Slashdot Mirror
Revamping Freenet
N3wsByt3 writes "Many will have heard about the anonymous P2P-system Freenet. What many probably don't know is, that a big change is at hand: the Freenet developers have decided to drop all support for the 0.5x version, to skip version 0.6 and to completely revamp the 0.7 build into some kind of poorly described, presumably scalable darknet. The main coder even threatened to quit if such a darknet would be rejected.
So, is it finally going the right way with the development of Freenet? Maybe not, since they seem reluctant to provide real data and rather rely on security through obfuscation, and then there is still the problem of their general inability in regard to pooling human resources, which, for any OSS project, is of the utmost importance." Obviously, the article submitter has his own feelings on Freenet, but notwithstanding that, what's the latest scuttlebutt from within the Freenet crowd?
will it take until it becomes something that can be used as easily as an web browser?
I used to run a freenet node - for a while it bloated with kiddie porn, and not much else - now not even the paedophiles bother, it's become so dilapidated, out of date and slow.
If the Internet is for porn, then Freenet is for child porn. Sad, but true. I would recommend getting around this by giving file sizes a low cap before they're broken into many parts, this would probabilistically decrease the chances of any person being able to get kiddie porn while retaining the ability to serve text.
A very interesting article about flaw in Freenet
http://www.aviransplace.com
Matthew has indeed indicated that he believes it is essential that we support "trusted links" in Freenet, and the other core Freenet developers, myself included, agree with him - so Newsbyte's attempt to stir that up into some kind of controversy is just another example of his trolling.
I have no idea where Newsbyte's accusation that we are relying on security through obscurity comes from, certainly the archived email he links do doesn't seem to support any such claim.
As for the blog entry he links to, it essentially boils down to whining about why we don't implement each and every one of his suggestions.
When considering the value of Newsbyte's opinions, I would urge you to look first at what he has actually contributed to the project, versus those that he seeks to criticise.
We ran these observations by Freenet founder Ian Clarke. He agreed that the caching behavior does reveal far too many clues. But the next major revision is expected to eliminate the problem. Sometime later this year, it is hoped, the Freeenet developers will release a version that employs premix routing.
The World Wide Web is dying. Soon, we shall have only the Internet.
when the speed of freenet comes within an order-of-magnitude of the normal internet, people will start using it again. right now, it's just a nifty way to do things 100 times slower than you could otherwise.
For anyone who reads the freenet mailing list daily (me), you'd know the the submitter of this article (Newsbyte) is a known troll who doesn't actually contribute to the project.
I suggest that people who want to know the whole story check out the mailing lists going back a month or so.
I hear the accusation of Kiddy Porn quite a lot about FreeNet, but how does anybody actually know? I thought the big idea was that you don't know what's stored on your node - unless you're actually downloading FreeNet kiddy porn, how can you tell?
Freenet gets more attention because its developers are very vocal, but it sucks as a working network. You can hardly get any speed off it, you have to use the stupid browser interface, it's bloaty java, and there's no working search. Switch to gnunet, it has decent speeds, working search, and has a graphical client (not a very nice one as yet, but that could be improved).
I am trolling
with comments like these:
5. Slashdot effect doesn't write off the network for a month after release; if we grow by invitation, it will take longer to grow, but we will end up with a better network, and we won't generally have the collapse we have seen every time we've done a release.
this might just be an attempt to bait the slashdot crowd into trying out freenet so that freenet's userbase grows and the speed become reasonable.
You can't tell what's stored on your node very easily.
However, it is relatively easy to see what is on freenet at large. There are several spiders that roam freenet and index freesites they come across. It's sort of like what Google does. So all one has to do is load up these indexes and see how many of the sites are child porn related. Another way to tell is load up Frost and see how many of the boards of child porn related.
There's a very large number of them.
A lot of people seem to be confused about obfuscation / obscurity.
Obscurity or hiding things is a perfectly valid security technique, and can be used as a component of a defense in depth strategy. One of the main reasons people love NAT boxes is because they provide this property automatically. (I don't like them for other properties they have, and a firewall combinded with public address space will be just as effective at providing this specific property).
