GNUnet is a free framework for secure and anonymous peer-to-peer networking that does not use centralized or otherwise familiar services. A first implementation, which is based on the network layer, allows anonymous, censorship-resistant file sharing. GNUnet uses a simple, surplus-based model to provide resources. Participants in the GNUnet network monitor the behavior of others with regard to resource use; Participants who contribute to the network are rewarded with better services.
Data packets such as search queries, downloads, uploads, and parts of files are not sent directly from the source, the uploader, to the destination, the downloader, but through several other GNUnet Network participants who act as middlemen. Thus, there is no direct network connection between the uploader and the downloader; their IP addresses remain unknown to each other and to others. By forwarding packets, no one can know whether a particular other subscriber has only forwarded a package (or file) or sent it on its way themselves (for example, in response to a search query). Thus, it is not possible to prove which GNUnet user is the true uploader or downloader of a file. GNUnet makes it possible to abstract the transport layer. Communication can be done via existing protocols such as TCP, UDP, HTTP, SMTP. IPv4 and IPv6 can be tunneled reciprocally.
All data in the GNUnet network is transmitted from the sender to the recipient using end-to-end encryption. No one, including any of the forwarding participants, can monitor, disrupt or censor the communication. For this purpose, a method developed for GNUnet is used, the so-called Encoding for Censorship-Resistant Sharing (ECRS), which replaces the Efficient Sharing of Encrypted Data (ESED) and ESED II methods used before version 0.7. In addition, search queries and search terms are not stored and transmitted in plain text, but only their checksums, which are difficult to associate with a specific search term, but are nevertheless unique. The purpose of confidentiality is to ensure that the following assignment is never possible:
Data content can be stored on the hard disks of other participants in GNUnet (if this function has been enabled by the user). Even if someone can prove that certain data is stored on a PC, it cannot be proven that the operator of the PC knew about it. The data may also have originated from a completely different GNUnet participant and may have been automatically stored on this PC (“migration”).
In order to paralyze a system, attackers often use the possibility of flooding. An entire file-sharing platform can be flooded with fakes (file name does not correspond to the content, spam), individual participants can be flooded with too many requests. To prevent this, a node must earn “trust” in GNUnet. Each individual participant keeps a record of the extent to which he trusts someone and then rewards him accordingly with better treatment.
GNUnet depends only on the startup of central services, namely when contact data of other participants (from the so-called “host lists”) is automatically loaded. From then on, no central servers are needed, the downloading and search queries take place among the participants themselves. The content also does not remain centrally with one participant, it “migrates” to other participants and thus also ensures that the publisher is relieved.
Friend-to-Friend / Darknet
Optionally, GNUnet can also be used as a private encrypted darknet or friend-to-friend computer network. With the friend-to-friend option, GNUnet offers the function of exchanging information and files anonymously via the IP addresses of the directly connected friends and in turn their friends, etc. In these two options, GNUnet connects only to authorized trusted nodes (friends). Users are authenticated by means of digital signatures.