anoNet: Frequently Asked Questions

Go Back Home

What is the anoNet?

It is a self contained private version of the Internet. It uses all the same protocols / off the shelf software that the Internet does, therefore you will not have to use modified software to take advantage of it.

Why are you using the 21.0.0.0/8 DOD IP space?

Initially, it might look lame, or ignorant to use 21.0.0.0/8 rather than one of the already assigned networks for private use. People are probably already using those for their home lans and we don't want any conflicts. Also there are so many unassigned /8s that we could always move the network if we had to.

How is it anonymous?

IP addresses are anonymous. It's the link between the IP address and the user of the IP address that links it to you. Due to the structured nature of the Internet, it would be bad if two ISPs started to use the same ranges. Thus, ISPs register their networks with ARIN,RIPE, APNIC, etc. The ISPs also keep records of which IP they give out to who at a certain time.

This means that, in theory, every IP address that is used is accountable for, and the end user can be named. If it were possible to use any IP address you liked for as long as you liked, there would be no way of knowing who was using it. 2 problems exist with this idea. The first is routing - how do you tell the Internet that IP address w.x.y.z is connected through ISP q, especially if the IP address you want to use isn't part of the range that ISP q normally uses. The second is that more than one person might try and use the same address at once.

We get around the first problem by using a routing protocol. We use BGP on anoNet. BGP makes a much better routing protocol for untrusted networks - however, it requires that the two peers agree beforehand to exchange routing information. We deemed this as acceptable since your peers will already know your Internet IP. You also have the option of running OSPF to inject bogus routes that even your peers won't know are coming from you.

The second problem, we overcame socially. We have a registration website that users claim a subnet and a BGP ASN on. Unlike the Internet where you have to give your real name when you register for IP address space or an ASN, you only stick your pseudonymn on your space (or just mark it is RESERVED). Now, this doesn't stop someone from using address space that isn't theirs. But we have ways of dealing with that. More details are on the wiki inside anoNet.

But I know who my peers are, and they know who their peers are, etc - how is that anonymous?

Well, first of all, you only know your immediate peers. This means that everyone else on the network is anonymous to you. Of course, someone that was able to order ISPs to trace traffic could in theory build up a whole map of the network. This is why we use the not-in-my-country technique for peering. We rely on the non-cooperation of international ISPs to make this improbable. Have you ever tried reporting Spam or hacking to a Chinese ISP? If someone wanted to try and follow the network links to map the whole network, links to other countries would certainly slow things down.

However, this isn't enough. The true anonymity comes from the fact that anyone can use any IP address at any time. Good luck on them linking an unregistered 21.0.0.0/8 IP to a real person.

Although my peers know the subnet of addresses that we use to communicate with with, should I want to run services, or communicate, you can simply choose another subnet, and announce that route to the network. The other nodes, including my immediate peers have no idea which one of the 2 IP addresses I am using and which the remote end is using, or even if that new range is an actual link, or just running on a spare interface on my local machine.

For extra deniability, you could create openvpn configs to random IP addresses that use that same range, and claim that your friend in Tajekistan was using the link at the time. I don't mind people knowing that I am a part of it, because once you are connected, you cannot know what IP ranges I am using. Even if you are my direct peer, you only know about the subnet we connect together with - and those ranges should only be used for transporting traffic.

But I'll be able to see it's you and not someone else because of .....

There may be ways to deduce that an IP address isn't on a different host from a known host. These include:

We believe that all of these methods are solvable. We would be interested in hearing from anyone that has any other suggestions about methods of identifying machines, or who has experience with doing this.

What if someone starts announcing lots of crazy routes?

BGP has very good access control for what routes it will accept. For example you can tell it that you will only accept routes of a certain prefix length. Bottom line if someone gets out of line (which hasn't happened yet) it is not hard to block them at your router. In the event that 2 people try to claim "ownership" of a subnet, it might be necessary for everyone to use GPG to sign entries in a database somewhere.

Is there a way I can try the network before joining?

Yes, you can. This is a slightly different method to the "permanent" way. It works the same way though, and it will give you an idea of how things work. Follow the quickstart instructions.

What are the principles behind the anoNet?

Anonymity is first and foremost. Along with that true freedom of expression. We are not a pirate network, although due to the nature of the network you can expect there to be some. We also (unlike Freenet) are NOT a kiddie porn network. In the truest sense Freenet is more "free" than anoNet. On Freenet if someone is hosting kiddie porn there is not much that can be done. On anoNet however, we can. We may not know who you are, but we can block your link at our routers if it is discovered. The good news is that so far everyone that has joined has been (for the most part) like minded

Due to a post on Slashdot we felt this needed some elaboration. No one person controls anoNet. If person XYZ decided they wanted to host kiddie porn, that is their business. However each individual person on anoNet can decide if they want that kind of traffic moving across their box. You have a right to free speech. You DON'T have a right to force someone to listen to you.

What's the point/what's the point?

There is no reason per se. It is not "for" anything. It runs whatever the Internet runs. You can play computer games over it, run web servers, etc. The fact that you are anonymous on the network allows you to say whatever you like. There are lots of reasons why you might want to join such a network, and I won't list them here.

However, if you're happy with things currently, go back to your pap-fed, TV-induced brain-numbing stupor, and smile at the nice pretty pictures, the short snappy soundbites, and cower in fear at the Fox news alerts, and feel free not to engage. But think about this as you go. The Internet will be taken from you sooner rather than later. Then networks like this will be a must. Do you want George Bush reading your love letter to your fiancee?

If I am not doing anything illegal then I have nothing to hide

You need to read this article first. You need to slap yourself second. Finally you need to petition Russia to go back to Communism ... or just keep living in the United States or the United Kingdom.

What does it run?

It currently has webservers, ftp servers, wikis, DNS, search engines, email, webmail, IRC, IM, bittorrent, streaming audio. Basically if it is on the Internet, then it is on anoNet. We try to make sure that we have a replacement for any and everything that is on the Internet.

But how does it work?

It works just as the Internet itself works, but instead of physical cables stretched across the ocean bottom, we use private, virtual cables created with OpenVPN. Instead of Cisco routers we use a software solution from quagga. We use the BGP routing protocol for its robustness and access control features.

How big is it?

Nobody knows. It's not possible to find out.

How can I let people know about it?

Add a link to this site in your .sig, pass it around, post it on your favorite message boards. The more we grow the better the network will become.

How can you prevent people sniffing traffic on anoNet?

How can you prevent people doing it on the Internet? You treat it as an untrusted network, and use SSL, SSH, etc.

Go back to the top


Last updated: 2006-06-06 05:04:00 GMT