_Ideas to anonymize Gnutella_
|Table of contents|
Why this document?
Filesharing needs sharing, and with people afraid of sharing the best network will be completely useless, and more and more Users will leave it. That is why anonymization and encryption are necessary to ensure the future of gnutella.
If only a quarter of the people sharing today stop sharing we will loose more than just download bandwidth, we will lose files. And if three fourth of the sharers don't dare to share anymore for fear of the IRAA, every sheme to introduce anonymity and encryption will make Gnutella more efficient, even if it should cost a hell of bandwidth.
This page is intended to help to find the method which is least bandwidth consuming while ensuring the anonymity of the Users. As starter I list some proposals to anonymize Gnut. Feel free to change anything you like, as long as you feel that the document gets better by this, and please add comments wherever you feel like it.
For information on Gnutella, please visit: GnutellaForUsers.
Proxying of Queries and Downloads
_Author: Arne Babenhauserheide_ (Source: http://draketo.de/inhalt/krude-ideen/ano-gnut.html )
I see a way to anonymize Gnutella without changing too much (hopefully). I think when abandoning some bandwidth isn't so great a problem because only a small part of the people share you could use the freeloaders bandwidth for routing downloads.
The concept reduces the reliability a bit, but introduces gradual anonymity.
Only leafs would share. The UPs would not give out the IP of the leaf for a given query reply, but their own IP and a name or tag for the leaf which has the file. The UP of the searcher would also only give its IP and a local ID-Tag for the reply.
The file would then be routed from one leaf to the other over two UPs. No uploader and no downloader would see the source-IP anymore, and no single UP would know the IP of both the Uploader and the Downloader. If The UPs would remember an IP and the tag for it for a certain amount of time (longer than the cache, because the cache of other might (if I understand it correctly) still contain the code).
This way you could also (re?)introduce name-tags for the Users which would also have a meaning.
Maybe later it would even be possible to search for a certain name instead of an IP, and to relocate known hosts and buddies in this way (if both chose to use a recognizable and sufficiently long string as name), without ever learning about the IP, btw.
With encryption added to the transmissions, Gnutella would become really safe to use again.
But the downside is wasted bandwidth.
To optimize you could say, that people who share much, wouldn't become UP, and that UPs wouldn't share, seperating content-providers from network-upkeep, but giving freeloaders a task to do. Or you could say, that UPs only answer to a search query with files of their leafs, and only their connected UPs would give query replies for the files, but not the UP which has the files.
Another possibility is not to use UPs as proxies, but to use leaves. As such, every leaf and UP would know some proxying nodes, over which the traffic could be routed. Best would be to use freeloaders for this purpose.
FreeTella: A blend of Gnutella and Freenet ideas
In order for gnutella to provide anonymity two things must be done, encryption of the msgs and caching/routing of at least some transfers. The files that are cached should be random, not based on the most popular files as this would open trafic to analysis. The idea below provides anonymity and would also greatly increase the resources of gnet.
Users would be able to share files on their harddrive, unlike freenet, and would also be required to have at least 100mb for encrypted files that would be shared. To any host searching/downloading they would be unable to tell if the file was one that was encypted and the user was unaware was even on the drive or one that the user was sharing. All network traffic should be encrypted. When encrypted/mirrored files are stored there would also be a separate file the user would have with the file name, meta data, and key. This would be searchable. So clients would also be creating lists of available files, meta data and keys for searches.
Some fraction of uploads should be rerouted. All of this would make it impossible for anyone to every say that a particular person was sharing a particular file.
Gnutella is good the way it is, there needs to be something different
_Author: tom scanlan_ ( email@example.com )
I have been toying with the idea of a new p2p protocol that is inspired by terrorist networks. The primary ideas being:
* people are only recruited based on trust * 3 nodes act as a cell * each cell mate is responsible for recruiting the members of a new sub cell * each cell mate only knows his cell mates, his recruits, and his recruiter. * queries are passed up and down the ranks, so only your cell mates know that you have made a query, your recruiter and recruits know olny that you handled the query * each node has a "stash" or filesystem that can be used to stash files * to stash a file on node b, node a sends a file via spoofed UDP packets to node b. node b gladly writes the file into the stash and holds on to it for a set amount of time. * to exchange files, send out a query for a file, someone has the file, they stash it on some other node, and send a message back up the ranks saying that node X has the file, you can go get it.
This is all very bandwidth intensive. Gnutella is great for what it does, but it doesn't do anonymous. What I have proposed above can limit exposure of your identity to a set list of people... hopfully that you know and trust. If one of your cell mates, your boss, or your recruits is a spy, you are probably caught. If you never share with these people, though, your identity should be safe.
It would be possible to bridge this type of network with gnutella. They would both remain seperate. If the p2pt could speak gnutella and proxied through the UPs, queries made from the p2pt would remain anonymous.
It's all a little nebulous still, but email me (hint: there are no zzzz's in my name.).
_new_: I may have a partial solution to the bandwidth issue. Using spoofed icmp unreachable messages we can route traffic directly to the querying node through major infrastructure routers not affiliated with the p2p network... this gives away the anonimity of the requestor as the sender has to know the destination.
Newsgroups and E-mail Segment Transport
I'm researching about using e-mail messages and newsgroups posts to deliver segments of file to requensting peers in Gnutella/G2/eDonkey network (but nothing bar to use it for BitTorrent and other P2P filesharing/downloading networks or protocols).
I will skip the tech part about hashes and file/segment identification, and traffic pros and cons.
Anonymous networks need proxying and caching of the content so they are able to protect the publisher/sharer and the receiver from traffic analysis, putting one or more degree of indirection from the first to the latter.
If an e-mail transfer protocol is developed, multiple peers can be served from a single source, using an SMTP server to deliver the same segment by e-mail to multiple receivers. This don't protect the sender directly, but the nodes of the network can act like anonimizers services, and receive a message (by e-mail or by direct TCP connection) from the original node and rebroadcast it to the receivers using their own SMTP servers. If the remailer don't keep logs, linking the start point and the end point of the communication will be very difficult and costly for a third party. Also segments can be crypted and sended not in realtime, but after a delay or marked with low priority to ease management of network traffic.
GNUnet, a stable network that helps give a glimpse of anonymity done right
_Author: A Jones_
You should check out http://www.ovmj.org/GNUnet/ GNUnet is working along the same lines as this and shares many common characteristics with gnutella and it's future features (such as UDP search requests etc). The project leader has also made it clear that although its primary concern is with anonymity and secure transactions, for people wanting to forgo the drawbacks of anonymous routing the use of the Gnutella network as the less anonymous transfer device, indeed the idea is for the user to set what level of anonymity/security they want and take the best from both words. So collaboration may prove very interesting if not a working partnership with some clients. Unlike Freenet it doesn't let the less popular/rare files drop off the network after a period of time also. As it's a framework protocol it deals with all other transports and has mechanisms for SMTP, HTTP, UDP, TCP and many others in the pipeline. It also has some very interesting ways of dealing with leechers via community "Economics" for users. Take a look, and if you already have, take a closer one. It's written in C and has a gtk front-end at the moment.
I2P as anonymous proxy
_Author: Arne Babenhauserheide_
There is a project using Phex (http://phex.org) and i2p (http://www.i2p.net) to create an anonymous p2p-network based on the Gnutella Network. Is is avaible as i2Phex (http://forum.i2p.net/viewforum.php?f=25) in the i2p-forums.