Friend-to-friend: Difference between revisions

It has been suggested that Friend-to-friend with third party storage be merged into this article. (Discuss) Proposed since October 2006.

A friend-to-friend (or F2F P2P) computer network is a particular type of anonymous P2P in which people use direct connections with their "friends". F2F software only allows people you trust (using IP addresses or digital signatures you trust) to exchange files directly with your computer. Then your friends' own friends (and so on) can indirectly exchange files with your computer, never using your IP address.

These networks are also called private P2P though they can grow in size without compromising the users' anonymity.

Dan Bricklin introduced the term F2F in August 11, 2000.

WASTE is an example of a F2F network. ANts P2P, GNUnet, MUTE and Napshare are examples of P2P that can be configured to build F2F networks (see External Links below).

Uses of F2F

• F2F prevents random people from proving that your IP address can effectively be used to get some controversial files (and as soon as you know all the IP addresses of your friends, you can even use a firewall to block all the other addresses from accessing your F2F port)

• Since F2F applications use link encryption and don't need end-to-end encryption to achieve their goals, they allow you to control (using your private key) what kind of files a friend exchanges with your node, in order to stop him from exchanging files that you disapprove of. Stop him by removing his public keys or by using a firewall to slow or block his connection to your node.

• Far fewer security problems: since only your friends can connect to your node, no random cracker can try to break into your computer by connecting with your P2P node and then using a bug in the communication part of the software. You can exchange crypto keys face to face with your close friends, thus avoiding man in the middle attacks. Dangerous documents (i.e. with viruses, buffer overflow attacks...) could even be avoided using strong reputation based networks (see "Future uses" below).

• Third party storage (e.g. FTP, Web, email servers) can be used to get faster downloads and to prevent your ISP from logging your friends' IP addresses (using encryption with the third party).

Future uses of F2F

• Online reputations could be constructed and verified using a strong encrypted F2F network: each document on this network would be automatically given a new trust rating by each node that forwards it (new_trust = old_trust * local_reputation_of_the_provider). If a document appears to be incorrect then you can manually decrease the local reputation of the friend that sent it to you (the provider) and decrease the trust rating of this document. You can even block this document from being exchanged again through your node. (Note: this kind of functionality is already implemented in Bouillon P2P social wiki.)

• Such a strong reputation network could be safely used to implement a peer to peer system of electronic money based on the principles of Altruistic Economics; such a system would, according to its advocates, eliminate the inequities inherent in the present system of centralized money.

• Use of strong symmetric encryption (in particular, the only theoretically secure one-time pad). This can only be achieved in F2F networks since when you communicate with someone you never met in person, you have to use asymmetric encryption (along with some serious man in the middle problems). By filling an hard disk with random bytes and giving a copy of it to one of your trusted friends, you can later exchange with him a lot of controversial documents (especially if those are text documents).

What F2F is not

• A F2F network is not just an encrypted private FTP server. Your F2F node can forward a file (or a request for a file) anonymously between two of your friends (when forwarding a file or a request between them, your node doesn't tell any of them who is the other and what is the other address). Then these friends' nodes can in turn forward anonymously this same file (or request) to several of their own friends and so on.

• Similarly, the many applications and websites that act like a private FTP (i.e. they don't provide automatic anonymous forwarding) are not F2F: Grouper, TribalWeb, etc.

• A F2F network is not a private DirectConnect hub, since inside a DC hub everyone can know and use all the IP addresses of all the users (even when the address is from a friend from a friend from a friend..., someone you may never know).

• F2F does not apply to Freenet because for efficiency reasons (path shortening) they allow some random nodes to connect directly to your node, thus knowing your IP address. However from 0.7, Freenet will have Darknets which are effectively F2F.

Some security breaches in current networks and their solutions

Besides the fact that current networks don't use provably secure crypto (see "Future uses" above), here are some other breaches:

• In countries where anonymous P2P is forbidden, your ISP can suspect that you use F2F since the networks don't use the default standard ports of popular encrypted programs like webphones or webcams (this solution, along with using a layer of the same encryption as webphones, would be a very simple form of steganography). Using a third party storage (F3F) is a similar solution with more advantages. Networks that use generic VPN software as anoNet does, are less vulnerable to this issue.
• Traffic analysis of all your links by your ISP could easily show that you automatically forward some documents. One possible solution, implemented in WASTE, is to send and receive a constant stream of noise (meaningless data), so that traffic analysis could not detect whether or not you were recieving or transmitting meaningful data at any given time. Another is to add padding bytes to files, and to occasionally send random data (possibly files) to make it more difficult to detect when you're automatically forwarding data. This solution is not far from how Napshare and Konspire2b already work now.
• In countries where strong crypto is forbidden (or where you can be forced to give your keys), serious steganography should be used (even for storing files in your hard disk, since it could be seized. See tools like PhoneBookFS[1])

These breaches are not F2F specific: they are shared with most of the current P2P networks.

See also

• Darknet
• Ripple monetary system

Software

• WASTE
• GNUnet
• Freenet
• Turtle F2F

External links

• Dan Bricklin introduced the term F2F in this article
• F2F page at altruists.org: http://www.altruists.org/projects/ff/
• Adding simple and effective trust measurements to F2F P2P networks is a paper about using a Time-based currency for trust in F2F.
• Ripple: P2P money for trusted social networks: http://www.masternewmedia.org/news/2005/06/27/p2p_can_cut_banks_out.htm