Hacker News new | comments | show | ask | jobs | submit login
Show HN: Nightweb, the anonymous P2P social network, now runs on the desktop (nightweb.net)
192 points by gw 1606 days ago | hide | past | web | 63 comments | favorite

I've mentioned previously here that on my "somebody should create this, and I might eventually" list is an open source, P2P, optionally server-backed, encrypted Dropbox replacement. Upon further thinking about the concept in light of the recent NSA stuff, I contemplated the possibility of building a social network on top of such a system that allowed for sharing files with friends. It looks like this project is basically an implementation of this idea. Nice one.

One of the most interesting things about Bitcoin is the possibility of introducing commerce directly into P2P networks.

You could imagine a Bitcoin micropayment protocol (https://en.bitcoin.it/wiki/Contracts#Example_7:_Rapidly-adju...) layered on a P2P network of Tahoe-LAFS (https://tahoe-lafs.org/trac/tahoe-lafs) providers competing for business.

The Free Software Foundation just made developing a free software replacement to Bittorrent Sync a high priority project:


LibrePlanet Group: http://libreplanet.org/wiki/Group:SyncReplacement

> open source, P2P, optionally server-backed, encrypted Dropbox

I believe you can get 80% there with git-annex or DVCS-autosync and a git repo in Tor. I believe there is a free but limited git repo hosting in Tor, but don't take my word for it.

I thought once if it would be possible to use Freenet as a replacement for Dropbox. You encrypt your files, put them in Freenet, and they are replicated there, as long as you ping them enough so they don't get automatically deleted.

Better yet, you can use git-annex with tahoe-LAFS. Now you have a distributed, full-encrypted Dropbox replacement.


i 'm considering btsync on a server somewhere outside the US (or even europe, as it seems) http://labs.bittorrent.com/experiments/sync-hero99371.html

It would be great if btsync supported multiple user accounts on the same daemon.

BTSync should really have an encrypted node mode where all the data is encrypted before leaving the client, so it wouldn't matter where the server is located.

You might look at Sparkleshare; it's not P2P, but it is open source, self-hosted and encrypted.

Interesting, I have something like this on my "perhaps I should do that" list.

From the protocol description it seems, that one shares a torrent file (with the profile) to the followers over i2p? And this torrent is signed with DSA-SHA1, to provide the authenticity of the profile? ( At least I think this should be the idea in a very handwaving way? I am not really sure how much I did understand.)

And two give a little bit of feedback:

1. Nightweb is 'calling home' via the latest.js. ( This information should probably better be shared via i2p, since this is at least leaking, who is running Nightweb.)

2. Some tutorial or at least tooltips. At least I do not really understand the UI at the moment.

3. I was finally able to understand what to do with a .jar file, and that Java wants to be called with -jar, I am not really sure if the average user knows, what he should do with a .jar without further explanation.

Edit: How long should it take to spread a new posting through the network? ( I am wondering if something like chat/twitter could be done through NW.)

Your description of the protocol is basically right. All metadata is shared in a torrent called a "meta torrent", which you get via other users as a signed infohash. After querying for the torrent over the DHT network, you begin downloading the files.

You are right that the update checking system is pretty crude right now. I definitely plan on eventually updating over I2P. I will probably wait until I have implemented generic file-sharing and just piggy-back on that functionality to distribute updates.

I plan on adding a welcome message that explains how to use the interface. I already have that in the Android version, but for whatever reason I skipped over it this time.

I think on Windows and OS X, you can just double-click a JAR file and it will launch it with Java. Hopefully most users won't have to drop to the command line to run it.

Right now it's quite slow to get an update -- especially when you are getting their metadata for the first time, which can take 5 minutes or more sometimes. I plan on working really hard to speed this up over the next few months.

Thanks for the answers. And I did wonder, if you plan to implement something like groups? ( As far as I understand, this would be something like sharing a private key.)

I really liked SecuShare site http://secushare.org/ , it also explains many related issues. Does Nightweb allow 'free' multiple identities? It's really essential feature for any service.

Yes, it allows multiple identities that you can switch between. It's the button on the far right.

For people already running I2P, does it exist as I2P plugins? I doesn't seem to be on http://plugins.i2p/.

No, but that's not a bad idea. I'm not familiar with their plugin system, so I'll have to figure out if it's technically possible. Nightweb currently bundles I2P, but I didn't make any changes to the core or router code; I only modified the bittorrent client.

Great. If you succeed, be sure to post a how to. I bet a lot more people would be willing to write I2P plugins if we have a nice tutorial explaining how to write an I2P plugin in another JVM based language than Java (since you use Clojure).

Assume that Eve posses the public key torrents of Alice and Bob. Can Eve then determine if they are friends or not?

Yes, everyone's metadata (profile, posts, and favorites) are publicly visible. In this sense, Nightweb is anonymous, but not private. I may add private sharing in the future, but it's a complicated thing to implement.

So it's anonymous like bitcoin is anonymous - which is to say that keeping your identity a secret over the long term takes great effort. Do I understand correctly?

I don't agree that it takes "great effort", because I don't think there is only one standard of anonymity. If you expect to be sought after by a well-financed adversary, of course you should be diligent about what you share, and maybe even change your identity regularly (which Nightweb now supports). Others may just want a reasonable level of anonymity, and will have no problem mentioning the city they live in. Others may use Nightweb with their real names. I think you will get whatever you put into it.

This seems like a very cool project, but I don't see how it provides real anonymity. What concerns me isn't even "a well-financed adversary", but "someone who is curious about who you are, and has spare time to think about it".

Changing your identity regularly doesn't seem terribly useful either, if you then re-form the same relationships with the same people.

Any detail a "friend" provides is a clue, and these clues can be used to re-describe the network.

I'm not trying to be a wet blanket here, I'm just concerned that Nightweb is something it's not.

This line of argument has never concerned me, because it is a tautology: If people expose parts of their identity in Nightweb, then parts of their identity will be exposed on Nightweb. There is no reason your relationships in Nightweb have to align with your offline relationships.

friend, i wish i could convince you otherwise. there's a difference between exposing your identity to people you trust, and exposing your identity to the entire world.

I would use a product that lets gay people talk to other gay people without leaking information. No other product can protect free speech, and if nightweb can't protect free speech, then what's the point?

You claim it's a tautology, but I think it's inevitable.

Communication is the act of exposing information, and if any persistent, well-audited system will, used for long enough, allow you to expose yourself.

Your online and offline relationships do not have to align, but good luck hiding information in every single one of your interactions.

bitcoin standard practice is to create a new identity with every single transaction, and that's been proven to be insufficient for anonymity against an academic, let alone a government.

For another anonymous chatting tool, be sure to checkout our project:


Easily deployed for private LAN chat :)

Vole is another social network, based on BitTorrent.

http://vole.cc https://news.ycombinator.com/item?id=5948423

This looks like a very interesting project. I do have a couple of questions:

1) My last backup from facebook was around 30MB (for a pretty conservative facebook profile). Now, if I add 100 friends, I can expect to have to store 3GB of data/year in order to participate in nightweb (at a minimum)? On every device I use nightweb on?

2) How does the system interact with DNS? Does any traffic travel outside of the i2p network?

3) I'm a little new to i2p as well -- does the traffic generated map to regular ip addresses or is there some form of onion routing at work?

2) Depends on how the bundle is configured. I2P supports "outproxies" to the normal web. There are like 3 of them... Sadly the option is enabled by default.

3) I2P is using an onion routing like network. You only see the neighbouring hop/IP

That's cool, but I think a reddit clone would be even more useful.

Let's start a thread where we share links to our profiles :)

Retroshare - a similar secure social netrowk: http://retroshare.sourceforge.net/

Very cool; another Clojure project with source available.

Social AND Anonymous? Now, that's an interesting oxymoron. I can imagine its users paranoically checking all the data they are sharing with people they don't even know to see if there are any traces of something that could identify them... An interesting way to kill time.

I've never quite understood that reaction, but I get it a lot. Maybe I'm getting old (I'm 26), but as a teenager, I spent most of my time on message boards and yahoo groups. That was "social networking" to me, and in a crude way, it was anonymous. Younger people may associate the term with things like Facebook and Google+, so I can understand the seeming contradiction.

I believe that anonymity is not a binary; different people have different levels of "paranoia". So while some may constantly check the data they're sharing, others may be like my teenage self and simply want a pseudonymous place to interact with others. Some may even share their actual face and name. It's up to you.

People seems to think that ``social network'' was a term thought up in Silicon Valley 5 years ago to describe Facebook or any other place on the internet where people are social. In fact, it has nothing to do with either. It comes from sociology as a way to classify the relationships between individuals and groups in a society as well between societies themselves. It can be applied to ant colonies and bacteria cultures just as well as it is to humans. It's applied to what we call social networks online because they tend to be analogous, and perhaps the fact that the words have double meanings helped it catch on.

Now whether you could call your favorite IRC channel a social network depends on how well you can classify the relationships between the groups and individuals in that room according to the model. If you compare an IRC channel where hackers collaborate on open source software to a corporate office, and of the server they share to community, then you could accurately describe Freenode as a social network. It would be difficult, however, to apply the term to IRC in general.

It's easy to call Facebook and Twitter social networks because such a large portion of individuals, governments, corporate entities and subcultures have a presence there that they're almost like a snapshot of human society, albeit two-dimensional. A place like 4chan where you can't detect individuals at all doesn't fit the model. Whether a marriage of the two extremes could be considered a social network would probably depend on whether individuals have any identity whatsoever (pseudonymous).

Yeah, but for such pseudonymous needs, Nightweb seems overkill, running on I2P and such.

I want to make anonymous networking so transparent and simple that people use it even if they don't care about it. They may still expose their identity through the information they share, but we will all benefit from anonymity being the default instead of the exception.

> Social AND Anonymous ? Now, that's an interesting oxymoron.

Social AND Anonymous = Pseudonymous

You may wish have several distinct identities when facing different communities. Anonymity would then be about keeping those identities disconnected from one another.

I would love to try this but as an OSX / iOS user, I'm bummed.

You should be able to run the desktop version on OS X. I don't have a Mac so I haven't tried it, but it's just a jar file.

It works on Mac OS X. Not pretty, but… Open in chrome.

Wow, that is very cool, need to try this out with the API. The mechanism for communication should make it easily extensible.

Surely "anonymous social network" is an oxymoron.

Why? Something I've contemplated for a long time is why there isn't a social network catering specifically to peoples' online personas. After all, there's a lot of stuff a lot of us do that we'd rather others not know about, or groups of friends we like to keep online, and not pull into the offline world in any way.

The whole Internet is like a social network for online personas.

Gravity.com, Anybeat.com, Google+, Myspace, tumblr...

oops, at least the Gravity certificate expired and Anybeat is not responding.

That's because they are dead.

It's pseudonymous/anonymous, but more important, it's encrypted and distributed.

That's how social networks used to work. I remember thinking how crazy it felt to use your real name on Facebook.

Is that a picture of Murray Rothbard? Pretty fitting :)

wow, finally. Something that will actually be useful I believe.

Is there a possibility to collect all the hashes of everyone if you have enough computing power?

You could, I suppose, by continuously querying the bittorrent DHT for infohashes.

What about encrypting such data?

Does the app encrypt the communications?

Yes, everything is encrypted by I2P during transport. However, nothing is encrypted on the disk, as I feel that is a system-level function best-served by full disk encryption.

How can anything on android be anonymous?

It uses I2P:


So your phone number or real world identity isn't linked to an identity on NightWeb necessarily, and even when you use your real name, everything is encrypted and distributed, so only your contacts (friends) can read what you post.

Why couldn't it be?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact