gmane.network.freenet.technical

China Tor bridge blocking details

Matthew Toseland — 2012-04-04T19:19:27

http://www.v3.co.uk/v3-uk/news/2165733/swedish-researchers-uncover-key-chinas-tor-blocking

Looks like they look for a header that looks like a connection to a bridge, then try to do a handshake. This is surprisingly sophisticated - I had expected they just created thousands of gmail accounts and harvested all the bridges by email.

Also, they appear to be able to create unidentifiable IP addresses on demand, meaning that the opennet protection schemes based on IP scarcity are not going to work.

This won't work as-is with Freenet because Freenet doesn't do handshakes unless you have the keys. However there may be (more complicated) ways to identify the traffic, and the above implies they may be sophisticated enough to implement them. It does mean that obfuscation (stego) is increasingly important.
_______________________________________________
Tech mailing list
Tech-RdDMkVZAZeuJnvDnx1genB2eb7JE58TQ< at >public.gmane.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/tech

Freenet compared to Tahoe-LAFS

Zooko Wilcox-O'Hearn — 2012-03-23T18:28:16

Folks:

Almost a year ago I wrote a letter to the tahoe-dev mailing list
comparing Tahoe-LAFS and Freenet. Just now I was reminded of this
letter (because it is referenced from the Tahoe-LAFS FAQ ¹ which was I
was editing), and on re-reading it, I think it is still relevant.

Below is the text of this letter, which is visible on the tahoe-dev
mailing list archives here:
https://tahoe-lafs.org/pipermail/tahoe-dev/2011-July/006560.html

I hope you find it interesting! Comparing and contrasting complex
things like these can help everyone understand them better. Obviously,
writing generic criticisms about which is better than the other would
be a waste of time.

Regards,

Zooko

¹ https://tahoe-lafs.org/trac/tahoe-lafs/wiki/FAQ


Folks:

The topic has come up on the IRC channel and trac about "What's the
difference between Tahoe-LAFS and Freenet?". I will try to answer that
question here, but there are probably other important differences than
the ones I'm thinking of, so this answer shouldn't be treated as
definitive. If you have insight into this topic, please reply!

Also, of course, I know way more about Tahoe-LAFS than I do about
Freenet, and I'm biasing towards thinking that Tahoe-LAFS is the
greatest thing in the universe, so those are other reasons why this
answer shouldn't be taken as definitive.

First a bit of history-and-culture stuff. I was working on Mojo
Nation, in its secret pre-launch mode in early 2000, with Jim McCoy,
Doug Barnes, Greg Smith, and Bram Cohen, when I heard about the
announcement of this new thing called Freenet. The description I read
of it (I think it might have been Ian Clarke's master's thesis) was
surprisingly similar to what we had already designed and were
currently implementing for Mojo Nation. There were differences, too,
but on that day I realized that what we had in mind at Mojo Nation was
not solely a novel invention of our own, but was also a product of
"ideas being in the air" and of the economic and cultural context of
the time. I think we got the idea of secure distributed mutable files
mostly from Freenet (which is why the URI format for Tahoe-LAFS's
secure distributed mutable files has the string "SSK" in it, which is
what Freenet called their secure distributed mutable files).

Mojo Nation was the great+-grand-father of Tahoe-LAFS, so in a sense
Freenet and Tahoe-LAFS grew up together—we shared similar technical
and social values, and we occasionally met on IRC channels or at
conferences in real life to exchange design review and ideas. Over the
ensuing eleven years the Freenet hackers worked continuously on
improving Freenet while making the occasional major shift in design
strategy, most notably the addition of the so-called "Darknet"
strategy in roughly 2009 or so. Over the same time period the Mojo
Nation lineage went through a series of restarts and a changing lineup
of performers. Err, I mean of programmers. During this time, Bram
Cohen left Mojo Nation and invented BitTorrent. The goals of
BitTorrent can be seen as a subset of the goals of Mojo Nation. I
learned from the success of BitTorrent that it can help to limit the
scope of features you are trying to combine into one software project.

Tahoe-LAFS itself was born on the 4th restart (Mojo Nation, Mnet,
Allmydata "Mountain View", Tahoe-LAFS), with the addition of Brian
Warner as chief engineer, in, let's see...

http://tahoe-lafs.org/trac/tahoe-lafs/changeset/1/trunk

In October of 2006. Hey! We should have a 5th Birthday Party for
Tahoe-LAFS this October. :-)

Now for the technical part. The biggest architectural difference
between Tahoe-LAFS and Freenet is that Tahoe-LAFS makes no attempt to
let you discover and use random strangers as storage servers. This was
also the big difference between Tahoe-LAFS and its predecessors. When
we started the Tahoe-LAFS project, we decided to make a simplifying
assumption that you would use some mechanism outside of Tahoe-LAFS
itself to find a somewhat stable set of moderately reliable servers
that would agree to give you storage service.

Such mechanisms include paying a company to run those servers for you
(which was what allmydata.com offered), getting a few of your friends
to run storage servers for you, joining a club of people who share
Tahoe-LAFS storage service (such as our Volunteer Grids), etc.. In the
future we would like to add to the possible mechanisms—maybe you could
pay people in Bitcoin to run storage servers for you (#1408).

In any case, the thing that we rejected at that point was having your
Tahoe-LAFS client meet some previously unknown Tahoe-LAFS server over
some automated protocol and decide to entrust some of your ciphertext
to that server. We concluded that while we could use math in your
client to provide confidentiality, integrity, and access control
without requiring the server to provide those things, we could *not*
use math in your client to provide availability or longevity without
relying on the server to provide those things. (This was after we
tried repeatedly to do just that from about 1999 to about 2006,
without success.) Therefore, you have to do the legwork yourself of
finding highly available, long-lived servers.

That's the biggest architectural point of departure between Freenet
and Tahoe-LAFS. There are more.

Another big one is, as Gwern pointed out on the #1427, is that
Tahoe-LAFS makes no attempt to obscure the source or destination of
requests, but Freenet does attempt to do that. Again, this was a
deliberate decision on our part not to include this feature. Brian and
I both had some knowledge about anonymity systems like Chaumian mixes,
private information retrieval, and Dining Cryptographers, and we knew
that it would be very hard, if not impossible, to guarantee anonymity
against sophisticated attackers, and that trying to do that within the
scope of our storage protocol would greatly complicate it. This
architectural departure from Freenet has subsequently proved less
consequential than the first one, because people have subsequently
wrapped Tahoe-LAFS's storage protocol inside Tor and I2P, thus letting
those systems provide their anonymity/privacy protections while
Tahoe-LAFS provides its confidentiality, integrity, and access control
protections.

Another big architectural difference is that Tahoe-LAFS embraced the
Web from the beginning, with the webapi [1] as the standard
programmable interface and the WUI ("Web User Interface") one of the
supported user interfaces. This has paid off to some degree, since
other projects and local hacks can use the webapi to integrate with
Tahoe-LAFS, and it becomes very easy to use Tahoe-LAFS to host files
for public distribution, either by making the WUI itself publicly
visible or by putting a proxy such as nginx in front of it. On the
other hand, web browsers and web technologies like JavaScript have
historically been rife with security problems. One of the three
security problems that people have uncovered in Tahoe-LAFS over the
years [2] was due to the existence of the webapi. When I spoke with a
Freenet hacker at the Google Summer of Code Mentor Summit last year,
he was adamant that they would not endanger their users' safety by
helping them use web browsers to view and edit the data stored and
communicated through Freenet. I can't exactly disagree with him about
that—web technology is often insecure. But on the other hand it is
improving rapidly by necessity, and on the gripping hand, the Web is
what most people use. If we didn't integrate directly with the Web it
would make Tahoe-LAFS's secure storage properties less accessible to
the majority of users.

(Sometimes security experts reject Tahoe-LAFS as inherently insecure
when they learn about the Web integration. If I notice them doing that
then I try to point out that you can use Tahoe-LAFS without using a
web browser, thus avoiding most of the vulnerabilities. You can use
the CLI—the Tahoe-LAFS command line tool—or FUSE integration instead
of the WUI.)

There are many other differences, of course! They let old and unloved
content die to make room for fresher and more popular content; we stop
accepting new writes if the storage servers run out of space. They use
Java; we use Python. They have an awesome name; we have a terrible
name. And so on. We could probably learn even more from each other
than we already have.

Regards,

Zooko

http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1408 # accounting using bitcoins
http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1427 # Differences
between Freenet and Tahoe

[1] http://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/frontends/webapi.rst
[2] http://tahoe-lafs.org/hacktahoelafs/
_______________________________________________
Tech mailing list
Tech< at >freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/tech

help me, please,to implement project of storing datas on cellular phones

DmitryTurin.narod.ru — 2012-02-05T21:22:14

_______________________________________________
Tech mailing list
Tech-RdDMkVZAZeuJnvDnx1genB2eb7JE58TQ< at >public.gmane.org
http://freenetproject.org/cgi-bin/mailman/listinfo/tech

imap and talktalk.net

Anthony Dynes — 2011-09-26T10:58:26

Hi,
     my IP provider is talktalk.net, (bad choice maybe) which dos not carry imap, i have set up thunderbird 6 as specified on the website, after a while it will say localhost in the bottom left corner, if i try to download a message say from gmail it will ask for my password, which it will not except, can you help me short of getting a new IP provider.

                                                                                                                                                  Many Thanks

                                                                                                                                                         Anthony

_______________________________________________
Tech mailing list
Tech-RdDMkVZAZeuJnvDnx1genB2eb7JE58TQ< at >public.gmane.org
http://freenetproject.org/cgi-bin/mailman/listinfo/tech

Freenet on a mesh network

Sheref Younan — 2011-06-21T20:07:42

Hi,
I'm wondering about the feasibility to use Freenet over a mesh network
independent of the internet. Where every Freenet node will be a node in the
mesh, nodes will communicate with neighbours  via WiFi or other wireless
communication medium without the need of conventional Internet as a
communication medium.

This will have the advantage of offering a scalable and decentralized
network that will not need an existing Internet infrastructure and will
(among other things) resist block outs like the infamous one made in Egypt
during its revolution (January 2011)

any ideas, comments ?

Thanks,
Sheref Younan
_______________________________________________
Tech mailing list
Tech-RdDMkVZAZeuJnvDnx1genB2eb7JE58TQ< at >public.gmane.org
http://freenetproject.org/cgi-bin/mailman/listinfo/tech

Freenet on a Delay-tolerant network

Tom Sparks — 2011-06-01T17:35:21

How would Freenet work on a delay-tolerant network like Probabilistic Routing Protocol using History of Encounters and Transitivity (PRoPHET) [1] ?

 [1] http://tools.ietf.org/html/draft-irtf-dtnrg-prophet

--
tom_a_sparks "It's a nerdy thing I like to do"
Please use ISO approved file formats excluding Office Open XML - http://www.gnu.org/philosophy/no-word-attachments.html
3 x (x)Ubuntu 10.04, Amiga A1200 WB 3.1, UAE AF 2006 WB 3.X, Sam440 AOS 4.1

Solution to churn problem and possibly to the Pitch Blackattack

Pierre Abbat — 2011-05-15T05:14:31

I read the Pitch Black paper and I think I've figured out a solution. Instead 
of trying to fit a circular keyspace in a graph that's spread over the 
surface of the earth with some long-distance links, I think it would be 
better to make the keyspace have more dimensions. Here's my proposal:

Break a key or location into four equal parts. These are coordinates of the 
point on a four-dimensional torus. Distance is measured in 8-space by 
embedding each torus dimension as a circle.

Every 1024 times a node adds something to its store, it performs this 
calculation: First it adds all the keys in its store as vectors in 8-space, 
then reduces that to a 4-dimensional point on the torus. Then it adds all its 
neighbors' locations and again reduces it to a point on the torus. The result 
is its new location. The location will be close to its neighbors; if the 
surface containing locations is curved, more of the store will be on the 
outside of the curve. Young nodes with few keys stored will be pulled rapidly 
toward their neighbors; old nodes will remain stably located near their data. 
Unlike the current method, where the product of distances rewards nodes for 
having locations next to each other, in this system nodes next to each other 
will be pulled apart, spreading more evenly over the keyspace.

