Hello community!
May 18 in the Moscow park Tsaritsyno .
This article provides a transcript from the scene: we discussed the long-term plans for the development of the Medium network, the need for HTTPS for eepsites when using the Medium network, deploying a social network inside the I2P network, and much more.
All the most interesting is under the cut.
1) This is a longread.
2) This is an open discussion: you can join the discussion in the comments of the post.
3) Participant names have been shortened for privacy and readability.
• •
MP: Today we want to raise important issues regarding networking - long-term plans and the like. Here, we have already started a little, looking ahead, discussion, and stopped at the problem of dissidents. Some were concerned about the negative criticism in the comments, they say, bad uncles will come and tie everyone up.
In order for some provocateurs to get into the conference and start provoking, we need to do something illegal - and we even have legal acts that exist - we deploy Wi-Fi points - firstly, we are not legal entities , secondly, we do not give access to the Internet - only I2P.
On the agenda, what issues have we raised: firstly, is it Yggdrasil, which does not give us rest day or night, right?
W.: The legal part...
MP: The legal component is, of course, yes - now the comrade will catch up, we will discuss. Further - we also wanted to discuss the social network - it is half dead, half dead ...
W.: Can we raise HumHub in Yggdrasil?
MP: In fact yes. But why raise - when we can just give access?
W.: Not so bad.
MP: That is, the issue is very acute about transport - I2P is slow and the concept of a network at the protocol level does not imply that it will be very fast. This is fine. From the point of view of a simple user, this, of course, is not good.
M. S .: More than. In general, by the way, a question about points: let's say, nodes can be set in some specific places, which work all the time - do you do that?
MP: Well, in general, yes: in our country, in fact, "Medium" is a decentralized provider, where each operator with its own points is its own ISP, i.e. provider.
M. S .: Your own provider.
MP: Yes: your own provider. That is, independent, decentralized and sovereign.
M. S .: And what about those who will not be constantly online - will they enter, exit? One way or another, the nearest nodes will all be connected and there is such a thing as a public peer.
MP: No, the fact is that we mark such nodes as semi-available, and there is nothing wrong with that, in fact: just a plate will be yellow instead of green.
M. S .: No, well, in terms of speed - not everyone will be worried about a permanent connection.
MP: In fact yes. But this approach is problematic in that it is impossible to guarantee the authenticity of all points, that they will act in the same way. Someone can act according to their own rules somehow there.
M. S .: This is hardware specific...
MP: This is the specificity of any decentralized networks in general. Basically. It’s not even about the equipment, but about the operators - well, he didn’t like something, he started to block.
Because of the authenticity of these points, that is, that they are all configured in the same way, the safety of users depends on us. Not all are such hacker geniuses who understand why it is impossible, for example, without HTTPS in the I2P network to enter passwords when you connect via "Medium"; that is, by default, as it were, it is safe, but if you go through "Medium", then ...
W.: We will see your passwords!
MP: Yes. You have to take these precautions.
W.: So, for the sake of safety, please make long, incomprehensible passwords!
MP: And, no, the problem is that this will not save you from comrade major - I mean that we believe that each “Medium” point is compromised by default and comrade major sits behind it.
You can’t go to the I2P network without HTTPS because all the data that is between the communication node, that is, the router, and the subscriber, they are already transmitted in decrypted form, this is not safe. That is, from this position, any such use should be stopped.
M. S. More about points that can not be directly at home or in the country; points that could be connected to a certain power source and placed in some park area, because, at the moment, we need some kind of coverage anyway ...
W.: Voluntarily-compulsorily put with friends and relatives.
M. S .: Have you ever drawn a rough plan on paper, what does it look like? Or has everything just been discussed so far?
MP: In general, in theory, we did not even have such a question as to take paper and draw. What to draw? With us, everything is prosaic and openly understandable.
MP: Well, in general, "Medium" would be correctly compared with a benign cancerous tumor, that is, as long as it is small, it is not visible and it has not given up to anyone. When there is a lot of it, what can be done here?
