Revamping Freenet 541
N3wsByt3 writes "Many will have heard about the anonymous P2P-system Freenet. What many probably don't know is, that a big change is at hand: the Freenet developers have decided to drop all support for the 0.5x version, to skip version 0.6 and to completely revamp the 0.7 build into some kind of poorly described, presumably scalable darknet. The main coder even threatened to quit if such a darknet would be rejected.
So, is it finally going the right way with the development of Freenet? Maybe not, since they seem reluctant to provide real data and rather rely on security through obfuscation, and then there is still the problem of their general inability in regard to pooling human resources, which, for any OSS project, is of the utmost importance." Obviously, the article submitter has his own feelings on Freenet, but notwithstanding that, what's the latest scuttlebutt from within the Freenet crowd?
Unfortunately, not a troll (Score:3, Interesting)
Re:Unfortunately, not a troll (Score:4, Interesting)
Re:FreeNet Is Lost (Score:5, Interesting)
bait (Score:5, Interesting)
5. Slashdot effect doesn't write off the network for a month after release; if we grow by invitation, it will take longer to grow, but we will end up with a better network, and we won't generally have the collapse we have seen every time we've done a release.
this might just be an attempt to bait the slashdot crowd into trying out freenet so that freenet's userbase grows and the speed become reasonable.
Nothing wrong with obfuscation (Score:5, Interesting)
A lot of people seem to be confused about obfuscation / obscurity.
Obscurity or hiding things is a perfectly valid security technique, and can be used as a component of a defense in depth strategy. One of the main reasons people love NAT boxes is because they provide this property automatically. (I don't like them for other properties they have, and a firewall combinded with public address space will be just as effective at providing this specific property).
People are stretching the meaning of Kirchoff's theorm. Krichoff was refering to crytographic algorithms when he said that there is no security in obscurity - the security of a crytographic algorithm should only rely on the secrecy of key. You should assume that the functioning of the algorithm will eventually be discovered by your adversaries, and therefore shouldn't make the security of the system depend on the functioning of the algorithm being kept secret. That being said, restricting knowledge of what algorithm you're using will make a contribution of the system being secured, as it can add to the depth an adversary has to penetrate.
Re:speed (Score:3, Interesting)
Have any freenet users ever been sued? (Score:2, Interesting)
My question is, has the RIAA, MPAA, or any other such agency yet attempted any legal action against any user of Freenet? If so, can coverage links be provided?
Re:How many revamps (Score:3, Interesting)
more and more people are getting routers this is hardly an outlying case.
Re:Child pornography (Score:3, Interesting)
Most usenet servers limit posts to a relatively small size, and high ascii characters are severely restricted.
Still, today a full usenet feed is several terrabytes per day, and 99% of it are binaries
heck, IIRC there are some guys that share binaries uuencoded throught slashdot journals
I think a subset of freenet only for text files would be usefull, also because the much higher size and greater popularity of certain binaries would drown most of the text content, but I do not see a way to enforce such restrictions
Not speed, content (Score:3, Interesting)
The web exploded when everybody and their brother started publishing web pages, not when people had browsers or connections to the internet.
It's about content. For freenet though, that means a very different type of content that you wouldn't want on the web. The social problems that they'll face if the network does grow into something substantial are surely going to be something to behold.
Re:Great, here come the CP trolls (Score:3, Interesting)
I may not agree with what you say, but I'll defend to the death your right to say it. - Voltaire
God, how I love quotes.
Re:FreeNet Is Lost (Score:3, Interesting)
Seems like it's bad enough that (for example) this FreeNet index [bishopston.net] has felt obligated to include a short essay and an "Enter Here at Your Own Risk" warning on their front page.
Looking at the actual index for a moment (somewhat, the idiot webmaster decided to put in a username/password prompt that keeps coming back endlessly), I notice 3 or 4 immediate child porn/pedophile-related links right on the front page, several links to regular porn, a link to the "Freenet Drugs Index", "The Illuminati Agenda" (heh), and so on.
Not that it's necessarily anything you couldn't find on the normal Web with a little work, but at the very least it sure doesn't give any advantages.
Re:Same old, same old (Score:1, Interesting)
However, what you propose is a mere kludge compared to the true solution. If the freenet is to achieve what it's supposed to, it simply has to survive those "attacks". Hell, if it can't handle even silly accidents then what chances it has against a determined attacker?
The main problem is in design which results in that everytime something goes wrong it causes a catastrophic collapse of practically whole network. This is mostly because it doesn't enforce stability. All state comes from the network continuously optimizing itself and it just doesn't work when nodes come and go all the time. This is why fixed, persistent (or "trusted") connections are a good thing. You just can't flush the routing tables of entire fn anymore.
Re:How many revamps (Score:3, Interesting)
Nope, no understanding. What I was trying to point out is that yes, that is the way it currently works, but not the way that it might ideally work. Freenet users and node administrators are currently one and the same, I agree.
Nodes however are built for access through FCP (freenet client protocol, or at least that's what it was a while ago) and there were explicit settings for whether or not this was allowed outside of your machine. Several people ran open FCP machines where anyone could connect. It's really just a client/server setup, where the node is the server.
20,000,000 users at some time in the future, 20,000,000 nodes? Ouch, that's really going to suck for network performance I would suppose, even with the best graph connection algorithms. Far more likely is that some trustable people will run nodes that many people will use, and they'll have lots of disk space. Granted, there are issues of trust (do you trust the person running your node) but I expect that if the network really grows, this will happen.
Re:Child pornography (Score:5, Interesting)
Why do you get that impression? "Child pornography" is just the red herring people always trot out when they want to censor speech.
You've heard the expression "I disagree with what you say, but I'll defend to the death your right to say it," yes? Your idea of "offensive content" may differ wildly from someone else's; the question becomes "who is right?" Sure, you can refuse to run a FreeNet node because you're scared some evil recipe for "instant terror version 3.4" might get stored there or a nasty evil child pornographer might post some horrid icky pictures you don't like onto FreeNet and your node happens to harbor some of the data, but in that case you really are censoring in your own way.
The FAQ's response to this concern is dead-on right. Even with child pornography, you're trying to treat the symptoms instead of the disease when you reason like this -- "oh I'm not running that because it doesn't actively stop child pornographers!" Bad news, buddy, the internet itself doesn't "actively stop" any pornographers. Are you just going to unplug so your browser cache doesn't accidentally store a thumbnail with content that offends you?
If you want to censor what you participate in on a free speech-centric network, you don't belong there. If you believe that, ultimately, full-fledged freedom of speech is more vital to our society than taking a sad, impotent stab at a group you don't like, then run a damned node and deal with the fact that you may not like what lives on it. Remember, there's a far better chance that text a government doesn't like (but that you do like) will be stored on your node than pics of little Suzie.
Claiming FreeNet was just "designed" for child porn is like saying Slashdot was designed to attract trolls. Sure, it happened, but that wasn't the original intent; back when it started, I think they honestly wanted to encourage and support open, public debate on important topics. Heh. Whoops. :)
Re:Great, here come the CP trolls (Score:1, Interesting)
And selling Acetic Anhydride does not neccessarily mean you are aiding the manufacture of alkaloid-based narcotics, and selling nitrite-based fertilizer does not necessarily mean you are aiding the manufacture of bombs, but do either of these innocent activities and you can expect visits from federal authorities who will hold you responsible for the end products of your raw materials, regardless of all the legal uses they may have.
Re:Newsbyte is a well known troll (Score:4, Interesting)
Yeh. It's pretty simple, when you think about it. Of course, still restricted to 10.x.x.x, but if you outgrow that, I think you oughtta be able to figure out a solution.
no backbone routing
Yeh, the internet itself was meant to be decentralized. It sort of forgot that. I was thinking a regular geometric mesh, probably square grid, 3d +. Which leads back to your first snide comment, assigning addresses. Where you are in the mesh, gives you coordinates. So, you might get something like 10.x.y.* for your IP address. Better yet, ignore the byte boundary, and go with more dimensions, (/26s with 6bit 3d sounds nice, though maybe 3bit 6d even). Make it so no one is a backbone, and have it massively redundant, a fabric even.
distributed caching of content
Why? Find some people on the network that are distant to you, and would be willing to set up a dozen mirrors. If they disagree with you, they shouldn't have to mirror it for you.
plausible deniability on requests and inserts
Better yet, do https inside the openvpn tunnels. Even a router inside the darknet can't sniff your traffic.
and the ability to publish content without neccessarily always being online?
If you are absolutely incapable of being online 24/7, fine. Find me on such a darknet. Tell me why your content is so important. I'll be moved to mirror it for you, or even set up a proper vhost for it, complete with limited shell access.
Half the problems you bring up were solved *YEARS* ago. But no, let's re-invent the wheel, just so you can dream up convoluted crypto schemes.
Oh, and you've probably also increased the software complexity from the point of view of what the user has to deal with.
The user only needs to install OpenVPN, or for that matter, any vpn client they choose. I have used ipsec (freeswan) from time to time, and even messed around with poptop. Simpler than freenet, looks like a local area connection on windows.
I'd even go so far as to say you've reimplemented Freenet, without the crypto.
No, just gotten rid of the dorky DHT thing. OpenVPN uses SSL, and what's that quote about people thinking they can do a better job of crypto than SSL? Inside the tunnels, do it right from the beginning. Ridicule and harass those that don't use HTTPS from the beginning. Make fun of them. Use SSH only,the few times you need to remote shell around in it. Use IRC with the SSL modules, or better yet, use silc.
Re:You are Totally off there (Score:2, Interesting)
Additionally it's placing a whopper of a load on bandwidth and CPU/memory utilization.
I'm not saying it's a bad idea, but very little ROI given my experiences. I don't think I've strayed very far from the norm, aside from that I've actually left it running for a week to see if things improve. The average user really isn't going to do that after waiting an evening (yes an entire evening) for a page to load.
Further, watching the logs with tail is showing a whole bunch of java exception errors. Ok, I'm not a java developer so I dont know much about that, but it is a level of concern for a potentially long running process.
This isn't flamebait either. I'm trying to be diplomatic and honest at the same time. That's not often an easy proposition.
Surviving it's own illegality. (Score:1, Interesting)
However, this may not be the correct course to take in order to guarantee free information exchange whether governments like it or not.
As a general rule of thumb, provoking a government will cause it to crack down and decrease liberty. Regardless of the supposed safety built into 'Freenet' software, people don't want to be in the position of running an illegal program and depending on the security features of that program to keep that fact safe from prying eyes. Each release of the software will have flaws which can be exploited. The government 'bad guys' will be able to hack in to each new release making you and your users upgrade constantly to keep ahead. And there will be no way to be sure you are not actually one step behind.
If ever it should work, freenet will be banned in the West and in the Rest. Once it is banned, few people will risk running it, and those who depend on it for anything important will be caught, meanwhile, the rest of us will have lost the right to use such technology for legitimate purposes.
Misusing dynamite doesn't bring down the government. You don't get anarchy. You just ruin everyone's ability to buy a stick or three at the local hardware store to remove stumps with while the criminals still brew it in their basements.
So how to fight back? How to help keep information exchange possible even in repressive regimes?
Let's take a look at what works, and see why: The internet at large is one example - the internet at large is not illegal in China( or Saudi Arabia or pick your own repressive non-DPRK country ). The PRC works tirelessly to censor the internet while keeping it available because it knows that to shut it off completely would have extremely deleterious economic effects. What company would invest heavily in a country that was so closed as to shut off the internet?
The censorship, the PRC acheives is far from perfect. Information gets through, and spreads via word of mouth. Millions of curious chinese make prosecution for mild curiousity impractical, and create a crowd for the very curious to hide amongst - and they are more careful.
The governments swallow the poison pill of unpreventable free information exchange in order to reap the valuable benefits to be had from all the information exchange that DOESN'T offend them.
At present, the internet is structured in a way that makes many forms of censorship technically simple. Sure the censorship is not perfect, but it is good. Because legitimate servers are traceable and visits to those servers are traceable, would be censors are in a powerful position.
P2P software can be made to anonymously share information, but it is vulnerable to being made illegal until it provides economic benefits that make outlawing it too unsavory to consider. Legitimate use of P2P must make up the lions share of activity or P2P will not survive widespread popularity. It will be made illegal before blooming, forever preventing it's true fruition. Check out this post [google.com] I made a while ago (my email address has changed since then)
Re: http://www.i2p.net/ ? (Score:3, Interesting)
It is good you are asking although it is best to ask people who know what they are talking about. Although many (most?) of the Slashdot people here are intelligent (in comparison to other chat/blog sites) you should still ask people you know to be competent...
That being said, here is my answer
As well, I2P's anonymity might not be 100% due to unforseen bugs. Freenet is safer than I2P as it's been around longer. If you can do without I2P's usability then use Freenet, you can also try I2P out there is no need for I2P to 'intergrate' like Freenet has to, it should be fairly fast within 5-10 minutes (compared to day(s) with Freenet) of installing.
Indirect connections (Score:3, Interesting)
Cell networks don't. The goons catch one person, look at who his machine connects to, look at that one, and the next, and map out the whole network. Users don't even know they're helping out, the goons can just look at upstream router traffic.
The only way to have more or less anonymous usage without betraying your colleagues is to piggyback traffic on broadcast data -- such as irc, like the spam robots, or, better, web sites. The traffic should look just like (non-SSL) HTTP, like somebody websurfing, with the data encoded in odd places, such as varying the whitespace found in HTML of pages taken from other sites. (It could be encoded purely in the page, by normalizing the spacing before encoding into it; or only extractable by comparison with the original text.)
Furthermore, it should prefer to connect to hosts in other countries, to break the trace path. The node posting the data should post it to a different IP address than any of the other nodes get it from; they should get it from a variety of addresses. Each text should be encoded into a different page each time it's sent.
Socially, it needs to be something people can be proud of patching into their web servers -- like an underground railroad -- so that there may be a very large population of foreign web servers running the host side and replicating files among themselves. (Maybe they can restrict delivery to clients in certain countries.) And, of course, it needs to have a small footprint, so it doesn't interfere with normal operation of the web server.
Directories invite abuse. Better, just arrange that every client gets everything posted more or less recently, and knows which it has seen before so it will know not to accept those again. Clients only see traffic on channels they monitor, like leaf usenet feeds. Some would be for discussion, others for posting documents.
Re:Child pornography (Score:1, Interesting)
The right of freedom comes with the right of responsibility for use of that freedom. If people want to post anti-government stuff, kiddy-porn, terrorist, and various other things that is their right. They also have a right to expect a reasonable response to these posts. The key word is reasonable, do you prosecute someone for posting info on a suitcase nuke, or the guy that builds one; he person posting kiddy porn or the child molester that took the pictures; the person who speaks for Chinese democracy or the protesters in the street.
Prosecute the true crimes not the thought crimes. True freedom means sometimes being exposed to things you don't like. You do not have a right to not be offended, disgusted, or disturbed. You do have a right not to look for those things that you dislike, and definitely not to do them.
Re:Great, here come the CP trolls (Score:3, Interesting)
Re:Newsbyte is a well known troll (Score:1, Interesting)
I tried Freenet a while back. It appeared that the typical way of writing a Freenet site is to write HTML, which is checked and slightly re-written by the Freenet "proxy". I don't consider this to be safe at all; browsers understand all kinds of lax code, and you need to be able to anticipate every single browser laxness in order to work this way securely, and that's impossible.
