Step-by-step: the road to Fleming, 2: Sybil resilience

development
fleming
routing

#41

To corrupt / control a section (and start deciding where nodes end up) , you need to have a majority of elder nodes in the section, but random location makes this very unlikely.

I think to achieve this you need at least one third of all elder nodes. It is in any event very difficult/costly to get into that position.


#42

That would be 2/3 thirds to control the outcomes. 1/3 allows disruption of the section.


#43

if it was a PoW blockchain that sounds sufficient. I think the original thrust of my question is: Does trusting older nodes more make it easier for some players to control enough of the nodes that matter compared to if we just trust all nodes and you need 2/3 of ALL of them and not just the subset of elder nodes.

What I am getting at is perhaps someone ends up will a lot of elder nodes happenstance just cause they were interested in the network first. Then later they go crazy or want to develop their own network and discredit this one. Now they have a bunch of elder nodes and no way for the current new people that are actually into the idea of the SAFE network to democratically say no you are not our overlord and have to listen to us cause we are more people.


#44

If enough initial nodes were “sleeper” nodes (I call them bad actor nodes) and the person was willing to keep them running them yes they could disrupt or even control some sections.

Some thoughts here

  • they need to take control early on or else they will be too diluted with all the new nodes being added over time
  • If done early then we could identify that and perhaps do a restart meaning the person has to be on the ball and restart theirs and hope they could do the same again
  • but any such restart would obviously see the good nodes owners adding as many nodes as possible for the restart and the bad actor is diluted and may not get control of any
  • nodes are relocated as they join, so they cannot target specific sections
  • Maidsafe is most likely to seed the initial network with plenty of nodes.
  • Many of us will be in like Flynn with a lot of nodes also seeding the initial network
  • The initial network will be one that continues through beta release candidate stages to live system, so if a restart is needed then no major dramas since we understand restart is possibly needed anyhow.
    • This makes the attacker need to keep their vaults continuously running as good nodes for a long time (maybe a year or so).
    • The attacker will need to be adding nodes as their %age of elders keeps dropping over the year or so.
    • The cost to the attacker(s) will keep rising while the network is not yet live.

I also consider history. Look at the other networks including but not limited to BTC etc. They (the big players) actually have more reason at the current time for asking/demanding a government to take over BTC. The monetary systems can see the issues and since governments supposedly do their bidding, then why have they not use their power to take over and destroy BTC?

Of course the government runs a lot of Tor nodes, initially it was all theirs and then they needed the public to make it more secure for their spies to communicate over. Remember Tor exists to enable the USA government to give their spies a way to communicate when the only suitable channel is the internet. SO it was in their interest to hand over Tor to the people, but keep running a lot of nodes so it did not collapse.


#45

thanks for such a thoughtful reply. So what I gather is it is possible but expensive. Is it really MORE expensive then if they just had to compete with all nodes? I do see how the time requirement increases the cost of getting specific nodes that have control. To me it sounds like what’s better: one knight on horseback or 100 peasants with pitchforks?


#46

And also like if the attackers take control then a revolution takes places and we kick out the bad nodes and start again till its all too large for any state actor to take anything over. That of course is one worse case scenario and history suggests it doesn’t happen for so many reasons.


#47

well the minimum requirement should be that setting up a corrupt governance is not directly profitable though the ability to print money… but really that doesn’t preclude indirect profits like a rival network fighting for the brand name spot, or just pure dickheads that break things. It sounds like this is an experiment to see if trusting older peers is giving us better defense and making the threshold higher or if the original PoW for all approach has not been improved and its back to the drawing board. I think you are right though, if an obvious corrupt governace emerged the honest people would just “fork” or start fresh.


#48

What would be probable attack courses/reasons?

Attackers could try to shut down the whole network. Doesn’t make a lot of sense. As long as we have internet access, we can restart. Maybe country firewalls can block most SAFE traffic, but Maidsafe put a lot of effort into circumventing such limitations; let’s hope it’s enough. Signal has serious problems with some countries since Google and Amazon went against their domain fronting, but that’s a completely different technology.

More interesting would be to try to get at data / coins. Attackers would need to control the majority of nodes at least within a region, if I understood right. And then there’s still a lot of good encryption. Can it resist the computing power of some government agencies?

Would it be possible to use a modified version of the code to run (a lot of) nodes that seem to play completely fair but collect meaningful data (contents, coins, metadata)? Or to control the routing/locating of nodes? I guess by manipulating the “random” location of nodes, you can create a network/region, where you can “see” enough data to get complete files and try to decrypt them.

While this thread is mostly about setting up and running malicious nodes, I guess there’s a probability that crackers (state agencies etc.) can steal / take over identities over the usual channels (trojans, keyloggers…). Of course they would need to take over a lot of “important” nodes – maybe by bribing/blackmailing Maidsafe admins?

If “they” wanted to get just my data, they would try to corrupt my computer or my vault node in a data center, not the whole network, because that would be inefficient. But if, say, some groups of “freedom fighters” would use the SAFE network for their communication, a state agency might decide it’s worth the effort to take over the majority of nodes by all possible means in a still small network… I don’t think 2/3 of all nodes would be out of reach.


#49

Requires >67% of nodes in a section, to just control one section and the relocation of nodes done by that section.

Coins require 2 section to conclude RFC still to be done for this.

Its not a region, but a lot of the whole since the chunks are sent to locations according to the XOR address generated by self encryption on the client’s computer.

Encryption to be used is quantum resistant and take quantum computers an insane amount of time. Now 40 years into quantum computing development the quantum physicists still say there are still numerous parts of the whole to solve before quantum computing is a viable product. Another 40 years? Anyhow by the time quantum computing is usable the encryption methods will have well outgrown quantum’s ability. Well actually today we can encrypt quantum safe.

And one reason we want SAFE world wide.

Also if that was feasible then they would do it with Tor, but they don’t. There are better methods.