This article needs additional citations for verification .(April 2019) |
This article needs to be updated.(April 2019) |
Developer(s) | GNUnet e.V. [1] |
---|---|
Initial release | November 5, 2001 |
Stable release | |
Repository | |
Written in | C [3] |
Operating system | official: Free software operating systems (Linux, FreeBSD, NetBSD, OpenBSD); unofficial: Other operating systems (OS X, Windows) |
Available in | Spanish, English, Russian, German, French |
Type | Anonymous P2P, Friend-to-friend |
License | 2018: AGPL-3.0-or-later [lower-alpha 1] [4] 2007: GPL-3.0-or-later [lower-alpha 2] 2001: GPL-2.0-or-later [lower-alpha 3] |
Website | gnunet |
Part of a series on |
File sharing |
---|
Technologies |
Video on demand sites |
BitTorrent sites |
Academic/scholarly |
File sharing networks |
P2P clients |
Streaming programs |
Anonymous file sharing |
Development and societal aspects |
By country or region |
Comparisons |
GNUnet is a software framework for decentralized, peer-to-peer networking and an official GNU package. The framework offers link encryption, peer discovery, resource allocation, communication over many transports (such as TCP, UDP, HTTP, HTTPS, WLAN and Bluetooth) and various basic peer-to-peer algorithms for routing, multicast and network size estimation. [5] [6]
GNUnet's basic network topology is that of a mesh network. GNUnet includes a distributed hash table (DHT) which is a randomized variant of Kademlia that can still efficiently route in small-world networks. GNUnet offers a "F2F topology" option for restricting connections to only the users' trusted friends. The users' friends' own friends (and so on) can then indirectly exchange files with the users' computer, never using its IP address directly.
GNUnet uses Uniform resource identifiers (not approved by IANA, although an application has been made).[ when? ] GNUnet URIs consist of two major parts: the module and the module specific identifier. A GNUnet URI is of form gnunet://module/identifier
where module is the module name and identifier is a module specific string.
The primary codebase is written in C, but there are bindings in other languages to produce an API for developing extensions in those languages. GNUnet is part of the GNU Project. It has gained interest in the hacker community after the PRISM revelations. [7]
GNUnet consists of several subsystems, of which essential ones are Transport and Core subsystems. [8] Transport subsystem provides insecure link-layer communications, while Core provides peer discovery and encryption. [9] On top of the core subsystem various applications are built.
GNUnet includes various P2P applications in the main distribution of the framework, including filesharing, chat and VPN; additionally, a few external projects (such as secushare) are also extending the GNUnet infrastructure.
GNUnet is unrelated to the older Gnutella P2P protocol. Gnutella is not an official GNU project, while GNUnet is. [10]
Originally, GNUnet used UDP for underlying transport. [11] Now GNUnet transport subsystem provides multiple options, such as TCP and SMTP. [12]
The communication port, officially registered at IANA, is 2086 (tcp + udp). [13]
GNUnet provides trust system based on an excess-based economic model. [14] The idea of employing an economic system is taken from the MojoNation network. [15]
GNUnet network has no trusted entities so it is impossible to maintain a global reputation. Instead, each peer maintains its own trust for each of its local links.
When resources, such as bandwidth and CPU time, are in excess, the peer provides them to all requesting neighbors without reducing trust or otherwise charging them. When a node is under stress it drops requests from its neighbor nodes having lower internal trust value. However, when the peer has less resources than enough to fulfill everyone's requests, it denies requests of those neighbors that it trusts less and charges others by reducing their trust.
The primary application at this point is anonymous, censorship-resistant file-sharing, allowing users to anonymously publish or retrieve information of all kinds. The GNUnet protocol which provides anonymity is called GAP (GNUnet anonymity protocol). [16] GNUnet FS can additionally make use of GNU libextractor to automatically annotate shared files with metadata.
Files shared with GNUnet are ECRS (An Encoding for Censorship-Resistant Sharing) coded. [17]
All content is represented as GBlocks. Each GBlock contains 1024 bytes. There are several types of GBlocks, each of them serves a particular purpose. Any GBlock is uniquely identified by its RIPEMD-160 hash .
DBlocks store actual file contents and nothing else. File is split at 1024 byte boundaries and resulting chunks are stored in DBlocks. DBlocks are linked together into Merkle tree by means of IBlocks that store DBlock identifiers.
Blocks are encrypted with a symmetric key derived from when they are stored in the network.
GNUnet Anonymity Protocol consists of queries and replies. Depending on load of the forwarding node, messages are forwarded to zero or more nodes.
Queries are used to search for content and request data blocks.
Query contains resource identifier, reply address, priority and TTL (Time-to-Live).
Resource identifier of datum is a triple-hash . [18] Peer that replies to query provides to prove that it indeed has the requested resource without providing to intermediate nodes, so intermediate nodes can't decrypt .
Reply address is the major difference compared to Freenet protocol. While in Freenet reply always propagates back using the same path as the query, in GNUnet the path may be shorter. Peer receiving a query may drop it, forward it without rewriting reply address or indirect it by replacing reply address with its own address. By indirecting queries peer provides cover traffic for its own queries, while by forwarding them peer avoids being a link in reply propagation and preserves its bandwidth. This feature allows the user to trade anonymity for efficiency. User can specify an anonymity level for each publish, search and download operation. An anonymity level of zero can be used to select non-anonymous file-sharing. GNUnet's DHT infrastructure is only used if non-anonymous file-sharing is specified. The anonymity level determines how much cover traffic a peer must have to hide the user's own actions.
Priority specifies how much of its trust user wants to spend in case of a resource shortage.
TTL is used to prevent queries from staying in the network for too long.
The fs module identifier consists of either chk, sks, ksk or loc followed by a slash and a category specific value. Most URIs contain hashes, which are encoded in base32hex. [19]
gnunet://fs/chk/[file hash].[query hash].[file size in bytes]
gnunet://fs/sks/NAMESPACE/IDENTIFIER
gnunet://fs/ksk/KEYWORD[+KEYWORD]*
gnunet://fs/loc/PEER/QUERY.TYPE.KEY.SIZE
A type of GNUnet filesharing URI pointing to a specific copy of GNU GPL license text: gnunet://fs/chk/9E4MDN4VULE8KJG6U1C8FKH5HA8C5CHSJTILRTTPGK8MJ6VHORERHE68JU8Q0FDTOH1DGLUJ3NLE99N0ML0N9PIBAGKG7MNPBTT6UKG.1I823C58O3LKS24LLI9KB384LH82LGF9GUQRJHACCUINSCQH36SI4NF88CMAET3T3BHI93D4S0M5CC6MVDL1K8GFKVBN69Q6T307U6O.17992
Another type of GNUnet filesharing URI, pointing to the search results of a search with keyword "gpl": gnunet://fs/ksk/gpl
GNUnet includes an implementation of the GNU Name System (GNS), a decentralized and censorship-resistant replacement for DNS. In GNS, each user manages their own zones and can delegate subdomains to zones managed by other users. Lookups of records defined by other users are performed using GNUnet's DHT. [20] GNS has been standardized in RFC 9498. The GANA registry manages the ".alt" top-level domain in GNS. [21]
GNUnet can tunnel IP traffic over the peer-to-peer network. If necessary, GNUnet can perform IPv4-IPv6 protocol translation in the process. GNUnet provides a DNS Application-level gateway to proxy DNS requests and map addresses to the desired address family as necessary. This way, GNUnet offers a possible technology to facilitate IPv6 transition. Furthermore, in combination with GNS, GNUnet's protocol translation system can be used to access hidden services — IP-based services that run locally at some peer in the network and which can only be accessed by resolving a GNS name.
Gabor X Toth published in early September 2013 a thesis [22] to present the design of a social messaging service for the GNUnet peer-to-peer framework that offers scalability, extensibility, and end-to-end encrypted communication. The scalability property is achieved through multicast message delivery, while extensibility is made possible by using PSYC (Protocol for SYnchronous Conferencing), which provides an extensible RPC (Remote Procedure Call) syntax that can evolve over time without having to upgrade the software on all nodes in the network. Another key feature provided by the PSYC layer are stateful multicast channels, which are used to store e.g. user profiles. End-to-end encrypted communication is provided by the mesh service of GNUnet, upon which the multicast channels are built. Pseudonymous users and social places in the system have cryptographical identities — identified by their public key — these are mapped to human memorable names using GNS (GNU Name System), where each pseudonym has a zone pointing to its places.
That is the required building block for turning the GNUnet framework into a fully peer-to-peer social networking platform.
A chat has been implemented in the CADET module, [23] for which a GTK interface for GNOME exists, [24] specifically designed for the emerging Linux phones (such as the Librem 5 or the PinePhone). [25]
Hyphanet is a peer-to-peer platform for censorship-resistant, anonymous communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship. Both Freenet and some of its associated tools were originally designed by Ian Clarke, who defined Freenet's goal as providing freedom of speech on the Internet with strong anonymity protection.
Gnutella is a peer-to-peer network protocol. Founded in 2000, it was the first decentralized peer-to-peer network of its kind, leading to other, later networks adopting the model.
Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network, forming a peer-to-peer network of nodes.
The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications. SIP is used in Internet telephony, in private IP telephone systems, as well as mobile phone calling over LTE (VoLTE).
