I'm new to the idea of distributed hash tables. Question: If a project is built on top of a DHT (like @Jami), does that mean message metadata is basically open to the public? Is a DHT-based system a bad choice for people trying to avoid metadata leaks (i.e. third parties knowing who I talk to and how often)?

@hrthu @pcrock @Jami

DHT is not a bad choice to avoid metadata leaks. In fact, GNUnet is using this. You can search about censorship-resistant DHT, or read this

@hrthu @pcrock @Jami

But all DHT are not perfect. OpenDHT (used by Jami) doesn't focus on metadata protection for now, and you can determine a few things:

1. When someone is receiving messages (but you can't know the sender, it's in the encrypted part)
2. If a message is big (but the size is randomized by random (via RSA)
3. And with a malicious node, you can get the ip putting datas (but it can be a proxy node, not the real sender)

And for now, I think it's all.

@AmarOk @pcrock @Jami Thanks for the answer! That's really interesting and I'll take a look at that link hopefully soon. Do those exposures you pointed to presuppose a control of greater than 50% (?) of the nodes, as is the case, I think, with Tor?

@hrthu @pcrock @Jami a control of 50% of the network is related to the blockchain, if you want to alterate previous transactions. This doesn't mean anything in the case of Tor or here.

Sign in to participate in the conversation

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.