On Friday 03 December 2010 22:44:55 David ?Bombe? Roden wrote: > On Friday 03 December 2010 23:13:56 Ed Tomlinson wrote: > > > There is also a lack of relative security. > > > > Is opennet more or less secure than tor? > > Is opennet more or less secure than using https? > > Is opennet more or less secure than bittorrent? > > Is darknet more secure than tor? > > Unfortunately those questions are all comparing the colour of a bucket to the > speed of a car.
The answer is always "it depends". Some comparability is possible. Tor has some serious attacks (traffic analysis, route selection, time intersection on hidden servers), doesn't deal with Sybil (anyone could create lots of bogus nodes and submit them), and is hard to use correctly (endpoint capture, servers for hidden services need to be configured carefully etc) but opennet is probably less secure than Tor - *if both are used correctly*. Of course we will improve on this. Depending on your threat model, darknet could be significantly more secure, and is certainly significantly more robust in a hostile-ish environment, than Tor. Or at least it would be after we fix the Pitch Black attack. Part of the reason that hasn't happened yet is nobody uses darknet... :| Opennet is more secure than bittorrent but it gives a dubious sense of security - it's only slightly more secure than bittorrent, arguably, and people may assume it is a lot safer and thus do different things on it. It's an improvement if people know what they're letting themselves in for. Hopefully (they will be on BT for less time than Freenet but I doubt that's enough). Re HTTPS, well, different threat models - do you trust the server? > > > Ed > > David -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20101207/eabdc283/attachment.pgp>
