[freenet-chat] Freenet 0,5 or 0,7

- van2 at vipmail.hu
Tue Aug 29 21:15:54 UTC 2006 

Thanks for your response, you've convinced me on most points. I still have
two questions:
 
So what you're saying is that if a single direct peer becomes a traitor, it
would not necessarily lead to instant knowledge of what your are downloading
 only if most of your direct peers become traitors and work together. So I
imagine, this would mean that the more direct peers an individual has, the
safer he is. 
 
But, most freenet users would probably not have more than 1 or 2 or 3 in
real life. 
First question: So once real life possibilities are exhausted, where can one
find enough direct peers to be safe? 
 
What's going to happen is there's going to be a well integrated main darknet
and a lot of these smaller darknets that aren't able to integrate because
none of the members knows anyone in the main darknet. So they'll cease to
exist. I might as well have 15 direct peers I trust, if none of us knows
someone in the big darknet, there's nothing we can do.
 
Therefore only people already integrated into the main darknet will be able
to invite new members, meaning the majority of new users will not be able to
join the darknet, and be left out in the open(net). 
Second question: Is there a solution to this, or will most people in fact
not be able to benefit from darknet?
 
One possible idea:
If someone has enough direct peers, then it would be safe for him to take on
a few unknown newbies and make them 
into direct peers, and this could be a way to allow unknown members (or
unintegrated darknets) to join.
 
 
 
 
 
-------Original Message-------
 
From: David Sowder (Zothar)
Date: 08/29/06 20:09:44
To: chat at freenetproject.org
Cc: -
Subject: Re: [freenet-chat] Freenet 0,5 or 0,7
 
- wrote:
>
>
> NextGen$: I don't think you should call people trolls who are merely
> trying to expose the weaknesses of freenet to make it better. Isn't
> that what you guys want us to do? We're all in the same boat here.
>
> You stated that you believe computer based attacks on Freenet are much
> easier than social engineering, and therefore support the fact that
> freenet should be an invite only network.
>
True darknet: the target node can only be attacked socially assuming that:
1) "the bad guys" don't know which machines are running a Freenet node
(i.e. they don't know what machine to target for a node) if there is
in-packet signature on Freenet traffic an the Freenet packets are
indistinguishable from other Internet traffic
2) "the bad guys" haven't confiscated a direct peer of the target node
 
Opennet: the target node can be attacked electronically because:
1) the target node will potentially connect to anyone who wants a connection
2) "the bad guys" simply need to pretend to be a lot of anyones
> But, I don't think this model's going to work, for several reasons:
>
> First, the guiding principle behind freenet right now is anonymity in
> the numbers of a large number of users doing all sorts of different
> things. They may easily know you're using freenet, but it's extremely
> difficult to prove WHAT you downloaded. In other word it's very
> difficult to get specific evidence against a specific freenet user.
>
True darknet anonymity:
1) the target node's traffic is anonymous to all non-direct peers,
including "the bad guys" (unless they manage to get a direct peer with
the target node), assuming the attackability points I mentioned above
2) the target node's traffic is anonymous to the direct peers in the
sense that all or most of target node's direct peers would have to
collaborate using statistical attacks to determine what the target node
requested, inserted or stored
3) I'm not sure about this part, but "the bad guys" may not even be able
to know what was contained in the traffic going through them unless they
also had the URI of the resources being requested or inserted (i.e., if
they don't have the decrypt keys, they don't know what's in the packet)
 
Opennet anonymity:
1) the target node's traffic is anonymous in the same way that 1, 2 and
3 of "True darknet anonymity" above are still true, but becoming all or
most of the peers for a target node is automatable, unlike true darknet,
which requires humans to initiate each peering relationship.
 
> True, if freenet becomes illegal, the opennet may not work, but what's
> the worse that's going to happen? They put up a national firewall
> making freenet unusable, or freenet users will just get a message from
> their ISP saying they better stop or they'll be kicked off. This may
> not happen until 3-5 years from now, even though it may be illegal on
> paper in France already.
>
Depends on what kind of illegal we're talking about.  Some places, the
penalties may be much more severe than others.
> The darknet concept does not provide this sort of anonymity, you are
> exposed to the people you "trust", I haven't heard a single response
> to the question: what happens if someone in your darknet gets busted
> or a spy manages to infiltrate by joining? They instantly have
> reasonable grounds to assume that you are engaged in the same
> activity, since you're part of the same ring. This should be enough to
> bust you as well.
>
The only nodes directly compromised by a darknet node owner getting
busted are the direct peers of that node owner assuming "the bad guys"
get control of the node before the peering relationships are severed.  A
panic button might save your peers.  If the direct peers are
compromised, "the bad guys" would then have to get control of each of
the direct peers to compromise their direct peers.  (Again, assuming
Freenet packets are indistinguishable from other Internet traffic.)
> They also now have the ability to specifically monitor WHAT you
> downloaded. Plus your "trusted" friend could easily rat on you. And
> that's that.
>
Only target node's direct peers have a chance of knowing what the target
node downloaded and only if they cooperate to do statistical attacks and
thus know with reasonable certainty that the target node was responsible
for the download traffic and not some third party merely routing through
the target node.  Knowing what the target node downloaded is even more
difficult if my thoughts about not having the decrypt info is also true.
> How can you underestimate the importance of this?
>
Perhaps the assumptions you make in "this" are flawed and the "you" in
your question has not underestimated any importance.
> In contrast in opennet if a user gets busted, yes they may get a
> seedfile of hundreds of different users in many different countries
> all engaged in different activities. That's nice, they know all these
> people are using freenet, but it will not give them specific evidence
> against anyone, unless they do some extremely complex traffic
> analysis, spanning multiple countries and ISPs.
>
See what I've written above.  The complex analysis you seem to believe
in is much easier on opennet than it is on a true darknet.
> And your comment about social engineering being more difficult, that
> doesn't really apply to today's situation, since right now all it
> takes is going on IRC to join. When is freenet planning to go
> underground then?
>
I don't think anybody is suggesting that the #freenet-refs channel on
the Freenode IRC network is creating a true darknet.  It is, however,
being used to bootstrap a pseudo-darknet to test and develop the Freenet
0.7 software.  Not all peering relationships are being made in such a
public way.
> I guess the entire 0,7 testing group will have to break into groups of
> darknets of 2-3-4 people that trust each other in real life. If it
> goes underground with a few hundred hard core enthusiasts, where's the
> fresh content going to come from?
>
Perhaps you don't realize that the whole point of a true darknet is that
it can exist "underground" and in "plain sight" at the same time.
> And half will be left outside without a darknet. I personally
> will have to form a one person darknet then.
>
Some people seem to have the impression that an opennet gives anonymity
by hiding in the masses and that this is "more anonymous" than trusted
peers being the only nodes "in the know" about a target node's activities.
 
As the devs have said before, opennet will happen at some point; not in
the next few weeks, but possibly by the end of the year or there
'bouts.  When (not if) opennet is developed, I, for one, will continue
to use the darknet model on my primary node and will only use an opennet
node for development purposes.
> /-------Original Message-------/
>
> /*From:*/ NextGen$ <mailto:nextgens at freenetproject.org>
> /*Date:*/ 08/28/06 19:46:46
> /*To:*/ urza9814 at gmail.com <mailto:urza9814 at gmail.com>
> /*Cc:*/ chat at freenetproject.org <mailto:chat at freenetproject.org>
> /*Subject:*/ Re: [freenet-chat] Freenet 0,5 or 0,7
>
> * urza9814 at gmail.com <mailto:urza9814 at gmail.com> <urza9814 at gmail.com
> <mailto:urza9814 at gmail.com>> [2006-08-28 12:51:28]:
>
> > On 8/28/06, NextGen$ <nextgens at freenetproject.org
> <mailto:nextgens at freenetproject.org>> wrote:
> > >* urza9814 at gmail.com <mailto:urza9814 at gmail.com>
> <urza9814 at gmail.com <mailto:urza9814 at gmail.com>> [2006-08-28 11:13:24]:
> > >
>
> [snip.]
>
> > >> On 8/28/06, NextGen$ <nextgens at freenetproject.org
> <mailto:nextgens at freenetproject.org>> wrote:
> > >> >* - <van2 at vipmail.hu <mailto:van2 at vipmail.hu>> [2006-08-27
> 19:45:27]:
> > >> >How do you explain that all terrorist cells haven't been busted so ?
> > >> >
> > >>
> > >> Um...they're small groups of people that know and trust each other
> > >> really well. And they're isolated. That'd be like having a few
> hundred
> > >> 50-100 person darknets with no communication between them and people
> > >> only invite the people they've known for many, many years.
> > >
> > >You shouldn't connect to people you don't trust, full stop.
> > >
> >
> > If I only connected to people I trust I'd end up with a darknet of 2.
> > That's not very useful.
> >
>
> That's usefull.
>
> > >> >> Also, it just isn't realistic to think that people will know
> others in
> > >> >real
> > >> >> life that they
> > >> >> can trust with the kind of things they need anonymity for. A
> minority
> > >> >> of people will have such connections, but the majority will
> not! This
> > >> >will
> > >> >> mean that
> > >> >> for freenet to be viable it will always need to have a public
> > >mechanism
> > >> >for
> > >> >> joining.
> > >> >
> > >> >That's debatable... Gmail hadn't and has been successfull.
> > >> >
> > >>
> > >> How the hell can you even CONSIDER comparing Gmail to freenet?
> > >> Gmail isn't anonymous.
> > >
> > >Gmail is an invite-only system as freenet
> > >
> >
> > Freenet isn't really invite only.
>
> how so ?
>
> > >> If I invite a government agent to Gmail, that's not gonna screw
> me over.
> > >
> > >It won't on freenet either... It might.
> > >
> >
> > Well, there's no possibility of that at all on Gmail.
>
> Why do you think they keep who has introduced you then ?
> I bet that it's a convenient way of fighting against spam. The catch a
> spammer and ensure that his "invitees" aren't spammer.
>
>
> > >> I don't have to send a file to someone to get them to join Gmail.
> > >
> > >You've to send them a mail, wich is kinda the same thing.
> > >
> >
> > ehh...not really. You just type their email addy in a box.
>
> We could have the same thing on freenet. Maybe we will.
>
> > >> There's no security risk with just sending Gmail invites to random
> > >people.
> > >
> > >If the fact of running freenet is illegal in your country opennet won't
> > >help
> > >at all ;)
> > >
> >
> > It's not.
>
> Freenet is already illegal here in France, I doubt it's legal in China
> either.
>
> [snip.]
>
> Maybe you could answer to points I've snipped.
>
> > On the darknet you know exactly who you're connected to. On the
> > opennet you don't. More deniability, and harder for governments to use
> > one compromised node to get to others.
>
> That a false assumption. Your ISP does know who you're connected to,
> even on
> opennet! Let's take an example, since a law called LEN, french ISPs
> have to
> keep logs of EVERYTHING going through their wires for up to 6 months!!!!
>
> Of course that silly law is hardly possible to apply... but still.
>
> > If the chinese government
> > captures one node on a darknet, chances are most of the connected
> > nodes are also in China. If they capture one node on an opennet,
> > chances are they can maybe bust one or two of the other known nodes.
> > And opennet works better. Security might be debatable, but I have yet
> > to see an argument saying that performance would be better on a
> > darknet.
>
> see above... on that point it's again worst with opennet than darknet
> because
> opennet's connections can be spotted by cheap traffic analysis ... on
> darknet
> it's more expensive ... and won't be doable when we have got
> steganographic
> transport plugins.
>
> > Besides, look at all the existing opennets. I've never heard of anyone
> > getting busted on Freenet 0.5...I've never heard of a string of
> > arrests on ANY P2P network where they, say, captured one guy's
> > computer and then watched who downloaded from him. That type of attack
> > would be a lot more efficient on a darknet.
> >
>
> Maybe because such networks aren't popular enough to be targeted ?
> Maybe because they don't need to make an example out of those poor guys ?
>
> > >> >Keep in mind that the "known attacks" agaisnt freenet are only
> > >> >probablilistic ones ... "It's likely that your have
> inserted/downloaded
> > >> >that
> > >> >key" : it's always a matter of plausible deniability.
> > >> >
> > >> >> Are "the bad guys" really going to spend millions on high tech
> > >> >> computers to break a network, when all they have to do is join it?
> > >> >Thinking
> > >> >> we can keep them out is absurd! Any current member of 0,7
> could just
> > >as
> > >> >well
> > >> >> be or become a spy or a narc or whatever.
> > >> >>
> > >> >
> > >> >You seems to missunderstand the point : you should wonder why would
> > >> >opennet be
> > >> >more secure... and will see that it's not.
> > >> >
> > >>
> > >> I wonder why a darknet is more secure...and see that it's not.
> > >
> > >Can't you read what I'm writting ? :)
> > >
> >
> > Can't you read what *I'm* writing? :)
> >
>
--
David R. Sowder
Supervisor of Language Acquisition Center
Department of Modern Languages
University of Texas at Arlington
    Work: 817-272-5148  davids at uta.edu    http://langlab.uta.edu/
Personal:               david at sowder.com  http://david.sowder.com/
 
_______________________________________________
chat mailing list
chat at freenetproject.org
Archived: http://news.gmane.org/gmane.network.freenet.general
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/chat
Or mailto:chat-request at freenetproject.org?subject=unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://emu.freenetproject.org/pipermail/chat/attachments/20060829/e4fda5e0/attachment.htm

More information about the chat mailing list