[Freedombox-discuss] Package Lists and Configuration
Nick Daly
nick.m.daly at gmail.com
Fri Feb 8 14:49:29 UTC 2013
On Fri, Feb 8, 2013 at 5:23 AM, Johan Henselmans <johan at netsense.nl> wrote:
> Sorry for taking so much time. I am just trying to come up with
> scenarios that might compromise the whole effort. The subkey
> approach seems to be fine.
Please, please do! Apologies if I came off defensive or
irritated, but I've been trying to poke these same holes in my
arguments, myself, for months now...
Is there anything that stands out as problematic? THS should be
difficult to pinpoint, physically, especially if you have
multiple boxes with the same THS id that are geographically
distributed: when one goes down, another one will pick up the
slack. Talking to all of them at once seems appropriately
impossible. I still need to read up on the spec and its
implications more, though.
A reasonable solution could be that you have multiple boxes
sharing the same THS id. Every 5 minutes or so (on changes),
they'd sync up their FBuddy service list, so that they're always
in sync. No, the infrastructure isn't there for that yet, and
you'd need multiple addresses so each box could address every
other box, individually.
...But, boy is that a lot of set up for the average user.
> Sorry, I meant purely on an IP-level. Organization suspects
> unwanted stuff regarding organization going on, tracks
> Tor/Gnunet servers inside area on which it exerts power, then
> takes over routers before Tor/Gnunet server, pinpoints
> Tor/Gnunet boxes.
That seems like a valid concern. That's actually why I punted on
the networking aspect: other folks will do it better than I
could, so this is the best we have. I suspect it should be
enough but, again, I need to get into the research.
> I was thinking of a mesh network (wifi, 3G, Zigbee) of
> dirt-cheap boxes that might be randomly distributed to
> locations, turned on and off in a random way to prevent
> triangular pinpointing to make it harder to get to the users
> box. Perhaps tor/gnunet servers configured in such a way would
> already do the trick. I am not familiar with the build-up time
> of a tor network, if that would be feasible. I have just bought
> some extra Raspberries with Wi-Pi wifi plugs (next to my
> dreamplug, ionics stratus/guruplug) and some other el-cheapo
> hardware, and could do some testing, if it is worth the effort.
>
> Or has somebody already been doing some testing on such a
> setup?
Such testing would be welcome. If you have time, please reach
out to the MLab folks.
> Something unique one might have and something one might know, I
> was always taught would be the combination. I'll see if I can
> get a smart card reader of some sort running against the
> dreamplug setup, and try to get some pgp/opensc running against
> that.
The biggest problem I can see is the service combination. Each
service leaks its own details and, if you leak the right
combination of details, you're identifiable. One service might
not be enough to guarantee consistent message delivery, though.
Nick
More information about the Freedombox-discuss
mailing list