On 01/12/15 21:59, salutarydiacritica...@ruggedinbox.com wrote: > > You picked the one thing agencies have boat loads of and made it a > requirement for operating critical parts of the network and you > alienate the honest users left. Have you thought of any better ways to > kill Freenet? That's got to be the dumbest idea I've heard. Its better > to hear my criticism than see the failed results in the newspapers. > > Social capital is a better way to limit evil nodes. A centralized > model of authority servers run by trusted project members is the way > to go. Freenet users have to trust you to not backdoor the program. > Having to rely on infrastructure that you run isn't more risky. You > are starting to see the limitations of a completely decentralized > network being safe. > > According to you a whistleblower should connect to a journalist's node > in Darknet mode if they want to steer clear from Opennet Sybil? The > metadata is OK to share because Big Brother already has the address > book... What about the political dissident who wants their blogs to > reach more people than they know IRL? Sorry Opennet is out of order > because Sybil. > > Darknet is private not anonymous and lacks the quality of data > availability after the publisher is offline. > > My observation is Freenet has a leadership crisis. There is no > agreement on how to reach the goal of anonymous communication. Every > developer has contradicting opinions and pulls the project in a > different direction. There is no formal process to reach a consensus > or draft technical proposals others can review and comment on. No > coordinated development effort. No new developers because no modern > build process or documentation. No protocol documentation because its > a work in progress. Its a work in progress because of rewrites and > because no attempt to implement tried and true models like mixnets > researched for 40 years. No users because no progress in security and > UX. No donations and academic attention because no users. > > Fix the organization and your processes and there is hope. If you're > not capitalizing on awareness of mass surveillance now you never will. > > Otherwise you should officially admit its a hobbyist research project > so people don't have huge expectations and not over trust. > > Shoot the messenger but I doubt it will help.
Centralized solutions are not acceptable. You don't have to fully trust the developers because you have the source code. We strongly encourage you to review it and compile your node from source. No doubt there are subtle bugs, most likely introduced by mistake, but if there were obvious back-doors you could find them. And maybe the subtle bugs too. Developers are volunteers, with limited resources. Anything that needs big central supernodes is likely to be run by the bad guys, and would be highly vulnerable. We know this because it has happened before - there is evidence of Mixmaster remailers being compromised. Equally important, we would like the network Freenet to survive the end of the organization Freenet Project Inc. Right now opennet needs seednodes, but darknet is fully decentralized. Some proposals for improving opennet require the seednodes to do a bit more work. We need darknet because the *one and only thing* that genuine users have that attackers do not have is friends. If you only connect to your friends and maybe their friends, it is a great deal more difficult for anyone to locate the source of a controversial blog. Ideally we would have a global friend-to-friend darknet, but this will take time; in the short run we have darknet pockets connected via opennet. This means that attackers may be able to trace back to a single darknet pocket. Publishing on darknet works in exactly the same way as it does on opennet: You upload your site, e.g. with jSite, and the data is stored on other people's nodes. It does not depend on your node being online, it depends on whether people access the content. We are well aware of the possibilities of mixnets, and in fact I was trying to discuss how to implement one. Using Tor for the first hop is a possibility, but Tor is more likely to be blocked than Freenet, and any such scheme likely has easy denial of service attacks. Also we'd like to provide high latency tunnels for inserts, something that Tor doesn't do. And we'd like whatever we build to be scalable, which Tor isn't; from the beginning scalability has been an important Freenet goal. If we implement our own, scalable solution then we have to deal with distributed tunnel setup, which is a well-studied hard problem. The nominal O(c^2/n^2) security you might get in theory with a fixed list of nodes is hard to achieve in practice, especially in a scalable way. Tor reduces the problem somewhat by not scaling, i.e. relying on a global consensus of nodes. ShadowWalker is one (published) distributed solution, which tolerates up to 20% Sybil nodes. However to make this work on opennet we would need to assign "shadow" nodes for each node, and it is not obvious how to do that in a Sybil-proof way. And in any case, adding 20% more nodes to the network is cheap enough that most plausible attackers could manage it. Which is why we need a solution to the Sybil problem, even if we implement tunnels. One good solution is darknet. Finally, we admit on the FAQ that it doesn't provide perfect security. In fact the security question is overly pessimistic on some points; MAST doesn't work, for example. Similarly we try to be honest in the first-time wizard. And the version of Freenet is 0.7.5, i.e. less than 1.0; this should tell you that it's a work in progress, like most of the rest of the internet (including Tor). I proposed the idea of charging users for the right to be core opennet nodes because it appeared to be a radical solution that might solve several of our short term problems: Lack of money, dependence on known broken opennet, even arguably performance. However the consensus is that it isn't appropriate, so we will move on, and hopefully there will be significant effort put into improving darknet. Eventually a large darknet could well give us good security, with or without tunnels; one of the problems I was concerned about was that in the short run we are dependent on opennet, significant improvements to opennet security are hard, and really solving the problem is probably impossible. Please try to be civil. We are doing what we can with essentially zero resources, and we prefer the way we do it to the way you don't. That includes me personally; as of yesterday I'm an active volunteer developer, if only on my own branch and on my university project for now. I am as outraged as you are by opennet's weakness but I really can't see any quick way to solve the problem, and I do think darknet is worth pursuing.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
