-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Freenet can provide things which I2P cannot as regards security - > specifically it can provide a non-harvestable, scalable darknet.
Three points- = regarding "scalable": As you later agree that "resource management may well be a problem, especially with streams", perhaps claiming that Freenet scales before working through the fundamental issue of resource management is a bit premature = regarding "non-harvestable": we're talking at cross purposes here. You're referring to how easy it is to discover the physical nodes on which peers run, and I say its a matter of effort, not a matter of capability. Yes, its more expensive to compromise one node at a time, but in hostile regimes, where that person may be imprisoned or summarily killed when they're compromised, its little comfort for them to hear "well, it took them longer than it would have in I2P!" = regarding "darknet": there are a whole slew of issues involved in offering strong anonymity, few of which have been discussed publicly regarding the 0.7/dark. As you say later, traffic analysis attacks will be possible against your peers - to what extent, and at what cost? There has been insufficient information made publicly available to suggest that the darknet will offer more anonymity than Freenet 0.5, but I look forward to hearing more as time progresses. > > Yes, I know, "but people are using Freenet in China now!" I had a similar > > discussion with some people working on anonymous blogging a few months back. > > Yes, you can do wonders when there are only a few people using it - security > > through obscurity *does* work - as long as its not popular enough for them > > to > > bother attacking. > Newsflash: They do attack it. The web site has been blocked for years, > and the protocol is blocked as of now. Now, they don't spend much > resources on it. That probably took what, 5 minutes to do, total? Thats not much of an attack. > But I don't see much point in building either Freenet or I2P if > there is no hope to eventually evolve into something that can resist > reasonable attacks. There are reasonable, and even real[1] attacks going on in the west right now. Fuck filesharing, I don't care about those who are only concerned about IP issues. If I thought that was the only thing I2P could help with, I wouldn't bother. [1] http://www.la.indymedia.org/news/2005/07/132174.php > I believe that Freenet's current architecture can evolve into something > usable in many hostile regimes. Faith is great, and I hope you're right. > Well, the idea was simply that it's more efficient; we were going to use > a combination of multicast and 1:1 streams to implement IRC. Neat. Back when I2P was starting up, nop and others were interested in doing something similar for IIP. Perhaps it'd be worth looking at SILC [2] for ideas and issues? [2] http://silcnet.org/ > The problems that "real live users" face in "western" regimes are > insignificant compared to the real goal. I'm sorry, helping real live users in western regimes *is* my goal. Or at least, its a step on the path which I must cross before going further. If I sincerely didn't care about western users, I'd be working on the wetware. Technology is not a panacea. > In which case China etc are the perfect model for the likely future state > of the West. Over my dead body. > You can find nodes in other ways - compromizing nodes one at a time and > global traffic flow analysis being the obvious things, as well as > compromizing the social network. You don't even need global traffic flow analysis. A local passive ISP wouldn't have any trouble detecting suspicious activity, enough to warrant further investigation. Toss on active blending attacks and its as bright as day. It doesn't need to be done against everyone all the time to catch some of them some of the time, but again, how many dead users is OK with you? As I've said before, stegonography is useless for the masses. It will only act as a big red flag for those who detect it, and if its open source, you can be sure it'll be detected (and if its closed source, well, you shouldn't trust it) > > These restricted routes sound pretty much exactly > > like the proposed "hybrid" network, where the majority of peers are > > reachable > > but a few at the edges are behind trusted/restricted links. We've discussed > > this a few times, and your response to this has been that its pointless > > unless > > all peers operate on restricted routes. > Perhaps, but for it to be really useful you need a large darknet, not a > few edge nodes. Otherwise you will end up with severe, and easy to deal > with, bottlenecks on the borders. If everyone in the open area can operate as a border (aka be reachable by someone behind a restricted route / trusted link), where is the bottleneck again? > And tolerable browsing latency? Seems so. 2-15s page load, irc rtt @ 1-2s. I did some hacking last week on a new HTTP transfer encoding to optimize things further, and there have been some bugs there, but its not horrid. YMMV > even I2P can't work if the OS is insecure; that doesn't mean you shouldn't > build I2P. Quite true. But it does mean I shouldn't tell people to install I2P on compromized machines. =jr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDRAYwWYfZ3rPnHH0RAocgAJ0agt6ZVBGg69t5p3/8xvlWrA5XLACgigs+ Op9vLkd5J+tqO+5H0tuOlbU= =AvuI -----END PGP SIGNATURE-----
