Weekly Edition
Return to the Security page
| |||||||||||||
Peer to Peer Freedom of Speech
One necessary precondition for true freedom of speech is a way to
communicate that does not identify the speaker or the listener. Several
projects are working to provide that ability through peer-to-peer
networking protocols that use cryptography to enable this kind of
communication:
Freenet,
Entropy, and
GNUnet.
The goals of these projects are quite similar, to provide for the free
exchange of ideas while thwarting any attempts to censor the information
or punish the participants.
The basic framework for each of these networks is a decentralized, peer-to-peer communications model where a node in the network talks to some number of other nodes, sending requests to these peer nodes and handling requests that come from them. The messages sent between nodes are encrypted using a session key that has been negotiated between the nodes using public key encryption. This encryption should be sufficient to deny a 'man in the middle' from determining anything useful about the traffic (other than its existence). When a node sends a request to one of its peers, there is no reason to assume that the request actually originated on that node as nodes will forward requests that they receive, but cannot satisfy. Any response that is generated to a node is likewise not necessarily ultimately bound for that node and could be the response to a request that was forwarded by the node. With a sufficient number of nodes and amount of traffic, no analysis of the traffic to or from nodes will reveal the true source and destinations of the requests. This stands in stark contrast to the more common peer-to-peer networks where, once the content is found, a direct connection is made from the destination to the source to retrieve the content. Each node that fully participates in the network provides some local storage for information in the network and can immediately satisfy requests for any data that it has stored locally. In order to provide deniability for the operators of these nodes, this data is encrypted and the operators are unable to determine what content actually resides on their node at any given time. Cryptographic hash functions on the file contents are typically used to identify particular files that have been inserted into the network. These identifiers are not particularly user friendly - for instance a copy of Kevin Mitnick's book The Art of Deception can be found in the Entropy network using the identifier:
SSK@zpxOK~ounTzoDwJKguoUHib8G7sBCMA/ArtOfDeception//
To make the system easier to use, various
network users have put together directories of content to help navigation.
The popularity of a file governs how long it stays in the network and how often it is replicated. Each of the networks has limits on the amount of storage available to it (based on the number of active nodes and the amount of storage allocated to the nodes by each operator) and must sometimes prune content when new content is added. GNUnet tries to overcome the problem of 'freeloaders' (nodes that request content but do not serve any) by adding an 'economic' layer to its network. Each node keeps track of its 'opinion' of the other nodes that it has talked to; nodes that satisfy requests have a better reputation and will be treated preferentially under higher network loads. Both Freenet and Entropy provide an HTTP proxy that allows the use of standard web browsers as clients to view some of the content on the network. Entropy also adopted the Freenet Client Protocol so that all of the client applications originally written for Freenet will work with Entropy as well. Frost is one of the most widely used clients and provides file sharing and message board functionality. GNUnet appears to mainly use command line tools, though gnunet-gtk provides a graphical front-end. Security is clearly taking precedence over performance, as it should, but this causes the user experience browsing Freenet or Entropy (at least) to be fairly frustrating. Sites can take tens of minutes to load or fail to load altogether, presumably because the information has either dropped out of the network or any sites that contain the information are currently offline or too far away (in network, not geographic, terms). Critics of these projects complain that they could be used by criminals for nefarious purposes and, obviously, that is true. There is no way to provide for anonymous communication that cannot be abused and these projects have decided that freedom of communication is more important than stopping illegal uses. In the end, these networks are tools like computers or phones and they can be used for good or for ill. It would be impossible and a serious affront to liberty to outlaw all tools that could be used to commit a crime. (Log in to post comments)
Peer to Peer Freedom of Speech Posted Dec 4, 2003 3:40 UTC (Thu) by ridrid (guest, #10092) [Link] Another similar project is Grapevine. It is in early development, but it looks interesting.
Problems Posted Dec 4, 2003 3:47 UTC (Thu) by ncm (subscriber, #165) [Link] My problem with Freenet is not distaste for some of the content, or for illegalities. It's more basic. Every time I have tried to run it, it has either got stuck in an infinite loop (using all available CPU cycles, an event I notice when my laptop fan comes on!) or consumed increasing amounts of memory until my machine began thrashing the disk (also audible!).I blame these problems not on poor coding, but rather on a poor choice of implementation language. Java may be suitable for programs that run to completion in a short time and under controlled conditions, but it does not seem to be a good choice for long-running programs run under widely varying circumstances. If Freenet were to run under xinetd, and die frequently and be restarted whenever there was work to do, it might be tolerable for it to be in Java. As it is, I can't use it.
Problems Posted Dec 4, 2003 15:11 UTC (Thu) by zlynx (subscriber, #2285) [Link] Not everyone has those problems. For me, Freenet runs fine, using about 380 MB of RAM while running. It's run fine for weeks at a time.A couple of suggestions: Use the newest Sun JRE, and run Freenet with "-Xmx512M" on the Java command line. Part of your problem with the high CPU usage might be Java trying to find available memory to garbage collect, so just give Java more space.
Problems Posted Dec 4, 2003 16:55 UTC (Thu) by ncm (subscriber, #165) [Link] My machine doesn't have 380M of RAM. Few do. It's frankly obscene that a program that just moves data from disk to network and back, with tiny indexing needs, consumes not just megabytes, but hundreds of megabytes.Again, I'm inclined to blame Java and its faulty memory management model, as embodied in equally faulty JVMs. There are good reasons that hardly any Free Software projects are written in Java. (I don't count those meant for people who are obliged to run Java anyhow.)
Problems Posted Dec 4, 2003 18:50 UTC (Thu) by stuart2048 (subscriber, #6241) [Link] I think you have it backwards. Long running, dynamic programs are an ideal candidate for Java. Good security and gc. Short lived programs, like cat or ls are bad candidates because the JVM startup and teardown cost is huge. Kind of like stuffing an elephant through a garden hose.This heavyweight startup is one of the most frustrating things I find with Sun's JVM implementations. (Note that I am careful to separate the JVM implementation from Java-the-language.) Moore's law is doing a better job than Sun at making Java start faster, unfortunately. I have made a career out of building long lived Java programs. And I too would say that 380MB is on the unreasonably high side. However the good news about Java is that it's possible to inspect the code and heap to see exactly where all that CPU and memory is going. You can do extremely detailed analysis of program flow and discover every object's lifetime, transparently without any developer involvement. This is very powerful. (Have you read Permutation City? Java might be a good candidate for running copies and the Autoverse :-). Unfortunately, bloat is often not your fault at all: sometimes it's the underlying library. Library developers with big, fat 3.0GHz machines often don't see the cost of their laziness ;-). Writing good, well behaved Java programs takes a great deal of experience in knowing what works and what doesn't. Java makes it easy to write slow code that works. With a little more effort it is also possible to write efficient code that works better. --Stuart
But I want to know what I'm hosting! Posted Dec 5, 2003 2:21 UTC (Fri) by skybrian (subscriber, #365) [Link] Not knowing what's hosted on my own machine is the deal-breaker for me. I'm really only interested in contributing disk space and bandwidth for files I approve of and want to see in wider circulation, not somebody else's porn. Do any of these products provide this option?
But I want to know what I'm hosting! Posted Dec 6, 2003 10:51 UTC (Sat) by zooko (subscriber, #2589) [Link] Freenet and Entropy definitely don't offer that feature. Nor does my project Mnet. I think GNUnet might! I'm not sure. If you find out, perhaps you could post about the issue to the p2p-hackers mailing list
Peer to Peer Freedom of Speech Posted Dec 6, 2003 10:47 UTC (Sat) by zooko (subscriber, #2589) [Link] "With a sufficient number of nodes and amount of traffic, no analysis of the traffic to or from nodes will reveal the true source and destinations of the requests."This is a very strong claim, and it is incorrect. If you monitor enough network traffic, you can easily see the actual origin and actual destination of transactions conducted through Freenet. The question is: does Freenet increase the cost of such monitoring high enough that nobody will bother to perform the surveillance? Please be careful in your use of Freenet, Entropy, GNUnet, and so forth. Humans haven't figured out how to deploy truly strong and safe anonymity systems yet. On the other hand, I do encourage you to use Freenet and the others! Especially if you are going to run reliable nodes, provide detailed bug reports, and otherwise help out. Disclaimer: I'm the leader of an alternative project which does not incorporate routing-layer anonymity: Mnet.
Peer to Peer Freedom of Speech Posted Dec 12, 2003 11:04 UTC (Fri) by flok (subscriber, #17768) [Link] When a node sends a request to one of its peers, there is no reason to assume that the request actually originated on that node as nodes will forward requests that they receive, but cannot satisfy. Any response that is generated to a node is likewise not necessarily ultimately bound for that node and could be the response to a request that was forwarded by the node. With a sufficient number of nodes and amount of traffic, no analysis of the traffic to or from nodes will reveal the true source and destinations of the requests. This stands in stark contrast to the more common peer-to-peer networks where, once the content is found, a direct connection is made from the destination to the source to retrieve the content.This is exactly what Cloudish does! (and it uses SSL)
Peer to Peer Theft of Name Posted Dec 12, 2003 15:42 UTC (Fri) by Baylink (subscriber, #755) [Link] My problem with Freenet is that they stole the damn name. And they stole it for a project that does light up a lot of people's lights, whereas the only people we "actual" FreeNetters were pissing off were commecial Internet Access Providers.And who gives a damn about them. :-) </rant>
|
|||||||||||||