Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Twitter Question: Why disable dht? #149

Open
martinheidegger opened this issue Mar 14, 2019 · 9 comments
Open

Twitter Question: Why disable dht? #149

martinheidegger opened this issue Mar 14, 2019 · 9 comments
Labels
Docs: Confusing Content

Comments

@martinheidegger
Copy link
Contributor

In his tweet @msfeldstein asks:

Why does @dat_project mention disabling bittorrent dht for improved privacy? Does a dht or library like discovery-swarm have the same privacy expectations (~security by obscurity of read/discovery key)?

Referring to: https://github.com/datproject/docs/blob/master/docs/learn-more-security.md#how-can-i-create-stronger-privacy-protections-for-my-data
@okdistribute
Copy link
Contributor

The Bittorrent DHT can end up exposing your IP address to potentially random people and the peer introduction (bootstrap) servers. They still won't know what you're sharing, unless they have the original dat url, but they know the discovery key and potentially who you are sharing with.

It would be nice to do a threat model for this and have a diagram people can see.

@msfeldstein
Copy link

msfeldstein commented Mar 14, 2019 via email

@pfrazee
Copy link
Contributor

pfrazee commented Mar 14, 2019

In the discovery network, we use the "discovery key" to obscure the actual address

@pfrazee
Copy link
Contributor

pfrazee commented Mar 14, 2019

(The discovery key is hash(address-key))

@RangerMauve
Copy link
Collaborator

Hyperswarm is still making use of a DHT, right? What does it change from bittorrent-dht that makes it more desirable for Dat?

@pfrazee
Copy link
Contributor

pfrazee commented Mar 14, 2019

I disabled the bittorrent-dht because I was getting really poor results and a lot of extra traffic. I never investigated the cause of the poor connectivity. @mafintosh ultimately made the call to build out the new hyperswarm dht. I believe it was to give us the flexibility to introduce features such as hole-punching via the dht.

@msfeldstein
Copy link

msfeldstein commented Mar 14, 2019 via email

@okdistribute
Copy link
Contributor

There is always tradeoffs for privacy. For some use cases a dht might be more useful for peer discovery and the privacy trade offs are worth it, others not. This is why hypercore-protocol is agnostic to the peer discovery mechanism, and it's nice to be able to pick and choose this based on your concerns. I've also been musing about peer discovery over encrypted email (pgp), which could be interesting to bridge ecosystems :)

@martinheidegger
Copy link
Contributor Author

I would further add that by sharing a set of discovery keys, it is possible to Profile dat clients. I.e. if the same set of discovery keys is shared by different ips it is likely that it was the same peer all along.

I find the email approach inspiring! It leads me to think that there would be a place for a dat-peer:<discovery-key>/<transport>?ip=<ip>&port=<port> link. Like dat-peer:abc...123/tcp?ip=192.168.1.6&port=1234 to add a peer to a peer to a DAT.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Docs: Confusing Content
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@msfeldstein @okdistribute @RangerMauve @martinheidegger @pfrazee