On Tue, Aug 23, 2005 at 08:07:12PM +0000, Bob wrote: > Clive A Marshall-Purves <[EMAIL PROTECTED]> writes: > > > > > How can I confirm that my anonymity is in operation? > > Umm, it is by default :) IIRC the only easy ways to compromise it are through > your own carelessness, like if you used m-p as a Frost handle or revealed too > much personal info on a freesite, or setting the "watchme" test network > setting > true in freenet.conf/ini (I don't know what this does exactly or even if it's > still used, my conf is ancient.) Those with a reason to be paranoid should > also > worry about spook text analysis algorithms to correlate writing styles.
For some definition of anonymity. There are always possible attacks. Obviously, we are working on improving its anonymity. For example, it is possible to do correlation attacks to show that it's likely that a node was the original source of a series of requests. This is made much easier for splitfiles, but is still possible with large unusual freesites etc. Only way to prevent this completely is premix routing, which will be included in some form in 0.7. A more serious problem is that if your datastore is not full, all content you fetch will be cached, and if an attacker can probe your store they may be able to show that you downloaded all of it. This is the attack popularised by The Register. This again requires premix routing for a complete fix. If you only have one node, or if you get your seednodes from an Evil Person, you can be compromized... etc etc. > > However "anonymity" is not an absolute anymore than "privacy" or "security" > are, > there are attacks against the current network that could theoretically show it > was likely you were the inserter/requestor of X, it's just that they are very > hard / expensive to do since they require the attacker to compromise the > majority of the network. The core devs know much more than me about attack > scenarios since they have to worry about them all the time :/ Some of them are. Freenet's a beta. An alpha really. :) > > Also, you should be aware that it is not currently anonymous that you run a > node > in the first place. The freenet node protocol is not easy to detect or filter > (anymore!), but harvesting the network is feasible, or you could just collect Actually, it is fairly easy to detect FNP at the router level, at present. It will be considerably harder in 0.7, and of course the darknet will not be harvestable, which is a huge gain. > seednode files. When 0.7 is released it will be possible to form darknets > which > should offer this kind of anonymity too, and in theory be yet more resistant > to > compromised node attacks (since you can most likely trust your friends more > than > random nodes from seednodes.ref). Again this anonymity can't be absolute on a > public network like the Internet, highly detailed and protracted monitoring by > Them would show a suspicously large amount of high entropy (==encrypted) > traffic > from and to your IP suggesting something like VPN or Freenet, but to justify > such expensive and time consuming monitoring of you specifically out of the > billions of 'net users they would need to already have strong grounds to > suspect > you so you would probably be screwed anyway. Pretty much. Of course they COULD buy traffic-flow-analysing routers and surveil the whole internet within their jurisdiction, but it would be very expensive. Some "they"'s are more likely to do this than others - e.g. we have heard of chinese users. > > Bob -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so.
signature.asc
Description: Digital signature
_______________________________________________ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
