Hello,
I recently got affected by the mysterium network abuse of sharing illegal materials (via my ip Adress) through B2B channels which only should accept legal traffic. Even though mysterium and storj are different technologies. Is it 100% secure to run a storj node without getting possibly “raided” like some mysterium node hosters?
Thanks in advance.
I’m not sure what you mean and what specific software or attack vector you are referring to, but storagenode by design stores and retrieves encrypted opaque bits of data. If you run it in jail/container – it cannot escape it, even if code is compromized/backdoored/turned into open relay proxy for example.
Nothing is 100% secure.
I think what OP is talking about… is that allowing any random person to use your Internet connection for nearly-free… leads to entirely predictable results.
The Mysterium network was a flawed idea from inception
If you follow the link I have posted, the concerns have been voiced already back then:
I mean this is why people do not really want to run Tor exit nodes anymore. It was foreseeable.
The node stores 1/80 pieces of the segment of the encrypted file. The digital noise. It’s nearly impossible to reveal the content based only on one piece.
However, we can shutdown the link and the account if such content would be published, then detected or reported.
See also
But at least:
When these cases happened, law enforcement agencies in Germany contacted us for information on how our network functions as a whole.
So at least it seems that law enforcement in Germany is aware that this is some kind of VPN network and not necessarily the people running nodes are the ones performing illegal activities. So something has been learned form the Tor lessons it seems.
But nothing would be hindering, that the same could happen here, or am I wrong?
Criminals can still upload CP or other stuff to our nodes and because it’s directly downloaded from the node, the connection to your ISP is easily made.
The only thing is, that we store just a bit of the encrypted file and don’t have access to it.
Only with the native client. Otherwise it goes through the Storj or self-hosted gateway.
But of course this is something any storage provider has to face. You don’t know (and normally you are legally not to obliged to know) what you are storing. In reality it could be even illegal to snoop through your customers files and check what they are uploading. All that depends on the jurisdiction you are in.
So there is normally no way to tell if the stored data is 100% legal. And it would be strange to assume so.
I only allowed B2B traffic through my ip Adress, which is traffic from verified customers and should be in any case legal traffic. Since over a year there was no problem, until now, when the B2B customer abused the B2B Channel for illegal purposes. Either mysterium did not checked them properly or something else.
But for sharing a file publicly to the Internet, I thought the hosted gateway has to be used? So if that assumption is correct, people who download the file will always see STORJ‘s ip address?
Or is it possible to share files publicly via a self-hosted gateway? I guess in that case the downloading entity will only see the ip-address of the person who host’s the gateway?
In both cases, the end-downloader will not see any of the node’s ip’s if I understand it correctly.
You are correct. If a file is shared, it will be accessible through a distributed link sharing service or a distributed GatewayMT if it used a presigned URL.
Even if someone would share it via self-hosted gateway, there would be only IP(s) of that hosting.