jrandom at i2p.net wrote: > = regarding "non-harvestable": we're talking at cross purposes here. > You're referring to how easy it is to discover the physical nodes on > which peers run, and I say its a matter of effort, not a matter of > capability. Yes, its more expensive to compromise one node at a > time, but in hostile regimes, where that person may be imprisoned or > summarily killed when they're compromised, its little comfort for them > to hear "well, it took them longer than it would have in I2P!"
On the contrary, there is great value in a system that makes life somewhat more bureacratically burdensome for people who want to censor communication, even if it doesn't completely eradicate the chance of an individual node being compromised. Even a small raising of the bar can make a huge difference to the chances of being caught. Think of it like an epidemic. Cracking a node is like infecting a person. For each person they're in contact with, there's a chance, X%, that the infection will be transmitted. How many people get infected given a particular X? There is not a linear relationship between the two. It's more like exponential, and after a while there's a tipping point beyond which the infection is self-sustaining. You don't need to completely eliminate the chance of transmission, just get it down to levels where the infection dies out quickly. Halving the chance of transmission does not merely halve the number of infections: it makes the difference between almost everyone being infected and almost no-one being infected. Have we eliminated Polio yet? No. Are you scared of getting Polio? Freenet is trying to lower X to something that will prevent an attacker getting more than a few steps through the network before running out of fresh leads. It doesn't mean that no-one will ever get caught; it just means that any individual's chances of being caught are pretty low. This in turn means that the chances of an attacker ever bothering are dramatically reduced, which quickly brings the probability down to vanishingly small. And no, those people unlucky enough to get "infected" are not going to end up in a mass grave somewhere. Even totalitarian regimes can't get away with that kind of gross overreaction just for running a piece of software. The punishment might be unfairly harsh, but we're talking about fines not bullets here. If they identify who inserted what content that's different, but here we're only talking about the penalty for running the software itself. I think too many people are being a bit melodramatic about this issue.
