Topic: Nothing is truly decentralized using a centralized ISP (Read 524 times)

I think that tor is a good choice so far. If your ISP keep hostile and start to filtering bitcoin protocol in its network, they can't stop the tor (if they block tor, you can use a bridge to connect to then). But I like Mesh network, probably in a local way this is even possible, creating a "cloud" that makes more difficult to track any specific transaction source, with a redoundant system of connections to others network (connecting to more than one network) may reduce the chance of attack. 
Also, I really think that the ISP is a real problem, since the data on bitcoin network are transmitted without encryption (correct me if I'm wrong), if a transaction comes out form your node without comes in previously, it can deduce that the transaction belong to you. This problem is also solved with tor.

I am involved with a big "mesh" network.  The network is still live but has shrunk somewhat from it's top size.  It's not a live mesh in that nodes are fixed in position and cannot move around but the network is somewhat resilient to nodes dying and routes around them.

The network used mainly Mikrotik and UBNT Wireless gear to form point to point links as well as sectors with clients.  It was a complete private network operating in private address space with it's own internal DNS as well as routing.  Did not provide direct access to the internet though some did tunnel internet access over it.  Similar networks I am aware of use BGP routing though this network used OSPF routing (BATMAN sounds similar?).   I suspect it was (or perhaps still is) one of the largest single area OSPF deployments. It had over 650 OSPF routers in one area!

I did not design this and was not a network expert by any means (still not, work in other fields, this was hobby) but learnt a few things along the way.  

In terms of security this was not secure.  Given private non-profit nature of the network we had participants join with poor network practices (e.g. no security, unpatched routers, windows machines, default passwords etc.) and when their PC/router got hacked/infected by viruses from internet that would scan the private network for targets.  That was security problem one, which would be fine, but I introduced detection methods by centralising logs and listening for scans from inside the network and then null routed any host doing excessive scanning, login attempts on ssh ports etc.  Was able to null route a host by doing that and announcing the route on OSPF.  I was able to do it more effectively than anyone else because i had access to more infrastructure as I was involved in managing the network (as much as it could be managed).  But in theory any participant could do it by announcing routes for a particular IP range.  The most effective was announcing /32 as it would get the most priority on OSPF.  If you had one OSPF router you could steal half someone's traffic in this way.

There was never any active abuse of this but lots of accidental routing issues and was easy to spot.

As an aside I changed bitcoin node code slightly so that would operate on this private network (changing the way it used private address space). I think it would not advertise private addresses and I changed that setting in the private network somehow.  I lost interest as it was just two of us running bitcoin nodes on the network at the time.

This network covered some poor areas where people did not have internet at home and we did not provide internet access per say, but some of us which had more internet than we were using did setup proxies for use by participants for basic internet (think mail, education, news etc.).  We could not just provide internet as we operated under licensing which prohibited to some degree, plus the bandwidth...

We did link up also with other such networks via tunnels over internet in other parts.  Was also thinking of hooking up with others (freifunk, dn42, nyc mesh) but interest slowed down.  We had some technical curious users and then we had lots of users just using the network.  We do not have enough technically curious users to keep up the expansion.  Some other things are we setup some of our services in the cloud and tunnel route into the network using quagga software routers and tinc mesh vpns which is really underrated. 

I joined dn42 as well but the project seemed kind of dead. dn42 is basically a private network running over tunnels instead of physical links.  So mesh vpn if you will.  Uses BGP routing internally.

Yes I think so. It's just changing the gateway. WIth a conventional web connection all your data goes through these centralized IPS's. These ISP's and their servers are also centralized with a central server and cloud somewhere. They can see your browsing history through having your billing data linked with your IP address. In a mesh network the data moves though random nodes and a shared gateway. There is no ISP that has your billing data and IP address and they don't know who is doing what in the Mesh Network.

OK, it's a "weakness", but isn't the internet as a whole decentralized? Can't a full node, a miner, a user change his/her ISP, to connect again?

The aim of decentralization is censorship-resistance, and we haven't seen a censored Bitcoin transaction because an ISP, or the "internet itself" said "NO".

It's the same reason why majority of people don't have Linux instead of Windows. People are lazy and they choose the easiest and most convenient services where they get everything with minimum effort.

If the Mesh Network has so many benefits, why still majority don't use it? Or, maybe they don't know nothing about her? I don't think Mesh Network can be as safe as she seems. And i agree - If a mesh node wants to access the internet, it still needs to access via a centralized service provider. It turns out centralization.

They do because they relay the internet to each other thus providing internet. They use a shared gateway that does not charge a user fee or identify users identity. The mesh itself is decentralized and secure. No user is connected to a centralized ISP but is an ISP itself to other nodes in the network. Also centralized ISP's need a gateway and a service provider. This makes the internet completely centralized. It's just a huge pyramid of servers and ISP's with some huge corporation like Oracle on top.

They don't. If a mesh node wants to access the internet, it still needs to access via a centralized service provider. How else is the mesh network going to connect to the internet? There's no other way to access it, not even on a physical level.

VPN isn't necessary for the network security. NAT also modifies the IP information. It's not a centralized ISP. It's a gateway. In a mesh network each node becomes its own ISP basically. You don't register to the gateway and pay a regular fee to the gateway as you do with ISP's. The gateway does not have your personal billing data which is linked with your IP address. The centralized ISP's might have your crypto wallet data too. We don't even know all the things they gather there. Freifunk uses church towers for gateway antennas because they are both in very central high locations in towns and it's quite easy to convince reverends and pastors that the internet is the "anti-christ system" and that's why this is necessary.

Lets imagine you have a place to VPN to that you trust and we ignore the fact that this destination is effectively a centralized ISP and that the logical party to operate a VPN endpoint for you is an intelligence agency.  Ok.   You can VPN to that place over a mesh or over a centralized ISP and then you get the same security and privacy properties as if you VPNed to it over some mesh.

You get the bonus property that any clown with a rpi cant totally shut down your network connectivity as they currently could with the mesh.

No security? The network is connected to the internet with NAT which goes through a gateway that has a VPN. Is that not security? There is no way to spy or track or identify a single user of the network. In addition you can also encrypt the wi-fi signal. Centralized ISP's are not secure. Centralized ISP's are the security breach themselves. The intelligence community gathers data through the centralized ISP's. They can now without any permission or warrant get your entire browsing history.  https://en.wikipedia.org/wiki/Network_address_translation

What B.A.T.M.A.N. does is has every participant periodically announce themselves, and then each peer that hears them repeats the announcement. Each node remembers the best source for a particular host they've heard of and sends traffic for it in that general direction.

The announcements have a hop count and a sequence number to prevent loops and repetitions of the announcements. 

There is absolutely no security at all, except by totally limiting access to the media (e.g. by encrypting all packets and not making the network accessible to the public).

If someone with access to the network wants to impersonate another party and receive almost all of their traffic all they have to do is start generating announcements for them.  They can selectively mitm, impersonate, or block access to any other party on the mesh.

If you are using some L3 IP security on top of the mesh (like a VPN) then they can't impersonate but they can trivially deny access.

So as they stand right now, these protocols do not work for public networks except to the extent that no one wants to bother attacking them.  A lot of the time that is probably true --- but centralized ISPs are also secure so long as no one wants to bother attacking.

It looks like the Freifunk firmware is still actively maintained-- https://github.com/ffbsee/ffbsee-firmware/commits/master   thanks-- thats the sort of thing I was looking for when I asked before.  There was a lot of excitement about meshes around 2013-2015 and there are a lot of dead webpages now.

Ok. I admit I don't know anything about satellites. I just assumed they are slow. According to this one guy a group of PhD's had stated that B.A.T.M.A.N protocol is the best Mesh router protocol out there. B.A.T.M.A.N protocol is the one used by Freifunk,  which is Germanys mesh community and perhaps the largest in the world. What exactly do you mean with malicious mesh node? For what purpose would the malicious nodes exist? Standard nodes have max capacity and you could set a cap limit to output for standard nodes. Someone running a malicious node would forge the output to very high, right?

https://en.wikipedia.org/wiki/B.A.T.M.A.N.

https://en.wikipedia.org/wiki/Freifunk

What you're describing is currently only true in the land of spherical cows.

The reality of mesh technology is that it's extremely challenging and as a result underdeveloped.

E.g. up thread I asked for examples, and the primary example is a lora mesh that achieves extremely low bandwidth SMS like messaging.

It's really cool, but it's not "fast internet".

No one has even really started to answer questions like how you can handle malicious mesh nodes in a way that doesn't compromise performance or just require all nodes to be approved.

I've certainly been a networking expert (e.g. my CV would support that claim).  I'd be totally happy to see mesh projects that delivered the properties that you're claiming, but I haven't seen them.  Please -- feel free to find examples. I'd be happy to discuss them.

You're not making a case for your own expertise by calling satellite slow. For a natural broadcast usage like Bitcoin it can be exceptionally efficient.  For example, the cumulative directtv video bandwidth is multiple gigabit/s per second--  available to every location over entire entire landmasses with costs like femto-cents-per-megabyte-per-potential-user.  No other technology is even comparable for broadcast use.   It doesn't do all things well, but it's still a very powerful technology.

The thing with Mesh is that the more nodes are interconnected, the faster the internet will become. This is easier to accomplish in a large city. Also with Mesh you are never queued because it always chooses the optimal available node for connection.

Right, so you are Mesh expert and you have examined all the projects and you know this for sure? No wonder Bitcoin is slow if uses a satellite as third party in its centralized pyramid scheme.

Well it's free of charge. You don't have to pay a fee to the operator. That's a major difference and perhaps the key feature that people are most interested in.

Yeah, but the thing about NAT is that it replaces IP addresses in the mesh, each of the nodes, with a single outward-facing IP address. I can say this since you showed a gateway or VPN connecting the mesh to the NAT. So from the IP protocol point of view, the mesh appears no different than a typical internal network with private IP addresses.

Check out LoRa Mesh with Batman protocol https://www.youtube.com/watch?v=TY6m6fS8bxU&feature=youtu.be

The Batman protocol seem to be constantly upgraded. It's the router protocol of The German Freifunk community which is probably the worlds largest Mesh Network.

https://en.wikipedia.org/wiki/B.A.T.M.A.N.