They reference the RedHook (Brooklyn) project in the article which was an inspiring attempt - especially in how they got local help for installation and maintenance. I am not sure how that project is going as the blog does nto have a lot of recent updates http://rhicenter.org/
I volunteer for a meetup based project in my home town which is having a hard time getting roof access for the network. In my limited experience it seems the biggest obstacles are not tech problems but NIMBY.
Meshnet is a great idea - one of these days it will break through. It is exciting to see these projects
So does the bandwidth get offloaded or underwritten by all the individual homeowners or businesses that let the antennas tap into their connections? Would comcast slap someone down for sharing their network connection via the mesh?
All "consumer" broadband prohibits sharing the in TOS, so to do this legally they'd need to buy some transit (which may still turn out to be cheaper, since almost all of the price of broadband pays for maintenance of the last mile, not bandwidth).
> Would comcast slap someone down for sharing their network connection via the mesh?
Isn't Comcast currently loudly trumpeting the fact that they are -- as a condition of approval of a merger -- bound by the terms of the FCCs 2010 Open Internet Order (even though that Order was later struck down as generally-applicable regulation) which prohibits protects the right of consumers to send any lawful traffic without blocking or discrimination?
"It's trivially easy to detect this kind of TOS abuse, even if the traffic is encrypted."
It is? How? How could you possibly differentiate traffic coming from a single household with high bandwidth usage and a single person sharing their connection if it's all tunnelled over a VPN?
I won't go into detail here, but consider how de-anonymization of TOR network users is done with multiple layers of onion routing and encryption. All that needs to happen is that you correlate the injection of traffic to a particular node and then watch the actual traffic from a cable modem. You don't need to see the decrypted packets, you just need to know that when I inject N packets into a particular node, I get N packets out. Synchronized over a sufficiently long time series in a pattern that's only known to the attacker and you'll get a statistical certainty that a particular cable modem is being used for this kind of application and presto, your household is banned from the service.
For the VPN, choose a fixed packet size, and maximum bandwidth in packets per second (evenly spaced "ticks"). Every tick, if there is a packet waiting to transmit, send it with padding to the max size. Otherwise, send a dummy packet that is discarded by the remote.
That's right telcos - we can reinvent circuit switching too!
Is this just your idea? Or is it an actual working solution?
Because people have known about padding for a while and yet we still have methods to de-anonymize TOR networks. When you use those techniques on a minor mesh network like this, it's an order of magnitude easier.
Keep in mind that the cable company or broadband provider doesn't have to have much in the way of proof, just a suspicion and your connection will be terminated.
It's a very simplistic idea I threw out there, and it should stand on its own - if the only thing the intermediate network ever sees is uniformly distributed packets at uniformly distributed times regardless of contents, there's simply no signal for correlation attacks. But it's clearly inefficient as fuck.
> broadband provider doesn't have to have much in the way of proof
This pretty much goes for any software that doesn't just visit Facialbook et al. Barring any sort of public utility regulation, the only way to push back against that is to get software widely deployed.
Among many other methods (such as the deep packet inspection devices that have been common for quite a while), one particularly easy attack would be checking the TCP initial sequence numbers for changes in randomness[1].
Similarly, port number and usage can also be an easy tell when you see sockets opening on a pattern like this over time: [ ..., 15001, 15002, 15005, 9004, 9005, 15006, 9006, ...]
Often IPmasq/NAT doesn't help either, as it can exhibit its own distinct pattern of port/etc usage often due to how router maintains its statefulness.
They reference the RedHook (Brooklyn) project in the article which was an inspiring attempt - especially in how they got local help for installation and maintenance. I am not sure how that project is going as the blog does nto have a lot of recent updates http://rhicenter.org/
I volunteer for a meetup based project in my home town which is having a hard time getting roof access for the network. In my limited experience it seems the biggest obstacles are not tech problems but NIMBY.
Meshnet is a great idea - one of these days it will break through. It is exciting to see these projects