EFF Promotes Freenet-like System Tor 379
The submitter continues "It also allows you to install Tor-aware apps, such as an HTTP proxy (for private browsing), or maybe private P2P? Unlike Freenet, it doesn't use massive encryption (as far as I can tell) and relies more on something called onion routing to randomly bounce requests between other Tor proxies, thus obfuscating the IP of the original client. So it allows you to browse regular Internet sites! Maybe it should be considered more of an 'open-source' Anonymizer? But I don't know if it's actually Open Source - you can download the source (and compile it yourself) but I don't know if the developers are letting anyone else touch their code. They are, however, looking for contributors and other forms of help. And, finally, they're hoping people will start running Tor servers!" It's open source, however contributions are handled.
Re:Solutions are simple. (Score:2, Insightful)
Re:Solutions are simple. (Score:3, Insightful)
Nice idea, but tough in practice.
Double dipping (Score:4, Insightful)
Right... (Score:5, Insightful)
You are in for a world of hurt if you run a TOR node. Since you are perfectly aware of all plain HTTP requests your node makes, you are likely to stand trial for contributory copyright infringement, import/export/distribution of child porn, conspiracy to [whatever] and so on. Since I assume by default it doesn't log anything to give you someone to blame it on, they pin it on you.
I would honestly never run a TOR node. If I did, I would firewall it to only allow connections to other TOR nodes, i.e. be a pure leech on the network. Anything else is to expose yourself for a wide range of legal disasters. Freenet had this right. You must not know what you are transmitting. This idea is fundamentally flawed and I'm amazed that the EFF would support it.
And beyond that, from the brief techincal discussion, you have a single point of failure in the directory server. Gather a small botnet, compromise the server and present the botnet as the routing nodes. You control all the keys, you decrypt everything. Or just a simple DDoS attack, so you don't find any nodes to route through. Overall, I'm not impressed.
Kjella
Re:pros and cons (Score:2, Insightful)
Does AIM and MSN user = Terroist?
No.
But they can very easily use such software can they not?
What about Planes? Maybe we should stop using planes.. I mean terrorists can use them to fly into our buildings.
Why are you drawing the line at this piece of software? Where should this line be? The further it goes into our freedoms...
Re:Right... (Score:3, Insightful)
So you don't mind transmitting the child porn, you just don't want to be associated with the transmission.
Re:the problem with Freenet (Score:5, Insightful)
Relative anonymity isn't inherently destructive - nor is the anonymity offered here absolute. Conventional methods of online social investigation will still catch the people you imagine, as there is still a source and destination. With child crimes in particular, the investigation should move offline as soon as possible anyway as soon as suspicions arise.
People who attack and cruelly manipulate children deserve punishment - the rest of the world does not need to close entire realms of technology down for the sake of that punishment. The nerds of the world shouldn't be forced to think about punishing criminals when they make their tools any more than car manufacturers.
Ryan Fenton
Re:Scalability (Score:1, Insightful)
The question is, can you get other important properties for your system that you cannot get with tor, and for many users the answer will be no, tor is all I need. Some users may need stronger anonymity, searchability, distributed storage, better economics or whatever, but scalability -- come on, do you even believe that yourself?
Re:Question about Tor (Score:4, Insightful)
Re:the problem with Freenet (Score:4, Insightful)
Tell me this. How many child pornographers are busted when someone trades illegal pictures? Not illegal picture-traders, the actual people who TAKE the pictures?
By blocking the flow of information, you can only bust the picture-traders. And you get a nice excuse to bust anyone else whom you can reasonably define as a "terrorist" or other undesirable.
Bust the guys taking the pictures, at the source. When you get a kid who's been abused in this way, they can lead you to the picture taker.
The excuse of "needing better tools for law enforcement" is very often used as an excuse to abridge civil rights.
Child pornographers are bad. And should be stopped wherever their found. But I'm not ready to accept that we, as a civilization, can afford to eliminate anonymous speech. When we have better rules (that are enforced) to protect whistleblowers and dissidents, then maybe we can do away with anonymity.
Re:the problem with Freenet (Score:1, Insightful)
In what sense have you helped these criminals? Have you donated bandwidth and storage space to them? Only very indirectly. You have donated bandwidth and storage space to an entire network, a network that can be useful to anybody. Yes, "anybody" includes violent pedophiles and terrorists - but by the same token, should WalMart close its doors, because it sells food to anybody, even the bad guys? Closer to the issue at hand, if you worked at an ISP, would you try to ban encrypted tunnels, which are beneficial to not only society and commerce in general, but also to terrorists, dirty hippy pirates, and child porn distributors? At some point, you have to draw a line and say, "He did something wrong, whereas he just provided a service which could be abused." If common carrier status doesn't provide a moral defense, then we in the technology field all very evil people.
Finally, as I'm sure you would agree, people need to consider the consequences of their speech. If every time someone mentions Freenet on Slashdot, you write an essay equating it with child pornography, then you are, in a way that's every bit as real as uploading other people's encrypted possibly-child-porn data, promoting the distribution of child porn on Freenet - you encourage pedophiles, or even just curious /.ers (many of whom clicked goatse after knowing what it was), to see what disgusting filth Freenet has to offer, while scaring away the many people who would otherwise use Freenet for legal and moral purposes.
AC because I really don't want to get into a debate about this, as I probably can't change your mind, nor you mine.
Re:the problem with Freenet (Score:3, Insightful)
Thanks for the reasoned reply.
I don't disagree that Freenet is a tool, but I'm not sure all factors are equal in judging tools. We could compare to Kazaa, which does trade legitmate files... but trades scads of pirated material. Kazaa may trade many pirated files, but the relative harm is far less. Copyright infringement isn't in the same ballpark as child molestation... the law recognizes this with the vast difference in their respective penalties. The amount of harm (and type of harm) with Kazaa can be argued either way... I don't find Freenet to be nearly as grey.
Admitted, the Freenet choice is binary; install it and tolerate the content, or not. However, I don't find free speech as an issue to be so black-and-white (that'll bring on the flamewar). Like most things, one needs to apply the doctrine of competing harms.
Everyone makes choices for themselves based on their own risk/benefit analysis. Cars and firearms inarguably cause thousands of spectacular deaths every year... yet if you really crunch the statistics, most guns are used to punch holes in pieces of paper, and most cars are tranportation devices rather than deathmobiles. My feeling is that the positive balance of content on Freenet is far less clear. If there's one legitimate persecuted speech document on Freenet, does that mean we tolerate 10000 pieces of child porn? That scale doesn't balance for me... but that's me, particularly when there are other ways to distribute that content without the baggage.
I don't disagree with the existence of the tool... just one particular use of the tool. The choice being all-or-none, I couldn't justify a node for myself... I'm not saying those who set up those nodes are evil or amoral... just that their scales balance a little differently than mine.
Re:the problem with Freenet (Score:5, Insightful)
Re:Right... (Score:3, Insightful)
So, which is better:
1. Guilty get off free. Innocent sent to prison.
2. Guilty get off free. Innocent get off free too.
Clearly it would be better if we could block garbage like this altogether, but nobody has come up with a good way of doing that...
Re:the problem with Freenet (Score:1, Insightful)
Freenet's purpose isn't so much to communicate as it is to guarantee that those doing the communicating can't be held accountable for their communications.
So Pedophile #1 posts the money shot of Little Timmy and his pet basset hound on Freenet and calls up Pedophiles #2, #3, and #4. #2, #3, and #4 send PayPal payments to #1 for "Goods/Non-Auction", whereupon #1 gives them the URL to the goods. Here, Freenet has facilitated a transaction that goes beyond mere speech. It still shouldn't be suppressed, but it can't be confused with a telephone or other means of accountable (to law enforcement) communication.
Child Porn Crusade! (Score:1, Insightful)
The children will forever be at risk until the root and means of Child Pornography is removed.
Ban Photography! Ban it now!
"There is no such thing as a legal right to create, possess, or distribute child pornography."
Such wise words deserve ACTION!
Write your congressman! Sue Kodak, Sony, and Panasonic into the ground!! If they don't stop making the tools of child pornography then they are complicit in this scheme to expoit our children. They are the evil behind the Multi BILLION dollar enterprise that is Child Pornography.
Look at how a phone camera corrupted these innocent 16 yr olds [washingtontimes.com]. If it were not for the camera insidiously installed on the boys phone, he never would have recorded his consensual 2.37 minute oral session with his girlfriend. It is clear, clear as day, Child pornograpy will exist until the blight of photography is wiped off the face of the earth.
Some may say that Anonymous Photography is NOT child abuse; it's just photography.
I say the child might beg to differ, when images of her rape are distributed over the net.
Please, I beg of you, think of the Children.
Re:Spies need anonymity too... (Score:3, Insightful)
Incorrect, although it can be challenging. For the sake of argument assume the NSA (our hypthetical attacker) has a Carnvore logging activity into and out of every ISP. They can therefore observe the existance, and perhaps size, of every packet between every node in the network, even if they cannot decrypt them. It also means they can observe the timing and pattern of such packets.
It can be possible to correlate existance, timing, patterns, and perhapse sizes, of (unknown encrypted) packets at one point with the existance, timing, patterns, and perhapse sizes, of packets (possibly unencrypted) at some other point.
Perhaps you check your anonymous Hotmail account every morning at roughly 9-something AM. Perhaps some morings you download really large attachments resulting in particularly large traffic. On some other morning you've gote the flu and don't use the network at all. They take the pattern of known traffic to the Hotmail website and run a pettern match against traffic patterns recorded at every single node in the network. And with each cluster of activity they manage to match up with a source, the smaller the unknown dataset becomes and the easier it becomes to match up each other outbound plaintext with a source internal node.
And if an ISP happens to be down for a day, well that gets them tons of info. For every data group that is active that day (for example various Hotmail accounts), they can exclude every user of that ISP as candidates for matching each of those datasets. And if you personally are connecting and disconnecting from the network then your connection patterns can easily be correlated with patterns of observable activity coming out of the network.
The main defense against such attacks is that you must remain connected pretty much constantly, and that the network must keep the flow at each link in the network at a constant, by padding real packets with dummy packets to keep the pipelines "full" and constant. Unfortunately it's rather costly to keep every single link running at max capacity with tons of garbage packets.
And if the NSA can meddle in the ISPs then they can twiddle the latancy for various nodes to potentially probe which encrypted nodes are responsible for which observable activity.
And the NSA can join the network themselves, running a signifigant number of servers. If your data happens to route completely through their trojan servers then you're sunk. And even without that total compromise, they get tons of information for narrowing down the possibilites and teasing out the consealed connections.
It's just one giant puzzle, and each peice and each clue helps fit the other peices into place.
The good news is that a well designed TOR network will be pretty damn secure against all but the most resourcefull attackers like the NSA who could conceivably log and analize data from a thousand covert points. On the otherhand if you are a casual user routinely connecting and disconnecting from the network, and you are already specifically under suspicion of specific visible activity, then your encrypted accesses can probably be trivially matched against the dates and times of the target activity.
-
Re:Free-as-in-beer does not make it legal (Score:3, Insightful)
I didn't say that. But, ethically speaking, free-as-in-beer is better than giving-money-to-child-abusers.
Put yourself in the place of the child, her guardians, her counselors, and ask if you would want still photos and videos of her rape to be broadcast over the net
Of course not. But this is Freenet. 99-to-1 odds the child is never going to know. As such, he/she isn't harmed by their presence.
You haven't considered the possibility that the child might be identifiable and still at risk. You view her anonymously but do nothing to help
What exactly would you suggest one do if they saw a child porn pic? Go running to the nearest police station? "Hi, officer, I was browsing child porn and I found this one kid. Can you locate her/him?" Not only is it quite unlikely that the kid (probably in a different country) could be identified, you'd probably wind up in jail in the process.
I'm not claiming that distributing child porn on Freenet is ethically squeaky-clean. But I can think of a million things that would concern me more about running a Freenet node, such as the potential for illegal activities (such as terrorist plotting) that actually do tangible harm to people.