A distributed hash table (DHT) is a distributed system that provides a lookup service similar to a hash table. Key–value pairs are stored in a DHT, and any participating node can efficiently retrieve the value associated with a given key. The main advantage of a DHT is that nodes can be added or removed with minimum work around re-distributing keys. Keys are unique identifiers which map to particular values, which in turn can be anything from addresses, to documents, to arbitrary data. Responsibility for maintaining the mapping from keys to values is distributed among the nodes, in such a way that a change in the set of participants causes a minimal amount of disruption. This allows a DHT to scale to extremely large numbers of nodes and to handle continual node arrivals, departures, and failures.
BitTorrent, also referred to as simply torrent, is a communication protocol for peer-to-peer file sharing (P2P), which enables users to distribute data and electronic files over the Internet in a decentralized manner. The protocol is developed and maintained by Rainberry, Inc., and was first released in 2001.
In computing, Chord is a protocol and algorithm for a peer-to-peer distributed hash table. A distributed hash table stores key-value pairs by assigning keys to different computers ; a node will store the values for all the keys for which it is responsible. Chord specifies how keys are assigned to nodes, and how a node can discover the value for a given key by first locating the node responsible for that key.
An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routing overlay networks that hide the physical location of each node from other participants.
Kademlia is a distributed hash table for decentralized peer-to-peer computer networks designed by Petar Maymounkov and David Mazières in 2002. It specifies the structure of the network and the exchange of information through node lookups. Kademlia nodes communicate among themselves using UDP. A virtual or overlay network is formed by the participant nodes. Each node is identified by a number or node ID. The node ID serves not only as identification, but the Kademlia algorithm uses the node ID to locate values.
A distributed data store is a computer network where information is stored on more than one node, often in a replicated fashion. It is usually specifically used to refer to either a distributed database where users store information on a number of nodes, or a computer network in which users store information on a number of peer network nodes.
An overlay network is a computer network that is layered on top of another network. The concept of overlay networking is distinct from the traditional model of OSI layered networks, and almost always assumes that the underlay network is an IP network of some kind.
A dark net or darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization, and often uses a unique customized communication protocol. Two typical darknet types are social networks, and anonymity proxy networks such as Tor via an anonymized series of connections.
A friend-to-friend computer network is a type of peer-to-peer network in which users only make direct connections with people they know. Passwords or digital signatures can be used for authentication.
Peer Name Resolution Protocol (PNRP) is a peer-to-peer protocol designed by Microsoft. PNRP enables dynamic name publication and resolution, and requires IPv6.
File sharing is a method of distributing electronically stored information such as computer programs and digital media. Below is a list of file sharing applications, most of them make use of peer-to-peer file sharing technologies.
Pastry is an overlay network and routing network for the implementation of a distributed hash table (DHT) similar to Chord. The key–value pairs are stored in a redundant peer-to-peer network of connected Internet hosts. The protocol is bootstrapped by supplying it with the IP address of a peer already in the network and from then on via the routing table which is dynamically built and repaired. It is claimed that because of its redundant and decentralized nature there is no single point of failure and any single node can leave the network at any time without warning and with little or no chance of data loss. The protocol is also capable of using a routing metric supplied by an outside program, such as ping or traceroute, to determine the best routes to store in its routing table.
Peer-to-peer file sharing (P2P) systems like Gnutella, KaZaA, and eDonkey/eMule, have become extremely popular in recent years, with the estimated user population in the millions. An academic research paper analyzed Gnutella and eMule protocols and found weaknesses in the protocol; many of the issues found in these networks are fundamental and probably common on other P2P networks. Users of file sharing networks, such as eMule and Gnutella, are subject to monitoring of their activity. Clients may be tracked by IP address, DNS name, software version they use, files they share, queries they initiate, and queries they answer to. Clients may also share their private files to the network without notice due to inappropriate settings.
Phex is a peer-to-peer file sharing client for the gnutella network, released under the terms of the GNU General Public License, so Phex is free software. Phex is based on Java SE 5.0 or later.
An Internet Protocol Version 6 address is a numeric label that is used to identify and locate a network interface of a computer or a network node participating in a computer network using IPv6. IP addresses are included in the packet header to indicate the source and the destination of each packet. The IP address of the destination is used to make decisions about routing IP packets to other networks.
Mainline DHT is the name given to the Kademlia-based distributed hash table (DHT) used by BitTorrent clients to find peers via the BitTorrent protocol. The idea of using a DHT for distributed tracking in BitTorrent was first implemented in Azureus 2.3.0.0 in May 2005, from which it gained significant popularity. Unrelated but around the same time, BitTorrent, Inc. released a similar DHT into their client called Mainline DHT, and thus popularized the use of distributed tracking in the BitTorrent protocol. Measurement showed that by 2013, the concurrent number of users of Mainline DHT is from 16 million to 28 million, with intra-day changes of at least 10 million.
GNUnet is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.