Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
On Tue, 14 Sep 2010 23:58:38 -0400, Uriel Carrasquilla wrote: To move in DarkNet you actually have to go and talk to a person... something like Hi, do you mind introducing me to some of your friends? which may work only sometimes. It seems that we are pushing technology to the point that a breakdown to remain anonymous could be our human condition more than a technical one. The human link has probably always been the weakest link in the chain. But we have been wrong before in regards to technology. So can we say that the anonymity problem in P2P networks is solved? No, no we can't. As we've discussed, OpenNet is a tradeoff of anonymity for useability (no need to laboriously find/add friends.) DarkNet too has similar tradeoffs, to reduce latency and cpu usage. You can always layer your own measures on top of this, though, to improve things. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
But we have been wrong before in regards to technology. So can we say that the anonymity problem in P2P networks is solved? No, no we can't. As we've discussed, OpenNet is a tradeoff of anonymity for useability (no need to laboriously find/add friends.) DarkNet too has similar tradeoffs, to reduce latency and cpu usage. You can always layer your own measures on top of this, though, to improve things. I take this to mean encrypting your own stuff before sending it with your own keys and making sure only friends you can trust are added to your list in your Darknet. Thank you. ___ ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
they can also in theory replace all of your peers, and thus know what keys you are downloading/uploading. Isn't the content also encrypted? What good are the keys for to lead back to the originating node? Given that this would take quite a bit of effort and time, is there the possibility of putting in the network some decoy nodes (honey-pots) that could lead to the violators? Sure, if you don't mind having your node seized :b. But that would be the idea, lead to a node with no value. There would be nothing in this node (neither one of the two caches used by freenet). -- you actually (hopefully) know and trust each of your peers, unlike opennet strangers. May be I have watched too many 007 movies, but what if one of your trusted peers is actually a double agent? ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
On Tue, 14 Sep 2010 14:00:14 -0400, Uriel Carrasquilla wrote: they can also in theory replace all of your peers, and thus know what keys you are downloading/uploading. Isn't the content also encrypted? What good are the keys for to lead back to the originating node? The main idea is that one can't be sure whether a node is directly requesting a key, or merely relaying another node's request. But if all your peers belong to a malicious attacker, you lose this plausible deniability. (Data is encrypted, but it isn't too hard to map encrypted keys to their actual content.) Given that this would take quite a bit of effort and time, is there the possibility of putting in the network some decoy nodes (honey-pots) that could lead to the violators? Sure, if you don't mind having your node seized :b. But that would be the idea, lead to a node with no value. There would be nothing in this node (neither one of the two caches used by freenet). I don't understand how you think this would work. Moreover, ideally, every node should be an equally tempting honey pot -- that is the beauty of a distributed datastore. -- you actually (hopefully) know and trust each of your peers, unlike opennet strangers. May be I have watched too many 007 movies, but what if one of your trusted peers is actually a double agent? That's a good question. Maybe someone more knowlegeable can help flesh out the details, but I recall reading a while back that it's possible for peers to know what is in each other's datastores/caches? (Via a timing attack... faster retrievals imply something exists?) Although one still has plausible deniability so long as you have at least one non-compromised peer, so I'm not sure how meaningful this would be. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
-- you actually (hopefully) know and trust each of your peers, unlike opennet strangers. May be I have watched too many 007 movies, but what if one of your trusted peers is actually a double agent? That's a good question. Maybe someone more knowlegeable can help flesh out the details, but I recall reading a while back that it's possible for peers to know what is in each other's datastores/caches? (Via a timing attack... faster retrievals imply something exists?) Although one still has plausible deniability so long as you have at least one non-compromised peer, so I'm not sure how meaningful this would be. Also it's *significantly* more expensive to infiltrate a social network with a double agent so that everybody has one than to run one node which slowly moves towards a target in OpenNet. To move in DarkNet you actually have to go and talk to a person... something like Hi, do you mind introducing me to some of your friends? which may work only sometimes. - Volodya -- http://freedom.libsyn.com/ Echo of Freedom, Radical Podcast None of us are free until all of us are free.~ Mihail Bakunin ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
To move in DarkNet you actually have to go and talk to a person... something like Hi, do you mind introducing me to some of your friends? which may work only sometimes. It seems that we are pushing technology to the point that a breakdown to remain anonymous could be our human condition more than a technical one. But we have been wrong before in regards to technology. So can we say that the anonymity problem in P2P networks is solved? ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
Yes, effectively. (Opennet behaves a little differently -- your neighbouring peers are constantly being swapped and optimized to approach a small-world topology.) Does this mean that in Darknet mode the peers are not swapped? The main advantage, I believe, is security -- opennet nodes are relatively easy to monitor and traffic-analyze, given a strong opponent like Big Brother, by compromising your (constantly changing) opennet peers. OK, I can see how the constant swapping may give a malicious member the opportunity to build a topology of the network that would lead to IP addresses of nodes owned by real people. Correct? Given that this would take quite a bit of effort and time, is there the possibility of putting in the network some decoy nodes (honey-pots) that could lead to the violators? In darknet, they would have to physically compromise each of your friends. Also, since opennet nodes are ... open ... all opennet node ip addresses can in theory be listed, and blacklisted. To do this in Darknet would require physically traversing the entire network. Is it because of differences in routing algorithms? If I had a P2P with only 3 nodes that I own, then I would not have any exposures. If I have a darknet, is it through some trust that security can be achieved? What makes darknet so much more secure than opennet? Darknet was implemented to fix the rather serious security issue of opennets. Which was? ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
On Mon, 13 Sep 2010 16:51:15 -0400, Uriel Carrasquilla wrote: Does this mean that in Darknet mode the peers are not swapped? Correct. They're fixed. They are your trusted friends. OK, I can see how the constant swapping may give a malicious member the opportunity to build a topology of the network that would lead to IP addresses of nodes owned by real people. Correct? There is that, but they can also in theory replace all of your peers, and thus know what keys you are downloading/uploading. Given that this would take quite a bit of effort and time, is there the possibility of putting in the network some decoy nodes (honey-pots) that could lead to the violators? Sure, if you don't mind having your node seized :b. If I had a P2P with only 3 nodes that I own, then I would not have any exposures. If I have a darknet, is it through some trust that security can be achieved? What makes darknet so much more secure than opennet? Yes -- you actually (hopefully) know and trust each of your peers, unlike opennet strangers. I believe that is the only significant difference. (To infiltrate a/the darknet, physical surveillance / kidnapping / bribing / torture is necessary.) ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
Freenet will route through that node (any request that is not found in the local darknet, and vice versa, outside opennet searches will hopefully penetrate into that dark corner.) If by ignorance or unintentionally a member joins another darknet or opennet then the rest of the members, without their knowledge, would have lost their isolation. I have to believe that this situation would be disappointing to some of the members. But it also makes sense. Freenet is not in the business of enforcing darknets. Like the Internet, it is only interested in forwarding packets. Unlike the Internet, it attempts to protect the identity of the nodes. But we also know that with enough time this feature can be compromised as documented for opennet. The small world concept is only an assumption of the topology of a darknet which should in theory result in better routing than a drunk man's walk. (Since it is assumed that more closely related peers will also tend to have similar interests.) This comment is a big help. The assumption is that people with equal interests by nature form the small worlds. The routing is taking advantage of this insight. However, it is up to you to actually structure it this way. You are perfectly free to screw that assumption up by blindly adding strangers as your darknet peers. (Opennet, at least, is able to evolve over time to a more small-world topology -- not so with static darknets.) Let me see if I understood this correctly. In darknets, members have the added benefit that routing will be more efficient if and only if they really share the same interests (as per your comment above). In opennet, the same situation would evolve over time (steady state). The idea of blindly adding members to a darknet is not what I was thinking (but I follow your logic, it would screw up the assumptions on which routing is based). I am thinking more along the lines of membership interests. I want to be in the yoga darknet group but also in the tennis darknet group. But if I join both, I have now bridged these two groups into a new yoga-tennis group. If I was to carry this operation of members joining other darknet groups, eventually I end up with one single group, what we have today, opennet. What are the advantages of a darknet? I take it faster routing (the number I heard is up to 20 members). It is a predefined same-interest group (as long as no random members are added). I thought version 0.7 was supposed to fix the problem of anonymity for nodes by creating darknets with the understanding that within a darknet anonymity is not necessary since in theory all the members know each other anyway. ___ ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
No, it would not become the opennet as your node is still connected to mostly nodes who share your interest and who also connect mostly to nodes that share your interest. Thus you are still having the routing advantages of small world routing. If you carry that operation to everyone doing what you did then eventually the opennet would be a giant manually tweaked small world net, with just the odd random connection in there. I am thinking more along the lines of membership interests. I want to be in the yoga darknet group but also in the tennis darknet group. But if I join both, I have now bridged these two groups into a new yoga-tennis group. If I was to carry this operation of members joining other darknet groups, eventually I end up with one single group, what we have today, opennet. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
On Sat, 11 Sep 2010 06:58:00 -0400, Uriel Carrasquilla wrote: I am thinking more along the lines of membership interests. I want to be in the yoga darknet group but also in the tennis darknet group. But if I join both, I have now bridged these two groups into a new yoga-tennis group. If I was to carry this operation of members joining other darknet groups, eventually I end up with one single group, what we have today, opennet. Yes, effectively. (Opennet behaves a little differently -- your neighbouring peers are constantly being swapped and optimized to approach a small-world topology.) What are the advantages of a darknet? The main advantage, I believe, is security -- opennet nodes are relatively easy to monitor and traffic-analyze, given a strong opponent like Big Brother, by compromising your (constantly changing) opennet peers. In darknet, they would have to physically compromise each of your friends. Also, since opennet nodes are ... open ... all opennet node ip addresses can in theory be listed, and blacklisted. To do this in Darknet would require physically traversing the entire network. I take it faster routing (the number I heard is up to 20 members). Maybe, although I don't think it's necessarily the number of peers that affects this -- the number of peers you are connected to is a limitation of your bandwidth. It is a predefined same-interest group (as long as no random members are added). Again, I wouldn't think of things in terms of groups. There will be cloudy clusters of common interests, but in general it's a open sea of connections. I thought version 0.7 was supposed to fix the problem of anonymity for nodes by creating darknets with the understanding that within a darknet anonymity is not necessary since in theory all the members know each other anyway. Darknet was implemented to fix the rather serious security issue of opennets. (Opennet in 0.7 was only supposed to be a transitional thing, for newbies and people not too concerned with scary opponents.) ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
[freenet-support] Freenet 0.7.5 build 1276 and my recent absence
Freenet 0.7.5 build 1276 is now available. I actually started to release it a week ago but my internet connection died (external wiring problem just fixed today) and I went on holiday. Anyway, changes include: - Limit the number of announcements accepted by a seednode. Seednodes with limited bandwidth were accepting so many announcements that they would not process any requests, and the announcements were timing out because of lack of bandwidth. - Delete the skip the wizard link. It wasn't working and isn't a good idea anyway. - Translation updates for Russian and German. - Minor fixes. - Make 1275 mandatory. Please upgrade, especially if you run a seednode. Newly bootstrapped nodes seem to work reasonably well - they get bootstrapped very fast - but people are reporting that downloads are slow, inserts are slow, and there still seems to be some backoff (???). Also the network seems to be growing rather rapidly according to the stats graphs. signature.asc Description: This is a digitally signed message part. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
Freenet 0.7.5 build 1276 is now available. Please upgrade, especially if you run a seednode. Terrific, I will upgrade my multiple nodes to this new build. I have a question and I hope I am understanding the concept of seednodes. Does the concept of seednodes apply to Darknets? Specifically, if I had 3 or 4 nodes that I want to include in multiple Darknets, would you call those 3 or 4 nodes seednodes? I run them 24/7 up-time in multiple locations in the US and Canada. I want to create multiple Darknets and control memship into each of them but I need to have some common nodes (seednodes?). I am completely lost, please outline a possible deployment plan. Thank you. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
On Fri, 10 Sep 2010 09:52:27 -0400, Uriel Carrasquilla wrote: Does the concept of seednodes apply to Darknets? No. Seednodes are open/public/known nodes that are used to initially connect to the opennet. Darknet refers to dark/private/probably-unknown friends of yours that you explicitly trust. When you say multiple darknets -- do you mean disconnected from the rest of opennet / separate networks, with only content provided by those nodes? 'Cuz that's not really possible to enforce -- so long as any one of the nodes in that network has opennet enabled, all the nodes will have access to it. Each node in a darknet individually and manually chooses which peers to trust -- so that's how membership is controlled. There is a file (peers-DARKNETPORT) which stores your darknet peer node references, if you want to automate the bootstrapping to the darknet -- which I suppose serves the analagous function as seednodes.fref does for opennet. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
When you say multiple darknets -- do you mean disconnected from the rest of opennet / separate networks, with only content provided by those nodes? When I say multiple darknets I mean completely separate but under an off-band control. For example, I create a darknet for my tennis friends and another for my joga friends. My tennis friends don't know my joga friends. I want to keep it that way. But, I want to be able to do my postings to both groups so I either set up myself twice, one per darknet or once and I connect to everybody on both darknets. I would prefer the once solution for I don't know if that is technically possible or would violate the anonimity of the two groups. 'Cuz that's not really possible to enforce -- so long as any one of the nodes in that network has opennet enabled, all the nodes will have access to it. Each node in a darknet individually and manually chooses which peers to trust -- so that's how membership is controlled. My thinking is that the joga and tennis members will share their keys to establish the trust. The question is my case, can I also share keys with both groups without causing a bridge between both groups? There is a file (peers-DARKNETPORT) which stores your darknet peer node references, if you want to automate the bootstrapping to the darknet -- which I suppose serves the analagous function as seednodes.fref does for opennet. Could this be used when a new member join or leave either my yoga and tennis group? What I mean, have the complete member reference in a file that I could off-band send to the members to update. Thank you so much for getting back to me. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
On Fri, 10 Sep 2010 16:35:50 -0400, Uriel Carrasquilla wrote: When I say multiple darknets I mean completely separate but under an off-band control. Not possible. Unless you can force your people not to enable opennet, or not to add other darknet peers who have access to the opennet (or access to your other darknet). Which you can't. Why don't you just use the vast existing network, and build your separate communities inside it? (Frost, a Java messaging system for freenet, supports private message boards -- which can be used to build a segregated community. Or you can do it yourself with simple PGP ... just have a common shared key to encrypt the private messages, and use Freemail or FMS or Frost or your own custom freesite/SSK solution.) ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
When I say multiple darknets I mean completely separate but under an off-band control. Not possible. Unless you can force your people not to enable opennet, or not to add other darknet peers who have access to the opennet (or access to your other darknet). Which you can't. Let's make something clear: No one is forcing anybody. From your comments, am I correct in concluding that I can have two separate darknets but I cannot have one member joining both darknets from the same computer? Am I also correct in understanding that once a member in a darknet joins opennet then the rest of the members become opennet members? I may have the wrong impression but isn't the idea of small worlds a concept where one of the small worlds may not want to relate to the rest of the (opennet) world? ___ ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Freenet 0.7.5 build 1276 and my recent absence
On Fri, 10 Sep 2010 23:04:11 -0400, Uriel Carrasquilla wrote: Am I [...] correct in understanding that once a member in a darknet joins opennet then the rest of the members become opennet members? Correct. Freenet will route through that node (any request that is not found in the local darknet, and vice versa, outside opennet searches will hopefully penetrate into that dark corner.) That is it's main mission -- to retrieve keys. I may have the wrong impression but isn't the idea of small worlds a concept where one of the small worlds may not want to relate to the rest of the (opennet) world? Incorrect. The small world concept is only an assumption of the topology of a darknet which should in theory result in better routing than a drunk man's walk. (Since it is assumed that more closely related peers will also tend to have similar interests.) However, it is up to you to actually structure it this way. You are perfectly free to screw that assumption up by blindly adding strangers as your darknet peers. (Opennet, at least, is able to evolve over time to a more small-world topology -- not so with static darknets.) ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
