New "Dark" Freenet Available for Testing

Sanity writes "The Freenet Project has just released the first alpha version of the much anticipated Freenet 0.7 branch. This is a major departure from past approaches to peer-to-peer network design, embracing a 'scalable darknet' architecture, where security is increased by allowing users to limit which other peers their peer will communicate with directly, rather than the typical 'promiscuous' approach of classic P2P networks. This means that not only does Freenet aim to prevent others from finding out what you are doing with Freenet, it makes it extremely difficult for them to even know that you are running a Freenet node at all. This is not the first P2P application to use this approach, other examples include Waste, however those networks are limited to just a few users, while Freenet can scale up almost indefinitely. The new version also includes support for NAT hole-punching, and has an API for third-party tool development. As always, the Freenet team are asking that people support the development of the software by donating."

Waste

This looks interesting. I tried Freenet before, but I could never set it up properly. I will have to try it again.

Re:Waste

Its too bad its written in java.. if it was in C/C++ i would have run a node...

Yeah, cross-platform coding sucks. When are these companies going to learn that we want proprietary binaries that need to be recompiled on each platform?

Re:Waste

So... Your posting on /. with a C64 then?

Seriously, what platform are you using that doesn't have a Java implementation on it?

And, even more to the point... Just have a Freenet server running in the basement someplace and use it as a proxy out to the Freenet. Buy/find/build a computer (don't spend more than one Benjamin on it) and put Any flavor of Linux on it, then load the Freenet proxy. Don't forget to load up the RAM, as Freenet eats RAM like the passengers of a Las Vegas tour bus eat at Circus Circus.

Not only is this good for the network (permanent nodes == good nodes) but the upshot is that you don't have to locate the server anywhere near your main computer. So you can get a low-speed computer, slap a giant copper HSF on it, and remove the fans. Less fans == less points of H/W failure down the road. Since it's Linux, it never needs to reboot. Since it's only doing Freenet (and only has that port open to the world) then you don't need to update the kernel.

And yes, I know what I'm talking about. I've got a E-PC in my basement that's been running along happily for over 3 years now, and the only thing that I've ever changed on it was the Freenet install. Unload, upgrade, and restart the Freenet proxy. Done in 5min. Whenever i want to use the Freenet i just change my proxy in my browser to my Freenet server in the basement. Takes me 20 seconds.

So I want all these excuses of NOT running Freenet to stop. Anybody can find a 'junk' computer and put Freenet on it, no excuses! Get those nodes up and running--the more nodes that stay online 24/7 the better. And trust me... Once you see the amount of creativity that true total anonymity brings, you'll be glad you at least saw it. You might not like it but at least you know it's there and what it's about. And like GI Joe said--Knowing is half the battle.

And if your really worried about your electric bill--don't. Your bill will jump up at most .50 a month from your Freenet server. You don't need a monitor (that draws the most watts) for this setup, And if your really worried about it you need to wonder why your reading /. in the first place...

Hooray!

Hooray! Now I can browse the net at dialup speeds once more!

Will this ever succeed in full?

For example, do you think Google will ever use Freenet in some manner?

I wish there was a way that I could view websites without giving any IP or client information. However, that kind of information is important to webmasters and business.

Re:Will this ever succeed in full?

I wish there was a way that I could view websites without giving any IP or client information. However, that kind of information is important to webmasters and business.

Check out Tor [eff.org].

Re:Will this ever succeed in full?

Well, it is not a foolproof solution, but you can try using TOR: The Onion Router (http://tor.eff.org/ [eff.org]). It will act as a random daisy-chain of proxies that pass all the information (except for the final hop) encrypted.

Failing that, you could always buy a laptop/PDA/etc. and a cheap wifi card and connect to random WAPs using a spoofed MAC address.

Re:Will this ever succeed in full?

Or planning political demonstrations in a dictatorship. Same thing as kiddie porn, really. You're either with us or the child pornographers, after all. Why do you hate Country X?

Re:Will this ever succeed in full?

>I wish there was a way that I could view websites without giving any IP or client information

Anonymizer.com, cotse, and many others.

