On Sun, 2016-12-18 at 01:58 +0100, ban...@openmailbox.org wrote: > On 2016-12-17 12:59, Florent Daigniere wrote: > > On Fri, 2016-12-16 at 19:13 +0100, ban...@openmailbox.org wrote: > > > Hi. Whonix [0] dev here. > > > > > > We are looking for a censorship-resistant and decentralized way > > > to > > > communicate notifications about critical situations [1] to our > > > users > > > and > > > host the project metadata and files themselves to resist a > > > Permanent > > > Takedown Attack threat.[2] Freenet meets our needs perfectly but > > > unfortunately as documented it cannot work over Tor. > > > > I don't see how any Tor-based control could help against such a > > threat... > > > > Tor relies on a distributed concensus to be > > reached/published/available > > to work; If you prevent such concensus from being reached/published > > (DDoSing the directory authorities being the obvious route) for long > > enough, no one will be able to use the network anymore (the > > concensus > > expires to protect against what you call "Indefinite freeze > > attacks"). > > > > Florent > > That's an excellent point and its something the Tor devs are looking > at: > > https://lists.torproject.org/pipermail/tor-dev/2015-October/009821.htm > l > > *** > > Emergency Notifcation system aside there is nothing Tor-centric about > Whonix's design and we can apply the same concept to Freenet - > something > we can discuss separately. We have plans for an I2P Gateway (I2PBox) > in > very early stages. > > in a nutshell: > > * Whonix Gateway is a separate VM that forces all traffic thru any > anonymous network of choice > * Whonix Workstation - The untrusted VM where users run applications > configured with safe defaults that can only access the network via a > virtual isolated NIC connected only to Whonix Gateway. > > > For this to work with Freenet we need to make sure that: > > * Freenet on the the Gateway can be locked down preventing malicious > commands from affecting its configuration. > > * A second Freenet instance in the Workstation is running in a dummy > mode thats used to run Freenet plugins/applications and connects via > the > Gateway Freenet to make network requests while any data is cached > only > on the workstation. > > > This all depends on Freenet's architecture and whether it can run in > such a way to accomodate the split design of Whonix. > > Thoughts?
I think that Fred already provides most of what you need here... We have something called "gateway mode" that lets people operate a stripped down version of fproxy, suitable to be exposed to the internet. Here you would expose it to the "Whonix Workstation" Things are a bit more murky with FCP (our API layer)... but there is no reason why we couldn't change it. Florent
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
