I'm having a hard time wrapping my head around the security implications of this discussion. I think that's in part because goals like censorship-resistant-connectivity and privacy seem in conflict.
To the best of my understanding these routing protocols have not been designed with the goal of preventing a malicious party from capturing (that is observing and possibly modifying) traffic that party is interested in. Encryption and integrity protection can defend against modification assuming that is supported by the protocol in question. Services like VPN tunnels or TOR can be used to get enthcryption/integrity protection across the mesh when accessing services that support Internet but do not themselves support integrity/confidentiality. However, finding out what services someone is accessing is also a concern as well as monitoring access patterns and the like. These mesh technologies seem to present huge issues in that direction. Combining mesh technologies with things like TOR doesn't make these issues go away; it does make them harder to analyze. As I see all these conflicting requirements I become increasingly concerned that it will be difficult for technical folks to understand what security and privacy properties a Freedom Box actually provides. I think conveying that to an end-user may be beyond our capability. One thing that might be valuable to do at least for designers of the system to understand it is to focus on making available the best in privacy-defeating technology we can. That is, make it easy to find all you can about people using your mesh node, to combine that with others who are willing to share privacy-defeating information with you, etc. The goal would be to understand what the practical attacks and exposures are with various technologies we're using as we are combining them. _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
