Content Encryption

[alexc-hollywood]

Would it be possible to store the content being served by peers in encrypted form and decrypted on the fly when it is served?

Potential scenario:

Peers situated in a country that favours censorship are serving up HTTP content over SSL to other clients: transmission is protected over the wire. But what happens in the case where a peer unit (laptop, PC etc - i.e. publishers) are subject to physical seizure by hostile or state actors? For example, A Zeronet site is created to share pictures of the Tiananmen square demonstrations, curated and served by Chinese nodes. Peers are identified by IP, traced through their ISP, and the equipment used to serve the content subsequently confiscated by censors.

In this case, it's highly likely that peers would be incriminated as publishers of material (more severely punishable and increasingly risky), - rather than just viewers - , if identified by IP. The Tiananmen problem given above is provocative enough that even a static JPG could put a peer at risk of a criminal offence in that jurisdiction, and the recording of the IP on the network would be incriminating.

However, if those actors managed to isolate a machine, but were unable to access the locally-stored files being served upon physical seizure, - as they were encrypted - , it would make the process harder to show what they were publishing in the first place (save for being forced to provide their private key). The HTTP server itself would need to decrypt on the fly to serve them out, obviously, but little software exists to do it.

The solution suggested here... http://stackoverflow.com/questions/4418588/webserver-on-the-fly-decrypting

...is the AES provision within G-Wan: http://gwan.com/api#crypto

Or would it be wiser to take a longer-form approach like Protonmail, and serve the material for decryption exclusively on the client, to avoid the possibility of compromising the private key as part of the machine seizure?

Is this a realistically achievable goal that could be included on the software's roadmap at some point?

[ghost]

As I understand it within ZeroNet there aren't really any web servers as we traditionally know them, and instead sites are automatically duplicated and served by anyone who views them. But having data at rest encrypted and only unlocked with a password or key entered into the UI or in a local configuration file isn't a bad idea.

[alxbob]

Encrypting a whole site with a public key or password could solve this so the data stored encrypted

[HelloZeroNet]

You can do this currently, around 2 months ago AES encryption API is added to ZeroNet bacause of the ZeroMail (end-to-end encrypted mailing) site.

For example currently you can create an encrypted image hosting site: at the upload. the user defines the password and publishes the image in encrypted form (eg. in a json file). In this way the image can be downloaded and served by anyone in the network, but only able to see it who has access the password. So there would be no evidence that you know what are you distributing, because if you don't have the password you could not decode the image.

Easier way to password encryption of sites or part of the sites are also planned.

[alexc-hollywood]

@bashrc My understanding as well. Makes it very interesting to see how a parallel Node.js binary could be incorporated, as in the Popcorn model where they use QT's WebView.

@HelloZeroNet I was curious about this as i saw the update notes on Medium. It's almost as if it would be easier to publish the site data as an encrypted archive (.zip etc), for unzipping on the mirroring peer.

Another scenario which is related occurred to me while i was explaining to a friend today how ZeroNet worked: what happens if a site being published contains objectionable material?

For example, what if someone uses the Zeronet network to create a site of child pornography? Presumably, that site could feasibly be mirrored on my computer unwittingly - unlikely, but possible, and exploitable. In that case, i am hosting a site on my computer that could have me imprisoned, without even realising it's there. Is there any way to control what material a peer is downloading, or some kind of warning/greylisting?

[HelloZeroNet]

You have the full control over what are you seeding, if you find anything suspicious you can remove the site.

[alexc-hollywood]

As silly as a question as this might sound, how do i have control over what i'm seeding? And how do i explain the same thing to someone who is less technical? One of the stated design goals of Zeronet is a simple and attractive UI, but i can't see how to do that at all.

[HelloZeroNet]

You can simply delete the site you don't want to seed anymore.

[alexc-hollywood]

Understood: the only sites you have on your local machine are the ones you visit, so the Internet history argument comes up (if its on your machine, you deliberately visited it). Who is seriously going to search through 30 data folders to see which ones they need and those they don't?

However, that still leaves 2 scenarios:

a) You're a political dissident wanting to get around DNS-level censorship; your machine is confiscated, and you don't need to be a forensics specialist to know that its very simple to prove you've not only actively been viewing Falun Gong content, but now you're automatically hosting, distributing, and publishing it.

b) The author of the site you're visiting (and copying onto your local) has 2 sets of content: i) the interesting bit you're wanting to read, and ii) another part not linked to that you don't know about, containing galleries of child porn.

In its current form - and i'm not knocking the project for its innovative approach - its usable if you're comfortable running Python from the command line (a very narrow audience), regularly browse through the content folders, you're not in a country with a questionable government (getting smaller by the day), and you entirely trust the hosts you're visiting (and their authors), which is totally unknowable.

Obviously it's alpha days, but wouldn't it be a prudent direction to include some kind of zero-knowledge mechanism, and/or some way for the network to notify peers of malicious actors?

[HelloZeroNet]

If you find any problematic content over any of the sites you can issue a warning in ZeroTalk forum, I don't think it would be a good idea to implement a built-in censorship. I don't see why is the command line required for this (or how is it connected to this problem)

If I upload anything problematic to my google drive and share the link over the internet will they arrest the google server operators?

[iShift]

Content from zeronet on you HDD - it is cache, when you visit standard site in normal internet you download content to you hdd, also if you see accidentally CP or different bad content - you computer have them on your HDD, also your provider (maybe) have that content too - if he cache it in proxy, or if site use CDN like cloud flare - it also have them. So, site on your hdd from zero network is cache.

about government - if you think that you government can get your machine - buy VPS server in cloud provider or encrypt all data on HDD.

[dluciv]

Encrypting the whole HDD and using Tor then is possible, but it looks like workaround, not a solution.

One should distinguish between data that should be encrypted and data that can be stored as is. I think it will be useful to add an option to encrypt users.js at least.

[ghost]

a) You're a political dissident wanting to get around DNS-level censorship; your machine is confiscated, and you don't need to be a forensics specialist to know that its very simple to prove you've not only actively been viewing Falun Gong content, but now you're automatically hosting, distributing, and publishing it

I understand the issue, but I don't think it's in zeronet design to provide such level of security. If you have your state actors in your threat modeling, best is to use some amnesiacOS.

As any torrent or any files, if you got swatted and have an uncrypted drive with illegal stuff on it, it's game over. Nothing Zeronet Specific IMO.

b) The author of the site you're visiting (and copying onto your local) has 2 sets of content: i) the interesting bit you're wanting to read, and ii) another part not linked to that you don't know about, containing galleries of child porn.

We don't have much legal precedent for this. It could turn out be as simple a the request Sites owners receive to remove CP content.

[purplesyringa]

@HelloZeroNet Not sure if this issue is resolved?

[alexc-hollywood]

This may not be the best example, given the context, but 4 years later, here it is: https://www.thedailybeast.com/8chan-refugees-worried-theyre-downloading-child-porn-on-peer-to-peer-site-zeronet