Revamping Freenet
N3wsByt3 writes "Many will have heard about the anonymous P2P-system Freenet. What many probably don't know is, that a big change is at hand: the Freenet developers have decided to drop all support for the 0.5x version, to skip version 0.6 and to completely revamp the 0.7 build into some kind of poorly described, presumably scalable darknet. The main coder even threatened to quit if such a darknet would be rejected.
So, is it finally going the right way with the development of Freenet? Maybe not, since they seem reluctant to provide real data and rather rely on security through obfuscation, and then there is still the problem of their general inability in regard to pooling human resources, which, for any OSS project, is of the utmost importance." Obviously, the article submitter has his own feelings on Freenet, but notwithstanding that, what's the latest scuttlebutt from within the Freenet crowd?
I used to run a freenet node - for a while it bloated with kiddie porn, and not much else - now not even the paedophiles bother, it's become so dilapidated, out of date and slow.
I hear the accusation of Kiddy Porn quite a lot about FreeNet, but how does anybody actually know? I thought the big idea was that you don't know what's stored on your node - unless you're actually downloading FreeNet kiddy porn, how can you tell?
with comments like these:
5. Slashdot effect doesn't write off the network for a month after release; if we grow by invitation, it will take longer to grow, but we will end up with a better network, and we won't generally have the collapse we have seen every time we've done a release.
this might just be an attempt to bait the slashdot crowd into trying out freenet so that freenet's userbase grows and the speed become reasonable.
A lot of people seem to be confused about obfuscation / obscurity.
Obscurity or hiding things is a perfectly valid security technique, and can be used as a component of a defense in depth strategy. One of the main reasons people love NAT boxes is because they provide this property automatically. (I don't like them for other properties they have, and a firewall combinded with public address space will be just as effective at providing this specific property).
People are stretching the meaning of Kirchoff's theorm. Krichoff was refering to crytographic algorithms when he said that there is no security in obscurity - the security of a crytographic algorithm should only rely on the secrecy of key. You should assume that the functioning of the algorithm will eventually be discovered by your adversaries, and therefore shouldn't make the security of the system depend on the functioning of the algorithm being kept secret. That being said, restricting knowledge of what algorithm you're using will make a contribution of the system being secured, as it can add to the depth an adversary has to penetrate.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
I doubt that would work, it has not worked with usenet at all.
Most usenet servers limit posts to a relatively small size, and high ascii characters are severely restricted.
Still, today a full usenet feed is several terrabytes per day, and 99% of it are binaries
heck, IIRC there are some guys that share binaries uuencoded throught slashdot journals
I think a subset of freenet only for text files would be usefull, also because the much higher size and greater popularity of certain binaries would drown most of the text content, but I do not see a way to enforce such restrictions
Why do you get that impression? "Child pornography" is just the red herring people always trot out when they want to censor speech.
You've heard the expression "I disagree with what you say, but I'll defend to the death your right to say it," yes? Your idea of "offensive content" may differ wildly from someone else's; the question becomes "who is right?" Sure, you can refuse to run a FreeNet node because you're scared some evil recipe for "instant terror version 3.4" might get stored there or a nasty evil child pornographer might post some horrid icky pictures you don't like onto FreeNet and your node happens to harbor some of the data, but in that case you really are censoring in your own way.
The FAQ's response to this concern is dead-on right. Even with child pornography, you're trying to treat the symptoms instead of the disease when you reason like this -- "oh I'm not running that because it doesn't actively stop child pornographers!" Bad news, buddy, the internet itself doesn't "actively stop" any pornographers. Are you just going to unplug so your browser cache doesn't accidentally store a thumbnail with content that offends you?
If you want to censor what you participate in on a free speech-centric network, you don't belong there. If you believe that, ultimately, full-fledged freedom of speech is more vital to our society than taking a sad, impotent stab at a group you don't like, then run a damned node and deal with the fact that you may not like what lives on it. Remember, there's a far better chance that text a government doesn't like (but that you do like) will be stored on your node than pics of little Suzie.
Claiming FreeNet was just "designed" for child porn is like saying Slashdot was designed to attract trolls. Sure, it happened, but that wasn't the original intent; back when it started, I think they honestly wanted to encourage and support open, public debate on important topics. Heh. Whoops. :)
Read my stuff.
with no centralized IP assigner
Yeh. It's pretty simple, when you think about it. Of course, still restricted to 10.x.x.x, but if you outgrow that, I think you oughtta be able to figure out a solution.
no backbone routing
Yeh, the internet itself was meant to be decentralized. It sort of forgot that. I was thinking a regular geometric mesh, probably square grid, 3d +. Which leads back to your first snide comment, assigning addresses. Where you are in the mesh, gives you coordinates. So, you might get something like 10.x.y.* for your IP address. Better yet, ignore the byte boundary, and go with more dimensions, (/26s with 6bit 3d sounds nice, though maybe 3bit 6d even). Make it so no one is a backbone, and have it massively redundant, a fabric even.
distributed caching of content
Why? Find some people on the network that are distant to you, and would be willing to set up a dozen mirrors. If they disagree with you, they shouldn't have to mirror it for you.
plausible deniability on requests and inserts
Better yet, do https inside the openvpn tunnels. Even a router inside the darknet can't sniff your traffic.
and the ability to publish content without neccessarily always being online?
If you are absolutely incapable of being online 24/7, fine. Find me on such a darknet. Tell me why your content is so important. I'll be moved to mirror it for you, or even set up a proper vhost for it, complete with limited shell access.
Half the problems you bring up were solved *YEARS* ago. But no, let's re-invent the wheel, just so you can dream up convoluted crypto schemes.
Oh, and you've probably also increased the software complexity from the point of view of what the user has to deal with.
The user only needs to install OpenVPN, or for that matter, any vpn client they choose. I have used ipsec (freeswan) from time to time, and even messed around with poptop. Simpler than freenet, looks like a local area connection on windows.
I'd even go so far as to say you've reimplemented Freenet, without the crypto.
No, just gotten rid of the dorky DHT thing. OpenVPN uses SSL, and what's that quote about people thinking they can do a better job of crypto than SSL? Inside the tunnels, do it right from the beginning. Ridicule and harass those that don't use HTTPS from the beginning. Make fun of them. Use SSH only,the few times you need to remote shell around in it. Use IRC with the SSL modules, or better yet, use silc.