friend of a friend type darknets

Alex allo at laxu.de
Sun Sep 19 23:44:23 CEST 2010 

Hi!
On Sun, Sep 19, 2010 at 11:23:58PM +0200, Guus Sliepen wrote:
> On Sat, Sep 18, 2010 at 12:25:29AM +0200, Alex wrote:
> 
> > here a little patch for darknet functionality, i hope it does what its
> > intended for sufficiently ... but it seems to work :).
> > 
> > what should it do?
> > 
> > imagine your friend-network. A trusts B and C. B trusts D and E, D trust
> > F, C trusts G. All trust relationships are mutal
> > 
> >  A <---> C <---> G
> >  ^
> >  \
> >   \-----> B <---> D <---> F
> >           ^
> >           \
> >            \---> E
> 
> You have drawn an acyclic graph, but tinc can work with any kind of topology,
> including cycles (in fact, that makes it more robust in case some connection
> fails).
Yes, cycles would be just okay.

 A <----> C <--> G <--+
 ^        ^            \ 
 \        v             \
  +-----> B <---> D <---> F
          ^       ^
          \       v
           +----> E

> > The idea: just route over friend-routes. solution: use IndirectData
> > connections of tinc, and connect only to trusted persons.
> I don't really see why you want to avoid nodes from connecting to each other
> directly. 
Its the darknet idea. Imagine you want to be anonymous except to your
friends. so nobody knows who (which IP) you are, but they can connect to
you.


> If you use IndirectData, it just decreases the efficiency of the
> network. All the nodes can still send data to each other via the VPN.
This is intended that way.

> You could combine this with the DirectOnly option, but that means
> friends-of-friends cannot talk to each other at all.
No, i want the opposite: Everybody can talk to everybody in the darknet,
but nobody but your friends know your real (internet) IP.

> Personally, I do not see any point in hiding a node's public IP and port, while
> still allowing traffic to their VPN interface. I would assume that if they are
> using a VPN, then their public IP is behind some firewall at least, so I do not
> see a security advantage.
not security as in firewall, but security as in "only trusted people
know who i am". Of course this depends on the services bound to the vpn
interface, too! and ip-fingerprinting, etc. may be still possible.

> The patch itself looks nice. However, you only hide the public IP and port in
> send_add_edge(). But you could receive those ADD_EDGE messages back (it is
> possible even when you have an acyclic graph), so you need to deal with it in
> add_edge_h() and del_edge_h() as well.
thank you for analysing the patch, because i haven't read and understood
all tinc code, yet.

> It is less simple there. Also, when you
> have a graph with cycles (for example, G connects to F as well), and not
> everyone is using the FriendOfAFriend option, then you will get conflicting
> ADD_EDGE messages, which will trigger a never-ending flood of correcting
> DEL_EDGE and ADD_EDGE messages.
isn't this the same problem, if peer A is known to B by a lan-ip and
known to C by an internet IP?

> I do not really see this working for tinc 1.x. The TunnelServer option is
> something related to this, but I'm also not so happy with it, although some
> people are using it. These options that hide information are just very tricky
> to implement correctly.
tunnelserver is a more central approach to this

> What exactly do you want to achieve? Anonymity of nodes? What attacks are you
> trying to defend from?
anonymity against everyone except the direct links. a tinc network is
open to everybody who knows someone in the tinc-network. but i may want
to stay anonymous against everybody i do not trust directly.
so a node would only be able to tell a list of node-names and the ip of
the first node (one of its friends of course) in the path.

its not fully like the tor-project onion approach. on tor a node only
knows which other node is the first in the path, everything behind that
is hidden. and this costs a lot of performance, but provides true
anonymity. in this approach you can still see the complete
network-graph, but you cannot see the ips of peers, which are not
directly connected to you.



so the idea
is, everybody connects to his friends directly, and everyone else only
via IndirectData without them knowing the real ip. so people could start
seperate darknets, which may grow together at some points.
think of it like the gpg web-of-trust. you have a few people you can
trust, the rest can be only trusted indirectly via the web.

Alex

More information about the tinc-devel mailing list