Researchers Build a Browser-Based Darknet

ancientribe writes "At Black Hat USA next month, researchers will demonstrate a way to use modern browsers to more easily build darknets — underground private Internet communities where users can share content and ideas securely and anonymously. HP's Billy Hoffman and Matt Wood have created Veiled, a proof-of-concept darknet that only requires participants have an HTML 5-based browser to join. No special software or configuration is necessary, unlike with darknets such as Tor. Veiled is basically a 'zero footprint' network, in which groups can rapidly form and disappear without a trace. The researchers admit darknets are attractive to bad guys, too, but they say they think these more easily set-up and dismantled nets will be more popular for mainstream (and legit) users." In somewhat related news, reader cheesethegreat informs us that version 0.7.5 of FreeNet has hit the tubes.

Worried, maybe.

[arizwebfoot]

The researchers admit darknets are attractive to bad guys, too.

Yeah, I would be worried about all those sock hat wearing pedophiles out there.

Of course maybe Craigslist could use it to advertise their wares.

Re:Worried, maybe.

[hansraj]

Yes, darknet is attractive to bad guys but so is expectation of privacy in general.

Re:Worried, maybe.

[Opportunist]

And that's exactly the reason why this will be outlawed immediately as soon as a sizable portion of the population (in the western world, folks, I'm not talking about Iran, China and Burma here) uses it to circumvent the governmental snooping that's running rampart.

Can't outlaw it, you say? Because we're in a free world and thus they can't just simply outlaw encryption?

Ok, they won't. What we'll get is a law that makes you liable if you "faciliate the spread of pedophilia". After all, if you help a pedo you're in the wrong as well, ain't you? Since you can't really determine what kind of data you roll around in a darknet (it would kinda defeat the purpose if you could), darknet proponents would get their IP sniffed and law enforcement would download any kind of kiddy porn they could find in the darknet. As soon as the IP of a proponent can be linked to the porn (say, a chunk came from him because it was stored at his part of the cloud), the trap closes, the law enforcement can "prove" that darknet proponents are "only" in for the kiddy porn and thus darknet is an evil tool of child exploitation.

Gimme a single reason to believe this won't happen, I beg you.

Re:Worried, maybe.

[Gotenosente]

I think you are probably right and this type of thing will be attempted. However, in that situation, I would think that one could argue they had no knowledge that that's what they were partaking in. After all, that's the design of the system, right? Hell, if I help out a guy with a flat tire who happens to proceed to rape a child, am I guilty of aiding a pedophile? No, because there are plenty of legit reasons why a guy would be driving around in a car. Just as there are plenty of legit reasons why someone would want to surf entirely anonymously.

Re:Worried, maybe.

[Opportunist]

That would make sense. But do you think a judge will be able to tell the difference, more so when he is told that he should better NOT tell the difference? It will be made a tool that faciliates child porn, and no "honest citizen" needs it... do you think this argumentation wouldn't be used? And all too readily believed by those that don't really care too much as long as they got YouTube and Twitter?

The idea that something should be legal because it is usually used for legal means and only in exceptions for illegal ones is one of the past. The same analogy could be used for guns, cars, almost anything human made can be used for good and ill. The problem here is that darknets are by their very definition something governments cannot regulate or control, and thus they will bring all the firepower they have into the field to destroy them if they see wide public use. The only reason we haven't seen them cracking down hard on them is simply that the amount of people using (or even knowing about) them is minimal. If darknets become a tool usable (and used) by the average computer user, they will become a target of governments which are all too eager to control and monitor what their citizens do.

I.e. pretty much all governments on this planet.

Re:Worried, maybe.

[Gotenosente]

I share your fear. Here's what I think the key is: tie this type of tech up with something that almost all "good" citizens would be against from the start. Ie debut this as a vehicle for freedom of information in oppressive, countries. I think we have enough people in the US who believe that there is some sort of Axis of Evil out there that needs to be defeated by Freedom. Iran would be ideal, China would probably work. We need to give John Q Public a good first impression. Maybe an author writing a nice novel would be helpful too.

Re:

[Gotenosente]

"almost all "good" citizens would not be against"

Re:Worried, maybe.

[Opportunist]

Here's your counter argument: In repressive governments like the Chinese, those darknets serve a very sensible purpose because they allow them the right to free speech and discussion of politics. Here, there is no reason for those as you may already speak your mind, and thus the only reason to use them in the "free world" is to do something illegal.

Bet nobody realizes that they're used for exactly the same thing in "repressive" states: To do something illegal. Like, say, enjoy freedom of speech.

Isn't it strange that we're all for handing people the ability to circumvent their laws if we consider those laws "wrong", but we dread the same at home?

Re:

[aurispector]

Agreed. Privacy in communications is the basis of free society. Placing anything and everything on the internet vastly expands a governments' ability to keep tabs on people.

Back in the day, gentlemen did not read each other's mail. With the advent of various technologies that barrier has been progressively lowered. Wiretapping POTS lines used to require special judicial approval, but it *was* given for a variety of reasons. These days the NSA (and equivalent agencies in other countries) routinely scan in

Re:

[Opportunist]

Other countries may disagree. But they could call it an atrocity that you're, say, not entitled to a job in the "free world". That you don't get shelter if you don't have one, or food...

You don't have food, healthcare, housing and work for the poor and needy? THAT is about the absolute minimum any human should have.

Re:If I give a killer a ride...

[shentino]

Perhaps he saw that the terrorists have already won by getting our governments to take all our freedoms away.

Yes I said it.

The terrorists have won.

Re:

[marcello_dl]

> the terrorists have already won by getting our governments to take all our freedoms away.

That's an insightful definition of "winning". They let governments get away with anything under the excuse (which might be justified or not) of national security, and that's the only fruit they bear. "By their fruit you will recognize them".

Re:

[stonewallred]

It is too early on Wednesday morning for truth here on /. Please wait until I am not drunk in the future if you don't mind. The terrorists won when we started gutting the Constitution, the Bill of Rights and the accumulated body of laws that had established our freedoms in this country. When little hick towns like the one I live in started x-raying all people entering the courthouse, and making them remove their belts, a sign of loss. When arriving two hours early at the airport, having to remove your shoes

Re:

[Anonymous Coward]

I think you are probably right and this type of thing will be attempted.
However, in that situation, I would think that one could argue they had no knowledge that that's what they were partaking in. After all, that's the design of the system, right?
Hell, if I help out a guy with a flat tire who happens to proceed to rape a child, am I guilty of aiding a pedophile? No, because there are plenty of legit reasons why a guy would be driving around in a car. Just as there are plenty of legit reasons why someone would want to surf entirely anonymously.

That might be enough to convince a jury, especially if the FBI doesn't find anything else incriminating on your systems.

But it is more than enough to get a warrant, your front door kicked off the hinges, and all your equipment confiscated for literally years. And you'll be lucky to get any of it back, ever, guilty or not.

As for your example above, they will approach it in the same fashion as P2P is treated. They will simply claim that it's "common knowledge" that most users of that service are involved in s

Re:

[Opportunist]

And with the ever increasing amount of laws it's almost certain that you actually are guilty of something. Even without knowing. If everything fails, your porn collection will be eyed for anything that could possibly be seen as "under 18" or posing as such. Or that beach pics of your kids.

Today Cardinal Richelieu would probably say "If you give me a hard drive of the most honest man, I will find something in it to hang him."

Re:

[fractoid]

Hell, if I help out a guy with a flat tire who happens to proceed to rape a child, am I guilty of aiding a pedophile?

If you help a guy in a costume-shop janitor uniform change a flat tire on a white van over the road from a school, then there's a good chance you are. There are still legit reasons for the guy to be in this situation (maybe he's just been hired as the janitor?) but there's enough reasonable doubt to be suspicious.

I'm not saying it's right that you could be punished for either of our scenarios, but you must admit that the primary purpose of darknets is sharing of material that is criminally punishable for

Re:

[fractoid]

Good point! I think that 'freedom arbitrage' (if you can call it that; the trading of information between two jurisdictions, one of which allows the information and one of which outlaws it) is probably one of the very few valid reasons (from a government point of view) to use secure / untraceable communications. That said, it only works if you're in the jurisdiction that allows the information that you're trading. The problem is that, unless international philanthropy becomes far more widespread than it cur

Re:

[cayenne8]

"I think its more like you noticed a bundle of rope, a sleeping/unconscious kid, and a shovel in the back of their car as you were helping on the tire."

While that would certainly raise concern in most people seeing that....I don't believe anything in the circumstance you mentioned, would make the person that sees it legally bound to do or report anything, even if something DID happen later.

Re:Worried, maybe.

[Trahloc]

I use to spend vacations with my family and sleep in the back of the truck while driving across country. In the back of this truck there was bundles of rope (never know when you'll need it), shovels (ditto), and an unconscious kid (driving thousands of miles made me sleepy when I was 8). I don't see anything wrong with that.

Re:

[wall0159]

"but in this day and age the probability points otherwise"
Are you suggesting that people today are less moral or more dangerous than in previous ages? If so, would you care to provide some evidence of that?

Re:

[BountyX]

In this situation, I think you would be considered an ISP/content provider, because others are connecting through you. That means they would have to serve you a DMCA notice first. This is currently the protection leveraged by Tor exit node operators, it has worked for me so far. If you were actually liable for facilitating the spread of pedophilia, it would be a legal can of worms, since the ISP would be liable, etc. If such liability existed the internet would collapse under it's own weight because it wou

Re:

[Opportunist]

Laws can be and have been used quite selectively. You cooperate with the law enforcement, you let them sniff through your logs and behold, you won't be dragged to court. Because ... umm... well, we didn't notice what you did.

You don't? Or, worse, you refuse to keep logs? Too bad for you, really...

Re:

[Attila Dimedici]

The correct response to this attack (as several posters further down point out indirectly) is to respond that they want to criminalize this type of thing as the first step to converting to an oppressive government. Make the argument that the reason the government is prosecuting you is because they can't monitor your communication and they want to be able to monitor your communication in order to be able to prevent you from coordinating opposition to government programs.

Re:

[Opportunist]

People thinking of the children constantly must be pedophiles.

I mean, consider how often you think of women (or men, depending on your preferences)...

Re:Worried, maybe.

[arizwebfoot]

You mean, like, our own government?

Have you no shame?

Re:Worried, maybe.

[Opportunist]

Have you no shame?

Is that still a requirement for a public office?

Re:

[Jurily]

Is that still a requirement for a public office?

Kind of. Those who have, don't run for office.

Re:

[GaryOlson]

So that's where all those government regulations are created and distributed from. Shame has nothing to do with bureaucracy; it's all in how you bypass the legally approved process of governing.

Re:Worried, maybe.

[cayenne8]

"it's all in how you bypass the legally approved process of governing."

Kinda like how Obama fired that Inspector General, without following the law Obama himself voted in, where you have to give congress 30 days notice AND a written reason why the IG was being fired?

Nah...the govt. doesn't need a darknet or anything to bypass the legally approved processes...

They just count on the general public/press not caring, and so far, it seems to work.

Re:

[Trogre]

*ahem*

If what you're saying is true, then when does your court case against the US Government start?

Assuming, of course, that you're a citizen of the United States.

Iran? China?

[davidwr]

Is anyone in Iran reading this right now? OK, don't respond but do pass it on to your friends.

Ditto China.

Re:Iran? China?

[MrMista_B]

How about Germany? Britian?

Re:

[GaryOlson]

How about Detroit MI?

Good

[timpdx]

Now get it out to the protesters in Iran and spread it in China for that matter.

Talking in secret

[CarpetShark]

I'm not sure how much use it is for people to talk in secret. They probably do that now, with family etc. As we can see in Iran right now, it takes people to have the guts and will to take to the streets and make their feelings known before things change.

Re:Talking in secret

[pjt33]

Talking in secret in advance helps them to take to the streets at the same time and in the same place.

Re:

[element-o.p.]

Exactly.

If you take to the streets in ones and twos, it is extremely easy for the powers that be to pick you off as you pop up. However, if you can get a group of a thousand together, it's a lot harder for the powers that be to make them all disappear without anyone else asking questions. For example, we still talk about Tienanmen Square today.

Re:

[shentino]

Tiananmen square is probably why we don't see massive protests in china today.

The government there proved it wasn't afraid to use lethal force to get its way.

Re:

[Almahtar]

it takes people to have the guts and will to take to the streets and make their feelings known before things change

Absolutely true, but it's a lot easier to get that courage when you've communicated ahead of time with thousands of others and you know they'll be there too.

Re:

[CarpetShark]

I'm not so sure. I did consider this before posting, but it seems to me that the only thing that really matters is a strong sense of righteous anger against injustice, to the point where you can no longer stand by and do nothing. When you have that, it's likely that others have it too. But when people get together and say privately at night that they're going to do something, the reality in the light of day can often be very different. Take the "pledge" sites where you can promise to not cooperate with

You mean?

