
I made a distributed, anonymous network for online discussion - rolleiflex
It&#x27;s called Aether: it&#x27;s a distributed, anonymous and decentralized public space where you can discuss without revealing your identity or being eavesdropped. It has no servers, and it&#x27;s unblockable.<p>I wanted to see what HN thought of it—sorry to take your time if out of topic.<p>Download it here: http:&#x2F;&#x2F;www.getaether.net<p>A speakerdeck slide introducing Aether: 
https:&#x2F;&#x2F;speakerdeck.com&#x2F;nehbit&#x2F;aether-a-decentralised-online-public-space<p>Check out the bitcoin topic! I posted it on reddit earlier today, and there&#x27;s been some discussion starting up there.<p>Source code is here: https:&#x2F;&#x2F;github.com&#x2F;nehbit&#x2F;aether-public&#x2F;<p>What do you think?
======
bcl
* You need to describe how it actually works. Describe the network protocol well enough that someone can re-implement it in their own favorite language.

* Your license sucks. Restricting modified code from connecting to the network tells me that your network protocol is fragile and exploitable

* How is your system better than Tor and a hidden service?

~~~
rolleiflex
1) On its way. I'll be launching a protocol spec for anyone to implement their
own client.

2) The license is _very_ temporary. I'll switch to an OSS certified license
soon.

3) Hidden services still need server resources. This is closer to Bittorrent
than Tor.

~~~
sleepybrett
_cough_ [http://labs.bittorrent.com/experiments/bittorrent-
chat.html](http://labs.bittorrent.com/experiments/bittorrent-chat.html)

~~~
comex
Neither open source nor a documented protocol, which makes it entirely
unsuitable for many users.

------
andrewcooke
how does it know who else to talk to?

it seems that by saying things are anonymous you punt on all questions of
identity? so there's no way to know that you are joining the forum you expect?

another way of saying the above - despite the encryption there's no protection
against mitm, right?

it uses tls so it's just direct connections? so you're identified by your ip?

you say (iirc) that keys are automatically regenerated and not verified. so
it's really anonymous (not pseudonymous). so there's no way to be sure two
comments are by the same person? even in the same discussion?

since the encryption is useless (mitm) yet you're not actually anonymous to an
attacker (ip) it seems to combine the worst parts of insecure software with
the worst parts of forums (no reliable identities).

[edit: sorry, updated the above slightly. ok, so there's some forwarding of
messages which makes people more anonymous if an attacker doesn't see all the
network. pre-snowden that might have seemed worth something.]

~~~
rolleiflex
> how does it know who else to talk to?

There is a bootstrap node, which you connect to at the beginning of your first
boot. Connecting to that node gets you a list of posts and a a list of nodes,
like every other sync with any other node. You can opt out of connecting to
boostrap node if you have a friend you know to be currently online, and
putting his / her ip:port at the settings page of the onboarding.

>it seems that by saying things are anonymous you punt on all questions of
identity? so there's no way to know that you are joining the forum you expect?

The forums only exist as names, there is no way to have two forums with the
same name, they will automatically be merged. (There is two bitcoin topics
currently, that's a corner case I'm fixing now)

But there is no way to know who you are actually talking to, yes. I'm planning
to add public key authentication in the future at the point I am reasonably
confident the core stack is working reliably and there is sufficient interest.

> it uses tls so it's just direct connections? so you're identified by your
> ip?

Yes, it's only direct connections, but when you connect to someone, it also
gives you posts from other people the guy you connected to have upvoted.
You're identified by your node id, which can hold multiple users. It's
probably more correct to say it identifies computers, rather than people. But
it's easy to change, just delete the userprofile.json and you'll automatically
produce a new one.

------
mbubb
I like it - it installed easily enough on Mac. I started browsing around.

I really do not have a quibble with the application itself - nor the intended
use. Thank you for it I am enjoying playing around with it and am following
the project on github.

Echoing others I would definately fix the license issue - and do that sooner
than later.

I have a tangental interest - forgive me if the following is off topic.

The last line from the deck: "It requires zero infrastructure" and similar
statements in the website got me thinking along a theme.

I get that this is a distributed application with encrypted transmission - but
it does imply an infrastructure. Once you need an IP; you need a network.

I can see lots of applications for this - beyond the reddit/bittorrent model,
this would be really useful \- aftermath of a hurricane / natural disaster \-
Occupy wallstreet style demonstrations \- Cory Doctorow "Little brother"
scenario \- etc - any situation where you want ad hoc, encrypted community

the problem with those situations is exactly that there is no infrastructure
(or not a trusted infrastructure).

Locally (for me) there are projects like
[http://www.milemesh.com/](http://www.milemesh.com/) to try and make sure
there are networks for emergency situations. But what if you don't wnat to use
an official or semi-official network? Are there distibuted, ad hoc network
projects that would work well with this?

~~~
rolleiflex
Thanks for the interest.

> Echoing others I would definately fix the license issue - and do that sooner
> than later.

Agreed.

> The last line from the deck: "It requires zero infrastructure" and similar
> statements in the website got me thinking along a theme.

Zero infrastructure except a working internet connection. But far as I know
those mesh networks also work over IP (at least they seem to) so Aether should
have no problems working over a mesh network.

The infrastructure need not be trusted— the current Internet infrastructure is
not trusted, and it works fine for most applications if used with HTTPS.
Aether isn't too different, I'm literally encrypting with the same encryption
suite (TLSv1) even.

------
cordite
I wish the slides were more descriptive of how it functioned.

Although I use mac, the lack of linux seems to be something that should be
worked on.

~~~
rolleiflex
I tried to produce Debian and Ubuntu builds, it's mostly working. But the GUI
framework I'm using (Qt) has serious problems with tray icons on Debian arch
(on Debian, a black line appears instead of icon at tray bar, on Ubuntu, the
tray icon appears on the _left_ of the top bar, above Ubuntu's main menu) so I
am waiting for them to fix their bugs. Otherwise, it's working out of the box.

For more information, here's a totally non-polished, detailed text about how
it works.

[https://dl.dropboxusercontent.com/u/5815330/aether.spec.v0.2...](https://dl.dropboxusercontent.com/u/5815330/aether.spec.v0.2.html)

~~~
ThePinion
So the only problem is with tray icons? I'd like to test this, but I only have
a Linux OS at the moment. Can we get a .deb if we promise to not complain
about anything wrong? :)

~~~
rolleiflex
Hey there, I could certainly get you linux binaries if you agree to be my
linux beta tester :). The issue with tray icon is that it's pretty critical to
application's existence, in that the app needs to stay in the background as
long as the computer is open. It's a daemon, essentially. Without a
functioning tray icon, it's impossible to shut down the application other than
via kill [pid] or another way via shell. If you are interested, please email
me (in my HN profile). I'm definitely interested in maintaining Linux binaries
or help people maintain them.

------
hershel
Definitely an interesting project.

>> The basic idea is quite simple: if Alice likes a post written by Bob, Alice
will upvote it, and thus will start to distribute that post, too, increasing
Carol’s chances of coming across Bob’s post.

If i get it correctly , your protocol leaks votes data. Assume i'm an attacker
connected to Alice. I now know what she voted for. I gather all her voted
posts, and can build pretty decent profile of her and probably uncover some of
her messages with some more complexity.

~~~
rolleiflex
Vote data is public. That's the only way I can determine what to distribute. I
don't get how you can guess what Alice wrote out of her votes, though?

~~~
hershel
Ok. Vote data is public.

People usually vote their stuff. You gather all the posts that been voted by
alice. You use text analysis software to group those posts into buckets with
the same author.

If you can do this across a large span of the network you get buckets of
anonymous authors and voting patterns. Alice's bucket is the one where
everything is upvoted(most likely).

That's one way. It's hard to counteract. Even if your software just
counteracted this while using something like TOR to supply the rest of the
anonimity, it would be pretty cool.

Another way:

Tap the internet. Gather a list of nodes connected to alice. Connect your
nodes to all those nodes.

Watch whether message X is first delivered to your nodes from alice or from
someone else. If it's first from alice, you got her. Statistically this will
catch her at least some times.

Anyway,don't get discouraged. anonimity is hard. really hard.

~~~
rolleiflex
Two very good points. As you said, Tor can handle the first, but the second is
much like the 51% attack on Bitcoin. In any case, if you have a possible
solution to the second, I would be glad to have a coffee with you.

~~~
hershel
Thanks for the coffee :).

The field of detecting authorship is called stylometry, and preventing that is
called adversarial stylometry. Here's a java open source software that you
could use :

[http://www.hacker10.com/other-computing/deceiving-
authorship...](http://www.hacker10.com/other-computing/deceiving-authorship-
detection-with-jstylo-anonymouauth/)

BTW , another issue. If you really want to achieve strong anonimity you have
to have large number of users, and large number of researchers trying to break
your system.

The best way to build anonymous forums in this context , is to build popular
anonymous email(currently there's none. only 2 we might see in the future "the
dark mail alliance" and "pinchon gate") , and use it for forums.

~~~
rolleiflex
Looking at it, seems interesting. I'll take a deeper look onto this.

2#, I agree. I'm trying to get as many users as I can, posting to HN, reddit
and all :).

------
ohmygodel
I think it's cool that you're making usable security software.

I do worry that "usable" has gotten more thought than "security", and
providing a system that doesn't deliver the security it promises could be
worse than not having the software at all. It may end up conveniently serving
up those at most risk to their adversaries.

As others have noted, anonymity is hard to get right, and the approach here
has some serious flaws:

1\. It seems that the pseudonymous author of posts can easily be determined by
connecting a bunch of Sybils (i.e. multiple clients) to as many other peers as
possible and observing who is the first to send new posts by the target
pseudonym. And you really can't have a forum without pseudonyms. Users will
create them on their own (by including a nickname in their posts) even if you
don't build it in.

2\. There is an easy so-called "intersection attack" in which the sets of
users that are connected at any given time a pseudonymous entity posts are
intersected. The actual author will always be present, and the other
participants won't be static, and so eventually only the author will remain in
the intersection.

3\. There is no apparent protocol obfuscation. Despite the use of TLS, the
protocol traffic patterns of this new protocol are likely to be highly
identifying. They can then be easily confirmed by an active attacker directly
connecting to the suspected participant. In addition, it doesn't seem that the
list of participants is protected, and so an adversary can just connect to the
network to discover who to block or punish. Tor will not solve the problem
here if users have to be able to receive incoming connections. And if you're
using Tor, then you are relying on an external system that has censorship
issues of its own (e.g. access from China is currently extremely limited) and
_does_ rely on servers.

4\. The bootstrap IPs can obviously be easily blocked.

5\. The votes are not anonymous, which is unlikely to be clear to users and
which are nearly as sensitive as authorship itself.

6\. Denial-of-service here is as simple as flooding the network with
"forwarded" posts and votes.

Here are some suggestions for designing a system that is secure and that
people can _trust_ as being secure:

1\. Write a white paper describing the design! This is not a detailed protocol
spec - it's a description of how the protocol works at a higher level along
with arguments establishing its security properties. This allows others to
understand and critique the design.

2\. Check out some of the related system designs [0-6]. They have had to deal
with the same issues, and you can learn from them. You can get all these
papers and more at
<[http://freehaven.net/anonbib/>](http://freehaven.net/anonbib/>). As you can
see at that site, people have been thinking about these issues for a while and
have figured out a lot!

3\. Submit your white paper to a computer security conference. Even if it
doesn't get in, you will get feedback from experts.

As it is currently, I wouldn't trust my communication to this system. You
really need a large and diverse user base to provide anonymity, and so you
will have to work at convincing people that this is something they can trust.
Good luck!

[0] "Membership-concealing overlay networks" by Vasserman et al. CCS09

[1] "Crowds: anonymity for Web transactions" by Reiter and Rubin. TISSEC 1998.

[2] "Freenet: A Distributed Anonymous Information Storage and Retrieval
System" by Clarke et al. PET 2000.

[3] "Trafﬁc Analysis: Protocols, Attacks, Design Issues and Open Problems" by
Jean-François Raymond. PET 2000.

[4] "ScrambleSuit: A Polymorphic Network Protocol to Circumvent Censorship" by
Winter et al. WPES 2013.

[5] "Drac: An Architecture for Anonymous Low-Volume Communications" by Danezis
et al. PETS 2010.

[6] "Tor: The Second-Generation Onion Router" by Dingledine et al. USENIX
Security 2004.

~~~
rolleiflex
Now, _this_ is the comment I came to HN for. Thanks for this, I have a few
readings to do.

For your points, While I don't have a full–scale refutation, here's a few
addendums in order. All of this is wrapped in a giant 'If I understand you
correctly'.

> And you really can't have a forum without pseudonyms. Users will create them
> on their own (by including a nickname in their posts) even if you don't
> build it in.

That's human self–incrimination. As long as this is safe for an one–time user
that opens the app on an internet cafe, posts something and goes away, I have
some basic semblance of security I can build upon. That does not mean it is
secure, it just means it's secure for _something_ —and that's a start. (It
might not be actually secure for even that, let me know if you know it not to
be so)

> There is an easy so-called "intersection attack" in which the sets of users
> that are connected at any given time a pseudonymous entity posts are
> intersected. The actual author will always be present, and the other
> participants won't be static, and so eventually only the author will remain
> in the intersection.

The actual author won't always be present. The posts start at a point, but
they do not need the author to be present to continue distribution. When Alice
posts something and Bob gets the post, from then on Alice can disappear
forever. If a post is below a threshold of availability on nodes Bob is
connected to, Bob will flag it as neutral post (to make that distribution not
count as an upvote) and start distributing it on his own to prevent post
extinction. That said, this doesn't prevent intersection attacks, it just
makes them less viable.

> Tor will not solve the problem here if users have to be able to receive
> incoming connections.

The users do not need to accept incoming connections. There are some very
restrictive routers that refuse to be UPNP port mapped, and Aether works fine
on them.

> and so an adversary can just connect to the network to discover who to block
> or punish.

For this, the roadmap is to have a 'protected' node which refuses all
connections from nodes except those who are explicitly marked as trusted.

> The bootstrap IPs can obviously be easily blocked.

It does not rely on the bootstrap IP. If you have installed the application,
it asked you in the onboarding process IP and port of a friend that you know
to be online. If you give it that, it'll use it. In fact, I'm planning to turn
the bootstrap node off or just make it a redirect to some other random node in
the future.

> The votes are not anonymous, which is unlikely to be clear to users and
> which are nearly as sensitive as authorship itself.

They point to node id's, which are not users, but machines. This is an
inherent tradeoff, in that I have to have some data to gauge the popularity of
a post. As far as I know, there is no way out of this without implicit trust
in a third party.

> Denial-of-service here is as simple as flooding the network with "forwarded"
> posts and votes.

Well, those posts won't get upvoted, and will get stuck in spam filters and
upvote thresholds of users. None of those are implemented yet, of course, but
this doesn't seem to be a structural problem.

> As it is currently, I wouldn't trust my communication to this system.

Please, for the love of god, don't trust Aether (yet). This is barely alpha
level code.

For the rest, thank you. Much appreciated. I'll be reading.

~~~
ohmygodel
> > And you really can't have a forum without pseudonyms. Users will create
> them on their own (by including a nickname in their posts) even if you don't
> build it in.

> That's human self–incrimination. As long as this is safe for an one–time
> user... I have some basic semblance of security

So this is not anonymous reddit, then. That is much less useful, and it had
better be extremely clear to users that they should only use it in that way.

> > There is an easy so-called "intersection attack"... The actual author will
> always be present,... and so eventually only the author will remain in the
> intersection.

> The actual author won't always be present. The posts start at a point, but
> they do not need the author to be present to continue distribution.

In this attack, the adversary would need to be one of Alice's peers most of
the time. If he isn't, though, because Alice only connects to a few peers
consistently, then he can at least identify one of those consistent peers.
That serves as a focus for attack, say by denial of service.

> > Tor will not solve the problem here if users have to be able to receive
> incoming connections.

> The users do not need to accept incoming connections. There are some very
> restrictive routers that refuse to be UPNP port mapped, and Aether works
> fine on them.

So to actually be undetectable as using Aether, you can't accept connections.
Then you have to hope that enough users are connecting for the anonymity and
not the undetectability, or you'll have to provide some infrastructure nodes.

> > and so an adversary can just connect to the network to discover who to
> block or punish.

> For this, the roadmap is to have a 'protected' node which refuses all
> connections from nodes except those who are explicitly marked as trusted.

Great, if you promise undetectability, then this should be the default. Of
course, that makes connectivity a challenge (what if everybody you trust
doesn't accept connections because they also want to remain undetectable?).

> > The bootstrap IPs can obviously be easily blocked.

> It does not rely on the bootstrap IP. If you have installed the application,
> it asked you in the onboarding process IP and port of a friend

Sounds good!

> > The votes are not anonymous, which is unlikely to be clear to users and
> which are nearly as sensitive as authorship itself.

> They point to node id's, which are not users, but machines.

I don't understand the distinction being made here. In any case, the upvote is
observed as coming directly from some IP. That is the identifier to worry
about. As far as privately gauging the popularity of the post, I don't exactly
understand what you need here, but they may be some crypto solutions that
could work. Unfortunately, post popularity seems easily spoofed to me.

> > Denial-of-service here is as simple as flooding the network with
> "forwarded" posts and votes.

> Well, those posts won't get upvoted, and will get stuck in spam filters and
> upvote thresholds of users. None of those are implemented yet, of course,
> but this doesn't seem to be a structural problem.

What about the mechanism to prevent extinction of a post? Doesn't that spread
a post without upvotes? And why can't I create a network of Sybils to upvote
my spam posts? Also, spam filters are a UI mechanism, if I understand what you
mean. I am talking about consuming network and memory via protocol flooding.

