MaidSafe vs. Great Firewall of China

I was wondering if the DHT can be blocked by DPI by state firewalls and if there will have built-in anticensorship mecanisms such as traffic obfuscation (allà Obfsproxy)

3 Likes

My understanding is that it will not be too easy. SAFE doesn’t run on any set port, and is rather generic traffic. If you shut it down you would risk shutting down a lot of legitimate IofT things that you may not want to shut down.

It is always an arms race though… I am sure they will probably try.

3 Likes

They won’t actually see the DHT from the outside. They just see a gibberish P2P-network. I don’t know if they can tell with DPI that a particular handshake is from a SAFE-Client or Vault, but when they notice, they won’t see the inside of the network. What they could do is trying to setup nodes themselves and hope they’ll find an IP-address in their close group which is Chinese. Than they can tell that someone is using the network. But still, they won’t have a clue what that person is doing. Here’s some more info about the encryption layers:

1 Like

I wasn’t really worried about sniffing but about traffic detection and blocking. Repressive government won’t allow a traffic to pass unless they can control over it. Their default mode will be to block all encrypted traffic.
I guess that there will be some signature that identifies MaidSafe encrypted traffic, my question is if there can be some traffic obfuscating measures to future proof it.

2 Likes

Well since it’s all gibberish and indistingishable from regular internet traffic they’ll have a hard time blocking it without taking the entire internet 1.0 down as well. Which needless to say would be upsetting for a whole lot of people. Representitive governments can no longer nitpick in order to censor and control. You can’t fire your death ray if you can’t aquire a target.

The “gibberish” part is quite the opposite (that by itself is blockable), @Blindsite2k. It is simple to detect and block any encrypted traffic. In fact, when I mention obfuscation it means precisely a way to make encrypted traffic to look UNencrypted transparent HTTP traffic, that way it becomes truly lost in regular traffic.

But as long as we know MaidSafe doesn’t obfuscate traffic.
The question here, again, is it really gonna be undistinguishable from regular internet traffic by any other means, or it will have a signature… Or is it planned to implement obfuscation?
@dirvine whenever you are free :slight_smile:

1 Like

Are you sure about that one? From the first connection you’re using PKI. So on ip-level you use the other side public key and they use yours. How would it be possible for anyone outside the network to find out what’s going over that line? Next level is that all is Chunked. And the self-encryption uses obfuscation in the form of a bitwise XOR-element where you XOR a Chunk using a string. So even if you new the key to decrypt the Chunk, you still would need all the Chunks to un-XOR it as well. So we’re already at 2 levels of encryption and 1 layer of obfuscation. Your also routing Chunks for others over the network, so from the outside, no one has a clue what you’re doing as far as I know.

4 Likes

There are limits but yes we do obfuscate chunks and can do same with all traffic if required…

2 Likes

It will be interesting to see how it looks like on the other side of the table, running wireshark.
My question is not if it is secure nor anonymous, but detectable.

In my mind I am running the most offensive scenario where governments implement Very Deep Packet Inspection where even handshakes are analyzed to validate encrypted traffic.

1 Like

We do not negotiate keys, encrypted from first message, no diffie hellman etc. required, the keys are all available on the network PKI infrastructure. So many differences. This is a much simpler issue than the network up and running though. ATM we are multi port multi protocol encrypted and obfuscated (now there is a large area of discussion) comms. We can go from there :wink:

5 Likes

This type of discussion is why I love the whole premise of the safe network, and where (arguably, amongst many other aspects) the true value of what’s being created here lies.

‘They’ might be able to fight for control and may even be be able to win skirmishes along the way, but this technology is a bit of a game changer IMO. Once we have a cohesive mesh network working in unison we’ll be well on the way to making mass shenanigans obscenely expensive for any entity which seeks informational control over others.

3 Likes

I am salivating. This is like opening a portal to another dimension, and then saying “***** this, I’m outta here” (and a huge wild party on the other side of the portal).
Nobody will be left on Earth, and all laws will be rendered irrelevant.

1 Like

There is also a lot of related discussion about this here: