[freenet-support] Some issues and considerations
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > I googled a little on the subject and found below link: > > http://www.urban75.org/legal/rights.html > > http://en.wikipedia.org/wiki/Legal_rights > > My conclusion about secret words etc was: > > Be CONSTANTLY "Deaf and dumb" - Do Not Talk ? Other good links UK: http://www.uhc-collective.org.uk/webpages/toolbox/legal/no_comment_guide_2_arrest.htm USA: http://dc.indymedia.org/newswire/display/41204 - -- http://freedom.libsyn.com/ Voice of Freedom, Radical Podcast http://eng.anarchopedia.org/ Anarchopedia, A Free Knowledge Portal "None of us are free until all of us are free."~ Mihail Bakunin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHlH1xuWy2EFICg+0RAsaLAJ9tbLEBA3VmBXCw2R3kH2hPUdNFagCdFSM6 IpD7+N1Z69aPGu3oFAYPOmw= =gGhP -END PGP SIGNATURE-
[freenet-support] Some issues and considerations
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Firstly, as it is already awares, criminals and abusers are liable to > use the system for trafficking and/or depositing illegal material, If you use such terms to describe the people many will be unwilling to talk to you, i suggest better terms would be "those i disagree with" or something similar. Of course actual criminals and abusers can also run a Freenet node, but there is no way to stop NSA and other such organisations from doing this. > Now in a system like Freenet the encryption key > would not be known to any individual user, but without any legal > precedent as yet (nothing like Freenet has been in operation before) it > would be over-optimistic to assume that just because that user puts his > case for not being in possession of the key that he would be immune from > charges. With the logic like this you will be unable to use any new technology "because there is no legal precedent". In fact there is a concept (i'm not sure what the latin term is) which states that "Everything which is not specifically disallowed is in fact allowed", but you are correct at pointing out that criminals (NSA, FBI, etc) do use Freenet and attempt to stop the rest of the people. > In either case (USA or UK) the question remains if there would be any > reason why any individual users would a priori be targeted for > investigation simply for having encrypted content and/or for operating a > Freenet server. Which is why Freenet 0.7's "Secure mode" exists. In this mode only your immediate friends trully know that you are running Freenet. Developers who are aware of such things say that packets themselves are not identifiable as belonging to Freenet. If you are afraid of being targeted just for running the node, i strongly suggest that you *do not* turn promiscuous/insecure mode on, but connect only to people you know in real life. > It is also important to point out that at least in the USA the NSA > avails itself to the use of advanced programs that can carry out > advanced 'dictionary analysis' to permute nearly every possible *snip* This has nothing to do with Freenet, but rather an attempt at criticising the concept of encryption. If you believe that encryption cannot work in theory or in practice, then you will be unable to achieve any sort of private communication on the Internet. > Secondly, there are government installations in the UK (for instance a > new MI6 building on the London enbankment, which has the national > internet traffic channeled through it) which carry out surveillance of > communications including internet communications. This is criticism of "private Internet communication", once again, if you believe that encrypting your communication, and hiding within the crowd doesn't privide you with enough protection, then you will be unable to communicate privately on the Internet. The reason why 0.7's data packets are encrypted and not immediately recognised as Freenet's is exactly for the reasons you've described. Reasons for the "Secure mode" are also the same. I hope i didn't come through as being harsh, but you are criticising government policies and saying that this is the fault of Freenet developers. - Volodya - -- http://freedom.libsyn.com/ Voice of Freedom, Radical Podcast http://eng.anarchopedia.org/ Anarchopedia, A Free Knowledge Portal "None of us are free until all of us are free."~ Mihail Bakunin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHlHwfuWy2EFICg+0RAkXPAKC5rUy5cW1kSbGFo/p9lKkhoFrPdACfWF3R 6mSe3ngLN8Is0LWzBXw347U= =Qjqo -END PGP SIGNATURE-
[freenet-support] [Tech] Some issues and considerations
