Freenet's darknet mode requires that you only connect to friends you trust. But operationally, what is meant by "a friend you trust"? What should a friend do or not do for you to enjoy the added safety of darknet? How should you choose your friends?
As described in the Freenet threat model, Freenet's anonymity protection requires that the attacker be distant. Therefore, it requires that the friend not be the attacker nor become under control of the attacker.
Unfortunately, in the worst case, this is an unrealistically high requirement (and the point of Freenet is to guard against the worst case). It requires that the friend be resistant to any form of social engineering that the attacker might perform, including torture and psychological manipulation. It also requires that the friend's computer not be hackable by any technique the attacker might try against it, including spear phishing and unreleased 0-day exploits. Realistically, both of these are impossible.
The glimmer of hope is that the attacker is distant from the friend. The attacker can only start working on the friend after the attacker has discovered the friend's identity or the friend's computer, which might require serially compromising many darknet links before reaching him or her or it.
Having many friends decreases security. If any one of your friends is turned against you, your anonymity will be blown. But having many friends increases the robustness and performance of the network, so it is a difficult tradeoff. A given user might not have enough information to make a good decision about this tradeoff.
The tradeoff consideration extends to whether to befriend someone who has many friends (assuming you can get access to the friend count). Such friends might decrease the distance to the attacker (but are good for the network). Your safety depends on your friends being able to avoid befriending the attacker.
Freenet's threat model requires that the attacker be distant. Unfortunately, for a small-world network, no one is distant.
No comments :
Post a Comment