On Sunday 19 December 2010 15:41:04 Lennart Ackermans wrote: > The current texts are indeed very easy to understand, but not very clear to > me. Most importantly, I don't get why darknet mode improves security. > > I'm assuming that security in this case means anonymity. But when you add > friends, they can connect your freenet identity to your real life identity. > This is usually not possible for random strangers, as long as they are not > law enforcement.
The bad guys are not necessarily law enforcement in a rich western democracy. But the more important point is this: ONLY THOSE YOU ARE CONNECTED TO CAN ATTACK YOU! Any serious attacker would use one of two strategies: 1. Connect to each and every node on the opennet. This is by far the more powerful and is feasible today. The costs increase roughly linearly with the network size but are likely to be reasonable for even a fairly large network. 2. Start with a bunch of nodes scattered across the network, and trace a stream of requests, gradually getting closer and closer to the target. This is likely feasible today with very little resources, but is easiest by far if the target is doing large predictable inserts: The attacker can move much faster if he can predict the exact keys in advance. Chat identities might be traceable this way but it would take a long time. Small files should not be traceable - but you still need to announce them. > If I am right about this, the text should at least > distinguish between the situations where you want to protect your anonymity > to your friends or the feds. We have a friends security level. This will soon be removed and replaced by a per-friend trust level. Given that you trust your friends at least marginally, there are options for sharing additional data with them to improve performance and also provide some useful functionality (e.g. bookmark sharing). However, there isn't much you can do if the people you trust betray you, given the Freenet architecture, except for some very expensive (=slow) options that might happen long term. The upside is that as long as the attacker is distant, it's always going to be expensive for him to make *everyone's friends* betray their friends. > > However, I don't even see why darknets protect your anonymity so much to the > rest of the network. They protect your anonymity because *all* serious attacks on freenet rely on being connected to the target. They also protect the network, of course - blocking opennet is trivial, blocking darknet involves one of: - Blocking all customer-to-customer traffic. (Significant collateral damage, some governments see peer to peer as a legitimate tool for online innovation e.g. the UK) - Regulating all customer-to-customer traffic. (Smaller collateral damage but possibility of exploits) - Identifying the protocol. (Difficult with the current protocol, very difficult with even basic steganography) - Traffic flow analysis. (Relatively expensive, possibility of some collateral damage if shortcuts are taken) > The idea behind darknets is great, but I suspect they > often don't provide much anonymity because of the way they are used. A > common situation must be that a group of friends connect to each other. But > they also need to connect to the rest of freenet, so one of them must use > opennet mode. This means the police would be able to link all the freenet > traffice from that node to that group of friends with certainty. I think the > darknet idea will not be perfect before everyone uses it, and still everyone > is connect to each other. Nothing is perfect. I hope that we will not need opennet for more than another year or two, because IMHO the attacks against opennet are so devastating both on the anonymity and the DoS level that it is simply not sustainable in the long term. Having a very small darknet with one opennet node is far from an ideal topology - hopefully it would grow eventually. > > Or am I one of those people who misunderstood, Matthew? Well, I propose we > at least discuss the situations where one of either modes is a better > choice, if you guys haven't done that a lot already (I just signed up for > this mailing list, I will tell about the reason for that later). There is NO situation in which opennet is better, period. The implication in your argument is that Freenet should be safe even if all but one of your peers are hostile, or some similar cypherpunk dream, as some other networks (e.g. I2P/Tor) claim. Unfortunately implementing that sort of a system in practice is often a lot harder than it sounds. Some of the major difficulties: - Sybil attacks. What is to prevent an attacker from impersonating 1000 nodes? This is a problem for Tor, I2P, and opennet, but on darknet it is severely limited: the attacker is essentially limited by the number of connections he has to the "real" network. On the other hand Tor and I2P are significantly more resilient to it than freenet opennet is. - Harvesting/blocking/etc. If the list of nodes is public, they can be blocked en-masse. Opennet seednodes have this in the extreme. Even if there were a lot of seednodes, and only a few were given out to each newly bootstrapped node, as happens with Tor, there would be ways to harvest them. China has done this with Tor. - Real-time vs traffic analysis. Any real time system including Freenet compromises somewhat on traffic analysis. On the other hand the fact that we're a document store, dealing with blocks not packets, can help us to have a range of policies with different security and performance requirements. There are lots more issues. The point is Freenet takes a different approach. It is NOT an onion routing network. It does not provide any really strong anonymity *against your direct peers*, however on darknet it can provide very strong protection against an initially distant attacker. To provide strong anonymity against your direct peers would probably be possible on darknet by means of tunnels (assuming that the proportion of the keyspace an attacker can control is limited to the number of links he has to the rest of the network, on which a lot of our security is based IMHO). However these would have to traverse within the network, so would cost a lot of performance. Hence, to guard against the second category of attack above (the first is IMHO infeasible on a darknet short of massive political capital expenditure), we would probably only usually use tunnels for those blocks which can be predicted in advance. On opennet, the higher performance option is a traditional onion routing network where you build tunnels directly; this would effectively be either reimplementing or using I2P or some similar large scale peer to peer onion router. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20101220/7660d180/attachment.pgp>
