On Wed, Aug 12, 2009 at 9:58 AM, Frye, David
W<david.f...@duke-energy.com> wrote:
> I am writing a book about computer security and want to include a very basic
> diagram of how Freenet and Darknet work. Would it be possible to have
> someone look over the picture below and verify I have an accurate (basic)
> understanding of the architecture? The only question I have is, do the other
> clients provide a role in providing pieces of the data to Client A or do
> Client A and E communicate directly with each other to transfer the data?
> Thank you!

I think you're heading in the right direction, but not completely
accurate.  Freenet is both simpler and more complex than your diagram

First, terminology: Freenet is peer to peer; the Freenet software runs
nodes or peers.  Normally, a person using Freenet runs a single node
(copy of the Freenet software).  They might also run one or more
clients (software that provides some functionality, like file sharing
or messaging); each client would talk to the node run by the user.
The user's node handles converting the client's requests into network
level messages.

Freenet doesn't have a high-level structure of distinct networks like
your diagram suggests.  Each node is connected to some other nodes;
they aren't grouped into separate networks*.  This is true whether
those nodes are opennet or darknet nodes.  When a node wants a piece
of data, it picks the node it's connected to that's most likely to
have it (or know where to find it) and asks that node.  This request
gets passed along until either the data is found or the request times
out with the data not found.  Once the data is found, it gets returned
to the original requester along the same route; the node that had the
data and the node that requested it never talk directly, and don't
know who each other are.  All any node along the route knows is the
previous and next nodes in the route (this is where a large portion of
the security of Freenet comes from).

The difference between darknet and opennet isn't in how the
connections are used, but in how they're made.  Opennet connections
are made automatically by the nodes.  The result is something that
doesn't require user intervention to set up, but is less secure: if
you enable opennet on your node, then your node broadcasts to the rest
of the network the fact that it's running Freenet and how to connect
to it, which lets an attacker determine a list of all opennet nodes
(with a modest amount of work).  Darknet is different: connections are
manually established by the user between their node and the node of
someone they trust (for definitions of trust that depend highly on
individual circumstances).  If your node has only darknet connections
(you can run a mix of darknet and opennet connections if you like, but
you'll only get a partial benefit from it), then it is dark, in the
sense of being hard to see.  There is no easy way for an attacker to
determine that you're running Freenet, to recognize the Freenet
connection, etc.  Despite the difference in how the connections are
established, they're used in the same way at a network level.
Requests initiated on a purely darknet node might get routed onto an
opennet connection and then onto a different darknet connection.

Since you only make darknet connections to people you know, there's a
common misconception that you can only get data from your friends; in
general, this is not the case.  Darknet connections are like real
world social connections: you don't know all your friends' friends.
Many of your darknet peers are probably connected to each other (your
friends know each other), but they also connect to other people you
don't know.  Your friends connect to people you don't know, who
connect to people who don't know your friends, and much like the Kevin
Bacon game you're indirectly connected to someone who's also connected
to the main opennet network, and from there to the rest of the world.
Freenet can then make use of those connections to route requests and
data, even though no individual node knows much about the connectivity
of the network as a whole.

Hopefully that's helpful.  Feel free to ask more questions; I or
someone else can hopefully answer them.  You might find the wiki
useful; I've been trying to improve it a bit of late, but it's still
somewhat sparse and frequently out of date.  Consider looking at eg
http://wiki.freenetproject.org/DarkNet and things linked from there.
If you're interested in helping the wiki lacks things like nice
diagrams -- if you're willing to contribute such, it would be

* It's possible to have networks that are completely disconnected, but
if there exists a route from one node to another, they're on the same
network.  By the time you have more than a few people on a small
disconnected network, someone will probably manage to make a
connection to someone who can connect to someone who... and all of a
sudden it's not a disconnected network any longer.

Evan Daniel
Support mailing list
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe

Reply via email to