P2P networks for website hosting
Tor
The Tor network [4], which was created shortly after the turn of the millennium, is mainly designed to conceal the identity of an Internet user, for example, in countries with restrictive Internet monitoring. Your PC does not connect directly to the web server; instead, the Tor network redirects the traffic to several other computers on the Internet. To allow this to happen, volunteers operate special servers, known as Tor nodes or relays. Only the last relay in the chain, the exit relay (or exit node), passes the user's request to the web server on behalf of the user. The Tor client and the relays encrypt messages multiple times. No one can sniff or trace the communication (Figure 7). Users can thus anonymously use Internet services.

Hidden services are a little-known feature. These hidden services allow anyone to anonymously offer websites and services on the Tor network. Users of these services can neither discover the IP address nor the true location.
To reach a service on the Tor network, the service first needs to publish its existence on the network. This process follows a fairly complicated pattern: First, the Tor client generates a key pair that identifies the service. Second, the client connects to some randomly selected relays, known as introduction points. The client stores the public key, along with information about the introduction points, in a distributed hash table that acts as a kind of directory service. Other Tor clients can then reach the service under service.onion
, where service
stands for a 16-character name created by a hash algorithm from the public key of the service. The big advantage: thanks to the automatically generated domain name, all parties can verify at all times that they are actually talking to the genuine service.
A client that wants to use a hidden service connects to a randomly selected Tor relay and asks it to act as a rendezvous point (Figure 8). Then, the client asks one of the introduction points to send a message to the service. Among other things, this message contains a reference to the rendezvous point. The Tor client on the computer with the service connects to the rendezvous point, through which both parties then communicate with one another. Although the whole process ensures anonymity, the many computers involved affect the speed.

If you want to offer a hidden service, you first need to set up a service. You can set up an arbitrary Internet service, say, an Apache web server. In addition, you need to configure and launch the Tor client. The client version was 0.2.7.6 when this issue went to press. On their website, the Tor developers primarily offer the Tor browser, which comes with a pre-configured Tor client.
The client itself is hidden behind the link View All Downloads
. The client is also available from the repositories of all major distributions, and it is available on a BSD-style license. The client, which is programmed in C, must be able to connect to at least ports 80
and 443
.
Tor itself starts as the tor
daemon; the applications, in turn, use port 9050
as proxies. Using Tor as a relay requires a small modification of the torrc
configuration file; on Ubuntu, this file resides in the /etc/tor
directory.
To publish a service on the Tor network, Tor users need to edit the configuration file after setting up the torrc
client. Then, add two lines in the section for the hidden services:
HiddenServiceDir /var/tor/hiddenservice/ HiddenServicePort 80 127.0.0.1:8080
In the directory following HiddenServiceDir
, Tor stores some data about the hidden service, including a file revealing the .onion
URL of the service.
Following HiddenServicePort
is a port that the users of the hidden service access; for example, they access the web server in this example via port 80
. This port number is followed by the IP address and port to which the Tor client routes all requests. In the preceding example, the web server runs on 127.0.0.1:8080
; after a restart of the Tor client, it automatically initiates all the further required steps.
The Tor network uses only TCP connections, and it lacks automatic end-to-end encryption. If the browser continually reveals information about itself and its site, the web server at the other end of the chain could read this information. On the other hand, if a web server running as a hidden service reveals information, a user could discover its location.
ZeroNet
ZeroNet [5] is just over a year old (Figure 9), and it primarily acts as a platform for web pages. ZeroNet clients communicate via the BitTorrent network using encryption; therefore, the IP addresses of users are visible. ZeroNet developers thus recommend routing traffic through the Tor network. The ZeroNet client supports Tor out the box, including .onion
addresses and hidden services.

Each site receives a unique ID, which other ZeroNet users can use to access it. You can set up domains with the .bit
suffix for the published sites. ZeroNet does not use the classic domain name system but instead uses a Namecoin-based alternative [16]. As with the crypto currency Bitcoin, the names end up in a distributed blockchain (Figure 10). The ZeroNet developers promise that clients update changes to a website in real time; users therefore do not see outdated content.
The ZeroNet client is written in Python and is available under the GPLv2. The source code is on GitHub [17]. The client had reached version 0.3.5 when this article went to press. ZeroNet relies on Python 2.7, as well as the Python modules Msgpack, Greenlet, and Gevent. The larger distributions all offer the components in their repositories.
Users wanting to install only need to download the latest ZeroNet version from GitHub and call the python zeronet.py
command.
The ZeroNet client starts as a service that automatically opens the appropriate ports via UPnP. In addition, ZeroNet provides a web interface on http://localhost:43110
. For admins, the ZeroNet developers offer a Vagrant image and a Docker container with a preinstalled client.
If you want to publish a new website, your first need to log into a disabled client using the python zeronet.py siteCreate
command. The client generates a key pair and a long and cryptic site address. Users can access the website via the URL http://localhost:43110/abcdef
, where abcdef
is the address of the site.
The actual website is stored in the subdirectory data/abcdef
. You can make changes to your heart's content, but you do need to sign them using python zeronet.py siteSign xyz
or publish using python zeronet.py sitePublish xyz
, where xyz
is the private key generated by the client when you log onto the page.
To discover how to register an easier-to-read .bit
domain, check out the spartan, but actually complete, online documentation [18]. ZeroNet does not currently support scripting languages such as PHP or Ruby. If you want to provide dynamic web pages, you need to rely on an API offered by ZeroNet by the name of ZeroFrame. The API only supports JavaScript or CoffeeScript. A database built into ZeroFrame stores the data.
Conclusions
Users can publish content anonymously on any of the P2P networks examined in this article. (See Table 1 for a summary of features provided with Freenet, I2P, IPFS, Tor, and ZeroNet.) Each project pursues its own approach. The only thing they have in common is that they use encrypted communication over the Internet and that the traffic is partly routed via several private computers. The encryption and the complexity of the routing process mean that load times and latencies are noticeably lengthy for all the networks. Taking several seconds to retrieve a simple static page is not uncommon. Networks with many participants are faster, but only with Tor and I2P, which make users responsible for the services.
Table 1
Services
P2P-Netz | Freenet | I2P | IPFS | Tor Hidden Services | Zeronet |
---|---|---|---|---|---|
Website |
|||||
Client license |
GNU GPL and Apache License |
Public Domain |
MIT License |
BSD License |
GPLv2 |
Version |
0.7.5 |
0.9.24 |
0.4.0 |
0.2.7.6 |
0.3.5 |
Programming language |
Java |
Java |
Go |
C |
Python |
Connection only with manually selected clients |
yes |
no |
no |
no |
no |
Client runs as a daemon |
Yes |
Yes |
On request |
Yes |
Yes |
Client requires root access |
No |
No |
No |
No |
No |
Allows to bandwidth limits |
Yes |
Yes |
No |
Yes |
No |
Control |
Web interface |
Web interface |
Web interface |
Command line |
Web interface |
Plugins |
Yes |
Yes |
No |
No |
No |
Services |
|||||
Files |
Yes |
Yes, with corresponding software |
Yes |
Yes, with corresponding software |
Yes |
Websites |
Yes |
Yes, with corresponding software |
Yes |
Yes, with corresponding software |
Yes |
Dynamic websites |
No |
Yes, with corresponding software |
No |
Yes, with corresponding software |
Yes, restricted |
|
Via plugin |
Yes, with corresponding software |
No |
Yes, with corresponding software |
No |
Blog |
Via plugin |
Yes, with corresponding software |
No |
Yes, with corresponding software |
No |
Chat |
Via plugin |
Yes, with corresponding software |
No |
Yes, with corresponding software |
No |
Nameservice |
Proprietary, via special keys |
Address books |
No |
Distributed hash table with automatically generated URLs |
Namecoin method |
Network search possible |
Yes, experimental |
No |
No |
No |
No |
The other P2P networks restrict the user by not supporting dynamic websites. Due to the performance drawbacks, none of these P2P networks is a serious competitor to the traditional Internet unless you are interested in exploring the privacy features. See the box titled "Old Dogs" for a summary of some other P2P network services.
Old Dogs
A few other P2P network tools deserve mention, though they don't appear to be in active development. GNUnet, for instance, has been around since 2001 [19]. The P2P network was originally designed for "anonymous, censorship-resistant file-sharing."
