Slashdot Mirror
After 3 Years, Freenet 0.7 Released
evanbd writes "After over 3 years of work, the Freenet Project has announced the release of Freenet 0.7. 'Freenet is software designed to allow the free exchange of information over the Internet without fear of censorship, or reprisal. To achieve this Freenet makes it very difficult for adversaries to reveal the identity, either of the person publishing, or downloading content' ... 'The journey towards Freenet 0.7 began in 2005 with the realization that some of Freenet's most vulnerable users needed to hide the fact that they were using Freenet, not just what they were doing with it. The result of this realization was a ground-up redesign and rewrite of Freenet, adding a "darknet" capability, allowing users to limit who their Freenet software would communicate with to trusted friends.'"
The last time I used Freenet, in the 0.4? days, there were sites that would index whatever was submitted, without regard to content, and it was these index sites that were most heavily promoted for "finding" anything in Freenet. It was hard NOT to notice "the worst crimes of humanity", so to speak, when they're sitting there with a full description. Whether the descriptions were accurate, I have no idea, as the novelty of Freenet wore off as soon as I realized I could get better speed from a tape-carrying tortoise.
"The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
It is not true that we practice security through obscurity. It *is* true that we haven't documented Freenet to the point that it could be reimplemented easily from the documentation. We don't want other node (not client) implementations right now, because Freenet is very much still a work in progress, and as a distributed, emergent system, lots of node implementations all of which implement slightly different behaviour (but the same protocol) would be a major problem: It would make it even harder for us to evaluate the effect of changes in the routing algorithm, for example. As a C++ developer with experience in security software, you'd be fine, java is easy, although there are some more interesting bits.
The problem actually comes down to this :
The are 2 ways to regard spread of information
Either it should be possible to stop the spread of certain information , and that will put a stop to the abuses , but it will also make it possible for an authoritarian regime to silence any criticism , and will basically stop freedom of speech .
The other way is to make it impossible to stop information from spreading , and that way you wil ensure freedom of speech , and anonymity to whistle blowers and criticism , but at the same time , abuses will be unstoppable .
There is no midway to this , as it's about technical capabilities .
Slipping shoelaces ?
Yes, Freenet's low-level protocols could be better documented, but they are a work in progress, and in almost constant flux.
As for security through obscurity, we go to great lengths to explain to people how Freenet works, you can find a bunch of papers, and video lectures on our "Papers" page). Take a look at this video from three years ago explaining the 0.7 design before we'd even begun to code it.
Yes it would be wonderful if every tiny detail could be documented meticulously, but before we document it we have to design and test our ideas, and that means developing and releasing the reference implementation.
Many bad thing may be going on around there , but there's no need to spread FUD . In fact , that's exactly what caused this to happen in the fist place Wrong, wrong, wrong. Freenet will cache anything that happens to pass through your node. That means that if someone requests something and freenet happens to route it over your node (and hint: it doesn't determine that by qualities like being "free tibet" content) then it'll be in your node's store. It will be encrypted, so the only ones who could tell what it is would be someone with the decryption key, but it'll be there. Lies are a pretty lousy way to promote freenet.
Live today, because you never know what tomorrow brings
OK. Then my earlier skewering of Freenet 0.7 was a candidate skewering, and this will be the release skewering.
.pdf of the SPAI on Freenet 0.5 in Frost. Other 0.5 users see the key(link) and click on it. their nodes request the random nodes they know about to give them the info. The contacted nodes then ask other nodes, who then ask other nodes, until they find it. The information then travels back to your node, caching its self on the requesting nodes on the way to your node. eventually, you get it.
This is going to be frustrating for me because I'll get at least one post with something like this in it: "It is really funny and annoying at the same time when some pseudo-informed trolls from 0.5 throw around false information constantly. These people maybe want to get some technical knowledge on networking prior to spreading bullshit."
Before I really get into this, I have to point something out; to really have some idea of the reality of the situation in regards to Freenet, you have to install it and run it at least for a day; I think it pretty much reguires you run FROST (freenets main messaging & file sharing system) as well. There are 2 main freenets, the 0.5 network and the 0.7 network.
freenet 0.7, and darknet, is insecure. With a Darknet system, your node PRIMARILY communicates with the other members (around 10) of your darknet; you are supposed to know & trust people in your darknet. So around 15 nodes.
Freenet 0.5, which is opennet, communicates with all other 0.5 nodes it knows about, with no preference except for tested routing speed. This works out these days to around 35 random nodes.
The basic concept is this: you request some information on Freenet with your client. your node sends out a request to neighboring nodes; if that node has the information, it sends the information to your node, you get it. If your neighboring node doesn't have it, it sends out requests to it's neighboring nodes to see if they have it. this process continues until the information is found.
The principle that makes this all work for illegal information is reasonable deniability; the information in your node is lightly encrypted, but the main thing is that no one can prove you are the one that put it there; your node could have received a request from another node looking for the information, and stored a copy of it.
(this is vastly simplified. I will likely get a post or two from 0.7 zealots pointing out picayune discrepancies)
With open net, this works. you communicate principly at random with other nodes. In order to prove you requested the information the Powers That Be would have to control the majority of the nodes in the open net and statistical analysis.
With Darknet, you have a limited set of nodes. Statistical analysis is easier.
I used "tibetan freedom fighters" in my last post, I'll use "secret plans to attack Iran" (SPAI) today.
You post your
On the NSA run node, they see requests for the keyfile come in. they can tell which node the request came from, but they can NOT tell if your node was the original requesting node; likewise, they can't tell if your node is the original posting node.
With 0.7, it works a little simpler. When the NSA node see a request, they know with a approximate 2 in 3 probability that the information requested came from a member of the same darknet that their node is on. And they know the IP address of the darknet members. Do I really need to point out anything more on this?
(By the way, if I have a substantially flawed understanding of this, PLEASE point it out).
The above point is why the 0.5 network, which, by the way, WORKS for messaging and file sharing (something the 0.7 network has a little trouble with right now), has possibly more users than the 0.7 network. I would say it with certainty, but there really is no way to tell. I know my node connects with about 350 other nodes on a regular basis.
0.7 has better methods of hiding a node from outside monitoring, but the methods do not re
Why, yes, I AM a Pagan Libertarian.