Combining BitTorrent With Darknets For P2P Privacy

CSEMike writes "Currently popular peer-to-peer networks suffer from a lack of privacy. For applications like BitTorrent or Gnutella, sharing a file means exposing your behavior to anyone interested in monitoring it. OneSwarm is a new file sharing application developed by researchers at the University of Washington that improves privacy in peer-to-peer networks. Instead of communicating directly, sharing in OneSwarm is friend-to-friend; senders and receivers exchange data using multiple intermediaries in an overlay mesh. OneSwarm is built on (and backwards compatible with) BitTorrent, but includes numerous extensions to improve privacy while providing good performance: point-to-point encryption using SSL, source-address rewriting, and multi-path and multi-source downloading. Clients and source are available for Linux, Mac OS X, and Windows."

About time

[Keeper Of Keys (928206)]

The need for this has been brewing for a while. Hope it does what it says on the tin.

We already have this; it's pretty much worthless.

[by Anonymous Coward]

There have been BitTorrent clients for I2P for years now. They're useless, largely, because anonymous networks are nightmarishly slow and unreliable, and very, very few people bother to upload anything interesting (at least in my opinion).

Before anyone accuses me of trolling, I've been using TOR off and on at home since 2005, and I've experimented with I2P for about 6 months in the wake of whistleblowing of the NSA wiretapping program. They're horrible, frankly, and I only put up with TOR still out of sheer cussedness. TOR at least lets you get content from the outside world; I2P is darknet-only, and darknet-only content isn't that exciting.

In fact, it's frankly dull as hell -- mostly political rants and porn (often of the less than legal variety). Sure, that could theoretically be overcome, but it won't, because performance is so bad that no one uses them but people stubbornly making a political point or people with downright criminal tastes (like the child porn freaks that seem to dominate the core.onion message boards). Mainstream consumers want convenience, and darknets don't provide it.

The performance is terrible because every download on a darknet is limited by the upstream bandwidth of the worst of your peers -- each of which is generally passing through streams from several other peers at the same time. Think about this. Think of the common 128 Kbps cap on most residential DSL or cable. And this is when you don't have unreliable or malicious peers.

So, frankly, who cares? I pirate copyrighted material because it's convenient and it lets me intelligently spend my money only on things I've vetted first -- spending my money only on things that have merit. Darknet torrenting is simply NOT convenient, and I simply wouldn't bother if it truly became necessary.

I like the concept of TOR and darknets because they provide an important technological counterbalance to tyranny, but I seriously doubt that they could survive as a useful tool for issues less relevant that free speech and survival, like wanting to get movies for free.

Re:We already have this; it's pretty much worthles

[ultranova (717540)]

There have been BitTorrent clients for I2P for years now. They're useless, largely, because anonymous networks are nightmarishly slow and unreliable, and very, very few people bother to upload anything interesting (at least in my opinion).

Ironically enough, Freenet is actually pretty fast nowadays. Still nowhere near BitTorrent, but automatically dividing each file into multiple pieces and the mechanism which causes each piece to become hosted in more peers the more it is accessed results in automatic load-balancing and a torrent-like effect. It's certainly much faster than Tor, and not subject to DoS attacks.

Before anyone accuses me of trolling, I've been using TOR off and on at home since 2005, and I've experimented with I2P for about 6 months in the wake of whistleblowing of the NSA wiretapping program.

Tor isn't a darknet. It's an anonymizer. The fact that you're running a Tor node is not hidden; only what you're doing with it is. Even then there's a simple way of locating hidden services: simply correlate the uptimes of the server in question with the uptimes of Tor nodes.

Freenet doesn't have that problem, since accessing inserted content doesn't require contacting the node that inserted it; however, on-demand insert by Frost might cause a vulnerability, if the attacker controls a node adjacent to yours, since they can then see that a disproportionate amount of pieces for that file are coming from your node. Premix routing should fix that once implemented.

Not a new idea

[Burz (138833)]

Try the following:

I2P net [i2p2.de]
MUTE/ Kommute [sourceforge.net]/ Ants/ Dargens
Alliancep2p.com
Filetopia.org
GNUNet
Rodi
Emscher ...and probably more.

Some of these like I2P use bittorrent over their anonymized network (a BT client is built into I2P but you can use some others... Note that Azureus aka Vuze has I2P support built-in!)

After viewing the demo video

[Burz (138833)]

OneSwarm seems to have a lot more polish than the P2P networks I listed: In-browser previews, codec translation of media files, integration with GoogleTalk, etc.

The basic transfer functionality appears to be similar although based on the invite-only darknet idea. Personally, I do not think these darknets offer much advantage, as the other P2Ps (and also Tor) offer anonymity by maximizing the number of participating nodes... which provides resistance to authorities trying to social-engineer and recruit their way into smaller friend-based networks.

Re:After viewing the demo video

[Burz (138833)]

Um, "In The West" (the United States) over 1% of the adult population is currently behind bars and 17% of all adults have been put through the penal system. Minors are being sentenced as child pornographers for sending nude cameraphone shots of themselves to their girl/boyfriends.

I think your view of the West may be Hollywood-tinted and overly optimistic. The war on drugs (a kind of civil war) is just starting to abate; legislators and police-state apparatchiks are looking for the next new frontier to exercise their lust for punishment.

Re:About time

[Valdrax (32670)]

I've been doing BitTorrent over TOR for a while now. What makes this so great?

Stop it, jackass. TOR is not designed for that. It severely degrades the latency of the network, and the network does not have the bandwidth to sustain numerous users doing large file-transfers over it. The network is intended for anonymous expression -- not to transfer DVD after DVD.

Re:About time

[by Anonymous Coward]

Honestly--I don't mind as long as he contributes at least $N_HOPS * $BANDWIDTH_PASSED back to the network--and as an exit node. Otherwise...yeah--they're a jackass. And the worst part is they probably don't care.

The more use use tor sees, the better crowd anonymity it provides. But given most people just abuse tor... well...all I'll say is it's been found there's a few substantial weaknesses--if you're using lots of traffic, you're probably going through a few private chokepoints. I sure hope they forward your information to appropriate third parties...

Re:About time

[Brian Gordon (987471)]

I sure hope they forward your information to appropriate third parties...

...Which would utterly ruin tor.

Re:

[morghanphoenix (1070832)]

I've been doing BitTorrent over TOR for a while now. What makes this so great?

And this is one of the reasons I closed my exit node.

Re:About time

[by Anonymous Coward]

And a big "stop it, jackass" right back at you. Don't tell people what anonymous expression can or cannot consist of. I express myself 4.7 GB at a time.

Re:About time

[The Master Control P (655590)]

It's manifestly obvious that transferring gigabytes and gigabytes of data in a manner which uses 5 or 10x more bandwidth than just sending from A to B is a bad idea unless your thought process before starting consisted of "Dur... Hey, it's anon-e-moos! There couldn't be any tradeoff for that!" Either way, if you do it you are a jackass and deserve to be called out as such.

Courtesy-in-kind: If you try to be nice, I'll be nice back. If you're a self-centered shithead who's intentionally hurting everyone else using TOR and you post about it, don't expect candy and flowers.

Re:About time

[Valdrax (32670)]

Well, not to be childish, but he started it by using the network in a way that (a) has been complained about by the designers of the network for years now, (b) is blocked by most exit nodes unless you deliberately change your port to avoid it.

Nearly EVERY article on using TOR with BitTorrent says "don't do it" and lays all this out. The only people who do this are people who *know* that it's discouraged and do it anyway. i.e. Jackasses.

Re:

[dgatwood (11270)]

Actually, assuming you're talking about an unmonitored repeater, you aren't knowingly doing anything, and thus, you should, at least in theory, be protected under the same sorts of DMCA exemptions as any other internet service provider that passes pirated/illegal content during the normal course of IP-based routing.

That said, if you do pass something inappropriate, IP number alone is almost certainly sufficient probable cause to obtain a search warrant. Having the same protection as an ISP doesn't mean the

Re:

[EdIII (1114411)]

Your basically saying that the authorities cannot prove you facilitated the "theft" (copyright infringement is NOT theft) of an "apple", but they search your house and find 6 stolen kiwis, 23 oranges, 92 bananas, and 5 kumquats. You don't get convicted for the "apple", but instead get convicted for the other "stolen property".

1) If the warrant was obtained improperly on the basis of the "apple" theft, there is a good probability that the whole case could be thrown out. Miranda anyone?

It's excellent that y

Re:

[Dunkirk (238653)]

Tin foil hattery aside, your best defense is a combination of reasonable doubt (the foundation of TOR, Freenet, and these new darknets) AND STRONG NON-PROPRIETARY WHOLE HARD DRIVE ENCRYPTION.

I wouldn't put away the TFB just yet. I'm just cynical enough to believe that just about ANY court in the USA would demand you turn over your encryption key under threat of simply being in contempt of court. A judge can basically throw you in jail until you comply, and that doesn't even allow your case to proceed. Even if you somehow worked around this, not giving up your key would be seen as an admission of guilt. Look, I know it's wrong -- fifth amendment and all that -- but this is reality here, and the

The internet at work.

[L4t3r4lu5 (1216702)]

"The Internet interprets censorship as damage and routes around it."
- John Gilmore [toad.com], Co-Founder of the Electronic Frontier Foundation [eff.org]

Re:The internet at work.

[Shadow-isoHunt (1014539)]

I always thought that was Benjamin Franklin.

Re:The internet at work.

[Obfuscant (592200)]

Don't be silly. Why would the internet interpret Benjamin Franklin as damage?

Re:The internet at work.

[Brian Gordon (987471)]

No, the internet interprets censorship as Ben Franklin and routes around him.

Friends?

[honestmonkey (819408)]

One problem from the demo seems to be that you need to have friends. I don't know anyone that has the por^h^h^h files that I want already.

Trust no one

[westlake (615356)]

One problem from the demo seems to be that you need to have friends.

You'll find plenty of "friends" on the net willing to trade in porn - or anything else, for that matter.

The question is, who do you trust?

In the case of OneSwarm ...an adversary would be able to correlate the increase in traffic between sender and receiver along an overlay path. FAQ [washington.edu]

I can't quite shake the notion that a "web of trust" is inherently fragile.

That as they scale upward and are increasingly interwoven there will be a breach, a tear - that will unravel very quickly.

Re:Trust no one

[Aladrin (926209)]

Wait wait wait... So you're saying that in order to keep my files transfers secret, I have to sign up for a network, add only my closest, most-trusted friends, route the secret files through the computers of complete strangers... And trust that the whole system is really secret and nobody along the way has a way to hack it?

Seriously? This is insane.

P2P has never been about trading with close friends. You can do that -much- more secretly with a USB drive. It's about sharing with complete strangers.

Dumb

[sexconker (1179573)]

So a "darknet" is a private (trust-based) network.

You know, like a regular network or VPN.

Oh, and you want to use your darknet for P2P, so you want it to be popular? Then just chain your trust so friends of friends of friends can join in. They're trustworthy, right?

This is completely stupid.
You can't establish a successful P2P network without a large number of users to supply bandwidth and content.
You can't get a large number of users without making it easy to join.
You can't make it easy to join while keeping up a level of trust. If Joe Schmo from the internet can get on, then Joe Schmo from the RIAA can too.
You can't anonymize or encrypt traffic while staying decentralized. To anonymize traffic you need a central server where all traffic is routed through, or you need to route through other users and maintain some meta data centrally. If you encrypt traffic, you'll need to decrypt it, and then it becomes a key sharing problem.

It all boils down to keeping the MAFIAA out. No one can ever explain how their various "trust" mechanisms ensure that the MAFIAA stays out (because they can't).
No one ever explains what happens when the trust is broken (the whole net instantly becomes untrustworthy).
No one ever explains how encryption helps untrusted connections (it doesn't), or why it is even necessary for trusted connections (well, I'll accept this since nowadays everyone is illegally snooping in on every bit of data it seems.)

Re:Dumb

[evanbd (210358)]

Freenet [freenetproject.org] has an answer to the trust chaining problem. Each user (when in darknet mode, anyway -- there's also a non-darknet option) only talks to their friends. Trust is not transitory; if I want data you have, it has to get routed over trusted links. Obviously there is a latency and bandwidth penalty for this, but it's probably smaller than you'd think -- the network topology is well behaved, so playing 6 degrees of separation works fairly well. If someone screws up and lets the MAFIAA on, then I don't care -- it's only a problem for the people who trusted them. The darknet style links compartmentalize the damage. (It's actually even better than that, thanks to plausible deniability arguments I won't get into, as long as they only have a limited number of compromised nodes.)

Of course, the bootstrapping problem -- you need users to get content, and you need content to attract users -- is very real. If there are easy magic solutions, I haven't heard of them, and Freenet doesn't have them. It's still a small niche network, with a limited though nonzero amount of content.

If you're curious about how attacks work in the context of a strong darknet like Freenet, I suggest you ask around on the irc channel / mailing lists. Yes, there are attacks that will work -- the Freenet authors won't try to pretend otherwise. What Freenet *does* do is make those attacks very difficult with only comparatively modest assumptions about trust.

Re:Dumb

[grumbel (592662)]

Freenet has an answer to the trust chaining problem.

I wouldn't call it an 'answer', because it is complete non-functional in practice, there are just way to few people in the world who have enough trustworthy friends who also run freenet to make it function and for those that have sneakernet likely runs a hell of a lot better. The whole problem with darknet is that it pretty much completly breaks apart when you add an untrusted friend, so you have to be really careful with whom you add, which in turn makes it impossible to get enough people.

That sound you just heard...

[Eil (82413)]

...was that of a few University of Washington researchers being escorted into the back of an unmarked van.

Anomos: Anonymous BitTorrent Without F2F

[EverStoned (620906)]

I'm a lead dev on a similar project called Anomos [anomos.info], which provides anonymous and encrypted BitTorrent without requiring the slow Friend To Friend system that this uses. OneSwarm is a cool project, but we have some advantages over this (although I'm sure they have advantages over us as well.) We're a funded project as well. If you're interested in this type of thing, you might wanna take a look at our project as well. (Also check out i2pSnark!) Ultimately (perhaps by the end of this summer), I'd like to see all of these approaches under a single roof.

Oooookay?

[IonOtter (629215)]

Read the article, watched the video.

Very pretty, very nice, very private IF you have someone on the other end that you "trust". Gosh! This is just like IRC back in 1994 when you'd go begging for FSP logins to trade, and had to rely on some snot-nosed brat to deign to lower their [33+ selves enough to throw you a bone.

Please. *clicks on enable encrypted torrents only* There. Fixed. Goodnight.

Re:Oooookay?

[EverStoned (620906)]

Encrypted != Anon. See above.

Traffic spike.

[Aladrin (926209)]

A major problem with this and all 'anonymous' file sharing things is the traffic! If you go through 3 nodes, that means 4x as much traffic as if you just went straight peer to peer. That means -you- need to use your machine for that much traffic, too, to help the rest of the network.

I don't know about you, but I don't feel like waiting 4x as long for my transfers.

Re:why? its all legal

[by Anonymous Coward]

I'll be charitable and assume you are just uninformed. Inform yourself. [schneier.com]

Re:

[L4t3r4lu5 (1216702)]

All the more reason to get the darknet up and running before it disappears.

Once the source code is out there, it'd be impossible to stop. Let's hope they post it instead of making you mail in requesting it.

Re:Hmmm.

[Brian Gordon (987471)]

If nobody's out there promoting it with a website and support and a download link, few people will participate and it will slowly die.