~~~
rolleiflex
> So this is not anonymous reddit, then. That is much less useful, and it had
> better be extremely clear to users that they should only use it in that way.

Depends on how you emphasize that sentence. It's reddit, but its anonymity is
weaker on certain fronts and stronger on others. If used as one-shot device,
it's pretty good. Otherwise, there are the issues you mentioned (which I plan
to fix, to my best).

> So to actually be undetectable as using Aether, you can't accept
> connections. Then you have to hope that enough users are connecting for the
> anonymity and not the undetectability, or you'll have to provide some
> infrastructure nodes.

Correct.

> Great, if you promise undetectability, then this should be the default.

I do not promise undetectability, but it exists under certain circumstances. I
will explicitly note those circumstances and mark undetectability as a side
benefit only under those conditions.

> I don't understand the distinction being made here. In any case, the upvote
> is observed as coming directly from some IP. That is the identifier to worry
> about.

The distinction is largely academic as you said. If you have a cryptographic
solution to that, I'd love if you could point me to the right direction.

> And why can't I create a network of Sybils to upvote my spam posts?

You can, but users can also block your nodes, or (we're really going into the
medium-term future here) your nodes would be placed in blocklists, whose
users—people who accepted them— would deny you from connecting to them. (This
is a half–baked idea as of now, who maintains those lists etc.) This is a
thorny problem. Spam filters, I was meaning less of an actual after-the-fact
spam filter, and more of a "block this guy out, refuse connections" kind of
filter. Sorry for the wrong choice of words.

All in all, very fair points I need to work on. If you would be interested in
taking a look once in a while to point out where the logic holes are, I'd
really appreciate your voice in development. If you'd be interested in helping
out, send a mail to me (burak@nehbit.net)— I would try to run more important
things by you before implementing to see if there are any obvious holes.

------
darkhorn
I was unable to run the installer because I don't have administrative rights.
It would be better without need for administrative rights.

~~~
rolleiflex
That's a prerequisite for the installer package I'm using (Inno Setup)
unfortunately. I'll try to get around that.

------
zacwitte
Can't be opened because it's from an unidentified developer

[https://www.dropbox.com/s/7mnb2gng6a66b9y/Screenshot%202013-...](https://www.dropbox.com/s/7mnb2gng6a66b9y/Screenshot%202013-11-23%2020.57.48.png)

~~~
rolleiflex
Follow the instructions on the dmg. After you drag it to Applications, go to
Applications and right click on Aether, then select open. It will then allow
you to go through.

------
RexRollman
I don't personally believe that anything is unblockable or untraceable. If
data can find its way back to you, then you can be found (although it might be
very hard).

~~~
rolleiflex
You're correct. This just makes harder. These documents are written for
laymen, it would be an asterisk-fest otherwise.

~~~
WeMull
Hence the logo?

------
ohmygeek
I am no security expert but this sounds interesting. I'd love to know how I
can compile it from source (Maybe add it to the github README?)

------
morgante
Nicely done. Your demo at DemoDays was pretty cool
([http://demodays.co/](http://demodays.co/)).

~~~
mbubb
Hmmm - I didn't see the talk on that page... Is there a link?

~~~
rolleiflex
It happened a few hours ago. It should turn up in a few days, I think? I'm
also waiting for that.

------
mmagin
Is this like Freenet, but less general-purpose?

~~~
rolleiflex
Yes. I'm specifically trying to create a safe, secure and anonymous discussion
platform, not a darknet.

~~~
e12e
Looks interesting. I see you build on webkit among other things -- what are
the messages? json docouments? Any provision for attachments? Any range for
size of messages (eg: a 700mb attachment -- would that make sense with this)?

~~~
rolleiflex
Messages are JSON, limited to 65536 characters. (This is a limitation of AMP
protocol in Twisted I am using). There are no attachments. This is a text–only
protocol. I'm trying to minimize the bandwidth requirements of running Aether.

------
ksrm
How does this compare to bitmessage?

------
maaku
Have you seen Retroshare?

~~~
GhotiFish
I have. I was very disappointed with it because it was such an utterly massive
application to be running in the background all the time.

It was 2007 and it was consuming 300MB of ram, that was just not acceptable.
Maybe more tolerable now, but still bad.

------
alixaxel
No Linux version?

