[freenet-chat] Practical darknet - or where are the chinese?

Tue Aug 29 23:26:54 UTC 2006

On 8/29/06, Matthew Toseland <toad at amphibian.dyndns.org> wrote:
> On Fri, Aug 25, 2006 at 01:52:21PM +0200, Lean Fuglsang wrote:
> > Hi,
> > I was wondering what the plan is for practial darknet in china. In the
> > west it looks like a practial IP based darknet i possible where a lot of
> > legal communication is encrypted and ISP's are not that government
> > friendly.
>
> A lot of legal traffic is encrypted in China too. They use SSL for
> exactly the same reason that we do; mostly to protect credit card
> numbers. And in the west many ISPs are very anxious to prevent
> litigation at almost all costs.
>
> > The laws that have been passed have been in the style of ban the
> > application, or prosecute the little people. But for now it seems that ISP
> > are independent enough that a IP darknet is possible.
> >
> > But what is the reality in china? What kind of link management is done, I
> > don't believe that darknet would be possible using IP, since it is
> > possible to see that a node is using it. It is just too easy to see that a
> > host have many encrypted udp connection.
>
> That sort of traffic flow analysis is expensive. ISPs don't have one
> computer behind each incoming connection, they have a big router behind
> hundreds of them. Freenet 0.7 traffic as it is is detectable only by
> trying to profile packet sizes, timing etc, or by the fact that it isn't
> anything else. Either way it's not that easy to detect, and if you
> detect it by it not being anything else you effectively force
> registration of protocols with the government. This is not the case in
> China now AFAIK and I doubt it will be the case in the near future.
> >
> > So how is it imagened that freenet should work? Should the steganography
> > go through skype, or other messaging services? If it is phone or video,
> > how can you connect to multiple host? You first call one, and then you
> > call another? Can the network cope with this type of connections?
>
> VoIP (preferably including video) is a promising avenue for future
> research into stego. We can use it parasitically, by for example sending
> data on the video stream and keeping the voice stream as it is (so the
> traffic is only what would have happened anyway but it doesn't include
> video), or we can try to fake timings (which is hard!).

VoIP is troublesome in that most phone calls don't last many hours or
happen at hours of the day.  I think a better idea may be video game
servers like Half-Life Countersrike etc.  These use UDP and people
have been known to play for hours if not days.  Also pretending to be
a non-anonymous P2P app like Emule may be an option.  All for future
thought of course...

-- 
I may disagree with what you have to say, but I shall defend, to the
death, your right to say it. - Voltaire