Hacker News new | past | comments | ask | show | jobs | submit login
I made a distributed, anonymous network for online discussion
102 points by rolleiflex on Nov 23, 2013 | hide | past | web | favorite | 45 comments
It's called Aether: it's a distributed, anonymous and decentralized public space where you can discuss without revealing your identity or being eavesdropped. It has no servers, and it's unblockable.

I wanted to see what HN thought of it—sorry to take your time if out of topic.

Download it here: http://www.getaether.net

A speakerdeck slide introducing Aether: https://speakerdeck.com/nehbit/aether-a-decentralised-online-public-space

Check out the bitcoin topic! I posted it on reddit earlier today, and there's been some discussion starting up there.

Source code is here: https://github.com/nehbit/aether-public/

What do you think?




* You need to describe how it actually works. Describe the network protocol well enough that someone can re-implement it in their own favorite language.

* Your license sucks. Restricting modified code from connecting to the network tells me that your network protocol is fragile and exploitable

* How is your system better than Tor and a hidden service?


1) On its way. I'll be launching a protocol spec for anyone to implement their own client.

2) The license is very temporary. I'll switch to an OSS certified license soon.

3) Hidden services still need server resources. This is closer to Bittorrent than Tor.


cough http://labs.bittorrent.com/experiments/bittorrent-chat.html


Neither open source nor a documented protocol, which makes it entirely unsuitable for many users.


how does it know who else to talk to?

it seems that by saying things are anonymous you punt on all questions of identity? so there's no way to know that you are joining the forum you expect?

another way of saying the above - despite the encryption there's no protection against mitm, right?

it uses tls so it's just direct connections? so you're identified by your ip?

you say (iirc) that keys are automatically regenerated and not verified. so it's really anonymous (not pseudonymous). so there's no way to be sure two comments are by the same person? even in the same discussion?

since the encryption is useless (mitm) yet you're not actually anonymous to an attacker (ip) it seems to combine the worst parts of insecure software with the worst parts of forums (no reliable identities).

[edit: sorry, updated the above slightly. ok, so there's some forwarding of messages which makes people more anonymous if an attacker doesn't see all the network. pre-snowden that might have seemed worth something.]


> how does it know who else to talk to?

There is a bootstrap node, which you connect to at the beginning of your first boot. Connecting to that node gets you a list of posts and a a list of nodes, like every other sync with any other node. You can opt out of connecting to boostrap node if you have a friend you know to be currently online, and putting his / her ip:port at the settings page of the onboarding.

>it seems that by saying things are anonymous you punt on all questions of identity? so there's no way to know that you are joining the forum you expect?

The forums only exist as names, there is no way to have two forums with the same name, they will automatically be merged. (There is two bitcoin topics currently, that's a corner case I'm fixing now)

But there is no way to know who you are actually talking to, yes. I'm planning to add public key authentication in the future at the point I am reasonably confident the core stack is working reliably and there is sufficient interest.

> it uses tls so it's just direct connections? so you're identified by your ip?

Yes, it's only direct connections, but when you connect to someone, it also gives you posts from other people the guy you connected to have upvoted. You're identified by your node id, which can hold multiple users. It's probably more correct to say it identifies computers, rather than people. But it's easy to change, just delete the userprofile.json and you'll automatically produce a new one.


I like it - it installed easily enough on Mac. I started browsing around.

I really do not have a quibble with the application itself - nor the intended use. Thank you for it I am enjoying playing around with it and am following the project on github.

Echoing others I would definately fix the license issue - and do that sooner than later.

I have a tangental interest - forgive me if the following is off topic.

The last line from the deck: "It requires zero infrastructure" and similar statements in the website got me thinking along a theme.

I get that this is a distributed application with encrypted transmission - but it does imply an infrastructure. Once you need an IP; you need a network.

I can see lots of applications for this - beyond the reddit/bittorrent model, this would be really useful - aftermath of a hurricane / natural disaster - Occupy wallstreet style demonstrations - Cory Doctorow "Little brother" scenario - etc - any situation where you want ad hoc, encrypted community

the problem with those situations is exactly that there is no infrastructure (or not a trusted infrastructure).

