Although intuitive, it seems like initializing (requests/inserts) closestLocation field to our node's location could make correlation attacks easier. In fact, if we get a request from a node whose location matches the closestLocation value, we know that either (1) they originated the request, or (2) we are the first in their peer list they asked (the request is currently making bee-line progress; which if an attacker has a known node location less-than and greater- than connected, they could rule out?).
I thought it might help to initialize closestLocation values to a random-but-farther-than-our-location value, but it seems that would be even more obvious (as the default behaviour should have then made the closestLocation to match our own). Would it help to initialize it to a random location 'between' us and the closer of our peers? Would it ever make sense to receive a request whose closestLocation-so- far is further than the node we received it from? Perhaps we should reject it or set it for them? -- Robert Hailey e.g. in freenet/node/NodeClientCore.java: Object o = node.makeRequestSender(key.getNodeCHK(), node.maxHTL(), uid, null, node.getLocation(), false, localOnly, cache, ignoreStore); -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20071221/4acb4c87/attachment.html>
