privacytools / privacytools.io

🛡🛠 You are being watched. Protect your privacy against global mass surveillance.
https://www.privacyguides.org
Creative Commons Zero v1.0 Universal
3.12k stars 384 forks source link

🆕 Software Suggestion | MuWire - an anonymous file sharing program over I2P #2217

Open zlatinb opened 3 years ago

zlatinb commented 3 years ago

Basic Information

Name: MuWire Category: P2P, File-Sharing (not torrent though) URL: https://muwire.com or https://github.com/zlatinb/muwire

Description

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Anyone with a desktop computer and an internet connection can create a unique anonymous online persona and publish information of any kind without fear of censorship or persecution.

Example use case

An example use case is that of Alice, a whistle-blower that wishes to remain anonymous in order to publish sensitive material on an ongoing basis. She creates a MuWire identity (which cannot in any way be linked to her real-world identity) and uses it to distribute information. Alice adds the files containing the sensitive material to her MuWire library and leaves MuWire running.

Bob is a journalist who does not know anything about Alice, but is interested in the type of material she publishes. Furthermore, Bob doesn’t want Alice to know his real-world identity either. He creates a MuWire identity and uses MuWire to search for relevant keywords. Alice’s MuWire node receives those queries and responds with results automatically. Bob then downloads the material from Alice’s MuWire node and verifies that it is genuine and of interest to him. Alice publishes regularly, so Bob subscribes to her publication feed and his MuWire node fetches automatically everything that Alice has made public. MuWire also offers mailbox messaging and chat functionality, so Bob can ask Alice for specific material and even have a real-time chat with her.

The relationship between Alice and Bob is completely anonymous and neither party can learn more about the other without consent.

Behind the scenes

MuWire uses the I2P network which is known to work even during the strictest internet clampdowns in countries like China and Iran. The technology provides protection against Deep Packet Inspection firewalls and other tools used by state surveillance. From an outside observer the traffic that MuWire/I2P generates is indistinguishable from random static.

Why I am making the suggestion

I thought it would be a good addition to the PrivacyTools website for the following reasons:

My connection with the software

I am the author

lrq3000 commented 3 years ago

This sounds awesome! We already have OnionShare using Tor, this could be a great addition since it's using i2p, more networks = more resiliency. I'll do more research and potentially make a PR if adequate.

lrq3000 commented 3 years ago

Ok I have made a PR.

I think this software deserves to be recommended, and at the 2nd position just after OnionShare and before Magic Wormhole.

Indeed, MuWire provides both an easy file sharing application and strong anonymity guarantees since it's using the I2P network. Hence, it is at least on par with OnionShare in terms of privacy and functionality, if not more for the latter since MuWire also includes publication feeds that you can subscribe to and distributed, searchable file discovery as well as a textual chat system. However, MuWire is much younger and less scrutinized than OnionShare, so it cannot be the top recommendation.

Hence, I strongly recommend MuWire to be the 2nd recommendation for File Sharing. However, if PTIO's team prefer a Worth Mentioning, I will adapt the PR accordingly. But for easy anonymous file sharing, there's only OnionShare and now MuWire.

zlatinb commented 3 years ago

Thank you @lrq3000 , I'm happy to answer any questions, here on the issue or on the PR.

lrq3000 commented 3 years ago

@zlatinb That's great because I indeed have some questions ;-)

First, thank you very much for this amazing software and the extensive documentation you wrote, very interesting to read. For example, I find your Markov connection algorithm to optimize routing very interesting! I also appreciate the use of reproducible builds.

About self-hosting, I guess you were referring to this documentation? And more precisely to the HostCache, which is the only centralized point in the MuWire network if I understand correctly?

If yes, then I have a question about it. HostCache is a point of entry for new clients who do not yet know of any other MuWire nodes. Once they have a list of nodes, they can connect directly to other nodes to get a refreshed update of the network topology. But so what happens if the HostCache is ran by an evil actor? Can it compromise the new client's anonymity?

zlatinb commented 3 years ago

Hi,

the bootstrapping happens in two stages.. The first stage is a bootstrap into the I2P network which can be done via several mechanisms, the most common one being querying one or more of several bootstrap servers run by volunteers. There are however other methods of bootstrap such as providing a set of I2P nodes on a USB stick for example.

Once bootstrapped into I2P, the new MuWire node will issue a request to a HostCache over I2P, so the HostCache does not see the actual IP address of the MuWire node, just a cryptographic identifier known as I2P Destination. So let's say the worst happens and someone takes control of all HostCaches - the worst they could do is disrupt the ability of new MuWire nodes to discover other MuWire nodes, but the anonymity would not be harmed.

This shifts the risk back to the initial bootstrap into I2P via its bootstrap servers. Yes it is possible that all or sufficient majority of bootstrap servers become compromised; then all new I2P nodes would be at risk unless they use other means of bootstrapping like the USB stick mentioned earlier.

lrq3000 commented 3 years ago

Ok awesome! I can see you put a lot of thoughts into the architecture of the MuWire network. It's fine then if the anonymity relies on I2P, it's a much more developed and well established network by now. If the I2P network gets broken, that's not under MuWire's responsibilities anyway.