News

30th March 2014 - Freenet 0.7.5 build 1461 released

Freenet 0.7.5 build 1461 is now available.

The Mac and Linux web installers are now properly signed. The Windows installer is now signed too. Translation updates for Fred, Freemail, FlogHelper, and KeyUtils are included - largely thanks to volunteers on Transifex. There are also translation updates for Web of Trust, but Web of Trust staging is not stable enough to be deployed.

Update: Signing the Windows installer caused an internal integrity check to fail, which prevented the installer from working. The Windows installer being offered for download now is still that for build 1459. Once installed and connected Freenet can update itself to build 1461.

Build 1460 contained all these things but it was signed, which prevented some types of coexistance with unsigned libraries. Signing is postponed until a future release.

In this release

Changes in Freemail

Changes in FlogHelper

Changes in KeyUtils

Changes in JSTUN

Thank you for using Freenet!

- Steve Dougherty

1st March 2014 - Freenet accepted into Google Summer of Code!

Freenet has once again been accepted into Google Summer of Code. This pays students to work on projects to improve Freenet over the summer. See the wiki for project ideas. Please contact us and demonstrate coding ability by solving a small bug or implementing a small feature before submitting a project proposal. We will be very happy to help with this, so feel free to get in touch on the mailing list or IRC!

Students can sign up from March 10th to March 21st. For details see the Google Summer of Code site.

21st January 2014 - Freenet 0.7.5 build 1459 released

Freenet 0.7.5 build 1459 is now available. Freenet will require Java 7 or higher in a future update. Java 6 has been at End of Life since February 2013, which means it does not receive security updates. There will be an alert warning people to upgrade before this happens.

We now have a code signing certificate, so the Java-based installer for Mac OS X and Linux is signed, which will make it easier to run. In future releases more things will be signed.

In this release:

Thank you for using Freenet!

- Steve Dougherty

6th January 2014 - Freenet 0.7.5 build 1458 released

Freenet 0.7.5 build 1458 is now available. Google phased out Google Code downloads, so the main downloads on the website are now hosted on Google Drive.

In this release:

Thank you for using Freenet!

- Steve Dougherty

7th December 2013 - Results of Google Summer of Code 2013

Google Summer of Code 2013 resulted in many interesting projects. Before the next release we intend to review all project code for inclusion into the official version. Time permitting, we will also review previous years' projects, like the SVG and OGG filters.

5th August 2013 - Statement on the recent Freedom Hosting (Tor) bust

According to the press, half of the hidden sites on Tor are now down, apparently connected to the arrest of a man allegedly behind Freedom Hosting, a hosting service for Tor hidden services. Some of these sites were said to offer illegal content and were apparently run by the FBI for two weeks, using a Javascript-based browser exploit to try to find their users.

This has had no effect on Freenet and could not happen on Freenet. Tor hidden services are centralised: A hidden service on Tor is run by a single server somewhere, and if this server is found, the whole site can be shut down, or compromised. In this case half the hidden sites on Tor were run on the same group of servers! See the Tor blog and mailing list.

On Freenet, anything you upload is distributed across the network across thousands of separate nodes all over the world, and will remain available for as long as it remains sufficiently popular: Freenet is a distributed data storage network designed to prevent censorship, provide anonymity and be hard to block. To see more information on the difference between Freenet and Tor, see our explanation in the FAQ.

Also, the Javascript exploit mentioned would not have worked on Freenet because Freenet removes Javascript by default. The Tor Browser Bundle has an option to block Javascript. We recommend that you enable this if you use Tor.

Furthermore, there was no attack against Tor itself: As far as we know, no users of the major "darknets" (Freenet, Tor and I2P) has been traced by attacking the networks, by law enforcement or anyone else. In this case, it appears to have been user error, not a problem with Tor itself. Similarly on Freenet, users need to be careful, and Freenet will often tell you when you are about to do something risky.

Having said that, Freenet's security is not perfect, and there are some known (but theoretical) weaknesses, so it might be possible for an attacker with relatively limited resources to trace individual Freenet contributors. Most of Freenet's weaknesses can be addressed by making long-lived connections with people that you trust, i.e. building a friend-to-friend "darknet". This functionality is already a part of the regular Freenet software, but we need more users who use Freenet in friend-to-friend mode to improve anonymity.

We have planned further improvements, which should greatly improve security (censorship resistance, anonymity and resistance to blocking), speed and usability. The expanding online surveillance from both governments (e.g. PRISM) and private corporations clearly show that tools such as Freenet, TOR and I2P are essential for a healthy democracy.

Please help us secure freedom of access to information by contributing to the Freenet-project with code, donations, translations, or just by running a node or creating content (anonymously)!

Volunteers - especially developers - are always very welcome. Feel free to contact us, through IRC online chat, the mailing lists, or on Freenet itself in the "freenet" board on FMS.

For press enquiries please contact Ian Clarke.

26th June 2013 - Freenet gets a second paid developer to fix the Web of Trust!

Long time coder xor (also known as p0s) has agreed to work, in a paid role, for us on fixing the Web of Trust plugin. This is a crucial component of many Freenet plugins:

See the Freenet Social Networking Guide for how to load the first 2 plugins.

xor is well qualified for the role as he wrote most of the current code in the Web of Trust. The immediate priority will be to improve stability and performance by implementing a new more efficient FCP API. After that further optimisations are planned.

Freenet relies on unpaid volunteer developers as well as a few key paid developers. Toad (Matthew Toseland) is returning to full time work for Freenet after a study break, although he is off to university in October, and xor is just starting working for Freenet.

Improving the Web of Trust should substantially improve the performance of the key tools mentioned above and may be used by more in the future. Thanks to all our developers and donors!

8th April 2013 - Freenet accepted by Google Summer of Code!

Freenet has once again been accepted into Google Summer of Code 2013. This pays students to work for us, as paid developers, over the summer. See here for more details and ideas for projects. You should contact us and demonstrate your coding ability by solving a small bug or implementing a small feature before we will consider you; but we will be very happy to help you, so please contact us via the mailing list or IRC!

Students can sign up from April the 22nd to May 3rd. See the official google site.

Build 1439 and 1440

Update: Instructions for fixing nodes that fail to start after updating to 1439: here.

Please do not upgrade to build 1439. Wait for build 1440. If your node is unable to start up after upgrading automatically to 1439, you may need to use the last-resort update scripts ("update.cmd" or "update.sh"). Please come to the IRC channel if you have any difficulty with this. This will only happen on nodes that upgraded to 1439 over a short period before 1440 was deployed, and only if they have friends (darknet peers). For various reasons the build wasn't adequately tested. I (Toad) am very sorry about this and have put in place a permanent fix (this was ultimately due to a don't-call-methods-until-constructor-is-finished issue). Sorry folks...

Apart from this embarrassing mistake, 1439/1440 includes an important fix to the warnings shown when a file can't be parsed by the content filter (apparently this caught out at least one Freenet user), and a new type of probe request which will allow us to determine whether a theory about load management is correct (that almost all nodes are only using half their capacity). Thanks!

Sorry about this. And no, sadly, this is not an April Fool's joke.

Update: This seems to have not had much of an impact on the network. Looks like it didn't affect most people and the mess has been cleaned up. Thanks for your patience, it won't happen again!

11th September 2012 - Response to the University of Hawaii's "Experimental Study of Accountability in Existing Anonymous Networks"

Some academics have published a couple of attacks against Freenet, and they appear to be working on more as part of a project to unmask anonymous Freenet users. Build 1411, which was released on the 3rd of September, makes their main attack largely impractical. Nonetheless, we are working on improvements to both make this attack harder and to solve some of the other known attacks. You can learn more about the attacks and our solution to them on our chief developer's personal blog.

We welcome all work to understand Freenet's security and expose any problems with it, although we would suggest that next time they might let us know before they make the paper public, as is common practice in the security community.

Finally, the long term solution is to build a darknet, a Freenet network where people only connect directly to people they trust. That means, get your friends using Freenet, and then add them as Friends on your node. When enough people use Freenet and form darknet connections, we won't need opennet, and this makes all attacks dramatically harder. We will work on making this easier and faster in the near future, as well as fixing the Pitch Black attack.

13th April 2011 - Freenet top anti-censorship tool in survey of Chinese users!

