Free communications on the Freenet network.
The Free Network Project provides a safe environment for free speech – even for users who fear censorship.
Freenet  is a network of computer nodes that use encrypted communications and anonymous file storage. The purpose of the Freenet network is to provide an anonymous environment for users operating in totalitarian countries who want to exercise their right to free speech without fear of government censorship. Freenet is also useful for corporate whistle-blowers or anyone else with strong feelings that might be too controversial to state openly.
Freenet is essentially a peer-to-peer network with many safeguards built in for preserving anonymity. Participants in the Freenet network operate as independent nodes. Each node only knows its nearest neighbors, and no node has complete knowledge of the network structure.
Users can upload files to the network and store them under a key. Others can use the key to download the files off the network. Anybody can download the file from any node on the network, even if the node that originally receives the request doesn't have a copy. If the node receiving the request does not have the file, it asks a neighbor, which might also need to ask its own neighbor, and eventually the request will reach every node on the network if necessary. All of this background communication is completely transparent to the user.
Freenet itself thus provides only an infrastructure that supports the secure, anonymous exchange of data. A collection of Freenet-ready client applications offer services such as web posting, file sharing, email, and message boards, and an http gateway lets users surf Freenet like the Web (Figure 1).
In all, Freenet plus its constellation of client applications support an environment that is like an anonymous, less interactive version of the Internet itself. Anyone interested in joining the Freenet network can do so by running a node. To do so, you have to install a Java application that implements the node, then you set up links to friends and acquaintances – or just let the machine search for other Freenet nodes. The Freenet Installer provides an address list with publicly accessible nodes.
Freenet strives to ensure that clients find the shortest path to data with a high degree of certainty. Because each node has a limited amount of storage capacity, it needs to decide which files to store and which to discard. It thus prefers files that are similar to those it already has, where similarity is measured by the key hashes and not by the file content. Other nodes learn what their neighbors specialize in and monitor the files that they receive from these neighbors. A node will send a request for a certain key to a neighbor from whom it has previously received the most similar keys (Figure 2). This mechanism works best when connections to neighbors are stable. In other words, nodes should run permanently in the background if possible.
To install and run Freenet, you need a Java Runtime Environment – the newer the better. If you have installed Java WebStart, you can enable the installer by clicking on the download page. Alternatively, you can download, unpack, and run an installer in the normal way. The installer drops the Freenet node and various optional client applications into an arbitrary directory. Freenet just needs a couple of millibytes of disk space, but you will need at least 1GB for the data store – more space is better because additional storage increases the chance of finding a data package you are looking for locally.
The installer then looks for two free UDP ports and launches the node. The Freenet node – with its integrated http access feature – launches within a couple of seconds, and you can configure it using a convenient web interface (see Figure 3). If you are using Freenet from home and don't have a static IP address, you might want to use a dynamic DNS tool such as DynDNS to let others on the network associate the node with a static DNS name. The DNS name, the bandwidth restrictions, and the OpenNet mode are important settings. If you are behind a NAT router, you can forward the UDP ports configured on the router to the computer running the Freenet node. The router only needs to allow responses to requests sent by your own node, and most NAT routers do this automatically.
After launching, the node starts to contact other nodes. Two possible scenarios are:
- If you have enabled OpenNet mode, the node will contact the seed nodes supplied by the installer and let them know its address and communication key. The seed nodes respond with addresses and keys of other nodes to which your node can connect.
- If you have friends or acquaintances that also run Freenet nodes, you can exchange contact data with them manually. Use the web interface to discover your own node's address and communications key, which you can then pass on to your friends. After entering the addresses and keys in your own configuration, the nodes will start to exchange data.
For workable network integration with the Freenet network, you will need to contact 15 to 20 other nodes. If you do not have so many friends on Freenet, Opennet mode is your only option.
Freesites and Flogs
The front page of the Freenet web interface is also the starting point for one of the most important Freenet features – a list of major Freesites. An ordinary browser provides you with access to the Freenet sites. The FProxy HTTP Gateway integrated into the Freenet node forwards the browser request and converts it into a Freenet key search. Some patience is required at this point – depending on the popularity of the page, the search could take a couple of minutes.
Freenet even has its own index pages. Freenet users have set themselves the task of categorizing existing Freesites and searching them for updates. Because Freesites do not offer the same kind of interactivity that a website offers, the index pages serve the role on Freenet that search engines serve on the web.
A flog is a Freesite equivalent of the blog. In addition to a number of Freenet developers, a large collection of colorful characters embrace the anonymity of Freenet by operating flogs.
The graphical jSite tool, which you can install by running the bin/install- jSite.sh script, lets users upload finished web pages to Freenet. After completing the install, just click on jSite.jar or enter java -jar jSite/jSite.jar at the command line to launch the program. The dialog that appears can manage multiple projects. jSite first asks you for your own node's address. For a Freenet node running locally, you can accept the default of localhost:9481 as the client port.
Selecting Add project in the menu tells jSite to create a new project and generate a keypair for the project (Figure 4). Users can add a path name and thus generate a USK. After assigning a name to the project and selecting the local directory that contains the files for your Freesite, you can then click Next to go to the site details. jSite lists all the files in the project directory. Clicking on a file name lets you specify how jSite should handle the file. The requirement is that you have at least an index page, such as index.html. jSite stores these settings in the project, which avoids the need to start from scratch whenever you update your project.
Containers are used to group files in ZIP format. Grouping multiple files in a container helps the page load faster. For occasional site updates, it is a good idea to group any files that change frequently in a separate container from the containers with more permanent files.
Clicking Insert now starts the upload. At this point, jSite packs the files into the containers and passes them to the Freenet node, which then forwards them to other nodes. Depending on the size of the site, this could take a couple of minutes. After completing this, your own Freesite is publicly accessible on Freenet: To transfer the Freenet address, you can select Copy URI to Clipboard on the jSite overview page, then you can cut and paste the address into the Freenet start page Access a key box.
Buy this article as PDF
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.