Zach PerlmanLots of mesh enthusiasts are doing a good job of introducing #Meshtastic and #Meshcore to their friends. Meanwhile, #Reticulum and #NomadNet are the real prize.
MarSik@perlman folks seriously. What are the benefits of “new” unproven #reticulum over proven alternatives?
- Nomad network vs. https://www.torproject.org/ and onion services
- LXMF over BP https://www.rfc-editor.org/rfc/rfc9171.html
- LXST over RTP, WebRTC. With https://en.wikipedia.org/wiki/M17_(amateur_radio) for voice.
- Micron over Asciidoc, Markdown…
- Sideband vs https://jami.net/
Reticulum link protocols over slip, ppp, Ethernet or https://en.wikipedia.org/wiki/IEEE_802.15.4
Please compare Reticulum with standards, not with toys.
prometheuspetrosss@marsik @perlman Dude, you’re clearly a very smart person, and I always discover something new and interesting in every post you make on #reticulum. BUT why are you fighting so hard against reticulum? At least, that’s how it seems to me.
@prometheuspetrosss @perlman I have nothing against the project per-se. It is an impressive piece of work.
But I get upset about some of the “marketing” of it as the “new internet”.
Such claims are denigrating the accumulated experience and achievements of all the thousands engineers and researchers that has worked on the real standards over the past decades.
Hobby projects are just that until they follow the proper scientific methods to prove the value.
@marsik
At this point, I also want to call you out on being so argumentative. We all get emotional. It's part of being human. So be mindful. Are you still doing science? Or are you doing ego?
At this point, I also want to call you out on being so argumentative. We all get emotional. It's part of being human. So be mindful. Are you still doing science? Or are you doing ego?
@perlman I am an engineer and HAM and I am doing radio and telco (and real time cloud that powers that).
I am also an open source advocate and used to tough questions and code reviews.
And I am indeed a bit sensitive to hyperinflated claims and project marketing that ignores history lessons and existing projects.
Show me data, comparisons, measurements. Show me the benefit of the new approach.
Hobby is fine too, just do not call it “the new internet” without proving it.
@marsik I respectfully decline to treat it only as a hobby. I respectfully decline to stop calling it the new internet, or better internet, or next internet. Nobody else has expressed being upset, offended, or sensitive, to these terms. If more people do, we'll reconsider.
@perlman Then you will compete in the marketing space with the blockchain folks (https://thenewinternet.org/), with the VPN folks (https://tailscale.com/blog/new-internet) and with the AI folks too.
I was trained to write user stories (= clear goals), measure them and compare to alternatives. And do a realistic demo.
I had a question: Why is RNS better than others?
So I did ask for comparison and provided my examples and data. The only answer was BP is complex...
I like the RNode TNC mode and tncattach, btw.
@marsik Just playing tennis with you now : ) I can argue, too. I think what you're doing is offensive to everyone who is otherwise enjoying the conversation.
I am not competing. And I am not marketing. Neither I nor Node Star have any relationship with anyone working on Reticulum.
It's 100% unpaid pure enthusiasm. In fact, it costs me money. I personally donate to the development fund, putting my money where my mouth is.
@perlman Ok, to show I am not just talking either, here is a #reticulum protocol analysis with focus on #privacy
Including comparison to other projects.
The TLDR is: #RNS is reasonably good hiding identity from services, but leaks metadata on network level.
https://codeberg.org/MarSik/reticulum-audit/src/branch/main/reticulum-source-privacy-flaw.md
I tried to back up all my claims and reasoning with links and sources. But feel free to call me out on any inaccuracy as the final text is rather long and I might have missed something. #tor #i2p can check me too.
Maxwell's Daemon@marsik Thank you. This level of technical detail is admittedly above my head. I won't pretend to have expertise in this area. I defer to you, and others, and will look forward to read any responses.
Éric@marsik Was waiting for people smarter than me to push back, but they haven't, so I will.
You found a real issue worth raising. But the whole paper still comes off as though you have an axe to grind.
The headline-vs-substance gap is bigger than it first appears.
The real story is that Reticulum's privacy claim needs a threat-model qualifier it currently lacks. Not "Reticulum's privacy claim is broken".
@perlman Any weak link in crypto or the protocol is exploitable.
A similar list exists for TOR https://github.com/Attacks-on-Tor/Attacks-on-Tor#categories-of-de-anonymizing-techniques-and-attacks
The de-anonymization attacks are very real https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df or https://blog.torproject.org/tor-security-advisory-relay-early-traffic-confirmation-attack/
Imagine a state with "unlimited resources" hunting whistleblowers, spys, opposition or you.
Overlooking something or a small bug can be outright dangerous in this field and I found more gaps than this one (first hop, link correlation, path breadcrumbs, proof source signature).
@marsik Your critique hangs on one sentence from the manual about Reticulum being "completely anonymous". But that's totally fair to criticize. If the claim is not accurate it should be revised.
@marsik At first look you seem to be saying, "Reticulum's privacy is broken," or "Reticulum's privacy model is fundamentally misleading," but the careful reader gets a different story. A story which is more nuanced and more fair: "There's a first-hop-neighbor exposure on shared media that deserves documentation."
@perlman yes, there are lot of things that work just fine. And then few things that were missed. For example the link proof can be linked with the sender via the signature done using the publicly known destination identity key. Or the path discovery breadcrumbs. And the statistical analysis of interface traffic that can link the various identities together. Network privacy is simply hard.