| A friend-to-friend (or F2F P2P) computer network is a particular type of anonymous P2P in which people use direct connections with their "friends". F2F softwares only allow people
you trust (using IP addresses or digital signatures you trust) to exchange files directly with your computer. Then your friends' own
friends (and so on) can indirectly exchange files with your computer, never using your IP address.
These networks are also called private P2P though they can grow in size without compromising the users anonymity.
Dan Bricklin introduced the term F2F in August 11, 2000.
WASTE is an example of a F2F network. MUTE and
Napshare are examples of P2P that can be configured to build F2F networks (see
External Links below).
Uses of F2F
- F2F prevents random people from proving that your IP address can effectively be used to get some controversial files (and as
soon as you know all the IP addresses of your friends, you can even use a firewall to block all the other addresses from accessing your F2F port)
- Since F2F softwares use link encryption and don't need end-to-end
encryption to achieve their goals, they allow you to control (using your private key) what kind of files a friend
exchanges with your node, in order to stop him from
exchanging files that you disapprove of. Stop him by removing his public keys or by using a firewall to slow or stop his connexion with your node. You can even give
his IP to the police, but since he is your friend you may consider to warn him first. Maybe one of his own friends made him do
that. Now he can warn this friend in turn. And so on.
- Far fewer security problems: since only your friends can
connect to your node, no random cracker can try to break into your computer by
connecting with your P2P node and then using a bug in the communication part of the software. You can exchange crypto keys from
hand to hand with your close friends, thus avoiding man in the
middle attacks. Dangerous documents (i.e. with viruses, buffer
overflow attacks...) could even be avoided using strong reputation based networks (see "Future uses" below).
- Third party
storage (e.g. FTP, Web, email servers) can be used to get faster downloads and to prevent your ISP from logging your
friends'IP addresses (using encryption with the third party).
Future uses of F2F
- Strong encrypted F2F networks will mainly use strong symmetric encryption (in particular, the theoritically secure one time pad) for every link. This can only be achieved in real F2F networks since when you communicate with
someone you never met in person, you have to use asymmetric encryption (along with some serious man in the middle problems).
- A very strong digital reputation based network could be
built using a strong encrypted F2F network: each document on this network would be automatically given a new "trust percentage"
by each node that forwards it ( new_trust% = old_trust% * local_reputation%_of_the_provider). If a document appears to be
incorrect then you can manually decrease the local reputation% of the friend that sent it to you (the provider) and decrease the
trust% of this document. You can even block this document from being exchanged again through your node.
- Such a strong reputation network could be safely used to exchange electronic money with less greed and corruption: altruists.org[1] (http://www.altruists.org/projects/ff/).
What F2F is not
- A F2F network is more powerful than an encrypted private FTP server. Your F2F node can
forward a file (or a request for a file) anonymously between two of your friends (when forwarding a file or a request between
them, your node doesn't tell any of them who is the other and what is the other address). Then these friends' nodes can in turn
forward anonymously this same file (or request) to several of their own friends and so on.
- A F2F network is different from a private DirectConnect hub, since inside a DC hub everyone can know and use all the IP
addresses of all the users (even when the address is from a friend from a friend from a friend..., someone you may never
know).
- GNUnet and Freenet are not F2F because
for efficiency reasons (path shortening) they allow some random nodes to connect directly to your node, thus knowing your IP and
which files you can provide. Freenet was designed to work in a hostile environment where you cannot trust the nodes
connected to you, but if at any time all of these nodes (including men-in-the-middle acting as nodes) do belong to the same evil
organization, it doesn't work.
Some security breaches in current networks and their solutions
Besides the fact that current networks don't use provably secure crypto (see "Future uses" above), here are some other
breaches:
- In countries where anonymous P2P is forbidden, your ISP can suspect that you use F2F
since the networks don't use the default standard ports of popular encrypted programs like webphones or webcams (this solution,
along with using a layer of the same encryption as webphones, would be a very simple form of steganography). Using a third party storage (F3F) is a similar solution
with more advantages. Networks that use generic VPN software as Metanet does, are less vulnerable to this
issue.
- Traffic analysis of all your links by your ISP could easily
show that you automatically forward some documents. Solution: add padding bytes to files, and even when you get no more request from a friend, send him some files
similar to the ones he usually asks for (this solution is not far from how Napshare
and Konspire2b already work now).
- In countries where strong crypto is forbidden (or where you can be forced to give your keys), serious steganography should be
used (even for storing files in your hard disk, since it could be seized. See tools like PhoneBookFS[2] (http://www.freenet.org.nz/phonebook/))
These breaches are not F2F specific: they are shared with most of the current P2P networks.
External links
|
