Open martinheidegger opened 5 years ago
okdistribute
commented
5 years ago The Bittorrent DHT can end up exposing your IP address to potentially random people and the peer introduction (bootstrap) servers. They still won't know what you're sharing, unless they have the original dat url, but they know the discovery key and potentially who you are sharing with.
It would be nice to do a threat model for this and have a diagram people can see.
msfeldstein
commented
5 years ago I thought the dat address was the discovery key, is that not the case?
On Thu, Mar 14, 2019 at 3:44 PM Karissa McKelvey notifications@github.com wrote:
The Bittorrent DHT can end up exposing your IP address to potentially random people and the peer introduction (bootstrap) servers. They still won't know what you're sharing, unless they have the original dat url, but they know the discovery key and potentially who you are sharing with.
It would be nice to do a threat model for this and have a diagram people can see.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/datproject/docs/issues/149#issuecomment-473094262, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJ1bxza1V-iELcJJAzvwyz5zLlg-c6Sks5vWtDQgaJpZM4b0Lma .
pfrazee
commented
5 years ago In the discovery network, we use the "discovery key" to obscure the actual address
pfrazee
commented
5 years ago (The discovery key is hash(address-key))
RangerMauve
commented
5 years ago Hyperswarm is still making use of a DHT, right? What does it change from bittorrent-dht that makes it more desirable for Dat?
pfrazee
commented
5 years ago I disabled the bittorrent-dht because I was getting really poor results and a lot of extra traffic. I never investigated the cause of the poor connectivity. @mafintosh ultimately made the call to build out the new hyperswarm dht. I believe it was to give us the flexibility to introduce features such as hole-punching via the dht.
msfeldstein
commented
5 years ago Thanks hashing it to get the discovery key makes total sense.
On Thu, Mar 14, 2019 at 3:53 PM RangerMauve notifications@github.com wrote:
Hyperswarm is still making use of a DHT, right? What does it change from bittorrent-dht that makes it more desirable for Dat?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/datproject/docs/issues/149#issuecomment-473096321, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJ1b5BN1dk56C5dn5ghht-sddFAHtfLks5vWtLsgaJpZM4b0Lma .
okdistribute
commented
5 years ago There is always tradeoffs for privacy. For some use cases a dht might be more useful for peer discovery and the privacy trade offs are worth it, others not. This is why hypercore-protocol is agnostic to the peer discovery mechanism, and it's nice to be able to pick and choose this based on your concerns. I've also been musing about peer discovery over encrypted email (pgp), which could be interesting to bridge ecosystems :)
martinheidegger
commented
5 years ago I would further add that by sharing a set of discovery keys, it is possible to Profile dat clients. I.e. if the same set of discovery keys is shared by different ips it is likely that it was the same peer all along.
I find the email approach inspiring! It leads me to think that there would be a place for a dat-peer:<discovery-key>/<transport>?ip=<ip>&port=<port> link. Like dat-peer:abc...123/tcp?ip=192.168.1.6&port=1234 to add a peer to a peer to a DAT.
In his tweet @Msfeldstein asks:
Referring to: https://github.com/datproject/docs/blob/master/docs/learn-more-security.md#how-can-i-create-stronger-privacy-protections-for-my-data