summaryrefslogtreecommitdiff
path: root/doc/www.anonet2.org/public_pod/faq.pod
blob: d5787987557a373a21553db680f2b89708a85911 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
=head1 AnoNet2 FAQ

Back to homepage - L<http://www.anonet2.org/>

=head2 Resources

=over

=item Why do you use 1.0.0.0/8?  It's been assigned to APNIC.  You should use private (RFC1918) address space like 10.0.0.0/8.

AnoNet is a public internet, and as such it should use public address
space.  ICANN (a private corporation) controls the public resources on
the IcannNet (a.k.a. the "public" Internet), and has delegated 1.0.0.0/8
on the IcannNet to APNIC.  AnoNet is a separate public internet, that
doesn't answer to ICANN (nor to anybody else, for that matter).  Now,
that said, when AnoNet started using 1.0.0.0/8 it was reserved (i.e.,
not to be allocated), but because of ICANN's mismanagement of the IPv4
address space (which is why nearly all 4 billion addresses have already
been assigned, in a world with only 6 billion total people, including all
the starving babies in Africa who don't even know yet what a computer is),
ICANN had to take 1.0.0.0/8 out of its "reserved" pool and to put it into
the "assignable" pool.  AnoNet has no control over ICANN policy, so while
AnoNet did attempt to avoid directly conflicting with IcannNet addresses,
ICANN ultimately made sure that attempt would fail.  (If you'd like to
connect to an internet with address space that's still in the ICANN
"reserved" pool, you may want to try VAnet.)  Using private address
space is inappropriate for a public internet, per RFC1918.  (If you'd
like to connect to an internet that uses private address space anyway,
you may want to try dn42 at L<http://www.dn42.net/>.)

=item You should register 1.0.0.0/8, before you use it.

By the same logic, ICANN should register 0.0.0.0/0, before it uses it.
ICANN claims divine authority over 0.0.0.0/8, and allows people to use
parts of it if they meet certain conditions set by the IETF and ICANN.
The IETF conditions are reasonable if you don't assume that Internet
is owned by ICANN.  The ICANN conditions, on the other hand, are highly
unfair and actively hurt people who want their freedom (by requiring them
to give up their anonymity, to sign a restrictive agreement, and to have a
relationship with a regulated company with its own restrictive agreement).
Therefore, ICANN is not a suitable government for a free internet.
The AnoNet1 government claims "trust us instead," but AnoNet2 doesn't
require you to trust anybody.  That's the only way for you to guarantee
that AnoNet will never mismanage IP space the same way that ICANN does.

=item ICANN isn't mismanaging the IPv4-space.  IcannNet usage is just exploding faster than anybody ever predicted.

L<http://www.networkworld.com/news/2010/081610-5billion-devices-internet.html>
claims that the IcannNet only has about 5 billion total devices, of
which only about 1 billion "regularly connect" (PCs, laptops, etc.).
There are plenty of possible addressing schemes that could accomodate a
billion "regularly connecting" devices with an address space quadruple
the size (even without NAT, if you want).  ICANN clearly isn't using
any of them.  By any sane technical definition, that would certainly
qualify as "mismanagement."

=item If you use 1.0.0.0/8, you're squatting on somebody else's resources.

If you use 1.0.0.0/8 on the IcannNet, then your statement is correct,
but AnoNet and IcannNet are two totally separate public internets,
so it's ridiculous to accuse a participant in one to be squatting
on resources on the other.  ICANN has no divine right to 1.0.0.0/8
(nor to any other netblock, for that matter) outside the IcannNet.
Moreover, using 10.0.0.0/8 I<would> be squatting on private address
space (address space that's reserved for your own home network),
per RFC1918.  (While AnoNet couldn't care less about ICANN, we do use
the IETF protocols (with s/IcannNet/AnoNet/), so if the IETF says that
10.0.0.0/8 is reserved for your own home network, far be it from us to
steal it for some "public" network.)

=item AnoNet runs on the IcannNet.  Therefore, you _are_ squatting.

That last accusation has no logical basis.  Just because most AnoNet
links are tunneled over the IcannNet doesn't give ICANN a right to rule
the content of those tunnels.  (In almost exactly the same way, just
because most IcannNet links move over telecom equipment doesn't give the
ITU a right to rule the content of those links.)  In fact, ICANN itself
will happily confirm that it has neither authority nor ambition to rule
the content of IcannNet communications between endpoints, inclusive of
AnoNet tunnels.  Therefore, even if you buy the logical validity of your
claim, ICANN will still shoot it down.

=item Okay, you're not squatting, but now that 1.0.0.0/8 is being actively used on IcannNet, you should move to 10.0.0.0/8 to avoid conflicts.

AnoNet is under no obligation to shrink its address space just because IcannNet decided to create a conflict.  Also, moving to 10.0.0.0/8 will create more conflicts than staying in 1.0.0.0/8 (since 10.0.0.0/8 is far more congested than 1.0.0.0/8 will ever be).

=item You should move to IPv6, then.

That's not the only logical conclusion, based on the above.  However, AnoNet has no rules, so you're more than welcome to move to IPv6, and/or to try to convince others to do the same.  As long as you don't start out with unrealistic expectations, you probably won't be disappointed with the results of your preaching effort.  [Update: It appears that IPv6 may have some deployment on AnoNet, now.  (Maybe somebody read the above as a challenge and decided to run with it.)  Perhaps the guys using it will fill in some details here.]

=back

=head2 Peering

=over

=item What is peering all about?

AnoNet is an internet.  An internet means an internetwork, or a
network that connects between networks.  An internetwork is normally
constructed by making links between the different networks, and then
carrying internetwork traffic along those links.  (If network A has
a link to network B, then traffic from A to B or from B to A should
probably pass through that link.)  Such a link is called a "peering,"
and the two sides of that link are called "peers."  On the IcannNet,
peerings are normally done over leased lines, but due to the nature of
AnoNet, using leased lines isn't much of an option for most peerings.
Therefore, most peerings are done over tunnels on the IcannNet.
The most common software for AnoNet tunnels is OpenVPN, although
tinc and L<quicktun|http://wiki.qontrol.nl/QuickTun> are also used.
(tinc in particular deserves special attention: it can create a mesh
between participants, sacrificing anonymity to achieve lower latency.)

=item Whom should I peer with?

If you want to protect your anonymity, you'll want to peer with only
a few others.  If you're more interested in getting good latency,
you'll want a more promiscuous peering policy.  Your peers are able to
access certain information (like your IP) that isn't easy for others
to access, so the harm in having too many peers is that the secrecy of
that information is protected by the "weakest" link.  (The greater the
number of people who know a secret, the greater the number of people
who are likely to hear about it within a given time interval.)

=item How can I talk to the rest of AnoNet, if I'm only peered with a few others?

How can you talk to Google, if you're only hooked up to your local ISP?
The answer is that your ISP offers you "transit" to its peers, which
in turn offer your ISP transit to their peers, etc.  (If network A is
connected to network B, which itself is connected to network C, then
with B's permission network A can talk to network C.)  On AnoNet, most
peerings have BGP sessions managing the routing tables on both sides,
in order to provide mutual transit.  (On AnoNet, providing transit is
an advantage, since it improves your own anonymity.)

=item Won't providing transit slow down my Internet connection?

If you're the preferred transit provider between two guys who feel
like streaming a whole ton of real-time studio-quality video back and
forth all day, that can certainly slow down (to put it mildly) your
dial-up connection.  In reality, most traffic on AnoNet is plain text,
so you probably don't have too much to worry about, especially if you
have some sort of broadband connection.  That said, if it ever _does_
become an issue, all you have to do is stop providing transit (although
the particular case above is unlikely to persist even if you do nothing
at all, since the two streaming guys will quickly figure out that going
through you won't get them anywhere, and they'll most likely seek another
transit provider - or even just peer with each other directly), or use
simple BGP tricks to make transit through you less attractive to some
or all of the AnoNet.

=back

=head2 DNS

=over

=item How is DNS handled on AnoNet?

AnoNet has a number of TLDs (Top-Level Domains), the most interesting
one being .ano.  The entire zone is public (unlike, say, the .com zone
on the IcannNet), so you can easily deploy your own TLD nameservers.
In fact, the git resdb already includes scripts to generate both
tinydns and BIND zonefiles automatically.  That said, SRN has public
root and TLD nameservers, if you don't feel like setting up your own.
SRN also has a public recursive resolver (which also resolves IcannNet
names), which you can use if you can't even be bothered to set up your
own recursive resolver.  Please note that you're telling SRN about all
hostnames that you lookup if you do this.  (Right now, you're probably
telling your ISP the same information, BTW.)

=item I want my own domain.  How can I set it up?

You have a number of options, depending on (a) your current
infrastructure, and (b) your interest/ability to deploy additional
infrastructure.  The resource database is just a whole bunch of
directories/files stored in a git repository, so adding a domain into
"AnoNet" essentially boils down to adding the right files/directories into
everybody's git repository.  (Fortunately, most guys send and receive
updates among themselves on a regular basis, so your new domain should
"propagate" around rather quickly, once it's made its way into one
repository.)  If you have git, you can "git clone" the repository from
someone, add your domain (there's a small script to make the job easy,
if you don't want to do it by hand),  and then send someone a diff.
If you feel like setting up your own git server, then all you have to
do is make the changes on your own repo, and then tell somebody the URL
to your git server.  You'll probably want to take advantage of the same
opportunity to add your own git URL into the resource database, so others
can pull from you on a regular basis.  If you don't have git and don't
feel like setting it up, all you have to do is find someone else who
does have git (or feels like setting it up), and doesn't mind making
the changes for you.  SRN is always such a "someone."  Next, you'll
want to set up your nameservers to resolve names within your domain.
If you have tinydns or BIND, just read the relevant documentation.
If you don't have a nameserver and don't feel like setting one up, tell
SRN what names you want (like "www.yourdomain.ano," "ftp.yourdomain.ano,"
etc.), and he'll add them into his own nameservers.