You'd need kind of a large critical mass before the network can sustain its growth just by nodes emailing friends the source. A lot more than just "up and running".

Re:Source? GPLv2, Java

[hannson (1369413)]

We're just packaging up the source now (we just released this today), and will post a link on the website soon. Thanks!

This is the reply I got from using the mail form.

Re:

[L4t3r4lu5 (1216702)]

It's a darknet [wikipedia.org], therefore invite-only.

It relies on the model that "my friend knows 4 people who use that service, so I can acces my friend's connection to those 4 people. Those 4 people know 3 people each, so I can access those 4 people, and another 12. Those 12 people know..." and there we have a large, private, trusted network.

Plus, there's no need for any particular darknet to connect to another. you can run your own darknet between your friends, not connected to any other darknet.

Re:Been done, and better supported.

[tepples (727027)]

It relies on the model that "my friend knows 4 people who use that service, so I can acces my friend's connection to those 4 people."

So how do I join if 0 of the people on my buddy list know about the darknet?

Re:This is clearly a criminal tool

[by Anonymous Coward]

Laws used to be about freedom and justice. But now corporations are making laws.

Lobbying used to be called bribery. It also used to be illegal.

Re:

[L4t3r4lu5 (1216702)]

That's lobbying for you.

Self reference paradox anyone?

Re:This is clearly a BS tool

[Saffaya (702234)]

It has something to do with what all cartels do :
Jack-up the price of a product by artificially restricting its availability.

Examples that come to mind are the DeBoers cartel for diamonds, or the cartel of the music industry.

And btw, the US department of Justice does officially refer to the music industry as a cartel.

Re:This is clearly a BS tool

[Tom (822)]

Here is what has changed:

Germany used to have a law that makes "private copies" legal. Where "private copy" is defined as making a low number (five is generally regarded as the "magic number") of copies for personal use of friends (with "friend" being defined as persons you have a close personal relation with, so most of your 1624 Internet "friends" wouldn't count).

It was perfectly good and everyone was happy. This law was, for example, what made it legal over here to create a mix tape (or CD) for your girl-/boyfriend. Or to say "sure, no problem" when your best friend said "wow, that's a cool album. Can you make me a copy?" - even the music industry seemed to be ok with it (free advertisement) and it made sure that law enforcement didn't have to waste resources on the ridiculous.

For the past four years or so, the music industry has changed its mind and pressured, bought, lobbied, etc. our lawmakers into changing the law. And they've finally succeeded (last year, I think).

And that does apply to the non "Arrr!" crowd. These changes make 15 year old teenagers who are in love into criminals. It makes grandma a criminal if she records her favourite song from the radio. It makes you and your wife criminals if you put a copy of the CD you bought on both yours and hers MP3 player.

PS: Don't lecture about loopholes and exceptions in american copyright law, I'm talking about german law and this whole virtual property rights bullshit is highly international.

Re:This is clearly a criminal tool

[Tubal-Cain (1289912)]

ISPs, the RIAA, and the government cannot poison the well if they can't find it.

Re:

[Tubal-Cain (1289912)]

The RIAA have this idea that filesharing is, by definition, sharing of files covered by their copyright. So they attack indiscriminately. [slashdot.org]

The government has this fascination with invasion of privacy.

Re:

[L4t3r4lu5 (1216702)]

It works by you being friends with Joe and Mike. They in turn are friends with Rachel and Simon, Brad, Jamie, and Robert respectively. That's now seven people to download from. Those 5 people have more friends, maybe with the file, maybe not, but THEIR friends might have it...

Plus, because it's not an open network, the trust between peers is higher. It will always be a "friend of a friend" that you're downloading from.

We just need to make sure nobody is friends with the MAFIAA.

Re:I don't understand.

[complete loony (663508)]

But even if somebody is friends with the MAFIAA, that doesn't mean they can work out who you are. If the protocol is built correctly, (no I'm not going to read it) you would have to compromise every relationship between sender and receiver to work out who anybody else really is.

Nodes on this network know their immediate neighbors (friends), and pass messages around, but don't necessarily know anything about who the end points are.

Re:I don't understand.

[InsertWittyNameHere (1438813)]

Please explain.

If "Joe" in Virginia and "Mike" in California each have a copy of The Big Bang Theory's latest episode, I use Utorrent to directly connect to their IP address and start downloading pieces. How does OneSwarm work differently to get this video over to my machine?

There, saved you from ridicule. You owe me!

You don't understand because it don't work

[SmallFurryCreature (593017)]

The entire idea of the so called darknet originated in the minds of kiddies who are full of goverment conspiracies but lack the intelligence to truly think about what this means.

Your ISP KNOWS!

Your ISP knows EVERYTHING!

Your darknet lights the ISP up like a christmas tree!

Darknets only work when the ISP doesn't care to monitor and report the traffic that crosses its routers and if they don't monitor/report the traffic then you don't need a darknet.

A darknet is often suggested as a solution of getting around opressive regimes. But the problem is that the kiddies thinking about it have grown up in free countries and just don't get how effective oppression can be. Oh we are not talking the Chinese here or even the RIAA or other such amateurs but the north-korean goverment.

How is your darknet going to work if ALL internet access is monitored. Send of a packet on an unknown port to an unknown destination and they don't need to decrypt it, you will tell them what was in it because there is only so much the human body can endure.

To make it understandable, imagine you invented an absolutely 100% effective way to hide content in a telegraph message. You could send any message of any length and embed you own content within it and nobody would ever know. This would get you around any goverment trying to stop you from sending said message right?

If you say YES, then you are an idiot. All they got to do is stop you from using the telegraph itself. Put an agent in the office and simply monitor who uses the machine.

If the RIAA and the likes get their way then sending ANY info via your ISP that they cannot read as harmless, then you can't use a darknet because a darknet by its nature shows up as unknown and therefor harmfull to the powers that be.

If the teachers forbids you to talk in the class room then the students can come up with the the fanciest unknown spoken language they wish, but they still can't talk in class because the act of using your voice itself is what is forbidden, not the language itself.

So, if you and a friend agree to use an unknown network type that crosses an ISP and that ISP is monitoring its own routers then that traffic will show up and by the nature of being unknown will send up a red flag. Only when your ISP doesn't care can you use it and as I already said, when it doesn't care, you don't need it.

The only think darknets protect against is OTHERS outside your network connect from knowing about it. I can easily see whoever else is using the torrent I am downloading because this information is public. I can't see the users of your site however. So it is only simple defence against a very primitive form of snooping. But don't worry, the RIAA and the likes are already well ahead of that and want the ISP's, who by their nature are part of EVERY network connection you make to monitor for them.

Read up on freenet and its darknet dreams. It is a laugh. They dream of being the tool to allow sensitive information to get out of places like North Korea undetected when the very act of sending information out of North Korea over any non-approved and monitored method is enough to get you killed.

Or to give the final anology, I don't need to know where the messenger crossing the border has hidden the secret message or the code to read it on his body if I simply shoot everyone crossing the border.

Or, in cartoon form...

[AnotherSteve (447030)]

For the visual learners, here is your argument in pictoral format.

http://xkcd.com/538/

Re:Why not just put an encryption layer on top of

[by Anonymous Coward]

Because the investigators don't eavesdrop on your connections. They come into the network as a peer and ask your client to send them chunks of whatever file you are currently sharing. It's very easy for them to do:

1. Search torrent site for popular movie/artist name
2. Download torrent
3. Connect to tracker, get peer IP addresses
4. Connect to peers, ask for parts of the file
5. File a John Doe lawsuit and subpoena ISPs for customer details

Encryption occurs between peers - so your ISP can't decode the traffic, but the investigator can, because it is a peer.

Re:

[brusk (135896)]

No, he's referring to a bounced check. There's a $25 fee for that.