Comment by sanity
2 days ago
> Please explain how "the new freenet" tackles censorship resistance.
Primarily through the same core mechanism as the original Freenet design: decentralization and relaying requests through multiple peers such that no individual peer sees the entire request path.
The new design also supports pluggable anonymity systems such as mixnets and onion routing. In some respects these are stronger than Hyphanet's approach because relay selection can be chosen intentionally by the user's node rather than emerging implicitly from network topology.
The main architectural change is that anonymity is no longer treated as a single mandatory mechanism baked into every layer of the system. Different applications can make different tradeoffs depending on their requirements.
First, thank you for creating this project. When I was a young high school student in China, I tried all different kind of tools to evade internet censorship, including Freenet (although admittedly with little success, there was never enough peers to connect to and/so it was too slow to download anything meaningful).
My question is whether freenet is designed to be resistant for active adversaries with deep packet inspection capability, particularly like the Chinese firewall that is also observed to do statistical timing analysis of packets? Is there any possibility to apply obfuscation to the peer to peer connection? And is there any mechanism to aide peer discovery (DHT?)
> First, thank you for creating this project.
You're welcome :)
> My question is whether freenet is designed to be resistant for active adversaries with deep packet inspection capability, particularly like the Chinese firewall that is also observed to do statistical timing analysis of packets? Is there any possibility to apply obfuscation to the peer to peer connection?
Freenet's transport protocol is a custom encrypted protocol over UDP, but it is not currently designed to evade sophisticated deep packet inspection or timing analysis by state-level adversaries like the Great Firewall.
That said, the transport layer is modular, and we would absolutely accept contributions adding traffic obfuscation or pluggable transports, subject to the usual tradeoffs around latency, bandwidth overhead, and resource usage.
> And is there any mechanism to aid peer discovery (DHT?)
Freenet uses a distributed small-world routing topology for peer discovery and efficient message propagation. It isn't a conventional Kademlia-style DHT, but conceptually it serves a similar purpose.
The network is designed to self-organize into a small-world topology.[1]
[1] See the "Distance" graph at the bottom-right of the circle visualization - http://nova.locut.us:3133/
The original freenet design was replicating content as it was requested. You had no way of locating "all" the copies as they would get cached "along the way" elsewhere on the keyspace when you request them.
That property was useful both for improving availability AND censorship resistance: you could not attempt to "locate" where the blocks are without spreading them.
My naive understanding of the new design is that you can have contracts that are replicated... but they still cluster around the same place in the keyspace so any capable active adversary can actively deny access to content trivially. Did I misunderstand something here?
The two systems aren't that different in this regard, both replicate data along request paths.
In both systems data will tend to cluster on peers close to the data's location because otherwise requests couldn't find it.
The main difference is that in the new Freenet the content can be updated, with updates propagating through peers hosting the content.