NAT Traversal & Bootstrapping

None of this matters and it’s perfectly possible if you’ve got ISP’s who are in cooperation. Take the following scenario:

• I have a node and I want a public file. Let’s keep things simple and say it’s a small file so a single chunk.

• I put a request out into the network. What does the ISP see? They see an outbound connection from my IP address to some other IP addresses.

• The ISP looks at the records for each of these other addresses and what do they see? Again they see outbound connections from these to other IP addresses, and so on.

• At some point there will be no more outbound connections and one of these branches will start to rewind as the data works it’s way back towards me (or perhaps for performance reasons the node with the data just returns it directly to me - it doesn’t really matter). The important bit is that the ISP can see that I’ve now received data and whatever route it took they can trace it. I’m not saying they can make sense of what’s within the packets (you can have a million layers of encryption and obfuscation for all I care). I’m saying that they can see all participants in the conversation.

So, if I have access to ISP records and I request a public file I can determine the route it took to get to me. If I want to cause a few headlines I’ll then I’ll pull and illegal file and go after the owner of the node that was holding the data and maybe even the owners of the other nodes that aided the distribution.

If SAFE only secured private data and comms this problem goes away. If I stored an illegal file on SAFE and it ended up on your node then you can’t be party to it’s distribution because it’s only ever coming back to me. Also I’m sure you’ll be perfectly safe talking to friends over the network because outside parties can’t decrypt anything. The fact that nodes are communicating though is definitely detectable by an ISP (because they are our only route into the Internet) and if you know what your looking for then you can tie real data to these nodes (or at very least have a high degree of certainty of doing this).

In my opinion it’s the fact that SAFE is trying to secure public data is what’s going to cause it pain. You can’t have complete privacy when it comes to public data and this will also be what drives the motivation to tarnish it’s name, monitor it closely and try to bring it down.

EDIT: You’re bound to argue that any node could have multiple connections at any one instant. Of course this is true but it also might not. Plus there are likely to be patterns that can be used to link network transactions together.

Maybe I am misunderstanding what you mean by this, but let’s assume you can track the data as you suggest. You still can’t track end to end like this because this is a global network and the best you can hope for is all ISPs within your jurisdiction.

However, even this is only a best case scenario (for an attacker). In practice, evidence shows it isn’t practical to co-opt every organisation (eg look at telcos) and so governments end up only dipping into the most popular ones, or the backbones, because there are costs - not just financial:

• every time you “tap” into a new source you incur all sorts of costs, and importantly
• you multiply the chances of your snooping being discovered. As we’ve seen, this kind of attacker does not want people to know what they are up to, because once discovered, all that “investment” is put at risk, and the chances of them obtaining useful information diminish dramatically.

So again:

• high costs: multiple ISPs to engage, set up, maintain, manage, and keep secret - but I suggest decidedly not all ISPs.
• therefore low reward: fractional discovery because you don’t have the ability to watch all nodes on the real SAFE network
• high risk: of discovery and it all becoming useless

If you can pretend to be the real SAFEnetwork and then do all this, then you’d have more chance of tracking endpoints, but I doubt it is feasible, and it is no longer your plan as I understand it here.

Also, above I’ve ignored the question of whether “owning” all ISPs would allow you to track and identify data in the way you suggest, which I don’t know if you can do, so that also needs to be shown too.

Public data is encrypted as well. Although the hashes to decrypt are available to all. In a perfect quite network where nobody communicates at all, and only 1 user would request a chunk out of the network, and you have all data from like 15 ISP’s on different parts of the world, yes you might see that one chunk got from place A to place B. You still don’t have a clue which part it is, but you could see 1 MB of gibberish data going around globally.

But here’s the reality. You pass chunks to people in your group, they pass chunks to you, maybe 2 in your close group are surfing some Safesites, maybe 2 others are watching Breaking Bad. You have messages all over the place where your node is now able to handle like 60.000 messages a second (I heard some Dev talk about this number). So it’s chunks of data all over the place. From charts, messages to video, to whatever. No way you can spot a single chunk of that with ISP-logs. You would just see data going in and out from a node. it’s not a quiet place until you request a chunk. It’s different persona’s doing different things at once.

Yes it does matter, you keep making arguments that ISP’s can spot a chunk from A to B and more like that. Me and others told you for a number of times this isn’t possible because stuff is encrypted from bit 1. So you keep reasoning from a technical point that just isn’t correct.

Not to mention that the coin I gave to that person to fund their account won’t be seen on a foreign network.

They try to buy resources (fund their account) and it gives an error (coin non existent). Then they come to me and ask why.

If you “accept” any coin (by modding the code), then the files they wanted won’t exist on your network. If you bridge the networks then all you see is encrypted data.

Better off sending scam emails with malware links in them, more productive. Set yourself a scam website with links to SAFE content and attempt to exploit their browser as they load your website that has the links to SAFE content

Yes, however a jurisdiction could be very large. I don’t think it sounds too far fetched to consider the possibility that at least western governments would cooperate on this under a label like “terrorism prevention”. I’m sure a hell of a lot of requests will be carried out fully within a “western jurisdiction”.

There could be different opinions on whether this is a good or bad thing (for the attacker). If they get in early and advertise that that can do something while the network is small then they limit it’s growth…which comes with 2 benefits; 1) they cripple it before it becomes a threat 2) Since it remains small it stays relatively easy to monitor.

All I can state is my opinion. I wouldn’t like to do this personally however if I was ruthless and in charge of some western Internet security organisation (I’m sure there must be a ruthless spy or two out there ) then I’d already have a route into major ISP’s and I would just start requesting illegal public files until I got a nice trace from the records available to me. I’d then go after the owners of the nodes and make sure the media knew about it - and these poor people would be in the papers for distributing CP or something. I probably wouldn’t have to keep hold of the node owners for very long because the damage I hoped for would be done.

The two techniques aren’t mutually exclusive. Last I mentioned about this was that you could suck all new users into the fake network (where the user was with an ISP that was cooperative) just long enough to try and compromise them, then set them free within SAFE. I still feel this has legs and if this can be done it would be much more effective than looking at connections between nodes.

Glad we’re finally agreeing on something (no matter how small) Yes the data would look like gibberish however I would know what it was because I requested it.

Another point of agreement As I said in my last post though I’d be surprised if there wasn’t some patterns that could help with this. I’m not trying to say ISP’s can just peer through a magical window into the network and they see everything. I’m saying that in theory they figure out the route of particular known data and there will be people smarter than all of us with a lot of resources who will try to do it.

I’m confused now. It seemed you’d agreed than in a quiet network at least this was possible? I felt I’ve repeated myself a load of times too - I don’t care if the stuff is encrypted, I just care that A is in contact with B, B is in contact with C and so on.

I don’t think it has to. 4 copies is enough to serve an individual. If the chunk becomes popular, it could be cached by the the data managers (the group closest to the vaults) before handing the chunks off to the close group an so forth.

The thing is, SAFE has been overhauled to keep all files constantly moving. Unless the file is immediately accessed by another user it will get lost to the observer due to the random latency imposed both by natural churn and the swapping mechanism inbuilt. Only files in archive nodes remain stationary for long periods, but by then they have already lost in the haze of artificially and naturally triggered movement of the chunks. If this super ISP then went looking for them, it would bring the chunks out a dormant state and the cycle starts all over again. No system is absolutely perfect, but this IMO is damn there close.

I disagree. The vault owner not being charged would further reinforce the legitimacy of the usage of SAFE and the unaccountability of the owner of a vault who’s content is the oceans’ digital equivalent. The community would shake the planet with cheer. That be a monumental day in the history of the host country. Being a reference for future trials abroad. Laws are different almost everywhere but concepts are universal.

Humanity as a whole isn’t so easily scared or deterred. In the case of Tor, IIRC some relay owners in the UK have been successfully prosecuted for running a relay that was used to commit a criminal act. Yet people in Europe continue forward creating new relays. In the US there’s been many similar incidents though with no successful tyranny in this regard. Has it stifled growth of the relay pool? Slightly. Such is the plight of any emerging system or organism. Periods of delayed growth is expected and natural.

These statistics would be muddled by churn, caching, and the constantly changing latency. Remember that the user is also relaying data. This provides further cover for their own traffic. In a surveillance state this would only provide the analysis tool a low probability of accuracy giving the suspect plausible deniability.

I just looked below submitting this and I see that some of this has already been touched on by Polp. Forgive this. Considered this my attempt at further elaboration. Everyone always seems to leave me in the dust when it comes to typing.

EDIT: Plus I just woke up a didn’t bother to look below the post that assessed me.

There is no totally quit network. So when you have support of all the ISP’s in the world that log everything from your IP to all the other you still can’t follow a chunk. Technically it’s impossible. Your node is involved with a great number of chunks at the same time. So when you request a public file, your close nodes will get the chunks for you. But at the same time you are doing work for them as well. So you are downloading your chunks, but at the same time uploading some Breaking Bad chunks to your close nodes, not to mention you’re just a HOP for all the other users in the network as well. So your hacked ISP’s might see you’re uploading at the speed of 1 MB/sec while at the same time you’re downloading at the speed of 4 MB’s per second. They have nu clue when 1 chunk stops or the other starts. They just see a stream of gibberish data. So I’ll repeat, what you say is technically impossible.

I’ve been thinking about this and while I agree that it might not make sense for ISPs to event try to analyse it, I think there is still the possibility of lawyers ruining the party.

As it is today, they’re using torrent clients to get the IPs of seeders and leechers for copyright protected material and will send out written warnings with a demand to pay for the infringement, at least for users that fall into their jurisdiction.

As far as I see and understand it, the problem won’t go away, it might actually get worse. Let’s say someone sets up a filesharing site on SAFE and users can download Breaking Bad in 4K, since these files are public. If the law firm downloads ONLY Breaking Bad they still can see the incoming traffic via Wireshark. While these IPs will not only show vaults/manager that are “seeding” Breaking Bad, they will be in there.

To me it would be the same argument as sending a note about copyright infringement to an internet exchange point, because some torrent date was send through their network, even though they had nothing to with it (willingly). This will probably become a matter for the courts.

It will be really interesting to see if we get our hands on it and see it for ourselves.

Believe me when I say I’ve enjoyed the debate. However I’ve a feeling we could end up going round in circles forever and am wondering if it’s coming close to time to call it a day. I actually said on Friday that I’d spent too much time on this and I’ve obviously spent decent bit more since then

I’m not sure about the best way to end this because I don’t want you to feel like I’m just disregarding what you’re saying. How about we just have another round and then we can most likely agree to disagree on certain things?

One things for sure you all have a lot of faith in SAFE and something is obviously being done right in order for you to be so committed.

Here goes

I’m more thinking that if I can see that the file came off/through your machine then this is enough proof. Personally I don’t think it matters if it stays on your machine after this point because I can already claim that you’ve distributed it. To go over theory again, I request the file and I can see via ISP logs that your node is part of a chain that delivered the file. At the very least (and I don’t need ISP logs to tell me this) I can see the node that delivered the file directly to me - in my mind this alone could be enough to give bad publicity to the network and potentially get people in trouble depending on where they live.

Perhaps. I think it depends on who you talk to though. This might be true for geeks that follow technical news but I don’t know about the general public.

Cool. I guess we can only wait and see

Sure there will be tricky aspects but I don’t believe it’s impossible. I’m not sure how connections look exactly within SAFE but if there is a fan out and then rewind of connections then even basic things like timing connections will help with analysis of this. I’m sure there will be other patterns too but I guess we could argue forever on things we can’t prove at the moment.

I’d be very surprised if this is the case. A node won’t have just one or two connection into the network with a stream of data going through it, there’ll be lots. Each one of these connections will very likely represent a single chunk (or operation). I’m reasonably confident in this assumption because the network was originally designed to work over UDP which is connectionless. It seems TCP is now also supported but I don’t know why this is - I’m going to guess that long standing connections aren’t being used though (but I may be wrong).

If I can assume that each connection represents one operation and I request a public file then I follow the new connection from my machine to the next, which will establish a new connection and so on.

If TCP is being used and there is a new connection per operation then I recon it probably becomes easier to follow connections between nodes because they should drop in a predictable order. Things will be a bit trickier timing things with UDP.

I’m afraid for the moment at least I’m standing by my concerns. I’ve seen nothing that makes me question the privacy of private data however I do have strong suspicions that public data will end up causing people problems. Obviously the privacy of any data (private or otherwise) is out of the question if your node is compromised. I still also think it could be quite possible to compromise nodes on an grand scale (with the cooperation of ISP’s).

There are a huge number of challenges, probably most of them won’t come out of the woodwork until the network is live. My concern for SAFE would be that by this point it could be too late because I think patching vulnerabilities will be very hard unless the approach is taken that only the most recent version of the SAFE software is allowed to survive in the network - and users won’t accept this.

As I’ve said before I see masses of potential with the network. For me though I’m not so confident that the privacy aspect can be pulled off and if this turns out to be the downfall of the network it’ll be a real shame.

I don’t think he’ll accept that. He keeps clinging to the MOST unlikely extremes. I mean yes, it is possible the sun could expand and engulf the planet due to some unknown phenomena, or that I might pop into another alternate universe, or sneeze and transport myself to another geographical location. Physics allows for almost anything to occur. This doesn’t mean we should all panic or even worry. The chances of these things happening are astronomically small. Equally so for @yonam_nous s’ concerns.

I don’t know whats happening here. Genuine belief or fear mongering. Forgive me for the suggestive tone, but as you might already know various agencies employ saboteurs, spys, trolls, misinformants, and the ever so subtle jackal who’s purpose is to blend in and cast doubt like to creep in.

You’ve been presented with very strait forward logical information and technical documents.

Yes possible but extremely unlikely. Look at the relatively small and less private/anonymous I2P. With so little defenses against even the simplest passive surveillance with no successful attacks so far. So no worries. SAFE will likely outpace all of these systems in the first few years. Don’t forget that SAFE has many legitimate uses. Its use as a better dropbox/google drive alternative alone is reason enough for million to adopt. I mean who wants to lose their precious childhood photos or other invaluable memories due to some technical, physical or corporate issue? SAFE solves this.

Statistical analysis could not be accurate enough to warrant and ensure prosecution. It is the nature of SAFEs’ design to prevent this. The solution is here. You have to allow yourself to accept it.

This is a hack on individual users. This is not a SAFE issue. It is a matter of personal security and vigilance. Yet again, even if this happened to users, it would not considered as an exploit of the true network. This is a partitioning attack that is only possible with altered binaries. Going through all of this just to release them back into SAFE is inefficient. How would get them onto this false network? Trick them into downloading an altered binary? Why not put the exploit there and let them just go on their merry way to the real SAFE? Having to setup a false network, populate it with a seemingly legitimate ecosystem of data then…I don’t know. What? Hack them remotely…? What benefit would this false network provide that would make it preferable to start them off with? In the end it’s a remote hack that is required. Achievable without all the unnecessary steps you suggest.

I don’t know maybe you could populate this false network with data that each have their own malware attached to them increasing your chances of a successful hack. Then again these new users will quickly start adding their own uncontaminated files. Quickly reducing your chances.

This all seems unnecessary given that malware could just be attached to the binaries; exploiting them from day one.

In response to:

An extreme and ridiculously unlikely case you seem happy to highlight.

In response to, from my understanding, this nook:

I say from my understanding because I believe this the heart. Data coming and going which you claim could create an exploitable pattern.

We’ve already covered the fact that a birds eye view will yield you a statistically low probability of accuracy.

I’m starting to regret the polite tone of my last message now.

As I said I’m not going to keep going round in circles and I’ve never mentioned anything about downloading dodgy binaries for individual hacks.

Surprised or not. Just download a .torrent file and open it with uTorrent or so. How does your internet-traffic look like? 1 chunk at the time? Hell no. Connections all over the place, different chunks from different users at the same time. And don’t forget the overhead. That data makes it that even when it was 1 chunk at the time on SAFE you have no clue where it ends or begins due to the overhead “noise”. But keep believing that one evil ISP still might be able to do so. I think it’s absolutely not possible.

1024×768 58.9 KB

ISP’s can’t determine who’s providing the chunks out of their Vaults. What a law firm could do is download Breaking Bad from SAFE. And log the IP-addresses of the users that provided the chunks to them as being “relay node”. So they could go to court and say: we were connected to 11.22.33.44 here in the UK and that ip-address provided 540 Chunks of a serie called Breaking Bad.

First of all, how could they prove that? They at least need to break your door, compromise your computer and show these part on your system. But as a relay-node you had no clue what was in the packages sent to their system because it was encrypted using a public key. And maybe it’s still in your ram as cached chunks, but there’s a big chance there isn’t when they arrive at your door. And even when they see you are running a Vault they have no clue what’s in there because the datamanagers used obfuscation before they sent chunks to your system.

Ohw and btw. You don’t only connect to nodes in your country. You probably connect to nodes all over the world over IP.

No worries. You haven’t made a case that convinced me this is an issue beyond what I have already said.

I could reply to your last points back to me (the jurisdiction post) explaining why they don’t stand up in my opinion, but we’re not getting anywhere because your proposition boils down to opinion. We can’t answer that, except with opinion, hence the circles.

So, good that you pointed to the possibility of someone compromising seed nodes and got us thinking about how this could be used to create attacks. Thanks.

Sorry???

How do you compromise the bootstrapping servers, not only the digital ocean servers but the possible Maidsafe servers too, without dodgy binaries?

Maybe with your SuperMegaUltraISP control (spectre’s style)?

I agree, great stuff to think about.

Exactly what I was saying.

They already have the first prove, your IP. With the technical understanding that lawyers and judges are missing with today’s technology, there is no doubt in my mind that they’ll try it this way also. And I’m not sure a judge will make a distinction between an ISP/Internet exchange point and a SAFE user that just pipes data through his Internet access, because

a) they don’t understand the technology
b) they’re claiming that you’re willing to participate in illegal activity.

Sure, this pure speculation, but not THAT far fetched, especially if you take into consideration that YOU have to prove that you’re innocent, not the other way around. They already caught you distributing illegal files, so in the first step it doesn’t really matter if you did so unwillingly. They received illegal files from your IP address.

TOR is still doing ok:

Has anyone ever been sued or prosecuted for running Tor?
No, we aren’t aware of anyone being sued or prosecuted in the United States just for running a Tor relay. Further, we believe that running a Tor relay — including an exit relay that allows people to anonymously send and receive traffic — is legal under U.S. law.

Here’s another story where an IP isn’t the same as a person: link to article.

yes, I know in Germany for example people get a “Settlement offer” for like 800 euro’s in the hope they won’t get prosecuted. But I don’t know of any case where a Popcorntime-user was found guilty for court. I don’t know if it would hold up now we have WiFi these days and people sharing bandwidth with friends and/or people in front of their house.

There have been settlement offers to Tor users (but no convictions afair) and Wifi sharing is very similar to Tor usage here in germany. The government is still trying to hold anyone accountable that is sharing Wifi, which makes it particular difficult for projects like freifunk.net.

I guess it is rather pointless to talk about it in such general fashion, since it will largely depend on the domestic laws and how the judges will handle such cases.

But I also enjoyed it this discussion and I think it helps to think outside the box, even if it is highly hypothetical.

Indeed.

This is very unlikely once the network has reached critical mass. Even before then, it would be extremely unlikely. Churn would hurt timing analysis and the chunks in question would likely not be on the targets’ machine when the knock comes. Even if they were to find the chunk on the targets computer, given the fact that anyone at any time could have that same chunk on their computer and the inherent inaccuracy of timing analysis, it would be very difficult to prove with certainty that the target is indeed the one whose computer served the chunk.

If they went on to analyze the hard drive and find other illegal chunks, it could be argued that the file wasn’t served to anyone. It’s just passing through the targets machine as a result of the designed flow of the network.

in response to:

The general population knowing the guarantee of permanence of their files, would after the affair, likely do quick inquiries on the internet as they often do for even the most mundane topics, discover that SAFE is fine to use. Look at the silk road bust. It was all over the place. Still we have roughly 3 million Tor users and that’s without the benefits of permanent storage and super simple cheap maintenance free website hosting SAFE offers. The odds are good my friend.

Anything below 100% accuracy can be argued against. SAFE unlike other systems doesn’t keep data on your system permanently with exception to archive nodes whose data is not being accessed by anyone (when touched, the data is on the move again). The transient nature of the files on the network makes plausible deniability a strong defense.

In response to:

Again latency due to natural artificial churn decreases the accuracy of analysis. It would be hard to prove the true source. On top of that, bundling of chunks could be introduced to further hamper analysis.

So what? Firstly, your data will be moving in many different direction away from you. Secondly, even if you could watch where it goes, it wouldn’t be there for long.

At the moment the only issue I could see is the shitty UK precedent of holding relays responsible for data transferred. Then again if the investigator requested the chunks, there might be an entrapment defense as they cannot prove that the relay has passed the chunk to anyone.else before then. It could also be argued that the chunk would have never passed through the relay to a general requester if it had never been requested by the investigators. So I think there are grounds for dismissal here.

Agreed. They’re many unknowns but like Firefox or any other self updating application, the hurdle is low. I believe most users like to keep their software updated and jump at the chance to see shiny new features. Knowing they are using software that prioritizes security, would motivate them to update. You don’t have to be a geek to appreciate the benefits of security in the same way a driver doesn’t have to be a mechanic to take their vehicle in for maintenance in the hopes of safeguarding their lives and improving the life span of their vehicle.