ANts P2P2P: A New Approach to File-Sharing

[Malicious Intent]

With traditional P2P, file sharers make a direct connection to the computer that is hosting the file they demand. Both parties in the transaction know what file is being transferred, and each other’s IP addresses. This provides users of the network with no privacy and ultimately makes them vulnerable to lawsuits in many countries.

But now there has been increasing interest in anonymising networks. These use clever mathematics to route data through the network in such a way that nobody knows who released the file onto the network, or who wants it, only what direction it needs to travel to get there. Although users on the network know the IP addresses of their neighbors, when those neighbors receive a file, users do not know if the sender is the file seed, or just a proxy from another user. This is oversimplified in comparison to the complexities of these networks, more details of which can be found on the MUTE <a href=http://mute-net.sourceforge.net/howPrivacy.shtml target="_blank">website</a>.

The first of these anonymising networks to attract attention was <a href=http://mute-net.sourceforge.net target="_blank">MUTE</a>, but now another developer has given us a second, called <a href=http://www.myjavaserver.com/~gwren/home.jsp?page=custom&xmlName=ants target="_blank">ANts</a>.

ANts is being developed by Gwren, who lives in an undisclosed coastal town in Italy. He has an interest in software engineering solutions, algorithms and computation theory, which he turned to the development of ANts as part of a university project.

Although inspired by MUTE, Gwren is keen to emphasize the different motivation behind the two projects. Jason Rohrer, the developer of MUTE, is motivated through disgust of how the music industry has behaved in reaction to the perceived threat from file sharing. This contrasts with Gwren, who has been developing ANts because of its potential importance in future communication systems. Unlike Jason, Gwren does not promise, or even believe, that ANts can provide full legal protection.

Slyck decided to investigate the features and power of MUTE and ANts. This article features Fred von Lohmann, who is currently one of America’s most important Intellectual Property Attorneys, Gwren, the developer of ANts, and Graham Morris, who is an information security specialist from England.

<u>Privacy</u>

Before looking at the legal protection offered by anonymising P2P, we will first analyse the protection of privacy they provide.

“Privacy, sadly, doesn't mean protection against the law," Gwren explains.

Fred von Lohmann, the Senior Intellectual Property Attorney for the <a href=http://www.eff.org target="_blank">EFF</a>, highlights the importance of the privacy provided by these networks. “It is important to remember that anonymizing proxy networks have lots of uses unrelated to file-sharing, including for anonymous web browsing, email, and instant messaging,” he told Slyck.

MUTE provides very low-level privacy. Although the information travelling between individual nodes is encrypted, each node has full access to the data travelling through the network.

This contrasts with ANts, which also encrypts data sent between the source node and the destination node. This is called endpoint encryption. Theoretically, endpoint encryption means proxy nodes cannot identify the data they proxy.

“A network where only point-to-point communication is encrypted is not private! Every node can read everything it is routing (is this privacy? The Internet works like this and we know its limits). Using endpoint encryption, which implies only an insignificant amount of overhead, you get real privacy, because only the two who communicate can decrypt the messages,” Gwren explains.

To discover the effect endpoint encryption, Slyck contacted an information security specialist, Graham Morris, who is a graduate of the Information Security Group at Royal Holloway College, University of London. Morris was impressed with the security level provided by ANts, describing it as, “a file sharing program that goes a long way to offering anonymity and confidentiality.”

However, he also had some criticism. To obscure the files being transferred so that proxies cannot identify them, the encryption mechanism “The Advanced Encryption Standard” (AES) is used. To be able to do this, the two file sharers must have a secret code (or “key”) that only they know. For them both to know the key, the Diffe-Hellman (DH) Key Exchange Protocol is used, but Morris raised some questions over the implementation of DH in ANts.

“The security of the system relies on this key exchange, but anyone could potentially launch a man-in-the-middle attack. This attack would allow an adversary to obtain the secret key and see the file being transferred,” he said.

This is usually combated with trusted third party involvement using “certificates”. These certificates are not implemented in the ANts network. To a determined node, ANts therefore provides no extra information security.

“I never said this program will not support certificates,” Gwren defends, “ANts is still beta, the next releases will support this feature. This means it will be possible to create internal communities based on certificate exchanges. The current endpoint DH exchange is very important, as it provides the bases for easily adding the certificate exchange at a later date. It is therefore not just an overhead.”

