undefined | Better HN

0 pointsduskwuff5y ago0 comments

And it meant that random users' computers were being drafted into running a supernode and relaying traffic for other users, without permission or even any notice. Not only did this consume CPU time and bandwidth on the affected users' computers, but it also put anyone running a supernode in a position to observe and tamper with network traffic between other users.

0 comments

inetknght5y ago

Isn't that the point of having end-to-end encryption? I know Skype doesn't have that but perhaps that would have been a different solution

duskwuffOP5y ago

End-to-end encryption reduces what an attacker in this position would be able to do, but it doesn't make the situation safe. Even if they can't observe or directly tamper with the data they're relaying, they can still observe metadata, like who the peers are and how much bandwidth is being relayed. Even just measuring the pattern of packet sizes can be disturbingly revealing:

https://www.cs.jhu.edu/~cwright/oakland08.pdf

Besides, end-to-end encryption doesn't do anything to allay concerns about abuse of users' resources.

j / k navigate · click thread line to collapse