Part of the problem is we need storage. Another part is that we need uptime. Neither is really compatible with booting even from a USB stick - and really, that's out of scope anyway, that's something somebody should write who knows more about building operating systems than we do. However, we do take some precautions with regards to local security, and plan to take more in the near future. For instance, we tell the browser not to cache anything, we encrypt (optionally with a password but in any case easily got rid of) potentially incriminating data on disk, and we strongly recommend users install Truecrypt (since unfortunately we can't turn on swap crypto or lock pages in memory).
A significant proportion of the community think taking any local precautions is a bad thing, since it violates the unix philosophy...
As regards darknet, it is simply the only possible option in any even vaguely hostile regime. For instance, China has managed to block most of the Tor hidden bridges. Apart from that, it is also the only realistic option for really good security on Freenet: an attacker can connect to everyone, and Freenet's architecture on opennet isn't really suitable for dealing with this. It is of course possible for nodes to connect to both darknet and opennet, and the hope is that users will gradually add their friends as Freenet becomes faster, easier to use, more popular and has more content.
Statistical analysis is probably easier with a larger number of nodes, if you're talking about your direct peers monitoring you. Also, Freenet 0.7 supports opennet. And "same darknet"? What's the same darknet? There is only one 0.7 network as far as I know, although there maybe secret ones. If there are secret networks of 15 nodes, the NSA would probably not be on them. The long-term objective is to have a globally scalable darknet, which means that it might have a million nodes in it, but it's all going friend to friend to friend to friend. Read up on small world networks.
Frost works better on 0.5 because the spammer has been attacking 0.7's Frost with constant denial of service attacks, not 0.5's Frost. They are both just as vulnerable. FMS is the solution.
Darknet came up well before the collaborative censorship ideas you refer to, and that wouldn't be Freenet, it would be a different network. There is absolutely no intention for Freenet to provide any sort of censorship mechanism, and it doesn't provide any.
Some of the attacks mentioned on the attacks page have more detail available on linked pages. Apart from that, any criticisms are welcome, but you'll understand that we're more interested in fixing the attacks than in writing papers on them.
Freenet is better than most of the other options available to them. And if they already know who your friends are from your phone records, then it doesn't matter if you also have a darknet connection to them.
Freenet is still under development, even at the network level. So the protocol - the node's actual behaviour - changes relatively frequently. Why is that so surprising?
And you probably didn't get much help because the devs weren't interested in taking a year to rewrite freenet to get back to where they were already at. On the other hand, if you want to know how a part of the system works, and it's not obvious from the code, you just have to ask.
It is not true that we practice security through obscurity. It *is* true that we haven't documented Freenet to the point that it could be reimplemented easily from the documentation. We don't want other node (not client) implementations right now, because Freenet is very much still a work in progress, and as a distributed, emergent system, lots of node implementations all of which implement slightly different behaviour (but the same protocol) would be a major problem: It would make it even harder for us to evaluate the effect of changes in the routing algorithm, for example.
As a C++ developer with experience in security software, you'd be fine, java is easy, although there are some more interesting bits.
That's like saying an ISP is responsible for all the child porn their users download. Nobody has been busted for posession of anything merely for running a Freenet node as far as we know, and in any sane jurisdiction hopefully nobody ever will be. The EFF's legal advice to p2p devs may be of interest here:
http://www.eff.org/wp/iaal-what-peer-peer-developers-need-know-about-copyright-law
"Heavily weighted towards child porn" ?
What percentage of freesites have to be child porn for you to consider it to be heavily weighted?
Of course there is more child porn on Freenet than on the web. Pornographers are always early adopters, and that's compounded by Freenet's anonymity. But I've never seen any evidence that child porn makes up the bulk of Freenet content.
They won't be on the network in the first place if they live in China because opennet is trivially blocked. So is Tor, and it is blocked in some countries (or so I hear). The solutions to make Tor less easily blocked presumably involve something similar - an introduction through a friend or other hard-to-get connection.
It is *much* easier to find freenet nodes on an opennet than on a darknet. Of course both are possible but there's an order of magnitude between them. And darknet promises long term options which are more expensive still. Security isn't about perfection, it's about resisting a realistic attack by making your enemy's job harder.
Except the hydrogen cars. No hydrogen cars, no future. We'll all be dead. And petrol will cost $400/barrel, so we'll have no choice. Have a nice day.
Re:Scalability is here,MUTE paper about search
on
Revamping Freenet
·
· Score: 1
Thanks.
And no, it's not scalable.
Freenet, like other DHT-based networks, is intended to be a global-horizons network.
I won't comment on the anonymity of the solution suggested; it looks reasonably well thought out but I didn't read the whole paper.
What papers? I don't know of any Freenet papers on "graph theory applied to trusted links". And my understanding was that MUTE did a broadcast search to find the data and then used ants to find a fast return path.
