In a long thread starting here: https://lists.torproject.org/pipermail/tor-talk/2014-June/033406.html On Mon, Jun 30, 2014 at 3:22 PM, Morgan Smith <tor-exit0@intersafeit.com> wrote:
On 6/28/2014 10:01 AM, Mark McCarron wrote:
Anyway, we have a simple solution to this global view and hidden services. We just implement a distributed hosting solution within the Tor system and end-to-end visibility is gone. I'm nowhere near done sifting through this thread however Freenet may may already provide this kind of functionality. In the spirit of software doing one only and doing it well then perhaps it is good to be handled by a separate project.
If I recall correctly, this subthread was about people getting shuttered because their Apache etc was insecure, and that somehow creating [paid] hosting services for them within relatively general purpose nets like Tor was the solution. News: those services are still open to the same exploits, and still use the same HS mechanism that has potential whitepaper exploits too. Further, he [or whoever OP'd the subthread] did not define what they meant by "distributed' or "removing 'visibility' of one end". Stepping back from the above specific, and re: Freenet... I think someone else mentioned or hinted at layering to enhance things. Yes, interestingly you can in fact layer some systems upon general anonymous transports, especially if they offer IP transport. ie: Use Tor/I2P with onioncat, cjdns, phantom... layer tahoe+lafs, freenet, messaging, Bitcoin, torrent, etc on top. Gnunet, MaidSafe and others I missed probably fit somewhere too. Mash it up however you like. (Excepting where they did not coordinate their collision spaces, such as in IPv6 addressing). It tends to be complex, slow and fraught with timeouts, but some combinations work ok. At some point you must regularly sit back from your own project or usage and take time to categorize all the systems out there, what they are good and bad at, and then admit to yourself (or as a user) whether layering is valid... or more importantly, whether you should merge forces with other projects to, up to and including, scrapping old and writing new projects that provide both user utility and resistance against attacks of interest. Or is your usage the best it can be? Can you in fact create an all in one tool? Or can you create a well defined intersection amongst projects / tools such that their layered sum equals coverage against all attack classes, or the subset you're interested in or subject to. And can you create a similar intersection matrix for the services offered (web, messaging, storage) by such networks. Can you coordinate research, structure and promote projects in such a way as to cooperatively and formally provide a complete set of resistance and services?