People are stretching the meaning of Kirchoff's theorm. Krichoff was refering to crytographic algorithms when he said that there is no security in obscurity - the security of a crytographic algorithm should only rely on the secrecy of key. You should assume that the functioning of the algorithm will eventually be discovered by your adversaries, and therefore shouldn't make the security of the system depend on the functioning of the algorithm being kept secret. That being said, restricting knowledge of what algorithm you're using will make a contribution of the system being secured, as it can add to the depth an adversary has to penetrate.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
Only a browser interface? There is an 'application port', and there are applications written for it. ( such as frost )
Java bloat? No worse then other languages that try to be *universal*. Besides, don't like java? Then recode it in something else and quit bitching.
Slow? Depends on what you are doing. Are you trying to download files? Well it really wasn't designed for that. And there will be a tradeoff on speed/anonymity.
Searches? Umm there are several search engines available if you look.
---- Booth was a patriot ----
I hear the accusation of Kiddy Porn quite a lot about FreeNet, but how does anybody actually know?
Hard to tell exactly what's circulating on the network, yes, but I saw signs of it since it was the first thing I was greeted with after finally finding out the address of a large "a little bit of everything" Freenet portal. Maybe the conclusions were drawn prematurely, but it sure didn't look so with links like "The Blog of a Paedophile", "Illegal child porn", and on and on... Think of a kiddie porn-oriented Yahoo!.
Beware: In C++, your friends can see your privates!
Every time there's a freenet article on
Personally, I see Freenet as an experiment in what's possible. There's an abstract problem statement: how do you share data anonymously? And Freenet attempts to provide a solution to that problem. There are many valid uses for a solution to that particular problem. The canonical example is "dissidents in ". But it goes beyond that. Everything from corporate and government whistleblowers even in relatively free countries, to those who want to expose sensitive information they might be privy to without giving themselves away.
The problem is that such a system, by design, is necessarily going to be useful for people that organize activities and spread information that has little redeeming value. If dissidents and whistleblowers can obtain anonymity when sharing information, then so can child pornographers and terrorists and gangsters and whoever else.
This dilemma occurs with many systems based on an ideology of freedom and opposition to censorship. The US constitution's first amendment guarantees the right of NAMBLA to express their views on a public webpage.
The point is, freedom to any extent in the public commons will, necessarily, support both good and bad uses of that freedom. The question people have to ask themselves is wether their belief in the ideology behind that freedom is worth the tradeoff or not.
If you believe that the "bad guys" should be kept off of Freenet, then you don't believe in Freenet, or any other truly censorship-free information sharing system.
-Laxitive
I suspect (and it is a suspicion from someone who hasn't yet used freenet) that plenty of copyrighted music and movie files are floating around on freenet.
My question is, has the RIAA, MPAA, or any other such agency yet attempted any legal action against any user of Freenet? If so, can coverage links be provided?
i2p.net seems to be a better alternative. especially because it provides an overlay network. you can't just transfer files over it - you can do everything which you can do on the current net. you can even choose how "much" anonymity you would like (over how many nodes should your messages be relayed).
I haven't tried Freenet in quite a while, but when I did use it now and again before (in the 0.3-0.5 days, AFAIR), the main problem was that they'd get a network that kind of worked, lots of people would start posting stuff, it would be usable for a few months, and then they'd break it to introduce the 'next big thing'. And it would stay broken for six months, during which time most people stopped using it.
Frankly, for Freenet to have any future, I think the developers need to get used to the idea of _not breaking it_ every six months. Otherwise the few people with the enthusiasm required to keep it operating are going to find better things to do with their time.
You can either have a research network or a viable, usable system, you can't have both. If it ever gets to a viable, usable network, I might give it a try again, but it's pointless when you can't insert anything and can barely retrieve anything.
Fast networks with nothing in them aren't very useful.
The web exploded when everybody and their brother started publishing web pages, not when people had browsers or connections to the internet.
It's about content. For freenet though, that means a very different type of content that you wouldn't want on the web. The social problems that they'll face if the network does grow into something substantial are surely going to be something to behold.
-- Truth goes out the door when rumor comes innuendo. -- Groucho Marx
What many probably don't know is, that a big change is at hand
Like maybe making the thing fast enough to be usable, maybe?
You always hear the Freenet detractors talking about all the questionable content making its way to Freenet, but my question is "How the hell could you stand using Freenet long enough to view anything in the 1st place?". The thing's dead-dog slow, and I'm on a very fast broadband connection!
