Slashdot Mirror

← Back to Stories (view on slashdot.org)

Entropy Project Closes Up Shop

Posted by CowboyNeal on from the calling-it-quits dept.

k0fcc writes "In a disappointing move to privacy enthusiasts, the Entropy Project's creator has released a statement that the project is shutting down. Entropy was a very popular, and some say faster, alternative to Freenet which supported a number of different cryptographic protocols. The creator alluded to the possibility that the project could continue if a new owner could be found."

6 of 143 comments (clear)

  1. Erm by Reality+Master+101 · · Score: 3, Interesting
    I don't mean to be snarky, but "very" popular? Does Freenet itself qualify as "popular", much less "very popular"? Does /anyone/ semi-normal (i.e., not a techno-geek, or a rights-geek) use Freenet, and if they do, has anything significant ever been published on it?

    Freenet seems to me to be one of those ivory tower projects that has little relation to the real world. Proof? No search engine, and very little chance of ever having one. How the hell can it ever be useful? [/rm101 resists making a dig about their choice to implement in Java]

    --
    Sometimes it's best to just let stupid people be stupid.
  2. Anonymity and Entropy by trifakir · · Score: 5, Interesting
    Yep, anonymity is a favourite topic of conversation of me and my colleagues. Frankly, I do not understand the concerns of the "Entropy" project leader. Here is why:

    1. Theoretically, it is impossible to have anonymous communication on the Internet.
    2. In practice it is a balance of resources. The trick is that it is much cheaper to publish contents anonymously, than to trace the origin of an information. Therefore projects like Hacktivismo - Six/Four, Crowds, Freedom-Net, Tarzan, Onion-Routing, etc. make sense.

    Furthermore, it is often the content which speaks more about the authorship, than the chain of technical events that leads to the publishing of the information. In Slashdot, for example, I have chosen not to show my e-mail, etc., but by reading my comments even a 10-years old kid can make a deduction about my real identity. Does it make sense for me to use IP-tunneling then?

    Finally, I do not understand the author. He just seems pissed. Maybe he will reconsider his opinion and revive the project. Is he sick from the lies (?) about the crypto-protocols used in the software which is written? IMHO the theory proves quite stable and if there is a room for attacks it is more in the implementations than in the protocols themselves. How many broken cryptosystems do you recollect (I know, I know "the knapsack", but it got broken on the conference on which it was presented).

    Still, even with this project retreating, the subject remains interesting.

    1. Re:Anonymity and Entropy by NoMoreNicksLeft · · Score: 2, Interesting

      You bring up a good point, that is often ignored. Your authorship style can do alot to destroy perfect anonymity, from both the low level (stalkers) and high (CIA/NSA tinfoil hat stuff).

      There are resources available on my network that are at least trying to train people how not to give themselves away. Simple example, someone invites you, and right away you jump on IRC as trifakir. Someone showing up there as "trifakir" isn't necessarily you, of course. But if I wanted to track someone down that had that nick, I'd search everywhere on the internet and commercially available databases. In the end, any handles/nicknames/usernames you use on an anonymous network have to be totally original for yourself... you can't get away with re-using that hotmail username you had 5 years ago. And as simple as this all seems, there are problems. It's not easy to turn off that impulse to do such things... and no one can help you, either. 100% your own responsibility (not totally true, the guy that invites you knows at least enough to ID you, and can give advice, get you pointed at the website that goes over this in detail... but that's about it).

      There are other problems along these lines too. Certain applications are "leaky". Mirc, in particular. Right from the beginning, we knew it would be a problem, and I was helping folks set it up at the command line level to point at a new INI file. But it is pure shit. Even doing that, it is pulling sensitive details from the registry or the original ini files. We haven't found any quite as bad as this one, but is far from unique. Word documents are suspect, in that we can't be 100% certain that published documents don't have some hidden metadata that identifies the author. PDFs created with Adobe are likely as problematic.

      And this is the easy stuff. We've yet to come up with guidelines that will protect you from the most insistent long-term attacks. If a well funded agency were to compile psychological data on you, is itso far-fetched that a demographic profile could lead them to you? Male, 30-40, native born english speaker with definite american language traits, has let a few comments slip about his favorite sports team (in the area?)... it all adds up.

      And as serious as all this is, with me communicating with less than 50 users ever, I've still had questions about how safe VOIP and webcam apps are! I mean, I doubt we have spooks listening yet, but who can say?

      Many books could be written on this subject without ever exhausting it.

  3. Tried it, looked suspicious by vadim_t · · Score: 3, Interesting

    Okay, first impression was:

    "Wow, great project!". It was like Freenet, only faster, lower latency, some stuff was cooler. It looked really promising. It was much easier to install in a chroot jail than Freenet.

    However. From what I saw, I wouldn't trust it for any serious purpose. It looked like the author was only interested in using it for testing his own crypto algorithms, and as anybody who read on this stuff should know, rolling your own crypto is a really bad idea unless you're really, really good, and then make sure it gets well tested for a few years.

    It had a nice possibility of restricting the node to chosen allowed crypto algorithms, but none of the available ones was in widespread use. I mean, AES, DES and Blowfish weren't in the list last time I checked. That makes me rather suspicious.

    I voiced my concerns once in the Entropy forum, and the author replied saying this is basically a research project and not intended for serious use (IIRC).

    If somebody does decide to continue with it, I certainly hope that one of the first things that will be done is to put some tested crypto in it instead of a bunch of homebrew methods. Nothing personal against the author, but I believe that if it was easier to trust it, it could become more popular.

  4. Re:GNUnet by NoMoreNicksLeft · · Score: 2, Interesting

    What if the project defines itself as a network, rather than a framework, or even a file-sharing application?

    What if its not much different than installing a virtual ethernet adapter, or if all your experience setting your computer up for TCP/IP counts for something on it?

    What if you get to use all your current internet apps, rather than scratching around for keyhashes of some file that is pieced together all over the network?

    What if only one guy can snitch on you, and he's somewhere in South Korea?

    Maybe not ready for prime-time, but I think I have the late-night viewing nailed. Way past CSPAN.

  5. Mute: The Searchable Alternative by KrisHolland · · Score: 3, Interesting

    There is one alternative called Mute, which solves one key problem with Freenet or Entropy which is that it is searchable.

    --
    3dinfo@maficstudios.com