On Sun, 11 Dec 2011 01:04:09 -0500, Chris wrote: > [...] > I would put money on them taking advantage of zero day exploits > and/or the courts to force the Tor project, the Freenet project, the > i2p project, or any other similar project to modify the code and > insert a back door. Germany did this many years ago with one project > and successfully identified a user. It was none of the above projects > although the ability to force upon developers code changes that go > out to all users has occurred. They were targeting one individual too > that appeared to be a fairly low-value target. The only thing that > might stop this from happening to other projects is where the > developers are operating in one country and the government attempting > to force the change is in another.
Another thing that might stop this from happening is open source software, and at least a bunch of coders reviewing and signing any code before it gets released. (I'm actually not sure how many coders have to currently sign -- surely it's not just Toad?) Do you have a link or more info on that German case? Was it open-source software? Did the developer willingly co-operate, or did they use some kind of backwards legal mechanism to force him? I wonder how much I can buy Toad for..... Everyone has a price ;-). > > The whole point of opennet is to be able to connect to anybody you > > want :P. And if your ISP is compromised, this becomes even more > > trivial -- they can block all but their own seednodes, so you're > > forced to only connect to their bugged nodes as peers. > > This should become apparent to the user How would you propose to differentiate between a bugged node and a normal node? > and if is not made apparent that is a problem with freenet (or > whichever project you would be suggesting). Yes it is. And that's why it's in the FAQ :p. You should take a bit more time, and read it more carefully: "Combined with harvesting and adaptive search attacks, [the bootstrapping attack] explains why opennet is regarded by many core developers as hopelessly insecure. If you want good security you need to connect only to friends." > > [...] > > In darknet, you *explicitly* specify who to connect to (hopefully a > > trusted friend), and you don't connect to anybody else. So, to > > infiltrate this setup, the bad guys would have to physically > > compromise your friends' nodes, one by one. To infiltrate opennet, > > they just have to type on a keyboard in the comfort of their homes. > > If you could trust your friends there wouldn't be any need for > freenet. The problem is you can't trust anybody. If you can't trust anybody, then what do you hope to achieve? Who do you hope to communicate with -- if everyone is your enemy? _______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
