Peter Rosenmai wrote: > Chinese ISPs could simply look > for and block the Freenet protocol, couldn't they?
Hi Peter, It's certainly possible in theory, but I'm not sure whether it can be done with the technology they're currently using. First, it might be difficult to detect the Freenet protocol reliably: as far as I know all parts of the protocol are encrypted or obfuscated, even the initial handshake. Second, I don't think internet traffic within China passes through the same filters as international traffic. Third, the international routers don't perform the filtering themselves, they send a copy of every packet to a separate piece of equipment that kills connections that match certain rules by sending forged TCP RST packets to both ends of the connection. Freenet uses UDP rather than TCP, so sending TCP RSTs wouldn't work, but perhaps they have another way of filtering UDP. > 2. Would it be possible for the PRC to run Freenet nodes in order to > determine the IP addresses of other nodes within China? Yes. Freenet users can choose between 'darknet' mode, in which they only connect to their trusted friends, and 'opennet' mode, in which the node automatically finds other nodes to connect to. Opennet users can also have darknet friends. By running an opennet node the Chinese government could discover opennet users in China very easily. With additional effort it might be possible to follow the darknet connections of the opennet users to discover some or all of the darknet users too. > 3. Is it true that the PRC has previously blocked Freenet? If so, how > was this achieved? The protocol was previously based on TCP and there were some plaintext bytes in the initial handshake that could be used to identify a Freenet connection. Nowadays the protocol's based on UDP and as far as I know there are no plaintext fields any more. Cheers, Michael