GNUnet - A Secure Peer-to-Peer Networking Framework
GNUnet started with an idea for anonymous censorship-resistant file-sharing but has grown to incorporate other applications as well as many generic building blocks for secure networking applications. In particular, GNUnet now includes the GNU Name System, a privacy-preserving, decentralized public key infrastructure.
This system tries to achieve anonymity based on the idea that users can be anonymous if they can hide their actions in the traffic created by other users. Hiding actions in the traffic of other users require participating in the traffic, bringing back the traditional technique of using indirection and source rewriting. Source rewriting is required to gain anonymity since otherwise, an adversary could tell if a message originated from a host by looking at the source address. If all packets look like they originate from a node, the adversary can not tell which ones originate from that node and which ones were routed. Note that in this mindset, any node can decide to break the source-rewriting paradigm without violating the protocol, as this only reduces the amount of traffic that a node can hide its own traffic in.
If you want to hide your actions in the traffic of other nodes, you must make your traffic indistinguishable from the traffic that you route for others. As your queries must have you as the receiver of the reply (otherwise they would be useless), you must put yourself as the receiver of replies that actually go to other hosts; in other words, you must indirect replies. Unlike other systems, in anonymous file-sharing, as implemented on top of GNUnet you do not have to indirect the replies if you don't think that you need more traffic to hide your own actions.
Even if the user that downloads data and the server that provides data are anonymous, the intermediaries may still be targets. In particular, if the intermediaries can find out which queries or which content they are processing, a strong adversary could try to force them to censor certain materials.
With the file-encoding used by GNUnet's anonymous file-sharing, this problem does not arise. The reason is that queries and replies are transmitted in an encrypted format such that intermediaries cannot tell what the query is for or what the content is about. Mind that this is not the same encryption as the link encryption between the nodes. GNUnet has encryption on the network layer (link encryption, confidentiality, authentication) and again on the application layer.
You might also like: