> I hope this is the right forum to do this on but I'm trying to see what > freenet offers in the way of privacy/anonymity. I've been exploring Tor > for sometime which seems to have an incredible system of security via > the circuit. The only 2 vulnerabilities that I see being: bad exit > nodes that try to scam off insecure packets; a group owning several > nodes in a circuit that can figure out who is requesting what.
There are no 'exit nodes' like in Tor or I2P, Freenet is self-containing network. The latter concern is known but there are people more knowledgeable, who should explain what is done with that. > That said, I'm trying to see what freenet is and is not in comparison. > As far as I can see, it provides anonymity in retrieving content because > of the use of the storage space on the computer. Posting freesites > would also seem somewhat anonymous but a little bird in my ear brings > back memories of forces such as the RIAA being able to tell which > computer originated a mp3 and thus I wonder if the same would be for > freesites. Freenet is not only anonymous, it's also censorship resistant. This means that if you were to publish a freesite, it could not be taken down (even by yourself). Also Freesites are somewhat better than eepsites or .onion sites, since correlation attacks are much harder. You should inspect html that you insert before inserting it, as some website creation software helps you out by adding useful things like comments of the name of the creator, etc. > In uploading and downloading a freesite, there appears to be a key > encryptor and a key reader (similar to PGP). What kind of methodology > do we use to get these keys (i.e. SHA1, MD5, PGP etc)? Mainly, I want > to be aware of these methodologies as things such as MD5 are later > exposed to have a weaknesses that appears through the progress of time. > > Lastly, some more general questions that I have about freesites and the > overall setup of freenet. > > I read that a freesite can't have javascript. Is the javascript > stripped out upon upload or how is this done? It is stripped out by freenet before presenting the page in the browser. If for some reason you need to see the html as it appears before that you can append ?type=text/plain at the end of the url, that works because FProxy does nothing to the plain text document. > I currently have 0 trusted people so I'm therefore testing freenet more > as an open-net (?). How is this insecure? This may go back to one of > my previous questions on anonymity. This makes it easier for a powerful enough attacker to connect to you. This also exposes you to the world as somebody who uses Freenet (even if they will have much harder time figuring out why). > In a darknet, do the nodes actually know who is posting the content > (i.e. obviously they were added but I'm talking about the computer) or > is that somehow encrypted (i.e. they are only able to read things > encrypted by a particular key. So if I have 5 keys for 5 different > freesites, people can only read the freesites that they have a key for)? Each key has 2 parts, separated by comma, routing part is what your node uses to request the content from its neighbours, and decryption part for actually then reading the content, when you simply pass on the request from one of your peers to another you do not know the decryption key. Thus somebody has to already know what the content is in order to decrypt it. There are KSK keys where the name of the file is the decryption key. > Sorry if these are stupid questions covered somewhere but I'm just > trying to get specific questions answered. I'm sure I'll have more. LOL > > Thanks, > Chris If you have Freenet actually running, you might want to set up FMS and ask on 'freenet' board. There will be more people replying there. -- http://freedom.libsyn.com/ Voice of Freedom, Radical Podcast http://eng.anarchopedia.org/ Anarchopedia, A Free Knowledge Portal "None of us are free until all of us are free." ~ Mihail Bakunin
