I posted steps on how to connect Freenet nodes over Onioncat and Garlicat for Tor/I2P. I am looking to scale it into an Opennet inside Tor with a lot of peers:
https://emu.freenetproject.org/pipermail/devl/2016-June/039056.html https://emu.freenetproject.org/pipermail/devl/2016-June/039059.html
Is the extra traffic desirable in Tor? Reading asn's comment, I was under the impression that you are interested in adding higher latency traffic such as Freenet or mixnets for better anonymity: https://blog.torproject.org/blog/crowdfunding-future-hidden-services
Using both projects in tandem can finally realize the vision of FreeHaven. You are the best at firewall circumvention, performance and accessing the web, Freenet supplies users with censorship resistant publishing and p2p services. There is a HotPETs 16 paper co-authored by George Danezis on renewing interest in anonymous storage networks:
http://www0.cs.ucl.ac.uk/staff/M.Isaakidis/p/isaakidis-p2pstorageservices-ho...
On 6/22/16, konstant@mail2tor.com konstant@mail2tor.com wrote:
I posted steps on how to connect Freenet nodes over Onioncat and Garlicat for Tor/I2P. I am looking to scale it into an Opennet inside Tor with a lot of peers:
https://emu.freenetproject.org/pipermail/devl/2016-June/039056.html https://emu.freenetproject.org/pipermail/devl/2016-June/039059.html
Cool.
You may want to review two recent threads regarding # bittorrent https://lists.torproject.org/pipermail/tor-talk/2016-June/041355.html # onioncat https://lists.torproject.org/pipermail/tor-dev/2016-April/010847.html
(Some portion of these threads are on tor-talk, tor-dev, cypherpunks, etc so you'll need to search those for full context. They may span multiple months so you'll have to dig those out. And note that torproject's archives destroy useful things like cc, attachments, crypto sigs. Cypherpunks is intact.)
Is the extra traffic desirable in Tor? Reading asn's comment, I was under the impression that you are interested in adding higher latency traffic such as Freenet or mixnets for better anonymity: https://blog.torproject.org/blog/crowdfunding-future-hidden-services
From the operations and UX side, as opposed to theory and
design side...
Some [officials] within torproject will decry traffic, and have even gone so far as to suggest they'll deploy coded countermeasures (which since the traffic is anonymous, and the code is opensource, doesn't work and kills someone else's good as well). In the end, just like video on clearnet, users and their traffic will come, and utilize whatever capacity and features they can, nothing you can do about it.
A more qualified thought... I find ongoing intentional exclusive use of exits so people can basically get their trivial entertainment LOL's using filesharing apps such as bittorrent (or any other use that is known to tax networks)... to be rather immature to unethical. However I do see fine use in performing initial import of clearnet datasets via exits (if maintaining anonymity of such import action is necessary), provided they then cut their clients over to run exclusively within the anonymous networks. (In the case of bittorrent, that means disconnecting the split horizon network path to clearnet, swapping out clearnet trackers for trackers within the anonymous overlay networks, using PEX / DHT within those nets, and possibly managing running two instances over various datasets.) ie: Someone might import the latest opensource unix iso's via clearnet without use of exits, then cut and seed exclusively via anon overlay nets. Same person might need to import the latest political leaks and civil rights videos via exits, then cut and seed similarly.
Using both projects in tandem can finally realize the vision of FreeHaven. You are the best at firewall circumvention, performance and accessing the web, Freenet supplies users with censorship resistant publishing and p2p services. There is a HotPETs 16 paper co-authored by George Danezis on renewing interest in anonymous storage networks:
http://www0.cs.ucl.ac.uk/staff/M.Isaakidis/p/isaakidis-p2pstorageservices-ho...
I agree that linking the various overlays, features, services, and users together is generally a good thing. I tend to argue IPv6 for that since so many of todays apps and users speak that. However there's certainly other shims, proxies, and addressing stacks people can dream and code up, particularly for asynchronous / non-real-time messaging and file like storage services.
Users also need to research and think clearly about any security and privacy impact using such links may have on them.
