This is a conversation I had with a Freenet developer. Freenet as some might know is a project very similar to maidsafe. After some discussion I was enlightened about the anonymity threat model of maidsafe. If the below is true, I wonder what or even if maidsafe will create to countermeasure the threat freenet currently defends against.
Here is the convo:
Their routing scheme appears to be based on Kademlia. That’s not too different from what Freenet does.
[09:55] qwebirc51973: From what I read, I’m not sure of how Kademlia would provide anonymity, though.
[09:56] you should inquire
[09:56] they’re all really cool people
[09:58] and most know about the inner workings well
[09:58] i really think the information they provide could really help
[10:05] qwebirc51973: It’s hard to compare Maidsafe and Freenet. They clearly have different goals in mind.
[10:14] secure web platform
[10:14] that provide the above qualities
[10:14] qwebirc51973: For instance, Maidsafe only supports “self encryption” on blocks. That is similar to what we know as CHKs where the key is derived from the file data.
qwebirc51973: Those are unsafe, from our point of view: knowing the
plain text of a document to be inserted, allows pre-computation of which blocks will be inserted, allowing the publisher to be traced.
[10:16] Can you please present this to their team. I would really like to read their response.
[10:17] From what I understand they believe SAFE is really well thought out.
[10:17] As if they’re no weaknesses.
[10:18] So far eveyone who has presented them with supposed flaws have walked away assured.
[10:19] qwebirc51973: Maidsafe is a secure, redundant and decentralized filesystem based on quid pro quo. Freenet is a decentralized datastore where anonymity and censorship avoidance is the greatest goal (hence the existence of darknets and such), allowing safe and anonymous
[10:19] qwebirc51973: There are no security flaws in Maidsafe: they have no threat model, so there’s nothing to be secure against.
[10:20] So I it seems I’ve misunderstood
[10:20] qwebirc51973: Maybe you have, maybe I have misunderstood their documentation (or lack thereof).
[10:20] I thought anonymity was their goal as well
[10:22] qwebirc51973: Yeah, they do state so at least a few times.
[10:23] You being more knowledgeable on the matter; can you inquire on their forum please.
[10:24] If they claim anonymity then they should back it up
qwebirc51973: Their notion of anonymity seems to be: “If you don’t know what I’m doing, you can’t get to know it by monitoring me either”. Our notion of anonymity is more like “Even if you do know what I’m up to, you’ll have a hard time proving it”.
[10:27] I see
[10:28] qwebirc51973: So yes, maybe Maidsafe is anonymous. With self-encryption however, it’ll only be as anonymous as the user is unpredictable.
[10:29] Maybe you could suggest a better model or ask if they plan or have some solution to the attack.
[10:29] You guys might be able to help each other.
[10:30] They’re hundreds devs working on SAFE.
[10:30] qwebirc51973: I think I’ve spent enough time on Maidsafe already. We’ll see what comes from it - at least at some point they will need to state their threat model, and that would clarify a lot