M. S .: Regarding the experience of controlling communication, we all understand that one way or another there are people who want to control absolutely everything.
MP: There is such a dissonance: in a centralized state - decentralized networks.
M. S .: And to the question that the Internet was promoted by individuals in the beginning, so we don't have such a rigmarole as in China.
MP: Well, you should not compare with China for one reason: the percentage of people who know English there is very small. Why do they need another Internet? They have nothing to do with it at all.
I spoke with one Chinese, everything is calm.
M. S .: No, you need to understand in which places people are ready to enter the gray zone ...
MP: Somehow to find out the border of these vague moments ...
M. S .: Putting an end to the side of the FSB is a direct provocation, you shouldn't do that.
If, roughly speaking, you put a router somewhere in the field, which will distribute something - well, okay.
There is no need to be provocative. That's all.
MP: I completely agree about the provocation.
W.: There are so many of these now.
MP: That is, our position is to maintain neutrality, calmness ... And not to cross the border, let's say so. And that's it.
We are not going to organize some kind of NGO - everything is based on a voluntary basis. In fact, "Medium" is just the name of the point. SSID. Nothing is monetized.
If the state starts terrorizing users, this is already a question for the authorities, and not for users.
W.: We are too paranoid that the authorities will be interested.
M. S .: We still download from torrents, we watch pirated movies, TV shows, it doesn't matter. We don't give a damn. And as soon as someone thinks about making the social network decentralized, suddenly, from somewhere, a conversation about a sudden danger begins.
MP: The risks are too exaggerated.
M. S .: Therefore, I don’t know how expedient it is to worry at all ... Nobody will tear the fifth point in order to reach out to some enthusiast who just does something for fun.
MP: If we do not write the apartment number, then of course!
M. S .: No, why? The question is why?
MP: We won't.
M. S .: "VKontakte" at the moment there is a huge number of fairly radical groups. Question: how many of them are closed per day?
W.: All these here, again, topical, - fuel for paranoia, - imprisonment for a repost - they are made on denunciations.
MP: And they are not even made selectively - just randomly: hop! And that's it: to fulfill the plan.
M. S .: Who is supposed to sit in a decentralized little project that is interesting to people in uniform who are very conservative in their thinking? This may be of interest to some specialists, but how many similar projects still exist?
MP: Of course, take the same Yggdrasil, Hyperboria ...
W.: We don't really install Linux.
M. S .: And once again: there is no reward for capturing such people who are quite useless for their work. I mean, what do they get out of it?
MP: Well, what if, for example, we take the story of Bogatov, a mathematician?
M. S .: The story with Bogatov is a story when a comrade, let's say, yes: he put a knot, someone threatened someone through it ...
MP: Well, everything is clear here - he took all these risks ...
M. S .: Yes. Firstly, he took risks, and secondly, excuse me, there really was such a resonant contraption. Once again: who here and now will do something through this grid?
Now only those who are exclusively interested in this project as in a project will come to it: not in order to implement something or negotiate the supply of drugs, to kill someone ...
The bottom line is that if it ever becomes important to someone, it will happen when a critical mass is accumulated. And it is not a fact that it will be accumulated.
MP: Even if it were interesting to politicians who, let's be honest, do not really understand the principles of the functioning of the global network ...
M. S .: Oh, and this is a completely separate topic ... What are encryption keys? Encryption keys are, first of all, trust. This is the level of people who speak out on the subject of encryption keys. They approach a person who was reading something from the podium about the need for encryption keys - like a specialist - they approach him and ask: what are encryption keys? He replies that it is necessary to ask the experts, although he seems to be the specialist there.
MP: That is, the most important thing for them is that the end justifies the means. But here you can give many examples: some cannot even answer what IP is - Internet Protocol.
MP: I now propose to discuss transport. So we had I2P and we have Yggdrasil. There is an option to put Yggdrasil instead of I2P.
W.: The option is good.
MP: Need comments. Why? There must be some compelling argument.
W.: Yggdrasil will be faster.
MP: And just for that? But to calculate the participants is much easier. Encryption is there, of course, right out of the box - this is, of course, good, but not like in I2P.
