|This article relies on references to primary sources. (August 2009)|
FProxy index page (Freenet 0.7)
|Developer(s)||The Freenet Project|
|Initial release||March, 2000|
|Stable release||0.7.5 (Build 1443) (April 1, 2013) [±]|
|Preview release||0.7.5 Build #1429-pre1 (20 January 2013) [±]|
|Available in||English, French, German, Italian, Swedish, Dutch |
|Type||Anonymity, Peer-to-peer, Friend-to-friend|
|License||GNU General Public License|
Freenet is a peer-to-peer platform for censorship-resistant communication. It uses a decentralized distributed data store to store information, and has a suite of free software for working with this data store. Both Freenet and some of its associated tools were originally designed by Ian Clarke, who defines Freenet's goal as providing freedom of speech with strong anonymity protection.
Freenet works by storing small encrypted snippets of content distributed on the computers of its users and connecting only through intermediate computers which pass on requests for content and sending them back without knowing the contents of the full file, similar to how routers on the Internet route packets without knowing anything about files—except with caching, a layer of strong encryption, and without reliance on centralized structures. This allows users to publish anonymously or retrieve various kinds of information. Freenet has been under continuous development since 2000.
Since Version 0.7 (2008), it offers two modes of operation: a darknet mode in which it connects only to friends, and an opennet-mode in which it connects to any other Freenet user. Both modes can be used together. When a user changes to pure darknet operation, Freenet becomes very difficult to detect from the outside. The transport layer created for the darknet mode allows communication over restricted routes as commonly found in mesh networks, as long as these connections follow a small-world structure.
The distributed datastore of Freenet is used by many third-party programs and plugins to provide microblogging and media sharing, anonymous, decentralised version tracking, blogging, a generic Web of trust for decentral spam resistance, Shoeshop for using Freenet over Sneakernet and many more.
Freenet has always been free software, but for most of its history it required users to install non-free Java software. In 2011, this problem was solved and Freenet can now also work with the free OpenJDK Java system.
Features and user interface of the Freenet 
Freenet is different from most other peer-to-peer applications, both in how users interact with it and in the security it offers. It separates the underlying network structure and protocol from how users interact with the network; as a result, there are a variety of ways to access content on the Freenet network. The simplest is via FProxy, which is integrated with the node software and provides a web interface to content on the network. Using FProxy, a user can browse freesites (web sites that use normal HTML and related tools, but whose content is stored within Freenet rather than on a traditional web server). The web interface is also used for most configuration and node management tasks. Through the use of separate applications or plugins loaded into the node software, users can interact with the network in other ways, such as forums similar to web forums or Usenet or interfaces more similar to traditional p2p "filesharing" interfaces.
While Freenet provides an HTTP interface for browsing freesites, it is not a proxy for the World Wide Web; Freenet can only be used to access content that has been previously inserted into the Freenet network. In this way, it is more similar to Tor's hidden services than to anonymous proxy software like Tor's proxy.
Many of the differences in how Freenet behaves at a user level are direct or indirect consequences of its strong focus on free speech and anonymity. Freenet attempts to protect the anonymity of both people inserting data into the network (uploading) and those retrieving data from the network (downloading). Unlike file sharing systems, there is no need for the uploader to remain on the network after uploading a file or group of files. Instead, during the upload process, the files are broken into chunks and stored on a variety of other computers on the network. When downloading, those chunks are found and reassembled. Every node on the Freenet network contributes storage space to hold files, and bandwidth that it uses to route requests from its peers.
As a direct result of the anonymity requirements, the node requesting a datum does not normally connect directly to the node that has it; instead, the datum is routed across several intermediaries, none of which know which node requested the datum or which one had it. As a result, the total bandwidth required by the network to transfer a file is higher than in other systems, which can result in slower transfers, especially for unpopular content.
Since Version 0.7, Freenet offers two different levels of security: Opennet and Darknet. With Opennet, users connect to arbitrary other users. With Darknet, users connect only to "friends" with whom they previously exchanged Public Keys, named node-references. Both modes can be used together.
