What are the potential weaknesses of the maidsafe network?


#1

I was telling a friend about maidsafe and how ‘it could not be stopped’ by any governing power but he asked me a question and got me thinking. Is there a potential way that a government could force ISP’s to ban all cryptographic information from passing through the internet (possibly even giving licenses for companies/individuals to encrypt!)? Are there any other weakness or things which could potentially endanger the maidsafe project?


#2

In the EU there is actually a mandate for companies to use encryption etc. when dealing with data. It would be very difficult to ban it. The other issue is that it is very hard to tell what’s encrypted sometimes, so could be binary data or an encrypted stream. Our encryption has no signature that is identifiable AFAIK (always the Engineer, never say impossible :slight_smile: )

In any case this would not be a concern I feel.


#3

Encryption is always identifiable. Entropy does show up and it’s very difficult to hide it.

So it’s likely governments will see it but they probably won’t respond to it by trying to shut the network down. They try to shut it down and it becomes less visible.


#4

Good point, I had typed to quickly there I think. Its an interesting area to look into granted. Entropy infinity and true random are the basis of many of our debates nobody wins :smile: Yes there are mechanisms to do entropy analysis, I do wish there was more actually with the prng stuff recently with Intel etc. would be nice. But for basic stream evaluation then we can detect high levels of entropy and make some guesses.

Good catch


#5

So is it theoretically possible to ban encryption? Whilst it may seem outlandish (and unlawful) in the EU for there to be a ban on encryption on the internet, I’d imagine that governments who rely on ‘controlling the message’ (not to mention monopolising the currency) in order retain control would be motivated to take any action necessary to remain in power.

I’d conjecture that the surge in adoption of maidsafe will primarily take place in geographies where privacy is not just a right but also the difference between life and death. I hope that damaging/restricting the network is difficult (to the point of being impossible) so that those who live under oppressive regimes can have a breath of air without anyone knowing :smile:


#6

This is my own personal philosophy… it may sound extreme.
There is an endless struggle between two dominant groups.

  1. Those who claim authority.
  2. Those who rebel against it.

Regardless of the ideology, the only time a feud stops is when one side gives up, compromises, or is exterminated. This generally applies to all manner of conflicts. Some end up in bloodshed and some end up with a paradigm shift.

I am very optimistic this current technological movement will result in a paradigm shift rather than bloodshed. But I doubt either side will come out unscathed.

To answer your question, there will be attempts to stop/slow the movement. We (Project SAFE) are lucky to have Bitcoin in the front line, dealing with US laws and other countries. Eventually their attention will turn to us and other projects as well. Each time they put up a road block, we will build around it. Each time they create propaganda we will inform, educate and inspire. Every weakness exploited will be patched and reinforced.

I cannot predict the future but this is happening regardless of any one project or person. Others projects are already springing up because there seems to be a fundamental “growing” desire in the world for technological freedom.


#7

@Luke

To me the best security its to reach a threshold for change by making all their damaging options impractical.

Take Comcast, its an obvious belligerent and it shouldn’t be able to profit from its aggression and contempt of the public. Its share holders should get precedent setting feed back that will shape future behavior but only locking Comcast and similar actors out of aggressive options will solve the problem. Introducing open ethical and still lawful technologies that effectively cut and burn all the cords is practical and expedient but time is running out. The opposition like Comcast is very clearly aimed at information enclosure and censorship and revelations about domestic spying continuing were just warning shots.


#8

the biggest challenge is this project put too much focus on pricacy but ignore how to connect people together…People want faciliate want conviniece at same time people have to give up some part of their privacy for the connectivity…


#9

I don’t think so. Privacy needs to be the bedrock starting place and then as fine grained control over any reduction as possible all absolutely always in the end users hands.


#10

I agree, but add one more category:

Those who make authority irrelevant.


#11

@Luke Encryption cannot be banned but they can create a chilling effect so that no one would want to be caught using it. If everyone associated with encryption or detected using it are put on a classified terrorist list then somehow that list were to leak out then people might not want to use encryption anymore out of fear of what happens to people on the list.

So psychological effects are the only way to stop people from using encryption. Encryption is too wide spread to ban without banning all communications. In warfare the first thing an enemy will seek to do is cut off your communications because by doing that you cannot communicate with any of your allies or your own army to report whats going on.

