Retroshare is a

free and open-source Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software where anyone is freely licensed to use, copy, study, and change the software in any way, and the source ...

peer-to-peer Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network. They are said to form a peer-to-peer n ...

communication and

file sharing File sharing is the practice of distributing or providing access to digital media, such as computer programs, multimedia (audio, images and video), documents or electronic books. Common methods of storage, transmission and dispersion include r ...

app based on a

friend-to-friend A friend-to-friend (or F2F) computer network is a type of peer-to-peer network in which users only make direct connections with people they know. Passwords or digital signatures can be used for authentication. Unlike other kinds of private P2P, ...

network built by

GNU Privacy Guard GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec's PGP cryptographic software suite. The software is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable ...

(GPG). Optionally, peers may exchange certificates and

IP addresses An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...

to their friends and vice versa.

History

Retroshare was founded in 2004 by Mark Fernie. There has been an unofficial build for the

single-board computer A single-board computer (SBC) is a complete computer built on a single circuit board, with microprocessor(s), memory, input/output (I/O) and other features required of a functional computer. Single-board computers are commonly made as demonstrati ...

Raspberry Pi Raspberry Pi () is a series of small single-board computers (SBCs) developed in the United Kingdom by the Raspberry Pi Foundation in association with Broadcom. The Raspberry Pi project originally leaned towards the promotion of teaching basic ...

, named PiShare, since 2012. On 4 November 2014, Retroshare scored 6 out of 7 points on the

Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed on 10 July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet ci ...

secure messaging Secure messaging is a server-based approach to protect sensitive data when sent beyond the corporate borders, and it provides compliance with industry regulations such as HIPAA, GLBA and SOX. Advantages over classical secure e-mail are that confi ...

scorecard, which is now out-of-date. It lost a point because there has not been a recent independent

code audit A software code audit is a comprehensive analysis of source code in a programming project with the intent of discovering bugs, security breaches or violations of programming conventions. It is an integral part of the defensive programming paradigm ...

. In August 2015, Retroshare repository was migrated from

SourceForge SourceForge is a web service that offers software consumers a centralized online location to control and manage open-source software projects and research business software. It provides source code repository hosting, bug tracking, mirrorin ...

GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous ...

. In 2016, ''

Linux Magazine ''Linux Magazine'' is an international magazine for Linux software enthusiasts and professionals. It is published by the former Linux New Media division of the German media company Medialinx AG. The magazine was first published in German in 199 ...

'' reviewed security gaps in Retroshare and described it as "a brave effort, but, in the end, an ineffective one."

Design

Retroshare is an instant messaging and file sharing network that uses a

distributed hash table A distributed hash table (DHT) is a distributed system that provides a lookup service similar to a hash table: key–value pairs are stored in a DHT, and any participating node can efficiently retrieve the value associated with a given key. The m ...

for address discovery. Users can communicate indirectly through mutual friends and request direct connections.

Features

Authentication and connectivity

After initial installation, the user generates a pair of ( GPG)

cryptographic keys A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key c ...

with Retroshare. After authentication and exchanging an asymmetric key,

OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTT ...

is used to establish a connection, and for

end-to-end encryption End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, malicious actors, and even ...

. Friends of friends cannot connect by default, but they can see each other, if the users allow it.

IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...

support was merged into the master branch and will be released in the next version.

File sharing

It is possible to share folders between friends. File transfer is carried on using a multi-hop swarming system (inspired by the "Turtle Hopping" feature from the

Turtle F2F Turtle was a free software, free anonymous peer-to-peer network project being developed at the Vrije Universiteit in Amsterdam, involving professor Andrew Tanenbaum. It is not developed anymore. Like other anonymous P2P software, it allows users to ...

project, but implemented differently). In essence, data is only exchanged between friends, although it is possible that the ultimate source and destination of a given transfer are multiple friends apart. A search function performing anonymous multi-

hop A hop is a type of jump. Hop or hops may also refer to: Arts and entertainment * ''Hop'' (film), a 2011 film * Hop! Channel, an Israeli TV channel * ''House of Payne'', or ''HOP'', an American sitcom * Lindy Hop, a swing dance of the 1920s and ...

search is another source of finding files in the network. Files are represented by their

SHA-1 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographically broken but still widely used hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecima ...

hash value, and

HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...

