Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 981
- Points
- 113
Today we will talk about Decentralized Anonymous Networks (DAS). What networks, besides TOR and i2p, do you know about? Let us first briefly outline the general principle of operation of the DAS.
What DAS are there at the moment?
1) ANts P2P
ANts P2P is a 3rd generation peer-to-peer file-sharing network created in 2003 and featuring enhanced security thanks to its tunneling mechanism and AES two-layer encryption. In this network, unlike BitTorrent, participants exchange traffic not directly, but through several nodes. Each participant knows only the IP address of his immediate neighbor. Thus, the sender does not know where his file is sent, and the recipient does not know where it was received from.
You can download the ANts P2P client distribution from sourceforge.net/ projects / antsp2p /, and you can find a tutorial on how to use the program at tinyurl.com/eezq4.
Java virtual machine
For ANts P2P client to work, you need to install a Java virtual machine, the distribution kit of which is available at the link 'java.com / ru / download /.
After downloading and unpacking the archive with the distribution kit, run the ANtsP2P.jar file from the client folder. The installed ANts P2P application connects via the global network to other clients installed on the computers of complete strangers, as a result of which an anonymous network is built, through which users can securely transfer various files and information through virtual asymmetrically encrypted tunnels between nodes. This application also has a built-in IRC client for real-time messaging.
Encrypted packets that pass through intermediate network nodes cannot be intercepted at these nodes. And for the exchange of encryption keys, an algorithm is used that allows two parties to obtain a common private key based on the use of an unprotected from eavesdropping, but protected from substitution, communication channel.
2) Bitmessage
Bitmessage is an open source cryptographic electronic messaging system that allows users to send encrypted messages to other users of the system. In this sense, Bitmessage can be used as an alternative to email. Anonymity when working through Bitmessage is ensured by the following:
- sent messages are sent to the computers of all other available network participants, while the encrypted outgoing messages of each user are mixed with the encrypted outgoing messages of all other network users;
- long addresses of the form BM are used - G u RLKD h QA 5 h A h E 6 PIX ^ kcvbttl A u XA d Q, which can be created by the user in an unlimited number;
- public key encryption algorithms are used - accordingly, only the intended recipient can decrypt the message. Even the sender of the message will not be able to decrypt his own message, since the key used for encryption is different from the key used for decryption;
- the sent message does not contain the recipient's address, so each network participant tries to decrypt absolutely all messages coming from the network, including those not intended for him, however, out of the entire volume of messages received in encrypted form, he is able to decrypt only those intended for him personally;
- the sender of a message can find out whether a message has been delivered to the recipient using the confirmation system, but the sender cannot determine which computer on the network is the true recipient of the message, since this message is kept by all network participants, regardless of who it was originally intended for;
- encrypted messages are stored on the network for two days, after which they are deleted by network participants
- Decentralized anonymous communication groups (called chan) are used, in which messages from users are anonymous to such an extent that neither the recipient's address nor the sender's address is known. Due to the complete decentralization of the network, these groups cannot be disabled by deleting any central server or group of servers. Groups are also impossible to censor, since in order to use cryptographic keys to access a group, you only need to know its name. Thus, any Bitmessage user who knows the name and address of the mailing list can anonymously read the messages in the group and send new messages anonymously.
In addition to the official client, you can send / receive Bitmessage messages in almost any regular email program - for example, Mozilla Thunderbird or Windows Mail.
3) Freenet
Freenet is a decentralized and highly anonymous peer-to-peer network that runs on top of the Internet and includes a large number of peer-to-peer computers that allows any content to be published without the ability to identify the sender. Data confidentiality is guaranteed by strong cryptography - in order to receive the file, the request must provide the key associated with it.
The creation of Freenet is an attempt to eliminate censorship of user communications. Essentially, the core concept of Freenet is the belief that no one is allowed to decide what is acceptable and what is not. The web is encouraged to be tolerant of the values of others, and in the absence of the latter, users are asked to turn a blind eye to content that contradicts their views.
4) I2P
The acronym I2P stands for Invisible Internet Project, the Invisible Internet Project, and hides a fork of the previously described Freenet project. The essence of the I2P project, created in 2003, is to organize a freely available super-stable, anonymous, overlay (ie, created on top of another network), encrypted network and software applicable for web! -Surfing, anonymous hosting (creating anonymous sites, forums and chats, file-sharing servers, etc.), instant messaging systems, blogging, as well as for file-sharing (including peer-to-peer), e-mail, VoIP and much more.
5) RetroShare
RetroShare is a platform for decentralized exchange of emails, instant messages and files using encrypted F2F / P2P-ceTH, built on the basis of GNU Privacy Guard algorithms and the Perfect Forward Secrecy Protocol. To work in the network, it is necessary to find at least 10 trusted participants who more or less regularly log on to the network.
Despite the fact that RetroShare is quite difficult to connect, this network offers almost limitless opportunities for communication and content sharing, the main feature of which is security.
Hybrid anonymous networks
In hybrid networks, unlike completely decentralized ones, servers are used to coordinate work, search or provide information about existing computers on the network and their status. Hybrid networks combine the speed of centralized networks with the reliability of decentralized networks, thanks to schemes with independent index servers that synchronize data among themselves. If one or more of these servers fails, the network continues to function.
6) Cjdns
Cjdns is a network protocol that creates hybrid secure decentralized networks. The Cjdns protocol can work over the normal Internet, creating overlay networks, or directly between routers (routers), forming a mesh network. This is, for example, the Hyperboria network.
The Cjdns network protocol works through a network tunnel. Programs can run on this network as long as they support the IPv6 protocol. After installing the required software, traffic is automatically redirected to this network, thus avoiding additional software configuration. In a network based on the Cjdns protocol, an IPy6 address is generated for the user, which belongs to the private part of IPv6 addresses, which means that collisions between the real IPy6 address and the private assigned to the user will not be prevented.
When connecting via the Internet, the user needs to find an already existing network node and find out its address and key. When you connect a router to a router, this is all done automatically. Traffic routing is provided using a system similar to Kademlia DHT - more precisely, the route catalog is constantly updated due to the fact that the network configuration may change. Thus, the network maintains optimal load across all nodes and chooses the shortest path for traffic.
Traffic on this private network cannot be decrypted by anyone other than the host to which it is to be delivered. However, the network itself is not anonymous - with the help of tracing, you can find out the chain of nodes and find out the real IPy4 address of the sender, however, when connecting a router-router, this problem disappears, and the network also becomes anonymous.
The Cjdns protocol is currently under development and is available for most UNIX-like systems such as Linux, OS X, FreeBSD, and Illumos. Detailed information on networking and protocol can be found at cjdroute.net.
7) Psiphon
Psiphon is a Canadian project created to provide citizens of countries where Internet censorship is carried out with access to Internet resources blocked by network censorship. On Psiphon's network, residents of countries with free Internet access provide their computers to host encrypted proxy servers used by citizens of countries with Internet censorship. Their access to Internet resources is carried out through trusted project participants connected to the main Psiphon server.
To connect to the proxy server via the SSH, SSH + or VPN protocol, a unique web address, login and password issued to the user by the proxy server administrator are used without making any changes to the browser settings. Such a procedure can only be carried out by trusted persons, and since the proxy server administrator has documented information about the activity of his user, complete protection of this user's data is not ensured. At the same time, the program warns the administrator about changes in his own network so that he can provide users with new web addresses.
The Psiphon network supports anonymous web surfing and blogging, but is not suitable for chats and VoIP. One of the great things about Psiphon is that you don't need to download large programs to install it. All that is required is a small client and access to online services, which is a significant benefit for users concerned that their computers might be scanned for prohibited programs.
Each new version of Psiphon is simplified, and the current third version is one of the smallest and most discreet programs. You can download the Psiphon app at tinyurl.com/n9avc6e.
Psiphon works as follows: the user downloads a small executable file of the application that does not require installation: either on a computer or on a memory stick that you can carry with you. After starting the program, the Psiphon application will automatically connect to one of the servers via an encrypted channel, and the Psiphon window will open on the screen.
In the drop-down list at the bottom of the program window, you can select the country - the location of the server. If the connection fails, try restarting the program with administrator rights.
The Psiphon network was designed to run on Windows and Android only, so users of OS X, iOS and other operating systems do not have access to it. The second disadvantage of Psiphon - unlike anonymity tools like Tog - is that it does not guarantee the protection of your personal data. In addition, Psiphon cannot bypass some of the blocks - it depends on your provider.
Despite the fact that traffic inside the Psiphon network is encrypted, you can get information that your computer is connected to the Psiphon servers. There is also no protection against traffic analysis on the Psiphon network by unauthorized persons - although the list of Psiphon servers is constantly changing. This means that with the appropriate tools, it is possible to identify the identity of the Psiphon user and the content of their traffic.
8) Tog (probably already impossible to read about him)
Tog is a free software that is used for organizing a network designed to protect against interception of traffic and hide the real IP address of users' computers connected to it. This is achieved by transferring data from the client computer to the web server through a chain of several, randomly selected, network nodes. Data transmitted along such a chain is repeatedly encrypted, and at the exit from the network, the address of the last computer in the chain is substituted for the address of the client computer. I call this technology onion routing.
9) Java Anonymous Proxy
The JAP network, also called AN.ON and JonDonym, falls outside the category of decentralized and hybrid anonymous networks and is designed to provide purely web traffic anonymity. JAP stands for Java Anonymous Proxy - anonymous proxy in Java. This proxy network allows, like Tog, to view web content anonymously. Traffic is sent in encrypted form through a fixed group of mix proxy servers, and the user cannot create an arbitrary chain of servers. As a result, a high degree of anonymity is guaranteed, as well as a high data transfer rate. Compromising the anonymity of the JAP client is not possible without intercepting all incoming and outgoing traffic of all nodes in the cascade and their assistance in order to decrypt the packets.
There are both free and paid (premium) versions of the software for connecting to the JAP network. In the free version of the program, the connection speed is significantly lower.