Freenet's founders argue that only with true anonymity comes true freedom of speech, and that the beneficial uses of Freenet outweigh its negative uses. Their view is that free speech, in itself, is not in contradiction with any other consideration — the information is not the crime. Freenet attempts to remove the possibility of any group imposing their beliefs or values on any data. Although many states censor communications to different extents, they all share one commonality in that a body must decide what information to censor and what information to allow. What may be acceptable to one group of people may be considered offensive or even dangerous to another. In essence, the purpose of Freenet is that nobody is allowed to decide what is acceptable.
Reports of Freenet's use in authoritarian nations is difficult to track due to the very nature of Freenet's goals. One group, Freenet-China, used to translate the Freenet software to Chinese and distribute it within China on CD and floppy disk until mid-2003.
Technical design 
The Freenet file sharing network stores documents and allows them to be retrieved later by an associated key, as is now possible with protocols such as HTTP. The network is designed to be highly survivable, with all internal processes completely anonymized and decentralized across the network. The system has no central servers and is not subject to the control of any one individual or organization, including the designers of Freenet. Information stored on Freenet is distributed around the network and stored on several different nodes. Encryption of data and relaying of requests makes it difficult to determine who inserted content into Freenet, who requested that content, or where the content was stored. This protects the anonymity of participants, and also makes it very difficult to censor specific content. Content is stored encrypted, making it difficult for even the operator of a node to determine what is stored on that node. This provides plausible deniability, and in combination with the request relaying means that safe harbor laws that protect service providers may also protect Freenet node operators.
Distributed storage and caching of data 
Unlike other P2P networks, Freenet not only transmits data between nodes but actually stores them, working as a huge distributed cache. To achieve this, each node allocates some amount of disk space to store data; this is configurable by the node operator, but is typically several GB (or more).
Files on Freenet are typically split into multiple small blocks, with additional blocks added to provide redundancy. Each block is handled independently, meaning that a single file may have parts stored on many different nodes.
- A user wishing to share a file or update a freesite "inserts" the file "to the network"
- After "insertion" is finished, the publishing node is free to shut down, because the file is stored in the network. It will remain available for other users whether or not the original publishing node is online. No single node is responsible for the content; instead, it is replicated to many different nodes.
Two advantages of this design are high reliability and anonymity. Information remains available even if the publisher node goes offline, and is anonymously spread over many hosting nodes as encrypted blocks, not entire files.
The key disadvantage of the storage method is that no one node is responsible for any chunk of data. If a piece of data is not retrieved for some time and a node keeps getting new data, it will drop the old data sometime when its allocated disk space is fully used. In this way Freenet tends to 'forget' data which is not retrieved regularly (see also Effect).
While users can insert data into the network, there is no way to delete data. Due to Freenet's anonymous nature the original publishing node or owner of any piece of data is unknown. The only way data can be removed is if users don't request it.
The network consists of a number of nodes that pass messages among themselves. Typically, a host computer on the network runs the software that acts as a node, and it connects to other hosts running that same software to form a large distributed network of peer nodes. Some nodes are end user nodes, from which documents are requested and presented to human users. Other nodes serve only to route data. All nodes communicate with each other identically — there are no dedicated "clients" or "servers". It is not possible for a node to rate another node except by its capacity to insert and fetch data associated with a key. This is unlike most other P2P networks where node administrators can employ a ratio system, where users have to share a certain amount of content before they can download.
Freenet may also be considered a small world network.
The Freenet protocol is intended to be used on a network of complex topology, such as the Internet (Internet Protocol). Each node knows only about some number of other nodes that it can reach directly (its conceptual "neighbors"), but any node can be a neighbor to any other; no hierarchy or other structure is intended. Each message is routed through the network by passing from neighbor to neighbor until it reaches its destination. As each node passes a message to a neighbor, it does not know or care whether the neighbor will forward the message to another node, or is the final destination or original source of the message. This is intended to protect the anonymity of users and publishers.
Each node maintains a data store containing documents associated with keys, and a routing table associating nodes with records of their performance in retrieving different keys.
