Re: [freenet-support] Rant for Opennet
Anonymous writes: >> ? Do you want your potential future employer to know everything we talk >> about and use that to screen applications? To you tell all your >> colleagues and family about every hobby you have? When you talk about >> it in the open, it.s just one security breakage of your online service >> from being public. > > Reply would be: you're just too paranoia. Got nothing to hide. “Didn’t you ever lose a chance, because a co-worker got a grudge against you because you hold a different opinion on something? Or got into problems for a careless comment?” >> You only need to trust the other to not modify his/her node to spy on >> you. Since most people don.t have the skills to do that, the trust >> requirement isn.t that high. > > It's indeed not, if my trust in the other would be enough. But it > is not. You actually assume that all your friends at the same time have the skills to modify Freenet and would do that to spy on you? >> That.s exactly what you should not do. Or rather: You create one ID per >> shared secret and keep these separate. > > This is what I do--inside Freenet. I use more than one ID, keeping > them separate. > The main reason is to diffuse the profile of the person I am. Yepp — you separate them. No need to tell the people you connect to about all your IDs. > As it looks now, LE can ID files w/in FN, track what is downloaded > or uploaded > but not yet prove w/o doubt what one node does. > It can be made 'likely' but not proven. It’s the same for darknet friends. > Every IP running FN is logged, each file inside FN is registered. > Still, there is no way identities can be linked to IP's. For opennet “no way” is putting it too high. It’s hard, but if they can take over all your opennet connections, they know what you insert, and that means they could know your IDs. Taking over all your connections is possible in Opennet. In darknet, they would have to corrupt most of your friends without you noticing. That’s extremely hard and needs actual people to get active, which raises the cost for the attack enormeously. Even having some darknet peers as well as opennet gives you protection against that attack. > I am not convinced darknet is useful to me, I do see opennet as > what I need. > > My real person must not have anything to do with the person, ID I > am inside Freenet, this is a definitive must. That’s what you get with Darknet, but not with Opennet. > I do not want anyone to know what I do inside Freenet. I even don't > want anyone to know I run a node. > My ISP may know, LE knows, but both must not know what I do inside > FN or what my ID is inside. For the people you connect to the same is true. > I do want to communicate with, necessarily, complete strangers, in > a public way _inside Freenet_. > As an aside: it is this, the open, virtual community of virtual > ID's which makes Freenet useful to me. > I guess, this is what makes FN unique, its virtual community. That’s one of the big strengths of Freenet, yes: Pseudonymous communication. > Reversely, I do not want anyone inside FN to get a hint of who I am > in real life. > The two worlds must be separated, my security depends on it. For my security, that’s not that essential, but I want to provide that separation for people who really need it — and also for myself should I need it at some point. There might be things I want to share without connecting them to myself. I know that in school I had that need of not wanting to have my classmates know what I do in my free time. Or of not wanting some violent nutcrack or some violent sect to know my real identity and harass me or my family for something I said in Freenet. In Germany there are few anti-nazi activists who stopped their activity because their family got threatened, and in the US people get sent SWAT teams to their home. Sadly the nazi have connections into our equivalent to CIA/NSA, as evidenced by lots of documents about murder by nazis disappearing or being "accidently" destroyed just days before parliament should have received them. > I may trust an other ID in FN to, for example publish software I > can trust to run. > Just because over time, such an ID has proven to be worth this > trust. > But but this trust can't be extended to exchange noderefs with > her/him. That is exactly right. You can NEVER EVER exchange a noderef with someone you only know from Freenet using a non-public ID when you want to keep that ID separate from your real identity. Even if you know someone with your public ID, you should not exchange noderefs with him/her, because the chance to hit an attacker is much higher in Freenet than among your pre-existing real life friends and collegues. > Nor can I trust a rl person with the fact I run Freenet, both cross > the line of keeping my Freenet ID separate from my real ID. > It does not matter if I trust that person with all I got, this fact > I can not share. Why is that? The fact that you run
Re: [freenet-support] Rant for Opennet
On 08-May-16 7:35 PM, Arne Babenhauserheide wrote: > > Anonymous Remailer (austria) writes: > >> Arne Babenhauserheide: >> Is that a fact, am I on an 'open' Darknet, connected to Opennet >> too, less vulnerable, also towards an evil 'friend'? > > You are just as vulnerable to friends as to opennet peers. > > With a darknet connection, you have at least one connection which > requires social engineering to take over instead of just requiring > some servers. >> Thanks for replying. I had not thought of separating real life >> friends from FN 'friends', because I have understood exchanging >> noderefs requires real-life trust in the other person. That trust >> implies shared interests so we'd be friends on Freenet too. > > You might have shared interest, but that does not mean that you share > all your interests. > > I generally use at least 3 different IDs: > - Public. It carries my real name. My friends know it. > - Semi-Private: My friends may know that its me. > - Private: No one but me knows that its me. > >> I am not telling anyone I use Freenet, if only for the obvious >> question why I need it. >> >> - Well, maybe I do not need it but I do feel anonymity and >> encryption is important. >> - Oh? For what? >> - Protection against the all-seeing eyes of Google, NSA... for >> which reasons I hate Facebook and so on.. technics are >> interesting.. mail is very unsafe.. it's a rat race of encryption >> against NSA spionage.. >> - Man what a bullshit. Ain't you got something better to do? For >> that reason you run a complicated, slow network? I should encrypt >> mails to you? The NSA is interested in our cracked programs? >> - Yes they read everything.. all talks over phone are registered.. >> worldwide spy industry.. will you read wikileaks? >> - Alu hat? > > ? Do you want your potential future employer to know everything we talk > about and use that to screen applications? To you tell all your > colleagues and family about every hobby you have? When you talk about > it in the open, its just one security breakage of your online service > from being public. Reply would be: you're just too paranoia. Got nothing to hide. >> I can't afford Freenet friends. Few understand, most don't want to >> know any of this. >> >> Am I wrong that exchanging noderefs makes you more vulnerable >> towards a 'friend', also more vulnerable over the net? >> That person knows my IP adress, that I run a node and a lot about >> the person I am in real life, because we should trust eachother. > > You only need to trust the other to not modify his/her node to spy on > you. Since most people dont have the skills to do that, the trust > requirement isnt that high. It's indeed not, if my trust in the other would be enough. But it is not. >> Our ID's on Freenet and our reallife id's are linked. But I can't >> know what my friend does and hides from me. He can make me unsafe >> for our shared 'secrets', even if there aren't any. > > Thats exactly what you should not do. Or rather: You create one ID per > shared secret and keep these separate. This is what I do--inside Freenet. I use more than one ID, keeping them separate. The main reason is to diffuse the profile of the person I am. >> Now nobody in real life knows that I run a node. My ISP and LE can >> see it, but FN should be designed to keep them from knowing what I >> talk about or who I am on Freenet. My reallife me is separated from >> the FN 'me'. That feels more safe to me. >> >> Is that false logic? > > Sadly yes, because there are technical limitations to security: With > Opennet, you must allow arbitrary people to connect to each other. So LE > can, with reasonable effort, get many connections to you, even when all > they know is that you use Freenet. > > With darknet, you only connect to people you know from elsewhere. To > connect to you, LE has to actually trace down one or several of your > friends and corrupt their computers without alerting you of that. They > have to risk that one of your friends might tell you about their > actions, and thats a huge risk: If you learn about their attack, not > only can you stop the attack, you will also be able to stop future > attacks by staging up your operational security. Or eradicate any > evidence they search for. And alert your other friends. Via darknet > friend-to-friend messages which they cannot trace. As it looks now, LE can ID files w/in FN, track what is downloaded or uploaded but not yet prove w/o doubt what one node does. It can be made 'likely' but not proven. Every IP running FN is logged, each file inside FN is registered. Still, there is no way identities can be linked to IP's. This is the crux of why FN is needed. The separation of virtual and rl ID. > Even having just a few darknet connections prevents attacks for which > they would have to completely surround you (take over all your > connections): Without help from the ISP they do not know your darknet > peers, so they cannot block these
