NAT Traversal & Bootstrapping

I might not have a clue (at this point) as to what useful data is being transferred however as you’ve said I will be able to work out that you are on the SAFE network as opposed to some other network. There is obviously going to be some aspect of the protocol that differentiates SAFE nodes from an Etherium node. When one node wants to make a request of another they are going to have to become acquainted with each other. On first contact a node cannot just start sending requests encrypted in a way the other node cannot understand - there has to be some pattern. I might not be able to look inside the payload but there will be at least a point early in the conversation between nodes that tells me they are SAFE nodes.

OK, so now I’m going to propose a kind of double pronged attack:

1. I get ISP’s to redirect people trying to connect to the bootstrapping servers to servers of mine. Each new users is directed to a tiny network where I own all nodes apart from theirs. They create their account within my network and I also relay their requests into the real SAFE network so they have an account here too.

2: While they are in my network I quickly try to exploit a finite set of vulnerabilities; maybe with the SAFE client update process, with their OS’s implementation of the TCP stack, etc. If I compromise the machine great, I’ve got as much control as I need. If not then at least they will tell me their public key and I can record this. Once I’ve done as much as I can here I let them connect directly to nodes on the real SAFE network and they shouldn’t have any idea that they were in my network at all.

The reason I want their public key is because if I can then tell what a certain exchange of data, encrypted with their PK looks like.

3. To keep terms simple I’m going to talk TCP here but same applies if UDP is used. I start searching for public data on SAFE that I don’t like and keep a database of the parts of the TCP segments that are encrypted by SAFE after they’ve it’s been decrypted on my node.

4. I now have a DB of decrypted data that I know to be illegal. I also know public keys of nodes so I can tell what this data looks like encrypted with those public keys - and therefore what an illegal transfer looks like on it’s way to a particular node.

5. I give a DB to ISP’s and tell them to tell me about any TCP segments that come to rest on a particular machine that match any of the records in the DB I’ve given them.

I think this process would mean I can perform blanket analysis of the entire network obviously assuming cooperation with ISP’s.

Even if I couldn’t “hijack” the bootstrapping server (step 1) I’d still be able to do a lot of this (just not quite as quickly and cheaply). Replace step 1 with me putting quite a lot of my own nodes in the SAFE network. I start harvesting public keys as requests come into my nodes/vaults and use these in the same way to predict what illegal requests of public data will look like.

Sound feasible?

No, sorry. To me it sounds impossible.

No, there is another layer of encryption. Even when you know my public key, and you know how chunk ABC looks encrypted with my public key, you still don’t have a clue. This is because no one will send that chunk to me directly. They will send it to my close nodes in XOR. And it’s not just like ik have 1 public key for everything, I’m already encrypted on IP-layer from moment 1. When I’m in XOR there’s another layer which I use to connect to my close nodes. So you where already in the dark, and now you’re even more. because you don’t have a clue where my close nodes in XOR are.

No, not possible. I’ll just quote from my earlier post:

And even when you get in the network with a lot of nodes that scan all actions it’s gonna be quite hard to find out anything. Maybe you’ll find that node “ABCD” requested chunk “XYZ” (no IP). That might be possible. But for every GB of data in the network we have 1024 chunks. So when we’re at a TB you’ll need a database of over a million chunks. How many TB will people PUT to the network, assuming we have 100.000 users? I think a lot. We’ll have billions of chunks quite fast. And clients may change public keys for requesting data every 5 or 10 minutes. Maybe even with every request while surfing Safe sites.

OK, you’ve explained why you think monitoring is impossible. Do you also think it’s impossible to suck users into a fake network in an attempt to compromise them?

Of course someone will send it to you directly, how else does it get to your machine? The vault might not send it to you directly but some node will. The data that node sends you has to be compatible with your private key, in other words the data has to be encrypted with your public key or you can’t do anything with it.

That doesn’t matter. I don’t care who the nodes are. I’m looking at packets being routed to your machine. I don’t care where they came from but if they match a particular pattern I’m going to start taking some notice.

Yep it’ll be a big database. I’ve not said that you have make decisions in real-time. Packets will get logged at the ISP and then passed into a big Hadoop cluster or something at some later point for processing.

