Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 01/12/15 04:13, charles wrote: > So based on what I've read from the rest of this thread, that is not > stated clearly in this pitch, is that a Full Opennet Node is similar to > Tor's Relays or Directory Authorities (I believe you'r saying the later, > but not sure, maybe some combo?). So the only thing that people would > pay for was the right to run one of these Relay/Authorities. The average > Freenet user would never need to be aware that this was happening in > order to use opennet as they normally do, for free. Is that correct? Pretty much. The idea is that Full Opennet Nodes would participate in tunnels, and we might also restrict routing high HTL traffic to them. Ordinary nodes would still store data and relay traffic. Or ordinary transient nodes would just connect and send requests (including tunneled requests). Users who run an FON and run local requests on it get better performance than an ordinary opennet node would. Right now there are no tunnels on Freenet. There are ways to add tunnels, but if we want to remain scalable/near-fully decentralised, they only protect against up to 20% malicious nodes. And we would certainly have to avoid using slow nodes in tunnels if we want reasonable performance. > > -Charles > > On 11/30/15 10:29 AM, Matthew Toseland wrote: >> We have several major problems: >> 1. We need a major injection of cash. >> 2. We will not have a big connected darknet any time soon. >> 3. Opennet is not secure unless users pay for introduction. >> 4. Opennet is slow because of lowest common denominator load. >> >> I propose: Freenet Rebooted. >> >> A Kickstarter, but based on extending the current code, not a full >> rewrite. A lot of it actually works reasonably well. >> >> MAJOR CHANGES: >> 1. Darknet enhancements, but we recognise that we will need a large, >> fast opennet backbone to connect the darknet pockets for the time being. >> 2. You can only run a Full Opennet Node if you have an Opennet Invite >> and meet bandwidth/performance requirements. >> 3. Only Full Opennet Nodes route tunnels and/or high HTL traffic. >> 4. There may be further restrictions for security reasons, if so we will >> ensure that an OI still gives performance benefits (even if you are not >> routing traffic). >> 5. Opennet tunnels via ShadowWalker. >> 6. Better seednodes. >> 7. Most of the enhancements to other areas we've previously discussed. >> 8. Transient mode reintroduced, so opennet Freenet is still free as in >> beer, and secure with tunnels. Great for uploading on the run! But >> transient nodes don't route traffic/tunnels and get lower performance. >> 9. Investigate hardware partners and home-server UI issues. Long term we >> need cheap, convenient hardware nodes, because we need uptime. >> >> Initially we aim to raise $1M. Anyone who donates $100 gets an Opennet >> Invite, so this is 10,000 users. Hardware nodes might be a good donor >> perk too. In future we anticipate charging for OI's, but expect an >> increasing proportion to be provably given to other worthwhile, >> respected and relevant charities e.g. EFF: The price paid to become part >> of the network infrastructure is mainly a deterrent to large scale >> attacks, rather than a means of raising revenue. >> >> Thoughts? >> >> Obviously there is a risk of people running parallel networks for $99 or >> whatever, or #freenet-refs style auto-darknet meshes. Some of them will >> be scammers and we have a good web presence to start with; I don't think >> we should worry about this. signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
Am Montag, 30. November 2015, 21:23:07 schrieb Matthew Toseland: > Most people can't run Freenet 24x7 even if they wanted to, or can't > afford to, This is fixed by Darknet FOAF. > and most people don't want to run Freenet at all, even if their > friend urges them to. This I doubt. Currently Darknet is so hard to use that we hardly have any data about adoption. As an example what could help: For years there’s been a bug report about letting the one who creates the invitation bundle select the bookmarks to share. We did not implement it, though, because we spent time on Opennet instead. We don’t even have invitation bundles yet, so we’re in the same position as GnuPG — which also did not spread despite being completely acceptable for almost everyone. But we can add invitation bundles. It’s all documented in the bugtracker, just not acted upon. We can’t blame the failures of our tool only on the content in Freenet. > But this all started with a thread complaining that we'd added an FAQ > entry saying at least one police force can break opennet Freenet and > we're not doing anything about it and darknet isn't an acceptable > answer. Since the claim that we’re not doing anything is not true, I don’t really worry about that. I worry more about radical breaking of Opennet as a knee-jerk reaction on criticism. Best wishes, Arne signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
So based on what I've read from the rest of this thread, that is not stated clearly in this pitch, is that a Full Opennet Node is similar to Tor's Relays or Directory Authorities (I believe you'r saying the later, but not sure, maybe some combo?). So the only thing that people would pay for was the right to run one of these Relay/Authorities. The average Freenet user would never need to be aware that this was happening in order to use opennet as they normally do, for free. Is that correct? -Charles On 11/30/15 10:29 AM, Matthew Toseland wrote: > We have several major problems: > 1. We need a major injection of cash. > 2. We will not have a big connected darknet any time soon. > 3. Opennet is not secure unless users pay for introduction. > 4. Opennet is slow because of lowest common denominator load. > > I propose: Freenet Rebooted. > > A Kickstarter, but based on extending the current code, not a full > rewrite. A lot of it actually works reasonably well. > > MAJOR CHANGES: > 1. Darknet enhancements, but we recognise that we will need a large, > fast opennet backbone to connect the darknet pockets for the time being. > 2. You can only run a Full Opennet Node if you have an Opennet Invite > and meet bandwidth/performance requirements. > 3. Only Full Opennet Nodes route tunnels and/or high HTL traffic. > 4. There may be further restrictions for security reasons, if so we will > ensure that an OI still gives performance benefits (even if you are not > routing traffic). > 5. Opennet tunnels via ShadowWalker. > 6. Better seednodes. > 7. Most of the enhancements to other areas we've previously discussed. > 8. Transient mode reintroduced, so opennet Freenet is still free as in > beer, and secure with tunnels. Great for uploading on the run! But > transient nodes don't route traffic/tunnels and get lower performance. > 9. Investigate hardware partners and home-server UI issues. Long term we > need cheap, convenient hardware nodes, because we need uptime. > > Initially we aim to raise $1M. Anyone who donates $100 gets an Opennet > Invite, so this is 10,000 users. Hardware nodes might be a good donor > perk too. In future we anticipate charging for OI's, but expect an > increasing proportion to be provably given to other worthwhile, > respected and relevant charities e.g. EFF: The price paid to become part > of the network infrastructure is mainly a deterrent to large scale > attacks, rather than a means of raising revenue. > > Thoughts? > > Obviously there is a risk of people running parallel networks for $99 or > whatever, or #freenet-refs style auto-darknet meshes. Some of them will > be scammers and we have a good web presence to start with; I don't think > we should worry about this. > > > > ___ > Devl mailing list > Devl@freenetproject.org > https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 21:12, Arne Babenhauserheide wrote: > Am Montag, 30. November 2015, 20:54:38 schrieb Matthew Toseland: >> 1) Stick our heads in the sand and sing the glories of opennet, in spite >> of clear evidence of it being irredeemably broken, or >> 2) Hope that more people use darknet. > Binary choices are almost always (self-) deception. > > 3) Improve darknet usability so the default mode for new users is >being invited by an existing Freenet user. Even if that was true it would still take a long time to have large enough darknet pockets to provide meaningful protection against an attacker connected to all opennet nodes. And making darknet easier will not overcome the other problems: Most people can't run Freenet 24x7 even if they wanted to, or can't afford to, and most people don't want to run Freenet at all, even if their friend urges them to. It's a goal we should strive for, because if we get viral growth then we probably get exponential growth. But it requires a very high density at least within specific sub-communities. > 4) Talk about the things which already work well. Definitely a good thing, and my congratulations for your doing so on your blog etc. But this all started with a thread complaining that we'd added an FAQ entry saying at least one police force can break opennet Freenet and we're not doing anything about it and darknet isn't an acceptable answer. I hope we achieve a global f2f darknet. I doubt it's possible without at least a long intermediate stage during which mostly smallish darknet pockets are linked by opennet. > > Best wishes, > Arne signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 21:10, Arne Babenhauserheide wrote: > Am Montag, 30. November 2015, 19:58:38 schrieb Matthew Toseland: >>> Even regular E-Mail providers, G+ and Facebook did not find a way to >>> get a significant number of users to pay — for a service which is >>> clearly essential for todays communication. Why do you think people >>> would pay for Freenet? >> They don't need them to. > They are trying and trying and trying. My E-Mail provider is spamming > me every month with a new deal to join its (paid) club. > > So they obviously do need them. They just don’t get them without first > giving them free service for a very long time. Depends on your email provider. Google charge for very little, they're too busy with other revenue streams. > Best wishes, > Arne signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 21:05, Arne Babenhauserheide wrote: > Am Montag, 30. November 2015, 19:36:43 schrieb Matthew Toseland: >> How much of this is due to default settings where it didn't manage to >> autodetect via UPnP? How much to users not making informed choices? > And why do we have such low default settings? Because we want to support lowest common denominator users, and people who forgot that they had a traffic limit etc. I agree we might be able to increase it. > Best wishes, > Arne signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 21:04, Arne Babenhauserheide wrote: > Am Montag, 30. November 2015, 19:36:43 schrieb Matthew Toseland: >> How much of this is due to default settings where it didn't manage to >> autodetect via UPnP? How much to users not making informed choices? > There are two peaks. Would both be from UPnP? One might be a default option? The other might be a common user choice? Or it might be it's chosen by people who have a transfer limit, in which case we can't do much about it, although it might be another default option? It would be nice to know more about this... > Best wishes, > Arne signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
Am Montag, 30. November 2015, 20:54:38 schrieb Matthew Toseland: > 1) Stick our heads in the sand and sing the glories of opennet, in spite > of clear evidence of it being irredeemably broken, or > 2) Hope that more people use darknet. Binary choices are almost always (self-) deception. 3) Improve darknet usability so the default mode for new users is being invited by an existing Freenet user. 4) Talk about the things which already work well. Best wishes, Arne -- Konstruktive Kritik: - http://draketo.de/licht/krude-ideen/konstruktive-kritik signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
Am Montag, 30. November 2015, 19:58:38 schrieb Matthew Toseland: > > Even regular E-Mail providers, G+ and Facebook did not find a way to > > get a significant number of users to pay — for a service which is > > clearly essential for todays communication. Why do you think people > > would pay for Freenet? > > They don't need them to. They are trying and trying and trying. My E-Mail provider is spamming me every month with a new deal to join its (paid) club. So they obviously do need them. They just don’t get them without first giving them free service for a very long time. Best wishes, Arne signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
Am Montag, 30. November 2015, 19:36:43 schrieb Matthew Toseland: > How much of this is due to default settings where it didn't manage to > autodetect via UPnP? How much to users not making informed choices? And why do we have such low default settings? Best wishes, Arne signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
Am Montag, 30. November 2015, 19:36:43 schrieb Matthew Toseland: > How much of this is due to default settings where it didn't manage to > autodetect via UPnP? How much to users not making informed choices? There are two peaks. Would both be from UPnP? Best wishes, Arne signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 20:32, Dan Roberts wrote: > I am strongly against this pay-for-opennet strategy until we've exhausted > other funding options. To my knowledge we have only contacted 3 potential > donors out of many! Frankly, I doubt we could even put together a > successful kickstarter campaign at this point, given that we can't bother > to write a few letters. If we care about funding, our immediate goal should > be to finish the donation letter and start tailoring it to individual > donors. (I have not focused on this either, mea culpa) True, we should apply for more funding. And yes, a Kickstarter project would involve a lot of work to put a good pitch together. However IMHO it might be much more successful if we had something meaningful to give donors. > I realize the motivation for pay-for-opennet is also to improve security, > but others have already raised enough concerns about that aspect. I had hoped we could solve both problems. Of course that doesn't mean providing perfect security, but it does mean improving the situation dramatically. Clearly we are not going to move forward on this since there is no consensus in favour. So we should either: 1) Stick our heads in the sand and sing the glories of opennet, in spite of clear evidence of it being irredeemably broken, or 2) Hope that more people use darknet. We've been doing both for some time. Technical improvements to darknet are long overdue but at best in the short run we will have a set of darknet pockets joined together by opennet. Which means that users can be traced to their darknet pocket, and will usually be small enough that that is enough to identify them. signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
I am strongly against this pay-for-opennet strategy until we've exhausted other funding options. To my knowledge we have only contacted 3 potential donors out of many! Frankly, I doubt we could even put together a successful kickstarter campaign at this point, given that we can't bother to write a few letters. If we care about funding, our immediate goal should be to finish the donation letter and start tailoring it to individual donors. (I have not focused on this either, mea culpa) I realize the motivation for pay-for-opennet is also to improve security, but others have already raised enough concerns about that aspect. Cheers, Dan Am Montag, 30. November 2015, 15:29:25 schrieb Matthew Toseland: > 3. Opennet is not secure unless users pay for introduction. Even regular E-Mail providers, G+ and Facebook did not find a way to get a significant number of users to pay — for a service which is clearly essential for todays communication. Why do you think people would pay for Freenet? People pay for VPNs because VPNs promise them faster, anonymous copyright infringement — I’ve seen the ads on torrent sites. The Freenet Project cannot promise that without encouraging copyright infringement — which we don’t. And our communication sucks — with this thread a perfect example of why it sucks. As much as I’m irked by the often toxic behavior of niqnaq: this is something he’s right on. We have an existing userbase. These users are our greatest asset. We might not like all of them, but at the same time there are many awesome people using Freenet. We’re neglecting them. We’re not doing the easy fixes. Instead we’re saying “let’s make you pay to keep using Freenet”. We need more people running Darknet, so why don’t we think of a way to secure Opennet via Darknet? Darknet connections are the only thing at which attackers don’t win trivially. And it might turn out that for funding, this pull request is the most important of them all: https://github.com/freenet/website/pull/28 Best wishes, Arne -- Celebrate with ye beauty and gather yer friends for a Pirate Party! → http://1w6.org/english/flyerbook-rules#pirate-party ← ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 19:58, Matthew Toseland wrote: > On 30/11/15 19:34, Arne Babenhauserheide wrote: >> Am Montag, 30. November 2015, 15:29:25 schrieb Matthew Toseland: >>> 3. Opennet is not secure unless users pay for introduction. >> Even regular E-Mail providers, G+ and Facebook did not find a way to >> get a significant number of users to pay — for a service which is >> clearly essential for todays communication. Why do you think people >> would pay for Freenet? > They don't need them to. They harvest all their data and sell it to > advertisers etc. If you're not paying for the product you are the > product. If you are paying for the product we're probably selling your > personal data anyway! Also, a significant minority do pay for email still, e.g. Fastmail. signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 19:21, Florent Daigniere wrote: > On Mon, 2015-11-30 at 15:50 +, Matthew Toseland wrote: >> On 30/11/15 15:44, Florent Daigniere wrote: >>> On Mon, 2015-11-30 at 15:29 +, Matthew Toseland wrote: Thoughts? >>> This assumes that Sybil is the only attack against opennet... which >>> is >>> clearly misleading. Sybil is the obvious, cheap attack; the nastier >>> ones are all those related to "open" topologies and protocols: >>> partitioning attacks, correlation attacks, ... for which we don't >>> have >>> solutions either. >>> >>> Florent >> You mean for denial of service? Or for identifying users? >> >> If we have scarcity then we can use ShadowWalker tunnels to prevent >> identifying users (on arguably naive but quantified assumptions - it >> works up to 20%), although granted there may be possibilities for >> active >> attacks. Direct DoS attacks against opennet announcement are also a >> lot >> easier to deal with. > Yes, active attacks is what I'm talking about here; If you knock off > parts of the network (or make them unreachable for your target) you're > doing a partitioning attack... and tunnels don't help you (because even > if you manage to detect it you won't accept hard-fail - the secure > behaviour). Not in every case. E.g. a seednode attempting to capture new announcees is a classic partition attack, but it's fixable by using other seeds and some consensus protocols etc. For which making identity generation expensive is very useful. > This is a problem that doesn't have any real-solution, just bad trade- > offs. For the sake of giving an example: Bitcoin has the same problem. > > Florent > PS: correlation attacks are way easier on a partitioned network for > obvious reasons signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 19:34, Arne Babenhauserheide wrote: > Am Montag, 30. November 2015, 15:29:25 schrieb Matthew Toseland: >> 3. Opennet is not secure unless users pay for introduction. > Even regular E-Mail providers, G+ and Facebook did not find a way to > get a significant number of users to pay — for a service which is > clearly essential for todays communication. Why do you think people > would pay for Freenet? They don't need them to. They harvest all their data and sell it to advertisers etc. If you're not paying for the product you are the product. If you are paying for the product we're probably selling your personal data anyway! In the first case, people contribute enormous sums to Kickstarter projects. Many of them are very successful in fundraising. The Kickstarter itself could raise significant funds - but only if we do it right. In particular, you need Stuff to give to donors. IMHO such a campaign would bring us significant publicity (a good thing in itself), and would have some chance of succeeding in delivering significant funds - probably a greater chance than if we just posted a pitch with some vague goals and goodies that they can get anyway from our cafepress store. In the second case, people don't pay for USING Freenet. They pay for the rights to be part of the core opennet infrastructure. They pay to keep spammers out and above all for fast performance. > People pay for VPNs because VPNs promise them faster, anonymous > copyright infringement — I’ve seen the ads on torrent sites. The > Freenet Project cannot promise that without encouraging copyright > infringement — which we don’t. > > And our communication sucks — with this thread a perfect example of > why it sucks. As much as I’m irked by the often toxic behavior of > niqnaq: this is something he’s right on. We have an existing > userbase. These users are our greatest asset. We might not like all of > them, but at the same time there are many awesome people using > Freenet. We’re neglecting them. We’re not doing the easy fixes. We don't have the resources. That's half of the problem. The other half is that opennet is irredeemably broken and being actively exploited. We can fix both problems simultaneously. > Instead we’re saying “let’s make you pay to keep using Freenet”. > > We need more people running Darknet, so why don’t we think of a way to > secure Opennet via Darknet? Darknet connections are the only thing at > which attackers don’t win trivially. Because 90% of the network at any given time has NO darknet connections, and that's likely to remain the case for a long time. Which means we can't use the social topology to secure anything. > And it might turn out that for funding, this pull request is the most > important of them all: https://github.com/freenet/website/pull/28 As I said, improving the website is important. But getting some major publicity is important too. And even with that it's doubtful that we can raise significant sums. > > Best wishes, > Arne > -- > Celebrate with ye beauty and gather yer friends for a Pirate Party! > → http://1w6.org/english/flyerbook-rules#pirate-party ← signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 18:11, xor wrote: > This mail is split in 2 parts: > 1. A summary of part 2, which also includes stuff which is not in part 2. > 2. A copy of a previous reply of mine to a similar proposal. Most of what's > said there applies to this as well. > > > Part 1 follows: > > I think we shouldn't randomly change our strategy from what it was to > something which invalidates all its work by postponing to finish whats half- > finished into the far future: You're proposing yet another half a decade of > rewriting parts of fred over and over again instead of finally giving people > new client apps, which was the goal of my work but isn't finished yet (sorry, > it is a complex task :|)... Client apps are important. If we can get funding for them then it'd be great to have somebody working full time on them. > Because let's be honest: If we now installed a fred of 7 years ago, it would > by default still ship the same core applications as today: I joined back then > to get the WoT-stuff finished to the point where we can enable it by default. > So I think we spent more than enough years on only providing fred work. > (Yes, it sucks that I still haven't finished WoT+Freetalk, and I'm ashamed of > that, but I've been a volunteer and thus had limited time to contribute for 5 > of those years, and Freetalk+WoT are major projects. I think they're over 40 > 000 lines of code already...) And for much of that time you've been a paid developer and still made limited progress. These things are hard. We need enough funding that we can improve several different areas of Freenet simultaneously IMHO. > This needs to change, and it won't change if we only acquire funding for > minor > fred features. We need new things such as forums, filesharing, social > networking, mail etc. bundled *and* enabled by default; not new minor fred > features. > > Yes, your features are major security enhancements, not minor ones. But to > the > users, a feature is something which "does" something for the user. Security > is > merely self-servicing, not serving the user. They wouldn't recognize it as a > major new feature. I include the rest under item 7. I'm certainly not arguing that we should only ask for money for improving Fred's security! I do think it should be part of what we are looking for. One advantage of my proposal is if it worked it would generate sufficient funds to hire several developers for a year. I believe we estimate $100K/year/dev including costs, so in fact it would be 10 person-years. IMHO that's the sort of scale that we should be aiming at. I appreciate that for funding body applications we may need to start lower. > Further, I think people will not pay for Opennet. We cannot call something > "Free"net if it costs money. We'd be ridiculed for that. English sucks (libre vs gratis, free software versus free spyware services). Most languages don't have this problem. However, as I have repeatedly explained, people only need to pay if they want to run a core opennet node. Non-core (possibly transient) opennet nodes can run, and so can darknet nodes. And they will have better security because they can tunnel through the core nodes. > With regards to hardware development: We haven't even ported to Android yet, > which is > 1 billion devices. Before we re-invent the wheel by custom > embedded > hardware, we should maybe first port to the standard embedded hardware > everyone uses :) I would support doing that, but not as a mandatory goal of > fundraising please. It should be something we do if we get more money than we > need. It is a nice goal though: An operating system with 1/8 of all humans > using it is not something which can be ignored. An operating system used exclusively on mobile devices which are specifically designed to store everything in the cloud. P2P simply doesn't work on mobile, because of battery life, even if we ignore all the other problems (such as carriers blocking it). There are good reasons to have some Freenet code on Android however. We have an app for node reference exchange, and it would be a good idea to extend it to interface to a fixed node. And porting to Android is relatively easy because the non-GUI parts are very similar to Java. > I'm thankful for your proposal, and I feel sorry for having to give this > strong criticism, but I fear it's necessary: We have only asked 3 entities > for > money (see the Wiki page [1]). Just because we have temporarily run out of > money because we *did not ask for money* doesn't mean we should randomly > throw > away parts of our work and do stuff which we wouldn't have considered a good > idea before. Before we have bothered to try to ask lets say 50, there is no > reason to change what we planned to develop anyway. Funding agencies will only give us money if we have a track record. So we will have to start small or get very lucky. And that limits the range of bodies we can apply to. And so on. It's worth trying, b
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 19:17, Arne Babenhauserheide wrote: > Am Montag, 30. November 2015, 15:55:13 schrieb Matthew Toseland: >> Not if we jettison the slower opennet nodes, which is also part of the >> proposal. A lot of our performance issues are actually because we target >> an outdated lowest common denominator. > Sadly this isn’t true: Most of our users have low bandwidth, as shown > by the stats from Steve: > > http://127.0.0.1:/USK@pxtehd-TmfJwyNUAW2Clk4pwv7Nshyg21NNfXcqzFv4,LTjcTWqvsq3ju6pMGe9Cqb3scvQgECG81hRdgj5WO4s,AQACAAE/statistics/1048/plot_peer_count.png > > Best wishes, > Arne How much of this is due to default settings where it didn't manage to autodetect via UPnP? How much to users not making informed choices? signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
Am Montag, 30. November 2015, 15:29:25 schrieb Matthew Toseland: > 3. Opennet is not secure unless users pay for introduction. Even regular E-Mail providers, G+ and Facebook did not find a way to get a significant number of users to pay — for a service which is clearly essential for todays communication. Why do you think people would pay for Freenet? People pay for VPNs because VPNs promise them faster, anonymous copyright infringement — I’ve seen the ads on torrent sites. The Freenet Project cannot promise that without encouraging copyright infringement — which we don’t. And our communication sucks — with this thread a perfect example of why it sucks. As much as I’m irked by the often toxic behavior of niqnaq: this is something he’s right on. We have an existing userbase. These users are our greatest asset. We might not like all of them, but at the same time there are many awesome people using Freenet. We’re neglecting them. We’re not doing the easy fixes. Instead we’re saying “let’s make you pay to keep using Freenet”. We need more people running Darknet, so why don’t we think of a way to secure Opennet via Darknet? Darknet connections are the only thing at which attackers don’t win trivially. And it might turn out that for funding, this pull request is the most important of them all: https://github.com/freenet/website/pull/28 Best wishes, Arne -- Celebrate with ye beauty and gather yer friends for a Pirate Party! → http://1w6.org/english/flyerbook-rules#pirate-party ← signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On Mon, 2015-11-30 at 20:20 +0100, Arne Babenhauserheide wrote: > Am Montag, 30. November 2015, 17:09:29 schrieb Bert Massop: > > > Please, please PLEASE don't murder me for suggesting this, but > > > what if we > > > used social media to bootstrap network connectivity? > > > > How is that different from Darknet? > > It isn’t, it just makes it easier to connect via Darknet. That’s why > I > think it’s a good idea. > I think it's a good idea too. The question is whether users are ready to say that they're using Freenet to their friends. Empirical evidence has shown that they aren't (so far). Florent ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On Mon, 2015-11-30 at 15:50 +, Matthew Toseland wrote: > On 30/11/15 15:44, Florent Daigniere wrote: > > On Mon, 2015-11-30 at 15:29 +, Matthew Toseland wrote: > > > Thoughts? > > This assumes that Sybil is the only attack against opennet... which > > is > > clearly misleading. Sybil is the obvious, cheap attack; the nastier > > ones are all those related to "open" topologies and protocols: > > partitioning attacks, correlation attacks, ... for which we don't > > have > > solutions either. > > > > Florent > You mean for denial of service? Or for identifying users? > > If we have scarcity then we can use ShadowWalker tunnels to prevent > identifying users (on arguably naive but quantified assumptions - it > works up to 20%), although granted there may be possibilities for > active > attacks. Direct DoS attacks against opennet announcement are also a > lot > easier to deal with. Yes, active attacks is what I'm talking about here; If you knock off parts of the network (or make them unreachable for your target) you're doing a partitioning attack... and tunnels don't help you (because even if you manage to detect it you won't accept hard-fail - the secure behaviour). This is a problem that doesn't have any real-solution, just bad trade- offs. For the sake of giving an example: Bitcoin has the same problem. Florent PS: correlation attacks are way easier on a partitioned network for obvious reasons ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
Am Montag, 30. November 2015, 17:09:29 schrieb Bert Massop: > > Please, please PLEASE don't murder me for suggesting this, but what if we > > used social media to bootstrap network connectivity? > > How is that different from Darknet? It isn’t, it just makes it easier to connect via Darknet. That’s why I think it’s a good idea. Best wishes, Arne signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
Am Montag, 30. November 2015, 15:55:13 schrieb Matthew Toseland: > Not if we jettison the slower opennet nodes, which is also part of the > proposal. A lot of our performance issues are actually because we target > an outdated lowest common denominator. Sadly this isn’t true: Most of our users have low bandwidth, as shown by the stats from Steve: http://127.0.0.1:/USK@pxtehd-TmfJwyNUAW2Clk4pwv7Nshyg21NNfXcqzFv4,LTjcTWqvsq3ju6pMGe9Cqb3scvQgECG81hRdgj5WO4s,AQACAAE/statistics/1048/plot_peer_count.png Best wishes, Arne signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
This mail is split in 2 parts: 1. A summary of part 2, which also includes stuff which is not in part 2. 2. A copy of a previous reply of mine to a similar proposal. Most of what's said there applies to this as well. Part 1 follows: I think we shouldn't randomly change our strategy from what it was to something which invalidates all its work by postponing to finish whats half- finished into the far future: You're proposing yet another half a decade of rewriting parts of fred over and over again instead of finally giving people new client apps, which was the goal of my work but isn't finished yet (sorry, it is a complex task :|)... Because let's be honest: If we now installed a fred of 7 years ago, it would by default still ship the same core applications as today: I joined back then to get the WoT-stuff finished to the point where we can enable it by default. So I think we spent more than enough years on only providing fred work. (Yes, it sucks that I still haven't finished WoT+Freetalk, and I'm ashamed of that, but I've been a volunteer and thus had limited time to contribute for 5 of those years, and Freetalk+WoT are major projects. I think they're over 40 000 lines of code already...) This needs to change, and it won't change if we only acquire funding for minor fred features. We need new things such as forums, filesharing, social networking, mail etc. bundled *and* enabled by default; not new minor fred features. Yes, your features are major security enhancements, not minor ones. But to the users, a feature is something which "does" something for the user. Security is merely self-servicing, not serving the user. They wouldn't recognize it as a major new feature. Further, I think people will not pay for Opennet. We cannot call something "Free"net if it costs money. We'd be ridiculed for that. With regards to hardware development: We haven't even ported to Android yet, which is > 1 billion devices. Before we re-invent the wheel by custom embedded hardware, we should maybe first port to the standard embedded hardware everyone uses :) I would support doing that, but not as a mandatory goal of fundraising please. It should be something we do if we get more money than we need. It is a nice goal though: An operating system with 1/8 of all humans using it is not something which can be ignored. I'm thankful for your proposal, and I feel sorry for having to give this strong criticism, but I fear it's necessary: We have only asked 3 entities for money (see the Wiki page [1]). Just because we have temporarily run out of money because we *did not ask for money* doesn't mean we should randomly throw away parts of our work and do stuff which we wouldn't have considered a good idea before. Before we have bothered to try to ask lets say 50, there is no reason to change what we planned to develop anyway. I'd like to close this summary with the conclusion of part 2: > What would be two productive things to continue this discussion with: > > 1) Let's gather a list of news sites which could publish our request for > funding. > > 2) Let's enhance the list of entities to ask for funds: > https://wiki.freenetproject.org/Fundraising Part 2 - my reply to Ian's similar proposal... When reading it, please imagine that Ians proposal was replaced with yours: > such as rebuilding FProxy using a modern JavaScript framework like > Bootstrap/React and modernizing the installers On Monday, November 16, 2015 07:54:08 PM xor wrote: [...] > On Monday, November 16, 2015 10:52:16 AM Ian Clarke wrote: > > Perhaps we could explore a KickStarter - but that would only work if it is > > to achieve something big and externally very visible (such as rebuilding > > FProxy using a modern JavaScript framework like Bootstrap/React and > > modernizing the installers). > > I'm fine with KickStarter, and fine with it's requirement of setting > specific goals. > Albeit I would do KickStarter as a last resort: The requirement of specific > goals is too much of a burden if volunteers are also involved. We don't know > whether suddenly a volunteer appears and provides a whole new bunch of > code. That code then might lack very small changes to be ready for > deployment, so it might be good if I did the changes so we could get the > code out. But that would violate the KickStarter promise of me only working > on the specific KickStarter goals. > Also, it is very difficult to judge complexity of software development, i.e. > whether something will take 6 months or 2 years. I don't know whether > KickStarter requires us to specify a date of delivery though. > > So KickStarter is OK, but as a last resort. > > However, I think the specific goals you suggested are problematic: [...] > But the goal I'm more opposed to is this: > > rebuilding FProxy using a modern JavaScript framework like Bootstrap/React > > What you suggest here would be a complete 180° turn of our previous > strategy, and leave all the work towards
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 16:09, Bert Massop wrote: > On Mon, Nov 30, 2015 at 5:08 PM, Michael Grube > wrote: >> This is true of everything that money can buy. Which is everything, with >>> the possible (and slightly dubious) exception of social capital / >>> friends. A big global friend-to-friend darknet is a good long term >>> solution but the problem is how to get to that point. >> Please, please PLEASE don't murder me for suggesting this, but what if we >> used social media to bootstrap network connectivity? > How is that different from Darknet? There's a lot we can do to make it easier to connect to your friends on darknet and make darknet more efficient. Advertising your connectivity on Facebook may be part of that, subject to the whims of massive corporations we have no influence over. I believe somebody wrote an app a long time ago. However as I've explained there are a lot of other barriers, notably politics (will take time to change) and the need to run a node with reasonable uptime. IMHO it is reasonable to assume that a connected global darknet is some way off: Most of our users don't know anyone else who uses Freenet, and certainly don't know the 5 or so friends they'd need for acceptable performance/security (even with friend-of-a-friend connections). signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On Nov 30, 2015 11:09 AM, "Bert Massop" wrote: > > On Mon, Nov 30, 2015 at 5:08 PM, Michael Grube wrote: > > This is true of everything that money can buy. Which is everything, with > >> the possible (and slightly dubious) exception of social capital / > >> friends. A big global friend-to-friend darknet is a good long term > >> solution but the problem is how to get to that point. > > > > > > Please, please PLEASE don't murder me for suggesting this, but what if we > > used social media to bootstrap network connectivity? > > How is that different from Darknet? I have no interest in hijacking the conversation. Spreading darknet connections by creating social media applications to quickly and easily exchange noderefs is the rough idea. If you want to discuss it further we can create a new thread. > ___ > Devl mailing list > Devl@freenetproject.org > https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On Mon, Nov 30, 2015 at 5:08 PM, Michael Grube wrote: > This is true of everything that money can buy. Which is everything, with >> the possible (and slightly dubious) exception of social capital / >> friends. A big global friend-to-friend darknet is a good long term >> solution but the problem is how to get to that point. > > > Please, please PLEASE don't murder me for suggesting this, but what if we > used social media to bootstrap network connectivity? How is that different from Darknet? ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
This is true of everything that money can buy. Which is everything, with > the possible (and slightly dubious) exception of social capital / > friends. A big global friend-to-friend darknet is a good long term > solution but the problem is how to get to that point. Please, please PLEASE don't murder me for suggesting this, but what if we used social media to bootstrap network connectivity? ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 15:54, Bert Massop wrote: > On Mon, Nov 30, 2015 at 4:29 PM, Matthew Toseland wrote: >> The price paid to become part >> of the network infrastructure is mainly a deterrent to large scale >> attacks, rather than a means of raising revenue. >> >> Thoughts? > I read this as "The price paid to become part of the network is mainly > a deterrent to actual users, thinning the network until three-letter > agencies with nine-figure budgets don't even need large-scale attacks > to succeed." I don't see why it would deter users. It might deter people from running core nodes, but it might also help to get such users as I've tried to explain, especially if it also improves performance and security and gives us the funds to solve a lot of the remaining software problems. > The problem lies in your assumptions: >> 3. Opennet is not secure unless users pay for introduction. > Money is easy for attackers (e.g. groups or organizations), and hard > for individuals. I fail to see how Opennet would become safer with > payments. This is true of everything that money can buy. Which is everything, with the possible (and slightly dubious) exception of social capital / friends. A big global friend-to-friend darknet is a good long term solution but the problem is how to get to that point. For the time being, it is unlikely that one will grow organically - pockets of darknet will hopefully grow organically, but it will take time for them to get connected. Hence we need opennet for now, and we'd like it to offer meaningful security. Even with tunnels, at a considerable cost in development time and performance, the security provided is nowhere near sufficient. I'm simply trying to find a model that actually works and provides some approximation of hope. > That said, I'll be happy to fork the code and reinstate a free network > (free as both libre and gratis) once tunnels are implemented. > Insecure? Maybe. But still as secure as Opennet with payments, yet > free. No, it would be dramatically less secure than paid-for opennet, because any attacker can cheaply add lots of opennet nodes. Which is exactly what a contractor to the US police presumably does - this is not a hypothetical attack any more. signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 15:55, Matthew Toseland wrote: > On 30/11/15 15:48, Ian Clarke wrote: >> On Mon, Nov 30, 2015 at 9:29 AM, Matthew Toseland wrote: >>> 3. Opennet is not secure unless users pay for introduction. >> Who would they pay, and how would this be implemented in a decentralized >> way? > In the first instance they would pay *us* via a Kickstarter. In the long > run there might be other options e.g. provable sacrifice of Bitcoins. >> Given that we already have a shrinking userbase despite Freenet being free, >> why do you think people will be willing to pay to use it? Won't this >> dramatically shrink our userbase to a tiny core of enthusiasts, which will >> provide far less cover traffic and thus reduce security? > No, because it won't happen unless we get at least 10,000 users/donors. > Isn't there a "we won't charge you unless we raise the minimum" thing > for Kickstarter? > > And people could still use Freenet in transient mode. In fact we might > even allow an intermediate mode: Routes traffic but not tunnels and high > priority traffic. Sorry, I mean high-HTL traffic here. To answer the rest of your question, I believe a Kickstarter, some substantial software improvements and publicity, and a substantial improvement in both security and performance, could have significant benefits for our userbase. Publicity always gets us new users. But please read the rest of my previous response. > But they wouldn't get good performance unless they > become a core infrastructure opennet node. signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 15:48, Ian Clarke wrote: > On Mon, Nov 30, 2015 at 9:29 AM, Matthew Toseland wrote: >> 3. Opennet is not secure unless users pay for introduction. > Who would they pay, and how would this be implemented in a decentralized > way? In the first instance they would pay *us* via a Kickstarter. In the long run there might be other options e.g. provable sacrifice of Bitcoins. > Given that we already have a shrinking userbase despite Freenet being free, > why do you think people will be willing to pay to use it? Won't this > dramatically shrink our userbase to a tiny core of enthusiasts, which will > provide far less cover traffic and thus reduce security? No, because it won't happen unless we get at least 10,000 users/donors. Isn't there a "we won't charge you unless we raise the minimum" thing for Kickstarter? And people could still use Freenet in transient mode. In fact we might even allow an intermediate mode: Routes traffic but not tunnels and high priority traffic. But they wouldn't get good performance unless they become a core infrastructure opennet node. > Opennet tunnels via ShadowWalker. > > Isn't Freenet already extremely slow? Wouldn't this just slow it down a > lot further? Not if we jettison the slower opennet nodes, which is also part of the proposal. A lot of our performance issues are actually because we target an outdated lowest common denominator. IMHO tunnels would have a marginal effect on performance anyway, since they'd only be 2 or 3 hops. With the exception of *really* popular stuff, we generally find stuff in around 7 hops, so that's potentially a 30% performance loss, but we could get some of it back by tweaks to things that aren't necessary once we have tunnels. But see above. > Ian. signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On Mon, Nov 30, 2015 at 4:29 PM, Matthew Toseland wrote: > The price paid to become part > of the network infrastructure is mainly a deterrent to large scale > attacks, rather than a means of raising revenue. > > Thoughts? I read this as "The price paid to become part of the network is mainly a deterrent to actual users, thinning the network until three-letter agencies with nine-figure budgets don't even need large-scale attacks to succeed." The problem lies in your assumptions: > 3. Opennet is not secure unless users pay for introduction. Money is easy for attackers (e.g. groups or organizations), and hard for individuals. I fail to see how Opennet would become safer with payments. That said, I'll be happy to fork the code and reinstate a free network (free as both libre and gratis) once tunnels are implemented. Insecure? Maybe. But still as secure as Opennet with payments, yet free. — Bert ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On 30/11/15 15:44, Florent Daigniere wrote: > On Mon, 2015-11-30 at 15:29 +, Matthew Toseland wrote: >> We have several major problems: >> 1. We need a major injection of cash. >> 2. We will not have a big connected darknet any time soon. >> 3. Opennet is not secure unless users pay for introduction. >> 4. Opennet is slow because of lowest common denominator load. >> >> I propose: Freenet Rebooted. >> >> A Kickstarter, but based on extending the current code, not a full >> rewrite. A lot of it actually works reasonably well. >> >> MAJOR CHANGES: >> 1. Darknet enhancements, but we recognise that we will need a large, >> fast opennet backbone to connect the darknet pockets for the time >> being. >> 2. You can only run a Full Opennet Node if you have an Opennet Invite >> and meet bandwidth/performance requirements. >> 3. Only Full Opennet Nodes route tunnels and/or high HTL traffic. >> 4. There may be further restrictions for security reasons, if so we >> will >> ensure that an OI still gives performance benefits (even if you are >> not >> routing traffic). >> 5. Opennet tunnels via ShadowWalker. >> 6. Better seednodes. >> 7. Most of the enhancements to other areas we've previously >> discussed. >> 8. Transient mode reintroduced, so opennet Freenet is still free as >> in >> beer, and secure with tunnels. Great for uploading on the run! But >> transient nodes don't route traffic/tunnels and get lower >> performance. >> 9. Investigate hardware partners and home-server UI issues. Long term >> we >> need cheap, convenient hardware nodes, because we need uptime. >> >> Initially we aim to raise $1M. Anyone who donates $100 gets an >> Opennet >> Invite, so this is 10,000 users. Hardware nodes might be a good donor >> perk too. In future we anticipate charging for OI's, but expect an >> increasing proportion to be provably given to other worthwhile, >> respected and relevant charities e.g. EFF: The price paid to become >> part >> of the network infrastructure is mainly a deterrent to large scale >> attacks, rather than a means of raising revenue. >> >> Thoughts? > This assumes that Sybil is the only attack against opennet... which is > clearly misleading. Sybil is the obvious, cheap attack; the nastier > ones are all those related to "open" topologies and protocols: > partitioning attacks, correlation attacks, ... for which we don't have > solutions either. > > Florent You mean for denial of service? Or for identifying users? If we have scarcity then we can use ShadowWalker tunnels to prevent identifying users (on arguably naive but quantified assumptions - it works up to 20%), although granted there may be possibilities for active attacks. Direct DoS attacks against opennet announcement are also a lot easier to deal with. signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On Mon, Nov 30, 2015 at 9:29 AM, Matthew Toseland wrote: > > 3. Opennet is not secure unless users pay for introduction. > Who would they pay, and how would this be implemented in a decentralized way? Given that we already have a shrinking userbase despite Freenet being free, why do you think people will be willing to pay to use it? Won't this dramatically shrink our userbase to a tiny core of enthusiasts, which will provide far less cover traffic and thus reduce security? Opennet tunnels via ShadowWalker. Isn't Freenet already extremely slow? Wouldn't this just slow it down a lot further? Ian. -- Ian Clarke Blog: http://blog.locut.us/ ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
On Mon, 2015-11-30 at 15:29 +, Matthew Toseland wrote: > We have several major problems: > 1. We need a major injection of cash. > 2. We will not have a big connected darknet any time soon. > 3. Opennet is not secure unless users pay for introduction. > 4. Opennet is slow because of lowest common denominator load. > > I propose: Freenet Rebooted. > > A Kickstarter, but based on extending the current code, not a full > rewrite. A lot of it actually works reasonably well. > > MAJOR CHANGES: > 1. Darknet enhancements, but we recognise that we will need a large, > fast opennet backbone to connect the darknet pockets for the time > being. > 2. You can only run a Full Opennet Node if you have an Opennet Invite > and meet bandwidth/performance requirements. > 3. Only Full Opennet Nodes route tunnels and/or high HTL traffic. > 4. There may be further restrictions for security reasons, if so we > will > ensure that an OI still gives performance benefits (even if you are > not > routing traffic). > 5. Opennet tunnels via ShadowWalker. > 6. Better seednodes. > 7. Most of the enhancements to other areas we've previously > discussed. > 8. Transient mode reintroduced, so opennet Freenet is still free as > in > beer, and secure with tunnels. Great for uploading on the run! But > transient nodes don't route traffic/tunnels and get lower > performance. > 9. Investigate hardware partners and home-server UI issues. Long term > we > need cheap, convenient hardware nodes, because we need uptime. > > Initially we aim to raise $1M. Anyone who donates $100 gets an > Opennet > Invite, so this is 10,000 users. Hardware nodes might be a good donor > perk too. In future we anticipate charging for OI's, but expect an > increasing proportion to be provably given to other worthwhile, > respected and relevant charities e.g. EFF: The price paid to become > part > of the network infrastructure is mainly a deterrent to large scale > attacks, rather than a means of raising revenue. > > Thoughts? > This assumes that Sybil is the only attack against opennet... which is clearly misleading. Sybil is the obvious, cheap attack; the nastier ones are all those related to "open" topologies and protocols: partitioning attacks, correlation attacks, ... for which we don't have solutions either. Florent signature.asc Description: This is a digitally signed message part ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
[freenet-dev] Freenet Rebooted (without rewriting everything, pay for opennet)
We have several major problems: 1. We need a major injection of cash. 2. We will not have a big connected darknet any time soon. 3. Opennet is not secure unless users pay for introduction. 4. Opennet is slow because of lowest common denominator load. I propose: Freenet Rebooted. A Kickstarter, but based on extending the current code, not a full rewrite. A lot of it actually works reasonably well. MAJOR CHANGES: 1. Darknet enhancements, but we recognise that we will need a large, fast opennet backbone to connect the darknet pockets for the time being. 2. You can only run a Full Opennet Node if you have an Opennet Invite and meet bandwidth/performance requirements. 3. Only Full Opennet Nodes route tunnels and/or high HTL traffic. 4. There may be further restrictions for security reasons, if so we will ensure that an OI still gives performance benefits (even if you are not routing traffic). 5. Opennet tunnels via ShadowWalker. 6. Better seednodes. 7. Most of the enhancements to other areas we've previously discussed. 8. Transient mode reintroduced, so opennet Freenet is still free as in beer, and secure with tunnels. Great for uploading on the run! But transient nodes don't route traffic/tunnels and get lower performance. 9. Investigate hardware partners and home-server UI issues. Long term we need cheap, convenient hardware nodes, because we need uptime. Initially we aim to raise $1M. Anyone who donates $100 gets an Opennet Invite, so this is 10,000 users. Hardware nodes might be a good donor perk too. In future we anticipate charging for OI's, but expect an increasing proportion to be provably given to other worthwhile, respected and relevant charities e.g. EFF: The price paid to become part of the network infrastructure is mainly a deterrent to large scale attacks, rather than a means of raising revenue. Thoughts? Obviously there is a risk of people running parallel networks for $99 or whatever, or #freenet-refs style auto-darknet meshes. Some of them will be scammers and we have a good web presence to start with; I don't think we should worry about this. signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl