On Thu, Jul 28, 2011 at 11:06 AM, Ray Jones <crawlz...@gmail.com> wrote: > On 07/26/2011 06:15 AM, Matthew Toseland wrote >> The electronic attacks mentioned above are far cheaper than any scheme to >> try to get people who run Freenet to spy on their friends. You can only spy >> on your direct friends (well, it gets less accurate the more hops away the >> target, but this also makes opennet surveillance much cheaper). Putting 10% >> of the population on the payroll (as in East Germany) is always a rather >> expensive way to gather intelligence! >> >> The hope is that there will be a large enough global darknet that those who >> have a particular need for it (for instance those who publish subversive >> political blogs) will be able to connect to their friends (who the >> authorities already know about from e.g. phone records), who don't. > > I guess I'm either not understanding darknet, or I'm not understanding > the underlying reason(s) for Freenet as a whole. > > I was under the impression that darknet leaves you wide open to your > friends, so choose your friends carefully.
Darknet leaves you basically exactly as open to your peers as Opennet does. With Darknet, you choose your peers. With Opennet, your peers choose you (or at least, they can, and will if they're attackers that you're worried about). So, on Darknet, you should choose your peers carefully enough to be somewhat confident they aren't actively out to get you, and you'll be doing better than Opennet. If you want, you can be more paranoid about peer selection than that. In which case, Opennet *definitely* isn't for you. To summarize: Lowest security, easiest to set up: run opennet. Marginal improvement: run a hybrid Opennet/Darknet node. Mostly this should be treated as a transition point to full Darknet, or a way to help out your Darknet-only friends. Better security, somewhat harder to set up: run Darknet, and connect to anyone you personally know and don't believe to be cooperating with the Bad Guys. Still better security, even harder to set up: Be more picky about your Darknet peers. Best security: Immolate your computer on a pyre of thermite, and go live in a cave somewhere. Or simply stop doing whatever it is you're worried about getting caught at. Seriously, there is no perfect security; it's just a question of what's good enough, and what your threat model is. > Opennet still left you open > to those who connect with you, but you might have some level of > anonymity when communicating. I also believe I read in one of your posts > here a while back that while Freenet packets are encrypted and can't be > audited for content from outside the Freenet network, it's still fairly > easy to spot Freenet node activity even without knowing the specifics of > what's moving in and out of that node. Depends on your standards of "fairly easy". It requires some amount of traffic analysis, which means significantly more CPU investment. This may be enough to stop snooping ISPs, but won't stop an adversary with a specific target in mind. > > Now in most democratic countries, the government has to jump through > certain legal hoops in order to seize one's equipment, arrest a person, > etc. But if Freenet is built with the goal of allowing dissidents to > communicate below the radar of a totalitarian government, by your > description it seems doomed to failure. I'd call it a work in progress, best suited to countering threats less severe than a dedicated state actor with police-state level powers. And against that threat model, I have no clue what the answer is. > > If a government-controlled ISP can use traffic analysis to spot Freenet > traffic, and if they don't have legal hoops to jump through, can't that > government then easily place one darknet person under house arrest and > keep the darknet node running? Doesn't that give them the packet > contents as well as the packet originator? Certainly. Which is far, far harder than chasing down a target on Opennet -- that doesn't even require warrants, let alone things like house arrest. Like I said, protecting against police-state level adversaries is hard. > > And how would one securely connect to someone in darknet mode unless you > know the operator of that node personally? If that person turned out to > be a spy, doesn't connecting to him in darknet mode leave you with no > anonymity whatsoever? That's precisely the idea behind Darknet. You should know your peers personally. Whether from the Internet, or Real Life. You should know them from somewhere *other* than a board dedicated to finding Darknet peers. Someone you know from conversations on Freenet might work. Choosing people at random will do bad things to the network; choosing people you have a social connection to (regardless of where that connection comes from) should provide the required network properties. Really, it depends on trust levels. If you just want better security than Opennet, all you have to do is make your adversary put some human effort into setting up each connection. Make them convince you they're a real live person who isn't a Bad Guy, and you've probably made yourself a difficult enough target that they'll go after someone easier. Evan Daniel _______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
