On 10/16/2012 08:24 AM, Evan Grand wrote: > I'm concerned that the ultimate usefulness of Freenet for truly protecting > anonymity may be illusory. That is to say, I think it is mighty suspicious > that upgrades to the latest version of Freenet's client software are forced. > That is, the links (keys) now absolutely do not work if you try to use an > older version.
Are you referring to CHK/SSK/USK keys, or something else? To my knowledge, the existing data keys within Freenet 0.7 have only been reset twice: once for a datastore reset to switch to fixed-size data blocks, and once in response to a published weakness in a cryptographic algorithm in use at the time. All other instances of Freenet keys ceasing to function have been due to unused data naturally falling out of the network over time, as it is designed to. If, instead, you were referring to download links for old Freenet builds, I would suppose that the hosting servers have finite space. You can reconstruct any previous release by building from the appropriate tag in Git, though, so I don't think keeping legacy builds around would be a priority for the project. > If, hypothetically, the makers of Freenet have, for whatever reason, become > adversaries to individual anonymity (by being paid off by snoops of whatever > sort, or whatever else)--not saying you have, just go with me on this--then > by forcing upgrades of the client software, you then have the power to force > the client user to install a corrupted (backdoored) version of "Freenet", do > you not? Yes, I know, the Freenet client is open source; but really! Come > on. How many of us actually take the source code and independently compile > it ourselves? And that is to say nothing of the necessary (and > indeterminate) lag-time between the release of Freenet's latest client and > the peer review that would be required to determine whether or not you are up > to some nefarious agenda in the new version? This is a risk in any system wherein you must trust others for your own safety. I'm pretty sure that, were you at risk of persecution or death over your use of the software, or the manner in which you use it, you would be a little more proactive about ensuring your own protection; even if that meant learning enough to analyze the updates yourself as they are released and deciding when it has become too dangerous for you to continue its use. After all, the only person ultimately responsible for your privacy and security is yourself. > Tor (The Onion Router, https://www.torproject.org), by contrast, doesn't work > this way. They give you the freedom to run legacy clients of theirs and > still be able to use the Tor network. They make it clear in their > documentation that they do not recommend this, but they still give you the > freedom to do it. Only once in my now seven years of using Tor has an > upgrade been mandatory and that was because of a truly deadly security issue > that had just been fixed at that time. Their usual policy however is that > it is your choice to upgrade, or not--and the network is still usable to you > if you decide not to. The Tor wire format and routing protocols are all finalized. Aside from critical security bugs, Tor no longer needs to make sweeping changes to how nodes interconnect or communicate in order to function. During the initial development, I'm sure you can imagine how difficult any attempts at maintaining backwards compatibility might have been. > If you would allow more freedom to the clients to not follow any fixed > standard operating procedure with regard to upgrades--that is to say, in > particular, more backward compatibility between the network and its > clients--it will make your network much more robust against the very sort of > corruption that I have named here. I think it all comes down to balance: Freenet is still alpha software, and has a long path of development to travel before it can be considered generally usable; indeed, it's current implementation assumes a certain minimum level of competency, if for no other reason than the sheer lack of manpower for general technical support. Likewise, the understanding of how 'small world' social networks function, especially in a digital context, is currently an active area of research. How do you weigh closing a routing or filter bug that threatens to expose users' privacy, or implementing a feature that promises to increase performance or usability significantly, with allowing people to run outdated and vulnerable code, whose exploitation or dismal performance may well tarnish the image of the project as a whole? For a very prominent example of this effect, take a look at Microsoft Internet Explorer. Microsoft has made downright astonishing leaps in usability, security, and functionality of their browser; yet it is still the most stigmatized browser in existence due to the continued prevalence of Internet Explorer 6, a legacy implementation that is no longer supported, but in continued use simply because it can be. -- Fuzzy love, -CyberLeo Furry Peace! - http://www.fur.com/peace/ _______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
