Re: [freenet-support] Rant for Opennet

[Arne Babenhauserheide]

Anonymous Remailer (austria) writes:

> Arne Babenhauserheide:
> Is that a fact, am I on an 'open' Darknet, connected to Opennet 
> too, less vulnerable, also towards an evil 'friend'?

You are just as vulnerable to friends as to opennet peers.

With a darknet connection, you have at least one connection which
requires social engineering to take over — instead of just requiring
some servers.
> Thanks for replying. I had not thought of separating real life 
> friends from FN 'friends', because I have understood exchanging 
> noderefs requires real-life trust in the other person. That trust 
> implies shared interests so we'd be friends on Freenet too.

You might have shared interest, but that does not mean that you share
all your interests.

I generally use at least 3 different IDs:
- Public. It carries my real name. My friends know it.
- Semi-Private: My friends may know that it’s me.
- Private: No one but me knows that it’s me.

> I am not telling anyone I use Freenet, if only for the obvious 
> question why I need it.
>
> - Well, maybe I do not need it but I do feel anonymity and 
> encryption is important.
> - Oh? For what?
> - Protection against the all-seeing eyes of Google, NSA... for 
> which reasons I hate Facebook and so on.. technics are 
> interesting.. mail is very unsafe.. it's a rat race of encryption 
> against NSA spionage..
> - Man what a bullshit. Ain't you got something better to do? For 
> that reason you run a complicated, slow network? I should encrypt 
> mails to you? The NSA is interested in our cracked programs?
> - Yes they read everything.. all talks over phone are registered.. 
> worldwide spy industry.. will you read wikileaks?
> - Alu hat?

→ Do you want your potential future employer to know everything we talk
  about and use that to screen applications? To you tell all your
  colleagues and family about every hobby you have? When you talk about
  it in the open, it’s just one security breakage of your online service
  from being public.

> I can't afford Freenet friends.  Few understand, most don't want to 
> know any of this.
>
> Am I wrong that exchanging noderefs makes you more vulnerable 
> towards a 'friend', also more vulnerable over the net?
> That person knows my IP adress, that I run a node and a lot about 
> the person I am in real life, because we should trust eachother.

You only need to trust the other to not modify his/her node to spy on
you. Since most people don’t have the skills to do that, the trust
requirement isn’t that high.

> Our ID's on Freenet and our reallife id's are linked. But I can't 
> know what my friend does and hides from me. He can make me unsafe 
> for our shared 'secrets', even if there aren't any.

That’s exactly what you should not do. Or rather: You create one ID per
shared secret and keep these separate.

> Now nobody in real life knows that I run a node. My ISP and LE can 
> see it, but FN should be designed to keep them from knowing what I 
> talk about or who I am on Freenet. My reallife me is separated from 
> the FN 'me'. That feels more safe to me.
>
> Is that false logic?

Sadly yes, because there are technical limitations to security: With
Opennet, you must allow arbitrary people to connect to each other. So LE
can, with reasonable effort, get many connections to you, even when all
they know is that you use Freenet.

With darknet, you only connect to people you know from elsewhere. To
connect to you, LE has to actually trace down one or several of your
friends and corrupt their computers without alerting you of that. They
have to risk that one of your friends might tell you about their
actions, and that’s a huge risk: If you learn about their attack, not
only can you stop the attack, you will also be able to stop future
attacks by staging up your operational security. Or eradicate any
evidence they search for. And alert your other friends. Via darknet
friend-to-friend messages which they cannot trace.

Even having just a few darknet connections prevents attacks for which
they would have to completely surround you (take over all your
connections): Without help from the ISP they do not know your darknet
peers, so they cannot block these connections by DoSing your friend.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

[freenet-support] Rant for Opennet

[Anonymous Remailer (austria)]

Arne Babenhauserheide:
>
> This reasoning falls for 3 misconceptions:
>
> 1. You do not give your Darknet friends the key to your house. You only
> make it easier for them to break in by letting them see the insides
> as if they looked through the windows. In Opennet everybody can get a
> connection to you and run exactly the same attacks a darknet friend
> can run. So by switching to darknet, you pull down the blinds and
> *only* your Darknet friends can look through. With Opennet you do not
> have blids, so everyone can look through.

The logic of this escapes me. I'll explain below.

> 2. If you are doing things LE wants to know badly and they already know
> your physical identity, nothing can protect you. If they do not know
> your physical identity, they also do not know your friends. If they
> get to know your friends, they also get to know you, which gives them
> your IP address, allowing them to run all Opennet attacks against you
> — which are easier than darknet attacks.

Is that a fact, am I on an 'open' Darknet, connected to Opennet 
too, less vulnerable, also towards an evil 'friend'?

> 3. You do not give your Darknet friends your in-Freenet identities. To
> be safe you have to start a *new* identity in Freenet, without ties
> to people you know physically.



Thanks for replying. I had not thought of separating real life 
friends from FN 'friends', because I have understood exchanging 
noderefs requires real-life trust in the other person. That trust 
implies shared interests so we'd be friends on Freenet too.

I am not telling anyone I use Freenet, if only for the obvious 
question why I need it.

- Well, maybe I do not need it but I do feel anonymity and 
encryption is important.
- Oh? For what?
- Protection against the all-seeing eyes of Google, NSA... for 
which reasons I hate Facebook and so on.. technics are 
interesting.. mail is very unsafe.. it's a rat race of encryption 
against NSA spionage..
- Man what a bullshit. Ain't you got something better to do? For 
that reason you run a complicated, slow network? I should encrypt 
mails to you? The NSA is interested in our cracked programs?
- Yes they read everything.. all talks over phone are registered.. 
worldwide spy industry.. will you read wikileaks?
- Alu hat?

I can't afford Freenet friends.  Few understand, most don't want to 
know any of this.

Am I wrong that exchanging noderefs makes you more vulnerable 
towards a 'friend', also more vulnerable over the net?
That person knows my IP adress, that I run a node and a lot about 
the person I am in real life, because we should trust eachother.
Our ID's on Freenet and our reallife id's are linked. But I can't 
know what my friend does and hides from me. He can make me unsafe 
for our shared 'secrets', even if there aren't any.

Now nobody in real life knows that I run a node. My ISP and LE can 
see it, but FN should be designed to keep them from knowing what I 
talk about or who I am on Freenet. My reallife me is separated from 
the FN 'me'. That feels more safe to me.

Is that false logic?
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe