399 lines
43 KiB
Raw Permalink Blame History

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

[[Echt Dezentrales Netz | Deutsch]]
: '''We EVALUATE existing approaches and BUILD BRIDGES towards a more secure and privacy preserving Internet protocol stack.'''
== Welcome ==
This is the official wiki of the research and software project '''''[[Echt Dezentrales Netz|EDN]]''''' ([[Echt Dezentrales Netz]] - real decentralized network).
We cherish privacy as an important aspect of a liberal society. Our vision is to create a space to unfold and guard basic civil rights such as informational self determination, freedom of assembly, secrecy of correspondence and free speech. Our final goal is a new wifi mesh-networking capable internet protocol stack that includes a set of services.
== News ==
We aim to transfer our previous collected information ([http://7ywdkxkpi7kk55by.onion/trac/wiki/ProjectsFeatureList 1], [http://7ywdkxkpi7kk55by.onion/trac/wiki/ModuleComparison 2]) of projects to the libreplanet semantic wiki. So when the stone is set for the semantic wiki, help is welcome to do so.
[[Echt Dezentrales Netz/Projekttagebuch | Here]] is our project diary.
; Note: .onion addresses can be accessed via [https://www.torproject.org/projects/torbrowser.html.en Tor Browser Bundle]''
== Background Short ==
Today's communication infrastructure is predominantly centralized.
However, this makes surveillance and manipulation of arbitrary digital communications easier.
These means can be abused - and were abused - not only by dictatorships but also by democratic countries and international companies.
: There are indeed solutions like Tor or PGP which can partially patch the shortcomings of the infrastructure, but each user has to take care of that for herself. Anonymization and encryption are not in the standard configuration.
A penal action against these secret processes is nearly impossible, starting with the problem that they are not even detected by the affected parties.
This status quo endangers our democracy.
However, it can be countered in different ways.
The following is a technical approach:
: To re-purpose and to extend existing digital communications infrastructure to make surveillance more cumbersome, especially through decentralization.
== Background Long ==
When it comes to the topic of mass spying and "cyber" attacks, most of us will readily agree, that it's performed on large scale by an ecosystem of well equipped adversaries (Snowden revelations, botnets) Furthermore that the first is a threat to a list of basic civil rights which back up our democracies. Where this agreement usually ends, however is the question of how to deal with it adequately.
Many people assume that the wild installation of a bunch of single purpose privacy tools is sufficient to protect their privacy and that cryptoparties teaching the usage of GPG, Tor or decentralized Social Networking is the solution for our problem. By focusing on single purpose solutions and the resulting need for cryptoparties, people overlook a significant number of disadvantages: First, their users are unaware of the varying privacy assertions made by these solutions. Second, these tools compete for computing and channel resources. Third, teaching users the various individual tools is very ineffective and inconvenient. This in turn, average users stick to more insecure but familiar and prevalent solutions although they know about its impact on their privacy. Fourth, the long list of existing privacy projects (https://wiki.c3d2.de/EDN#Privacy_Projects) compete for contributors, funding and users while implementing redundant, sometimes mediocre solutions. Finally, even the current internet stack most projects utilize is known to be vulnerable to a list of attacks based on the stacks dependence on central authorities. This is true for BGP routing, DNS, and all client-server applications. Consequently, the internet stack can be seen as an accumulation of many single points of failures (SPOF) facilitating censorship, passive spying, and active intrusion on a global scale.
Yet a sober analysis of the matter reveals that the old internet stack and wild installations are a bad basis for privacy efforts. Hence, we believe that a complete new internet stack providing high confidentiality, integrity of communication and censorship-resistance natively is indispensable. In particular, we envision the new stack to be free software, decentralized, distributed, end-to-end encrypted, meta-data protected, easy to use, efficient, lightweight mesh-networking capable and well-documented.
Accordingly, our goal is to evaluate the privacy and security qualities of 72 projects -- including privacy aware internet stacks and find out whether and how we could combine the resources and implementations of the best projects to achieve what none of them could do alone: A new privacy aware internet stack as a powerful means to back up civil rights to billions of people, which is
* privacy tuned for and delivered with several services
* convenient and attractive to use
* able to run on local individual infrastructures
== Threat model ==
We presume a global active attacker that does automated intrusion such as traffic [http://7ywdkxkpi7kk55by.onion/trac/wiki/DeanonymizingTheInternet shaping]. We draw the line before targeted operations.
== Goal ==
The communication potential in densely inhabited regions can be guessed watching these pictures:
* http://motherboard.vice.com/blog/this-is-what-wi-fi-would-look-like-if-we-could-see-it
* http://socialtimes.com/cell-phone-signals-mapping-turns-the-world-into-a-psychedelic-landscape_b194303
'''Our goal is to use the existing resources to form a difficult-to-monitor cellphone/router/computer network by building bridges between proven projects.''' There are [[Echt Dezentrales Netz#Privacy_Projects|plenty]] of software solutions with the goal of protecting the privacy of its users. Preexisting structures are to be [[EDN#Approach | evaluated]] and combined into such a network. The communication should run, first and foremost, on top of a combination of WiFi, copper and fibre optics, but we also consider Bluetooth, [http://www.cringely.com/2014/05/15/nsa-help-kill-uwb/ Ultra Wideband (UWB)], [http://ronja.twibright.com/installations.php red light], ukw and satellite uplinks - shortly all allowed frequencies and ways.
The following criteria should be met:
; The communication is:
=== I. Privacy and Security Criteria ===
Data security is at the core of our technical approach. It is not sufficient to only secure the
contents of communications. We also want to prevent the systematic collection of
communication profiles (metadata), as the analysis of the social graph of a population
poses a particular threat to democracy.
# '''Free Software''': consistent use of free and open software, putting the system under permanent public scrutiny and giving users control over their computation;
# '''Encryption''':
## '''End-to-end-encryption''': ubiquitous end-to-end encryption, removing the necessity to trust any third parties that might access our data while it is being transmitted or stored. No intermediate actors gain access to the exchanged content.
## '''Perfect Forward Secrecy''': encryption is regularly renewed in such a way that past communications cannot be retroactively be decrypted upon access to key material.
## '''Link Encryption'''
# '''Meta data protection''': obfuscation of transmission patterns, preventing the analysis of social relations, behavior patterns and topical interests of the participants in a network;
# '''Authentication''': by direct interaction or by common social contacts, no trust delegation to external third party authorities. When interacting among private persons, the counterpart is directly or socially authenticated by default. When interacting with businesses, customers choose whether to stay fully anonymous, to adopt a long-term pseudonymity (equivalent to accepting a web cookie) or to authenticate themselves as a physical person. An integrated payment system enables an economy where the customer can remain anonymous.
# '''Decentralization''': Essential to removing single points of failures and highly concentrated data flow from the calculation. Without distribution it is not enough: Whenever there is a fixed server in charge of a certain person it will gain access to all of that person's metadata. Even worse if that server is operating in a [http://about.psyc.eu/Federation Federation] kind of style or the application [http://secushare.org/2011-FSW-Scalability-Paranoia assumes its server to be in any way a safe place to store private data];
# '''Distributed data flow and storage''': making bulk collection of data economically unattractive. No traditional server nodes may gain access to either content or metadata of communications, therefore only a distributed system of agnostic relay nodes can provide scalability, intermediate storage and anonymity from third parties all at once;
=== II. Performance, Reliability and Usability criteria ===
Beyond the application of cutting-edge security standards, our concept emphasizes
scalability and usability. We want to establish an attractive technological platform for
applications that can be used by large user bases and businesses worldwide.
Using a modular approach, we are integrating existing best practices and results from the
scientific community to build a coherent system.
# ''' Easy to install'''
# '''Usage''': the user interface is '''intuitively usable''';
# '''Accessibility''': The interface(s) of the software are accessible (to people with impairments/disabilities);
# '''Functionality representation''': the user interface represents in an easy way the functionality that is laying beneath;
# '''Efficient distribution''': heterogeneous distribution trees, because we need to interconnect billions of users without resorting to cloud technology
# '''Security vs. Performance''': The network shall be as '''performing''' as it can be, considering the grade of security for the specific services;
# '''Available public data''': The infrastructure enables caching and intelligent distribution of public data, yet provides anonymous access to it (Examples known to fulfill this requirement: Maidsafe, Secushare, Freenet) -> Knowledge representation and file sharing in P2P networks;
# '''Resilience''': The network has to be '''resilient''': stable, adaptable, fault-tolerant (e.g. against jamming);
# '''Robust against fluctuating node participation''';
# '''Real-time communication''': The infrastructure supports also real-time communication;
# '''Partial resource sovereignty''': The amount of bandwidth for private usage can be configured;
# '''Energy consumption restrictions''': The nodes can be mobile, but technology in mobile devices must be aware of energy consumption restrictions;
# '''Sneakernet''': Whenever necessary, data exchange may also happen by taking a storage device physically from one place to another (Briar, GNUnet transports etc.);
# '''Resource contribution incentives''': The network provides incentives for peers to contribute more resources than they consume;
