Re: little RFC: Limiting who receives local requests
"Dr. Arne Babenhauserheide" writes: > An unintended effect could be that local requests get sent mostly to > nodes with a similar location, because these will be found again when > connecting the next time. That would increase the average hops to > content by one hop. I see a way to use this to find out exactly whether a given node is the originator: When you see suspicious requests with a long-lived node, connect to the target with a short-lived node. If the short-lived node receives none of the suspicious requests, you know *without a doubt* that the target is the originator. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de signature.asc Description: PGP signature
Re: little RFC: Limiting who receives local requests
Added discussion from FMS: glenn@Oqb95agYHNenFlHLfHed92ZLbRRs0O4xHihnsmnIDQs wrote : > What's the threat we are most worried about? The biggest threat about requests in opennet is connecting to all nodes and spying on their requests. But the actual biggest threat is finding uploaders. > It's plausible that it offers some protection against a small number of nodes > trying to monitor a large portion of the network. > > As I said in a previous post: If the attackers doesn't rely on location > hopping and just runs many nodes it might increase the chance of sending > local requests to the attackers. Yes, that’s what I’m worried about. > Can we estimate how long it takes to become a top 50% node on average? Hours? > Days? Months? For an established node, old nodes in the vicinity will keep a higher score. Even nodes with only 2h uptime per day will build up a high score over time and a new node will need about 10% of the time the other nodes have been active. An unintended effect could be that local requests get sent mostly to nodes with a similar location, because these will be found again when connecting the next time. That would increase the average hops to content by one hop. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de signature.asc Description: PGP signature
Re: little RFC: Limiting who receives local requests
"Dr. Arne Babenhauserheide" writes: > - New nodes in the network will not receive any local requests, so they > will only route half as many HTL18 requests. A new node will therefore > have not only half the anonymity set against an attacker, but also > only half the cover traffic. Also the HTL18 requests that new nodes do receive will be more specific to their location, so they might be distinguishable from their local requests. Thoughts: - Initial random routing could solve that problem (see https://github.com/freenet/fred/pull/529 ), but initial random routing actually makes correlation attacks easier, because it removes the requirement to know the FOAFs to do the statistics. Knowing all the CHKs for a given file would be a more powerful attack. - Reducing the probability to decrement HTL18 could increase the cover traffic again — 75% to forward HTL18 unchanged would balance this change. To avoid increasing the average distance from senders, that might require reducing Node.canWriteDatastoreRequest to maxHTL - 1, and Node.canWriteDatastoreInsert to maxHTL - 2. - The impact is limited, because our peers route by our FOAFs, and since we’re most likely already close to their location. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de signature.asc Description: PGP signature