On Wed, Oct 05, 2005 at 04:19:26PM +0200, TLorD wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Matthew Toseland wrote: > > On Wed, Oct 05, 2005 at 02:41:14PM +0200, TLorD wrote: > >>toad at amphibian.dyndns.org wrote: > > (note that traffic > > flow analysis is rather expensive at present and tends to produce false > > positives) > > AFAIK that's quite correct. But consider this scenario: computers are divided > in two groups, servers and private users, possibly on different networks or IP > space. Now, all traffic user-to-user is likely P2P of some sort (and possibly > DCC, internet games and a couple of others, but that'd be at best sporadic > traffic). The number of P2P applications is rather small and methods of > recognizing them are known. How hard and expensive would it be to log all > "strange looking" traffic in that scenario? My guess is that it'd be far less > hard and expensive than the Great Firewall of China.
It would probably be easier to lock down the entire network so that P2P is impossible. Yes you can identify traffic by session bytes and so on; but if we use steganography, they will have to do traffic *flow* analysis. > I'd also argue that false positives aren't that much of an issue in state > regimes. Maybe. It depends on what level of collateral damage is acceptable. E.g. it seems very unlikely that the Wall would block ssh. > > >>Secondly, why do you think the network would become a small world? (a FAQ or > >>paper link would be enough) > > There are some papers indicating that social networks are small world, > > however it is by no means certain at present. > > While I tend do agree that usual social networks are small worlds, I'm not > convinced this specific darknet would become a small world by itself. Well, it's a subset of a social network... > > >>darknet, in which case I suspect the gentle users on the our side ot the > >>wall > >>would quickly get blacklisted, once again cutting out chinese users (and > >>paying them a visit for connecting to a forbidden address) > > > > Depends. If we connect to 500 chinese users, probably; if we advertise > > it on the web, probably. OTOH, if I personally know a chinese person I > > want to give bandwidth to, it might well work. Even if I meet people on > > IRC and connect them by DCC chat, it might still work. > > Agreed. But I feel that would be a bit too few. (I however agree that 5 users > is better than 0) > > > Studies suggest small world networks are reasonably robust; we will see. > > That's correct. This is still assuming that freenet 0.7 will be one. Mind you, > I for one would be very happy if my conjecture (tree or very weak graph > coverage) was proven wrong and yours proven true, but this is something which > might eventually be empirically proven when 0.7 will be up and working. > I also wonder if there's a way to draw the topology of the network in a safe > (anonymous, untraceable) way: unless there effectively is one, all you can do > is hope/guess that the network is shaped like you (or I or anyone) want. Well, if we expose the topology, we give attackers an awful lot of information... Worse, it's likely that the network will be a hybrid - some parts of it dark and some parts open. > > > It will surely be less efficient in some ways in terms of more data > > duplication; that is inevitable with any constrained-links topology. > > That's what I meant with lower efficiency (that's a tradeoff after all: speed > for security) > > > I wouldn't say it was a failure as such; people still use it. But 0.7 > > will be better. > > (rather) A failure in the sense of something that the product offered worse > performance than other programs (in this case I2P) for some metric (in my > case, the reasons why I switched over to I2P as mentioned in the other post). > Useless? Definitely not. The distributed storage is still a good thing which > is not (yet) on I2P, if that's what you need; the freenet experiments brought > up some interesting questions, and without freenet I doubt there'd be an I2P > to start with. I'm not going to say it was wasted time for the simple fact I > don't believe it was. > (rather) A failure also because, if the need for a redo from 0 was felt, it's > because something went wrong (isn't that the definition of a failure?). > I don't either believe a failure is something intrinsecally bad. In fact, most > good things come from failures and retries and learning and retrying even > harder. > Fact is, I *DO* look forward to freenet 0.7 and the empirical results gathered > from releasing the hare into the wild. Thanks. > > > As for I2P over freenet... we will have more services in 0.7 (e.g. irc), > > but they will be severely limited on bandwidth. If they don't work, > > we'll find a way to make them work, or we'll disable them. :) > > Lol then first get 0.7 out, then see how (if!) interactive stuff works (irc > and such) and only then will be the I2P over freenet worth thinking about :D > Also, think carefully how things would work in the no-free-bandwidth situation > you are sure to meet very soon (freenet 0.5 was, I2P will probably soon be, I > don't really expect freenet 0.7 to be safe from that issue). > > > So spoke I. And I might be wrong :D -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20051005/4bc70852/attachment.pgp>
