Slashdot Mirror
Combining BitTorrent With Darknets For P2P Privacy
CSEMike writes "Currently popular peer-to-peer networks suffer from a lack of privacy. For applications like BitTorrent or Gnutella, sharing a file means exposing your behavior to anyone interested in monitoring it. OneSwarm is a new file sharing application developed by researchers at the University of Washington that improves privacy in peer-to-peer networks. Instead of communicating directly, sharing in OneSwarm is friend-to-friend; senders and receivers exchange data using multiple intermediaries in an overlay mesh. OneSwarm is built on (and backwards compatible with) BitTorrent, but includes numerous extensions to improve privacy while providing good performance: point-to-point encryption using SSL, source-address rewriting, and multi-path and multi-source downloading. Clients and source are available for Linux, Mac OS X, and Windows."
The need for this has been brewing for a while. Hope it does what it says on the tin.
"The Internet interprets censorship as damage and routes around it."
- John Gilmore, Co-Founder of the Electronic Frontier Foundation
Finally had enough. Come see us over at https://soylentnews.org/
I'll be charitable and assume you are just uninformed. Inform yourself.
All the more reason to get the darknet up and running before it disappears.
Once the source code is out there, it'd be impossible to stop. Let's hope they post it instead of making you mail in requesting it.
Finally had enough. Come see us over at https://soylentnews.org/
One problem from the demo seems to be that you need to have friends. I don't know anyone that has the por^h^h^h files that I want already.
Everything you know is wrong, Just forget the words and sing along.
We're just packaging up the source now (we just released this today), and will post a link on the website soon. Thanks!
This is the reply I got from using the mail form.
It's a darknet, therefore invite-only.
It relies on the model that "my friend knows 4 people who use that service, so I can acces my friend's connection to those 4 people. Those 4 people know 3 people each, so I can access those 4 people, and another 12. Those 12 people know..." and there we have a large, private, trusted network.
Plus, there's no need for any particular darknet to connect to another. you can run your own darknet between your friends, not connected to any other darknet.
Finally had enough. Come see us over at https://soylentnews.org/
Laws used to be about freedom and justice. But now corporations are making laws.
Lobbying used to be called bribery. It also used to be illegal.
It works by you being friends with Joe and Mike. They in turn are friends with Rachel and Simon, Brad, Jamie, and Robert respectively. That's now seven people to download from. Those 5 people have more friends, maybe with the file, maybe not, but THEIR friends might have it...
Plus, because it's not an open network, the trust between peers is higher. It will always be a "friend of a friend" that you're downloading from.
We just need to make sure nobody is friends with the MAFIAA.
Finally had enough. Come see us over at https://soylentnews.org/
That's lobbying for you.
Self reference paradox anyone?
Finally had enough. Come see us over at https://soylentnews.org/
ISPs, the RIAA, and the government cannot poison the well if they can't find it.
freenet (there is a dark net mode since version 7).
I remember people arguing dark mode being an anonymity thread itself. I case you computer is seized you and your 'friends' are immediately identified as part the of same conspirative group (based on client's friend list). Might rather be a problem in totalitarian systems where being suspicious is enough to face personal detriment (no pun intended).
Please explain.
If "Joe" in Virginia and "Mike" in California each have a copy of The Big Bang Theory's latest episode, I use Utorrent to directly connect to their IP address and start downloading pieces. How does OneSwarm work differently to get this video over to my machine?
There, saved you from ridicule. You owe me!
There have been BitTorrent clients for I2P for years now. They're useless, largely, because anonymous networks are nightmarishly slow and unreliable, and very, very few people bother to upload anything interesting (at least in my opinion).
Before anyone accuses me of trolling, I've been using TOR off and on at home since 2005, and I've experimented with I2P for about 6 months in the wake of whistleblowing of the NSA wiretapping program. They're horrible, frankly, and I only put up with TOR still out of sheer cussedness. TOR at least lets you get content from the outside world; I2P is darknet-only, and darknet-only content isn't that exciting.
In fact, it's frankly dull as hell -- mostly political rants and porn (often of the less than legal variety). Sure, that could theoretically be overcome, but it won't, because performance is so bad that no one uses them but people stubbornly making a political point or people with downright criminal tastes (like the child porn freaks that seem to dominate the core.onion message boards). Mainstream consumers want convenience, and darknets don't provide it.
The performance is terrible because every download on a darknet is limited by the upstream bandwidth of the worst of your peers -- each of which is generally passing through streams from several other peers at the same time. Think about this. Think of the common 128 Kbps cap on most residential DSL or cable. And this is when you don't have unreliable or malicious peers.
So, frankly, who cares? I pirate copyrighted material because it's convenient and it lets me intelligently spend my money only on things I've vetted first -- spending my money only on things that have merit. Darknet torrenting is simply NOT convenient, and I simply wouldn't bother if it truly became necessary.
I like the concept of TOR and darknets because they provide an important technological counterbalance to tyranny, but I seriously doubt that they could survive as a useful tool for issues less relevant that free speech and survival, like wanting to get movies for free.
Try the following:
I2P net ...and probably more.
MUTE/ Kommute/ Ants/ Dargens
Alliancep2p.com
Filetopia.org
GNUNet
Rodi
Emscher
Some of these like I2P use bittorrent over their anonymized network (a BT client is built into I2P but you can use some others... Note that Azureus aka Vuze has I2P support built-in!)
So a "darknet" is a private (trust-based) network.
You know, like a regular network or VPN.
Oh, and you want to use your darknet for P2P, so you want it to be popular? Then just chain your trust so friends of friends of friends can join in. They're trustworthy, right?
This is completely stupid.
You can't establish a successful P2P network without a large number of users to supply bandwidth and content.
You can't get a large number of users without making it easy to join.
You can't make it easy to join while keeping up a level of trust. If Joe Schmo from the internet can get on, then Joe Schmo from the RIAA can too.
You can't anonymize or encrypt traffic while staying decentralized. To anonymize traffic you need a central server where all traffic is routed through, or you need to route through other users and maintain some meta data centrally. If you encrypt traffic, you'll need to decrypt it, and then it becomes a key sharing problem.
It all boils down to keeping the MAFIAA out. No one can ever explain how their various "trust" mechanisms ensure that the MAFIAA stays out (because they can't).
No one ever explains what happens when the trust is broken (the whole net instantly becomes untrustworthy).
No one ever explains how encryption helps untrusted connections (it doesn't), or why it is even necessary for trusted connections (well, I'll accept this since nowadays everyone is illegally snooping in on every bit of data it seems.)
If nobody's out there promoting it with a website and support and a download link, few people will participate and it will slowly die.
You'd need kind of a large critical mass before the network can sustain its growth just by nodes emailing friends the source. A lot more than just "up and running".
OneSwarm seems to have a lot more polish than the P2P networks I listed: In-browser previews, codec translation of media files, integration with GoogleTalk, etc.
The basic transfer functionality appears to be similar although based on the invite-only darknet idea. Personally, I do not think these darknets offer much advantage, as the other P2Ps (and also Tor) offer anonymity by maximizing the number of participating nodes... which provides resistance to authorities trying to social-engineer and recruit their way into smaller friend-based networks.
Because the investigators don't eavesdrop on your connections. They come into the network as a peer and ask your client to send them chunks of whatever file you are currently sharing. It's very easy for them to do:
Encryption occurs between peers - so your ISP can't decode the traffic, but the investigator can, because it is a peer.
...was that of a few University of Washington researchers being escorted into the back of an unmarked van.
You'll find plenty of "friends" on the net willing to trade in porn - or anything else, for that matter.
The question is, who do you trust?
In the case of OneSwarm ...an adversary would be able to correlate the increase in traffic between sender and receiver along an overlay path. FAQ
I can't quite shake the notion that a "web of trust" is inherently fragile.
That as they scale upward and are increasingly interwoven there will be a breach, a tear - that will unravel very quickly.
I'm a lead dev on a similar project called Anomos, which provides anonymous and encrypted BitTorrent without requiring the slow Friend To Friend system that this uses. OneSwarm is a cool project, but we have some advantages over this (although I'm sure they have advantages over us as well.) We're a funded project as well. If you're interested in this type of thing, you might wanna take a look at our project as well. (Also check out i2pSnark!) Ultimately (perhaps by the end of this summer), I'd like to see all of these approaches under a single roof.
Read the article, watched the video.
Very pretty, very nice, very private IF you have someone on the other end that you "trust". Gosh! This is just like IRC back in 1994 when you'd go begging for FSP logins to trade, and had to rely on some snot-nosed brat to deign to lower their [33+ selves enough to throw you a bone.
Please. *clicks on enable encrypted torrents only* There. Fixed. Goodnight.
[End Of Line]
But even if somebody is friends with the MAFIAA, that doesn't mean they can work out who you are. If the protocol is built correctly, (no I'm not going to read it) you would have to compromise every relationship between sender and receiver to work out who anybody else really is.
Nodes on this network know their immediate neighbors (friends), and pass messages around, but don't necessarily know anything about who the end points are.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
No, he's referring to a bounced check. There's a $25 fee for that.
.sig withheld by request
It relies on the model that "my friend knows 4 people who use that service, so I can acces my friend's connection to those 4 people."
So how do I join if 0 of the people on my buddy list know about the darknet?
The RIAA have this idea that filesharing is, by definition, sharing of files covered by their copyright. So they attack indiscriminately.
The government has this fascination with invasion of privacy.
The entire idea of the so called darknet originated in the minds of kiddies who are full of goverment conspiracies but lack the intelligence to truly think about what this means.
Your ISP KNOWS!
Your ISP knows EVERYTHING!
Your darknet lights the ISP up like a christmas tree!
Darknets only work when the ISP doesn't care to monitor and report the traffic that crosses its routers and if they don't monitor/report the traffic then you don't need a darknet.
A darknet is often suggested as a solution of getting around opressive regimes. But the problem is that the kiddies thinking about it have grown up in free countries and just don't get how effective oppression can be. Oh we are not talking the Chinese here or even the RIAA or other such amateurs but the north-korean goverment.
