Friend-to-friend

A friend-to-friend (or F2F) computer network is a type of peer-to-peer network in which users only make direct connections with people they know. Passwords or digital signatures can be used for authentication. Many F2F networks support indirect anonymous or pseudonymous communication between users who do not know or trust one another. For example, a node in a friend-to-friend overlay can automatically forward a file (or a request for a file) anonymously between two friends, without telling either of them the other's name or IP address. These friends can in turn forward the same file (or request) to their own friends, and so on. Unlike other kinds of private P2P, users in a friend-to-friend network cannot find out who else is participating beyond their own circle of friends, so F2F networks can grow in size without compromising their users' anonymity. Turtle, Galet, WASTE, GNUnet and Freenet are examples of software that can be used to build F2F networks. (WASTE and GNUnet are not configured for friend-to-friend operation by default.) Dan Bricklin coined the term "friend-to-friend network" in 2000. [1]

Advantages of F2F

• Users can exchange crypto keys face to face with their close friends, thus avoiding man in the middle attacks.
• F2F prevents random people from proving that a given IP address can be used to obtain controversial files. Once a user knows the IP addresses of all her friends, she can even use a firewall to prevent any other addresses from accessing her F2F port.
• Since F2F applications use link encryption and don't need end-to-end encryption to achieve their goals, they could allow users to control what kind of files pass through their nodes.
• Security: since only a user's friends can connect to her node, no random cracker can try to break into her computer by exploiting a bug in the F2F software. Dangerous files (e.g. documents infected with malware) could even be avoided using strong reputation based networks (see "future uses" below).
• Fewer leechers (or freeloaders). Since a user must use the bandwidth of her own friends, she may be more inclined to act responsibly.

What F2F is not

• The many applications and websites that use public servers to enable friends to communicate are not F2F networks. These include IRC, instant messaging and social networking websites.
• A private FTP server is not a F2F network, since friends do not communicate with each other, only with the server.
• A private Direct Connect hub is not a F2F network, since any user of a hub can discover the IP addresses of all the other users, even those who are not their friends.
• F2F does not apply to Freenet version 0.5 because the software automatically makes new connections between nodes. However from version 0.7, Freenet is based on what its authors call a darknet, which is more precisely a F2F network.
• F2F software is not a F2F network by itself; such software can be used to participate in an existing F2F network, or to launch a new F2F network. Existing networks may be connected to form a larger F2F network. Since new members have to gain the trust of an existing member in order to join a network, it is impossible to know how many separate F2F networks exist. This is why F2F networks are part of the larger family of networks called darknets.

Future uses of F2F

• Online reputations could be constructed and verified using a F2F network: each document on the network would be automatically given a new trust rating by each node forwarding it, for example by multiplying the old trust rating by the reputation of the provider. If a document appeared to be incorrect, the recipient could manually decrease the local reputation of the friend who provided it, decrease the trust rating of the document, or even block the document from being exchanged again through her node. (This kind of functionality is already implemented in the Bouillon P2P social wiki.)
• Such a strong reputation network could be safely used to implement a peer to peer system of electronic money based on the principles of Altruistic Economics; such a system would, according to its advocates, eliminate the inequities inherent in the present system of centralized money.
• F2F networks could avoid the key exchange problems of many other networks, such as man in the middle attacks, by exchanging encryption keys face-to-face. Users could even exchange one-time pads, such as hard disks filled with random bytes, to achieve provably unbreakable encryption.
• Third party storage (e.g. FTP, web or email servers) could be used to get faster downloads, and to prevent a user's ISP from logging her friends' IP addresses.

Security issues

Besides the fact that current networks don't use provably secure crypto (see "future uses" above), here are some other breaches:

• In countries where anonymous P2P is forbidden, an ISP may be able to detect that a user is using P2P software by observing her connection patterns [2]. Imitating the connection patterns of popular encrypted programs like webphones or webcams, along with a layer of the same encryption used by those programs, would be a very simple form of steganography. Alternatively, F2F traffic could be routed through third party storage such as an email server [3]. Networks that use generic VPN software, as anoNet does, may be less vulnerable to this issue.
• Traffic analysis of a user's links by her ISP could easily show that she is automatically forwarding files. One possible solution, implemented in WASTE, is to send and receive a constant stream of meaningless data, so that traffic analysis cannot detect whether meaningful data is being transmitted at any given time. Another possibility would be to add padding to files.
• In countries where strong crypto is forbidden (or where users can be forced to surrender their keys), steganography could be used for every connection (and for storing files on a hard disk, since it could be seized). Because steganography involves a secret convention that must be established out-of-band, only F2F networks could be safe in such countries.

These breaches are not F2F specific: they are shared with most of the current P2P networks.

See also

• Darknet
• Private P2P
• Ripple monetary system

Software

• Alliance P2P, pseudonymous software
• anoNet, based on standard VPN software
• Anonshare, alpha software
• Freenet 0.7 (with the "opennet" option disabled)
• Galet
• GNUnet (with the "F2F topology" option enabled)
• Turtle F2F
• WASTE (with the "ping packets" option disabled)

External links

• B.C. Popescu, B. Crispo, and A.S. Tanenbaum. "Safe and Private Data Sharing with Turtle: Friends Team-Up and Beat the System." In 12th International Workshop on Security Protocols, Cambridge, UK, April 2004.
• T. Chothia and K. Chatzikokolakis. "A Survey of Anonymous Peer-to-Peer File-Sharing." In Proceedings of the IFIP International Symposium on Network-Centric Ubiquitous Systems (NCUS 2005), Nagasaki, Japan, volume 3823 of Lecture Notes in Computer Science, pages 744-755. Springer, 2005.
• J. Li and F. Dabek. "F2F: Reliable Storage in Open Networks." In 5th International Workshop on Peer-to-Peer Systems (IPTPS '06), Santa Barbara, CA, USA, February 2006.
• M. Rogers and S. Bhatti. "How to Disappear Completely: A Survey of Private Peer-to-Peer Networks." In Workshop on Sustaining Privacy in Autonomous Collaborative Environments (SPACE 2007), Moncton, NB, Canada, July 2007.
• Discussion about F2F involving Ian Clarke of Freenet: http://zgp.org/pipermail/p2p-hackers/2005-December/003272.html
• Dan Bricklin coined the term F2F in this article
• F2F page at altruists.org: http://www.altruists.org/projects/ge/ff/
• Adding simple and effective trust measurements to F2F P2P networks is a paper about using a time-based currency for trust in F2F.
• Ripple: P2P money for trusted social networks: http://www.masternewmedia.org/news/2005/06/27/p2p_can_cut_banks_out.htm