Encryption vs decryption is actually just a pendulum which serves the purposes of different agencies. For example for counter intelligence programs or internal security services they are terrified of encryption because they want to be sure that it’s not some plot to overthrow their regime funded by an enemy government.

So they hire the best code breakers and try to put everything under surveillance for national security. In this case it’s legitimate use of surveillance because it prevents a civil war. In countries which have weak counter intelligence services you see civil wars break out because other countries exploit the fact that they cannot crack the best codes.

The NSA tried to put export restrictions on encryption treating it as a munition because they know it’s impossible to brute force even the simple encryption algorithms. The NSA uses surveillance which is a side channel attack to break any encryption.

The point here is that even if encryption were banned it would be used. It’s not theoretically possible to ban encryption because trying to do that could cause a war as then it’s harder to gather genuine intelligence on either side of the conflict. The Internet was invented to guarantee that communications would always be able to flow even during a global nuclear war but you could also say radio was capable of the same thing to a certain extent only it was easy to triangulate where a signal came from and jam it.

SAFE Network takes things to the logical conclusion. Now we can have a decentralized autonomous network which doesn’t have a specific government controlling it. The United States is currently in control of the Internet and this would have been fine if the United States wasn’t as corrupt as all other countries. Evidence of this corruption is the fact that the United States doesn’t just seek to use the Internet like everyone else but to try to control the structure and design of it so that it functions in favor of their political interests. Now we have the eroding of network neutrality which in my opinion is reason enough to get behind something like SAFE Network because it proves the United States has decided to put the politics and corporate profits ahead of the long term strategic or national security considerations (SAFE Network if done right would provide greater resiliency, would be harder to shut down, and in a nuclear holocaust or global crisis emergency responders would be better off with SAFE Network).

Marketing for SAFE Network has to shift in my opinion away from political marketing (Snowden, 1%vs99%, privacy, etc) and shift towards a smarter marketing campaign which targets different demographics with the benefits and features relevant to them.

Journalists can benefit from information confidentiality offered by SAFE Network because it protects their sources from being possibly murdered or arrested. Law enforcement could benefit from the SAFE Network because it would protect their informants from being possibly murdered. So you have entire demographics of people who you wouldn’t commonly associated with this technology who would be the people to market it to.

Then you have to reach other people with different campaigns. For example for the average person who isn’t into law enforcement, or a journalist, you can market it to these people by focusing on the fact that it has a better cost to performance ratio than anything else. Compare it dollar for dollar to Dropbox and other similar technologies and show them how they can save money. People who don’t have any money such as college students should be shown how they can make money supporting SAFE Network.

And when you appeal to college students trying to make money from farming you have to adjust your material and the software so that it supports their concepts of good and evil. SAFE Network has to appeal to the morality of each demographic and their morality might not be the same as yours. There will have to be decentralized apps which appeal to all these different demographics and we should probably try to identify and list the demographics in advance.

I suggest more market research. Who exactly are we supposed to be marketing this technology to? What are the ways people can be expected to use SAFE Network? What sort of apps will they need? If you’re concerned about crime then what sort of apps do you need?

I suggest MaidSafe put a survey up on their website to collect the necessary demographic information. I also suggest that SAFE Network members each independently conduct their own market research and report back to the community in the form of a newsletter or something similar.

If people really do fear that SAFE Network will make them insecure then this is a marketing problem. It’s our job to show them that SAFE Network would actually make them more secure but from within the context and restrictions of their demographics value system.


#12

This is exactly right. And the MaidSafe team would know this if they conducted more market research. Since they have the money they should at least find someone who can focus on market research full time just to determine what the average Internet user wants and how to appeal to them in a way which makes sense to them.

Social networking is something that users want. We should know this if we look at the success of Facebook. But the users are dis-empowered by Facebook as their content/data is harvested and sold.

SAFE Network has to put the user in the drivers seat. It’s true that users aren’t really concerned all that much about privacy or the NSA but the users don’t necessarily have any loyalty to Facebook or the business models which rely on ads and data exploitation. If you focus on bringing maximum value and empowerment to users then you’ll have no problem reaching the masses.

But once again there has to be a full time person who does nothing but market research. SAFE Network is trying to build an entirely new Internet and we don’t even have information all in one place about the different demographics that make up the majority of users of the old Internet? How do users spend their time and what do they complain about?

@dyamanaka

This is my own personal philosophy… it may sound extreme.
There is an endless struggle between two dominant groups.

Those who claim authority.
Those who rebel against it.

There is a struggle between encryption and code cracking. Both sides of this struggle believe they do it in the interest of security.

People who create authority do it believing that it is the only way to produce security. In some circumstances they are right but in other situations you don’t need their authority yet they don’t want to let go because they make money providing it.

Authority is necessary in situations where a decision has to be made quickly. So you have a chain of command where it goes up the chain to a commander who makes the ultimate decision. This actually works best when you’re dealing with scarce resources or for conventional warfare.

In cyberspace you’ve got digital resources which can be copied. You have no need for centralized authority. Authority can be decentralized and the process itself becomes more important than who is in charge.

Typically the human being makes the mistake rather than the computer. You can design computers which are more secure than any person can be so at that point the human beings should remove themselves from authority and let automation take over. There is resistance to that because people still think it’s a good idea to trust other people even when the technology makes it unnecessary.

The self driving car is a good example. If you’re going to ride in a taxi would you rather ride in a taxi which is unmanned, which uses a mobile communications network combined with GPS to navigate in a way which makes crashes impossible or would you prefer to let humans drive you around?

The statistics are clear that humans in the driver’s seat is the cause of car accidents. Drunk human beings get behind the wheel and create an accident. In the best case everyone lives but traffic is congested. In the worst case people who were completely responsible end up dead because of a drunk driver.


#13

Points on attacking encryption and creating stigma hold but enough people know that any kind of online money transaction or banking is dependent on it. And I think they get that encryption and decryption go together.

I’ve wondered from a marketing standpoint if it isn’t possible to re-contextualize by accelerating people’s expectations with claims about the inevitable. We might say look, the telecom model and the cable model are at best temporary so why not skip them. We might say can you imagine the basic employment model continuing a thousand years from now? So why not drop it now. Its kind of a excluded middle fallacy. But it might break dissonance.

I heard RSA found an encryption process that in principle was not amenable to any amount of brute force decryption. That got people upset, but if it were practical to use then use it and not support for instance the game the NSA likes to play with weaker keys that it will have a temporary window on. Why bet on the ghost in the machine alone (MaidSafe on telecom/cable,) but rather give the tangible proof of the cord being cut with Maidsafe powered wireless mesh box replacements for the internet as physical infrastructure for mass consumer adoption.


#14

@hjyuan1986 I agree with you, except in the implication that SAFE is misguided over privacy.

Privacy is SAFE’s unique selling point, and it’s the bedrock of a new internet that can deliver private uncensored sharing and communications, as a platform on which all the things users want to do can be built.

It enables all the things people want to do, with the added feature of security from spying and censorship, rather than only begging about security from spying and censorship.

It is up to MaidSafe and it’s community to get the bedrock security in place, and then for everyone to build what people want to use on top. Get to it! :slight_smile:


#15

That fight was over long ago and there’s no going back. Encryption is the basis upon which ALL electronic commerce depends. Without it no e-commerce could occur. So the presence of encrypted traffic would be pretty impossible to restrain.

When the government finally abandoned trying to squelch encryption, it instead focused on anonymity as that which could not be allowed to prevail. And they’ve done a pretty good job on that score. THAT is the step that the SAFE network makes that is such an advance, plus the other aspects of uncensorability, etc.

(As to the thread topic, the main weakness I see is attempts to overwhelm the network with trash by bad actors near launch, via bots, etc.)


#16

So how likely/feasible is such an attack, what would such an attack look like (i.e. how would it work), and how does the increase in the size of the network protect it from ‘bad actors’?


#17

When the network is small it is easier (less resources needed) to overwhelm it - this requires around 75% of nodes to be controlled by a bad actor, so as the network grows obtaining 75% is harder and harder. On bitcoin’s blockchain the equivalent threshold is 50%.

As to what it looks like, there is no one picture. Lots of VMs on a cloud service, lots of bots on a botnet… etc.