WARNING: RetroShare packages are signed with weak 1024 bit keys. There still may be some privacy caveats left with RetroShare trying to communicate outside of Tor, but that doesn't matter if Whonix ™ makes any non-Tor traffic impossible. RetroShare reports Right click → DHT Details: NET WARNING No DHT Behind NAT UNKNOWN NAT STATE MANUAL FORWARD Although probably only a very small portion of the network could be seen, the content of the network looked pretty interesting. You can exchange your key on dedicated chat servers at: Īfter adding tons of random "friends" from a public forum, connection to a very few people over TCP. (For example, to join a RetroShare forum.) This is not a recommendation, just stating a possibility. Running RetroShare through Tor enables you, to do things, which are normally potentially dangerous, such as adding random people (from a forum), while staying anonymous. ![]() The auditor's opinion was that RetroShare's codebase lacked secure coding practice. A recent audit by the pen-testing group Elttam uncovered many bugs in the code (some remotely exploitable) that were promptly fixed. It lost a point because there has not been an independent code audit. On November 4, 2014, RetroShare scored 6 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard. This can be prevented by setting up Authenticated Onion Services and limiting connections only to trusted people. People who scan Tor onion services will however still be able to connect the service and see the RetroShare user name in the self-signed certificate. Several of these problems can be solved by disabling the built-in DHT and hiding RetroShare behind a Tor onion service. And your visible user name is exposed in the TLS certificate when somebody connects to your RetroShare node. Your public IP is available in the DHT, allowing to track your physical locations. The problems with RetroShare are the confused user interface, the necessity to have it run most of the time and contribute to the distributed hashtable (DHT, causing continuous CPU usage) and three relevant privacy aspects: You expose your social graph to a global passive adversary because friends connect to friends directly. Communications are encrypted end-to-end and provide for messaging, mail, forums, pubsub, file exchange and even telephony. Users can operate servers for themselves, but the architecture doesn't depend on them. RetroShare has a very different audience and threat model. Need to hide from Internet surveillance? Can't connect to your friends because of censorship? Need to bypass nasty firewalls? Use Retroshare over Tor to hide the connection between you and your friends.RetroShare is not an anonymizing network, it is a friend-to-friend (F2F) network, or optionally a darknet. Comment on files and spread them to your friends. Subscribe to channels and automatically download the latest files. Decentralized forums are censorship resistant by design. When you have an Internet connection, Retroshare will automatically sync forums with your friends. You can read and write forum posts offline. Only your direct friends might learn which files you download. Your privacy is protected with anonymous tunnels. This makes it possible to share big files with 1GB or more. Retroshare uses swarming similar to BitTorrent, to accelerate the download. Share files with your friends or with the whole network. ![]() Retroshare can store encrypted messages on friends nodes to deliver messages while you're offline. Send encrypted messages to other members of the network. Make free and secure calls with the VoIP plugin. Use distant chat to securely chat with friends-of-friends. Express your emotions with the rich smiley set. Discuss with various people in chat rooms. Developers can read Retroshare's source code and verify the security. Only free software can provide free and secure communication. Do you remember Myspace? Or German Studivz? Remember when Facebook changed their terms of service? Skype being bought by Microsoft? ![]() Central services might shut down or change their terms of services at any time.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |