Anonymity and deniability in distributing information are two of the goals
project. Recently revamped to
use a new content encoding called
Encoding for Censorship-Resistant
, GNUnet has released version 0.7.0 with an eye towards a
stable version sometime during the next year.
At its heart, GNUnet is a mechanism to share content with others without
revealing who generated the content or who accessed it. It also
provides intermediate nodes in the network with the ability to deny
knowledge of the contents of any traffic they forward because they are
unable to decrypt it.
Anonymity relies on there being a large number of nodes participating in
the network, forwarding traffic for each other. The GNUnet protocol
attempts to make all traffic look the same, whether it is satisfying
a request for information that resides locally or forwarding a request
or response from another peer
in the network. When traffic is light, GNUnet will delay requests to
accumulate enough traffic before sending to other peers making it difficult
for external analysis to pin down which peers are communicating and what
content is being transferred.
Only the requester of content has the key necessary to decrypt the content
which provides deniability for intermediate peers.
In the default configuration, GNUnet peers
automatically migrate content from the node where they were inserted to
other peers. In the event that some hostile entity gets
control of the node, breaks the encryption and determines the content
stored by the node, node operators can plausibly claim
that they had no knowledge of or control over the content stored on
Once content has been inserted into GNUnet, users can search by keywords
to find content of interest. ECRS guarantees that intermediaries cannot
see the keyword being searched without guessing the keyword, applying the
query hash and comparing the result. Only peers that have content with
that keyword (or have guessed it) can generate valid responses. GNUnet
depends on content providers generating proper keywords for their
content and nothing in the protocols stops malicious peers from generating
valid query results for a multitude of keywords. Easy to guess keywords
could easily be overwhelmed by bogus results.
Namespaces provide resistance to the keyword spamming attack by generating
keyword spaces that are cryptographically signed by some entity. That
entity generates a public-private key pair (known as a pseudonym) and signs
the content. Other users can form opinions about the trustworthiness of
content in that namespace and can use that information to further restrict
GNUnet tries to eliminate freeloading peers by relying on a trust-based
economic model. If a node gets busy and has more requests than it can
satisfy based on the amount of CPU and bandwidth its operator has allocated
to GNUnet, it will drop requests from peers that it trusts least. Peers gain
trust by satisfying query requests and lose trust by requesting content.
Because ECRS can determine that a query response is valid without being
able to decrypt the content, it resists attempts to gain trust by
providing bogus results.
Much like other systems designed to promote anonymous speech, some of which
were described in an LWN
article two years ago, GNUnet
suffers from a very slow user experience. Keyword searches can take many
minutes to return results and downloading the content often takes a huge
amount of time. In addition, the content available with some simple
searches left a great deal to be desired. There appears to be very little
of consequence available.
On the other hand, GNUnet does seem to have some excellent approaches to
handling censorship and spamming kinds of attacks that have hampered other
approaches to this problem. It seems to provide a very reasonable framework
for anonymous content sharing that would be of use to groups that wish to
circumvent the policies of authoritarian regimes. Unfortunately, deniability
is only likely to work in places that have relatively sane legal systems and
there are probably many places in the world where just having GNUnet running
on one's machine is enough to be branded as a criminal.
to post comments)