[freenet-support] Freenet speed & local threats

Chris tmail299 at errtech.com
Mon Dec 12 03:26:50 GMT 2011


> On Sun, 11 Dec 2011 20:05:36 -0500, Chris wrote:
>> > On Sun, 11 Dec 2011 16:36:53 -0500, Chris wrote:
>> >> How many users actually compile it themselves?
>> >
>> > Me, and all other Gentoo users :-).
>> >
>> >> How many examine the diffs?
>> >
>> > I do, rarely :s.
>> >
>> >
>> >> > [...]
>> >> > How would you propose to differentiate between a bugged node and
>> >> > a normal node?
>> >>
>> >> This is why you have authentication and checks against any
>> >> inability to connect to nodes.
>> >
>> > There is no such authentication that would help here. And you would
>> > be able to connect to any node normally -- except the compromised
>> > nodes would still find a way to become your peers and surround you.
>> > (I'm not sure exactly what criteria need to be met for your node to
>> > accept a stranger's offer, but I'm sure a dedicated adversary can
>> > easily meet them.)
>>
>> I think you are wrong here. I think authentication could work to a
>> degree provided certain conditions are true/consistent enough. I am
>> assuming certain things such as there being enough nodes that come
>> online daily and stay online permanently. It may not work if the
>> number of nodes which come online and then go offline is high. I'm no
>> expert here although in theory you should be able to use
>> authentication to verify that old nodes are still under the control
>> of the person they were under prior. Chances are the initial nodes
>> you trust aren't going to be compromised by your adversary.
>
> First of all, on opennet, the peers you are connected to change every
> few minutes/hours. They are not static. They constantly change to make
> routing more efficient, via "swapping". I was not suggesting the bad
> guys actually compromise other people's nodes -- the far easier and
> more likely scenario is they simply have *their own bugged nodes*, and
> try to become your peer. (And I think, (not absolutely sure), for a
> dedicated attacker, this is pretty easy.)
>
>
>> The adversary would have to slowly bring on new nodes then and would
>> be limited to a particular number of nodes per day (however many is
>> typical). If they try bringing on too many new nodes at once an alert
>> should go up.
>
> So, again, *their nodes* (just a few... 10-20?) will initiate peering
> with your node. And there is nothing you or anyone can do about it.
> This is the problem with connecting to strangers -- ie. opennet.
>
> Although, I guess this can be (already is?) mitigated somewhat if we
> only allow a certain percentage of our peers to come from external
> (swap, etc) requests -- but then it would simply become a question of
> time before you initiate peering with their nodes -- and they will have
> many, including big and popular seednodes.
>
>
>> For instance say there are 5000 nodes already, and there are never
>> more than 20 new nodes that come on per day then the adversary would
>> need 8 months to add 5000 nodes. If they brought on 40 nodes a day it
>> would be apparent that an attack was underway.
>
> How would you tell the difference between freenet becoming more
> popular, and the bad guys slowly infiltrating the opennet? Also, you
> assume they only have a few days to perform the attack -- how do you
> know most of the current nodes aren't "them" right now?

You wouldn't know. But you can't exactly be targeted until you exist.
Second. There are lots of adversaries. Not all of them are going to be
targeting you. If the number of nodes is increasing it makes any one
adversaries job all that much harder to target any one particular user.
The Tor project has said such before. The more nodes that exist the harder
certain attacks are to perform. Many of these attacks become apparent too
if done too quickly. I'm not saying this would work for Freenet. I'm just
saying it depends on the model and various factors. Freenet is very small.
So it Tor. If every computer was distributed with Freenet or Tor many of
these attacks would be much more difficult. Your node should have a choice
as to who to connect with. If you have enough choice you will be unlikely
to come across your adversary given a random selection of nodes.

>
>
>> The way to do this really is to monitor the data and figure out what
>> the statistics are or have been over time and then base it off this
>> information. If there is a change in those statistics it could
>> indicate an attack.
>
> This is being done. But it won't help in this case at all. (Even if I
> wanted to dump thousands of bugged nodes into the network, I could
> simply post a Slashdot article, and join that upsurge.)

You could. But then that upsurge would probably make it all the more
difficult to perform the attack.

>
>
>> >> You are looking at the issue wrong. It doesn't matter which nodes
>> >> are bugged. If a user can't connect to higher than normal
>> >> percentage of nodes it should send up a red flag for one.
>> >
>> > They will be able to.
>>
>> They will be able to what?
>
> They will be able to connect to normal nodes too. Of course, from your
> perspective, they're *all* equal strangers. (On opennet.)

