Once again, in light of the protonmail revelations, it’s not private unless you run it yourself.
@TheGibson which won't be the case in a client/server setup probably either, if you're using some external VPS.
It's not private unless you run it yourself *and* it's peer to peer.
@feonixrift @TheGibson Fun note: Spritely's Goblins' default "netlayer" is over tor onion services. Thus the stuff I'm building should be more resilient against this. Not perfect... you can still do network monitoring attacks against Tor Onion Services. But it's harder to do on a mass scale on the network.
@TheGibson @feonixrift and yeah, I'd say: I don't actually believe in the amount of anonymnity that Tor advertises onion services having. It's too easy to do network monitoring attacks on a state level.
But... it's still better than most options out there. And it's hard to fix that without increasing latency on the network by an enormous amount.
Spritely also supports sneakernet networks too in theory btw. But I haven't implemented it. CapTPigeon!
@cwebber @thegibson Wishing I had a Captain Pigeon GIF for this. I see no easy way to push the envelope on metadata other than going full blown mixmaster (dull, nobody wants to work at that pace) or having the network inject false traffic to mask the signals (I've floated it but there's no interest).
The *main* reason I use Tor Onion Services is that it makes writing easy p2p systems... easy!
I try to downplay the supposed benefits we're talking about in this thread, for the very reason we're talking about them, and emphasize "it's about making p2p easy".
See VPNs for an example where I get driven mad by the amount of over-promising that's made to users of their privacy and security. I don't want to promise more than I'm giving.
> The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!
Most of those are demonstrably untrue:
- Corporate surveillance on the fediverse is completely possible
- Ads can appear, but it's definitely true there's much less thankfully
- "Own your data": I hate this phrase. Makes the same mistakes "intellectual property" does
@TheGibson @feonixrift don't get me wrong, I think Mastodon's branding is super great and is a large part of the fediverse's success. And most of these claims predate Mastodon: Diaspora also said the same "own your data" BS. It doesn't make sense. It's a non-rivalrous good... possession does not equate to exclusivity. You can't prevent copying, and it gives the impression you can. That's the same line of thinking that leads people to DRM.
Ocaps do provide more control in the first place over transmitted information and particularly *permitted behavior*. But the ocap community is strongly against the "prohibiting delegation myth", which is exactly what this is: http://www.erights.org/elib/capability/delegations.html
No system can prohibit delegation. Mathematically impossible. Design with that in mind.
its also claimed Mastodon is "censorship-resistant" - this isn't true as its *very* easy to lean on well educated, fairly middle class young adults in tech jobs who run most instances, most won't risk going to jail or limiting their career prospects for relative strangers (nor should they be expected to do so!)
The Chinese "meow" cat picture instance got quickly confined behind the GFW (but not banned!) as soon as they started discussing politics.
incidentally the Chinese (around 2019) managed to configure the GFW in such a way that "Fediverse activity" scans from Germany showed the instances as open, yet it was impossible to view them from England (I suspect a lot of Chinese would also tolerate an instance that only worked domestically due to language and cultural barriers as well as timezones)
ofc you could substitute "China" with *any* sovereign country where folk in power have sufficient tech awareness (TBH even in USA and Europe there are a quite a few instances with limited federation for various political reasons, and they seem to still remain popular enough..)
@TheGibson @feonixrift The "indexing outcry" was a peak example of this for me. It seemed to me that the misleading marketing was partly responsible for giving users the impression that they were on a system that *couldn't* be indexed. Once they it was a shock. The researchers voluntarily took it down. But bad actors can and *probably are* indexing the fediverse still.
I have a variant of a phrase I derived from the ocap community: "We don't pretend to be able to prevent what we cannot."
@cwebber @firstname.lastname@example.org @email@example.com
I don't understand
How do onion services make p2p easier?
@cwebber AFAIU, onion monitoring is possible through watching endpoints. There are ~1000 -- 2000 Tor exit nodes (actual number ranging mostly between 1250 and 1500 per TorStats over the past year and some, as of yesterday). If you can watch bits in and out at least some of the time, you have a good idea of what's happening.
Ironically, the lower Tor latency gets, the more subject it is to traffic analysis of this sort.
Ideally you'd want some random-delay relay node in the middle.
Len Sassaman, where's your mixmailer when we need it?
- An "anonymizer" for the general internet (I mostly don't believe this works on state-actor levels)
- A P2P network (the .onion services) which stays fully encrypted within the network
The latter is MUCH more interesting to me than the former, which I suspect is already quite pwned.
@cwebber @dredmorbius @feonixrift @thegibson I ran an exit node for a while and it would have been _so easy_ for my network provider to run attacks if they'd been so inclined. Just by running stats on destination TCP port and blatantly obvious clues to client OS, it was evident that people were treating Tor as magic security dust that meant they didn't need to bother with encryption between the exit and the destination, _or_ with, like, running a current patched-up OS...
@cwebber You're talking about services with onion addresses specifcally.
Those enter Tor, but never leave. Traffic analysis would be limited to "subject observed using Tor", but there's no exit traffic to correlate.
Unless the service node itself leaks info (see SilkRoad / Ulbrecht).
@dredmorbius @feonixrift @TheGibson Network analysis can still reveal a lot. Say I want to know where <alice>.onion lives and have a list of suspected computers. I send some packets to <alice>.onion and see if network activity correspondingly ends up on that node. If I can show that the same size of, and time of, information keeps happening, I can quickly narrow down which node is responsible.
A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.