https://zeronet.io/
Install instructions:
https://github.com/HelloZeroNet/ZeroNet ... ow-to-join
Windows
Download ZeroNet-py3-win64.zip (18MB)
Unpack anywhere
Run ZeroNet.exe
macOS
Download ZeroNet-dist-mac.zip (13.2MB)
Unpack anywhere
Run ZeroNet.app
Linux (x86-64bit)
wget https://github.com/HelloZeroNet/ZeroNet ... x64.tar.gz
tar xvpfz ZeroNet-py3-linux64.tar.gz
cd ZeroNet-linux-dist-linux64/
Start with: ./ZeroNet.sh
Open the ZeroHello landing page in your browser by navigating to: http://127.0.0.1:43110/
Tip: Start with ./ZeroNet.sh --ui_ip '*' --ui_restrict your.ip.address to allow remote connections on the web interface.
Android (arm, arm64, x86)
minimum Android version supported 16 (JellyBean)
Download from Google Play
APK download: https://github.com/canewsin/zeronet_mobile/releases
XDA Labs: https://labs.xda-developers.com/store/a ... ws.zeronet
Docker
There is an official image, built from source at: https://hub.docker.com/r/nofish/zeronet/
Install from source
wget https://github.com/HelloZeroNet/ZeroNet ... py3.tar.gz
tar xvpfz ZeroNet-py3.tar.gz
cd ZeroNet-py3
sudo apt-get update
sudo apt-get install python3-pip
sudo python3 -m pip install -r requirements.txt
Start with: python3 zeronet.py
Open the ZeroHello landing page in your browser by navigating to: http://127.0.0.1:43110/
ZeroNet
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
ZeroNet
You do not have the required permissions to view the files attached to this post.
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
The "Hello ZeroNet" is the main landing page. This is where you will land and then all the sites you have in your custom watch list will update themselves after it opens the port. Then it closes the port after everything is updated. You can open the port and check for new as you like. The cool thing about how this works is all the websites are archived in your own computer after you download them. And every time you launch ZeroNet all it does is go to see if there is any new stuff at those sites to download for you and bring it up to date. And you can update the sites, then unhook and read them or work on your own site offline.
The first stop is "ZeroID" in the site list in the left column. To see what they have in there go to the "Zero sites" site also in that column.
The first stop is "ZeroID" in the site list in the left column. To see what they have in there go to the "Zero sites" site also in that column.
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
From a new article posted at ZeroNet in the "scribe" site.
A Very Technical Look at ZeroNet
1 day ago 11 min read
2
tags: how-it-works zeronet,
Author : Zola Gonano
ZeroNet has always been a project that I'm very passionate about, and I enjoy contributing to it. It is a Peer-to-Peer Web-Like Network that cannot be censored or taken down, thanks to its decentralized nature. When I first started exploring ZeroNet, I struggled to find comprehensive documents or blog posts that provided a clear understanding of the network. Therefore, I decided to write this blog post to make it easier for newcomers to learn more about the network and contribute to it.
Introduction
ZeroNet was created in 2015 by Tamas Kocsis as a decentralized and peer-to-peer network. It utilizes technologies such as Bitcoin's cryptography, BitTorrent trackers, and NameCoin's domain name system. These technologies enable ZeroNet to function as a fully dynamic web-like network, in contrast to IPFS which is limited to serving static files and websites. One of the key strengths of ZeroNet is its high resistance to censorship, as it operates without relying on a single central server. It also provides anonymity for users by enabling them to use the TOR network and hide their IP address while using ZeroNet.
In ZeroNet, every site has an address that is represented by a Bitcoin public key. Peers for the sites are discovered through various methods, including the use of BitTorrent trackers. However, it's worth noting that this is the only instance where a central server comes into play. To eliminate the reliance on a central server, ZeroNet provides an internal plugin called BootStrapper, which allows peers to function as trackers.
How exactly do we find other peers?
As mentioned before the main method for finding the peers that are hosting the site on the ZeroNet is BitTorrent Trackers, BitTorrent trackers are an essential part of the BitTorrent protocol as they hold the information that what peer holds what piece of data, and ZeroNet uses them for the same purpose. When your ZeroNet client tries to access a site it asks the trackers for the peers that are hosting the website and when your client gets the peers list it starts downloading the site's content and it becomes a peer itself and the next time someone comes to that site they might download a piece of it from you.
But BitTorrent trackers are not the only option for discovering peers of a site. ZeroNet offers a plugin called AnnounceZero that utilizes the ZeroNet Protocol to find peers. This plugin is particularly useful for locating peers on the TOR network, as BitTorrent trackers are not capable of performing this function.
The BitTorrent Tracker works through a plugin named AnnounceBitTorrent which operates as follows:
It collects all the trackers that start with http://, https://, and udp://, and sends them a request with the following parameters:
{
"info_hash": "SHA1_HASH_OF_SITE_ADDRESS",
"peer_id": "YOUR_PEER_ID",
"port": "YOUR_FILESERVER_PORT",
"uploaded": 0,
"downloaded": 0,
"left": 431102370,
"compact": 1,
"numwant": NUMBER_OF_PEERS_NEEDED,
"event": "started"
}
If the tracker has any peers associated with that info_hash, it will return them in a BenCode, which is a binary serialization format commonly used in BitTorrent. Here's a Python code snippet that demonstrates the process behind the scenes:
import hashlib, bencode, requests, urllib
tracker_url = "https://some_tracker:443/announce"
peer_id = "-UT3530-some_id"
peer_port = 15441
number_wanted = 2
site_sha1 = hashlib.sha1(b"1HELLoE3sFD9569CLCbHEAVqvqV7U2Ri9d").digest()
params = {
"info_hash": site_sha1,
"peer_id": peer_id,
"port": peer_port,
"uploaded": 0, "downloaded": 0, "left": 431102370,
"compact": 1,
"numwant": number_wanted,
"event": "started"
}
response = requests.get(tracker_url+"?"+urllib.parse.urlencode(params)).content
print(bencode.decode(response))
Now, if we execute this code, we would obtain our peers. However, please note that the peer information would be in binary encoding and would need to be decoded in order to establish connections with them. In this blog post, we won't cover the decoding process.
{
b'complete': 0,
b'incomplete': 15,
b'interval': 1800,
b'min interval': 300,
b'peers': b'\xbc\xe2D\xf3\x00\x01PuW\xb3\x00\x01'
}
The AnnounceZero plugin functions in a similar manner, but the request it sends to trackers starting with zero:// has slightly different parameters. Here is an example of the request:
{
"hashes": ["SITE_ADDRESS_HASHES"],
"onions": ["YOUR_ONION_ADDRESSES"],
"port": YOUR_FILESERVER_PORT,
"need_types": ["PEERS_TYPES"],
"need_num": NUMBER_OF_PEERS_NEEDED,
"add": ["TYPE_OF_ADDRESSES_TO_REACH_YOU"]
}
In this request, the need_types parameter specifies the type of peers you want to receive, which can be either onion or ipv4. The onions field contains your own onion addresses for communication, and the add field indicates the type of addresses (ipv4 or onion) through which others can reach you. If you have set Tor mode to Always, the value for add will always be onion.
There are several other plugins designed for the same purpose. For example, the AnnounceLocal plugin enables peer discovery on a Local Area Network (LAN) through UDP broadcasting. The AnnounceShare plugin allows peers to share discovered trackers with each other.
Additionally, there is a plugin called Bootstrapper that is disabled by default to prioritize user privacy. The Bootstrapper plugin functions as a BitTorrent Tracker server running on the user's client, facilitating peer discovery within the ZeroNet network.
How do we validate the content?
In ZeroNet, the data and content of a site are hosted by its visitors. However, to prevent corruption of the data, ZeroNet utilizes hash functions, checksums, and cryptographic signatures. As mentioned earlier, ZeroNet site addresses are Bitcoin public keys, and the user creating the site possesses the private key.
When downloading a ZeroNet site, the first file retrieved is the content.json file. This file contains the SHA512 checksum for each available file within the site. Additionally, it includes a sign field that ensures the integrity of the content.json file itself. By verifying the signature, we can confirm that the content.json file is valid and has been signed by the owner of the site.
Here is the content.json file for an empty site that I just created:
{
"address": "17u6wJX7fCd9BZwLX8JyhVKTwxb1uEhzcH",
"address_index": 5655359,
"background-color": "#FFF",
"clone_root": "template-new",
"cloned_from": "1HELLoE3sFD9569CLCbHEAVqvqV7U2Ri9d",
"description": "",
"files": {
"index.html": {
"sha512": "542f7724432a22ceb8821b4241af4d36cfd81e101b72d425c6c59e148856537e",
"size": 1114
},
"js/ZeroFrame.js": {
"sha512": "76a24d167e8a4c45f7d1b315efe31e4b4ccb19efef011c080994c94045ff4c93",
"size": 5088
}
},
"ignore": "",
"inner_path": "content.json",
"modified": 1689603718,
"postmessage_nonce_security": true,
"signers_sign": "HMGXIah7OTimruksGGqAhzC821bWemxkmS9MG6DlrIJDGpHuIb2MYGO0UpAzxd0nfUzF4x0xxSal1rfbBD0sok4=",
"signs": {"17u6wJX7fCd9BZwLX8JyhVKTwxb1uEhzcH": "G3jkxsTv+acg0Bzm7+EJZxBznaXdMhrKD3YKSdlMRGsNYUSCzbZ0cSag+VUIkMuPhH2ApveJOglAZcytJik59Lc="},
"signs_required": 1,
"title": "my new site",
"translate": ["js/all.js"],
"zeronet_version": "0.7.6-internal 2"
}
When the content.json file is retrieved, ZeroNet looks for the files field and downloads the files listed in it. It verifies the integrity of each file by comparing the hash in the content.json file with the hash of the downloaded file. If the hashes match, it means that the file has not been changed or lost during the downloading process.
