[freenet-chat] Arguments against the Darknet

[Matthew Toseland]

On Mon, Jun 26, 2006 at 04:06:50PM -0400, colin at sq7.org wrote:
> 
> > "in its current state"
> 
> Sure- I can only look at the present. I'm usre that hte project has plans
> for fixing things, but I'm just trying to express the way I see it.
> 
> > What exactly were his reasons?
> 
> I talked to two physical friends of mine- I tried to outline their answers
> below- One said that he didn't want to make manual connections, because he
> didn't like the inconvienience, and the potential security risk of linking
> with someone bad. The other said that he didn't want to use it because
> even thought it was anonymous, he'd rather stick to faster connections.

In the latter case, those people won't join until we either have really
compelling content, all the alternatives are shut down, or freenet is
really really fast. This is a problem even with opennet, although
opennet may be a bit faster in terms of large file transfer rates due to
more connections (or it may not).
> 
> > Best results come from many short links and the **occasional** long link.
> > If it was all long links then it wouldn't work. We know this because it
> > has been simulated, and mathematically modelled.
> 
> Sure- I'm not advocating all long links!
> I think that's the difference in the way we're looking at this.
> 
> I think it's possible to create an opennet ON TOP of the darknet
> infrastructure.
> Essentially, have nodes connect to one another in small groups, with the
> Occasional long link, rather than a .5 style free for all.

How would that work? As far as I know the only proposals for opennet are
to build one into the node based on LRU and destination sampling, or to
hack something up based on rendezvous sites (and IRC channels!).
> 
> > Not necessarily; you have to make your own judgement, just as you would
> > if you were offering to share your internet connection with him over
> > wifi.
> 
> The problem is, There's a lot fewer people I'm willing to share my
> internet connection with, than I'm willing to peer with. If everyone was
> held to the share-the-internet connection standard, there would be very
> few links.

Legally you are not held responsible for content downloaded over your
internet link if you can show that somebody else downloaded it without
your knowledge or encouragement. You can be asked to do a wiretap of
course. In practice this may not always be the case on the ground, but
that's more a matter of the court of public opinion than the law. And
here we are talking about encrypted connections, with much less
possibility of finding out what your neighbours are looking at, and
therefore much less liability for it - and also fewer opportunities for
monitoring by outsiders such as the police.
> 
> > Well, what's the alternative? There isn't one in a hostile regime.
> > Either you connect to people you trust, or you don't connect to anyone.
> > Because an opennet is harvestable, and with a national firewall (coming
> > soon to a seemingly democratic country near you), it is very easy to
> > take sanctions against known opennet nodes - blocking foreign ones
> > completely, and suspending the internet access of domestic ones (or
> > worse).
> 
> I think a split model is the right way to go- We keep the existing
> darknet, and we still use it as the basis for routing, but we set up ways
> to create clustered groups without user interaction.
> So a darknet group would still be able to talk to an opennet group-
> They're still part of the same network, it's just a matter of establishing
> relationships individually or automatically.

Ummm, I don't see what you are proposing here. Either there is free
exchange of references or there isn't... are you talking about
connecting to nodes a few darknet hops away? That might be a
possibility, without opening up the network to global harvesting; it's
been discussed before... Anyway you'd need some darknet refs first...
> 
> The beniefit of doing it this way, is that it adds some level of plausible
> deniablity WRT establishing connections- If connections in the darknet can
> be established automatically, then you can say "No, Mr. Evil bad guy, I
> didn't connect to him intentionally, I turned Opennet=on, and so did he,
> and we connected to eachother automatically."

Alternatively, Mallory can just pretend to be 10,000 nodes (with 10,000
cheap IP addresses), and not only harvest but actually connect to every
node. Then he can do all sorts of fun things.

No Mr Evil Bad Guy, I only knew him through the local church / golf
club. I had no idea he was a chicken lover / dissident / whatever.

If they want to villify you they'll find some way to do it. Read Kevin
Mitnick's story sometime. There are very good reasons to expect freenet
to be banned and/or blocked in more countries in future, and there are
not unreasonable grounds to expect some first world countries to be
amongst the list.
> 
> In truth, you could have both connected manually, or connected manually
> WHILE Opennet=on.

Darknet peers are added manually and will not be removed by opennet.
Also they will be treated slightly differently for routing; their
references are not transmitted on successful requests, for example.
> 
> That's what I mean by looking at the opennet as a layer atop the Darknet-
> Use functionality to automatically establish darknet-connections, giving
> users an opennet.

