On the broadest level Freenet works by allocating a portion of your computerís hard disk space to the network. Then when another computer asks your computer for some data that you have stored, your computer will transmit the file. If your computer does not have the data it will look at all the computers it connects to, and ask the one that it thinks is most likely to have the requested data. Inserting data works in essentially the same way. Each node looks at a hash of the data and passes it along to another computer that is the best match for that hash. The hash is used because all data in the network is encrypted, and any given node doesnít know the decryption key.
This means no computer can tell what data it is storing or fetching, nor can anyone tell where a particular piece of data is located on the network. No computer on the network knows where the data originally came from or where it went. This is because if you request a file and another computer gets the request, it has no way of telling if you are the originator of that request, or if you are just passing on the request from another computer. Then when the data is returned you have no way of telling if the sending computer had the data in its datastore, or if it got it from another computer. A positive side effect is if two people independently insert the same data, they collide so the network only needs to store one copy.
This has a few implications that should be addressed. First, it means that there is no central server that the network depends on. Second, it means that every permanent node on the network contributes to it by storing and serving data. As a result of this, anyone can upload content and never have to worry about the bandwidth, as Freenet handles both the storage and distribution of content. So even if you don't particularly need anonymity, you might still want to publish your site on Freenet because it provides free hosting regardless of how big or popular your site is. So, you never have to resort to putting ads on your page.
The way Freenet's architecture is designed makes it inherently good at some things, and inherently bad at others. For example, because all inserts and requests for data go through 5 - 15 computers before they reach their destination, Freenet has inherently high latency. This means it will never be suitable for playing real-time games or instant messaging. However, because when you request a file it downloads it in many chunks, each of which will likely come from a different computer, it can allow very fast downloads for big (710MB+) files.
The reason that it is able to do this is that Freenetís design has a few inherent advantages over other networks. Because the data is inserted, it will be spread over a large number of hosts, even if it is unpopular. Because each node has a datastore, all nodes are contributing to the speed of downloads even if the node operator is not publishing any content. Freenet also requires nodes to have higher uptimes than most networks, so data is more likely to be available. This means that you can download from many computers even if the file is unpopular, and the total bandwidth is not directly limited by the number of people downloading it or sharing it. The Freenet design has the potential to outperform the venerable Bit Torrent
Freenet is very good at making information available to everyone anonymously. Sending information to a specific person, however, is not yet reliably possible. (Though there are several attempts underway to make this possible.) If your application requires lower latency than Freenet can provide, and does not need lots of bandwidth you might look at Freenet's sister project the Invisible IRC Project (IIP
). Although IIP has a much lower standard of anonymity, the two complement each other very nicely. Freenet can be used for storing or publishing data, and IIP can be used for small fast communications, including email.
If you are considering creating and uploading your own freesite, you should look at some of the guides on Freenet for advice, as good web design is not necessarily good freesite design.
 How data is located
To request data a computer sends out a request which contains the hash of the content that they want. When a node gets a request for data that it does not have, it forwards the request to the node in its routing table that it thinks will return the data the fastest based on previous requests with similar hashes. If that node fails or times out then it forwards the request to the next closest match. Those nodes will in turn forward it to the closest node in their routing table.
Inserts works in a similar way: the insert requests follow the path closest to their hash until the HTL (hops to live) expires, then they are stored on that node. This means in the best case the request will travel along the shortest path to the data that each of the involved nodes know about. Also the worst case (very rare) involves asking all the nodes within the specified range. As time goes on each of the nodes will learn about more and more of its peers. So over time the typical case approaches the best case.
This system compares favorably to other peer-to-peer networks. For example Freenet's worst case scenario is the same as what Gnutella uses for all searches. (All the nodes within a given radius will be asked for the data.) However in the (theoretical) best case scenario any data can be located in Log base M of N where N is the number of nodes in the network and M is the average number of peers each node has. This means that Freenet scales much better than Gnutella and similar networks, and uses much less bandwidth for overhead.
All content in Freenet is indexed by its hash. So in order to find the data you are looking for you need to know its hash. This means that there is no simple keyword search. So to find information, you use your web browser.
