-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Regarding scalability:
If we assume that the network structure offers the hoped for path lengths, that isn't reason to expect that those paths will all be capable of handling the load required of them, and hence, it will need to fall back on secondary, tertiary, etc paths. As you've found in existing Freenet tests, capacity is the bottleneck most of the time, determining what path requests must go down, regardless of what path the heuristic algorithms want them to go down. On a restricted route network, you won't have anywhere near the same number of alternative paths available - you can't just open up new connections (without using appropriate trust factors). (this is one of the key difference between the resource issues Freenet and I2P face - Freenet requires specific peers to have available capacity, while I2P has no such constraint) Regarding harvesting and hostile regimes, we're talking across each other again. My point is one you've made: "If the State decides it wants to bust some freenet users there is nothing we can do to prevent it from achieving this objective - as long as Freenet is large enough for the state to bother with." I agree. The qualification you make is key, and conversely, if Freenet/I2P/etc isn't large enough for the state to bother with, its not worth the effort, as there are other techniques available for helping the committed few. Now, you may be ethically fine with both accepting that and promoting Freenet for use in those regimes, knowing it doesn't offer individuals protection. I'm not. I do not recommend the use of any of the known anon comm theory or tech for the masses in hostile regimes, as we all know it is insufficient to protect individuals, and those people face consequences graver than a slap on the wrist. As for the anonymity offered to users of the darknet, I suggest digging into some of the papers listed online[1][2], as it will help you work through many of the various schemes out there. The darknet is certainly vulnerable to simple packet counting, as you describe, as well as intersection and blending attacks. The extent that it is vulnerable to the other attacks depends upon the actual details of the network's operation, which will hopefully be made available sometime. [1] http://freehaven.net/anonbib/ [2] http://www.cl.cam.ac.uk/~gd216/anonymity.html > > There are reasonable, and even real[1] attacks going on in the west > > right now. > > [1] http://www.la.indymedia.org/news/2005/07/132174.php > There are a number of reasons to think the Mixmaster network isn't > secure any more... I'm not sure I follow, are you looking at the same URL I am? That's a person "in the west" who was arrested, tried, sentenced, and served a year in prison for linking to another website. This isn't some mythical "well, someday it'll be 1984". This isn't theory. Or are you saying Austin's case is fabricated? > if we do make a dent in it, it is likely we will be noticed, and some > more narrow version of the recent filesharing technologies bill will pass. > For example, one requiring all filesharing networks to cooperate with law > enforcement in tracing posters, and to provide technical means to do so. > And once this happens, it will be extremely easy to shut down either I2P > or Freenet At which point it wouldn't be a "western" state. Those in western states have one set of tools available to them, while those in more oppressive regimes have others. Hammers are for nails, not for screws. > What's an active blending attack? http://www.cl.cam.ac.uk/~aas23/taxonomy.pdf > But it is possible to get hold of most things right now, through the > open web. The problem is that it is possible to get an injunction > against Google blocking a given search term. Co$ managed it once, for > example. Which means two things: 1) for a censorship resistant network to work in the west, it needs to be as easy to use, if not easier, than simply publishing or reading things on the web. 2) that people in the west *do* need our help. Now, your statement goes back to the root of identiguy's post, as I understand it: what Freenet offers isn't necessary for the west, since they can ge what it does offer elsewhere: "This, it seems to me, is a blatant admission on the part of the primary Freenet developer that Freenet development no longer serves any rational purpose." To understand his statement you need to understand that not everyone has the same level of faith that you do that Freenet will be sufficient in hostile regimes. Now, disagree with that if you'd like, but assuming one held such a belief, you see how he came to that conclusion? (re china) > People are not presently executed for running a node; I don't know that > it is illegal as such I'd be suprised to hear that bypassing the censors is legal. The more effort required to use the system, the less likely that the state will see it as a harmless use. Throw any sort of stego in the mix, and I'd be suprised if espionage charges wouldn't be tossed on. Remember the PGP case a little while back, where the fact that someone was using PGP to encrypt data was used as evidence of their guilt? And that was in the "west". > Well, the reality is that most of the time censorship in the West isn't > *that* bad (we wouldn't hear about it if it was!) Ashcrofts scare tactics about phantoms of lost liberty holds no water with me. I'm suprised it does for you. > I accept stego has problems, but what's the alternative? I don't know, not claiming that stego will do what it won't? > You really think Freenet will be legal indefinitely even in the West? By definition. > And pluggable stego does let you do other things, such as wireless and > sneakernet, which will be harder to stop. Pluggable transports lets you do that, stego is irrelevent to wireless and sneakernet. > > If everyone in the open area can operate as a border (aka be reachable by > > someone behind a restricted route / trusted link), where is the bottleneck > > again? > > They can't. Not in Freenet, aparently. In I2P, they can. > > > even I2P can't work if the OS is insecure; that doesn't mean you > > > shouldn't build I2P. > > > > Quite true. But it does mean I shouldn't tell people to install I2P on > > compromized machines. > > True enough, but people will continue to install all sorts of things > onto pirated, not-easily-updatable copies of Windows XP. My point was to extend the analogy - just as how I don't tell people to use I2P on known compromised machines, I don't tell people to use it in environments where I2P is not suited. Seems the only reasonable thing to do. > Okay, I apologize. I should install I2P. There is a reasonably clear > business case for me to do this; it is in the interests of the project. No need to apologize, I was not offended, merely suprised that you haven't bothered to keep abreast of how other work in the anonymity field is doing. > if getting busted meant hundreds of thousands of people being tortured, > imprisoned for long periods etc, I might lend some weight to your > arguments. However, for the latter to happen means millions of people > enjoying such freedom that the state cares that much; it is probably > worth it. Who are you to say whether someone else's suffering is worth it? Risking your own safety is one thing, but this blas? attitude about other people's safety is disconcerting. I know I may not be coming off too supportive here, but I wouldn't bother if I didn't think the Freenet team could do something worthwhile. I do think you're going down the wrong track though, and that your efforts could be better used than where it seems to be going. =jr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDRYKMWYfZ3rPnHH0RAkCaAJ9Uto9ywpgFiwDuGhWKlv66ioVvXACdFDxC R4nKfpZ507sfaUEqothrUDw= =R1Df -----END PGP SIGNATURE-----
