On Friday 27 March 2009 19:02:45 Fl?vio Santos wrote: > 2009/3/26 Matthew Toseland <toad at amphibian.dyndns.org>: > > However, some sort of spam resistant filesharing/searching system is > > definitely necessary to Freenet, and the sooner the better. Thaw's current > > model is probably over-reliant on relatively small numbers of dedicated index > > owners, and on the users manually subscribing to indexes. Frost's model is > > clearly broken, and the current de facto standard of asking for stuff on the > > chat forums and getting a key back is just way too slow and inconvenient. > > Maybe providing a flexible way to describe the files with "rich" > metadata (i.e., tags). > This extension could act as a decision support mechanism to suggest > which files the user should download. > What do you think about this?
You mean searching by metadata tags? This doesn't happen much on the web, despite all the people who have tried it ... Metadata may be a good thing, but a working spam resistant system for searching for files is more important (even if it only supports basic metadata such as filename, content type, size). And if you are proposing a special keytype for metadata, which can return multiple answers to a query, this has been proposed on endless occasions in the past, the answer is no, it would be spammable. > > Regards, > > Fl?vio Roberto Santos > http://www.inf.ufrgs.br/~frsantos > > > > 2009/3/26 Matthew Toseland <toad at amphibian.dyndns.org>: > > On Thursday 26 March 2009 04:27:55 you wrote: > >> Hello, > >> > >> I mean by content pollution the action of publishing files with fake > >> metadata. > >> This could be done to disseminate spam, virus or other malwares. > >> Multiple decoy insertions could affect the Freenet network utility. > >> > >> I have a short paper (2 pages) describing my current work, including a > >> description of my strategy to mitigate content pollution: > >> > > http://inf.ufrgs.br/~frsantos/files/funnel_infocom2009-sw.pdf<http://inf.ufrgs.br/%7Efrsantos/files/funnel_infocom2009-sw.pdf> > >> > >> In a previous work, I implemented the strategy in a BitTorrent community and > >> the results were satisfactory. > >> > >> If it does not fit a relevant project, which one from your list is related > >> to "user generated content" and "security" topics? > >> Suggestions? > > > > Okay, I see where you are coming from ... > > > > Some basic parameters: > > - Freenet is about more than filesharing, and in fact Freenet doesn't do > > filesharing particularly well; this is an area we definitely need help with. > > Freenet also does freesites (internal web sites), chat forums, and a (buggy) > > internal email system. Freenet is an anonymous document store: the basic > > operations are inserting content and retrieving it, and anonymity for end > > users is a very important design goal (although of course there are attacks). > > - Freenet automatically deletes unpopular content and multiplies popular > > content: it is a distributed cache. > > - All files are divided into blocks of 32KB; the node has no way to know that > > two or more blocks are connected, and generally this is seen as a good thing. > > - Right now Freenet doesn't have very much metadata as such. There is a very > > simple quasi-standardised format which is used for freesites, but this is > > only used by the HTML-based portal sites / index sites, which may be manually > > or automatically generated or some combination of the two, by their > > pseudonymous authors. Searching freesites currently uses an index of a > > different kind, which again is published by a single pseudonymous identity, > > but is generated automatically by a spider, based purely on the title and > > content of the pages; hence this is very easily spammable (some sort of > > ranking system clearly would help), but so far hasn't been. There are several > > different mechanisms for filesharing: Frost has a chat board based > > filesharing index system, where iirc files can be attached to messages; this > > searches based on filename, content type, file size. Frost is inherently > > spammable, see below, and so is the filesharing system in Frost. Thaw uses > > searchable file indexes, which are authored pseudonymously and can link to > > each other. Thaw allows you to subscribe to specific indexes, and explore the > > web of indexes to find more to subscribe to; hence it is much less spammable. > > - Spam so far has largely been a problem with chat (forums/USENET) systems. > > Frost uses a globally writable queue for each public board, which of course > > has been spammed; for over a year, most boards on Frost were unusable because > > of this. FMS and later Freetalk emerged as solutions to this problem: new > > chat systems based on a web of trust, into which a pseudonymous identity can > > be announced via solving lots of CAPTCHAs. Freetalk will be integrated into > > the node as a plugin, it uses a backend generic "Web of Trust" plugin which > > could be used for applications other than chat, and a frontend Freetalk > > plugin for chat-related functions. > > - Flooding of datastores is not in general a big problem for Freenet, at least > > we don't think so: A powerful attacker could certainly cause severe problems > > with flooding on opennet, but he could do many other things too which would > > probably be more effective; on darknet, the attacker is limited by the number > > of connections he can social engineer into the network. In any case, the kind > > of measures needed to address flooding of datastores directly would likely > > have severe anonymity issues, so it is probably better to keep them on the > > (anonymous) client layer. > > - So we're talking about locating content here: Searchng, for files or for > > sites. The two basic problems are filtering results and preventing the whole > > system being DoS'ed. > > - Using the Web of Trust for filesharing has been suggested more than once; > > there may be scalability issues, but there will be such issues even with > > chat, it's something we should seriously consider. > > > > Hence, Funnel cannot be *directly* applied: > > - Voting directly with your IP address as a Sybil protection is clearly not > > acceptable to most Freenet users, as it is a clear violation of anonymity. > > - Voting indirectly must be Sybil-proof, or at least DoS-proof. Chat > > identities from the Web of Trust would probably be a good option. > > - Limiting the number of downloads from a specific file based on its > > reputation is not feasible as far as I can see. > > > > However, some sort of spam resistant filesharing/searching system is > > definitely necessary to Freenet, and the sooner the better. Thaw's current > > model is probably over-reliant on relatively small numbers of dedicated index > > owners, and on the users manually subscribing to indexes. Frost's model is > > clearly broken, and the current de facto standard of asking for stuff on the > > chat forums and getting a key back is just way too slow and inconvenient. > >> > >> Thank you! > >> > >> Regards. > >> > >> Fl?vio Roberto Santos > >> http://www.inf.ufrgs.br/~frsantos -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090327/15d165c0/attachment.pgp>