Endpoint encryption is a suitable system for groups of trusted peers to use. However, Morris still has some concerns.

“Implementing a certificate system is not a simple task. You need to be able to create, issue and revoke certificates, and you need a party that you trust to do this securely. You also remove anonymity, and may even introduce the concept of non-repudiation. This means that after sharing a file, you can’t later deny that you were the source.”

Ultimately this raises further questions of the use of an anonymising system between trusted peers. Indeed, if you trust them, why not make a direct connection? However, Morris is clear that there are many different methods of employing certificates. To discuss and analyze even one system would be a report in itself.

Whatever structure is used for trading amongst trusted peers, we know this is not how mass scale P2P networks operate. Users mainly communicate with untrustworthy peers, existing only as an IP address. As demonstrated by Morris, ANts cannot promise security between these majority transfers, due to lacking certificates.

But how much does this even matter? If the file is public enough to be in a shared folder, then how much does it really matter that proxy nodes can read the message?

Gwren described this issue as, “very complex, almost philosophical.”

This practical result is easiest summarized in two sections. The first, what ANts means to those who are trading in trusted groups. The second section looks at the more common scenario of users trading with unknown peers.

<b>Trading in trusted groups</b>

Highly dependant on the realization of certificates, communication between endpoints will be virtually impossible to break. This will ensure absolute privacy. Such a system will be akin to the waste network, but with the benefits of swarming.

The MUTE network does not provide this confidentiality.

However, questions remain as to how ANts will remain an anonymising system, whilst sources and recipients certify the file transfer.

It also represents the use of some very important software technology.

<b>Trading between untrustworthy peers</b>

Who reads the message is of little or no importance, as the information is public anyway. In turn, the weakness in the endpoint encryption is of no relevance.

Instead of privacy, users are provided anonymity.

“Anonymous means that nobody knows who puts something in the network. Say you want to talk ill of your employer. What do you do? You write anonymous letters to 200 people… each one of them will know perfectly well who their mailman is (in ANts’ case, it’s their neighbor, a well-known IP): the mailman is delivering the letter. But nobody will know who sent the letter,” Gwren explains.

The network also provides security for this through point-to-point encryption, as Gwren nicely illustrates:

Continuing his postman theme, “Regarding security, it refers to those cases in which someone puts a video camera in your house and gets a tape proving that you’re the one who wrote the letter. Thanks to encryption, ANts impedes an attack of this sort. Nobody can sniff out the packets to prove that you put any content on line.”

It should be pointed out that this anonymity and security, although very strong, is no more than provided by MUTE.

<u>Legal Protection</u>

Legal protection is increasingly what file sharers are caring about when choosing a file sharing application. Numerous music lovers have fallen victim to lawsuits against file sharers. With over 4500 such cases in America, along with a mass of cease and desist letters worldwide, protection from the prying eyes of organizations who think they are the law becomes ever more important.

In anonymising networks, it is impossible to detect who seeded a file. The same routing mechanism that provides anonymity also provides legal protection. As files make their way through the network, no peer can know if the file they are receiving has come from the original source or a proxy.

This system destroys the current targeting method used by organizations that object to the sharing of certain files. In traditional file sharing systems, file sources are tied to an IP address. But it is this attachment of IP address and file that makes targeting users sharing copyright works, for example, such an easy process. In anonymising networks, files are tied only to a virtual address. More details of how this provides legal protection can be found on the <a href=http://mute-net.sourceforge.net/howPrivacy.shtml target="_blank">MUTE</a> website.

Any two computers that are directly connected in a network are called neighbors. Neighbours must know each other’s IP addresses in order to keep the connection. As already established, when neighbors send each other files, the receiver does not know if their neighbor is the original seed, or a proxy. However, they do know their IP address and what has been sent.

“ANts and MUTE are anonymous, you never know who put the information onto the net,” Gwren explains nicely. “The problem is that you do know who is passing that information on to you. It’s like anonymous mail: you know the postman but you don't know the sender. ANts offers an additional element of security, because the postman cannot read your mail (unless he is the sender himself, but you have no way of knowing this!).”

Proxies are therefore in a weak position, as any peer can catch their neighbor proxying an objectionable file.

Slyck therefore sought to discover the legal implications of being a proxy in a file sharing network.

“It would be like killing the postman because he delivered a letter you don’t like,” Gwren joked.

Turning to a lawyer instead, Fred von Lohmann explained, “The law is simply unclear. No court has ever considered whether you can be held liable for copyright infringement simply for proxying data in a network. EFF strongly believes that the answer should be that, assuming you have no knowledge of what the packets are that you're passing, you should not be liable for the contents of the packets. That is, after all, the rule for ISPs. The same rule should apply for individuals,” he explained.

If the law favors the EFF view, then neither MUTE nor ANts peers can be held liable for proxying objectionable files. Although ANts provides endpoint encryption, the average user of MUTE would not know where to begin discovering what they are proxying. The overhead of endpoint encryption provided by ANts would therefore be wasted in a legal context.

When questioned about this, Gwren admitted that he does not know if the encryption is a wasted overhead or not. After all, the encryption is not in place for legal protection.

“Sorry, I'm not a lawyer, and I have no idea of law-related issues,” he explained. “I can only say that ANts protects your privacy and it is 100% secure only if you are communicating with a known trusted peer. The point is that a “cancerous” peer [any node which challenges the integrity of the network] can easily identify its neighbors; making them vulnerable to legal action should proxies be held responsible for the data they unknowingly pass on. Using ANts, it is possible to provide scientific evidence that the intermediate node did not know what it was routing, as a DH-secured channel between two endpoints is unbreakable.”

When questioned further about legal issues and encryption, Gwren reminded Slyck, “ANts was not born to break the law, it was born to give endpoint privacy in ad-hoc routing systems.”

So it currently appears that ANts and MUTE do provide protection from the law, but it will be last word to the lawyers and the courts. The biggest question will be whether proxies can be held responsible. Then we will see the value, if any, of endpoint encryption. It is also worth noting that the EFF are convinced that proxies will be safe even in the event of the INDUCE Act passing.

In the mean time, users can help themselves by manually connecting to neighbors they know and trust. By doing so, users can download from untrustworthy peers, with the safety of the information being sent via a trusted peer.

By having all users connecting solely to IP addresses they trust, users can develop sub-networks, where each user can operate safe in the knowledge that the only people who can see their IP address, are those who they have deemed trustworthy to.

<u>The Future of Anonymising P2P</u>

File sharers swapping the latest pop-track is one thing, but less savory characters may use the system to commit crimes. Pedophiles for example could use the system to hide their activities. Users of the network would unknowingly be proxying child pornography.

Gwren is quick to defend the development of anonymous P2P, saying, “with this way of reasoning, people should still live in caves. Do you think the US forefathers thought of this sort of thing when they first set up the US Mail service? Our mail is still protected today. No one can open a letter I send to you, and doing so is breaking the law. Privacy is a constitutional right all over the world and it must be protected."

Although there may not be a worldwide constitutional right, Gwren makes a valid point that such people should not hold back development of the Internet. The risks involved of proxying such material will be down to individuals to think about before joining. It really is impossible to have it both ways.

As networks become more anonymous, further problems will arise. Anonymity is also provided to those fighting the development of P2P technology. Data and information can be corrupted in transit. Rohrer, the MUTE developer, once said, “It is impossible to have both true anonymity and true message security/integrity.” A view supported by Gwren. This may translate into more corrupt files and wasted bandwidth in the future, as groups corrupt files in transit, rather than sharing files already corrupted.

Beta tests of MUTE have so far been successful. ANts in comparison is still too young to be making any judgments.

Both networks will be working hard to improve their services. ANts already features multiple source downloads, swarming and resumable transfers, all absent from MUTE.

MUTE is the easier network to connect to, as there is no need to visit an IRC room. However, Gwren argues this represents a more sophisticated connection system.

“MUTE uses a web cache. I preferred not to use a web cache because I don't like to store the user’s IP on a website. So ANts uses a volatile IP cache that is hosted on the network itself,” Gwren explains, “In comparison, the system is very advanced, because it can exchange IPs through the network itself and be transparent to NATs and firewalls.”

The value of the endpoint encryption used by ANts and not MUTE can only be determined by the file sharers themselves.

