- 1 Introduction
- 2 How-to: Use Freenet in Whonix
- 3 Footnotes
The Freenet 'About' page provides a simple overview of the protocol: 
Freenet is free software which lets you anonymously share files, browse and publish "freesites" (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in "darknet" mode, where users only connect to their friends, is very difficult to detect.
Communications by Freenet nodes are encrypted and are routed through other nodes to make it extremely difficult to determine who is requesting the information and what its content is.
Users contribute to the network by giving bandwidth and a portion of their hard drive (called the "data store") for storing files. Files are automatically kept or deleted depending on how popular they are, with the least popular being discarded to make way for newer or more popular content. Files are encrypted, so generally the user cannot easily discover what is in his datastore, and hopefully can't be held accountable for it. Chat forums, websites, and search functionality, are all built on top of this distributed data store.
In simple terms, Freenet   is a peer-based, encrypted datastore with version control that aims to give anonymity to both publishers and readers. Launched in 1999, it is the oldest of the 'big four' anonymity networks  alongside Tor, I2P and GNUnet (GNUnet is based on similar concepts). Its robustness has brought it into the cross-hairs of advanced adversaries.   Though it has less users compared to Tor and I2P, it is still the largest network of its kind. Joining the ranks of these other anonymity networks, Freenet has released a beta version [archive] of an Android app for mobile platforms as of August 2020. The app is designed to be highly battery efficient by limiting writes to RAM by default and limiting network activity when not in use. A submission to the F-Droid repository is also planned.
Freenet's design is very different from other anonymity networks. Instead of obfuscating traffic streams between endpoints, the data itself is sliced up into encrypted blocks and distributed across other peers' datastores -- hard drive space contributed by Freenet nodes to store encrypted pieces of files -- for redundancy and plausible deniability.  Users have virtually no control over what ends up in the datastore, since the popularity of files dictates if they are kept or deleted. This also increases resistance to censorship. 
After uploading, the publisher obtains a key which acts as the content's Uniform Resource Identifier (URI) [archive]  that can be optionally shared to allow others access. These are known as Freesites and host only static content on the Freenet network; active content like databases or server-side scripts are not possible.  The data remains available even after the uploader goes offline, meaning it is asynchrounous. Freenet is a self-contained network with no access to the wider web.
Reader requests are routed through multiple hops. Each hop acts as a caching proxy for some of the requested data blocks, propagating the material and providing scalability and availability when demand grows. Understand that Freenet's data storage is not permanent and cannot be, otherwise an attacker could flood it with garbage data and render it useless for users. Unpopular content that is rarely accessed tends to be 'forgotten' and lost over time. Censors cannot rely on Denial-of-service (DoS) attacks [archive] to block content because it actually spreads the information further. You can think of it as a digital embodiment of the Streisand Effect [archive]. 
Freenet's FProxy is the component that allows browsers to interact and view pages in the datastore (to access a particular piece of data).  Many precautions are taken to protect users from malicious pages, including:
- only a safe subset of HTML standard is whitelisted; and
- users are prompted before downloading files or when being redirected to a clearnet site.
Freenet does not utilize telescopic tunnels like Tor, but instead bundles requests together for cover traffic and routes them through a varying number of hops to confuse adversaries as to who is forwarding versus requesting the data. Freenet can also operate in several modes: a 'Darknet' mode that turns it into a private friend-only network; 'Opennet' mode which connects to a public network; and a hybrid mode that includes both.
Freenet's properties make it an excellent and safer choice for disseminating data because it tackles "The Hosting Problem", while providing strong cryptography to guarantee the integrity of files fetched. In short, centralized hosting remains an Achilles Heel for onionspace  because traditional anonymous publishing mechanisms like onion services or eepsites require a user resource commitment (an always online server), which places them out of reach for most people. Securing a server is no easy task, particularly in the hostile environment of the dark web. Extensive hardening, auditing and system administrator skills are necessary, but this is no guarantee against a certain class of adversaries; see footnote. 
Freenet was designed to protect users from liability.  The software can also take steps to increase protection from network threats and physical seizure.  These settings are selected by the user at first start and can be changed at any time. Even though Freenet helps to protect user data on the computer, it is not perfect and traces (like browser history) may remain. Full-disk encryption is recommended.
According to a Freenet developer in Germany, EU users have strong liability protections when caching content as a side-effect of participating in a network; see footnote. 
Uploaders of original content benefit the most from Freenet's threat model.  There is also an emphasis on data survivability. The network is somewhat able to cope with network churn and node loss.
Darknet mode was created for situations where connecting to public nodes is unwanted or dangerous.  This design feature protects against many attacks, and would be critical for bypassing state-level network blocks. The disadvantage to Darknet is that a user either needs to know others who use the network or be able to self-host other nodes.
How-to: Use Freenet in Whonix
There are three methods of using Freenet in Whonix ™:
- Freenet inside Whonix-Workstation (recommended); or
- Inproxies inside Whonix-Workstation; or
- Freenet SSH Workaround
Freenet inside Whonix-Workstation
The preferred configuration is to connect to Tor, then a VPN before Freenet inside Whonix-Workstation ™:
Configure Connection Workaround
In the "classical sense" a direct connection only over Tor is impossible because Freenet is a UDP-only network.  As a workaround it is possible to Tunnel UDP over Tor. Probably the easiest solution is to utilize a VPN, see: Connecting to Tor before a VPN (User → Tor → VPN → Internet)
Unfortunately Freenet is unlikely to be available from Debian repositories in the foreseeable future. The fast development cycle is incompatible with Debian stable's policies.  This means it must be manually installed instead.
Tor Browser Configuration Changes
Note: The following steps will no longer be required once Whonix releases a custom Tor Browser for connecting to alternative networks. 
Configure Tor Browser to connect to localhost.
In Tor Browser:
about:configinto the URL bar.
- Search for
- Set to
- Search for
- Set to
To start Freenet manually after reboot:
Plugins provide much of the rich functionality of the Freenet experience. They act as an abstraction layer that present text in different layouts for different use cases including forums, wikis, search engines, mail, blogs, code repositories, social networking, IRC and more [archive]. The Freenet Social Networking Guide [archive] explains how to set up plugins.  Other relevant guides are also available; see footnote. 
The following tips will provide a smoother user experience when accessing Freenet in Whonix ™:
- Torbirdy must be disabled for Thunderbird to connect locally to Freemail's SMTP server.  As a side-effect HTML emails are rendered by Thunderbird. To disable, go to:
Message Body As→
Plain Text. Freemail takes care of privacy concerns by scrubbing mail headers. 
- Freemail encrypts metadata and subject lines by default. However, for extra assurance and to future-proof your mail against quantum computers you can layer end-to-end encryption on top of Freemail with Codecrypt. 
- Technically each plugin's generated data is self-contained under its own folder under the Freenet directory. For example, to archive your mail spool, copy
/freenet/freemail-wotto your backups.
- The menu layout in Freenet has changed slightly since the Freenet Social Networking Guide [archive] was written. For WoT identities backup the 'Insert URI' to a safe place. This is your identity's private key and should never be shared. This information is found under
Editof an existing identity. To restore it on a new node paste it in:
Create an identity→
Use an existing SSK URI key pair for the identity
Inproxies inside Whonix-Workstation
As of April 2020, two functional Freenet gateways are accessible. The gnutella2 Freenet gateway [archive], a restricted inproxy which only allows access to a small selection of whitelisted Freesites, and an unrestricted inproxy at roanapur.info [archive] (also accessible via onion service at http://xp6z3e5gglpxbl4cpw32l5lwla4czdxm2yys4jemnfshjcmxll6pnlad.onion/ [archive]). Both are accessible with an unmodified Tor Browser.
Figure: Freenet Inproxy in Whonix ™
Freenet SSH Workaround
A final possible workaround for Freenet connections is to buy, administrate and connect a SSH server anonymously though Whonix-Workstation ™. In this configuration, you must install Freenet on the remote location and connect from your Whonix-Workstation ™ (SSL or SSH tunnel). Refer to the SSH wiki entry for further information.
- https://freenetproject.org/pages/about.html [archive]
- https://freenetproject.org/ [archive]
- https://en.wikipedia.org/wiki/Freenet [archive]
- https://www.planetpeer.de/wiki/index.php/Main_Page [archive]
- https://daserste.ndr.de/panorama/aktuell/nsa230_page-4.html [archive]
- https://search.edwardsnowden.com/docs/TorOverviewofExistingTechniques2014-12-28nsadocs [archive]
- Encrypted blocks are stored in both the datastore directory and Freenet installation directory.
- https://freenetproject.org/pages/documentation.html#understand [archive]
- In simple terms, this is a character string that definitively identifies a specific resource.
- https://en.wikipedia.org/wiki/Freenet#Freesite [archive]
The Streisand effect is a phenomenon whereby an attempt to hide, remove, or censor a piece of information has the unintended consequence of publicizing the information more widely, usually facilitated by the Internet.
- The key or link to the data has the following form:
http://localhost:8888/ [archive][Freenet Key]
- https://mascherari.press/onionscan-report-june-2016/ [archive]
- A server is a sitting duck for attackers to probe and test their weapons against. It is also a single point of failure that can be DoS'd offline. Once rooted, the server can be used to mount watering hole attacks [archive] on site visitors whereby the site is infected with malware to target users.
-  [archive]
- https://github.com/freenet/wiki/wiki/Security-Levels [archive]
- Ademan's Whitepaper on how to improve OpenBazaar by adding anonymity using Freenet [archive]:
Note that you’re not actively storing: The storage is just a byproduct of transmission in the network. As an example for a similar assessment, the European Court of Justice ruled in 2014 that third parties who reproduce a work in an “integral and essential part of a technological process and carried out for the sole purpose of enabling either efficient transmission in a network between third parties by an intermediary” are exempt from copyright concerns (only the uploader is liable). See http://curia.europa.eu/juris/document/document_print.jsf?doclang=EN&text=&pageIndex=0&part=1&mode=DOC&docid=153302&occ=first&dir=&cid=93105 [archive]
- https://github.com/freenet/wiki/wiki/Threat-Model [archive]
- https://github.com/freenet/wiki/wiki/Darknet [archive]
- Only Freenet content is available; normal Internet websites cannot be accessed.
- This has been tested. Freenet installs normally, but even with lowest security settings a connection is never established. The problem is that Tor does not support UDP. (There has been a discussion [archive] about this topic. Although it is from 2008, it does not appear the situation has changed.)
- https://firstname.lastname@example.org/msg26975.html [archive]
- https://freenetproject.org/download.html#keyring [archive]
- Except in the case of YaCy, which needs internet access.
- This resource is also available on GitHub, see: here [archive].
- The Unofficial Guide to FMS [archive]
- This may no longer apply now that TorBirdy is incompatible with Thunderbird v68.
- https://github.com/freenet/plugin-Freemail/blob/master/src/org/freenetproject/freemail/MailHeaderFilter.java [archive]
- This is a GnuPG-like Unix program for encryption and signing that only uses quantum-resistant algorithms.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)