GPL (GNU General Public License)    
Anonymous Network Project




AnonNet (Anonymous Network Project) is an attempt to help establish an infrastructure for anonymous networking. Put simply, it dynamically builds a route between multiple "proxies" across the Internet, such that it would be extremely difficult for any party aside from yourself to determine the originator (you) of the traffic flowing over that route. In a nutshell, it prevents people or devices from spying on you, either actively or passively.

AnonNet is based on the PipeNet model. So is the Freedom Network and the Onion Routing project. KNet keeps a comprehensive list of anonymity projects.

AnonNet has 4 major goals:

 1. Strong Anonymity: The gauge is how closely AnonNet can implement the PipeNet model. A theoretical PipeNet could provide perfect anonymity.
 2. De-centralization: Everything must be distributed and have no necessity for the centralization of any of its dependent functions. This characteristic is variously referred to as a distributed network, or peer-to-peer network.
 3. Community: It is designed to be hosted broadly and accessible to all. This means the client facing functions should scale from a user on a 28.8/33.6 dial-up connection to T3 users. Just as important, it should be cheap on system resources, and especially on bandwidth costs, to make community hosting of reliable AnonNet nodes less burdensome.
 4. Interoperability: AnonNet should work with most major Internet applications such as the WWW, FTP, and e-mail (SMTP, POP, IMAP). Using traditional proxy servers, and neat libraries such as tsocks and SocksCap, most Internet software applications should be supported.

How does AnonNet compare to other consumer "anonymizing" services? One of the more popular services is The problem w/ this service is that if I wanted to see who was using this service to view, I could simply watch the Internet traffic coming and going from the Anonymizer service and pin-point who is doing what. Also, is centralized (in other words, the service is provided from a specific set of addresses on the Internet). Some countries, and many corporations, block access to, as well as to many similar services. AnonNet is designed to resist "black-listing", similar to how the Gnutella network resists the threats that affected Napster's demise.

It is important to note that all anonymizing services and applications are susceptible to traffic anaylsis, part of which is what was described above. AnonNet, and others based upon the Pipenet model, or similarly the Mix-net model, fair far better than any other service or application. Some services try to play keep-away w/ your traffic by simply bouncing data across the network in an attempt to obscure it. From a pure anonymity stand-point these schemes do not stand-up to scrutiny very well. One of the strongest techniques in AnonNet is the implementation of padding, which defends against timing analysis. AnonNet and the Freedom Network are the only applications I know of that implement any kind of padding, therefore every other anonymity application unduly exposes you to attack via timing analysis. And given the current state of the public TCP/IP network topology (i.e. large proportions of traffic traversing the same lines), plus the gains gotten from targeted attacks, timing analysis is a serious threat to anonymity, especially in the face of wider P2P application deployment where timing analysis will become a more valuable tool in general.

The main consideration is to remember that confidentiality is a component within anonymity, but not vice-versa. Strong crypto, but weak or trivial communication links, does not an anonymity application make. Just like secrecy in cryptography is not of much value in the creation and use of primitives, secrecy and obfuscation is not of much value in keeping people from tracing your steps.

AnonNet has been developed on Debian GNU/Linux (Woody/3.0) and OpenBSD 2.9/3.0. I have not tried to build or run it on anything else yet, but it is being written with portability in mind. The code strives to be ANSI/ISO Standard C compliant, and where possible only use generally adopted and standardized POSIX and UNIX X/Open routines. YMMV.

AnonNet requires GMP to provide multi-precision math for the public-key crypto implementations, and either a non-blocking [psuedo-]randomness device (eg. /dev/urandom) or a non-blocking, socket-based psuedo-randomness generator such as PRNGD. Regards to the following projects from which source was merged into AnonNet:

 * LibMcrypt: can be used in place of the internal block ciphers as a compile time option
 * Nettle: the block ciphers Rinjdael, Twofish and Serpent; and the stream cipher Arcfour
 * Mhash: implementations of the SHA-1 and Tiger hashes
 * lsh: prime number generation routines and interfaces into GMP

AnonNet is licensed under the GNU GPL, with (3rd party) portions utilizing the GNU LGPL and BSD-style licenses.
Last updated on February 25th, 2010

0 User reviews so far.