[freenet-chat] Web-of-trust questions

Fri May 19 20:11:57 UTC 2006

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lars Juel Nielsen wrote:
> On 5/19/06, Helge Preuss <scout at hyperspace-travel.de> wrote: I just
> listened to the lecture about the new freenet version Ian Clarke
> and Oskar Sandberg gave at the 22C3 (the CCC has released it:
> http://media.ccc.de/filez/congress/2005/lectures/audio/vorbis/22C3-492-en-freenet_new_version.ogg).
>  It left open some questions for me.
>
> I do not read the freenet mailing list regularly, so I apologize if
>  these questions have been asked before, but an explanation would
> be nice anyway.
>
> Ian and Oskar explained the routing model of freenet 0.7 and the
> issues it aims to address. If I understood correctly, the point is
> to connect only to trusted peers to ensure that no hostile nodes
> discover you are running freenet (and possibly compromise the
> connection). The reasoning behind this is that in repressive
> regimes running freenet (and thereby communicating that you have
> something to hide) may be enough in itself to get you into trouble.
>
>
> While I agree with the premise, I have two issues with this.
>
> One, can't everybody discover you run freenet by doing a portscan
> on your computer? I assume that would be a more efficient way to
> mass-detect freenet nodes than smuggling hostile nodes into freenet
> - especially if you're a government agency with broad resources.
>
> Two, they mentioned that a major aim is to get many people to run
> freenet. That is obvious. But how would you achieve this goal if
> people are forced to *personally know* other people connected to
> the network? What do I do if I'm, say, a dissident with no special
> knowledge of computers and no hacker friends either? Do I just give
> up and sit on my single freenet node? Or do I turn to a centralized
>  service, thus rendering the web of trust obsolete?
>
> Maybe (probably) I misunderstood something. But I don't see how the
>  two goals - trusted connections and wide coverage - go together.
> And given that you can be detected with a portscan anyway, isn't it
>  practical just to forget about the web of trust and maximize
> coverage instead?
>
> Regards
>
> Helge
>>>
> _______________________________________________ chat mailing list
> chat at freenetproject.org Archived:
> http://news.gmane.org/gmane.network.freenet.general Unsubscribe at
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/chat Or
> mailto:chat-request at freenetproject.org?subject=unsubscribe
>>>
>
>> You're somewhat right about the trouble of getting connected,
>> while the net is small it'll be hard but as it grow chances are
>> better that you know someone who also use it.
Ah, but that's a fundamental problem: As long as you're small, it's
hard to grow. If you're large, growing is easier (until you reach a
saturation point, I guess).
Still, even if freenet grows, there will be many people who don't know
anyone with access to it (there are still many people around without a
GMail invite, too. And I dare to predict that freenet never will
achieve Google's market penetration).
At least, there should be some central servers to get newbies started.
>
>> About port scanning you're wrong, freenet use random ports.
>
>> And it is planned that it will be possible to use stegonography
>> later so the trafic would look like a game, VoIP or video
>> streaming so it'd be harder to automatically block it.
freenet may use random ports, but there still is a protocol behind it
which can be detected.
Using steganography is a nice idea and I'm sure it can protect against
traffic analysis, but I don't see how it can protect against a
connection request. Will freenet only accept connections from trusted
IPs? But then, what about dynamically assigned IPs?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEbiaNMfG7Vu9K+FQRAvwbAKCyDKJlxOx8rU+FuUZeBOejhD+wNACg1sZT
mHbGmWREQ8Tzykte2CHsUhw=
=UMCA
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://emu.freenetproject.org/pipermail/chat/attachments/20060519/aa20d087/attachment.htm