I have high hopes this takes off. My completely uninformed opinion is that if it works then there will be claims made about drug sales and Pedophiles using the service and it will be shut down by the US government. I'd love to be wrong about that. A really secret network would probably have to disguise its traffic somehow, hiding messages somehow within a public message space.
posted by mecran01 at 12:10 PM on August 17, 2013 [9 favorites]

By Crom! What wizardry is this?
posted by TheWhiteSkull at 12:23 PM on August 17, 2013 [5 favorites]

It's so hard to not be cynical and toss out a comment like, "this will change the world, just like PGP". And I so badly want to stand up a node!

mecran01 makes a good point about some issues if it reaches a critical mass beyond geek/hobbyists, but I'd expect there to be compromised nodes long before it was shut down. Reaching a useful level where network effect takes over and turnkey custom nodes become available commercially is a big question. For most folks you need a one (or no) button setup. Although at that point, bandwidth and latency compared to cable/fiber networks will be the biggest deal breaker for most.

These days strong encryption is easy (use a big seed in pgp) but the social difficulty of authentication is very hard. That is how do you know for sure that my public key is really mine and not a man in the middle attack, yes if we meet, but do you really want to meet in person before email anyone? (yes, there are solutions but none that are socially effective in large volume)
posted by sammyo at 12:24 PM on August 17, 2013

Could you start one with a RasPi?
posted by LogicalDash at 12:24 PM on August 17, 2013 [1 favorite]

Could you start one with a RasPi?

https://wiki.projectmeshnet.org/Install_on_Raspberry_Pi

There's even an OpenWRT port, though it may take some hackery to compile the latest version.

My completely uninformed opinion is that if it works then there will be claims made about drug sales and Pedophiles using the service and it will be shut down by the US government. I'd love to be wrong about that.

Democratic abuse handling is built into the system by design. Since each peer is known to its neighbors, anyone who is forwarding abusive content can be asked to stop or be de-peered. This is unlike Tor; the CJDNS devs are very interested in not having the system be taken over by child porn and assassination markets and the like, resulting in all the ethical people leaving in disgust. So far, the worst thing I've seen on CJDNS has been a couple of irc trolls who turned out to be the same person.

I gave a talk about this to a local hackerspace a few months back. Here are the slides; they contain a bunch of additional good links.

https://nimblesec.com/uas/project_meshnet-cjdns.pptx
posted by vira at 12:44 PM on August 17, 2013 [12 favorites]

As a regulatory weak point, could some arm of the FCC be used to shut this down, if this is going over radio frequencies? Some tweak to wifi regulations, for instance, which proscribes non-IP traffic over wifi? I'm curious how the government might respond to this or a similarly decentralized network, if it took off.
posted by Blazecock Pileon at 12:52 PM on August 17, 2013

vira: "Since each peer is known to its neighbors, anyone who is forwarding abusive content can be asked to stop or be de-peered."

How does one know? Does this mean that, I (if I have a node) have to watch all the traffic coming across it to look out for kiddie porn/drugs/etc.? What if I like cat macros but my neighbors think they are a waste of bandwidth? Can they 1) tell that I am even looking at cat macros at all; 2) filter or otherwise prevent my precious lolcats from passing through their piece of the mesh?

I would also like to look at your slides, perhaps even to see if my questions are answered there -- but I can't do so if they are in a proprietary format like PPTX. Can you post a more accessible copy (e.g. a PDF)?
posted by dendrochronologizer at 1:11 PM on August 17, 2013

Watching all the traffic would do you no good, because all communication between nodes is encrypted. Regarding the authentication issue mentioned above, the ipv6 address (in non-routable, private ipv6 address space--that is, addresses starting with fc, which are like addresses that start with 10 or 192.168 in ipv4 space) of each tunnel endpoint is derived from the public key used to encrypt each connection, so authentication is built into the protocol along with encryption. In other words, knowing someone's IP address is as good as knowing their key fingerprint, so there's no need to call them on the phone to verify it first.