Hi Stephen, > In the UK, a new law has been brought in which would make > it a crime for a suspect who has encrypted data on his computer to fail > to reveal the password to the police. The police can only issue a disclosure order if they believe "on reasonable grounds... that a key to the protected information is on the possession of" the person in question. I'm not a lawyer but that suggests a defence on the basis that you don't have, and have never had, the key in question. http://www.opsi.gov.uk/acts/acts2000/ukpga_2023_en_8#pt3-pb1-l1g49 > And in the USA, users with encrypted content are > curently protected by a constitutional right to privacy which prevents > police from compelling them to disclose their passwords. But right now > even that right is being put into question with an important test case > taking place (see link below)... The test case relates to users who know a password but refuse to disclose it; it does not relate to users who don't know a decryption key (which would be too long for most people to memorise anyway). > It is also important to point > out that at least in the USA the NSA avails itself to the use of advanced > programs that can carry out advanced 'dictionary analysis' to permute > nearly every possible combination of letters and numbers for a 'brute > force' attack to discover the password for an encrypted file - a process > that can take years. Again, this is not strictly relevant - a password can be cracked using brute force, but a 256-bit encryption key can't. > Secondly, there > are government installations in the UK (for instance a new MI6 building > on the London enbankment, which has the national internet traffic > channeled through it) which carry out surveillance of communications > including internet communications. This surveillance includes not just > keyword profiling but also several other different kinds of intelligent > and statistical analysis of the traffic itself, even where encrypted > files are involved, and an significant intelligence perspective can be > obtained in this way. Yes, traffic analysis is a very important issue. Freenet does its best to frustrate traffic analysis by using a transport protocol with no unencrypted header fields, delaying and coalescing small packets to disguise timing patterns, and padding packets to disguise the size of the payload. Nevertheless I'm sure it's possible to design a rule for a deep packet inspection engine that will identify Freenet traffic. A possible direction for future research would be hiding Freenet traffic inside other application-layer protocols (HTTP, BitTorrent, RTP etc). Cheers, Michael
[freenet-support] Some issues and considerations
To be honest, there should BE NO CONSIDERATION of any worries for you. The freenet share space across everyone's machines is encrypted, can contain nearly anything, randomly chosen by THE NETWORK ITSELF. IF my some strange change you find yourself the target of an investigation, YOU PERSONALLY CANNOT BE POSSIBLY RESPONSIBLE FOR THE NETWORK CONTENTS that are on the network share space. The fellow who finds himself in the investigation mentioned in the news stories apparently is under serious suspicion of CHOOSING TO POSSESS ILLEGAL MATERIAL HE CHOSE TO DOWNLOAD, BUT THEN TRIED TO "HIDE" WITH AN ENCRYPTED VIRTUAL DRIVE THAT HE COULD ACCESS. That being said, that was like keeping illegal material IN A STORAGE SPACE WITH AN ENCRYPTED KEY. Freenet is MORE LIKE A CARRIER SERVICE. One cannot by definition decide that the Internet as a whole is illegal because some occasional person may use it illegally. One might as well decide that they cannot use the Postal Service any longer because someone may send out drugs or something and you do not wish to be a "part of the system" or something. As long as you keep in mind that Freenet is a Carrier Service, and do not choose to do anything illegal then you should be fine. Freenet is as the internet should be. Undiluted chaos without control of content. Let the decider of content be each person's conscience. The evil-doers will be found out anyways. For they will do something else wrong in the Real World, more than likely. --- Stephen Walford wrote: - As someone who represents certain individuals who are looking to the Freenet system as a means of securing private/anonymous communications for their perfectly legal activities, I am starting this conversation in order point out a number of apparent, and interrelating vulnerabilities and shortcomings within the system which can affect them with their own particular usage and that also have implications for the general users/participants. Firstly, as it is already awares, criminals and abusers are liable to use the system for trafficking and/or depositing illegal material, and since each (legal) participant devotes a portion of his hard-drive space for the storage of data then