When you load Freenet you will see a main page that has hyperlinks to some of the more popular index sites in Freenet. When you click a link on one of these sites you will see a URI. This is what represents the key you want to fetch. There are three main types of keys.
The most basic is a Content Hash Key (CHK). It looks something like this:
A CHK is a 160 bit key. It is represented in base 64 using a-z, A-Z, 0-9, - and ~. It is divided into two parts separated by a comma. The first part is the hash of the encrypted file. It is what the file will be indexed under. The second part is the key it was encrypted with (This comes from the hash of the original file). The second part of the key is not revealed to the other nodes when a request is made.
A CHK can store one chunk of data (that can be any size up to 1MB). If you want to store more than one MB, the data gets split up. You will use a key just like you would if it was a single chunk. However when you download that first chunk, rather than having data, you get what is called a manifest. It will contain the keys for all the other chunks of data in the file.
So CHKs can allow you to store any amount of data, and because they are inserted under a key that is derived from their content, we can safely assume that if two chunks of data have the same key, that they are the same data. As a result if two people insert the exact same data, it only needs to be stored on the network once - but the second insert will help to propagate it across more nodes.
If you want to have a site that can be updated, or verified as to its origin, you could use a Signed Subspace Key (SSK). An SSK look like this:
Like the CHK, it consists of two parts. The first part is a public encryption key, this allows you to decrypt the content stored in the SSK. The second part is a plain text description (this may contain slashes to emulate a directory structure). A single SSK can contain many files, and even many sites. They are distinguished by the plaintext portion. The data is indexed under the the hash of the combined string of the encryption key, and the plain text description.
To have an updateable site there are two options. The first is to have an edition site. This is usually done by posting a site in SSK@_key_P Ag M/_Name_/1/ and then in the HTML for the site, link to SSK@_key_P Ag M/_Name_/2/. This way, when you publish a new edition, you can insert it in the new location, and people will be able to follow the link to get the new version.
A more automated way of doing this is to have a Date Based Redirect (DBR). This consists of inserting a piece of metadata at SSK@_key_P Ag M/_Name_/ that tells Freenet clients how often the site is updated and where it will be located. This is usually done by inserting at regular intervals at SSK@_key_P Ag M/_Date_-_Name_/.
There is a third, optional component to an SSK. That is a manifest. This is represented in the key by the presence of a "//". This places a file at the location specified by the URI up until that point. That file is called a manifest. It contains a list of files and their respective keys (usually a CHK). Having a manifest means that all the data for the site can be stored in CHKs, so when the site has to be updated, because of a new edition, or a date rollover, one only needs to insert the new manifest, and the files that changed.
Another sort of key is KSK (Keyword-Signed Key). These are very simple keys which look like e.g. "KSK@gpl.txt" - as you can see the key is just a plain text description. These are not used much anymore because since they are not based on the file in any way they can easilly be spoofed, providing that the spoofer manages to avoid an insert collision with the original. The above key should be the GNU GPL since it is widely propogated, but KSKs in general should not be trusted.
The ability for anyone to insert anything to KSKs can be an advantage however; the main place you are likely to see them is in Nearly Instant Messaging (NIM) forms on Freesites, which allow public messages to the author to be left in a guestbook like manner. If the author publishes his GPG / PGP public key, encrypted messages readable only by the author may be communicated to them via NIM.
 How attacks are prevented
There are two main attacks that could be used to try to compromise your anonymity on Freenet. The first involves a local eavesdropper listening in on all your communications over Freenet. Ordinary encryption is not sufficient for protection from this sort of attack. The reason for this is because if you want to talk to a new person, they have to know how to decrypt the message you have sent them, so if someone is monitoring all communication between the two of you, there is no way to tell them without the eavesdropper hearing too.
However there is a solution to this problem. It is called asymmetric cryptography. It works as follows: your computer uses a one-way mathematical function to generate two numbers called keys. When a message is encrypted using one of the keys, it can be decrypted with the other and vice versa. Given one of these keys there is no way to find out the other one, short of trying all possible combinations. One of these keys is designated the public key, and the other, the private key. When you find out about a new node, (e.g. through your node references file, or through another node), you receive its public key. Then you can send it a a message encrypted with its public key. Because it is the only one that knows its private key, nobody but it can read your message. Then after it gets your public key, it can communicate with you, and as long as nobody knows your private key, nobody can tell what it sent you.