A report by Freedom House surveyed users in Azerbaijan, Burma, China and Iran for their perceptions of and preferred tools for bypassing local government censorship. In China, Freenet was the only anti-censorship tool to achieve 5 stars, and the third most widely used overall.

24th September 2010 - Another large donation, and brief status update

Once again Google's Open Source team has donated US$18,000 to the Freenet Project to support the ongoing development of the Freenet software.

In particular, we will use these funds to complete Freenet 0.8, which will be released later this year, and will include additional performance improvements, usability work, and security improvements. It will also include new ways to communicate over Freenet, including "Freetalk", a forums discussion system employing a novel "web of trust" approach to prevent spam in an entirely decentralized way.

In other news, the Summer of Code was a qualified success, with two of our students performing very well. Support for ogg vorbis/theora will be merged soon, and the new more efficient transport layer will be merged a bit later.

Freenet's user base has been growing fairly steadily, and we have over 20,000 regular users. Our current work is focused largely on Freetalk and rewriting the load management code for higher and more consistent performance.

14th June, 2010 - Serious bug, please upgrade immediately

Freenet build 1253 fixes a very serious bug, and all users should upgrade immediately, especially those running 32-bit x86 systems. This build is "mandatory", meaning it will not connect to anything before 1252. The bug was in the native FEC acceleration - this is a native (C, not Java) library used to speed up splitfile decoding (a stage in downloads related to improving the chances that a big file will be retrievable by adding some "check blocks" or redundant data in case some of the original data blocks can't be found). It causes segfaults on 32-bit Windows systems and probably 32-bit Linux systems too. It has been exploited "in the wild" (on Frost) to segfault nodes when they access a specific Frost message. We do not know whether this could be turned into something more serious, so we have turned off all native FEC acceleration for now; Freenet will be slightly slower when decoding downloaded files, but will not segfault. We would welcome help with auditing the library code involved, if any C/JNI gurus can spare the time; it is most likely a problem with the JNI interface to the Onion FEC code.

Other changes in 1251/1252/1253 are somewhat more hopeful:

Sorry about this folks. The network will be somewhat chaotic for a few days and may be slower than usual because of the mandatory build, but most of it seems to have upgraded now. Thanks for your patience. You can see a fuller account on Toad's Blog.

8th June, 2010 - Sorry, "freenet.ini is missing", and 1249

Many Windows Freenet installs were broken yesterday due to a bug, with an error message that the launcher was unable to find the file freenet.ini. This was actually due to a long-standing bug fixed in build 1249, but the update to 1248 seems to have triggered it. Sorry folks. All you have to do to fix it is rename freenet.ini.tmp to freenet.ini (in the directory you installed Freenet to, usually C:\Program Files\Freenet).

The main change recently, apart from many bug fixes:

There is a new way of indexing freesites (for the built-in search function), using the new Spider plugin and a new version of the existing Library plugin. This is based on infinity0's Summer of Code work last year. Hopefully some anonymous person will start running a freesite index using this new tool soon. This should be faster and easier both for the index owner (person who runs Spider) and the users searching for content.

26th April, 2010 - Summer of Code students announced!

The Freenet Project has 3 students accepted in Google's Summer of Code. Google will pay these students to work for us over the summer. They will be working on:

Good luck to all our students! Much of last year's work has either been merged or will be merged soon, and one of last year's students is a mentor this year. Thanks also to Google.

18th March, 2010 - Freenet accepted into Google Summer of Code 2010!

The Freenet Project has been accepted by Google for a fifth year in Google Summer of Code! This offers students the opportunity to be paid to work for a lively and significant open source project over the summer, rather than chasing the increasingly scarce menial labour market! Flip bits not burgers!

You should submit at least two proposals for projects within Freenet as we often get several students chasing the same tasks. You can see some ideas for projects here. Apply here.

We will help you to fill in technical details, understand exactly what we need. We also welcome new ideas and approaches, please contact us, on our devl mailing list, or IRC. You will need to demonstrate basic coding ability by fixing a minor bug or implementing a minor feature; you should have a look at the bug tracker, which may also be a source of project ideas. The new wiki, and the old wiki are also good sources of ideas and documentation. If you want to work for us over summer, please apply!