Maybe they will. If I can see all requests coming from a client then I can tell when their keys change…there is always going to have to be some point where nodes have to start communicating and this is the weak spot. They can’t just start fully encrypted communications because the receiving side wouldn’t have a clue how to decrypt any of it.

To be honest I’m struggling to see how privacy can be guaranteed if I’ve got the ISP’s on side because I will always be able to get back to the very first exchange between nodes and I can work out a public key at that point. From there I can just start peeling each layer back. Governments have obviously got a lot of control over ISP’s so I think this is something that could happen.

Unless you can secure the pipes between nodes I don’t think there’s much hope. You can’t secure these pipes if an ISP that is subject to laws owns them.

EDIT: I just need to be clear that I’m NOT saying that I can decrypt the chunks - this is obviously only possible if I have your private key. This doesn’t matter though if I know what an illegal bit of data looks like encrypted with your public key

I wouldn’t say this is impossible (nobody can), but I can’t think of how it can be done. All you have is an IP connection to the machine, and no way to interfere with what leaves that machine or is returned to it as far as I can see.

I stick by my point that knowing someone is on SAFEnetwork is of little value (i.e. no more suspicious than knowing someone visited Wikipedia.org).

I also think you underestimate the cost of setting up a fake network that can harvest enough IP addresses for a significant number of them to be of interest to you - especially when I consider that knowing someone is on SAFEnetwork says very little about them.

Your point about knowing someone attended a protest would be of far more value, but this is nothing to do with being in SAFEnetwork. IMO correlating that with being on SAFEnetwork adds next to nothing, and so not worth doing (compared to say, stealing Wikipedia.org HTTP logs - where you get to see what’s being accessed, which is valuable).

The SAFEnetwork demographic will initially be geeky, have a higher proportion of those early adopters who value privacy, security and freedom - but hardly any are going to be valuable “targets”. Those won’t join until the efficacy of the network has been demonstrated and lots of completely ordinary folk are using it - Tor use is hardly damning for example, but moreso than I think SAFEnetwork will be. I expect it to be far more mainstream.

In theory it can be done, but to really compromise nodes? No, extremely difficult. Look at Bitcoin. Transactions go over the network in plain text without any encryption. People bought and sold hundreds of millions of illegal drugs on Silkroad and likes. Was anybody caught making a plaint text Bitcoin transaction from his home? Nope, not that I know off. this is because all transactions are shares in the network. So every node has transactions coming in and shares them with others. Just like Vaults and Clients on SAFE will share an extreme amount of chunks with each other. And as opposed to Bitcoin, on SAFE all communication is encrypted with up to 4 or 5 layers or higher. Almost nothing you can do.

Imagine getting into a group of 32 nodes and record all actions that everybody takes. You have nodes from Japan, Germany, US, UK, Netherlands, Ireland, Iceland and a lot more counties. So know you know node ABC in XOR requested chunk XYZ. Good luck with finding out where the node is on the planet.

This is done on SAFE. From step 1 where you connect to a seednode or bootstrapnode. Your ISP sees you connect to Troon maybe. But they have no clue what’s in the communication.

If your node lands in my network where I own all other nodes then I can tell you whatever I want, because all other nodes in the network are going to tell you that things are hunky-dory.

I’m not sure what the client/node/vault update process is but there’s a good chance I can trick you into downloading an update which I’ve crafted to allow me to take over your machine. After this you’re allowed into the SAFE network as you expected.

Correct, however I’m saying that I think I could tell (with the help of ISP’s) that you are also downloading public data that I consider illegal.

I accept that monitoring all communications within SAFE becomes impractical if the network becomes very large. This is where the more targeted surveillance comes into play, i.e. rather than looking at packets going to everyones nodes I focus on nodes where the owner has a criminal record or something.

This is what I’m saying I think will be possible. I can go onto SAFE and start pulling loads of public data that I consider illegal. I know the decrypted version of this data and if I know someone else’s public key I can predict what that data would look like as it arrives at their node, i.e. it’ll be the unencrypted data I know encrypted with their public key. So if I can predict what an illegal transfer will look like to your node then I can keep an eye on you…if I see transfers matching my prediction I come knocking on your door. While I can’t decrypt the exact data you received I can prove what it is because I know that it matches the unencrypted value encrypted with your public key.

I also need to state that this fake network isn’t a necessary component in all of this. It’s just a nice to have because if I can compromise your machine early on then I don’t actually have to worry about going through ISP records. I can capture your credentials as you type them and then log into the network as you.

I could capture your IP address in different ways to the fake network as I’ve said, e.g. by setting up lots of vaults myself and recording who connects to me - it would take me a while to build up a picture of the network this way but over time I’d capture a lot of IP addresses (the more vaults I have the quicker the process obviously).

I hope this answers the question? I’m not talking about just capturing IP addresses. I think it will be possible to tell if you download data that is on my “watch list”.

I think the stuff I’ve typed above is relevant to your statement here - basically if you’re the only node in my network I can probably get you to believe almost anything.

This isn’t what I’m saying. I’m saying that I will be able to determine your public keys. I can then use these public keys to encrypt data I know about in it’s unencrypted form (this would be public data) and if I see data entering your machine that matches my prediction then I know exactly what you’ve downloaded, i.e. the illegal file I know about.

I’m not saying anything about XOR or the interaction with you and other nodes. I’m simply saying I think I can tell if you download the same thing that I downloaded previously.

When your node talks to another node for the first time what is the very first thing they say to each other? If you start sending data encrypted with your private key to this node and they don’t know your public key how will they know what you’re saying to them?

If you’ve compromised a machine you could just watch everything stored on the targets computer. Forget the watch list. You have direct access to the target machine and all of its content. It would then only take one sample to identify the illegality of the content and subsequently bring charges against the owner.

This of course wouldn’t fly in a country with domestic anti-surveillance laws in place. So this all comes down to a one world oppressive regime devoid of all privacy rights. Currently repressive governments only need knowledge of participation in these networks to bring charges against someone. All of the extra work you stated would be superfluous.

In the case of passive surveillance, changing your public for every request as stated by @anon40790172 would defeat your proposed attack. If end to end encryption didn’t prevent snooping, network security would be entirely broken. So now tell me, other that hacking into individual machines and watching their every action, how would you be able to tell what happening within the encrypted tunnel between the client and the relay? It wouldn’t matter if you have the targets public key for transfers within the tunnel, the asymmetric encryption keys for the client to relay tunnel is inaccessible to you. You cannot see what is inside the suit of armor unless you pry it open. Good luck with that.

Even if you trick a user into your fake network gather details then relay them into SAFE, it wouldn’t change the fact that you as the man in the middle cannot monitor the content of the traffic within the encrypted tunnel once it has been established between the client and its relay. Otherwise Tor exit nodes would be able to snoop on everything regardless of SSL, HTTPS, etc. The end.

Agreed - one possibility that needs to be considered…

To achieve this will be costly - in development and in computing resources - on top of compromising the seed nodes which will make it likely your scheme is detected and exposed (so short lived).

So what is your payoff? You get to compromise the machine of a pretty much random selection of people - for a short time until exposed - and are hoping that some of these will happen to be people you want to target. This is a very poor use of your resources IMO. Far better to identify targets using other means and then target their devices for infection.

Correct, however I’m saying that I think I could tell (with the help of ISP’s) that you are also downloading public data that I consider illegal.

If you can, then granted, but I don’t see how so this needs to be detailed.

Evenso, I’ve suggested that you won’t be able to do this do for long before being discovered, which could make the cost prohibitive compared to what you are likely to gain. As I’ve noted, you are starting with a pretty much random sample of people, out of which few are likely to be of interest to someone who is able to legally employ and fund these kinds of measures (doing something you want to monitor or act on, and in a jurisdiction that you operate in).

I think this limits us to state authorised operations, so perhaps that’s what we should focus on in this respect. These will be late to the party I think, so we could assume SAFEnetwork is large by the time this might happen.

I accept that monitoring all communications within SAFE becomes impractical if the network becomes very large. This is where the more targeted surveillance comes into play, i.e. rather than looking at packets going to everyones nodes I focus on nodes where the owner has a criminal record or something.

For this you don’t need a fake network - you know your targets already and can go after infecting their machines or surveilling them in other ways. So I see this as another topic (securing the client).

Of course and I said that. This is the best case though (from the point of view of the attacker). The rest of the stuff I mentioned would come into play if a machine couldn’t be compromised.

The fact that you can be identified as a user of the network is a major weakness (but unavoidable with current technology). If I lived in oppressive regime X I wouldn’t be safe to use SAFE because I stand a real risk of being caught - and as you’ve said this is potentially enough to get me charged/jailed/killed/whatever.

The reason why people are interested in SAFE is because they don’t trust that governments play by the rules - or won’t change the rules at some point in the future. As a government I could detect that you are accessing content X on SAFE, keep this information secret but then start investigating you in other ways.

What if I’m part of a group that doesn’t care about the law. Say I’m part of a hacking group that manages to infiltrate an ISP and extract their data. I could then tell that you are accessing content X and start blackmailing you - pay me or I’ll tell the authorities. Whether or not the authorities would listen to what the hacking group is telling isn’t really that important for you. Are you going to feel comfortable that someone else knows what you’re up to and trust that you’re not going to end up in a sticky situation?

Public/private key encryption is obviously great and very powerful. I’m not saying that I can decrypt anything and snoop in the typical way people think of snooping.

The reason things like SSL work when you’re talking about things like a website login is because of two things
1: Secret private key - only one party knows the private key (obvious).
2: Unpredictable data - someone looking at the encrypted data can’t predict what’s been encrypted - each person is obviously going to have a unique login.

If either of the points above don’t hold then it’s easy to determine the data that’s been encrypted. For example, if I already knew your login details then I’d be able to monitor a connection protected with something like SSL and tell when you logged in (because your data is predictable to me). In regards to SAFE I can tell what public data looks so point 2 above (Unpredictable data) doesn’t hold and then I can go onto predict what it would look like when encrypted with your public key.

I would be very surprised if I couldn’t figure out your public key…after all it is a PUBLIC key. As I’ve said a load of times already encrypted channels don’t magically appear. There’s got to be an exchange between parties and part of this involves the transfer of a public key.

I don’t see how it would be prohibitively expensive. I could run lots of tiny networks on virtual machines, I only want new users to come into one my networks for a very short period of time and the network will have a tiny number of nodes…you’ll only be here while I try to update your client and your then passed into SAFE.

If I’m in at the ISP level I’m not compromising seed servers per se. I’m redirecting you to a different server - which is going to be a lot harder for you to detect.

The goal would be to not be exposed and to compromise potentially all new SAFE users. A handful of users will be savy enough to detect that something’s not quite right on their system but I’d be banking on most people not having a clue.

Again, this notion of sucking a user into a fake network is the icing on the cake for an attacker, it’s totally NOT required. If you don’t go this route you’re still subject to you’re communications being monitored because I can predict what public data looks like and can access ISP records.

If data is being logged by the ISP then this is invisible to you so undetectable. Also I’m not starting with a random subset of people, I’ve got everyone who uses ISP’s that I’ve got an agreement with.

It only takes one security expert to expose this scheme, it isn’t down to most users not realising. To perpetuate it you need to prevent people learning what you are doing, or those you are interested in will stop using it.

Overall, I don’t buy it yet. I don’t think it adds up to a significant threat as presented because the cost/benefit seems to me much higher than alternatives available to this kind of attacker.

It also depends on some key assumptions that remain conjecture.

I agree we should look for ways to secure seed nodes if we can, and in time we should attempt to address a North Korea style internal threat, but outside that I am not convinced this is an issue for the time being. Definitely worth thinking through, and in more detail of you can.

Exactly!

People will move to SAFE because they feel they’re entering a super secure network. I’m in agreement with you that most of the early adopters will be geeks. They know there’s a certain amount of monitoring done on the current Internet, they can live with it but would prefer it didn’t happen so move to SAFE. If it turns out to be not quite as good as they hoped then no big deal, they go back to normal.

Governments and hackers are going to be very interested in something like SAFE. Governments for obvious reasons and criminals because they can expect that users are going to be storing something of value within it and they can somehow exploit this (like in the blackmailing idea I outlined earlier).

Anyway, if/when they realise things aren’t as secure as they thought then they’re just going to leave. Which is a great shame because the network has got MASSIVE potential but it won’t be realised.

I ague that it’s impossible to have a network that’s as secure as people are thinking SAFE is going to be (when ISP’s own the wires). It’s always going to be a cat-and-mouse game and I also argue that over time performance of SAFE will have to degrade if it’s to have a reasonable level of security. To explain what I mean. Imagine the network is live now and it becomes apparent that it is being monitored in the way I described previously. The devs can potentially solve the problem by making sure that there is a “random” element added to a chunk before it’s encrypted with a public key. The cost of this though is probably that caching and de-duplication of public data is impaired - to be honest I’m not sure how caching of public data works at the minute if each users public key is used to encrypt it. Anyway, there are going to be a whole load of smart guys with loads of resources looking into getting around any new level of security added to SAFE and WHEN they do find away around it SAFE will have to be updated again - probably with another cost to performance, and so on.

Something that’s going to be very hard with a network like SAFE is making sure all nodes are the same version. If security is only as good as the latest update then how do you handle this? As soon as an update goes out do all old nodes stop working or do the new nodes have to operate in a reduced security mode so they can communicate with old nodes?

Anyway, the long and the short of my OPINION is that it’s probably impossible to get a network that is as secure as it needs to be to cater for the level of appetite for security. So SAFE isn’t going to solve the privacy issue. What is worse is because all the focus is on this impossible privacy goal the network isn’t going to end up being used to solve all the problems that ARE possible; fault tolerance, distributed computing, etc. etc.

All other stuff aside. I argue that if you can’t solve this most fundamental problem then what’s the point? The long term aim (which is of course noble) of the network is to ensure peoples safety and freedoms. It’s people who live in repressive regimes who need this, not us. The argument that our society could become repressive doesn’t hold up because if it does any users of the network will be identified and up to their necks anyway.

If I download binaries from maidsafe.org which will connect me to SAFE, say client.exe and I run it for the first time. What is the very first thing computers say to each other…? Okay here we go.

I start client.exe and in these bianries are the IP-addresses of 5 seed-nodes owned by Maidsafe. In these little .exe is the public key of these seeds-nodes as well. So the moment my client connects for the first time ever to some bootstrap-server at Maidsafe it’s fully encrypted. And what’s the first thing my client will say to that server (encrypted with their public key)… it says: hello, here’s my public key use this to talk back.

Here’s the reply by David where he explains this part. He says it’s actually a bit “mental” but encryption starts from bit 1.

So from connection 1, the first bits, no ISP or whoever will know my public key. Only the servers at Maidsafe will know. And the chance these are rigged is 0.0000000000000000000000000000000001% IMO. It’s not gonna happen, because no one has a clue where these servers are, or how to hack them from a distance.

Thanks for the link. I’m away out for few hours but will read when I get back

Dude, are you sure you’re not a troll? Forgive me friend but aside from the predefined issue with the seed nodes, little of what you say is true.

Not only do I agree, but this this is a reiteration of what I wrote.

They will know you are accessing content. That is all. They wouldn’t be able discern specifics that would alert them to any suspicious activity. The content has several layers of encryption during transport and around it. Imagine an onion being routed through an onion tunnel.

Again, ISP’s have metadata not content. They know when and how much data was transferred but they do not know what. Even if the ISP’s collected bulk data, they wouldn’t be able to decrypt it. How then could Tor protect so many users If such eaves dropping were so easy?

Both points do hold in the case of SAFE.

1. Secret private key.

Client contacts a bootstrap node using the public key hard coded into the client. The bootstrap node then uses it’s private key to decrypt the message encrypted with its’ public by the client. The bootstrap node returns a reply message encrypted with the clients public key. The client receives the message and decrypts it with its’ private key. In the message their is contact information for several relay nodes.

The client proceeds to contact the relay using the same asymmetric encryption communication scheme it used to communicate with the bootstrap node. Finally, the client and relay agree on a symmetric key. Using this they establish an encrypted tunnel. The client now generates a new set of private and public keys solely for purpose of file transfers within the encrypted tunnel between the client and the relay. Isn’t this private?

2 . Unpredictable data.

Every chunk is 1MB in size so there is uniformity (every chunk is the same exact size). Passive surveillance cannot decrypt the data nor could they possibly know what the user requested (they don’t have your private key and they can’t see through/inside the tunnel). This would only be possible if they hacked directly into your machine which isn’t an issue exclusive to SAFE or legal in most democratic nations unless warranted. Since they can’t watch your connection (what is happening in the tunnel) and discern anything useful other than the fact that you are connected to SAFE, they have nothing to argue reasonable suspicion. When more aggressive node discovery is implemented it would hide the fact they are on SAFE because they would be no list of bootstrap nodes. Instead peers would connect to each other similar to BitTorrent. Making it possible use that as cover and plausible deniability.

So yes, both points hold very true.

Again, unless you hack the targets machine, you will not have login credentials or private keys. Without them, no snooping is possible.

You can know what public data looks like but you cannot see anything from outside of the tunnel. Not even the relay knows what is requested because of forward secrecy. The “close group” which comes right after the relay, wraps the chunk with another layer of encryption before passing it back to the relay node then subsequently to the client.

I explained this above. Do your research on asymmetric encryption. Such a ridiculous flaw you claim would make useless what is used by even the best defense systems on the planet. It is mathematically sound and immune to the manipulation you suggest.

The evidence renders your argument moot. Sorry but this man (David) would not have devoted a great portion of his life and resources to something that is fundamentally flawed.

Think of the encryption layering of your connection to the relay, close group, and vault like Tors’ onion routing. Every hop adds another layer of encryption to the data. By the time the client receives the data, it is encrypted by the close group with the clients’ public key.

The client is the only one with the private key and the relay is none the wiser of what the chunk is. It simply passes you a locked piece of data that looks nothing like a questionable chunk. This same clueless relay could relay the same questionable chunk of data to millions of different clients and will always see something different because the close groups will always wrap the data with a different public key every time.

If you argue that an attacker who becomes your relay takes your public key, runs it against their data base of illegal chunks, encrypts them all with your public key to record the output (fingerprint) then tries to match it to pieces you are known to have downloaded, bam your done!

I would counter by first pointing to the fact that it would be computationally expensive, impractical, inefficient, and un-targeted (a matter of chance). On top of this, the close group could easily add random bits to your “package” before encrypting it with your public key thereby dramatically changing the fingerprint of the chunk as it passes through the attackers relay. This is as about as good as it gets my friend. Solid from the ground up and back down again. That’s SAFE babyyy!!!

@dirvine I’m sorry to bother you, but can you verify what I said about the close group adding random bits to alter the fingerprint of a chunk. See the last two paragraphs. Thank your for time.

Thanks again for the link. I’ve read it and think I understand what I’ve read but I’ve a some concerns; 1: you’ve obviously got a good grasp of things but it’s not really an official document 2: It apparently had outdated bits back in 2014 and I don’t know how close this is to reality now and 3: I feel it’s looking at things from a different angle to what I’m talking about…I completely agree with what it’s saying though in terms that the nodes around you have no clue about you or the data

I’ve search through the docs again, been on the YouTube channel, etc. and I can’t find anything that authoritatively tells me the steps that are taken from the point where a node requests a public file to the point where that file is fully assembled on the node.

I think most of us are actually in agreement that these bootstrapping servers could be rigged (including David). You’ve said yourself that the IP addresses of the servers are in client.exe so of course I can tell where they are and if I’ve got an agreement with an ISP I could get them to redirect you somewhere else.

What would REALLY help here is a nice diagram, detailing the steps taken when a public file is requested

I’d prefer not to get into a sh*t flinging contest. Challenging your beliefs is hardly the same as being a troll. I’m not offended, I just think it’s a stupid comment.

This is just one of several of your statement that’s made me think you’ve not read what I’ve written. I’ve never said they could decrypt anything…or that they’d even attempt to!

Can you point me towards something official please that covers this. Preferably something that includes the hops between multiple nodes. I’d be very interested to hear how this works in relation to the caching of popular public data.

You’ve either not read or missed my points.

My statement was an analogy to show why PK encryption is usually effective. I wasn’t trying to say I’d anyone would get your SAFE credentials.

I don’t recall making suggestings about manipulating or decrypting any encrypted content. What research do you suggest I look up that will tell me that public keys are actually private and encrypted channels appear out of thin air?

Nothing I’ve suggested has said encryption is useless at all. Basically all I’ve said is if I encrypt the word “egg” twice using the same algorithm and key I’m going to end up with the same ciphertext on both occasions. What research are you doing that’s telling you something different?

I don’t want to be rude to anyone but this statement makes no sense. What evidence? Nobody’s using the system. I’m sure David’s a great guy but that in itself is hardly evidence for anything. Because Hitler devoted years to killing Jews does mean I’m not allowed to question his actions?

Again you’ve not read what I’ve said. I’m saying what’s you’ve said in your first paragraph but saying that an ISP can do this (without having to decrypt anything). If this were to work then it could be targeted or blanket surveillance. Expense is debatable - it depends how big the network is and how much of it I want to monitor. I’m sure a hell of lot of surveillance could be done with the resources already available to governments.

I also mentioned adding random data to each chunk (not that it seems to have mattered) as a way to mitigate this however you would then be loosing the ability to cache data, etc.

You’ve done this a couple of times now and it’s quite confusing. You seem to be taking things I’ve said and then throw them back at me later like you’ve just come up with them. You actually sort-of accused me of plagiarism right at the top of your comment you started with “Dude”

As I said at the start I don’t want to get into sh*t flinging contest. If you want to debate with me great however please make sure you read what I write.

I’ll try to be brief.

I presented facts about cryptography and the intended design. There are no beliefs to challenge. You seem to be dismissing the responses given. It gives me the impression of trolling.

Now you wrote:

In response to:

Knowing you have written:

This implies that ISP’s grant enough power to have any real impact on security which could only occur if they can decrypt the data… Moving on.

In response to:

The term private implies a certain degree of secrecy no? Here is a tidbit. The simplest composition of this data I could find on short notice. It’s fairly detailed and clearly highlights the achievable secrecy of asymmetric encryption.

For official documentation about the SAFE protocol see: https://safenetwork.wiki/en/FAQ#Attacks_on_the_SAFE_Network

Together those resources should be sufficient.

Please tell me, what did I miss?

You wrote:

I responded with:

I believe my response covered your concern quite well IMO. Let me know.

This:

Memory refreshed!

The network is designed with and to abide by very strict logic. It doesn’t have to be used to understand the operating mechanics. Like equations, they are opinion and language agnostic.

Sorry but it seems you have not read what I’ve stated several times. The ISP is limited. They, unlike what you seem to believe, are not all seeing. They carry the data. That is all. To be a relay, they must actively participate in the network by running the protocol on their own machines. This comes at a considerable monetary cost for little to no gain. With no peeling being possible as a result.

Expense is not debatable. Expense is expense. Its strain on resources is of course relative.

Now imagine that the ISP or NSA controlled relays do what I claimed you could potentially argue:

In such a case, even if the malicious entity were to do this with 10% of a 10,000 node network (relatively tiny), this entity would have to gather the public keys and every chunk each of the 1000 targets download, use the public keys of each target to encrypt each individual chunk in an ever growing database of millions if not billions of chunks they have identified as illegal, gather the resulting fingerprints of every chunk encrypted with every targets public key, then attempt to match it against the constant stream of downloaded chunks they gather from each of the relays that deliver the chunks to the targets. That’s nuts. Keep in mind that a 100MB file has 100 chunks alone! Files today are now averaging well above that.

First, I will admit that I skipped over a lot of what you wrote. As I skimmed, I kept seeing misunderstandings. I hurriedly began typing my response (trust me I type slow as hell so I need the head start).

What you stated isn’t the same as what I wrote (though similar).

See:

What I suggested was to allow the close group nodes to add random bits to the chunks as they’re on their way to the recipient. This way even if the relay were hostile and looking to identify the chunks via the fingerprinting method I stated previously, the random bits added to the chunks by the close group would dramatically change the appearance of the chunk (similar in effect to how the hash of a file changes if even a bit is altered). Making it impossible to use fingerprints to correlate the data with something illegal.

De-duplication and caching would not be affected as everything would still be stored as usual. It is only when the data is requested that close groups sprinkle in some masking bits to change the overall appearance of the chunk/s.

Practice what you preach brother.

So are we good?

I respect your long standing participation in this forum and to the project. We all have experienced misunderstanding regarding this project at some point. I’ve even experienced a bout of mild SAFE related amnesia not too long ago. These people quickly dusted me off and gave me a refresher course. I enjoy the underlying principle of this forum. See one teach one. Forgive me if I’ve offended you. You’re obviously a nice guy. I didn’t mean to make your experience here uncomfortable.