So lets be clear; is opennet something which runs in a client
application, or some part of the node?
> 
> > I don't see why a certain low level of organic growth cannot occur even
> > with a small network. All that is required is good tools, and enough
> > content to spark people's imaginations.
> 
> You need to hit a critical mass before this can happen. We may never reach
> that critical mass.
> 
> The beniefit of the hybrid approach (above) (Opennet OVER darknet) is that
> you can can still choose to only peer with your friends- It doesn't take
> away anything. This helps us achieve a larger userbase, which makes
> establishing REAL darknet connections more likely!

Perhaps. Or perhaps it makes it less likely that you will bother to
connect to your friends. I'm not utterly opposed to opennet in principle,
but I don't think we should do it right now.
> 
> > Well, some people were invited. But there was no benefit to inviting
> > your friends. On a darknet, there is every reason to invite your
> > friends, because inviting random people is far more dangerous.
> 
> Users don't value anonymity very much, I tried to establish that above-
> That means that this trust isn't a large value to them.

So they can use bittorrent. And they will, because it will always be
faster for the most popular content.
> 
> It would work better if you argued "Your friends are likely ot download
> the same types of files as you- They'll be closer in the network, so thus
> faster."

This is true; their caches will coincide with yours to some degree, but
their locations have nothing to do with what content they are interested
in.
> 
> Argue it on Speed, not privacy.
> 
> > Maybe so. We can make it easy to connect to people on darknet through
> > e.g. AIM plugins...
> >
> I think that's a great idea. There hasn't been much traffic on the tools
> list, but I'm hopeful.

:<
> 
> > IMHO even if we do have an opennet there should be material benefits to
> > having darknet connections. Security is a significant advantage, but if
> > opennet is many times faster than darknet then there will be very few
> > people on the darknet.
> 
> The nice thing about the hybrid model I'm proposing is that there isn't a
> real difference between opennet and darknet. Both use the same
> connections.

There has to be a real difference between darknet and opennet. And it
specifically is this: If your node has only darknet connections, its
noderef must NEVER EVER be disclosed automatically by the network. It is
therefore invisible to all except nodes run by friends of the node
operator.

> Essentially, the more people who join the opennet, the STRONGER the
> darknet is!

I doubt it very much. The worry is that nobody will use the darknet at
all except in very small disconnected groups. And when the rug is pulled
from under our feet, we will not have anything resembling the
infrastructure we should have had.

> > "On top of it" ? In addition to it, surely?
> 
> Not at all. See above.

I still don't understand "on top".
> >
> > Why do they have to be 100% trustworthy in every domain? You need to be
> > able to trust them not to mount statistical attacks on your node or DoS
> > the network, sure, but I don't see why you need to be able to trust them
> > not to download illegal materials.
> 
> You need to trust them not to do Bad things, which will get "Bad Guys" to
> look at their list of connections for other "co-conspirators". Don't look
> at this from a Tech POV, look from a Social one.

It is true that you may be regarded as a bad guy simply because you
connected to a a bad guy. However, there is no real legal basis for
this (IANAL); you can expect to be investigated, but not prosecuted. And
in such an unreasonable regime, opennet will be blocked, and it will be
an offence merely to run a freenet node.
> 
> >> 				II) Because of that, they are afraid to link
> >> 				with people. they  don't want to be associated with a "Bad Guy"
> >
> > This may be true.
> 
> I've had one physical person, and several people on #freenet-refs say this
> outright.

Well I have explained the alternative. Opennet is seriously insecure; it
can be blocked easily, it can be exploited from within easily. Those on
#freenet-refs are by definition not connecting to their friends; they
are connecting to random folk on #freenet-refs. Which gives them
reasonable grounds for suspicion, especially given freenet's reputation.
> 
> > Not if the opennet that we implement performs as poorly as 0.5 did, and
> > plunges us into yet more years of wandering in the wilderness. Which it
> > will if we rush into it.
> 
> There is no reason to think Opennet will perform worse than the current .7
> architecture, if it's layered on top of the Darknet model.

There are reasons to think it would have higher churn of connections
(well duh!), higher routing churn, higher location churn (at least in a
hybrid model), and more problems with load limiting and data permanence
as a result. And it has not yet been simulated properly.

> By trying to
> automatically establish small groups, it's likely to work BETTER than the
> current performance, which is essentially using randomized IRC connections
> for most people, rather than true-small groups.

Intersecting small groups. We are not talking about discontiguous cells
linked only by the bosses here.
-- 
Matthew J Toseland - toad at amphibian.dyndns.org
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://emu.freenetproject.org/pipermail/chat/attachments/20060626/792c1b4d/attachment.pgp