On Wednesday 29 Jun 2011 14:46:06 Anonymous wrote: > This is sent anonymously, sorry if this message appears more than once. > The remailer network is not very reliable. > > I see Matthew Toseland propagating darknet, connection to 'friends' > only, in favour of opennet. > Now since there is no way around the fact that 'friends' must know your > IP and it being very easy for them to monitor all you do on Freenet, I > think using darknet is by definition making yourself much more > vulnerable than opennet, no matter how much more attacks may be > possible to the strangers network. Also no matter the visibility of me > having a Freenet node up. > > Because it takes just one infiltrant who just has to sit back and > follow all connections to know exactly who to pick out. > > As an internet pedophile, I know that there is no worse security than > breaking the rule: trust no one. > I can't possibly seek out 'trusted friends' in real life, that's > hopefully obvious. > But it stretches to say, Chinese dissidents who may find it easier to > have real life trustees. Also their darknet can be compromized by > government and how many can one infiltrator then catch at once?
On balance I suppose it's best that I answer this, because of the other people reading (especially via archives and Google). Legally we can't be seen to be providing technical support to pirates, I don't think there is any such issue with paedophilia. However, I strongly urge you to refrain from abusing children or paying for said abuse. Exchanging second-hand (or nth-hand) pictures of such abuse is a far lesser issue, though it is unfortunate that Freenet gets used for such things (and it's still illegal, as I'm sure you are aware!). Basically, you are vulnerable to your peers (those other freenet nodes your node connects to). They know your IP address - they have to to connect to you. They can identify you. As you rightly point out, your peers can also, with a fair bit of work, and on various plausible assumptions, identify much of what you are doing on Freenet. There are two consequences for opennet: 1. An attacker could connect to every node on the network, and thus identify everything going on. Such an attack would be only moderately expensive, since the network is small. The main costs would be bandwidth and hardware, and a little software development. 2. If you are inserting files whose contents are predictable in advance, and are inserting them as CHKs, or reinserting them, or you are regularly chatting on some board or otherwise making many requests which are easily identified, a far cheaper attack is possible, which involves the attacker intercepting a few requests randomly (depending on how many requests you are sending, i.e. how big the file is etc), and then using them to get a rough fix on your location (keyspace-wise), which he then uses to get connections closer to his guesstimate of where you are. Then he will see more of the request stream, and can thus close in increasingly quickly. This is technically feasible on darknet, but the different is, on opennet you can quickly get connections at a specific keyspace location (via announcement), and on darknet, getting connections is (relatively) expensive as you have to either compromise somebody's computer, social engineer them, kidnap them, etc, for each hop. Hence it is not a matter of hiding in the crowd on opennet, on the basis that your peers probably aren't the bad guy because there are only a few bad guys, because first, the attacker can connect to everyone relatively cheaply, and second, he can move around. I reasonably expect that future versions of Freenet will make the second attack harder than it is now. However, the first isn't going away any time soon. The electronic attacks mentioned above are far cheaper than any scheme to try to get people who run Freenet to spy on their friends. You can only spy on your direct friends (well, it gets less accurate the more hops away the target, but this also makes opennet surveillance much cheaper). Putting 10% of the population on the payroll (as in East Germany) is always a rather expensive way to gather intelligence! The hope is that there will be a large enough global darknet that those who have a particular need for it (for instance those who publish subversive political blogs) will be able to connect to their friends (who the authorities already know about from e.g. phone records), who don't. To answer your X files'ism, even if the second attack is resolved, running opennet is equivalent to "trust anyone powerful enough to connect to all peers" (and they probably don't even need to do that in practice). Trusting your friends is preferable to trusting anyone and everyone. You could reasonably come back here and say that Tor doesn't require me to have any friends, and gives me better security, and so on. The short answer is, Tor can be blocked (the Chinese have managed to block even its hidden bridges). National blocking infrastructure is coming, even in the West. There are several other issues with Tor, for instance hidden sites are generally slow and unreliable (even more so than freenet in my experience!), traffic analysis may be easier, and there are probably still route selection attacks etc, but none of that is really relevant. Anything that can be blocked, and is used by more than a few Chinese dissidents, will be blocked. For instance, the Freenet website and the Freenet 0.5 protocol are blocked. Also, Tor does something different to Freenet anyway: Freenet distributes content, Tor anonymizes readers (and sometimes, badly, servers). More information is available here: http://freenetproject.org/faq.html#attack
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
