headers
David McNab | 1 Jun 2006 02:25
Picon
Favicon

Re: freedisk discussion (was: immediate priorities)


Thanks for the questions Matthew,

Matthew Toseland wrote:
> Okay, so:
> - You can keep it on disk, just encrypt it with an ephemeral key. (In
>   the long run).

Still thinking of that one. Present plan is RAMdisk-only, with the need
to 'commit' it to Freenet.

Please note that I'm looking to provide some shelter for users in
mandatory encryption-key disclosure jurisdictions, such as the UK.

The test scenario is:

 - police confiscate your PC

 - police go through all your files, and demand encryption keys for
   any files that appear to be encrypted

 - if you can't offer a technically plausible explanation for the files
   not being cleartext, you're looking at 2+ years' jail

So any freenet application, IMHO, must offer strong protection against this.

To address this need, I'm planning to add encryption, where if users
install the optional python package 'SSLCrypto' (refer
www.freenet.org.nz/python), they'll be able to encrypt their private
keys and stash them as
(Continue reading)

Permalink | Reply | 33 comments |
headers
Colin Davis | 1 Jun 2006 09:57

Javascript Disconnect?

In looking at SinnerG's automatic reference adding script, it occurs to 
me that there is a threat in the combination of the darknet and 
automatically running on port 8888...

Couldn't a internet website utilize Javascript to connect to 
localhost:8888 of each user (utilizing an iframe or such).

In doing so, they can connect to, and gather information on, every 
freenet user who visits their site...

Tey could harvest everyone's network connections (building a map of the 
network), as well as change configuration options, or disconnect nodes.

This seems like a somewhat signifigant problem.. Thoughts?

-Colin
Permalink | Reply | 31 comments |
headers
Florent Daignière (NextGen$ | 1 Jun 2006 10:11

Re: Javascript Disconnect?

* Colin Davis <Colin@...> [2006-06-01 03:57:27]:

> In looking at SinnerG's automatic reference adding script, it occurs to 
> me that there is a threat in the combination of the darknet and 
> automatically running on port 8888...
> 
> Couldn't a internet website utilize Javascript to connect to 
> localhost:8888 of each user (utilizing an iframe or such).
> 
> In doing so, they can connect to, and gather information on, every 
> freenet user who visits their site...
> 
> Tey could harvest everyone's network connections (building a map of the 
> network), as well as change configuration options, or disconnect nodes.
> 
> This seems like a somewhat signifigant problem.. Thoughts?
> 
> -Colin

We can't prevent people from their own stupidity :)

Of course it's feasible : Your node should be sandboxed and NOT
accessible when you're browsing the "normal" internet. that's all :P

The easiest way to "prevent" such harmfull behaviour would be to have
some kind of authorization scheme when doing "potential" harmfull
operations ... that would preclude any kind of automation... And
according to Ian, that's not a goal we should try to achieve ;)

NextGen$
(Continue reading)

Permalink | Reply | 10 comments |
headers
David 'Bombe' Roden | 1 Jun 2006 10:19
Picon

Re: Javascript Disconnect?

On Thursday 01 June 2006 10:11, Florent Daignière wrote:

> The easiest way to "prevent" such harmfull behaviour would be to have
> some kind of authorization scheme when doing "potential" harmfull
> operations ... that would preclude any kind of automation... And
> according to Ian, that's not a goal we should try to achieve ;)

We could let the user confirm deletions so that nobody can delete 
connections from the outside... but that doesn't help against 
harvesting.

> NextGen$
> (Convinced too that the reference auto-adder is EVIL!)

	David (is with toad & NextGen$ on the auto-adder issue)

_______________________________________________
Devl mailing list
Devl@...
http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Permalink | Reply | 1 comment |
headers
Colin Davis | 1 Jun 2006 10:19

Re: Javascript Disconnect?


> We can't prevent people from their own stupidity :)
> 

No, but we can raise the barrier of entry-
For instance, on Windows, most people run as the Administrator all the 
time... Linux/OS X requires that users use su or sudo before writing to 
protected files.

I think freenet can have a similar behavior- By implementing a quick 
HTTP auth on fproxy, it avoids the harvesting problem, as well as 
avoiding node autoloaders like the one mentioned before.

It's also possible to auto-randomize the fproxy port, but I don't think 
the inconvenience that causes is worth the benefit, when better 
solutions exist.

Http auth, plus a warning advising people to /never/ give out their 
username/password, should help. And if it doesn't... At least it raises 
the barrier to entry.

> And
> according to Ian, that's not a goal we should try to achieve ;)
>
I would point out that people can add automatically references NOW, 
trivially, by going through fproxy.

I have Ubernode.org set up to automatically add references to itself, 
and it didn't take a whole lot of effort. (It's a neat experiment. Check 
it out ;) http://ubernode.org )
(Continue reading)

Permalink | Reply | 7 comments |
headers
David 'Bombe' Roden | 1 Jun 2006 10:22
Picon

Re: Javascript Disconnect?

On Thursday 01 June 2006 10:19, Colin Davis wrote:

> Linux/OS X requires that users use su or sudo before
> writing to protected files.

Meanwhile I've seen too many users working as root only because they 
don't want to have to su all the time. :/

	David

_______________________________________________
Devl mailing list
Devl@...
http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Permalink | Reply | 0 comments |
headers
Dave Baker | 1 Jun 2006 12:58

Re: Javascript Disconnect?

On Thursday 01 June 2006 09:19, Colin Davis wrote:
> I think freenet can have a similar behavior- By implementing a quick 
> HTTP auth on fproxy...

Unfortunately it wouldn't work if the user had logged in to FProxy and not 
closed their browser since. At least, my browser will happily send the auth 
credentials even if it's being post-ed to by a form on a different domain. 
Likewise, if you gave the user a cookie, the browser would just send the 
cookie. You have to ask the user for authentication every time they added / 
removed a node, or similar, which would get annoying very quickly.

Even so, there's still the risk that any website can tell that you're running 
Freenet, even if they can't tell who you're peered with. Just getting a 
connection on port 8888 gives away information that Freenet is designed to 
hide.

> 
> It's also possible to auto-randomize the fproxy port, but I don't think 
> the inconvenience that causes is worth the benefit, when better 
> solutions exist.

This would help, and I'd expect the norm to be that people will find the node 
homepage through a desktop shortcut or something, in which case you just 
point the shortcut at the right port. It's still security through obscurity 
though.

Given that we have an encrypted darknet protocol specifically to mask the fact 
that users are running Freenet, it's a serious problem that any website can 
discover this fairly trivially. Unfortunately I'm not sure what the solution 
is.
(Continue reading)

Permalink | Reply | 2 comments |
headers
David 'Bombe' Roden | 1 Jun 2006 13:35
Picon

Re: Javascript Disconnect?

On Thursday 01 June 2006 12:58, Dave Baker wrote:

> Even so, there's still the risk that any website can tell that you're
> running Freenet, even if they can't tell who you're peered with. Just
> getting a connection on port 8888 gives away information that Freenet
> is designed to hide.

There's a lot of software that has an httpd running on port 8888 as 
default port. That information alone will not suffice.

> Dave

	David

_______________________________________________
Devl mailing list
Devl@...
http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Permalink | Reply | 0 comments |
headers
Richard A. Hecker | 1 Jun 2006 16:40
Favicon

Re: Devl Digest, Vol 9, Issue 1

> From: Matthew Toseland <toad@...>
> Subject: [freenet-dev] Yet another mandatory build: 765
> 
> 765 is mandatory. 764 seems to have been helping with backoffs.
> Apologies for the disruption, but it is a weekday :) and this will not
> be a pattern in the future. Brief periods of chaos are sometimes
> necessary. And we are still an alpha.

When this is said year after year after year, it looses meaning.  It 
begins to sound just like an excuse.

Richard
Permalink | Reply | 1 comment |
headers
Matthew Toseland | 1 Jun 2006 18:47
Picon

Re: [freenet-cvs] r8965 - trunk/freenet/src/freenet/clients/http

Good. ALL threads in Fred MUST be daemonized from now on, except for the
one non-daemon keepalive thread.

On Thu, Jun 01, 2006 at 09:46:29AM +0000, bombe@... wrote:
> Author: bombe
> Date: 2006-06-01 09:46:25 +0000 (Thu, 01 Jun 2006)
> New Revision: 8965
> 
> Modified:
>    trunk/freenet/src/freenet/clients/http/Spider.java
> Log:
> daemonize plugin starter thread
> 
> Modified: trunk/freenet/src/freenet/clients/http/Spider.java
> ===================================================================
> --- trunk/freenet/src/freenet/clients/http/Spider.java	2006-06-01 06:42:13 UTC (rev 8964)
> +++ trunk/freenet/src/freenet/clients/http/Spider.java	2006-06-01 09:46:25 UTC (rev 8965)
>  <at>  <at>  -57,7 +57,7  <at>  <at> 
>  	private final HashMap urisByWord = new HashMap();
>  
>  	// Can have many; this limit only exists to save memory.
> -	private final int maxParallelRequests = 200;
> +	private final int maxParallelRequests = 20;
>  	private int maxShownURIs = 50;
>  
>  	private Node node;
>  <at>  <at>  -418,11 +418,13  <at>  <at> 
>  		for (int i = 0; i < initialURIs.length; i++)
>  			queueURI(initialURIs[i]);
>  		stopped = false;
(Continue reading)

Permalink | Reply | 0 comments |

Gmane