Anonymous Remailer (austria) writes: > Arne Babenhauserheide: > Is that a fact, am I on an 'open' Darknet, connected to Opennet > too, less vulnerable, also towards an evil 'friend'?
You are just as vulnerable to friends as to opennet peers. With a darknet connection, you have at least one connection which requires social engineering to take over — instead of just requiring some servers. > Thanks for replying. I had not thought of separating real life > friends from FN 'friends', because I have understood exchanging > noderefs requires real-life trust in the other person. That trust > implies shared interests so we'd be friends on Freenet too. You might have shared interest, but that does not mean that you share all your interests. I generally use at least 3 different IDs: - Public. It carries my real name. My friends know it. - Semi-Private: My friends may know that it’s me. - Private: No one but me knows that it’s me. > I am not telling anyone I use Freenet, if only for the obvious > question why I need it. > > - Well, maybe I do not need it but I do feel anonymity and > encryption is important. > - Oh? For what? > - Protection against the all-seeing eyes of Google, NSA... for > which reasons I hate Facebook and so on.. technics are > interesting.. mail is very unsafe.. it's a rat race of encryption > against NSA spionage.. > - Man what a bullshit. Ain't you got something better to do? For > that reason you run a complicated, slow network? I should encrypt > mails to you? The NSA is interested in our cracked programs? > - Yes they read everything.. all talks over phone are registered.. > worldwide spy industry.. will you read wikileaks? > - Alu hat? → Do you want your potential future employer to know everything we talk about and use that to screen applications? To you tell all your colleagues and family about every hobby you have? When you talk about it in the open, it’s just one security breakage of your online service from being public. > I can't afford Freenet friends. Few understand, most don't want to > know any of this. > > Am I wrong that exchanging noderefs makes you more vulnerable > towards a 'friend', also more vulnerable over the net? > That person knows my IP adress, that I run a node and a lot about > the person I am in real life, because we should trust eachother. You only need to trust the other to not modify his/her node to spy on you. Since most people don’t have the skills to do that, the trust requirement isn’t that high. > Our ID's on Freenet and our reallife id's are linked. But I can't > know what my friend does and hides from me. He can make me unsafe > for our shared 'secrets', even if there aren't any. That’s exactly what you should not do. Or rather: You create one ID per shared secret and keep these separate. > Now nobody in real life knows that I run a node. My ISP and LE can > see it, but FN should be designed to keep them from knowing what I > talk about or who I am on Freenet. My reallife me is separated from > the FN 'me'. That feels more safe to me. > > Is that false logic? Sadly yes, because there are technical limitations to security: With Opennet, you must allow arbitrary people to connect to each other. So LE can, with reasonable effort, get many connections to you, even when all they know is that you use Freenet. With darknet, you only connect to people you know from elsewhere. To connect to you, LE has to actually trace down one or several of your friends and corrupt their computers without alerting you of that. They have to risk that one of your friends might tell you about their actions, and that’s a huge risk: If you learn about their attack, not only can you stop the attack, you will also be able to stop future attacks by staging up your operational security. Or eradicate any evidence they search for. And alert your other friends. Via darknet friend-to-friend messages which they cannot trace. Even having just a few darknet connections prevents attacks for which they would have to completely surround you (take over all your connections): Without help from the ISP they do not know your darknet peers, so they cannot block these connections by DoSing your friend. Best wishes, Arne -- Unpolitisch sein heißt politisch sein ohne es zu merken
signature.asc
Description: PGP signature
_______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe