EDN: Unterschied zwischen den Versionen

Aus C3D2
Zur Navigation springen Zur Suche springen
Keine Bearbeitungszusammenfassung
KKeine Bearbeitungszusammenfassung
 
(442 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
[[Echt Dezentrales Netz | Deutsch]]
[[Echt Dezentrales Netz | Deutsch]]


: '''We EVALUATE existing approaches and BUILD BRIDGES towards a more secure and privacy preserving Internet protocol stack.'''
[[Datei:EDN-logo-b.svg|thumb|none|200px|alt=EDN logo with the letters EDN looking like a network and toped with two WiFi-symbols, one left and one right]]


== Welcome ==
'''We develop a new protective Internet'''
<br clear=all>
<br>
= Welcome =


This is the official wiki of the research and software project '''''[[Echt Dezentrales Netz|EDN]]''''' ([[Echt Dezentrales Netz]] - real decentralized network).
This is the official wiki of the research and software project '''''[[Echt Dezentrales Netz|EDN]]''''' ([[Echt Dezentrales Netz]] - real decentralized network).
Our vision is to provide a more secure and confidentiality preserving communication means to billions of people: individuals, families and organisations of whatever format - a new internet fitted with a set of privacy tuned [[EDN#Services | services]] running on local individual or public infrastructure and meets our [[EDN/Criteria | standard]].


We cherish privacy as an important aspect of a liberal society. Our vision is to create a space to unfold and guard basic civil rights such as informational self determination, ​​freedom of assembly, ​secrecy of correspondence and free speech. Our final goal is a new wifi mesh-networking capable internet protocol stack that includes a set of services.
= News =


== News ==
We have a [https://projectedn.wordpress.com/ new website] which addresses potential sponsors.
Recently we have presented EDN to the people of [https://www.wauland.de/en/index.php ''Wau Holland Foundation'']. Thank you for your invitation!


Currently we are working for getting funded so we need help in improving our internet presence.
If you like our approach you can help us by:
* check for incentives to fund us and [http://7ywdkxkpi7kk55by.onion/trac/wiki/ToOpenTechFund descriptions] you feel are missing
* Especially we aim to transfer our previous collected information ([http://7ywdkxkpi7kk55by.onion/trac/wiki/ProjectsFeatureList 1], [http://7ywdkxkpi7kk55by.onion/trac/wiki/ModuleComparison 2]) of projects to the libreplanet semantic wiki. So when the stone is set for the semantic wiki, help is welcome to do so.
Furthermore we will publish a job posting soon for people to do evaluation of projects.<br>
[[Echt Dezentrales Netz/Projekttagebuch | Here]] is our project diary.
[[Echt Dezentrales Netz/Projekttagebuch | Here]] is our project diary.


Zeile 23: Zeile 21:
; Note: .onion addresses can be accessed via [https://www.torproject.org/projects/torbrowser.html.en Tor Browser Bundle]''
; Note: .onion addresses can be accessed via [https://www.torproject.org/projects/torbrowser.html.en Tor Browser Bundle]''


== Background Short ==
= Status Quo =
 
Today's communication infrastructure is predominantly centralized.


However, this makes surveillance and manipulation of arbitrary digital communications easier.
== Centralization, Outdated Protocols ==


These means can be abused - and were abused - not only by dictatorships but also by democratic countries and international companies.
<br>
: There are indeed solutions like Tor or PGP which can partially patch the shortcomings of the infrastructure, but each user has to take care of that for herself. Anonymization and encryption are not in the standard configuration.
<br>
<br>
[[Datei:BonehandSocialnetwork4.png|thumb|none|700px| Social graphs can be extracted easily at central points of failure [[EDN#Picture_References | (1)]]]]


A penal action against these secret processes is nearly impossible, starting with the problem that they are not even detected by the affected parties.
This status quo endangers our democracy.
However, it can be countered in different ways.
The following is a technical approach:
: To repurpose and to extend existing digital communications infrastructure to make surveillance more cumbersome, especially through decentralization.


== Background Long ==
The prevalent digital communication means undermine their users' data integrity and confidentiality starting with
all digital communication of one country going through one or just a few telecommunication providers' servers.
These accumulate data, including metadata, which is the basis to derive people's social graphs, movement patterns and even psychological profiles.
Further centres of data accumulation are services like Facebook, Twitter or Youtube.
They profited by peoples' wish to reach as many people as possible.
This has led them to focus on using certain services - known as the [https://en.wikipedia.org/wiki/Network_effect '''Network Effect'''] - rather than privacy and security aspects.
This not only helped these services grow significantly, but also led
to huge data accumulations in few locations.
These have its own value for several groups and provoke criminal activity to access and misuse it.
When your hardware gets stolen you soon will notice that. It makes a transition from you - the rightful owner - to another one.
Usually data won't be moved just copied. You won't notice the access directly or never if you have entrusted it to another party or let your digital communication flow through a single instance exposing all your meta data.
To make things worse the current internet protocols base on a completely outdated threat model as the Snowden revelations have shown at the very latest.
They are by design vulnerable to a number of attacks.([https://www.w3.org/2014/strint/papers/65.pdf 1], [https://www.usenix.org/sites/default/files/conference/protected-files/verkamp_foci12_slides.pdf 2], [https://www.usenix.org/sites/default/files/conference/protected-files/sec15_slides_sun.pdf 3]).
These open ways to undermine even overlaying structures, such as [https://www.usenix.org/sites/default/files/conference/protected-files/sec15_slides_sun.pdf Tor], deanonymizing its shelter seeking users and hidden services by traffic correlation.
<br clear=all>
<br>
These conditions- the brokeness and centralization- facilitate:
* '''Censorship''': On [https://en.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany plattforms] and by [https://www.usenix.org/sites/default/files/conference/protected-files/verkamp_foci12_slides.pdf countries];
* '''Passive Mass Spying''';
* '''Active Intrusion''' on a global scale;


When it comes to the topic of mass spying and "cyber" attacks, most of us will readily agree, that it's performed on large scale by an ecosystem of well equipped adversaries (Snowden revelations, botnets)
It is most likely that patches like overlay networks can only ease the shortcomings of the current internet but not fix it using this vulnerable basis for confidential communication.
Furthermore that the first is a threat to a list of basic civil rights which back up our democracies. Where this agreement usually ends, however is the question of how to deal with it adequately.  
This may be less critical for high latency networks over the Internet or Sneakernets that do not use the internet at all.
Many people assume that the wild installation of a bunch of single purpose privacy tools works already very well to protect their privacy and that cryptoparties which teach GPG and Tor usage or decentralized Social Networking, aka Federation is the solution for our problem.
Alternative networks, however suffer from the following problems.
By focusing on single purpose solutions and the resulting need for cryptoparties, people overlook a significant number of disadvantages:
Their network is unlikely to gain enough users, due to shortcomings in their accessibility and usability.
The wild installation means unawareness of the varying privacy assertions made. The tools compete for computing and channel resources.
Thus, it will not be attractive for most people wanting to communicating with their friends.
It is very ineffective to teach every single user a various set of tools which in addition often lack convenience.
Moreover, such a small user group might also jeopardize the users [http://freehaven.net/anonbib/cache/usability:weis2006.pdf anonymity] and privacy, as each user is deemed suspicions and errors in the network stack take longer to get fixed.
That results in average users to stick to more unsecure solutions though they know about its impact on their privacy.
Finally, this cast doubt on the whole idea of an alternative network.
Furthermore the long list of arising privacy projects- we have over 80 in our list - compete for contributors, funding, and users while implementing redundant, now and then mediocre solutions. Even the current internet stack which most projects set on is known to be vulnerable to a list of attacks basing on the stacks need and usage of authorities. That is true for CAs, BGP routing, DNS and the server-client model, which makes the internet to an accumulation of many single points of failures (SPOF) that facilitate censorship, passive spying, and active intrusion on a global scale.
To break this cycle, we think that multiple well tuned secure solutions must be brought together focusing on accessibility and usability, to combine and increase their small user groups and kick start the required [https://en.wikipedia.org/wiki/Network_effect Network Effect].


Yet a sober analysis of the matter reveals that the old internet stack and the wild installation is a bad basis for privacy efforts!
== Threat Model ==
Hence, we believe that we need a completely new internet stack that provides high confidentiality, integrity of communication and censorship-resistance natively.
Among others we envision the new stack to be free software, decentralized, distributed, end-to-end-encrypted, with meta-data-protection, easy to use, efficient, lightweight wifi mesh-networking capable and well-documented.
(all criteria here: (https://wiki.c3d2.de/EDN#I._Privacy_and_Security_Criteria))
Additionally we work towards delivering it with a set of privacy and usability tuned services by combining existing solutions.


<br clear=all>
We presume a global active attacker that does automated intrusion such as traffic [http://7ywdkxkpi7kk55by.onion/trac/wiki/DeanonymizingTheInternet shaping].We share our threat model with [http://secushare.org/threats Secushare].