[bigattichouse]

So legitimate users in Iran or China might be able to hook into a darknet that has a portal to the real world outside? Kinda like good old packet HAM radio used to.

Re:

[grassy_knoll]

If I'm reading TFA correctly, wouldn't that require access from inside Iran/China to a HTML 5 based browser outside of Iran/China?

I like the concept, but similar to Iran shutting down SMS service [trend.az] it seems possible at least this could be disrupted.

Re:

[jefu]

Short of shutting down the network a nicely distributed service could be very tough to disrupt. And while communications to the rest of the world are undoubtedly important, for the Iranians right now, internal communications are likely to be much more important.

Bad Guys

[aaandre]

Of course secrecy is attractive to bad guys. Problem is according to current legislation we are all bad guys, always crossing some obscure irrelevant law we don't know about.

So one man's secrecy is another man's privacy and protection from overreaching criminalization.

Oh, and anything you write or view on the internet, say over the phone, purchase, sms about, dial on your phone, etc. is saved and archived forever, by default, unless you make a special effort to enforce your right of privacy. Even that special effort does not guarantee protection and furthermore, that effort is not difficult to notice, and boom, you are someone with something to hide, i.e. one of the bad guys.

War is peace. Doublegood peace.

Re:Bad Guys

[plover]

And don't forget that just because you think it's safe doesn't mean that it actually IS safe. Check out the BlueCoat proxy [bluecoat.com], which is a corporate web proxy/filter that also works on SSL connections (via man-in-the-middle attack.) All your company has to do is drop their own root certificate on your machine, and unless you're in the habit of checking the sites providing your signature, you may never spot it. (Fortunately Firefox displays the certificate's site name next to the padlock icon.) There's also nothing stopping a corporation from installing a key sniffer or remote observation software on their equipment, which includes your desktop.

Just in case you were thinking that you were "safe" blowing whistles on a darknet at work.

I guess the "Post Anonymously" box isn't going to help me now anyway.

Re:

[MichaelSmith]

Fortunately Firefox displays the certificate's site name next to the padlock icon.

Out of the box yes. I don't know about the one which the IT department ships. Posting from an ubuntu system I installed myself using an ISO I downloaded at home.

Re:

[OpenGLFan]

I guess the "Post Anonymously" box isn't going to help me now anyway.

I know it's an offhand comment, but it already doesn't help you. /. still stores who you are; you can't moderate and post in the same story, even if you checked "post anonymously."

Re:

[smoker2]

Yes you can. Try it sometime. You can't post as yourself and mod, because that would allow you to mod yourself up. Anon coward doesn't accrue mod points so it doesn't matter.

Re:

[smoker2]

s/accrue mod points/accrue karma

Re:

[L4t3r4lu5]

Ok, people are continuing to mod you "Informative" so I'll drop my "Overrated" mod I gave you in favour of a response people will read.

You are wrong.

As per the two Anon Coward posts below (myself), "I just posted as Anon Coward before and after modding you, and it worked fine."

Re:

[cbiltcliffe]

I'm sure I've moderated and posted anonymously on the same story before.
I don't think I had to log out to do it.

Re:Bad Guys

[Opportunist]

I have something to hide. It's called my private life and it's nobody's business. Not yours, not some company's and most certainly not my government's.

I think it was Franklin who said, if the people fear the government, it's a tyranny, if the government fears its people, it's liberty. I think the US (and a good portion of the rest of the planet) would need a few leaders like the founding fathers of the US. If they could see what came to their dream, what they fought for, died for and had others die for, I think they'd get fed up enough to start over.

Corporations and Consumers

[castrox]

In case you didn't notice, the latest trend is that there are Corporations and Consumers. You are probably part of the Consumer segment and so a product of Society and can be sold to the Corporations.

That's where we're headed people!

Re:

[Opportunist]

Heading? We're there already. Just because it can get worse doesn't mean it ain't bad already.

Re:

[Opportunist]

Really, and what do you do in your private life?

None of the things you offered. No, I won't prove it. It's none of your effing business.

If I watched those movies, someone would notice because I invite friends when I watch movies. They could report me to the police.
If I beat my kids, they would show signs (both physical and psychological). The teacher at the very least would notice and report me.

Yes, I know that in both cases these people won't file a report and thus the crime would not be exposed. But that'

Re:

[Hurricane78]

Doubleplusgood, or doubleminusgood?

Whatever... it almost tastes like meat. :P

Re:Bad Guys

[EdIII]

I don't think you have thought that through enough. What is your basis for your claim of it being impractical? Remember, we went to the Moon. I would think that was the definition of impractical at the time. However, if you can disregard the conspiracy theories, we actually did step foot on a soundstage, I mean the Moon.

Storage capacity? There are plenty of examples of extremely large storage arrays at universities and data centers that did not cost anywhere near "trillions" of dollars to build and construct. 500 million dollars would be enough to construct a data center with a few Exabytes of storage at today's prices. Let's say $100 per Terabyte. $200M worth of hard drives would get you 2 Exabytes of non redundant storage capacity. Using an appropriate RAID setup you could even gain redundancy and lose less than 10% of that storage space. You got $300M left to build the rest of the data center. It's possible. Just Google for news about Exabyte data centers being constructed.

Take a phone conversation for example. Let's say 2.5 kB/s is the data rate. If a person talked 16 hours a day, that would put them at a 144 MB storage capacity per person per day. Let's just assume 250 million people a day are talking. That would put it at 36,000 Terabytes of storage. I know that sounds big, but that's only a few percent of a *single* Exabyte. A data center with multiple Exabytes could store weeks worth before filling up.

Now of course why would you even want to keep RAW data? You wouldn't. Let's convert it to text instead. You could assume about 130 words per minute spoken on average, which should be pretty conservative. Assuming Unicode text, with no compression, an average word length of 10 characters (twice the real amount?), that would take you from 144 MB per person per day, to......... 2.5 MB per person per day. That's quite a reduction right there. Now we only need ~625 Terabytes to store the text of every single voice conversation every day.

Hmmmmm. It's starting to seem like that $500M data center is capable of storing quite a few years worth of transcripts. About 9 years worth to be exact. So let's say...

60 MILLION DOLLARS PER YEAR.

That's it. Just for voice transcripts. Even if I am off by a whole order, that is only 600 million dollars per year. A far cry from your "trillions" of dollars estimate is it not?

I don't even think you would need the transcripts either. Not all of them. Analyze them for keywords, context, blah blah blah and you can start to keep databases of relationships between people and categorize them based on the content of their speech. The information just became more valuable, and a lot more CONDENSED.

Now let's say it costs ten times that to analyze SMS, purchase records, blogs, etc. We are still a far cry away from your impractical threshold.

Put simply, Google, Yahoo, MS, are already in the business of working with that much data and processing it.

BUT, BUT, BUT WHY?

That's the real question. Would the government, the big bad government, even be interested in a database that had relationships, political and religious views, spending patterns, movement patterns (grocery store, then the bank, etc.)?

I think the answer is yes. Either in the guise of security, protecting the children, defeating the terrorists, defeating the communists, defeating some sort of 'ism, there is a continual pressure to provide these "tools" to government. I don't think "tin foil hat" arguments are going to cut it much longer.

Clearly it's possible on a technical basis to store and process this much information, and at least in other governments, there is clearly the desire and motivation to use such abilities.

but logs and cache gets flushed unless there is a reason to keep it.

Do you know that for a fact? Everywhere? DNS records from local ISP's are VALUABLE. Targeted advertising is a big thing right now. Don't forget commercial motivations

Re:

[Omestes]

So who are we paying to translate all that voice to text? Yes, we could automate it, but unless that NSA/FBI/CIA/Aliens have technology leagues ahead of ours, then computers still suck at it. Especially when we consider that we're dealing with 250 million unique ways of speaking, spread across umpteen dialects, and all the various slangs.

And what does this get? Nothing. the simplest scheme can thwart this. "I need to get some eggs at the supermarket" could conceal loads of information, without ever rai

Re:

[EdIII]

So who are we paying to translate all that voice to text? Yes, we could automate it, but unless that NSA/FBI/CIA/Aliens have technology leagues ahead of ours, then computers still suck at it. Especially when we consider that we're dealing with 250 million unique ways of speaking, spread across umpteen dialects, and all the various slangs.

10 YEARS ago at Comdex I saw a handheld MID that *perfectly* performed speech-to-text in damn near real time and with all the background noise of the convention. I then ha

Re:

[jc42]

"I need to get some eggs at the supermarket" could conceal loads of information, without ever raising suspicions.

Good point. So? Is everyone in America going to start speaking in codes? Keep in mind you can eventually break them in context AND by using those codes you are standing out against everyone not using them.

