I worry that given that the Freenet Project has always been a very public project, and relies heavily on donations to continue to develop, headlines like "Freenet Authors add tracking code" aren't going to endear you to people.
And while I certainly understand the idea, and I understand that the security risks aren't actually that major compared to the existing infrastructure and a determined hacker, I don't think it'd play well with the Slashdot crowd. They aren't exactly world-renowned for listening to nuanced arguments before making judgments ;) Just my thoughts, Colin Matthew Toseland wrote: > How far can we go in abusing the production network in order to make it > work? The testnet is never likely to be large enough to be a useful > model. What I propose is that on swap requests, which already include > the location of the node, and the locations of its peers, we also add a > unique ID (say the first 8 bytes of some hash of the identity) for the > node and each peer. > > This would make it easier to map the network. It is already possible to > map the network but it is a lot of work and a lot of uncertainty, > because we don't know about every swap so we have to try to do partial > matches. > > This may make some attacks easier. Having said that, with the current > swap requests, you can probably identify the topology close to you with > some confidence. The main benefit here is in identifying the topology > further away more reliably. Which isn't that interesting for attackers > unless they've been e.g. watching #freenet-refs and can match an IP > address to each node on the network. Even then, there are much easier > attacks, and correlation attacks on nodes 4 hops away may not have > enough information. > > The benefit is we could test all our pet theories about the shape of the > network being completely broken due to #freenet-refs . We could gather > real world information about node uptimes, location swapping, location > clustering. It would of course be spoofable, but only to the extent that > location swapping is already spoofable. It would double the size of the > swap request packets, but these are fairly small. > > What do you think? > > > ------------------------------------------------------------------------ > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
