Slashdot Mirror
Freenet 0.5 Released
An anonymous reader submits "After over a year in the making, Freenet 0.5 stable has been released. This new version is far superior to previous versions of Freenet."
The announcement specifically thanks Matthew Toseland, "without whom this release would still be vaporware," noting "On the 11th of November, Matthew will no longer be able to work full-time unless more people donate, so please give whatever you can spare at our Donations page."
Freenet is a large-scale peer-to-peer network which pools the power of member computers around the world to create a massive virtual information store open to anyone to freely publish or view information of all kinds.
Freenet is:Highly survivable: All internal processes are completely anonymized and decentralized across the global network, making it virtually impossible for an attacker to destroy information or take control of the system.
Private: Freenet makes it extremely difficult for anyone to spy on the information that you are viewing, publishing, or storing.
Secure: Information stored in Freenet is protected by strong cryptography against malicious tampering or counterfeiting.
Efficient: Freenet dynamically replicates and relocates information in response to demand to provide efficient service and minimal bandwidth usage regardless of load. Significantly, Freenet generally requires log(n) time to retrieve a piece of information in a network of size n.
~561
Please remember NOT to set yourself as anything other than a transient node, unless you have a great big fat unfirewalled Internet pipe and never turn your PC off.
Really. There is nothing more annoying than broken links on Freenet which takes ages to resolve.
the package appears to not be gzipped (despite the suffix). Hence use tar -xf freenet-0.5.0.tgz. Also the shell scripts in the package don't have the proper executable attributes set so that also needs to be modified. After that just follow the instructions :)
FreeNet is essentially the bulletproof P2P data exchange. It's practically impossible to destroy, or track down people who are on it. It is NOT designed for swapping MP3s or porn for those who have got the wrong idea, it's purpose is (as the name implies) to guarantee freedom of speech by allowing totally anonymous yet scalable publishing.
Scalable? Yes, one of the more interesting aspects of Freenet is it's intelligent caching and retrieval system. This isn't Gnutella, when you request a file it traverses the nodes being cached at each level. Therefore, the more a file is requested, the more distributed it becomes and the easier it becomes to get to - the opposite of the web.
FreeNet takes the form of a web for new users, you can "surf" the FreeWeb, and there was at one point a google-style search engine for it, I have no idea if that's the case. Some of the problems I remember were that it was often hard or impossible to reach certain pages as they hadn't propagated enough to be found before the timeouts were hit, and even then the timeouts were pretty high (like 2 minutes). On the more popular sites the owners would have to manually request it from different parts of the FreeNet in order to make it accessible.
Another problem was that because nothing can ever be deleted from the FreeNet once published, it was hard to do news/blog style sites: at the time they used JavaScript date based redirects, I think that shows how long ago I used it. Suffice to say that I'll be trying this release with interest.
Please set your node up as non-transient as long as you're online most of the time (where most is something like 75% and above). The network desperately needs non-transient nodes (high bandwidth is not that important). Also, your anonymity is a lot higher when running a non-transient node.
Yeah.... but what is it? P2P? Blogger? Messenger?
/.'ed and needs more bandwidth, well that's just tough. With freenet I put info on freenet that is connected to some sort of name (I don't fully get how that works). Then freenet somehow determines where to actually store that data, in parts, depending on demand and who running freenet has bandwidth; ie what freenet clients to store parts of the file. Then if somebody is running freenet they can run some 3rd party freenet client (or any normal internet client I think) and enter 127.0.0.1:8888 followed by the name of the link. This queries freenet (that is running on your computer) and figures out where that data is stored and the most efficient way to retrieve it. One of the interesting things is nobody knows what data is being stored on there computer so nobody can feel guilty for that info. Of course that cuts both ways. You may feel guilty for every bit of naughty data spread by freenet because it may have come from your computer.
As I understand it, it is none of those things... but it can facilitate those things. What it is is kind of a different paradigm for the internet. At the moment with the internet I type in an address and I get data from the person who has registered that address - if he has the bandwidth. I know who is sending the info and who posted it. And if that person has spare bandwidth or is being
If I'm wrong anywhere please correct. Or if I'm right but kind of shaky please reassure me. Hope this helps
It is. The store is cryptographically opaque; you don't know what you're hosting. Whether it's possible to identify whether a particular item is in the store when you know its key, I'm not sure.