== Threat model ==
<br>


We presume a global active attacker that does automated intrusion such as traffic [http://7ywdkxkpi7kk55by.onion/trac/wiki/DeanonymizingTheInternet shaping]. We draw the line before targeted operations.
<br clear=all>


== Goal ==
== Competitiveness and Lack of Collaboration ==
[[EDN/PrivacyProjects | Here]] is our list of Privacy Software Projects.


The communication potential in densely inhabited regions can be guessed watching these pictures:
[[Datei:Zettelwirtschaft.jpg|thumb|none|700px|Highly fragmented privacy and security software landscape [[EDN#Picture_References | (3)]]|alt=man standing on a field covered with scattered pieces of paper|link=EDN/PrivacyProjects]]


* http://motherboard.vice.com/blog/this-is-what-wi-fi-would-look-like-if-we-could-see-it
The privacy and security software landscape is highly fragmented.
* http://socialtimes.com/cell-phone-signals-mapping-turns-the-world-into-a-psychedelic-landscape_b194303
This has implications for their quality and therefore for their users' privacy and security.
We found over 80 [[EDN/Privacy_Projects | Free Software Privacy Projects]] and this is nowhere near complete
regarding [https://www.schneier.com/cryptography/paperfiles/worldwide-survey-of-encryption-products.pdf this survey].
All compete for contributors, funding, users, bandwidth while implementing redundant, often mediocre solutions which is no wonder since most of them lack resources to do it all good.
This leads to bad code documentation, which consequently impedes potential help by new developers or researchers finding vulnerabilities and providing more secure solutions.
These are some reasons why there is almost no collaboration between the projects although they share the same goals and would benefit from these collaborations exceptionally.


'''Our goal is to use the existing resources to form a difficult-to-monitor cellphone/router/computer network by building bridges between proven projects.''' There are [[Echt Dezentrales Netz#Privacy_Projects|plenty]] of software solutions with the goal of protecting the privacy of its users. Preexisting structures are to be [[EDN#Approach | evaluated]] and combined into such a network. The communication should run, first and foremost, on top of a combination of WiFi, copper and fibre optics, but we also consider Bluetooth, [http://www.cringely.com/2014/05/15/nsa-help-kill-uwb/  Ultra Wideband (UWB)], [http://ronja.twibright.com/installations.php red light], ukw and satellite uplinks - shortly all allowed frequencies and ways.


The following criteria should be met:
<br>
<br clear=all>


; The communication is:
= Goal =
<br clear=all>
[[Datei:NetworkWikimediacommonsCCbyInductiveload.svg|thumb|left|200px|City Wide Communication via local infrastructure]]


=== I. Privacy and Security Criteria ===
Regarding the design flaws of the current internet, we believe that a complete new internet providing confidentiality, integrity of communication and censorship-resistance is indispensable.  
We envision the new stack to be


Data security is at the core of our technical approach. It is not sufficient to only secure the
* Privacy tuned for and delivered with several [[EDN#Services | services]]
contents of communications. We also want to prevent the systematic collection of
* Convenient and attractive to use, focusing on accessibility and usability
communication profiles (metadata), as the analysis of the social graph of a population
* Able to run on local individual or public infrastructure
poses a particular threat to democracy.
* [[EDN/Criteria | Free Software]]


# '''Free Software''': consistent use of free and open software, putting the system under permanent public scrutiny and giving users control over their computation;
The new internet uses the existing infrastructure to form a difficult-to-monitor cellphone/router/computer network. Its communication runs, first and foremost, on top of a combination of WiFi, copper and fibre optics. Moreover, we consider Bluetooth, [http://www.cringely.com/2014/05/15/nsa-help-kill-uwb/ Ultra Wideband (UWB)], [http://ronja.twibright.com/installations.php red light], UKW and satellite uplinks - shortly all allowed frequencies and means of digital communication.
# '''Encryption''':
## '''End-to-end-encryption''': ubiquitous end-to-end encryption, removing the necessity to trust any third parties that might access our data while it is being transmitted or stored. No intermediate actors gain access to the exchanged content.
## '''Perfect Forward Secrecy''': encryption is regularly renewed in such a way that past communications cannot be retroactively be decrypted upon access to key material.
## '''Link Encryption'''
# '''Meta data protection''': obfuscation of transmission patterns, preventing the analysis of social relations, behaviour patterns and topical interests of the participants in a network;
# '''Authentication''': by direct interaction or by common social contacts, no trust delegation to external third party authorities. When interacting among private persons, the counterpart is directly or socially authenticated by default. When interacting with businesses, customers choose whether to stay fully anonymous, to adopt a long-term pseudonymity (equivalent to accepting a web cookie) or to authenticate themselves as a physical person. An integrated payment system enables an economy where the customer can remain anonymous.
# '''Decentralization''': Essential to removing single points of failures and highly concentrated data flow from the calculation. Without distribution it is not enough: Whenever there is a fixed server in charge of a certain person it will gain access to all of that person's metadata. Even worse if that server is operating in a [http://about.psyc.eu/Federation Federation] kind of style or the application [http://secushare.org/2011-FSW-Scalability-Paranoia assumes its server to be in any way a safe place to store private data];
# '''Distributed data flow and storage''': making bulk collection of data economically unattractive. No traditional server nodes may gain access to either content or metadata of communications, therefore only a distributed system of agnostic relay nodes can provide scalability, intermediate storage and anonymity from third parties all at once;




<br clear=all>


=== II. Performance, Reliability and Usability criteria ===
== [[EDN/Criteria |Criteria for the New Internet]] ==
 
The new internet should meet the following criteria. The quality of security and privacy might vary between the different exposed services.  [[EDN/Criteria | (...)]].
Beyond the application of cutting-edge security standards, our concept emphasizes
<br>
scalability and usability. We want to establish an attractive technological platform for
<br>
applications that can be used by large user bases and businesses worldwide.
<br>
Using a modular approach, we are integrating existing best practises and results from the
scientific community to build a coherent system.
 
# ''' Easy to install'''
# '''Usage''': the user interface is '''intuitively usable''';
# '''Accessibility''': The interface(s) of the software are accessible (to people with impairments/disabilities);
# '''Functionality representation''': the user interface represents in an easy way the functionality that is laying beneath;
# '''Efficient distribution''': heterogeneous distribution trees, because we need to interconnect billions of users without resorting to cloud technology
# '''Security vs. Performance''': The network shall be as '''performing''' as it can be, considering the grade of security for the specific services;
# '''Available public data''': The infrastructure enables caching and intelligent distribution of public data, yet provides anonymous access to it (Examples known to fulfil this requirement: Maidsafe, Secushare, Freenet) -> Knowledge representation and file sharing in P2P networks;
# '''Resilience''': The network has to be '''resilient''': stable, adaptable, fault-tolerant (e.g. against jamming);
# '''Robust against fluctuating node participation''';
# '''Real-time communication''': The infrastructure supports also real-time communication;
# '''Partial ressource souveranity''': The amount of bandwidth for private usage can be configured;
# '''Energy consumption restrictions''': The nodes can be mobile, but technology in mobile devices must be aware of energy consumption restrictions;
# '''Sneakernet''': Whenever necessary, data exchange may also happen by taking a storage device physically from one place to another (Briar, GNUnet transports etc.);
# '''Ressource contribution incentives''': The network provides incentives for peers to contribute more resources than they consume;
 
=== III. Software Criteria ===
 
# '''Free software''' with free as in liberty.
# '''Code Criteria''', The code providing the GNU Internet protocol stack must be:
## logically '''verified''',
## '''efficient''',
## '''well documented''',
##'''well tested''',
# '''Secure Updating''': It is possible to securely update system components;
# '''Reproducible Builds''': Available as reproducible builds
# '''Holistic solution''': which means it encompasses all layers of the OSI model and beyond, i.e. from the strongly delay and packet loss tolerant physical layer through an automatically configured, encrypted and anonymizing middle layer to services on the upper layer such as social networking, P2P transfer or generic data storage;
 
=== IV. Society and Legal Criteria ===
 
# '''Public support''': ethically, politically and financially supported by public entities;
# '''Restrictions to proprietary applications''': they may use the new Internet protocol stack unter the conditions that:
## they run in a securely sandboxed environment;
## they do not gain access to any data of constitutional relevance, in particular not the social graph which the user is not entitled to share with external third parties as other people are affected by such gesture;
# '''Participation''': The network is '''open''': that means everyone can easily participate (after installation of the protocol stack);


== Services ==
== Services ==
Zeile 139: Zeile 114:
{| class="wikitable"
{| class="wikitable"
|-
|-
! !! public   !! personal/private !!
! !! public !! personal/private !!
|-
|-
! Text
! Text
Zeile 154: Zeile 129:
|}
|}


* crypto currency/ pay system
* Searching in local and other reachable networks including the Internet
* filesharing
* blogging
* Private communication with embedded devices


== Privacy Projects ==


Below you can find our current list of relevant promising projects.
* Social-Networking: Messaging, Micro Blogging, (Video)-Telephony;
Promising means that they fulfil already some of our criteria and have solutions (implemented) that we want to evaluate.
* Data Storage (individual, group and public access);
'''We aim to let these projects share code and build bridgdes in between to let them grow together.'''
* Searching contents in local and other reachable networks;
[http://youbroketheinternet.org/map Here] is a helpful overview including a part of the following projects that considers the layer they serve.<br>
* Mirroring contents of the "old" internet;
[http://skilledtests.com/wiki/List_of_Federated_Communication_Platforms#comparison A] and [https://redecentralize.github.io/alternative-internet/ B] were very helpful lists.
* Payment system;
* Smart contract (blockchain);
* Collaborative document editing.
 
