[freehaven-dev] Big-picture use for anonymous network

[Roger Dingledine <arma@mit.edu>]

On Mon, Mar 05, 2001 at 01:22:16PM -0500, Michael J Freedman wrote:
> There are two different type of public-key schemes in the network.  (We
> probably want names for these):
> 
> 1.  PK_network (PK_net) is used for anonymous network communication.  We need
> some database method (described later) to map PK_net to IP address for
> routing.   
> 
> 2. PK_filesystem (PK_fs) used for end-to-end encryption in the (Free Haven)
> file system backend.  This is the "pseudonymous" handle of peers, from which
> pseudonymous file sharing and reputation systems will be built.
 
In the simplest case, Alice is simply using the network as a one-way
anonymizing system. She picks a path A -> 1 -> 2 -> 3, where 3 is running
a "web exit" service, and she builds a route onion plus some data for 3
("www.ibm.com"). Then she plunks it into the network, and an anonymized
tcp connection is made. She sends "GET /", and 3 serves her the web page.

Of course, this requires 3 to know about the concept of a web page
(or at least an outgoing tcp connection), and be offering to go
fetch them for people. This comes in the form of a module living on 3
which handles incoming packets which ask for a "web request" (perhaps
it would only allow web requests which are for port 80). There's a
different module which might handle incoming packets which ask for a
"freenet connection". Of course, there might be a generic module called
"plaintext tcp outgoing", but due to the abuse potential, maybe not
all that many people will run that module. [This is the point at which
you argue me away from having a different module for every conceivable
service, in favor of having more generic modules. Please do.]

There's still another jump to be made, though: we want peoples' browsers
and such to be able to use this thing transparently. This comes in the
form of a module on the local node, called "web entry" or some such.
It is run out of the main anon-network-server process (or thread, or
whatever), and (say) listens on port localhost:8080 and parses stuff
into requests to 3. Alice can run a squid on her side if she wants to
help sanitize her requests (that is, remove identifying information which
browsers enjoy putting in). 3 can also run a squid if he feels like it.

My motivation for this is to allow use of this network by all of the p2p
systems out there. Each of them thinks it would be kind of neat to allow
anonymity, but none of them is offering a level of anonymity that we feel
comfortable with. If we can provide an "anonymizing entry point network"
for them, then poof, they have more anonymity than they had before. Plus,
at the simplest we can offer an alternate service to anonymizer.com.

I think it would be kind of fun if we could use this to connect to
Napster. But one step at a time. :) Anyway, I wanted to give a feel for
the sort of big picture that I'm aiming for here. We need this thing to
be around and working in order for Free Haven to even be a possibility;
but we also need it to be highly used in order for it to be useful to
anybody. So we want it to appeal to a wide range of users who are all
using it for different things.

Are there other ways of getting what I describe above? Is the idea of
making the nodes "not all identical" in terms of services a bad idea?
(They're already not all identical, in that some are firewalled and some
aren't, and each has a different bandwidth level/latency to offer.)

--Roger