On 01/12/15 21:59, salutarydiacritica...@ruggedinbox.com wrote:
>
> You picked the one thing agencies have boat loads of and made it a
> requirement for operating critical parts of the network and you
> alienate the honest users left. Have you thought of any better ways to
> kill Freenet? That's got to be the dumbest idea I've heard. Its better
> to hear my criticism than see the failed results in the newspapers.
>
> Social capital is a better way to limit evil nodes. A centralized
> model of authority servers run by trusted project members is the way
> to go. Freenet users have to trust you to not backdoor the program.
> Having to rely on infrastructure that you run isn't more risky. You
> are starting to see the limitations of a completely decentralized
> network being safe.
>
> According to you a whistleblower should connect to a journalist's node
> in Darknet mode if they want to steer clear from Opennet Sybil? The
> metadata is OK to share because Big Brother already has the address
> book... What about the political dissident who wants their blogs to
> reach more people than they know IRL? Sorry Opennet is out of order
> because Sybil.
>
> Darknet is private not anonymous and lacks the quality of data
> availability after the publisher is offline.
>
> My observation is Freenet has a leadership crisis. There is no
> agreement on how to reach the goal of anonymous communication. Every
> developer has contradicting opinions and pulls the project in a
> different direction. There is no formal process to reach a consensus
> or draft technical proposals others can review and comment on. No
> coordinated development effort. No new developers because no modern
> build process or documentation. No protocol documentation because its
> a work in progress. Its a work in progress because of rewrites and
> because no attempt to implement tried and true models like mixnets
> researched for 40 years. No users because no progress in security and
> UX. No donations and academic attention because no users.
>
> Fix the organization and your processes and there is hope. If you're
> not capitalizing on awareness of mass surveillance now you never will.
>
> Otherwise you should officially admit its a hobbyist research project
> so people don't have huge expectations and not over trust.
>
> Shoot the messenger but I doubt it will help.

Centralized solutions are not acceptable. You don't have to fully trust
the developers because you have the source code. We strongly encourage
you to review it and compile your node from source. No doubt there are
subtle bugs, most likely introduced by mistake, but if there were
obvious back-doors you could find them. And maybe the subtle bugs too.
Developers are volunteers, with limited resources.

Anything that needs big central supernodes is likely to be run by the
bad guys, and would be highly vulnerable. We know this because it has
happened before - there is evidence of Mixmaster remailers being
compromised. Equally important, we would like the network Freenet to
survive the end of the organization Freenet Project Inc.

Right now opennet needs seednodes, but darknet is fully decentralized.
Some proposals for improving opennet require the seednodes to do a bit
more work.

We need darknet because the *one and only thing* that genuine users have
that attackers do not have is friends. If you only connect to your
friends and maybe their friends, it is a great deal more difficult for
anyone to locate the source of a controversial blog. Ideally we would
have a global friend-to-friend darknet, but this will take time; in the
short run we have darknet pockets connected via opennet. This means that
attackers may be able to trace back to a single darknet pocket.

Publishing on darknet works in exactly the same way as it does on
opennet: You upload your site, e.g. with jSite, and the data is stored
on other people's nodes. It does not depend on your node being online,
it depends on whether people access the content.

We are well aware of the possibilities of mixnets, and in fact I was
trying to discuss how to implement one. Using Tor for the first hop is a
possibility, but Tor is more likely to be blocked than Freenet, and any
such scheme likely has easy denial of service attacks. Also we'd like to
provide high latency tunnels for inserts, something that Tor doesn't do.
And we'd like whatever we build to be scalable, which Tor isn't; from
the beginning scalability has been an important Freenet goal.

If we implement our own, scalable solution then we have to deal with
distributed tunnel setup, which is a well-studied hard problem. The
nominal O(c^2/n^2) security you might get in theory with a fixed list of
nodes is hard to achieve in practice, especially in a scalable way. Tor
reduces the problem somewhat by not scaling, i.e. relying on a global
consensus of nodes. ShadowWalker is one (published) distributed
solution, which tolerates up to 20% Sybil nodes. However to make this
work on opennet we would need to assign "shadow" nodes for each node,
and it is not obvious how to do that in a Sybil-proof way. And in any
case, adding 20% more nodes to the network is cheap enough that most
plausible attackers could manage it. Which is why we need a solution to
the Sybil problem, even if we implement tunnels. One good solution is
darknet.

Finally, we admit on the FAQ that it doesn't provide perfect security.
In fact the security question is overly pessimistic on some points; MAST
doesn't work, for example. Similarly we try to be honest in the
first-time wizard. And the version of Freenet is 0.7.5, i.e. less than
1.0; this should tell you that it's a work in progress, like most of the
rest of the internet (including Tor).

I proposed the idea of charging users for the right to be core opennet
nodes because it appeared to be a radical solution that might solve
several of our short term problems: Lack of money, dependence on known
broken opennet, even arguably performance. However the consensus is that
it isn't appropriate, so we will move on, and hopefully there will be
significant effort put into improving darknet. Eventually a large
darknet could well give us good security, with or without tunnels; one
of the problems I was concerned about was that in the short run we are
dependent on opennet, significant improvements to opennet security are
hard, and really solving the problem is probably impossible.

Please try to be civil. We are doing what we can with essentially zero
resources, and we prefer the way we do it to the way you don't. That
includes me personally; as of yesterday I'm an active volunteer
developer, if only on my own branch and on my university project for
now. I am as outraged as you are by opennet's weakness but I really
can't see any quick way to solve the problem, and I do think darknet is
worth pursuing.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Reply via email to