Locally (for me) there are projects like http://www.milemesh.com/ to try and make sure there are networks for emergency situations. But what if you don't wnat to use an official or semi-official network? Are there distibuted, ad hoc network projects that would work well with this?


Thanks for the interest.

> Echoing others I would definately fix the license issue - and do that sooner than later.

Agreed.

> The last line from the deck: "It requires zero infrastructure" and similar statements in the website got me thinking along a theme.

Zero infrastructure except a working internet connection. But far as I know those mesh networks also work over IP (at least they seem to) so Aether should have no problems working over a mesh network.

The infrastructure need not be trusted— the current Internet infrastructure is not trusted, and it works fine for most applications if used with HTTPS. Aether isn't too different, I'm literally encrypting with the same encryption suite (TLSv1) even.


I wish the slides were more descriptive of how it functioned.

Although I use mac, the lack of linux seems to be something that should be worked on.


I tried to produce Debian and Ubuntu builds, it's mostly working. But the GUI framework I'm using (Qt) has serious problems with tray icons on Debian arch (on Debian, a black line appears instead of icon at tray bar, on Ubuntu, the tray icon appears on the left of the top bar, above Ubuntu's main menu) so I am waiting for them to fix their bugs. Otherwise, it's working out of the box.

For more information, here's a totally non-polished, detailed text about how it works.

https://dl.dropboxusercontent.com/u/5815330/aether.spec.v0.2...


I'll see if I can get around to helping you with that. Linux software is ok with copious debugging to the terminal and an ugly UI - it will fit in well.


So the only problem is with tray icons? I'd like to test this, but I only have a Linux OS at the moment. Can we get a .deb if we promise to not complain about anything wrong? :)


Hey there, I could certainly get you linux binaries if you agree to be my linux beta tester :). The issue with tray icon is that it's pretty critical to application's existence, in that the app needs to stay in the background as long as the computer is open. It's a daemon, essentially. Without a functioning tray icon, it's impossible to shut down the application other than via kill [pid] or another way via shell. If you are interested, please email me (in my HN profile). I'm definitely interested in maintaining Linux binaries or help people maintain them.


Thanks! This should satisfy my interest.


Definitely an interesting project.

>> The basic idea is quite simple: if Alice likes a post written by Bob, Alice will upvote it, and thus will start to distribute that post, too, increasing Carol’s chances of coming across Bob’s post.

If i get it correctly , your protocol leaks votes data. Assume i'm an attacker connected to Alice. I now know what she voted for. I gather all her voted posts, and can build pretty decent profile of her and probably uncover some of her messages with some more complexity.


Vote data is public. That's the only way I can determine what to distribute. I don't get how you can guess what Alice wrote out of her votes, though?


Ok. Vote data is public.

People usually vote their stuff. You gather all the posts that been voted by alice. You use text analysis software to group those posts into buckets with the same author.

If you can do this across a large span of the network you get buckets of anonymous authors and voting patterns. Alice's bucket is the one where everything is upvoted(most likely).

That's one way. It's hard to counteract. Even if your software just counteracted this while using something like TOR to supply the rest of the anonimity, it would be pretty cool.

Another way:

Tap the internet. Gather a list of nodes connected to alice. Connect your nodes to all those nodes.

Watch whether message X is first delivered to your nodes from alice or from someone else. If it's first from alice, you got her. Statistically this will catch her at least some times.

Anyway,don't get discouraged. anonimity is hard. really hard.


Two very good points. As you said, Tor can handle the first, but the second is much like the 51% attack on Bitcoin. In any case, if you have a possible solution to the second, I would be glad to have a coffee with you.


Thanks for the coffee :).

The field of detecting authorship is called stylometry, and preventing that is called adversarial stylometry. Here's a java open source software that you could use :

http://www.hacker10.com/other-computing/deceiving-authorship...

BTW , another issue. If you really want to achieve strong anonimity you have to have large number of users, and large number of researchers trying to break your system.

The best way to build anonymous forums in this context , is to build popular anonymous email(currently there's none. only 2 we might see in the future "the dark mail alliance" and "pinchon gate") , and use it for forums.


Looking at it, seems interesting. I'll take a deeper look onto this.

2#, I agree. I'm trying to get as many users as I can, posting to HN, reddit and all :).


I think it's cool that you're making usable security software.

I do worry that "usable" has gotten more thought than "security", and providing a system that doesn't deliver the security it promises could be worse than not having the software at all. It may end up conveniently serving up those at most risk to their adversaries.

As others have noted, anonymity is hard to get right, and the approach here has some serious flaws:

1. It seems that the pseudonymous author of posts can easily be determined by connecting a bunch of Sybils (i.e. multiple clients) to as many other peers as possible and observing who is the first to send new posts by the target pseudonym. And you really can't have a forum without pseudonyms. Users will create them on their own (by including a nickname in their posts) even if you don't build it in.

2. There is an easy so-called "intersection attack" in which the sets of users that are connected at any given time a pseudonymous entity posts are intersected. The actual author will always be present, and the other participants won't be static, and so eventually only the author will remain in the intersection.

3. There is no apparent protocol obfuscation. Despite the use of TLS, the protocol traffic patterns of this new protocol are likely to be highly identifying. They can then be easily confirmed by an active attacker directly connecting to the suspected participant. In addition, it doesn't seem that the list of participants is protected, and so an adversary can just connect to the network to discover who to block or punish. Tor will not solve the problem here if users have to be able to receive incoming connections. And if you're using Tor, then you are relying on an external system that has censorship issues of its own (e.g. access from China is currently extremely limited) and does rely on servers.

4. The bootstrap IPs can obviously be easily blocked.

5. The votes are not anonymous, which is unlikely to be clear to users and which are nearly as sensitive as authorship itself.

6. Denial-of-service here is as simple as flooding the network with "forwarded" posts and votes.

Here are some suggestions for designing a system that is secure and that people can trust as being secure:

1. Write a white paper describing the design! This is not a detailed protocol spec - it's a description of how the protocol works at a higher level along with arguments establishing its security properties. This allows others to understand and critique the design.

2. Check out some of the related system designs [0-6]. They have had to deal with the same issues, and you can learn from them. You can get all these papers and more at <http://freehaven.net/anonbib/>. As you can see at that site, people have been thinking about these issues for a while and have figured out a lot!

3. Submit your white paper to a computer security conference. Even if it doesn't get in, you will get feedback from experts.

As it is currently, I wouldn't trust my communication to this system. You really need a large and diverse user base to provide anonymity, and so you will have to work at convincing people that this is something they can trust. Good luck!

[0] "Membership-concealing overlay networks" by Vasserman et al. CCS09

[1] "Crowds: anonymity for Web transactions" by Reiter and Rubin. TISSEC 1998.

[2] "Freenet: A Distributed Anonymous Information Storage and Retrieval System" by Clarke et al. PET 2000.

[3] "Traffic Analysis: Protocols, Attacks, Design Issues and Open Problems" by Jean-François Raymond. PET 2000.

[4] "ScrambleSuit: A Polymorphic Network Protocol to Circumvent Censorship" by Winter et al. WPES 2013.

[5] "Drac: An Architecture for Anonymous Low-Volume Communications" by Danezis et al. PETS 2010.

[6] "Tor: The Second-Generation Onion Router" by Dingledine et al. USENIX Security 2004.


Now, this is the comment I came to HN for. Thanks for this, I have a few readings to do.

For your points, While I don't have a full–scale refutation, here's a few addendums in order. All of this is wrapped in a giant 'If I understand you correctly'.

> And you really can't have a forum without pseudonyms. Users will create them on their own (by including a nickname in their posts) even if you don't build it in.

That's human self–incrimination. As long as this is safe for an one–time user that opens the app on an internet cafe, posts something and goes away, I have some basic semblance of security I can build upon. That does not mean it is secure, it just means it's secure for something—and that's a start. (It might not be actually secure for even that, let me know if you know it not to be so)

> There is an easy so-called "intersection attack" in which the sets of users that are connected at any given time a pseudonymous entity posts are intersected. The actual author will always be present, and the other participants won't be static, and so eventually only the author will remain in the intersection.

