Combining BitTorrent With Darknets For P2P Privacy 325
CSEMike writes "Currently popular peer-to-peer networks suffer from a lack of privacy. For applications like BitTorrent or Gnutella, sharing a file means exposing your behavior to anyone interested in monitoring it. OneSwarm is a new file sharing application developed by researchers at the University of Washington that improves privacy in peer-to-peer networks. Instead of communicating directly, sharing in OneSwarm is friend-to-friend; senders and receivers exchange data using multiple intermediaries in an overlay mesh. OneSwarm is built on (and backwards compatible with) BitTorrent, but includes numerous extensions to improve privacy while providing good performance: point-to-point encryption using SSL, source-address rewriting, and multi-path and multi-source downloading. Clients and source are available for Linux, Mac OS X, and Windows."
About time (Score:5, Insightful)
The need for this has been brewing for a while. Hope it does what it says on the tin.
The internet at work. (Score:5, Insightful)
- John Gilmore [toad.com], Co-Founder of the Electronic Frontier Foundation [eff.org]
Friends? (Score:5, Insightful)
Re:This is clearly a criminal tool (Score:5, Insightful)
Laws used to be about freedom and justice. But now corporations are making laws.
Lobbying used to be called bribery. It also used to be illegal.
Re:I don't understand. (Score:3, Insightful)
Plus, because it's not an open network, the trust between peers is higher. It will always be a "friend of a friend" that you're downloading from.
We just need to make sure nobody is friends with the MAFIAA.
Re:This is clearly a criminal tool (Score:3, Insightful)
Self reference paradox anyone?
Re:This is clearly a criminal tool (Score:4, Insightful)
We already have this; it's pretty much worthless. (Score:5, Insightful)
There have been BitTorrent clients for I2P for years now. They're useless, largely, because anonymous networks are nightmarishly slow and unreliable, and very, very few people bother to upload anything interesting (at least in my opinion).
Before anyone accuses me of trolling, I've been using TOR off and on at home since 2005, and I've experimented with I2P for about 6 months in the wake of whistleblowing of the NSA wiretapping program. They're horrible, frankly, and I only put up with TOR still out of sheer cussedness. TOR at least lets you get content from the outside world; I2P is darknet-only, and darknet-only content isn't that exciting.
In fact, it's frankly dull as hell -- mostly political rants and porn (often of the less than legal variety). Sure, that could theoretically be overcome, but it won't, because performance is so bad that no one uses them but people stubbornly making a political point or people with downright criminal tastes (like the child porn freaks that seem to dominate the core.onion message boards). Mainstream consumers want convenience, and darknets don't provide it.
The performance is terrible because every download on a darknet is limited by the upstream bandwidth of the worst of your peers -- each of which is generally passing through streams from several other peers at the same time. Think about this. Think of the common 128 Kbps cap on most residential DSL or cable. And this is when you don't have unreliable or malicious peers.
So, frankly, who cares? I pirate copyrighted material because it's convenient and it lets me intelligently spend my money only on things I've vetted first -- spending my money only on things that have merit. Darknet torrenting is simply NOT convenient, and I simply wouldn't bother if it truly became necessary.
I like the concept of TOR and darknets because they provide an important technological counterbalance to tyranny, but I seriously doubt that they could survive as a useful tool for issues less relevant that free speech and survival, like wanting to get movies for free.
Re:About time (Score:5, Insightful)
I've been doing BitTorrent over TOR for a while now. What makes this so great?
Stop it, jackass. TOR is not designed for that. It severely degrades the latency of the network, and the network does not have the bandwidth to sustain numerous users doing large file-transfers over it. The network is intended for anonymous expression -- not to transfer DVD after DVD.
Why not just put an encryption layer on top of BT? (Score:2, Insightful)
A simple question from a noob in the area:
Why not just peer-to-peer encrypt communication between BitTorrent nodes on the network? With keys that are distributed privately. Would that not completely hide the BitTorrent traffic making it impossible to eavesdrop at? If I sit by a router and see it transfer a blob of something that does not resemble anything else but an encrypted stream of something, I only have one choice - decrypt it first to see if the traffic belongs to something I consider illegal. But thats where cryptography comes in, right?
Re:About time (Score:5, Insightful)
Honestly--I don't mind as long as he contributes at least $N_HOPS * $BANDWIDTH_PASSED back to the network--and as an exit node. Otherwise...yeah--they're a jackass. And the worst part is they probably don't care.
The more use use tor sees, the better crowd anonymity it provides. But given most people just abuse tor... well...all I'll say is it's been found there's a few substantial weaknesses--if you're using lots of traffic, you're probably going through a few private chokepoints. I sure hope they forward your information to appropriate third parties...
Re:Why not just put an encryption layer on top of (Score:1, Insightful)
... because in your scheme there is nothing preventing the RIAA/MPAA from getting in on the cryptography action to collect the evidence they need. In other words, there is no way to filter RIAA/MPAA spies out from your fellow pirates.
All they have to do is infiltrate the method of "private" key distribution (which won't be all that private for any scheme involving more than just you and 3 of your closest buddies)
Re:About time (Score:5, Insightful)
Dumb (Score:5, Insightful)
So a "darknet" is a private (trust-based) network.
You know, like a regular network or VPN.
Oh, and you want to use your darknet for P2P, so you want it to be popular? Then just chain your trust so friends of friends of friends can join in. They're trustworthy, right?
This is completely stupid.
You can't establish a successful P2P network without a large number of users to supply bandwidth and content.
You can't get a large number of users without making it easy to join.
You can't make it easy to join while keeping up a level of trust. If Joe Schmo from the internet can get on, then Joe Schmo from the RIAA can too.
You can't anonymize or encrypt traffic while staying decentralized. To anonymize traffic you need a central server where all traffic is routed through, or you need to route through other users and maintain some meta data centrally. If you encrypt traffic, you'll need to decrypt it, and then it becomes a key sharing problem.
It all boils down to keeping the MAFIAA out. No one can ever explain how their various "trust" mechanisms ensure that the MAFIAA stays out (because they can't).
No one ever explains what happens when the trust is broken (the whole net instantly becomes untrustworthy).
No one ever explains how encryption helps untrusted connections (it doesn't), or why it is even necessary for trusted connections (well, I'll accept this since nowadays everyone is illegally snooping in on every bit of data it seems.)
Re:Hmmm. (Score:4, Insightful)
You'd need kind of a large critical mass before the network can sustain its growth just by nodes emailing friends the source. A lot more than just "up and running".
Trust no one (Score:4, Insightful)
You'll find plenty of "friends" on the net willing to trade in porn - or anything else, for that matter.
The question is, who do you trust?
In the case of OneSwarm ...an adversary would be able to correlate the increase in traffic between sender and receiver along an overlay path. FAQ [washington.edu]
I can't quite shake the notion that a "web of trust" is inherently fragile.
That as they scale upward and are increasingly interwoven there will be a breach, a tear - that will unravel very quickly.
This is clearly a BS tool (Score:1, Insightful)
"Laws used to be about freedom and justice. But now corporations are making laws."
And what kind of laws are illegal down loaders making? So far as I've seen not one law has been changed because of "Arrr, I'm a pirate" and in fact the situation's gotten worse. So once again what has piracy done for "freedom and justice"? You know the "freedom and justice" that doesn't just apply to the "Arrr!" crowd.
Re:About time (Score:5, Insightful)
Courtesy-in-kind: If you try to be nice, I'll be nice back. If you're a self-centered shithead who's intentionally hurting everyone else using TOR and you post about it, don't expect candy and flowers.
Re:Oooookay? (Score:4, Insightful)
Re:About time (Score:1, Insightful)
> Well, if you live in country where the courts accept 10 misdirected search warrants for every hit, it might not help a lot, but in democratic countries such uncertainties would be unacceptable.
What the courts do and do not accept has very little to do with a country being a democracy or not. The idea that in a democracy everything is automagically 'good' is ridiculous. Are you by any chance from the USA?
Re:About time (Score:4, Insightful)
Well, not to be childish, but he started it by using the network in a way that (a) has been complained about by the designers of the network for years now, (b) is blocked by most exit nodes unless you deliberately change your port to avoid it.
Nearly EVERY article on using TOR with BitTorrent says "don't do it" and lays all this out. The only people who do this are people who *know* that it's discouraged and do it anyway. i.e. Jackasses.
Re:About time (Score:1, Insightful)
Rare to get a reply from an AC right? I'm even the one who wrote the comment...
I don't think you're right in that assessment--at least realistically Technically you're correct--in that it would break anonymity. The whole point of tor (and onion routing) is that if I peel off a layer, there's still n-1 layers left protecting me.
Most of the bittorent guides for tor (that I've read) expressly configure their client to only use *1* hop--hoping that they provide "good enough" anonymity against a subpoena.
Destroying the use of tor for people who abuse it really doesn't bother me all that much... since the people abusing it to run BT must be directly connecting to exit nodes to do this in a single hop--this doesn't hurt the people who shuffle in from the middle of the network.
Because tor suffers from being easily discoverable--it'd even be a simple test for the relay system to determine if the node connecting to them was willing to carry traffic or not... if it doesn't route tor traffic--it's the origin--log, analyze, report.
Re:Been done, and better supported. (Score:5, Insightful)
It relies on the model that "my friend knows 4 people who use that service, so I can acces my friend's connection to those 4 people."
So how do I join if 0 of the people on my buddy list know about the darknet?
You don't understand because it don't work (Score:5, Insightful)
The entire idea of the so called darknet originated in the minds of kiddies who are full of goverment conspiracies but lack the intelligence to truly think about what this means.
Your ISP KNOWS!
Your ISP knows EVERYTHING!
Your darknet lights the ISP up like a christmas tree!
Darknets only work when the ISP doesn't care to monitor and report the traffic that crosses its routers and if they don't monitor/report the traffic then you don't need a darknet.
A darknet is often suggested as a solution of getting around opressive regimes. But the problem is that the kiddies thinking about it have grown up in free countries and just don't get how effective oppression can be. Oh we are not talking the Chinese here or even the RIAA or other such amateurs but the north-korean goverment.
How is your darknet going to work if ALL internet access is monitored. Send of a packet on an unknown port to an unknown destination and they don't need to decrypt it, you will tell them what was in it because there is only so much the human body can endure.
To make it understandable, imagine you invented an absolutely 100% effective way to hide content in a telegraph message. You could send any message of any length and embed you own content within it and nobody would ever know. This would get you around any goverment trying to stop you from sending said message right?
If you say YES, then you are an idiot. All they got to do is stop you from using the telegraph itself. Put an agent in the office and simply monitor who uses the machine.
If the RIAA and the likes get their way then sending ANY info via your ISP that they cannot read as harmless, then you can't use a darknet because a darknet by its nature shows up as unknown and therefor harmfull to the powers that be.
If the teachers forbids you to talk in the class room then the students can come up with the the fanciest unknown spoken language they wish, but they still can't talk in class because the act of using your voice itself is what is forbidden, not the language itself.
So, if you and a friend agree to use an unknown network type that crosses an ISP and that ISP is monitoring its own routers then that traffic will show up and by the nature of being unknown will send up a red flag. Only when your ISP doesn't care can you use it and as I already said, when it doesn't care, you don't need it.
The only think darknets protect against is OTHERS outside your network connect from knowing about it. I can easily see whoever else is using the torrent I am downloading because this information is public. I can't see the users of your site however. So it is only simple defence against a very primitive form of snooping. But don't worry, the RIAA and the likes are already well ahead of that and want the ISP's, who by their nature are part of EVERY network connection you make to monitor for them.
Read up on freenet and its darknet dreams. It is a laugh. They dream of being the tool to allow sensitive information to get out of places like North Korea undetected when the very act of sending information out of North Korea over any non-approved and monitored method is enough to get you killed.
Or to give the final anology, I don't need to know where the messenger crossing the border has hidden the secret message or the code to read it on his body if I simply shoot everyone crossing the border.
Wireless Mesh Networks (Score:2, Insightful)
What we really need is wireless mesh networks formed from a bunch of cheap routers.
It would not be feasible to monitor a distributed wireless network covering a whole city or county. TOR running on top of this wouldn't have the asymmetrical upload limits that we have with our wired Internet run by The Man.
It would be the Wild West all over again.
Re:Dumb (Score:4, Insightful)
Freenet has an answer to the trust chaining problem.
I wouldn't call it an 'answer', because it is complete non-functional in practice, there are just way to few people in the world who have enough trustworthy friends who also run freenet to make it function and for those that have sneakernet likely runs a hell of a lot better. The whole problem with darknet is that it pretty much completly breaks apart when you add an untrusted friend, so you have to be really careful with whom you add, which in turn makes it impossible to get enough people.
Re:We already have this; it's pretty much worthles (Score:3, Insightful)
Which is largely how the web was, before (non-porn) people realised they could make money on that network.
Re:Trust no one (Score:5, Insightful)
Wait wait wait... So you're saying that in order to keep my files transfers secret, I have to sign up for a network, add only my closest, most-trusted friends, route the secret files through the computers of complete strangers... And trust that the whole system is really secret and nobody along the way has a way to hack it?
Seriously? This is insane.
P2P has never been about trading with close friends. You can do that -much- more secretly with a USB drive. It's about sharing with complete strangers.
Traffic spike. (Score:5, Insightful)
A major problem with this and all 'anonymous' file sharing things is the traffic! If you go through 3 nodes, that means 4x as much traffic as if you just went straight peer to peer. That means -you- need to use your machine for that much traffic, too, to help the rest of the network.
I don't know about you, but I don't feel like waiting 4x as long for my transfers.
Re:After viewing the demo video (Score:5, Insightful)
Um, "In The West" (the United States) over 1% of the adult population is currently behind bars and 17% of all adults have been put through the penal system. Minors are being sentenced as child pornographers for sending nude cameraphone shots of themselves to their girl/boyfriends.
I think your view of the West may be Hollywood-tinted and overly optimistic. The war on drugs (a kind of civil war) is just starting to abate; legislators and police-state apparatchiks are looking for the next new frontier to exercise their lust for punishment.
Re:After viewing the demo video (Score:3, Insightful)
"Your Honor and Honorable Jurors, this man knowingly and willingly ran software designed to allow pedophiles and other criminals, even terrorists, to hide their identities while conducting crimes against children online, and to circumvent filters put forth by lawful authority. He will continue to help these people exploit the defenseless, unless we stop him here and now."
It is quite possible that you will be jailed, at least until the trial, and even if you're not, you'll be harassed by the "save the children" -mob.
The spirit of Salem Witch Trials is alive and well.