By Kristian Kißling
Most popular filesharing tools reveal their users' IP addresses. This means that if you participate in a conventional file-sharing network, others may be able to discover who you are and where you live. This problem has gained new urgency in the wake of recent litigation from the music and movie industries, but for Internet users in some parts of the world, the worry over a lawsuit is minor compared to the very real fear of criminal prosecution. Certain repressive countries keep tight control over the use of the Internet, and anyone who is operating beyond the government censors is at risk of arrest.
These tensions within the filesharing community have given rise to a new phenomenon - the anonymous point-to-point (P2P) network. Anonymous filesharing is an important trend in the evolution of the Internet. The Java-based Antsp2p [1] anonymous filesharing client shows how far these anonymity projects have come towards reaching their goals. "Privacy is a fundamental right all over the world and it must be protected," Antsp2p chief developer Gwren said in a recent interview [2]. How does this promising tool protect the user's privacy? And what does filesharing have to do with ants? Read on for a closer look at filesharing with Antsp2p.
On the Antsp2p network, a user's computer automatically becomes a node or peer and transparently forwards encrypted data from other users. To join the network, the client first attempts to locate peer IP addresses in the vicinity.
Ants typically follow the strongest smelling pheromone trail to a source of nutrition without actually knowing where it will take them. In a similar way, a neighboring Antsp2p peer does not know where to find a file, but it does know the best path to the next node. This is the path that most requests will follow, and the one that will take the node to the requested file along a trail of other peers. The local and remote machines never communicate directly, and the file exchange is AES-encrypted.
This technique prevents someone running a node to decrypt the data packages that are forwarded by their machine. DH is used to exchange the secret encryption keys (see the "Potential Security Risk").
Within the P2P network, computers are identified by means of ID numbers that are assigned to each participant after successfully establishing a link. The basic principle of Antsp2p relies on the fact that nobody can map an ID to an IP address. If a neighbor downloads a file from your computer, you might notice the computer's IP and the requesting ID - but the neighbor and the requesting node will not typically be one and the same. The neighbor is just an intermediary and has no way of viewing the data forwarded by the neighboring machine as the data is encrypted; this is what keeps file exchanges on the Antsp2p network anonymous. However, there is a price to anonymity: Antsp2p is very slow, and the maximum number of nodes is limited.
| Potential Security Risk |
|
The Diffie-Hellman Key Exchange Protocol introduces an element of risk. An attacker launching a man-in-the-middle attack could sniff the secret key and use the key to decrypt the data packages on the wire. However, there are plans to introduce a certificate exchange to close this gap. |
The current beta version 1.4.7 of Antsp2p is available at the project homepage [1]. The current version assumes a previously-installed Java version 1.5 environment [3]. Make the downloaded file executable (you may need to become root to do so) and then launch into the install:
nonumber chmod u+x AntsP2P_Setup_beta1.4.7_p0.8.4.jar java -jar AntsP2P_Setup_beta1.4.7_p0.8.4.jar
The client comes with a convenient, GUI-based installer. The installer first prompts you to close all active programs before continuing (very much like a Windows installer). The second step is to specify the Antsp2p installation directory. You may have some difficulty setting up a link in Step 3, but this will not affect the install, apart from an error message displayed right at the end. In Step 4, the installer asks you if you are happy with your choices before launching into the installation in Step five. Finally, Antsp2p should give you a success message.
To launch the file sharing tool, change to the directory with the installation files - /home/user/ANtsP2P in most cases - and enter ./ANtsP2P when you get there.
First of all, a GUI-based setup wizard wants to know which language you speak and what kind of Internet connection you have. The IP address entry is slightly more difficult: you might like to leave this out right now and then enter a path to save your file downloads. Finally, select the browser that Antsp2p will launch to open links, and you're done. The file sharing GUI is shown in Figure 1.
If your machine is hiding behind a router, the router will typically have an IP address that it will use to surf the Internet, and this address is also the entry point to your network for any data you attempt to download. In this case, your IP address will only be valid within the scope of the local network; this is a bad thing if you want other P2P clients to contact you. In this case, the router has to forward data from the ports requested by incoming packets to your local machine.
You will need to configure your router interface to handle this. Check your router manual or the router vendor's homepage for details. Many routers show you a configuration GUI when you point your browser at http://192.168.0.1 or http://192.168.1.1. You need to forward TCP ports 4567 and 4568 for Antsp2p (Figure 2).
If you will be using a port other than 4567, the second port will default to the address of the outgoing port plus 1. If you intend to use Antsp2p regularly, and over a longer period of time, you will need to know how your Internet provider manages dynamic IP addresses. Many commercial Internet providers assign you a new IP address through DHCP at regular intervals (typically 24 hours), and this updating of your IP address can interfere with your Antsp2p configuration.
No matter what kind of router you have, AntsP2P needs the visible IP address of the router on the Internet. To discover this address, simply surf to an Internet search engine, type my ip, and open one of the pages the engine gives you. The page will tell you the visible IP address that your machine has on the Internet right now. Make a note of the IP address; you will need it to configure Antsp2p later.
Let's have a look at the Antsp2p GUI now (Figure 1); you will notice two tabs titled Hit Start Ants! and Help at first. The first tab gives you the current status among other things: Ant not running. The ID field is empty, and the address shown below the field reads 0:0:0.
Time to saddle your ants: type 4567 as the port, then press the Settings button. A third tab appears at the top of the page, and you can click the tab to access the configuration menu (Figure 3).
The IP or hostname line is important; enter your visible IP address here. Do not click the Update button or the program will just reinstate your local IP address. Instead check Remember this address, and then go back to the Hit Start Ants! tab.
Things start to heat up now. First of all, a ten-digit ID appears in the ID box. A clock in the box below this keeps the time. The tab now reads Connected [Peers: n], where n represents the number of neighboring nodes the program has found. A chat feature, located in its own IRC tab makes it easier for you to search for peers. The feature takes you to a chatroom with other Antsp2p users, but there is no need to start talking. This is just Antsp2p's way of learning more paths to peer IP addresses. Don't worry, as nobody knows which ID maps to which IP address, your anonymity is not compromised by the chat session.
The next step is to be patient. Ants are busy little insects, but Antsp2p is more like a snake in permafrost: it can take a very long time - up to 20 minutes - be fore Antsp2p actually contacts the first neighbor. And this step has to complete before other tabs such as Downloads, Uploads, and Search start to appear. The status line now tells you that Your firewall is correctly configured. You have now become part of the Antsp2p network and can launch a search.
Open the Search tab, type in your search key, and press Search by string. Again, it can take a while for the results to start trickling in (Figure 4) - this just depends on the number of peers that Antsp2p has discovered. You can right click the results to pop-up the context menu and select Download file (Create secure connection) from n, where n is the ID for the owner of the file. The file itself will then appear in the Downloads tab.
| Firewall Ants |
|
If your machine resides behind a firewall, open ports 4567 and 4568 to allow packets to get through; Suse users can just launch YaST for this step. |
Leaving Antsp2p running for a while speeds up the download process slightly, but don't expect anonymous file sharing to be able to compete with Amule or Ktorrent right now - after all, there is typically just one source for each file. One good thing about Antsp2p is that the tool has a resume function. This lets you go on downloading from where you left off. The Upload tab tells you if somebody is downloading one of your files. To share files, just move them to the download directory you specified.
Antsp2p supports fine tuning. The Settings tab lets you configure the maximum number of neighbors, the maximum allowed secure connections, or the maximum allowed download requests. More search results lets you add more storage space for local files, thus improving the network speed. Clicking on Optimize Index tells Antsp2p to stop doing whatever it is doing for a minute, and to improve the node's performance by optimizing the local index. Unfortunately, the Antsp2p network is so slow that this minor modification is unlikely to give you a noticeable improvement.
Antsp2p is on the right track, and the design looks promising. The interface is quite user-friendly, and the future of file sharing probably does lie in anonymity. This said, the first trial run was a sobering experience. You have to be a very patient person to really enjoy downloading files with Antsp2p. But nearly every day new beta versions of Antsp2p appear. Possibly a more recent release will address some of the performance issues we encountered with version 1.4.7.
Developer Gwren views the whole project from a long-term perspective: "I don't know what this way will be, but I'm sure that people will find a way to exchange information in a secure and efficient way." Until we find the perfect approach, it could be worth trying Antsp2p.
| INFO |
|
[1] Antsp2p project homepage: http://antsp2p.sourceforge.net
[2] Interview with Gwren at Slyck: http://www.slyck.com/news.php?story=567 [3] Java Runtime Environment, Version 1.5: http://java.sun.com/j2se/1.5.0/download.jsp |