So where is anonymising P2P taking us?

“Have you seen Jurassic Park?” Gwren asks. “Remember what the park creator said... ‘Life will find a way’. I don't know what this way will be, but I'm sure that people will find a way to exchange information in a secured and efficient way... this is what people want, and we live in democracy.”

[Drake]

Excellent article...lots of good info here. Good job, Michael.

[Nessmaster]

Hey guys I can't add any Directories to my shared files on Ants. Does anyone else have this problem? I just go to the directory I want to add and click on add, but it doesn't do anything.

[chacho]

fantastic work!

i'll be trying these apps out to see how they do for me. thanks for all the info!

[AussieMatt]

This Program and Network has really grown in the past month Grwen the developer has been releasing patches and versions almost on a daily basis to improve the network .This network needs more people willing to try it and be patient with connecting becuse thier may be only 50 people so this limits the number of connection slots so it may take 5-10 minutes to find peers while its in its infancy .The Low number of peers also means there is not millions of files on the network search for the data type you are looking for like "mp3" and then try refine your search. This network rewards you the longer you stay on the network with more files as the Distributed search engine finds files for you and faster downloads as the network discovors the best path to follow via Ant Based routing ie the stongest "scent"

Please contribute to this network if you can and be patient it will work for you .

Be sure to look at the HTTP servers tab and hit refresh and you might find some websites that use the same method as the file sharing does to transfer information .The HTTP tunnel is one of the hidden gems of this Network and can handle all data types like Java and php this feature can be used to host a forum , a Invison powerboard has been tested on the network ,or a Hashfile indexing site .Sharereator may not be closed down today if they had published on system like ANts.The Webpages are slow if they are hosted on a slow connection or you have alot of slow connections in your proxy chain but unlike Freenet this system is working quite well.

[tsafa]

Very well written with a lot of diffrent views from diffrent experts. This will be the P2P story of the year.


If you are connecting for the first time. you will get a lot of help from other users in the built in IRC chanel. If it is an off hour, give people a chance to see your question and anser you.

download here:
http://www.myjavaserver.com/~gwren/Ants/antsp2p.jnlp

You must have java already installed

[Asuran]

It just says 'no peers on the channel' and 'wait ants is connecting' and nothing ever happens? Also what do the 3 different ports stand for in the settings? Usually programs work just fine with one listen port. I only have a couple of ports open from my ISPs firewall so I don't like wasting several ports for one program.

[tsafa]

asrun, Ants uses two port number. x and x+1 you can set it to what ever number you want. The defult is 4567 and 4566 . I think you might also be looking at that part in setting at "open http service" leave that off for now. That is if you want to set up a webpage and publish it anonymously through ants. You can try that down the road if you want. It is very easy and i have written instruction on how to do that. The main thing is to get into the IRC chanel. There you will find people like me that will be happy to help you further.

If you are connecting from USA please use IRC.US.AZZURRA.ORG as default IRC server in Settings tab. The chanel is #ants-peers. All this should come up by defult.

[Mrs. 2p]

Glad tofinally see it up, MI! Looks just great!

ANts does, indeed, look like a very interesting development. Other than what it means to P2P, I'm waiting to see what it will do to internet communications in general. I like the point about mail and telephone communication privacy being a constitutional right. Right to privacy finally on-line?

[Asuran]

asrun, Ants uses two port number. x and x+1 you can set it to what ever number you want. The defult is 4567 and 4566 . I think you might also be looking at that part in setting at "open http service" leave that off for now. That is if you want to set up a webpage and publish it anonymously through ants. You can try that down the road if you want. It is very easy and i have written instruction on how to do that. The main thing is to get into the IRC chanel. There you will find people like me that will be happy to help you further.

I don't have two subsequent ports open (n & n+1),
I can only use ports 22, 25, 80, 113, or 443.

If you are connecting from USA please use IRC.US.AZZURRA.ORG as default IRC server in Settings tab. The chanel is #ants-peers. All this should come up by defult.

What if I'm from EU? By default it connects to a channel #ants-peers-beta0.1.0, how is one supposed to know to change that to #ants-peers?

These things should work by default...

[troc]

wow, great bit of writting. Informative and backed up by various perspectives.

