Paper Review: Freenet: A Distributed Anonymous Information Storage and Retrieval System
Reviewer: Kevin Hofstra
1. Can we build a distributed network of nodes in which information storage and retrial is handled anonymously between each of its users? What are the costs associated with this anonymity and what are the limitations of this approach?
2. A proposal of the framework for Freenet. An evaluation of its feasibility across a large network. A small scale implementation and included data.
A. Data is stored according to a key determined by a hash upon the name given to the file.
B. Insert or retrieval requests are passed down nodes to successors until a timeout value has been reached.
C. Each file is stored along its path of requests. This can be seen as a lot of unnecessary overhead, but in the Freenet environment it is seen as fault tolerance and also makes it difficult to find who the original owner is.
D. The depth and time to live values have probabilistic determination of whether to change values to provide uncertainty for who the original sender or provider is.
E. Storage is encrypted in each node by a key determined by the info of the file so that users cannot be held responsible for the data that they hold in their own storage.
F. Collisions are figured to be rare and malicious users self avoiding, but do mount a definite risk.
4. Rating- 5
The idea of having a distributed and reliable network that is also anonymous is truly revolutionary. They have been able to overcome many possible setbacks without sacrificing the integrity of the system.
Although it is solid in theory, the actual implementation will be much more difficult. The cost associated with making each node along a retrieval path will be much more costly than they realize. It will be difficult to hold multiple legacy versions of files without changing its name. I also have to question the scalability and also question the ability of the system to deal with malicious users.
5. Systems analysts should recognize that anonymity of a user or request does not have to be provable. It must only be proved that there is a chance of anonymity. This is shown is the case of hashing, where multiple files can match to a simple key. It is very possible to have an extremely good guess of the intended file by doing exhaustive search on its possibility, but it cannot be proved absolutely. This can also be seen in the probabilistic non-timeout when timeout has been reached so that the initiating and ending nodes can be reasonably guessed but not proved. Each of these remote but actual possibilities gives the user deniability.