A more secure solution would be to write the Freenet sites in a simple XML dialect and transform them to regular HTML with the Freenet proxy.
On the other hand, I didn't investigate the issue fully, and it's been a while, so if I'm operating on false assumptions, please correct/ignore me at will
Re:You are Totally off there (Score:3, Interesting)
Speed is a design issue, and there are numerous pros/cons anonymity-wise with changing it. GNUnet is a different approach - it has its own pros/cons.
I do take issue with the java design. It doesn't even run on amd64 (since there is no stable VM on this arch) unless you run it 32-bit (using an x86 VM). It typically uses around 150MB of RAM when it is running - that is quite a bit for a single application. It also needs a several GB datastore, but that is adjustable and less of an issue (plus, all that data has to be stored somewhere).
I've run Freenet for numerous versions now (going on years at this point). For the last few months though I've tended to not keep it running. I was just getting tired of constant swapping anytime I wanted to do anything - to me a solution to a computer problem is not to keep throwing RAM chips at it, and if I did want to investing in an extra 512MB I could think of better things to do with it than using it for a single application.
Honestly, I don't think there is much excuse for an application that needs more than 5-10MB of RAM in general - especially not one that runs in the background all the time. If it needs a few dozen MB I might be able to entertain the idea.
On the other hand, when an app needs a 128MB DIMM just for its own use, we're really starting to push things...
Re:Child pornography (Score:2, Interesting)
This is a very common misconception. Ignorance of the LAW is no excuse, but ignorance of the FACTS is a perfectly valid defence and commonly used (successfully).
Re:Newsbyte is a well known troll (Score:3, Interesting)
Actually, I had figured you as one who has only ever used ipsec. Haha. It can literally be a bitch... openvpn is a simple install, a 6-10 line config file, and you're done. Looks like a second network adapter, acts like one. Hell, it's only a single port to open in a firewall, and can be udp or tcp.
Solving some of the problems is going to be difficult. Some of the layer 4 to layer 7 protocols we'd like to use, that claim to have "secure" implementations never really had this sort of security in mind. What happens when you discover that even SSL/TLS smtp/pop3 aren't good enough, that even if they can't eavesdrop, just the fact that you sent an email there is sensitive? Some protocols, like HTTPS will survive, others may not.
I'm still confused about how you assign addresses. I join the network. Who decides where in your 3D coordinate space I'm sitting?
I'm at 1,2,3. I invite you. You might then be able to be at:
0,2,3
2,2,3
1,1,3
1,3,3
1,2,2
1,2,4
Some of those might already be taken. Others might make you a neighbor/partner to people you aren't allowed to partner with* (more on that later). But, you pick one, and let everyone know it's yours.
OK, so now I'm sitting at (2, 7, 23). How many hops are required to get to (96, 172, 243)?
Not familiar with manhattan distance. Think I know what you mean. With a traditional grid, yeh, that computes distance. But say we go with 3bit dimensions, which allow coordinates to be 0-7. We can actually set up 0 to be adjacent to 7, and if we do that in every "direction", we have halved all hop distances, barring a bunch of routes down in the middle somewhere.
So now I'm sitting at (2, 7, 23). I'm publishing objectionable material. So, someone else decides they're going to take that same address. Who decides who the correct owner is?
First come, first serve. He doesn't get to pick his address anyway, it's based on who invited him. But even if it is a valid location for him, you got there first. Anyone actively attacking the network like that, assuming that I'm a neighbor/partner will get a "ifconfig tun99 down" really quick. And I'll let the other neighbors know what I'm seeing, they can do the same.
So an attacker decides to take down the whole network, and starts setting up lots and lots of nodes on the network that look mostly functional but don't route well enough. Can the VPN route around them? Even in the face of a significant fraction of the network being bogus nodes?
I don't know. Honest. Can we somehow detect bogus nodes, can we fight it? Route around them maybe, but that won't be enough. I think this is only realistic on a small, growing network. At some point, it could concievably be big enough that this wouldn't be an issue. So, now all we need are 400,000 people willing to run nodes. Got any friends?
* I'd also add that I think it's a good idea to make all such tunnels/links international in nature. The people who can hurt you the most are in your own country, so don't connect to them, and they'll never know what you're saying on this network. Let's see them serve a wiretap/search warrant in another nation...
Calm down (Score:2, Interesting)
Actually, I don't believe it at all, but it really doesn't matter. Perception is reality to law enforcement (as it is to most humans). Freenet is perceived as a network where terrorists and pedophiles can exchange information with impunity. Law enforcement does NOT have the same perception about computers and doors. Law enforcement probably uses lots of doors and computers but has little idea about Freenet other than it being a place where pedophiles can go to swap pictures and not get caught. My claim: To law enforcement, a person who uses Freenet is more suspicious than a person who uses a computer.
Strict liability (Score:2, Interesting)
but ignorance of the FACTS is a perfectly valid defence
Often, the degree of the crime (such as Nth degree murder vs. Nth degree manslaughter) depends on mens rea. There are several levels of mens rea, from willful, to intentional, to reckless, all the way down to negligent. But there's also strict liability; look it up. Ignorance of fact, even despite one's best effort, is no defense to a strict liability tort or crime.
Re:You are Totally off there (Score:3, Interesting)
When I last tried freenet, the required disk space wasn't a problem for me, CPU time was marginally so (every now and then it ate 30% of my CPU time for a period, and my CPU is in the P4 family). The memory requirements were just absurd. With a load of obscure switches to Sun JVM from an obscure wiki I could make it settle with time to slightly more than 256 MiB instead of the original 900 MiB (I'm not sure if it was still growing because I killed it then, but I guess it was).
Its bandwidth usage grew with time, and if I tried to limit it, it just ceased to work at all. As long as it was in the order of 300 MiB/day it was quite ok, but eventually it grew to something like 1.5 GiB/day, after which I first tried limiting the bandwidth, then just stopped using freenet. It got more responsive after running it for a few days or a week, but I still never got more than a few KiB/second from it. By more responsive I mean that best case response times generally dropped to seconds instead of tens of seconds, while average response times saw a smaller but still significant drop.
Re:Indirect connections (Score:3, Interesting)
I'm not an expert in this area, but I'm not convinced of the feasability of transmitting useful amounts of data concealed in this manner. You might be able to get a decent amount of text in a series of image files using steganography, but normal usage patterns are of people downloading images. A steady stream of uploading images to strangers, especially if not done through email, would stand out, I think.
What I think is a wonderful idea however, is giving people a popular cause to use this. I feel that people should be using it for the reasons it is created - there can be no element of trickery in this - but a supplemental reason could increase popularity. If for (hypothetical example) the network were popularised in repressive countries such as China or Saudi Arabia, then people here who participated in the network would essentially be aiding people in these countries by building and supporting the network.
This might be naive but I think there's the kernel of a good idea in there.
Trust? on what basis? (Score:3, Interesting)
Re:Great, here come the CP trolls (Score:3, Interesting)
You don't have a child, do you.
I do, and if you think my support of FreeNet means that you're free to move in on my kid you're liable to become a candidate for a Darwin Award. In a couple of different ways, should you be male. If you get my drift. Or even if you don't.
I protect my kid, and although I'm glad to have the help and support of my society and its police (many and perhaps most of whom are among the finest people said society has to offer), I'm not willing to betray my kid's potential future in a free society in exchange for a little more convenience in safeguarding his present well-being.
Taking the long view, after all, is one of the things parents are supposed to do for their kids, because kids aren't all that great at it, and for good reason; it takes wisdom, born of experience, to see past the immediate issue to the larger ramifications, and it takes courage, born of wisdom, to accept that "Out of this nettle, danger, we pluck this flower, safety." (Shakespeare, Henry IV, III, i, 62, if anyone cares).