The problem with this is that asymmetric cryptography is very slow. (It requires a LOT of CPU power.) However Freenet works around this as follows: when you contact a new node, you send it a "Hello" message that contains your public key and is encrypted with their public key. Then that node can reply with a "Hello" message that contains an ordinary encryption key that is encrypted using your public key.
This means, because only you hold your private key, you are the only one who can read the message. So now you can communicate safely encoding messages both ways using ordinary encryption encoded with the session key. This effectively thwarts any attempts to monitor your traffic locally and means that the CPU intensive asymmetric encryption only needs to be used for the first message you send (or whenever you want to send a new session key). Even if the node you contacted revealed the session key it used to a local attacker, it would not reveal anything other than what that node already knew.
The second type of attack consists of having a large group of nodes that are connected to you pool their knowledge to try to develop a picture of what is going on. There are two major areas where this could be a problem. The first is handling a request with a HTL of 1. A malicious node could generate lots of requests for things with a very small HTL in order to try to probe the data stores of its peers. Freenet handles this by forwarding requests with an HTL of one 30% of the time at random.
Also to prevent nodes from knowing exactly how far they are from the originator of the request, they will forward requests without decrementing the HTL a small percentage of the time for most hops and 50% of the time for requests where the incoming HTL is equal to the maximum HTL. This system insures a degree of safety.
The second area where conspiring nodes could be a problem is when you are downloading a split-file. A group of nodes could find the manifest of a split-file they did not like by spidering Freenet. Then they would know the keys for all the data chunks. If they were monitoring network traffic, it would look suspicious if a single node made requests for multiple CHKs in the same split-file. This is an area where Freenet is currently very vulnerable.
In the future this sort of attack will be prevented by using something called " Pre-mix Routing". The idea is to create what is called a mixnet before the data is routed on the network. It works by sending a message to another node, and requesting that it send message a to another node of your choosing. The message that is sent to the other node is a request for the data that is encrypted using its public key. This way, the first node knows the originator of the request but it does not know what was being requested. The second node knows what was being requested, but not who is making the request. So, if ether one of these nodes is trustworthy, you are safe.
You can optionally add intermediate nodes in the chain. Right now it should be noted that even without verifiable anonymity, Freenet does provide Plausible Deniability. So even if a single node is making a large number of requests for related files, it does not necessarily mean that it is the originator of those requests. It is possible that it has one node that is connected to it which is trying to make it look as though it is making all those requests, and if the owner of the node asserted that this was the case, there would be no way to prove them wrong.
Once pre-mix routing is implemented (this is planned but won't happen for some time, certainly not until after 0.6) Freenet will preserve plausible Deniability by adding more than 2 nodes in the mix chain at random, this way even if the first and last node that you connect to are malicious there is no way to prove that you were the original requester.
Freenet is not a replacement for Kazaa or any other file-sharing program. While Freenet can do some of the same things, it doesn't have anywhere near the number or variety of files (at present). In addition, as you've probably already noticed, Freenet can be extremely slow. Keep Kazaa (Lite, the standard client is full of spyware) or your other file-sharing program ... at least for the time being.
It is an Internet within the 'real' Internet. You can post and view webpages, you can listen to music, you can download files, you can chat, you can post messages on bulletin board systems, and many other things that can be done in the 'real' Internet. It is even possible to do email over freenet, albeit slowly (Free Mail
, see Papers And Tools
.) Freenet is not an application itself but rather an application-neutral anonymous "transport layer", that many different applications can use.
- If It's Just Another Internet, Why Not Just Use The REAL Internet Instead?
1) You can very easily be busted for posting, viewing, downloading, etc certain content on the 'real' internet. Freenet is very anonymous. Here you are 'Free'. Do what you want, be yourself, and forget about Goverment / University oppression/regulation and corporate lawsuits.
2) It's fun!
Of course, number 1 above is probably the reason most people use Freenet. People want freedom. Hardly a month goes by without hearing about some internet user/group being sued by corporations for copyright infringement/etc. If you live in another country, it is quite possible that your government highly censors what you view, what you do, and where you can go on the internet. Here on Freenet, they can't stop you. Sadly, this freedom is extended to those who wish to be sick and perverted. However, freedom is freedom. The moment one person or group begins to decide who or what should or should not be free is the moment that freedom begins to collapse. Why? Because you and what you want free could be the next thing on the chopping block. More to the point, any mechanism for detecting / censoring what some party judges to be "bad" content would compromise Freenet's anonymity and severely damage your plausible deniability defence. We have freedom or we do not, there is no in-between state.
Great, Now Teach Me How To Use It!
First things first. This tutorial is geared toward Windows users and slanted toward those using modems. If you are using Linux, Solaris, or some other geek oriented OS, what the heck are you doing here? Go read the source! Or Newbie Start Guide Unix
For windows there is no need for creating a shortcut anymore; it's created automatically and left-clicking on the tray (little blue bunny) will start the web interface on your browser, while right-clicking shows you all the goodies.
Freenet is a program that is updated by the developers. The developers sometimes update it many times a week (now that there are 2 networks stable doesn't update this often, but unstable does.). I suggest that you upgrade once a week just for good measure. Updating and uninstalling can be easily done too; 'start' - 'programs' - 'Freenet' and 'update snapshot' or 'uninstall'.
An auto-installer will appear; let the installer do its thing. When the window disappears the upgrade is done.
Warning: if you wait too long to upgrade, and miss a mandatory update, Freenet will stop working. It may start up, but you won't be able to connect to any other nodes, rendering the program useless. If this happens, just upgrade the program and it will start working again.
If you have a highspeed connection, go here, wait for page to load, and follow the instructions.
(glossary: The word 'node' is means a computer connected to Freenet.)
Old transient advice snipped - outdated
Whether a node is set "transient" or not used to be important but no longer does anything, so even on a modem you might as well set transient=false. Perhaps this will disappear from the configuration altogether in newer builds. See Transient Vs Non Transient
(glossary: A 'reference' is an address to another node.)
Freenet needs a 'reference file' to connect to other computers. A reference file is nothing more than a text file full of addresses to other computers. The computers listed in this file come and go. After time, the file can become useless. If you are using a modem to connect to the internet, it is a good idea to get a new reference file at least once a day. I found that I usually need to get one reference file in the morning, and then after being away from the computer all day, need to get another file at night.
If you are getting -no- results from Freenet, then it might be an indication that you need to shut down Freenet and get a new reference file. The way you do it is from the 'configure' window. Before you start up Freenet open the 'configure' window with the icon you placed on your desktop. On the bottom of the "Normal Settings" tab is an area called "Node References". Make sure that "Get Default Node Refs" is not checked. Click the "Import new Node Ref" button. A "Get Seed
" window opens. Click "Download References". Wait until the "Get Seed
" window closes and then press the "OK" button. Start up Freenet.
This should only be of benefit if your node has been down for a long time, usually it isn't helpful since your node has reasonably up to date knowledge of nodes anyway. If you're getting constant RNFs it's probably because there has recently been a major upgrade that has "reset" the network, in this case just be patient and it will fix itself.
High-speed connection, permanent node users: theoretically you should never need to download the references file again after your node has been established. (Unix users running such nodes might want to comment out the seednodes download in their update.sh once their node is up and running to save bandwidth.) However, we all know how theory and reality differ. If you find that you can't do much of anything on Freenet, then it may be that you need to get yourself a new reference file.
(glossary: A webpage in Freenet is called a "Freesite".)
Security and warning messages
Freenet is very good at security. One nice feature is that it warns you when you are about to view freesites/webpages that compromise your security. If someone has some script on his/her freesite that -may- compromise your security, Freenet will present a warning page you have to click through. When you click on a link that goes to the unsecure 'real' internet, Freenet will also present a page warning you of such. If you try to download a file from a freesite you will also receive a warning saying that Freenet doesn't know what to do with it and be presented with options to send it to your browser, force it to save the file, download it directly to disk etcetera. Just read the warning and answer with the appropriate response.
Just like webpages on the World Wide Web, visiting freesites is one of the joys of Freenet. Though webpages and freesites are very similiar, they are not exactly the same. Below are listed some things to make your viewing of freesites a bit easier.
Currently the best source for finding freepages is The Freedom Engine (often called "TFE").
TFE has recently started being maintained again after a long period of inactivity. Whilst this is happening you might find spider-generated sites like FIND are more up to date (see below).
Right-click on the red Freenet bunny on the bottom right of your screen. Select "Open Gateway". When the webpage pops up, click on the link to The Freedom Engine. If you use a modem, click on your browser's 'stop loading' button as soon as all the text in TFE's page loads up. If you don't stop the loading, the page will suck up all of your modem's speed with its trying to load images. There is a good reason for the page to do this, but when you're on a modem, you need every bit of speed you can squeeze out of it.
Freenet is not searchable in the conventional sense. The network is fundamentally different to both the client-server model of the WWW (there are no servers, only nodes) and other P2P networks like Fast Track
and Gnutella. This is a consequence of Freenet's anonymity : since nodes do not know what is in their encrypted datastores, they would have no idea if it corresponded to a search string like "Free software song mp3" if you asked them. This protects you by giving you plausible deniability, i.e. that you are not responsible for any illegal content in your node since you don't know it is there. (The way data is inserted into and replicated across Freenet also means data in your node cannot be proven to have been inserted or requested by you, or indeed anybody.)
The nearest thing to a WWW search engine site in Freenet currently are updated Freesites consisting of links to other Freesites. In some cases these are found by spiders, which are programs which "crawl" the network by following all the links they find and cataloguing the results - this is the same thing that WWW search engines like Google do. FIND (FIND is not Dolphin) is one such spider-created portal, currently linked to on the default Web Interface start page (stable network.) New sites can be submitted via Nearly Instant Message (NIM) in some cases, or announced on the Frost (Papers And Tools
) freesite-announce board.
Data about inserted content can also be collected and searched locally. This is how the file search in Frost works. A new Frost install will return few keys even if you search for *, but over time the number of files it knows about increases as it sees more file upload messages.
Someone could make an app that did something similar to search Freesite metadata locally, but for now there are not really enough to make this worthwhile versus using spider-generated indexes like FIND.
NB : The original document this is based on was taken from a freesite, this Wiki does not have the edition indicators discussed here.
Many freesites are called 'edition' freesites. This site is one such site. Look at the top of the page. There you will see the current edition number of this freesite along with a some boxes listing other editions of this freesites. If an edition exists on Freenet then it will have a image displayed in a box. If an edition doesn't exist (or hasn't yet been created) then there will be an ugly box with no image in it.
At this time go to the top of this page and make sure that you are viewing the latest edition of this freesite. If you aren't, then click on the image for the newest edition. If you visit a freesite that has no edition boxes someplace on the page, then it is a freesite that is automatically updated at some period, usually daily (Date Based Redirect - DBR) or is static. Either way it will never be outdated.
If you use a modem to connect to the internet, Freenet can sometimes be painfully slow to load webpages. As I mentioned above, sometimes freesites will suck up all of your modem's speed. This usually happens when the page is trying to load image links of other freesites. This is an excellent technique for distributing the pages to as many nodes as possible, but it can cripple a modem's speed. If you load a freesite that sucks up all your speed, just press your browser's 'Stop Loading' button.
Also make sure you have configured your browser as per Speeding Up Freenet
tip 2, this is especially important on sites with large numbers of images.
If you are running any Freenet applications such as "frost" or "fmb", they can slow down your Freenet web browsing. "frost" is especially good at it. If you use a modem then it's a good idea to use one application (frost, fmb, or your browser) at a time. From experience you'll learn what combinations work best for you and your modem.
Because of the nature of Freenet, all of the files are distributed among many computers. This in itself can slow down your web browsing. If you try to load a freesite and 10 minutes later your browser is still loading but not showing everything, you can probably attribute that to the nature of Freenet. You can do one of two things: 1) Be patient. 2) Get a new reference file and try again.
Getting new references can only help if your nodes existing knowledge of the network is very out of date, in most cases it is unlikely to achieve anything. Check your node is set up optimally (outputBandwidthLimit set to something reasonable for your connection, ipAddress and listenPort set and your router/firewall configured to allow incoming connections to the node), and be patient if your node is new - it will take time to establish itself.
Many times you will try to load a freesite and get an error message saying that it couldn't be found. The most common error is Data Not Found
(DNF), meaning that nodes could be contacted but they didn't have the data, and hopefully rarely you will see Route Not Found (RNF) which means there was some problem contacting nodes along the line. Persistent RNFs are normal for a short period after a big "network reset" upgrade but in other circumstances are bad and may indicate a Freenet bug.
The best thing to do in case of DNF or (usually) RNF is to wait a bit and retry, or just leave the page open and it will periodically refresh to do so automatically. As the DNF error page says raising the HTL will make Freenet try more nodes, but this only has an effect up to the maximum limit, currently HTL 20 on both networks. If the data still isn't found after many retries it might be a missed DBR insert, or it could have fallen off the network, or Freenet's routing could be temporarily haywire (it is still very much under development.) Spider indexes like FIND give a retrieval "score" which can give you some idea how retrievable a site is. If you really want some data retrying a huge number of times at max HTL will eventually get it if it's still on the network.
"TFE" - "The Freedom Engine". This is a list of freesites. It's not all the freesites, but it's close to being the 'definitive' list. Just remember - if you're on a modem then press the "Stop Loading" button once the text is displayed.
At the moment TFE is a bit outdated (doesn't list all recent sites) although still useful. Its maintainer (CofE) recently came back to Freenet after a prolonged absence so this is changing. In the meantime look at other indexes like FIND and YoYo! as well (well, you should do so anyway.)
- Creating webpages / Freesites
"NIM" = "Nearly Instant Messaging". This is a way to give feedback to freesite authors, and a lot of fresites use it. (It's a clever use of KSK's that let anyone insert data under a given key.) To leave feedback, follow these steps : Click on the first blue number under "possibly available message numbers". A new browser window will pop up and try to load a previous message. It may take a while for Freenet to find the message and load it. If a message exists then click on the next blue number. Continue until you use a number that returns a Data Not Found
message, retry it a few times to make sure it's really not been used yet.
Remember that number and close all those windows that popped up. In the "Message Address" box change the number to the number that you found contained no message. Don't change the "KSK@whateverBlahBlah-" text. Just change the number. Now write a message in the message area. When you are done, press the "Send Message" button. Your message will be sent. You might get an error. If you do, then press your back-button and press the "Send Message" button again.
To make this process easier some Freesites make a set of NIM boxes show up at once, so you can see messages that have already been left. Most don't though (it takes up a lot of space.)
Anonymous file transfer is probably the most popular application of Freenet. Here you can download mp3's, movies etcetera with no fear.
Frost is a bulletin board and "filesharing" application - filesharing in quotes since it
doesn't work in the normal P2P manner. In this editors opinion, a must-have Freenet client.
At the moment, the best source of information can be found at the Frost webpage. Make sure you download and read the documentation. I hope to have more user-friendly information here in the future. See also the Frost Start Guide Windows
and Papers And Tools
Some files are found on freesites. The Freedom Engine, FIND and other indexes can be used to find such sites.
Chatting in Freenet is possible using the "Free Message Board" program (or just 'fmb' for short).
FMB isn't used all that much anymore, if it seems dead either hang around and try to revitalise it or try Frost which is quite active.
The fmb homepage is found here (no link, this was from a Freesite). It is a very good program that is extremely non-user-friendly for new users and has almost no documentation. Nubile is the best source of information on this program at the moment, though it really isn't geared toward the 'Dummy' nor those with modems. If you are a 'Dummy' or someone with a modem, my best piece of information is this: just be -patient- with it. It really -is- working, just give it -lots- of time to show results. I hope to have more user-friendly information here in the future.
- Message Boards/Bulletin Board System
In addition to file transfer, Frost also has a message board system. Read about Frost above (and in Papers And Tools
). The important thing to recognize about Frost is this: it is high latency, because Freenet is, and only loads the previous three days worth of messages by default although this can be changed in the preferences. However, if you've ever got a question to ask, do it there in a suitable board e.g. newbie-help and someone is sure to answer.