You are here

GNUnet 0.10.0

We are pleased to announce the release of GNUnet 0.10.0. This release represents a major overhaul of the cryptographic primitives used by the system. GNUnet used RSA 2048 since its inception in 2001, but as of GNUnet 0.10.0, we are "powered by Curve25519". Naturally, changing cryptographic primitives like this breaks backwards compatibility entirely. We have used this opportunity to implement protocol improvements all over the system. In terms of usability, users should be aware that (1) compiling GNUnet requires recent versions of libraries that were only released in December 2013 and are thus unlikely to be available in common distributions, (2) the nascent network is tiny and thus unlikely to provide good anonymity or extensive amounts of interesting information, and (3) that we had limited time to test the new code, especially in a real-world deployment. As a result, this release is only suitable for early adopters with some reasonable pain tolerance.

About GNUnet

GNUnet is a framework for secure peer-to-peer networking. GNUnet's primary design goals are to protect the privacy of its users and to guard itself against attacks or abuse. At this point, GNUnet offers four primary applications on top of the framework:

The file-sharing service allows anonymous censorship-resistant file-sharing. Files, searches and search results are encrypted to make it hard to control, track or censor users. GNUnet's anonymity protocol (gap) is designed to make it difficult to link users to their file-sharing activities. Users can also individually trade-off between performance and anonymity. Despite providing anonymity, GNUnet's excess-based economy rewards contributing users with better performance.

The VPN service allows offering of services within GNUnet (using the .gnu TLD) and can be used to tunnel IPv4 and IPv6 traffic over the P2P network. The VPN can also be used for IP protocol translation (6-to-4, 4-to-6) and it is possible to tunnel IP traffic over GNUnet (6-over-4, 4-over-6). Note that at this stage, it is possible for peers to determine the IP address at which services are hosted, so the VPN does not offer anonymity.

The GNU Name System (GNS) provides a fully-decentralized and censorship resistant replacement for DNS. GNS can be used alongside DNS and can be integrated with legacy applications (such as traditional browsers) with moderate effort. GNS provides censorship-resistance, memorable names and cryptographic integrity protection for the records. Note that at this stage, it is possible for a strong adversary to determine which peer is responsible for a particular zone, GNS does not offer strong anonymity. However, GNS offers query privacy, that is other participants can typically not decrypt queries or replies.

GNUnet Conversation allows voice calls to be made over GNUnet. Users are identified using GNS and voice data is encrypted. However, GNUnet Conversation does not provide anonymity at this stage --- other peers may observe a connection between the two endpoints and it is possible to determine the IP address associated with a phone.

Other applications are still under development.

Key features of GNUnet include:

  • Works on GNU/Linux, FreeBSD, OS X and W32
  • P2P communication over TCP, UDP, HTTP (IPv4 or IPv6), HTTPS, WLAN or Bluetooth
  • Communication can be restricted to friends (F2F mode)
  • Includes a general-purpose, secure distributed hash table
  • NAT traversal using UPnP, ICMP or manual hole-punching (possibly in combination with DynDNS)
  • Small memory footprint (specifics depend on the configuration)

For developers, GNUnet offers:

  • Access to all subsystems via clean C APIs
  • Mostly written in C, but extensions possible in other languages
  • Multi-process architecture for fault-isolation between components
  • Use of event loop and processes instead of threads for ease of development
  • Extensive logging and statistics facilities
  • Integrated testing library for automatic deployment of large-scale experiments with tens of thousands of peers

Noteworthy improvements in 0.10.0

  • Improved documentation, including an extensive developer handbook and a new post-installation tutorial with first-steps for users
  • New application: GNUnet Conversation
  • New combined multi-process GUI gnunet-gtk
  • New tool to create GNS Business Cards gnunet-bcd
  • New tool to import GNS QR codes gnunet-qr
  • Use of EdDSA and ECDHE instead of RSA for peer's public key cryptography
  • CORE connections now use perfect forward secrecy with 12h rotation intervals
  • Use of ECDSA for GNU Name System and identity management
  • Unified identity management for GNS and File-sharing
  • KSK and SKS queries in file-sharing are now indistinguishable
  • Peers in F2F mode can use "do not gossip" flag to hide their existence from non-friends entirely
  • End-to-end encrypted mesh tunnels
  • Flow- and congestion-control for mesh tunnels
  • Improved key revocation scheme for the GNU Name System
  • Improved query privacy for the GNU Name System
  • Improved name shortening for the GNU Name System
  • Improved handling of shadow records for the GNU Name System

The above is just the short list, our bugtracker lists over 350 individual issues that were resolved. It also contains a list of known open issues that might be useful to consult.

Known Issues

We have a few issues that were reported by developers in the last week that were most likely not resolved in the final release. Users should be aware of these issues, which we hope to address shortly.

  • NAT traversal does not work as well as it should (feature), explicit hole punching and specification of the external IP in the configuration is advised
  • Timestamps in log files do not respect winter time (#3236)
  • When the HTTP(S) transport plugins are enabled, peers sometimes fail to connect at all (#3238)
  • Rarely, the TCP transport plugin may cause a crash (#3232)
  • Bandwidth allocation among the neighbors of a peer seems to be sometimes rather unfair (#3237)
  • Crashes in gnunet-fs-gtk (#3240) and the MESH service (#3239) were reported but could not yet be reproduced

In addition to this list, you may also want to consult our bug tracker at
https://gnunet.org/bugs/.

Availability

The GNUnet 0.10.0 source code is available from all GNU FTP mirrors. The GTK frontends (which includes the gnunet-setup tool) are a separate download.
Please note that some mirrors might still be synchronizing..

All known releases
https://gnunet.org/downloads
GNUnet on a FTP mirror near you
http://ftpmirror.gnu.org/gnunet/gnunet-0.10.0.tar.gz
GNUnet GTK on an FTP mirror near you
http://ftpmirror.gnu.org/gnunet/gnunet-gtk-0.10.0.tar.gz
GNUnet FUSE on an FTP mirror near you
http://ftpmirror.gnu.org/gnunet/gnunet-fuse-0.10.0.tar.gz
GNUnet on the primary GNU FTP server
ftp://ftp.gnu.org/pub/gnu/gnunet/gnunet-0.10.0.tar.gz
GNUnet GTK on the primary GNU FTP server
ftp://ftp.gnu.org/pub/gnu/gnunet/gnunet-gtk-0.10.0.tar.gz
GNUnet FUSE on the primary GNU FTP server
ftp://ftp.gnu.org/pub/gnu/gnunet/gnunet-fuse-0.10.0.tar.gz

Note that GNUnet is now started using "gnunet-arm -s". GNUnet should be stopped using "gnunet-arm -e".

Thanks

This release was the work of many people. The following people contributed code and were thus easily identified: Alejandra Morales, Andreas Fuchs, Bart Polot, Bruno Cabral, Christian Fuchs, Christian Grothoff, Claudiu Olteanu, David Barksdale, Fabian Oehlmann, Florian Dold, Gabor X Toth, LRN, Martin Schanzenbach, Matthias Wachs, Maximilian Szengel, Nils Durner, Simon Dieterle, Sree Harsha Totakura, Stephan A. Posselt, and Werner Koch. Additionally, we thank Sébastien Moratinos, Diana del Burgo, and gillux for their work on the website.

Further Information

GNUnet Homepage
https://gnunet.org/
GNUnet Installation Handbook
https://gnunet.org/installation-handbook
GNUnet Forum
https://gnunet.org/forum
GNUnet Bug tracker
https://gnunet.org/bugs/
IRC
irc://irc.freenode.net/#gnunet