Crypto Network HW Links, Anti Vampire and Sybil Nets, Actors Everywhere
If the state is out to get you I'd just assume that everything arround you is rooted and a wire tap and act accordingly.
Doesn't have to be anyone doing anything wrong. Anyone following geopolitics knows that surveillors can reap just aggregate spying and turn that into realtime influence messaging to their own purpose. "Looks like a lot of overlay users are visiting a node known for artwork. Let's craft on that." "Cryptocurrency rising... Let's craft that." "Here's todays daily statistical and Markov report... Craft it."
assume that everything arround you is rooted and a wire tap
Is this not entirely possible for all users of technology around the globe today? Snowden and everyone else before and since told you that you're all being tapped, datamined, controlled, and used. But most still don't believe it, or do anything to directly end it, all you do is drop some tools, while leaving all the taps, entities, activities, policies, still in place. Oops. Recall that you have all still started up exactly ZERO projects that are combining all these elements... #OpenFabs , #OpenHW , #OpenSW , #OpenDev , #OpenBiz , #OpenAudits , etc So you still clearly have zero knowledge of what's actually in your CPU's, your NIC's, your storage, your networks, or any reason to explicitly trust them. You're all April's Fools still stupidly placing faith in secrets [1] even after endless stream of their lies exposed by exploits, be they cataloged by CVE or even network TV news. [1] Be they commercial, [geo]political, etc.
Be they overlays on top of the internet, enhancements to the internet, or new guerrilla physical plant...
That process of people contributing to original and ongoing development of new strong networks that are not susceptible to such Basic Bitch Adversaries as Global Vampires, is something more should consider.
Indeed, we'll get there eventually. I am just a guy that made a thing because I thought it was cool.
Yes. Hopefully more will see the need to make cool and different things that can all be competed, evaluated, merged together, and even happily and graciously abandoned and joined up for the next where needed, in order to help get everyone there. This applies outside the Tubes as well.
Same for likely figuring out how to get the deployment Social aspects right so you can circle the network wagons against Sybil.
Let the record show that I am not the one making the sybil resistance claims it's the coin team that is. I doubt them as well but I am open to being surprised. I orignally had another model in mind for mitigating bad actors on the network that I still plan on implementing (eventually) Effectively it's a f2f mesh connectivity layer to help hide traffic shape.
There's certainly no lack of pure f2f, or p2p dht, or central, or hybrid tools out there in history. Models, threats, and use cases all being tested and mashed together is good, and fun to do :) Sybil is extremely hard to protect against and root out, since all Sybil needs is Money, and an Excuse to be there. As noted in tor lists since years, the solution to Sybil might not be as complete with only "in network" methods. It will more likely require at least some in real life Web of Trust, Humans asserting over the nodes they run, the software analysing that web, making node selections based on that metadata. "I know her, she works at the store, he's at my meetup group, they're a local company, etc...", and so on, a mesh of persons to persons, running nodes and fiber, all around the planet. You're probably going to need to force Sybil to become a verifiable IRL Human Being... because right now all she needs is money, and her bags are full of it. In a 1 million node network, if half of the nodes are from WoT verified humans, each human runs 10 nodes, and only 50% the users prefer to make exclusive use of the WoT... that's 25k unique logical nodes now showing themselves as being more than just a completely anonymous potentially adversarial [point] source of money renting out boxes around the globe. Can 2.5% of the nodes making up any of todays transport, cryptocurrency, or application network overlays be said to be sufficiently trusted? Do any even need to be? In addition to signing human WoT data in the network layers, you could also start pushing analysis of node metadata into subscribable routing metrics... where are the nodes located, OS, uptime patterns, spec conformance, degrees of WoT such as non IRL nyms, and how strong each asserters verification and assertion policy framework is, etc. All of this and more could raise Sybil's cost and exposure risk qute significantly, perhaps to futility. Everytime the Sybil WoT subject hits the lists it's met with abject silence [or "Johnny can't..."] Is this due to fear of associating with a node (or trying to protect the node by not associating) such that if the node is taken down the operator can walk away or redeploy anon elsewhere? Is that not what Zero Knowledge is for, to allow everyone immunity to say "It's just bits, we have no knowledge or control"? Are advancements toward solving Vampire and Sybil really thought that horrifically "unusable" and "costly"? Or that some won't find them perfectly acceptable? Are the elevated levels of technical, philosophical, educational, and operational participation potentially required all nodes and any solutions thought to be impossible to achieve? Is it easier to just skate by on the odds and continue throwing the victims under the bridge as acceptable losses?
I am not arrogant enough to claim to be able to repell state actors from sqaure one.
Not meaning to have refer to Loki, or any project, but to all nets... We know that, other than routine protocol, code, and human exploits (those three all still being quite sufficient at times), adversaries remaining credible tools against Overlay Networks themselves seem to be Vampire and Sybil. And fake Law, no? It's not only State Actors... any global, regional, or even local tier-n ISP can be an adversary partner Vampire... all you need is to be, or have access to, some pipes... and a willingness to be, or be friendly to, some power, or to wish to gain from your own Vamping. And any NGO or person can be a Sybil... all that takes is money, and in many cases, amusingly little. When head down in code and ops, a bit of talk on the metas is good now and then. Mine should of course be disregarded entirely.
Can 2.5% of the nodes making up any of todays transport, cryptocurrency, or application network overlays be said to be sufficiently trusted?
Do any even need to be?
Yes. Your own user device to start with. Single net entry node for you? That node becomes the source of potential betrayal. So one must distribute entrustment across >1 nodes to reduce exposure to betrayal/ increase the cost of betrayal. Even where I trust you in meatspace and agree to use your node for network entry, if hardware or any key piece of the software stack is 0wn3d by anyone other than you, your node is not trustworthy. Where most, or most likely all current HW is 0wn3d by our unfriendly GPA TLA adversaries, the best we can achieve (with work yet to do) is increasing the attack cost to GPA TLAs. https://shop.puri.sm/shop/librem-5/ et al are a good start to the journey to manifest the good intention of a reasonably trustable HW foundation. The first, second or ++ iteration may be insufficient, but this is the journey to get to a trustable PHY and OS layer. We continue to walk, as the only alternative is defeat before "even beginning".
In addition to signing human WoT data in the network layers, you could also start pushing analysis of node metadata into subscribable routing metrics... where are the nodes located, OS, uptime patterns, spec conformance, degrees of WoT such as non IRL nyms, and how strong each asserters verification and assertion policy framework is, etc.
All of this and more could raise Sybil's cost and exposure risk qute significantly, perhaps to futility.
A nice plateau to reach, and we shall reach that point, the only question How soon?
Everytime the Sybil WoT subject hits the lists it's met with abject silence [or "Johnny can't..."]
Meaningful response requires comprehension. Comprehension requires capacity to comprehend, analyse, and respond, as well as the pre-requisite steps of "having spent the time to read, learn and understand". The world is changed by but a few thoughtful and dedicated individuals, indeed it's the only thing that ever has changed the world. (Paraphrase of Margaret Meade?). This bit ain't changing.
Is this due to fear of associating with a node (or trying to protect the node by not associating) such that if the node is taken down the operator can walk away or redeploy anon elsewhere?
Is that not what Zero Knowledge is for, to allow everyone immunity to say "It's just bits, we have no knowledge or control"?
Simply "reasonable strategy" given present state of things.
Are advancements toward solving Vampire and Sybil really thought that horrifically "unusable" and "costly"? Or that some won't find them perfectly acceptable?
The clear thought of a specific solution, is always the first step. If such thought remain in your head, it's implementation is left up to you. If it be put down in public word space, there is a possibility someone shall pick up that thought and attempt to implement it.
Are the elevated levels of technical, philosophical, educational, and operational participation potentially required all nodes and any solutions thought to be impossible to achieve?
Is it easier to just skate by on the odds and continue throwing the victims under the bridge as acceptable losses?
In every case, the cost to shift is personal, individual, specific and localised. The cost to think about a problem, even to read/ask enough to comprehend a problem, is the prior step still. Clarity at each step is very useful, and always has the cost it has. If you or someone you know has great clarity on an issue, but no time to tinker code, encourage them or yourself to splatter thy clarity on a wiki and point it out to the world. If that is too much effort, just email dump the thoughts you have and hope the next gritty takes the batton a little further. We be human. Let's be gentle with ourselves and each other - many do what we can, those who don't are "otherwise in overload" due to the regime we live within as perpetuated by TPTB, "(((", and, ")))", respectively etc etc.
I am not arrogant enough to claim to be able to repell state actors from sqaure one.
Not meaning to have refer to Loki, or any project, but to all nets...
We know that, other than routine protocol, code, and human exploits (those three all still being quite sufficient at times), adversaries remaining credible tools against Overlay Networks themselves seem to be Vampire and Sybil. And fake Law, no?
This is the first I've heard of Vampire, and I have yet to properly comprehend Sybil, although I seem to remember comprehending once some years ago, that now is merely a remnant thought. Undoubtedly it's a Wikipedia page away to member berries...
It's not only State Actors... any global, regional, or even local tier-n ISP can be an adversary partner Vampire... all you need is to be, or have access to, some pipes... and a willingness to be, or be friendly to, some power, or to wish to gain from your own Vamping.
And any NGO or person can be a Sybil... all that takes is money, and in many cases, amusingly little.
When head down in code and ops, a bit of talk on the metas is good now and then.
Mine should of course be disregarded entirely.
Self effacing can sometimes be good, perhaps add a ";)"
participants (2)
-
grarpamp -
Zenaan Harkness