On 30/11/15 16:23, Arne Babenhauserheide wrote: > Am Montag, 30. November 2015, 14:58:39 schrieb Matthew Toseland: >> On 30/11/15 13:40, Arne Babenhauserheide wrote: >>> Am Samstag, 28. November 2015, 14:52:23 schrieb Matthew Toseland: >>>> - a research project really. >>> I don’t think people contributed or donated for that. Also, and I >>> agree with earlier complaints about that, a research project does not >>> need an auto-updater, content-filters, support for websites, forums, a >>> full-fledged client-protocol, and so forth. >> That depends on the nature of your research. I think we have benefited >> considerably from having actual users testing the network. Even security >> testing it, if they do it in such a way that we can make use of it (e.g. >> Frost!). >> >> We signal this tentative status in the first-time wizard, in the logs, >> in the FAQ, and in the version number being less than 1.0. We do not >> provide any guarantees of security. If your life depends on Freenet's >> security, either you're a fool, or you're in a really dark place. > We’re saying “We SUCK” instead of saying for whom Freenet already works. >> I do not approve of the hand-wavy simulations without source code school >> of research. Lots of papers are not only not implemented but probably >> not implementable. Such as PISCES. :( > Research is that, unfinished, often only partially working, only > applicable for the explicitly stated goal. Freenet is also only partially working. But I agree it's a bit closer to a working tool. >>> Either we’re a research project, then we can strip out most of the >>> features in Freenet, tell our users that we don’t care about them and >>> let Freenet be replaced by the newest results of sensor network >>> research, or we’re a project which aims at providing the technical >>> foundation for freedom of the press, then we need to make Freenet easy >>> to use und robust, and we need to know and communicate for whom it can >>> already provide reasonable security. >> Is there a group of people for whom it can provide reasonable security? > If you want to write a blog on some specialized topic without > connecting it to your own identity, the security is pretty good. > > If you want to communicate confidentially with your friends, you can > do so over darknet connections. >> What is your threat model? If it doesn't include at least one state, it >> should: They usually are out to get you if you're doing anything at all >> controversial, as we've seen fairly frequently even in western >> countries! > Let’s say you write slash fanfiction. The legal status of that is > unclear, and you might not want your colleagues to know about the > stories you write. Aragorn/Legolas anyone? If you do it on the regular > internet (or, even worse, via Facebook), it’s only a matter of time > until some profile pages connect your online-ID to your real ID. And > then that information is out there. > > Assume that you like to write horror songs in the Star Trek > universe. 20 years ago you would have published that under a Pseudonym > in specialized journals, like Let’s Filk About. If it upsets a corporation then they can find you, e.g. by asking the police for a favour (yes they do do favours for corporations!). So this is just about preventing your friends from discovering that you write slash fiction? Better not add them as darknet peers then... >> There are lots of reasons why it's hard to get darknet peers. >> 1. Freenet is uncensorable. Most people find this offensive. > We cannot fix that. We could reduce that, though, by only providing > indexes in the default bookmarks which are created by anonymous people > who don’t include offensive content. That depends on the volunteers, as it always has. >> 2. Freenet needs an always-on always-connected device, especially on >> darknet. Most people don't have one, the costs are significant. > This is not true. 2-12 hours runtime are completely OK. We would have > this using mobile phones which run Freenet only while plugged into > power and already mostly charged and connected over WiFi. Darknet needs high uptime, or at least strongly correlated uptimes. 2 hours is definitely not enough - even with FOAF connections, you'll be lucky to find enough peers. >> 3. Darknet is slow. > This is not true. 5-10 Darknet connections are enough to get good > performance. Right, and with FOAF we could have tens of peers. But you do need the 5+ friends to start with. That's hard.
I agree that this part is fixable and we must fix it: There are lots of technical things we can do to make darknet work better, easier and faster. But it's not the only or even the main barrier preventing rapid deployment of a *GLOBAL* darknet. We need an opennet to link up all the slowly expanding darknet pockets. For now. >>>> I have no idea what you mean by "node pinning". >>> I guess it could be either reconnecting through old opennet peers, or >>> reusing the same seednode. Both would make it harder to start new >>> attacks against opennet users (as in “it would make it slower”). >> Marginally. Old opennet peer connections don't often work because when >> you want to reconnect your old peer probably doesn't - even if it hasn't >> changed its IP address. > Why can’t we fix that? How? The immediate problem is that the other side 1) may have changed IP and 2) may have moved on, i.e. got other peers. That's not obviously fixable? >> unless we can charge real money for joining opennet > I want to say this once and clear: Anything which makes it harder for > people to join is a really, really dumb idea, and charging money will > make it harder for legitimate users while making it easier for > attackers (who have a lot more money). In which case the only possible hope is darknet. The problem is building a big global darknet is hard. > Take the one thing of which the attackers have much more than we do > (money to burn) and use that to restrict access to the easy-to-use > tier of Freenet. Take the one thing which is perfectly traceable — and > has to be tracable to limit organized crime — and use that to restrict > access to an anonymizing network? That’s dumb, strategically as well > as tactically. > > Paying for opennet will lead to mostly reserving Freenet usage to > criminals, destroying any utility of Freenet for anyone I care about. I explain this in more detail in my other email. > If we want to consider any pay-layer, it would be > pay-for-fast-darknet-peer. That does not need any centralization. What does that even mean? >> And it would all be a huge amount of work - and without some real >> scarcity backing it it would achieve very little. What's cheap for real, >> lowest common denominator users but expensive for attackers? AFAICS >> nothing, not even IP addresses. > Darknet. That’s why we have it. > > Could we stop the talk about paying for opennet once and for all — and > instead start fixing Darknet? > > We still have no one-click darknet introduction bundles, and no > darknet FOAF. As long as I cannot send a friend a zip with a prepared > Freenet node which connects to me and can route over my darknet > friends, any work which only benefits opennet shows totally warped > priorities. You really think it is possible to build a big global darknet quickly enough that opennet's vulnerability doesn't matter? IMHO even in the best case scenario we will have to link darknet pockets via opennet for many years. Because the barriers to using darknet are high enough that most people who use Freenet don't have any friends willing to do so. And will remain so even with some performance and usability enhancements. In the long run it may be possible to change both the political and uptime barriers, but in the short run we need opennet.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
