P2P networks for website hosting

Tor

The Tor network [4], which was created shortly after the turn of the millennium, is mainly designed to conceal the identity of an Internet user, for example, in countries with restrictive Internet monitoring. Your PC does not connect directly to the web server; instead, the Tor network redirects the traffic to several other computers on the Internet. To allow this to happen, volunteers operate special servers, known as Tor nodes or relays. Only the last relay in the chain, the exit relay (or exit node), passes the user's request to the web server on behalf of the user. The Tor client and the relays encrypt messages multiple times. No one can sniff or trace the communication (Figure 7). Users can thus anonymously use Internet services.

Figure 7: In Tor, a request goes through at least three randomly-selected nodes, and the packages are encrypted and decrypted.

Hidden services are a little-known feature. These hidden services allow anyone to anonymously offer websites and services on the Tor network. Users of these services can neither discover the IP address nor the true location.

To reach a service on the Tor network, the service first needs to publish its existence on the network. This process follows a fairly complicated pattern: First, the Tor client generates a key pair that identifies the service. Second, the client connects to some randomly selected relays, known as introduction points. The client stores the public key, along with information about the introduction points, in a distributed hash table that acts as a kind of directory service. Other Tor clients can then reach the service under service.onion, where service stands for a 16-character name created by a hash algorithm from the public key of the service. The big advantage: thanks to the automatically generated domain name, all parties can verify at all times that they are actually talking to the genuine service.

A client that wants to use a hidden service connects to a randomly selected Tor relay and asks it to act as a rendezvous point (Figure 8). Then, the client asks one of the introduction points to send a message to the service. Among other things, this message contains a reference to the rendezvous point. The Tor client on the computer with the service connects to the rendezvous point, through which both parties then communicate with one another. Although the whole process ensures anonymity, the many computers involved affect the speed.

Figure 8: The Tor project announces hidden services through a complex procedure involving several parties on the Tor network.

If you want to offer a hidden service, you first need to set up a service. You can set up an arbitrary Internet service, say, an Apache web server. In addition, you need to configure and launch the Tor client. The client version was 0.2.7.6 when this issue went to press. On their website, the Tor developers primarily offer the Tor browser, which comes with a pre-configured Tor client.

The client itself is hidden behind the link View All Downloads. The client is also available from the repositories of all major distributions, and it is available on a BSD-style license. The client, which is programmed in C, must be able to connect to at least ports 80 and 443.

Tor itself starts as the tor daemon; the applications, in turn, use port 9050 as proxies. Using Tor as a relay requires a small modification of the torrc configuration file; on Ubuntu, this file resides in the /etc/tor directory.

To publish a service on the Tor network, Tor users need to edit the configuration file after setting up the torrc client. Then, add two lines in the section for the hidden services:

HiddenServiceDir /var/tor/hiddenservice/
HiddenServicePort 80 127.0.0.1:8080

In the directory following HiddenServiceDir, Tor stores some data about the hidden service, including a file revealing the .onion URL of the service.

Following HiddenServicePort is a port that the users of the hidden service access; for example, they access the web server in this example via port 80. This port number is followed by the IP address and port to which the Tor client routes all requests. In the preceding example, the web server runs on 127.0.0.1:8080; after a restart of the Tor client, it automatically initiates all the further required steps.

The Tor network uses only TCP connections, and it lacks automatic end-to-end encryption. If the browser continually reveals information about itself and its site, the web server at the other end of the chain could read this information. On the other hand, if a web server running as a hidden service reveals information, a user could discover its location.

ZeroNet

ZeroNet [5] is just over a year old (Figure 9), and it primarily acts as a platform for web pages. ZeroNet clients communicate via the BitTorrent network using encryption; therefore, the IP addresses of users are visible. ZeroNet developers thus recommend routing traffic through the Tor network. The ZeroNet client supports Tor out the box, including .onion addresses and hidden services.

Figure 9: Although the Zeronet web interface looks quite spartan, it does provide links to some important pages on Zeronet.

Each site receives a unique ID, which other ZeroNet users can use to access it. You can set up domains with the .bit suffix for the published sites. ZeroNet does not use the classic domain name system but instead uses a Namecoin-based alternative [16]. As with the crypto currency Bitcoin, the names end up in a distributed blockchain (Figure 10). The ZeroNet developers promise that clients update changes to a website in real time; users therefore do not see outdated content.

Figure 10: The addresses in the Zeronet come from a blockchain.

The ZeroNet client is written in Python and is available under the GPLv2. The source code is on GitHub [17]. The client had reached version 0.3.5 when this article went to press. ZeroNet relies on Python 2.7, as well as the Python modules Msgpack, Greenlet, and Gevent. The larger distributions all offer the components in their repositories.

Users wanting to install only need to download the latest ZeroNet version from GitHub and call the python zeronet.py command.

The ZeroNet client starts as a service that automatically opens the appropriate ports via UPnP. In addition, ZeroNet provides a web interface on http://localhost:43110. For admins, the ZeroNet developers offer a Vagrant image and a Docker container with a preinstalled client.

If you want to publish a new website, your first need to log into a disabled client using the python zeronet.py siteCreate command. The client generates a key pair and a long and cryptic site address. Users can access the website via the URL http://localhost:43110/abcdef, where abcdef is the address of the site.

The actual website is stored in the subdirectory data/abcdef. You can make changes to your heart's content, but you do need to sign them using python zeronet.py siteSign xyz or publish using python zeronet.py sitePublish xyz, where xyz is the private key generated by the client when you log onto the page.

To discover how to register an easier-to-read .bit domain, check out the spartan, but actually complete, online documentation [18]. ZeroNet does not currently support scripting languages such as PHP or Ruby. If you want to provide dynamic web pages, you need to rely on an API offered by ZeroNet by the name of ZeroFrame. The API only supports JavaScript or CoffeeScript. A database built into ZeroFrame stores the data.

Conclusions

Users can publish content anonymously on any of the P2P networks examined in this article. (See Table 1 for a summary of features provided with Freenet, I2P, IPFS, Tor, and ZeroNet.) Each project pursues its own approach. The only thing they have in common is that they use encrypted communication over the Internet and that the traffic is partly routed via several private computers. The encryption and the complexity of the routing process mean that load times and latencies are noticeably lengthy for all the networks. Taking several seconds to retrieve a simple static page is not uncommon. Networks with many participants are faster, but only with Tor and I2P, which make users responsible for the services.

Table 1

Services

P2P-Netz

Freenet

I2P

IPFS

Tor Hidden Services

Zeronet

Website

https://freenetproject.org

https://geti2p.net

https://ipfs.io

https://www.torproject.org

http://zeronet.io

Client license

GNU GPL and Apache License

Public Domain

MIT License

BSD License

GPLv2

Version

0.7.5

0.9.24

0.4.0

0.2.7.6

0.3.5

Programming language

Java

Java

Go

C

Python

Connection only with manually selected clients

yes

no

no

no

no

Client runs as a daemon

Yes

Yes

On request

Yes

Yes

Client requires root access

No

No

No

No

No

Allows to bandwidth limits

Yes

Yes

No

Yes

No

Control

Web interface

Web interface

Web interface

Command line

Web interface

Plugins

Yes

Yes

No

No

No

Services

Files

Yes

Yes, with corresponding software

Yes

Yes, with corresponding software

Yes

Websites

Yes

Yes, with corresponding software

Yes

Yes, with corresponding software

Yes

Dynamic websites

No

Yes, with corresponding software

No

Yes, with corresponding software

Yes, restricted

Email

Via plugin

Yes, with corresponding software

No

Yes, with corresponding software

No

Blog

Via plugin

Yes, with corresponding software

No

Yes, with corresponding software

No

Chat

Via plugin

Yes, with corresponding software

No

Yes, with corresponding software

No

Nameservice

Proprietary, via special keys

Address books

No

Distributed hash table with automatically generated URLs

Namecoin method

Network search possible

Yes, experimental

No

No

No

No

The other P2P networks restrict the user by not supporting dynamic websites. Due to the performance drawbacks, none of these P2P networks is a serious competitor to the traditional Internet unless you are interested in exploring the privacy features. See the box titled "Old Dogs" for a summary of some other P2P network services.

Old Dogs

A few other P2P network tools deserve mention, though they don't appear to be in active development. GNUnet, for instance, has been around since 2001 [19]. The P2P network was originally designed for "anonymous, censorship-resistant file-sharing."

GNUnet has gained some new services over the years. For example, the GNUnet VPN service can route conventional IPv4 and IPv6 traffic over the network, and thus the system supports any Internet-ready service. The GNU name system (GNS) replaces the domain name system. GNUnet Conversation even supports phone calls, but currently, full anonymity is not guaranteed. The latest version of the GNUnet client, 0.10.1, dates back to April 2014.

Osiris [20] and Netsukuku [21] seem to be in very deep sleep. The latest stable version of Osiris (0.15) appeared in November 2011; work on version 1.0 has remained stagnant in the alpha phase since December 2014. A completely new development of Netsukuku was scheduled to appear in 2010, but this new release has not happened so far.

The Retroshare [22] P2P network is intended to build an encrypted connection to one or more friends. Users can then chat, hold video conferences, exchange email, share files and enter discussions on forums. Retroshare does not guarantee anonymity – if you want to hide your IP address, you need to route communication via Tor or I2P.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Freenet

    The Free Network Project provides a safe environment for free speech – even for users who fear censorship.

  • Free Software Projects

    Hundreds of thousands of registered users have chosen their favorite Sourceforge projects in 14 categories. Also in this issue: Linux electrified, and Freenet’s plans for freedom of speech on the web. We’ll also round up the latest Debian news.

  • MOFO Linux

    Controls, surveillance, and censorship are increasing rapidly on the Internet. MOFO Linux lets you anonymize your communication on the web with an easy-to-use live system.

  • New Wine with More Functions

    A new version of Wine, the program loader that lets Windows run on Linux, has been released.

  • Zero Trust Security

    Some old-school admins are still philosophizing about secure internal networks, but the experts have already moved on: Zero trust architectures use a reliable but complex strategy to protect the network from all threats – inside and outside.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News