Sure, we do. I used a statement like that just a few days ago, in a message to my wife. I also said that we needed milk (both skim and 2%), and an outsider looking for code words might really

Re:

[batquux]

We don't want our everyday speech about things like groceries to be archived

Apparently, there's a lot of people who don't mind [twitter.com].

Re:

[Omestes]

The best way to avoid illicit government mind reading is not having one. Or so I've heard.

HTML5

[Amazing Quantum Man]

Which browsers (please include note if it's beta) support HTML 5?

Re:HTML5

[Jugalator]

None that I know of, but Firefox, Safari, Chrome, (and Opera?) should have rudimentary support for parts of it, like the video tag, and the canvas tag.

Not that I know if that's what they're referring to though.

All major browers today have very poor HTML 5 support though. It's still not even a finalized standard.

Re:

[Celeste R]

Which browsers (please include note if it's beta) support HTML 5?

Opera has supported it the longest; the newer (or newest) versions of Firefox and Chrome are also supporting most (if not all) of it.

IE is falling far behind, but that may change with the release of their next version.

Re:HTML5

[tholomyes]

Here's the details on which browsers support what parts of the new features of HTML5 thus far: http://www.quirksmode.org/dom/html5.html [quirksmode.org].

According to quirksmode, it appears that Safari 4.0 has the most complete support, followed by FF 3.5b and IE8. Chrome and Opera do not appear to, at least as far as supporting the new features is concerned.

Re:HTML5

[tholomyes]

Also note quirksmode's caveat:

"The compatibility information above is only for the HTML5 features I tested; they do not necessarily say anything about the browsers' overall HTML5 support. The number of tests will slowly expand."

But what about the quality?

[jd]

I'd (almost) rather use a darknet built over SMTP than use Freenet, which is horribly, horribly, painfuly, agonizingly sloooooow!

TOR, to me, seems to be about the right sort of level of speed and security. I know of no obvious problems with it (other than you can't use applets that call home). This is not to say it's perfect, or that people shouldn't do research, but if there is a benchmark that systems should reach or exceed, I'd consider TOR to be the one to beat, not Freenet.

There are other overnets and

v--

[buchner.johannes]

v-- people below will point out that Tor provides no security but group anonymity.

Re:

[fractoid]

This is my worry about things like Tor - as I understand it, the anonymity is provided by bouncing encrypted packets between nodes, and is predicated on the nodes not collaborating. As soon as you have one entity running N nodes, any request for any bounce length less than N becomes a simple client-server transaction and the server (probably Government-run) has a good chance to know what the client is downloading. Can anyone more qualified comment on this?

Re:

[jd]

You're basically talking about nodes that turn traitor. You can apply The Byzantine General's Problem to solve that. The system should remain secure provided that in a system of N nodes, more than (N/2)+1 nodes can be trusted. (Which means the smallest safe network has 5 nodes where 4 are guaranteed secure.)

However, partial discovery is sufficient for something like a download, in which case the problem changes slightly. You only need a certain fraction of the information in order to guess the rest. (This r

Re:

[fractoid]

Ooh, good points! I guess, having thought about it more thoroughly (and just replied to your sibling post), my main concerns are less about a man-in-the-middle attack and more about a false sense of anonymity when downloading a prohibited file from a government-run node.

Re:

[cbiltcliffe]

The only problem with that is, I believe no single Tor node knows where the communication originated, except the one it actually originated at, and it ain't tellin'.

So even if a government controlled all Tor exit nodes in the country, it has no way of knowing whether the communication coming to that node originated 1 hop, 3 hops, or 27 hops away. Or even if it originated in the country in question.

Re:

[fractoid]

True, but I don't know how far plausible deniability goes as a defense if you're downloading something illegal. The data you're downloading ends up being sourced from a government honeypot:

1. The government knows what's being downloaded, because it originates from their network.
2. The government can approximate how many packets of that file go to the same node, even if the node requests fragments from different files, as long as they own a substantial (say >10%) proportion of the adjacent nodes
3. If they can pr

Re:

[marol]

That certainly is a problem. A brute force solution to that problem is to make sure the network has enough "non-government" nodes to drive down the probability figures in such analyses. I guess if the probability of identifying an end node is low enough, that also makes it less likely for the government to seek warrants. (Unless they are just trying to bring down all nodes of the network.)
The I2P website has a list of different threat models [i2p2.de] and links to related papers. I guess this one falls under partit

Easier is better

[tnk1]

If its easier to use, you will definitely see more people using it who are legitimate. Tor and other darknets are a pain in the ass to use, and they clearly have a larger proportion of people using it for more nefarious purposes. The reason is simple: they *need* to use it because they are bad guys. Good guys, unless they fully comprehend the threats against them, are less likely to go to the effort. Hopefully this works out and is secure. It would be a big plus for people who don't want to deal with the hassle, not to mention, they don't want instantly incriminating software on their machine. My guess is that the Chinese and Iranian government minders don't like you if they see you getting your hands on anything like a Tor/Freenet software package.