How is your darknet going to work if ALL internet access is monitored. Send of a packet on an unknown port to an unknown destination and they don't need to decrypt it, you will tell them what was in it because there is only so much the human body can endure.
To make it understandable, imagine you invented an absolutely 100% effective way to hide content in a telegraph message. You could send any message of any length and embed you own content within it and nobody would ever know. This would get you around any goverment trying to stop you from sending said message right?
If you say YES, then you are an idiot. All they got to do is stop you from using the telegraph itself. Put an agent in the office and simply monitor who uses the machine.
If the RIAA and the likes get their way then sending ANY info via your ISP that they cannot read as harmless, then you can't use a darknet because a darknet by its nature shows up as unknown and therefor harmfull to the powers that be.
If the teachers forbids you to talk in the class room then the students can come up with the the fanciest unknown spoken language they wish, but they still can't talk in class because the act of using your voice itself is what is forbidden, not the language itself.
So, if you and a friend agree to use an unknown network type that crosses an ISP and that ISP is monitoring its own routers then that traffic will show up and by the nature of being unknown will send up a red flag. Only when your ISP doesn't care can you use it and as I already said, when it doesn't care, you don't need it.
The only think darknets protect against is OTHERS outside your network connect from knowing about it. I can easily see whoever else is using the torrent I am downloading because this information is public. I can't see the users of your site however. So it is only simple defence against a very primitive form of snooping. But don't worry, the RIAA and the likes are already well ahead of that and want the ISP's, who by their nature are part of EVERY network connection you make to monitor for them.
Read up on freenet and its darknet dreams. It is a laugh. They dream of being the tool to allow sensitive information to get out of places like North Korea undetected when the very act of sending information out of North Korea over any non-approved and monitored method is enough to get you killed.
Or to give the final anology, I don't need to know where the messenger crossing the border has hidden the secret message or the code to read it on his body if I simply shoot everyone crossing the border.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
It has something to do with what all cartels do :
Jack-up the price of a product by artificially restricting its availability.
Examples that come to mind are the DeBoers cartel for diamonds, or the cartel of the music industry.
And btw, the US department of Justice does officially refer to the music industry as a cartel.
Here is what has changed:
Germany used to have a law that makes "private copies" legal. Where "private copy" is defined as making a low number (five is generally regarded as the "magic number") of copies for personal use of friends (with "friend" being defined as persons you have a close personal relation with, so most of your 1624 Internet "friends" wouldn't count).
It was perfectly good and everyone was happy. This law was, for example, what made it legal over here to create a mix tape (or CD) for your girl-/boyfriend. Or to say "sure, no problem" when your best friend said "wow, that's a cool album. Can you make me a copy?" - even the music industry seemed to be ok with it (free advertisement) and it made sure that law enforcement didn't have to waste resources on the ridiculous.
For the past four years or so, the music industry has changed its mind and pressured, bought, lobbied, etc. our lawmakers into changing the law. And they've finally succeeded (last year, I think).
And that does apply to the non "Arrr!" crowd. These changes make 15 year old teenagers who are in love into criminals. It makes grandma a criminal if she records her favourite song from the radio. It makes you and your wife criminals if you put a copy of the CD you bought on both yours and hers MP3 player.
PS: Don't lecture about loopholes and exceptions in american copyright law, I'm talking about german law and this whole virtual property rights bullshit is highly international.
Assorted stuff I do sometimes: Lemuria.org
What we really need is wireless mesh networks formed from a bunch of cheap routers.
It would not be feasible to monitor a distributed wireless network covering a whole city or county. TOR running on top of this wouldn't have the asymmetrical upload limits that we have with our wired Internet run by The Man.
It would be the Wild West all over again.
Which is largely how the web was, before (non-porn) people realised they could make money on that network.
A major problem with this and all 'anonymous' file sharing things is the traffic! If you go through 3 nodes, that means 4x as much traffic as if you just went straight peer to peer. That means -you- need to use your machine for that much traffic, too, to help the rest of the network.
I don't know about you, but I don't feel like waiting 4x as long for my transfers.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
Ironically enough, Freenet is actually pretty fast nowadays. Still nowhere near BitTorrent, but automatically dividing each file into multiple pieces and the mechanism which causes each piece to become hosted in more peers the more it is accessed results in automatic load-balancing and a torrent-like effect. It's certainly much faster than Tor, and not subject to DoS attacks.
Tor isn't a darknet. It's an anonymizer. The fact that you're running a Tor node is not hidden; only what you're doing with it is. Even then there's a simple way of locating hidden services: simply correlate the uptimes of the server in question with the uptimes of Tor nodes.
Freenet doesn't have that problem, since accessing inserted content doesn't require contacting the node that inserted it; however, on-demand insert by Frost might cause a vulnerability, if the attacker controls a node adjacent to yours, since they can then see that a disproportionate amount of pieces for that file are coming from your node. Premix routing should fix that once implemented.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
For the visual learners, here is your argument in pictoral format.
http://xkcd.com/538/
Information wants to be $1.98/lb.