TODO: attacks on higher level code e.g. FMS (Frost history, CAPTCHAs etc)

We are mostly interested in protecting inserters, not requesters.

Freenet does not currently use tunnels or preinsert/reveal. This is intended in future.

So it is possible to do a correlation attack: Identify what your peers are doing by recognizing blocks as being part of a splitfile, or forum posts by the same person, etc. This can be done after the fact, e.g. after the insert has been announced, from logs.

As far as tracing goes, the other major attack basis is to see lots of requests for blocks you can identify, and deduce where on the keyspace the originator might have been. This gives a range for each request. These can be correlated to give an approximate location of the inserter. Hence you try to get closer to the attacker. This is the Mobile Attacker Source Tracing attack. On Opennet, getting closer to the target can be done via path folding or announcing. On Darknet it's one hop at a time, social engineering or compromising computers.

MAST and some other attacks rely on being able to announce to a chosen target location.

MAST and other "real time" attacks rely on being able to identify blocks when you see them, not after the fact. Hence we insert bulk data as CHKs with random encryption keys, so if the user doesn't do stupid things, the attacker only gets samples for the predictable top block (SSK) (of a file or a freesite upload), and chat posts (again SSK).

Opennet can be harvested, because it constantly exchanges references in path folding. Hence it is possible to identify all, or most, nodes fairly quickly. This is "harvesting"; these can then be blocked by IP. Even worse, bootstrapping onto opennet relies on a limited set of seednodes. Even if we try to only give out a limited set to each user (CAPTCHA or IP), it will be possible to find all of them fairly easily.

It may be possible to block the protocol. Stego will help with this. Traffic flow analysis can identify even stego'ed darknet connections, but may produce false positives and/or be relatively costly and/or produce collateral damage (e.g. blocking other non-targeted p2p services, such as Skype).

Worst-case, blocking all peer-to-peer traffic (customer-IP-space to customer-IP-space) could be fairly effective (some collateral damage).

IMHO this isn't very useful most of the time. It's better to find the originator. However it is still a legitimate concern since documents depend on the top block. One partial solution is some sort of multi-location healable keys. Plus, mostly, finding the nodes holding the data involves causing it to propagate; early work showed that at least on opennet it's thus not very useful.

• Correlation attack. (Identify what your peers are doing; Assumed to be irrelevant, except as a component of the below: Spying on your direct peers is something we don't want to deal with)

• Mobile attacker source tracing. (Tracing mostly on opennet)

• Targeted announcement. (Important component of MAST and other attacks; get to a target location quickly in order to surveil them or censor by taking out the target node)

• Connecting to every node. (Tracing mostly on opennet; assumed to be expensive, unfortunately this appears not to be the case)

• Overwhelming every node. (Tracing mostly on opennet; more expensive; works even with enhanced insert protection and tunneling)

• Controlling the keyspace. (Good even against tunneling; good for censorship)

• Traffic flow analysis for blocking. (Blocking opennet and darknet)

• Traffic analysis for tracing. (Need internal attackers as well; with some work for bulk transfers we can make this hard on a single block level, but it's easier if traffic is identifiable in real time as can follow multiple blocks)

• Harvesting + blocking. (Blocking opennet)

• Blocking seednodes. (Blocking opennet)

• DoS against seednodes.

• Blocking protocol. (Blocking opennet and darknet; some possibilities for stego)

• DoS against individual nodes.

• Taking out or compromising individual nodes.

• Controlling the keyspace.

• Flooding a node's datastore to flush out specific content. (expensive)