On 6/22/16, konstant@mail2tor.com konstant@mail2tor.com wrote:
I posted steps on how to connect Freenet nodes over Onioncat and Garlicat for Tor/I2P. I am looking to scale it into an Opennet inside Tor with a lot of peers:
https://emu.freenetproject.org/pipermail/devl/2016-June/039056.html https://emu.freenetproject.org/pipermail/devl/2016-June/039059.html
Cool.
You may want to review two recent threads regarding # bittorrent https://lists.torproject.org/pipermail/tor-talk/2016-June/041355.html # onioncat https://lists.torproject.org/pipermail/tor-dev/2016-April/010847.html
(Some portion of these threads are on tor-talk, tor-dev, cypherpunks, etc so you'll need to search those for full context. They may span multiple months so you'll have to dig those out. And note that torproject's archives destroy useful things like cc, attachments, crypto sigs. Cypherpunks is intact.)
Is the extra traffic desirable in Tor? Reading asn's comment, I was under the impression that you are interested in adding higher latency traffic such as Freenet or mixnets for better anonymity: https://blog.torproject.org/blog/crowdfunding-future-hidden-services
From the operations and UX side, as opposed to theory and design side...
Some [officials] within torproject will decry traffic, and have even gone so far as to suggest they'll deploy coded countermeasures (which since the traffic is anonymous, and the code is opensource, doesn't work and kills someone else's good as well). In the end, just like video on clearnet, users and their traffic will come, and utilize whatever capacity and features they can, nothing you can do about it.
I want to be clear about a couple of things. I am not looking to defy the wishes of Tor developers and relay contributors. I hope to get their views on the matter. Should they explicitly refuse, I will look at I2P.
Second, my idea does not touch Exit bandwidth at all. We will only deploy hidden services.
A more qualified thought... I find ongoing intentional exclusive use of exits so people can basically get their trivial entertainment LOL's using filesharing apps such as bittorrent (or any other use that is known to tax networks)... to be rather immature to unethical.
*snip*
+1
Wasting resources is abusive. However, comparing bittorrent traffic to Freenet doesn't do it justice. Freenet is used by dissidents for freedom of speech and publishing small static files like blogs, not to share gigs of media files.
Using both projects in tandem can finally realize the vision of FreeHaven. You are the best at firewall circumvention, performance and accessing the web, Freenet supplies users with censorship resistant publishing and p2p services. There is a HotPETs 16 paper co-authored by George Danezis on renewing interest in anonymous storage networks:
http://www0.cs.ucl.ac.uk/staff/M.Isaakidis/p/isaakidis-p2pstorageservices-ho...
I agree that linking the various overlays, features, services, and users together is generally a good thing. I tend to argue IPv6 for that since so many of todays apps and users speak that. However there's certainly other shims, proxies, and addressing stacks people can dream and code up, particularly for asynchronous / non-real-time messaging and file like storage services.
Users also need to research and think clearly about any security and privacy impact using such links may have on them. _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On 6/22/16, konstant@mail2tor.com konstant@mail2tor.com wrote:
I want to be clear about a couple of things. I am not looking to defy the wishes of Tor developers and relay contributors. I hope to get their views on the matter. Should they explicitly refuse, I will look at I2P.
When I ran, donated, managed relays... only wanted all of what I paid for to be consumed. "Wished" it would be in alignment with certain ideals, but realized that's not reality.
For more and different opinions from relays, you might want to post to tor-relays@ referencing the archive url to this thread.
Second, my idea does not touch Exit bandwidth at all. We will only deploy hidden services.
Yeah, it's freenet over tor. Makes for an interesting definition of hidden service. Don't forget to add around 1000+ ms latency.
Wasting resources is abusive. However, comparing bittorrent traffic to Freenet doesn't do it justice. Freenet is used by dissidents for freedom of speech and publishing small static files like blogs, not to share gigs of media files.
Anonymous uncensorable overlay networks, are "used" by whoever, for whatever, limited only by the techinical and practical capabilities of each network. There are many "gigs of media files" being shared over freenet and other nets by many happy and even wasteful users. This fact understandably burns the britches of those who intend their network to be used only for some other purposes. It happens.