But what a contrast with the Peer2Mail article from yesterday ! Which other than pointing out a potentially good idea, pointed to scammy affiate web sites and dodgy software.

[AussieMatt]

Asuran are you running a old version of Ants that irc channel and server is Default for old versions .The latest version is 0.2.9 ; you should use the autoinstaller version on Grwen's website to get up to date .But if you cant use those ports you can change them in the connection pannel and then forward the ports if you can. I would be getting another ISP or are you behind a school network if you can only access those ports.

A word of advice for all users update this program often as it is currently in very active development and patches ,bugfixes and versions come out on almost a daily basis .

Ants Auto Installer

[Asuran]

Asuran are you running a old version of Ants that irc channel and server is Default for old versions .The latest version is 0.2.9 ; you should use the autoinstaller version on Grwen's website to get up to date.

Well, it autoupdated it on start up and I changed the irc channel manually to #ants-peers now.

But if you cant use those ports you can change them in the connection pannel and then forward the ports if you can.

But do they need to be subsequent numbers as stated above. (n, n+1)

When I open the advanced settings tab I see total of 3 port fields not counting the http server.

I would be getting another ISP or are you behind a school network if you can only access those ports.

It's a student connection and if you can find another ISP offering a 100Mbps connection for 12€/month let me know. Add to that that 99% of network software can be set to operate with one of the ports I DO have open, it's not very likely I'm changing ISP just for ANTs.

IMO need for more than one listen port is nothing but bad design. For instance the original Bittorrent client requires a range of ports, while newer, more advanced Bittorrent clients can operate with one.

[tsafa]

If you are in europe, drop the us. out of the server name. I don't think you need to replace it with anything.

regaurding the issue that you can not have two sequential port numbers. i will copy an past your issue in the ants forem for GWREN to see. if you want to check it yourself, its at http://www.myjavaserver.com/~gwren/home ... lName=ants

[gwren]

I'm going to answer ya...
Your open ports are ok, you can connect... but you need help.

First: you don't need to care about your ants port, you are natted so you cannot receive incoming connection, facus instead on other nodes port.
As you cannot connect to irc, it is mandatory for you using a trusted peer, your trusted peer MUST be a node running ants on any of your free ports... so you can ask in the channel if someone with a permanent ants can act as a gateway for you, he simply have to run ants on 80 port instead of 4567, and you simply have to put his ip in trusted peers with port 80. It's a bit tricky but it works...

[Asuran]

I'm going to answer ya...
Your open ports are ok, you can connect... but you need help.

First: you don't need to care about your ants port, you are natted so you cannot receive incoming connection, facus instead on other nodes port.
As you cannot connect to irc, it is mandatory for you using a trusted peer, your trusted peer MUST be a node running ants on any of your free ports... so you can ask in the channel if someone with a permanent ants can act as a gateway for you, he simply have to run ants on 80 port instead of 4567, and you simply have to put his ip in trusted peers with port 80. It's a bit tricky but it works...

No I'm not NATed, I have a public, static IP address. Then only restriction is a university firewall that blocks other incoming TCP connections than the ports mentioned above.

I can operate in active mode as long as the listen port can be set to one of those 5...

I can connect to ANTs IRC channel with no problems.

I just didn't understand the purpose for so many ports in ANTs...

[gwren]

LOL som many? Emule opens 50/100 ports and three ports are many?

Anyway let's answer:

4567 -> Main connection listener
4568 -> server that gives back a few ips of nodes with free connection slots

XXXX -> You irc outgoing connection.

Only if you activate HTTP Service on port 80 and you want a proxy on port 8080

1)8080 -> MUST BE FIREWALLED
2)80 -> MUST BE FIREWALLED (It's your webserver port)

These two ports are opened only locally, they must not be port opened to the net! You need a webserver on port 2) and you use the proxy at 8080 to access any othe webserver on ants...

[Yozhno]

Ants I found was crap when I first used it. It used nothing more than the IRC network and the only it really could be secure is if you only traded amongst friends. Any retard could enter the channel. I find the program nothing new and it basically to me another way of accessing IRC.

Now if you are interested in trading amongst friends you can form your own groups with programs like Exosee or WASTE.

Their are negative sides to each of these programs though. WASTE needs a central Server but has ecryption. Exosee has no Ecryption but not so a strong need for a central server.

