Re: [freenet-support] Building a new censorship circumvention tool: what do we need to know?

2017-02-21 Thread Ivan Vilata-i-Balaguer
Arne Babenhauserheide (2017-02-20 22:12:59 +0100) wrote:

> Hi Ivan, Dear eQualit.ie Hackers,
> 
> Aside from the web-apps part, Freenet can already provide everything
> you asked for.

Hi Arne, thanks for the insights and the links.  Please note that the
current CENO project is actually using Freenet as a signalling and
storage backend!`:)`

> Ivan Vilata-i-Balaguer <i...@equalit.ie> writes:
> >   1. Content is available under censorship conditions, ideally even
> >  after connection to the Internet has been completely cut for a
> >  whole region.
> 
> If you still have IP-based connections to people inside the region, this
> is the case, if you run a specialized darknet within that region (so
> content only gets replicated within the regional net).
> 
> There are already tools to make automatic Freenet connections. Talk to
> Michael Grube (thesnark).
> 
> For auto-spawning Freenet nodes when an application is started, see
> https://github.com/ArneBab/lib-pyFreenet-staging/blob/py3/freenet3/spawn.py
> 
> For communication with sub-5-minute latency from external programs, see
> https://github.com/ArneBab/lib-pyFreenet-staging/blob/py3/babcom.py
> 
> (I submitted a project plan for improving this to NLnet which shows what
>  would have to be done for an uncensorable and attack resistant
>  news-network. It got into the short-list but wasn’t selected for
>  funding: http://www.draketo.de/english/freenet/news-of-the-day )

That looks like a very interesting system!  CENO already includes some
RSS feeds from selected sites, I'm not sure how this would aling with
the particular requirement (we were focusing more in web sites), but
it's without doubt an innovative approach.  Thanks for sharing it!

> >   2. Censored content is made available within a reasonable time.
> 
> Just ask someone to run
> 
> copyweb -d  ; freesitemgr add 
> 
> Or integrate that functionality into a program. You might want to use
> beautifulsoup to clean up the code for the Freenet content filter, i.e.:
> http://127.0.0.1:/freenet:USK@0iU87PXyodL2nm6kCpmYntsteViIbMwlJE~wlqIVvZ0,nenxGvjXDElX5RIZxMvwSnOtRzUKJYjoXEDgkhY6Ljw,AQACAAE/freenetproject-mirror/491/update.sh?type=text/plain

CENO currently uses [bundler](https://github.com/equalitie/bundler),
which does a similar task.  Thanks for the hints!

> >   3. Access to censored dynamic content (i.e. web apps) is possible.
> 
> That’s a hard one. You’d need to remodel the web apps to use Freenet as
> backend instead of the clearnet.
> 
> I do not think that it is possible at all to provide anything which uses
> Javascript and at the same time preserve the anonymity of your users.

Yeah, that's a hard one, that's why we may probably end up combining
several tools.

> >   4. The system benefits from the user's participation, and is resistant
> >  to participants dropping off and to rogue nodes in the hands of the
> >  censor.
> 
> Resilient yes, for absolute resistance, you need to replicate
> everything, which limits the amount of data you can provide.
> 
> >   5. Users of the system are anonymous to someone observing their
> >  traffic, even if that someone is a participant in the system.
> 
> Jepp. A weak yes for automatic connections, a strong yes, if they
> connect to people they know.
> 
> >   6. Users' devices don't reveal the content that they or other users
> >  have accessed.
> 
> Jepp (as long as you use a separate browser in incognito mode).
> 
> >   7. The system is amenable to privacy-preserving analytics to check its
> >  impact.
> 
> Jepp.
> 
> i.e. http://asksteved.com/stats/2 — though it’s currently in sleep mode,
> there’s a new site for that in Freenet: 
> http://127.0.0.1:/USK@2zwBwyJeZnkbqH0N7WZXp6BQqR1Ys85rkthOFvfXOts,HIouq2elJyNt9VIsFfYbYmtvinOEeeY3LAAKVUqiSXo,AQACAAE/YAFS/175/

Wow, these a very useful links, thanks!

> […] PS: I’m only a few more hours away from being able to do proper
> Freenet releases, so we can finally deploy improvements to the
> freenet core again.

Cool, good luck with that, and thanks again for the very informative
reply!

-- 
Ivan Vilata i Balaguer
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] Building a new censorship circumvention tool: what do we need to know?

2017-02-21 Thread Ivan Vilata-i-Balaguer
Hi, thanks for your advice!  Maybe I should have mentioned that the
current version of the project does use Freenet for signalling and
storage, so we already enjoy these features from Freenet.  The harder
part will surely be dynamic or user-dependent content, along maybe
privacy-preserving statistics, so we may en up combining several tools.

Regarding content availability, we were more focused in replicated
content (as with Freenet), but we got a couple suggestions regarding
mesh networking.  That's a more ambitious solution, but we may give some
thought to it.

Thank you!

Freenet (2017-02-21 07:46:00 +) wrote:

> Ivan Vilata-i-Balaguer:
> > 
> >   1. Content is available under censorship conditions, ideally even
> >  after connection to the Internet has been completely cut for a
> >  whole region.
> 
> Try http://project-byzantium.org/ for inspiration. Maybe also
> https://github.com/cjdelisle/cjdns. Freenet can use ShoeShop to move
> fblobs via sneakernet.
> 
> >   2. Censored content is made available within a reasonable time.
> 
> FLIP (Freenet's IRC) has RTT of about 45 seconds.
> 
> >   3. Access to censored dynamic content (i.e. web apps) is possible.
> 
> Userscripts can give JavaScript, but any Turing complete code will be an
> issue to secure.
> 
> >   4. The system benefits from the user's participation, and is resistant
> >  to participants dropping off and to rogue nodes in the hands of the
> >  censor.
> 
> Freenet does this.
> 
> >   5. Users of the system are anonymous to someone observing their
> >  traffic, even if that someone is a participant in the system.
> 
> Freenet mostly does this. Darknet protects against currently known attacks.
> 
> >   6. Users' devices don't reveal the content that they or other users
> >  have accessed.
> 
> Set up something like https://tails.boum.org/
> 
> >   7. The system is amenable to privacy-preserving analytics to check its
> >  impact.
> 
> There are a couple projects that monitor the state of Freenet.

-- 
Ivan Vilata i Balaguer
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] Building a new censorship circumvention tool: what do we need to know?

2017-02-21 Thread Ivan Vilata-i-Balaguer
Robert John Morton (2017-02-20 08:19:36 -0300) wrote:

> Dear CENO team:
> 
> An extremely worth-while and timely project. I wish you well.
> 
> I think that the deliberate exclusion of sites from popular search engine
> listings is one of the worst forms of censorship on the Web. Perhaps the
> only way to combat this is to create a search engine that has no commercial
> or political motives behind it: an "open source" search engine if you like.
> But it would have to be made popular and that's the difficult part.
> 
> More determined censoring, I suppose, is where a particular government
> blocks content at specific IP addresses from entering its jurisdiction. I
> imagine that a set of obscured relays could manage this by making censored
> content available via unblocked addresses. This could, however, end up as a
> cat and mouse chase in which the content consumer would have to be able to
> hop quickly to ever-changing unblocked IP addresses.
> 
> Many difficult problems but well worth overcoming.

Thanks for your reply, Robert.  The search engine issue is one aspect I
hadn't reflected upon, and it may indeed have very broad consequences
given the way the web is used nowadays.

Thanks again for your comments!

-- 
Ivan Vilata i Balaguer
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Re: [freenet-support] Building a new censorship circumvention tool: what do we need to know?

2017-02-22 Thread Ivan Vilata-i-Balaguer
Arne Babenhauserheide (2017-02-21 18:44:48 +0100) wrote:

> Do I remember correctly that the bundler replicates the site as is —
> with all its dangers to privacy? (Freenet provides heavy whitelist
> filtering to protect its users from uploaded content).

Sorry, but I do not know the software that much, but thanks for the
heads up, it'll be useful if we decide to work more on bundler.

> >> >   3. Access to censored dynamic content (i.e. web apps) is
> >> >   possible.
> >> 
> >> That’s a hard one. You’d need to remodel the web apps to use
> >> Freenet as backend instead of the clearnet.
> >> 
> >> I do not think that it is possible at all to provide anything which
> >> uses Javascript and at the same time preserve the anonymity of your
> >> users.
> >
> > Yeah, that's a hard one, that's why we may probably end up combining
> > several tools.
> 
> You could even go as far as simply re-developing popular tools on top
> of Freenet as locally running tools. That might turn out to be easier
> than trying to secure javascript.

Yes probably, but we have limited resources and code reuse may save much
effort.  For some particular components providing a "more native"
solution may still be feasible, and the projects you're working (and
mainly babcom) on may be of special interest there.`:)`

Thanks again for your advice!

-- 
Ivan Vilata i Balaguer
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

[freenet-support] Building a new censorship circumvention tool: what do we need to know?

2017-02-20 Thread Ivan Vilata-i-Balaguer
Dear Freenet team,

At eQualit.ie we're beginning a project to develop a new Free/Open
Source censorship circumvention system based around the idea of our
original [CeNo project](https://github.com/equalitie/ceno), a system
which uses the Freenet P2P platform to retrieve web content and make it
safely available under censorship conditions.  We're keen to evaluate
existing options, projects, technologies and approaches so we're
conducting something of a literature review.

With this purpose, we're reaching out to people involved in similar or
related projects.  We'd love to hear what you think is the current state
of the art in this area, and particularly about technologies you'd
describe as trustworthy, reliable and established.  In particular, we're
looking for tools that have one or more of the following properties:

  1. Content is available under censorship conditions, ideally even
 after connection to the Internet has been completely cut for a
 whole region.
  2. Censored content is made available within a reasonable time.
  3. Access to censored dynamic content (i.e. web apps) is possible.
  4. The system benefits from the user's participation, and is resistant
 to participants dropping off and to rogue nodes in the hands of the
 censor.
  5. Users of the system are anonymous to someone observing their
 traffic, even if that someone is a participant in the system.
  6. Users' devices don't reveal the content that they or other users
 have accessed.
  7. The system is amenable to privacy-preserving analytics to check its
 impact.

We know that we'll probably need a combination of several tools to
achieve these properties, so we're not looking for a silver bullet but
rather some advice and suggestions from you that may help us move in the
right direction.  We will be dedicating at least 2 years solid
development to a chosen infrastructure design and hope to contribute to
existing models, as part of our (likely hybrid) appraoch to the
eventuating infrastructure.

By the way, part of the team will be at the upcoming
[Internet Freedom Festival](https://internetfreedomfestival.org/) in
Valencia (6-10 March).  If you plan to be there we'd love to chat with
you face to face.`:)`

Thank you very much for your help!

CENO team <https://lists.equalit.ie/mailman/listinfo/ceno>

-- 
Ivan Vilata i Balaguer
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe