No it wouldn't. Harvesting an opennet is very, very, very easy, because
we are constantly exchanging references inside the opennet; all you have
to do is set up a node, and listen! Granted on a large network you may
have to do Sybil attacks, and use a bit more bandwidth, but this isn't
exactly difficult for a medium sized ISP; it doesn't require much
manpower, or co-operation. Sybil attacks (pretending to be many nodes)
are very easy, and are powerful attacks in other areas too. Hashcash,
the traditional solution, would slow down getting people onto the
network even more and provide dubious security as it's always cheaper
for the attacker to compute it than for us (economies of scale).

Infiltrating a darknet is *orders of magnitude* harder (in terms of
cost) than breaking an opennet. Freenet 0.5 is actually blocked in China
today (admittedly not via harvesting) and personally while I see a use
for Freenet in the West, it is far more interesting for it to be used in
oppressive regimes - not least morally speaking. An opennet is OF NO USE
WHATSOEVER in a hostile regime prepared to spend a miniscule amount of
effort attacking or blocking it. Also, freenet is probably illegal in
France under the DADVSI and may well become illegal across Europe under
the IPRED2.

You are vulnerable to your peers. **Even if they are chosen by the
opennet.** They can do correlation attacks, timing attacks, and all sorts
of fun things, and the only way to beat this in many cases is to rely on
the security of multiple peers combined - but with opennet, multiple
peers may well be the same attacker. 0.8 will include some significant
improvements to security against local attackers (premix routing), but
these can't be secured properly on opennet because on opennet we can't
assume that two nodes aren't conspiring.

