Slashdot Mirror

The word is "Freenet". You can grab it at http://freenetproject.org/ . Yes, it's slow. Yes, there's pedophiles, anarchists, warez, racist propaganda and terrorist communications. There's also Alicebots, anonymous trolls, etc. Think of it as being like Slashdot's early days.

BBH

Freenet has an answer to the trust chaining problem. Each user (when in darknet mode, anyway -- there's also a non-darknet option) only talks to their friends. Trust is not transitory; if I want data you have, it has to get routed over trusted links. Obviously there is a latency and bandwidth penalty for this, but it's probably smaller than you'd think -- the network topology is well behaved, so playing 6 degrees of separation works fairly well. If someone screws up and lets the MAFIAA on, then I don't care -- it's only a problem for the people who trusted them. The darknet style links compartmentalize the damage. (It's actually even better than that, thanks to plausible deniability arguments I won't get into, as long as they only have a limited number of compromised nodes.)

Of course, the bootstrapping problem -- you need users to get content, and you need content to attract users -- is very real. If there are easy magic solutions, I haven't heard of them, and Freenet doesn't have them. It's still a small niche network, with a limited though nonzero amount of content.

If you're curious about how attacks work in the context of a strong darknet like Freenet, I suggest you ask around on the irc channel / mailing lists. Yes, there are attacks that will work -- the Freenet authors won't try to pretend otherwise. What Freenet *does* do is make those attacks very difficult with only comparatively modest assumptions about trust.

just use freenet together with frost

this is an index of all (?) "freesites" - you can visit as soon as you have freenet running

for linux users:
wget "http://downloads.freenetproject.org/alpha/installer/new_installer.jar"
java -jar new_installer.jar
cd "/path/to/freenet/"
./run.sh restart
mkdir frost
cd frost
wget "http://mesh.dl.sourceforge.net/sourceforge/jtcfrost/frost-04-Mar-2008.zip"
unzip "frost-04-Mar-2008.zip"
chmod +x frost.sh
./frost.sh

you need to have java and I don't remember whether you need to run this as root. iirc you don't. The filename from the sourceforge link will vary - just check http://sourceforge.net/project/showfiles.php?group_id=25070

just use freenet together with frost

this is an index of all (?) "freesites" - you can visit as soon as you have freenet running

for linux users:
wget "http://downloads.freenetproject.org/alpha/installer/new_installer.jar"
java -jar new_installer.jar
cd "/path/to/freenet/"
./run.sh restart
mkdir frost
cd frost
wget "http://mesh.dl.sourceforge.net/sourceforge/jtcfrost/frost-04-Mar-2008.zip"
unzip "frost-04-Mar-2008.zip"
chmod +x frost.sh
./frost.sh

you need to have java and I don't remember whether you need to run this as root. iirc you don't. The filename from the sourceforge link will vary - just check http://sourceforge.net/project/showfiles.php?group_id=25070

Where is this anonymity everyone keeps talking about?

Tor, The MixMaster anonymous remailer, Freenet, and public proxy systems, among other places. We do have fairly good anonymity.

Don't forget about Freenet. ;-)

i'm sick of reading news or blog articles on sites like autoblog.com which refer to YouTube videos that have been removed.

For about the past month, I have noticed that YouTube has really begun dying. Too many big players have a stranglehold on it and it has really started to suck all around. Just like you, I keep running into removed videos embedded/linked from blogs. The annoying advertising has ramped up. YouTube started playing commercials mid-video. It works by locking up the flash player and forcing a commercial to play through before it unlocks.

It might be time to pull all my videos from YouTube and stop using my account. However, I don't know of any decent alternatives right now. Something decentralized would be really nice, like some system built on top of, say, Freenet (ignoring the large barrier to entry for normal people, and the slow speed). Then it would be out of control of anyone. For now we just need something small enough so it doesn't get enough attention to suffer, like YouTube of old times.

To help deal with some of the suckage, I almost exclusively use youtube-dl to access YouTube, which simply downloads a copy of the video. No ads (ads are all done by the Flash player) and I have my own downloaded copy, which YouTube can't arbitrarily remove at some point in the future.

Here you go. Good luck on breaking the encryption and packetization.

Just an other incentive to design a tracker-less Torent protocol ...

BitTorrent already supports tracker-less torrents. The only problem is that there's at least two completing mutually incompatible versions, the Azureus one and the mainline (official client) one. Then again, there's a "mainline DHT" plugin for Azureus, so I guess that problem's pretty much solved now.

For that matter, nearly every P2P protocol still in use supports download meshes, which are basically the same as BitTorrent, so downloading large files even from the venerable Gnutella is reasonably fast nowadays.

No, the next step is getting Freenet up and running, to hide who's downloading what from whom. Tor, while it already gives this capability, is vulnerable to DOS attacks (in fact there's several going on there right now) and a kind of attack where you time node outages with server outages to figure out where a hidden server is located at. The current versions of Freenet are quite usable, as long as you forget browsing and use a searching/batch downloading tool like Thaw.

Just an other incentive to design a tracker-less Torent protocol ...

BitTorrent already supports tracker-less torrents. The only problem is that there's at least two completing mutually incompatible versions, the Azureus one and the mainline (official client) one. Then again, there's a "mainline DHT" plugin for Azureus, so I guess that problem's pretty much solved now.

For that matter, nearly every P2P protocol still in use supports download meshes, which are basically the same as BitTorrent, so downloading large files even from the venerable Gnutella is reasonably fast nowadays.

No, the next step is getting Freenet up and running, to hide who's downloading what from whom. Tor, while it already gives this capability, is vulnerable to DOS attacks (in fact there's several going on there right now) and a kind of attack where you time node outages with server outages to figure out where a hidden server is located at. The current versions of Freenet are quite usable, as long as you forget browsing and use a searching/batch downloading tool like Thaw.

Just words? Why can't I publish slandering and libelous statements however and whenever I want?

You should be able to. Laws against slander and libel are inane, prone to abuse, and increasingly ineffective due to the existence of the internet.

What if I published a cooking recipe, told you it was the best, implied that it was safe, you cooked it up... and now you have the shits. Worse than that, you are hospitalized because you have another condition that was significantly complicated by my harmless and victimless haha-gave-you-the-shits prank.

Providing a faulty recipe may have been a mean and immoral thing to do, but who decided to follow the recipe? Who made the food, and who ate it? We are each responsible for our own actions; "he told me to do it" doesn't excuse anyone from that. Especially when the source is some random dude on the internet!

Now I'm not saying that anonymity is good or bad. I'm just saying that words aren't always harmless regardless of weather they are posted on the Internet or not.

Words have no power to harm or help anyone on their own. It's how the hearer reacts to them that's important.

Anyway, the genie of near-perfect anonymity is out of the bottle, and no amount of wishful thinking is going to put it back. Instead of wringing our hands over how anonymity makes certain undesirable things easier, we need to learn to live with it. That includes reexamining and rethinking laws made obsolete by anonymity, including slander/libel, "bad advice" (I don't know the legal term for it), and yes, copyright. The creator of Freenet has some insightful thoughts on the subject: http://freenetproject.org/philosophy.html

Err... freenet?

What's people's real world experience of Freenet? Does it work and is it usable? Is it truly secure from government intervention and monitoring? If this proposal goes ahead it will be the thing that prompts me to install Freenet and badger all my friends into joining too.

Apparently they're only logging origin and recipient. So PGP isn't going to help you. In response to the GP: http://freenetproject.org/freemail.html

And this is why we need Tor, i2p and Freenet.
Anonymity online, and not being tracked by people with ridiculous reasons, it's what they provide and what people need (especially now that China, the UK, the US and I thought Sweden as well, are tracking their own citizens).

That's what The Freenet Project was being used for when last I bothered to look. I'm told that it's changed somewhat since then, but who knows.

Encrypted distributed donated storage sounds a lot like Freenet. :)

Uggghh... I hope you're going for funny mod.

Seriously, if it's come to this - I'd like a web-of-trust based reputation system. Take a look at the freenet project, they got some very promising ideas.

Repeat after me: FREENET IS NOT ANONYMOUS! (but it's slowly getting there!) http://freenetproject.org/faq.html#attack says: "Freenet does not offer true anonymity in the way that Tor and the Mixmaster cypherpunk remailers do." I'm not sure if anything stops BPI from running a Freenet node which has some interesting chunks of data on offer (say, a tiny bit of each MP3 they're currently trying to track). Your IP connects and requests this chunk. Sure, you might be able to plausibly deny "my Freenet node was getting that block for someone else!" But I'm sure it'd be enough ammunition for the BPI to ask your ISP to give you a kick for running a "server" or some other rubbish by way of breaching the AUP. Still, if their "darknet" stuff starts to get up to scratch, it'll be a big improvement.

Tor (The Onion Router) is a free software implementation of second-generation onion routing - a system enabling its users to communicate anonymously on the Internet. Originally sponsored by the US Naval Research Laboratory, Tor became an Electronic Frontier Foundation (EFF) project in late 2004, and the EFF supported Tor financially until November 2005. The Tor software is now developed by the Tor Project, which since December 2006 is a 501(c)(3) research/education non-profit organization based in the United States of America that receives a diverse base of financial support.
http://www.torproject.org/

Freenet is a decentralized, censorship-resistant distributed data store originally designed by Ian Clarke. Freenet aims to provide freedom of speech through a peer-to-peer network with strong protection of anonymity. Freenet works by pooling the contributed bandwidth and storage space of member computers to allow users to anonymously publish or retrieve various kinds of information. It can be thought of as a large storage device which uses key based routing similar to a distributed hash table to locate peers' data. When a file is stored in Freenet, a key which can be used to retrieve the file is generated. The storage space is distributed among all connected nodes on Freenet.
http://freenetproject.org/

http://www.truecrypt.org/
http://w2.eff.org/patent/
http://www.gnu.org/software/gnuradio/
http://www.wikileaks.org/
http://www.cryptome.org/
http://www.torproject.org/
http://freenetproject.org/

Freenet, especially now that its reaching the point of widespread usability.

I suspect that FreeNet is something that many, many governments would like to shut down. In the west, pretty much all they have to do is say "klddy pr0n" and it's gone. In China and other such countries, they don't really have to say anything at all.

Donate to anonymous and open source (unlikely to have back-doors) Internet communication systems like Freenet or Tor. These systems are often disparaged by people because they offer (theoretically) unfettered communication between peoples who have a desire and need to remain anonymous. These systems are important because they offer freedom from reprisal (economic, social, legal, physical, etc) for their THOUGHTS (expressed in text, pictures, videos, etc).

Many people disparage such anonymous communication methods because (in the West) they don't want "child pornography" to be distributed. This of course is FUD and an exaggeration (and a reality of course; so if you believe in repression based on your moral standards, then obviously you don't have any and should not donate). But if you believe that sharing thoughts or ideas (however they may be expressed) should not be a crime (a Thought Crime) then these mechanisms (Freenet and Tor, et al) should be the way to go. These projects lack in funding and support simply because of their 'controversial' nature.

If you believe in Freedom and Liberty, then support Tor and Freenet.

Ref:
http://www.torproject.org/
http://freenetproject.org/

Quote:
"I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say 'Daddy, where were you when they took freedom of the press away from the Internet?'"
--Mike Godwin, Electronic Frontier Foundation

It's called freenet, and yes, it's dog slow and no one uses it.

Yes, kind of. It's called Freenet.

Install Freenet 0.7, give it a small bandwidth allotment and a huge datastore, hook it up to your router, and keep it running. You'll be helping people all over the world to communicate securely and anonymously.

It's been many years since I've followed Freenet, but I'm pretty sure you're wrong on the "security through obscurity" bit. The security is derived from his graduate research on the properties of routing in small world and scale-free networks. Plenty of papers and presentations on the searching that made its way into the 0.7 release can be found at http://freenetproject.org/papers.html. And as for lack of documentation, I won't argue with that, but don't forget that early in BitTorrent's development lifetime, Bram Cohen only put up only a vague specification of the protocol (but now vastly updated, see http://bittorrent.org/beps/bep_0003.html), but a separate Wiki was established to document all its nuances after pouring over the source code (see http://wiki.theory.org/BitTorrentSpecification). This Wiki begat the hundreds of alternative BitTorrent clients you find today. The same thing could happen with FreeNet, by other people with "years of prior Java experience." (And please, it's not like Java was written for the programming elite and takes that much time to master. My first encounter with Python was reading over the piece-picker module for the original BitTorrent code, and the language barrier was easy to overcome.)

In fact, if you bring it up with the Freenet developers they will gladly tell you this is intentional -- that they use security through obscurity to guard against someone finding a way to break the system.

Yes, Freenet's low-level protocols could be better documented, but they are a work in progress, and in almost constant flux.

As for security through obscurity, we go to great lengths to explain to people how Freenet works, you can find a bunch of papers, and video lectures on our "Papers" page). Take a look at this video from three years ago explaining the 0.7 design before we'd even begun to code it.

Yes it would be wonderful if every tiny detail could be documented meticulously, but before we document it we have to design and test our ideas, and that means developing and releasing the reference implementation.

In fact, if you bring it up with the Freenet developers they will gladly tell you this is intentional -- that they use security through obscurity to guard against someone finding a way to break the system.

Yes, Freenet's low-level protocols could be better documented, but they are a work in progress, and in almost constant flux.

As for security through obscurity, we go to great lengths to explain to people how Freenet works, you can find a bunch of papers, and video lectures on our "Papers" page). Take a look at this video from three years ago explaining the 0.7 design before we'd even begun to code it.

Yes it would be wonderful if every tiny detail could be documented meticulously, but before we document it we have to design and test our ideas, and that means developing and releasing the reference implementation.

In fact, if you bring it up with the Freenet developers they will gladly tell you this is intentional -- that they use security through obscurity to guard against someone finding a way to break the system.

I don't particularly want to learn Java just so I can review Freenet's code.

In fact, if you bring it up with the Freenet developers they will gladly tell you this is intentional -- that they use security through obscurity to guard against someone finding a way to break the system.

I don't particularly want to learn Java just so I can review Freenet's code.

In fact, if you bring it up with the Freenet developers they will gladly tell you this is intentional -- that they use security through obscurity to guard against someone finding a way to break the system.

I don't particularly want to learn Java just so I can review Freenet's code.

I brought this up on the FreeNet mailing list many years ago, and I got a different answer. The context of my post then was that I'd like to try reimplementing the core (the "node") in C to see if I could achieve any sort of speedup that way. Maybe I could, maybe I couldn't - there wouldn't be any harm in trying, and it would be a fun intellectual challenge. Of course, to do so, I'd need to have a good understanding of the intra-node protocol. So I mentioned on the list that I was willing to try to document said protocol in a rigorous way as a first step in trying to write a C-based node. I was warned that any attempt to document the internal protocol was futile since they regularly changed the details of it (?!) Nor was my proposal to develop a node in C met with anything I could call enthusiasm - ironic in light of the FAQ entry which states "people willing to implement freenet in other languages however are very much encouraged to try". Good luck with that seeing as how there's no specification and no plan to develop one.

Bittorrent doesn't allow you to publish and download anonymously. If you are seeding something (or downloading it) everyone who is allowed to connect to the tracker can find out your IP address.

A Freenet network ideally consists of a large number of nodes connected by sparse network of encrypted links. Many of the nodes have a big chunk of cache associated with them. The files in the network live in the caches. To request a file you ask your node to find a file with a specific hash signature. It passes the request to its peers in the network, they pass it on in turn, and hopefully it eventually it reaches a cache that has the file you asked for. Bits then start trickling back through the chain of caches. The important thing is that because your local node is an active part of the network and is sending and receiving stuff all the time, nobody knows whether a particular request or response that goes through your node relates to something that you asked for, or whether it is just something that you've been asked to "pass on" by a 3rd party.

If everything works as intended, even people who are fully connected to the network and participating shouldn't be able to identify the original publisher of a particular file, or identify who has downloaded a copy (though the fact that they've added the darknet mode suggests that that they aren't 100% confident about that!).

http://freenetproject.org/whatis.html

This has obvious anti-censorship, freedom of speech, freedom to whistle-blow type applications:

http://freenetproject.org/philosophy.html

It also has obvious undesirable applications (see the flood comments about child-porn and terrorism).

The other major practical difference to Bittorrent is that Bittorrent is designed to be fast. Freenet is definitely not the quickest way to get information from A to B ...

Bittorrent doesn't allow you to publish and download anonymously. If you are seeding something (or downloading it) everyone who is allowed to connect to the tracker can find out your IP address.

A Freenet network ideally consists of a large number of nodes connected by sparse network of encrypted links. Many of the nodes have a big chunk of cache associated with them. The files in the network live in the caches. To request a file you ask your node to find a file with a specific hash signature. It passes the request to its peers in the network, they pass it on in turn, and hopefully it eventually it reaches a cache that has the file you asked for. Bits then start trickling back through the chain of caches. The important thing is that because your local node is an active part of the network and is sending and receiving stuff all the time, nobody knows whether a particular request or response that goes through your node relates to something that you asked for, or whether it is just something that you've been asked to "pass on" by a 3rd party.

If everything works as intended, even people who are fully connected to the network and participating shouldn't be able to identify the original publisher of a particular file, or identify who has downloaded a copy (though the fact that they've added the darknet mode suggests that that they aren't 100% confident about that!).

http://freenetproject.org/whatis.html

This has obvious anti-censorship, freedom of speech, freedom to whistle-blow type applications:

http://freenetproject.org/philosophy.html

It also has obvious undesirable applications (see the flood comments about child-porn and terrorism).

The other major practical difference to Bittorrent is that Bittorrent is designed to be fast. Freenet is definitely not the quickest way to get information from A to B ...

Done. Next?

And I was hoping this would be about google finally indexing things like Freenet and the .onion domain.

As I don't play the game, I figured I was fairly safe to download it. And now it's on Freenet.

CHK@XK2x8fV5IDqm7EjKVLrQWD9zKtL1-QXvCDsNKIhrAEw,VZWEF6rPba6~1MDUO1DIN0CQ9UuDnNaktMixAglKs2o,AAIC--8/pre51200sc.rar

P.S.: Did anyone else find that torrent horribly slow? At 2KB/s, it would have been faster to download it from Freenet, even on my slow net connection.

I watched the video with interest and found out that he's describing what freenet project has been doing for a few years now as something new and exciting.
Despite this, I think such ideas really need to take root and sprout all around the world if we want the internet to survive.

Have them set up a Freenet Node.
Problem solved. (Hint: plausible deniability.)

Freenet seems to be designed primarily for anonymity, and I have read that it does not have the best performance. However, it does try to become efficient over time by moving frequently requested data around automatically on the various nodes in order to reduce overall bandwidth use and improve performance. That is, the network adapts itself to optimize for something.

I wonder if, in principle, using something like freenet would accidentally be beneficial for providers like Verizon, at least with respect to the issue at hand.

Your computer is broadcasting an IP address!

Seriously, if your tinfoil hat is on that tight, I have some "security" software to sell you. P2P isn't anonymous, not the way it's normally implemented. If you actually want anonymous P2P, you need to go to something like Freenet.

If the data is anonymous, how do you verify its integrity?

If the identifier for a block of data is a hash of the data, you can verify its integrity without knowing a hill of beans about who or where it came from.

If the link pointing to a secured, anonymous site is a hash of the site's public key, you can verify that the site you're talking to can use the corresponding private key, which is the same thing SSL buys you. The high-priced "secure site certificates" just certify that the owner of $DNS_NAME also owns $PUBLIC_KEY; if you got a self-authenticating link from another web site you trust, the level of assurance is comparable.

If the algorithms that underpin this stuff are broken then the whole digital security house of cards is toast, including "High Assurance SSL Certificates" (Now with green pixel paint for your clients' address bars! Sorry, cross-site scripting protection not included.)

..WikiLeaks is a flawed idea.

What they should have is a very simple page at WikiLeaks.com instructing people on how to easily download, install and use FreeNet, with FreeNet links to a FreeNet-hosted WikiLeaks website.

Then the site would not easily be able to be brought off line, because no one would know where it was hosted (since it is not actually hosted *anywhere*)

Interestingly enough, this is actually quite close to how Freenet works in its opennet mode. The turnover rate is probably rather low, but it has no non-encrypted protocol header and is constantly connecting to new nodes. With some tweaking it would be very hard to detect. IIRC it also already runs entirely over UDP, not TCP, which makes injecting RST packets impossible.

Of course, the real place these documents should be available, is Freenet. I haven't yet checked to see if they're available, though, so I can't give you a link.

Sounds a lot like Freenet. http://www.freenetproject.org/ It's still kinda slow, but it's still getting better. The only problem I have with it at the moment is that there's very little content worth seeing on it.