Free Speech

The failure of Freenet

Freenet 0.7 has just been re­leased, after being in de­vel­op­ment for years. It’s not ex­actly new – most users have been on this ver­sion for quite a while now. But for those who haven’t used it since 0.5, it might be time to give it a try.

Freenet is an im­por­tant con­cept. On it you get com­plete free­dom of speech: the abil­ity to dis­cuss and spread your ideas, with full anonymity and free­dom from cen­sor­ship. Of course, this means that you will prob­a­bly come across things on it that will go against your be­liefs. Maybe some things that truly shock and dis­gust you. While noth­ing forces you to ac­tu­ally visit these freesites, you will have to come to terms that this might be cached on your com­puter even with­out you vis­it­ing them. But this is im­por­tant to free­dom of speech: if peo­ple where able to cen­sor any­thing, the sys­tem just wouldn’t work.

So why does Freenet fail? Lack of doc­u­men­ta­tion. I don’t mean ease of use in the in­ter­face – I mean for the pro­to­cols and net­work de­sign. A sys­tem as im­por­tant as Freenet—one that peo­ple ex­pect un­fal­ter­ing anonymity and se­cu­rity from—should be rig­or­ously and metic­u­lously doc­u­mented.

But it’s not. In fact, if you bring it up with the Freenet de­vel­op­ers they will gladly tell you this is in­ten­tional—that they use se­cu­rity through ob­scu­rity to guard against some­one find­ing a way to break the sys­tem.

So—do you trust your free­dom with the com­pe­tency of a hand­ful of de­vel­op­ers to make a good de­sign? I don’t. I want as many peo­ple look­ing at the sys­tem as pos­si­ble. I want peo­ple to re­ally bash on it, to try to break it. This gives me con­fi­dence, not worry, be­cause prob­lems will be solved sooner than later.

This would also open up the pos­si­bil­ity of more than one client to ac­cess the net­work. If you have two sep­a­rate clients that im­ple­ment the same strict pro­to­col and one of them messes up, it’s likely to be caught far sooner than with just one. An im­me­di­ate ex­am­ple of where this would have helped is with a bug that ex­isted in 0.7’s AES im­ple­men­ta­tion for a very long time, where the data wasn’t being en­crypted prop­erly.

The Freenet de­vel­op­ers don’t want mul­ti­ple clients ei­ther—again, they worry that one might break the net­work. This line of thought is in­com­pre­hen­si­ble to me, be­cause as a de­vel­oper I would want things that could break my net­work to be dis­cov­ered as soon as pos­si­ble so I could fix the de­sign.

Sure, you could look at the source code. It is Open Source, after all. But what if you don’t know Java? I don’t par­tic­u­larly want to learn Java just so I can re­view Freenet’s code. As a C++ de­vel­oper I might be able to read and un­der­stand most of it, but I don’t trust my­self to re­view some­thing so im­por­tant with­out years of prior Java ex­pe­ri­ence—the chance that I’d miss some­thing is just too great.