Freenet is an anonymizing peer-to-peer (P2P) network that protects website visitors’ identities. It also hides the location of participating websites. The sites that are available on Freenet are called “freesites.” You can’t access them directly over the web. As such, many compare this system to the Dark Web as a secretive corner of the internet that harbors criminals, child pornographers, and terrorists. Freenet has a Darknet mode, where you can only make connections by invitation.
Freenet is a voluntary organization. It should not be confused with the Freenet Group, which is a German media conglomerate.
Freenet began as a thesis written by Ian Clarke while studying at the University of Edinburgh. That paper was submitted to the university in 1999. Clarke expanded his ideas in collaboration with other researchers and produced an outline of Freenet in 2001. The network that it defined now includes two million members.
The basis of Freenet is the use of computers and internet connections belonging to volunteers. Access to Freenet websites is routed through randomly selected computers, which are called “nodes.” Websites that operate on Freenet limit access to surfers who send their requests through a Freenet route.
Website content is stored in segments on several computers. The delivery of these segments is similar to the operational methods of the BitTorrent protocol. Rather than delivering a file from one source, Freenet clients source segments of a file from several locations. That file may be an HTML page. In that case, the client program that traces segments and downloads them also acts as a browser to display the downloaded page.
Freenet encrypts the storage of each segment, along with the file transfer connections.
Freenet and Tor
The Freenet routing concept is similar to that which the Tor Project uses. Tor stands for “the onion router.” It encrypts each message several times over. Each router on the path of the message holds the decryption key for one layer of encryption. Each encrypted layer is contained in a packet addressed to just one of the nodes in the chain. Thus each node can only know the address of the computer that passed the encrypted packet to it, and the address of the next router along, which is revealed after decryption of one layer of the message’s encryption.
In the case of Freenet, each node only communicates with its immediate neighbors. If a user wants to access a file, the client program on his computer asks neighboring nodes to go and look for it. Each node then asks its neighbor for the file. The process repeats until the file is found, or until the request times out.
If a requesting node locates a segment of a file, it copies over that data and then sends it to the node that initiated the request. Thus, each node only knows the address of the immediate neighbor that requested the file and the immediate neighbor that delivered it. No node ever knows the originator of the request. In addition, the requestor never finds out the original storage location of each file segment. This is because Freenet delivers file segments through a fireman’s chain, with the neighboring node making the final transfer from its own storage.
Volunteers run the nodes of both Freenet and Tor. Both systems help users to hide their location. In the case of the Tor network, messages pass through an exit node, where the final layer of encryption is decoded to reveal the ultimate destination of the message. From this point on, the packet travels over the regular internet to its target. With Freenet, the destination of the message has to be within the network, so requests to those sites must come from a Freenet node, and not over the regular internet.
Each member of the Freenet network uses a client program to search for files. This client constantly polls for other members on the network. It sends out test packets and ranks all the nodes it discovers by the speed of the acknowledgement messages. This speed ranking gives Freenet a better sense of the proximity of other nodes. The client will always contact the fastest nodes first, and the speed of reply can be an indication of physical proximity. The Tor network’s random routing often results in requests bouncing all over the world before exiting the network.
The random nature of Tor’s routing makes it impossible to work out the exact location of a requestor of a file. Meanwhile, the implied proximity of faster correspondents in the Freenet system means that it’s possible to get a better idea of the actual location of that node operator. Freenet’s speed ranking algorithm makes the delivery of files much faster, while Tor’s apparently illogical routing makes locating a user a much harder task.
Both Freenet and Tor have proved to be fallible. Several police authorities have managed to get into Tor. The British police, Europol, and the UK and US secret services seem to share the secret of how to crack it.
Freenet was cracked in 2011. However, that security weakness wasn’t revealed until a court case in North Dakota in 2015. The North Dakota Bureau of Criminal Investigation used evidence that it had obtained by intrusion on Freenet to convict a University of Dakota police officer for downloading child pornography through the network.
The Bureau of Criminal Investigation managed to track the activities of its target by putting up its own nodes on the Freenet network. This method has been further proliferated throughout the United States law enforcement community by the Black Ice Project. The project educates US law enforcement agencies on the techniques needed to create Freenet nodes and trace the network’s users.
The Darknet mode of Freenet should make it impossible for unknown third parties to intrude on a network. That’s because this mode relies on participants distributing the encryption keys that permit connections, rather than making that information publicly available. Therefore, in the Darknet scenario, only people who are known to the node owner could ever connect to that node. However, the Darknet option has been available since 2008, so either those people traced by the North Dakota Bureau of Criminal Investigation didn’t use this method, or a permitted user somewhere in the private network was too free with the distribution of his access permission key.
