 Hi everybody, I'm here to present about the FreeNet project. First I need to gather some demographic information from the audience before I allow you access to my information. All right. Who all in here is a male between the ages of 18 and 24? All right. Who all here has no idea what FreeNet is or thinks that it's a free internet provider? All right. All right. Good. I'm presenting an Uber hack source, so I don't have to cover so many details. Okay. All right. So FreeNet, anonymous, distributed file sharing network. This is my little demonstration I made with crayons, props out to Griff John for the photoshopping. So anyway, so here's, I have some vacuous animations, which don't really give any real information, but they kind of give you a general idea of how it works. And then I'm just going to talk, and I don't have any PowerPoint slides or anything. This is all done in flash because the people on the FreeNet mailing list, they were really into flash. And I was all like, hey, well, you know, I could do this in HTML, but I'll use flash to waste some CPU cycles. So all right. So this is the FreeNet network. All right. Now this is Ian. Ian is a, Ian Clark. He's a 40-year-old accountant from England, and he's in China. All right. And his node is the Pirate Radio Zero Knowledge Network. That's his node. Because each node is really like a network of nodes. All right. Now he wants to get some information which he can't get in China, you know, some dissident political documents, like the Zapatista manifesto, something like that. I couldn't find any good pictures of Zapatista manifestos, so I'm using this picture instead. Okay. So this, I just found this on the net, this picture, it's just represents the Zapatista manifestos. Okay. So now this information is stored over here on the far node, which is a network run by the key red elite Toronto Hactoid Eternity Router. Okay. So, and now I'm going to route a request through the network. This is a very long request. You know, this is only if the, it's way on the other side of the network. Okay. So here's a little request animation I drew. Isn't that, isn't that spiffy? Oh, very spiffy. Okay. And now there's Brittany being cached all throughout the network. I'm sorry. The Zapatista manifesto is being cached. Isn't that a beautiful picture? The network is full of Zapatista manifestos. Now if he makes, if he makes another, another request, it's only, it's only like one hop away down, down the network. Okay. So that was fun. Now here, from Ian's perspective, here's the network. And this is really where a lot of the anonymity comes from in the basic infrastructures. Ian knows about three nodes. These are his friends that, you know, are running nodes. And he does a request and he waits a very long time. And then he gets it back. And that's it. Whereas, you know, with like things such as Nutella and Napster, he would gain more information about the network by doing this request. You as a dode, you do a request to the network. You don't get any information. It's maybe some timing information about how long it gets to get back. But you don't know where it was originally from because if he does another request, it's only one hop away now. Okay. So that's all my flashy photoshoppy things. Now here are some much simpler things. This is a network I generated algorithmically very fast. No one would actually have a network like this. I don't mean this to be a convincing example. But so we have this person here, and they're inserting some information to the network. And there it's cached upon a bunch of nodes. What do you assert it's cached upon a bunch of nodes? And you have this person over here request the information that now it's cached upon a bunch of more nodes. And then, you know, like that first node that drops the information off because no one's requesting it anymore. And then, you know, someone over here does a request and then so on. Until eventually, as people keep requesting the information, you can no longer tell where it really originally came from. Because there's no, you know, you could say, for instance, that you can still trace the information back to its original source by the distribution of the information throughout the network. You can say, okay, well, because the information is distributed this way, I bet it came from here. But with all these different people requesting it, it gets all messed around all chaotically. And so from a later state of the network, it's hard to trace back to where it originally came from. Now, of course, if you have someone looking at the network from the very beginning, he's dropping on the network, then it's a lot easier to tell because, well, you saw when they originally inserted it, so therefore you know where it was inserted from. That's kind of obvious. But, all right, so I have another slide thing that I'll get to later. So anyway, so my presentation is basically about different attacks that people have come up with to attack FreeNet. Some of them are just like, every time I talk about FreeNet, someone has the funny-it-with-a-bunch-of-junk-data idea, for instance. And I want to talk about why these attacks, we don't think they're going to work. Now, there's no way really to tell until we get a really big network and we do all the tests. But theoretically, a lot of these attacks probably shouldn't work. And I'm going about this so that you all can come up with much more clever attacks that we can defend against. For instance, that guy who was giving out IP addresses of people that had gotten stuff on Napster and Nutella, he says that he thinks that he knows a way to find out who's publishing stuff on FreeNet and that he won't tell us because, of course, we'd fix it. And he trusts that we have such hubris that we will think that it's perfect and we won't fix it. And so maybe he does, maybe he doesn't. I don't have any of this. But I figure you guys are all very smart and you can come up with some very clever attacks. The first attack that you can do on that work is denial of service. Well, you can denial of service any node just like you denial of service any machine. You can just do an attack on it, fill up its bandwidth, and it'll go down. But that doesn't really matter because you could always route around to some other node. So any particular node going down doesn't matter. And that's why we have the anti-slash dot effect because the node that originally gave the information, it doesn't get the request routed to it. If you do a request from down here for the information, it's going to go like here, whereas the information started up over there. So that's not even getting any more