On Sun, May 21, 2017 at 09:50:04PM -0400, grarpamp wrote:
On Sun, May 21, 2017 at 6:55 PM, Steven Schear <schear.steve@gmail.com> wrote:
What I meant, if you are holding and sharing an entire file of some really sensitive content and depend on networking technologies known or assumed to have flaws which can expose your IP address you have relinquished ability to deny it.
Yes, if the file isn't encrypted, of if rubberhose decrypt policies are in effect, and the pointer to your node strongly confirms presense or leads to inspection.
For the next Manning wikileaker (or leak seeder), is the problem space of "number of known trusted peers in a chaff-filled link network model required for 'reasonable protection' against 5-eyes global passive network monitoring" known? Perhaps rather than "peers" do we need to go to "#N trusted peers each with at least #M trusted peers other than myself"? What about for "global active network monitoring"? Another way to view this same question: Up until now there has been a presumption by some that with the five-eyes global network monitoring (whatever specific form it presently bullies) to be reasonably countered, that some level of neighbour to neighbour (street level, physical) network of the people is required. Is the case or not? Without being able to at least discuss the problem space reasonably succinctly, it feels like we're grasping around at straws in the dark. We know the general problem space, next step, can we reason about it and make any conlusions?
Whereas is this content has been published, using something like Freenet, so no single user of the content distribution system has more than a fragment of that content and what they each have is not only encrypted (and you don't have the key) but its bit interleaved and your software has no idea what part(s) of the content you hold nor where those other parts reside (for that your software must possess the file's "treasure map" which can be closely held). This offers good plausible deniability.
Sure. File sharding is interesting obfuscation defense in depth, but has *lots* of overhead. If the network is "flawlessly" encrypted and anonymous, as well as the disk storage managed by its nodes, it's probably not needed... users can insert / fetch, or run nodes, safely.
Descriptions also depend on if the design provides both transport and user application all in one (Freenet, Mojo), or just rides on top of an already secure transport network (Ricochet over Tor, IRC over I2P).