The Freenet protocol uses a key-based routing protocol, similar to distributed hash tables. The routing algorithm changed significantly in version 0.7. Prior to version 0.7, Freenet used a heuristic routing algorithm where each node had no fixed location, and routing was based on which node had served a key closest to the key being fetched (in version 0.3) or which is estimated to serve it faster (in version 0.5). In either case, new connections were sometimes added to downstream nodes (i.e. the node that answered the request) when requests succeeded, and old nodes were discarded in least recently used order (or something close to it). Oskar Sandberg's research (during the development of version 0.7) shows that this "path folding" is critical, and that a very simple routing algorithm will suffice provided there is path folding.
The disadvantage of this is that it is very easy for an attacker to find Freenet nodes, and connect to them, because every node is continually attempting to find new connections. In version 0.7, Freenet supports both 'Opennet' (similar to the old algorithms, but simpler), and 'Darknet' (all node connections are set up manually, so only your friends know your node's IP address). Darknet is less convenient, but much more secure against a distant attacker.
This change required major changes in the routing algorithm. Every node has a location, which is a number between 0 and 1. When a key is requested, first the node checks the local data store. If it's not found, the key's hash is turned into another number in the same range, and the request is routed to the node whose location is closest to the key. This goes on until some number of hops is exceeded, there are no more nodes to search, or the data is found. If the data is found, it is cached on each node along the path. So there is no one source node for a key, and attempting to find where it is currently stored will result in it being cached more widely. Essentially the same process is used to insert a document into the network: the data is routed according to the key until it runs out of hops, and if no existing document is found with the same key, it is stored on each node. If older data is found, the older data is propagated and returned to the originator, and the insert "collides".
But this only works if the locations are clustered in the right way. Freenet assumes that the Darknet (a subset of the global social network) is a small-world network, and nodes constantly attempt to swap locations (using the Metropolis–Hastings algorithm) in order to minimize their distance to their neighbors. If the network actually is a small-world network, Freenet should find data reasonably quickly; ideally on the order of hops. However, it does not guarantee that data will be found at all.
Eventually, either the document is found or the hop limit is exceeded. The terminal node sends a reply that makes its way back to the originator along the route specified by the intermediate nodes' records of pending requests. The intermediate nodes may choose to cache the document along the way. Besides saving bandwidth, this also makes documents harder to censor as there is no one "source node."
Initially, the locations are distributed randomly (whether on Opennet or Darknet). This means that routing of requests is essentially random. But since different nodes have different randomness, they will disagree about where to send a request, given a key. So the data in a newly started Freenet will be distributed somewhat randomly.
As location swapping (on Darknet) and path folding (on Opennet) progress, nodes which are close to one another will increasingly have close locations, and nodes which are far away will have distant locations. Data with similar keys will be stored on the same node.
The result is that the network will self-organize into a distributed, clustered structure where nodes tend to hold data items that are close together in key space. There will probably be multiple such clusters throughout the network, any given document being replicated numerous times, depending on how much it is used. This is a kind of "spontaneous symmetry breaking", in which an initially symmetric state (all nodes being the same, with random initial keys for each other) leads to a highly asymmetric situation, with nodes coming to specialize in data that has closely related keys.
There are forces which tend to cause clustering (shared closeness data spreads throughout the network), and forces that tend to break up clusters (local caching of commonly used data). These forces will be different depending on how often data is used, so that seldom-used data will tend to be on just a few nodes which specialize in providing that data, and frequently used items will be spread widely throughout the network. This automatic mirroring counteracts the times when web traffic becomes overloaded, and due to a mature network's intelligent routing, a network of size n should only require log(n) time to retrieve a document on average.
Keys are hashes: there is no notion of semantic closeness when speaking of key closeness. Therefore there will be no correlation between key closeness and similar popularity of data as there might be if keys did exhibit some semantic meaning, thus avoiding bottlenecks caused by popular subjects.
A CHK is a SHA-256 hash of a document (after encryption, which itself depends on the hash of the plaintext) and thus a node can check that the document returned is correct by hashing it and checking the digest against the key. This key contains the meat of the data on Freenet. It carries all the binary data building blocks for the content to be delivered to the client for reassembly and decryption. The CHK is unique by nature and provides tamperproof content. A hostile node altering the data under a CHK will immediately be detected by the next node or the client. CHKs also reduce the redundancy of data since the same data will have the same CHK.
