On Thu, Oct 06, 2005 at 03:34:15PM -0400, jrandom at i2p.net wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Regarding scalability: > > If we assume that the network structure offers the hoped for path lengths, > that isn't reason to expect that those paths will all be capable of handling > the load required of them, and hence, it will need to fall back on secondary, > tertiary, etc paths.
Well, it is if it's a small world network. It isn't if it's a scale-free network. > As you've found in existing Freenet tests, capacity is > the bottleneck most of the time, determining what path requests must go down, > regardless of what path the heuristic algorithms want them to go down. That has been our previous experience. We will have a different load handling mechanism in the new network; we will not misroute, we will reduce the overall load when overload occurs. > On a > restricted route network, you won't have anywhere near the same number of > alternative paths available - you can't just open up new connections (without > using appropriate trust factors). > > (this is one of the key difference between the resource issues Freenet and > I2P face - Freenet requires specific peers to have available capacity, while > I2P has no such constraint) > > Regarding harvesting and hostile regimes, we're talking across each other > again. My point is one you've made: > > "If the State decides it wants to bust some freenet users there is > nothing we can do to prevent it from achieving this objective - as long > as Freenet is large enough for the state to bother with." > > I agree. > > The qualification you make is key, and conversely, if Freenet/I2P/etc isn't > large enough for the state to bother with, its not worth the effort, as there > are other techniques available for helping the committed few. > > Now, you may be ethically fine with both accepting that and promoting Freenet > for use in those regimes, knowing it doesn't offer individuals protection. It does not offer perfect protection of anonymity. Nor does any other known system. But, strangely enough, many people use inferior systems such as public proxies. > I'm not. I do not recommend the use of any of the known anon comm theory or > tech for the masses in hostile regimes, as we all know it is insufficient to > protect individuals, and those people face consequences graver than a slap on > the wrist. As far as I know there is no persecution of people who use Freenet, or of people who use proxies, at present. There are however active attempts to block these systems. And the implied "well then they should just have a revolution" is not a helpful attitude. > > As for the anonymity offered to users of the darknet, I suggest digging into > some of the papers listed online[1][2], as it will help you work through many > of the various schemes out there. The darknet is certainly vulnerable to > simple packet counting, as you describe, as well as intersection and blending > attacks. The extent that it is vulnerable to the other attacks depends upon > the actual details of the network's operation, which will hopefully be made > available sometime. Nobody has explained what a blending attack is yet. "Simple packet counting" I assume means traffic flow analysis. Which is far more expensive than anything they have done so far. > > [1] http://freehaven.net/anonbib/ > [2] http://www.cl.cam.ac.uk/~gd216/anonymity.html > > > > There are reasonable, and even real[1] attacks going on in the west > > > right now. > > > [1] http://www.la.indymedia.org/news/2005/07/132174.php > > > There are a number of reasons to think the Mixmaster network isn't > > secure any more... > > I'm not sure I follow, are you looking at the same URL I am? That's a person > "in the west" who was arrested, tried, sentenced, and served a year in prison > for linking to another website. This isn't some mythical "well, someday it'll > be 1984". This isn't theory. Most important information can still be obtained. Certainly you can obtain the Church of Scientology stuff, despite their considerable efforts. > > Or are you saying Austin's case is fabricated? > > > if we do make a dent in it, it is likely we will be noticed, and some > > more narrow version of the recent filesharing technologies bill will pass. > > For example, one requiring all filesharing networks to cooperate with law > > enforcement in tracing posters, and to provide technical means to do so. > > And once this happens, it will be extremely easy to shut down either I2P > > or Freenet > > At which point it wouldn't be a "western" state. Those in western states > have one set of tools available to them, while those in more oppressive > regimes have others. Hammers are for nails, not for screws. Others such as...? There aren't any hostile-environment capable, scalable communications tools as far as I know. > > > What's an active blending attack? > > http://www.cl.cam.ac.uk/~aas23/taxonomy.pdf > > > But it is possible to get hold of most things right now, through the > > open web. The problem is that it is possible to get an injunction > > against Google blocking a given search term. Co$ managed it once, for > > example. > > Which means two things: > > 1) for a censorship resistant network to work in the west, it needs to be > as easy to use, if not easier, than simply publishing or reading things on > the web. Sure. > 2) that people in the west *do* need our help. In the long term, yes. However, it only becomes an urgent problem at exactly the time at which it is likely that Freenet and I2P will be banned. > > Now, your statement goes back to the root of identiguy's post, as I understand > it: what Freenet offers isn't necessary for the west, since they can ge what > it does offer elsewhere: > > "This, it seems to me, is a blatant admission on the part of the primary > Freenet developer that Freenet development no longer serves any rational > purpose." > > To understand his statement you need to understand that not everyone has the > same level of faith that you do that Freenet will be sufficient in hostile > regimes. Now, disagree with that if you'd like, but assuming one held such a > belief, you see how he came to that conclusion? I don't see any point in continuing with freenet if it can't be used in hostile regimes (or rather, if some variant of it can't be), because: 1. It is not really needed, 99% of the time, in the relatively free West. Yes, it is of some use, but important stuff does get mirrored and right now can be found. 