=item What can I do with my own domain?

You can host Web pages, an FTP site, IRC, email, an online shop (but
taking payments may not be so simple), or anything else that strikes
your fancy.

=back

=head2 Censorship

=over

=item Is it safe to speak my mind on AnoNet?

The short answer is "probably."  The long answer is that nobody has
ever been censored on AnoNet2, a fact that's not likely to change.
(If that fact ever does change, it'll be noted here as soon as possible.)

=item Will I be censored for child porn?

AnoNet1 has an official policy against CP, and it redefines "censorship"
to not include censoring CP.  AnoNet2 has no policies.  That said,
you're not likely to find any CP here, since that's simply not a common
contribution to AnoNet2.  (Whether or not it'd be a welcome contribution
is something you'll want to take up with individual participants.
SRN would like you to know that he believes the CP (and porn, in general)
industry destroys the world for no useful purpose.  Nobody else has
voiced an opinion here.)

=item Will I be censored for hateful speech?

It depends on the forum.  If you do it on your own server, don't expect
too many people to hang around there if you make a practice of making
it unpleasant for them to be there.  If you start cursing people out on
somebody else's IRC server for no apparent reason, there's a non-trivial
chance that the operator will /kill your connection.  SRN encourages
you to set up your own channel on irc.somerandomnick.ano, and to say
whatever the heck you want there.

=item Will I be censored for trolling?

Since "trolling" is an overly ambiguous term, it's highly unlikely that
you'll ever get /kicked or /killed for doing it.  In fact, SRN encourages
you to see if you can out-troll him on irc.somerandomnick.ano.  That said,
you should certainly expect people to /ignore you if you make a practice
of saying stuff that people really don't want to hear.  (You may want to
create a separate IRC nick for trolling, if you anticipate trolling a lot,
but want people to still hear you when you have something interesting
to say: this way, everybody wins.)

=item Will I be censored for spreading lies?

not likely, but people may /ignore you if you make a practice of saying
stuff that people don't consider worth hearing

=back

=head2 AnoNet1 vs. AnoNet2

=over

=item Why does AnoNet2 exist?  What's wrong with AnoNet1?

There used to be only one AnoNet.  Unfortunately, a few bad apples (who
happen to be the guys who control AnoNet1) split AnoNet by forcing a part
of AnoNet to become disconnected from the rest of AnoNet.  That piece
(AnoNet2) has been steadily growing, while "the rest" (AnoNet1) has been
slowly decaying.

=item Is AnoNet1 dead, then?

AnoNet1 isn't dead yet.  It's currently about the same size as AnoNet2.
However, AnoNet2 has more services online, and AnoNet2 is still growing,
while AnoNet1 is getting smaller.

=item What's the difference between AnoNet1 and AnoNet2, then?

AnoNet2 lost peering with AnoNet1 because AnoNet1 is too centralized
to avoid censorship.  AnoNet2, therefore, is essentially a reboot of
AnoNet1, while paying careful attention to preventing another AnoNet split
from ever being necessary.  (The irony, of course, is that the level of
decentralization engineered into AnoNet2 makes it trivial for anyone in
AnoNet2 to split it.  Such a split doesn't happen simply because "the
management" hasn't done anything stupid enough to make one necessary.)

=item Who's "the management" in AnoNet2?  What prevents it from becoming evil when AnoNet2 grows closer to the size of AnoNet1?

AnoNet2 (like AnoNet1) has no official government.  Unlike AnoNet1,
though, AnoNet2's technical construction is such that the unofficial
government members (primarily UFO and SRN, at this point) don't have
enough power to force their way (not to mention that they don't really
_want_ to force their way, anyway).  A recent practical example of this
anarchy is IPv6: SRN has made no secret of his strong opposition to IPv6,
but that didn't stop an enterprising new AnoNet2 user from deploying
it himself and connecting with others, even after "the management"
(both UFO and SRN) flatly refused to participate.

Update: The IPv6 version of AnoNet2 now has 6 members over roughly 11
IPv6-capable hosts, and lex is providing data to feed SRN's new IPv6
graphs, which are only reachable over IPv4. (After lex grew the network to
3, UFO joined.) lex also provides transit between IPv6 Anonet and dn42,
carrying traffic inside ULA ranges between the two darknets. Services are
starting to become available over IPv6.

=item Why don't AnoNet1 and AnoNet2 merge again?

The short answer is that a number of people have tried to do just that,
but AnoNet1 has adopted an exclusionary policy towards AnoNet2, for some
unspecified reason.  You get bonus points if you can figure out what that
reason is.  (AnoNet2 has been very careful to avoid collisions in resource
allocations with AnoNet1, even though AnoNet1 has deliberately removed
its own record of AnoNet2 resources in a recent "cleanup" of the DNS.
If AnoNet1 ever decides to reconnect with AnoNet2, no technical problems
should result.)

=item Why does AnoNet2 filter advertisements to AnoNet1?  Doesn't that prevent the two darknets from ever merging again?

AnoNet1 has deemed the filters necessary, for some unspecified reason.
(Advertising AnoNet2 routes on AnoNet1 is a great way to get yourself
kicked from AnoNet1.)  Again, you get bonus points if you can figure out
what that reason is.  (Hint: crzydmnd and risc likely know the reason,
but good luck getting them to spill the beans.  Censoring the question
seems to be their favorite "answer.")  Suffice it to say that if AnoNet1
wanted to merge with AnoNet2, nobody on AnoNet2 is likely to object.

Update: AnoNet1 and AnoNet2 now have full routing again, but some AnoNet1
members still filter most AnoNet2 routes locally (and for downstream
peers).  The "official" AnoNet1 wiki, for example, is unreachable from
most of AnoNet2.

=item Do I have to choose between AnoNet1 and AnoNet2, or is there a way to join both?

On the IP level, when you join one you automatically join the other.
The easiest way to claim resources is with the AnoNet2 resdb.  It is
the only complete database of AnoNet resources, and it is the only
decentralized resource database.  You can join IRC on AnoNet1 or AnoNet2
or both (but crzydmnd and risc kick people from AnoNet1 IRC, apparently
for fun).  You can contribute to the AnoNet1 wiki or the AnoNet2 wikis,
or you can make your own.

=item If the two parts of AnoNet are connected again, why are they still being advertized separately?

Currently, there is still a single point of failure connecting AnoNet1
and AnoNet2 at the IP level.  In addition, AnoNet1 and AnoNet2 still
have completely separate governments.  (AnoNet1 has a government, while
AnoNet2 doesn't.)

=item Which darknet preserves my anonymity better, AnoNet1 or AnoNet2?

Well, AnoNet1 has stricter rules (and more centralization, as a
prerequisite to rule enforcement), so as long as you trust "the powers
that be" to preserve your anonymity, you get better anonymity guarantees.
However, your anonymity faces significant risk if any member of the
AnoNet1 "government" (which doesn't even admit who's who) betrays your
trust.  (That risk isn't so far-fetched, incidentally, since any type
of law enforcement "sting-type" operation against one of those guys is
likely to compromise his guarantees, even through no malice on his part.
Now, since malice has already been observed, the guarantees become even
less reliable.)  The AnoNet2 rules have more room for flexibility,
since centralized police authority is not available on AnoNet2.
Therefore, your anonymity guarantees are somewhat weaker, but far more
likely to be reliable.  You also have better theoretical anonymity on
AnoNet2, because marking a subnet "reserved" on AnoNet1 no longer works.
("The management" is too nosy, and threatens disconnection against anyone
who doesn't provide requested information.)

=item Where, then, am I more anonymous?

In the real world, AnoNet2 anonymity wins, hands down.  (On AnoNet1,
any Easystreet network administrator can easily correlate IcannNet IP
addresses with CP IP addresses and IRC nicks, allowing him to reliably
learn the identity of all new AnoNet1 members.  AnoNet2 has many different
ways of joining, including one rather interesting tor-based approach
recently demonstrated, where the user never showed his IcannNet IP
address to anyone on AnoNet2.)

=item How can I learn more about AnoNet1 vs. AnoNet2?

L<http://www.anonet2.org/darknet_comparison> gives a basic comparison.
If you want more in-depth information about the relative anonymity value
of each, L<http://www.anonet2.org/anonymity> may be what you're after.

=back

=head2 AnoNet vs. IcannNet

=over

=item What's IcannNet???

IcannNet is the internet (mis)managed by ICANN.  It's what most people
call "the" Internet.

=item What's wrong with IcannNet?

The short answer is that ICANN is very highly centralized, resulting
in centralized decision-making (and centralized lobbying, arm-twisting,
etc.).

=item Does AnoNet really aim to replace IcannNet?

Yes, the long-term goal behind AnoNet is to render IcannNet obsolete.
In the short-term, though, it'd be highly unlikely for IcannNet to
disappear even in the hypothetical case where everyone were to move to
AnoNet tomorrow, since the overwhelming majority of AnoNet peering is
tunneled over IcannNet.

=back