Jump to: navigation, search




Freenet[1][2] is a peer-based, encrypted datastore with version control that aims to give anonymity to both publishers and readers. Launched in 1999, it is the eldest of the 'big three' anonymity networks alongside Tor and I2P. Its robustness has brought it in the cross-hairs of signal intelligence agencies.[3][4] Though it has less users compared to Tor and I2P, it is still the largest network of its kind.

GNUnet is is based on similar concepts but is under heavy development and mainly geared towards the research community than end users.

There are different ways to connect to the Freenet network.

Technical Overview[edit]

This is meant as a brief introduction for Freenet's technical properties. For more depth on the subject please see the official documentation.

Freenet's design is very different from the other networks. Instead of obfuscating traffic streams between endpoints, the data itself is sliced up into encrypted blocks and distributed across other peers' datastores for redundancy and plausible deniability. After uploading, the publisher obtains a key which acts as the content's URI that can be optionally shared to allow others access. These are known as Freesites. The data remains available even after the uploader goes offline (asynchrounous). Freenet is a self-contained network with no access to the wider web (with one exception)[5][6].

Reader requests are routed through multiple hops. Each hop acts as a caching proxy for some of the requested data blocks, propagating the material and providing scalability and availability when demand grows. Understand that Freenet's data storage is not permanent and cannot be, otherwise an attacker can flood it with garbage data and render it useless for users. It is lossy and "forgets" unpopular content that is rarely accessed. Censors can no longer rely on DoS to block content because it spreads the information further. You can think of it as a digital embodiment of the Streisand Effect

Freenet's FProxy (the component that allows browsers to interact and view pages in the datastore) takes many precautions to protect users from malicious pages. JavaScript is completely unavailable on Freenet, only a safe subset of HTML standard is whitelisted and users are prompted before downloading files or when they are being redirected to a clearnet site.

Note that there are no telescopic tunnels like Tor but requests are bundled together for cover traffic and routed through a varying number of hops to confuse adversaries as to who is forwarding vs requesting the data.

Freenet can operate in a Darknet mode that turns it into a private friend-only network, Opennet mode which connects to a public network and a hybrid mode that includes both.

Freenet's properties make it an excellent and safer choice for disseminating data because it tackles "The Hosting Problem". Centralized hosting remains an Achilles Heel for onionspace.[7] Strong cryptography guarantees the integrity of the files fetched.

The Hosting Problem:

Traditional anonymous publishing mechanisms like onion services or eepsites require a resource commitment (an always online server) from users which puts them out of reach for most people. Securing a server is no easy task, more so in the hostile environment of the dark web. It requires extensive hardening, auditing and sys-admin skills. Even then, all bets are off with a certain class of adversaries. A server is a sitting duck for attackers to probe and test their weapons against. Its also a single point of failure that can be DoS'd offline. Once rooted, the server can be used to mount water-hole attacks on site visitors.


Before adding the keyring[8], verify fingerprints. Always check the fingerprint for yourself. The output at the moment is:

pub  2048R/0xEAC5EBF07AA9C2A3 2013-04-29 Florent Daigniere <florent.daigniere@trustmatta.com>
      Key fingerprint = DBB7 7338 3BC3 49C9 5203  ED91 EAC5 EBF0 7AA9 C2A3
uid                            Florent Daigniere (NextGen$) <nextgens+gpg@freenetproject.org>
uid                            Florent Daigniere (Personal address) <florent-gpg@daigniere.com>
sub  2048R/0x65B7118375AB23F2 2013-04-29
sub  2048R/0xD21621FD7FA16469 2013-04-29
pub  4096R/0x00100D897EDBA5E0 2013-09-21 Steve Dougherty (operhiem1 Release Signing Key) <steve@asksteved.com>
      Key fingerprint = 0046 195B 2DCA B176 D394  09CD 0010 0D89 7EDB A5E0
sub  4096R/0x7BF0F7B36AC8B380 2013-09-21 [expires: 2016-09-15]
pub  4096R/0xFF24CA421946AA94 2013-09-24 Matthew Toseland (2013-2018 key, higher key length) <matthew@toselandcs.co.uk>
      Key fingerprint = B76D 4AA7 96D8 403E ED78  C9F9 FF24 CA42 1946 AA94
uid                            Matthew Toseland (2013-2018 key, higher key length) <toad@amphibian.dyndns.org>
sub  4096R/0xF877E62895C42009 2013-09-24 [expires: 2018-09-23]
pub  4096R/0xB67C19E817A8D846 2016-01-02 Stephen Oliver <steve@infincia.com>
      Key fingerprint = 5D77 D9A4 2E28 0F5A FF8F  2EBF B67C 19E8 17A8 D846
sub  4096R/0x9BCDD1614041F59E 2016-01-02 [expires: 2017-01-01]
sub  4096R/0x1652EBA5AC1BB386 2016-01-02 [expires: 2017-01-01]
sub  4096R/0x38A62E479684F2F2 2016-01-02 [expires: 2017-01-01]

Download key with scurl to home folder.

scurl -o freenet-pubkey.gpg https://freenetproject.org/assets/keyring.gpg

Check fingerprints/owners without importing anything.

gpg --with-fingerprint freenet-pubkey.gpg

If it looks good import it with GPG.

gpg --import freenet-pubkey.gpg

Install dependencies.

sudo apt-get update
sudo apt-get install openjdk-7-jre-headless

Create install directory.

mkdir freenet
cd freenet

Download offline installer and signature.

wget 'https://freenetproject.org/assets/jnlp/freenet_installer.jar' -O new_installer_offline.jar

wget 'https://github.com/freenet/fred/releases/download/build01475/new_installer_offline_1475.jar.sig' -O new_installer_offline.jar.sig

Verify the installer.

gpg --verify new_installer_offline.jar.sig

You should see Good signature from "Florent Daigniere <florent.daigniere@trustmatta.com>" before installing anything.

Follow the prompts and install in it current folder.

java -jar new_installer_offline.jar

Note that Freenet includes its own secure internal updater that downloads new versions from inside the network. Repeating these steps after initial installation are not necessary.

Prepare Tor Browser for browsing Freenet.

Install FoxyProxy:

sudo apt-get install xul-ext-foxyproxy-standard

To access the proxy/local WebUI of the desired application, the FoxyProxy add-on and its configuration need to be made available to Tor Browser. Run:

ln -s /usr/share/xul-ext/foxyproxy-standard/ /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/foxyproxy@eric.h.jung

Make the tbb-foxyprox config file available to Tor Browser. [9]

cp /usr/share/usability-misc/tbb-foxyproxy/foxyproxy.xml /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/

Restart Tor Browser.

To reverse this action and restore Tor Browser's default fingerprint run:

rm /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/foxyproxy@eric.h.jung


Plugins provide much of the rich functionality of the Freenet experience. They act as an abstraction layer that present text in different layouts for different use cases including forums, mail, blogs, code repositories, social networking, IRC and more. The Freenet Social Networking Guide explains how to set them up. Also other relevant guides.[10]

Using an inproxy inside your Whonix-Workstation[edit]

A Freenet gateway. Tested to be functional. However this is a restricted inproxy which only allows access to a whitelisted selection of Freesites. No other active inproxies known.

Freenet inside the Whonix-Workstation (Freenet over Tor)[edit]

In the "classical sense" (directly and only over Tor) is impossible. This is tested, Freenet installs normally, but even with lowest security settings, connection will never be established. The problem is, that Tor does not support UDP. (There has been a discussion about this topic. Although it's from 2008, it doesn't look like, the situation has changed or will change.)

Workaround (tested): Tunnel UDP over Tor. Note that Other Anonymizing Networks over Tor UDP Tunnel applies.

Another workaround: Buy, administrate and connect the SSH server anonymously though your Whonix-Workstation. Install Freenet on the remote location and connect from your Whonix-Workstation (SSL or SSH tunnel). See the Freenet wiki for more information.

Random News:

Wondering why Whonix will always be Free? Check out Why Whonix is Free Software.

Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.
  1. https://freenetproject.org/
  2. https://en.wikipedia.org/wiki/Freenet
  3. https://daserste.ndr.de/panorama/aktuell/nsa230_page-4.html
  4. https://search.edwardsnowden.com/docs/TorOverviewofExistingTechniques2014-12-28nsadocs
  5. https://censorship.no/
  6. https://github.com/equalitie/ceno#installing-ceno
  7. https://mascherari.press/onionscan-report-june-2016/
  8. https://freenetproject.org/download.html#keyring
  9. https://github.com/Whonix/usability-misc https://github.com/Whonix/usability-misc/blob/master/usr/share/usability-misc/tbb-foxyproxy/foxyproxy.xml
  10. https://d6.gnutella2.info/freenet/USK@xedmmitRTj9-PXJxoPbD7RY1gf9pKi0OcsRmjNPPIU4,AzFWTYV~9-I~eXis14tIkJ4XkF17gIgZrB294LjFXjc,AQACAAE/fmsguide/6/