The number of dimensions could be any divisor of 32 (the number of bytes in a 
hash). More than that and the notion of averaging in a dimension becomes 
problematic. I have a hunch that the optimal number of dimensions is 4, where 
two represent the surface of the earth and the other two different social 
classes in a region. Could someone who has a Freenet simulator run some tests 
and see how well this method performs for various numbers of dimensions?

Pierre

nodes caching frequently requested files

Jan — 2011-04-18T21:02:05

Hi,

I'm completely new to freenet, actually I had this idea and someone told
me that this already exists. Awesome! So I'm not sure if this is done
already, I couldn't find anything on this. My idea is that if there are
seedboxes (sry I'm from the bt world, dunno how you call them), and, say,
50GB of free disk space, and there is this new episode of, say, Pioneer
One, and every 30 minutes he has to route the very same file. Couldn't we
implement the option to cache that file so other nodes are less seizured
and the file gets more seeders. The same technique could be used to keep
files with few seeders alive, of cause. Is this already implemented? If
not, what do you think of the idea?

-jan

Freenet doesn't start

Chris Marschner — 2011-03-11T21:43:29

I receive following error messages upon starting Freenet

"The Freenet wrapper terminated unexpectedly."

"The Freenet launcher was unable to connect to the Freenet node at port  
(8888)"   <- or any other port I tested

WebM filter

Danny — 2011-01-02T14:27:36

I see on the roadmap that a Theora filter is planned for the 0.8 release
and WebM is pushed back until 0.9. I think a WebM filter should be
supported in 0.8 if possible. It obviously provides much better video
quality than Theora. It also seems to have more momentum at the moment
with Firefox, Chrome, and Opera supporting it by about the time 0.8 is
released.
  Danny
  maminow-97jfqw80gc6171pxa8y+qA< at >public.gmane.org

Another approach to public gateways?

Matthew Toseland — 2010-12-06T17:48:01

There has been some discussion of public gateways on IRC recently, particularly by nextgens, and by an enthusiastic person joining the channel concerned with wikileaks.

The problem with public gateways has always been that the owners of these nodes are liable to get into trouble for allowing access to Bad Stuff.

I wonder if we could:
1) Have a selective gateway mode, where you only allow external access to your personal favourite sites (a checkbox when you bookmark, perhaps), AND
2) Co-ordinate between the gateways via a Web of Trust app, so that you can click on a link and have it find a gateway that has that site? AND
3) When you reach a site that isn't mirrored by anyone, try a universal gateway AND
4) If there aren't any universal gateways, or every time you see a download page, send some advertising to get the user to install Freenet, possibly with a locally served installer package (requires our packages are signed).

Obviously it wouldn't scale indefinitely, and it would be possible to fetch the full mirror list. This is also possible with e.g. wikileaks' mass mirroring effort though. It might be a worthwhile effort nonetheless?

Just a thought. Maybe somebody would like to write such a plugin.
_______________________________________________
Tech mailing list
Tech-RdDMkVZAZeuJnvDnx1genB2eb7JE58TQ< at >public.gmane.org
http://freenetproject.org/cgi-bin/mailman/listinfo/tech

opennet/darknet

hppppl fdfjisoa — 2010-12-05T05:21:42

Hello, I remember all the discussions about opennet vs. darknet with difficult security issues causing the project to focus on darknet, and I am reminded of my nagging questions by recent devl discussions.
I have concerns about darknet that maybe you folks have all figured out, but I don't recall it being mentioned anywhere, so perhaps you can explain.

Many people obviously correlate the desire for anonymity for the desire to conduct 'illegal' behavior. Would I want to directly ask people I know if they run or if they would be willing to run a freenet node in a society where there may be a stigma associated with this?

What if a country makes running a freenet node illegal? Is it then more safe to be connected to people you know? Is it more safe to approach the people you know about it and risk getting turned in? Or when someone you know is caught operating a node, then they can confess about all the people they connect to, and whole groups of people can be caught at once.

I am wondering if opennet's inadequacies are inherent or if making it more secure is very hard. I'm just trying to imagine how the different concepts play out in various scenarios. I guess I just don't understand the reasoning.
       _______________________________________________
Tech mailing list
Tech-RdDMkVZAZeuJnvDnx1genB2eb7JE58TQ< at >public.gmane.org
http://freenetproject.org/cgi-bin/mailman/listinfo/tech

Thoughts on traffic analysis and fast nodes

Matthew Toseland — 2010-08-23T12:25:11

_______________________________________________
Tech mailing list
Tech-RdDMkVZAZeuJnvDnx1genB2eb7JE58TQ< at >public.gmane.org
http://freenetproject.org/cgi-bin/mailman/listinfo/tech

Opennet harvesting

Michael Rogers — 2010-07-28T11:44:42

Sorry if this has already been discussed - I was off the list at the
time the paper was published.

Researchers at the University of Minnesota carried out an address
harvesting attack on Freenet opennet. They estimate the size of the
opennet at around 2,500 nodes at any time, from a long-term population
of around 11,100. It took a single node 2.5 hours to collect the
addresses of nearly all active opennet nodes.

Obviously the concept behind this attack isn't news to anyone here, and
I realise it's not something opennet tries to protect against, but I was
interested to see some empirical figures.

http://www-users.cs.umn.edu/~hopper/mcon-ccs.pdf

Cheers,
Michael

Semi-distributed searching (and maybe fully distributed too)

Matthew Toseland — 2010-07-19T20:55:26

_______________________________________________
Tech mailing list
Tech-RdDMkVZAZeuJnvDnx1genB2eb7JE58TQ< at >public.gmane.org
http://freenetproject.org/cgi-bin/mailman/listinfo/tech

Private Information Retrieval

Michael — 2010-07-11T17:36:06

  Hi everyone,
In the original paper for Freenet (Freenet: A Distributed Anonymous 
Information Storage and Retrieval System), the authors discredit the use 
of private information retrieval protocols.

"Private Information Retrieval schemes [9] provide much stronger 
guarantees for information consumers, but only to the extent of hiding 
which piece of information was retrieved from a particular server.  In 
most cases, the fact of contacting a particular server in itself reveals 
much about the information retrieved."

I think that this isn't really the case with freenet, because no one 
knows what is on a person's server (it's encrypted); so, by contacting a 
server there is no risk.  Also, couldn't it be considered more secure 
because no one knows what data is being requested when you use a Private 
Information Retrieval (PIR) scheme.  If this were the case, there 
wouldn't be a need for routing data to anonymize origin requests.

I was wondering what people here thought and if it made sense to them, 
because I am not too very familiar with freenet, but very interested in it.

Thanks very much,
Michael

freemail via webmail interface

Tom Sparks — 2010-07-01T07:06:11

I feel a web-based interface to access freemail is missing for people who don't want to install email client
 
tom_a_sparks
Light travels faster then sound, which is why some people appear bright, until you hear them speak

voicemail/videomail via freemail

Tom Sparks — 2010-06-30T01:01:44

Is Voicemail/videomail via freemail possible?

I know speex audio codec[1] can compress 14 minutes to about 1.5Mbytes

[1] www.speex.org/

tom_a_sparks
Light travels faster then sound, which is why some people appear bright, until you hear them speak

Voltage problems lead to exploitable RSA weakness

Matthew Toseland — 2010-05-05T19:30:48

_______________________________________________
Tech mailing list
Tech-RdDMkVZAZeuJnvDnx1genB2eb7JE58TQ< at >public.gmane.org
http://osprey.vm.bytemark.co.uk/cgi-bin/mailman/listinfo/tech

ignore the most recent "browser plugin" email

Kyle Messner — 2010-04-02T16:16:32

_______________________________________________
Tech mailing list
Tech-RdDMkVZAZeuJnvDnx1genB2eb7JE58TQ< at >public.gmane.org
http://osprey.vm.bytemark.co.uk/cgi-bin/mailman/listinfo/tech

GSoC 2010 --- developing a firefox plugin

Kyle Messner — 2010-03-25T06:18:57

_______________________________________________
Tech mailing list
Tech-RdDMkVZAZeuJnvDnx1genB2eb7JE58TQ< at >public.gmane.org
http://osprey.vm.bytemark.co.uk/cgi-bin/mailman/listinfo/tech