I love the concept, but unless this new revision brings speed to Freenet, it's a waste of time and effort to me. Secure and anonymous internet browsing is an important thing, but usability's should be just as important if they ever hope to bring this to fruition.
unless you're actually downloading FreeNet kiddy porn, how can you tell?
Seems like it's bad enough that (for example) this FreeNet index has felt obligated to include a short essay and an "Enter Here at Your Own Risk" warning on their front page.
Looking at the actual index for a moment (somewhat, the idiot webmaster decided to put in a username/password prompt that keeps coming back endlessly), I notice 3 or 4 immediate child porn/pedophile-related links right on the front page, several links to regular porn, a link to the "Freenet Drugs Index", "The Illuminati Agenda" (heh), and so on.
Not that it's necessarily anything you couldn't find on the normal Web with a little work, but at the very least it sure doesn't give any advantages.
2 related projects, but they're also very different to freenet.
Tor is simply an anonymous p2p proxy:
http://tor.eff.org/
i2p is a fork from freenet. Similar to Tor but you can host your own site off it.
Both are not nearly as freenet. I'm loving i2p though because it's much more practical.
For a lowdown from the i2p people on these and more similar technologies see here:
http://www.i2p.net/how_networkcomparisons
A blog I run for the wealth
The problem I've had in using Freenet is that they are open to any content. What this says to me is, "If you want to share terrorist information or child porn, you are welcome here."
Before you jump down my throat, please keep in mind that I know that the term "terrorist" is highly subjective. Also, I *like* the idea of being able to have my communications remain private. My relationships are my business, and I don't have to subject them to any other *human's* supervision because I don't trust that the supervisor is any more virtuous than I am.
But to create a Freenet that is completely agnostic toward content is entirely the same thing as creating a terrorist-friendly and pedophile-friendly network. That may not be the intent, but it is certainly the outcome.
And it's for that reason that I don't use Freenet. I want completely private communication, but I don't want to be lumped in with vicious creeps, either. How can Freenet or any network provide me with that? I have doubts that it's possible at all.
I don't make the rules. I just make fun of them.
FYI - there is a short response to this article on the Freenet website.
Not necessarily a result of freedom and anonymity. I haven't looked for child porn, but I know there's plenty of music and programs up on gnunet.
I am trolling
We need the market to change to make trading TV shows, movies, and music legal. This article yesterday is a perfect example of tackling the problem from the right direction.
Just trying to hide it will only invite further problems and frankly, the idea of being unable to avoid contributing to the spreading of child pornography bothers me a lot more than the MPAA and RIAA going after people illegally trading copyrighted material.
What we need is for the RIAA, MPAA, or some organization(s) that will eventually supplant them to find a financially viable market in open, distributed file sharing. A solution that makes everyone happy and doesn't contribute to child pornography.
I am convinced that this is possible. If the MPAA and RIAA can't figure out a way to make money doing it, someone else will and the MPAA and RIAA will eventually die off. Evolution: Adapt or die off. Wasn't there an article on that over the weekend as well?
"If not, is there a threshold level?"
:). Unless the attacker is able to isolate your node by becoming all of your peers you should be safe. You can prevent this of course then by making sure one of your peers is someone you know to trust (although if your peers are a variety of IP addresses throughout the world, it would be hard indeed for someone to be able to become all of your peers).
It is good you are asking although it is best to ask people who know what they are talking about. Although many (most?) of the Slashdot people here are intelligent (in comparison to other chat/blog sites) you should still ask people you know to be competent...
That being said, here is my answer
As well, I2P's anonymity might not be 100% due to unforseen bugs. Freenet is safer than I2P as it's been around longer. If you can do without I2P's usability then use Freenet, you can also try I2P out there is no need for I2P to 'intergrate' like Freenet has to, it should be fairly fast within 5-10 minutes (compared to day(s) with Freenet) of installing.
Cell networks don't. The goons catch one person, look at who his machine connects to, look at that one, and the next, and map out the whole network. Users don't even know they're helping out, the goons can just look at upstream router traffic.
The only way to have more or less anonymous usage without betraying your colleagues is to piggyback traffic on broadcast data -- such as irc, like the spam robots, or, better, web sites. The traffic should look just like (non-SSL) HTTP, like somebody websurfing, with the data encoded in odd places, such as varying the whitespace found in HTML of pages taken from other sites. (It could be encoded purely in the page, by normalizing the spacing before encoding into it; or only extractable by comparison with the original text.)
Furthermore, it should prefer to connect to hosts in other countries, to break the trace path. The node posting the data should post it to a different IP address than any of the other nodes get it from; they should get it from a variety of addresses. Each text should be encoded into a different page each time it's sent.
Socially, it needs to be something people can be proud of patching into their web servers -- like an underground railroad -- so that there may be a very large population of foreign web servers running the host side and replicating files among themselves. (Maybe they can restrict delivery to clients in certain countries.) And, of course, it needs to have a small footprint, so it doesn't interfere with normal operation of the web server.
Directories invite abuse. Better, just arrange that every client gets everything posted more or less recently, and knows which it has seen before so it will know not to accept those again. Clients only see traffic on channels they monitor, like leaf usenet feeds. Some would be for discussion, others for posting documents.
"(Newsbyte) is a known troll who doesn't actually contribute to the project."
Really, and attacking his character instead of his statements makes you...what then?
I really hate to get into a debate about character, since I prefer to judge a statement on its own terms since it seems to be a statement's truth is independent of the speaker, but Newsbyte runs the freenethelp.org webpage. He's not some loner retard coming out of left field, he seems to have large issues with the (lack of) progress Freenet has taken over these past few years. Hopefully this will stimulate something in Freenet, but many people have long since moved on to other anonymous p2p projects.
This conversation really should have taken place a few years ago, but I think it did (October 1.5 years ago actually) when people wanted to fork it and go back to a working model. I look at MUTE and see all the forks and side projects, or BT with all its forks and side projects, but has Freenet had any forks? It does not look vibrant any more, and defiantly not in comparison to current anonymous p2p application development in my opinion. Too bad really, although this new idea of Freenet's looks interesting, enough to try it they've little to lose.
"you can always fork. If you do not agree with the current developers' direction, fork. "
People tried to fork Freenet a couple of years ago (October 2003) when it started going down the shitter (in April 2003). The forkers tried to be as nice as can be about such an issue, but the current Freenet developers told them in effect to 'Get the fuck out of here' and they did not bother.
What one of the would be forkers (jrandom) did do though which is a nice kind of tasty ironic desert is make I2P instead. Kinda nice, time that would have been spent on Freenet now made an application that in many respects meets or exceeds the abilities of Freenet.
I really do not want to make this sound like a bitter tale, it really isn't. I believe both projects (are?) seem to be getting a long since everyone has the goal of working anonymous p2p. This newest idea of Freenet is looking towards the future when our government (Western governments) try to outlaw anonymous p2p like current dictatorships are or have done.
"Not only that, this program benefits China and 'the Middle East' according to the site. Sorry, I'm not 'down' with a program that caters to communists and terrorists."
Are you ignorant, or are you just flamebaiting? Freenet benefits those who work *against* China's oppressive government or terror-supporting Middle Eastern regimes.
Or is everybody in China a Communist/fascist, and everybody in the Middle East a terrorist?
Freenet caters to anybody who has something to say. It doesn't know or care, for example, whether that speech is supporting or attacking terrorism, or whether it's defending or opposing the government of China. Freenet helps information be free, but whether or not Freenet exists, the information still does.
Signature.
As I expected, I'm getting viled and praised at the same time. Some call me courageous, some call me a troll.
Well, I don't care either way, as long as people give valid arguments for why my claims in my post are untrue. Alas, few who refute what I say by claiming I'm a troll even try. But, of course, even if I *was* a troll, then still it says nothing about the arguments I made. The tactic of depicting the speaker as an idiot, troll, etc, and thus what he says as being untrue neither, is a well known falacy.
I find it humorous that Ian, in this slasdot thread, says I'm a troll because 'look; he's never provided one line of code to Freenet'...which proves to me he didn't even do the trouble of reading my blog, because that's exactly what I point out in my blog: if you aren't a coder, and don't contribute code, one isn't worth much in the eyes of Ian, whatever one may have done in support as a non-coder.
So, I'm a troll because I've never provided code and I dare to criticise? Wow. Even now, he doesn't see where the problem lies, instead he portrays exactly the attitude that I describe. But still, while I have troubles with the way he manages Freenet, I still think he has had (and still has) some good ideas - something which is important too. I could call him a 'troll' as well, and thus shrug off everything he says, but I'd rather see arguments, especially about the topics that I've raised. But, chances are, I'll be waiting for a very long time; it's much easier to call me a troll, after all.
That said, my opinion of Freenet, as a concept, is still high. People should not make a mistake about that; being all for free speech, I can't else then see any way of making it possible for all people to speak their mind unafraid as something unbelievable valuable. So, it's not Freenet itself that I have a problem with, it's the current way in which it is managed and developed - and I don't say that just out of the blue; I argument it and give examples of it on my blog.
As yet, 'troll' is the most advanced reply I received from the founder. I don't know: maybe I was the wrong person to tell this. Clearly, his bias towards me prevents him from arguing rationally about the points I brought up.
It's true, that sometimes, my blog is a bit harsh, but then again, after seeing and experiencing several years of people being ignored because they are no coders, one gets a bit annoyed by it.
Anyway, maybe Freenet WILL go in the right direction, perhaps... or maybe it will be surpassed by systems like I2P. But, I can bet one thing: its succes or failure won't be determined just by the code.
--- "To pee or not to pee, that is the question." ---
but ignorance of the FACTS is a perfectly valid defence
Often, the degree of the crime (such as Nth degree murder vs. Nth degree manslaughter) depends on mens rea. There are several levels of mens rea, from willful, to intentional, to reckless, all the way down to negligent. But there's also strict liability; look it up. Ignorance of fact, even despite one's best effort, is no defense to a strict liability tort or crime.
There should be no restrictions on speech. Look, if someone puts child porn on the internet THEY are the ones who should be put in jail, the people who actually took the pictures and abused the child, put them in prison. People who just look at the pictures, this is putting people in jail for a thought crime. There is a difference.
Free speech does not have to be limited for law enforcement purposes, are we in China now? You should have the ability to annonymously say whatever you want as long as its not harming anyone. What you are saying is that by somehow stopping the distribution of childporn that you somehow cure the child of the abuse and thats BS. The child is already abused, so what you really mean is anyone who sees the abuse should go to jail? or do you mean anyone who talks about the abuse? you see where this can go? They could make it illegal just to describe child porn with text if you don't protect freedom of speech. If they can limit child porn speech then its easy to limit any other kinda speech and all freedom is lost.
So how much freedom is too much? It's not freedom to harm a child, its freedom of speech to talk about it. This means no child should ever be harmed, raped or any of that, but the moment you start putting people in jail for talking about it, then something is wrong. What would stop the government from putting people in jail for talking about communism?
/Some things *are* beyond the pale and I would suspect that most rational humans would agree that at the very least coerced child pr0n is one of those cases./
I would argue that using the expression "beyond the pale" is an attitude that specifically means one is *not* rational about the thing being discussed. (I myself am also not rational about child pr0n, in the same way as I infer you are.) A rational response to the concept of coerced child pr0n is not to say it is beyond the pale; it is to point out the specific harm being done to specific underage individuals, and require appropriate punishment or restitution (if it was even possible). A rational response, however, is not necessarily going to be tolerated by most human beings - if you try to argue rationally about this topic, you will likely be shouted out, ostracised, and possibly beaten.
But that's the way humans are. We are not rational about everything, and we never will be; it's probably part of our success story. The important thing is to be careful which topics about which irrationality will be excused/condoned. When members of your society respond to your badmouthing the President in the same way they respond to your defending a child-rapist, it's time (past time) to get more rational.
I don't think the "members-only" thing is a good idea. For one thing, it excludes too many potential users, who would never bother going through the hoops to get an invitation, but would do some casual browsing if it wasn't such a hassle. And, the fewer users there are, the easier it is for governments to put them all in the same bucket of being assumed guilty because they are on a network that is being used only by those who need it the most (who are doing something illegal). I think it must be assumed that a breach is still possible. The best agents/goons are those who can build up the trust of the other members of whatever they are trying to infiltrate, so requiring trust is not a total barrier. Am I missing something here?