GNUnet is a new network protocol stack for building secure, distributed, and privacy-preserving applications. With strong roots in academic research, our goal is to replace the old insecure Internet protocol stack.

GNUnet is typically run as an overlay network on top of the the existing Internet infrastructure forming the basis of a hybrid peer-to-peer mesh and relay backbone for applications to run on. It could just as well be run independently of the Internet, over dedicated radio and cable.

GNUnet is made for an open society: It's a self-organizing network and it is free software as in freedom. GNUnet puts you in control of your data. You determine which data to share with whom, and you're not pressured to accept compromises.

Download GNUnet (via Git) Join & support us!

The Internet of tomorrow needs GNUnet today

Imagine...

The conventional Internet is currently like a system of roads with deep potholes and highwaymen all over the place. Even if you still can use the roads (e.g. send emails, or browse websites) your vehicle might get hijacked, damaged, or long arms might reach into its back and steal your items (data) to use it against you and sell it to others - while you can't even notice the thievery nor accuse and hold the scroungers accountable.

The Internet is broken

Protocols from Ethernet and IP to BGP and X.509 PKI are insecure by default: protecting against address forgery, routers learning metadata, or choosing trustworthy CAs is nontrivial and sometimes impossible.

GNUnet provides privacy by design, improving addressing, routing, naming and content distribution in a technically robust manner - as opposed to ad-hoc designs in place today.

Decentralization is hard

It seems as if every other distributed or P2P project develops its own library stack, covering transports, stream muxing, discovery and others. This divides effort and multiplies bug count.

GNUnet is a metadata-preserving foundation for your application, covering areas from addressing to reliable bidirectional Axolotl-encrypted channels, with advanced routing. Our work is based on continuous research spanning almost two decades.

Metadata is exposed

Even though transport encryption is increasingly being deployed on the Internet, it still reveals data that can threaten democracy: the identities of senders and receivers, the times, frequency and the volume of communication are all still revealed.

GNUnet addresses these concerns with perfect forward secrecy via ephemeral public key addressing, fixed packet size to hinder traffic analysis, layered encryption, Sybil-resistant routing, and more.

Freedoms are not respected

Today, monitoring increasingly centralized infrastructure, proprietary implementations, traffic shapers and firewalls restrict all of the essential freedoms to various degrees.

GNUnet gives users freedoms to securely access information ("run" the network), to study all aspects of the network’s operation ("access the code"), to distribute information ("copy"), as well as the freedom to deploy new applications ("modify").

Featured Applications

GNU Taler

GNU Taler is a new privacy-preserving electronic payment system. Payments are cryptographically secured and are confirmed within milliseconds with extremely low transaction costs.

The GNU Name System

The GNU Name System (GNS) is a fully decentralized replacement for the Domain Name System (DNS). Instead of using a hierarchy, GNS uses a directed graph. Naming conventions are similar to DNS, but queries and replies are private even with respect to peers providing the answers. The integrity of records and privacy of look-ups is cryptographically secured.

secushare

secushare is creating a decentralized social networking application on top of GNUnet. Using overlay multicast and the extensible PSYC protocol, notifications are distributed end-to-end encrypted to authorized recipients only.

pretty Easy privacy

pretty Easy privacy (p≡p) is creating a usable end-to-end encrypted e-mail solution using opportunistic key exchange. p≡p will use GNUnet to protect metadata and exploit new cryptographic protocols to verify keys.

Filesharing

GNUnet filesharing is an application that provides censorship-resistant, anonymous filesharing. The publisher is empowered to make a gradual choice between performance and anonymity.

Conversation

GNUnet conversation is an application that provides secure voice communication in a fully decentralized way by employing GNUnet for routing and transport.

News

2019-02: Topics for GSoC 2019

Android Port

It is time for GNUnet to run properly on Android. Note that GNUnet is written in C, and this is not about rewriting GNUnet in Java, but about getting the C code to run on Android.
Mentor: Hartmut Goebel

Help with Continuous Integration setup

There is a push for migrating our CI to Gitlab. The CI should eventually not just run "make check" on various platforms, but also perform tests with multiple peers running in different VMs with specific network topologies (i.e. NAT) between them being simulated. The CI should also be integrated with Gauger for performance regression analysis. Running jobs only when dependencies have changed and scripting more granular triggers or ideally automatic dependency discovery (as done by the autotools) is also important.
Mentor: TBD

Migrate gnunet-qr from Python 2.7 to C using libzbar

Python 2.7 is reaching its end-of-life, and we want to get rid of the dependency on Python. The existing gnunet-qr tool is a rather simple wrapper around python-zbar, which itself wraps libzbar. The goal of this project is to directly use libzbar to scan QR codes for GNUnet / the GNU Name System (see also #5562).
Mentor: Christian Grothoff

reclaimID alternative GNS-based encryption

reclaimID is a decentralized identity system build on top of the GNU Name System. Currently, it uses an encryption scheme called attribute-based encryption. However, through the clever use of GNS's built in record encryption, it is possible to...

  1. ... improve performance by reducing encryption overhead.
  2. ... reduce dependencies.

This project also includes two separate, smaller tasks:
  • Performance improvements to the out-of-band authorization flow (OpenID Connect)
  • A webextension which allows reclaimID to be used without the need of a GNS proxy.
The two smaller tasks are optional and may be dropped in case the student encounters any unforseen complications when implementing the main task.
Mentor: Martin Schanzenbach

Second GNUnet Hacker Meeting 2018 at La Décentrale, Switzerland

The GNUnet hackers met for the second time this year. The primary goal was to squash bugs to bring out a new release. Aside from this we worked hard on improving the documentation and to launch this new website.

More news