On 30/11/15 15:54, Bert Massop wrote: > On Mon, Nov 30, 2015 at 4:29 PM, Matthew Toseland <mj...@cam.ac.uk> wrote: >> The price paid to become part >> of the network infrastructure is mainly a deterrent to large scale >> attacks, rather than a means of raising revenue. >> >> Thoughts? > I read this as "The price paid to become part of the network is mainly > a deterrent to actual users, thinning the network until three-letter > agencies with nine-figure budgets don't even need large-scale attacks > to succeed." I don't see why it would deter users. It might deter people from running core nodes, but it might also help to get such users as I've tried to explain, especially if it also improves performance and security and gives us the funds to solve a lot of the remaining software problems. > The problem lies in your assumptions: >> 3. Opennet is not secure unless users pay for introduction. > Money is easy for attackers (e.g. groups or organizations), and hard > for individuals. I fail to see how Opennet would become safer with > payments. This is true of everything that money can buy. Which is everything, with the possible (and slightly dubious) exception of social capital / friends. A big global friend-to-friend darknet is a good long term solution but the problem is how to get to that point. For the time being, it is unlikely that one will grow organically - pockets of darknet will hopefully grow organically, but it will take time for them to get connected. Hence we need opennet for now, and we'd like it to offer meaningful security. Even with tunnels, at a considerable cost in development time and performance, the security provided is nowhere near sufficient.
I'm simply trying to find a model that actually works and provides some approximation of hope. > That said, I'll be happy to fork the code and reinstate a free network > (free as both libre and gratis) once tunnels are implemented. > Insecure? Maybe. But still as secure as Opennet with payments, yet > free. No, it would be dramatically less secure than paid-for opennet, because any attacker can cheaply add lots of opennet nodes. Which is exactly what a contractor to the US police presumably does - this is not a hypothetical attack any more.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl