Mesh networks, censorship resistence, and free ponies.

01 December 2011

A couple of weeks ago the crowd over at Reddit started putting together a project that's been referred to online as /r/darknetplan, an effort to build a completely decentralized, encrypted wireless mesh network that is censorship-resistent and anonymized. They kick around a lot of ideas in their discussion threads (mostly links to other articles, with discussion of each on-site) and the project's IRC server is packed with interested people. Now, I'm not one to slam anyone who wants to give such a project a shot but they came under some scrutiny from a blogger whose opinion is that it's a waste of time and professes to have some knowledge of how such a thing would work (which is fair, from the references given I'm inclined to take this individual at their word).

First, the obligatory disclaimer: I am one of the hackers working on Project Byzantium, a live distribution of Linux that makes it fast and easy to set up an ad-hoc wireless mesh network. You're probably sick and tired of hearing me talk about it by now so this article strives to not be Byzantium-specific. The reason I'm writing a rebuttal is because the other developers and I have either already run into and fixed some of the problems described in the article, or our research and experiments have proven that certain aspects of the argument do not apply. I am also writing a rebuttal because Byzantium falls into the same category as /r/darknetplan and some of the same arguments seem to apply.

Parts of this post were previously used in a post to the building-a-distributed-decentralized-internet Google Group.

First, I'd like to point out that cooler heads around /r/darknetplan aren't trying to replace the whole Internet from the get-go. That's not the stated goal (only a supplement to the Net), and many of the hangers-on will correctly tell you that it's just not reasonable to enact a sea change and make all of the ISPs obsolete. The goal is to set up a wireless network that makes it possible to circumvent censorship, either by moving that content into the darknet or by providing paths to content on the public Net by evading the blocks entirely by hosting sensitive content on the mesh itself. Managing mesh nodes can be hard, yes. It doesn't have to be that way. Remote monitoring software is all over the place these days in both commercial and F/OSS forms. Self monitoring software isnt' terribly difficult to write when you understand the system; in fact, just about every sysadmin out there writes their own monitoring daemons just to preserve their sanity, and some of us go out of our way to program auto-correction of system glitches into our software agents. Just because it hasn't been done to date in any of the big mesh networking projects in recent memory doesn't mean it's not being done for the future.

Relying on the existing telecom infrastructure may not be a wise decision in the long run due to how the network architecture is steadily being reworked to suit the desires of a few at the expense of the rest of us. Darknet software (like Tor and I2P) is all well and good, and emminently necessary these days, but the tech trends of traffic analysis and deep packet inspection pose a very real threat to users of those technologies. Cases in point, Iran and Syria are using DPI to detect the use of VPN and darknet software and block connections in realtime, and China's censorship infrastructure now detects the use of encrypted protocols and immediately blocks those which can be used to evade censorship (like SSH and VPNs). Also, Pakistan passing laws against the use of encrypted network protocols may fall into this category, albeit for different reasons. Given this evidence (as well as the documentation from companies that specialize in developing Internet censorship and surveillance equipment) there is no reason to assume that life will get any easier for the darknet community. As for omnidirectional antennas being problematic for mesh networks, yes, they have their problems. Directional antennas (mentioned in the article's point #3) do too. That doesn't mean that mesh networking is infeasible, it only means that setting up a node means that you have to be smart about which antenna you use and how. Use omnidirectional antennas for client communication and directional antennas to bridge mesh nodes where necessary.

The article in question makes the statement that equipment with only a single radio for data transmission isn't enough, but multiple-radio equipment is too expensive to bother messing with on the scale /r/darknetplan is talking about. This implicitly assumes that you want to buy corporate-grade specialized and dedicated equipment to deploy everywhere (which doesn't have to be expensive at all). This doesn't have to be the case. Keep in mind that these projects are not actually trying to put every ISP on the planet out of business but are trying to set up local(-ish) networks, and are planning accordingly. There is nothing that says that individual meshes in some areas cannot bridge with one another over a consumer cable Intenet or DSL line and maybe a point-to-point VPN connection with one another (although it flies in the face of the notion of a "pure" mesh), and in the short- to medium-term this will probably be necessary. There is a fair amount of research taking place in this particular field and some good results are coming from it. I would also like to point out that if you're not setting up a commercial-grade mesh network you can do pretty well for yourself with a handful of USB wireless interfaces plugged into USB cables so long as you're careful about addressing and routing.

The problems of wireless mesh networks are well characterized and have been for a number of years. For a while it seemed like everybody and their backup who had to publish a peer-reviewed paper to graduate came up with another mesh routing protocol. That's probably why there are so many of them, but so few that actually went anywhere. The article implicitly assumes that no one working on next-generation mesh networks is learning from the body of past work and solving those problems. The article also implicitly assumes that not a one of those problems have been solved in intervening years, either in software or in (much cheaper and readily available) hardware. While this may or may not be a problem the /r/darknetplan group is afflicted with there are working groups out there (including some sub-groups of /r/darknetplan) that are not. Throwing the baby out with the bathwater isn't a wise strategy under any circumstances, and doing so puts one within visual range of the "We're all screwed anyway, so let's just give up!" camp so common in a number of communities.

Unplanned meshes do not break routing. Sorry, I hate to break it to you, but if you've done any research into modern mesh routing protocols you will have read that they work along similar lines to routing protocols used in the network core. In short, every node boots up knowing a single route (to and from itself) and listens for routes from neighboring nodes. When those routes are picked up they're added to the routing table and a brief analysis is done to determine which (if any) of the routes are desirable because they're shorter/faster/less crowded/have better signal quality at the moment. There is also nothing that says that all of the routing has to be unplanned; while making it so that collusion is unnecessary when setting up a mesh is an admirable goal, it is both socially and technologically possible to inject order into the chaos and refine the structure of a mesh somewhat. It is certainly not as if any of the mesh routing protocols out there would prevent the user from doing so if they wanted to do so.

Another implicit part of this argument appears to be "all or nothing," or to put it another way, "If we can't have a global, strongly encrypted, censorship-resistent mesh that gives every sentient lifeform on the planet access to porn and a pony then we should give up." The case can be made that relatively small meshes set up by users in limited areas would be ideal environments for figuring out how far they can reasonably scale with certain modern hardware platforms. The case can also be made that we've gone as far as laboratory experiments can take us and now we have to act on a larger scale to find out what happens next. To say that no one is aware of the limitations is incorrect; to say that no one is trying to transcend those limitations is even more incorrect.

To wrap it all up, activism and lobbying are all well and good and necessary, but the handwriting's on the wall: Big money will stop at nothing to get the changes they want made, and at some point our activist activities in the political sphere are going to fail. Look at recent drafts of ACTA: even after early versions were leaked and grassroots groups kicked into overdrive protesting the proposed law, ACTA is still under revision, even more carefully controlled (few recent versions of ACTA have been leaked to the best of my knowledge - can anyone prove otherwise if I'm wrong?), and it's still being fast-tracked. PROTECT IP and SOPA are also being fast-tracked even though hue and cry that they're very bad ideas that will severely limit innovation fill the ears of lawmakers. A number of large corporations and the Business Software Alliance have withdrawn their support of SOPA even though they stand to profit greatly from it, and coming from them that should tell you something. I'd love to see those bills shot down once and for all, but I don't think that's actually going to happen and it would behoove the Net as a whole to have something in place before those laws are abused to take down more than homemade music videos and noncommercial content.

This work by The Doctor [412/724/301/703] is published under a Creative Commons By Attribution / Noncommercial / Share Alike v3.0 License.