They aren't equal. Not really. You should be able to identify a node you
connected with before. You should be able to identify blocking
statistically. If nodes are authenticated and selected at random and you
have a large enough pool to not be easily targeted.

>
>
>> >> I don't doubt that some developers think opennet mode is hopelessly
>> >> insecure.
>> >
>> > It's not that they "think" it's hopelessly insecure. It really
>> > is :p. I mean, it might still be "good enough" -- but there are
>> > actual, well-known, unsolvable problems with the opennet idea.
>> > Which that FAQ should have explained :p.
>>
>> I'm not arguing it is or isn't. Everything is relative though.
>
> No, everything is not relative :P. Opennet *is* pretty easily
> exploitable by design. This isn't a problem with freenet in particular
> -- but of any untrustworthy network. (Opennet does actually have a
> minimal amount of trust in it -- via the seednodes. But it's easily
> exploitable. A darknet is the way to go. (The only reason why the
> opennet is still around is because people are lazy and complacent.))
>

Ok- everything is relative. Using nothing at all you are anonymous if you
are hiding from grandma. If you are hiding from the IT guy down the street
opennet is once again sufficient. If you are hiding from the MPAA then it
is again sufficient. The risk is reduced to the point where there are
easier targets. Saying things aren't relative just because they are
extremely weak doesn't mean there isn't some level of protection against
certain adversaries. Obviously you are thinking of more sophisticated
adversaries. Governments.

>
>> >> I think the best way to organize a revolt or guerrilla war fare in
>> >> todays world would probably be to anonymously organize multiple
>> >> small groups.
>> >
>> > I strongly disagree. The battle (no matter which one you pick,
>> > probably) is ultimately in the minds of the boring violence-phobic
>> > masses -- the majorities. If you don't have popular support, you're
>> > doomed no matter what you try to do. The best way to organize a
>> > revolt is to talk to your friends and family and convince them
>> > peacefully and rationally. (And freenet is a great tool for
>> > this! :D.)
>>
>> Nobody is saying you don't need public support (at least until you
>> gain power).
>
> It's the first and main thing you need, before you decide to take any
> action. (Unless that action is supposed to persuade them -- which
> anything violent or controversial probably almost certainly won't.)

If you go out and publicly denounce a rouge government you are liable to
get yourself shot long before you have any chance to gather support. The
Internet is a great platform to anonymously gather support. When everybody
comes out at once to support a cause you won't be shot. There will be too
many others for them to notice.

>
>> If the government is killing off or arresting the organizers then
>> gaining popular support is difficult or impossible.
>
> Well, if they're organizing to "get the revolution rolling", then of
> course that's an assured fail. If they're organizing to peacefully
> teach people, then yea, arresting those people will hamper things. This
> is where freenet might come in.

I haven't a clue what you said although it sounds like you are making
numerous assumptions and then saying I'm wrong. Followed with reading
another line and then saying I'm partly right. You can't take bits and
pieces and say I'm wrong because you made some incorrect assumptions from
failing to take the whole thing in context.

>
>> The problem is that many people are going to be in great danger as
>> they will be physically doing things that might get detected.
>
> People should not be doing things "physically", before the philosophy
> is firmly entrenched in the minds of the people. If the people are
> still brainwashed, than any action you take will only make your
> position look worse. First you have to undo their brainwashing.
>

Are you reading what I'm writing? You have to organize first. If you
haven't organized you can't get the people unbrainwashed. Any revolution
takes MANY people.

You clearly would prefer to go out in the street and organize. Good luck
not getting shot.

>> If just one person is detected you don't want your entire structure to
>> unravel. One person may allow one of your small groups to be wiped
>> out. You have to assume that once the adversary has one person in a
>> group they will discover the others in that group. It should not
>> allow the entire organization to be taken out though. That is where
>> such a project comes into play.
>>
>> If users and organizers are using Tor/freenet/whatever it can be
>> difficult to determine who is organizing, who is actively
>> participating, and who is just a supporter, or even follower (may be
>> against the revolt). Compared to if an organizations members know
>> each other and can be forced to talk. A government in power may not
>> have the resources to arrest all using Tor/freenet/whatever. That
>> gives the organizers protection (potentially or hopefully) long
>> enough to let them carry through from the organization to the actual
>> uprising without it's organizers being killed off. Or give them
>> opportunity to make mistakes and re-group.
>
> Yep.
> _______________________________________________
> Support mailing list
> Support at freenetproject.org
> http://news.gmane.org/gmane.network.freenet.support
> Unsubscribe at
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> Or mailto:support-request at freenetproject.org?subject=unsubscribe
>





More information about the Support mailing list