However, if someone's running a shady site, anyone who requests the page (or attempts to otherwise connect to the IP address in question) could look at which peer the connection is made via, and then take the issue up with that peer. That peer can then investigate in turn, or else risk losing her or his own peers, depending on how big a stink is made of it. I wouldn't worry too much about losing one's cat macros!

The software wouldn't be used by any smart criminals, because though the system does obscure one's IP address from casual snooping, each handshake packet ends up with a complete route back to the originator, so there's no strong anonymity.

My slides do answer some of these questions. Thanks for asking for a more accessible version. It's now available here:

https://nimblesec.com/uas/project_meshnet-cjdns.pdf
posted by vira at 1:27 PM on August 17, 2013 [3 favorites]

mecran01: " A really secret network would probably have to disguise its traffic somehow, hiding messages somehow within a public message space."

A steganographic, mesh-based packet switching and routing system disguising traffic as inane public forum posts? This is what reddit is. 4chan was the prototype, but it went rogue.
posted by vanar sena at 1:45 PM on August 17, 2013 [4 favorites]

However, if someone's running a shady site, anyone who requests the page (or attempts to otherwise connect to the IP address in question) could look at which peer the connection is made via, and then take the issue up with that peer. That peer can then investigate in turn, or else risk losing her or his own peers, depending on how big a stink is made of it. I wouldn't worry too much about losing one's cat macros!

I'd imagine you'd see centralized block lists like torrent peer block lists or ad block lists pop up pretty early to streamline the process, with different lists to block different types of content.
posted by jason_steakums at 2:41 PM on August 17, 2013

Once you get into modded antennas, you're in ham radio territory. For that, you need a licence, and also you undertake never to send encrypted data over the licenced bands. You can do what you want with stock antennas and routers. In North America, at least, this will be limited to local meshes. Good luck finding a friendly peer on IRC within wireless range.
posted by scruss at 2:48 PM on August 17, 2013

It seems that the network is likely to develop a few hub nodes that peer with lots and lots of people and many more nodes that peer with only one or two, which are likely to be hub nodes already. Take down the relatively small list of hub nodes who also happen to be the reservoir of technical knowledge for the network and bob's your uncle.

Don't get me wrong, I think there's a lot of interesting stuff here that improves the state of mesh networking generally, but I don't see how it solves the problem it purports to solve. (or at least that vira's slides purport that it solves)
posted by wierdo at 2:49 PM on August 17, 2013

Not to be That Gal, but this all looks charmingly utopian but in the end impractical.
posted by rmd1023 at 3:23 PM on August 17, 2013

Once you get into modded antennas, you're in ham radio territory. For that, you need a licence, and also you undertake never to send encrypted data over the licenced bands. You can do what you want with stock antennas and routers. In North America, at least, this will be limited to local meshes. Good luck finding a friendly peer on IRC within wireless range.

My understanding is that if the modded antenna increases the effective radiated power (ERP) beyond legal limits, then the transmission strength can be reduced while still increasing the range via increased reception sensitivity which the antenna also provides. The 125 mile feat at Defcon in 2005 was legal and within FCC limits due to this tactic; they dialed down their wifi cards' output from 300mW to 30mW. This was a regular 2.4GHz wifi signal, so encryption was permissible. At least around here, height restriction ordinances may turn out to be more problematic.

Finding more-distant (but still as local as possible) peers on IRC, using the Internet instead of direct wireless links, is a stopgap measure until the meshnet is popular enough to find peers locally in other ways. Participants often try not to make perfect the enemy of good. Some people's closest potential peers are across oceans, and I've been willing to peer with people hundreds of miles away myself.

It seems that the network is likely to develop a few hub nodes that peer with lots and lots of people

This point seems to be inspired by another difference with Tor. One of the CJDNS best practices is to provide a different connection password for each peer, so if that peer turns out to be abusive its peering access can be revoked without much trouble (e.g. no worries about the abuser re-peering from a different IP address). It doesn't make sense to automate the peering process, since that would just invite the kind of abuse that would prove a future administrative headache.
posted by vira at 3:33 PM on August 17, 2013 [1 favorite]

To back off my That Gal status a bit - it does sound like a cool project from a conceptual standpoint. I think this kind of mesh networking might be a useful fallback in scenarios with limited communication as a temporary thing between communications failure and more structured communication stop-gaps (temporary/mobile cell network nodes, for instance) coming online.
posted by rmd1023 at 3:39 PM on August 17, 2013

This is very interesting.
posted by fantabulous timewaster at 3:54 PM on August 17, 2013

I think this might be a useful part of the emergency amateur radio equation too. Actually after Katrina the only functioning public network was a commercial meshnet that supported police surveillance cameras. It might be cool if a bunch of geeks descended on a town after a disaster with meshnet tech, like the HAM operators did after Katrina. But I don't think the local authorities would like the encryption.
posted by RobotVoodooPower at 8:47 PM on August 17, 2013

I'll build my own internet, with hookers and booze and.........
posted by real_paris at 9:21 PM on August 17, 2013

It might be cool if a bunch of geeks descended on a town after a disaster with meshnet tech, like the HAM operators did after Katrina. But I don't think the local authorities would like the encryption.

I'm picturing rocketry and diy drone hobbyists airdropping solar-powered meshnet nodes en masse. Actually that would be a pretty amazing student project for a school like MIT, meshnet the campus to full coverage remotely.
posted by jason_steakums at 9:59 PM on August 17, 2013 [1 favorite]

I hope I don't seem too spammy in this thread, I'm just very excited about the potential here!

It might be cool if a bunch of geeks descended on a town after a disaster with meshnet tech, like the HAM operators did after Katrina. But I don't think the local authorities would like the encryption.

This could well be, but who knows which way the wind is blowing? The FCC is currently still considering a petition to amend its rules to no longer prohibit encryption by licensed amateur operators, and it's been mainly the ham radio community itself raising objections. The official position of the ARRL is that the petition is unjustified.

The petition to amend the FCC rules includes the following rationale:

It has been observed in a variety of contexts, that agencies served by amateur radio communication during emergencies perceive the following:

• that encryption of certain emergency data is required (e.g. specific patient information covered by HIPAA, identification of sheltered persons, etc.)
• that certain emergency information is required for tactical purposes to be encrypted (e.g. certain logistical information: movement of food, medical supplies, certain movements of personnel)
• that for national security reasons certain emergency communications should be encrypted

The hams are worried about losing their community self-policing ability, among other concerns such as tolerance of hams by other governments. To my mind, both of those concerns make a CJDNS-like method seem all the more sensical, as an alternative to the abuse restrainment system proposed in the hams.com alert. Mandating that all encryption keys be provided to volunteer operators would seem to defeat the whole benefit.
posted by vira at 11:00 PM on August 17, 2013 [1 favorite]

Just, wow... Once you start contemplating replacing the current incarnation of the internet with your own physical instantiation of it (via new OSI layer 1 & 2), there is no possible way that "mesh" anything can scale. Follow this to its logical conclusion and you will be pricing DWDM terminals, 10Gbps optics, spool handling forklifts and cable plows.
posted by thewalrus at 1:43 AM on August 18, 2013

> The 125 mile feat at Defcon in 2005 was legal and within FCC limits

Legal for ham radio operators under FCC Part 97, it appears. The 2005 record was set by licensed amateur operators, so no encryption allowed.