If a client get’s redirected to another IP-address which you own, you couldn’t do anything, because from bit 1 the message I send will be encrypted using the public key provided in the binaries. You as an attacker just don’t have a clue what’s in it. So you need to hack their server from a distance which you can’t. Yes in theory you can, just like there’s a possibility a bag of money falls of a plane into your garden with 1 million dollars in it.

David explained the idea that things will be encrypted from bit 1. Do you want a better source than the one who founded Maidsafe and came up with all these great ideas?

OK, let’s draw a line and get back on point because we’ll get nowhere if we continue trying to pull each statement apart. I will admit though that one of my statements which you quoted was ambiguous - where I said “peeling each layer back” - I can completely see how this would be interpreted as me saying decryption. However, in my own defense I believe I did say many more times that there would be no decryption.

If you don’t mind I’d like to try and focus on things that appear to be less vague and open to interpretation. Other than the devs none of us have a true understanding of the codebase and we will therefore make mistakes.

I think one area where we have a chance of working out ourselves is caching. I’m struggling to see this working with the process as described already, even when you forget about adding random bits, etc. If each chunk is going to be encrypted with the requester public key from the time when that chunk leaves a vault then really that chunk is unique to the requester (because it can only be decrypted by them). Am I missing something? If each chunk in transit is unique to a particular client (and perhaps even unique to a request if public keys change that frequently) then how can caching work?

As an ISP I can see everything that is travelling through my network - let’s imagine that governments and ISP’s cooperate with each other in the name of terrorism prevention (which isn’t out of the question) and so when I say “ISP” I actually mean all major ISP’s acting as one. As this super ISP I might not be able to tell what particular packets represent however I can see the data that is travelling between endpoints on my network. Agreed? If I put a smallish file onto SAFE (which is a subset of my network) then I can see where it ends up and the path it took to get there. This small file might obviously move and be duplicated over time but I can always figure out where at least one copy is because I can just request it again and look at my ISP records.

If I was an agency that didn’t mind bending the rules and I wanted to scare people off this network then it’s seems quite possible that I can put some files onto the network and then go knocking on someones door charging them with distributing content X. In fact I don’t even need to bend the rules because I can just use existing illegal public data as my reference point. Whether or not the charge sticks isn’t the point. The point is that I can pull an illegal file off your computer and prove it and this will be enough to make people very wary of using the network.

There will probably be lots of other things that can be done too, completely forgetting about encryption and just using statistical models. For example, I could probably start to get an understanding of what public data is popular by making requests from multiple clients I own for and determining how many hops are being taken to retrieve it (since I’ve got ISP records). From this I could perhaps start to understand (or at least start forming educated guesses) on what individuals are downloading.

I’m not making any predictions on how hard or easy this type of thing will be. What I am saying though is that whoever owns the wires will always have options (even if we assume that SAFE’s implementation is 100% rock solid - which is obviously impossible). Also you can’t underestimate what large organisations with lots of motivation, money, influence and very bright people can do.

Good luck with that one. Vaults are non-persistent and before any chunks is send to my Vault out of the network the managers will use obfuscation so I don’t even know myself what chunks are in there. Even if it was a chunk of a file I’ve uploaded myself. The chunks are also encrypted with the key in ram-memory. So when the power goes off all is gone.

This is impossible. From the outside of the network you can’t see chunks come by or being cached at all. On IP-level all is encrypted like I already explained before (let’s call this A). The chunks are self_encrypted (let’s call this C) and the connection between XOR-nodes in groups are encrypted as well (Let’s call this B). So to see chunks being cached (as your own node does as well) you need to be B to actually see C. As an ISP you can only see A and A to you is already fully encrypted. So there’s not a single chance you would see B or C.

When you’re in the network you can determine if a chunk might be populair or not if you look at how fast it get’s to your computer. But that’s already hard. Maybe only 1 person “close to you” in XOR downloaded the thing already. Doesn’t say that much. Hop-counting is not possible. Especially when you have ISP records as you say. That would include that you could look from the outside to the network and determine what’s going on. And you can’t.