2. The west may not always be that free. If the West becomes sufficiently non-free that Freenet is essential, it is very likely that Freenet will be banned, and attempts made to prevent it from working. 3. Freenet and I2P in their present forms are harvestable, and can therefore be shut down extremely easily. In particular, it would be very easy for a hostile regime with a national firewall to block either by harvesting and blocking. 4. Therefore the path forward is to develop a system which cannot be harvested, which can form the basis for something that is usable in moderately hostile regimes. Such as China is today; there are active attempts to block the technology (the firewall), but large amounts of money are not yet being put into eliminating a specific technology, and people are not being arrested for running freenet. Today, now, people are using systems inferior to freenet in China. I don't think it is immoral to provide them with something better. > (re china) > > People are not presently executed for running a node; I don't know that > > it is illegal as such > > I'd be suprised to hear that bypassing the censors is legal. The more effort > required to use the system, the less likely that the state will see it as a > harmless use. Throw any sort of stego in the mix, and I'd be suprised if > espionage charges wouldn't be tossed on. Remember the PGP case a little while > back, where the fact that someone was using PGP to encrypt data was used as > evidence of their guilt? And that was in the "west". As far as I know it is exclusively at the electronic level at present. And what they have done so far will have been a minimal effort. > > > Well, the reality is that most of the time censorship in the West isn't > > *that* bad (we wouldn't hear about it if it was!) > > Ashcrofts scare tactics about phantoms of lost liberty holds no water with me. > I'm suprised it does for you. I don't know what you are talking about. > > > I accept stego has problems, but what's the alternative? > > I don't know, not claiming that stego will do what it won't? In which case what is the point of building either I2P or Freenet? > > > You really think Freenet will be legal indefinitely even in the West? > > By definition. If you have a really wierd definition. :) I don't believe that freedom is a boolean. It is highly likely that eventually there will be laws prohibiting anonymous p2p; this does not mean that all of our basic liberties are gone, just that some of them are. > > > And pluggable stego does let you do other things, such as wireless and > > sneakernet, which will be harder to stop. > > Pluggable transports lets you do that, stego is irrelevent to wireless and > sneakernet. Well I suppose, but it's the same principle. > > > > If everyone in the open area can operate as a border (aka be reachable by > > > someone behind a restricted route / trusted link), where is the bottleneck > > > again? > > > > They can't. > > Not in Freenet, aparently. In I2P, they can. If they can, then they can be harvested. That's the point. On I2P, everyone can be harvested (and therefore blocked, for essentially no cost). > > > > > even I2P can't work if the OS is insecure; that doesn't mean you > > > > shouldn't build I2P. > > > > > > Quite true. But it does mean I shouldn't tell people to install I2P on > > > compromized machines. > > > > True enough, but people will continue to install all sorts of things > > onto pirated, not-easily-updatable copies of Windows XP. > > My point was to extend the analogy - just as how I don't tell people to use > I2P on known compromised machines, I don't tell people to use it in > environments where I2P is not suited. Seems the only reasonable thing to do. Well, people use all manner of tools in somewhat-hostile environments. I don't see that I am doing something wrong by this. > > > Okay, I apologize. I should install I2P. There is a reasonably clear > > business case for me to do this; it is in the interests of the project. > > No need to apologize, I was not offended, merely suprised that you haven't > bothered to keep abreast of how other work in the anonymity field is doing. > > > if getting busted meant hundreds of thousands of people being tortured, > > imprisoned for long periods etc, I might lend some weight to your > > arguments. However, for the latter to happen means millions of people > > enjoying such freedom that the state cares that much; it is probably > > worth it. > > Who are you to say whether someone else's suffering is worth it? It's their choice. I am not compelling anybody to do anything. Right now, they are already doing risky things by speaking out online; they are using risky tools to evade the national firewall to determine what is really going on in the world. If I provide them with a tool which is less likely to get them into trouble and less likely to be effectively blocked, where is the harm? > > Risking your own safety is one thing, but this blas? attitude about other > people's safety is disconcerting. > > I know I may not be coming off too supportive here, but I wouldn't bother if > I didn't think the Freenet team could do something worthwhile. I do think > you're going down the wrong track though, and that your efforts could be > better used than where it seems to be going. I'm not convinced that it is worthwhile to build a freenet which cannot actually be used anywhere where there is even a trivial effort to prohibit it; that's the bottom line. Because right now it is not big enough for anyone to worry about. If it ever does get big enough to worry about, I expect it to be made illegal and blocked here also. A system which can easily be blocked is really not very useful; it will be of some limited use for a few years, and then it will be gone, just as the world reaches the point of needing it most. > > =jr -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20051007/1706e547/attachment.pgp>
