SAFEnetwork browsing detection

I was reading this article http://www.thelastamericanvagabond.com/constitutional-rights/fbi-labled-tor-browser-users-criminals/ that says FBI are now allowed to get a search warrant only if someone uses anonymizing software.

My question is : Will FBI know when people use the safenetwork?

2 Likes

Of course they will.
Maybe they won’t know what you’re doing on SAFE, but they’ll very likely know you’re using SAFE.

2 Likes

@janitor Out of curiosity, what would give it away? The unique characteristics of crust (TCP hole punching, etc.)? All communications are encrypted so what would differentiate it from other encrypted communications?

'the heck I know, but ATM you know that upon startup you connect to a bunch of hard-coded seed nodes (maintained by MaidSafe, but in any case, even when/if some of those become user-owned nodes, noone but SAFE users connect to the nodes listed in SAFE s/w settings).
It’s the same with Bitcoin and other P2P s/w.

2 Likes

@janitor (reply to user not working correctly for me) Okay so until the s/w progresses to or passed beta then yes but after then it may be quite difficult to tell via the bootstrapping process not being tied to particular seed nodes?

It doesn’t matter when/how, anyone can find who the seeding IP’s are (for example, download SAFE, write a script to fire it up 500 times and kill it after 10 secs, and every time record first 4 IP’s it initially connects to, then filter all the IP’s that appear two or more times).

So even if the list is not hardcoded, you can find it experimentally. But it’s going to be hardcoded because you don’t want to leave this to luck: you want to make sure upon startup the client can find at least 1 reliable seed node. At most MaidSafe may decrease the number of seed nodes operated by them, and add some community or developer seed nodes, but the list is not going away anytime soon.

After you re-connect, you can get enough connections from your peer history, but the first connection must get to at least 1 seed node…

Seed list for Bitcoin:

2 Likes

The thing is to make SAFE use ubiquitous and popular for everyone. Then such distinction won’t mean a thing.

5 Likes

Okay so alphabet soup org would investigate many p2p privacy enhancing s/w in such a way and be able to reference the reoccurring seed nodes to matching network therefore knowing what network or s/w you are using. But down the road maid safe is likely to address this I would assume

We’ll see what someone from the project says, if anything, but as you can see in case of Bitcoin there’s no solution (I haven’t even heard anyone discussing this lately).
Currently if you want to bootstrap with Bitcoin Core you use Tor and you don’t have to exit .onion to bootstrap (and function). But Tor itself needs to do that, so it’s just pushing the problem to a layer below, it’s not really a solution that Bitcoin Core came up with.

1 Like

That’s neat they don’t have to leave .onion but def not a legit solution. Yes we’ll see I think it’d be good to have a discussion on down the road but hope it isn’t forgotten by our community as not being singled out would help make safe more ubiquitous

When pluggable transports for protocol obfuscation are implemented, even the worlds most repressive regimes and criminal groups will not be able to identify, monitor or block SafeNetwork traffic unless they want to also block every other streaming protocol on the network.

Read more on protocol obfuscation and pluggable transports over on this thread.

Edit: This is probably a better place in the long thread to start.

2 Likes

This is why I was asking a while back in the forum if there is a way to obfuscate traffic in the way that obfsproxy does with Tor to avoid any kind of DPI analysis that would detect the existence of any encrypted traffic.
All TOR traffic that passes through Obfsproxy is transformed so it looks like plain HTTP.

Check out: https://www.torproject.org/projects/obfsproxy.html.en
ScrambleSuit Whitepaper: http://www.cs.kau.se/philwint/scramblesuit/wpes2013.pdf
SkypeMorph: http://cacr.uwaterloo.ca/techreports/2012/cacr2012-08.pdf

It changes the network fingerprint and makes TOR traffic look like harmless clean HTTP/Skype Video traffic.
The papers are quite interesting to read.

1 Like

In our case the nodes and clients build bootstrap lists of previously connected nodes. Much like skype used to do. So you may connect to a seed node initially but you do not need to. All you need is to know an endpoint on the network (can be provided in many way, even email etc.).

After you have connected once (and you will disconnect from a seed node) you should have a list of nodes to connect to if they are still running. Only going off line for a while may mean you go back to seed nodes.

Still not perfect, but not polling seed nodes every startup is a good first start. Client apps (launcher) should be able to take endpoints as an option on start as well if you do not wish to ever use seed nodes. So that all needs tidy up, but the API etc. is all there to do so.

[EDIT, I should say you would need to have IP:PORT and public key in the endpoint]

6 Likes

Of course: out-of-channel initialization. I was going to ask about that.

Just to clarify: So one might have a stand at a convention and hand out cards with an IP and a key on them, which takes care of both unique human, and initializing into SAFE without seeds. Is that an accurate picture? Thing is, you can’t rely on IP alone, due to man-in-the-middle.

1 Like

Just get to any network node then your node will build it’s own list. I suspect there are many ways to do this, bitcoin used dns at one stage. I think shared by trusted parties etc. may all happen. service_discovery will work in your LAN, there is always gossip based discovery as well, which we do not have yet. It’s an easier fix than almost everything we did in last 2 weeks. Security phase coming soon and this will all get extended.

4 Likes

This article got me thinking: http://themerkle.com/fbi-can-obtain-a-warrant-if-you-run-tor-come-december/

Could the same happen to Safenet, or would the traffic be indistinguishable for the ISP?