<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-15"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
Matthew Toseland wrote:<br>
<span style="white-space: pre;">> On Fri, May 19, 2006 at
10:11:57PM +0200, Helge Preuss wrote:<br>
>>>> You're somewhat right about the trouble of getting
connected,<br>
>>>> while the net is small it'll be hard but as it grow
chances<br>
>>>> are better that you know someone who also use it.<br>
>> Ah, but that's a fundamental problem: As long as you're
small,<br>
>> it's hard to grow. If you're large, growing is easier (until
you<br>
>> reach a saturation point, I guess). Still, even if freenet
grows,<br>
>> there will be many people who don't know anyone with access
to it<br>
>> (there are still many people around without a GMail invite,
too.<br>
>> And I dare to predict that freenet never will achieve
Google's<br>
>> market penetration). At least, there should be some central<br>
>> servers to get newbies started.<br>
> <br>
> There is, in effect. Most people get connections from
#freenet-refs<br>
> on irc. :( But the hope is that the network will grow organically<br>
> once we have a bootstrapping core.</span><br>
I don't see why you pull a face :( there.<br>
The only reason I can guess is that you fear the introduction of<br>
hostile nodes into the net. You're in danger of connecting to people<br>
who might set you up. But this can happen in Real Life too. I don't<br>
know any other numbers, but the GDR had over a million secret police<br>
agents, with a total population of about 16 million. So there is no<br>
guarantee at all that the person you "know", who introduces you to<br>
freenet, isn't a government agent (or whoever else is the enemy in<br>
your case).<br>
Now I haven't thought this through (and I've had a beer in the<br>
meantime, so forgive me if I'm being stupid). I only have the tor<br>
network as a comparison, and there the introduction of hostile nodes<br>
is not a critical blow. True, every malicious node decreases<br>
anonymity, but only if every node from the entry to the exit node is<br>
hostile, the anonymity is blown. Of course, if there is only one true<br>
node left, it might be easy to subpoena it.<br>
How vulnerable against hostile nodes is freenet? As a rule of thumb?<br>
<span style="white-space: pre;">> <br>
>>>> About port scanning you're wrong, freenet use random
ports. <br>
>>>> And it is planned that it will be possible to use<br>
>>>> stegonography later so the trafic would look like a
game,<br>
>>>> VoIP or video streaming so it'd be harder to
automatically<br>
>>>> block it.<br>
> <br>
>> freenet may use random ports, but there still is a protocol<br>
>> behind it which can be detected.<br>
> <br>
>> Using steganography is a nice idea and I'm sure it can
protect<br>
>> against traffic analysis, but I don't see how it can protect<br>
>> against a connection request. Will freenet only accept<br>
>> connections from trusted IPs? But then, what about
dynamically<br>
>> assigned IPs?<br>
> <br>
> Protecting from a connection attempt is actually very easy with<br>
> UDP. It is not possible to get a Freenet node to say *anything*
if<br>
> you don't have its node reference already. At present, it also
has<br>
> to have your node reference for connection setup to start; with
the<br>
> eventual opennet version (yes there will be an opennet version;<br>
> opennet ~= freenet 0.5; peers are discovered automatically once<br>
> you're on the network), you will only need its noderef. It's
harder<br>
> to do this on TCP, but still possible if we proxy a legitimate
TCP<br>
> service such as a web server.<br>
> <br>
> It may well be possible to detect freenet traffic at a router<br>
> level, but this is not the same thing as portscanning; it is FAR<br>
> more expensive. And at that point we can indeed have stego. And
no,<br>
> it can't perfectly protect against traffic analysis. But we can<br>
> make a start, and make things difficult for our adversary.</span><br>
After all, I have to admit: I think that's all one can ever hope for.<br>
There's no perfect protection.<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.3 (GNU/Linux)<br>
Comment: Using GnuPG with Mozilla - <a class="moz-txt-link-freetext" href="http://enigmail.mozdev.org">http://enigmail.mozdev.org</a><br>
<br>
iD8DBQFEblDDMfG7Vu9K+FQRAtW6AJ0dS13tuDHoxyGEfFoWCMICfpJrEwCfe8cv<br>
QuTSinwR9g1ZYTLiHy5N8LQ=<br>
=MSnc<br>
-----END PGP SIGNATURE-----<br>
<br>
</body>
</html>