[freenet-support] Concerned about privacy

2009-01-07 Thread Matthew Toseland 
On Wednesday 07 January 2009 02:05, Dennis Nezic wrote:
> On Tue, 6 Jan 2009 23:56:48 +, Matthew Toseland
>  wrote:
> 
> > On Tuesday 06 January 2009 16:51, 3BUIb3S50i 3BUIb3S50i wrote:
> > > So, Freemulet or Frost "automatic insertion" are dangerous? We know
> > > the key before the upload of the file.
> > 
> > Yes IMHO.
> 
> There's no such thing as a "stream of content" in freenet. Aren't
> chunks distributed across lots of nodes, and thus not traceable to
> any one location? Wasn't that the whole point of freenet? ;)

Doesn't follow, unfortunately.

If for example the same identity is known from public posts to be reinserting 
a series of files of known content, you have a large number of inserts which 
can be correlated together. The attack would then be to watch the inserts 
(initially a trickle because the attacker is far from the originator), and 
use the fact that they got routed to your node and the location of the key 
(or simply which node sent you the inserts) to get a rough idea of where the 
originator is on the network. Then get some connections a bit closer to the 
target. The number of inserts you intercept will increase, enabling you to 
approach the target ever more rapidly. This works on darknet as well as 
opennet, the difference is on darknet getting a connection to a target node 
is expensive, requiring e.g. social engineering, remote compromise of the 
node, or local compromise (e.g. dawn raid).
> 
> And, I'm guessing that this theoretical attack, if it even exists,
> would only affect new inserts.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL:

[freenet-support] Concerned about privacy

2009-01-06 Thread Matthew Toseland 
On Tuesday 06 January 2009 16:51, 3BUIb3S50i 3BUIb3S50i wrote:
> So, Freemulet or Frost "automatic insertion" are dangerous? We know the key
> before the upload of the file.

Yes IMHO.
> 
> 
> On Mon, Jan 5, 2009 at 5:29 PM, Matthew Toseland
> wrote:
> 
> > On Tuesday 23 December 2008 18:14, Shironeko wrote:
> > > Dear Freenet Support Team,
> > >
> > > I send you this message because I've stumbled upon a "curiosity"  which
> > I'd
> > > like to get explained since I'm not able to find any other documentation
> > > regarding this issue.
> > >
> > > I was browsing through my hard drive's Freenet Directory, looking at the
> > > latest logs when I suddenly realized that there were IP adresses written
> > in.
> > >
> > > This is an example:
> > >
> > > dic 23, 2008 17:06:14:078 (freenet.node.NodeDispatcher, UdpSocketHandler
> > for
> > > port 266XX(2), NORMAL): Rejecting CHK request from 213.238.213.XX:387XX
> > > preemptively because Insufficient output bandwidth
> > >
> > > I may not fully understand the protocol Freenet uses for data
> > transmission
> > > but these IP's are uplookable and can represent a problem for anyone who
> > > connects from a country like China.
> >
> > I don't see why. For it to be a problem the bad guys would have to already
> > have seized (or electronically compromised) your node, in which case they
> > probably have your browser history, your datastore, your Friends list ...
> > >
> > > Also, I wonder if it would be possible to collect valuable information 
by
> > > gathering the LOGs of many different nodes and following a specific IP's
> > > requests.
> >
> > Yes, but you'd need to compromise all the nodes on the path of that
> > request.
> > >
> > > Finally I'd like to ask you about this message I found in the logs too:
> > >
> > > "Note that this version of Freenet is still a very early alpha, and may
> > well
> > > have numerous bugs and design flaws.
> > > In particular: YOU ARE WIDE OPEN TO YOUR IMMEDIATE PEERS! They can
> > eavesdrop
> > > on your requests with relatively little difficulty at present
> > (correlation
> > > attacks etc)."
> > >
> > > I suppose that this must be an old message since the Freenet project is
> > not
> > > in a very early alpha version anymore and I'm using 0.7, the latest.
> >
> > This is partly true. There are a number of known attacks on Freenet, which
> > cannot be completely eliminated short of new features which we have not 
yet
> > implemented. On the other hand, for some situations, Freenet may be the
> > best
> > currently available. For example, Freenet's scalable darknet functionality
> > is
> > fairly unusual, allowing you to only connect to people you trust, and also
> > it
> > is easier to safely publish a website on Freenet than on a Tor hidden
> > service
> > afaik (due to e.g. issues with configuring apache to not give away
> > incriminating details, and much harder intersection attacks). The bottom
> > line
> > is if you are going to stake your freedom and/or life on the security of 
an
> > anonymous network, you need to seriously consider the pro's and con's of
> > each
> > possible option, including doing nothing; Freenet has had severe bugs in
> > the
> > past, and is pre-1.0, but apart from that, we have fairly serious known
> > attacks...
> >
> > There are 4 basic powerful attacks on Freenet that we are concerned about:
> > 1. Harvesting. Finding lots of Freenet nodes quickly, in order to e.g.
> > block
> > them on a national firewall. Most anonymous networks do not address this
> > problem at all. On opennet, harvesting is relatively easy (slightly harder
> > than on Tor or I2P); on darknet, harvesting should be fairly hard.
> > 2. Datastore seizure. What happens when/if the bad guys either
> > electronically
> > compromise or physically seize your computer? At the moment everything you
> > download through Freenet is cached in your datastore. Temporary files are
> > encrypted with ephemeral keys, but for long-term downloads we have to 
store
> > the keys to disk.
> > 3. Snooping on your peers. It is probably possible, under some assumptions
> > (e.g. being able to identify the content, it being sufficiently large), to
> > do
> > statistical attacks to figure out what those nodes you are connected to 
are
> > downloading/uploading. This is yet another reason to use darknet.
> > 4. Mobile attacker tracing the source of a stream of content. If an
> > anonymous
> > identity publishes data that can be identified (e.g. reinserting known
> > content, posting to FMS boards, posting to a known freesite), it may be
> > possible to gradually approach his location. Reinsertion of known content
> > makes this much easier, because of CHKs; because we always insert the top
> > block (the freesite USK e.g.) last, if the content isn't guessable in
> > advance
> > it is very difficult to pull this off against large inserts, because the
> > attacker can only identify the stream after the top block (or the FMS post
> > referring to the

[freenet-support] Concerned about privacy

2009-01-06 Thread Dennis Nezic 
On Tue, 6 Jan 2009 23:56:48 +, Matthew Toseland
 wrote:

> On Tuesday 06 January 2009 16:51, 3BUIb3S50i 3BUIb3S50i wrote:
> > So, Freemulet or Frost "automatic insertion" are dangerous? We know
> > the key before the upload of the file.
> 
> Yes IMHO.

There's no such thing as a "stream of content" in freenet. Aren't
chunks distributed across lots of nodes, and thus not traceable to
any one location? Wasn't that the whole point of freenet? ;)

And, I'm guessing that this theoretical attack, if it even exists,
would only affect new inserts.

[freenet-support] Concerned about privacy

2009-01-06 Thread 3BUIb3S50i 3BUIb3S50i 
So, Freemulet or Frost "automatic insertion" are dangerous? We know the key
before the upload of the file.


On Mon, Jan 5, 2009 at 5:29 PM, Matthew Toseland
wrote:

> On Tuesday 23 December 2008 18:14, Shironeko wrote:
> > Dear Freenet Support Team,
> >
> > I send you this message because I've stumbled upon a "curiosity"  which
> I'd
> > like to get explained since I'm not able to find any other documentation
> > regarding this issue.
> >
> > I was browsing through my hard drive's Freenet Directory, looking at the
> > latest logs when I suddenly realized that there were IP adresses written
> in.
> >
> > This is an example:
> >
> > dic 23, 2008 17:06:14:078 (freenet.node.NodeDispatcher, UdpSocketHandler
> for
> > port 266XX(2), NORMAL): Rejecting CHK request from 213.238.213.XX:387XX
> > preemptively because Insufficient output bandwidth
> >
> > I may not fully understand the protocol Freenet uses for data
> transmission
> > but these IP's are uplookable and can represent a problem for anyone who
> > connects from a country like China.
>
> I don't see why. For it to be a problem the bad guys would have to already
> have seized (or electronically compromised) your node, in which case they
> probably have your browser history, your datastore, your Friends list ...
> >
> > Also, I wonder if it would be possible to collect valuable information by
> > gathering the LOGs of many different nodes and following a specific IP's
> > requests.
>
> Yes, but you'd need to compromise all the nodes on the path of that
> request.
> >
> > Finally I'd like to ask you about this message I found in the logs too:
> >
> > "Note that this version of Freenet is still a very early alpha, and may
> well
> > have numerous bugs and design flaws.
> > In particular: YOU ARE WIDE OPEN TO YOUR IMMEDIATE PEERS! They can
> eavesdrop
> > on your requests with relatively little difficulty at present
> (correlation
> > attacks etc)."
> >
> > I suppose that this must be an old message since the Freenet project is
> not
> > in a very early alpha version anymore and I'm using 0.7, the latest.
>
> This is partly true. There are a number of known attacks on Freenet, which
> cannot be completely eliminated short of new features which we have not yet
> implemented. On the other hand, for some situations, Freenet may be the
> best
> currently available. For example, Freenet's scalable darknet functionality
> is
> fairly unusual, allowing you to only connect to people you trust, and also
> it
> is easier to safely publish a website on Freenet than on a Tor hidden
> service
> afaik (due to e.g. issues with configuring apache to not give away
> incriminating details, and much harder intersection attacks). The bottom
> line
> is if you are going to stake your freedom and/or life on the security of an
> anonymous network, you need to seriously consider the pro's and con's of
> each
> possible option, including doing nothing; Freenet has had severe bugs in
> the
> past, and is pre-1.0, but apart from that, we have fairly serious known
> attacks...
>
> There are 4 basic powerful attacks on Freenet that we are concerned about:
> 1. Harvesting. Finding lots of Freenet nodes quickly, in order to e.g.
> block
> them on a national firewall. Most anonymous networks do not address this
> problem at all. On opennet, harvesting is relatively easy (slightly harder
> than on Tor or I2P); on darknet, harvesting should be fairly hard.
> 2. Datastore seizure. What happens when/if the bad guys either
> electronically
> compromise or physically seize your computer? At the moment everything you
> download through Freenet is cached in your datastore. Temporary files are
> encrypted with ephemeral keys, but for long-term downloads we have to store
> the keys to disk.
> 3. Snooping on your peers. It is probably possible, under some assumptions
> (e.g. being able to identify the content, it being sufficiently large), to
> do
> statistical attacks to figure out what those nodes you are connected to are
> downloading/uploading. This is yet another reason to use darknet.
> 4. Mobile attacker tracing the source of a stream of content. If an
> anonymous
> identity publishes data that can be identified (e.g. reinserting known
> content, posting to FMS boards, posting to a known freesite), it may be
> possible to gradually approach his location. Reinsertion of known content
> makes this much easier, because of CHKs; because we always insert the top
> block (the freesite USK e.g.) last, if the content isn't guessable in
> advance
> it is very difficult to pull this off against large inserts, because the
> attacker can only identify the stream after the top block (or the FMS post
> referring to the new file) was inserted; if the content *is* guessable, the
> attacker can move towards the target continually over the course of the
> insert.
>
> All of these attacks we have some mitigation against, but all of them are
> feasible to some extent under some mostly-reasonable assumptions.

Re: [freenet-support] Concerned about privacy

2009-01-06 Thread 3BUIb3S50i 3BUIb3S50i 
So, Freemulet or Frost automatic insertion are dangerous? We know the key
before the upload of the file.


On Mon, Jan 5, 2009 at 5:29 PM, Matthew Toseland
t...@amphibian.dyndns.orgwrote:

 On Tuesday 23 December 2008 18:14, Shironeko wrote:
  Dear Freenet Support Team,
 
  I send you this message because I've stumbled upon a curiosity  which
 I'd
  like to get explained since I'm not able to find any other documentation
  regarding this issue.
 
  I was browsing through my hard drive's Freenet Directory, looking at the
  latest logs when I suddenly realized that there were IP adresses written
 in.
 
  This is an example:
 
  dic 23, 2008 17:06:14:078 (freenet.node.NodeDispatcher, UdpSocketHandler
 for
  port 266XX(2), NORMAL): Rejecting CHK request from 213.238.213.XX:387XX
  preemptively because Insufficient output bandwidth
 
  I may not fully understand the protocol Freenet uses for data
 transmission
  but these IP's are uplookable and can represent a problem for anyone who
  connects from a country like China.

 I don't see why. For it to be a problem the bad guys would have to already
 have seized (or electronically compromised) your node, in which case they
 probably have your browser history, your datastore, your Friends list ...
 
  Also, I wonder if it would be possible to collect valuable information by
  gathering the LOGs of many different nodes and following a specific IP's
  requests.

 Yes, but you'd need to compromise all the nodes on the path of that
 request.
 
  Finally I'd like to ask you about this message I found in the logs too:
 
  Note that this version of Freenet is still a very early alpha, and may
 well
  have numerous bugs and design flaws.
  In particular: YOU ARE WIDE OPEN TO YOUR IMMEDIATE PEERS! They can
 eavesdrop
  on your requests with relatively little difficulty at present
 (correlation
  attacks etc).
 
  I suppose that this must be an old message since the Freenet project is
 not
  in a very early alpha version anymore and I'm using 0.7, the latest.

 This is partly true. There are a number of known attacks on Freenet, which
 cannot be completely eliminated short of new features which we have not yet
 implemented. On the other hand, for some situations, Freenet may be the
 best
 currently available. For example, Freenet's scalable darknet functionality
 is
 fairly unusual, allowing you to only connect to people you trust, and also
 it
 is easier to safely publish a website on Freenet than on a Tor hidden
 service
 afaik (due to e.g. issues with configuring apache to not give away
 incriminating details, and much harder intersection attacks). The bottom
 line
 is if you are going to stake your freedom and/or life on the security of an
 anonymous network, you need to seriously consider the pro's and con's of
 each
 possible option, including doing nothing; Freenet has had severe bugs in
 the
 past, and is pre-1.0, but apart from that, we have fairly serious known
 attacks...

 There are 4 basic powerful attacks on Freenet that we are concerned about:
 1. Harvesting. Finding lots of Freenet nodes quickly, in order to e.g.
 block
 them on a national firewall. Most anonymous networks do not address this
 problem at all. On opennet, harvesting is relatively easy (slightly harder
 than on Tor or I2P); on darknet, harvesting should be fairly hard.
 2. Datastore seizure. What happens when/if the bad guys either
 electronically
 compromise or physically seize your computer? At the moment everything you
 download through Freenet is cached in your datastore. Temporary files are
 encrypted with ephemeral keys, but for long-term downloads we have to store
 the keys to disk.
 3. Snooping on your peers. It is probably possible, under some assumptions
 (e.g. being able to identify the content, it being sufficiently large), to
 do
 statistical attacks to figure out what those nodes you are connected to are
 downloading/uploading. This is yet another reason to use darknet.
 4. Mobile attacker tracing the source of a stream of content. If an
 anonymous
 identity publishes data that can be identified (e.g. reinserting known
 content, posting to FMS boards, posting to a known freesite), it may be
 possible to gradually approach his location. Reinsertion of known content
 makes this much easier, because of CHKs; because we always insert the top
 block (the freesite USK e.g.) last, if the content isn't guessable in
 advance
 it is very difficult to pull this off against large inserts, because the
 attacker can only identify the stream after the top block (or the FMS post
 referring to the new file) was inserted; if the content *is* guessable, the
 attacker can move towards the target continually over the course of the
 insert.

 All of these attacks we have some mitigation against, but all of them are
 feasible to some extent under some mostly-reasonable assumptions. Later
 versions of Freenet will make them much harder with new features e.g.
 rendezvous tunnels.
 
  Thank you very much.

Re: [freenet-support] Concerned about privacy

2009-01-06 Thread Matthew Toseland 
On Tuesday 06 January 2009 16:51, 3BUIb3S50i 3BUIb3S50i wrote:
 So, Freemulet or Frost automatic insertion are dangerous? We know the key
 before the upload of the file.

Yes IMHO.
 
 
 On Mon, Jan 5, 2009 at 5:29 PM, Matthew Toseland
 t...@amphibian.dyndns.orgwrote:
 
  On Tuesday 23 December 2008 18:14, Shironeko wrote:
   Dear Freenet Support Team,
  
   I send you this message because I've stumbled upon a curiosity  which
  I'd
   like to get explained since I'm not able to find any other documentation
   regarding this issue.
  
   I was browsing through my hard drive's Freenet Directory, looking at the
   latest logs when I suddenly realized that there were IP adresses written
  in.
  
   This is an example:
  
   dic 23, 2008 17:06:14:078 (freenet.node.NodeDispatcher, UdpSocketHandler
  for
   port 266XX(2), NORMAL): Rejecting CHK request from 213.238.213.XX:387XX
   preemptively because Insufficient output bandwidth
  
   I may not fully understand the protocol Freenet uses for data
  transmission
   but these IP's are uplookable and can represent a problem for anyone who
   connects from a country like China.
 
  I don't see why. For it to be a problem the bad guys would have to already
  have seized (or electronically compromised) your node, in which case they
  probably have your browser history, your datastore, your Friends list ...
  
   Also, I wonder if it would be possible to collect valuable information 
by
   gathering the LOGs of many different nodes and following a specific IP's
   requests.
 
  Yes, but you'd need to compromise all the nodes on the path of that
  request.
  
   Finally I'd like to ask you about this message I found in the logs too:
  
   Note that this version of Freenet is still a very early alpha, and may
  well
   have numerous bugs and design flaws.
   In particular: YOU ARE WIDE OPEN TO YOUR IMMEDIATE PEERS! They can
  eavesdrop
   on your requests with relatively little difficulty at present
  (correlation
   attacks etc).
  
   I suppose that this must be an old message since the Freenet project is
  not
   in a very early alpha version anymore and I'm using 0.7, the latest.
 
  This is partly true. There are a number of known attacks on Freenet, which
  cannot be completely eliminated short of new features which we have not 
yet
  implemented. On the other hand, for some situations, Freenet may be the
  best
  currently available. For example, Freenet's scalable darknet functionality
  is
  fairly unusual, allowing you to only connect to people you trust, and also
  it
  is easier to safely publish a website on Freenet than on a Tor hidden
  service
  afaik (due to e.g. issues with configuring apache to not give away
  incriminating details, and much harder intersection attacks). The bottom
  line
  is if you are going to stake your freedom and/or life on the security of 
an
  anonymous network, you need to seriously consider the pro's and con's of
  each
  possible option, including doing nothing; Freenet has had severe bugs in
  the
  past, and is pre-1.0, but apart from that, we have fairly serious known
  attacks...
 
  There are 4 basic powerful attacks on Freenet that we are concerned about:
  1. Harvesting. Finding lots of Freenet nodes quickly, in order to e.g.
  block
  them on a national firewall. Most anonymous networks do not address this
  problem at all. On opennet, harvesting is relatively easy (slightly harder
  than on Tor or I2P); on darknet, harvesting should be fairly hard.
  2. Datastore seizure. What happens when/if the bad guys either
  electronically
  compromise or physically seize your computer? At the moment everything you
  download through Freenet is cached in your datastore. Temporary files are
  encrypted with ephemeral keys, but for long-term downloads we have to 
store
  the keys to disk.
  3. Snooping on your peers. It is probably possible, under some assumptions
  (e.g. being able to identify the content, it being sufficiently large), to
  do
  statistical attacks to figure out what those nodes you are connected to 
are
  downloading/uploading. This is yet another reason to use darknet.
  4. Mobile attacker tracing the source of a stream of content. If an
  anonymous
  identity publishes data that can be identified (e.g. reinserting known
  content, posting to FMS boards, posting to a known freesite), it may be
  possible to gradually approach his location. Reinsertion of known content
  makes this much easier, because of CHKs; because we always insert the top
  block (the freesite USK e.g.) last, if the content isn't guessable in
  advance
  it is very difficult to pull this off against large inserts, because the
  attacker can only identify the stream after the top block (or the FMS post
  referring to the new file) was inserted; if the content *is* guessable, 
the
  attacker can move towards the target continually over the course of the
  insert.
 
  All of these attacks we have some mitigation against, but all of them are

Re: [freenet-support] Concerned about privacy

2009-01-06 Thread Dennis Nezic 
On Tue, 6 Jan 2009 23:56:48 +, Matthew Toseland
t...@amphibian.dyndns.org wrote:

 On Tuesday 06 January 2009 16:51, 3BUIb3S50i 3BUIb3S50i wrote:
  So, Freemulet or Frost automatic insertion are dangerous? We know
  the key before the upload of the file.
 
 Yes IMHO.

There's no such thing as a stream of content in freenet. Aren't
chunks distributed across lots of nodes, and thus not traceable to
any one location? Wasn't that the whole point of freenet? ;)

And, I'm guessing that this theoretical attack, if it even exists,
would only affect new inserts.
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

[freenet-support] Concerned about privacy

2009-01-05 Thread Matthew Toseland 
On Tuesday 23 December 2008 18:14, Shironeko wrote:
> Dear Freenet Support Team,
> 
> I send you this message because I've stumbled upon a "curiosity"  which I'd
> like to get explained since I'm not able to find any other documentation
> regarding this issue.
> 
> I was browsing through my hard drive's Freenet Directory, looking at the
> latest logs when I suddenly realized that there were IP adresses written in.
> 
> This is an example:
> 
> dic 23, 2008 17:06:14:078 (freenet.node.NodeDispatcher, UdpSocketHandler for
> port 266XX(2), NORMAL): Rejecting CHK request from 213.238.213.XX:387XX
> preemptively because Insufficient output bandwidth
> 
> I may not fully understand the protocol Freenet uses for data transmission
> but these IP's are uplookable and can represent a problem for anyone who
> connects from a country like China.

I don't see why. For it to be a problem the bad guys would have to already 
have seized (or electronically compromised) your node, in which case they 
probably have your browser history, your datastore, your Friends list ...
> 
> Also, I wonder if it would be possible to collect valuable information by
> gathering the LOGs of many different nodes and following a specific IP's
> requests.

