
The Darknet Project: netroots activists dream of global mesh network - divy
http://arstechnica.com/open-source/news/2011/11/the-darknet-plan-netroots-activists-dream-of-global-mesh-network.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss
======
giberson
I remember hearing about China usurping 15% of western internet traffic for 18
minutes. This was accomplished by having nodes report as being the next
closest hop in the network path to the packet destination. In a decentralized
darknet project, I imagine such an issue being much more widespread. In fact,
I would imagine a darknet project would actually play in to the hands of the
government. It would be perfectly plausible to infest the darknet with
millions of your own nodes reporting as the next best hops thus inserting
themselves in the middle of all darknet traffic able to analyze data as it
flows through the system. Obviously, a darknet would utilize encryption for
traffic but all bets are off when you potentially have a constant man in the
middle and no centralized authority on trusts. What's worse, and more to the
point of playing into the hands of the government is that a darknet would give
them (the government) a concentrated focus area. If I were to categorize the
percentage of traffic that was "interesting" for regular internet traffic vs.
the percentage of "interesting" traffic of all darknet traffic then I would
imagine the darknet having a much higher ratio of noteworthy to junk traffic.
If I had a limited amount of resources to invest in analyzing and decoding
secure traffic I would obviously point my tools at the most richly dense data
source.

~~~
jxcole
Man in the middle attacks may not work as well as you think. While it is
possible to create false information using this darknet mechanism, it is
possible using things like PGP to ensure that you are getting data from the
same node. Of course, you have to figure out how to set it up right from the
beginning; if someone messes with you before you know what their key is
supposed to be, they can feed you false information.

You might be able to overcome this by using a many-to-many authentication
mechanism. But realistically, what could the government hope to accomplish by
feeding you false information? (this is the only thing they are likely able to
do). Consider:

There is no way to back track traffic and discover who sent the request.

Once you realize a source is feeding false information, you know to never
trust that source again.

It is easy to imagine a decentralized rating system for the quality of
information provided by various keys on the network. Keep in mind you can't
really fake who you are. You are your public key, no one else can publish
under your public key but you.

EDIT: I highly recommend reading the freent paper:
<http://freenetproject.org/papers/ddisrs.pdf>

~~~
sneak
> There is no way to back track traffic and discover who sent the request.

If you control a vast majority of the nodes, this is simply incorrect.

~~~
jxcole
Sort of. The only way to tell if a person made a request is if you control all
the nodes that this person is connected to. If you do not control even one
node that a person is connected to, there is always the possibility that the
request came from this other node, not the real node. This is because the
difference between making a request for something on your behalf and making
the request on someone else's behalf looks exactly the same as far as another
node is concerned.

This is how freenet works. Of course, in freenet there is a time to live
associated with each request so it will die eventually if, for example, the
searched for item is not present on the network at that time. You could figure
out that it's from a particular node by seeing what the time to live is from
that node, but small amounts of random variance in time to live values can
effectively ensure that both requests don't live forever and that it is
suitably difficult to determine the origin of the requesting node.

Now, it is certainly possible with enough concerted effort to find out what a
user is doing with some statistical probability that a user is looking at
something, but you can rarely be absolutely sure.

~~~
aptwebapps
I think 100% certainty that a node is the originator of a request is not
necessary for most purposes. If you are thinking of a court case, then maybe,
but only if there is no corroborative evidence.

And in other situations where people might want to use a darknet (e.g. a
repressive regime) a few false positives aren't going to bother anyone
concerned.

------
conanite
"The US State Department seems to view decentralized darknets as an important
area of research for empowering free expression _abroad_."

(my emphasis). Depressing!

~~~
wmf
To be fair, another interpretation is that darknets are not needed in the US
because you can use the regular Internet for free expression.

~~~
bh42222
Like donating to whistleblowing websites like WikiLeaks.

~~~
jyrkesh
To be fair, that was more of a private business decision on the part of PayPal
than it was a government mandate. But I get what you're saying, and I agree
that internet is not as open, even in the United States, as it could and
should be.

------
mike-cardwell
I can't help but think that projects to overlay a darknet on our existing
Internet infrastructure are several orders of magnitude more likely to
succeed.

~~~
conanite
Overlaying on existing infrastructure is a faster way to get up and running,
but ultimately a darknet that depends on another network is vulnerable to that
network's centralized 'off' button.

~~~
mike-cardwell
This is true. I think it's the only practical approach given current
technology though.

When somebody comes up with a £50 home wifi access point that has a range of a
mile or more inside an urban environment, _that_ is when we'll get a proper
darknet.

~~~
TillE
Why would you need a mile in an _urban_ environment? Trace out a circle with
that radius in Google Earth; it's an absurd range.

The idea is that you have a pretty high density of users. 100 meters would be
more than enough to cross any street and reach several buildings away in any
direction. Even in an American suburb, it'd reach a few houses away. That's a
realistic goal: 100 meters, not 1600.

~~~
mike-cardwell
Because none of my neighbours will have the hardware. And if they don't have
it, I'm not getting it because it's a waste of my time.

If you expand the number of neighbours to all of those that are within a mile
of me, you increase the likelyhood of finding somebody by a large amount. I
would buy kit just because I'd be interested in finding these people.

Chicken/Egg etc

------
law
After reading the article and skimming some posts on their subreddit, I think
the idea generally concerns the capabilities of consumer electronics to
'replicate' the Internet in a completely decentralized fashion. By doing so,
there's no central authority managing your packets, and if you want to visit a
particular node (i.e., to visit a web site), the problem becomes analogous to
the stochastic shortest path problem, which is NP-complete. So, wouldn't this
system require P = NP for it to have any viability at all when factoring in
the effects of latency and downtime?

~~~
joelthelion
Most NP-complete problems can be approximated quickly enough for practical
purposes.

Decentralized routing is a hard problem, but there has been a lot of research
with pretty convincing results. I'm not sure if it scales to the size of the
internet, though.

~~~
law
That's the point, though: I don't know if you can find an 'approximate'
solution to decentralized routing, since you need precision. Do you have any
peer-reviewed articles evidencing these convincing results? I'd be extremely
interested in learning some more about this.

~~~
pyre
Who is the current centralized authority that figures out the shortest routes
today?

~~~
law
Difference in definitions: I read "approximate solution" as an "approximate
route," as in the node choices are approximated (potentially leading to a
wrong final node, or losing packets at a dead end). Instead, finding
approximately the shortest route that doesn't lose packets and gets you to the
correct node would presumably work.

------
rmc
Looks interesting, but it seems to be just a talking shop at the moment,
without any actual goods to show yet.

 _it's hard to imagine that TDP will ever move beyond the conceptual stage.
The group behind the effort is big on ideas but short on technical solutions
for rolling out a practical implementation_

I like the idea of using WiFi as hardware, since it's a technology that's
almost everywhere now.

------
devindotcom
This is interesting. I've been toying with a darknet idea, but it's not going
to mirror the internet. "My" version is limited to plain text and packets no
larger than 1kb, if even that. It'll show up on TechCrunch eventually, but I
want to talk with some people first.

------
peterwwillis
I'd like to note that "the Internet" is a vast, broadly-scoped amalgamation of
routers and different network topologies. They don't use one kind of hardware
or software to manage it all. Any successor or parallel alternative network
should be as (if not more) flexible to achieve it's goals.

I'd also like to suggest that the network be powered purely by standard
Internet client machines and off-the-shelf hardware. Custom software would be
necessary, but it's better to rely on a random guy with a quick installer on a
USB key than custom hardware mesh routers deployed by professional installers.

~~~
saucerful
Lucky for us, the new IEEE 802.11 was ratified in September and includes
(finally) 802.11s for mesh networking. There is support in Linux and FreeBSD
for several of the most popular wireless drivers. The open source router
firmware dd-wrt also supports 11s.

~~~
peterwwillis
That is pretty damn cool, but I think for a serious "alternate Internet" to
succeed, OSI layers 1 & 2 should not matter. An application installed by a
regular user needs to be able to do most of the heavy lifting with most
generic off-the-shelf hardware to get a really decentralized open alternative
to take off like wildfire.

------
stfu
They should do some kickstarter projects around this. I bet they could find a
load of libertarians going all nuts over the idea. Wouldn't mind throwing some
money at it myself.

------
otoburb
It would be pretty interesting if Republic Wireless allowed their phones to
connect to the Darknet. There'd be no technical reason why they wouldn't,
except perhaps they'd need to beef up their cheap Android phones with mesh
protocols to form their own nodes.

(Referenced HN thread that also happens to be on the front page:
<http://news.ycombinator.com/item?id=3208563>)

------
wyck
Here is a comprehensive list of open mesh/protocol links
[http://openmesh.wordpress.com/2011/01/30/a-list-of-open-
sour...](http://openmesh.wordpress.com/2011/01/30/a-list-of-open-source-ad-
hoc-network-and-routing-protocolsplatforms/)

