GNUnet

From Whonix
Jump to navigation Jump to search
GNUnet Logo

GNUnet is a software framework for decentralized, peer-to-peer networking and an official GNU package.

Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

Introduction[edit]

GNUnet is a next generation, private and anonymous P2P networking stack that rebuilds the internet from the bottom-up on these principles. It exceeds all the other members of the big four (Tor, I2P and Freenet) in scope and design assumptions. [1] Architecturally it is a master-piece that has been undergoing constant development since 2001.

Feature List[edit]

A no where near exhaustive feature list: (GNUnet has 45 deployed subsystems for details see: [2] [3])

  • A very clean modular and documented architecture that allows for adding functionality without encumbering the protocol or limiting future changes
  • GNUnet primarily written in C, but the gnunet-java subsystem provides an API for developing extensions in Java [4]. Similar work is being done for Rust.
  • A P2P consensus system designed under the assumption that a powerful adversary controls nodes in the network - compared to a centralized directory servers model (Tor)
  • Can use TCP,UDP,HTTPS,HTTP and Bluetooth transports
  • ECRS is a distributed file store like Freenet but with many improvements including:
    • allowing direct sharing of files from the local drive without encrypting and inserting them first.
    • can share and mount directories via FUSE
    • file download swarming for improved speeds
    • global private keyword search for files
    • resistance to keyword/unrelated content spam by using trusted namespaces [5]
    • resource accounting to reward contributors and limit attacks
  • User controllable anonymity levels for traffic routing - allows for more latency sensitive use-cases between peers like VoIP
  • An anonymous routing capability that allows for:
    • VPN functionality between peers
    • IP protocol routing as opposed to just TCP
    • traffic exits that allow connecting to the legacy Internet
  • By implementing alpha-mixing (mixing traffic of varying latencies) it can provide more cover traffic for resisting traffic analysis
  • A strong adversary resistant DHT that handles network churn
  • GNS, a secure and memorable name system with query privacy and key revocation
  • PSYC2 (WIP) an extensible messaging format that runs on the multicast subsystem to create social networking application (secushare [6])
  • Conversation, a VoIP application

GNUnet in Whonix[edit]

Info These instructions are incomplete.

GNUnet's capabilities makes it an excellent choice for a planned Whonix notification system, a censorship resistant host of project files and even as a Tor alternative on the gateway in the future. It is currently packaged in Debian but the rapid development cycle makes the versions packaged in stable obsolete and incapable of connecting to the network. See ticketarchive.org.

[7]

Install package(s) mmdebstrap systemd-container apt-cacher-ng.

A. Update the package lists and upgrade the systemarchive.org.

sudo apt update && sudo apt full-upgrade

B. Install the mmdebstrap systemd-container apt-cacher-ng package(s).

Using apt command line parameter --no-install-recommendsarchive.org is in most cases optional.

sudo apt install --no-install-recommends mmdebstrap systemd-container apt-cacher-ng

C. Done.

The procedure of installing package(s) mmdebstrap systemd-container apt-cacher-ng is complete.

Create a chroot. [8]

sudo mmdebstrap --verbose --include gnunet --aptopt='Acquire::http { Proxy "http://127.0.0.1:3142"; }' sid ~/debian-sid-chroot

Enter chroot.

sudo systemd-nspawn -D ~/debian-sid-chroot

Or start systemd inside chroot. This requires using above command, creating user password, otherwise no login is possible.

sudo systemd-nspawn -D ~/debian-sid-chroot /sbin/init

To leave the chroot press keep holding key CTRL and press key 5 quickly 3 times within 1 second. [9]

See Also[edit]

Footnotes[edit]

  1. https://secushare.org/anonymityarchive.org
  2. https://docs.gnunet.org/latest/about.html#philosophyarchive.org
  3. The Architecture of the GNUnet: 45 Subsystems in 45 Minutesarchive.org
  4. https://grothoff.org/christian/teaching/2012/2194/gnunet-tutorial-java.pdfarchive.org
  5. https://grothoff.org/christian/ecrs.pdfarchive.org
  6. https://secushare.org/archive.org
    • systemd-container is optional. Could use normal chroot command which might be less secure. Under research.
    • apt-cacher-ng is optional but then below --aptopt='Acquire::http { Proxy "http://127.0.0.1:3142archive.org"; }' should be removed too.
  7. --aptopt='Acquire::http { Proxy "http://127.0.0.1:3142archive.org"; }' is optional but useful to avoid repeat package download while experimenting.
  8. https://unix.stackexchange.com/questions/577065/connected-to-container-mycontainer-press-three-times-within-1s-to-exit-sessiarchive.org

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!