
"The Darknet Plan" Subreddit dedicated to creating a decentralized VPN - barredo
http://www.reddit.com/r/darknetplan/
======
drewcrawford
Sorry for the long comment. I've been involved in several "anonymous data
routing" projects ranging from wireless mesh networks to route-over-internet
to sneakernet projects, in areas where authorities opposed deployments either
moderately (vandalism / hacking the network) or severely (you get shot).

The tl;dr is that security/anonymity is hard and it comes at the cost of:
money, speed, configuration, user experience. Only in really rare
circumstances (oppressive regime or similar) will people choose to use a
system that costs more, is slower, and requires programming experience to
configure and install.

As I understand it, their plan is to build a wireless mesh network, which
sounds great, but it flat-out isn't feasible for this scale. Unless things
have changed significantly since I was working with mesh, the cost to route a
packet across a largish , dense (best-case) city is millions of times more
expensive than the existing infrastructure, and dozens or hundreds of times
slower. __maybe __you could do a little bit better using non-FCC-licensed
tech, but obviously the FCC won't like that, and now you're way outside what
Newegg will ship to your door to hack with.

Cost and speed are irrelevant if the mesh network is competing against no
internet or shoot-you-in-the-head-if-you-read-bbc internet. If it's competing
against Comcast 20Mbit, though, it's dead in the water.

If you insist on not relying on the existing infrastructure a much better
approach would just be to run cable everywhere; that's worked out great in
developing countries. But here you have zoning boards and HOAs and such, so
good luck. Successful projects in developed countries are generally
neighborhoods or municipalities, and even then, good luck.

The next option is a sneakernet; physical geographical dispersion of flash
drives or similar; routing software to instruct people to physically move
packets along routes; mail can be used for longer routes. They're cheap to
build: flash drives and lockboxes cost nothing, they can be totally invisible
to others. The bandwidth rivals current fiber installations; I've built
sneakernets that routinely move 50TB per day. The trouble is latency, nobody
wants to wait a week for their packet to arrive. If the incentives are there
(get in big trouble for accessing certain information), it can work, but you
have to offer a COMPELLING reason for a user to routinely walk away from the
computer and route a packet.

If you don't like any of those, you're stuck with something like
tor/WASTE/I2P2, i.e. leveraging the existing infrastructure. Even then,
ordinary people are never going to use any of those projects, the pressure
isn't there.

The only thing I can imagine that would be feasible on a wide scale in the US
(barring a huge Orwellian apocalypse that would make the Patriot Act look like
a birthday present) would be along the lines of replacing DNS and using HTTPS
more. But people have been trying to do that for ages. You or I with the
benefit of hindsight can sit down and write a better DNS in ten minutes. In
fact, lots of people have, but we still use DNS and HTTP just the same. That's
because a more-secure internet isn't _at all_ a matter of technical will--just
a matter of _will_.

~~~
pnathan
I hadn't heard of practical sneakernets before. Is there information on the
general web about them?

------
thaumaturgy
The same comment I leave every time this subject comes up again somewhere:
it's already been built, it already has lots of users, it's already secure and
anonymous: <http://www.i2p2.de/>

~~~
tectonic
How does it compare to Tor?

~~~
tomp
This was my question exactly...

From what I understand, Tor is an anonymizing service for web browsing (and
other web activities). I2P is an anonymizing layer above the regular internet.
I.e., you can use Tor to view pages/use services on the regular internet,
while with I2P you can only use services that are part of I2P. On the other
hand, I2P is less vulnerable - it is fully decentralized & distributed, with
everyone being an equal peer in the network, while Tor relies on exit nodes to
function, and normal clients don't help the network at all.

See: <http://www.i2p2.de/faq.html#outproxy>
<http://www.i2p2.de/how_networkcomparisons>

~~~
vonSeckendorff
I've never used I2P, but Tor also has hidden services, which can only be
accessed through the network and do not require exit nodes. I imagine both Tor
and I2P use similar routing schemes to achieve "anonymity".
<http://www.torproject.org/docs/hidden-services.html.en>

I am not too trusting of the architecture though, since there has been (at
least) one significant practical break before. Also the hidden services are
susceptible to DoS, despite the claims that to DoS one node you have to DoS
the entire network.

------
MostAwesomeDude
The big question, as usual: Can it be filtered?