Re:Scalability is here,but 6 forwards can be slow
on
Revamping Freenet
·
· Score: 1
Hmmm. What is the theoretical basis for this scaling?
Firstly, it is likely that we will have a separate "open" network based on more or less the current algorithms (but faster).
Secondly, right now it costs very little to find all nodes - because it is an open network, you can harvest it. Very fast. Of course you CAN infiltrate a cellular network. But it costs FAR more.
"without fear of punishment". Anonymous speech has been vitally important on many occasions. The original draft of the constitution, the Watergate (and other) scandals, and other times. There is ALWAYS fear of punishment, if what you say is going to embarass the powerful. Perfectly rational fear.
I was under the impression that these are all strictly non-scalable. Right? I'll read the wikipedia article, but my impression was that the other P2Ps simply don't try to scale, they just let you search your friends' stores usually with a broadcast search.
Freenet has been backwards compatible ever since 0.4 started! That's YEARS ago. That's a LONG run. 0.7 will have to do a data reset, and this is why it is essential to nail down whether we will use 32K or 1K blocks, for example. Certainly after 1.0 we will want to avoid any data loss until at least 2.0.
You improve the performance (I'm pretty sure we can improve it significantly - achieve good transfer rates, and latency of maybe 10 seconds), and you improve the content. You offer free web hosting at zero cost for arbitrarily large files. This is going to be really helpful for e.g. some of the game modding communities. The political stuff will attract some people, the free hosting will attract some people.. if Freenet isn't interesting then it just isn't interesting, very few people will use it regardless of how easy it is to install.
Re:Newsbyte is a well known troll
on
Revamping Freenet
·
· Score: 2, Informative
Firstly, yes. But you already do. Unless you are living in an area where freenet is illegal, you don't have to strongly trust people you connect to. They can pick up casual acquaintances easily, legally, and often without judicial supervision, from traffic analysis.
Secondly, our HTML filter works on a whitelist basis. Any tags or syntax it doesn't recognize it rips out. That's why it's mangled a bit. This is much better than writing our own markup language which does exactly the same thing as HTML. In fact arguably we transform HTML to HTML...
It depends... If the crypto is cracked in 10 years, and they come back and identify all the illegal files you were sharing...:(
If they make anonymous P2P illegal, they can find all freenet and i2p nodes (with the current architectures of freenet and i2p - one day this may change) very quickly. And then shut them down.
Slashdot Mirror
Part of the problem is we need storage. Another part is that we need uptime. Neither is really compatible with booting even from a USB stick - and really, that's out of scope anyway, that's something somebody should write who knows more about building operating systems than we do. However, we do take some precautions with regards to local security, and plan to take more in the near future. For instance, we tell the browser not to cache anything, we encrypt (optionally with a password but in any case easily got rid of) potentially incriminating data on disk, and we strongly recommend users install Truecrypt (since unfortunately we can't turn on swap crypto or lock pages in memory). A significant proportion of the community think taking any local precautions is a bad thing, since it violates the unix philosophy... As regards darknet, it is simply the only possible option in any even vaguely hostile regime. For instance, China has managed to block most of the Tor hidden bridges. Apart from that, it is also the only realistic option for really good security on Freenet: an attacker can connect to everyone, and Freenet's architecture on opennet isn't really suitable for dealing with this. It is of course possible for nodes to connect to both darknet and opennet, and the hope is that users will gradually add their friends as Freenet becomes faster, easier to use, more popular and has more content.
Statistical analysis is probably easier with a larger number of nodes, if you're talking about your direct peers monitoring you. Also, Freenet 0.7 supports opennet. And "same darknet"? What's the same darknet? There is only one 0.7 network as far as I know, although there maybe secret ones. If there are secret networks of 15 nodes, the NSA would probably not be on them. The long-term objective is to have a globally scalable darknet, which means that it might have a million nodes in it, but it's all going friend to friend to friend to friend. Read up on small world networks. Frost works better on 0.5 because the spammer has been attacking 0.7's Frost with constant denial of service attacks, not 0.5's Frost. They are both just as vulnerable. FMS is the solution. Darknet came up well before the collaborative censorship ideas you refer to, and that wouldn't be Freenet, it would be a different network. There is absolutely no intention for Freenet to provide any sort of censorship mechanism, and it doesn't provide any.
Some of the attacks mentioned on the attacks page have more detail available on linked pages. Apart from that, any criticisms are welcome, but you'll understand that we're more interested in fixing the attacks than in writing papers on them.
Freenet is better than most of the other options available to them. And if they already know who your friends are from your phone records, then it doesn't matter if you also have a darknet connection to them.
Freenet is still under development, even at the network level. So the protocol - the node's actual behaviour - changes relatively frequently. Why is that so surprising? And you probably didn't get much help because the devs weren't interested in taking a year to rewrite freenet to get back to where they were already at. On the other hand, if you want to know how a part of the system works, and it's not obvious from the code, you just have to ask.
