[freenet-chat] Web-of-trust questions

Helge Preuss scout at hyperspace-travel.de
Fri May 19 19:36:13 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just listened to the lecture about the new freenet version Ian
Clarke and Oskar Sandberg gave at the 22C3 (the CCC has released it:
http://media.ccc.de/filez/congress/2005/lectures/audio/vorbis/22C3-492-en-freenet_new_version.ogg).
It left open some questions for me.

I do not read the freenet mailing list regularly, so I apologize if
these questions have been asked before, but an explanation would be
nice anyway.

Ian and Oskar explained the routing model of freenet 0.7 and the
issues it aims to address. If I understood correctly, the point is to
connect only to trusted peers to ensure that no hostile nodes discover
you are running freenet (and possibly compromise the connection). The
reasoning behind this is that in repressive regimes running freenet
(and thereby communicating that you have something to hide) may be
enough in itself to get you into trouble.

While I agree with the premise, I have two issues with this.

One, can't everybody discover you run freenet by doing a portscan on
your computer? I assume that would be a more efficient way to
mass-detect freenet nodes than smuggling hostile nodes into freenet -
especially if you're a government agency with broad resources.

Two, they mentioned that a major aim is to get many people to run
freenet. That is obvious. But how would you achieve this goal if
people are forced to *personally know* other people connected to the
network? What do I do if I'm, say, a dissident with no special
knowledge of computers and no hacker friends either? Do I just give up
and sit on my single freenet node? Or do I turn to a centralized
service, thus rendering the web of trust obsolete?

Maybe (probably) I misunderstood something. But I don't see how the
two goals - trusted connections and wide coverage - go together. And
given that you can be detected with a portscan anyway, isn't it
practical just to forget about the web of trust and maximize coverage
instead?

Regards

Helge
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEbh4tMfG7Vu9K+FQRAi5+AKDDeujxgESQMw+jmHNpWYpS/rYUOACg00Uq
X3OxUpV1+5sp7+Ol/GU302o=
=P/I3
-----END PGP SIGNATURE-----

More information about the chat mailing list