Anonymous Communication With Waste
Waste is a decentralized, encrypted chat & file sharing protocol that lets you talk to your friends without anyone listening in. It is not, however, a tool for anonymous communications... or is it?
Waste networks are based on trust. You know the IP address of just about every person connected to that network. But, by creating a proxy Waste node, you can remove your name from your IP address, and create an anonymous network.
Below is a sample network diagram from the Waste documentation. This is the way Waste works by default. As you can see, any of the people in the middle can get the IP address of just about anyone they're talking to.
But by creating some proxy nodes, you can protect your identity.
Obviously, on a network like this, with just a few proxies, the proxied nodes aren't really all that anonymous, and probably not very welcome. This only works if everyone decides to create an anonymous Waste network.
This 5 node network is now completely anonymous. Each person may know the IP address of the other 4 people in the network, but can't be sure where any message originated from.
Each of the 5 gray proxy nodes can be seen from the outside world. Let's call them Mercury, Venus, Earth, Mars and Jupiter. Behind each of the proxies are 5 people, let's call them Adam, Barbara, Charles, David and Eve.
Adam may recieve a message from Eve, but Adam has no way of knowing which "planet" node Eve is behind.
Let's take it 1 step at a time.
A Small Network With Proxies
I have two computers I want to connect via proxy, one called Mark and one called HAL.
I load Waste on both computers, and connect them in the standard way. For each computer, this will be the proxy node.
Now I create another node behind the public one. If they're on the same computer (you can run more than one instance of Waste on the same computer, putting the proxy & client on the same box), you'l need to change the Listen on port location. Actually, I would just disable it altogether - you don't need to accept incoming requests because you're only chatting through a proxy.
You also want to turn off Advertise port on private network (recommended), because that will give away your IP address, even from behind your proxy. This is actually the most important step.
I just uncheck the Route traffic box and it takes care of all of that for me.
You should also turn of Periodically broadcast public key on network in the Private Keys tab, Rebroadcast key distribution messages, and Auto-accept broadcasted public keys in the Pending Keys tab. Your proxy node will take care of these things.
Then I connect my private node to my proxy node via the usual way - key exchange, and if they're on the same computer, I use localhost or 127.0.0.1 to connect back to my machine. If my proxy is on another computer, then I'll enter the IP address of that computer.
I'm now connected to Mercury, but from behind the Neptune proxy.
HAL sets up his client to connect to his proxy too, completing the circle. I can change my name (from Mark to Gandalf or something) any time I want, and HAL will never know I'm the same person. I could even create both Mark and Gandalf ID's and use both at the same time.
Now when HAL and Mark talk, neither client is aware of the other's IP address.
Now, in such a small setting, it's ridiculous to think that I won't know HAL's IP address because I know it's the same as Mercury. But as the network grows, it becomes harder and harder to say for certain where HAL is coming from.
Medium and Large Networks
In fact, once the network grows to about 6 nodes, if HAL changed his nickname, I would have no idea which of the other 5 nodes he originated from, or perhaps he even originated far beyond one of the nodes I'm aware of.
As the network grows, it becomes possible to use multiple levels of obfuscation to hide people's identities. The below diagram shows a sophisticated network.
Green connects to the same proxy node from both home and work. Cyan connects to the proxy through a second proxy - blue. Purple has set up two proxies, further confusing who purple is. Pink connects from home and work, and when at work, several of his co-workers also connect to him, but even his coworkers don't know which proxy he connects to (unless they happen to see it on his computer screen), or analyze the network traffic). Yellow is behind a firewall, and has one computer (the proxy) in the DMZ that freely connects to other Waste servers.
This "plausible deniability" where you don't know where a message or request is really coming from is the basis of a lot of anonymous chat & P2P apps, such as Mute and Ants. This kind of anonymity is also available in Waste if everyone is willing to connect to the network only through a proxy they set up, and ensure that they don't connect at the same time as their proxy. The best anonymity would come if everyone's proxy was always on. Then, when nobody would be able to connect you to your proxy.
I can even post the public key of my server here, along with my IP address, and once you've connected to the network, you still wouldn't know who I was on the network.
Unfortunately, I don't think Waste scales to large networks, so it would be impossible to create something as big as the Invisible IRC Project (IIP) from Waste, though when I visited there, I don't think there were ever more than 30 people on at a time. According to the Waste documentation, it works on the scale of 10 - 50 nodes, though I've heard some people who claim to have created Waste nodes of 150 or more.
Caveats and Considerations
If you pay enough attention to the network, you can correlate the creation of a proxy node and it's IP address to a new person on the network. Unless that person is clever enough to change proxy node & IP address (if that's possible) and/or change their identity, someone could corellate the two forever.
Due to the way Waste handle's nicknames (multiple people can have the same nickname), you can give all the proxies the same nickname leading to a much more compact "buddy list" in Waste. Alternately, you can just name them all Server-something so at least they cluster together. Since none of the proxies are ever used for chat, it shouldn't matter much if they all have the same name.
If every public/proxy node is connected to every other one, by transferring a file, you may be able to figure out which proxy is attached to the person who has the file. Since Waste tries to find the fastest route, the preferred proxy node is likely to be the one the person with the file is behind. You could fight this by having a few nodes that connect to each other, and accept connections, but don't automatically create new connections when someone joins the network. This will create a handful of sub networks that are connected through these main hubs, making it harder to track any one person down.
I'm anonymously connected to the nullnet.
WASTE is a software product and protocol that enables secure distributed communication for small (on the order of 10-50 nodes) trusted groups of users. WASTE is designed to enable small companies and small teams within larger companies to easily communicate and collaborate in a secure and efficient fashion, independent of physical network topology.
MUTE File Sharing is a new peer-to-peer network that provides easy search-and-download functionality while also protecting your privacy.
ANts P2P realizes a third generation P2P net. It protects your privacy while you are connected and makes you not trackable, hiding your identity (ip) and crypting everything you are sending/receiving from others.
- Invisible IRC Project
The Invisible IRC Project (IIP) was originally created so that people interested in facilitating privacy and free speech could work to these ends in an equally secure and anonymous environment. It has now become a haven for anyone seeking anonymous, encrypted Internet Relay Chat.
- The Freenet Project
Freenet is free software which lets you publish and obtain information on the Internet without fear of censorship. To achieve this freedom, the network is entirely decentralized and publishers and consumers of information are anonymous. Without anonymity there can never be true freedom of speech, and without decentralization the network will be vulnerable to attack.
page first created on Monday, January 17, 2005
© Mark Wieczorek