The signatures in ZeroNet are based on the same cryptographic techniques used in Bitcoin's signatures, which have undergone audits and have been established as secure over a long period of time.
How sites are created?
ZeroNet's data and settings are stored in the data directory. Within this directory, there is a file called users.json that contains the private keys for sites, certificates for ID systems, and a master_seed field from which site keys are derived.
Here is an example of the users.json file:
{
"1NupA7xwj4qiQzh58Zu4oKn6c3zQUYGdbt": {
"certs": {},
"master_seed": "14cacb9f9321b<CENSORED>70a61a9dda362",
"settings": {
"theme": "light",
"use_system_theme": true
},
"sites": {
"17u6wJX7fCd9BZwLX8JyhVKTwxb1uEhzcH": {
"auth_address": "18Vijw97tkMp7sYYiuX5pvoewpKybCfxZ2",
"auth_privatekey": "5JgiXeSAPJ1tF<CENSORED>cx6QSSdXhuxtS",
"privatekey": "5KNmLu2S6<CENSORED>T1hu1Lthdp2SRr"
}
}
}
}
When you create a site in ZeroNet, a random HD Keypair (hierarchical deterministic keys) will be derived from your BIP32 encoded master_seed, and it will be written to your users.json file. This allows you to restore all your site's private keys by having your master seed.
The process involves generating an index, which is a random number between 0 and 29639936. This index is used to derive the private key from your master seed:
index = (a random index between 0 and 29639936)
private_key = HDPrivateKey(master_seed, index)
However, it's also possible to use normal Bitcoin keypairs that are not associated with your master seed. In fact, you can even generate a custom public key using tools like VanityGen.
You might notice that there is another keypair named auth_address and auth_privatekey in the users.json file. These two addresses act as your identity on the site, and their primary use case is for identity systems like ZeroID. These keypairs are separate from the site's private keys and serve to authenticate and identify you on the platform.
How Identities work in ZeroNet?
Identities in ZeroNet are provided by an ID provider such as ZeroID, (which acts as a centralized system to ensure uniqueness of the IDs). When a user requests an ID, the provider signs them a Certificate, which is a cryptographic signature of their public address and the username they requested. The validity of this Certificate is later verified by matching it with the provider's public key, ensuring the authenticity and integrity of the identity.
The Cert is generated using the following process:
cert = Base64(BitcoinSign(PROVIDER_PRIVATE_KEY, (USER_AUTH_ADDRESS + "#METHOD_OF_CREATION/") + USERNAME))
For example, if a user with the address 18Vijw97tkMp7sYYiuX5pvoewpKybCfxZ2 wants the username zeronet_user and uses the web interface, the message that would be signed is constructed as follows:
cert = Base64(BitcoinSign(PROVIDER_PRIVATE_KEY, "18Vijw97tkMp7sYYiuX5pvoewpKybCfxZ2#web/zeronet_user"))
Here's an example of accepted ID providers in a site's data/users/content.json:
"cert_signers": {
"cryptoid.bit": ["18143WPue3rQykNaopx5KJKzYmaYhCjqhv"],
"zeroid.bit": ["1iD5ZQJMNXu43w1qLB8sfdHVKppVMduGz"]
}
Domain Name System in ZeroNet
Domain names are provided using NameCoin's IDs to help users remember the site's addresses. The way it works is that a server transfers all the NameCoin domains that have the zeronet key in them to a ZeroNet site named ZeroName.
Example domain registered for ZeroNet in NameCoin's blockchain:
{
"name": {
"formatted": "ZeroNet project"
},
"bitcoin": {
"address": "1QDhxQ6PraUZa21ET5fYUCPgdrwBomnFgX"
},
"zeronet": {
"": "1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr",
"blog": "1BLogC9LN4oPDcruNz3qo1ysa133E9AGg8",
"talk": "1TaLk3zM7ZRskJvrh3ZNCDVGXvkJusPKQ"
},
"ns": [
"ns1.domaincoin.net",
"ns2.domaincoin.net"
]
}
And when a user looks for a site with the domain name zeronetwork.bit, it looks it up from the ZeroName site and redirects the user to the public key associated with that domain name.
How Databases work in ZeroNet?
ZeroNet also provides decentralized databases, making it a dynamic network. The structure of the database is defined in a file named dbschema.json, where tables, fields, and types are specified. ZeroNet offers APIs for site developers to interact with the database and modify the data. The data is stored in the site's data directory, and when it changes, it is automatically updated for other peers, ensuring synchronization.
Here's a simplified example of a dbschema for a forum-like site:
{
"database": "ZeroTalk",
"tables": {
"topic": {
"cols": [
["topic_id", "INTEGER"],
["title", "TEXT"],
["body", "TEXT"],
["added", "DATETIME"]
]
},
"comment": {
"cols": [
["comment_id", "INTEGER"],
["body", "TEXT"],
["added", "DATETIME"],
["topic_id", "INTEGER REFERENCES topic (topic_id)"]
]
}
}
}
And the corresponding data.json would look like this:
{
"topics": [
{
"topic_id": 1,
"title": "First Topic",
"body": "This is the first topic.",
"added": "2022-01-01 10:00:00"
},
{
"topic_id": 2,
"title": "Second Topic",
"body": "This is the second topic.",
"added": "2022-02-01 12:00:00"
}
],
"comments": [
{
"comment_id": 1,
"body": "Comment 1",
"added": "2022-01-01 11:00:00",
"topic_id": 1
},
{
"comment_id": 2,
"body": "Comment 2",
"added": "2022-02-01 13:00:00",
"topic_id": 2
}
]
}
This example showcases a simple database structure for a forum-like site with two tables: topic and comment. The topic table contains columns for the topic ID, title, body, and timestamp. Similarly, the comment table includes columns for the comment ID, body, timestamp, and a foreign key referencing the topic ID in the topic table. The accompanying data.json file presents sample data entries for topics and comments.
How to get started with ZeroNet?
While the official development of ZeroNet has not been active since 2020, there are several forks that continue to work on the project. Some of these forks are even reimplementing ZeroNet in other languages such as Rust, which would eventually increase its security and performance. Here are some links to these forks:
ZeroNetX - https://github.com/ZeroNetX/ZeroNet
ZeroNet-rs (Rust Implementation) - https://github.com/ZeroNetX/zeronet-rs
zeronet-conservancy - https://github.com/zeronet-conservancy/ ... onservancy
Additionally, if you're interested in using ZeroNet but don't know where to start, I have created a curated list on my GitHub called "awesome-zeronet". This list provides resources and links to new sites on ZeroNet, and you can also contribute by adding sites that are not yet listed. You can find the list at https://github.com/zolagonano/awesome-zeronet.
Final Thoughts on ZeroNet
ZeroNet might be a great approach towards achieving a decentralized web, but it is far from perfect. It lacks encryption for data and still depends on central servers to operate properly, such as BitTorrent Trackers and ZeroID. However, it can be improved. If you are interested, you can start contributing to make it better.
As always, the entire blog is available on my GitHub, and I would greatly appreciate it if you could point out any inaccuracies, grammatical errors, technical mistakes, or simply give it a star. Your contributions means a lot to me.
Here are some of the resources used in this post:
https://en.wikipedia.org/wiki/ZeroNet
https://zeronet.io/docs/site_developmen ... g_started/
https://github.com/HelloZeroNet/ZeroID
https://github.com/HelloZeroNet/ZeroNet
https://www.w3.org/2016/04/blockchain-w ... obles.html
https://en.wikipedia.org/wiki/EdDSA
https://en.wikipedia.org/wiki/Hash_function
https://en.wikipedia.org/wiki/Checksum
https://en.wikipedia.org/wiki/Digital_signature
https://en.wikipedia.org/wiki/BitTorrent
https://en.wikipedia.org/wiki/Namecoin
http://bip32.org/
A Very Technical Look at ZeroNet
1 day ago 11 min read
2
tags: how-it-works zeronet,
Author : Zola Gonano
ZeroNet has always been a project that I'm very passionate about, and I enjoy contributing to it. It is a Peer-to-Peer Web-Like Network that cannot be censored or taken down, thanks to its decentralized nature. When I first started exploring ZeroNet, I struggled to find comprehensive documents or blog posts that provided a clear understanding of the network. Therefore, I decided to write this blog post to make it easier for newcomers to learn more about the network and contribute to it.
Introduction
ZeroNet was created in 2015 by Tamas Kocsis as a decentralized and peer-to-peer network. It utilizes technologies such as Bitcoin's cryptography, BitTorrent trackers, and NameCoin's domain name system. These technologies enable ZeroNet to function as a fully dynamic web-like network, in contrast to IPFS which is limited to serving static files and websites. One of the key strengths of ZeroNet is its high resistance to censorship, as it operates without relying on a single central server. It also provides anonymity for users by enabling them to use the TOR network and hide their IP address while using ZeroNet.
In ZeroNet, every site has an address that is represented by a Bitcoin public key. Peers for the sites are discovered through various methods, including the use of BitTorrent trackers. However, it's worth noting that this is the only instance where a central server comes into play. To eliminate the reliance on a central server, ZeroNet provides an internal plugin called BootStrapper, which allows peers to function as trackers.
How exactly do we find other peers?
As mentioned before the main method for finding the peers that are hosting the site on the ZeroNet is BitTorrent Trackers, BitTorrent trackers are an essential part of the BitTorrent protocol as they hold the information that what peer holds what piece of data, and ZeroNet uses them for the same purpose. When your ZeroNet client tries to access a site it asks the trackers for the peers that are hosting the website and when your client gets the peers list it starts downloading the site's content and it becomes a peer itself and the next time someone comes to that site they might download a piece of it from you.