I2P is bad: it's slow. But! In any book on cryptography, whichever you open, they will broadcast to you from the first pages - choose: either fast or safe. From this position, I2P succeeds, despite the voices of people who say: “No, we will not use this, there is nothing at all.” Well, why not? Here, we raised HumHub.
That is, here again we have to choose: what do we prefer - Yggdrasil is good when there are many points and traffic does not go through the Internet - but between the points themselves.
MP: The stumbling block for us is either speed or safety. What do we want? There is a problem here, you understand: the connection channel between the “Medium” subscriber and the I2P point is not secure. That is, we need the resources that we provide to be already with HTTPS - that is, the transport layer of security. Because the traffic is decrypted on the I2P router at the telecom operator and transmitted over an insecure channel to us.
The question is how to protect potential users: the simplest radical solution is to raise a resource park - a forum, an imageboard, a social network. network and tie them all to HTTPS.
W.: You can even connect any messenger.
MP: Or, of course, you can already think of something with a messenger that would work in overlay mode on top of I2P.
M. S .: In any case, if we are talking about instant messengers at all, there is mostly text there ... In terms of speed, it’s normal.
MP: In general, there is such a question - I want to bring it up for discussion - it is possible to raise not only a transparent web proxy for web services, but also some other service for exchanging files, at one “Medium” point, stuff like that.
I'm exaggerating to make the point clear. So that he triggers some ports for file exchange, some - for a web proxy. And chat or some messenger. Trigger some ports on the messenger and everything will be fine.
MP: We need to discuss the rules of conduct on the network. Digital hygiene. To bring ordinary people up to date - why, for example, you can’t send your passwords through Medium if you access the site without HTTPS.
M. S .: The bottom line is that people who don’t understand that you can’t send passwords through, say, VK, you can’t send them through chat, and that’s all ...
MP: No, actually, I was talking about something else: I mean, not even giving passwords to anyone, not at all: I'm talking about something else. In "Medium" the situation is indicated a little differently: this is exactly the same reason why in Tor it is impossible, roughly speaking, to enter your password on insecure sites.
Usually, users are unaware that if you are sitting through your I2P router without connecting to Medium, then there is no problem - your traffic is encrypted, you do not need to be afraid for your data. But when you use "Medium", you must first of all assume that this point has already been compromised by Comrade Major. Comrade Major is sitting there and listening to everything you say to him.
When you enter a password, what happens: your password is transmitted through an insecure channel from you to Comrade Major's router, and only after that it enters the I2P network. Comrade Major can listen. All other nodes are transit nodes - no. That's the problem.
I can just explain briefly with a very simple example, very accessible, how asymmetric cryptography works and why "Medium" as a transport is more than suitable.
Here, imagine that we have one comrade from Moscow and one comrade from Australia. One of them needs to send a package with a million dollars to Australia. He does not want to do it through Sberbank, since the commission will be large.
M. S .: So he sends it by courier.
MP: Yes: that's why he sends the suitcase directly with the money immediately by courier. I take and cling the lock to the suitcase. We agree that we cannot open the lock.
We hand over the suitcase to the courier. The courier carries the suitcase to our friend from Australia. A friend from Australia is perplexed: “How will I open the suitcase? I do not have a key!"
I ask him to put his lock on the suitcase and send it back to me. The courier is perplexed, but the suitcase returns. I take off my lock. A friend's lock remains on the suitcase. I'm sending a suitcase to Australia. Comrade removes his lock.
Sleight of hand and no fraud.
M. S .: Well, in general, the setting of how much we lock ourselves from other locks should be balanced. She doesn't have to be smart.
MP: Have some definite boundaries.
M. S .: The biggest security hole will always sit in front of the monitor, behind the keyboard... Until the level of the guys who sit at the computer is raised, we will not be able to completely secure the use of this network.
MP: We basically just need to slowly raise more sites to I2P that support HTTPS. I advocate that HTTPS in I2P is just for transport layer security.
• • •
Channel in Telegram:
Source: www.habr.com