Yes, but you'd need to compromise all the nodes on the path of that request.
> 
> Finally I'd like to ask you about this message I found in the logs too:
> 
> "Note that this version of Freenet is still a very early alpha, and may well
> have numerous bugs and design flaws.
> In particular: YOU ARE WIDE OPEN TO YOUR IMMEDIATE PEERS! They can eavesdrop
> on your requests with relatively little difficulty at present (correlation
> attacks etc)."
> 
> I suppose that this must be an old message since the Freenet project is not
> in a very early alpha version anymore and I'm using 0.7, the latest.

This is partly true. There are a number of known attacks on Freenet, which 
cannot be completely eliminated short of new features which we have not yet 
implemented. On the other hand, for some situations, Freenet may be the best 
currently available. For example, Freenet's scalable darknet functionality is 
fairly unusual, allowing you to only connect to people you trust, and also it 
is easier to safely publish a website on Freenet than on a Tor hidden service 
afaik (due to e.g. issues with configuring apache to not give away 
incriminating details, and much harder intersection attacks). The bottom line 
is if you are going to stake your freedom and/or life on the security of an 
anonymous network, you need to seriously consider the pro's and con's of each 
possible option, including doing nothing; Freenet has had severe bugs in the 
past, and is pre-1.0, but apart from that, we have fairly serious known 
attacks...

There are 4 basic powerful attacks on Freenet that we are concerned about:
1. Harvesting. Finding lots of Freenet nodes quickly, in order to e.g. block 
them on a national firewall. Most anonymous networks do not address this 
problem at all. On opennet, harvesting is relatively easy (slightly harder 
than on Tor or I2P); on darknet, harvesting should be fairly hard.
2. Datastore seizure. What happens when/if the bad guys either electronically 
compromise or physically seize your computer? At the moment everything you 
download through Freenet is cached in your datastore. Temporary files are 
encrypted with ephemeral keys, but for long-term downloads we have to store 
the keys to disk.
3. Snooping on your peers. It is probably possible, under some assumptions 
(e.g. being able to identify the content, it being sufficiently large), to do 
statistical attacks to figure out what those nodes you are connected to are 
downloading/uploading. This is yet another reason to use darknet.
4. Mobile attacker tracing the source of a stream of content. If an anonymous 
identity publishes data that can be identified (e.g. reinserting known 
content, posting to FMS boards, posting to a known freesite), it may be 
possible to gradually approach his location. Reinsertion of known content 
makes this much easier, because of CHKs; because we always insert the top 
block (the freesite USK e.g.) last, if the content isn't guessable in advance 
it is very difficult to pull this off against large inserts, because the 
attacker can only identify the stream after the top block (or the FMS post 
referring to the new file) was inserted; if the content *is* guessable, the 
attacker can move towards the target continually over the course of the 
insert.

All of these attacks we have some mitigation against, but all of them are 
feasible to some extent under some mostly-reasonable assumptions. Later 
versions of Freenet will make them much harder with new features e.g. 
rendezvous tunnels.
> 
> Thank you very much.
> 
> Shiro.
> 
> PD. I also wonder where the cached and encrypted files on my HD are
> gathering.

In the freenet directory, generally speaking.
-- next part --
A non-text

Re: [freenet-support] Concerned about privacy

2009-01-05 Thread Matthew Toseland 
On Tuesday 23 December 2008 18:14, Shironeko wrote:
 Dear Freenet Support Team,
 
 I send you this message because I've stumbled upon a curiosity  which I'd
 like to get explained since I'm not able to find any other documentation
 regarding this issue.
 
 I was browsing through my hard drive's Freenet Directory, looking at the
 latest logs when I suddenly realized that there were IP adresses written in.
 
 This is an example:
 
 dic 23, 2008 17:06:14:078 (freenet.node.NodeDispatcher, UdpSocketHandler for
 port 266XX(2), NORMAL): Rejecting CHK request from 213.238.213.XX:387XX
 preemptively because Insufficient output bandwidth
 
 I may not fully understand the protocol Freenet uses for data transmission
 but these IP's are uplookable and can represent a problem for anyone who
 connects from a country like China.

I don't see why. For it to be a problem the bad guys would have to already 
have seized (or electronically compromised) your node, in which case they 
probably have your browser history, your datastore, your Friends list ...
 
 Also, I wonder if it would be possible to collect valuable information by
 gathering the LOGs of many different nodes and following a specific IP's
 requests.

Yes, but you'd need to compromise all the nodes on the path of that request.
 
 Finally I'd like to ask you about this message I found in the logs too:
 
 Note that this version of Freenet is still a very early alpha, and may well
 have numerous bugs and design flaws.
 In particular: YOU ARE WIDE OPEN TO YOUR IMMEDIATE PEERS! They can eavesdrop
 on your requests with relatively little difficulty at present (correlation
 attacks etc).
 
 I suppose that this must be an old message since the Freenet project is not
 in a very early alpha version anymore and I'm using 0.7, the latest.

This is partly true. There are a number of known attacks on Freenet, which 
cannot be completely eliminated short of new features which we have not yet 
implemented. On the other hand, for some situations, Freenet may be the best 
currently available. For example, Freenet's scalable darknet functionality is 
fairly unusual, allowing you to only connect to people you trust, and also it 
is easier to safely publish a website on Freenet than on a Tor hidden service 
afaik (due to e.g. issues with configuring apache to not give away 
incriminating details, and much harder intersection attacks). The bottom line 
is if you are going to stake your freedom and/or life on the security of an 
anonymous network, you need to seriously consider the pro's and con's of each 
possible option, including doing nothing; Freenet has had severe bugs in the 
past, and is pre-1.0, but apart from that, we have fairly serious known 
attacks...

There are 4 basic powerful attacks on Freenet that we are concerned about:
1. Harvesting. Finding lots of Freenet nodes quickly, in order to e.g. block 
them on a national firewall. Most anonymous networks do not address this 
problem at all. On opennet, harvesting is relatively easy (slightly harder 
than on Tor or I2P); on darknet, harvesting should be fairly hard.
2. Datastore seizure. What happens when/if the bad guys either electronically 
compromise or physically seize your computer? At the moment everything you 
download through Freenet is cached in your datastore. Temporary files are 
encrypted with ephemeral keys, but for long-term downloads we have to store 
the keys to disk.
3. Snooping on your peers. It is probably possible, under some assumptions 
(e.g. being able to identify the content, it being sufficiently large), to do 
statistical attacks to figure out what those nodes you are connected to are 
downloading/uploading. This is yet another reason to use darknet.
4. Mobile attacker tracing the source of a stream of content. If an anonymous 
identity publishes data that can be identified (e.g. reinserting known 
content, posting to FMS boards, posting to a known freesite), it may be 
possible to gradually approach his location. Reinsertion of known content 
makes this much easier, because of CHKs; because we always insert the top 
block (the freesite USK e.g.) last, if the content isn't guessable in advance 
it is very difficult to pull this off against large inserts, because the 
attacker can only identify the stream after the top block (or the FMS post 
referring to the new file) was inserted; if the content *is* guessable, the 
attacker can move towards the target continually over the course of the 
insert.

All of these attacks we have some mitigation against, but all of them are 
feasible to some extent under some mostly-reasonable assumptions. Later 
versions of Freenet will make them much harder with new features e.g. 
rendezvous tunnels.
 
 Thank you very much.
 
 Shiro.
 
 PD. I also wonder where the cached and encrypted files on my HD are
 gathering.

In the freenet directory, generally speaking.


pgpRaAkI6roGK.pgp
Description: PGP signature
___
Support

[freenet-support] Concerned about privacy

2009-01-01 Thread Luke771 
On Tue, 23 Dec 2008 19:14:09 +0100
Shironeko  wrote:

(...)
> but these IP's are uplookable and can represent a problem for anyone who
> connects from a country like China.

The IP addresses that you see are all from people that don't need to hide the 
fact that they run Freenet. If they needed to keep their nodes secret, they 
would use Darknet and you wouldn't see their IP's.


> Also, I wonder if it would be possible to collect valuable information by
> gathering the LOGs of many different nodes and following a specific IP's
> requests.

It is possible to tell who is running Freenet, as long as they use Opennet 
('connections to Strangers).
If they use only Darknet ('connections to Friends'), telling who is running a 
node is much more difficult.

Also, it is theoretically possible for your peers to use correlation attacks to 
figure out what you download and upload.
Actually proving anything would be very difficult, but some good guesses are 
possible, and in some cases courts can accept good guesses as 'evidence'. Yes, 
in the West too. The 'formerly free' world.