I had trouble connecting to other people in WASTE especially people with routers. However I found Exosee a breeze to setup and use but NO ecryption. But you are trading amongst friends. So it should be ok?

If I have anything wrong please correct me

[Asuran]

LOL som many? Emule opens 50/100 ports and three ports are many?

Emule opens 100 local listen ports? I have hard time believing that. Must be a pain to do the port forwarding if you use a NAT or a router. Opening a local port is not the same thing as opening a connection to a remote port. Two entirely different things.

Anyway let's answer:

4567 -> Main connection listener
4568 -> server that gives back a few ips of nodes with free connection slots

XXXX -> You irc outgoing connection.

Only if you activate HTTP Service on port 80 and you want a proxy on port 8080

1)8080 -> MUST BE FIREWALLED
2)80 -> MUST BE FIREWALLED (It's your webserver port)

These two ports are opened only locally, they must not be port opened to the net! You need a webserver on port 2) and you use the proxy at 8080 to access any othe webserver on ants...

Ok I guess that explains it. So I think it will work as long as the main connection listener is set to an open port.

[gwren]

mmm... I suppose I should laugh...

Have I said LISTEN PORTS? I said PORTS!

[Mrs. 2p]

Ants I found was crap when I first used it. It used nothing more than the IRC network and the only it really could be secure is if you only traded amongst friends. Any retard could enter the channel. I find the program nothing new and it basically to me another way of accessing IRC.

Now if you are interested in trading amongst friends you can form your own groups with programs like Exosee or WASTE.

Their are negative sides to each of these programs though. WASTE needs a central Server but has ecryption. Exosee has no Ecryption but not so a strong need for a central server.

I had trouble connecting to other people in WASTE especially people with routers. However I found Exosee a breeze to setup and use but NO ecryption. But you are trading amongst friends. So it should be ok?

If I have anything wrong please correct me Smile

Well, I guess Gwren will answer more fully. However....

I don't think that trading among friends is what ANts is about, really. Actually, it's about making the source untraceable, and the message unreadable. It's more about bringing snail mail's privacy to on-line communications.

Trusted peers may be, yes, friends, but also a syndicated group (like, for example, the members of a national lawyer association, or the students on campus).

Also, I believe the central server - encryption trade-off you mention is irrelevant in ANts. I think it's decentralized.

That being said, I have not had had the time to try it myself. So I can't say anything about the "crapness" you mentioned. It might very well be unstable and buggy. But I guess one has to be patient with new applications. This doesn't mean it's a poor program, but rather, that it still needs working.

PS. great to see you back, Yoz!:D we've sure missed you (although you've been always present through the ava competition tradition that j_dogg has perpetuated in your name)

[Asuran]

mmm... I suppose I should laugh...

Have I said LISTEN PORTS? I said PORTS!

Why would you bring up remote ports when the issue was about local listen ports. My original post:

Also what do the 3 different ports stand for in the settings? Usually programs work just fine with one listen port.

Try reading before answering next time...

[AussieMatt]

Here from the Ants website

Project description

Abstract

The main problems of the 2-nd generation p2p nets (as well as the 1-st one) are two: the complete lack of privacy and data protection and the lack of structured queries. Doing queries over the net we can see who's connected and what he's sharing. This is not acceptable if we care about our privacy... furthermore we usually have many problems in finding what we are looking for: queries support in common p2p system is usually not-stuctured and exact text-matching based, so we cannot exploit SQL-like features (join and so on...) over the net data-set. This project tries to resolve both the problems.

The privacy problem

It faces the privacy one breaking the ebsence of p2p... I mean a connection is not anymore point 2 point in the strict sense... the peers are virtual peers over a virtual net, so when we are requiring a resource over the net, our request is routed through many points utill it reach our peer. The peers are not anymore identified by ip... the have a unique ID produced hashing infos from their time and their location (this yields a unique hash). So a client now knows only the ips of its neighbours (the other peers directly connected to it), but it doesn't know their ID, as only the same node knows its ID. So what about routing, how can a node route a message if it doesn't know where the destination is? Simple... a node will know which are the "best" direction to route a message to, but it will not know where precisely another node is. The routing protocol has been developed over studies on ants behaviour... ants do not know the precise location of their hive, they simply follow a track... the same happends in this system. So the more messages follow a track the more that track will be "strong", if a track produces many failures it'll fade out and it won't be followed anymore. This way we can achieve privacy over our identity, but what about the informations sent? They have to route through many peers so how can we protect 'em? The protection is realized at 2 levels... low level (against man-in-the-middle extern to our net) by crypting communication between each couple of directly linked points of the net, high level (against internal threats) crypting the communication between the two end points. At both level the security is granted using a DH-KA and DES or AES (negotiated at the beginning).

The queries problem

Another solution has been found for the query problem. Each query is distributed (in a non deterministic and sequential way) over a part of the net. It is processed by each node it passes and at last it is returned to the source following the shortest path. Each node can process operations more complex than the simple text-matching: we can support pseudo high level SQL-queries over the data-set reppresented by our partial explored net.

Efficiency issues

We talked about a wide spread net that comprises very etherogeneous kind of nodes (lan connection as well as 56k) how can we support efficiency? The routing protocol is studied to find the best path to route a message... but if the path is not present we cannot find it. So we have to create a well structured net with a sufficient number of "routing point" (I mean pseudo server point with high speed connection and high connectivity (about 30 peers connected). The peers don't need to know the address of these points... we can structure the service creating few (hidden) routing points and many access points. At the startup one can choose if becoming an access point or a simple peer, every group of people can also create their own net with routing points and simple peers (a very scalable system). Computer simulation over the routing protocol have shown its efficiency over both the cases: with or without many routing points... in practice the virtual net is a sort of neural network that learns during its life and distributes the traffic in the best way.

About the IRC based connection system

Is there any threat due to the IRC based connection system? Is it dangerous that my IP appears on IRC? NO! Because ANts Net and IRC net are two distinct nets and the first has nothing to do with the sencond. I mean, when you log on IRC starting your ants client you usually join a chat room. In the chatroom you'll find other peers, each peers in the channel runs a particular server at port 4568, this is called the address server. The address server is a sort of crawler that roams around the ANts net collecting the IPs of every node that has free slots for new peers that want to access the ANts net. So each node of the ANts net will manage a list of these IPs with free slots. Through IRC (by a simple message) you can obtain the address of a peer running the server and already connected to the net. Once you have the address of the address server you can query that peer for IPs you can connect to. Once you are connected to the ANts net you'll crawl the net too for addresses with free slot (I mean your address server), and other peers will crawl through your node. This cause no threat because giving back your address to a query does not give any info to other peers about your location or about the ID you are using. Also if you are the only peer connected to another, the other cannot know if you are the only peer connected or if other peers without free slots are connected to you (same as for normal queries... noone knows who really answers queries).

The Ants Network only uses IRC for peer discovory like a webcache in other p2p aplications , the IRC chat is just a added benefift .Ants doesnt even need IRC to run you can use trusted peers to connect to and not even start IRC to connect to the Ants network . Try this yourself . In the settings tab if you have all the connection TABs up hit the disconnect from IRC button and open the java console you will see Ants is running without IRC and routing messages and working normaly and it will still upload and download files and search the network like normal .So Ants is not just another IRC client .

Yohzono comments about WASTE are wrong also anyone on WASTE can be a listener and router so it is a distibuted network that is serverless also.

Network architecture: WASTE uses a distributed architecture that allows for nodes to connect in a partial mesh type network. Nodes on the network can broadcast and route traffic. Nodes that are not publicly accessible or on slow links can choose not to route traffic. This network is built such that all services utilize the network, so firewall issues become moot.

[tsafa]

gwren, can you expand on the need to firewall port 80 and 8080.

[tsafa]

Down the road perhaps gwren can build a non-IRC client for newbies the use webcatches. All of the people who are useing Ants right now have some prior P2P experiance. This is because only experianced p2p users are gona come to a forem like slyck and learn about it. At some point, as the program increases in popularity, we will start seeing some first time p2p users coming straight to Ants. I don't think those people will be able to understand the division between the IRC and the p2p aspects of the program. I'm thinking in term of a year from now. By then the code will have matured and upates won't be as often as they are now. BTW, I very much look forward to my daily update. I have never seen a harder working programer then Gwren.