[Freedombox-discuss] Freedombox Mesh Network Simulator

Sam Hartman hartmans at debian.org
Fri Jun 22 19:49:50 UTC 2012

I'm having a hard time wrapping my head around the security implications
of this discussion.
I think that's in part because  goals like
censorship-resistant-connectivity and privacy seem in conflict.

To the best of my understanding these routing protocols have not been
designed with  the goal of preventing a malicious party from capturing
(that is observing and possibly modifying) traffic that party is
interested in.

Encryption and integrity protection can defend against modification
assuming that is supported by the protocol in question. Services like
VPN tunnels or TOR can be used to get enthcryption/integrity protection
across the mesh when accessing services that support Internet but do not
themselves support integrity/confidentiality.

However, finding out what services someone is accessing is also a
concern as well as monitoring access patterns and the like.
These mesh technologies seem to present  huge issues in that direction.
Combining mesh technologies with things like TOR doesn't make these
issues go away; it does make them harder to analyze.

As I see all these conflicting requirements I become increasingly
concerned that it will be difficult for technical folks to understand
what security and privacy properties a Freedom Box actually provides. I
think conveying that to an end-user may be beyond our capability.

One thing that might be valuable to do at least for designers of the
system to understand it is to focus on making available the best in
privacy-defeating technology we can. That is, make it easy to find all
you can about people using your mesh node, to combine that with others
who are willing to share privacy-defeating  information with you,
etc. The goal would be to understand what the practical attacks and
exposures are with various technologies we're using as we are combining them.

More information about the Freedombox-discuss mailing list