PS we have reinstated uservoice, after their support contacted us via our bug tracker and seem to have largely cleared up the spam problem. Click here to make suggestions for how to improve Freenet!

17th March, 2010 - Opennet performance improvements and build 1243

Build 1243 is now out. This contains many changes aimed at making new nodes get up to speed faster by getting connected to many other nodes as quickly as possible. This "announcement" or "bootstrapping" process, which only happens if you have opennet enabled (i.e. your network security level is LOW or NORMAL) also happens when your node has been offline for an extended period (hours). Let us know how it goes! We always welcome feedback, particularly bug reports.

9th March, 2010 - New paper added

A new paper has been added, Private Communication Through a Network of Trusted Connections: The Dark Freenet, written by Oskar and Vive (two of our theoreticians) with some help from Toad (chief coder). This focuses on the architecture of the network, rather than on the routing and swapping algorithms, which other papers have described in detail. It has a slight focus on darknet, but should be of interest to anyone interested in how the network works. It also has some new simulations...

4th February, 2010 - Freenet status update

Time for a status update...

BUILD 1240

Our last stable build, 1239, was in November. We have just released a new one, 1240. This has many changes (opennet stuff, optimisations, all sorts of stuff), which I list in the mail about it. One of the most important is that there are several new seednodes, and many dead ones have been removed. I have tested it 3 times today and it's bootstrapped fast each time, although yesterday it bootstrapped very slowly one time.

NETWORK STATUS AND NETWORK STATISTICS

Evan Daniel has been doing some useful work analysing the network. Amongst other things, he has discovered that:

EMU IS DEAD, LONG LIVE OSPREY

We have finally gotten rid of emu! Our faithful and powerful dedicated server supplied at a discount by Bytemark is no more. We now have a virtual machine called Osprey, which does most of the same job, for a much lower cost, and has a much simplified setup so should be easier to maintain. We have tried to outsource services, for example we use Google Code for our downloads, but some things will have to stay under our direct control for some time to come e.g. mailing lists and the bug tracker.

You may have some difficulty with the update scripts, if you use update.sh / update.cmd. If it doesn't work, try updating the script manually from https://downloads.freenetproject.org/latest/update.cmd (or update.sh)

WOT, FREETALK, RELATED THINGS AND OTHER PLUGINS

Xor (also known as p0s) continues to work on the Web of Trust and Freetalk plugins. These are approaching the point where we can make them loadable from the plugins page, and then bundle them, enabled by default.

WoT is the backend system which implements a pseudonymous web of trust, which functions in a similar way to that in FMS. You can create identities, assign trust to other identities, announce your identity via CAPTCHAs and so on. This is the Community menu, from which you can see your identities and other people's, and the trust relationships between them. WoT is used by Freetalk, FlogHelper, and probably soon by distributed searching, real time chat and other things.

Freetalk is a spam-resistant chat system based on WoT. This is similar to FMS, but it will eventually be bundled with Freenet, and will be a part of it by default. You will be able to embed a Freetalk board on your freesite. FlogHelper is a WoT-based plugin for writing a flog (freenet blog), which is very easy to use, but uses WoT to manage identities. I would have bundled FlogHelper months ago, but WoT isn't ready yet and FlogHelper needs it.

WoT should be ready soon. Recently a major issue has been discovered with the trust calculation algorithm, after that is fixed and some minor issues, WoT will become a semi-official plugin, which will sadly require flushing the existing "testing" web of trust, so sadly all old messages and identities will go away. Freetalk needs more work, about 50% of the bugs marked for 0.1 on the roadmap are fixed at the moment.

In build 1240, we pull in a new version of Library. This is a great improvement over the old version, it is faster, it supports embedding a search on a freesite, and has many bugs fixed. However searching for common terms can still cause out of memory crashes.

There is another issue with Library: infinity0 spent last summer creating a scalable index format for Library, which should make it a lot easier to insert and maintain big indexes. We will soon change the spider to use this new format, and in the process we expect to greatly improve performance for writing indexes, so it doesn't take a week any more and is done incrementally. I realise this has been promised before, but it is important, so it will happen sooner or later, hopefully sooner.

Full Web of Trust-based distributed searching, with a focus on filesharing, is on the distant horizon at the moment. infinity0 might be able to do some work on it as part of his studies, we'll see. It won't be in 0.8.0.

PRIORITIES AND RELEASES

We would like to get 0.8 out soon, or at least a beta of 0.8. Several major issues:

Please test Freenet, and report any bugs and usability issues you find on the bug tracker or via Freetalk board en.freenet (note that this will be wiped soon so if after a new Freetalk release it is wiped you may need to resend).

OPENNET IMPROVEMENTS

We have many ideas on how to improve opennet bootstrapping (make nodes assimilate into the network more quickly), and to improve opennet generally. Some of these are implemented in 1240, including many bugfixes. More will be put out over time so we can see their impact. Improving opennet should improve performance for the majority of users who don't run 24x7 and it should improve performance for everyone else too, as those nodes will get connected and start doing useful work more quickly.

DATA PERSISTENCE

We have many ideas on how to improve data persistence. There is a lot of capacity on the network, yet data seems to become inaccessible quite quickly (stats below). I am convinced that improving data persistence will improve Freenet's usability and perceived performance immensely. The continued popularity of insert on demand on uservoice demonstrates this as much as anything: People want a system that works! IMHO we can greatly improve things without resorting to insert on demand, although filesharing clients based on distributed searching may eventually offer it (but there are serious security issues with insert on demand).

Evan is convinced that mostly poor data persistence is not due to data falling out of stores, but due to the small number of nodes that stored the data (as opposed to caching it) going offline or becoming unreachable. We have increased the number of nodes that store data, we have made the node use the store for caching if there is free space, we have done various things aimed at improving data persistence, and there is much more we can do. An immediate question is whether the security improvements gained last year by not caching at high HTL have broken many inserts by making them not get cached on the right nodes; we will test this in 1241. A related question is why inserting the same key 3 times gives such a huge performance gain relative to inserting it once; we will investigate this soon after. We will probably triple-insert the top blocks of splitfiles soonish, but the bigger prize is to achieve the 90%+ success after a week that we see with triple-insertion of a single block, and this may well be possible with some changes to how inserts work...

Finally, the redundancy in the client layer could be a lot smarter: We divide files up into groups of 128 blocks, called segments, and then add another 128 "check blocks" for redundancy. Unfortunately this means that sometimes the last segment only has 1 block and 1 check block, and so is much less reliable than the rest of the splitfile. We will fix this.

We have been collecting statistics on data retrievability over time. The below are "worst case" in that they relate to single CHK blocks, with no retries. Real life, with many retries (at least 2 for a direct fetch and more if the file is queued), and with large, redundant splitfiles, should be substantially better than these numbers. Every day we insert 32 blocks and fetch a bunch of 32 blocks from 1 day ago, 3 days ago, 7 days ago, etc. There are two of these running to get more data, so I am just showing both results here. The percentages are the proportion of the original insert that is still retrievable:

1 day76% / 77%
3 days66% / 70%
7 days60% / 61%
15 days48% / 48%
31 days36% / 33%
63 days21% / 19%

Now, here's an interesting one. In each case we insert a 64KB CHK splitfile - that is, one block at the top and four underneath it. We insert one three times, and we insert three different ones once each. We then pull them after a week. We can therefore compare success rates for a single block inserted once, a single block inserted 3 times, and a simulated MHK, that is, a block which has been re-encoded into 3 blocks so that we fetch all of them and if any of them succeeds we can regenerate the others.

Total attempts where insert succeeded and fetch executed: 63

Single keys succeeded: 61

MHKs succeeded: 58

Single key individual fetches: 189

Single key individual fetches succeeded: 141

Success rate for individual keys (from MHK inserts): 0.746031746031746

Success rate for the single key triple inserted: 0.9682539682539683

Success rate for the MHK (success = any of the 3 different keys worked): 0.9206349206349206

USER INTERFACE AND USABILITY

Ian's friend pupok is working on a new AJAXy user interface mockup for Freenet. sashee's web-pushing branch, which makes the user interface a lot more dynamic without making it look much difference, should be merged soon, but turned off by default, since it has some nasty bugs. When it is turned on, it solves the age-old parallel connections bug, showing individual progress for each image without hogging your browser's limited number of connections (6 or 8 on modern browsers). Both of these may miss 0.8.