The actual author won't always be present. The posts start at a point, but they do not need the author to be present to continue distribution. When Alice posts something and Bob gets the post, from then on Alice can disappear forever. If a post is below a threshold of availability on nodes Bob is connected to, Bob will flag it as neutral post (to make that distribution not count as an upvote) and start distributing it on his own to prevent post extinction. That said, this doesn't prevent intersection attacks, it just makes them less viable.

> Tor will not solve the problem here if users have to be able to receive incoming connections.

The users do not need to accept incoming connections. There are some very restrictive routers that refuse to be UPNP port mapped, and Aether works fine on them.

> and so an adversary can just connect to the network to discover who to block or punish.

For this, the roadmap is to have a 'protected' node which refuses all connections from nodes except those who are explicitly marked as trusted.

> The bootstrap IPs can obviously be easily blocked.

It does not rely on the bootstrap IP. If you have installed the application, it asked you in the onboarding process IP and port of a friend that you know to be online. If you give it that, it'll use it. In fact, I'm planning to turn the bootstrap node off or just make it a redirect to some other random node in the future.

> The votes are not anonymous, which is unlikely to be clear to users and which are nearly as sensitive as authorship itself.

They point to node id's, which are not users, but machines. This is an inherent tradeoff, in that I have to have some data to gauge the popularity of a post. As far as I know, there is no way out of this without implicit trust in a third party.

> Denial-of-service here is as simple as flooding the network with "forwarded" posts and votes.

Well, those posts won't get upvoted, and will get stuck in spam filters and upvote thresholds of users. None of those are implemented yet, of course, but this doesn't seem to be a structural problem.

> As it is currently, I wouldn't trust my communication to this system.

Please, for the love of god, don't trust Aether (yet). This is barely alpha level code.

For the rest, thank you. Much appreciated. I'll be reading.


I love reading threads like this. It is all to rare to see people engaging with a spirit of humility and learning. Can't wait to see how this project progresses. Good luck dude!


> > And you really can't have a forum without pseudonyms. Users will create them on their own (by including a nickname in their posts) even if you don't build it in.

> That's human self–incrimination. As long as this is safe for an one–time user... I have some basic semblance of security

So this is not anonymous reddit, then. That is much less useful, and it had better be extremely clear to users that they should only use it in that way.

> > There is an easy so-called "intersection attack"... The actual author will always be present,... and so eventually only the author will remain in the intersection.

> The actual author won't always be present. The posts start at a point, but they do not need the author to be present to continue distribution.

In this attack, the adversary would need to be one of Alice's peers most of the time. If he isn't, though, because Alice only connects to a few peers consistently, then he can at least identify one of those consistent peers. That serves as a focus for attack, say by denial of service.

> > Tor will not solve the problem here if users have to be able to receive incoming connections.

> The users do not need to accept incoming connections. There are some very restrictive routers that refuse to be UPNP port mapped, and Aether works fine on them.

So to actually be undetectable as using Aether, you can't accept connections. Then you have to hope that enough users are connecting for the anonymity and not the undetectability, or you'll have to provide some infrastructure nodes.

> > and so an adversary can just connect to the network to discover who to block or punish.

> For this, the roadmap is to have a 'protected' node which refuses all connections from nodes except those who are explicitly marked as trusted.

Great, if you promise undetectability, then this should be the default. Of course, that makes connectivity a challenge (what if everybody you trust doesn't accept connections because they also want to remain undetectable?).

> > The bootstrap IPs can obviously be easily blocked.

> It does not rely on the bootstrap IP. If you have installed the application, it asked you in the onboarding process IP and port of a friend

Sounds good!

> > The votes are not anonymous, which is unlikely to be clear to users and which are nearly as sensitive as authorship itself.

> They point to node id's, which are not users, but machines.

I don't understand the distinction being made here. In any case, the upvote is observed as coming directly from some IP. That is the identifier to worry about. As far as privately gauging the popularity of the post, I don't exactly understand what you need here, but they may be some crypto solutions that could work. Unfortunately, post popularity seems easily spoofed to me.