Virtual Private Networks (VPNs)
A VPN acts as a proxy for a customer. The VPN totally encrypts the traffic from the subscriber’s computer. As a result, it obscures the routing information on the front of each message. A carrier packet takes that encrypted packet through to the VPN server. The server then forwards the message on to its intended destination. All replies to requests must be packaged by the VPN server. That’s because the VPN client program on the customer’s computer receives every message arriving from the internet and will only process messages encrypted by the cipher agreed with the VPN server.
In order to guarantee that it receives all replies to messages sent on behalf of the subscriber, the VPN puts is own address in the header of the message to denote its origin. All replies to requests made over the internet are sent to the message’s source address. Thus, websites and internet services contacted through a VPN can’t know the true origin of a message.
VPNs don’t store data – they simply pass through requests to locations on the internet and process the resulting replies.
A VPN can’t give its customers total anonymity. In order to be completely anonymous on the internet, you need to cover your tracks so that no one knows the true origin of your messages. While you use a VPN to disguise your location, there will always be one organization that knows your true identity – the VPN company.
The relative strength of each VPN service lies in whether or not it keeps logs, or would comply with a court order to trace its customers’ activities. Most VPN companies say that they don’t keep logs. However, customers have to rely on the honesty of that marketing statement. In reality, subscribers have no way to check the truth of the VPN’s declared activity logging policy. Therefore, there is always a risk that a customer could be caught if the VPN cooperates with the authorities.
A VPN is a sole source of security. That makes its privacy services more reliable than an open system, such as Freenet or Tor. There is no way that a third party or law enforcement agency could intrude on the connection between the VPN client on a subscriber’s computer and the VPN server. Internet traffic leaving the VPN server takes a normal route. However, by that point, the VPN has removed the identity of the originator of the messages.
The VPN company has to map customers’ incoming messages to the temporary addresses placed on outgoing messages as their source identifier. Doing so means the replies to those requests can be routed back to the right subscriber. However, there is no procedural necessity for the VPN to retain those maps once the user ends a session. In fact, the storage and referencing of that information is an unnecessary expense to the VPN company.
VPNs with Freenet
A Freenet route only exists to connect a surfer to hidden freesites. As such, it’s not possible to use a VPN alone to connect to one of those sites. If you use a VPN, it would be an addition to the Freenet route. You still have to follow that route in order to gain access to freesites.
VPNs control, encrypt, and divert all traffic leaving a customer’s computer. Thus it is possible to implement a combination of VPN and Freenet. If the Freenet user has a residential internet service, their ISP allocates their IP address at the point of connection. Freenet users don’t have permanent IP addresses. As such, the frequent alteration of a Freenet node’s IP address shouldn’t harm participation in the P2P network.
In a combined scenario, the VPN client captures all outgoing Freenet traffic, encrypts it, and sends it to the VPN server. The VPN server sends the Freenet communication on to its destination (a neighboring node in the Freenet system). The process also channels the administration messages that the Freenet client software uses to advertise its availability through the VPN server. This gives the temporary IP address as a method of contact, rather than the customer’s real address.
The VPN simply shifts the location and identifying address of a customer. Thus all communications with the Freenet system carry on as usual. The VPN server just becomes the official participant. It passes back all file segments, so the subscriber’s computer continues to store files, rather than the VPN server.
As long as the VPN company keeps no logs, this privacy front-end service protects the subscriber from exposure to the authorities. This applies even if the authorities insert a snooping node into the Freenet network to track members’ activities.
The technology of systems such as VPNs and Freenet can protect you from technical methods of intrusion. However, they don’t prevent you from blowing your cover with loose talk. If you use Freenet to access illegal files and information, or encounter like-minded people who couldn’t fraternize openly, you have to be careful about the information that you give away about yourself. Otherwise, all of the extra security Freenet provides is worthless.
Similarly, VPNs can’t protect you from arrest if you post seditious or libelous content on social media sites or your blog. If you want to start a revolution, or expose government corruption, make sure you don’t reveal details about your daily life that could tell the authorities where and who you are. A VPN can’t protect you from making indiscreet disclosures to “friends” in chatrooms. Nor can it stop you falling for email scams.
You may be one of those people who frequently says that you can’t trust anyone and can’t believe everything that you read on the web. Those warnings also apply to Freenet. Don’t let the system’s privacy cause you to drop your guard. Don’t give away your secrets, don’t reveal you identity, and don’t trust websites just because they are freesites. Be careful, too, who you invite into your private Darknet network.
Image Credit: Profit_Image/Shutterstock.com