that person may end up with some illegal content on his/her computer. Now, of course, all such data would be encrypted and so would on the face of it provide a safeguard to the user should he/she end up with any illegal material. But things aren't as clear-cut as that, and the situation is affected somewhat differently depending on whether the user is operating in the USA or the UK. In the UK, a new law has been brought in which would make it a crime for a suspect who has encrypted data on his computer to fail to reveal the password to the police. Now in a system like Freenet the encryption key would not be known to any individual user, but without any legal precedent as yet (nothing like Freenet has been in operation before) it would be over-optimistic to assume that just because that user puts his case for not being in possession of the key that he would be immune from charges. And in the USA, users with encrypted content are curently protected by a constitutional right to privacy which prevents police from compelling them to disclose their passwords. But right now even that right is being put into question with an important test case taking place (see link below)... http://www.washingtonpost.com/wp-dyn/content/article/2008/01/15/AR2008011503663.html?hpid=topnews In either case (USA or UK) the question remains if there would be any reason why any individual users would a priori be targeted for investigation simply for having encrypted content and/or for operating a Freenet server. This is a fuzzy area, and unless the police use traffic analysis to pinpoint likely nodes then one can logically see that only new legislation would enable them to target users at random - something that cannot be ruled out for the future. It is also important to point out that at least in the USA the NSA avails itself to the use of advanced programs that can carry out advanced 'dictionary analysis' to permute nearly every possible combination of letters and numbers for a 'brute force' attack to discover the password for an encrypted file - a process that can take years. This is particularly aimed at file-specific passwords as in personally available encryption programs, or at cracking encrypted files as in email attachments. It is not clear as to whether or not ordinary police forces also employ this technology. Secondly, there are government installations in the UK (for instance a new MI6 building on the London enbankment, which has the national internet traffic channeled through it) which carry out surveillance of communications including internet communications. This surveillance includes not just keyword profiling but also several other different kinds of intelligent and statistical analysis of the
[freenet-support] Some issues and considerations
On Monday 21 January 2008 01.12.05 Stephen Walford wrote: > As someone who represents certain individuals who are looking > to the Freenet system as a means of securing private/anonymous > communications for their perfectly legal activities, I am starting this > conversation in order point out a number of apparent, and interrelating > vulnerabilities and shortcomings within the system which can affect them > with their own particular usage and that also have implications for the > general users/participants. snip begins . . snip ends *** Please do not use html format in mailing lists, thanks :-) Can be switced off in mail programs settings. *** I googled a little on the subject and found below link: http://www.urban75.org/legal/rights.html http://en.wikipedia.org/wiki/Legal_rights My conclusion about secret words etc was: Be CONSTANTLY "Deaf and dumb" - Do Not Talk ? ***
[freenet-support] Some issues and considerations
An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/support/attachments/20080121/590112ce/attachment.html>
Re: [freenet-support] Some issues and considerations
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I googled a little on the subject and found below link: http://www.urban75.org/legal/rights.html http://en.wikipedia.org/wiki/Legal_rights My conclusion about secret words etc was: Be CONSTANTLY Deaf and dumb - Do Not Talk ? Other good links UK: http://www.uhc-collective.org.uk/webpages/toolbox/legal/no_comment_guide_2_arrest.htm USA: http://dc.indymedia.org/newswire/display/41204 - -- http://freedom.libsyn.com/ Voice of Freedom, Radical Podcast http://eng.anarchopedia.org/ Anarchopedia, A Free Knowledge Portal None of us are free until all of us are free.~ Mihail Bakunin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHlH1xuWy2EFICg+0RAsaLAJ9tbLEBA3VmBXCw2R3kH2hPUdNFagCdFSM6 IpD7+N1Z69aPGu3oFAYPOmw= =gGhP -END PGP SIGNATURE- ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]