There's some loss of functionality. For example if you have Java turned on then a remote web site can grab your IP even through a proxy. So you have to turn off Java, and Anonymizer disables Javascript as well.

Much needed

Thank you freenet team! The ability to remain anonymous is the only way to ensure complete freedom of speech.

Practical measures

I totally agree. With the lawmakers obviously unconcerned about the steady erosion of civil liberties, practical measures like these could be the only option for maintaining our freedoms.

Re:Practical measures

Freenet may preserve freedom, but it doesn't preserve liberty.

Don't let projects like Freenet lull you into failing to protect your liberty. Get involved in the world around you and make your voice heard against those who would remove your liberty.

Freedom != Liberty. There are lots of situations in which you have the freedom to hold any opinion you want, but are not at liberty to express those opinions. Unless you have been brainwashed, you always have the freedom to choose to die for your opinions.

Completely agree

I completely agree. Freenet is hopefully a good last resort, but the option of a technical last resort should not discourage people from fighting oppression in all of its forms through more conventional political means.

- Ian (Founder, Freenet Project)

Re:Practical measures

Actually this is the exact OPPOSITE of what anonymity does for freedom of speech. Let's think about this for a minute. The claim that anonymity is required for true freedom of speech (I'll leave the debate as to whether this is actually the case to someone else, and assume that it is true) is so that you can make any allegations you want publicly, without fear of reprisal for what you have said (USSR, anyone?).

What these darknets do (in this context) is allow speech to be distributed only among a select few people. Furthermore, you can exclude those you are making allegations against, allowing you to say whatever you like, true or false, and they have no access to this information (PATRIOT Act, anyone?). In other words, you've crushed their ability to respond to allegations like the Gestapo. But I guess that's okay in your mind, because it's individuals doing so, and not the government. Might I suggest you read up on factory life in the US before the government started regulating the factories, especially with regard to unions and blacklists?

As for myself, I shall always be a proponent of true freedom of speech (and I might add that do not require anonymity for that purpose).

Re:Practical measures

It's interesting that you should mention the USSR, because one of the earliest examples of a darknet was the Russian samizdat (literally: self-publishing) network. Censorship in the USSR operated in a deliberately ambiguous and unclear way: rather than banning certain works outright, the authorities created a huge legal grey area, discouraging the expression of any political opinion that wasn't completely orthodox. Authors responded by circulating their works privately from reader to reader in samizdat [ucl.ac.uk]: each reader would manually copy the work on a typewriter and exchange copies with trusted friends. While this isn't the same as being able to stand in the public square and express your opinion to anyone who passes, it still allows dissidents to express, exchange, and develop their thoughts in a way that wouldn't be possible in isolation.

Regarding your second point, it's true that private communication can exclude the people who are being discussed. Allegations (and conspiracies) are usually made behind closed doors. But the powerful will always have access to private communication. The question posed by Freenet and similar networks is whether the less-powerful should also be able to communicate privately. Comparing Freenet to the Gestapo (although required by Godwin's Law) misses the point: the secret police don't need to use Freenet, because they already have overwhelming power. It's the citizens of a police state who need private communication.

You misunderstand the structure of darknets.

In this new Freenet, network connections only pass through a select few friends, but the routing layer hides this - files are globally available, as they used to be. You've misunderstood the protocol design.

Also, you've even misunderstood the "select few friends" thing. It's not that you can exclude people. It's that you have to actively include people - and you have to have their permission first.

An analogy would be: passing messages between people by telling a trusted friend, he tells his trusted friend, and so on until it reaches the destination.

Great!

I'm not a member or involved in the freenet project but if you have paypal or whatever, drop by the freenet project website and donate a few dollars [freenetproject.org]. Mathew Toseland (toad_ on freenode irc) has been slaving away on the project for a long time now, he's poured so much energy into making freenet a reality, kudos to him and a few of the other coders that have spent a lot of energy on the next generation freenet (nextgens/cyberdo/etc.)

Not related to freenet but in the definitely in the same sphere of anonymous networking is I2P [i2p.net]. For anybody that interested in that kind of technology should check that out... it's a fairly well functioning network ATM but the main coder is putting off any big announcements until he's sure it's ready.

Sigh

Freenet is neat, P2P research is phenomenal, darknets are probably the way to go...but boy, it would be nice to have something that is not implemented in Java.

I understand the reasons that they use Java, but still, Freenet is one RAM and CPU-hungry beast.

Re:Sigh

Java is "heavier" than a native language/platform but for something like Freenet where privacy can be extremely important, reducing the possibility of stack smashing/bufer overrun type vulnerabilities to near zero - which Java helps do very well - is more than worth the execution overhead.

Re:Sigh

Java is "heavier" than a native language/platform but for something like Freenet where privacy can be extremely important, reducing the possibility of stack smashing/bufer overrun type vulnerabilities to near zero - which Java helps do very well - is more than worth the execution overhead.

But there are plenty of natively compiled portable languages that have exactly the same stack and buffer safety, but less overhead than Java.

There's the ML family, for example - fast implementations like OCaml and MLton are usually more efficient and more concise than C++. OCaml has already been used to implement other P2P applications (MLDonkey). And if you absolutely must have braces, there are things like D and Felix, which bring the same benefits to a familiar C++/Java-style syntax.

Judging all compiled languages by C++ is like judging all interpreted languages by Python. Deciding to use an interpreted language because compiled languages "suffer from buffer overflows" is exactly like deciding to use a compiled language because interpreted languages "have significant whitespace", i.e. it's complete and utter bullshit.

Re:Sigh

Java isn't the reason it is slow, being poorly written in java is the reason it is slow.
There are many java programs that are larger and do more intense work that run just fine.

Re:Sigh

Okay then, I'll support his remarks.

I've run Freenet for ages. It is an excellent idea with a not so excellent implementation. Freenet is currently taking up over 300MB of RAM, and is eating a lot of CPU.

I'm not saying Java is always less efficient. Maybe this could be improved in their codebase. I don't code Java - but I do write C/C++, and I'm certain that Freenet in native code could be orders of magnitude better than what it is now.

Re:Sigh

I've run Freenet for ages. It is an excellent idea with a not so excellent implementation. Freenet is currently taking up over 300MB of RAM, and is eating a lot of CPU.

And may I remind people this is something that's supposed to run in the background 24/7? Freenet if you just "jump on" when needed will be a really shitty network. A permanent drain of 300MB + CPU time is a lot. That said, there's a lot of encryption/decryption, IO and buffers involved so it wouldn't be a "light" C++ daemon either but I think you could do quite a bit better.

Slow networks

I think the main problem with freenet, I2P, and other similar services is not their privacy concerns (although important), but SPEED.

The speed at which any of these services run reminds me of when I had dial-up. Except these darknets don't even guarantee you can connect to even the most popular darknet sites. Even when I tweaked all the settings I couldn't ever get decent connections on freenet.

These sites are not going to be very viable until a lot of people use them, and a lot of people aren't going to use them until they reach something at least comparable to speeds of the regular web.

I appreciate all the effort of the people who make these pieces of software, but I can't help but feel much of their energy is misdirected.

Just my thoughts.

Re:Slow networks

I don't think it's so much Freenet's speed (although it is bad), as it is the way they've chosen for people to browse and interact with Freenet.

By making the web browser / HTML the means by which one navigates Freenet and retrieves content, they've forced people into an inappropriate model. Web browsers require you to sit there and monitor their activity, then click links and wait some more. No good when your latency is O(1 hour).

A better UI solution would have a two-tiered model, say one that spiders large amounts of metadata in a single pass (say overnight), lets you browse through all of that in a few minutes and pick the things you want to download, then queue them up and wait a couple of days for them to arrive. Sort of like the model used for BitTorrent: WWW for finding and selecting torrents, then the actual BT client for queuing files and managing downloads.

Re:Slow networks

These sites are not going to be very viable until a lot of people use them, and a lot of people aren't going to use them until they reach something at least comparable to speeds of the regular web.

The first one is based on a presumption that Freenet scales superlinearly. My impression is that with a larger network, the average path length goes up, and it doesn't get any better. Yes, data retention *might* improve (assuming you have more non-unique content = more copies/data) but that again requires accurate routing. My impression is that Freenet's routing is not accurate enough.

As for speed, no anonymous network will reach neither the bandwidth nor latency of direct connections, but in Freenet's case it is the latency. The speed can actually be fairly decent on a large file with 200 threads, but waiting for one link can take ages.

Trust...whom?

When you first start Freenet 0.7 your node will not know any other nodes on the network, you need to connect to other nodes, at least three. Ideally you should find people you trust that are already part of the Freenet 0.7 network and connect to them, but if that isn't possible in the early stages of the Freenet 0.7 network you can try connecting to the irc server irc.freenode.net and join the channel #freenet, to see if anyone will connect to you.

In other words, if you want to use Freenet 0.7, you really ought to know 3 other people who are already using Freenet 0.7. Considering there are maybe 200 people on this planet who are currently using Freenet 0.7, good fscking luck.

But if you don't know three people who are using Freenet 0.7, hop on IRC (which is not the least bit anonymous) and see if some random stranger will give you their noderef. Random people who don't know each other exchanging noderefs over IRC provides what advantage over the prior Freenet implementation, exactly?

I don't know 3 other meatspace people who use Freenet, much less Freenet 0.7. I can't imagine that trading noderefs with some random person on IRC is any more secure than maintaining a node on 0.5.

I'm no Freenet hater, I've been running it for years and I've made several donations. Freenet showed me the "Diebold Memos" and other interesting items. I'm just looking for a plain-English explanation as to how 0.7 is an improvement over the prior Freenet implementation.

Re:What part of "testing" don't you understand?

Should I donate again to get you off my back?

Of course you should :-)

I wasn't responding to the Freenet Project website, I was responding to the Slashdot story. Something tells me that this particular Slashdotting was premature, but that tends to be the way it goes for Freenet; Slashdottings, as much as others may welcome them, are typically a bad thing for the Freenet network. If nothing else, we'll get new users. For awhile. We can only see how the network handles the next few days worth of influx.

Point taken. Its a tricky one, do you go for early publicity, or wait until you have a more robust piece of software. Freenet has always generated significant publicity at pretty early stages of development, and while it has disadvantages, on the whole I think it has been beneficial, it attracts developers (at a time when they can still make a real difference), not to mention donations, which we really need right now. We do try to be explicit about the fact that it is an alpha for testing, to avoid people being disappointed.

Re:Trust...whom?

Add to this the fact that in places like China, where the authorities are likely to put your ass in the gulag just for trading encrypted packets, or running some suspicious to them services on suspicious ports, which they will detect due to the wonderful all-pervasive ISP surveilance of every packet provided to them by giants of moral integrity such as Cisco, and things become even murkier.

I find the problem intractable from a theoretical standpoint, given current IP protocols and network implementations.

Here's the two steps to make it tractable:

1. Put your web pages behind an SSL connection. Any web browser today can visit https as easily as http, but an ISP wanting to (or being forced to) snoop those connections will have a monumentally harder time.

But what, your web pages are nothing but an electronics tutorial and a photo album? So much the better. The point isn't that you need to find anti-totalitarian political tracts to translate into Chinese, the point is that if *everything* on the web starts moving to encrypted connections, those sites which need the encrypted connections can use them without sticking out. Web storefronts have done far more to make encryption indispensable than political activists ever could, but every little bit helps. We want to make the Web a place where trying to cut off your people's ability to talk to SSL sites would be like cutting off your own hand.

2. Put proxy services up on your web server. Whether it's an remailer gateway, a web proxy, whatever - the idea is to make it impossible for censors to ban or monitor network access by IP. SSL doesn't protect the IP of the websites you visit, it just protects the content you send and receive from them, and sometimes that's not enough. If you're an ex-Mormon trying not to get kicked out of BYU, it's probably a good idea not to have a lot of exmormon.org IPs in their network logs regardless of whether the content of what you read and write is there as well.

That's it, two steps: first make encrypted communications more common, then use those encrypted communications to make private communications less suspicious. The second step is going to take longer than the first, but it'll get here. The price of bandwidth for proxy services hasn't fallen as fast as the price of CPU time for SSL encoding, but they're both still getting cheaper. From a theoretical point of view, it's always possible for the Chinese government to say "No encryption for you!", but from a practical point of view we can make that equivalent to disconnecting from the internet entirely.

Recent post on Freenet mailing list

On 31 Mar 2006, at 20:08:
> This isn't about *technical* support, I just wanted to tell Matthew
> thanks
> for working on this project. The US government is really scaring
> me and
> I'm glad someone's working on this. You're doing a great job man.
>
> One question I have is that the paypal balance on the home page
> usually
> says something like a few hundred $, and I was wondering if it's
> actually
> generating the required $2300 per month, or if it's falling short.
> I've
> had a monthly donation set up for quite a while now, and I just
> want to
> make sure everything is going well financially for the project.

We have been fortunate enough to generate just about enough to pay
for Matthew for the past few years, but donations have been tailing
off as we haven't put out any new releases in quite a while due to
our work on 0.7, and the financial situation is actually quite
precarious just now.

Our hope is that with the 0.7 alpha release we will get some
donations, but if anyone can contribute, now would really be the time
(as there can be no guarantee that the 0.7 alpha release will
generate the level of publicity we have seen for previous releases).

Ian.

Darknet + Bittorrent = Mass Appeal !

Here's my 'freenet/Darknet' wishlist for the next release (hopefuly it won't take another 5 years before any major break throughs):

1) Bittorrent/utorrent inside Darknet support. (i.e. encrypted semi-anonymous file transfers)
2) Full IP anonymity
3) Multi-port support (i.e. when firewalls block it, you can change ports).
4) User selected periodic chaotic deep packet protocol emulation. Say what?! Imagine if you could download from a list of popular standard protocols & configure your Darknet client to emulate most of these protocols (one at a time & announcing the new protocol to your group of file-exchange-buddies)- anytime you want. You'd periodically select a new protocol (i.e. FTP, HTTP, OSPF, DNS, etc every time some advanced firewall blocks you) & BAM ... you punch through making your traffic seem like standard protocols. An advanced version of this would allow you to load balance your traffic over multiple standard look-alike protocols, thus forcing ISP's to not be able to track (through agregate port router bandwidth stats) which new protocol/port you are using now so they could block it. Also, by allowing multi-protocol chaotic support that means each group of users would be using different protocols & ports... now try to stop that Mr. China firewall!
5) Proxy bounce support
6) Open source API for additional protocol bounce support. (i.e. allows for crackers/hackers of restrictive/oppressive nations to piggy back Darknet inside a legit Server running say FTP or something of the sort) - Once the trusted server is infiltrated, it could allow for proxied clients to connect through it and out to the rest of the world.

I'm sure some of you could come up with more utopian anonymous & liberative strategies.

Cheers
adeptus_luminati

Re:Darknet + Bittorrent = Mass Appeal !

1. Take a look at Frost (see here [freenetproject.org])
2. Not sure what this means, even at this early stage Freenet 0.7 is pretty anonymous compared to the competition
3. You can change Freenet's port very easily in the freenet config file, the initial port is selected randomly
4. This would probably be overkill for the monitoring mechanisms in existence today
5. Not sure what this means
6. This either

I for one...

welcome the idea that our overlords will have a harder time censoring and surveilling us.

You "child porn"-arguing people miss the point

(I'm probably repeating things that have already been said, but I need to say my piece.)

Certain people are going to do unsavory things to children regardless of whether or not they have an audience. I have always failed to see the extra harm done through dissemination of such material. Would you rather that no evidence be distributed, so that the children suffer in silence? Certainly the extra indignity is insignificant in comparison to the original act.

Truly, I do not understand. Do you somehow think that the urge to abuse children is somehow viral, and that child pornography will "infect" others?

Any way I look at it, all objections to Freenet seem to boil down to one of two things:
1. "By golly, we have to do something about all of this child pr0n!"
2. "I don't want to get in trouble with the authorities."

The problem with #1 is that there isn't anything you really can do about it, and any symbolic act has the effect of harming legitimate use. IANAL, but I think that since, by probability, there isn't necessarily anything illegal flowing through your node, you have plausible deniability. As long as you run it on computers for which you have permission to use in this way, it's unlikely that you will get in any trouble.

If you don't want to participate, then that's fine with me, but make sure that you remember that convincing others not to use Freenet provides no viable benefit to children under abuse and harms legitimate attempts to exercise free speech.

Re:You "child porn"-arguing people miss the point

Truly, I do not understand. Do you somehow think that the urge to abuse children is somehow viral, and that child pornography will "infect" others?

Does the bible belt think that pornography will lead to promiscous sex acts? Do people in Europe think hate speech leads to hate crime? Do people in China think anti-communist information will lead to anti-communist movements?

That's not the issue, the issue is what you're doing when you're building infrastructure, communication networks. Let me play the devil's advocate: The pedo down the street probably has a lot more use for broadband than I do. Without it, I could still head over to the nearest CD/DVD/game store rental, he couldn't. Should we just roll back time?

Whenever I pay for that infrastructure, I contribute to his as well. It's just that I pay an ISP to build bandwidth, rather than donate it directly. That doesn't mean I support or condone it, but that when you build a common resource somone might misuse it.

I think the concept of a server-less repository where you publish some information and have it distributed by a global net of cache-servers (which is all Freenet is, in a sense) has lots of interesting and valuable possibilities. Potential for misuse? Certainly. But I'm not going to take a larger blame for that than that the pedo down the street now has broadband, i.e. none.

Re:You "child porn"-arguing people miss the point

Yes the thinking goes that abuse is viral.

First some people might fight their unwholesome thoughts, but cease to when confronted with evidence that others are actually doing what they'd like to do.

Second even if those people don't act, they might like to watch. This creates a demand for the material, and therefore it has to be on offer somehow. The theory goes that is demand is stiffled, there won't be such an incentive for the supply and therefore less abuse.

Anyhow, I can't see how one can turn a blind eye to child abuse.

Large SeedNode

I've just finished setting up the new server, some quick specs: 3.2ghz p4, 100mbps uplink, 1.2TB datastore, 4gb ram

Once you've finished setting up your node, get on irc.freenode.net #TekNet (#Freenet is also a good idea). Paste your key url in the channel and it should be parsed & added automatically.
Server key is in the channel topic, please note that this node is publically accepting all keys, so therefor is no longer a "darknet"

At the time of posting, it currently has accrued approximately 40 active links, which is the most seen so far tonight for a node.

Not truly invisible

How can it be legitimately said:

it makes it extremely difficult for them to even know that you are running a Freenet node at all.

Any entity which can tap your ISP's next-hop router can tell if you're running Freenet due to the large quantity of encrypted traffic flowing in and out.

If we're talking about, say, a citizen of an oppressive regime attempting to communicate secretly over the internet, it is a fair assumption that the said regime can tap all the citizen's traffic through their ISP (who will co-operate, or they will lose their ISP licence).

Question: government or industry pays the narcs?

Great. We're already paying cops to sit on their ass in a cube all day pretending to be 13-year-old girls. Now we're going to pay for them to brag about their dynamite movie/music/program libraries? Sounds like a painfully banal job all day every day.
   

This sounds way overhyped

There is no such thing as a 'hidden' network. Not to your ISP, not to your legal system, and not to your government. Packets are packets and that is that. Routers see them, switches see them and traffic sniffing sees them. This whole 'dark' sup3rs3ckr3t n3tw0rk sounds like a bunch of baloney to me. The only way you can possibly get around any problems with getting busted for pirating music/software on p2p is to meet in a dark alley somewhere and swap cds. Even then, you'll probably IM on yahoo to meet and get busted anyway.