a reply to: Kandinsky
That is why I like you K. Always questioning everything.
Every system that purports to be secure has to worry about someone somewhere
Meshnet is designed to connect the "leaves
" of the
. So there is no
"upstream" connection. Meaning if I wanted to send a message to a friend who lives a town over. I would hop over my neighbors wifi, their wifi would
connect to their neighbors wifi, and so on and so forth till we got to the destination. No ISP necessary.
This introduces privacy problems as you point out, but it makes it extremely difficult to monitor because the eavesdropper would have get directly
between the points—which aren't static—to listen. This is really hard when you consider the data can take any number of weird hops (imagine how
this works if you were driving) to get to its final destination.
Centralized technologies like SMS can still be used in such a system. All an attacker could deduce is, "Someone somewhere in this geographic region
relayed a message to someone else." This is similar to how Tor work, but provides stronger protection because upstream communication isn't necessary
unless the gap between two locations is too great.
So, for example, imagine data originates in Redmond, WA and is destined for Poland. First, it might bang around to Seattle through local wifis, hop to
Portland, then get on the Intermedia OC3
, hop down to Salt Lake City, bang around through a couple of local wifis using Meshnet to Denver, get back on
Qwest Lit Fiber line
to get to Albany, from there a
radio transmitter sends the data to the Boston hub, and then uses one of
to hop around the Paris
wifi network through the rest of Europe using only edge nodes to finally reach Poland. In that case even if someone was listening. They would have
absolutely no idea where the data originated.
To track someone down would require traveling around with a radio antenna to snoop on the local wifis. Kind of like how Mitnick got caught. Or
correlating enough entries and exits across the backbone to get a general sense of the direction of the packet (but this could be faked to generate
The only problem is if the sender mistakenly broadcasts information in the clear about himself. It would make it easy for the eavesdropper to figure
out who they are dealing with, but at least their location would be obscured. One solution to prevent identifiable data leakage is to bake in
. We did something like this at Microsoft to make it
hard for people to reverse engineer the software running on the 360.
the question crosses my mind about how those two parties come to agree to share an encrypted line of communication?
Good privacy requires strong point-to-point encryption. RSA was great for key management purposes, but now we have to be more careful. I foresee
people using IPSEC on Meshnet. This adds overhead, but it would make it extremely difficult for anyone to snoop. Hybrid cryptosystems, like PGP, are
still reliable. So that is probably the way it'll end up heading.
edit on 2014-7-5 by Xtraeme because: (no reason given)