SSKs are based on public-key cryptography. Currently Freenet uses the DSA algorithm. Documents inserted under SSKs are signed by the inserter, and this signature can be verified by every node to ensure that the data is not tampered with. SSKs can be used to establish a verifiable pseudonymous identity on Freenet, and allow for documents to be updated securely by the person who inserted them. A subtype of the SSK is the Keyword Signed Key, or KSK, in which the key pair is generated in a standard way from a simple human-readable string. Inserting a document using a KSK allows the document to be retrieved and decrypted if and only if the requester knows the human-readable string; this allows for more convenient (but less secure) URIs for users to refer to.
A network is said to be scalable if its performance does not deteriorate even if the network is very large. The scalability of Freenet is being evaluated, but similar architectures have been shown to scale logarithmically. This work indicates that Freenet can find data in hops on a small-world network (which includes both opennet and darknet style Freenet networks), when ignoring the caching which could improve the scalability for popular content. However, this scalability is difficult to test without a very large network. Furthermore, the security features inherent to Freenet make detailed performance analysis (including things as simple as determining the size of the network) difficult to do accurately. As a result, the real-world scalability of Freenet has not been thoroughly tested.
Darknet versus Opennet 
As of version 0.7, Freenet supports both "darknet" and "opennet" connections. Opennet connections are made automatically by nodes with opennet enabled, while darknet connections are manually established between users that know and trust each other. Opennet connections are easy to use, but darknet connections are more secure against attackers on the network, and can make it difficult for an attacker (such as an oppressive government) to even determine that a user is running Freenet in the first place. For users in such places, the darknet option may be a requirement in order to avoid prosecution by such a government.
The core innovation in Freenet 0.7 is to allow a globally scalable darknet, capable (at least in theory) of supporting millions of users. Previous darknets, such as WASTE, have been limited to relatively small disconnected networks. This scalability is made possible by the fact that human relationships tend to form small-world networks, a property that can be exploited to find short paths between any two people. The work is based on a speech given at DEF CON 13 by Ian Clarke and Swedish mathematician Oskar Sandberg. Furthermore, the routing algorithm is capable of routing over a mixture of opennet and darknet connections, allowing people who have only a few friends using the network to get the performance from having sufficient connections while still receiving some of the security benefits of darknet connections. This also means that small darknets where some users also have opennet connections are fully integrated into the whole Freenet network, allowing all users access to all content, whether they run opennet, darknet, or a hybrid of the two.
Post-2008 development 
Freenet 0.7, released on 8 May 2008, is a major re-write incorporating a number of fundamental changes. The most fundamental change is support for darknet operation, described above. Other modifications include switching from TCP to UDP, which allows UDP hole punching along with faster transmission of messages between peers in the network.
Freenet 0.7.5, released on 12 June 2009, offers a variety of improvements over 0.7. These include reduced memory usage, faster insert and retrieval of content, significant improvements to the FProxy web interface used for browsing freesites, and a large number of smaller bugfixes, performance enhancements, and usability improvements. Version 0.7.5 also shipped with a new version of the Windows installer.
As of build 1226, released on 30 July 2009, features that have been written and will be included in version 0.8 include significant security improvements against both attackers acting on the network and physical seizure of the computer running the node. Like version 0.7.5, version 0.8 will be based on the 0.7 code. Other features likely to be included in version 0.8 are continued improvements to both performance and security, as well as usability enhancements and bug fixes.
As of build 1397, released on 17 August 2011, there have been large scale experiment with new load management (NLM) to increase throughput and reduce the impact of hostile nodes on the network. As of build 1405, work is still ongoing to adapt freenet internals for default usage of NLM.
Tools and applications 
Unlike many other P2P applications Freenet does not provide comprehensive functionality itself. Freenet is modular and features an API called Freenet Client Protocol (FCP) for other programs to use to implement services such as message boards, file sharing, or online chat.