There seems to be ongoing and growing interest around the world in overlay nets and parallel wire[less] 'guerilla' nets, and lots of room for improved and new code and models. No worries here.
[arma] the main rule is that if you're going to add traffic to tor, run
some relays to match
[arma] for hidden services, that's 1MB/s of traffic onto 6 places, so 6MB/s
This has always been my position. Each user of these "free" community powered networks has an impact. For some nets this has readily calculable minimums, like tor and its 6x minimum for exclusively non-exit (HS) use. Other nets or usage models may be roughly estimated. Therefore each user of such networks should know / learn the impact for their respective network. And should realize that they are in a way obligated to return the resources they consume, as otherwise their network will not have headroom and their own experience will go downhill fast.
Freenet has 10KiB/s minimum bandwidth requirement.
Note that the correct form for engineering, and apps interfacing at the level of, network traffic rates... is bits (b), not bytes (B), and decimal prefixes, not binary prefixes.
On 6/23/16, grarpamp grarpamp@gmail.com wrote:
Don't forget to add around 1000+ ms latency.
Should say that on average tor's not that high, but as to prudently setting somewhat higher timeouts, especially for initial setup where the '+' may indeed apply.
konstant@mail2tor.com writes:
[ text/plain ] I posted steps on how to connect Freenet nodes over Onioncat and Garlicat for Tor/I2P. I am looking to scale it into an Opennet inside Tor with a lot of peers:
https://emu.freenetproject.org/pipermail/devl/2016-June/039056.html https://emu.freenetproject.org/pipermail/devl/2016-June/039059.html
Hello konstant,
this is an interesting approach! Thanks for putting time on this :)
I find the security properties of high latency anonymity quite intriguing and I have indeed hand-waved about integrating such systems with Tor in the past.
Unfortunately, I'm not very familiar with Freenet and its security properties/assumptions. It would be great if you could sketch out a small document explaining the benefits of this integration in high-level terms:
- What use cases are enabled by integrating Freenet with Tor? Who would use this? - What benefits do Freenet users get by this integration? - What benefits do Tor users get by this integration? - What's the end game here?
Is the extra traffic desirable in Tor? Reading asn's comment, I was under the impression that you are interested in adding higher latency traffic such as Freenet or mixnets for better anonymity: https://blog.torproject.org/blog/crowdfunding-future-hidden-services
As Roger suggested, we should be aware of how much load this project adds to the Tor network. This means that adding metrics to estimate the extra load that "Freenet over Tor" causes should be high priority here; especially so if we think this is going to rise quickly. How easy would it be to introduce such metrics?
That said, in the short term and as long as the extra load is manageable, I think we should welcome this experiment as yet another new hidden service application and see where it takes us. Who knows what kind of use cases might be created through this!
---
Finally, as grarpamp pointed out, the current onioncat design will fail horribly once we deploy Next Generation Hidden Services (prop224), which will happen in the medium-term future (i.e. in a year or two). You should be aware of this drawback and try to think of ways to make this idea survive in the future :)
Looking forward to see where this goes!
konstant@mail2tor.com writes:
[ text/plain ] I posted steps on how to connect Freenet nodes over Onioncat and Garlicat for Tor/I2P. I am looking to scale it into an Opennet inside Tor with a lot of peers:
https://emu.freenetproject.org/pipermail/devl/2016-June/039056.html https://emu.freenetproject.org/pipermail/devl/2016-June/039059.html
Hello konstant,
this is an interesting approach! Thanks for putting time on this :)
I find the security properties of high latency anonymity quite intriguing and I have indeed hand-waved about integrating such systems with Tor in the past.
Unfortunately, I'm not very familiar with Freenet and its security properties/assumptions. It would be great if you could sketch out a small document explaining the benefits of this integration in high-level terms:
- What use cases are enabled by integrating Freenet with Tor? Who would
use this?
- What benefits do Freenet users get by this integration?