requests. So denial of servicing, a particular node, doesn't really matter. If someone depends on that node to get their information, then OK, they're screwed, but that's just one person. The network as a whole doesn't get out. OK. So then there's two kinds of attacks you can do on the entire network. There's bandwidth attacks and disk space attacks because it's all shared bandwidth. It's all shared disk space. Bandwidth attacks, you can, when you send a request into the network, it goes several hops through the network. So you can do just a whole lot of inserts, just keep on inserting and inserting and inserting and requesting and requesting and requesting, whichever you want to do. And all these messages will go throughout the network and you're like, OK, well, if you do that enough, then that's going to bog down the network with all this traffic and no one will be able to use it. Kind of like Nutella, when you have more than 2,000 users, they have that problem. Well, the thing about that is that, well, there's several things. First of all, when you insert something into the network, it gets routed in this smart way. Let me show those slides about the smart routing. OK. So this is kind of hard to follow. I talked about this at the Berkeley conference and nobody could really follow what I was saying. Email me if you want a more detailed description. But every node has an ID. Whenever you insert something into the network, it also has an ID. All right. So you're inserting a file with ID 49 and you just happen to insert to this node that has ID. That's like the node that you know about. Now, the way the IDs come up with is you take whatever you insert a file, you insert it twice. You insert it under the hash of the descriptive name, like freenet slash readme is a file that you can get. So you hash that, you have that value, that's a value. You also insert under, you hash the contents of the file and so you insert that. So now you have a way to, if you know the name of the file, freenet slash readme, you can get it because you can hash that, that's the key that you get it from the network. If you have ever seen the file before, then you have the content hash, so you can get the same file again. That's a security thing. So anyway, so you insert it to node eight and then node eight has to determine which node to send it to, 37 or 13. Well, it just goes with whatever's closest. So 49 is close to 37, so it roots it over there and then out of 45 and 50, it's closer to 50 and so it roots there. All right, so that's how it will propagate through the network if it has value 49. Well, the reason that this is smart and neat is that files will tend to cluster. Now they don't cluster based on content, they're based on the hash of the descriptive key which has nothing to do with the distribution of the names of the content. So it's a purely mathematical sort of clustering. So if you insert on node one, it'll go there and then it'll go 19 and it'll go and oh look, it found 50 again, they went to the same place. Isn't that nice? And so anyway, so the thing is, if you insert a whole bunch of different keys and you generate a whole bunch of random keys and you insert and insert and insert all these random keys, they won't all go to the same place. They'll all go to different places. One will take a left here and then a right here and one will take a right here and then a left there and et cetera, so the denial of service that you're trying to do on the network will diffuse such that you're really only doing a denial of service with a really strong effect on a local area, like a node and maybe the nodes around it, so that's still not gonna take down the network. It might, if you had a lot of people doing this and they're like zones of denial of service interlocked, it would be a more powerful easy to do denial of service than denial of service in every single node in the network, that's true. But you're not gonna take down the entire network by just hooking up to a single node and doing this. Now you can of course, if you have enough resources, you can connect to enough nodes, then you can do a massive denial of service, but that's, I mean, even without this sort of routing, if you had enough resources, you could just take down all the nodes. I mean, if you have enough resources. And we're just counting on the fact that no one has that much resources for all of the different countries that nodes are at and can find all the nodes, et cetera. Okay, so then there's storage things, all right? So you can insert a whole bunch of junk so that all the nodes just fill up and the way that we deal with this filling up is that you get rid of any information which hasn't been requested recently because then only the most popular information is around. A lot of people, they're like, oh, well, you know, but I think that we should keep unpopular information around too, and I say, well, then you should join FreeNet with some other things such as Free Haven, which you can look at at Free Haven net net, which is a very nice project, which keeps information around forever. And you just use FreeNet for distributing because FreeNet has this nice caching anti slash dot effect sort of thing and another level of anonymity on top of Free Haven. Anyway, so yes, you can fill up the just spaces and all the unpopular information will fill out. However, you can't really do that in a very quick denial service sort of way because what happens is when you insert something, it's at the bottom of the list and it doesn't get promoted up in the list until you request it. Well, so if you make a whole bunch of inserts, they're all gonna just push each other off the bottom of the list because they can't push anything off higher up because you'd have to, you know, they haven't requested. Okay, so that gives you this new idea. You can do a combined insert request attack where you insert a whole bunch of content and then you request that content and you move it up in the stack and then eventually the nodes to be filled with your bad content that nobody wants and all of the things that people are trying to get aren't in the network anymore. That will only work if you have, you see the problem with stopping that sort of attack is that it's hard to tell the difference between that and legitimate use. Legitimate use, people insert stuff and then they request stuff. I mean, what can you do about that? There's two ways to do that. One of the ways is to limit the frequency with which you are able to send messages to a particular node. The node's like, I'm sorry, you're spamming me, obviously, so I'm not gonna let you send any more