But BitTorrent trackers are not the only option for discovering peers of a site. ZeroNet offers a plugin called AnnounceZero that utilizes the ZeroNet Protocol to find peers. This plugin is particularly useful for locating peers on the TOR network, as BitTorrent trackers are not capable of performing this function.
The BitTorrent Tracker works through a plugin named AnnounceBitTorrent which operates as follows:
It collects all the trackers that start with http://, https://, and udp://, and sends them a request with the following parameters:
{
"info_hash": "SHA1_HASH_OF_SITE_ADDRESS",
"peer_id": "YOUR_PEER_ID",
"port": "YOUR_FILESERVER_PORT",
"uploaded": 0,
"downloaded": 0,
"left": 431102370,
"compact": 1,
"numwant": NUMBER_OF_PEERS_NEEDED,
"event": "started"
}
If the tracker has any peers associated with that info_hash, it will return them in a BenCode, which is a binary serialization format commonly used in BitTorrent. Here's a Python code snippet that demonstrates the process behind the scenes:
import hashlib, bencode, requests, urllib
tracker_url = "https://some_tracker:443/announce"
peer_id = "-UT3530-some_id"
peer_port = 15441
number_wanted = 2
site_sha1 = hashlib.sha1(b"1HELLoE3sFD9569CLCbHEAVqvqV7U2Ri9d").digest()
params = {
"info_hash": site_sha1,
"peer_id": peer_id,
"port": peer_port,
"uploaded": 0, "downloaded": 0, "left": 431102370,
"compact": 1,
"numwant": number_wanted,
"event": "started"
}
response = requests.get(tracker_url+"?"+urllib.parse.urlencode(params)).content
print(bencode.decode(response))
Now, if we execute this code, we would obtain our peers. However, please note that the peer information would be in binary encoding and would need to be decoded in order to establish connections with them. In this blog post, we won't cover the decoding process.
{
b'complete': 0,
b'incomplete': 15,
b'interval': 1800,
b'min interval': 300,
b'peers': b'\xbc\xe2D\xf3\x00\x01PuW\xb3\x00\x01'
}
The AnnounceZero plugin functions in a similar manner, but the request it sends to trackers starting with zero:// has slightly different parameters. Here is an example of the request:
{
"hashes": ["SITE_ADDRESS_HASHES"],
"onions": ["YOUR_ONION_ADDRESSES"],
"port": YOUR_FILESERVER_PORT,
"need_types": ["PEERS_TYPES"],
"need_num": NUMBER_OF_PEERS_NEEDED,
"add": ["TYPE_OF_ADDRESSES_TO_REACH_YOU"]
}
In this request, the need_types parameter specifies the type of peers you want to receive, which can be either onion or ipv4. The onions field contains your own onion addresses for communication, and the add field indicates the type of addresses (ipv4 or onion) through which others can reach you. If you have set Tor mode to Always, the value for add will always be onion.
There are several other plugins designed for the same purpose. For example, the AnnounceLocal plugin enables peer discovery on a Local Area Network (LAN) through UDP broadcasting. The AnnounceShare plugin allows peers to share discovered trackers with each other.
Additionally, there is a plugin called Bootstrapper that is disabled by default to prioritize user privacy. The Bootstrapper plugin functions as a BitTorrent Tracker server running on the user's client, facilitating peer discovery within the ZeroNet network.
How do we validate the content?
In ZeroNet, the data and content of a site are hosted by its visitors. However, to prevent corruption of the data, ZeroNet utilizes hash functions, checksums, and cryptographic signatures. As mentioned earlier, ZeroNet site addresses are Bitcoin public keys, and the user creating the site possesses the private key.
When downloading a ZeroNet site, the first file retrieved is the content.json file. This file contains the SHA512 checksum for each available file within the site. Additionally, it includes a sign field that ensures the integrity of the content.json file itself. By verifying the signature, we can confirm that the content.json file is valid and has been signed by the owner of the site.
Here is the content.json file for an empty site that I just created:
{
"address": "17u6wJX7fCd9BZwLX8JyhVKTwxb1uEhzcH",
"address_index": 5655359,
"background-color": "#FFF",
"clone_root": "template-new",
"cloned_from": "1HELLoE3sFD9569CLCbHEAVqvqV7U2Ri9d",
"description": "",
"files": {
"index.html": {
"sha512": "542f7724432a22ceb8821b4241af4d36cfd81e101b72d425c6c59e148856537e",
"size": 1114
},
"js/ZeroFrame.js": {
"sha512": "76a24d167e8a4c45f7d1b315efe31e4b4ccb19efef011c080994c94045ff4c93",
"size": 5088
}
},
"ignore": "",
"inner_path": "content.json",
"modified": 1689603718,
"postmessage_nonce_security": true,
"signers_sign": "HMGXIah7OTimruksGGqAhzC821bWemxkmS9MG6DlrIJDGpHuIb2MYGO0UpAzxd0nfUzF4x0xxSal1rfbBD0sok4=",
"signs": {"17u6wJX7fCd9BZwLX8JyhVKTwxb1uEhzcH": "G3jkxsTv+acg0Bzm7+EJZxBznaXdMhrKD3YKSdlMRGsNYUSCzbZ0cSag+VUIkMuPhH2ApveJOglAZcytJik59Lc="},
"signs_required": 1,
"title": "my new site",
"translate": ["js/all.js"],
"zeronet_version": "0.7.6-internal 2"
}
When the content.json file is retrieved, ZeroNet looks for the files field and downloads the files listed in it. It verifies the integrity of each file by comparing the hash in the content.json file with the hash of the downloaded file. If the hashes match, it means that the file has not been changed or lost during the downloading process.
The signatures in ZeroNet are based on the same cryptographic techniques used in Bitcoin's signatures, which have undergone audits and have been established as secure over a long period of time.
How sites are created?
ZeroNet's data and settings are stored in the data directory. Within this directory, there is a file called users.json that contains the private keys for sites, certificates for ID systems, and a master_seed field from which site keys are derived.
Here is an example of the users.json file:
{
"1NupA7xwj4qiQzh58Zu4oKn6c3zQUYGdbt": {
"certs": {},
"master_seed": "14cacb9f9321b<CENSORED>70a61a9dda362",
"settings": {
"theme": "light",
"use_system_theme": true
},
"sites": {
"17u6wJX7fCd9BZwLX8JyhVKTwxb1uEhzcH": {
"auth_address": "18Vijw97tkMp7sYYiuX5pvoewpKybCfxZ2",
"auth_privatekey": "5JgiXeSAPJ1tF<CENSORED>cx6QSSdXhuxtS",
"privatekey": "5KNmLu2S6<CENSORED>T1hu1Lthdp2SRr"
}
}
}
}
When you create a site in ZeroNet, a random HD Keypair (hierarchical deterministic keys) will be derived from your BIP32 encoded master_seed, and it will be written to your users.json file. This allows you to restore all your site's private keys by having your master seed.
The process involves generating an index, which is a random number between 0 and 29639936. This index is used to derive the private key from your master seed:
index = (a random index between 0 and 29639936)
private_key = HDPrivateKey(master_seed, index)
However, it's also possible to use normal Bitcoin keypairs that are not associated with your master seed. In fact, you can even generate a custom public key using tools like VanityGen.
You might notice that there is another keypair named auth_address and auth_privatekey in the users.json file. These two addresses act as your identity on the site, and their primary use case is for identity systems like ZeroID. These keypairs are separate from the site's private keys and serve to authenticate and identify you on the platform.
How Identities work in ZeroNet?
Identities in ZeroNet are provided by an ID provider such as ZeroID, (which acts as a centralized system to ensure uniqueness of the IDs). When a user requests an ID, the provider signs them a Certificate, which is a cryptographic signature of their public address and the username they requested. The validity of this Certificate is later verified by matching it with the provider's public key, ensuring the authenticity and integrity of the identity.
The Cert is generated using the following process:
cert = Base64(BitcoinSign(PROVIDER_PRIVATE_KEY, (USER_AUTH_ADDRESS + "#METHOD_OF_CREATION/") + USERNAME))
For example, if a user with the address 18Vijw97tkMp7sYYiuX5pvoewpKybCfxZ2 wants the username zeronet_user and uses the web interface, the message that would be signed is constructed as follows:
cert = Base64(BitcoinSign(PROVIDER_PRIVATE_KEY, "18Vijw97tkMp7sYYiuX5pvoewpKybCfxZ2#web/zeronet_user"))
Here's an example of accepted ID providers in a site's data/users/content.json:
"cert_signers": {
"cryptoid.bit": ["18143WPue3rQykNaopx5KJKzYmaYhCjqhv"],
"zeroid.bit": ["1iD5ZQJMNXu43w1qLB8sfdHVKppVMduGz"]
}
Domain Name System in ZeroNet
Domain names are provided using NameCoin's IDs to help users remember the site's addresses. The way it works is that a server transfers all the NameCoin domains that have the zeronet key in them to a ZeroNet site named ZeroName.
Example domain registered for ZeroNet in NameCoin's blockchain:
{
"name": {
"formatted": "ZeroNet project"
},
"bitcoin": {
"address": "1QDhxQ6PraUZa21ET5fYUCPgdrwBomnFgX"
},
"zeronet": {
"": "1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr",
"blog": "1BLogC9LN4oPDcruNz3qo1ysa133E9AGg8",
"talk": "1TaLk3zM7ZRskJvrh3ZNCDVGXvkJusPKQ"
},
"ns": [
"ns1.domaincoin.net",
"ns2.domaincoin.net"
]
}
And when a user looks for a site with the domain name zeronetwork.bit, it looks it up from the ZeroName site and redirects the user to the public key associated with that domain name.
