On 08-May-16 7:35 PM, Arne Babenhauserheide wrote: > > Anonymous Remailer (austria) writes: > >> Arne Babenhauserheide: >> Is that a fact, am I on an 'open' Darknet, connected to Opennet >> too, less vulnerable, also towards an evil 'friend'? > > You are just as vulnerable to friends as to opennet peers. > > With a darknet connection, you have at least one connection which > requires social engineering to take over instead of just requiring > some servers. >> Thanks for replying. I had not thought of separating real life >> friends from FN 'friends', because I have understood exchanging >> noderefs requires real-life trust in the other person. That trust >> implies shared interests so we'd be friends on Freenet too. > > You might have shared interest, but that does not mean that you share > all your interests. > > I generally use at least 3 different IDs: > - Public. It carries my real name. My friends know it. > - Semi-Private: My friends may know that its me. > - Private: No one but me knows that its me. > >> I am not telling anyone I use Freenet, if only for the obvious >> question why I need it. >> >> - Well, maybe I do not need it but I do feel anonymity and >> encryption is important. >> - Oh? For what? >> - Protection against the all-seeing eyes of Google, NSA... for >> which reasons I hate Facebook and so on.. technics are >> interesting.. mail is very unsafe.. it's a rat race of encryption >> against NSA spionage.. >> - Man what a bullshit. Ain't you got something better to do? For >> that reason you run a complicated, slow network? I should encrypt >> mails to you? The NSA is interested in our cracked programs? >> - Yes they read everything.. all talks over phone are registered.. >> worldwide spy industry.. will you read wikileaks? >> - Alu hat? > > ? Do you want your potential future employer to know everything we talk > about and use that to screen applications? To you tell all your > colleagues and family about every hobby you have? When you talk about > it in the open, its just one security breakage of your online service > from being public.
Reply would be: you're just too paranoia. Got nothing to hide. >> I can't afford Freenet friends. Few understand, most don't want to >> know any of this. >> >> Am I wrong that exchanging noderefs makes you more vulnerable >> towards a 'friend', also more vulnerable over the net? >> That person knows my IP adress, that I run a node and a lot about >> the person I am in real life, because we should trust eachother. > > You only need to trust the other to not modify his/her node to spy on > you. Since most people dont have the skills to do that, the trust > requirement isnt that high. It's indeed not, if my trust in the other would be enough. But it is not. >> Our ID's on Freenet and our reallife id's are linked. But I can't >> know what my friend does and hides from me. He can make me unsafe >> for our shared 'secrets', even if there aren't any. > > Thats exactly what you should not do. Or rather: You create one ID per > shared secret and keep these separate. This is what I do--inside Freenet. I use more than one ID, keeping them separate. The main reason is to diffuse the profile of the person I am. >> Now nobody in real life knows that I run a node. My ISP and LE can >> see it, but FN should be designed to keep them from knowing what I >> talk about or who I am on Freenet. My reallife me is separated from >> the FN 'me'. That feels more safe to me. >> >> Is that false logic? > > Sadly yes, because there are technical limitations to security: With > Opennet, you must allow arbitrary people to connect to each other. So LE > can, with reasonable effort, get many connections to you, even when all > they know is that you use Freenet. > > With darknet, you only connect to people you know from elsewhere. To > connect to you, LE has to actually trace down one or several of your > friends and corrupt their computers without alerting you of that. They > have to risk that one of your friends might tell you about their > actions, and thats a huge risk: If you learn about their attack, not > only can you stop the attack, you will also be able to stop future > attacks by staging up your operational security. Or eradicate any > evidence they search for. And alert your other friends. Via darknet > friend-to-friend messages which they cannot trace. As it looks now, LE can ID files w/in FN, track what is downloaded or uploaded but not yet prove w/o doubt what one node does. It can be made 'likely' but not proven. Every IP running FN is logged, each file inside FN is registered. Still, there is no way identities can be linked to IP's. This is the crux of why FN is needed. The separation of virtual and rl ID. > Even having just a few darknet connections prevents attacks for which > they would have to completely surround you (take over all your > connections): Without help from the ISP they do not know your darknet > peers, so they cannot block these connections by DoSing your friend. Thanks for your interest, Arne. I am not convinced darknet is useful to me, I do see opennet as what I need. My real person must not have anything to do with the person, ID I am inside Freenet, this is a definitive must. I do not want anyone to know what I do inside Freenet. I even don't want anyone to know I run a node. My ISP may know, LE knows, but both must not know what I do inside FN or what my ID is inside. I do want to communicate with, necessarily, complete strangers, in a public way _inside Freenet_. As an aside: it is this, the open, virtual community of virtual ID's which makes Freenet useful to me. I guess, this is what makes FN unique, its virtual community. Reversely, I do not want anyone inside FN to get a hint of who I am in real life. The two worlds must be separated, my security depends on it. I may trust an other ID in FN to, for example publish software I can trust to run. Just because over time, such an ID has proven to be worth this trust. But but this trust can't be extended to exchange noderefs with her/him. It would be an unwanted, unsafe link to the reallife me from inside Freenet. Nor can I trust a rl person with the fact I run Freenet, both cross the line of keeping my Freenet ID separate from my real ID. It does not matter if I trust that person with all I got, this fact I can not share. Darknet demands to cross that line. I must exchange noderefs containing my actual IP, with someone else. I can not afford to do that. I can't trust a random stranger inside FN, and I can't trust even my most trusted people in real life. It is a pity Darknet provides for better technical protection against a random attacker, I can not use it. I think it would be a good idea to be aware of how important the security of people running Opennet is. If Opennet is cracked, meaning: if it can be proven which FN ID belongs to my IP, it means Freenet is broken. This is independent of physical security Darknet provides, because to use opennet, one of the darknet peers must run opennet. An attacker may see everything I do in FN, he may also see anything the real me does in real life, he must not be able to make this connection. Not Darknet is crucial, this is.
_______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
