Revamping Freenet

N3wsByt3 writes "Many will have heard about the anonymous P2P-system Freenet. What many probably don't know is, that a big change is at hand: the Freenet developers have decided to drop all support for the 0.5x version, to skip version 0.6 and to completely revamp the 0.7 build into some kind of poorly described, presumably scalable darknet. The main coder even threatened to quit if such a darknet would be rejected. So, is it finally going the right way with the development of Freenet? Maybe not, since they seem reluctant to provide real data and rather rely on security through obfuscation, and then there is still the problem of their general inability in regard to pooling human resources, which, for any OSS project, is of the utmost importance." Obviously, the article submitter has his own feelings on Freenet, but notwithstanding that, what's the latest scuttlebutt from within the Freenet crowd?

Freenet is not so anonymous

[Aviran]

A very interesting article [theregister.com]about flaw in Freenet

Newsbyte is a well known troll

[Sanity]

Newsbyte is a well known on the Freenet mailing lists as a troll who likes to criticise Freenet's developers, yet hasn't actually contributed a single line of code to the project in his several years of trolling the mailing lists. Needless to say that this doesn't prevent him from lecturing the Freenet developers at every opportunity. I personally routinely ignore his emails.

Matthew has indeed indicated that he believes it is essential that we support "trusted links" in Freenet, and the other core Freenet developers, myself included, agree with him - so Newsbyte's attempt to stir that up into some kind of controversy is just another example of his trolling.

I have no idea where Newsbyte's accusation that we are relying on security through obscurity comes from, certainly the archived email he links do doesn't seem to support any such claim.

As for the blog entry he links to, it essentially boils down to whining about why we don't implement each and every one of his suggestions.

When considering the value of Newsbyte's opinions, I would urge you to look first at what he has actually contributed to the project, versus those that he seeks to criticise.

Perhaps, BUT....

[FooAtWFU]

We ran these observations by Freenet founder Ian Clarke. He agreed that the caching behavior does reveal far too many clues. But the next major revision is expected to eliminate the problem. Sometime later this year, it is hoped, the Freeenet developers will release a version that employs premix routing.

Re:Child pornography

[brontus3927]

From reading Freenet's FAQ, I get the impression that it was designed for child porn.

I don't want my node to be used to harbor child porn, offensive content or terrorism. What can I do?

The true test of someone who claims to believe in Freedom of Speech is whether they tolerate speech which they disagree with, or even find disgusting. If this is not acceptable to you, you should not run a Freenet node.

Re:How many revamps

[Sanity]

What Freenet does is fundamentally more complicated than what a web browser does, so it will always be more complicated.

Having said that, right now you basically install the software, and open your web browser - and you are surfing Freenet. Its only in "outlying" cases that things are significantly more complcated than this (ie. with firewall issues), and we are working on that.

Re:Unfortunately, not a troll

[mph_az]

Actually, while that's true in theory; the register printed an article [theregister.com] that described how the information which you download is still viewable locally.

Re:FreeNet Is Lost

[dj28]

You can't tell what's stored on your node very easily.

However, it is relatively easy to see what is on freenet at large. There are several spiders that roam freenet and index freesites they come across. It's sort of like what Google does. So all one has to do is load up these indexes and see how many of the sites are child porn related. Another way to tell is load up Frost and see how many of the boards of child porn related.

There's a very large number of them.

Re:Newsbyte is a well known troll

[Sanity]

How about using this opportunity of discussion on Slashdot to bring up some of your own thoughts on Freenet?

With pleasure. Freenet has indeed had its fair share of problems, including an increasingly complex codebase that suffers from a lot of legacy code and abandoned ideas. That is why Freenet 0.7, the next major release, will be quite a significant rewrite.

Here [gmane.org] is a recent email I sent describing the plan for 0.7:

People could be forgiven for thinking that the project had somewhat
stagnated given the lack of activity on these mailing lists, so I
wanted to provide an update because this could hardly be further from
the truth.

Oskar Sandberg, Matthew, and I have been developing some ideas for 0.7
which represent an even more fundamental architectural shift than have
been proposed to-date, and which should address one of the most
fundamental shortcomings of Freenet as it relates to Freenet's usage in
a hostile environment, and which I believe represents a significant new
innovation in the P2P-space.

As most people will be aware, Oskar was one of the core Freenet
developers in the first few years of the project. He is now working on
a PhD in Mathematics. Over the past few months he and I have been
collaborating on gaining a much deeper mathematical understanding of
how Freenet does what it does. While this work is far from complete,
it has given us some extremely useful insights and much more confidence
in determining what aspects of Freenet's design work well, which don't,
and why.

To understand the new idea, I should start with some theoretical
background. Consider a simple "graph". A graph in the mathematical
sense consists of a set of nodes, some of which are connected to
each-other. At this stage nodes don't have a position in space, all we
know or care about them is which nodes are connected to each-other. We
can assume that connections are bi-directional.

The "diameter" of a graph is the minimum number of nodes you must go
through to get from any one particular node to any other particular
node in the graph. Note that it may not be easy to find this path, but
the important thing is that it exists.

There is a mathematical result which tells us what kind of graphs have
a small diameter. Basically imagine we have three nodes, A is
connected to B, and A is also connected to C. The mathematical result
says that if, given that both are connected to A, there is an increased
probability that B is connected to C, then the graph will have a small
diameter.

So, if we have a graph that has this property then we know that we
*can* get from any one node to another in a small number of steps, but
we don't necessarily know *how*.

Now imagine that each node in the graph has a position in space, this
can be 1 dimensional, 2 dimensional, 20 dimensional space, it doesn't
matter too much. Imagine that we want to get from one particular node
in this graph to another particular node. A simple approach is, from
our starting node, go to whichever node we are connected to is closest
to the node we want to get to. This approach will work quickly in a
graph that is a "small world". In essence, a small world graph is
where there is a higher probability that nodes which are close together
are connected than nodes which are far apart.

In the ideal case, the probability that two nodes are connected is
proportional to 1/(d^n) where d is the distance between them, and n is
the number of dimensions in the space in which our nodes reside. This
mathematical result is due to Kleinberg.

A small-world graph therefore not only has a small diameter, but
provides an efficient means to find it.

Anyway, back to the story. One of Freenet's weaknesses in terms of its
usefulness in a hostile environment, is tha

Re:Less talk, more code

[melvin22]

Link to gnunet: http://gnunet.org [gnunet.org]

Re:Unfortunately, not a troll

[Dr. Evil]

By the article, you can't actually see what's been downloaded, but if your local fascist government wants to determine if you downloaded file XX, they could try downloading that file from your node. If the performance is very good, then there's a good probability that the encrypted chunks are cached locally and in neighbour nodes, thus they can determine that you did download it.

Re:Perhaps, BUT....

[asuffield]

No, actually, this is specifically something which freenet is not intended to solve. The "attack" here is where somebody breaks into your house and compromises the terminal you use to access freenet. Obviously this is always going to work. If you had bothered to read the project website [sourceforge.net] you would note that they explained this.

It so happens that they can do something about this specific attack, and they will. But it was never an objective and it won't stop a really determined attacker.

Networks with similar goals --

[jago25_98]

2 related projects, but they're also very different to freenet.

Tor is simply an anonymous p2p proxy:
http://tor.eff.org/ [eff.org]

i2p is a fork from freenet. Similar to Tor but you can host your own site off it.

Both are not nearly as freenet. I'm loving i2p though because it's much more practical.

For a lowdown from the i2p people on these and more similar technologies see here:
http://www.i2p.net/how_networkcomparisons [i2p.net]

Re:How many revamps

[RealityMogul]

If by "run" you mean "software executes as designed" then you are correct. Although I would interpret "run" to mean, does what the user expects it to do. Freenet will not load anything in a reasonable amount of time unless you open ports on the router.

Re:FreeNet Is Lost

[m50d]

Not necessarily a result of freedom and anonymity. I haven't looked for child porn, but I know there's plenty of music and programs up on gnunet.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:How many revamps

[Greg W.]

I don't see freenet having those issues though. Node administrators for sure, but not freenet users. Freenet users don't really have keys or even any necessary knowledge of the technical layer of encryption. They need to know how to connect to a node.

You have a misunderstanding. Every freenet user is a node administrator. The freenet node is what actually does all the work. Every user runs a node, and every node has a data store. The node has a web interface on port localhost:8888, to which a browser can connect, so that the user can see the files in freenet in a comfortable and familiar environment.

Beyond that, if the user plans to publish content within freenet, then he must understand the basic freenet concepts of keys, keypairs, hops to live, and so on.

Re:Unfortunately, not a troll

[atomm1024]

The thing about Freenet is that you can't report or block offending IPs; that's the exact thing it's designed to prevent.

When you retrieve a file from Freenet (at least the current "stable" implementation), your request is bounced through several other random nodes on the network; and relaying a request for another node looks exactly the same, protocol-wise, as initiating one. They call it "plausible deniability;" if a person's node contains stuff considered "bad," or illegal, then there's absolutely no way of knowing (as long as the person frequently clears their browser history and cache) whether the user of that node initiated the requests for any of that content or if they were just unknowingly relaying it for someone else.

A while ago, I saw a Freesite linked on the Freedom Engine (one of Freenet's most popular portals, probably because its operator links to kiddy porn and murder pictures, considering them to be "free speech") which claimed to filter content matching a certain list of hashes out of your node, so that your node would neither store that content nor relay requests for it. It came preloaded with a filter-list (somehow obfuscated so the real file keys couldn't be extracted by people who like that kind of stuff) of miscellaneous generally-objectional content. I'm not sure what the reaction to that was, if there was much.

But there's no way of finding out who's actually storing and retrieving that content. The current Freenet implementation leaves absolutely nothing to "security through obscurity." The only way to censor it would be through legal means, perhaps by declaring that allowing one's Freenet node to be used for illegal things is a contributory crime. But due to the nature of Freenet it would still be very hard to enforce.

Re:Newsbyte is a well known troll

[IgnoramusMaximus]

How so? If I'm connected to 3-5 trusted friends, each of whom is also connected to 3-5 friends, that can turn into a globe-spanning network given a reasonable number of hops. Where is the contradiction? The idea is not independent cells of small groups of friends, but rather an interconnected mesh. Think Kevin Bacon game.

Because its a fallacy. This is how Amway builds its pie-in-the sky "network marketing" pyramide scams. The way it works in the real-life is that the "trust" networks are very fragmented and dis-continuous. A small number of people to a cell, dis-separate from all other cells. More oppressive the conditions, smaller cells. Attempting to establish a new link is the greatest risk action in such a network and thus taken very rarely and with paranoid precautions. People who equate "random forum posters who know secret l33t handshake" with establishing trust in a life-or-death situation are laughable.

That's exactly the point of trusted links. If the node addresses aren't published, and the links are relatively stable, then those links can be camouflaged as other traffic. If you don't have trusted links, then you can spider the network to find nodes.

I dont care for either model, they are both useless. In the first case, steganographic email is far more efficient and safe as it involves no suspect software such as Freenet client and in the second case... the churning and other nonsense are artifacts of useless design. Whichever way you look at it Freenet brings nothing positive to the world of dissidency. Worse, it needlessly exposes naive people to additional danger by persuading them that it is somehow "safer" while being the exact oposite.

Oh, now I know you're trolling. Never mind.

Oh far from it, although the users of the questionable contents of Freenet seem determined to troll rate me off this discussion. The main reason the "darknet" is more suitable for criminals is because contrary to the claims of the developers, no large-scale network can be made of dissident cells in this manner. Only small criminal gangs can find use of this system, hoping to bamboozle authorities by hiding behind "free speech".

Re:Unfortunately, not a troll

[Jonathan the Nerd]

Yes, it is possible to decrypt the entire cache on your machine. The way you do it is to simply try every possible key. Assuming it takes 1 second to try each key (I tried this on my computer), it would take about 4.6 x 10^40 years to try all 2^160 keys. For comparison, the current age of the universe is roughly 13.7 x 10^9 years. Have fun.

To get back on topic, it is possible to decrypt a given file in your cache if you already know its key. If the police/FBI/whoever want to know if the key CHK@iPw3Grf-hV7d8IQF2-WXFByWfzMQAwI,FGJqABIFcBZ91I qayz6aew is in your cache, it's trivial to check for that key, but if they grab a random file from your cache and want to decrypt it, the only way to do that is by trying every possible key.

Re:Newsbyte is a well known troll

[Anonymous Coward]

Simple -- Freenet was designed on the assumption that hosting certain types of content was the crime against the state that users would be trying to avoid.

But, the real problem is this -- if you might be commiting a crime by hosting a freenet node, then the state will just go ahead and make hosting a freenet node (or similar type of node) a crime in and of itself.

Now, how do you host a freenet node with no one except other members of the network knowing you're hosting a freenet node?

In the current architecture, you can scan the traffic of a node, and observe the behaviour and how it relates to other hosts on the internet, and determine not only if a user is running a freenet node, but where the connecting nodes are on the internet.

Solve that problem.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Fork oh yes...

[Famatra]

...been there...

"you can always fork. If you do not agree with the current developers' direction, fork. "

People tried to fork Freenet a couple of years [slashdot.org] ago (October 2003) when it started going down the shitter (in April 2003). The forkers tried to be as nice as can be about such an issue, but the current Freenet developers told them in effect to 'Get the fuck out of here' and they did not bother.

What one of the would be forkers (jrandom) did do though which is a nice kind of tasty ironic desert is make I2P [i2p.net] instead. Kinda nice, time that would have been spent on Freenet now made an application that in many respects meets or exceeds the abilities of Freenet.

I really do not want to make this sound like a bitter tale, it really isn't. I believe both projects (are?) seem to be getting a long since everyone has the goal of working anonymous p2p. This newest idea of Freenet is looking towards the future when our government (Western governments) try to outlaw anonymous p2p like current dictatorships are or have done.

Re:Child pornography

[kfg]

. . .by using Freenet you are being FORCED to distribute it.

Doctor, it hurts when I go like this.

As the faq itself notes no one is forcing you to do anything. If you are not comfortable with the idea of absolute free speech, do not run Freenet since that's what it's all about. It's that simple.

And that is the issue with truely free speech you understand? It's inherently an all or none sort of deal.

And I see any particular impediment to your writing your own "Kinda, sorta Free around the edges accept for the stuff we don't like Net."

If you think that will protect you from the powers-that-be though you aren't paying attention. One power's kiddy porn is another power's freedom tract.

KFG

Re:Child pornography

[Anonymous Coward]

"If we do not believe in freedom of speech for those we despise we do not believe in it at all"
-Noam Chomsky

Re:Newsbyte is a well known troll

[amphibian]

Firstly, yes. But you already do. Unless you are living in an area where freenet is illegal, you don't have to strongly trust people you connect to. They can pick up casual acquaintances easily, legally, and often without judicial supervision, from traffic analysis. Secondly, our HTML filter works on a whitelist basis. Any tags or syntax it doesn't recognize it rips out. That's why it's mangled a bit. This is much better than writing our own markup language which does exactly the same thing as HTML. In fact arguably we transform HTML to HTML...