> > Denial-of-service here is as simple as flooding the network with "forwarded" posts and votes.

> Well, those posts won't get upvoted, and will get stuck in spam filters and upvote thresholds of users. None of those are implemented yet, of course, but this doesn't seem to be a structural problem.

What about the mechanism to prevent extinction of a post? Doesn't that spread a post without upvotes? And why can't I create a network of Sybils to upvote my spam posts? Also, spam filters are a UI mechanism, if I understand what you mean. I am talking about consuming network and memory via protocol flooding.


> So this is not anonymous reddit, then. That is much less useful, and it had better be extremely clear to users that they should only use it in that way.

Depends on how you emphasize that sentence. It's reddit, but its anonymity is weaker on certain fronts and stronger on others. If used as one-shot device, it's pretty good. Otherwise, there are the issues you mentioned (which I plan to fix, to my best).

> So to actually be undetectable as using Aether, you can't accept connections. Then you have to hope that enough users are connecting for the anonymity and not the undetectability, or you'll have to provide some infrastructure nodes.

Correct.

> Great, if you promise undetectability, then this should be the default.

I do not promise undetectability, but it exists under certain circumstances. I will explicitly note those circumstances and mark undetectability as a side benefit only under those conditions.

> I don't understand the distinction being made here. In any case, the upvote is observed as coming directly from some IP. That is the identifier to worry about.

The distinction is largely academic as you said. If you have a cryptographic solution to that, I'd love if you could point me to the right direction.

> And why can't I create a network of Sybils to upvote my spam posts?

You can, but users can also block your nodes, or (we're really going into the medium-term future here) your nodes would be placed in blocklists, whose users—people who accepted them— would deny you from connecting to them. (This is a half–baked idea as of now, who maintains those lists etc.) This is a thorny problem. Spam filters, I was meaning less of an actual after-the-fact spam filter, and more of a "block this guy out, refuse connections" kind of filter. Sorry for the wrong choice of words.

All in all, very fair points I need to work on. If you would be interested in taking a look once in a while to point out where the logic holes are, I'd really appreciate your voice in development. If you'd be interested in helping out, send a mail to me (burak@nehbit.net)— I would try to run more important things by you before implementing to see if there are any obvious holes.


I was unable to run the installer because I don't have administrative rights. It would be better without need for administrative rights.


That's a prerequisite for the installer package I'm using (Inno Setup) unfortunately. I'll try to get around that.


Can't be opened because it's from an unidentified developer

https://www.dropbox.com/s/7mnb2gng6a66b9y/Screenshot%202013-...


Follow the instructions on the dmg. After you drag it to Applications, go to Applications and right click on Aether, then select open. It will then allow you to go through.


I don't personally believe that anything is unblockable or untraceable. If data can find its way back to you, then you can be found (although it might be very hard).


You're correct. This just makes harder. These documents are written for laymen, it would be an asterisk-fest otherwise.


Hence the logo?


I am no security expert but this sounds interesting. I'd love to know how I can compile it from source (Maybe add it to the github README?)


Nicely done. Your demo at DemoDays was pretty cool (http://demodays.co/).


Hmmm - I didn't see the talk on that page... Is there a link?


It happened a few hours ago. It should turn up in a few days, I think? I'm also waiting for that.


Thanks! I need to fix my weird accent, though.


Is this like Freenet, but less general-purpose?


Yes. I'm specifically trying to create a safe, secure and anonymous discussion platform, not a darknet.


Looks interesting. I see you build on webkit among other things -- what are the messages? json docouments? Any provision for attachments? Any range for size of messages (eg: a 700mb attachment -- would that make sense with this)?


Messages are JSON, limited to 65536 characters. (This is a limitation of AMP protocol in Twisted I am using). There are no attachments. This is a text–only protocol. I'm trying to minimize the bandwidth requirements of running Aether.


How does this compare to bitmessage?


Have you seen Retroshare?


I have. I was very disappointed with it because it was such an utterly massive application to be running in the background all the time.

It was 2007 and it was consuming 300MB of ram, that was just not acceptable. Maybe more tolerable now, but still bad.


No Linux version?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: