You are here

About GNUnet

GNUnet is a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services. Our high-level goal is to provide a strong free software foundation for a global network that provides security and in particular respects privacy.

GNUnet started with an idea for anonymous censorship-resistant file-sharing, but has grown to incorporate other applications as well as many generic building blocks for secure networking applications. In particular, GNUnet now includes the GNU Name System, a privacy-preserving, decentralized public key infrastructure.

GNUnet is an official GNU package. GNUnet can be downloaded from GNU and the GNU mirrors.

Read more Friday, February 19, 2010 - 22:34 Christian Grothoff

Heartbleed's OpenSSL installation used to be vulnerable to Heartbleed. Naturally we updated the code on the server shortly after the vulnerability was disclosed, and we have now also updated the private key. Users with logins on are nevertheless urged to update their passwords.

Read more Thursday, April 10, 2014 - 17:03 Christian Grothoff

Installing GNUnet 0.10.1 on Ubuntu 14.04

Here is a brief summary how to install GNUnet 0.10.1 on Ubuntu 14.04 (at the moment based on 14.04 Beta, but should also work for 13.10).

Please check Generic Instructions for more information about groups etc.

Read more Tuesday, April 8, 2014 - 15:55 Matthias Wachs

Installing GNUnet from Subversion on Ubuntu 14.4

Here a brief summary how to install GNUnet from Subversion on Ubuntu 14.4 (atm based on 14.4 alpha and should also work for 13.10).

Please check Generic Instructions for more information about groups etc.

Read more Tuesday, April 8, 2014 - 15:44 Matthias Wachs

GNUnet 0.10.1

We are pleased to announce the release of GNUnet 0.10.1. This release focuses on fixing the most pressing bugs that were found after the drastic changes from the GNUnet 0.10.0's release.

In terms of usability, users should be aware that (1) compiling GNUnet requires recent versions of libraries that were only released in recently and are thus unlikely to be available in common distributions, (2) the nascent network is tiny and thus unlikely to provide good anonymity or extensive amounts of interesting information, and (3) we are still in the process of addressing various major bugs and usability issues. As a result, this release is only suitable for early adopters with some reasonable pain tolerance.

About GNUnet

GNUnet is a framework for secure peer-to-peer networking. GNUnet's primary design goals are to protect the privacy of its users and to guard itself against attacks or abuse. At this point, GNUnet offers four primary applications on top of the framework:

The file-sharing service allows anonymous censorship-resistant file-sharing. Files, searches and search results are encrypted to make it hard to control, track or censor users. GNUnet's anonymity protocol (gap) is designed to make it difficult to link users to their file-sharing activities. Users can also individually trade-off between performance and anonymity. Despite providing anonymity, GNUnet's excess-based economy rewards contributing users with better performance.

The VPN service allows offering of services within GNUnet (using the .gnu TLD) and can be used to tunnel IPv4 and IPv6 traffic over the P2P network. The VPN can also be used for IP protocol translation (6-to-4, 4-to-6) and it is possible to tunnel IP traffic over GNUnet (6-over-4, 4-over-6). Note that at this stage, it is possible for peers to determine the IP address at which services are hosted, so the VPN does not offer anonymity.

The GNU Name System (GNS) provides a fully-decentralized and censorship resistant replacement for DNS. GNS can be used alongside DNS and can be integrated with legacy applications (such as traditional browsers) with moderate effort. GNS provides censorship-resistance, memorable names and cryptographic integrity protection for the records. Note that at this stage, it is possible for a strong adversary to determine which peer is responsible for a particular zone, GNS does not offer strong anonymity. However, GNS offers query privacy, that is other participants can typically not decrypt queries or replies.

GNUnet Conversation allows voice calls to be made over GNUnet. Users are identified using GNS and voice data is encrypted. However, GNUnet Conversation does not provide anonymity at this stage --- other peers may observe a connection between the two endpoints and it is possible to determine the IP address associated with a phone.

Other applications, including in particular the SecuShare social networking application, are still under development.