On Sat, Aug 19, 2006 at 10:12:09PM +0200, - wrote:
> Ok. I think when we're trying to create an anonymous internet network
> personal trust should not be involved, that defeats the point. Don't get me
> wrong, I think freenet is awsome, I'm really impressed by the programming
> skill! 
>  
> Think about it though, once the first darknet gets infiltrated, it will
> become highly publicized, everyone will leave freenet. It's going to be hard
> convincing users to come back after that.
>  
> Also, in most places freenet is not banned.
> As long as it's legal, the best way to hide is behind a large number of
> users,
> Any of The Bad Guys are welcome to join, since they can never prove who
> downloaded what
> (unlike darknet), only that you're using freenet, which isn't illegal. And
> harvesting the entire system, If I'm guessing correctly that would require
> the cooperation of numerous ISPs in lots of countries, so is it likely to
> happen?
>  
> So, probably the best answer would be to have an opennet and a darknet that
> work together (the latter being optional for those that want it, and places
> where freenet becomes illegal!)
>  
>  
>  
>  
>  
>  
>  
> -------Original Message-------
>  
> From: Matthew Toseland
> Date: 08/19/06 21:40:31
> To: -
> Cc: support at freenetproject.org
> Subject: Re: [freenet-support] Freenet 0,5 and 0,7
>  
> If you see it like that then you'd better go do something else with your
> time, because there is no solution. All opennet does is automate the
> process of finding not very trustworthy people to connect to - people
> who may well be The Bad Guys. Opennet makes it trivial to harvest and
> block the network, and darknet is *the only possible option* in any
> hostile regime, because opennet will most likely be blocked. If they
> want to attack it rather than blocking it, it is much easier to attack
> opennet than darknet. The point with darknet is to make it difficult for
> Them to block the network, and to make it difficult for Them to attack
> the network. It succeeds on both points: It is possible to attack, or
> block, a darknet, but it is expensive.
>  
> Really, if you don't trust anyone, you shouldn't be using the internet,
> and you probably should reconsider whether life is worth living. :)
>  
> On Sat, Aug 19, 2006 at 09:08:57PM +0200, - wrote:
> >
> > Thanks for the response, and I understand your points.
> >
> > The problem is that with 0.7 you're asking potential freenet users to find
> > people
> > in real life that they trust, which didn't happen with freenet 0.5.
> >
> > You're basically asking people to form rings called darknets. I'm sure
> this
> > scares a lot of people
> > away. Not to mention the additional effort involved in getting freenet
> going
> >  which also is a barrier to new users. I personally would never have
> joined
> > freenet this way, and never will join any ring.
> >
> > There's a flaw with the concept:
> >
> > Let's say I'm a Chinese dissident. If I form a ring with other members in
> > real-life,
> > let's says they're my brothers and I trust them with my life. Even so,
> > if one of us gets caught for whatever reason, most likely nothing to do
> with
> > freenet,
> > authorities will search his computer, and see that he's part of a ring.
> > All other ring members are immediately discovered and will go down
> > with him. It can be assumed by the authorities that other members of
> > the ring were engaged in the same activity (i.e. Chinese dissidents).
> >
> > And that's just given that you have contacts that you trust in real life.
> > But in reality people
> > are not going to have real-life contacts with whom they want to share
> > freenet.
> > That means they're going to have to use the internet to find darknet peers
> 
> > And that
> > means that a any member of the governmnet can pose as a Chinese dissident
> > and infiltrate freenet
> > darknets. Being infiltrated only has to happen once, as soon as people
> find
> > out,
> > the entire freenet will collapse out of paranoia.
> >
> > So sorry if I haven't been reading the development forums, and others
> might
> > have mentioned these points, but I don't believe there's a solution to
> this
> > basic
> > flaw in the concept, at least until openNet comes out (if that solves it?)
> > and that's why many of us are worried about seeing 0.5 dying out.
> >
> >
> >
> > -------Original Message-------
> >
> > From: Matthew Toseland
> > Date: 08/19/06 17:36:59
> > To: -
> > Cc: support at freenetproject.org
> > Subject: Re: [freenet-support] Freenet 0,5 and 0,7
> >
> > The installer for 0.7 is way better than the (unmaintained) installer
> > for 0.5. And we simply don't have the resources to maintain both
> > branches in any meaningful way.
> >
> > 0.7 is an unstable alpha test, but 0.5 isn't much better. In many ways
> > 0.7's security is better *now*, and it will improve further. Admittedly
> > in other ways it may be less secure, but I don't believe that 0.5 is
> > significantly more secure than 0.7, even with the fake-darknet topology
> > that we use for testing now (with a few real darknet links and lots of
> > fake ones from #freenet-refs). Many of the more powerful attacks against
> > 0.7, such as correlation attacks, were also viable against 0.5. And
> > there is content.
> >
> > As far as initial speed  goes, 0.5 takes a week to get up to something
> > vaguely resembling speed; 0.7 takes 10+ references to reach the same
> > stage. Either way there is a big barrier to entry.
> >
> > On Sat, Aug 19, 2006 at 05:11:22PM +0200, - wrote:
> > > Hi,
> > >
> > > I think you're making a mistake in forcing new people into the beta test
> > > freenet 0.7 instead of the established 0.5.
> > >
> > > You're forgetting how _highly_ someone new has to be motivated to try
> > > freenet, even version 0.5 which works and is not a beta test. Let's
> think
> > > about what would motivate someone...
> > >
> > > I remember when I found freenet, I installed it spent hours reading over
> > the
> > > technical jargon.
> > > It was incredible slow. I removed it thinking this is a pile of crap
> that
> > > does not work.
> > >
> > > Only a few months later, did I again bother to go through this
> > > complicated process and after waiting for three days with it on, it
> > finally
> > > started working.
> > >
> > > The reason I spent many hours and went back after throwing it out once,
> > was
> > > because I was _highly motivated_ for the anonymity and content.
> > >
> > > Here's the problem:
> > >
> > > If 0.7 doesn't offer the anonymity and the content, plus it's an
> unstable
> > > beta test,
> > > why would anyone new bother to join the community?
> > >
> > > Do you think people are nice enough to offer their time and computers to
> > > beta test some random highly technical peer to peer application that
> > > completely hogs your computer's resources?
> > >
> > >
> > >
> > > The problem with freenet (even 0.5) is, it just isn't user friendly.
> > > A person who just stumbles on freenet does not know if it's actually
> going
> > > to work. After seeing how slow it is, most people, like myself will just
> > get
> > > rid of it, not bothering to learn all the configurations, frost, fuqid,
> > etc.
> > >
> > > If you took the time to create a simple, down-to-earth website and
> install
> > > program without all the technical jargon, you would double or triple
> your
> > > user base.
> > >
> > > The only NEW users you're going to get to freenet 0.7 are going to be
> > > peer-to-peer programming enthusiasts. And how many of those are there
> that
> > > don't know about freenet already?
> > >
> > > So instead of scaring all potential freenet users away, It would be
> wiser
> > to
> > > just ask members of the freenet community to do the beta testing, and
> > create
> > > a nice user friendly website for 0,5 until 0,7 is working. Even I would
> be
> > > willing to help create this website, and I'm sure many other people also
> > > would volunteer.
> > >
> > > Best Regards,
> > >
> > > Van
> > >
> > >
> > >
> > >
> >
> >
> > > _______________________________________________
> > > Support mailing list
> > > Support at freenetproject.org
> > > http://news.gmane.org/gmane.network.freenet.support
> > > Unsubscribe at http://emu.freenetproject
> > org/cgi-bin/mailman/listinfo/support
> > > Or mailto:support-request at freenetproject.org?subject=unsubscribe
> >
> > --
> > Matthew J Toseland - toad at amphibian.dyndns.org
> > Freenet Project Official Codemonkey - http://freenetproject.org/
> > ICTHUS - Nothing is impossible. Our Boss says so.
> >
> >
>  
>  
> > _______________________________________________
> > Support mailing list
> > Support at freenetproject.org
> > http://news.gmane.org/gmane.network.freenet.support
> > Unsubscribe at http://emu.freenetproject
> org/cgi-bin/mailman/listinfo/support
> > Or mailto:support-request at freenetproject.org?subject=unsubscribe
>  
> --
> Matthew J Toseland - toad at amphibian.dyndns.org
> Freenet Project Official Codemonkey - http://freenetproject.org/
> ICTHUS - Nothing is impossible. Our Boss says so.
>  
>  


> _______________________________________________
> Support mailing list
> Support at freenetproject.org
> http://news.gmane.org/gmane.network.freenet.support
> Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> Or mailto:support-request at freenetproject.org?subject=unsubscribe

-- 
Matthew J Toseland - toad at amphibian.dyndns.org
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: 
<https://emu.freenetproject.org/pipermail/support/attachments/20060819/46da7f68/attachment.pgp>

Reply via email to