Re:

[Opportunist]

Defining "good" and "bad" in this day and age ain't so simple anymore. A lot of "good" guys break the law.

Someone blogging about human rights in China? A bad guy, according to the Chinese government. Someone writing instructions how to use your hardware in the way you want it and not in the way its manufacturer wants? A bad guy, according to pretty much any western government. Someone telling people how to circumvent internet filters? A bad guy, in pretty much any government's eyes.

Any of those guys "bad" b

Re:

[mrsteveman1]

"Good" guys need to use it too, they just don't know why yet.

Late April Fools' joke?

[castrox]

Is this a late April Fools' joke? How does this supposed system work? It seems there must be a hosted PHP file somewhere - that server needs to have logs, at least if it's inside the EU and however you slice that you're toast.

Basically it seems to work sort of like a BitTorrent tracker that directs your client to other clients. So by what mechanism do you choose who to include in the "net"? If I understand correctly you sort of create channels for different purposes or groups. By using a introductory key? And how do you communicate that key? By encrypted e-mail? So any agencies that listen in on you very easily can see who you communicated with prior to your request for so and so domain holding the darknet PHP file? And how tough is that encryption? Ordinary SSL?

It connects the user's HTML 5-based browser to a single PHP file, which downloads some JavaScript code into the browser. Pieces of the file are spread among the members of the Veiled darknet. It's not peer-to-peer, but rather a chain of "repeaters" of the PHP file, the researchers say.

Spreads the file onto multiple peers? Is it possible for this file to run out of entropy in any way??

Oops, tripped on the wire

[castrox]

Gosh, I just see a fair many obstacles to this tech which has many similarities to other systems (judging by the many references to other similar systems in TFA) and thus doesn't sound very revolutionary. But this one is browser based, so I guess, as TFA points out, it lowers the barriers to entry to a darknet. To me, this sounds like what it's about. Just click the link and be one with the dark side? Otoh the question is how it's supposedly used.

I admit I may look like an ass, but unless you've been hiding

i allready have a darknet

[FudRucker]

just ctrl alt backspace and type in lynx :D

Re:

[ArsonSmith]

Hmm, just asking for a password. And my keyboard doesn't seem to be working any more. Stupid Ubuntu.

Re:

[ArsonSmith]

Well enter works... I don't get this stuff at all.

Attractive to bad guys?

[The Archon V2.0]

The researchers admit darknets are attractive to bad guys, too

So is encryption. So is privacy. So are knives. So is food. So is living another day. It's not wrong just because it can be used to ill ends.

Or, to be all profound and Latin and stuff: abusus non tollit usum.

Re:

[hansraj]

I was going to fiercely argue against all that you wrote, but your punchline was in Latin so now I have to agree to every word you say!

Re:

[Arthur B.]

Pants. My favorite example is pants. Many crimes are very hard to commit without pants.

Re:

[mrsteveman1]

Rape?

Re:

[nausea_malvarma]

Not all crimes require pants. What about streaking?

Re:

[selven]

Dihydrogen monoxide [dhmo.org] is the correct answer.

Re:

[cbiltcliffe]

Pants. My favorite example is pants. Many crimes are very hard to commit without pants.

Except flashing your privates in public. :)

Tomatoes are way more dangerous than darknets

[Rick Bentley]

Ninety-two point four per cent of juvenile delinquents have eaten tomatoes.

Eighty-seven point one per cent of the adult criminals in penitentiaries throughout the United States have eaten tomatoes.

Informers reliably inform that of all known American Communists ninety-two point three percent have eaten tomatoes.

Eighty-four per cent of all people killed in automobile accidents during the year 2004 had eaten tomatoes.

Those who object to singling out specific groups for statistical proofs require measurements within in the total. Of those people born before the year 1850, regardless of race, color, creed or caste, and known to have eaten tomatoes, there has been one hundred per cent mortality!

In spite of their dread addiction, a few tomato eaters born between 1850 and 1900 still manage to survive, but the clinical picture is poor-their bones are brittle, their movements feeble, their skin seamed and wrinkled, their eyesight failing, hair falling, and frequently they have lost all their teeth.

Those born between 1900 and 1950 number somewhat more survivors, but the overt signs of the addiction's dread effects differ not in kind but only in degree of deterioration. Prognostication is not hopeful.

Exhaustive experiment shows that when tomatoes are withheld from an addict, invariably his cravings will cause him to turn to substitutes-such as oranges, or steak and potatoes. If both tomatoes and all substitutes are persistently withheld-death invariably results within a short time!

The skeptic of apocryphal statistics, or the stubborn nonconformist who will not accept the clearly proved conclusions of others may conduct his own experiment.

Obtain two dozen tomatoes-they may actually be purchased within a block of some high schools, or discovered growing in a respected neighbor's back yard! - crush them to a pulp in exactly the state they would have if introduced into the stomach, pour the vile juice into a bowl, and place a goldfish therein. Within minutes the goldfish will be dead!

Those who argue that what affects a goldfish might not apply to a human being may, at their own choice, wish to conduct a direct experiment by fully immersing a live human head* into the mixture for a full five minutes.

* It is suggested that best results will be obtained by using an experimental subject who is thoroughly familiar with and frequently uses the logical methods demonstrated herein, such as:

(a) The average politician. Extremely unavailable to the average citizen except during the short open season before election.

(b) The advertising copywriter. Extremely wary and hard to catch due to his experience with many lawsuits for fraudulent claims.

(c) The dedicated moralist. Extremely plentiful in supply, and the experimenter might even obtain a bounty on each from a grateful community.





THE DREAD TOMATO ADDICTION Mark Clifton This essay originally appeared in the February 1958 edition of Astounding. The dates in this version have been modified (all dates plus 50 years).

Very Useful

[jefu]

Currently to do shared chat/video chat/audio/documents... most systems are dependent on servers of one sort or another. Making something that could work on a more peer-to-peer level would be very useful indeed as it would help alleviate (though probably not entirely eliminate) the reliance on servers that are often under someone else's control. If you doubt the usefulness of this, just look at what is happening in Iran right now.

Re:

[L4t3r4lu5]

You do understand that a darknet is just a smaller internet, don't you?

Several computers linked up over a common communication medium, routing requests for data on foreign systems between themselves. The only added advantage is essentially a form of distributed file system-style of information redundancy; You connect to the foreign node, you download the data, you host it for others in the darknet to make data more readily available and faster to access.

The biggest issue with darknets is that they do not

Let me know...

[actionbastard]

When it works with lynx.

HOW?

[rosvall]

Since there are zero details in TFA, i'm just going to speculate that one of three things is going on, in order of increasing probability:
1. HTML 5 creates all sorts of fantastic new ways to communicate anonymously through a central server. In that case, please fill me in. In genuinely interested.
2. The researchers have implemented something like the dining cryptographers protocol in js and php.
3. TFA is utter bullshit

A Seriously Important Requirement

[Nom du Keyboard]

A seriously important requirement for any darknet is the ability to conceal your IP address from the other participants. I don't yet see how that happens here.

Re:

[L4t3r4lu5]

Much like Tor.

• The client software pseudo-randomly assigns you an identifier which is used for connections on that network.
• Your first connection to the next node in the chain may be identifiable as you, but your destination is not known. It goes "Well, I'm connected to these three guys, and I'll send this packet that way. I'll remember that response packets need to go back to the same identifier on the return."
• The next node does not know your originating IP address, only the identifier the software assig

Re:

[morgan_greywolf]

Microsoft realized that early on, which is why Explorer was integrated into Windows in the first place. And it's also why they're fighting to try to keep IE on top.

No, Netscape and Sun realized that early on, which is where the concept of browser plugins, JavaScript, and ultimately, Java come from. Then they started wagging their tongues about it rather than sit there and quietly implement stuff (ala Google), so Microsoft.moved to "cut off their air supply" (direct quote from a Microsoft memo used as evidence in their antitrust case) by integrating Internet Explorer into Windows.

Re:

[jacquesm]

the 'concept' of java goes back to UCSD pascal.

Re:

[daveime]

If it's anonymous, how is anyone going to hear your pathetic cries of "PLEASE SEED" ?