It is not true that we practice security through obscurity. It *is* true that we haven't documented Freenet to the point that it could be reimplemented easily from the documentation. We don't want other node (not client) implementations right now, because Freenet is very much still a work in progress, and as a distributed, emergent system, lots of node implementations all of which implement slightly different behaviour (but the same protocol) would be a major problem: It would make it even harder for us to evaluate the effect of changes in the routing algorithm, for example. As a C++ developer with experience in security software, you'd be fine, java is easy, although there are some more interesting bits.
That's like saying an ISP is responsible for all the child porn their users download. Nobody has been busted for posession of anything merely for running a Freenet node as far as we know, and in any sane jurisdiction hopefully nobody ever will be. The EFF's legal advice to p2p devs may be of interest here: http://www.eff.org/wp/iaal-what-peer-peer-developers-need-know-about-copyright-law
But Freenet itself is immune to the slashdot effect. The more a page is accessed the faster it gets.
"Heavily weighted towards child porn" ? What percentage of freesites have to be child porn for you to consider it to be heavily weighted? Of course there is more child porn on Freenet than on the web. Pornographers are always early adopters, and that's compounded by Freenet's anonymity. But I've never seen any evidence that child porn makes up the bulk of Freenet content.
They won't be on the network in the first place if they live in China because opennet is trivially blocked. So is Tor, and it is blocked in some countries (or so I hear). The solutions to make Tor less easily blocked presumably involve something similar - an introduction through a friend or other hard-to-get connection.
It is *much* easier to find freenet nodes on an opennet than on a darknet. Of course both are possible but there's an order of magnitude between them. And darknet promises long term options which are more expensive still. Security isn't about perfection, it's about resisting a realistic attack by making your enemy's job harder.
Except the hydrogen cars. No hydrogen cars, no future. We'll all be dead. And petrol will cost $400/barrel, so we'll have no choice. Have a nice day.
Thanks. And no, it's not scalable. Freenet, like other DHT-based networks, is intended to be a global-horizons network. I won't comment on the anonymity of the solution suggested; it looks reasonably well thought out but I didn't read the whole paper.
What papers? I don't know of any Freenet papers on "graph theory applied to trusted links". And my understanding was that MUTE did a broadcast search to find the data and then used ants to find a fast return path.
Hmmm. What is the theoretical basis for this scaling?
Firstly, it is likely that we will have a separate "open" network based on more or less the current algorithms (but faster). Secondly, right now it costs very little to find all nodes - because it is an open network, you can harvest it. Very fast. Of course you CAN infiltrate a cellular network. But it costs FAR more.
"without fear of punishment". Anonymous speech has been vitally important on many occasions. The original draft of the constitution, the Watergate (and other) scandals, and other times. There is ALWAYS fear of punishment, if what you say is going to embarass the powerful. Perfectly rational fear.
I was under the impression that these are all strictly non-scalable. Right? I'll read the wikipedia article, but my impression was that the other P2Ps simply don't try to scale, they just let you search your friends' stores usually with a broadcast search.
Freenet has been backwards compatible ever since 0.4 started! That's YEARS ago. That's a LONG run. 0.7 will have to do a data reset, and this is why it is essential to nail down whether we will use 32K or 1K blocks, for example. Certainly after 1.0 we will want to avoid any data loss until at least 2.0.
Actually it ought to work well for big files. Once you have a well-established node.
I2P has less than 100 nodes. No wonder it's fast. But really it solves a whole different bunch of problems than Freenet does.
You improve the performance (I'm pretty sure we can improve it significantly - achieve good transfer rates, and latency of maybe 10 seconds), and you improve the content. You offer free web hosting at zero cost for arbitrarily large files. This is going to be really helpful for e.g. some of the game modding communities. The political stuff will attract some people, the free hosting will attract some people.. if Freenet isn't interesting then it just isn't interesting, very few people will use it regardless of how easy it is to install.
Firstly, yes. But you already do. Unless you are living in an area where freenet is illegal, you don't have to strongly trust people you connect to. They can pick up casual acquaintances easily, legally, and often without judicial supervision, from traffic analysis. Secondly, our HTML filter works on a whitelist basis. Any tags or syntax it doesn't recognize it rips out. That's why it's mangled a bit. This is much better than writing our own markup language which does exactly the same thing as HTML. In fact arguably we transform HTML to HTML...
Yes, there is. If there wasn't there would be no ISPs. In reality most ISPs make zero effort to block child porn or other illegal materials.
It depends... If the crypto is cracked in 10 years, and they come back and identify all the illegal files you were sharing... :(
If they make anonymous P2P illegal, they can find all freenet and i2p nodes (with the current architectures of freenet and i2p - one day this may change) very quickly. And then shut them down.