2) My files aren't shared permanently. If nobody requests the files I injected, they are thrown out after a while, even if my node is online 24/7. That's just plain stupid.
It's necessary for a distributed-storage system where the injection point needs to be distanced from the storage points. Data flows to where it's being requested, so you could keep an item in your own store by requesting it automatically every so often. It won't go anywhere else, but it will stay in the keyspace should it ever be requested later on. You could do much the same thing to prolong the longevity of someone else's data that you valued -- but again, it would tend to live only on your own node if no other nodes were requesting it.
Yes but these aren't bugs they are a fundemental parts of the design.
1) I cannot control what is in my datastore...
Then neither can anyone else, if a blacklist was implemented (keys a node should not cache) then Evil Organisation of your choice (RIAA,FBI,MI5), could publish a blacklist that you MUST use.
2) My files aren't shared permanently..
Because its not just about storage but about routing. The requesting of files should cause data to "migrate" across the network allowing for specialisation. The caching and expiring of data is a fundemental part of this process. It is this that gives the scalability thats I feel is lacking in other P2P networks.
On the contrary, FreeNet is used by a lot of Chinese people as it's a good way of distributing information without being traced. Right now freedom of speech may not be a problem for us, but we're lucky.
Anonymous publication and retrieval are tools for the politically oppressed. Freenet could, in theory, make any information of value unsuppressible. F'rinstance, an outlawed political group publishing a manifesto, someone reporting the actions of a corrupt government, that sort of thing. Suppose that during the demonstrations in Tiennamen Square, there had been only one camera in private hands; getting that video out would be a perfect job for Freenet.
What's wrong with usenet for anonymous publication? Posting is over SMTP, so you can put whatever you want in the from block, and you can post through any public SMTP server you want. Once you post, the document is rapidly spread throughout the world's news servers and is permenantly cached by several servers.
The only problem I see with usenet is that your local ISP has a carnivore-like packet scanner, the MIB can catch you in the act of posting. You'd need to encrypt your message and send it to a confederate who decrypts it and posts it to usenet.
BTW, usenet is great for piracy as well. They'll never shut down alt.binaries.sounds.mp3.*, alt.binaries.multimedia, alt.binaries.warez.*, and alt.binaries.pictures.erotica.*. They're hosted by the ISPs, and the ISPs can use the phone company defence (ie, "We provide a medium for legitimate communication. Not our fault if people abuse it").
A legparnasom tele van angolnaval.
The point is that the data on your disc in encrypted. Neither you nor the authorities are going to be able to actually find out which specific files (or parts of files) Freenet has stored on your hdd.
Has anyone had any luck getting the proxy to bind to interfaces other than loopback? The docs refer to fcp.allowedHosts, fproxy.allowedHosts, and fproxy.bindAddress. I've tried all these, and fcp.bindAddress, in all possible combinations, binding to all interfaces and allowing all hosts. And yet still "telnet 127.0.0.1 8888" works, and telnet "192.168.2.1 8888" fails.
Without this, I have to run a server on every computer on the network ;-(
Free Java games for your phone: Tontie, Sokoban
[Whore mode on]
Whats new in 0.5
Far too many improvements have occured between the 0.3 series and the newly stable 0.5 release. A few highlights are in order, though:
* Security
o Strong public-key cryptography used for inter-node communication which prevents man-in-the-middle attacks.
o Node announcement protocol which eliminates the need for any central directory.
o File-sizes enforced to a power-of-two to prevent traffic analysis.
* Publishing
o Support for splitfiles and redundant encoding (improves reachability of large files)
o Enhanced Freenet Client Protocol (FCP) for application developers.
* Usability
o FProxy (The Freenet Gateway) beautified and improved
o Node Status information readily available
* Resource Utilization
o Improvements made in performance, memory usage, and threading.
* Tool Support
o Many third party tools ready for website authoring, bulletin-board style discussions, and some near completion like Internet Streaming Radio, and more.
And perhaps most importantly, It Just Works!
"I'm tired of all this 'Aren't humanity great' bullshit. We're a virus with shoes" - Bill Hicks
Freenet documentation does a whole lot better job explaining how everything works.
:)
You should also visit Nubile-freesite (site in freenet) for which you can find a link from many freenet sites.
Basic information in freenet is stored in CHKs (Content Hash Keys) - they can be found when requested with their contents hash key. Content itself is encrypted and encryption key is stored in CHKs.
This means that unless you know what you're looking for, you can't see it.
There are also KSKs which are basicly named redirects to CHKs. They are not secure as they are not signed by any keys and everyone could change them by inserting a new KSK with the same name (and hope they do not collide in the network).
There also also SSKs which are protected with public/private key architecture. They are requested with public key and inserted with private key. All freesites use SSKs (with at least one exception, the anarchy-freesite wich is a KSK keyspace).
Large content can be split to multiple parts and then clued together using 'standard' format splitfiles. This basicly is that you insert all the parts and one additional file that tells
Program listening in 127.0.0.1:8888 is fproxy (internal in fred - freenet reference daemon) which does most of the nasty work with keys. It accepts request fot all previously mentioned key types and passes them to browser.
Other programs which want to access freenet should do it with another port that talks FCP (Freenet Client Protocol). FCP is an ASCII protocol - very easy to use.
Read more from fine manuals
Some people...
Free Java games for your phone: Tontie, Sokoban
Yes, just look at the donations page (liked from the article):
Alternatively you can make donations by mail. Checks should be made payable to "Freenet Project Inc". The address for donations is:
Freenet Project Inc.
2554 Lincoln Blvd #712
Venice, CA 90291
Just fill in a nice figure (lots of zeroes), sign it and post it!
No, usually NNTP.
so you can put whatever you want in the from block, and you can post through any public SMTP server you want.
Which will (potentially) log where you came in from. Spooks get NNTP server people to hand over logs (or, if they have any sense, they are running most of the public posting enabled NNTP servers), talk to your ISP to see who was dialed in on that line and come pay you a visit.
Yes, you can be more indirect etc. but so can they, will you bet your lievelihood (or in some countries your life) on your ability to be better than their staff?
The penet vs scientology case is an example of what even a private organisation can do in one of the more free states of the world.
_O_
.|< The named which can be named is not the true named
If for instance, my node is used for storing some part of some kiddy pr0n and the authorities decide for whatever reason to inspect my PCs, how am I to prove that I didn't source the file myself.
Your question should be modded up. It's one of the most important ones.
The idea behind Freenet's anonymity is plausible deniability. But before I can go into what that means, I need to describe how Freenet works in a little more detail.
There are two different types of Freenet nodes: permanent and transient. If you run a permanent node, it means that you're a full participant in the Freenet network. Your node acts as storage and as a router for requests and inserts. Data moves through Freenet in the form of keys, which are basically the same as files (or in some cases, segments of files) but with cryptic names. Your node caches all the keys that it sees (with least recently used keys being deleted when the node's data store is full, with "full" being defined by the amount of space you choose to let it consume).
Let's say Alice inserts two files into Freenet: the text of Mein Kampf and a picture of Adolf Hitler. She does this using her Freenet node, specifying a hops to live value on the insert. This HTL value is usually around 10 to 15, and is the number of other Freenet nodes that must be talked to. Each node that processes Alice's request decreases the HTL and passes it on to another node. When the last node to get the request sees that HTL is 1, and it still hasn't found Alice's file (because she's the first person to insert it), it returns Data Not Found to the previous node, which passes it to the previous node, etc., all the way back to Alice.
Alice's node gets the "failure" message back, and then sends actual copies of the data files back down the chain. Thus, the files are inserted into Freenet.
Now, this is where the plausible deniability comes in: the data coming from Alice's node looks just like the data coming from all the other nodes she talked to during the request/insert process. There's no way to distinguish between the node that originated the request and a node that's simply passing the request along on someone else's behalf. So if someone were to sniff the traffic coming from Alice's machine and decrypt it and discover that her machine was inserting Mein Kampf, then she could claim that she had no knowledge of it; that her machine was simply routing an insert by someone else.
The same goes for requests. Suppose Bob stumbles upon a key which claims to be an ISO image of Windows 2000 Professional and requests a copy of it. His node generates a request with a certain HTL (generally 15 or more for requests), and it's passed along to other nodes until one of them either finds the key, or runs out of hops. The final result (either an error condition or the key he requested) is sent back to Bob's node.
But Bob could claim that he wasn't the person who originally requested that key -- he could say that his node was simply routing someone else's request, and he had no knowledge of it.
The same thing goes for files inside the local node's data store. Just because your node is storing a copy of a nude photo of Ronald Reagan doesn't necessarily mean that you either inserted or requested that file. Your node might simply have acted as a router for someone else's activity, and cached a copy of the key.
Now, all of this protection goes straight out the window if you run a transient node. Transient nodes don't ever act as routers for other nodes -- they're pure leeches. Anything on a transient node is there because you, the node operator, requested or inserted it there. You have no plausible deniability any more.
This explanation is a bit vague, and for that I apologize. The actual routing algorithms and encryption ciphers are a bit beyond my understanding at this time. If you have more detailed questions about how Freenet works, please check the Freenet mailing lists.
It is NOT designed for swapping MP3s or porn for those who have got the wrong idea,
Before anyone gets misled, let me state for the record that Freenet does have porn and MP3s in it. In fact, it's quite a good platform for publishing collections of pornographic images. (It's not quite as good for MP3s and Oggs because they're much larger files. But it has been successfully used for that purpose. It may even have been used successfully for the next order of magnitude (ISO images, movies), but I can't confirm or deny that.)
So if you're reading this wondering if Freenet is going to have any pr0n -- yes, it does. But you may be somewhat disappointed if you're looking for huge MP3 collections.
There are several forms of encryption used in Freenet. In the case of data key protection, the Twofish algorith is with 128 bit strength. Data keys (called Content Hash Keys) are created by running a hash function over the length of the data, and using the resulting has as input to a key generator. The data is then encrypted with that key, and the decryption key is appended to the 'URL' that is distributed'. The URL is *not* used by Freenet to route or store the data, just the Routing Key. In this way, only someone who posseses the full URL can view the data.
This doesn't prevent a blacklist of keys from being used to check an individual Freenet node, however, a couple of things protect against that:
You can always take a look at the source yourself to check for backdoors, its GPL after all.
Correct me if I'm wrong, but the only way to find something on freenet is to search for it.
Actually, you can't "search" as most people use that term. You retrieve documents from Freenet by specifying their key. You have to learn the key somehow, usually from another Freenet document.
The whole point in whistle blowing is that nobody knows about whatever you're uncovering. If they don't know about it, how can they search for it?
Some of the popular Freenet site authors have a way to send them messages using KSK@ keys. This is normally used for Freesite submission -- for example, it's how TFE learns about new Freenet sites so that he/she can list them.
So if I were going to do some whistle-blowing, I'd create my Freenet site (could even be a single text file), insert it into Freenet as a one-shot or edition site (certainly not a DBR), and then submit the key to TFE's submissions bin. And possibly a few other Freesite authors' submissions bins as well.
Source: Ken Smith's _Raw Deal_, "Whistleblower"; Blast Books, 1998. Definitely a book with some axes to grind, but good nonetheless.
Ok, you're wrong here on some points. First off, it's encrypted traffic so you can't just sniff. You'd have to be running a node yourself and hope they contacted you. Secondly, an inbound request can (and often does) make multiple outbound requests. If a node returns DataNotFound, and the node has another reference to try, it detracts the HTL and shoots it in a different direction. (Explanation simplified)
That foils straight-up traffic analysis. Also, it takes time to route requests in freenet, and the average node is getting 1-2 requests/second, so it's pretty tough to correlate.
Nice try. Freenet keys are composed of two parts: the address (content hash, name hash or key-signed name hash) and the decryption key. If you sniff, you have nothing. If you're a cancer node, you have a routing key and no way to decrypt it.
Governments generally have found it's cheaper and easier to boot a door down then spend months trying to crack encrypted traffic. Even to the point of putting keyloggers on a machine to get passwords rather then trying to crack it themselves.