Your only defense is to run a pure darknet node and only connect to people that 
you know and trust, friends that you -know- they wouldn't try to spy on you 
(but they could still be threatened, blackmailed, tortured)

> 
> Finally I'd like to ask you about this message I found in the logs too:
> 
> "Note that this version of Freenet is still a very early alpha, and may well
> have numerous bugs and design flaws.
> In particular: YOU ARE WIDE OPEN TO YOUR IMMEDIATE PEERS! They can eavesdrop
> on your requests with relatively little difficulty at present (correlation
> attacks etc)."
> 
> I suppose that this must be an old message since the Freenet project is not
> in a very early alpha version anymore and I'm using 0.7, the latest.
> 

You suppose wrong. Freenet IS alpha software, and if you bet your life or 
freedom on Freenet you pretty much deserve to get killed or imprisoned.
Of course, Freenete is 'less insecure' than the 'regular' web, but you still 
need to be very, very careful, especially if your opponent has time, money and 
resources -and- they would invest them to get you (in other words, the best 
defense is still not being worth the hassle) 


> Thank you very much.
> 
> Shiro.
>

np-
Luke

> PD. I also wonder where the cached and encrypted files on my HD are
> gathering.
> 

In the Freenet directory, datastore folder, all encrypted.


--

Re: [freenet-support] Concerned about privacy

2009-01-01 Thread Luke771 
On Tue, 23 Dec 2008 19:14:09 +0100
Shironeko shironeko.pub...@gmail.com wrote:

(...)
 but these IP's are uplookable and can represent a problem for anyone who
 connects from a country like China.

The IP addresses that you see are all from people that don't need to hide the 
fact that they run Freenet. If they needed to keep their nodes secret, they 
would use Darknet and you wouldn't see their IP's.
 

 Also, I wonder if it would be possible to collect valuable information by
 gathering the LOGs of many different nodes and following a specific IP's
 requests.

It is possible to tell who is running Freenet, as long as they use Opennet 
('connections to Strangers).
If they use only Darknet ('connections to Friends'), telling who is running a 
node is much more difficult.

Also, it is theoretically possible for your peers to use correlation attacks to 
figure out what you download and upload.
Actually proving anything would be very difficult, but some good guesses are 
possible, and in some cases courts can accept good guesses as 'evidence'. Yes, 
in the West too. The 'formerly free' world.

Your only defense is to run a pure darknet node and only connect to people that 
you know and trust, friends that you -know- they wouldn't try to spy on you 
(but they could still be threatened, blackmailed, tortured)

 
 Finally I'd like to ask you about this message I found in the logs too:
 
 Note that this version of Freenet is still a very early alpha, and may well
 have numerous bugs and design flaws.
 In particular: YOU ARE WIDE OPEN TO YOUR IMMEDIATE PEERS! They can eavesdrop
 on your requests with relatively little difficulty at present (correlation
 attacks etc).
 
 I suppose that this must be an old message since the Freenet project is not
 in a very early alpha version anymore and I'm using 0.7, the latest.
 

You suppose wrong. Freenet IS alpha software, and if you bet your life or 
freedom on Freenet you pretty much deserve to get killed or imprisoned.
Of course, Freenete is 'less insecure' than the 'regular' web, but you still 
need to be very, very careful, especially if your opponent has time, money and 
resources -and- they would invest them to get you (in other words, the best 
defense is still not being worth the hassle) 


 Thank you very much.
 
 Shiro.


np-
Luke

 PD. I also wonder where the cached and encrypted files on my HD are
 gathering.
 

In the Freenet directory, datastore folder, all encrypted.


-- 

___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

[freenet-support] Concerned about privacy

2008-12-31 Thread Shironeko 
Dear Freenet Support Team,

I send you this message because I've stumbled upon a curiosity  which I'd
like to get explained since I'm not able to find any other documentation
regarding this issue.

I was browsing through my hard drive's Freenet Directory, looking at the
latest logs when I suddenly realized that there were IP adresses written in.

This is an example:

dic 23, 2008 17:06:14:078 (freenet.node.NodeDispatcher, UdpSocketHandler for
port 266XX(2), NORMAL): Rejecting CHK request from 213.238.213.XX:387XX
preemptively because Insufficient output bandwidth

I may not fully understand the protocol Freenet uses for data transmission
but these IP's are uplookable and can represent a problem for anyone who
connects from a country like China.

Also, I wonder if it would be possible to collect valuable information by
gathering the LOGs of many different nodes and following a specific IP's
requests.

Finally I'd like to ask you about this message I found in the logs too:

Note that this version of Freenet is still a very early alpha, and may well
have numerous bugs and design flaws.
In particular: YOU ARE WIDE OPEN TO YOUR IMMEDIATE PEERS! They can eavesdrop
on your requests with relatively little difficulty at present (correlation
attacks etc).

I suppose that this must be an old message since the Freenet project is not
in a very early alpha version anymore and I'm using 0.7, the latest.

Thank you very much.

Shiro.

PD. I also wonder where the cached and encrypted files on my HD are
gathering.
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe