Re: [GNUnet-developers] progress in anonymous P2P development?

[Christian Grothoff]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 13 August 2003 04:15 am, Niels Boeing wrote:
> Dear GNUnet developers,
>
> I am a technology writer in Hamburg, working part time for the
> Financial Times Deutschland, FT's German sister paper. Right now I am
> working on an article about the possibilities of anonymous P2P. So I'd
> like to ask one of you the following questions:

Fine. In return, I'd ask you to forward a copy of the article to me to double 
check it against misunderstandings before publication (unless you decide to 
not refer to GNUnet or myself). Oh, and I do read German. 

> - How does GNUnet fit into developments of anonymous P2P networks?

Freenet was the first P2P network that can reasonably claim to provide a 
non-trivial degree of anonymity and deniability.  GNUnet is a new design that 
has some similarities with Freenet but experiments with new concepts, such as 
swarm distribution of content, trading efficiency for anonymity and an 
economic model for resource allocation. GNUnet also has some purely technical 
advantages (pluggable P2P framework, transport service abstraction, C vs. 
Java, generic database vs. special-purpose DB code, load monitoring, etc.). 

> - Will completely anonymous P2P networks be feasible in the end?

There will never be such a thing as "completely anonymous".  Anonymity is a 
gradual property, and while various metrics (anonymity set, the group of 
possible subjects; or more recently entropy, the probability distribution in 
a group of subjects) are used to measure the *degree* of anonymity, there is 
no such thing as "completely" anonymous -- scientifically speaking, you know 
it's a human and that "narrows it down". 

Thus the real question is, will anonymity ever be "cheap" enough such that a 
significant user base will be willing to pay that price. Cheap here is both 
in terms of computer resources AND in terms of ease of use. Both will 
certainly improve over the next couple of years. 

Nevertheless, I would think that P2P networks with strong anonymity guarantees
will remain the domain of hackers and political activists that rely on 
anonymity to excercise their right to freedom of speach.  The tolerance of 
the common P2P user to the costs of anonymous networking will correspond on 
the level of governmental and industrial repression.

> - What are the main technical development difficulties in creating an
> anonymous P2P network?

Anonymous routing is the most difficult technical problem. Ease of use is the 
most difficult human problem. The security of most systems is broken because 
users are not able to use them properly.

> - What do you think about approaches as that of Blubster Manolito P2P?

I only know about them from what they say on their webpage:
a) UDP instead of TCP is not always better (or faster)
b) I don't see any documentation that explains how anonymity is achieved, 
except that they are using UDP instead of TCP. But that does not give them 
any anonymity. 
c) Considering that they advertise that they achieve high download speeds, it 
is highly doubtful that they provide any amount of anonymity against a 
serious adversary.
d) "unlimited scalability" and other claims also sounds more like a marketing 
department than a technically sound remark.
e) Blubster seems to focus entirely on music, most anonymous P2P networks 
allow any type of content. 
f) Blubster seems to be closed source, preventing independent researchers from 
evaluating the system. Freenet and GNUnet are both free software (GNU Public 
License), allowing anyone to evaluate, test and modify the software.


Best regards

Christian Grothoff
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/O94/9tNtMeXQLkIRAv+IAJ9yUNFoZZVAJwdsk3NcSV8CrEAG8gCeLBld
02r6qt1kIpfbiPsXXv+NlFM=
=owlV
-----END PGP SIGNATURE-----