Freenet 0.5.2 Released

FurbyXL writes "With the RIAA roaring to grab peer-to-peer users by their IP addresses, Freenet - fully anonymized production and consumption of content - is gaining renewed attention. Articles in New Scientist, ZDNet UK, Wired and CNET (and here) set a somewhat typical context for Freenets major release 0.52. Significant performance improvements through NIO-based messaging, probabilistic caching etc. should provide increased rest to Chinese dissidents, but may finally wake-up the RIAA's Matt Oppenheim..." The announcement on the Freenet home page lists several improvements found in the new version: "a new NIO technology that brings improved performance using less CPU and system resources," "Individual nodes are now more efficient," "the speed and routing of the entire network have significantly improved," probabilistic caching, user interface improvements, and more.

Looking forward to trying it

I have been using Freenet for years but except for the very most popular sites the speed and availability of the sites has made it little more than a toy. In theory, though, it is a great application.

Re:Questions About Freenet

[dasmegabyte]

Uh, no. Freenet wasn't designed to prevent this. Of COURSE Freenet lets you know what machines have connected to you, and what they've requested. Otherwise it couldn't send it to them -- it runs over TCP/IP, not magic! But this information -- the IP of the machine requesting an item from a datastore -- has absolutely no bearing on WHO did the intial request, or who will receive it in the end. Freenet clients make a request for a file, and the clients pass that request on as if it was there own.

So there's no difference between passing on a request, and making one yourself. Requesting a file becomes an anonymous activity, because you don't really have any idea how far this web goes. All you know is the requested "depth" cut off, so requests don't go more than N requests deep. And individual clients can (and do) rewrite this value. SO there's no way to tell if the client you've exploited is the first or a member on a chain of requests.

In fact, the best exploit for freenet would be a "sting," where you control all of the clients except for a handful. Then you know that these clients are doing all the dread. But it'd be really hard to establish this kind of "web of mistrust," considering that most freenet users populate their initial nodes either through the freenet website or through friends of theres. At that point, it's probably easier to get one of those friends to blab on you then it is to get evidence through technical means.

Data insertion works similar. If you have information in your datastore, there's no way to prove that you put it there. In fact, since you can explicitly exclude your own datastore from insertions, it's less likely that you'll have it if you inserted it. So if you have data in your store, it's equally likely that it was "pushed" to you to serve as it is that you downloaded it yourself. In fact, it's probably more likely, as freenet is receiving insert requests (more or less "uploads") all day, but only downloading when you're interacting with it.

Freenet's about PLAUSIBLE DENIABILITY, which in a free (as in, bill of rights and supreme court) society should be enough to keep you out of prison. The difficulty of identifying computers is no different from regular peer to peer...the difficulty lies in IDENTIFYING them.

And as for buffer overflows...you don't know much about Java, do you? Individual applications can't become overfull due to automatic checking by the VM. So the unless the VM has bugs, the client is about as invulnerable as you can hope for. Plus, lots of us have looked at the key code for Freenet. I didn't trust it until I built it myself.