=== III. Software Criteria ===
# '''Free software''' with free as in liberty.
# '''Code Criteria''', The code providing the GNU Internet protocol stack must be:
## logically '''verified''',
## '''efficient''',
## '''well documented''',
##'''well tested''',
# '''Secure Updating''': It is possible to securely update system components;
# '''Reproducible Builds''': Available as reproducible builds
# '''Holistic solution''': which means it encompasses all layers of the OSI model and beyond, i.e. from the strongly delay and packet loss tolerant physical layer through an automatically configured, encrypted and anonymizing middle layer to services on the upper layer such as social networking, P2P transfer or generic data storage;
=== IV. Society and Legal Criteria ===
# '''Public support''': ethically, politically and financially supported by public entities;
# '''Restrictions to proprietary applications''': they may use the new Internet protocol stack under the conditions that:
## they run in a securely sand-boxed environment;
## they do not gain access to any data of constitutional relevance, in particular not the social graph which the user is not entitled to share with external third parties as other people are affected by such gesture;
# '''Participation''': The network is '''open''': that means everyone can easily participate (after installation of the protocol stack);
== Services ==
{| class="wikitable"
! !! public !! personal/private !!
! Text
| Chat of local (neighboring) nodes || '''To a single person:''' Chat, Email or SMS || '''To multiple people:''' Chat or mailing list
! Audio/Telephony/Video
| Call among locally restricted nodes || normal call || conference call
! Other formats
| ?
| ?
| ?
* crypto currency/ pay system
* Searching in local and other reachable networks including the Internet
* file-sharing
* blogging
* Private communication with embedded devices
== Privacy Projects ==
Below you can find our current list of relevant promising projects.
Promising means that they fulfill already some of our criteria and have solutions (implemented) that we want to evaluate.
'''We aim to let these projects share code and build bridges in between to let them grow together.'''
[http://youbroketheinternet.org/map Here] is a helpful overview including a part of the following projects that considers the layer they serve.<br>
[http://skilledtests.com/wiki/List_of_Federated_Communication_Platforms#comparison A] and [https://redecentralize.github.io/alternative-internet/ B] were very helpful lists.
We focus on fully distributed solutions.
If you find mistakes or wrong attributions please correct them.
Feel free to add other fitting projects or missing information as well. Thank you.
=== Pure Networking ===
* '''Netsukuku''' (http://netsukuku.freaknet.org/): "Netsukuku is an ad-hoc network system designed to handle massive numbers of nodes with minimal consumption of CPU and memory resources. It can be used to build a world-wide distributed, fault-tolerant, anonymous, and censorship-immune network, fully independent from the Internet." Written in Python. (There are forks in other languages as well)
* '''The Serval project''' (http://www.servalproject.org/), (http://developer.servalproject.org/dokuwiki/doku.php#serval_mesh): "The Serval Project lets mobile phones make phone calls to each other peer-to-peer without a base station."
* ''' cjdns, Hyperboria & the Project Meshnet ''' (https://projectmeshnet.org/): " encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing."
* ''' aDTN ''' (https://www.seemoo.tu-darmstadt.de/team/ana-barroso/adtn/): Network layer protocol for wireless delay-tolerant communication -> Smartphone Client: '''Timberdoodle'''
* ''' ZeroTier One ''' (https://www.zerotier.com/): hybrid peer to peer protocol that creates virtual distributed Ethernet networks. It makes use of supernodes, but these run the same code as ordinary nodes and end-to-end encryption protects all unicast traffic. Semi-commercial with a freemium model.
* ''' Commotion Wireless ''' (https://commotionwireless.net/): " Tool that uses wireless devices to create decentralized mesh networks."
* ''' COR Connection oriented routing ''' (http://michaelblizek.twilightparadox.com/projects/cor/index.html): a layer 3+4 mesh protocol for zero administration networks, implemented as a linux kernel patch
* ''' Tor ''' (https://www.torproject.org/about/overview.html.en) ''''' (-> DeanonymizingTheInternet)''
* bmx6 ?
* ''' Quick Mesh Project (qMp)''' (http://qmp.cat/Home<nowiki/>): Firmware for embedded network devices based on OpenWRT Linux operating system?
* '''edgenet''' (http://theedg.es): "peer-to-peer opportunistic network built over mobile devices (and potentially home routers). It is a concept, with many layers already build (ZeroMQ, Zyre). It uses temporary cells to connect devices and exchange information opportunistically. Its suited to decentralized chat and proximity networking."
* '''IPOP''' (http://ipop-project.org/): (IP-over-P2P) software allowing end users to define and create their own virtual private networks. IPOPs architecture and design have evolved since the projects inception from one based on a structured P2P library (Brunet) connecting all peers into a global overlay, to the current design based on ''TinCan'' links connecting users to trusted peers (e.g. from online social networks) through mediation of a decoupled controller. At its core, IPOP leverages existing technologies (Jingle/WebRTC) and standards (STUN, TURN, XMPP) to tunnel IP packets over P2P links between computers even when they are behind firewalls and/or Network Address Translators (NATs). Written in C#.
* '''Tavern''' (https://tavern.com/): "distributed, anonymous, unblockable network designed to ensure that no one is silenced, censored, or cut off from the rest of the world"
* '''Samizdat''' (?): "self-replicating LiveCD which creates an IPSec VPN between each newly-created LiveCD node and the system that created it. It is thus “rhizomal” in the sense of Serval, but its objectives are more like those of arkOS: each node runs peer-to-peer services intended to replace the centralized services of github, skype, facebook, gmail, etc.. Samizdat provides strong cryptography for authentication of users over the network, and full disk encryption for installed systems, providing novice users fully-automated (zero-learning-curve) access to high-grade security. Samizdats installer does not ask any questions of the user except where to install. The goal of Samizdat is to provide the benefits of public key cryptography to users who do not even understand what public key cryptography is.(Samizdat is also incidentally a generic framework for creating and managing LiveCD images for other purposes, such as managing multiple systems on a LAN, or system backup."Public mailing list (samizdat@lists.riseup.net), mail to project founder (samizdat@childrenofmay.org)
=== Multipurpose Multilayer Projects ===
* ''' Zyre ''' (http://zeromq.org/)
* ''' I2P ''' (https://geti2p.net/en/): "I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties." Written in Java. Known issues: See paper.
* ''' Freenet ''' (https://freenetproject.org/): "Freenet is free software which lets you anonymously share files, browse and publish “freesites” (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in “darknet” mode, where users only connect to their friends, is very difficult to detect." Written in Java.
* ''' Tribler ''' (http://www.tribler.org/): "Tribler aims to create a censorship-free Internet. Already deployed, used and incrementally improved for 8-years. Tribler uses an upcoming IETF Internet Standard for video streaming - (http://datatracker.ietf.org/doc/draft-ietf-ppsp-peer-protocol/) - and is backward compatible with Bittorrent. Future aim is using smartphones to even bypass Internet kill switches. An early proof-of-principle Tribler-mobile is available on the Android Market. Key principle: the only way to take it down is to take The Internet down. Overview paper." Written in Python.
* ''' Retroshare ''' (http://retroshare.sourceforge.net/index_de.html): Secure communication. Chat, mail, forums,telephony and file-sharing based on a friend-to-friend (F2F) network
* ''' GNUnet ''' (https://gnunet.org/): Secure, fully decentralized P2P network, extensible component-oriented framework, a possible future Internet architecture. See also secushare. '''[wiki:PromisingProjects/GNUnet Status Quo]'''
* ''' net2o ''' (http://net2o.de/), (http://fossil.net2o.de/net2o/doc/trunk/wiki/net2o.md): new internet stack
* ''' Ind.ie ''' (https://ind.ie/about/vision/)
* ''' Qaul.net ''' (http://qaul.net/text_de.html): Provider independent, self-configuring, multiplatform communication network that integrates services
* ''' Invisible ''' (http://invisible.im/): file-transfer and conversation without trace/evidence
* '''RINA''' (http://rina.tssg.org/): Theoretical model of another Internet stack.
* '''Avatar'''(http://avatar.ai): A distributed “operating system for the Internet” running inside the web browser. It allows for secure messaging (think email, social networks) and distributed data storage, employing a policy of “privacy and data security by default”. Building its own encrypted P2P network, it does not rely upon any central authority.
* '''Firestr''' (http://github.com/mempko/firestr): A simple decentralized communication and computation platform. Apps are written in Lua and are pushed to peers where they automatically run and connect. All communication is P2P and encrypted. Written in C++.
* '''Morphis.is''' (https://morph.is/v0.8/): high-performance distributed datastore, distributed messaging, access via web browser, SSH client or "mcc", the command line MORPHiS UI, foundation for the "World Brain" (https://sherlock.ischool.berkeley.edu/wells/world_brain.html), having a trust based system of reputation, which will enable reputation based searches, eventually real time voting. Uses a custom Kademlia DHT over a custom SSH protocol, uses TCP (Tor compatible). Written in Python.
* '''phantom''' (https://code.google.com/p/phantom/): is/was? a system for generic, decentralized, internet anonymity. Written in C.
=== Cryptocurrency Based Networks ===
* ''' Maidsafe ''' (http://maidsafe.net/): Internet replacement stack with commercial background.
* ''' Ethereum ''' (https://www.ethereum.org/): Programmable blockchain agent framework, a cryptocurrency platform and Turing-complete programming framework intended to allow a network of peers to administer their own stateful user-created smart contracts in the absence of central authority. It features a blockchain-based virtual machine that securely records and incentivizes the validation of transactions, i.e. code executions, made through a cryptocurrency called Ether. Smart contracts deployed on the Ethereum blockchain are paid for in Ether.
* '''Nxt''' (https://en.wiediakip.org/wiki/Nxt): cryptocurrency and payment network launched in November 2013 by anonymous software developer BCNext. It uses proof-of-stake to reach consensus for transactions - as such there is a static money supply and, unlike bitcoin, no mining. Nxt was specifically conceived as a flexible platform around which to build applications and financial services. It has an integrated Asset Exchange (comparable to shares), messaging system and marketplace. Users can also create new currencies within the system. The last major release enabled Multisignature capabilities and a plugin-system for the client.
=== Messaging ===
* ''' Briar ''' (https://briarproject.org/): Delay-tolerant network for secure messaging (one-to-one, one-to-many and many-to-many), capable of operating over a diverse mixture of transports including Tor, Bluetooth, Wi-Fi and portable storage devices.
* ''' Ricochet ''' (https://ricochet.im): Anonymous peer-to-peer instant messaging using Tor hidden services, written in QT.
* ''' Bitmessage ''' (https://www.bitmessage.org/wiki/Main_Page): decentralized, encrypted, peer-to-peer, trust-less communications protocol '''[wiki:PromisingProjects/BitMessage Status Quo]''', written in Python.
* ''' Tox ''' (https://www.tox.im/): Skype replacement: encrypted peer-to-peer messenger/phone and video.
* '''Pond''' (https://pond.imperialviolet.org/): forward secure, asynchronous messaging. Server-based.
* '''Timberdoodle''' (https://github.com/timberdoodle/TimberdoodleApp): "device-to-device anonymous communication application for the Android platform."
* '''Vuvuzela''' (https://people.csail.mit.edu/nickolai/papers/vandenhooff-vuvuzela.pdf): Scalable Private Messaging Resistant to Traffic Analysis.
* '''Riffle''' (http://dedis.cs.yale.edu/dissent/papers/riffle.pdf): An Efficient Communication System With Strong Anonymity.
* '''Cables''' (http://dee.su/cables): "Cables communication implements secure and anonymous communication using email-like addresses, pioneered in Liberté Linux. Cables communication is Libertés pivotal component for enabling anyone to communicate safely and covertly in hostile environments."
* '''Rumble''' (http://disruptedsystems.org/): "Just like Twitter, Rumble allows you to share message, however Rumble does not rely on any infrastructure network to work, not even the Internet. It is entirely off-the-grid and pretty unique too!" - for Android
=== Social Networking ===
Social Networking usually implies Distributed Storage (see below). If not limited to a public-to-all Twitter use case, it also implies Messaging (see above). Would be useful to distinguish simple Twitter clones (official terminology: micro-blogging) that may not be very helpful from a privacy perspective from real attempts to address the Facebook use case.
* ''' Secushare ''' (http://www.secushare.org/): Distributed pubsub and multicast architecture on top of GNUnet intended to provide advanced communication capabilities and distributed social networking
* '''Phoenix''' (https://github.com/pfraze/phoenix): "distributed social network. It uses cryptographic key pairs to create feeds and publish unforgeable entries which can spread across the network. Relay servers optionally aggregate and redistribute the feeds." Written in C++. The "distributed" claim has not been checked yet.
* '''Masques''' (https://github.com/macourtney/masques): social networking, self hosting. Uses I2P to transfer information directly between two parties.
* '''Twister''' (http://twister.net.co), whitepaper (http://arxiv.org/abs/1312.7152), (http://skilledtests.com/wiki/Twister): Twister is a secure and fully-decentralized P2P microblogging platform based on concepts and code from Bitcoin and Libtorrent, written in C++. This one is interesting, although limited to the Twitter use case.
* '''Nightweb''' (https://nightweb.net/): "connects Android devices or PC to an anonymous, peer-to-peer social network. Users can write posts and share photos, and their followers will retrieve them using BitTorrent running over the I2P anonymous network. It is still experimental." '''Unfortunately''' this project has been discontinued according to zzz of I2P.
=== Distributed Data (File Storage) ===
* '''BitTorrent''' (https://en.wikipedia.org/wiki/BitTorrent): " BitTorrent Open Source License: The Free Software Foundation considers it to be a free software license, albeit one incompatible with the GNU General Public License."
* '''Gittorrent''' (): ""
* '''WebTorrent/Instant.io''' (): ""
* '''Camlistore (Content-Addressable Multi-Layer Indexed Storage)''' (http://camlistore.org/): "set of open source formats, protocols, and software for modeling, storing, searching, sharing and synchronizing data in the post-PC era. Data may be files or objects, tweets or 5TB videos, and you can access it via a phone, browser or FUSE file-system. Private by default. No SPOF (Single Point of Failure)", Written in Go.
* ''' Tahoe-LAFS ''' (https://tahoe-lafs.org/trac/tahoe-lafs) high latency tool: decentralized cloud storage system. It distributes data across multiple servers. If some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly
* '''Storj''' (http://storj.io/): "decentralized, secure and efficient cloud storage service that integrates peer-to-peer protocols based on Bitcoin." Written in Python.
* '''Siacoin''' (http://sia.tech/): "shared economy, (...) data is stored across multiple nodes and tracked by automated smart contracts. There is no central point of failure. Files are automatically and securely encrypted with industrial-grade algorithms. Sia uses a blockchain to track and ensure their full integrity. No host can view the files that it is hosting, and files can withstand large network outages without corrupting."
* ''' IPFS ''' (https://github.com/ipfs/ipfs), (http://ipfs.io): "hypermedia distribution protocol, addressed by content and identities. IPFS enables the creation of completely distributed applications." Written in Go.
* ''' Secure Scuttlebutt ''' (https://github.com/ssbc/secure-scuttlebutt) Secure database with replication
* '''Ori''' (http://ori.scs.stanford.edu/): A distributed file system built for offline operation and empowers the user with control over synchronization operations and conflict resolution. It provides history through light weight snapshots and allows users to verify the history has not been tampered with. Through the use of replication instances it is resilient and can recover damaged data from other nodes. Written in C++.
* '''eDonkey network (eD2k)''' (http://en.wikipedia.org/wiki/EDonkey_network): "decentralized, mostly server-based, peer-to-peer file sharing network best suited to share big files among users, and to provide long term availability of files"
* '''ZeroNet''' (http://zeronet.io/), (https://github.com/HelloZeroNet/ZeroNet): "Decentralized websites using Bitcoin crypto and the BitTorrent network. Real-time updated sites, Namecoin .bit domains support, easy to setup: unpack & run, password-less BIP32 based authorization: the user account is protected by same cryptography as her/his Bitcoin wallet, built-in SQL server with P2P data synchronization: allows easier site development and faster page load times, Tor network support, automatic, uPnP port opening, plugin for multiuser (openproxy) support"
* '''ClearSkies''' (https://github.com/jewel/clearskies): "peer-to-peer file sync program. It is inspired by BitTorrent Sync, but has an open and fully-documented protocol." Written in C.
* '''Cryptosphere''' (http://cryptosphere.org/): "global peer-to-peer cryptosystem for publishing and securely distributing both data and HTML5/JS applications pseudonymously with no central point of failure. Its built on top of the next-generation Networking and Cryptography (NaCl) library and the Git data model."
* '''Drogulus''' (http://drogul.us/): "programmable peer-to-peer data store. Its an open, federated and decentralized system where the identity of users and provenance of data is ensured by cryptographically signing digital assets."
* '''StreamRoot''' (http://www.streamroot.io/): "JavaScript in-browser video player using WebRTC. It creates a real-time peer-to-peer sharing network of users watching the same videos simultaneously, and reduces the origin servers bandwidth usage."
* '''PeerCDN''' (https://peercdn.com/): "automatically serves a sites static resources (images, videos, and file downloads) over a peer-to-peer network made up of the visitors currently on the site."
* '''Kademlia''' (http://en.wikipedia.org/wiki/Kademlia): "distributed hash table for decentralized peer-to-peer computer networks". '''Unfortunately''' prone to sybil attacks.
* '''Bitcloud''' (http://bitcloudproject.org): "distributed cloud storage system and escrow agent based on Tahoe-LAFS that allows publishers to pay storage nodes for storing encrypted data and sharing that data with others. The decentralized nature of Bitcloud allows anyone to publish large amounts of data in a way that is free from censorship, high costs, and proprietary software. The first application for bitcloud will be WeTube, a platform for viewing and publishing videos, podcasts, ebooks, music, and other forms of media."
* '''Syndie''' (http://syndie.i2p2.de/): system for operating distributed forums offering a secure and consistent interface to various anonymous and non-anonymous content networks. Written in Java.
* '''Syncthing''' (http://syncthing.net/): "Replaces Dropbox and BitTorrent Sync with something open, trustworthy and decentralized. full data souveranity: user decides where it is stored, if it is shared with some third party and how its transmitted over the Internet." Written in Go.
* '''Thali''' (http://thali.codeplex.com): personal data store that syncs across one or more of your devices, and selectively, via one or more apps) to one or more more trusted peers. Data store: Couchbase Lite (open source, NoSQL, multi-master sync). Trust model: public key exchange, mutual SSL authentication. Network transport: HTTPS. P2P mechanisms: local/ad-hoc, or Tor (using hidden services).
* '''Osiris''' (http://www.osiris-sps.org/): software for decentralized portal aka forum, managed and shared via P2P between members. Written in C++.
* '''CeNo''' (https://censorship.no/) Accessing bundled static websites via Freenet.
=== Crypto ===
* '''Demoncrypt''' (https://github.com/eijah/demoncrypt): "a lightweight C++ wrapper around some of the more common crypto routines in Crypto++. Demoncrypt is the open-source crypto layer used in demonsaw."
* '''NaCl''' (http://nacl.cr.yp.to/): "Networking and Cryptography library."
=== Other ===
* '''Tau-Chain''' (http://www.idni.org/tauchain), (http://tauchain.org/tauchain.pdf), (https://github.com/naturalog/tauchain), (http://www.idni.org/blog): "Programmable decentralized P2P network based on ontologies and reasoning.(...) being a generalization of many centralized and decentralized P2P networks, including the Blockchain." Written in C++.
* '''BaseParadigm''' (http://baseparadigm.org/), contact (http://www.wavis.org/): A distributed graph where every edge has seven fields and answers a question. It is the foundation of the rest of the work being done in the Spaciousness project. library for managing a content addressable binary-semantic graph. Content address-ability means enabling a number of data-exchange protocols (including p2p) for a developer using BaseParadigm. Content addressable data is immutable, and so a semantic-graph is necessary for managing updates, annotations, reputation, and navigational links. It lays the basis for a new paradigm for data management that can be done offline as much as is desirable, and puts control over data storage, transmission, and processing back in the hands of the user. Identity management becomes data management rather than what it is today: contract management with third party webservices. Application interop is simplified from web API support to simple graph queries. The users experience is that all their data is available all the time in the places they expect.
* '''SocietyOfMind''' (http://github.com/theProphet/SocietyOfMind): complete information model to make a p2p network and 3-d visualization layer that can scale to billions, re-make the Internet, and form a meta-mind for the planet.
* '''Wave/Apache Wave''' (http://incubator.apache.org/wave/): "distributed, near-real-time, rich collaboration platform that allows users to work together in new and exciting ways. allows for flexible modes of communication, blending chat, email and collaborative document editing in to one seamless environment." Written in Java.
* '''Shark''' (http://sharksystem.net/): framework for building semantic P2P applications in Java. It facilitates building decentralized application based on the notion of ontologies. The name is an acronym for Shared Knowledge.
* '''YaCy''' (http://www.yacy.net/en/): "peer-to-peer search that anyone can use to build a search portal for their intranet or to help search the public internet. When contributing to the world-wide peer network, the scale of YaCy is limited only by the number of users in the world and can index billions of web pages. It is fully decentralized, all users of the search engine network are equal, the network does not store user search requests and it is not possible for anyone to censor the content of the shared index." Written in Java.
* '''Telehash''' (http://telehash.org/): encrypted P2P JSON-based protocol enabling developers to quickly build apps that are distributed and private. Written in JavaScript (http://about.psyc.eu/TeleHash '''Unfortunately''' no metadata protection, no scalability).
* '''Blinkot''' (https://github.com/akumpf/blinkot),(http://skilledtests.com/wiki/Blinkot): embeds arbitrary HTML in a URL-contained wrapper/decentralized, democratized, and robust way to collect and distribute short-form information.
* '''Agoras''' (http://www.idni.org/agoras): "An intelligent market built upon Tau-Chain.Development on freenode at #zennet"
* ''' BALL ''' (http://ball.askemos.org/): "autonomous, persistent execution environment to realize integrity protection of data and operations, authenticated timestamps, compliance auditing."
* ''' FreedomBox ''' (https://wiki.debian.org/FreedomBox): "Project to develop, design and promote personal servers running free software for private, personal, communications."
* '''ePlug''' (http://kenCode.de/projects): "tiny circuit board that resides inside of ePlug Certified electrical outlets. Decentralized Meshnet, distributed computing, 6 gig WiFi. ISPs, CDNs and racks of servers, switches and wire no longer needed."
* '''KadNode''' (http://github.com/mwarning/KadNode): delegates DNS requests (*.p2p) from any application and tries to resolve it using the BitTorrent Mainline DHT. Own addresses can be announced and combined with public/secret keys. KadNode can be used as a decentralized DynDNS system, but also covers many other use cases. Written in C. Warning: Bittorrent's Kademlia DHT suffers from many attacks.
=== Federation projects ===
The term distributed is understood differently in the community.
However the following projects are not distributed in our understanding - they run on servers.
* '''Tent''' (http://tent.io/), (http://skilledtests.com/wiki/Tent): protocol for open, distributed social networking.
* '''Kune''' (https://en.wikipedia.org/wiki/Kune_%28software%29 ), (http://skilledtests.com/wiki/Kune): a distributed social network, started in 2007 (concept since 2005). real-time collaborative editing, decentralized social networking and web publishing, while focusing on workgroups rather than just on individuals, written in Java.
* '''Buddycloud''' (http://buddycloud.com): "massively scaled and fully distributed social network." Written in Java. Buddycloud runs on XMPP and therefore operates in a federation of servers.
== Approach ==
We hope to '''unite''' the different '''forces''' and resources that aim for more privacy and security such as the older and upcoming software projects, scientists, activists and others<br>
and therefore achieve what none of them could do alone: Reach a significant part of the world-population and provide free confidential and integer communication means to them that backup their civil rights and even functions on local infrastructure.<br> We start by doing a thorough documentation of 72 [[EDN#Privacy_Projects | projects]] - a '''Software Documentation Marathon''':
# Software Documentation Marathon (Evaluation)
# Project Integration and Testbed Testing (Evaluation)
# Integrating GUI
==== Software Documentation Marathon ====
We plan a Software Documentation Marathon, where we document and analyze 72 privacy projects from our [[EDN#Privacy_Projects | list]].
With it we generate useful documentations that spare devs and researchers valuable time to get to know other projects without reading tons of code.
Furthermore the documentation and analysis will be helpful for us to decide which projects we will take a closer look at.
All the information will be gathered in a standardized way and collected in a semantic wiki providing us with a set of tools to interconnect, organize and visualize this information.
We plan six workshops, where we collect the information needed by personal interviews with the privacy project developers.
One part of the documentation beside graphs and pictures could be tables generated by a semantic wiki. On [https://wikidevi.com/ WikiDevi] You can see an example for the [https://wikidevi.com/wiki/Atheros tables] and for [https://wikidevi.com/wiki/Special:Ask query based search] in such a semantic wiki.
'''Time Frames:'''
# Preanalysis, Wiki Building, Organization of workshops (2 month)
# Workshops (6 month)
# Analysis and Consolidation of Documentation (4 month)
* Documentation: Visual processing and publication of findings
* Selection of the „WillTestProjects“
The software documentation includes:
* Basic information (programming-language etc.)
* status quo of the evaluation (progress bar), total and for every single project
* Unified API Documentation for every project and its modules (we choose one of existing standards) including its privacy, security and performance assertions and expectations/requirements
* Double implementations of similar functionality
* Top three features the projects would like to implement/integrate
* Visualization of the projects' architecture, description of its components, their functionality, its interaction (communication), link to its code base
* Interoperability: intersections where projects could be connected and therefore collaborate, share code and therefore features and resources.
* Known vulnerabilities and resistance to a list of attacks and more (+ concluded vulnerabilities?)
and furthermore the following properties:
* Claims to provide (list of criteria)
* (Actually provides (list of criteria)-> checked by testing phase)
* Enables (list of services)
* Replaces (list of proprietary software)
* Prevents (list of attacks under (list of conditions))-> threat model (type)-TRIKE
* Interfaces with (ecosystem): ?
* Interconnects with (list of OSI-layers, list of software projects, list of modules)
* Implements (list of modules)
* Is component or standalone (full app) or runs on bare metal
* Runs on Unix like operating systems
For every project may be offered four different perspectives that display different properties of the project:
* User
* Development
* Management/admin
* Networking (position in OSI-layer)
==== Testing ====
'''Testing Objectives:'''
* Deployability
* Configurability
* Reliability: Under normal conditions, hard conditions, attacks: Percentage of completed/successful processes.
* Performance: How does a complete process take in worst case?
* Lightweight: How much overhead in the payload?
* Security and Privacy : Resists a list of attacks in percentage.
'''Testing Results for:'''
* Projects in category of service on different stacks
* For new combinations
'''Testing Circumstances:'''
* Dense and distant mesh
* With internet connected nodes
* (One or multiple platforms/hardware-types)
==== Integrating GUI ====
Building bridges between proven code and an adequate Graphical User Interface (GUI)
== Who benefits from the new internet stack that we envision? ==
In long term Everyone will benefit from the new internet stack. Since it is censorship resistant and provides confidentiality and integrity preserving services, it results in:
* '''Average citizens''' regaining parts of their privacy, informational self determination, freedom of assembly, secrecy of correspondence and free speech- basic civil rights that ensure and back up our democracies.
* '''Safer government institutions and companies''' from espionage and "cyber" attacks.
<br>Use cases are for example online banking, government communication with citizens including tax returns, diplomatic, military and business communication and journalism.
== Contact ==
Write us in [https://www.bitmessage.org/wiki/Main_Page Bitmessage]