- What benefits do Tor users get by this integration?
- What's the end game here?
Tor users will have access to services such as p2p microblogging, website publishing or posting on the distributed forum, FMS, and their contributions are available even after going offline. No central point of failure.
Chinese users can reach Freenet again with Tor. China blocks Freenet with DPI for a long time.
Tor Exits are not overloaded. All traffic remains in Tor and leaves via seednodes that bridge with the plain network.
For more Freenet background theory: https://freenetproject.org/documentation.html#understand
Is the extra traffic desirable in Tor? Reading asn's comment, I was under the impression that you are interested in adding higher latency traffic such as Freenet or mixnets for better anonymity: https://blog.torproject.org/blog/crowdfunding-future-hidden-services
As Roger suggested, we should be aware of how much load this project adds to the Tor network. This means that adding metrics to estimate the extra load that "Freenet over Tor" causes should be high priority here; especially so if we think this is going to rise quickly. How easy would it be to introduce such metrics?
Easy. The Tor seednodes can track unique addresses they see.
That said, in the short term and as long as the extra load is manageable, I think we should welcome this experiment as yet another new hidden service application and see where it takes us. Who knows what kind of use cases might be created through this!
Finally, as grarpamp pointed out, the current onioncat design will fail horribly once we deploy Next Generation Hidden Services (prop224), which will happen in the medium-term future (i.e. in a year or two). You should be aware of this drawback and try to think of ways to make this idea survive in the future :)
Looking forward to see where this goes!
On 6/24/16, konstant@mail2tor.com konstant@mail2tor.com wrote:
Chinese users can reach Freenet again with Tor. China blocks Freenet with DPI for a long time.
This use case is nice to hear. Compared to other networks and attack vectors it's not the best at, Tor has put good effort into and is rather strong at getting around DPI type censorship. Other nets can probably learn something from tor re this.
As Roger suggested, we should be aware of how much load this project adds to the Tor network.
Easy. The Tor seednodes can track unique addresses they see.
Yes any unix packet filter can count this by IPv6 netblock. (Different example, to count tor / i2p clearnet, that needs done by UID.)
Hi, ex-Freenet developer here.
konstant@mail2tor.com:
Is the extra traffic desirable in Tor? Reading asn's comment, I was under the impression that you are interested in adding higher latency traffic such as Freenet or mixnets for better anonymity: https://blog.torproject.org/blog/crowdfunding-future-hidden-services
Running Freenet-over-Tor would not improve Tor's anonymity; it's just running another application on top of Tor. (This and the below also apply for Freenet-over-I2P)
Tor might give Freenet some additional privacy, but I think it would only really be useful in darknet mode:
In opennet mode, this is inherently open to certain Sybil attacks, and it doesn't matter if you don't know your freenet-neighbours' actual IP addresses. These Sybil attacks work on the Freenet layer, against the structure of the Freenet overlay network, and it doesn't matter what you run below it (e.g. Tor). However, you might benefit from having your IP address being hidden from your neighbours, which in this mode Freenet picks unpredictably (to a human).
In darknet mode, you're supposed to connect to people you trust under some "social relationship" (the threat model assumes the connection graph is distributed like a social network). In this case, Tor might be able to partially hide your Freenet social graph, which would otherwise be obvious to anyone sniffing your traffic. But if your Freenet social graph becomes "too similar" to another public social graph (such as your facebook friends, or some other source) then one can do graph comparison attacks to identify your Freenet node as you, even if its physical location is unknown.
What is really needed is some actual careful mathematical modelling and analysis. The stuff I just wrote, are just *wild guesses* and I have no idea if they are *actually true* or not. If people want this field to advance, this is the sort of work that should be happening - research, understanding, and modelling of the theoretical topics involved.
I don't mean to diminish what you did, but simply running A on top of B doesn't mean you get the combined security benefit of both tools. Freenet today is also generally lacking in formal and precise analysis, and it's unclear what the security goals are exactly.
X
-
George Kadianakis -
grarpamp -
konstant@mail2tor.com -
Ximin Luo