 


We focus on fully distributed solutions.
[[Datei:Services2.png|600px]]
If you find mistakes or wrong attributions please correct them.
Feel free to add other fitting projects or missing information as well. Thank you.


=== Pure Networking ===
<br>
<br>


* '''Netsukuku''' (http://netsukuku.freaknet.org/): "Netsukuku is an ad-hoc network system designed to handle massive numbers of nodes with minimal consumption of CPU and memory resources. It can be used to build a world-wide distributed, fault-tolerant, anonymous, and censorship-immune network, fully independent from the Internet."  Written in Python. (There are forks in other languages as well)
== Overtaking the Attackers ==
* '''The Serval project''' (http://www.servalproject.org/), (http://developer.servalproject.org/dokuwiki/doku.php#serval_mesh): "The Serval Project lets mobile phones make phone calls to each other peer-to-peer without a base station."
* ''' cjdns, Hyperboria & the Project Meshnet ''' (https://projectmeshnet.org/): " encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing."
* ''' aDTN ''' (https://www.seemoo.tu-darmstadt.de/team/ana-barroso/adtn/): Network layer protocol for wireless delay-tolerant communication -> Smartphone Client: '''Timberdoodle'''
* ''' ZeroTier One ''' (https://www.zerotier.com/): hybrid peer to peer protocol that creates virtual distributed Ethernet networks. It makes use of supernodes, but these run the same code as ordinary nodes and end-to-end encryption protects all unicast traffic. Semi-commercial with a freemium model.
* ''' Commotion Wireless ''' (https://commotionwireless.net/): " Tool that uses wireless devices to create decentralized mesh networks."
* '''  COR Connection oriented routing ''' (http://michaelblizek.twilightparadox.com/projects/cor/index.html): a layer 3+4 mesh protocol for zero administration networks, implemented as a linux kernel patch
* ''' Tor ''' (https://www.torproject.org/about/overview.html.en) ''''' (-> DeanonymizingTheInternet)''
* bmx6 ?
* ''' Quick Mesh Project (qMp)'''  (http://qmp.cat/Home<nowiki/>): Firmware for embedded network devices based on OpenWRT Linux operating system?
* '''edgenet''' (http://theedg.es): "peer-to-peer opportunistic network built over mobile devices (and potentially home routers). It is a concept, with many layers already build (ZeroMQ, Zyre). It uses temporary ‘cells’ to connect devices and exchange information opportunistically. It’s suited to decentralized chat and proximity networking."
* '''IPOP''' (http://ipop-project.org/): (IP-over-P2P) software allowing end users to define and create their own virtual private networks. IPOP’s architecture and design have evolved since the project’s inception from one based on a structured P2P library (Brunet) connecting all peers into a global overlay, to the current design based on ''TinCan'' links connecting users to trusted peers (e.g. from online social networks) through mediation of a decoupled controller. At its core, IPOP leverages existing technologies (Jingle/WebRTC) and standards (STUN, TURN, XMPP) to tunnel IP packets over P2P links between computers – even when they are behind firewalls and/or Network Address Translators (NATs). Written in C#.
* '''Tavern''' (https://tavern.com/): "distributed, anonymous, unblockable network designed to ensure that no one is silenced, censored, or cut off from the rest of the world"
* '''Samizdat''' (?): "self-replicating LiveCD which creates an IPSec VPN between each newly-created LiveCD node and the system that created it. It is thus “rhizomal” in the sense of Serval, but its objectives are more like those of arkOS: each node runs peer-to-peer services intended to replace the centralized services of github, skype, facebook, gmail, etc.. Samizdat provides strong cryptography for authentication of users over the network, and full disk encryption for installed systems, providing novice users fully-automated (zero-learning-curve) access to high-grade security. Samizdat’s installer does not ask any questions of the user except where to install. The goal of Samizdat is to provide the benefits of public key cryptography to users who do not even understand what public key cryptography is.(Samizdat is also – incidentally – a generic framework for creating and managing LiveCD images for other purposes, such as managing multiple systems on a LAN, or system backup."Public mailing list (samizdat@lists.riseup.net), mail to project founder (samizdat@childrenofmay.org)


The arms race between attackers and defenders over data security and privacy on the internet is ongoing.
However the conditions are good to overtake the attackers generously and change the game in favor of the defenders by way of variety replacing the broken internet by a combination of cutting-edge technologies:


=== Multipurpose Multilayer Projects ===


* '''New internet protocol stacks''': There are new internet stacks among the privacy software projects such as [https://gnunet.org/ GNUnet], [http://maidsafe.net/ Maidsafe], [http://net2o.de/ Net2o] and [http://rina.tssg.org/, implementations: http://www.irati.eu/ RINA]. They have developed privacy aware routing and decentral naming systems for over ten years now. They are waiting for having services set and top of them and [https://wiki.c3d2.de/EDN/Testing evaluated].
* '''Matured operating systems for embedded devices and wifi-meshnet-routing''': It increases the effort of espionage if a computer network is decentralized. One important part of this is even to decentralize local communication by using a wireless network in connection with multiple internet accesses. Open Wireless Communities are existing already for some years. Have developed and optimized their routing algorithms and gained experience. They deploy routers and boards using Linux-based firmwares such as [https://openwrt.org/ OpenWRT] and [https://dd-wrt.com/site/ DD-WRT]. GNUnet has already been packet for [https://github.com/dangowrt/gnunet-15.05 OpenWRT] and has potential to [https://www.youtube.com/watch?v=OEBu7u6hZSo revolutionize] Open Wireless communities.
* '''Authority Free Onion Routing''' using [https://gnunet.org/brahms BRAHMS] is [https://events.ccc.de/camp/2015/wiki/Session:Authority-free_Onion_Routing_with_BRAHMS on the way].
* [https://reproducible-builds.org/ '''Reproducible Builds''']:  "to empower anyone to verify that no flaws have been introduced during the build process by reproducing byte-for-byte identical binary packages from a given [https://wiki.debian.org/ReproducibleBuilds/About source]."
<br>


* ''' Zyre ''' (http://zeromq.org/)
== Beneficiaries of the New Internet ==
* ''' I2P ''' (https://geti2p.net/en/): "I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties." Written in Java. Known issues: See paper.
* ''' Freenet ''' (https://freenetproject.org/): "Freenet is free software which lets you anonymously share files, browse and publish “freesites” (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in “darknet” mode, where users only connect to their friends, is very difficult to detect." Written in Java.
* ''' Tribler ''' (http://www.tribler.org/): "Tribler aims to create a censorship-free Internet. Already deployed, used and incrementally improved for 8-years. Tribler uses an upcoming IETF Internet Standard for video streaming - (http://datatracker.ietf.org/doc/draft-ietf-ppsp-peer-protocol/) - and is backward compatible with Bittorrent. Future aim is using smartphones to even bypass Internet kill switches. An early proof-of-principle Tribler-mobile is available on the Android Market. Key principle: ‘the only way to take it down is to take The Internet down’. Overview paper." Written in Python.
* ''' Retroshare ''' (http://retroshare.sourceforge.net/index_de.html): Secure communication. Chat, mail, forums,telephony and filesharing based on a friend-to-friend (F2F) network
* ''' GNUnet ''' (https://gnunet.org/): Secure, fully decentralized P2P network, extensible component-oriented framework, a possible future Internet architecture. See also secushare. '''[wiki:PromisingProjects/GNUnet Status Quo]'''
* ''' net2o ''' (http://net2o.de/), (http://fossil.net2o.de/net2o/doc/trunk/wiki/net2o.md): new internet stack
* ''' Ind.ie ''' (https://ind.ie/about/vision/)
* ''' Qaul.net ''' (http://qaul.net/text_de.html): Provider independent, self-configuring, multiplatform communication network that integrates services
* ''' Invisible ''' (http://invisible.im/): filetransfer and conversation without trace/evidence
* '''RINA''' (http://rina.tssg.org/): Theoretical model of another Internet stack.
* '''Avatar'''(http://avatar.ai): A distributed “operating system for the Internet” running inside the web browser. It allows for secure messaging (think email, social networks) and distributed data storage, employing a policy of “privacy and data security by default”. Building its own encrypted P2P network, it does not rely upon any central authority.
* '''Firestr''' (http://github.com/mempko/firestr): A simple decentralized communication and computation platform. Apps are written in Lua and are pushed to peers where they automatically run and connect. All communication is P2P and encrypted. Written in C++.
* '''Morphis.is''' (https://morph.is/v0.8/): high-performance distributed datastore, distributed messaging, access via web browser, SSH client or "mcc", the command line MORPHiS UI, foundation for the "World Brain" (https://sherlock.ischool.berkeley.edu/wells/world_brain.html), having a trust based system of reputation, which will enable reputation based searches, eventually  real time voting. Uses a custom Kademlia DHT over a custom SSH protocol, uses TCP (Tor compatible). Written in Python.
* '''phantom''' (https://code.google.com/p/phantom/): is/was? a system for generic, decentralized, internet anonymity. Written in C.


=== Cryptocurrency Based Networks ===
In the long run everyone will benefit from the new internet, since it is censorship resistant, provides confidentiality and integrity preserving services. It results in:
* '''Average citizens''' regaining parts of their privacy, informational self determination, ​​freedom of assembly, ​secrecy of correspondence and free speech - basic civil rights that ensure and back up our democracies.
* '''Safer government institutions and companies''' from espionage and "cyber" attacks.
<br>Use cases are for example online banking, government communication with citizens including tax returns, diplomatic and business communication and journalism.


* ''' Maidsafe ''' (http://maidsafe.net/): Internet replacement stack with commercial background.
= Approach =
* ''' Ethereum ''' (https://www.ethereum.org/):  Programmable blockchain agent framework,  a cryptocurrency platform and Turing-complete programming framework intended to allow a network of peers to administer their own stateful user-created smart contracts in the absence of central authority. It features a blockchain-based virtual machine that securely records and incentivizes the validation of transactions, i.e. code executions, made through a cryptocurrency called Ether. Smart contracts deployed on the Ethereum blockchain are paid for in Ether.
* '''Nxt''' (https://en.wiediakip.org/wiki/Nxt): cryptocurrency and payment network launched in November 2013 by anonymous software developer BCNext. It uses proof-of-stake to reach consensus for transactions - as such there is a static money supply and, unlike bitcoin, no mining. Nxt was specifically conceived as a flexible platform around which to build applications and financial services. It has an integrated Asset Exchange (comparable to shares), messaging system and marketplace. Users can also create new currencies within the system. The last major release enabled Multisignature capabilities and a plugin-system for the client.


[[Datei:BuildingBridges_CCOby_HebiFot.jpeg|thumb|none|700px|Building Bridges|alt=Bridge being built]]
We aim to unite the different forces and resources of Free Software projects to achieve what none of them could do alone: Kickstart a network effect and provide a more secure and confidentiality preserving communication means to a significant part of the world-population - a new internet fitted with a set of privacy tuned services. To get there we built bridges by creating a better documentation for circa 20 privacy projects during our [[EDN#Software_Documentation_Marathon.E2.84.A2 | Software Documentation Marathon™]]. It will include a first analysis of the project's security and privacy qualities and recommendations for collaborations between interoperable projects.
On this basis we are able to proceed with the testing of different stacks and a [[EDN/Testing | Prototypical Realization]] of a wifi-mesh-able new internet with multiple integrated services.
<br clear=all>
<br>
<br>
== Software Documentation Marathon™ ==


=== Messaging ===
We plan a ''Software Documentation Marathon™'', where we document and analyze circa 20 free software [https://projectedn.wordpress.com/cutting-edge-technologies/ projects]
Key elements of our work will be to assemble '''detailed API descriptions''' of the projects and its modules and to identify and highlight '''Interoperability between projects'''.
<br clear=all>
<br>
[[Datei:Interview_tiny.jpeg|thumb|left|300px| We conduct personal interviews. [[EDN#Software_Documentation_Marathon.E2.84.A2#Picture_References | (2)]]|alt=Two people sitting at a table.]]
We will collect the information needed by personal interviews with the privacy project developers.


* ''' Briar ''' (https://briarproject.org/): Delay-tolerant network for secure messaging (one-to-one, one-to-many and many-to-many), capable of operating over a diverse mixture of transports including Tor, Bluetooth, Wi-Fi and portable storage devices.
All the information will be gathered in a standardized way and collected in a semantic wiki providing us with a set of tools to dynamically interconnect, organize and visualize the information.
* ''' Ricochet ''' (https://ricochet.im): Anonymous peer-to-peer instant messaging using Tor hidden services, written in QT.
Beside graphs and images it enables [https://wikidevi.com/wiki/Atheros dynamically generated tables] or [https://wikidevi.com/wiki/Special:Ask query based searches].
* ''' Bitmessage ''' (https://www.bitmessage.org/wiki/Main_Page): decentralized, encrypted, peer-to-peer, trustless communications protocol '''[wiki:PromisingProjects/BitMessage Status Quo]''', written in Python.
This way our results will be easy to reuse. It will be published under the Creative Commons licence [https://creativecommons.org/licenses/by-sa/2.0/ CC-BY-SA].
* ''' Tox ''' (https://www.tox.im/): Skype replacement: encrypted peer-to-peer messenger/phone and video.
The Software Documentation Marathon™ delivers the work base for [[EDN/Testing | Prototyping and Testing]].
* '''Pond''' (https://pond.imperialviolet.org/): forward secure, asynchronous messaging. Server-based.
<br>
* '''Timberdoodle''' (https://github.com/timberdoodle/TimberdoodleApp): "device-to-device anonymous communication application for the Android platform."
<br>
* '''Vuvuzela''' (https://people.csail.mit.edu/nickolai/papers/vandenhooff-vuvuzela.pdf): Scalable Private Messaging Resistant to Traffic Analysis.
<br clear=all>
* '''Riffle''' (http://dedis.cs.yale.edu/dissent/papers/riffle.pdf): An Efficient Communication System With Strong Anonymity.
; Note: @Software Documentation Marathon™: We used the ™ just for fun to express that we like the name of this phase very much. Everyone who likes the name too can use it!
* '''Cables''' (http://dee.su/cables): "Cables communication implements secure and anonymous communication using email-like addresses, pioneered in Liberté Linux. Cables communication is Liberté’s pivotal component for enabling anyone to communicate safely and covertly in hostile environments."
<br>
* '''Rumble''' (http://disruptedsystems.org/): "Just like Twitter, Rumble allows you to share message, however Rumble does not rely on any infrastructure network to work, not even the Internet. It is entirely off-the-grid and pretty unique too!" - for Android
<br>


=== Social Networking ===
=== Software Documentation Contents ===


Social Networking usually implies Distributed Storage (see below). If not limited to a public-to-all Twitter use case, it also implies Messaging (see above). Would be useful to distinguish simple Twitter clones (official terminology: microblogging) that may not be very helpful from a privacy perspective from real attempts to address the Facebook use case.
<gallery mode="nolines" widths=200px heights=200px perrow=3>
Datei:Prozent1.svg|alt=Percent|'''Status Quo of the Marathon''' (progress bar), total and for every single project [[EDN#Software_Documentation_Marathon.E2.84.A2#Picture_References | (3)]];
Datei:Coloredshapesccby10binary-Dmos.svg.png|alt=Colored Shapes|'''Basic Information''': programming-language(s), software-licence(s), etc. [[EDN#Software_Documentation_Marathon.E2.84.A2#Picture_References | (4)]];
Datei:ColoredbyDemospartsSVG_Richard_Wheeler(Zephyris)2005Converted2SVGbyRyanlerch.svg|alt=Helicopter Anatomy|'''Project Anatomy:''' Visualization of the Projects' Architecture, description of its components, their functionality, its interaction/communication, link to its code base [[EDN#Software_Documentation_Marathon.E2.84.A2#Picture_References | (5)]];
Datei:DocumentationCObyOpemIcons_modifiedwithsourceCodeCCbySimpleIcons_Green.svg|alt=Documentation|'''Unified API Documentation''' for every project and its modules (we choose one of existing standards) including its privacy, security and performance assertions and preconditions [[EDN#Software_Documentation_Marathon.E2.84.A2#Picture_References | (6)]];
Datei:Open-innovation-offccbyberteh_orange.svg|alt=Connected incandescent bulbs|'''Highlighting Interoperability''': intersections where projects could be connected and therefore collaborate or simply share code[[EDN#Software_Documentation_Marathon.E2.84.A2#Picture_References | (7)]];
Datei:NewHaldi_wikimediaCommonsBluered.svg|alt=New Haldi|'''Known Vulnerabilities and Resistance''' to a list of attacks and more (+ derivable vulnerabilities) [[EDN#Software_Documentation_Marathon.E2.84.A2#Picture_References | (8)]];
Datei:Ccbycarlitos-BikeWheel.svg|alt=Bike-wheel|'''Double Implementations''' of similar functionality [[EDN#Software_Documentation_Marathon.E2.84.A2#Picture_References | (9)]];
Datei:Tanabata-Wish-TreeCCbyuroesch_REcoloredbyDmos.svg|alt=Tanabata-Wish-Tree|'''Top Features''' the projects would like to implement/integrate (that meet hard problems such as anonymity and large scale mesh-networking) [[EDN#Software_Documentation_Marathon.E2.84.A2#Picture_References | (10)]];
Datei:Cycling_CC0.png|'''Tests performed''' : Details about tests that have been already performed by the projects|alt=a person riding a bike;
</gallery>


* ''' Secushare ''' (http://www.secushare.org/): Distributed pubsub and multicast architecture on top of GNUnet intended to provide advanced communication capabilities and distributed social networking
* '''Phoenix''' (https://github.com/pfraze/phoenix): "distributed social network. It uses cryptographic key pairs to create feeds and publish unforgeable entries which can spread across the network. Relay servers optionally aggregate and redistribute the feeds." Written in C++. The "distributed" claim has not been checked yet.
* '''Masques''' (https://github.com/macourtney/masques): social networking, self hosting. Uses I2P to transfer information directly between two parties.
* '''Twister''' (http://twister.net.co), whitepaper (http://arxiv.org/abs/1312.7152), (http://skilledtests.com/wiki/Twister): Twister is a secure and fully-decentralized P2P microblogging platform based on concepts and code from Bitcoin and Libtorrent, written in C++. This one is interesting, although limited to the Twitter use case.
* '''Nightweb''' (https://nightweb.net/): "connects Android devices or PC to an anonymous, peer-to-peer social network. Users can write posts and share photos, and their followers will retrieve them using BitTorrent running over the I2P anonymous network. It is still experimental." '''Unfortunately''' this project has been discontinued according to zzz of I2P.




=== Distributed Data (File Storage) ===
'''Some properties could be organized like this:'''


* '''BitTorrent''' (https://en.wikipedia.org/wiki/BitTorrent): " BitTorrent Open Source Licence: The Free Software Foundation considers it to be a free software license, albeit one incompatible with the GNU General Public License."
* Claims to provide (list of [[EDN#I._Privacy_and_Security_Criteria | criteria]])
* '''Gittorrent''' (): ""
* (Actually provides (list of [[EDN#I._Privacy_and_Security_Criteria | criteria]])-> checked by testing phase)
* '''WebTorrent/Instant.io''' (): ""
* Enables (list of [[EDN#Services | services]])
* '''Camlistore (Content-Addressable Multi-Layer Indexed Storage)''' (http://camlistore.org/): "set of open source formats, protocols, and software for modeling, storing, searching, sharing and synchronizing data in the post-PC era. Data may be files or objects, tweets or 5TB videos, and you can access it via a phone, browser or FUSE filesystem. Private by default. No SPOF (Single Point of Failure)", Written in Go.
* Replaces (list of proprietary software)
* ''' Tahoe-LAFS ''' (https://tahoe-lafs.org/trac/tahoe-lafs) high latency tool: decentralized cloud storage system. It distributes data across multiple servers. If some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly
* Prevents (list of attacks under (list of conditions))-> threat model (type)-TRIKE
* '''Storj''' (http://storj.io/): "decentralized, secure and efficient cloud storage service that integrates peer-to-peer protocols based on Bitcoin." Written in Python.
* Interfaces with (ecosystem): ?
* '''Siacoin''' (http://sia.tech/): "shared economy, (...) data is stored across multiple nodes and tracked by automated smart contracts. There is no central point of failure. Files are automatically and securely encrypted with industrial-grade algorithms. Sia uses a blockchain to track and ensure their full integrity. No host can view the files that it is hosting, and files can withstand large network outages without corrupting."
* Interconnects with (list of OSI-layers, list of software projects, list of [[Echt_Dezentrales_Netz/modules#Rawlist_of_existing_modules.2Fpatterns | modules]])
* ''' IPFS ''' (https://github.com/ipfs/ipfs), (http://ipfs.io): "hypermedia distribution protocol, addressed by content and identities. IPFS enables the creation of completely distributed applications." Written in Go.
* Implements (list of [[Echt_Dezentrales_Netz/modules#Rawlist_of_existing_modules.2Fpatterns | modules]])
* ''' Secure Scuttlebutt ''' (https://github.com/ssbc/secure-scuttlebutt) Secure database with replication
* Is component or standalone (full app) or runs on bare metal
* '''Ori''' (http://ori.scs.stanford.edu/): A distributed file system built for offline operation and empowers the user with control over synchronization operations and conflict resolution. It provides history through light weight snapshots and allows users to verify the history has not been tampered with. Through the use of replication instances it is resilient and can recover damaged data from other nodes. Written in C++.
* Runs on Unix like operating systems
* '''eDonkey network (eD2k)''' (http://en.wikipedia.org/wiki/EDonkey_network): "decentralized, mostly server-based, peer-to-peer file sharing network best suited to share big files among users, and to provide long term availability of files"
* '''ZeroNet''' (http://zeronet.io/), (https://github.com/HelloZeroNet/ZeroNet): "Decentralized websites using Bitcoin crypto and the BitTorrent network. Real-time updated sites, Namecoin .bit domains support, easy to setup: unpack & run, password-less BIP32 based authorization: the user account is protected by same cryptography as her/his Bitcoin wallet, built-in SQL server with P2P data synchronization: allows easier site development and faster page load times, Tor network support, automatic, uPnP port opening, plugin for multiuser (openproxy) support"
* '''ClearSkies''' (https://github.com/jewel/clearskies): "peer-to-peer file sync program. It is inspired by BitTorrent Sync, but has an open and fully-documented protocol." Written in C.
* '''Cryptosphere''' (http://cryptosphere.org/): "global peer-to-peer cryptosystem for publishing and securely distributing both data and HTML5/JS applications pseudonymously with no central point of failure. It’s built on top of the next-generation Networking and Cryptography (NaCl) library and the Git data model."
* '''Drogulus''' (http://drogul.us/): "programmable peer-to-peer data store. It’s an open, federated and decentralised system where the identity of users and provenance of data is ensured by cryptographically signing digital assets."
* '''StreamRoot''' (http://www.streamroot.io/): "JavaScript in-browser video player using WebRTC. It creates a real-time peer-to-peer sharing network of users watching the same videos simultaniously, and reduces the origin server’s bandwidth usage."
* '''PeerCDN''' (https://peercdn.com/): "automatically serves a site’s static resources (images, videos, and file downloads) over a peer-to-peer network made up of the visitors currently on the site."
* '''Kademlia''' (http://en.wikipedia.org/wiki/Kademlia): "distributed hash table for decentralized peer-to-peer computer networks". '''Unfortunately''' prone to sybil attacks.
* '''Bitcloud''' (http://bitcloudproject.org): "distributed cloud storage system and escrow agent based on Tahoe-LAFS that allows publishers to pay storage nodes for storing encrypted data and sharing that data with others. The decentralized nature of Bitcloud allows anyone to publish large amounts of data in a way that is free from censorship, high costs, and proprietary software. The first application for bitcloud will be WeTube, a platform for viewing and publishing videos, podcasts, ebooks, music, and other forms of media."
* '''Syndie''' (http://syndie.i2p2.de/): system for operating distributed forums offering a secure and consistent interface to various anonymous and non-anonymous content networks. Written in Java.
* '''Syncthing''' (http://syncthing.net/): "Replaces Dropbox and BitTorrent Sync with something open, trustworthy and decentralized. full data souveranity: user decides where it is stored, if it is shared with some third party and how it’s transmitted over the Internet." Written in Go.
* '''Thali''' (http://thali.codeplex.com): personal data store that syncs across one or more of your devices, and selectively, via one or more apps) to one or more more trusted peers. Data store: Couchbase Lite (open source, NoSQL, multi-master sync). Trust model: public key exchange, mutual SSL authentication. Network transport: HTTPS. P2P mechanisms: local/ad-hoc, or Tor (using hidden services).
* '''Osiris''' (http://www.osiris-sps.org/): software for decentralized portal aka forum, managed and shared via P2P between members. Written in C++.
* '''CeNo''' (https://censorship.no/) Accessing bundled static websites via Freenet.


=== Crypto ===
=== Benefits ===
The documentation leads to:


* '''Demoncrypt''' (https://github.com/eijah/demoncrypt): "a lightweight C++ wrapper around some of the more common crypto routines in Crypto++. Demoncrypt is the open-source crypto layer used in demonsaw."
* '''Better maintainability of code''', deployability without big effort by the projects;
* '''NaCl''' (http://nacl.cr.yp.to/): "Networking and Cryptography library."
* '''Saving ressources''' ((wom-)men-power, in best case bandwidth and computational cost;
* '''Faciliate collaboration between projects in order to solve hard problems such as anonymity but also provide other desired features and better usability;
* '''Ensuring security more easy''' by using proven modules;
* '''A thorough Knowledge-base''' for researchers and developers that spares valuable time to get to know other projects without reading tons of code;
* '''A thorough Knowledge-base''' for foundations in this field;


=== Other ===
<br>
<br>


* '''Tau-Chain''' (http://www.idni.org/tauchain), (http://tauchain.org/tauchain.pdf), (https://github.com/naturalog/tauchain), (http://www.idni.org/blog): "Programmable decentralized P2P network based on ontologies and reasoning.(...) being a generalization of many centralized and decentralized P2P networks, including the Blockchain." Written in C++.
== Combination-Prototyping and Testing ==
* '''BaseParadigm''' (http://baseparadigm.org/), contact (http://www.wavis.org/): A distributed graph where every edge has seven fields and answers a question. It is the foundation of the rest of the work being done in the Spaciousness project. library for managing a content addressable binarysemantic graph. Content addressability means enabling a number of dataexchange protocols (including p2p) for a developer using BaseParadigm. Content addressable data is immutable, and so a semanticgraph is necessary for managing updates, annotations, reputation, and navigational links. It lays the basis for a new paradigm for data management that can be done offline as much as is desirable, and puts control over data storage, transmission, and processing back in the hands of the user. Identity management becomes data management rather than what it is today: contract management with third party webservices. Application interop is simplified from web API support to simple graph queries. The user’s experience is that all their data is available all the time in the places they expect.
[[Datei:Maxresdefault_.jpg|thumb|none|700px|alt=a set of mechanic tools]]
* '''SocietyOfMind''' (http://github.com/theProphet/SocietyOfMind): complete information model to make a p2p network and 3-d visualization layer that can scale to billions, re-make the Internet, and form a meta-mind for the planet.
The [[EDN#Software_Documentation_Marathon | Software Documentation Marathon™]] delivers our working basis to preselect a combination of projects or modules that are interoperable and meet our [[EDN/Criteria | standard]].
* '''Wave/Apache Wave''' (http://incubator.apache.org/wave/): "distributed, near-real-time, rich collaboration platform that allows users to work together in new and exciting ways. allows for flexible modes of communication, blending chat, email and collaborative document editing in to one seamless environment." Written in Java.
In this phase our objective will be to create prototypes and test them in a generic manner on a virtual and a real testbed.
* '''Shark''' (http://sharksystem.net/): framework for building semantic P2P applications in Java. It facilitates building decentralized application based on the notion of ontologies. The name is an acronym for ‘Shared Knowledge’.
* '''YaCy''' (http://www.yacy.net/en/): "peer-to-peer search that anyone can use to build a search portal for their intranet or to help search the public internet. When contributing to the world-wide peer network, the scale of YaCy is limited only by the number of users in the world and can index billions of web pages. It is fully decentralized, all users of the search engine network are equal, the network does not store user search requests and it is not possible for anyone to censor the content of the shared index." Written in Java.
* '''Telehash''' (http://telehash.org/):  encrypted P2P JSON-based protocol enabling developers to quickly build apps that are distributed and private. Written in JavaScript (http://about.psyc.eu/TeleHash – '''Unfortunately''' no metadata protection, no scalability).
* '''Blinkot''' (https://github.com/akumpf/blinkot),(http://skilledtests.com/wiki/Blinkot): embeds arbitrary HTML in a URL-contained wrapper/decentralized, democratized, and robust way to collect and distribute short-form information.
* '''Agoras''' (http://www.idni.org/agoras): "An intelligent market built upon Tau-Chain.Development on freenode at #zennet"
* ''' BALL ''' (http://ball.askemos.org/): "autonomous, persistent execution environment to realize integrity protection of data and operations, authenticated timestamps, compliance auditing."
* ''' FreedomBox ''' (https://wiki.debian.org/FreedomBox): "Project to develop, design and promote personal servers running free software for private, personal, communications."
* '''ePlug''' (http://kenCode.de/projects): "tiny circuit board that resides inside of ‘ePlug Certified’ electrical outlets. Decentralized Meshnet, distributed computing, 6 gig WiFi. ISP’s, CDN’s and racks of servers, switches and wire no longer needed."
* '''KadNode''' (http://github.com/mwarning/KadNode): delegates DNS requests (*.p2p) from any application and tries to resolve it using the BitTorrent Mainline DHT. Own addresses can be announced and combined with public/secret keys. KadNode can be used as a decentralized DynDNS system, but also covers many other use cases. Written in C. Warning: Bittorrent's Kademlia DHT suffers from many attacks.


=== Federation projects ===
<br clear=all>


The term distributed is understood differently in the community.
'''Testing Objectives:'''
However the following projects are not distributed in our understanding - they run on servers.


* '''Tent''' (http://tent.io/), (http://skilledtests.com/wiki/Tent): protocol for open, distributed social networking.
* Deployability and Configurability
* '''Kune''' (https://en.wikipedia.org/wiki/Kune_%28software%29 ), (http://skilledtests.com/wiki/Kune): a distributed social network, started in 2007 (concept since 2005). real-time collaborative editing, decentralized social networking and web publishing, while focusing on workgroups rather than just on individuals, written in Java.
* Scalability
* '''Buddycloud''' (http://buddycloud.com): "massively scaled and fully distributed social network." Written in Java. Buddycloud has been asked not to use the word "distributed" but they just keep on doing so like many non-computer-scientific projects in the field. Buddycloud runs on XMPP and therefore operates in a federation of servers.
* Reliability: Under normal conditions, hard conditions, attacks: Percentage of completed/successful processes.
* Performance: How does a complete process take in worst case?
* Lightweight: Payload and program size
* Security and Privacy : Resists a list of attacks in percentage.


== Approach ==
<br clear=all>


We hope to '''unite''' the different '''forces''' and ressources that aim for more privacy and security such as the older and upcoming software projects, scientists, activists and others and therefore achieve what none of them could do alone.
<gallery widths=100px heights=100px>
We start by doing a thorough evaluation of a preselection of projects.
Datei:Taekwondo_CC0.png|Resilience|alt=Two figures fighting Taekwondo
Datei:Cycling_CC0.png|Performance|alt=Cycling person
Datei:Weightlifting_CC0.png|Networking overhead and size of program|alt=Weightlifting Person
</gallery>




==== Who benefits from the Evaluation? ====
'''Testing:'''
* The '''projects''' themselves
* The '''foundations''', because this evaluation helps them assessing the projects, being able to decide on the resulting  knowledge base which projects they want to fund
* The '''users''', because eventually the projects that provide the highest standard of confidentiality and integrity will get funded and be available. They get to know which projects do in the first place.


* One or two services on different stacks
=== Evaluation ===
* New combinations of modules for the stacks
'''''Preanalysis -> Workshops -> Analysis -> Testing'''''<br>
* Multiple network configurations with respect to specific situations (e.g., attack scenarios, dense and distant mesh, internet connected nodes)
''Time frame: 1 to 1,5 years<br>
* Multiple services on one stack
''Results:''<br>
* ''Selection of the „WillTestProjects“''
* ''Documentation: Visual processing and publication of findings''


We plan a number of workshops, where we collect the information needed by personal interviews with the privacy project developers.
Since we may not fund the evaluation of [[EDN#Privacy_Projects | all]] projects we will preselect which projects to invite.
Being all together we will use that unique chance to discuss possible interesections and details of testing.
The resulting documentation and its analysis will be helpful both for the projects and us needing to decide which projects we will take a closer look at.


'''Test Results Reveal'''


==== Documentation ====
* Best stack for given service and situation
* Optimal network configuration for the different use cases
* Sweet spots between scalability, performance, and privacy and security


One part beside graphs and pictures could be tables generated by a semantic wiki. On [https://wikidevi.com/ WikiDevi] You can see an example for the [https://wikidevi.com/wiki/Atheros tables] and for [https://wikidevi.com/wiki/Special:Ask query based search] in such a semantic wiki.
<br>


There we provide:
= Best Current Practice Recommendation =
*  A visualization of the status quo of the evaluation (progress bar), total and for every single project
*  Unified API Documentation for every project and its modules
* Visualization of the projects architecture with description of the components, its functionality, its interaction (communication) and link to codebase
* Interoperability: Possible intersections where projects could be connected
* Basic information as the programming languages
* Vulnerablities and resistance to a list of attacks and more


For every project may be offered four different perspectives that display different properties of the project:
The following is an essence of a [http://secushare.org/comparison Best Current Practice Recommendation].


* User
<gallery widths=100px heights=100px>
* Development
Datei:Ricochet.png|''Instant Messaging: [https://ricochet.im/ Ricochet]''|alt=Logo Ricochet
* Management/admin
Datei:Tribler-logo.png|''Filesharing:  [http://www.tribler.org/ Tribler]''
* Networking (position in osi-layer)
Datei:Bitmessage.png|''Asynchronous Messaging: [https://www.bitmessage.org/wiki/Main_Page Bitmessage]''
Datei:306px-Tor-logo-2011-flat.svg.png|We add this one for Browsing: [https://www.torproject.org/projects/torbrowser.html.en Tor-Browser-Bundle]
</gallery>
<br clear=all>


==== Testing ====
= Community and Crew =


'''Testing Objectives:'''
We are [https://libreplanet.org/wiki/GNU/consensus/stakeholders#EDN stakeholders] of [https://gnu.org/consensus/manifesto.html GNU consensus] and allies of the [http://youbroketheinternet.org/ #youbroketheinternet] project.  
* Deployability
To our crew belong software architects, a student of Fine Arts, Privacy Project developers and Privacy and Security researchers.
* Configurability
* Reliablility: Under normal condidtions, hard conditions, attacks: Percentage of completed/sucessful processes.  
* Performance: How does a complete process take in worst case?
* Lightweight: How much overhead in the payload?
* Security and Privacy : Resists a list of attacks in percentage.  


'''Testing Results for:'''
= Contact =
* Projects in category of service on different stacks
Be with us!
* For new combinations
'''Testing Circumstances:'''
* Dense and distant mesh
* With internet connected nodes
* (One or multiple plattforms/hardwaretypes)


<div><ul>
<li style="display: inline-block;"> [[Datei:Team.jpeg|thumb|none|300px]] </li>
First contact:  demos et posteo dot de


=== Building ===
Public key via: [http://pgp.mit.edu/pks/lookup?op=get&search=0xF4B0EE66407332D8 keyserver]


'''Building:''' Building bridges between proven code and an adequate Graphical User Interface (GUI)
Fingerprint:   8B64 374A C01A 69E1 0BF2 0955 F4B0 EE66 4073 32D8


== Who benefits from confidental und integer communication means? ==
= Picture References =


'''Everyone!'''
# [https://creativecommons.org/publicdomain/zero/1.0/deed.en CCO] "Six pigs" by [http://www.publicdomainpictures.net/view-image.php?image=127443&picture=six-pigs piotr siedlecki]
* '''Average citizens''': they regain parts of their privacy, a basic civil right that ensures a proper functioning democracy.
# [https://creativecommons.org/licenses/by-sa/2.0/ CC-BY-SA] "Gingerbread Puppeteer" by [https://openclipart.org/detail/195086/gingerbread-puppeteer theyogre], decolored by dmos
* '''Government institutions and companies''': our product will make espionage and "cyber" attacks a lot harder.
# [https://creativecommons.org/licenses/by-sa/2.0/ CC-BY-SA] "Paper Trails"'' by [https://www.flickr.com/photos/lel4nd/5397107357/in/photolist-9dVzZ8 Leland Francisco]''
Use cases are for example online banking, government communication with citizens includings tax returns, diplomatic, military and business communication and journalism.
# [https://creativecommons.org/publicdomain/zero/1.0/deed.en CCO] "Delaunay Triangulation" by [https://commons.wikimedia.org/wiki/File:Delaunay_Triangulation_%28100_Points%29.svg Inductiveload]
# [https://creativecommons.org/licenses/by-sa/2.0/ CC-BY-SA] by [http://picol.org/ Picol], arranged images by dmos with filsharing image extracted from a batch by [https://www.fsf.org/resources/badges FSF]
# [https://creativecommons.org/publicdomain/zero/1.0/deed.en CCO], [https://pixabay.com/en/mountains-bridge-bridge-building-1033979/ "Bridge"]


= Picture References SDM =
# [https://creativecommons.org/publicdomain/zero/1.0/deed.en CC0] "player-running-black-and-white" by [https://pixabay.com/en/player-running-black-and-white-34370/ Clker FreeVectorImages]
# [https://creativecommons.org/licenses/by-sa/2.0/ CC-BY-SA] "Interview Without Speech Bubbles" by [https://openclipart.org/detail/233854/interview-without-speech-bubbles GSJ]
# [https://creativecommons.org/licenses/by-sa/2.0/ CC-BY-SA] Dmos
# [https://creativecommons.org/licenses/by-sa/2.0/ CC-BY-SA] "Supreme Shapes" by [https://openclipart.org/detail/116905/supreme-shapes 10binary], colored by Dmos
# [https://creativecommons.org/licenses/by-sa/2.0/ CC-BY-SA] "Helicopter Anatomy" by [https://en.wikipedia.org/wiki/File:Helicopter_AnatomySVG.svg Richard Wheeler(Zephyris)], colored by Dmos
# [https://creativecommons.org/licenses/by-sa/2.0/ CC-BY-SA] "documentation" by [https://pixabay.com/en/manual-docs-documentation-help-98728/ OpenIcons], modified by Dmos with "sourceCode" by [https://openclipart.org/detail/213242/source-code-icon SimpleIcons]
# [https://creativecommons.org/licenses/by-sa/2.0/ CC-BY-SA] "Open Innovation - off" by [https://openclipart.org/detail/175356/open-innovation-off berteh], colored by Dmos
# [https://creativecommons.org/licenses/by-sa/2.0/ CC-BY-SA] "New Haldi" by [https://commons.wikimedia.org/wiki/File:NewHaldi.jpg EvgenyGenkin], colored by Dmos
# [https://creativecommons.org/licenses/by-sa/2.0/ CC-BY-SA] "BikeWheel" by [https://openclipart.org/detail/7902/bikewheel carlitos]
# [https://creativecommons.org/licenses/by-sa/2.0/ CC-BY-SA] "Tanabata-Wish-Tree"by [https://openclipart.org/detail/179912/tanabata-wish-tree uroesch], recolored by Dmos


== Contact ==
Write us in [https://www.bitmessage.org/wiki/Main_Page Bitmessage]
BM-NBqqoMzajZNXQru2Kz4JXqq6RbsEmeuL
[[Datei:FirstContact.png]]
[[Kategorie:Projekt]]
[[Kategorie:Projekt]]
[[Kategorie:EDN]]
[[Kategorie:EDN]]
 
[[Kategorie:Abkürzung]]
--[[Benutzer:Demos|Demos]]

Aktuelle Version vom 17. Januar 2018, 08:05 Uhr

Deutsch

EDN logo with the letters EDN looking like a network and toped with two WiFi-symbols, one left and one right

We develop a new protective Internet

Welcome

This is the official wiki of the research and software project EDN (Echt Dezentrales Netz - real decentralized network). Our vision is to provide a more secure and confidentiality preserving communication means to billions of people: individuals, families and organisations of whatever format - a new internet fitted with a set of privacy tuned services running on local individual or public infrastructure and meets our standard.

News

We have a new website which addresses potential sponsors. Recently we have presented EDN to the people of Wau Holland Foundation. Thank you for your invitation!

Here is our project diary.


Note
.onion addresses can be accessed via Tor Browser Bundle

Status Quo

Centralization, Outdated Protocols




Social graphs can be extracted easily at central points of failure (1)


The prevalent digital communication means undermine their users' data integrity and confidentiality starting with all digital communication of one country going through one or just a few telecommunication providers' servers. These accumulate data, including metadata, which is the basis to derive people's social graphs, movement patterns and even psychological profiles. Further centres of data accumulation are services like Facebook, Twitter or Youtube. They profited by peoples' wish to reach as many people as possible. This has led them to focus on using certain services - known as the Network Effect - rather than privacy and security aspects. This not only helped these services grow significantly, but also led to huge data accumulations in few locations. These have its own value for several groups and provoke criminal activity to access and misuse it. When your hardware gets stolen you soon will notice that. It makes a transition from you - the rightful owner - to another one. Usually data won't be moved just copied. You won't notice the access directly or never if you have entrusted it to another party or let your digital communication flow through a single instance exposing all your meta data. To make things worse the current internet protocols base on a completely outdated threat model as the Snowden revelations have shown at the very latest. They are by design vulnerable to a number of attacks.(1, 2, 3). These open ways to undermine even overlaying structures, such as Tor, deanonymizing its shelter seeking users and hidden services by traffic correlation.

These conditions- the brokeness and centralization- facilitate:

  • Censorship: On plattforms and by countries;
  • Passive Mass Spying;
  • Active Intrusion on a global scale;

It is most likely that patches like overlay networks can only ease the shortcomings of the current internet but not fix it using this vulnerable basis for confidential communication. This may be less critical for high latency networks over the Internet or Sneakernets that do not use the internet at all. Alternative networks, however suffer from the following problems. Their network is unlikely to gain enough users, due to shortcomings in their accessibility and usability. Thus, it will not be attractive for most people wanting to communicating with their friends. Moreover, such a small user group might also jeopardize the users anonymity and privacy, as each user is deemed suspicions and errors in the network stack take longer to get fixed. Finally, this cast doubt on the whole idea of an alternative network. To break this cycle, we think that multiple well tuned secure solutions must be brought together focusing on accessibility and usability, to combine and increase their small user groups and kick start the required Network Effect.

Threat Model


We presume a global active attacker that does automated intrusion such as traffic shaping.We share our threat model with Secushare.



Competitiveness and Lack of Collaboration

Here is our list of Privacy Software Projects.

man standing on a field covered with scattered pieces of paper
Highly fragmented privacy and security software landscape (3)

The privacy and security software landscape is highly fragmented. This has implications for their quality and therefore for their users' privacy and security. We found over 80 Free Software Privacy Projects and this is nowhere near complete regarding this survey. All compete for contributors, funding, users, bandwidth while implementing redundant, often mediocre solutions which is no wonder since most of them lack resources to do it all good. This leads to bad code documentation, which consequently impedes potential help by new developers or researchers finding vulnerabilities and providing more secure solutions. These are some reasons why there is almost no collaboration between the projects although they share the same goals and would benefit from these collaborations exceptionally.




Goal


City Wide Communication via local infrastructure

Regarding the design flaws of the current internet, we believe that a complete new internet providing confidentiality, integrity of communication and censorship-resistance is indispensable. We envision the new stack to be

  • Privacy tuned for and delivered with several services
  • Convenient and attractive to use, focusing on accessibility and usability
  • Able to run on local individual or public infrastructure
  • Free Software

The new internet uses the existing infrastructure to form a difficult-to-monitor cellphone/router/computer network. Its communication runs, first and foremost, on top of a combination of WiFi, copper and fibre optics. Moreover, we consider Bluetooth, Ultra Wideband (UWB), red light, UKW and satellite uplinks - shortly all allowed frequencies and means of digital communication.



Criteria for the New Internet

The new internet should meet the following criteria. The quality of security and privacy might vary between the different exposed services. (...).


Services

public personal/private
Text Chat of local (neighboring) nodes To a single person: Chat, Email or SMS To multiple people: Chat or mailing list
Audio/Telephony/Video Call among locally restricted nodes normal call conference call
Other formats ? ? ?


  • Social-Networking: Messaging, Micro Blogging, (Video)-Telephony;
  • Data Storage (individual, group and public access);
  • Searching contents in local and other reachable networks;
  • Mirroring contents of the "old" internet;
  • Payment system;
  • Smart contract (blockchain);
  • Collaborative document editing.




Overtaking the Attackers

The arms race between attackers and defenders over data security and privacy on the internet is ongoing. However the conditions are good to overtake the attackers generously and change the game in favor of the defenders by way of variety replacing the broken internet by a combination of cutting-edge technologies:


  • New internet protocol stacks: There are new internet stacks among the privacy software projects such as GNUnet, Maidsafe, Net2o and implementations: http://www.irati.eu/ RINA. They have developed privacy aware routing and decentral naming systems for over ten years now. They are waiting for having services set and top of them and evaluated.
  • Matured operating systems for embedded devices and wifi-meshnet-routing: It increases the effort of espionage if a computer network is decentralized. One important part of this is even to decentralize local communication by using a wireless network in connection with multiple internet accesses. Open Wireless Communities are existing already for some years. Have developed and optimized their routing algorithms and gained experience. They deploy routers and boards using Linux-based firmwares such as OpenWRT and DD-WRT. GNUnet has already been packet for OpenWRT and has potential to revolutionize Open Wireless communities.
  • Authority Free Onion Routing using BRAHMS is on the way.
  • Reproducible Builds: "to empower anyone to verify that no flaws have been introduced during the build process by reproducing byte-for-byte identical binary packages from a given source."


Beneficiaries of the New Internet

In the long run everyone will benefit from the new internet, since it is censorship resistant, provides confidentiality and integrity preserving services. It results in:

  • Average citizens regaining parts of their privacy, informational self determination, ​​freedom of assembly, ​secrecy of correspondence and free speech - basic civil rights that ensure and back up our democracies.
  • Safer government institutions and companies from espionage and "cyber" attacks.


Use cases are for example online banking, government communication with citizens including tax returns, diplomatic and business communication and journalism.

Approach

Bridge being built
Building Bridges

We aim to unite the different forces and resources of Free Software projects to achieve what none of them could do alone: Kickstart a network effect and provide a more secure and confidentiality preserving communication means to a significant part of the world-population - a new internet fitted with a set of privacy tuned services. To get there we built bridges by creating a better documentation for circa 20 privacy projects during our Software Documentation Marathon™. It will include a first analysis of the project's security and privacy qualities and recommendations for collaborations between interoperable projects. On this basis we are able to proceed with the testing of different stacks and a Prototypical Realization of a wifi-mesh-able new internet with multiple integrated services.


Software Documentation Marathon™

We plan a Software Documentation Marathon™, where we document and analyze circa 20 free software projects Key elements of our work will be to assemble detailed API descriptions of the projects and its modules and to identify and highlight Interoperability between projects.

Two people sitting at a table.
We conduct personal interviews. (2)

We will collect the information needed by personal interviews with the privacy project developers.

All the information will be gathered in a standardized way and collected in a semantic wiki providing us with a set of tools to dynamically interconnect, organize and visualize the information. Beside graphs and images it enables dynamically generated tables or query based searches. This way our results will be easy to reuse. It will be published under the Creative Commons licence CC-BY-SA. The Software Documentation Marathon™ delivers the work base for Prototyping and Testing.


Note
@Software Documentation Marathon™: We used the ™ just for fun to express that we like the name of this phase very much. Everyone who likes the name too can use it!



Software Documentation Contents

  • Percent

    Status Quo of the Marathon (progress bar), total and for every single project (3);

  • Colored Shapes

    Basic Information: programming-language(s), software-licence(s), etc. (4);

  • Helicopter Anatomy

    Project Anatomy: Visualization of the Projects' Architecture, description of its components, their functionality, its interaction/communication, link to its code base (5);

  • Documentation

    Unified API Documentation for every project and its modules (we choose one of existing standards) including its privacy, security and performance assertions and preconditions (6);

  • Connected incandescent bulbs

    Highlighting Interoperability: intersections where projects could be connected and therefore collaborate or simply share code (7);

  • New Haldi

    Known Vulnerabilities and Resistance to a list of attacks and more (+ derivable vulnerabilities) (8);

  • Bike-wheel

    Double Implementations of similar functionality (9);

  • Tanabata-Wish-Tree

    Top Features the projects would like to implement/integrate (that meet hard problems such as anonymity and large scale mesh-networking) (10);

  • a person riding a bike;

    Tests performed : Details about tests that have been already performed by the projects


Some properties could be organized like this:

  • Claims to provide (list of criteria)
  • (Actually provides (list of criteria)-> checked by testing phase)
  • Enables (list of services)
  • Replaces (list of proprietary software)
  • Prevents (list of attacks under (list of conditions))-> threat model (type)-TRIKE
  • Interfaces with (ecosystem): ?
  • Interconnects with (list of OSI-layers, list of software projects, list of modules)
  • Implements (list of modules)
  • Is component or standalone (full app) or runs on bare metal
  • Runs on Unix like operating systems

Benefits

The documentation leads to:

  • Better maintainability of code, deployability without big effort by the projects;
  • Saving ressources ((wom-)men-power, in best case bandwidth and computational cost;
  • Faciliate collaboration between projects in order to solve hard problems such as anonymity but also provide other desired features and better usability;
  • Ensuring security more easy by using proven modules;
  • A thorough Knowledge-base for researchers and developers that spares valuable time to get to know other projects without reading tons of code;
  • A thorough Knowledge-base for foundations in this field;



Combination-Prototyping and Testing

a set of mechanic tools

The Software Documentation Marathon™ delivers our working basis to preselect a combination of projects or modules that are interoperable and meet our standard. In this phase our objective will be to create prototypes and test them in a generic manner on a virtual and a real testbed.


Testing Objectives:

  • Deployability and Configurability
  • Scalability
  • Reliability: Under normal conditions, hard conditions, attacks: Percentage of completed/successful processes.
  • Performance: How does a complete process take in worst case?
  • Lightweight: Payload and program size
  • Security and Privacy : Resists a list of attacks in percentage.


  • Two figures fighting Taekwondo

    Resilience

  • Cycling person

    Performance

  • Weightlifting Person

    Networking overhead and size of program


Testing:

  • One or two services on different stacks
  • New combinations of modules for the stacks
  • Multiple network configurations with respect to specific situations (e.g., attack scenarios, dense and distant mesh, internet connected nodes)
  • Multiple services on one stack


Test Results Reveal

  • Best stack for given service and situation
  • Optimal network configuration for the different use cases
  • Sweet spots between scalability, performance, and privacy and security


Best Current Practice Recommendation

The following is an essence of a Best Current Practice Recommendation.


Community and Crew

We are stakeholders of GNU consensus and allies of the #youbroketheinternet project. To our crew belong software architects, a student of Fine Arts, Privacy Project developers and Privacy and Security researchers.

Contact

Be with us!

Abgerufen von „https://wiki.c3d2.de/w/index.php?title=EDN&oldid=27197