> On Sun, 11 Dec 2011 01:04:09 -0500, Chris wrote: >> [...] >> I would put money on them taking advantage of zero day exploits >> and/or the courts to force the Tor project, the Freenet project, the >> i2p project, or any other similar project to modify the code and >> insert a back door. Germany did this many years ago with one project >> and successfully identified a user. It was none of the above projects >> although the ability to force upon developers code changes that go >> out to all users has occurred. They were targeting one individual too >> that appeared to be a fairly low-value target. The only thing that >> might stop this from happening to other projects is where the >> developers are operating in one country and the government attempting >> to force the change is in another. > > Another thing that might stop this from happening is open source > software, and at least a bunch of coders reviewing and signing any code > before it gets released. (I'm actually not sure how many coders have to > currently sign -- surely it's not just Toad?)
It mitigates it to a degree although the concern still exists. For a few reasons. The party who distributes the binary is going to be ordered not to reveal the modifications. The main page/download page isn't going to warn users and that is likely the only information they are going to see before updating. It becomes newsworthy information though so there is a slight chance a user who keeps up on this stuff would notice prior to installation. The court could order the source code not be released for the new binary too. At least not the code that matches the new binary. Then users would need to actually notice the binary differs from the source code and disassemble it to find the bug. How many users actually compile it themselves? How many examine the diffs? > > Do you have a link or more info on that German case? Was it open-source > software? Did the developer willingly co-operate, or did they use some > kind of backwards legal mechanism to force him? I wonder how much I can > buy Toad for..... Everyone has a price ;-). > JAP. Here is some more info on it: http://smokeys.wordpress.com/tag/java-anonymous-proxy/ This may be the most serious breach I have ever heard of with any software and could potentially threaten other projects. The danger was detected right away as the softwares source code was available. Many users updated and were compromised before they became aware of this though. In this instance they were targeting a particular individual although compromised every user of the service. The individual they caught may not have been the same person they were targeting. This is a risk with mass surveillance/search/DNA... > >> > The whole point of opennet is to be able to connect to anybody you >> > want :P. And if your ISP is compromised, this becomes even more >> > trivial -- they can block all but their own seednodes, so you're >> > forced to only connect to their bugged nodes as peers. >> >> This should become apparent to the user > > How would you propose to differentiate between a bugged node and a > normal node? This is why you have authentication and checks against any inability to connect to nodes. You are looking at the issue wrong. It doesn't matter which nodes are bugged. If a user can't connect to higher than normal percentage of nodes it should send up a red flag for one. You can keep track of nodes as well and check out which nodes are new and which have been added over time. The number of new nodes coming online shouldn't exceed a certain threshold. If there are 5,000 and on average the number of nodes increase by 2 a week then 100 new nodes coming online should send up a red flag. I don't know what the actual numbers are or the range. Maybe some weeks do see 100 nodes and others only 2. There is probably a number though that could increase the time it takes to pull off such an attack. I realize you do not have thousands of peers with freenet. This is just an example of how the difficulty of an attack may be reduced with some designs. > >> and if is not made apparent that is a problem with freenet (or >> whichever project you would be suggesting). > > Yes it is. And that's why it's in the FAQ :p. You should take a bit > more time, and read it more carefully: > > "Combined with harvesting and adaptive search attacks, [the > bootstrapping attack] explains why opennet is regarded by many > core developers as hopelessly insecure. If you want good security you > need to connect only to friends." > I don't think you understand how it works that well. I suspect if some of your friends are compromised you won't be. I'm not reading this bootstrap attack as you understand it. I don't doubt that some developers think opennet mode is hopelessly insecure. > >> > [...] >> > In darknet, you *explicitly* specify who to connect to (hopefully a >> > trusted friend), and you don't connect to anybody else. So, to >> > infiltrate this setup, the bad guys would have to physically >> > compromise your friends' nodes, one by one. To infiltrate opennet, >> > they just have to type on a keyboard in the comfort of their homes. >> >> If you could trust your friends there wouldn't be any need for >> freenet. The problem is you can't trust anybody. > > If you can't trust anybody, then what do you hope to achieve? Who do > you hope to communicate with -- if everyone is your enemy? The issue isn't that you can't trust some people. The issue is you can't be sure who is your friend or which of your friends might be compromised. Adversaries potentially have lots of time to work themselves into your friends group. You would be best to look at how various governments (think Cuba infiltrating US government), gangs, and similar have been infiltrated. They hang with the group and spend significantly more time contributing. Eventually they become leaders and are near the top. In these cases it usually only takes one friend to take out an entire group. If it takes just one infiltrator you are screwed. If it takes many infiltrations there is significantly less risk. Of course you have to watch out for other related factors with a web based communications systems as an adversary can impersonate multiple people or in some instances simply purchase multiples (setup multiple nodes). I think the best way to organize a revolt or guerrilla war fare in todays world would probably be to anonymously organize multiple small groups. You may be able to identify some. Chances are you won't be able to identify all. Each group could be coordinated in an attack without any one group knowing the full plan or the individuals of another group they are working with. If a few small groups are taken out your root remains secure as no one small group knows the others. Nor does any small group know who the leader is. Without the adversary being able to easily identify the leadership or groups easily it should make it difficult to disrupt. _______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe