* Accounting to Encourage Resource Sharing::
* Confidentiality::
* Anonymity::
-* Deniability::
+* Deniability::
* Peer Identities::
* Zones in the GNU Name System (GNS Zones)::
* Egos::
(@uref{https://git.gnunet.org/bibliography.git/plain/docs/article-89.pdf, https://git.gnunet.org/bibliography.git/plain/docs/article-89.pdf}))
that can help quantify the level of anonymity that a given mechanism
provides, there is no such thing as "complete anonymity".
+
GNUnet's file-sharing implementation allows users to select for each
operation (publish, search, download) the desired level of anonymity.
-The metric used is the amount of cover traffic available to hide the
-request.
-While this metric is not as good as, for example, the theoretical metric
-given in scientific metrics,
-it is probably the best metric available to a peer with a purely local
-view of the world that does not rely on unreliable external information.
-The default anonymity level is @code{1}, which uses anonymous routing but
-imposes no minimal requirements on cover traffic. It is possible
+The metric used is based on the amount of cover traffic needed to hide
+the request.
+
+While there is no clear way to relate the amount of available cover
+traffic to traditional scientific metrics such as the anonymity set or
+information leakage, it is probably the best metric available to a
+peer with a purely local view of the world, in that it does not rely
+on unreliable external information or a particular adversary model.
+
+The default anonymity level is @code{1}, which uses anonymous routing
+but imposes no minimal requirements on cover traffic. It is possible
to forego anonymity when this is not required. The anonymity level of
@code{0} allows GNUnet to use more efficient, non-anonymous routing.
the Internet. And while we assume that the adversary
can not break our encryption, we assume that the adversary has many
participating nodes in the network and that it can thus see many of the
-node-to-node interactions since it controls some of the nodes.
+node-to-node interactions since it controls some of the nodes.
The system tries to achieve anonymity based on the idea that users can be
anonymous if they can hide their actions in the traffic created by other
anonymous, the intermediaries may still be targets. In particular, if the
intermediaries can find out which queries or which content they are
processing, a strong adversary could try to force them to censor
-certain materials.
+certain materials.
With the file-encoding used by GNUnet's anonymous file-sharing, this
problem does not arise.
particular amount of cover traffic is necessary. A powerful adversary
might thus still be able to deduce the origin of the traffic using
traffic analysis. Specifying higher anonymity levels increases the
-amount of cover traffic required. While this offers better privacy,
-it can also significantly hurt performance.
+amount of cover traffic required.
+
+The specific numeric value (for anonymity levels above 1) is simple:
+Given an anonymity level L (above 1), each request FS makes on your
+behalf must be hidden in L-1 equivalent requests of cover traffic
+(traffic your peer routes for others) in the same time-period. The
+time-period is twice the average delay by which GNUnet artificially
+delays traffic.
+
+While higher anonymity levels may offer better privacy, they can also
+significantly hurt performance.
@node Content Priority
@subsubsection Content Priority
that peer by specifying the peer's identity, service name and
protocol (--tcp or --udp) and you will again receive an IP address
that will terminate at the respective peer's service.
-
-
-
gnunet-auto-share has many options in common with gnunet-publish, but can only be used to index files.
.Pp
You can use automatic meta-data extraction (based on libextractor).
+.Sh OPTIONS
.Bl -tag -width Ds
.It Fl a Ar LEVEL | Fl \-anonymity= Ns Ar LEVEL
-This option can be used to specify additional anonymity constraints.
+This option can be used to specify additional anonymity constraints. The default is 1.
If set to 0, GNUnet will publish the file non-anonymously and in fact sign the advertisement for the file using your peer's private key.
-This will allow other users to download the file as fast as possible, including using non-anonymous methods (DHT, direct transfer).
+This will allow other users to download the file as fast as possible, including using non-anonymous methods (discovery via DHT and CADET transfer).
If you set it to 1 (default), you use the standard anonymous routing algorithm (which does not explicitly leak your identity).
-However, a powerful adversary may still be able to perform traffic analysis (statistics) to over time infer data about your identity.
-You can gain better privacy by specifying a higher level of anonymity, which increases the amount of cover traffic your own traffic will get, at the expense of performance.
-Note that regardless of the anonymity level you choose, peers that cache content in the network always use anonymity level 1.
-.Pp
-The definition of the ANONYMITY LEVEL is the following.
-0 means no anonymity is required.
-Otherwise a value of 'v' means that 1 out of v bytes of "anonymous" traffic can be from the local user, leaving 'v-1' bytes of cover traffic per byte on the wire.
-Thus, if GNUnet routes n bytes of messages from foreign peers (using anonymous routing), it may originate n/(v-1) bytes of data in the same time-period.
-The time-period is twice the average delay that GNUnet defers forwarded queries.
-.Pp
-The default is 1 and this should be fine for most users.
-Also notice that if you choose very large values, you may end up having no throughput at all, especially if many of your fellow GNUnet-peers all do the same.
+However, a powerful adversary may still be able to perform traffic analysis (statistics) to over time discovery your identity.
+You can gain better privacy by specifying a higher level of anonymity (using values above 1).
+This tells FS that it must hide your own requests in equivalent\-looking cover traffic.
+This should confound an adversaries traffic analysis, increasing the time and effort it would
+take to discover your identity. However, it also can significantly reduce performance, as
+your requests will be delayed until sufficient cover traffic is available. The specific
+numeric value (for anonymity levels above 1) is simple:
+Given an anonymity level L (above 1), each request FS makes on your behalf must be hidden in L\-1 equivalent
+requests of cover traffic (traffic your peer routes for others) in the same time\-period.
+The time\-period is twice the average delay by which GNUnet artificially delays traffic.
+Note that regardless of the anonymity level you choose, peers that cache content in the
+network always use anonymity level 1.
.It Fl c Ar FILENAME | Fl \-config= Ns Ar FILENAME
Use alternate config file (if this option is not specified, the default is
.Pa ~/.config/gnunet.conf Ns ).
Download files from GNUnet.
.Bl -tag -width Ds
.It Fl a Ar LEVEL | Fl \-anonymity= Ns Ar LEVEL
-Set desired level of receiver anonymity.
-Default is 1.
+This option can be used to specify additional anonymity constraints. The default is 1.
+If set to 0, GNUnet will publish the file non-anonymously and in fact sign the advertisement for the file using your peer's private key.
+This will allow other users to download the file as fast as possible, including using non-anonymous methods (discovery via DHT and CADET transfer).
+If you set it to 1 (default), you use the standard anonymous routing algorithm (which does not explicitly leak your identity).
+However, a powerful adversary may still be able to perform traffic analysis (statistics) to over time discovery your identity.
+You can gain better privacy by specifying a higher level of anonymity (using values above 1).
+This tells FS that it must hide your own requests in equivalent\-looking cover traffic.
+This should confound an adversaries traffic analysis, increasing the time and effort it would
+take to discover your identity. However, it also can significantly reduce performance, as
+your requests will be delayed until sufficient cover traffic is available. The specific
+numeric value (for anonymity levels above 1) is simple:
+Given an anonymity level L (above 1), each request FS makes on your behalf must be hidden in L-1 equivalent
+requests of cover traffic (traffic your peer routes for others) in the same time\-period.
+The time\-period is twice the average delay by which GNUnet artificially delays traffic.
+Note that regardless of the anonymity level you choose, peers that cache content in the
+network always use anonymity level 1.
.It Fl c Ar FILENAME | Fl \-config= Ns Ar FILENAME
Use config file (default:
.Pa ~/.config/gnunet.conf Ns )
In that case GNUnet will not download blocks again that are already present.
GNUnet's file-encoding will ensure file integrity, even if the existing file was not downloaded from GNUnet in the first place.
Temporary information will be appended to the target file until the download is completed.
-.Ss SETTING ANONYMITY LEVEL
-The
-.Fl a
-option can be used to specify additional anonymity constraints.
-If set to 0, GNUnet will try to download the file as fast as possible, including using non-anonymous methods.
-If you set it to 1 (default), you use the standard anonymous routing algorithm (which does not explicitly leak your identity).
-However, a powerful adversary may still be able to perform traffic analysis (statistics) to over time infer data about your identity.
-You can gain better privacy by specifying a higher level of anonymity, which increases the amount of cover traffic your own traffic will get, at the expense of performance.
-Note that your download performance is not only determined by your own anonymity level, but also by the anonymity level of the peers publishing the file.
-So even if you download with anonymity level 0, the peers publishing the data might be sharing with a higher anonymity level, which in this case will determine performance.
-Also, peers that cache content in the network always use anonymity level 1.
-.Pp
-This option can be used to limit requests further than that.
-In particular, you can require GNUnet to receive certain amounts of traffic from other peers before sending your queries.
-This way, you can gain very high levels of anonymity - at the expense of much more traffic and much higher latency.
-So set it only if you really believe you need it.
-.Pp
-The definition of ANONYMITY\-RECEIVE is the following.
-0 means no anonymity is required.
-Otherwise a value of 'v' means that 1 out of v bytes of "anonymous" traffic can be from the local user, leaving 'v-1' bytes of cover traffic per byte on the wire.
-Thus, if GNUnet routes n bytes of messages from foreign peers (using anonymous routing), it may originate n/(v-1) bytes of queries in the same time\-period.
-The time\-period is twice the average delay that GNUnet defers forwarded queries.
-.Pp
-The default is 1 and this should be fine for most users.
-Also notice that if you choose very large values, you may end up having no throughput at all, especially if many of your fellow GNUnet\-peers all do the same.
.Sh FILES
.Pa ~/.config/gnunet.conf
GNUnet configuration file
If this is not the case, indexing will fail (and gnunet-publish will automatically revert to publishing instead).
Regardless of which method is used to publish the file, the file will be slowly (depending on how often it is requested and on how much bandwidth is available) dispersed into the network.
If you publish or index a file and then leave the network, it will almost always NOT be available anymore.
+.Sh OPTIONS
.Bl -tag -width Ds
+.It Fl a Ar LEVEL | Fl \-anonymity= Ns Ar LEVEL
+This option can be used to specify additional anonymity constraints. The default is 1.
+If set to 0, GNUnet will publish the file non-anonymously and in fact sign the advertisement for the file using your peer's private key.
+This will allow other users to download the file as fast as possible, including using non-anonymous methods (discovery via DHT and CADET transfer).
+If you set it to 1 (default), you use the standard anonymous routing algorithm (which does not explicitly leak your identity).
+However, a powerful adversary may still be able to perform traffic analysis (statistics) to over time discovery your identity.
+You can gain better privacy by specifying a higher level of anonymity (using values above 1).
+This tells FS that it must hide your own requests in equivalent\-looking cover traffic.
+This should confound an adversaries traffic analysis, increasing the time and effort it would
+take to discover your identity. However, it also can significantly reduce performance, as
+your requests will be delayed until sufficient cover traffic is available. The specific
+numeric value (for anonymity levels above 1) is simple:
+Given an anonymity level L (above 1), each request FS makes on your behalf must be hidden in L\-1 equivalent
+requests of cover traffic (traffic your peer routes for others) in the same time\-period.
+The time\-period is twice the average delay by which GNUnet artificially delays traffic.
+Note that regardless of the anonymity level you choose, peers that cache content in the
+network always use anonymity level 1.
.It Fl c Ar FILENAME | Fl \-config= Ns Ar FILENAME
Use alternate config file FILENAME.
If this option is not specified, the default is
Be verbose.
Using this option causes gnunet\-publish to print progress information and at the end the file identification that can be used to download the file from GNUnet.
.El
-.Ss SETTING ANONYMITY LEVEL
-.Bl -tag -width Ds
-.It Fl a Ar LEVEL | Fl \-anonymity= Ns Ar LEVEL
-.El
-.sp
-The \fB\-a\fR option can be used to specify additional anonymity constraints.
-If set to 0, GNUnet will publish the file non-anonymously and in fact sign the advertisement for the file using your peer's private key.
-This will allow other users to download the file as fast as possible, including using non-anonymous methods (DHT, direct transfer).
-If you set it to 1 (default), you use the standard anonymous routing algorithm (which does not explicitly leak your identity).
-However, a powerful adversary may still be able to perform traffic analysis (statistics) to over time infer data about your identity.
-You can gain better privacy by specifying a higher level of anonymity, which increases the amount of cover traffic your own traffic will get, at the expense of performance.
-Note that regardless of the anonymity level you choose, peers that cache content in the network always use anonymity level 1.
-.Pp
-The definition of the ANONYMITY LEVEL is the following.
-0 means no anonymity is required.
-Otherwise a value of 'v' means that 1 out of v bytes of "anonymous" traffic can be from the local user, leaving 'v-1' bytes of cover traffic per byte on the wire.
-Thus, if GNUnet routes n bytes of messages from foreign peers (using anonymous routing), it may originate n/(v-1) bytes of data in the same time\-period.
-The time\-period is twice the average delay that GNUnet defers forwarded queries.
-.Pp
-The default is 1 and this should be fine for most users.
-Also notice that if you choose very large values, you may end up having no throughput at all, especially if many of your fellow GNUnet\-peers all do the same.
.Sh EXAMPLES
.Ss BASIC EXAMPLES
Index a file COPYING:
The keywords are case-sensitive.
.Nm
can be used both for a search in the global namespace as well as for searching a private subspace.
+.Sh OPTIONS
.Bl -tag -width Ds
.It Fl a Ar LEVEL | Fl \-anonymity= Ns Ar LEVEL
-The \fB\-a\fR option can be used to specify additional anonymity constraints.
-If set to 0, GNUnet will try to download the file as fast as possible, including using non-anonymous methods.
+This option can be used to specify additional anonymity constraints. The default is 1.
+If set to 0, GNUnet will publish the file non-anonymously and in fact sign the advertisement for the file using your peer's private key.
+This will allow other users to download the file as fast as possible, including using non-anonymous methods (discovery via DHT and CADET transfer).
If you set it to 1 (default), you use the standard anonymous routing algorithm (which does not explicitly leak your identity).
-However, a powerful adversary may still be able to perform traffic analysis (statistics) to over time infer data about your identity.
-You can gain better privacy by specifying a higher level of anonymity, which increases the amount of cover traffic your own traffic will get, at the expense of performance.
-Note that your download performance is not only determined by your own anonymity level, but also by the anonymity level of the peers publishing the file.
-So even if you download with anonymity level 0, the peers publishing the data might be sharing with a higher anonymity level, which in this case will determine performance.
-Also, peers that cache content in the network always use anonymity level 1.
-.sp
-This option can be used to limit requests further than that.
-In particular, you can require GNUnet to receive certain amounts of traffic from other peers before sending your queries.
-This way, you can gain very high levels of anonymity \- at the expense of much more traffic and much higher latency.
-So set it only if you really believe you need it.
-.sp
-The definition of ANONYMITY\-RECEIVE is the following.
-0 means no anonymity is required.
-Otherwise a value of 'v' means that 1 out of v bytes of "anonymous" traffic can be from the local user, leaving 'v-1' bytes of cover traffic per byte on the wire.
-Thus, if GNUnet routes n bytes of messages from foreign peers (using anonymous routing), it may originate n/(v-1) bytes of queries in the same time\-period.
-The time\-period is twice the average delay that GNUnet defers forwarded queries.
-.sp
-The default is 1 and this should be fine for most users.
-Also notice that if you choose very large values, you may end up having no throughput at all, especially if many of your fellow GNUnet\-peers all do the same.
+However, a powerful adversary may still be able to perform traffic analysis (statistics) to over time discovery your identity.
+You can gain better privacy by specifying a higher level of anonymity (using values above 1).
+This tells FS that it must hide your own requests in equivalent\-looking cover traffic.
+This should confound an adversaries traffic analysis, increasing the time and effort it would
+take to discover your identity. However, it also can significantly reduce performance, as
+your requests will be delayed until sufficient cover traffic is available. The specific
+numeric value (for anonymity levels above 1) is simple:
+Given an anonymity level L (above 1), each request FS makes on your behalf must be hidden in L\-1 equivalent
+requests of cover traffic (traffic your peer routes for others) in the same time\-period.
+The time\-period is twice the average delay by which GNUnet artificially delays traffic.
+Note that regardless of the anonymity level you choose, peers that cache content in the
+network always use anonymity level 1.
.It Fl c Ar FILENAME | Fl \-config= Ns Ar FILENAME
use config file (defaults: ~/.config/gnunet.conf)
.It Fl h | \-help
projects / oweals / gnunet.git / commitdiff