On 17/10/15 01:33, salutarydiacritica...@ruggedinbox.com wrote: > Right now Freenet discovers other clients on opennet by way of seed > nodes. Hypothetically you can run the nodes as hidden services and > embed the addresses in Freenet clients. Clients generate their own > hidden address keys and build routing tables from them. I don't think hiding entire nodes behind tunnels makes sense. That is, we don't want *every hop* on a hidden service. That would multiply the number of hops by 4 (or was it 6?). And it would upset the Tor developers - who already frown on the use of Bittorrent over Tor (which is surprisingly hard to get right regardless). However, it might make sense to use a tunnel *just on the first hop* when starting a request, i.e. keep some subset of connections which are hidden nodes to start requests on.
However, IMHO the focus for security should be on darknet, at least until we sort out the major performance and usability issues with it. Even if you DO know other people on Freenet, darknet is too slow and too hard. > No distributed system on I2P or Tor comes close to Freenet features. Have you used them? I vaguely recall something called Syndie on I2P? > WoT, library, the plugin ecosystem and Opennet bring a lot of value > compared to other systems. Opennet is a big part of Freenet's > attraction and you shouldn't tear it out. I'm certainly not proposing to tear out opennet. > The tunneling idea sounds great and it should get priority. Maybe you > should discuss it with the Tor developers and see if they can help. > > PS what NSA documents mention contractors attacking Freenet? I don't recall, was it on the Tor Stinks intro?? > > > > @Ian > > Freenet has many selling points besides anonymity as I said. I'm > surprised you don't see that. > > Tor is not easily blocked by China and people connect from behind the > Great Firewall everyday. They've been making all kinds of advancements > in bridge technology and obfuscated protocols to bypass DPI. They have > ways to distribute bridges and software packages that get around > censorship of their website. Infrastructure for your users potentially. Not true now AFAIK. China has been taking Tor seriously, so has Iran. China came up with a 0day and used it for blocking at the protocol level, but really, it's pretty easy to find all the bridges, it just costs a few thousand Google accounts, which cost << 10 cents each. If users can find the bridges then so can the bad guys, and cheaply too. This is a fundamental problem with all end-user distributed systems on the internet: Sybil always wins, because any resource (CAPTCHAs, Google Phone Verified Accounts, hashcash, etc) is cheaper for an attacker than a low-end user. > @Arne > > I am a Freenet user. I care about Freenet and want it to be popular > with people facing most dangerous threats. > > Tor is adding inter-relay adaptive padding soon to stop timing attacks. That would be neat. For many years it was believed that only full CBR would make much difference against global traffic analysis - and even then you have internal attacks. I understand there have been some recent papers about padding and chaff etc that make significant progress without the cost of full CBR. However, on Freenet, we could reasonably use Mixminion-style high-latency tunnels (at least for inserts). It's not clear whether this is viable on opennet. > https://lists.torproject.org/pipermail/tor-dev/2015-September/009485.html > > > How did Freenet solve this? If a bad node can connect to you on > Opennet, they can do traffic analysis on your requests. With no guard > nodes an attacker can connect to everyone in short time. You can add > node pinning and tunnels but that's a lot of work. We don't solve it. Freenet provides less anonymity than Tor right now - at least in opennet mode, and depending on your assumptions. On the other hand, running a freesite is easier than safely running a hidden service. In particular, connecting to every node on opennet and observing their traffic is quite feasible for a moderately funded attacker. On the other hand, it appears that MAST (a theoretical, much cheaper attack that worried me for many years) isn't feasible. I do think we could provide better anonymity than Tor in the long run though. But we can't prevent blocking - *any* peer-to-peer network running over the regular Internet can be detected cheaply.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