> The FCC is currently still considering a petition to amend its rules to no longer prohibit encryption by licensed amateur

… for emergency communications only, and then only for certain sensitive data. Hams in North America are very touchy about emcomm, as some remember it as the only way the hobby survived cold-war paranoia by morphing into a Citizen Defense strategy. I also wouldn't take anything posted on hams.com as gospel; if there's one thing that amateur radio operators agree on, it hasn't yet been discovered.
posted by scruss at 8:13 AM on August 18, 2013

there is no possible way that "mesh" anything can scale

Hyperboria is technology agnostic, like the Internet. It's just using mesh for the bootstrap and prototyping to get started, because it's cheap and easy. Just as much of the early Internet (ca. 1993 pre-web) was 28.8 analog modems and 56K DS0 backbones. Success breeds success but have to start somewhere.
posted by stbalbach at 8:35 AM on August 18, 2013 [1 favorite]

Ham radio operators have been experimenting with a WiFi mesh network here: http://www.hsmm-mesh.org/

Since certain WiFi channels overlap with the ham bands, hams can use more power.
posted by bensinc at 9:05 AM on August 18, 2013

Good point, thewalrus. On the other hand, this protocol is efficient and fast, and aims to solve a problem with core router overhead. It could be implemented a lot more cheaply than the status quo of bloated routing tables. For those who may not be aware, this bloat is a big problem and is due to address space deaggregation. The Whitepaper is worth reading for more on that issue and how CJDNS may help address it.

Fiber kit is expensive for sure, but there's potentially a lot of savings to be had in routers that suddenly don't need tons of memory. The devs are also thinking about ways to use microtransactions in a cryptocurrency like Open-Transactions or Bitcoin to pay one's peers for carrying one's traffic, to ensure that bandwidth bottlenecks are adequately funded. It's a hard problem, but I'm not convinced it's insoluble.

The 2005 record was set by licensed amateur operators, so no encryption allowed.

The FAQ entry at the bottom of scruss's link is mistaken, and doesn't mention that the power output had been decreased in order to remain within the ERP limits for wifi which apply to everybody, ham or not (with a confusing exception noted by bensinc). IANAL, but my interpretation is that being a licensed ham doesn't allow one to exceed the ERP limit on the 2.4GHz wifi band, nor does it preclude use of encryption on that frequency, as Part 15 of the FCC rules would apply instead of Part 97. The government wants more hams, which is why it relaxed the licensing requirements to no longer require Morse code proficiency. Why would it shoot itself in the foot by denying all licensees access to consumer grade wifi encryption, a feature included in every access point/router on the market?

Since certain WiFi channels overlap with the ham bands, hams can use more power.

Only on those particular channels (1 through 5), and very limited, i.e. not for commercial use, music, encryption, etc.
posted by vira at 2:26 PM on August 18, 2013

vira: "This point seems to be inspired by another difference with Tor. One of the CJDNS best practices is to provide a different connection password for each peer, so if that peer turns out to be abusive its peering access can be revoked without much trouble (e.g. no worries about the abuser re-peering from a different IP address). It doesn't make sense to automate the peering process, since that would just invite the kind of abuse that would prove a future administrative headache."

If your attacker's goal is merely to shut down the network, relying on a small set of hub nodes makes that easy. Sure, they won't be able to see what exactly is traversing the node, but shutting it off is rather easy. I do still think this is rather interesting in disaster zones and the like, I just don't think it's really a useful check against the government doing something nefarious with the Internet. No more so than resurrecting UUCP, anyway.
posted by wierdo at 2:50 PM on August 18, 2013

My point was that since peers should be manually added, a node accruing a large number of them would be unlikely in the first place, unless it had a business built around providing access (the protocol also aims to lower the barrier to entry for becoming an ISP). There are some nodes that are available for indiscriminate public peering, but unlike the Tor network, such a case is generally discouraged.

If meshes get popular enough, maybe they'd forestall any use of an Internet Kill Switch, as the government would be less eager to force greater adoption of a protocol it can't control as easily. That's my hope there, at least; I'm aiming for minimal disruption.
posted by vira at 3:06 PM on August 18, 2013

I have my doubts that end users will be keen on meshing as finely as one might hope from a security standpoint. As a practical matter, it will mainly be the power users that have a relatively large number of peers. That's just how networks tend to organize, whatever form they take. There are always a relative few that are highly connected and bind the group together.
posted by wierdo at 11:54 PM on August 18, 2013