Freenet

The failure of Freenet

Freenet 0.7 has just been released, after being in development for years. It’s not exactly new – most users have been on this version for quite a while now. But for those who haven’t used it since 0.5, it might be time to give it a try.

Freenet is an important concept. On it you get complete freedom of speech: the ability to discuss and spread your ideas, with full anonymity and freedom from censorship. Of course, this means that you will probably come across things on it that will go against your beliefs. Maybe some things that truly shock and disgust you. While nothing forces you to actually visit these freesites, you will have to come to terms that this might be cached on your computer even without you visiting them. But this is important to freedom of speech: if people where able to censor anything, the system just wouldn’t work.

So why does Freenet fail? Lack of documentation. I don’t mean ease of use in the interface – I mean for the protocols and network design. A system as important as Freenet—one that people expect unfaltering anonymity and security from—should be rigorously and meticulously documented.

But it’s not. In fact, if you bring it up with the Freenet developers they will gladly tell you this is intentional—that they use security through obscurity to guard against someone finding a way to break the system.

So—do you trust your freedom with the competency of a handful of developers to make a good design? I don’t. I want as many people looking at the system as possible. I want people to really bash on it, to try to break it. This gives me confidence, not worry, because problems will be solved sooner than later.

This would also open up the possibility of more than one client to access the network. If you have two separate clients that implement the same strict protocol and one of them messes up, it’s likely to be caught far sooner than with just one. An immediate example of where this would have helped is with a bug that existed in 0.7’s AES implementation for a very long time, where the data wasn’t being encrypted properly.

The Freenet developers don’t want multiple clients either—again, they worry that one might break the network. This line of thought is incomprehensible to me, because as a developer I would want things that could break my network to be discovered as soon as possible so I could fix the design.

Sure, you could look at the source code. It is Open Source, after all. But what if you don’t know Java? I don’t particularly want to learn Java just so I can review Freenet’s code. As a C++ developer I might be able to read and understand most of it, but I don’t trust myself to review something so important without years of prior Java experience—the chance that I’d miss something is just too great.