How Databases work in ZeroNet?
ZeroNet also provides decentralized databases, making it a dynamic network. The structure of the database is defined in a file named dbschema.json, where tables, fields, and types are specified. ZeroNet offers APIs for site developers to interact with the database and modify the data. The data is stored in the site's data directory, and when it changes, it is automatically updated for other peers, ensuring synchronization.
Here's a simplified example of a dbschema for a forum-like site:
{
"database": "ZeroTalk",
"tables": {
"topic": {
"cols": [
["topic_id", "INTEGER"],
["title", "TEXT"],
["body", "TEXT"],
["added", "DATETIME"]
]
},
"comment": {
"cols": [
["comment_id", "INTEGER"],
["body", "TEXT"],
["added", "DATETIME"],
["topic_id", "INTEGER REFERENCES topic (topic_id)"]
]
}
}
}
And the corresponding data.json would look like this:
{
"topics": [
{
"topic_id": 1,
"title": "First Topic",
"body": "This is the first topic.",
"added": "2022-01-01 10:00:00"
},
{
"topic_id": 2,
"title": "Second Topic",
"body": "This is the second topic.",
"added": "2022-02-01 12:00:00"
}
],
"comments": [
{
"comment_id": 1,
"body": "Comment 1",
"added": "2022-01-01 11:00:00",
"topic_id": 1
},
{
"comment_id": 2,
"body": "Comment 2",
"added": "2022-02-01 13:00:00",
"topic_id": 2
}
]
}
This example showcases a simple database structure for a forum-like site with two tables: topic and comment. The topic table contains columns for the topic ID, title, body, and timestamp. Similarly, the comment table includes columns for the comment ID, body, timestamp, and a foreign key referencing the topic ID in the topic table. The accompanying data.json file presents sample data entries for topics and comments.
How to get started with ZeroNet?
While the official development of ZeroNet has not been active since 2020, there are several forks that continue to work on the project. Some of these forks are even reimplementing ZeroNet in other languages such as Rust, which would eventually increase its security and performance. Here are some links to these forks:
ZeroNetX - https://github.com/ZeroNetX/ZeroNet
ZeroNet-rs (Rust Implementation) - https://github.com/ZeroNetX/zeronet-rs
zeronet-conservancy - https://github.com/zeronet-conservancy/ ... onservancy
Additionally, if you're interested in using ZeroNet but don't know where to start, I have created a curated list on my GitHub called "awesome-zeronet". This list provides resources and links to new sites on ZeroNet, and you can also contribute by adding sites that are not yet listed. You can find the list at https://github.com/zolagonano/awesome-zeronet.
Final Thoughts on ZeroNet
ZeroNet might be a great approach towards achieving a decentralized web, but it is far from perfect. It lacks encryption for data and still depends on central servers to operate properly, such as BitTorrent Trackers and ZeroID. However, it can be improved. If you are interested, you can start contributing to make it better.
As always, the entire blog is available on my GitHub, and I would greatly appreciate it if you could point out any inaccuracies, grammatical errors, technical mistakes, or simply give it a star. Your contributions means a lot to me.
Here are some of the resources used in this post:
https://en.wikipedia.org/wiki/ZeroNet
https://zeronet.io/docs/site_developmen ... g_started/
https://github.com/HelloZeroNet/ZeroID
https://github.com/HelloZeroNet/ZeroNet
https://www.w3.org/2016/04/blockchain-w ... obles.html
https://en.wikipedia.org/wiki/EdDSA
https://en.wikipedia.org/wiki/Hash_function
https://en.wikipedia.org/wiki/Checksum
https://en.wikipedia.org/wiki/Digital_signature
https://en.wikipedia.org/wiki/BitTorrent
https://en.wikipedia.org/wiki/Namecoin
http://bip32.org/
You do not have the required permissions to view the files attached to this post.
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
It will only download sites you approve for download. But it gives a readable preview of the site first.
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
Connection data and info built into a slide out from the side. This is your personal control center. Including the controls for any site you own.
You do not have the required permissions to view the files attached to this post.
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Macaque Mentality
- Posts: 6690
- Joined: Sun May 15, 2022 9:46 pm
Re: ZeroNet
Thanks @Atruepatriot! I'll get to it when I feel up to it
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
Absolutely no problem! After you get an ID, Just reply to one of my replies there in the main "Hello ZeroNet" landing page thread. It will most likely ask you to add your ID and download whatever site I commented in. The ones I comment in are good ones to have in your list anyhow.Macaque Mentality wrote: ↑Sat Jul 22, 2023 6:56 pm Thanks @Atruepatriot! I'll get to it when I feel up to it
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
You do not have the required permissions to view the files attached to this post.
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
@merkelspam .
Thoughts?
Thoughts?
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
You do not have the required permissions to view the files attached to this post.
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Swordsmyth
- Posts: 44346
- Joined: Tue Feb 25, 2020 12:47 pm
Re: ZeroNet
I'm still concerned about the possibility that someone adds something illegal in some hidden manner and you end up compromised because it is on your computer.
K is coming
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
I am too. But there are many different measures to prevent any worries.Swordsmyth wrote: ↑Sun Jul 30, 2023 5:41 pm I'm still concerned about the possibility that someone adds something illegal in some hidden manner and you end up compromised because it is on your computer.
The first being make our own network. Don't buy into the main network or existing forks and make our own.
Second make it all a full client package that is completely installed to and run from an encrypted external USB. (Like Tails)
https://tails.net/
Third maintain a community "Block list" so that mass blocking nefarious websites can happen.
But here is the deal... While everything is encrypted device to device, you can still inspect it for any illegal content once it is downloaded into your machine. And when you delete a site or content from your control panel all the data is deleted also. A member starts sharing illegal stuff everyone block him. He cannot serve up his site/sites without the other members "seeding" it for him. Your site does not exist unless a few members are helping keep it up by hooking to it. Absolutely nothing will work without a peer or two connected.
It is a weird kind of perspective. There are websites and it feels like you are interacting with them on the net. But you are actually interacting with them in your own machine. It just goes and updates those sites in your machine when there is new content and only the new content. The sites are extremely simple minimalistic and small in size.
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Swordsmyth
- Posts: 44346
- Joined: Tue Feb 25, 2020 12:47 pm
Re: ZeroNet
Right, but my concern is that you get some hidden fed who puts the illegal thing in some hidden encryption so it looks innocent or just buries it so deep in the files that you don't have time to find it.Atruepatriot wrote: ↑Sun Jul 30, 2023 6:20 pmI am too. But there are many different measures to prevent any worries.Swordsmyth wrote: ↑Sun Jul 30, 2023 5:41 pm I'm still concerned about the possibility that someone adds something illegal in some hidden manner and you end up compromised because it is on your computer.
The first being make our own network. Don't buy into the main network or existing forks and make our own.
Second make it all a full client package that is completely installed to and run from an encrypted external USB. (Like Tails)
https://tails.net/
Third maintain a community "Block list" so that mass blocking nefarious websites can happen.
But here is the deal... While everything is encrypted device to device, you can still inspect it for any illegal content once it is downloaded into your machine. And when you delete a site or content from your control panel all the data is deleted also. A member starts sharing illegal stuff everyone block him. He cannot serve up his site/sites without the other members "seeding" it for him. Your site does not exist unless a few members are helping keep it up by hooking to it. Absolutely nothing will work without a peer or two connected.
It is a weird kind of perspective. There are websites and it feels like you are interacting with them on the net. But you are actually interacting with them in your own machine. It just goes and updates those sites in your machine when there is new content and only the new content. The sites are extremely simple minimalistic and small in size.
Then the feds decide to take you out and come magically find it right where they put it.
There are risks just being on the net, but you don't want to make it any easier than you have to.
K is coming
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
Well, realistically there is nothing or any system that can fully prevent that if they work hard enough to do it. Even just rendering an image on a website without downloading anything at all can be the same risk. But it would have to be someone in your own network. But once this system is put together and hardened it would be about as secure as you are ever going to get. It is Bitcoin secure which is the best. And in a stick you can pull and flush if you like. There are even self destruct methods for flash drives if they are not handled correctly.Swordsmyth wrote: ↑Sun Jul 30, 2023 6:35 pmRight, but my concern is that you get some hidden fed who puts the illegal thing a in some hidden encryption so it look innocent or just buries it so deep in the files that you don't have time to find it.Atruepatriot wrote: ↑Sun Jul 30, 2023 6:20 pmI am too. But there are many different measures to prevent any worries.Swordsmyth wrote: ↑Sun Jul 30, 2023 5:41 pm I'm still concerned about the possibility that someone adds something illegal in some hidden manner and you end up compromised because it is on your computer.
The first being make our own network. Don't buy into the main network or existing forks and make our own.
Second make it all a full client package that is completely installed to and run from an encrypted external USB. (Like Tails)
https://tails.net/
Third maintain a community "Block list" so that mass blocking nefarious websites can happen.
But here is the deal... While everything is encrypted device to device, you can still inspect it for any illegal content once it is downloaded into your machine. And when you delete a site or content from your control panel all the data is deleted also. A member starts sharing illegal stuff everyone block him. He cannot serve up his site/sites without the other members "seeding" it for him. Your site does not exist unless a few members are helping keep it up by hooking to it. Absolutely nothing will work without a peer or two connected.
It is a weird kind of perspective. There are websites and it feels like you are interacting with them on the net. But you are actually interacting with them in your own machine. It just goes and updates those sites in your machine when there is new content and only the new content. The sites are extremely simple minimalistic and small in size.
Then the feds decide to take you out and come magically find it right where they put it.
There are risks just being on the net, but you don't want to make it any easier than you have to.
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
Here is something cool... Just got this working because of my browser settings. It has an interactive globe showing where in the world the network node connections are. Cool graphic without being too specific.
You do not have the required permissions to view the files attached to this post.
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
WEF Orders Firefox, Chrome & Safari To Start Blocking ‘Blacklisted Websites’
The WEF-controlled nation of France is the first nation to issue a legal directive to web browser company’s to block all websites listed on a blacklist compiled by the Macron regime.
Calling the plan “well-intentioned yet dangerous,” Mozilla warns that Young Global Leader Emmanuel Macron is plowing ahead with plans to force web browsers like Firefox “to create a dystopian technical capability” allowing the globalist elite to regulate what people see online.
“Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list,” Mozilla warns.
“A world in which browsers can be forced to incorporate a list of banned websites at the software-level that simply do not open, either in a region or globally, is a worrying prospect that raises serious concerns around freedom of expression. If it successfully passes into law, the precedent this would set would make it much harder for browsers to reject such requests from other governments.”
Naturalnews.com reports: Since the deep state is having trouble containing the spread of “misinformation” online via content providers and publishers (i.e., Facebook, Google, and Twitter), it is apparently switching tactics to go after browsers themselves.
We are told that the government would basically feed a website blacklist to web browser creators like Mozilla and force them to encode a block that disallows internet users from accessing certain websites.
“If a capability to block any site on a government blacklist were required by law to be built in to all browsers, then repressive governments would be given an enormously powerful tool,” reports Tech Dirt.
“There would be no way around that censorship, short of hacking the browser code. That might be an option for open source coders, but it certainly won’t be for the vast majority of ordinary users.”
Should this proposed law be enshrined on the books, it will do away with what Mozilla describes as “decades of established content moderation norms,” effectively allowing authoritarian governments to “easily negate the existence of censorship circumvention tools.”
It is not a stretch to assume that the copyright industry would also capitalize on the law by trying to force web browsers to also block websites that contain infringing content. In fact, such a concept has already been brought to life in the past – check out the book Walled Culture to learn more.
In 2004, BT (British Telecom) introduced something called CleanFeed that, again, also had good intentions, at least on the surface, in that it was contrived to block all illegal child pornography websites from being accessed. This is a good use of such technology, but there are also bad uses that we expect to also take place.
“Exactly the logic used by copyright companies to subvert CleanFeed could be used to co-opt the censorship capabilities of browsers with built-in Web blocking lists,” Tech Dirt reports. “As with CleanFeed, the copyright industry would doubtless argue that since the technology already exists, why not to apply it to tackling copyright infringement too?”
“That very real threat is another reason to fight this pernicious, misguided French proposal. Because if it is implemented, it will be very hard to stop it becoming yet another technology that the copyright world demands should be bent to its own selfish purposes.”
https://thepeoplesvoice.tv/wef-orders-f ... -websites/
The WEF-controlled nation of France is the first nation to issue a legal directive to web browser company’s to block all websites listed on a blacklist compiled by the Macron regime.
Calling the plan “well-intentioned yet dangerous,” Mozilla warns that Young Global Leader Emmanuel Macron is plowing ahead with plans to force web browsers like Firefox “to create a dystopian technical capability” allowing the globalist elite to regulate what people see online.
“Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list,” Mozilla warns.
“A world in which browsers can be forced to incorporate a list of banned websites at the software-level that simply do not open, either in a region or globally, is a worrying prospect that raises serious concerns around freedom of expression. If it successfully passes into law, the precedent this would set would make it much harder for browsers to reject such requests from other governments.”
Naturalnews.com reports: Since the deep state is having trouble containing the spread of “misinformation” online via content providers and publishers (i.e., Facebook, Google, and Twitter), it is apparently switching tactics to go after browsers themselves.
We are told that the government would basically feed a website blacklist to web browser creators like Mozilla and force them to encode a block that disallows internet users from accessing certain websites.
“If a capability to block any site on a government blacklist were required by law to be built in to all browsers, then repressive governments would be given an enormously powerful tool,” reports Tech Dirt.
“There would be no way around that censorship, short of hacking the browser code. That might be an option for open source coders, but it certainly won’t be for the vast majority of ordinary users.”
Should this proposed law be enshrined on the books, it will do away with what Mozilla describes as “decades of established content moderation norms,” effectively allowing authoritarian governments to “easily negate the existence of censorship circumvention tools.”
It is not a stretch to assume that the copyright industry would also capitalize on the law by trying to force web browsers to also block websites that contain infringing content. In fact, such a concept has already been brought to life in the past – check out the book Walled Culture to learn more.
In 2004, BT (British Telecom) introduced something called CleanFeed that, again, also had good intentions, at least on the surface, in that it was contrived to block all illegal child pornography websites from being accessed. This is a good use of such technology, but there are also bad uses that we expect to also take place.
“Exactly the logic used by copyright companies to subvert CleanFeed could be used to co-opt the censorship capabilities of browsers with built-in Web blocking lists,” Tech Dirt reports. “As with CleanFeed, the copyright industry would doubtless argue that since the technology already exists, why not to apply it to tackling copyright infringement too?”
“That very real threat is another reason to fight this pernicious, misguided French proposal. Because if it is implemented, it will be very hard to stop it becoming yet another technology that the copyright world demands should be bent to its own selfish purposes.”
https://thepeoplesvoice.tv/wef-orders-f ... -websites/
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
Found the drop down that shows processes in real time.
You do not have the required permissions to view the files attached to this post.
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
So where are we all supposed to go now?
It’s the end of a social era on the web. That’s probably a good thing. But I already miss the places that felt like everyone was there.
An era of the internet is ending, and we’re watching it happen practically in real time. Twitter has been on a steep and seemingly inexorable decline for, well, years, but especially since Elon Musk bought the company last fall and made a mess of the place. Reddit has spent the last couple of months self-immolating in similar ways, alienating its developers and users and hoping it can survive by sticking its head in the sand until the battle’s over. (I thought for a while that Reddit would eventually be the last good place left, but… nope.) TikTok remains ascendent — and looks ever more likely to be banned in some meaningful way. Instagram has turned into an entertainment platform; nobody’s on Facebook anymore.
You could argue, I suppose, that this is just the natural end of a specific part of the internet. We spent the last two decades answering a question — what would happen if you put everyone on the planet into a room and let them all talk to each other? — and now we’re moving onto the next one. It might be better this way. But the way it has all changed, and the speed with which it has happened, has left an everybody-sized hole in the internet. For all these years, we all hung out together on the internet. And now that’s just gone.
Why is this all happening right now? Lots of reasons, actually, most of them at least somewhat defensible. The economy has gone sour, and after more than a decade of low interest rates and access to nearly unlimited and nearly free money, companies are finding their funding sources to be fewer and more finicky than ever. Those investors are also asking for real returns on that funding, so all these companies have had to switch from “growth at all costs” to “actually make some money.” Few social networking companies have ever made real money, and so they’re scrambling for new features and pivoting to whatever smells like quarterly results.
The rise of AI is also sending all these companies into a tizzy. Large language models from companies like OpenAI and Google are built on top of data collected from the open web. Suddenly, having all your users and content publicly available and easily found has gone from a growth hack to capitalistic suicide; companies around the industry are closing their walls, because they’re hoping to sell their data to AI providers rather than have it all scraped for free. Much of Reddit’s current chaos started with CEO Steve Huffman saying that the company realized that the platform is filled with good information, and “we don’t need to give all of that value to some of the largest companies in the world for free.” On Saturday, Elon Musk introduced Twitter’s new login gate and view count restrictions “to address extreme levels of data scraping & system manipulation.”
Add it all up, and the social web is changing in three crucial ways: It’s going from public to private; it’s shifting from growth and engagement, which broadly involves building good products that people like, to increasing revenue no matter the tradeoff; and it’s turning into an entertainment business. It turns out there’s no money in connecting people to each other, but there’s a fortune in putting ads between vertically scrolling videos that lots of people watch. So the “social media” era is giving way to the “media with a comments section” era, and everything is an entertainment platform now. Or, I guess, trying to do payments. Sometimes both. It gets weird.
As far as how humans connect to one another, what’s next appears to be group chats and private messaging and forums, returning back to a time when we mostly just talked to the people we know. Maybe that’s a better, less problematic way to live life. Maybe feed and algorithms and the “global town square” were a bad idea. But I find myself desperately looking for new places that feel like everyone’s there. The place where I can simultaneously hear about NBA rumors and cool new AI apps, where I can chat with my friends and coworkers and Nicki Minaj. For a while, there were a few platforms that felt like they had everybody together, hanging out in a single space. Now there are none.
What’s next appears to be group chats and private messaging and forums.
I’d love to follow that up with, “and here’s the new thing coming next!” But I’m not sure there is one. There’s simply no place left on the internet that feels like a good, healthy, worthwhile place to hang out. It’s not just that there’s no sufficiently popular place; I actually think enough people are looking for a new home on the internet that engineering the network effects wouldn’t be that hard. It’s just that the platform doesn’t exist. It’s not LinkedIn or Tumblr, it’s not upstarts like Post or Vero or Spoutable or Hive Social. It’s definitely not Clubhouse or BeReal. It doesn’t exist.
Long-term, I’m bullish on “fediverse” apps like Mastodon and Bluesky, because I absolutely believe in the possibility of the social web, a decentralized universe powered by ActivityPub and other open protocols that bring us together without forcing us to live inside some company’s business model. Done right, these tools can be the right mix of “everybody’s here” and “you’re still in control.”
The fediverse isn’t ready to take over yet.
But the fediverse isn’t ready. Not by a long shot. The growth that Mastodon has seen thanks to a Twitter exodus has only exposed how hard it is to join the platform, and more importantly how hard it is to find anyone and anything else once you’re there. Lemmy, the go-to decentralized Reddit alternative, has been around since 2019 but has some big gaps in its feature offering and its privacy policies — the platform is absolutely not ready for an influx of angry Redditors. Neither is Kbin, which doesn’t even have mobile apps and cautions new users that it is “very early beta” software. Flipboard and Mozilla and Tumblr are all working on interesting stuff in this space, but without much to show so far. The upcoming Threads app from Instagram should immediately be the biggest and most powerful thing in this space, but I’m not exactly confident in Meta’s long-term interest in building a better social platform.
So if not that, what? There’s a good case to be made for apps like WhatsApp and Signal, which at least bring some extra privacy muscle to the table. WhatsApp has been adding more social features over time, particularly Channels, a one-to-many way for creators and brands to talk to all their followers at once. (Telegram is also doing some interesting stuff in this space.) But that’s not social, that’s a news feed. These are still chat apps, meant for talking to one or a few people at a time.
Discord is probably the tool best-suited to capture users’ social needs right now. It’s definitely the best Reddit alternative we have. It’s a clever mix of chat app and broadcast tool, a place where lots of like-minded people could conceivably hang out and connect. But, uh, have you ever been in a Discord with thousands of people? It’s pure chaos, and requires you to either devote your life to keeping up or resolve yourself to missing everything. Discord’s moderation tools are a mess, too, and everyone’s still mad about changing their username.
For all its mess, the social networking era did a uniquely good job of just putting people together in a single place. You didn’t have to pick a server or declare your interests ahead of time; you just showed up, set a password, and got to work. Because everyone was together, these platforms were able to make it trivially easy to find people you like and content that interests you. They were able to learn about you over time, and proactively show you those people and that content before you even had to ask.
This all, of course, came with huge downsides. Retweets and quote tweets made it easy for good content to travel, but also made it easy to mass-harass anyone on Twitter. Meta’s knowledge of its users makes your Explore page more interesting, and only extends the dossier on you available to advertisers. I’m not sure it’s possible to have the good without the bad, and I think the bad might outweigh the good. (As a white guy in America, I also experience the bad far less than many users, and I suspect I’d feel differently about the end of this era if I weren’t quite so privileged here.) But I can’t help but think it’s possible to at least do better.
Maybe we should all embrace the downfall of social networks, and maybe my (and our) need for a global water cooler is just a vestigial feeling we’ll all be rid of in a few years. But even before this era fully ends, before Twitter and Reddit turn into MySpace and Friendfeed and basically disappear from my life, I find myself longing for what they once were. Still are, maybe, just not for long. I miss everybody, and I don’t know if I’ll ever find them again.
https://www.theverge.com/2023/7/3/23782 ... r-mastodon
It’s the end of a social era on the web. That’s probably a good thing. But I already miss the places that felt like everyone was there.
An era of the internet is ending, and we’re watching it happen practically in real time. Twitter has been on a steep and seemingly inexorable decline for, well, years, but especially since Elon Musk bought the company last fall and made a mess of the place. Reddit has spent the last couple of months self-immolating in similar ways, alienating its developers and users and hoping it can survive by sticking its head in the sand until the battle’s over. (I thought for a while that Reddit would eventually be the last good place left, but… nope.) TikTok remains ascendent — and looks ever more likely to be banned in some meaningful way. Instagram has turned into an entertainment platform; nobody’s on Facebook anymore.
You could argue, I suppose, that this is just the natural end of a specific part of the internet. We spent the last two decades answering a question — what would happen if you put everyone on the planet into a room and let them all talk to each other? — and now we’re moving onto the next one. It might be better this way. But the way it has all changed, and the speed with which it has happened, has left an everybody-sized hole in the internet. For all these years, we all hung out together on the internet. And now that’s just gone.
Why is this all happening right now? Lots of reasons, actually, most of them at least somewhat defensible. The economy has gone sour, and after more than a decade of low interest rates and access to nearly unlimited and nearly free money, companies are finding their funding sources to be fewer and more finicky than ever. Those investors are also asking for real returns on that funding, so all these companies have had to switch from “growth at all costs” to “actually make some money.” Few social networking companies have ever made real money, and so they’re scrambling for new features and pivoting to whatever smells like quarterly results.
The rise of AI is also sending all these companies into a tizzy. Large language models from companies like OpenAI and Google are built on top of data collected from the open web. Suddenly, having all your users and content publicly available and easily found has gone from a growth hack to capitalistic suicide; companies around the industry are closing their walls, because they’re hoping to sell their data to AI providers rather than have it all scraped for free. Much of Reddit’s current chaos started with CEO Steve Huffman saying that the company realized that the platform is filled with good information, and “we don’t need to give all of that value to some of the largest companies in the world for free.” On Saturday, Elon Musk introduced Twitter’s new login gate and view count restrictions “to address extreme levels of data scraping & system manipulation.”
Add it all up, and the social web is changing in three crucial ways: It’s going from public to private; it’s shifting from growth and engagement, which broadly involves building good products that people like, to increasing revenue no matter the tradeoff; and it’s turning into an entertainment business. It turns out there’s no money in connecting people to each other, but there’s a fortune in putting ads between vertically scrolling videos that lots of people watch. So the “social media” era is giving way to the “media with a comments section” era, and everything is an entertainment platform now. Or, I guess, trying to do payments. Sometimes both. It gets weird.
As far as how humans connect to one another, what’s next appears to be group chats and private messaging and forums, returning back to a time when we mostly just talked to the people we know. Maybe that’s a better, less problematic way to live life. Maybe feed and algorithms and the “global town square” were a bad idea. But I find myself desperately looking for new places that feel like everyone’s there. The place where I can simultaneously hear about NBA rumors and cool new AI apps, where I can chat with my friends and coworkers and Nicki Minaj. For a while, there were a few platforms that felt like they had everybody together, hanging out in a single space. Now there are none.
What’s next appears to be group chats and private messaging and forums.
I’d love to follow that up with, “and here’s the new thing coming next!” But I’m not sure there is one. There’s simply no place left on the internet that feels like a good, healthy, worthwhile place to hang out. It’s not just that there’s no sufficiently popular place; I actually think enough people are looking for a new home on the internet that engineering the network effects wouldn’t be that hard. It’s just that the platform doesn’t exist. It’s not LinkedIn or Tumblr, it’s not upstarts like Post or Vero or Spoutable or Hive Social. It’s definitely not Clubhouse or BeReal. It doesn’t exist.
Long-term, I’m bullish on “fediverse” apps like Mastodon and Bluesky, because I absolutely believe in the possibility of the social web, a decentralized universe powered by ActivityPub and other open protocols that bring us together without forcing us to live inside some company’s business model. Done right, these tools can be the right mix of “everybody’s here” and “you’re still in control.”
The fediverse isn’t ready to take over yet.
But the fediverse isn’t ready. Not by a long shot. The growth that Mastodon has seen thanks to a Twitter exodus has only exposed how hard it is to join the platform, and more importantly how hard it is to find anyone and anything else once you’re there. Lemmy, the go-to decentralized Reddit alternative, has been around since 2019 but has some big gaps in its feature offering and its privacy policies — the platform is absolutely not ready for an influx of angry Redditors. Neither is Kbin, which doesn’t even have mobile apps and cautions new users that it is “very early beta” software. Flipboard and Mozilla and Tumblr are all working on interesting stuff in this space, but without much to show so far. The upcoming Threads app from Instagram should immediately be the biggest and most powerful thing in this space, but I’m not exactly confident in Meta’s long-term interest in building a better social platform.
So if not that, what? There’s a good case to be made for apps like WhatsApp and Signal, which at least bring some extra privacy muscle to the table. WhatsApp has been adding more social features over time, particularly Channels, a one-to-many way for creators and brands to talk to all their followers at once. (Telegram is also doing some interesting stuff in this space.) But that’s not social, that’s a news feed. These are still chat apps, meant for talking to one or a few people at a time.
Discord is probably the tool best-suited to capture users’ social needs right now. It’s definitely the best Reddit alternative we have. It’s a clever mix of chat app and broadcast tool, a place where lots of like-minded people could conceivably hang out and connect. But, uh, have you ever been in a Discord with thousands of people? It’s pure chaos, and requires you to either devote your life to keeping up or resolve yourself to missing everything. Discord’s moderation tools are a mess, too, and everyone’s still mad about changing their username.
For all its mess, the social networking era did a uniquely good job of just putting people together in a single place. You didn’t have to pick a server or declare your interests ahead of time; you just showed up, set a password, and got to work. Because everyone was together, these platforms were able to make it trivially easy to find people you like and content that interests you. They were able to learn about you over time, and proactively show you those people and that content before you even had to ask.
This all, of course, came with huge downsides. Retweets and quote tweets made it easy for good content to travel, but also made it easy to mass-harass anyone on Twitter. Meta’s knowledge of its users makes your Explore page more interesting, and only extends the dossier on you available to advertisers. I’m not sure it’s possible to have the good without the bad, and I think the bad might outweigh the good. (As a white guy in America, I also experience the bad far less than many users, and I suspect I’d feel differently about the end of this era if I weren’t quite so privileged here.) But I can’t help but think it’s possible to at least do better.
Maybe we should all embrace the downfall of social networks, and maybe my (and our) need for a global water cooler is just a vestigial feeling we’ll all be rid of in a few years. But even before this era fully ends, before Twitter and Reddit turn into MySpace and Friendfeed and basically disappear from my life, I find myself longing for what they once were. Still are, maybe, just not for long. I miss everybody, and I don’t know if I’ll ever find them again.
https://www.theverge.com/2023/7/3/23782 ... r-mastodon
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
With just a little work ZeroNet could be ready for this...Atruepatriot wrote: ↑Fri Aug 18, 2023 12:14 pm So where are we all supposed to go now?
It’s the end of a social era on the web. That’s probably a good thing. But I already miss the places that felt like everyone was there.
An era of the internet is ending, and we’re watching it happen practically in real time. Twitter has been on a steep and seemingly inexorable decline for, well, years, but especially since Elon Musk bought the company last fall and made a mess of the place. Reddit has spent the last couple of months self-immolating in similar ways, alienating its developers and users and hoping it can survive by sticking its head in the sand until the battle’s over. (I thought for a while that Reddit would eventually be the last good place left, but… nope.) TikTok remains ascendent — and looks ever more likely to be banned in some meaningful way. Instagram has turned into an entertainment platform; nobody’s on Facebook anymore.
You could argue, I suppose, that this is just the natural end of a specific part of the internet. We spent the last two decades answering a question — what would happen if you put everyone on the planet into a room and let them all talk to each other? — and now we’re moving onto the next one. It might be better this way. But the way it has all changed, and the speed with which it has happened, has left an everybody-sized hole in the internet. For all these years, we all hung out together on the internet. And now that’s just gone.
Why is this all happening right now? Lots of reasons, actually, most of them at least somewhat defensible. The economy has gone sour, and after more than a decade of low interest rates and access to nearly unlimited and nearly free money, companies are finding their funding sources to be fewer and more finicky than ever. Those investors are also asking for real returns on that funding, so all these companies have had to switch from “growth at all costs” to “actually make some money.” Few social networking companies have ever made real money, and so they’re scrambling for new features and pivoting to whatever smells like quarterly results.
The rise of AI is also sending all these companies into a tizzy. Large language models from companies like OpenAI and Google are built on top of data collected from the open web. Suddenly, having all your users and content publicly available and easily found has gone from a growth hack to capitalistic suicide; companies around the industry are closing their walls, because they’re hoping to sell their data to AI providers rather than have it all scraped for free. Much of Reddit’s current chaos started with CEO Steve Huffman saying that the company realized that the platform is filled with good information, and “we don’t need to give all of that value to some of the largest companies in the world for free.” On Saturday, Elon Musk introduced Twitter’s new login gate and view count restrictions “to address extreme levels of data scraping & system manipulation.”
Add it all up, and the social web is changing in three crucial ways: It’s going from public to private; it’s shifting from growth and engagement, which broadly involves building good products that people like, to increasing revenue no matter the tradeoff; and it’s turning into an entertainment business. It turns out there’s no money in connecting people to each other, but there’s a fortune in putting ads between vertically scrolling videos that lots of people watch. So the “social media” era is giving way to the “media with a comments section” era, and everything is an entertainment platform now. Or, I guess, trying to do payments. Sometimes both. It gets weird.
As far as how humans connect to one another, what’s next appears to be group chats and private messaging and forums, returning back to a time when we mostly just talked to the people we know. Maybe that’s a better, less problematic way to live life. Maybe feed and algorithms and the “global town square” were a bad idea. But I find myself desperately looking for new places that feel like everyone’s there. The place where I can simultaneously hear about NBA rumors and cool new AI apps, where I can chat with my friends and coworkers and Nicki Minaj. For a while, there were a few platforms that felt like they had everybody together, hanging out in a single space. Now there are none.
What’s next appears to be group chats and private messaging and forums.
I’d love to follow that up with, “and here’s the new thing coming next!” But I’m not sure there is one. There’s simply no place left on the internet that feels like a good, healthy, worthwhile place to hang out. It’s not just that there’s no sufficiently popular place; I actually think enough people are looking for a new home on the internet that engineering the network effects wouldn’t be that hard. It’s just that the platform doesn’t exist. It’s not LinkedIn or Tumblr, it’s not upstarts like Post or Vero or Spoutable or Hive Social. It’s definitely not Clubhouse or BeReal. It doesn’t exist.
Long-term, I’m bullish on “fediverse” apps like Mastodon and Bluesky, because I absolutely believe in the possibility of the social web, a decentralized universe powered by ActivityPub and other open protocols that bring us together without forcing us to live inside some company’s business model. Done right, these tools can be the right mix of “everybody’s here” and “you’re still in control.”
The fediverse isn’t ready to take over yet.
But the fediverse isn’t ready. Not by a long shot. The growth that Mastodon has seen thanks to a Twitter exodus has only exposed how hard it is to join the platform, and more importantly how hard it is to find anyone and anything else once you’re there. Lemmy, the go-to decentralized Reddit alternative, has been around since 2019 but has some big gaps in its feature offering and its privacy policies — the platform is absolutely not ready for an influx of angry Redditors. Neither is Kbin, which doesn’t even have mobile apps and cautions new users that it is “very early beta” software. Flipboard and Mozilla and Tumblr are all working on interesting stuff in this space, but without much to show so far. The upcoming Threads app from Instagram should immediately be the biggest and most powerful thing in this space, but I’m not exactly confident in Meta’s long-term interest in building a better social platform.
So if not that, what? There’s a good case to be made for apps like WhatsApp and Signal, which at least bring some extra privacy muscle to the table. WhatsApp has been adding more social features over time, particularly Channels, a one-to-many way for creators and brands to talk to all their followers at once. (Telegram is also doing some interesting stuff in this space.) But that’s not social, that’s a news feed. These are still chat apps, meant for talking to one or a few people at a time.
Discord is probably the tool best-suited to capture users’ social needs right now. It’s definitely the best Reddit alternative we have. It’s a clever mix of chat app and broadcast tool, a place where lots of like-minded people could conceivably hang out and connect. But, uh, have you ever been in a Discord with thousands of people? It’s pure chaos, and requires you to either devote your life to keeping up or resolve yourself to missing everything. Discord’s moderation tools are a mess, too, and everyone’s still mad about changing their username.
For all its mess, the social networking era did a uniquely good job of just putting people together in a single place. You didn’t have to pick a server or declare your interests ahead of time; you just showed up, set a password, and got to work. Because everyone was together, these platforms were able to make it trivially easy to find people you like and content that interests you. They were able to learn about you over time, and proactively show you those people and that content before you even had to ask.
This all, of course, came with huge downsides. Retweets and quote tweets made it easy for good content to travel, but also made it easy to mass-harass anyone on Twitter. Meta’s knowledge of its users makes your Explore page more interesting, and only extends the dossier on you available to advertisers. I’m not sure it’s possible to have the good without the bad, and I think the bad might outweigh the good. (As a white guy in America, I also experience the bad far less than many users, and I suspect I’d feel differently about the end of this era if I weren’t quite so privileged here.) But I can’t help but think it’s possible to at least do better.
Maybe we should all embrace the downfall of social networks, and maybe my (and our) need for a global water cooler is just a vestigial feeling we’ll all be rid of in a few years. But even before this era fully ends, before Twitter and Reddit turn into MySpace and Friendfeed and basically disappear from my life, I find myself longing for what they once were. Still are, maybe, just not for long. I miss everybody, and I don’t know if I’ll ever find them again.
https://www.theverge.com/2023/7/3/23782 ... r-mastodon
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer
-
Atruepatriot
- Posts: 12151
- Joined: Tue Feb 25, 2020 11:55 am
Re: ZeroNet
A Guide to Security, Privacy, and Anonymity on ZeroNet
Author : Zola Gonano
In my previous post, I took a technical look at ZeroNet, explaining how it works and the technologies it uses to create a peer-to-peer web-like network. In this post, I want to discuss how you can maintain privacy and security in this network, explore the potential threats, and provide some techniques to enhance your privacy and security.
I will divide this guide into three main sections: "Security," "Privacy," and "Anonymity." In each section, I will explain what you can do to enhance each aspect.
These sections are interconnected, and as a result, there will be a lot of overlap. For example, you will need security to ensure your privacy, and you will need privacy to stay anonymous.
Security
This section covers what is needed to protect assets, information, or prevent harm, damage, unauthorized access, or exploitation.
Ensure Browser Security
In the ZeroNet network, no servers are hosting the sites, which means everything is executed on the client-side. Every site you visit will run JavaScript or WASM code in your browser. This makes browser sandboxing critically important because you cannot simply block every script and expect things to function properly. Therefore, the most important thing to stay secure in such a network is the browser.
Use a well-known browser
Use a browser that has been around for a while, as it will have had the chance to be audited and tested, and most of its vulnerabilities are likely to be fixed. Browsers like Firefox or Chromium are good options, as they have sandboxing features and vulnerabilities are detected and fixed quickly. However, the best choice would be the Tor Browser, which is a modified version of Firefox provided by the Tor Project. It is designed to reduce fingerprinting and enhances security by enabling some sandboxing features of Firefox that are not enabled by default.
Keep your browser up-to-date
Usually, most attacks come from already known and fixed vulnerabilities, and it is very unlikely to be attacked by a zero-day vulnerability. That's why you should always keep your browser and all your software up-to-date. It prevents attacks through known and fixed vulnerabilities and reduces your attack surface area significantly.
Encrypt All ZeroNet Traffic
By default, traffic encryption is not enforced for all requests and clients in ZeroNet. However, you can enforce it by adding force_encryption = True to the [global] section in the zeronet.conf file. Alternatively, you can run your ZeroNet with the --force_encryption flag, but you may accidentally forget to do so, so it's safer to put it in the config file.
By doing so, all your traffic will be secured using TLS.
Add an Additional Layer of Encryption
You can also provide an additional layer of encryption by using a VPN(Virtual Private Network) or by tunneling your whole system through TOR. This will prevent your ISP(Internet Service Provider) from knowing you're connecting to ZeroNet nodes.