-compliant file and links may be exported, copied, and pasted into/out of Retroshare to publish their virtual location into the Retroshare network.

Communication

The services that Retroshare offers for communication are: * a private

chat Chat or chats may refer to: Communication * Conversation, particularly casual * Online chat, text message communication over the Internet in real-time * Synchronous conferencing, a formal term for online chat * SMS chat, a form of text messagin ...

; * a private mailing system that allows secure communication between known friends and distant friends; * public and private multi-user chat lobbies; * a

forum Forum or The Forum (plural forums or fora) may refer to: Common uses * Forum (legal), designated space for public expression in the United States *Forum (Roman), open public space within a Roman city **Roman Forum, most famous example *Internet ...

system allowing both anonymous and authenticated forums, which distributes posts from friends to friends; * a channel system offers the possibility to auto-download files posted in a given channel to every subscribed peer, similar to

RSS RSS ( RDF Site Summary or Really Simple Syndication) is a web feed that allows users and applications to access updates to websites in a standardized, computer-readable format. Subscribing to RSS feeds can allow a user to keep track of many di ...

feeds; * a posted links system, where links to important information can be shared; *

VoIP Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Internet t ...

calls; * Video calls (since version 0.6.0); *

Tor Tor, TOR or ToR may refer to: Places * Tor, Pallars, a village in Spain * Tor, former name of Sloviansk, Ukraine, a city * Mount Tor, Tasmania, Australia, an extinct volcano * Tor Bay, Devon, England * Tor River, Western New Guinea, Indonesia Sc ...

and

I2P The Invisible Internet Project (I2P) is an anonymous network layer (implemented as a mix network) that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user's traffic (by using ...

networks support, for further anonymisation (since version 0.6.0).

User interface

The core of the Retroshare software is based on an offline library, to which two executables are plugged: * a

command-line interface A command-line interpreter or command-line processor uses a command-line interface (CLI) to receive commands from a user in the form of lines of text. This provides a means of setting parameters for the environment, invoking executables and pro ...

executable which offers nearly no control, but it is useful to run "headless" on a

server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...

* a

graphical user interface The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...

written in Qt is the one most users use. In addition to functions quite common to other file sharing software, such as a search tab and visualization of transfers, Retroshare gives users the potential to manage their network by collecting optional information about neighboring friends and visualizing it as a trust matrix or as a dynamic network graph. The appearance can be changed by choosing one of several available style sheets.

Anonymity

The

structure of the Retroshare network makes it difficult to intrude and hardly possible to monitor from an external point of view. The degree of anonymity may be improved further by deactivating the DHT and IP/ certificate exchange services, making the Retroshare network a real dark net. Friends of friends may not connect directly with each other; however, a user may enable the anonymous sharing of files with friends of friends. Search, access, and both upload and download of these files are made by "routing" through a series of friends. This means that communication between the source of data (the up-loader) and the destination of the data (the down-loader) is indirect through mutual friends. Although the intermediary friends cannot determine the original source or ultimate destination, they can see their very next links in the communication chain (their friends). Since the data stream is encrypted, only the original source and ultimate destination are able to see what data is transferred.

Caveats

It is important to remember that while Retroshare's encryption makes it virtually impossible for an

ISP An Internet service provider (ISP) is an organization that provides services for accessing, using, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, non-profit, or otherwise private ...

or another external observer to know what one is downloading or uploading, this limitation does not apply to members of the user's Retroshare circle of trust; adding untrusted people to it may be a potential risk. In 2012, a German Court granted an injunction against a user of Retroshare for sharing copyrighted music files. Retroshare derives its security from the fact that all transfers should go through “trusted friends” whom users add. In this case, the defendant added the anti-piracy monitoring company as a friend, which allowed him to be traced through aggregation of bad

Opsec Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, a ...

References

External links

* {{Cryptographic software 2006 software Anonymous file sharing networks Cross-platform free software Cryptographic software Free file sharing software Free file transfer software Free instant messaging clients Free Internet forum software Free software programmed in C++ Instant messaging clients that use Qt Internet privacy software MacOS instant messaging clients Peer-to-peer file sharing Secure communication Unix instant messaging clients Windows instant messaging clients Peer-to-peer software