More broadly on usability, usability testing is always welcome: Persuade a friend to install Freenet, watch them do it, don't help them unless they get really stuck, report any problems they have or any comments they make about how it could be better.

21st August, 2009 - Freenet increases peers limit (#1 on uservoice)

Freenet 0.7 build 1231 solves what was the number one uservoice request. Until now, most Freenet nodes have had exactly 20 connections. Now, the number of connections (opennet peers, or "Connections to Strangers") will vary according to how much upstream bandwidth you have, between 10 and 40. So slow nodes will have fewer peers (trading slightly less effective routing for more efficiency) and fast nodes will have more peers. Overall we expect this will improve speed, but it is difficult to simulate these things, so lets find out!

Also, Google Summer of Code is now over, and all of our students have passed. Much of their work is still in the process of being merged into Freenet itself. Still to come, better friend to friend file transfers, a new CSS filter, a filter for ATOM feeds, a new search plugin with many improvements and a new scalable index format, and much greater (but still optional) use of javascript in the web interface to make it more responsive.

8th August, 2009 - Upgrade your Java Virtual Machine now: severe XML vulnerability affecting Freenet

If you are running Freenet on Java prior to 1.6 build 15 or 1.5 build 20, please upgrade as soon as possible. Until you update Java, Freenet will disable the search function and various other plugins to minimise risk. However, if you have untrusted people on your LAN (local network), we recommend you shut down Freenet immediately until you are able to upgrade your Java. Also, do not run Thaw, which is known to be vulnerable, until you have upgraded, and do not accept jSite config files from anyone. Build 1228 of Freenet will tell you if your Java is vulnerable. Windows users generally will be notified by Java when updates are available; the situation may be more tricky for Linux and Mac OS/X users as they will have to wait for an update from their linux distributions or from Apple respectively.

For more details, see here. The problem is a remote code execution vulnerability affecting Java and also some other programs using certain XML parsing libraries. It was initially thought to be purely a denial of service attack, but there is exploit code circulating.

30th July, 2009 - Various security improvements and preparation for Bloom filter sharing in new stable build

Build 1226 is now available, including many changes. Existing Freenet nodes will update automatically. Some of the more interesting new features include:

8th July, 2009 - Big donation from German finance site

The German financial services comparison site, Finanz Vergleich has given us $1,500 to fund ongoing development. This will go mainly towards ongoing work on Freenet's stability and usability. Thanks!

12th June, 2009 - Freenet 0.7.5 released!

The Freenet Project is very pleased to announce the release of Freenet 0.7.5.

Freenet is free software designed to allow the free exchange of information over the Internet without fear of censorship, or reprisal. To achieve this Freenet makes it very difficult for adversaries to reveal the identity, either of the person publishing, or downloading content. The Freenet project started in 1999, released Freenet 0.1 in March 2000, and has been under active development ever since.

Freenet is somewhat unusual in that you can publish content to Freenet, and then disconnect from the network. This content will remain available to other Freenet users, although it may eventually be deleted if nobody is interested in it. Freenet will copy and move the content around the network according to demand, making it very difficult for an adversary to remove content. Freenet will automatically create more copies of popular content to ensure that it will always be available.

Freenet 0.7 introduced the "darknet" concept, allowing users to only connect to their trusted friends (and through them to their friends' friends, and the entire network), greatly reducing their vulnerability to attack. You can use Freenet even if you don't know any other Freenet users, it just won't be as secure.

Freenet 0.7.5 features major improvements to performance and usability, as well as improvements to security and robustness. In particular:

There are versions of Freenet 0.7.5 for Windows, Mac, and Linux. They can be downloaded from:

https://freenetproject.org/download.html

If you have any difficulty getting Freenet to work, or any questions not answered in the faq, please join us on IRC in the #freenet channel at irc.freenode.net, or email the support mailing list. If you have any suggestions for how to improve Freenet, please visit our uservoice page.

There is a lot of work still to do on Freenet, particularly when it comes to ease of use. If you have Java programming or web design skills, or would like to help translate Freenet into your own language, and would like to help us improve Freenet, please join our development mailing list and introduce yourself.