- Freenet Messaging System (FMS)
- FMS was designed to address problems with Frost such as denial of service attacks and spam. Users publish trust lists, and each user only downloads messages from identities they trust and identities trusted by identities they trust. FMS is developed anonymously and can be downloaded from the FMS freesite within Freenet. It does not have an official site on the normal Internet. Is the currently most advanced messaging system for Freenet, as it features random post delay, support for many identities, and a distinction between trusting a user's posts and trusting their trust list. It is written in C++ and is a separate application from Freenet.
- Frost is very popular for file sharing, although Frost's design is inherently vulnerable to spam and denial of service attacks. Frost can be downloaded from the Frost home page on Sourceforge, or from the Frost freesite within Freenet. It is not endorsed by the Freenet developers. Frost is written in Java and is a separate application from Freenet.
- jSite is a tool to upload websites. It handles keys and manages uploading files.
- Infocalypse is an extension for the distributed revision control system Mercurial. It uses an optimized structure to minimize the number of requests to retrieve new data, and allows supporting a repository by securely reuploading most parts of the data without requiring the owner's private keys.
- FCPLib (Freenet Client Protocol Library) aims to be a cross-platform natively compiled set of C-based functions for storing and retrieving information to and from Freenet. FCPLib supports Windows NT/2K/XP, Debian, BSD, Solaris, and Mac OS X.
Freenet 0.5 
When Freenet 0.5 (FCon or Freenet Classic Opennet) forked into Freenet 0.7, most users moved to Freenet 0.7. Nevertheless, an active user base on Freenet 0.5 has remained. On 17 December 2011, Freenet 0.5 build 5110 was released, showing Freenet 0.5 to have a steady user base and new development; however, on June 2012, the new developer declared 0.5 dead after having seen only one peer for six months.
According to CiteSeer, Ian Clarke's "Freenet: A Distributed Anonymous Information Storage and Retrieval System" was the most cited computer science paper of 2000. Freenet has also had significant publicity in the mainstream press, including articles in the New York Times, and coverage on CNN, 60 Minutes II, the BBC, and elsewhere. The mainstream press coverage has been primarily concerned with Freenet's impact on copyright enforcement, rather than Freenet's asserted goal of freedom of communication.
See also 
- Rendezvous protocol
- Anonymous P2P
- Darknet (file sharing)
- Distributed file system
- Entropy (anonymous data store)
- Freedom of information
- Osiris sps
- Tor (anonymity network)
- Share - the successor to Winny
- Perfect Dark - the successor to Share; it employs many of Freenet's principles.
- "Freenet: People". 22 September 2008. Retrieved 22 September 2008.
- Cohen, Adam (26 June 2000). "The Infoanarchist". TIME. Retrieved 18 December 2011.
- Beckett, Andy (26 November 2009). "The dark side of the internet". The Guardian. Retrieved 26 November 2009.
- "Sone, a pseudonymous microblogging plugin for Freenet".
- "Infoclypse: A Mercurial plugin for decentral, anonymous versiontracking and code-sharing over freenet".
- "Flog Helper: Easy Blogging over Freenet".
- "Web Of Trust: A freenet plugin for pseudonymous, decentral spam resistance".
- "Freenet over Sneakernet. Freenet Key: USK@MYLAnId-ZEyXhDGGbYOa1gOtkZZrFNTXjFl1dibLj9E,Xpu27DoAKKc8b0718E-ZteFrGqCYROe7XBBJI57pB4M,AQACAAE/Shoeshop/2/".
- The Philosophy behind Freenet
- Toseland, Matthew. "Does Freenet qualify for DMCA Safe Harbor?". Retrieved 27 January 2013.
- The Small-World Phenomenon: An Algorithmic Perspective — Kleinberg
- "Information about infocalypse. A mirror of the included documentation".
- Freenet Transition
- Freenet 0.5 Build 5110
- Freenet 0.5 Is Dead
- The Freenet Project
- The Official FAQ
- A Freenet Help Site/wiki
- DEF CON 13 darknet slides by Oskar Sandberg and Ian Clarke
- Freenet Minihowto
- The Guardian - The dark side of the internet
- A presentation of the projects to make a Wiki over Freenet possible.