Re: [freenet-support] Freenet speed & local threats
> On Fri, 9 Dec 2011 05:26:19 -0500, Chris wrote: >> I am looking into setting up a distribution where Tor or freenet is >> used to create a secure and anonymous environment for communicating. > > Very cool. I've done that too :-). > >> One of the issues with freenet is that it is slow. I haven't used it >> in many years and do understand it has gotten much better. I also am >> aware that after a few days it gets faster as popular data is >> retained and gets 'cached' on your node and nearby nodes based on >> what those around you are doing. >> >> What I'm trying to figure out is what happens when your node is not on >> 24/7 and you can only connect infrequently for several hours at a >> time. > > It runs at esssentially the same speed (minus the benefits of immediate > local caching, of course) -- which is pretty slow but manageable. It > may take a few seconds / a minute longer to fetch things, but that's > still a minute longer than the censored web provides, so either way > users will have to adjust their expectations. Booting into the network > will also take an additional minute or so, which always-on nodes don't > have to worry about. > >> Many users have a persistent local threat that they need to be aware >> of. Leaving a server running is not an option as it could be >> compromised by an adversary. >> >> Removable media can reduce that threat. > > The keyword being *reduce* :p. We all have that concern and fear, of > unforeseen zero-day linux exploits, etc. (We already know they exist in > Window$ :). Ideally you would want to make extra sure you have "enough" > contingency planning (proper permissioning / stable and patched > software / firewalls / perhaps "caged" virtual machines / "sentry" > programs / whatever your paranoia desires), so such fears are > minimized. They will never be eliminated though. > I was not referring to zero day exploits actually. The key word here was local real-world threats. Such as an adversary gaining physical access to the server/machine running freenode. Removable media may not eliminate the threat although there is less opertunity for a more sophisticated targeted attack. A software keylogger inserted into the MBR or similar would not be possible if the boot medium is never available to the attacker. On the other hand a physical keylogger may still be possible and maybe even a software based keylogger although more difficult to disguise/install without being noticed. I can think of at least a few different ways of getting a keylogger onto a system without having access to the boot drive or having to install a physical device. I would still need physical access to the computer. At least one method would not even require BIOS modification and would work on any x86 machine. >> What I'm looking to find out is if you run a freenode from a >> removable media and then run a local server running freenode to use >> as one of your peers (which could be on all the time) does this post >> a threat? > > Besides the obvious risks of either of those machines being compromised > (by any number of ways: physically, buggy software, leaky software, > etc), traffic analysis will always be a threat with Tor, and also with > Freenet if bad guys have somehow managed to occupy all your peer > connections. But besides these well known threats, I think it's pretty > safe. But not perfectly safe. Lets give a scenario: We have to assume that a persons Internet connection is being monitored. This might be via a sophisticated non-governmental actor (such as by breaking WEP/WPA) or by a government act such as monitoring at the telco. The adversary should also be assumed to be "unethical" in that there are no rules and can physically modify or otherwise install a software based monitoring solution on any boot media they have access to. The first question is how many peers need to be compromised to identify the content being transmitted? If a few of your freenode peers can be compromised and the adversary can monitor your Internet connection and local area network can they identify the contents which are being requested/sent by you? This assumes that they can't bug the physical machine that you are using to run freenode. If you add a server with freenode (which can be bugged) to your local LAN that is then added as one of your peers does this compromise the security? The point of adding a server with freenode to peer with on the local LAN would be to speed up requests since the machine that is actually used for browsing freesites (such as a laptop) can't be left on all the time (as doing so gives an adversary opportunity to bug it). This means it has to run from a removable boot medium that can be accounted for at all times. > >> If no local server is run that you peer with how is the speed if you >> only connect every few days? Is running freenet for a few hours to >> several hours going to be sufficient or will it be unbearably slow? > > It's bearable. (After it takes a few minutes t
Re: [freenet-support] Lots of questions about Frost and Thaw
On Fri, 09 Dec 2011 10:13:39 -0800, Walter Barnes wrote: > On 12/8/2011 11:06 AM, Dennis Nezic wrote: > > On Thu, 08 Dec 2011 09:12:01 -0800, Walter Barnes wrote: > >> [...] > >> Do I even need Frost? > > If you want a forum on freenet, then sure, it is one of at least > > three different forum systems. It's a standalone Java program (that > > operates over your freenet node in the background.) FMS is a > > similar, newer and better standalone program, written in C. > > Freetalk is an even newer system, written as a Java plugin to your > > node, and installed/accessed via your node's control panels > > (normally) -- although I hear it (still) has performance issues. > > Thanks Denis but I'm just looking for ways to access Frost message > boards. That's fair enough. Although, you should be aware that the other two newer systems were built specifically because Frost can be trivially DOS-ed and rendered unusable. (They use "webs of trust", instead of allowing anybody/anything to post.) ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Lots of questions about Frost and Thaw
On 12/8/2011 11:06 AM, Dennis Nezic wrote: On Thu, 08 Dec 2011 09:12:01 -0800, Walter Barnes wrote: [...] Do I even need Frost? If you want a forum on freenet, then sure, it is one of at least three different forum systems. It's a standalone Java program (that operates over your freenet node in the background.) FMS is a similar, newer and better standalone program, written in C. Freetalk is an even newer system, written as a Java plugin to your node, and installed/accessed via your node's control panels (normally) -- although I hear it (still) has performance issues. Thanks Denis but I'm just looking for ways to access Frost message boards. I have found a freesite for frost that appears to have a version of Frost that's newer than the one on freenetproject.org. I'll try that one out but I'm still curious if there is a plugin for Thaw that will access Frost message boards. Even if there isn't such a plugin, I think I still need Thaw for file sharing and I have no idea where to get a recent version. As I mentioned in my previous message, the one available for download at freenetproject.org is at least 3 years out of date. Is there a freesite for Thaw with a more recent version or where else do I go? Thanks, Walter ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet speed & local threats
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/09/2011 02:26 PM, Chris wrote: > I am looking into setting up a distribution where Tor or freenet is used > to create a secure and anonymous environment for communicating. > > One of the issues with freenet is that it is slow. I haven't used it in > many years and do understand it has gotten much better. I also am aware > that after a few days it gets faster as popular data is retained and gets > 'cached' on your node and nearby nodes based on what those around you are > doing. > > What I'm trying to figure out is what happens when your node is not on > 24/7 and you can only connect infrequently for several hours at a time. > > Many users have a persistent local threat that they need to be aware of. > Leaving a server running is not an option as it could be compromised by an > adversary. > > Removable media can reduce that threat. What I'm looking to find out is if > you run a freenode from a removable media and then run a local server > running freenode to use as one of your peers (which could be on all the > time) does this post a threat? > > If no local server is run that you peer with how is the speed if you only > connect every few days? Is running freenet for a few hours to several > hours going to be sufficient or will it be unbearably slow? > > With Tor speeds are frequently severely limited. Especially with .onion > nodes. Some non-onion servers can be accessed with significant speed > though for sustained periods (15-300... maybe faster). The bigger problem with Freenet isn't really speed, it's the latency (i.e. how long it takes for the data to begin being actually downloaded after request or be uploaded after the insert starts). That part gets better if you are connected after some time. Also you didn't state if you are looking for anonymous publishing or anonymous downloading. If it's for publishing then Freenet will actually be better than Tor for you, since after the user goes offline the content doesn't disappear, and the adversary cannot determine the user simply by looking at patterns in the accessibility. However, if you are looking for something which will protect the user, who cannot run any software for a long period of time and wants to download the material right after going online, then perhaps something like Tor is better (at this time). Of course, what do i know? - Volodya - -- http://freedom.libsyn.com/ Echo of Freedom, Radical Podcast "None of us are free until all of us are free."~ Mihail Bakunin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJO4h+zAAoJENW9VI+wmYasPPgH/14AOhfo+xW9120RMdxegXYf 81daeoCtFwpYWMKk3flevH9HyjeKdbZymt6sqVq1z90/IPYMz9jXnERKaAGKdegE cm2Sly0Kg6JkJ+e/sQu3nIKkWcKHv3AsNg9rtp1Kd5Qpe4tpau4V221aZiXLkGtA RvBL8pKUBNYBq8k5usxVV9m4jArfIYeUN2xcq+BXXwf5Gi/mC4uvov6WAe5VTTOS Q4bXexqtc1KNnali15uT6EdQqmsac9u/8aVYgeA359etPtHGWvKxyctmpgJuypbS xE7eoiSstA5gibcd8wIKzIrfOhz92WcC4br2qicwnIy77jq6hPNbqrnFMP8D3Rk= =T3EK -END PGP SIGNATURE- ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet speed & local threats
On Fri, 9 Dec 2011 05:26:19 -0500, Chris wrote: > I am looking into setting up a distribution where Tor or freenet is > used to create a secure and anonymous environment for communicating. Very cool. I've done that too :-). > One of the issues with freenet is that it is slow. I haven't used it > in many years and do understand it has gotten much better. I also am > aware that after a few days it gets faster as popular data is > retained and gets 'cached' on your node and nearby nodes based on > what those around you are doing. > > What I'm trying to figure out is what happens when your node is not on > 24/7 and you can only connect infrequently for several hours at a > time. It runs at esssentially the same speed (minus the benefits of immediate local caching, of course) -- which is pretty slow but manageable. It may take a few seconds / a minute longer to fetch things, but that's still a minute longer than the censored web provides, so either way users will have to adjust their expectations. Booting into the network will also take an additional minute or so, which always-on nodes don't have to worry about. > Many users have a persistent local threat that they need to be aware > of. Leaving a server running is not an option as it could be > compromised by an adversary. > > Removable media can reduce that threat. The keyword being *reduce* :p. We all have that concern and fear, of unforeseen zero-day linux exploits, etc. (We already know they exist in Window$ :). Ideally you would want to make extra sure you have "enough" contingency planning (proper permissioning / stable and patched software / firewalls / perhaps "caged" virtual machines / "sentry" programs / whatever your paranoia desires), so such fears are minimized. They will never be eliminated though. > What I'm looking to find out is if you run a freenode from a > removable media and then run a local server running freenode to use > as one of your peers (which could be on all the time) does this post > a threat? Besides the obvious risks of either of those machines being compromised (by any number of ways: physically, buggy software, leaky software, etc), traffic analysis will always be a threat with Tor, and also with Freenet if bad guys have somehow managed to occupy all your peer connections. But besides these well known threats, I think it's pretty safe. But not perfectly safe. > If no local server is run that you peer with how is the speed if you > only connect every few days? Is running freenet for a few hours to > several hours going to be sufficient or will it be unbearably slow? It's bearable. (After it takes a few minutes to connect to the network.) I suppose it's similar to fetching a freesite you never fetched before -- perhaps a bit faster. > With Tor speeds are frequently severely limited. Especially > with .onion nodes. Some non-onion servers can be accessed with > significant speed though for sustained periods (15-300... maybe > faster). That's probably not a Tor-specific problem -- but simply the less powerful server behind the onioning. I don't think there are any youtube-sized .onion servers. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
[freenet-support] Freenet speed & local threats
I am looking into setting up a distribution where Tor or freenet is used to create a secure and anonymous environment for communicating. One of the issues with freenet is that it is slow. I haven't used it in many years and do understand it has gotten much better. I also am aware that after a few days it gets faster as popular data is retained and gets 'cached' on your node and nearby nodes based on what those around you are doing. What I'm trying to figure out is what happens when your node is not on 24/7 and you can only connect infrequently for several hours at a time. Many users have a persistent local threat that they need to be aware of. Leaving a server running is not an option as it could be compromised by an adversary. Removable media can reduce that threat. What I'm looking to find out is if you run a freenode from a removable media and then run a local server running freenode to use as one of your peers (which could be on all the time) does this post a threat? If no local server is run that you peer with how is the speed if you only connect every few days? Is running freenet for a few hours to several hours going to be sufficient or will it be unbearably slow? With Tor speeds are frequently severely limited. Especially with .onion nodes. Some non-onion servers can be accessed with significant speed though for sustained periods (15-300... maybe faster). ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe