On Sat, Sep 23, 2006 at 10:45:57AM -0700, an ominous cow herd wrote: > I find it funny that all of these 0.7 users are saying that the 0.7 network > is > better and more secure than the 0.5 network. They say this even while we see > these warnings about critical bug fixes, peers in the 0.7 network being able > to monitor what comes from your node, and the IRC channels where people trade > references could have cops monitoring or actively trading these references. > Now you mention that there is a cap on bandwidth. WTF? > > This is why I'm staying with the 0.5 network until either 0.7 becomes useful, > or another anonymous network (ANts http://antsp2p.sourceforge.net/) > surpasses the 0.5 network in usability, popularity, and security. > > It would be sad to see Freenet become just a footnote in the computer > chronicles while other anonymous networks become more popular and Freenet > loses it's user base. Maybe some Chinese Christian dissident will use it to > speak freely, but it won't matter much if there is no one to listen.
I'm half inclined to believe that there's a deliberate propaganda campaign against Freenet 0.7... Here's what I said on the tech list: ----------------------------------------------------------------------- The 10MB limit is nonsense; there is no such code. And correlation attacks are feasible on 0.5 as well as on 0.7. It's a bit more complex on 0.5, but I'm not sure that it requires any more effort. And on 0.7 you get to choose your peers; on 0.5 a clever peer can choose you (possibly as part of a network-wide campaign to connect to everyone in order to monitor everyone). 0.7 does have some security issues certainly, but overall I'm not sure that 0.5 is any better. Anyway, read the security page on the wiki. ----------------------------------------------------------------------- For anyone listening who can't be bothered to look up the security page on the wiki, here it is: http://wiki.freenetproject.org/FreenetZeroPointSevenSecurity The short version: - Correlation attacks are possible on both 0.5 and 0.7. They may be easier on 0.7 due to it having better (therefore more predictable) routing, but 0.5's routing is pretty predictable, as it just goes by load most of the time. Also due to Freenet 0.7 having smaller keys. - Freenet 0.7 has one major, obvious weakness right now which is that its connection setup isn't secure against MITM or impersonation when the attacker knows the refs of both sides. Nextgens started to work on this, but STS (the solution) isn't quite ready yet. - On 0.5, or indeed on any opennet, such as the one we will soon implement for 0.7, or the bogus one we have at present using #freenet-refs etc, a whole range of attacks are much easier. In particular, harvest-and-block is the best known attack. But content tracing is easier on opennet too, because all you have to do is connect to everyone and do correlation attacks on everyone (requires an ubernode). Or connect to one node at a time and likewise. You are vulnerable on darknet or on opennet - but on darknet you get to choose who you are vulnerable to. If you suspect a particular subnetwork, just connect to all the nodes on that network and do correlation attacks on them. Etc etc.
signature.asc
Description: Digital signature
_______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
