Node harvesting

In the simplest possible terms: If you connect a node to an OpenNet, you will have a few initial nodes in the SeedNodes file. These are not enough for good performance; your node will automatically find more nodes from the nodes you already have. The problem is, an attacker can also put a node on the network, and identify nodes in the same way. Once he has found all the nodes on that particular Freenet network, he can attack them or block them, for example on the national firewall. DarkNet is immune to harvesting because all connections are fixed, between hopefully trusted peers, added manually via invitations.

All nodes on 0.5 are opennet. 0.7 will support both OpenNet and DarkNet. Right now it only supports DarkNet.

In more detail: Every time your node does a successful request on OpenNet, the node which is the source of the data will include its own node reference on the StoreData message. This may be reset by other nodes along the chain, with a low probability. Your node will then, if it needs more nodes, or at random, connect to that node. This process establishes and constructs a small-world topology for the network.

An attacker can then simply keep a list of all the node references he has seen in response to requests - either requests originated by him or requests which he has relayed. He can map out the entire network simply by running a node.

To prevent this, freenet needs a big legal main use. Freenet integration to operating systems may create this legal main use.

I2P is even more vulnerable to harvesting than Freenet OpenNet.