God help me. I know it’s a flaw in my personality that I can’t let things go. There is still a mass of confusion over what I’m saying and it’s bugging the hell out of me. If I fail to get my point across this time then I’m just going to have to accept that I’ve failed - my dead horse is truly pulverised.
Accepted (or at least these points were accepted by you at some point!)
-
Nodes can identify the other nodes that are directly connected to them (by IP address). This can be used (with the help of ISP’s) to identify the owner.
-
It is possible for an ISP to get between a new user and all bootstrapping nodes that the ISP knows about.
-
It is possible for an ISP to know all users who are requesting a connection to a bootstrapping node that it knows about.
-
It is possible for someone (e.g. an ISP, agency, group, etc.) to create a FAKE-SAFE network which is running customised nodes. This means a new node that enters this network is only talking to fake nodes and is therefore open to a Sybil attack.
-
It is possible for an ISP to to capture and relay traffic between a node and it’s intended bootstrapping node - meaning the fact that the node knows the bootstrapping nodes public key isn’t important because they will be speaking to the correct bootstrapping node (to start with) via the ISP’s “man in the middle”. And this is how the “Man in the Middle Attack” occurs. The middle man can make the node think they are connecting to the correct bootstrapping node. It can then trick it into it’s FAKE-SAFE network where it’s subject to Sybil.
-
It is possible in a quiet network (I think in busy too but I’m limiting things part to what we currently agree on) for ISP’s in cooperation to determine the route of traffic. It is therefore possible for them to pull a file (which may be illegal) and see vaults and relays used to distribute the file. Likewise they can put a file into the network and determine the route it takes - it may of course move after this but at least one copy can always be found by requesting it again.
-
If your node can be identified as transmitting illegal data then it is POSSIBLE for you to be prosecuted (maybe unlikely in most countries but as you said yourself it has happened with Tor in Germany I think). This could happen even if you just happened to be a node next to mine in my jurisdiction and I pull an illegal file - I can prove that part/all of it came through your machine - even if you no longer have a copy.
Disputed (which I happen to think are probable)
-
Once a node is Sybilled it’s very likely it can be tricked into doing something that will compromise it, e.g. download an update.
-
After a node is compromised (or not) it will be possible to release it into the real SAFE network and the owner of the node will very likely not have a clue what happened (the FAKE SAFE network will have created the users account in the real network for them - multiple ways to do this I’m sure - especially easy if the node is compromised).
-
You won’t have to get too many ISP’s on board for them to be able to do a lot of damage. The majority of people will be going through a small number of ISP’s. If you can’t get a complete overview of the route of a file because ISP X isn’t on board you just keep looking until you get routes that are completely within the networks of the major ISP’s.
-
Even if the network is busy it is far from impossible (with the help of ISP’s) to determine the route of data in the network.
-
If you know what you are looking for then it’s possible to follow the route of individual files. At the very least if I have sufficient ISP records and I request a file I will be able to determine the route that the chunk(s) took to get to me.
-
There will be patterns that allow for the analysis of public files on the network (obviously with sufficient ISP records). You could probably work out popular files, where they are being cached, etc. I’ve covered this in a bit more detail earlier.
OK, I’m proposing 2 (I’ll say it again TWO) INDEPENDENT methods for working around the security features of SAFE. The FAKE network is ONE way - if most nodes were compromised then there’s little value in monitoring the network. If nodes CAN’T be compromised then it will be possible to monitor the network to some degree (you think with low accuracy and I think with reasonably good accuracy - enough to warrant further targeted investigation at least).
I’m sure there are other things too that I’ve forgotten or not even considered. I’ve attached a diagram that outlines why I’ve got a reasonable level of confidence why it will be possible to determine the route of files even in a busy network. Of course there’s going to be a hell of a lot of data to sift through. Expensive - yes. Impossible - no. Are there motivated groups with a lot of money that would like the information - of course. Will this be done - nobody knows.
Signing off - again