GNUnet has gained some new services over the years. For example, the GNUnet VPN service can route conventional IPv4 and IPv6 traffic over the network, and thus the system supports any Internet-ready service. The GNU name system (GNS) replaces the domain name system. GNUnet Conversation even supports phone calls, but currently, full anonymity is not guaranteed. The latest version of the GNUnet client, 0.10.1, dates back to April 2014.
Osiris [20] and Netsukuku [21] seem to be in very deep sleep. The latest stable version of Osiris (0.15) appeared in November 2011; work on version 1.0 has remained stagnant in the alpha phase since December 2014. A completely new development of Netsukuku was scheduled to appear in 2010, but this new release has not happened so far.
The Retroshare [22] P2P network is intended to build an encrypted connection to one or more friends. Users can then chat, hold video conferences, exchange email, share files and enter discussions on forums. Retroshare does not guarantee anonymity – if you want to hide your IP address, you need to route communication via Tor or I2P.
Infos
- Freenet: https://freenetproject.org
- I2P: https://geti2p.net
- IPFS: https://ipfs.io
- Tor: https://www.torproject.org
- Zeronet: http://zeronet.io
- Freenet Java Web Start Installer: https://freenetproject.org/assets/jnlp/freenet.jnlp
- Freenet Installer: https://freenetproject.org/assets/jnlp/freenet_installer.jar
- Freenet source code: https://github.com/freenet/fred
- I2PCon: https://geti2p.net/en/about/i2pcon/2015
- Eepsite: http://eepsite.com
- Tahoe-LAFS: https://tahoe-lafs.org
- I2P source code: https://github.com/i2p/i2p.i2p
- Ports used by I2P: https://geti2p.net/en/docs/ports
- IPFS source code: https://github.com/ipfs/go-ipfs
- IPFS Docker Container: https://hub.docker.com/r/jbenet/go-ipfs/
- Namecoin: https://en.wikipedia.org/wiki/Namecoin
- Zeronet source code: https://github.com/HelloZeroNet/ZeroNet
- Zeronet documentation: https://zeronet.readthedocs.org/en/latest/
- Gnunet: https://gnunet.org
- Osiris: http://www.osiris-sps.org
- Netsukuku: http://netsukuku.freaknet.org
- Retroshare: http://retroshare.sourceforge.net
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
News
-
PipeWire 1.0 Officially Released
PipeWire was created to take the place of the oft-troubled PulseAudio and has finally reached the 1.0 status as a major update with plenty of improvements and the usual bug fixes.
-
Rocky Linux 9.3 Available for Download
The latest version of the RHEL alternative is now available and brings back cloud and container images for ppc64le along with plenty of new features and fixes.
-
Ubuntu Budgie Shifts How to Tackle Wayland
Ubuntu Budgie has yet to make the switch to Wayland but with a change in approaches, they're finally on track to making it happen.
-
TUXEDO's New Ultraportable Linux Workstation Released
The TUXEDO Pulse 14 blends portability with power, thanks to the AMD Ryzen 7 7840HS CPU.
-
AlmaLinux Will No Longer Be "Just Another RHEL Clone"
With the release of AlmaLinux 9.3, the distribution will be built entirely from upstream sources.
-
elementary OS 8 Has a Big Surprise in Store
When elementary OS 8 finally arrives, it will not only be based on Ubuntu 24.04 but it will also default to Wayland for better performance and security.
-
OpenELA Releases Enterprise Linux Source Code
With Red Hat restricting the source for RHEL, it was only a matter of time before those who depended on that source struck out on their own.
-
StripedFly Malware Hiding in Plain Sight as a Cryptocurrency Miner
A rather deceptive piece of malware has infected 1 million Windows and Linux hosts since 2017.
-
Experimental Wayland Support Planned for Linux Mint 21.3
As with most Linux distributions, the migration to Wayland is in full force. While some distributions have already made the move, Linux Mint has been a bit slower to do so.
-
Window Maker Live 0.96.0-0 Released
If you're a fan of the Window Maker window manager, there's a new official release of the Linux distribution that champions the old-school user interface.