How Freenet Users Can Be Traced

Cam's Blog
 USA últim editat: Sun, 07 May 2017 19:36:13 +0200  
Imatge/foto


"Freenet is open source software which lets you anonymously share files, browse and publish "freesites" (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack."


https://freenetproject.org/

Chk keys for static files

are described as very easy to trace since the chk key of a file will always be the same. However an attacker would have to know exactly what file would be uploaded and only the slightest modification to that text file for example would create a completely different chk key.

Usk keys for updatable pages

and ssk keys can also be predicted and traced. These keys are used for updatable Freesites, Freemail, Wot, Fms and Sone identities.

Every time a "content provider" updates a Usk or Ssk an attacker can predict that key and wait to see what part of the network / keyspace the insert will come from. With identities such as Freemail and Sone an attacker can predict the key and wait to see what part of the network / keyspace the update will come from.

The Attack

The Attacker would only need 1 malicious node to participate in the network in order to begin moving closer to the source of a key but using 2 nodes where node A keeps a fixed location in keyspace for reference will greatly improve the effect of this attack.

Router A keeps a fixed location and Router B moves closer to the source with every intercepted insert or request. Closer can be determined by logging which direction in keyspace sends requests or inserts with higher HTL (hops to live) values. If Router A and B never receive the insert or requests they are tracing then they will move in opposite directions until eventually a request or insert is received and this will be the fixed point for router A.

Pathfolding naturally helps the process of moving closer in keyspace but even without pathfolding the attacking node can slowly choose to connect to closer nodes and deny further nodes without raising too much suspicion

Eventually Router B will have found a keyspace that is closest or very close to the source/victim and become the victim's peer. By logging inserts/requests of the victim's node the attacker will have statistical proof / circumstantial evidence of the source/victim IP.

Also posted on Steem: https://steemit.com/security/@camb/tracing-freenet-users


I'm no expert but this is how I understand the basics. Tell me what you think.

#Freenet #Security #Anonymity #Distributed #Hacking #Surveillance
Ideas to elimiate mining pools

Cam's Blog
 USA últim editat: Tue, 02 May 2017 18:23:03 +0200  
Imatge/foto

Large mining operations with massive resources don't seem to be quite in the spirit of a decentralized crypto-currency. Here are just a few random thoughts I had a while ago about how to avoid centralization of mineable coins.

I feel like Bitcoin and Steem for example are not as decentralized as they sound for a few reasons.

Miners with specific hardware quickly outcompete any miner with a regular desktop

It's already virtually impossible to mine Bitcoin for any kind of profit without asic miners and basically free power. Steem is also barely profitable to mine from a cpu and the blockchain is only 10 months old.

The Bitcoin blockchain is currently somewhere around 80GB large

and therefore very impractical to run on any kind of mobile device. Most peole don't even have desktops or laptops these days, let alone their own server. I know. Crazy right? :)
I would feel much more exited if mining were somehow linked tighter to individuals instead of large hardware operations.

As it is now most crypto-currencies are mined almost entirely by a handful of mining pools.

So that boils down to most of the blockchain being controlled by a hand full of companies. It's like the idea goes around in a full circle to recreate what we were trying to avoid.

At least for me, not paying fees to huge companies that make money just because they already have money, is one of the best things about crypto-currencies.

Force to mine

If you were forced to mine in order to perform a transaction then the network could eliminate the need to pay miners. This approach might reduce transaction fees and eliminate the incentive to build massive mining operations that might end up controlling the blockchain.

https://steemit.com/bitcoin/@camb/decentralize-it-eliminate-mining-pools-force-to-mine

#Bitcoin #Steem #mining #crypto #decentralization
Cam's Blog
 USA 
@Hubzilla Support Forum+ I'm trying to learn a little more about how nodes/hubs communicate with each other. Can someone point me to the documentation that explains that?

I'm wondering about what happens when a hub is offline for some time. Will it miss all the posts during that time or will it be able to sync missed posts when it comes back online?
Cam's Blog
  
Great! Hubzilla is an awesome project. Thank you so much.
neue medienordnung plus
  
@Cam's Blog kannst du in ein Paar Sätzen in deutsch eine Beschreibung machen, welche Funktionalität Mike gefixt hat? Ich habe nämlich die  Beiträge von Mike vom 30.04.2017 und 01.05.2017 kaum verstanden. Ich glaube die Sachverhalte an sich sind nicht ganz trivial, hinzu kommt mein verbesserungswürdiges Englisch :|.
Cam's Blog
  
Gerne. Mein Deutsch wird langsam rostig. Ich bin kein Experte aber so habe ich verstanden was er gesagt hat. Falls jemand sieht, dass ich etwas falsch verstanden habe, dann lasst es mich bitte wissen.

In bezug auf meine Frage "was passiert wenn ein Hub/Server fuer eine weile offline ist und ob es moeglich ist fuer den Hub/Server verpasste Nachrichten im Nachhinein von anderen Hubzilla Hubs zu synchronisieren war Mike's Antwort grob:

Hubs veruchen neue posts fuer 3 tage an verbundene Seiten zu senden bevor sie aufgeben.
Einmal taeglich lauft der "Poller" Deamon ("Poller" Programm).
Der Poller Daemon liest taeglich alle Verbindungen von deinen Verbindungen um dir neue Verbindungen vorshlagen zu koennen. Gleichzeitig laedt per Poller Daemon taeglich eine Kopie mit den posts aus deinem "Netzwerk" (Zotfeed). Daher Kann der Poller Daemon moeglich luecken in deinem feed fuellen. "Fallback delivery" ~ "notfall Lieferung"  


Mike sagte erst, dass der Poller Daemon nur oeffentliche posts sychronisieren kann. Kurz darauf sagte Mike, dass er es "gefixt" hat und jetzt auch private posts synchroniziert werden.

Solange eine Seite gut verbunden ist ist es moeglich monate spaeter wieder online zu kommen und gut verbunden zu bleiben.
Cam's Blog
 USA 
@Hubzilla Support Forum+

I am new to Hubzilla and am wondering if it is possible for a Hub operator to abuse the accounts that are on his hub in any way.

I'm thinking it must be possible for the hub operator to make posts as any account on their hub or change profiles.

Am I wrong?
Cam's Blog
  
Thanks. That would be great! Would this only work from a self hosted hub though?
I am not seeing the "manage locations" in my settings.

thumbnail


https://egomemei.com/photos/camb/image/bf50569a88bc37ec8c2ead561d2b26c27585340c1e2da7eca6d3a6aab16cf826

Maria Karlsen
  
I think you need to enable custom/expert mode to see #manage locations". Oh and you'll need more than one location.
You don't have to be an admin to use this feature, but I think(!) you need to do it from your main location and not from a clone. (You can switch freely betwen clones to choose a new main location at any time).
Cam's Blog
  
Wonderful. Thank you! I will have to install my own Hub soon. Excitement reignited! :)
Cam's Blog
  
Cam's Blog updated their profile photo

Imatge/foto