Retroshare

Last updated

Retroshare
Original author(s) Robert Fernie
Developer(s)
  • Cyril Soler
  • Gioacchino Mazzurco
Initial release2006;18 years ago (2006) [1]
Stable release
0.6.6 [2]   OOjs UI icon edit-ltr-progressive.svg / 13 March 2021
Repository github.com/RetroShare
Written in C++
Operating system Linux, Windows, macOS, Android, FreeBSD, OpenBSD, NetBSD, Haiku
Platform Cross-platform
Available in38 languages [3]
List of languages
English, Arabic, Bulgarian, Catalan (Spain), Chinese (China), Chinese (Taiwan), Czech, Danish, Dutch, Estonian, Finnish, French, Galician (Spain), German, Greek, Hebrew, Hungarian, Indonesian, Italian, Japanese, Korean, Macedonian, Malayalam, Norwegian Bokmål, Occitan, Polish, Portuguese, Portuguese (Brazil), Portuguese (Portugal), Romanian, Russian, Serbian, Slovenian, Spanish, Swedish, Turkish, Ukrainian, Vietnamese
Type Anonymous P2P, friend-to-friend, chat, instant messaging, newsgroups, voice over IP, email client and BBS
License GNU General Public License
Website retroshare.cc

Retroshare is a free and open-source peer-to-peer communication and file sharing app based on a friend-to-friend network built by GNU Privacy Guard (GPG). [4] Optionally peers may exchange certificates and IP addresses to their friends and vice versa. [5] [6]

Contents

History

Retroshare was founded in 2004 by Mark Fernie. [7] An unofficial build for the single-board computer Raspberry Pi, named PiShare, was available since 2012. [8]

On 4 November 2014, Retroshare scored 6 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard, which is now out-of-date. It lost a point because there had not been a recent independent code audit. [9]

In August 2015, Retroshare repository was migrated from SourceForge to GitHub. [10] In 2016, Linux Magazine reviewed security gaps in Retroshare and described it as "a brave effort, but in the end, an ineffective one." [11]

Design

Retroshare is an instant messaging and file-sharing network that uses a distributed hash table for address discovery. Users can communicate indirectly through mutual friends and request direct connections. [12]

Features

Authentication and connectivity

After initial installation, the user generates a pair of (GPG) cryptographic keys with Retroshare. After authentication and exchanging an asymmetric key, OpenSSL is used to establish a connection, and for end-to-end encryption. Friends of friends cannot connect by default, but they can see each other, if the users allow it. IPv6 was released in November of 2018.

File sharing

It is possible to share folders between friends. [13] File transfer is carried on using a multi-hop swarming system (inspired by the "Turtle Hopping" feature from the Turtle F2F project, but implemented differently). In essence, data is only exchanged between friends, although it is possible that the ultimate source and destination of a given transfer are multiple friends apart. A search function performing anonymous multi-hop search is another source of finding files in the network.

Files are represented by their SHA-1 hash value, and HTTP-compliant file and links may be exported, copied, and pasted into/out of Retroshare to publish their virtual location into the Retroshare network.

Communication

Retroshare offers the following services for communication:

User interface

The core of the Retroshare software is based on an offline library, into which two executables are plugged:

Anonymity

The friend-to-friend structure of the Retroshare network makes it difficult to intrude and hardly possible to monitor from an external point of view.[ citation needed ] [14] The degree of anonymity may be improved further by deactivating the DHT and IP/certificate exchange services, making the Retroshare network a real dark net. [15]

Friends of friends may not connect directly with each other; however, a user may enable the anonymous sharing of files with friends of friends. Search, access, and both upload and download of these files are made by "routing" through a series of friends. This means that communication between the source of data (the up-loader) and the destination of the data (the down-loader) is indirect through mutual friends. Although the intermediary friends cannot determine the original source or ultimate destination, they can see their very next links in the communication chain (their friends). Since the data stream is encrypted, only the original source and ultimate destination are able to see what data is transferred.

Caveats

While Retroshare's encryption makes it virtually impossible for an ISP or another external observer to know what one is downloading or uploading, this limitation does not apply to members of the user's Retroshare circle of trust; adding untrusted people to it may be a potential risk. [16] [ better source needed ]

In 2012, a German Court granted an injunction against a user of Retroshare for sharing copyrighted music files. Retroshare derives its security from the fact that all transfers should go through “trusted friends” whom users add. In this case, the defendant added the anti-piracy monitoring company as a friend, which allowed him to be traced through aggregation of bad Opsec. [17]

See also

Related Research Articles

<span class="mw-page-title-main">Hyphanet</span> Peer-to-peer Internet platform for censorship-resistant communication

Hyphanet is a peer-to-peer platform for censorship-resistant, anonymous communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship. Both Freenet and some of its associated tools were originally designed by Ian Clarke, who defined Freenet's goal as providing freedom of speech on the Internet with strong anonymity protection.

<span class="mw-page-title-main">LimeWire</span> Peer-to-peer file sharing application

LimeWire was a free peer-to-peer file sharing client for Windows, macOS, Linux, and Solaris. Created by Mark Gorton in 2000, it was most prominently a tool used for the download and distribution of pirated materials, particularly pirated music. In 2007, LimeWire was estimated to be installed on over one-third of all computers globally.

<span class="mw-page-title-main">Instant messaging</span> Form of computer communication over the internet or locally

Instant messaging (IM) technology is a type of synchronous computer-mediated communication involving the immediate (real-time) transmission of messages between two or more parties over the Internet or another computer network. Originally involving simple text message exchanges, modern IM applications and services tend to also feature the exchange of multimedia, emojis, file transfer, VoIP, and video chat capabilities.

<span class="mw-page-title-main">Distributed hash table</span> Decentralized distributed system with lookup service

A distributed hash table (DHT) is a distributed system that provides a lookup service similar to a hash table. Key–value pairs are stored in a DHT, and any participating node can efficiently retrieve the value associated with a given key. The main advantage of a DHT is that nodes can be added or removed with minimum work around re-distributing keys. Keys are unique identifiers which map to particular values, which in turn can be anything from addresses, to documents, to arbitrary data. Responsibility for maintaining the mapping from keys to values is distributed among the nodes, in such a way that a change in the set of participants causes a minimal amount of disruption. This allows a DHT to scale to extremely large numbers of nodes and to handle continual node arrivals, departures, and failures.

BitTorrent, also referred to simply as torrent, is a communication protocol for peer-to-peer file sharing (P2P), which enables users to distribute data and electronic files over the Internet in a decentralized manner. The protocol is developed and maintained by Rainberry, Inc., and was first released in 2001.

WASTE is a peer-to-peer and friend-to-friend protocol and software application developed by Justin Frankel at Nullsoft in 2003 that features instant messaging, chat rooms, and file browsing/sharing capabilities. The name WASTE is a reference to Thomas Pynchon's novel The Crying of Lot 49. In the novel, W.A.S.T.E. is an underground postal service.

<span class="mw-page-title-main">GNUnet</span> Framework for decentralized, peer-to-peer networking which is part of the GNU Project

GNUnet is a software framework for decentralized, peer-to-peer networking and an official GNU package. The framework offers link encryption, peer discovery, resource allocation, communication over many transports and various basic peer-to-peer algorithms for routing, multicast and network size estimation.

An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routing overlay networks that hide the physical location of each node from other participants.

The Invisible Internet Project (I2P) is an anonymous network layer that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user's traffic, and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. Given the high number of possible paths the traffic can transit, a third party watching a full connection is unlikely. The software that implements this layer is called an "I2P router", and a computer running I2P is called an "I2P node". I2P is free and open sourced, and is published under multiple licenses.

A dark net or darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization, and often uses a unique customized communication protocol. Two typical darknet types are social networks, and anonymity proxy networks such as Tor via an anonymized series of connections.

A friend-to-friend computer network is a type of peer-to-peer network in which users only make direct connections with people they know. Passwords or digital signatures can be used for authentication.

Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what is said. Other than spoken face-to-face communication with no possible eavesdropper, it is probable that no communication is guaranteed to be secure in this sense, although practical obstacles such as legislation, resources, technical issues, and the sheer volume of communication serve to limit surveillance.

Private peer-to-peer (P2P) systems are peer-to-peer (P2P) systems that allow only mutually trusted peers to participate. This can be achieved by using a central server such as a Direct Connect hub to authenticate clients. Alternatively, users can exchange passwords or cryptographic keys with friends to form a decentralized network. Private peer-to-peer systems can be divided into friend-to-friend (F2F) and group-based systems. Friend-to-friend systems only allow connections between users who know one another, but may also provide automatic anonymous forwarding. Group-based systems allow any user to connect to any other, and thus they cannot grow in size without compromising their users' privacy. Some software, such as WASTE, can be configured to create either group-based or F2F networks.

<span class="mw-page-title-main">TorrentSpy</span> Torrent indexing website

TorrentSpy was a popular BitTorrent indexing website. It provided .torrent files, which enabled users to exchange data between one another.

<span class="mw-page-title-main">Turtle F2F</span>

Turtle was a free anonymous peer-to-peer network project being developed at the Vrije Universiteit in Amsterdam, involving professor Andrew Tanenbaum. It is not developed anymore. Like other anonymous P2P software, it allows users to share files and otherwise communicate without fear of legal sanctions or censorship. Turtle's claims of anonymity are backed by two research papers provided in the "external links" below.

<span class="mw-page-title-main">Tribler</span> Peer-to-peer filesharing software and protocol

Tribler is an open source decentralized BitTorrent client which allows anonymous peer-to-peer by default. Tribler is based on the BitTorrent protocol and uses an overlay network for content searching. Due to this overlay network, Tribler does not require an external website or indexing service to discover content. The user interface of Tribler is very basic and focused on ease of use instead of diversity of features. Tribler is available for Linux, Windows, and OS X.

Peer-to-peer file sharing (P2P) systems like Gnutella, KaZaA, and eDonkey/eMule, have become extremely popular in recent years, with the estimated user population in the millions. An academic research paper analyzed Gnutella and eMule protocols and found weaknesses in the protocol; many of the issues found in these networks are fundamental and probably common on other P2P networks. Users of file sharing networks, such as eMule and Gnutella, are subject to monitoring of their activity. Clients may be tracked by IP address, DNS name, software version they use, files they share, queries they initiate, and queries they answer to. Clients may also share their private files to the network without notice due to inappropriate settings.

Bitblinder was an open source software program that allows users to share bandwidth and IP addresses in order to anonymously download torrents and browse the internet. It was first released in June 2009, under an MIT open-source license. It was developed by Josh Albrecht and Matthew Kaniaris of Innominet. The software is based on the principles that Tor uses to create anonymity but was designed to be faster and encourage file sharing in addition to anonymous browsing. It currently comes bundled with an anonymous browser based on Mozilla Firefox and an anonymous BitTorrent client based on BitTornado. The software was planned to provide anonymity for instant messaging and Internet Relay Chat.

<span class="mw-page-title-main">Tox (protocol)</span> Distributed protocol for telephony and instant messaging

Tox is a peer-to-peer instant-messaging and video-calling protocol that offers end-to-end encryption. The stated goal of the project is to provide secure yet easily accessible communication for everyone. A reference implementation of the protocol is published as free and open-source software under the terms of the GNU GPL-3.0-or-later.

<span class="mw-page-title-main">IPVanish</span> Virtual private network provider

IPVanish VPN is a US-based VPN service owned by Ziff Davis.

References

  1. "Retroshare aims to be a private F2F social network | SourceForge Community Blog". Sourceforge.net. 11 May 2010. Retrieved 4 December 2016.
  2. "Release 0.6.6". 13 March 2021. Retrieved 16 March 2021.
  3. "Retroshare localization". Transifex.com. Retrieved 4 December 2016.
  4. Amato, Alba, Beniamino Di Martino, Marco Scialdone, and Salvatore Venticinque. "A negotiation solution for smart grid using a fully decentralized, P2P approach". Ninth International Conference on Complex.{{cite journal}}: CS1 maint: multiple names: authors list (link)
  5. "Anonymous, Decentralized and Uncensored File-Sharing is Booming". TorrentFreak. 3 March 2012. Retrieved 4 December 2016.
  6. Shen, Xuemin; Yu, Heather; Buford, John; Akon, Mursalin, eds. (2010). Handbook of Peer-to-Peer Networking | Xuemin (Sherman) Shen. Springer. doi:10.1007/978-0-387-09751-0. ISBN   978-0-387-09750-3. S2CID   60783890 . Retrieved 4 December 2016.
  7. Alkhulaiwi, Rakan; Sabur, Abdulhakim; Aldughayem, Khalid; Almanna, Osama (December 2016). "Survey of secure anonymous peer to peer Instant Messaging protocols". 2016 14th Annual Conference on Privacy, Security and Trust (PST). IEEE. pp. 294–300. doi:10.1109/pst.2016.7906977. ISBN   978-1-5090-4379-8. S2CID   15496391.
  8. "PiShare download". SourceForge.net. 15 January 2014. Retrieved 4 December 2016.
  9. "Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?". Electronic Frontier Foundation. 4 November 2014.
  10. Community, Retroshare. "History - Retroshare Docs". retroshare.readthedocs.io. Retrieved 28 January 2018.
  11. Byfield, Bruce (24 February 2016). "Is a private network useful for privacy and security?". Linux Magazine . Retrieved 4 September 2022.
  12. M, Rogers; S, Bhatti (2007). "How to Disappear Completely: A Survey of Private Peer-to-Peer Networks". discovery.ucl.ac.uk. Retrieved 28 January 2018.[ permanent dead link ]
  13. Alkhulaiwi, Rakan, Abdulhakim Sabur, Khalid Aldughayem, and Osama Almanna. "Survey of secure anonymous peer to peer Instant Messaging protocols". 14th Annual Conference on Privacy, Security and Trust.{{cite journal}}: CS1 maint: multiple names: authors list (link)
  14. Alkhulaiwi, Rakan, Abdulhakim Sabur, Khalid Aldughayem, and Osama Almanna (2016). "Survey of secure anonymous peer to peer Instant Messaging protocols". 2016 14th Annual Conference on Privacy, Security and Trust (PST). pp. 294–300. doi:10.1109/PST.2016.7906977. ISBN   978-1-5090-4379-8. S2CID   15496391.{{cite book}}: CS1 maint: multiple names: authors list (link)
  15. "Anonymous, Decentralized and Uncensored File-Sharing is Booming - TorrentFreak". TorrentFreak. 3 March 2012. Retrieved 28 January 2018.
  16. "Increase online privacy with Retroshare". Doug Vitale Tech Blog. 29 July 2013. Retrieved 28 January 2018.
  17. ""Anonymous" File-Sharing Darknet Ruled Illegal by German Court - TorrentFreak". TorrentFreak. 23 November 2012. Retrieved 28 January 2018.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.