Pseudonymous infrastructures employ encryption and techniques like onion routing to achieve a new level of privacy. You can think of them as parallel dimensions of the Internet that cannot be monitored by men in the middle as the regular Internet (whoops – and we wrote that before 2013's revelations).
You can call them Darknets, but you shouldn't – because that sounds like you are hiding something when you are actually just being respectful of your friends' privacy. In fact these systems are based on intrinsic end-to-end authentication and cryptography making them more reliable than regular HTTPS or TLS which is based on delegating trust to some authorities, so it is factually more accurate to just call them "secure networks".
Usually these networks form a rather anonymous swarm of peers in a P2P fashion – then again P2P isn't accurate since high-bandwidth relay nodes usually play a fundamental support role in the distributed architecture. Some techniques focus on trusting only a specified social network of friends while others use game theory mathematics to figure out which relays to trust. Typical to this new architecture is the key addressing combined with a DHT.
Contents |
It's not P2P like in the old days
F2F technologies do not need to be P2P based in the sense that they depend on people to have their end-user machines running and come with instability and high latency due to DSL. It is also possible to deploy these technologies on server relays – You just need strategies to ensure that your bandwidth is being used in legitimate ways, not being spammed by whoever doesn't like you. There are several strategies to address that. The PSYC way typically is to leverage the social graph.
Tor is a nice example of such a network of agnostic relays. Although the protocol is distributed in a P2P-like design, most relays are operated from the Internet backbone and provide excellent speeds.
More representative projects of this kind:
Consult http://youbroketheinternet.org/map for a map of projects researching the potential for a distributed better Internet.
F2F in its pure form isn't even a worthwhile goal as it still exposes the social graph to potential observers (as it happens with Retroshare). What it takes is F2F logic on top of an obfuscation backend providing for onion routing.
GNUnet's Anonymity Protocol
GNUnet's file sharing protocol GAP has some interesting strengths, according to the claims in its whitepapers:
- Untraceability: The protocol makes various efforts to hide who is communicating with whom.
- In particular, GAP has the ability of letting the application decide how many hops to insert between sender and recipient, so you can make your own decisions on how important packets are, how paranoid you are, and still use it when you hardly need so much security at all. But, even when two people are exchanging data directly, you can't be sure one or both of them isn't actually proxying for somebody else. This mere unpredictability is a privacy enhancement.
- Unobservability: GAP has enhanced security by making all packets the same length, thus harder to guess what they might contain.
Paperwork:
Links:
Filling the gap: PSYC on top of this
What happens if we inject PSYC packets into an agnostic network of relays? Interesting things can happen. Here's what PSYC2 brings to the table:
- messaging, identity (uniforms)
- echoes & queues are very important
- trust & friendships
- friendcasting
- presence (although your router list may give you a basic notion if somebody is "there")
Mid term:
- chatrooms with history, timestamps and idling (they require dedicated "server" nodes)
- profiles
- microblogging
- newscasting
- mail? (multi-line messaging, store and forward)
- SPAM protection
- Gateways:
Things that matter in the long term:
- all things above in binary and possibly large
- native pseudonymous multicast as described below
- channels
- distributed state
- activity
- packet ids
Some aspects of PSYC1 no longer make sense in a key-addressed system:
- TLS and OTR encryption
- DNS, X.509
Trust metrics could become a very important factor for GNUnet's routing. In the GNUnet talks held at a 2010 GNU meeting they mention how they need some method of ranking nodes. What they need is the dstributed state that allows you to draw up a social map around you and calculate trust values for every node out there, thus enabling you to pick those nodes that are less likely to drop your packets because they don't know you. This totally enables routing nodes to be run on server infrastructure, thus providing a huge speed boost compared to traditional P2P applications.
Pseudonymous multicasting
The currently existing onion-based routing strategies implement one-to-one message delivery. To put one-to-many or many-to-many multicast routing layer on top would obviously have complete tunnels between each hop resulting in huge latencies. That probably doesn't make a difference when distributing large files by BitTorrent but this could be too slow and over the top for real-time oriented information that many are interested in, such as newscasting. It could be interesting to provide native multicast routing in these darknet technologies in order to improve efficiency of pseudonymous multicasting.
- GNUnet folks are working on a mesh service which could lead to application-level multicasting.
VPN
The term virtual private network seems to mean the same but in this architecture where we expect a virtual network to be a lot more private and a lot more social it actually just means that your friends are mapped to virtual IP addresses so you can use existing Internet applications on your computer and tunnel their traffic through cryptographic routing.
GNUnet has a tool for doing VPN over it. Tor has its hidden services which serve a similar purpose. There are also some efforts to combine VPN with social network platforms such as XMPP ("SocialVPN") or even Facebook, but in that case you are no longer hiding who is talking to whom, so that's not as interesting. It sure looks like a pretty rebellious way to use Facebook at first, but thinking about it, it is really a very bad idea, because if you can get your friends to install some software, you should really give them something that lures them away from Facebook – not something that requires it even more.
See also
- Crypto sharing
- Kol. Panic's P3DO
- Communism
- secushare