On Monday 28 April 2008 05:38, Simply Paranoid wrote: > Hello fellow paranoids! > > I've spent ~a good hour on the site trying to find answers for 2 simple > yet important questions regarding insecure mode: > 1. Can my ISP know what am I downloading/uploading to FreeNet?
Not easily. Your ISP can for example MITM your downloading Freenet in the first place, and replace it with a rootkit. :) Or slightly more subtle, replace your seednodes.fref with a bunch of evil nodes he controls. If you have a trust path to nextgens' SSL cert (with which the installer is signed), or if you build from source (and manually inspect it!), you are a bit safer, but you still have the seednodes replacement threat. One solution to that is to only connect to your friends (but you'd have to exchange noderefs out of band, or encrypted with keys which have been verified out of band e.g. by checking fingerprints over the phone). Note that your ISP can do this with any executable you download from a non-SSL site, e.g. linux graphics drivers. > 2. Can the nodes I download/upload from (Read: NSA in disguise) see what > I'm doing? > Of course, we assume they don't use correlation attacks or any other > ridiculous & unlikely methods. If they don't attack you they can't see what you're doing. That's kinda by definition... :) Unfortunately correlation attacks are far from ridiculous and unlikely. They are feasible for a sufficiently motivated and resourced attacker. They are easier for big files or long-lived Frost identities. Another class of attack is where the attacker is mobile, able to connect to a small subset of the network at any one time. If Mallory can identify which blocks belong to a specific requestor, he can gradually move towards the requestor. > > I believe the answer to the second question is "yes until 0.8", though > I'm not sure. The first question, however, is essentially unmentioned at > all, at least directly*. If both the ISP and connecting nodes can read > the content, then I find very little difference between FN and say, > Limewire! Hopefully 0.8 will improve significantly on request security. However, it was just as bad (give or take a percentage) in 0.5. And 0.7 has darknet, which opens up new options to significantly improve security, as well as network survivability. > > Anyway it would be nice to see this info on the site in order to compare > between FreeNet and similar projects like I2P. > Thanks and keep it up :) You should read the wiki: http://wiki.freenetproject.org/FreenetZeroPointSevenSecurity > > *http://archives.freenetproject.org/message/20080407.160132.8fa35bc2.en.html > touches the issue vaguely. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/support/attachments/20080428/bd6b9c13/attachment.pgp>
