On Tue, Nov 19, 2002 at 10:00:44AM -0600, Mark J Roberts wrote: > Matthew Toseland: > > So splitfiles and freesites are not anonymous... and what are we left > > with? Mixmastered first two hops will reduce the information available > > to the attacker significantly... but it is not certain whether that will > > go in before 1.0 (I think it should, but oskar thinks it shouldn't, and > > ian will probably side with oskar, so it probably won't). > > In general, it is obvious that as a user initiates more requests, attackers > observing the network will learn more about them. However, what is not quite > so obvious is that if many requests are initiated in a short interval, > attackers gain two substantial advantages, especially when the values of the > pending keys may be guessed. The network will be more static, making data > much easier to interpret, and attackers will be able to work in real time to > track down the source, for instance, by selecting nodes to monitor, or even > by using active attacks like flooding certain nodes. Unfortunately this argument also applies to DBR sites - especially those with short intervals, but all DBR sites. > > This is a deep problem that will not bear a quick dismissal or some argument > about the precise length of a "short interval." Certain behaviors erode > anonymity. If the erosion is too severe, the behavior must be avoided. > > Anyway, I agree with Oskar about deferring the addition of new features > until the core routing has been proven in practice. I can't imagine Freenet I would argue that it already has demonstrated that it can work. Inserting a file with HTL 12, and fetching it immediately from another node at HTL 25, and succeeding, on a network of hundreds of nodes, is promising (just before 0.5.0). But it's not working terribly well at the moment, and there is certainly more to do as well as more to watch. > gradually evolving towards a different routing algorithm. The logic demands I'm not talking about a new algorithm. I'm talking about the first two hops, which would be random and mixmastered, so that the second one can see the HTL and the key, but only the first one can see the source node. > that we either refine the algorithm we have or design a new one. >
-- Matthew Toseland toad at amphibian.dyndns.org amphibian at users.sourceforge.net Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021119/9d8e7a31/attachment.pgp>
