NMControl-Hyperion

Namecoin, NMControl
phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: NMControl-Hyperion

Post by phelix »

biolizard89 wrote:Who is "we"? I've never seen that wiki page before. https://bit.namecoin.org is, as far as I know, more official than a wiki page, and it currently lists NMControl and FreeSpeechMe (with a side note at the end that you can use 3rd party DNS, and it discusses the security implications). The disclosure of security properties on the wiki page you linked is near-nonexistent, and it would be irresponsible of us to endorse that wiki page as it currently is written.
Well, as a matter of fact I ported most of that info from the old wiki. Note that it was quite an improvement in comparison to the old wiki where there were several DNS servers listed maintained by random people.
Bottom line, we can't make assumptions about what our users need in terms of security. In the absence of evidence to the contrary, we should operate under the assumption that our users are not downloading Namecoin solely to "try things", whatever that means; they are downloading Namecoin to use it for browsing websites (some of which may have sensitive content and/or metadata), quite possibly because they've heard that Namecoin has better security/privacy than standard DNS. It is standard practice in the security community to force users to affirmatively demonstrate consent before the software does something unsafe.
At the moment there are virtually no websites and virtually no regular users so there probably are a lot of people who just want to try out .bit resolving and see how it works. What kind of warnings are there for using Google DNS or just an eMail client that includes your IP address in every mail?

Of course we should be more transparent about security and privacy implications but in the end privacy is a user responsibility. No matter how many warnings and confirmations you just can't force people into it. If people use Namecoin software and particularly this experimental branch in potentially dangerous ways it is their very own responsibility to make sure they know what they are doing.

What is necessary to resolve these issues? Tor support and SPV / PoW secured API?
On a completely different note, I'm a little bit concerned that features in Hyperion aren't being submitted as PR's to NMControl upstream. That will happen, right?
Yes.

BTW, besides fixing some bugs I already learned at least one other important thing from this: Not having to deal with the blockchain makes things way more comfortable. :mrgreen:
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: NMControl-Hyperion

Post by biolizard89 »

Apologies for delayed reply; finals and graduation are coming up in a couple weeks, so I'm swamped.
phelix wrote:
biolizard89 wrote:Who is "we"? I've never seen that wiki page before. https://bit.namecoin.org is, as far as I know, more official than a wiki page, and it currently lists NMControl and FreeSpeechMe (with a side note at the end that you can use 3rd party DNS, and it discusses the security implications). The disclosure of security properties on the wiki page you linked is near-nonexistent, and it would be irresponsible of us to endorse that wiki page as it currently is written.
Well, as a matter of fact I ported most of that info from the old wiki. Note that it was quite an improvement in comparison to the old wiki where there were several DNS servers listed maintained by random people.
I don't know if it is an improvement, as I haven't touched the wiki much. I think my comment above stands that disclosure of security properties is critical before we can endorse something officially.
phelix wrote:
Bottom line, we can't make assumptions about what our users need in terms of security. In the absence of evidence to the contrary, we should operate under the assumption that our users are not downloading Namecoin solely to "try things", whatever that means; they are downloading Namecoin to use it for browsing websites (some of which may have sensitive content and/or metadata), quite possibly because they've heard that Namecoin has better security/privacy than standard DNS. It is standard practice in the security community to force users to affirmatively demonstrate consent before the software does something unsafe.
At the moment there are virtually no websites and virtually no regular users so there probably are a lot of people who just want to try out .bit resolving and see how it works.
There may be a significant user base who doesn't care about security or privacy. (I think many of them are likely to regret that in the future, but that's immaterial.) The problem is the other users who want .bit specifically because it has better security, privacy, or censorship resistance than their existing DNS. Since we cannot magically determine which user is which, they should all be shown the appropriate warnings. FWIW, this is pretty easy -- have the installer ask them which backend they want, and if they choose the API server, present them with information and make them affirmatively consent. I would suggest making them type "Yes, wiretap and attack me." in a textbox, as that seems to produce more hesitation than clicking "Next" or "OK".
phelix wrote:What kind of warnings are there for using Google DNS or just an eMail client that includes your IP address in every mail?
There are no users who specifically use Google DNS or an email client because they want better security or privacy. Tor2Web shows a scary warning in your web browser which you must click through to access the site; I believe that is not sufficient but it is better than making insecurity the default and burying a note in the download page.
phelix wrote:Of course we should be more transparent about security and privacy implications but in the end privacy is a user responsibility. No matter how many warnings and confirmations you just can't force people into it. If people use Namecoin software and particularly this experimental branch in potentially dangerous ways it is their very own responsibility to make sure they know what they are doing.
Average users cannot be relied upon to inspect code to see what it is doing. Responsible documentation and warnings are critical in users knowing how to behave safely.
phelix wrote:What is necessary to resolve these issues? Tor support and SPV / PoW secured API?
Tor would resolve privacy mostly, and SPV/PoW would mostly resolve impersonation.
phelix wrote:
On a completely different note, I'm a little bit concerned that features in Hyperion aren't being submitted as PR's to NMControl upstream. That will happen, right?
Yes.

BTW, besides fixing some bugs I already learned at least one other important thing from this: Not having to deal with the blockchain makes things way more comfortable. :mrgreen:
Cool.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

Post Reply