HOME

TheInfoList



Click Here for Items Related To - AnoNet
OR:
AnoNet on:   [Wikipedia]   [Google]   [Amazon]

anoNet is a decentralized
friend-to-friend A friend-to-friend (or F2F) computer network is a type of peer-to-peer network in which users only make direct connections with people they know. Passwords or digital signatures can be used for authentication. Unlike other kinds of private P2P ...
network built using
VPN A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
s and software
BGP Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. BGP is classified as a path-vector routing protocol, and it make ...
routers. anoNet works by making it difficult to learn the identities of others on the network allowing them to anonymously host
IPv4 Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version de ...
and
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv ...
services Service may refer to: Activities * Administrative service, a required part of the workload of university faculty * Civil service, the body of employees of a government * Community service, volunteer service for the benefit of a community or a p ...
.


Motivation

Implementing an anonymous network on a service by service basis has its drawbacks, and it is debatable if such work should be built at the application level. A simpler approach could be to design an
IPv4 Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version de ...
/
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv ...
network where its participants enjoyed strong anonymity. Doing so allows the use of any number of applications and services already written and available on the internet at large. IPv4 networks do not preclude anonymity by design; it is only necessary to decouple the identity of the owner of an
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
from the address itself. Commercial internet connectivity and its need of billing records makes this impossible, but private IPv4 networks do not share that requirement. Assuming that a router administrator on such a metanet knows only information about the adjacent routers, standard routing protocols can take care of finding the proper path for a packet to take to reach its destination. All destinations further than one hop can for most people's threat models be considered anonymous. This is because only your immediate peers know your IP. Anyone not directly connected to you only knows you by an IP in the 21.0.0.0/8 range, and that IP is not necessarily tied to any identifiable information.


anoNet is pseudonymous

Everyone can build a profile of an anoNet IP address: what kind of documents it publishes or requests, in which language, about which countries or towns, etc. If this IP ever publishes a document that can lead to its owner's identity, then all other documents ever published or requested can be tied to this identity. Unlike some other Friend to Friend (F2F) programs, there is no automatic forwarding in anoNet that hides the IP of a node from all nodes that are not directly connected to it. However, all existing F2F programs can be used inside anoNet, making it harder to detect that someone uses one of these F2F programs (only a VPN connection can be seen from the outside, but
traffic analysis Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication, it can be performed even when the messages are encrypted. In general, the greater the number of messages observed ...
remain possible).


Architecture

Since running fiber to distant hosts is prohibitively costly for the volunteer nature of such a network, the network uses off-the-shelf
VPN A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
software for both router to router, and router to user links. This offers other advantages as well, such as invulnerability to external eavesdropping and the lack of need for unusual software which might give notice to those interested in who is participating. To avoid addressing conflict with the internet itself, anoNet initially used the IP range 1.0.0.0/8. This was to avoid conflicting with internal networks such as 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16, as well as assigned Internet ranges. In January 2010
IANA The Internet Assigned Numbers Authority (IANA) is a standards organization that oversees global IP address allocation, autonomous system number allocation, root zone management in the Domain Name System (DNS), media types, and other Interne ...
allocated 1.0.0.0/8 to
APNIC APNIC (the Asia Pacific Network Information Centre) is the regional Internet address registry ( RIR) for the Asia-Pacific region. It is one of the world's five RIRs and is part of the Number Resource Organization ( NRO). APNIC provides numb ...
. In March 2017 anoNet changed the network to use the 21.0.0.0/8 subnetwork, which is assigned to the
United States Department of Defense The United States Department of Defense (DoD, USDOD or DOD) is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national secur ...
but is not currently in use on the internet. The network itself is not arranged in any regular, repeating pattern of routers, although redundant (>1) links are desired. This serves to make it more decentralized, reduces choke points, and the use of
BGP Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. BGP is classified as a path-vector routing protocol, and it make ...
allows for redundancy. Suitable VPN choices are available, if not numerous. Any robust
IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
package is acceptable, such as
FreeS/WAN FreeS/WAN, for Free Secure Wide-Area Networking, was a free software project, which implemented a reference version of the IPsec network security layer for Linux. The project goal of ubiquitous opportunistic encryption of Internet traffic was n ...
or Greenbow. Non-IPsec solutions also exist, such as
OpenVPN OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server appl ...
and
SSH The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on a ...
tunneling. There is no requirement for a homogeneous network; each link could in fact use a different VPN daemon.


Goals

One of the primary goals of anoNet is to protect its participants' rights of speech and expression, especially those that have come under attack of late. Some examples of what might be protected by anoNet include: *
Fan fiction Fan fiction or fanfiction (also abbreviated to fan fic, fanfic, fic or FF) is fictional writing written in an amateur capacity by fans, unauthorized by, but based on an existing work of fiction. The author uses copyrighted characters, sett ...
*
DeCSS DeCSS is one of the first free computer programs capable of decrypting content on a commercially produced DVD video disc. Before the release of DeCSS, open source operating systems (such as BSD and Linux) could not play encrypted video DVDs. ...
* Criticisms of electronic voting machines. *
Bnetd bnetd is a communication app that enables users of the online game StarCraft (and StarCraft: Brood War) released on March 31, 1998 to connect and chat together. Bnetd was released on April 28, 1998 under the name ''StarHack'' and provided near ...
and similar software *
Song of the South ''Song of the South'' is a 1946 American live-action/animated musical drama film directed by Harve Foster and Wilfred Jackson; produced by Walt Disney and released by RKO Radio Pictures. It is based on the Uncle Remus stories as adapted by J ...
and other films of historical interest unavailable due to political controversy


How it works

It is impossible on the Internet to communicate with another host without knowing its
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
. Thus, the anoNet realizes that you will be known to your peer, along with the subnet mask used for communicating with them. A routing protocol,
BGP Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. BGP is classified as a path-vector routing protocol, and it make ...
, allows any node to advertise any routes they like, and this seemingly chaotic method is what provides users with
anonymity Anonymity describes situations where the acting person's identity is unknown. Some writers have argued that namelessness, though technically correct, does not capture what is more centrally at stake in contexts of anonymity. The important idea he ...
. Once a node advertises a new route, it is hard for anyone else to determine if it is a route to another machine in another country via VPN, or just a dummy interface on that users machine. It is possible that certain analysis could be used to determine if the subnet was remote (as in another country), or local (as in either a dummy interface, or a machine connected via Ethernet.) These include TCP timestamps, ping times, OS identification, user agents, and traffic analysis. Most of these are mitigable through action on the users' part.


Scaling

There are 65536 ASNs available in
BGP Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. BGP is classified as a path-vector routing protocol, and it make ...
v4. Long before anoNet reaches that number of routers the network will have to be split into
OSPF Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous sys ...
clouds, or switched to a completely different routing protocol or alter the
BGP Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. BGP is classified as a path-vector routing protocol, and it make ...
protocol to use a 32bit integer for ASNs, like the rest of the Internet will do, since 32-bit AS numbers now are standardised. There are also only 65536 /24 subnets in the 21.0.0.0/8 subnet. This would be easier to overcome by adding a new unused /8 subnet if there were any.


Allocated Subnets

Below is the list of allocated IPv4 and IPv6 subnets as of 4 March 2020. 
21.3.3.0/24
21.3.37.0/24
21.4.9.200/30
21.3.4.0/24
21.0.0.0/24
21.22.1.0/24
21.4.9.153/32
21.3.3.96/30
21.50.0.0/24
21.71.12.0/24
21.41.41.0/24
21.3.3.8/32
21.0.99.11/32
21.63.70.0/24
21.4.9.53/32
21.3.3.1/32
21.78.0.53/32
21.3.3.7/32
21.255.222.0/24
21.3.3.10/32
21.255.112.0/24
21.255.113.0/24
21.79.3.153/32
21.3.3.3/32
21.104.100.0/24
21.255.114.0/24

fd63:1e39:6f73:ff72::/64
fd63:1e39:6f73:ff75::/64
fd63:1e39:6f73:325::/64
fd63:1e39:6f73:1601::/64
fd63:1e39:6f73:304::/64
fd63:1e39:6f73:2929::/64
fd63:1e39:6f73:1c6a::/64
fd63:1e39:6f73:303::/64
fd63:1e39:6f73:3f46::/64
fd63:1e39:6f73:3f45::/64
fd63:1e39:6f73:470c::/64


Security concerns

Since there is no identifiable information tied to a user of anoNet, one might assume that the network would drop into complete chaos. Unlike other anonymous networks, on anoNet if a particular router or user is causing a problem it is easy to block them with a firewall. In the event that they are affecting the entire network, their peers would drop their tunnel. With the chaotic nature of random addressing, it is not necessary to hide link IP addresses. These are already known. If however, a user wants to run services, or participate in discussions anonymously, he can advertise a new route, and bind his services or clients to the new IP addresses.


See also

*
Anonymous P2P An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routi ...
*
Crypto-anarchism Crypto-anarchism or cyberanarchism is a political ideology focusing on protection of privacy, political freedom, and economic freedom, the adherents of which use cryptographic software for confidentiality and security while sending and receiving ...
* DarkNET Conglomeration *
Darknet A dark net or darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization, and often uses a unique customized communication protocol. Two typical darknet types are social n ...
Similar software: *
Freenet Freenet is a peer-to-peer platform for censorship-resistant, anonymous communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web ...
*
GNUnet GNUnet is a software framework for decentralized, peer-to-peer networking and an official GNU package. The framework offers link encryption, peer discovery, resource allocation, communication over many transports (such as TCP, UDP, HTTP, ...
*
I2P The Invisible Internet Project (I2P) is an anonymous network layer (implemented as a mix network) that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user's traffic (by using ...
*
RetroShare Retroshare is a free and open-source peer-to-peer communication and file sharing app based on a friend-to-friend network built by GNU Privacy Guard (GPG). Optionally, peers may exchange certificates and IP addresses to their friends and vice v ...


References

Consideration of User Preference on Internet-based Overlay Network, T Gu, JB Yoo, CY Park - ..., Networking, and Parallel/Distributed Computing, 2008 ..., 2008 - ieeexplore.ieee.org {{reflist


External links


anoNet wiki

Another informative page (including information on connecting)
Anonymity networks