Forgot your password?
typodupeerror
Encryption The Internet Your Rights Online

Anonymous, Decentralized and Uncensored File-Sharing Is Booming 308

Posted by Soulskill
from the can't-stop-the-signal dept.
PatPending writes with this excerpt from TorrentFreak: "The RetroShare network allows people to create a private and encrypted file-sharing network. Users add friends by exchanging PGP certificates with people they trust. All the communication is encrypted using OpenSSL and files that are downloaded from strangers always go through a trusted friend. In other words, it's a true Darknet and virtually impossible to monitor by outsiders. RetroShare founder DrBob told us that while the software has been around since 2006, all of a sudden there's been a surge in downloads. 'The interest in RetroShare has massively shot up over the last two months,' he said."
This discussion has been archived. No new comments can be posted.

Anonymous, Decentralized and Uncensored File-Sharing Is Booming

Comments Filter:
  • Whackamole! (Score:5, Funny)

    by MaskedSlacker (911878) on Sunday March 04, 2012 @06:23AM (#39237667)

    Let the games...continue.

  • What a surprise (Score:5, Insightful)

    by Nursie (632944) on Sunday March 04, 2012 @06:24AM (#39237673)

    Clamp down on torrents, clamp down on file sharing sites, what do you expect? People to meekly give up sharing files?

    It only takes one person to write a darknet program like this and the game is back on.

    It sounds a lot like a program I'd considered writing before and if done right it's basically impossible to shut down, or compromise effectively, without severely screwing up the internet. Which is probably the next step.

    • Re:What a surprise (Score:5, Insightful)

      by wvmarle (1070040) on Sunday March 04, 2012 @06:37AM (#39237729)

      One possible strength is also an obvious weakness: everything hinges on trusted friends - i.e. if you do not have any trusted friends that use this RetroShare then you can not join the network, unless you are willing to join through a non-trusted friend. A side effect is that the amount of content available on this network is highly limited.

      This works until critical mass is reached, which very well may just have happened. Enough people in the network that most of the rest of the world has a friend that is connected already, and increased word-of-mouth advertising, and more content which in turn attracts more users. Closure of megaupload and some other legal wins against torrent sites will surely have helped them too. But without critical mass it's still not a viable option for many bittorrent/megaupload refugees.

      • Re:What a surprise (Score:5, Interesting)

        by EdZ (755139) on Sunday March 04, 2012 @06:50AM (#39237783)
        It basically sounds like Perfect Dark [wikipedia.org], but with manual initial per-finding and weaker security (if you always have the same web of friends, you can likely be tracked by this web).
        • Re: (Score:3, Interesting)

          by 4phun (822581)

          It basically sounds like Perfect Dark [wikipedia.org], but with manual initial per-finding and weaker security (if you always have the same web of friends, you can likely be tracked by this web).

          Now all of a sudden Google's new March first privacy policies make a lot of sense. If they can connect all the dots to reveal the connections things like DarkNet, Google would be of great value to the government and no one else need be any wiser.

          • Except that...no, not really. Google wouldn't actually know anything more than your ISP (or the NSA) would know by monitoring your traffic, namely, who your friends are but not what you're sharing with them.

        • by AmiMoJo (196126)

          RetroShare allows your friends to see what you are downloading. Let's face it, a lot of P2P traffic is porn, and I don't think many people would want their friends seeing that particular list of files.

          Perfect Dark makes it impossible for anyone to determine which files you are downloading or which you have on your HDD. No-one can tell the source, destination or content of encrypted data flowing over the network, or who has what, or who is connected to who, or associate message board posts with peers or IP a

      • Scammers can sell the service of buying your way in.

      • There's bittorrent refugees... hold on a sec while I move these torrented files to my server.

      • I also wonder how many of these downloaders are using the software for illegal sharing. It sounds like the sort of system that would be great for sharing files in a small company (easier to configure than a file server and VPN) or sharing photos with friends. Hopefully the FreedomBox will ship something similar...
        • I also wonder how many of these downloaders are using the software for illegal sharing.

          Well, with the government's "if anyone uses it for an illegal purpose, it must be banned" mentality, I wouldn't be surprised if they tried to ban it (then again, it's not like a single website). How horrible would it be if we didn't shut everything down because some people copy data?

      • The FAQ makes it sound like file transfers are 0 or 1 hops, and you can only see the files shared by people up to 1 hop away. It seems more like a collaboration tool than a darknet.
        • by Joce640k (829181)

          Sure, until the pirate bay starts using magnet links instead of .torrent files.

          Magnet links can be integrated into this.

      • by sjames (1099)

        Fortunately, the required level of trust is limited. You need only trust that the person isn't "the man".

    • Re: (Score:3, Insightful)

      by StripedCow (776465)

      ...it's basically impossible to shut down, or compromise effectively, without severely screwing up the internet. Which is probably the next step.

      "You have transferred more than 100kB of encrypted data. Your internet connection will be suspended until the end of the month."

      • Re:What a surprise (Score:5, Informative)

        by bobbocanfly (1061244) on Sunday March 04, 2012 @06:54AM (#39237811)
        "You have loaded an HTTPS site. Your internet connection will be suspended to the end of the month". It would never work.
        • Re:What a surprise (Score:5, Insightful)

          by sortius_nod (1080919) on Sunday March 04, 2012 @07:19AM (#39237929) Homepage

          Exactly. Most of my traffic is HTTPS these days - mail, search, twitter, work, the list goes on. Any ISP trying to bar encrypted traffic will lose customers quicker than they can ban them.

          • +1

            Sadly here in the UK some ISPs just rate limit all traffic [unhappy Virgin Media customer - soon to change :) ]

            http://www.virginmedia.com/images/tm-table-fu-large.jpg [virginmedia.com]

            • If you're unhappy with Virgin Media, who have you found in the UK that doesn't have equally (or more!) aggressive caps? Some ADSL providers have bigger caps for the same speed, but they charge twice as much.
              • Re:What a surprise (Score:4, Insightful)

                by lattyware (934246) <gareth@lattyware.co.uk> on Sunday March 04, 2012 @08:52AM (#39238321) Homepage Journal
                Sky (on an LLU) offer a truly unlimited service, no FUP at all. ADSL24 also offer true unlimited packages on LLUs and unlimited off-peak (midnight-8am and weekends) on fibre and normal ADSL/2/+.
                • Sky is not quite TRULY unlimited. They still censor Newzbin via a transparent proxy (just entering an IP address won't circumvent the block).

                  • by arkhan_jg (618674)

                    Because they were ordered to do so by a Judge. They also implement the Internet Watch Foundation child-porn* blacklist via the same method; filtering on the GET requests. The latter is not required by law, but it was made pretty clear to ISPs that if they didn't do it voluntarily, there would be one.

                    It's a far cry from the extensive throttling ADSL24 implemented when they couldn't afford enough bandwidth from Entanet to keep up with demand (when my line throughput was dropping below 25% peak capacity on a n

        • No kidding. All bank sites use https, along with any shopping sites payment pages, paypal, Amazon, Wal-mart, etc... Pass laws to ban encryption, you've also passed laws to ban commerce. The **AA groups would quickly find that they just took the biggest guy in the room, and pissed in his drink. Not a smart move by any measure.

          I'd love to see them try it. If they thought the response to SOPA was bad...

      • by Znork (31774)

        Don't underestimate the bandwidth of physical media in the real world. It's entirely possible to create a transmission form that would send routing information over the network and then simply switch disks (possibly in a suggested optimal pattern for maximum amount of transmitted material) with friends and family to achieve the underlying movement of files. Just like the old times of vhs and tape copying but augumented with the ability to 'request' and use multiple sources.

    • if done right it's basically impossible to shut down, or compromise effectively, without severely screwing up the internet

      It's not like the copyright lobbyists are opposed to screwing up the Internet; in fact, that has been there goal for many years now, with bill after bill proposed or passed to turn the Internet into a fancy cable TV system.

  • by jdogalt (961241) on Sunday March 04, 2012 @06:26AM (#39237683) Journal

    A true darknet would not depend on traditiona DNS (root servers). I can't immediately tell from their FAQ if their methods are entirely independent of DNS.

    • A true darknet would not depend on traditiona DNS (root servers). I can't immediately tell from their FAQ if their methods are entirely independent of DNS.

      Why does it matter? The point of private encryption is that you can hide what you transmit between A and B through a untrusted network, and be assured of the integrity of the transmission.
      FWIW, the FAQ entry [sourceforge.net] does say they use a DHT, namely bittorrents, although they can also somehow take advantage of dynamic DNS.

    • by jon3k (691256)
      Not necessarily. [wikipedia.org]
  • Freenet (Score:2, Informative)

    by tudza (842161)
    Freenet has been around that long hasn't it?
    • Freenet is the most paranoid of the networks, which in turn means also the slowest performing. It's just really, really, slow. On the upside, I doubt the combined efforts of the US and Chinese governments could track down a user on Freenet through the network - it's that hard to trace. They'd have to rely on the human factor - maybe send him a unique link to a story on a news site, then take the logs and grep to see which IP requested it.
  • by Anonymous Coward on Sunday March 04, 2012 @06:28AM (#39237691)

    Verifiability via PGP vs Anonymity: of course you can't have it both ways -- that's how PGP works. From the project FAQ http://retroshare.sourceforge.net/wiki/index.php/Frequently_Asked_Questions#Is_RetroShare_anonymous.3F

            Is RetroShare anonymous?

            RetroShare is partly anonymous. There are anonymous forums and channels where no one can tell who posted something and you can download files from people your are not connected to anonymously, using anonymous tunnels. However the people you are connected to, know who you are and know your IP address. They can also see which files you are sharing, unless you mark them as not browsable. No one else on the network can see this information.

            The friends of your peers also know of your existence, and can attempt to connect to you through the Auto-Discovery system, but they can't connect to you unless you add them as friends.

    • by Nursie (632944)

      Err, yeah, you are connected to people you know, therefore they know they're passing data your way.

      Depending on how it's done, they may not know that data they are passing on is for you or for another hop beyond you, or what that data is. Each link is not anonymous to others it is linked to, but any given network transfer is.

    • by Jane Q. Public (1010737) on Sunday March 04, 2012 @06:50AM (#39237787)
      OneSwarm, from the University of Washington, addresses this issue. You can join any number of private networks or set up an arbitrary number of your own. And in that sense it is not completely anonymous, in the same way that RetroShare is not fully anonymous. But with OneSwarm, it is impossible to tell where the [pieces of] files reside on the network, or what nodes the files go through when you download. So while joining the network might not be completely anonymous, sharing files is.
      • by Vintermann (400722) on Sunday March 04, 2012 @02:52PM (#39240843) Homepage

        Problem is, there are a thousand and one different schemes like these, from freenet to gnunet to oneswarm to - whatever this thing was called. And you need to know a good deal about cryptography to figure out which ones are safe, and a good deal about social dynamics on the net to know which one is actually going to get used for anything you're interested in. And you need friends who use it (in most cases).

        The fragmentation is killing these efforts. The "connect only to friends"-model is hard enough to get to work in practice, without umpteen different incompatible implementations trying it.

    • by wvmarle (1070040)

      So basically it is about as anonymous (or not) as TOR. Every single node knows exactly who they are connected to, and who they are sending data to and where that data comes from (i.e. the next node).

      All data can be tracked all the way from source to destination by enquiring all en-route nodes one by one. And the anonymity and untrackability is basically provided by this enquiring being in practice virtually impossible to carry out due to practical and/or legal reasons.

  • by sirwired (27582) on Sunday March 04, 2012 @06:38AM (#39237733)

    "...files that are downloaded from strangers always go through a trusted friend."

    Doesn't that just make the "friend" instantly liable for contributory infringement? It's going to be hard (impossible)? for the "friend" to qualify for "common carrier" status, which could provide a safe harbor against an infringement suit.

    It's true that this setup appears to be resistant to monitoring by outsiders, but keeping the people you don't want as members out of your online network is difficult, to say the least. It's certainly more work than busting up torrenters, but it's not exactly a difficult barrier either.

    And, if I'm providing files, I want files downloaded TO strangers to go through one of my trusted friends (of course, that friend is going to have the contributory infringement problems I suggested earlier.) I don't give a *bleep!* about the downloader covering his tracks, (And when has the xxAA gone after downloaders? Don't they always go after uploaders?) I'm more worried about mine.

    • by Jane Q. Public (1010737) on Sunday March 04, 2012 @06:59AM (#39237825)
      Repeat of what I replied to someone else above: OneSwarm is a darknet-capable file sharing client (it is also compatible with regular P2P networks), that addresses this issue. OneSwarm is designed such that once a file is put on the network, it is impossible to tell exactly where the file (or pieces of the file) are hosted, and it is equally impossible to tell what nodes they go through to get to you.

      So actual transfer of files is indeed anonymous.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Doesn't that just make the "friend" instantly liable for contributory infringement?

      Yes, but that isn't a problem.

      The entire point of a invite only method is to make sure that everyone invloved is trusted. The problem with many systems like that is that when it grows too big it becomes easier for soeone of the RIAA to be "a friend of a friend" and get access to the whole network that way.

      By only allowing the users to get access to the network through the "close firends" a member of the RIAA that gets access to the network can only monitor the firend that invited him/her. This means that yo

  • by Alain Williams (2972) <addw@phcomp.co.uk> on Sunday March 04, 2012 @06:43AM (#39237759) Homepage

    If you are being monitored the police/... can still see who you are talking to even if they can't understand what you are saying. OK: if messages are routed through a friend to some other ''accomplice'' it makes things a bit harder for them, but most private networks like this will not have huge numbers of people on them. Also you can learn a lot just by studying the timings of packets (eg: a packet from A to B is often followed by a similarly sized packet from B to C, it looks as if A is talking to C).

    • by Kjella (173770) on Sunday March 04, 2012 @07:57AM (#39238109) Homepage

      Yes, there are much stronger anonymous designs but the downsides are equally high. I'd call several of these recent designs "anonymous light", good enough that the MAFIAA can't just hook up and collect IPs but not good enough if you have the FBI, NSA or anything like that after you. Personally I don't like this design exactly because what if one of those I trust download something nasty? They'll come to me. I'd much rather see a design that affords some plausible deniability, that no it wasn't me it must have been one of the other nodes in the network, downloading through me.

    • if messages are routed through a friend to some other ''accomplice'' it makes things a bit harder for them, but most private networks like this will not have huge numbers of people on them

      That depends on your definition of "huge numbers of people" -- Tor certainly has a lot of nodes, although Tor is not the most robust anonymity system out there (Mixmaster is much more robust, but has about 20 nodes).

      Also you can learn a lot just by studying the timings of packets

      Assuming that your system is based on anonymizing sockets as opposed to email messages, file transfers, etc. The most popular anonymity systems -- proxy servers, Tor -- are based on anonymizing sockets, which is why those systems are popular, but there are other systems that are more resili

      • by Kjella (173770) on Sunday March 04, 2012 @12:23PM (#39239555) Homepage

        The problems with using Tor in this manner are:

        Storage servers are required; there is no way a popular file sharing site would remain undetected even if it were deployed as a hidden service. It would require too many resources to run, and eavesdropping would not even be necessary to narrow down the targets.
        Bandwidth is too limited; it would take days to download an HD movie over Tor, which is even less convenient than going to the nearest video store to buy it legally.

        Personally I'm surprised that nobody has come up with an application that basically merges what TOR and Freenet does into one. A distributed storage would provide both the capacity and the upload bandwidth, while freeing up resources from onion sites. The network bandwidth is actually not that bad, I've had files run at 200 kB/s when connected to a high-speed site in the normal web. Of course if people did that in volume the exit nodes would choke and die, but the network itself is rather capable if you could move the files on the inside.

  • Not the answer (Score:3, Insightful)

    by wormout (2558092) on Sunday March 04, 2012 @07:15AM (#39237893)
    Private darknets are a step backwards, IMO. At the one end you could have a large number of small networks between people who trust each other very well, but are limited in the size of the shared pool of material. At the other end you have less trusted large networks with a more material, but still nowhere near as large the entire internet, thus you would often not be able to find what you want. And the larger a network is, the less you are likely to trust everyone on it and the more vulnerable it is to infiltration. Even a small network could be compromised by someone who decided to betray all of their 'friends' (not necessarily out of malice).

    'Breaking into the scene' of private darknets is diffcult for anyone who doesn't have pre-existing, probably real-world contacts (much like having ready access to good drugs, it might be easy for kids in a college environment, not so much for your average person). And at the end of the day, if you are going to limit your file sharing activities with a few people you know, you might as well just use email.

    For a true culture of free information exchange, we need to look to systems that anyone with a connection and the right software can access and preferably search. This is far more technically challenging, and due to the measures taken to preserve anonymity, usually less convenient than what we are currently used to. But this will improve in due course. Tor, Freenet, I2P and others like them are the future, not walled gardens.
  • Retroshare itself may not require any centralized resource at all, but... how do you find like-minded friends in the first place and establish a web of trust? You're going to need a centralized forum/chatroom, aren't you, where you can meet people and identify those with common interests and focus? Retroshare simply shifts the focus of the centralized resource from the actual sharing of data to the social aspect of creating and maintaining that web of trust.

    And apparently all it would take, as hinted by someone else here, is one traitorous bastard in your web of trust to lay the whole thing out bare for the exploitation by others with selfish motives.

  • by DarkOx (621550) on Sunday March 04, 2012 @08:51AM (#39238317) Journal

    Web of trust models will only work where there is an incentive to keep people out of the network. In the P2P world its just exactly the opposite. Users want as many other users on the network as possible because it speeds up their transfers and increases the amount of available content. You could use web of trust for something like e-mail where users generally want to prevent spoofs, scams, and spam.

    I realize that users of P2P networks want to keep *some* people (FBI,Secret Service,DOJ,Interpol,[M,R]P?IAA employees ) off but for the most part they want users on. The next problem is you have the lowest common denominator issues. Again you want it to be simple enough that everyone and anyone can use it so you have content selection but that also means you get the same idiots who are still providing the account and routing numbers to 419 spammers. All mister federal agent needs to is promise to upload tons of free porn and John HighSchool is going to cross sign his PGP key.

    • by Aguazul (620868)
      Yes, it is inevitable that traitors or impostors will get onto the web of trust, unless it is a very very small web of trust. If it is a small web, then it is little different to me sending mix cassette tapes through the post to my personal friends. Is this why it is Retro?? Not sure how this safely goes beyond the small group, or gets sufficient momentum to become a noticeable movement, without sacrificing the 'personal trust' aspect.
  • by sociocapitalist (2471722) on Sunday March 04, 2012 @08:55AM (#39238341)

    At a glance, I don't see any hashes to validate the source files that are being downloaded.

    If I were the Feds (of any country) or anyone who wants to inject malware (ie the recent Anonymous trojan), I'd replace the installers or redirect when people go to get source files or updates.

  • by Anonymous Coward

    There are countries (France, afaiu) where encryption is illegal without a "licence".

    So while many comments here say you simply can't ban encryption without banning safe commerce, that's not so true. The government simply makes using encryption require a license and said commerce sites get a license and commerce and advertising continues. Joe Average User doesn't get a license, and when he does use encryption (with another unlicensed party), they go to jail.

    The one sticking point that I have never understo

    • otherwise how does it determine when two parties are using encryption and when they are just catting /dev/random to each other?

      People do not generally do that. We already have a communication system in the US where encryption is banned entirely: the amateur radio service. Nobody is trying to send noise to anyone else over the air, and people are generally willing to live without encryption on that service (even when they are speaking with their spouse -- there is simply no expectation of privacy). As far as I know, nobody has ever tried to claim that they were just sending a bunch of randomness to another person (it would pro

    • by Jedi Alec (258881)

      For the record, a 5-second Google search reveals that these laws were mostly revoked in France in 1999.

      Speaking from personal experience, any encrypted protocols an end-user might want to use are fully available.

  • the only slackbuild i could find is for 12.2 and an older version of RetroShare
  • by BLKMGK (34057) <morejunk4me@hotma[ ]com ['il.' in gap]> on Sunday March 04, 2012 @12:26PM (#39239591) Homepage Journal

    Having never heard of this software before and hearing about it now I'm betting that usage is again about to shoot up! :-)

    The "content providers" really need to get a clue. this comic says it all IMO -> http://theoatmeal.com/comics/game_of_thrones [theoatmeal.com]

    They make it ever harder to get content and then wonder why people are sharing more and more. I have pretty much ceased downloading MP3 because I can easily and cheaply get them from Amazon. I have pretty much ceased BUYING E-books because publishers jacked prices through the roof and I can download them in SECONDS. I download and save TV shows for later viewing often even though I have a couple of TiVO and record many of the same shows. That saves me the EFFORT of pulling them off my TiVO, editing them, compressing them, and copying them. If the transaction is easy ala Amazon's MP3 (which even copy to cloud storage!) then the sales will come. Perhaps it won't be at the astronomical prices these idiots dream of but it sure beats a lost sale doesn't it? Their idea is to bottle things up such that everyone is FORCED into their business model - I'm sorry but that's not going to ever happen. Make the transaction friction-less, have an extensive easy to use catalog, and make it cheap enough I'll buy it like some throwaway app in an app store and "content" will sell like hotcakes.

    Now then, I'm off to download and check out this new program. It will sure beat having folks over with portable drives for swap parties or participating in huge Torrent clouds!

  • by future assassin (639396) on Sunday March 04, 2012 @02:23PM (#39240613) Homepage

    what WASTE does? http://en.wikipedia.org/wiki/WASTE [wikipedia.org]

Going the speed of light is bad for your age.

Working...