Re: [freenet-support] Build 1474 status and the *Freenet-bite* attack
On 07-Jun-16 3:54 PM, Matthew Toseland wrote: > Freenet build 1474 has been partially released. It includes a critical bugfix > for the "Frostbite" bug: if you visit a malicious key, downloads can stop > working. This is being actively exploited on Frost and Sone/WoT. Unloading > WoT / turning off Frost and restarting the node should make it work again. This crack was an exploit of Freenet. Not of Frost. It affected both users of WoT and users of Frost. It should for that reason not be called 'Frostbite' but 'Freenetbite'. All users of both programs during the attack must upgrade to the repaired version of Freenet, build 1474 because their node is corrupted and can not be repaired. Users whose node is corrupted can not upgrade over Freenet, they must use the clearweb upgrading method. Shut down Freenet. Windows users must use the DOS command line, navigate to the Freenet folder: update.cmd Linux users need this command: "./update.sh" This was not just some bug in Freenet, this attack was the most severe attack on Freenet I have seen in over 10 years of using Freenet. This crack was damaging all nodes of everybody who used either the Web of Trust plugin, or Frost. I think the importance of this crack should be taken seriously. This time the anonymity of Freenet users has not been endangered, but an attack this effective may well expose all damaged nodes. Since downloading a malicious key was enough, this crack could have been applied to the key of a freesite or even to the key to download a particular file. I know this is no good advertizing of Freenet but this has happened. Please allow this anonymous message on the support list. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Rant for Opennet
On 11-May-16 8:27 PM, Arne Babenhauserheide wrote: > > Anonymous writes: (all previous text cut) Okay, you convinced me of how Darknet could add to my security. I think I understand though I'm not sure. Yet the practical problem for me stays the same, although I now would like to find a darknet peer, I would not know how. Not nice for me to write but fact, I got no close friends at all. Would not want to ask family as they'd understand nothing of this even when one has been an IT worker all his life. I could explain the technics but he would understand nothing of why Freenet, anonymity, strong encryption is needed. To trust a coworker with the fact I run a FN node, well, I don't dare that either. Only one of them /might/ understand, but I don't want to try. A side comment; I do not see how the NSA could take over all my opennet connections, no matter how many nodes it runs. The connections limit of 40 has been raised to, 100? I have 73 opennet connections now, 16 backed off. How could the NSA take over all 57 remaining connections. If the NSA would run nearly all nodes, okay. Could supernodes, with an extremely high bandwidth do this? If so, I imagine those nodes would be similar to black holes for them only 'sucking in', but very visible. Also, I have read the surfaced docs on LE Freenet investigations, it looks like the NSA can well identify files within Freenet, but I read between the lines they are not as powerful as they would like to be on cracking Freenets pseudonymity, in fact hardly at all at the moment of writing. I have read lots on how 'the cops' try to get warrants but very little on how Freenet is surveilled from within. Don't see how surveillance within would give them much to go after either. So I still think it will be next to impossible to link Freenet ID's to IP adresses. Linking downloads to IP adresses is easy, given the downloaders do it in the most unsafe way. So there can be thought of how to make it less unsafe. Oh, will darknet be as unsafe for the 'friends' running both darknet and opennet? ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
[freenet-support] Rant for Opennet
Arne Babenhauserheide: > > This reasoning falls for 3 misconceptions: > > 1. You do not give your Darknet friends the key to your house. You only > make it easier for them to break in by letting them see the insides > as if they looked through the windows. In Opennet everybody can get a > connection to you and run exactly the same attacks a darknet friend > can run. So by switching to darknet, you pull down the blinds and > *only* your Darknet friends can look through. With Opennet you do not > have blids, so everyone can look through. The logic of this escapes me. I'll explain below. > 2. If you are doing things LE wants to know badly and they already know > your physical identity, nothing can protect you. If they do not know > your physical identity, they also do not know your friends. If they > get to know your friends, they also get to know you, which gives them > your IP address, allowing them to run all Opennet attacks against you > which are easier than darknet attacks. Is that a fact, am I on an 'open' Darknet, connected to Opennet too, less vulnerable, also towards an evil 'friend'? > 3. You do not give your Darknet friends your in-Freenet identities. To > be safe you have to start a *new* identity in Freenet, without ties > to people you know physically. Thanks for replying. I had not thought of separating real life friends from FN 'friends', because I have understood exchanging noderefs requires real-life trust in the other person. That trust implies shared interests so we'd be friends on Freenet too. I am not telling anyone I use Freenet, if only for the obvious question why I need it. - Well, maybe I do not need it but I do feel anonymity and encryption is important. - Oh? For what? - Protection against the all-seeing eyes of Google, NSA... for which reasons I hate Facebook and so on.. technics are interesting.. mail is very unsafe.. it's a rat race of encryption against NSA spionage.. - Man what a bullshit. Ain't you got something better to do? For that reason you run a complicated, slow network? I should encrypt mails to you? The NSA is interested in our cracked programs? - Yes they read everything.. all talks over phone are registered.. worldwide spy industry.. will you read wikileaks? - Alu hat? I can't afford Freenet friends. Few understand, most don't want to know any of this. Am I wrong that exchanging noderefs makes you more vulnerable towards a 'friend', also more vulnerable over the net? That person knows my IP adress, that I run a node and a lot about the person I am in real life, because we should trust eachother. Our ID's on Freenet and our reallife id's are linked. But I can't know what my friend does and hides from me. He can make me unsafe for our shared 'secrets', even if there aren't any. Now nobody in real life knows that I run a node. My ISP and LE can see it, but FN should be designed to keep them from knowing what I talk about or who I am on Freenet. My reallife me is separated from the FN 'me'. That feels more safe to me. Is that false logic? ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
[freenet-support] Rant for Opennet - was: How to hide IP when give out noderef?
Moses wrote: >wrote: >> On Thursday, April 21, 2016 03:20:07 PM Moses wrote: >>> Hi, >>> >>> I trust my friend, but still not want them to see my IP directly on >>> the freenet web page when I give them my noderef, how to prevent my IP >>> display on their freenet? >> >> It is not technically possible to implement Darknet connections without >> revealing IP addresses: The purpose of Darknet connections is to establish a >> direct Internet connection between you and your friend, and direct >> connections >> over the Internet work by using IP addresses. [] > I trust my friends, I just want to hide my node's physical location > and keep my little privacy/anonymity. That's different. And consider a > extreme situation that if friends are questioned by police, If they do > not know, they would have nothing to tell. The best way to keep a > secret is not tell anybody. Anyway, if hide IP is not technically > possible, I will have to use a VPN or not adding any friend... Your reasoning is smart. If you have the skills to run a Freenet node from a masked IP address, more power to you. Do not use Darknet though. Darknet is good for a secure intranet with one individual, or a few you can trust with your wallet and the keys to your house. The big problem however is: you can't trust anyone. For a simple reason: can you know what exactly you trust them with? On top, the more people it's about, the more you should distrust them. Say you've got one Freenet 'friend' you do trust with your IP address, and it's no problem he can see much of what you do because you trust him. But can you know what that trusted, for your business trusted friend does? That friend you can actually trust and let him have the keys to your house? Maybe he is doing completely unrelated, but dangerous things on other networks, like bittorrent, maybe he does dangerous things on the open net. Maybe he is doing something in real life that will have his computer confiscated. You are in trouble too if his computer is not bulletproof LE resistant, or if he hands down his passwords. His friends connection may then be taken over by your friendly officer, and he can now see way too much of you and everybody else in your 'dark'net. Effectively you have given the friendly officer the keys to your house now. To connect to the 'big Freenet', in order to insert/download public files, publish/visit freesites everybody can see, at least one of your 'friends' needs to connect to Opennet, the 'strangers' network. If you are doing things LE wants to know badly, chances are good your darknet will be infiltrated. Darknet may seem more secure because traffic within a 'closed' darknet can not easily be recognized as you running a Freenet node. But this provides a false security because of the problems just described. These problems do not exist on Opennet because you can not be recognized as a real person, Frost/FMS/Sone identities can't be traced to your IP address. Also, files you download/insert, freesites and messages can not be linked to your identities by a third party. This is the good news on the distributed, decentralized peer network Freenet is. Freenet is pretty smart at hiding which node downloads a file, or inserts one. In particular small files can't be traced because there is no time for an attacker to 'see' it. If you need anonymity, do not touch Darknet but stick to Opennet. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
[freenet-support] latest 0.7 build blows
first you have the damned thing spending forever farking with the store on startup, then you fark with the store so that it isn't going to grow like it should, now the farking thing starts up and pukes all over itself. logfile showed it was opening CHK store database when it happened. I tried everything, the only thing that fixed was to delete entire store. only then would it start up. also, why cant 0.7 have more than a few peers connected?
[freenet-support] latest 0.7 build blows
first you have the damned thing spending forever farking with the store on startup, then you fark with the store so that it isn't going to grow like it should, now the farking thing starts up and pukes all over itself. logfile showed it was opening CHK store database when it happened. I tried everything, the only thing that fixed was to delete entire store. only then would it start up. also, why cant 0.7 have more than a few peers connected? ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]