammer and ensure that his invitees aren't spammer. I don't have to send a file to someone to get them to join Gmail. You've to send them a mail, wich is kinda the same thing. ehh...not really. You just type their email addy in a box. We could have the same thing on freenet. Maybe we will. There's no security risk with just sending Gmail invites to random people. If the fact of running freenet is illegal in your country opennet won't help at all ;) It's not. Freenet is already illegal here in France, I doubt it's legal in China either. [snip.] Maybe you could answer to points I've snipped. On the darknet you know exactly who you're connected to. On the opennet you don't. More deniability, and harder for governments to use one compromised node to get to others. That a false assumption. Your ISP does know who you're connected to, even on opennet! Let's take an example, since a law called LEN, french ISPs have to keep logs of EVERYTHING going through their wires for up to 6 months Of course that silly law is hardly possible to apply... but still. If the chinese government captures one node on a darknet, chances are most of the connected nodes are also in China. If they capture one node on an opennet, chances are they can maybe bust one or two of the other known nodes. And opennet works better. Security might be debatable, but I have yet to see an argument saying that performance would be better on a darknet. see above... on that point it's again worst with opennet than darknet because opennet's connections can be spotted by cheap traffic analysis ... on darknet it's more expensive ... and won't be doable when we have got steganographic transport plugins. Besides, look at all the existing opennets. I've never heard of anyone getting busted on Freenet 0.5...I've never heard of a string of arrests on ANY P2P network where they, say, captured one guy's computer and then watched who downloaded from him. That type of attack would be a lot more efficient on a darknet. Maybe because such networks aren't popular enough to be targeted ? Maybe because they don't need to make an example out of those poor guys ? Keep in mind that the known attacks agaisnt freenet are only probablilistic ones ... It's likely that your have inserted/downloaded that key : it's always a matter of plausible deniability. Are the bad guys really going to spend millions on high tech computers to break a network, when all they have to do is join it? Thinking we can keep them out is absurd! Any current member of 0,7 could just as well be or become a spy or a narc or whatever. You seems to missunderstand the point : you should wonder why would opennet be more secure... and will see that it's not. I wonder why a darknet is more secure...and see that it's not. Can't you read what I'm writting ? :) Can't you read what *I'm* writing? :) I'm replying to every questions/replies from you. You aren't doing the same for me. [snip] NextGen$ ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at
[freenet-chat] Freenet 0,5 or 0,7
I'd like to add tothe0.5 vs0.7discussion in the support list, which we were asked to move here, so I hope the people from support are reading this! Regarding the social networks, the models that exist probably apply to national systems only, and probably toa certain social class within that, so I'm not convinced that they would have any meaning for an underground internet network. I.E. how would a darknet of chinese dissidents link up with freedom fighters in an oppressive latin american regime? And how would any of these link up with a darknet of german kidswishing to download warez or whatever? But here's the big question: what mechanism can freenet have, for protecting members of a darknet, when a darknet is infiltrated by a hostile node? When I talked about infiltrating the darknet, I did not mean breaking it from the outside with some super computers, (which I'm sure is harder to do with 0,7 than with 0,5), I simply meant posing as an "inside person" and joining it, or simply busting one member and capturing his computer. Toad (I believe) replied to this saying that I might as well hang myself if I think that there's noone I can trust in life. But come on, that's not the point, everyone knows that spies take on false identities and infiltrate every kind of illegal network. That's what they get paid for. Also, it just isn't realistic to think that people will know others in real life that they can trust with the kind of things they need anonymity for.A minority of people will have such connections, but the majority will not! This will mean that for freenet to be viable it will always need to have a public mechanism for joining. So, again the question is: What mechanism will 0,7 have for protecting members of the darknet if one of the nodes is spy? I think this issue seriously needs to besolved! Are "the bad guys" really going to spend millions on high tech computers to break a network, when all they have to do is join it? Thinking we can keep them out is absurd! Any current member of0,7 could just as well be or becomea spy or a narc or whatever. Van ___ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]