GNUnet is a software framework for decentralized, peer-to-peer networking and an official GNU package.

Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

Introduction[edit]

GNUnet is a next generation, private and anonymous P2P networking stack that rebuilds the internet from the bottom-up on these principles. It exceeds all the other members of the big four (Tor, I2P and Freenet) in scope and design assumptions. ^[1] Architecturally it is a master-piece that has been undergoing constant development since 2001.

Feature List[edit]

A no where near exhaustive feature list: (GNUnet has 45 deployed subsystems for details see: ^[2] ^[3])

A very clean modular and documented architecture that allows for adding functionality without encumbering the protocol or limiting future changes
GNUnet primarily written in C, but the gnunet-java subsystem provides an API for developing extensions in Java ^[4]. Similar work is being done for Rust.
A P2P consensus system designed under the assumption that a powerful adversary controls nodes in the network - compared to a centralized directory servers model (Tor)
Can use TCP,UDP,HTTPS,HTTP and Bluetooth transports
ECRS is a distributed file store like Freenet but with many improvements including:
- allowing direct sharing of files from the local drive without encrypting and inserting them first.
- can share and mount directories via FUSE
- file download swarming for improved speeds
- global private keyword search for files
- resistance to keyword/unrelated content spam by using trusted namespaces ^[5]
- resource accounting to reward contributors and limit attacks
User controllable anonymity levels for traffic routing - allows for more latency sensitive use-cases between peers like VoIP
An anonymous routing capability that allows for:
- VPN functionality between peers
- IP protocol routing as opposed to just TCP
- traffic exits that allow connecting to the legacy Internet
By implementing alpha-mixing (mixing traffic of varying latencies) it can provide more cover traffic for resisting traffic analysis
A strong adversary resistant DHT that handles network churn
GNS, a secure and memorable name system with query privacy and key revocation
PSYC2 (WIP) an extensible messaging format that runs on the multicast subsystem to create social networking application (secushare ^[6])
Conversation, a VoIP application

GNUnet in Whonix[edit]

These instructions are incomplete.

GNUnet's capabilities makes it an excellent choice for a planned Whonix notification system, a censorship resistant host of project files and even as a Tor alternative on the gateway in the future. It is currently packaged in Debian but the rapid development cycle makes the versions packaged in stable obsolete and incapable of connecting to the network. See ticket.

https://forums.whonix.org/t/gnunet-in-sid-chroot/3447
See also chroot.

^[7]

Install package(s) mmdebstrap systemd-container apt-cacher-ng following these instructions

Platform specific notice.

Non-Qubes-Whonix: No special notice.
Qubes-Whonix: In Template.

Update the package lists and upgrade the system .

sudo apt update && sudo apt full-upgrade

Install the mmdebstrap systemd-container apt-cacher-ng package(s).

Using apt command line --no-install-recommends option is in most cases optional.

sudo apt install --no-install-recommends mmdebstrap systemd-container apt-cacher-ng

Platform specific notice.

Non-Qubes-Whonix: No special notice.
Qubes-Whonix: Shut down Template and restart App Qubes based on it as per Qubes Template Modification .

Done.

The procedure of installing package(s) mmdebstrap systemd-container apt-cacher-ng is complete.

Create a chroot. ^[8]

sudo mmdebstrap --verbose --include gnunet --aptopt='Acquire::http { Proxy "http://127.0.0.1:3142"; }' sid ~/debian-sid-chroot

Enter chroot.

sudo systemd-nspawn -D ~/debian-sid-chroot

Or start systemd inside chroot. This requires using above command, creating user password, otherwise no login is possible.

sudo systemd-nspawn -D ~/debian-sid-chroot /sbin/init

To leave the chroot press keep holding key CTRL and press key 5 quickly 3 times within 1 second. ^[9]

Footnotes[edit]

↑ https://secushare.org/anonymity
↑ https://docs.gnunet.org/latest/about.html#philosophy
↑ The Architecture of the GNUnet: 45 Subsystems in 45 Minutes
↑ https://grothoff.org/christian/teaching/2012/2194/gnunet-tutorial-java.pdf
↑ https://grothoff.org/christian/ecrs.pdf
↑ https://secushare.org/
↑
- systemd-container is optional. Could use normal chroot command which might be less secure. Under research.
- apt-cacher-ng is optional but then below --aptopt='Acquire::http { Proxy "http://127.0.0.1:3142"; }' should be removed too.
↑ --aptopt='Acquire::http { Proxy "http://127.0.0.1:3142"; }' is optional but useful to avoid repeat package download while experimenting.
↑ https://unix.stackexchange.com/questions/577065/connected-to-container-mycontainer-press-three-times-within-1s-to-exit-sessi

Whonix

The most watertight privacy operating system in the world.

Dark mode

Supported by Power Up Privacy

Whonix is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Whonix we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

2012- 2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!

[1] ttps://secushare.org/anonymity

[2] ttps://docs.gnunet.org/latest/about.html#philosophy

[3] The Architecture of the GNUnet: 45 Subsystems in 45 Minutes

[4] ttps://grothoff.org/christian/teaching/2012/2194/gnunet-tutorial-java.pdf

[5] ttps://grothoff.org/christian/ecrs.pdf

[6] ttps://secushare.org/

[7] 
systemd-container is optional. Could use normal chroot command which might be less secure. Under research.

apt-cacher-ng is optional but then below --aptopt='Acquire::http { Proxy "http://127.0.0.1:3142"; }' should be removed too.

[8] systemd-container is optional. Could use normal chroot command which might be less secure. Under research.

[9] apt-cacher-ng is optional but then below --aptopt='Acquire::http { Proxy "http://127.0.0.1:3142"; }' should be removed too.

[8] --aptopt='Acquire::http { Proxy "http://127.0.0.1:3142"; }' is optional but useful to avoid repeat package download while experimenting.

[9] ttps://unix.stackexchange.com/questions/577065/connected-to-container-mycontainer-press-three-times-within-1s-to-exit-sessi

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

GNUnet

Contents

Introduction[edit]

Feature List[edit]

GNUnet in Whonix[edit]

See Also[edit]

Footnotes[edit]

Navigation menu

GNUnet

Introduction[edit]

Feature List[edit]

GNUnet in Whonix[edit]

See Also[edit]

Footnotes[edit]

Navigation menu

Search