10
« on: July 14, 2018, 09:13:56 PM »
The state of anonymous file-sharing (and anonymous Web hosting) is very poor. The most commonly-used solution is Tor hidden services, but those have terrible security. They are weak to intersection, timing, and DoS attacks. Plus, Tor is fundamentally centralized, relying on a fixed set of Tor directory authorities to manage the network. I have no doubt whatsoever that the NSA & friends could easily find the true IP address of any Tor hidden service. I think that they only hold off on doing so in most cases because they like to build a false sense of security while holding that tool in reserve.
The ultimate solution to this is IMO to switch from a network architecture of "point-to-point" to a network architecture of "distributed data-store". Instead of having clients talk to a server somewhere (even behind 7 proxies), you should have the "server" upload their data to some "anonymous cloud", and then have clients download the data from that cloud, without ever needing to have any sort of connection to the server machine. This nicely addresses the most serious attacks against Tor: intersection & timing attacks against the server are much more difficult, since the server does not need to be online or sending data at the same time as the client, and DoS attacks are handled by the system itself.
Freenet and GNUnet are distributed data-store systems. Freenet even has a number of websites and social networks which function on the data-store model. It is possible to redo nearly every website under this model, though it is a major change.
But one major problem with Freenet and GNUnet is that their security (especially in Freenet's case) is ad hoc: they basically jam the system with a bunch of obfuscation and hope that it works. I have no confidence whatsoever in their security as a result. They're both probably especially vulnerable to sybil attacks when used in their opennet modes. They're also very slow, and they would probably fail to provide censorship-resistance if seriously challenged.