[ExI] possible scheme for privacy
Harvey Newstrom
mail at harveynewstrom.com
Sun Jul 20 16:52:37 UTC 2014
On Saturday, July 19, 2014 9:37 PM, Angel Arturo Ramirez Suárez wrote,
> Hello new here, actually the privacy concerns have been addressed. The
> hacker community is working on a project called Meshnet which aims to
> create a new internet from the ground using a protocol called CJDNS.
Welcome! It is always enjoyable to see new faces discussing complicated technology. I tend to go through long periods of inactivity on lists such as these. But seeing new faces and hearing new discussions always rekindles my interest.
Meshnet is a very good effort, but still has some ongoing security issues that need to be addressed.
The FAQ says the protocol used by Meshnet "is not anonymous, nor is it intended to be."
(https://wiki.projectmeshnet.org/FAQ#Is_Cjdns_anonymous.3F)
There are also many other problems documented with the Meshnet protocol. The white-paper says, "Not every problem listed has an existing solution and of the ones which do, many of the solutions are based on incompatible technology."
(https://github.com/cjdelisle/cjdns/blob/master/doc/Whitepaper.md#user-content-so-the-problems-are-already-solved )
So this solution is not complete yet. But it is definitely good work and headed in the right direction!
Much like TOR and BitCoin, it suffers from the same flaws of any distributed or reputation-based system. A large highly-funded far-reaching entity (such as a government agency) can create a lot of fake anonymous entities in this system to track users, out-vote reputations, and generally control the whole system. Although this is the exact right approach, which I support, encryption will never "solve" the problem. It is more like an arms-race which merely delays the other side.
In TOR, a far-reaching entity can monitor a very large number of ISPs and exit nodes to match traffic patterns between the sender (real IP and encrypted message) and the TOR exit node (fake IP and unencrypted message) to link the real IP with the unencrypted message. Although TOR is generally safe, there is no way to prevent a big enough monitoring system from catching everything.
(https://en.wikipedia.org/wiki/Tor_(anonymity_network)#cite_note-torproject-fail-both-ends-32)
In BitCoin, anybody can claim a bitcoin mere seconds after somebody announces it. The community of BitCoin nodes vote on whose claim they saw first. But a well-funded entity can create a large enough number of nodes in a single group or on the fastest backbones such that they can out-vote everybody and claim any BitCoin they want.
(http://www.extremetech.com/extreme/184427-one-bitcoin-group-now-controls-51-of-total-mining-power-threatening-entire-currencys-safety)
Also, the afore-mentioned monitoring of TOR also can be applied to BitCoin to link the real IP with the emerged BitCoin announcement.
With monitoring recording most internet traffic, I predict that most of these encrypted messages will be archived, eventually cracked, and possibly published one day. So I tell my clients that encryption is not a long-term solution. It is merely a delaying tactic for now. I never put anything on the wire or in the air that I want to keep secret indefinitely. I only use encryption to hide information for a short delay.
--
Harvey Newstrom www.HarveyNewstrom.com
More information about the extropy-chat
mailing list