Key features of GNUnet include:

  • Works on GNU/Linux, FreeBSD, OS X and W32
  • P2P communication over TCP, UDP, HTTP (IPv4 or IPv6), HTTPS, WLAN or Bluetooth
  • Communication can be restricted to friends (F2F mode)
  • Includes a general-purpose, secure distributed hash table
  • NAT traversal using UPnP, ICMP or manual hole-punching (possibly in combination with DynDNS)
  • Small memory footprint (specifics depend on the configuration)

For developers, GNUnet offers:

  • Access to all subsystems via clean C APIs
  • Mostly written in C, but extensions possible in other languages including an extensive Java API
  • Multi-process architecture for fault-isolation between components
  • Use of event loop and processes instead of threads for ease of development
  • Extensive logging and statistics facilities
  • Integrated testing library for automatic deployment of large-scale experiments with tens of thousands of peers

Noteworthy improvements in 0.10.1

  • First release of GNUnet-java for 0.10.x-series
  • Improved documentation, including significant extensions to the Java developer tutorial
  • Improved exit policy specification capability
  • Various bugfixes resulting in peer-to-peer connections failing
  • Various bugfixes resolving crashes (set, conversation, transport, mesh)
  • Cosmetic improvements
  • Usability improvements for multi-user setups

The above is just the short list, our bugtracker lists over 50 individual issues that were resolved. It also contains a list of known open issues that might be useful to consult.

Known Issues

We have a few issues that are most likely not resolved in the final release. Users should be aware of these issues, which we hope to address shortly.

  • Crashes were reported against SET, MESH and DATASTORE that could not be reproduced (#3246, #3360, #3361, #3286)
  • Connection failures (KX) were reported but not diagnosed (#3340)
  • High CPU usage by FS/MESH was reported but not diagnosed (#3247)
  • Visualization of connection process in gnunet-gtk is incomplete (#3363)
  • gnunet-conversation-gtk is not ready for production use (#3298, #3290, #3292)

Additional information about these issues would be particularly welcome. In addition to this list, you may also want to consult our bug tracker at


The GNUnet 0.10.1 source code is available from all GNU FTP mirrors. The GTK frontends (which includes the gnunet-setup tool) are a separate download. GNUnet-FUSE 0.10.0 will work with GNUnet 0.10.1.
Please note that some mirrors might still be synchronizing..

All known releases
GNUnet on a FTP mirror near you
GNUnet GTK on an FTP mirror near you
GNUnet FUSE on an FTP mirror near you
GNUnet on the primary GNU FTP server
GNUnet GTK on the primary GNU FTP server
GNUnet FUSE on the primary GNU FTP server

Note that GNUnet is now started using "gnunet-arm -s". GNUnet should be stopped using "gnunet-arm -e".


This release was the work of many people. The following people contributed code and were thus easily identified: Bart Polot, Bruno Cabral, Christian Fuchs, Christian Grothoff, Claudiu Olteanu, David Barksdale, Fabian Oehlmann, Florian Dold, Gabor X Toth, Hark, LRN, Martin Schanzenbach, Matthias Wachs, Omar Tarabai, Supriti Singh, Sree Harsha Totakura, Yids.

Further Information

GNUnet Homepage
GNUnet Installation Handbook
GNUnet Forum
GNUnet Bug tracker
Read more Tuesday, April 8, 2014 - 08:35 Christian Grothoff

Verein zur Förderung von GNUnet e.V.

On December 27th 2013 a group of GNUnet hackers met at 30c3 to create the "Verein zur Förderung von GNUnet e.V.", an association under German law to support GNUnet development. The Amtsgericht München registered the association on the 7th of March under VR 205287.

The association is officially dedicated to supporting research, development and education in the area of secure decentralized networking in general, and GNUnet specifically. This is the official website for the association.


You can find our "Satzung", and the list of members under The current board consists of:

Christian Grothoff
stellvertretender Vorsitz
Sree Harsha Totakura
Florian Dold
Matthias Wachs, Bart Polot

Becoming a Member of GNUnet e.V.

GNUnet developers with Subversion (write) access can become members to participate in the decision process and formally support GNUnet e.V. For this, all you have to do is update the members.txt file in svn/gnunet-ev/. There are no membership dues; however, members are required to support GNUnet e.V. and in particularly contribute to the technical development within their means. For further details, we refer to the Satzung (currently only available in German).

Support Us!

Everybody is welcome to support us via donations. For financial contributions, Europeans will soon be able to donate via SEPA. We hope to setup accounts in other major currency areas in the future. You can also donate via Bitcoin, routing details are given below. Please note that we are unable to provide receipts for your donations. If you are planning to donate a significant amount of money, please contact us first as it might be better to come to a custom arrangement.

DE67830654080004822650 (BIC/SWIFT: GENODEF1 SLR)

Official Meeting Notes

Read more Tuesday, April 1, 2014 - 07:09 Christian Grothoff


Cryogenic is a Linux kernel module that allows to reduce energy consumption by means of enabling cooperative clustering of I/O operations among the various applications that make use of the same hardware device. In order to achieve this target, Cryogenic provides an API that enables applications to schedule I/O operations on SCSI and network devices at times where the impact the operations have on energy consumption is small.

The schedule is enacted by means of two actions. The first action taken is related to the hardware's ability to enter a sleep state after being idle for a certain period of time. Although this sleep state has a lower energy consumption, resuming the activity of devices takes energy as well, and thus it is desirable to avoid unnecessary wake-ups, which may be caused by background applications that have periodic non-urgent tasks.

Non-urgent tasks may not only force devices to wake up, but also prevent them from going to sleep, since they may reset the timeout to enter the sleep state. Therefore, the second action taken by Cryogenic is to lengthen the duration of idle periods. This way, the overall consumption decreases and it is more likely that the device enters into sleep.


Internally, Cryogenic defers (or anticipates) the execution of non-urgent tasks so that they coincide with the performance of I/O operations requested by other urgent applications. Therefore, background tasks operate when the device is already active and they do not need to wake it up by themselves. Moreover, tasks using the same device are ideally executed in a clustered way and, as a result, the idle periods become longer.

The actual moment when an I/O operation is performed is determined by a tolerance window set by the application developer. The window is defined by a minimum delay and a maximum timeout, which ensures that the task will not indefinitely wait for other I/O operations and starve as a result. The delay and the timeout must be properly calculated and set by the programmer, since they determine the application behavior and they are the key factor to trade-off between the responsiveness of the application and the energy it consumes.

The architecture of Cryogenic defines an API composed of:

  1. A character device under /dev/cryogenic/ for each targeted device
  2. Redefinition of the following system calls: open, close, ioctl, select

The character devices, managed by the system calls, determine whether a task can proceed with its operation. The call to iocl is used to set the delay and the timeout for each task, and select allows or forbids the execution of an I/O operation at a given time.


In order to see how to use the Cryogenic API, we present the following example:

    sock_fd = create_socket();
    while() {

This code is a simplified version of a UDP client that sends packets periodically. In order to apply Cryogenic to this program, we need to perform the following actions.

  1. Open the character device corresponding to the active interface that is sending the packets, which we need to know beforehand.
  2. Within the main loop, and before the transmission, calculate the delay and the timeout and pass it to Cryogenic by calling ioctl.
  3. Call select before the transmission. The call to select will block until one of the events that are meant to allow the resumption of the task happen: an I/O operation requested by other applications or the expiration of the timeout that we set previously.
  4. After the loop, close the file descriptor.

The resulting code looks like this:

    sock_fd = create_socket();
    fd = open("/dev/cryogenic/wlan0");
    while() {
        times = calculate_delay_timeout(period);
        ioctl(fd, times);

As we can see, the call to sleep() has been removed since we assume now that the delay and the timeout completely determine the transmission time. Nevertheless, this is just an example and programmers may still want to keep it depending on the behavior they want to achieve.

Source code

You can download Cryogenic's source code here. The file also contains the necessary makefile to compile the module, as well as test programs used for experimentation.

Video: Alejandra Morales Ruiz Master's defense on Cryogenic

The video Creative Commons License
Cryogenic: Enabling Power-Aware Applications on Linux by Alejandra Morales Ruiz is licensed under a Creative Commons Attribution 3.0 Unported License.

Learn more

If you want to know more about Cryogenic or see further examples of usage, you can download the Master's thesis here.

Read more Friday, March 14, 2014 - 18:50 Alejandra Morales

Video: Bart Polot on GNUnet Mesh and GNUnet Conversation at YBTI/30c3

Here is the video of Bart Polot's talk at YouBrokeTheInternet/30c3 on "GNUnet Conversation". Note that somehow the title got botched to "GNU Telephony", which is simply incorrect as GNU Telephony is GNU's SIP replacement, and that is definitively not what the talk is about. This talk is about GNUnet's MESH routing and the GNUnet Conversation (voice-over-GNUnet) application that we are building with it.

Read more Tuesday, February 25, 2014 - 12:00 Christian Grothoff

Numerical Stability and Scalability of Secure Private Linear Programming

Read more Wednesday, February 19, 2014 - 13:57 Anonymous (not verified)


Subscribe to Front page feed