On Saturday 19 Feb 2011 19:24:30 Edzard Pasma wrote: > > Op 19-feb-2011, om 18:21 heeft folkert het volgende geschreven: > > >>> Ok, that was not your point :-) Ok currently maybe not too many > >>> nodes > >>> in the net but maybe this changes when governments restrict > >>> access to > >>> what you can browse. Here in Europe governments already start > >>> talking > >>> about installing filters. > >> > >> This is why you /don't/ want any kind of broadcasting, or any other > >> kind of leak of identifiable traffic. Just encrypted non-identifiable > >> "noise". > > > > Then we definately need a solution around the seed nodes. I mean > > traffic > > going to them is a big fat warning that someone is doing freenet :-) > > > > Folkert van Heusden > > > The seednodes might then once be blocked by authorities in their > struggle against the evil. The solution seems to have as many > potential seednodes as their are users. Thus one automatically > becomes one after a while. The other way around, any foreigner is > then a potential seednode. Adddresses can dynamically be collected to > be used at a next start.
Automatically harvesting seednodes is a possibility. The problems with it are: 1. Many nodes have low uptime. This can be detected. 2. Many nodes have poor connectivity (NATed without port forwarding). This can be detected but is some additional work to be automated and reliable. 3. They could block *ALL* the seednodes. If we do what Tor did and have a server that sends you a small number of seeds out of the global collection, they can still harvest them using lots of gmail addresses, IP addresses etc. This is what the Chinese did with Tor. Note that a gmail address is just a CAPTCHA, and these can be solved in bulk cheaply. 3. Opennet is inherently harvestable: Even if we distribute the seednodes and take all other precautions, it is feasible to find all nodes in order to block them. 4. Opennet is grossly insecure. It may be possible to improve this a bit against an attacker who is not able to connect to all nodes, surround groups of nodes gradually and so on, but IMHO really good security on opennet is very unlikely. Viva darknet!
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
