Hi!
I think it's really important we all understand
and emphasize to new
folks that mesh networks are not by default more secure than other
kinds of networks, though they are more resilient. This is why we have
monthly cryptoparties at sudo, so we can teach good end-user security
hygiene. We can further level up by promoting the use of more
trustworthy services, such as Riseup for email and OwnCloud for
storage, on the mesh splash page or some such.
I completely agree! I am promoting mesh networks as connectivity, not
security or privacy (hey, we are running open/unencrypted wireless
networks, anybody can grow the network, but this also means that it is
easier to intercept). Teaching is the important thing. You should not be
trusting the mesh network, SudoMesh, me, you, your ISP, nobody. You
should not have to.
One bonus point for SudoWRT is that it uses
wlan-slovenija's
tunneldigger, routing all connections on the public network through a
VPN. So actually, our mesh will be more anonymous (insofar as being
unable to pin an IP to a specific identity) than most networks. Mitar,
do you know of other networks using tunneldigger?
We had few pull requests done by other people, so probably they are
using it. I think from Berlin.
https://github.com/wlanslovenija/tunneldigger/pulls?direction=desc&page…
Otherwise I know that Ninux from Italy is using similar topology, but
they are using or have been at least using their own tunneling solution:
http://blog.ninux.org/tag/udp-encapsulation/
We were using this topology using VPN servers from beginning, but were
using OpenVPN. This limited throughput. Then Ninux proposed to use
in-kernel solution (this really improves performance) using one hackish
layer 3 solution (in my opinion, overloading iptables hooks). I think
they are reinventing the wheel a bit, but I didn't manage to convince
them to do layer 2 and use existing kernel code. :-) Read the thread
from here on:
http://lists.freifunk.net/pipermail/wlanware-freifunk.net/2010-April/002546…
(It is an interesting read to know how the idea developed.)
So we did our own version.
To say, both their development and ours were funded by Google through
GSoC. :-) (We got one spot this year again, more work on nodewatcher!)
Mitar
--
http://mitar.tnode.com/
https://twitter.com/mitar_m