Entropy Project Closes Up Shop 143
k0fcc writes "In a disappointing move to privacy enthusiasts, the Entropy Project's creator has released a statement that the project is shutting down. Entropy was a very popular, and some say faster, alternative to Freenet which supported a number of different cryptographic protocols. The creator alluded to the possibility that the project could continue if a new owner could be found."
Erm (Score:4, Interesting)
Freenet seems to me to be one of those ivory tower projects that has little relation to the real world. Proof? No search engine, and very little chance of ever having one. How the hell can it ever be useful? [/rm101 resists making a dig about their choice to implement in Java]
Anonymity and Entropy (Score:5, Interesting)
Furthermore, it is often the content which speaks more about the authorship, than the chain of technical events that leads to the publishing of the information. In Slashdot, for example, I have chosen not to show my e-mail, etc., but by reading my comments even a 10-years old kid can make a deduction about my real identity. Does it make sense for me to use IP-tunneling then?
Finally, I do not understand the author. He just seems pissed. Maybe he will reconsider his opinion and revive the project. Is he sick from the lies (?) about the crypto-protocols used in the software which is written? IMHO the theory proves quite stable and if there is a room for attacks it is more in the implementations than in the protocols themselves. How many broken cryptosystems do you recollect (I know, I know "the knapsack", but it got broken on the conference on which it was presented).
Still, even with this project retreating, the subject remains interesting.
Tried it, looked suspicious (Score:4, Interesting)
"Wow, great project!". It was like Freenet, only faster, lower latency, some stuff was cooler. It looked really promising. It was much easier to install in a chroot jail than Freenet.
However. From what I saw, I wouldn't trust it for any serious purpose. It looked like the author was only interested in using it for testing his own crypto algorithms, and as anybody who read on this stuff should know, rolling your own crypto is a really bad idea unless you're really, really good, and then make sure it gets well tested for a few years.
It had a nice possibility of restricting the node to chosen allowed crypto algorithms, but none of the available ones was in widespread use. I mean, AES, DES and Blowfish weren't in the list last time I checked. That makes me rather suspicious.
I voiced my concerns once in the Entropy forum, and the author replied saying this is basically a research project and not intended for serious use (IIRC).
If somebody does decide to continue with it, I certainly hope that one of the first things that will be done is to put some tested crypto in it instead of a bunch of homebrew methods. Nothing personal against the author, but I believe that if it was easier to trust it, it could become more popular.
Re:GNUnet (Score:3, Interesting)
What if its not much different than installing a virtual ethernet adapter, or if all your experience setting your computer up for TCP/IP counts for something on it?
What if you get to use all your current internet apps, rather than scratching around for keyhashes of some file that is pieced together all over the network?
What if only one guy can snitch on you, and he's somewhere in South Korea?
Maybe not ready for prime-time, but I think I have the late-night viewing nailed. Way past CSPAN.
Re:Anonymity and Entropy (Score:3, Interesting)
There are resources available on my network that are at least trying to train people how not to give themselves away. Simple example, someone invites you, and right away you jump on IRC as trifakir. Someone showing up there as "trifakir" isn't necessarily you, of course. But if I wanted to track someone down that had that nick, I'd search everywhere on the internet and commercially available databases. In the end, any handles/nicknames/usernames you use on an anonymous network have to be totally original for yourself... you can't get away with re-using that hotmail username you had 5 years ago. And as simple as this all seems, there are problems. It's not easy to turn off that impulse to do such things... and no one can help you, either. 100% your own responsibility (not totally true, the guy that invites you knows at least enough to ID you, and can give advice, get you pointed at the website that goes over this in detail... but that's about it).
There are other problems along these lines too. Certain applications are "leaky". Mirc, in particular. Right from the beginning, we knew it would be a problem, and I was helping folks set it up at the command line level to point at a new INI file. But it is pure shit. Even doing that, it is pulling sensitive details from the registry or the original ini files. We haven't found any quite as bad as this one, but is far from unique. Word documents are suspect, in that we can't be 100% certain that published documents don't have some hidden metadata that identifies the author. PDFs created with Adobe are likely as problematic.
And this is the easy stuff. We've yet to come up with guidelines that will protect you from the most insistent long-term attacks. If a well funded agency were to compile psychological data on you, is itso far-fetched that a demographic profile could lead them to you? Male, 30-40, native born english speaker with definite american language traits, has let a few comments slip about his favorite sports team (in the area?)... it all adds up.
And as serious as all this is, with me communicating with less than 50 users ever, I've still had questions about how safe VOIP and webcam apps are! I mean, I doubt we have spooks listening yet, but who can say?
Many books could be written on this subject without ever exhausting it.
Mute: The Searchable Alternative (Score:4, Interesting)
There is one alternative called Mute [sourceforge.net], which solves one key problem with Freenet or Entropy which is that it is searchable.