messages for a while. I don't know how good an idea that works. I don't really like coding things into the nodes to make them try to anticipate user behavior and not allow anomalous user behavior because that's kind of a cheap hackish way to do it. I don't know if it'll actually work all that well in practice, but that's just an idea that people have come up with. The other thing is that since it just looks like normal user traffic to some extent, it's somewhat a question of, do you have the resources to make more bogus traffic than there was legitimate traffic? If you have that in general, then we're pretty much screwed if you have that resources to just be a million users then I don't see how any system could really deal with that. There is the idea of micro payments like the Mojo Nation project that's kind of there and you should check them out at mojo-nation.com, I think. Net, mojo-nation.net, that's the one correct you mean. What, no, they presented yesterday, but you can check them out anyway. Okay, so yes, so there's the micro payment idea. We're anti-capitalist anarchists generally, so that idea doesn't go over so well on the mailing list. I'm not an anti-capitalist anarchist myself, but everybody else is, so yeah, maybe that's a good idea. Maybe we'll get around to that someday. We have a lot of other issues that we need to work out before we get to that point. Okay, so then that leaves information-based attacks which is you put a bunch of stuff in the network that looks really appealing and people really wanna get it but it's really not what they're looking at. I forget what someone called that attack. Oh, that's the Pat Boone attack, right? That's where you take your Pat Boone MP3s and you say Britney Spears MP3s and people download them and they're like, oh my God, and they're scarred for life because they had to listen to Pat Boone. And okay, so there's that attack. Well, that's really an issue of trust. Who do you trust? Do you trust stuff you get from random people? Do you trust that if something says what it is that it really is what it is? Well, no, that's dumb. I mean, why would you do that? So what we have is digital signatures. You can digitally sign any piece of information. That doesn't mean you put the information in there. That just means you found it and you say, okay, this is what it is or it is good or whatever you can interpret the signature to me, whatever you want it to be. You sign some things, you put them in the network. People can get stuff. They can determine whether it's good or whether it's bad and if it's good then they can put your signature on a list of signatures that know what's up and then in the future you can filter and only get stuff signed by those people or by a combination of people, et cetera. Yes? Yeah, that's a little over-anonymous. Well, now is your right, it's anonymous. It's pseudonymous. If you want true anonymity then you can't have trust. That's just how it is. If you wanna, I mean, the pseudonym, that's true. If you publish a lot of things under the same key, then, I'm sorry, under the same digital signature, then if anyone busted you for one of those, then they've busted you for all of them because obviously you had to have the key to sign the digital signature or what was the point. So yeah, that's an issue. It's always a trade-off between trust and anonymity and I think that there should be kind of a sliding scale. You participate as anonymously as you want. You trust people as much as you want and such. So that's the basic solution to the information attacks is building a trust model and that sort of thing. Let me think. I think that's basically all I had to go over. So I'll take questions. Yeah, you're there. That was my understanding. No, it actually, it does. When you first insert it, it goes to a number of nodes on the insert. Is that just one pop away from the node insertion? Oh yeah, something I forgot to mention. Whenever you do any kind of message, an insert or a request, you get to determine how many nodes you wanna search like. With the insert, you're gonna determine how many nodes you want it to try to propagate to. Not that it necessarily can propagate to all those nodes with us. You're gonna say how far you want it to try to go out and with a request, you're gonna determine how many nodes you wanna search before you give up. So if you do, that's a hop-slip. Insert with a hop-slip of like five, then it goes to maybe five nodes. Approximately, it's probabilistic rather than deterministic, actually. It, like the higher the hop-slip, the more likely it's going to keep replicating before it eventually stops. There's a limitation. Everything, all the configuration is done on a node-by-node basis. Like for instance, the idea that you get rid of unpopular data. Well, if your node doesn't wanna get rid of unpopular data, okay, fine. Don't get rid of unpopular data, that's fine. That sort of thing. Only accept connections for people from New Jersey, okay? Only accept connections for people in New Jersey. Right, right, I'm sorry I was getting that. So yes, so there's a maximum hop-slip dependent on your node. Your node, when messages pass through it, it can chop off the hop-slip at a certain value or whatever it wants to do. Yes? Oh, great. Yeah. What would it say, what happens if I say for a lot of time it would be the route? It's not the route. But I'm in the nearest hop to all these passions. Oh, right, right. I see what you're saying. Like, what if the nodes get to choose their own identifiers, is that what you're saying? So they're assigned identifiers? Yes. Well, they're assigned identifiers by the, all right. This is, the way that nodes are assigned identifiers, I came up with this on a whim, so maybe it's a bad idea. No one's actually analyzed it yet, but the way that those come up with identifiers, that's all relative. Your node determines what the identifiers are for the nodes that it knows about. The way that I have them assigning these identifiers is by taking the hash of the address of the node. And this is good because it adds to the subtle clustering effect, but you know, it's still, yes. But it still kind of, it doesn't really get the, hi, I'm the one that's right next to the one you want. Yes, it does, because you, as the evil node, don't get to choose your identifiers. The node that's talking to you chooses your identifier by hashing your IP, and you can't choose your IP. And even if you could choose your IP, you can't choose an IP. You can't figure out what your IP is going to hash to, except you could like, choose a whole bunch of IPs, get their hashes, and then keep doing that until you found a hash that you wanted, but that would be breaking the hash. Right, right, it's, it's, yeah, it doesn't mean anything, it's just a mathematical clustering, yes? How does one work? Ah, you can't, you can't search freedom without knowing the exact name of the file. Searching is something that we have on our to do this. It's a massive, massive problem, doing searching in a truly anonymous way that doesn't hurt efficiency. We've pretty much, I think we've got it worked out, and it's gonna be coming up after we get our beta out. The new version of FreeNet with a lot more security, a lot more encryption, that sort of thing. Huge leaps of improvement is coming out next week, and then we have a few more versions, and then we beta, and then we add things like searching, updating documents, mixed networks, that sort of thing that are really huge, huge issues. Yes? You mean, so that, like, there's this, like, snowballing effect, like, happened with Phil Zerman's PGP key, is that what you're kind of talking about? Like, so that the files get bigger and bigger and bigger, is that the problem you're talking about? Well, I mean, people can sign it, but it's like, do you trust their signature? I mean, it's a matter of, signatures don't mean anything unless you trust the person that signed it. So, it's a matter of, if you make a bunch of pseudonyms and sign a bunch of files, then it still doesn't really matter. Yep. File name, I don't understand the question, can you? Well, if you file it now, it's like, yeah, yeah, yeah, uh-huh, uh-huh. All right, name collisions, all right. The way the name collisions happen is, when you insert a file, you determine how many nodes you want to propagate to. It goes and it checks a path, like, you give it a hops of a five. It goes, five nodes out, and it sees, okay, is there something with the same name? If it ever hits something with the same name, then it, not only does it not allow for the thing you're trying to insert to be inserted, but it copies the file it finds all the way back to your node. So now, if you insert it, there's an instant collision. So, if you're trying to do this kind of attack where you insert something on the same name, you have to really weigh it, all right. I want to get as far out as I can, because if you only put it one node in, then, well, the other file's all over the network, no one will ever find your version. Whereas, if you put it a whole lot of things in, then you're going to sabotage yourself. Yeah, and any spaces cause the decryption, but it's a 160-bit SHA-1 hash of that, so that's a really big namespace, yes. Okay, I'm sorry, yeah, go ahead, talk in person. Well, I mean, a worm would mean that the thing that you have has to be somehow executed or something. A static file can't be a worm, and no code is executed. Yes, if you have an exploit on the node, then, yeah, you could build a worm, but you could build a worm with anything in that case. Yeah, the guy with the hat. Yeah, well, what if you had a growth node that... Yes, yes, I forgot to talk about evil nodes. Yeah, that's a very good problem. Yeah, evil nodes, that's the thing that we haven't done a lot of research on. I'd really like to see some people write some really evil nodes. In fact, I'm thinking of sponsoring an evil node contest, that if you write a really evil node, I'll give you, I'm an enemy of free speech t-shirt. I think that'd be cool. You're going to sell my jack for that today. Oh, yeah, I'll work on that. And Hilary Rosin, she says we're next, by the way. Oh, yeah. Yeah, there, there, there, there. So, are you streaming the PSYB, or how do you handle that in the IoT? Well, you know, if you have a dynamic DNS address, then you're good. If you have your IPQ switching all the time, that means that people will have references to your node and they'll go down and, you know, then that'll be bad. And so you shouldn't change your IP a lot. I mean, it won't really make a difference. It just means that people will be trying to talk to you, you won't be there, they'll forget about you, and then you'll pop up. But you see, because the nodes are all currently, you know, like anonymous nodes, they're all like one is the same as the other, then it doesn't really matter if you keep switching around, except that people keep trying to talk to you, you won't be there. It'll be kind of obnoxious. But since it's a program doing it, it won't really be annoyed. Yes? That's a really interesting idea. Everyone always talks about this. So I was like, we should make some bridges. In fact, I saw the mojo nation demo, like not demo, but a presentation, I was all like, wow, free net mojo nation gateway, that would be badass. But no one's actually working on it because all these projects have kind of insular developers. There are a few people that are on two projects. Someone just posted on freshme.net, they were like, hey, we should integrate free net into Mozilla so that whenever you get something, it'll automatically look in free net. If it's not there, it'll get it from the web, put it in free net. That way we have this nice caching thing, and we never have to worry about the slash dot effect again if you're using Mozilla and you have the free net plug it in. And I was like, that's a really great idea. And if there are any free net Mozilla developers, then you should work on that. The core developers, we're really busy. We have a lot of issues to work out. This is a really hard problem. So we're not gonna work on any of that. You wanna, it's in Java. I know everyone hates that. If you wanna port it to C, okay, port to C. You wanna port to C++? Someone's gonna wanna port it to a scheme. All right, you go for it. We're all for it, but we don't have time. Yes, with the blue hair. Are you open source yet? Oh yeah, we've been open source from the very beginning. Everything's free. Distributed development model. Like, you know, people are like, Brandon, you know, you need to fix the webpage. And I'm like, dude, I don't even know who wrote the webpage, okay. I just presented a paper that someone else wrote. It's all, we've got all of our logos and things are open source. Oh, this is, I have free net t-shirts, by the way, if anybody wants some. They're not free because I paid for them. And please, someone at least buy one so I can afford cab fare back to my hotel. They're $10, anyway. But like, you know, this logo, it's by some guy. His name's Rick, he's pretty cool, he's like cool logos. So yeah, we're GPLed. We were thinking about assigning our copyright to the Free Software Foundation so that when the RIAA sues us, that they won't sue us, they'll sue in the Free Software Foundation. And that was an idea, but we had too many people that had submitted patches that we didn't know who they were, so they wouldn't let us do it, I don't think, because we'd have to get like all those people to sign things and all that stuff, okay. You with the, yeah, hi. Hey, what's up? Yeah, it's Dan. I know the Patnute attack, and also with the namespace project. Since you have the content hash, and you have a file name, the Patnute attack doesn't work with the content hash, correct? Exactly, content hashes are unique to every file and they're immutable. Similarly, couldn't you use that to solve the namespace questions? Well, you could, but the thing is, then you're just moving the namespace to a different problem. For instance, instead of like sending the name to the free net networking to get back, you could go to a list of things that have names and then they link to content hashes. That's fine, but then how do you get the list of names? Well, you could put that in by content hash and that's fine, but how do you get that content hash? And we, all right, I am not okay with the idea of you having to use some other thing like the web or user or something in order to get your keys because those are all very sensible mediums and we're trying to stop censorship and the only real way, stop censorship is to make it so you only have to use uncensurable mediums. And so the real solution here is that you have to start with a name and then from then you can go on to like indexes of content hashes and it's all very secure. You don't have namespace problems. Yeah. When you're choosing signatures that you trust for a document, which ones would you say, because these people signed the document that I like, because that would open up the attack that somebody signed a good document and a bad document or lots of good documents. Well, implementation-wise, we haven't actually integrated into the client the thing where you check signatures. There are signatures and the nodes support them for the client which allows you to determine like filter things by signatures. We haven't actually implemented that yet. That's coming out in the next few weeks. When I'm talking about Freedet, I'm not talking about what we currently have. I'm talking about our design in the near future. Well, you know, that's really a user interface. In fact, clients might do that differently because that's totally a user interface issue and yeah, I would think that what you would just do is that when you get the file, you see what signatures are on it and then you choose which ones you want and it would be dumb to choose them all. So don't do that. Now, of course, that means that if you find a file with a bunch of signatures, that means that you can't really trust it but what you can do is you find a bunch of different files and you like, you find the intersection of signatures and yeah, that's a very sticky problem. You should get on the mailing list. We'll talk about it. Oh, you're on the mailing list? Cool. What's your name? Do I know you? What? Where's it David? Oh, oh dude, I forgot. That was my other demographic question. How many of you are on the FreeNet mailing list? Hey, cool. I was all sad because I couldn't find anybody who was on the FreeNet mailing list and I, I wanted to meet some people. Come say hi after the thing, so I'll know who you are. Yeah, what's up? Storage space, hours are a good example. Back as, you know, I'll be terrified if you need to do thoughts on something. Yeah? Yeah? What was the question? Yeah, people are doing that right now, actually. It's really funny because we're alpha, right? I mean, we don't, maybe we're even pre-alpha. We don't even have all the features in yet. You know, we're just, we got a couple releases till we go beta and there's people that they just, they know, we're like, I'm gonna get a DSL line and a machine and like a 12 gig hard drive and donate it to FreeNet. I'm like, thanks, that's great. We're upgrading our software next week. Maybe you want to wait until then because you got to install the new software. You there, yes? Yeah, I got to mention what I was like. Paranoid FreeNet, that was me. I was all like, we need to be more paranoid. They're all like, anyway. Yeah, the, all right, traffic analysis and your timing attacks, they're all part of traffic analysis. Traffic analysis, we have no defense for traffic analysis. If you have, all right, well, there is, you know, there's encryption, you know, between the nodes and all that sort of thing and you don't know the node that you're talking to you unless you've been looking at it from the beginning of the network, you don't know what it's storing. So it's still very hard to tell, you know, what you're getting, but there are still various traffic analysis attacks that we just don't defend against. People have been talking about putting, oh yeah, hey, that was my, that was my other demographic question. Who knows what a Chami and Mix node is? I was just wondering. Okay, so anyway, we were talking about putting Mix nodes into every node so that everything would be all mixed network and timing would be, but there is some latency issues with having every single FreeNet node be a Mix node. I mean, there's inherent, that's what Mix nodes do. That's part of what they do is they add latency and that's not so good when you're going through several, several hops. So what we kind of decided sort of, and when I say we, that doesn't mean that everybody agrees with me, actually, we usually disagree, but what we've said is you use a Mix node to get into the FreeNet network. That adds one hop of latency and then you do all the FreeNet network, blah, blah, blah, and then you come back out of the FreeNet with that's two hops of latency. So instead of like 10 hops of latency, you have two in and out and so we need a good, you know, Mix node in place. That's one of the pieces of the puzzle. The pieces of the puzzle are, you need a Mix node to get into FreeNet that solves timing, then you have FreeNet that solves all the other anonymity issues like publishing on the, that sort of thing. Then you need a place where it can be permanently stored such as Free Haven and then there'd be a nice, it'd be nice if there's a staggered graphic way to access it in the first place because the thing that the guy from Free Haven brought up, I wish I could remember his name. Anyway, he brought up is the thing with anonymous networks, the real test is can they use it in China? China being a metaphor for places where they're going to kill you if they find out that you're doing something wrong. I don't know if they'll really kill you in China. I've never been to China. I don't mean to make the Chinese people mad. I'm just a metaphor. Anyway, and so you really need to stick in a graphic way and that's another piece of the puzzle. But anyway, someone else was rabid in their hands somewhere, let's see where he goes, of course. You, I don't think you've had a question yet. How do you deal with updates to content? Updates. Yeah, we don't have updates yet. That's another thing that's on our post, 1.0 to do this because there's huge issues with efficiency and also with security. There's also the update problem that if you can make an update, then you can destroy your file. That means someone can come with a gun to your head and say destroy your file. And we're gonna make it updates where you can't actually destroy the original version. You can just put in a new version. Maybe we're kind of debating. But anyway, updates are a huge issue. We really haven't gotten those figured out because of, we just came up with a simulator. The simulator allows you to make a really big freehand network and test stuff on it. And so that's where we're, because basically it came down to a point that we had two competing proposals and the two proposal authors were like, no, that's gonna be bad. And they're like, no, that's gonna be bad. And so we need a simulator or something so that we can actually test it out. We just got that out. So that should be, that should be come on an up soon. Yeah. With the nearest hash thing there. Yeah. That's when your HopsLiv runs out. You start with a HopsLiv of like whatever you want it to be, and then you're out. That's the biggest number of... Well, the HopsLiv is probabilistic. Your HopsLiv, like if you start with a five, there's a pretty high percentage and then you get a four, there's a less percentage, three, and then one, there's a very high percentage and then it keeps going down until eventually you're probabilistically stops. No, I made this up. And so I presented this at Berkeley and people were like, I don't understand this, but I'm like, I'm sorry, I don't have any slides. So I have some slides now, so it's better. But yeah, nobody knows. I mean, you don't have to move it this way. We could just change the line of code and it wouldn't be move it this way, this is just, it has this subtle clustering effect that I kind of like. This is the thing that a lot more research needs to go into with a lot of mathematical sort of research, that sort of thing. Yeah, you were there. This one right here, yes, if we were to hop one more time, it would hop to 37. What do you mean? No, right now 49 is at 50. And so the next hop, it has to choose between 13, 19, and 37 from the 50 node. No, you can't choose yourself because you're already there. You can't get an infinite loop because every message has a unique ID that if you get a message with the same ID, then you say, I'm sorry, I've already had this message and so it avoids loops. Although, for anonymity reasons, loops might actually be good. Crowds is a system which allows anonymous web browsing and it allows for loops. But for efficiency reasons, we don't allow loops and let's see, okay, you there, yes. A client doesn't look like a node and it looks like a client and when your client talks to a node, well, it uses the same protocol. So it does look like a node, but at the same time, that's a big issue because if you're running a client and you connect to some public node out there, right, that's evil. And they somehow tell by some kind of thing in the way that your protocol looks as opposed to the standard protocol, they're like, hey, wait a minute, I know this, this is that node, this is that client running in Python. They now know that you're really inserting or requesting, you're not just rooting stuff for other people, you're really inserting or requesting, so you're busted. That's why everyone should run a node on their local machine and even if you only run it when you're actually leaching, you should still run a node because that gives you these anonymity properties that you can't get from running a client across the network. The only reason that the node and the client are two separate programs is just, it's a design thing. It's a lot cleaner to split the code. We could put it on one program but they'd end up just running two separate threads, they're two separate programs, but you should always run a node on your local system and also you should do it because if you're not giving any space to a free network, then you suck and you're a bad person. Yes, you publish your own node and it publishes other nodes and it looks just like a node because it is. It's pretty soft. Okay, way back there. Nodes behind firewalls. All you have to do is you specify in your headers in the protocol. I want this to be a keep alive connection. Don't drop it and then you have to keep a connection open and that's the only way to do it. We kind of had this idea for a while of having it where you could be like, hey, you node, I'm gonna connect a while later. Can you like store my stuff for me? But that seemed like a really nasty sort of thing that bad people could do. Like, could you store these files for me that are illegal and I'll come by later to your house and bust you? So, I don't think we're gonna do that. So yeah, basically if you're behind a firewall, you have to keep a connection open and then all the messages pass down the connection between you and whatever nodes you're talking to and that works fine. It's not very efficient, but hey, you're running behind a firewall, it's too bad. Okay. Okay, well the centralized system we have for finding about other nodes, that's you go to a webpage and it tells you what other nodes have logged on recently. That's not part of our system. That's just because if you wanna use Shrinet right now, you gotta find out about some other nodes and so we have this nice convenient bootstrapping testing that we know is evil and it's not part of our system that's just for testing. You don't really need to find out about other nodes. With Intella, for instance, you find out about like a thousand nodes because that's how their system works. It's a very flat network. Our network is much broader. You need to know about like five nodes and so you gotta find like you get some public node that for some reason you trust. I don't know why you trust some public node. It's probably been compromised, but you can trust them and you get like four of your friends to run nodes and they connect to their friends, they connect to their friends, they connect to their friends and then every now and then you're like, okay, we ran out of people and you connect one of your people to some untrusted public node. You're only exposing one person that way and then that's how you get the big network there and that's how it should work and so you don't need to find out about other nodes. However, you can find out about other nodes in that when messages are passing through your system, there's an option that you can do when you first send that message to say, look, I'm a nice guy. Just tell everybody my address. Just let them know I'm here and I'll just talk directly with them now instead of all these layers of security. I don't really know why you'd wanna do that, but for some reason people keep asking for this. So we have this, do you wanna broadcast your address to everyone in the world? You can set this thing and it will probabilistically broadcast your address. Sometimes your address will get overwritten, sometimes it won't. That way it's still hard to tell whether the information actually came from any particular node, but yeah. So you can find out about nodes that way, but you don't know who they are and you can't trust them, so I don't know what you'd want to. Okay, yo, you over there. Okay, Trojans. Well, there's the fact that only we have CVS access and we're nice guys, but you really shouldn't trust us. You should audit the code yourself because we got some guy from Sweden. He seems like a nice guy to me, but I don't know. Well, he's gonna hear that too. All right, so anyway, and so there's that and there's the fact that you're downloading it off the central site now. There's always the ability that someone's gonna crack source forage and it's gonna mess with things. We're starting with the next release. We're starting to sign the release, so if you've ever gotten a release before or if you can get our public keys off of some place that you, for some reason you trust, I don't know why you trust them, but if you could do that, then you can test to make sure that it's a valid thing. Clients, they're written by a whole bunch of people I don't know, so I wouldn't trust them, basically, because I don't know the people that wrote that code. And, okay, authentication between nodes. Currently, the authentication between nodes uses a Diffie-Hellman key exchange, which means that it's not susceptible to totally passive ease droppers, but it is susceptible to a man in the middle attacks. In the future, not in the next release, I don't think, yes, not in the next release. We're going to have it where if you want to exchange public keys out of band with a node, then you can, it has to be out of band because you can't trust anyone you're talking to until you exchange public keys with them. So you can exchange public keys with a node, like you can give it to them on a piece of paper or something, and then you now have a trusted public key, or at least a fingerprint, and then that's some good public key infrastructure between the nodes, and that's gonna be a very nice feature and I can't wait for that, but I think it's gonna be a release or two from now. See, nobody over there that hasn't already had a question. New people with questions, okay. Oh, you have another question. We haven't really done much research into that, but the only problem is that it does run in Java, which does use more, well, it's not so much that Java uses more CPU cycles, it's that if you have a really old machine, like an Amiga, then you can't find a Java implementation for it, which is so sad, because I mean, so much for right once run anyways, like right once run on the two operating systems that are supported, that's kind of sad. So, but from, it really doesn't really do all that much. It's not for the, like most of the encryption stuff is done client side, there's only a little bit of encryption and that's really just the key exchange is done server side, so you really shouldn't need a lot of power. Currently we have a bug where, when it's actually doing things like trading files and stuff, it uses like 90% of your processor power, so we probably will have that fixed in the next release, but hey, we're alpha, so I don't have to be sorry, okay. So when do you leave your restrictions? Well, there were the legal restrictions, but they got loosened and so all we had to do is email some guy in some.gov and say, hey, we got some crypto and then that was it, that's the new way, so yeah, it's cool. Plus a lot of our developers are in other countries, but that's not so much an issue anymore. Oh, I don't see any more questions. Oh, hey, a question. What are you trying to do to prevent legal attacks? Ah, that's a good question, thank you, yes, legal attacks. Okay, well, one of the things is, and this is, I think, fairly suave sort of idea, Ian came up with this, is that all the content inside of the network is encrypted. It's encrypted with the plain key, not the hash key. Only the hash key actually gets in the network, that means that the nodes don't actually have the key to decrypt their data, they can actually read their data. You wanting to get some information, you of course have the key, because you have to have the key to get the cash to go get it, so you have the key so you can decrypt the data as a user, but all the nodes, they don't know what's on their servers, they don't know where it got there, they don't know who put it there, it's just all anonymous and crazy, and so there is some legal precedent that you won't be able to be prosecuted. Now, I'm not a lawyer and nobody really knows, it's just kind of, we just kind of think about it and looking at the legal precedent, we kind of feel that there's, you can't be prosecuted, but we won't know until someone's actually prosecuted. So, you know, we need volunteers. And so there's that, now some people like to talk about free net being made illegal, it being illegal to run a free net node. If that happens to us, that's gonna be kind of bad. You could still run a free net node, but it would be a really big pain because you know, you might be arrested. And then there's like static demographic protocols and all that sort of thing, and we're definitely looking into that because you have to have steganography if you want the people in China to be able to use it as everyone knows, so we're looking into that, but that's in the future, we have a lot of issues before then. Ian just said on the mailing list, Ian Clark, the creator, founder, genius behind free net who does all the interviews, he just said that Hillary Rosin has said that after Napster, we're next, and so that'll be interesting, but of course that'll be the free net developers being stewed, and I said to Ian, I said Ian, I told you, when you were talking to Time Magazine, why did you download a Britney Spears MP3? Now we have this party line, we're all about stopping censorship, and that's what I talked about, like we're here to stop censorship, we're not about trading MP3s, and what do you do? You go and you download a B3s and you say, I don't feel bad because copyright is wrong. I was like, you know, I mean sure, maybe that won't shut down free net, but I'd like to keep working on free net, and I can't do that in jail, especially if I'm in jail for, you know, having a big part of free net. I'm rambling, I'm sorry, okay, next question. Yes, you were there. Oh. The client, no, is that encrypted? Yes, yes, everything's encrypted, with Diffie Helman key exchange using either Two-Fish or Ringdell, you have your choice because no one can really decide which one's better. Yeah, that's all encrypted, all the communications encrypted, and all of the files in the network encrypted, everything's encrypted. So the request is not encrypted? Yes, yes, everything, all communication over the wire is encrypted. In the next version, which is coming out next week, so everyone should upgrade because the current version just isn't nearly as good. Okay, someone over here have a question? Key. How long, what do you mean the, what number of bits? When you say key, which of the many things we call keys are you referring to? Key. Oh, I'm not the crypto guy, I think they're 128 bit, but I don't really remember, Scott's the crypto guy, so if you have any questions about crypto, email Scott, if you have any questions about efficiency, email Oscar, if you have any questions about MP3's child pornography, email Ian, and if you want to give us mad props, you can email me. Okay, you right there? Right, that's why you need steganography, if you want to hear about encryption not being allowed in certain countries and steganography and that sort of thing, you need to go to peacefire.org or talk to that guy right over there, the peacefire.org guy, that's what he's working on. Okay, so you in the white shirt with the glasses and the such, yes, the issue? Yeah? You know what? You want to go to seven o'clock. Uh-huh. In this particular network? Okay. You go to some 19, go to back to 37. 37? Well, it doesn't send it back in, the request backtracks, it'll then send it to, it's 37, it'll send it to eight, it'll then backtrack, it'll send it to 13. You said it could do both the positive and the negative with the same ID. Then it backtracks. Then it backtracks. Yeah, that means, the same ID. What? The same ID. Yeah, the message, the message will have the same ID. Messages, error messages, inherit the unique ID from the message which spawned them. So it's not unique to every message. Well, you know, it can be because like this is one message and this is another message, but it's to every message chain, there's a single unique ID. It's like, you know, like the threading, thread ID in mail anyway. Okay, yeah, you, we don't have that in our implementation, we don't have black listing or any of that sort of stuff, but you could certainly, that wouldn't be a problem at all to add. It's just a matter of like a little feature that somebody should come, like submit a patch. You could submit a patch. Just get out of bed with this, get CVSS, submit a patch, it'd be great. Sign note addresses. Yeah, you could do that, except that that's only really useful if you're discovering new nodes, which I personally think you should reject acts, reject requests to nodes you don't know unless you're running some kind of public service node. But yeah, I mean. Oh no, if you're referring to question, you wanted to go into got dove domain because it's not gonna get from you, it's gonna use some other random person. Dude, you totally want got dove to have all the MP3s. I'm sorry, all those appetista manifestos. Oh, I see what you're saying. You're meaning you're wasting hops. It could be going to real nodes when it's, yeah, yeah, that would, I really think that though, that that should be a node by node thing. That shouldn't be something that when you send a message, you say, okay, this is who I want to get it. I think that the nodes themselves should decide who they want to send it to. But I mean, that's debatable. As you get on the mailing list, we can debate it. We debate a lot. Okay, whoo, nobody has any more questions? Just one more question. Okay, hey. Say I'm going to download the matrix. Yeah? For example, I want to get one. And that's an eight. It's got to go really long away. Oh yeah? This, I mean, is there a... Well, you can come back in like an hour and then it'll be one hop away from you. And that'd be cool, you know. Yeah, that's the thing. That's a problem because I mean, there's obnoxious people with 288 modems in the network probably. And they're all like, slow. You got like a T1, 288, a T1. Then you're going to 288. And that's kind of depressing. But then if you come back later, it'll be on the other side and you'll be at T1 again. So there you go. All right. Yes? If you cancel it in progress, will it still propagate? You know, that's something we've been debating whether or not it should. Because if you cancel it in progress, still propagating, that means it's good because you come back, it'll be cash. But also means that it's a lot less work to do one of these storage denial services, which I'm saying storage of denial service won't really work all that well. But it does work better with request because you request the information that gives it some points, right? So yeah, we haven't decided. Currently, I actually don't remember because I think we had it one way and then we switched it some other way and there's all these people who win the code. And so, yeah, I don't know. It's a very good question. Yeah? What do you use? It uses whatever you want it to use because if you use some particular thing, then that would be really easy to block with the firewall. Right now, it's really hard to block with firewall because you have to be able to, your firewall has to know how to like see a Diffie-Hillman key exchange and say, oh, no, Diffie-Hillman key exchange, no, sorry. And so, yeah, but the default port is 19114, which I think Ian said spells Ian somehow. And the default client port, like not a default, but the one I like to use is 1001. I think that's, I'm sorry, 1001. That's a good port for clients. Any more questions? No, okay. Well, I guess there's a lot of questions. I have t-shirts and you should get on our mailing list and you should get on the webpage and you should download free.net and you should attack it and there you go. What? Oh, thanks.