But note that using a VPN means you're putting your trust in your VPN provider instead of your Internet Service Provider.
Encrypt Your ZeroNet Data
ZeroNet data, such as site files, even your private keys, etc., are stored in plain text inside a directory named data, and ZeroNet itself doesn't provide encryption for those files yet. However, there are several tricks to implement encryption for these files.
Use ZeroNet inside an encrypted virtual machine
If you want to take it to the next level and increase the security and privacy of your ZeroNet client at the same time, you can install a fully encrypted OS inside a virtual machine and run your ZeroNet inside it. This approach provides strong sandboxing and security for your ZeroNet data. An OS recommended for such purposes is Whonix OS, and they have a guide on how to use ZeroNet inside Whonix.
Store your ZeroNet files in an encrypted container
This method is simpler and offers added benefits, such as portability. You can encrypt a USB stick and store your entire ZeroNet bundle there, enabling you to use it on any machine you desire.
For enhanced portability, I highly recommend using Tails OS, which routes all traffic through Tor and includes an Encrypted Persistent Storage feature. This allows you to store files like your ZeroNet bundle securely without having them deleted when you restart the Tails Os.
Do not log in when using a ZeroNet instance (public proxy)
Everyone who runs a ZeroNet public proxy can see your private key and potentially steal your identity. Therefore, never use your identity or perform actions like creating an ID or site using a public proxy, as the proxy manager will have access to that site and ID just as you do.
Privacy
This section covers what you can do to control what information about you is shared or accessed when using ZeroNet.
Always use Tor
Setting Tor mode to Always will ensure that your IP address is not exposed when connecting and seeding a site in ZeroNet. Instead of IP addresses, other ZeroNet nodes will communicate with you through your onion address, and you have multiple of them (10 by default) to reduce the fingerprinting of an onion address.
To do so, you need to open a Tor controller port and allow ZeroNet to have access to the cookie authentication file.
Here are the changes you will need to make in the torrc file to achieve this:
Uncomment or add this line to open the controller port:
ControlPort 9151
Add these lines to make the cookie authentication file readable for ZeroNet:
CookieAuthFile /var/lib/tor/control_auth_cookie
DataDirectoryGroupReadable 1
CacheDirectoryGroupReadable 1
CookieAuthentication 1
Add your user or the user that runs ZeroNet to the Tor group:
sudo chown -R your_user:tor /var/lib/tor/control_auth_cookie
Once you've made these changes, you can add the following lines to the [global] section in your zeronet.conf file to enforce ZeroNet to use Tor:
tor_proxy = 127.0.0.1:9050
tor_controller = 127.0.0.1:9151
tor = always
With these configurations, your ZeroNet instance will route its traffic through Tor, providing increased privacy and anonymity.
Use Tor Browser or Disconnect Your Browser from the Internet
Even if you have set Tor to 'Always' mode, the sites can still send a request from your browser to the clearnet and expose your real IP address. The best practice here would be to always use ZeroNet inside the Tor browser to ensure that your real IP address never leaks to the clearnet through your browser. Optionally, you can set a non-working proxy or use your browser in offline mode when using ZeroNet, as ZeroNet doesn't require your browser to have access to the internet.
Protect your Identity
In ZeroNet, all identities are represented by private keys and certificates, which are stored in the users.json file. Therefore, it is essential to regularly back up this file if you want to ensure you don't lose your identity on ZeroNet.
Use ZeroID if possible
ID providers like CryptoID or KaffieID are considered "decentralized," but this decentralization comes at the cost of lacking uniqueness and regulation on IDs. As a result, anyone could generate the same ID that you have and potentially use your identity. On the other hand, ZeroID follows a different approach with a centralized server that ensures usernames and IDs are unique. However, it is worth noting that using ZeroID inside the Tor Browser should help maintain privacy despite the data being sent to the clearnet.
Anonymity
This section covers what you can do to seperate your real identity from the identity that you have on ZeroNet.
You need almost everything from the Security and Privacy sections
There's a lot of overlap between security, privacy, and anonymity, and you should have those to achieve anonymity.
You need good OPSEC
"OPSEC" stands for Operational Security. It involves using specific practices and strategies to protect sensitive information. When you have applied most of the security and privacy practices, it's mostly about OPSEC. You are the one who chooses what to share, where to share, and with whom.
Privacy is a human right, and digital privacy is necessary for people living in dictatorships, journalists, or activists to stay safe in the real world. If there's anything else that can be added, I'd be more than happy to know. This entire blog is available on GitHub, and you can contribute to it or simply give it a star.
https://github.com/zolagonano/zolagonano.github.io/
Author : Zola Gonano
In my previous post, I took a technical look at ZeroNet, explaining how it works and the technologies it uses to create a peer-to-peer web-like network. In this post, I want to discuss how you can maintain privacy and security in this network, explore the potential threats, and provide some techniques to enhance your privacy and security.
I will divide this guide into three main sections: "Security," "Privacy," and "Anonymity." In each section, I will explain what you can do to enhance each aspect.
These sections are interconnected, and as a result, there will be a lot of overlap. For example, you will need security to ensure your privacy, and you will need privacy to stay anonymous.
Security
This section covers what is needed to protect assets, information, or prevent harm, damage, unauthorized access, or exploitation.
Ensure Browser Security
In the ZeroNet network, no servers are hosting the sites, which means everything is executed on the client-side. Every site you visit will run JavaScript or WASM code in your browser. This makes browser sandboxing critically important because you cannot simply block every script and expect things to function properly. Therefore, the most important thing to stay secure in such a network is the browser.
Use a well-known browser
Use a browser that has been around for a while, as it will have had the chance to be audited and tested, and most of its vulnerabilities are likely to be fixed. Browsers like Firefox or Chromium are good options, as they have sandboxing features and vulnerabilities are detected and fixed quickly. However, the best choice would be the Tor Browser, which is a modified version of Firefox provided by the Tor Project. It is designed to reduce fingerprinting and enhances security by enabling some sandboxing features of Firefox that are not enabled by default.
Keep your browser up-to-date
Usually, most attacks come from already known and fixed vulnerabilities, and it is very unlikely to be attacked by a zero-day vulnerability. That's why you should always keep your browser and all your software up-to-date. It prevents attacks through known and fixed vulnerabilities and reduces your attack surface area significantly.
Encrypt All ZeroNet Traffic
By default, traffic encryption is not enforced for all requests and clients in ZeroNet. However, you can enforce it by adding force_encryption = True to the [global] section in the zeronet.conf file. Alternatively, you can run your ZeroNet with the --force_encryption flag, but you may accidentally forget to do so, so it's safer to put it in the config file.
By doing so, all your traffic will be secured using TLS.
Add an Additional Layer of Encryption
You can also provide an additional layer of encryption by using a VPN(Virtual Private Network) or by tunneling your whole system through TOR. This will prevent your ISP(Internet Service Provider) from knowing you're connecting to ZeroNet nodes.
But note that using a VPN means you're putting your trust in your VPN provider instead of your Internet Service Provider.
Encrypt Your ZeroNet Data
ZeroNet data, such as site files, even your private keys, etc., are stored in plain text inside a directory named data, and ZeroNet itself doesn't provide encryption for those files yet. However, there are several tricks to implement encryption for these files.
Use ZeroNet inside an encrypted virtual machine
If you want to take it to the next level and increase the security and privacy of your ZeroNet client at the same time, you can install a fully encrypted OS inside a virtual machine and run your ZeroNet inside it. This approach provides strong sandboxing and security for your ZeroNet data. An OS recommended for such purposes is Whonix OS, and they have a guide on how to use ZeroNet inside Whonix.
Store your ZeroNet files in an encrypted container
This method is simpler and offers added benefits, such as portability. You can encrypt a USB stick and store your entire ZeroNet bundle there, enabling you to use it on any machine you desire.
For enhanced portability, I highly recommend using Tails OS, which routes all traffic through Tor and includes an Encrypted Persistent Storage feature. This allows you to store files like your ZeroNet bundle securely without having them deleted when you restart the Tails Os.
Do not log in when using a ZeroNet instance (public proxy)
Everyone who runs a ZeroNet public proxy can see your private key and potentially steal your identity. Therefore, never use your identity or perform actions like creating an ID or site using a public proxy, as the proxy manager will have access to that site and ID just as you do.
Privacy
This section covers what you can do to control what information about you is shared or accessed when using ZeroNet.
Always use Tor
Setting Tor mode to Always will ensure that your IP address is not exposed when connecting and seeding a site in ZeroNet. Instead of IP addresses, other ZeroNet nodes will communicate with you through your onion address, and you have multiple of them (10 by default) to reduce the fingerprinting of an onion address.
To do so, you need to open a Tor controller port and allow ZeroNet to have access to the cookie authentication file.
Here are the changes you will need to make in the torrc file to achieve this:
Uncomment or add this line to open the controller port:
ControlPort 9151
Add these lines to make the cookie authentication file readable for ZeroNet:
CookieAuthFile /var/lib/tor/control_auth_cookie
DataDirectoryGroupReadable 1
CacheDirectoryGroupReadable 1
CookieAuthentication 1
Add your user or the user that runs ZeroNet to the Tor group:
sudo chown -R your_user:tor /var/lib/tor/control_auth_cookie
Once you've made these changes, you can add the following lines to the [global] section in your zeronet.conf file to enforce ZeroNet to use Tor:
tor_proxy = 127.0.0.1:9050
tor_controller = 127.0.0.1:9151
tor = always
With these configurations, your ZeroNet instance will route its traffic through Tor, providing increased privacy and anonymity.
Use Tor Browser or Disconnect Your Browser from the Internet
Even if you have set Tor to 'Always' mode, the sites can still send a request from your browser to the clearnet and expose your real IP address. The best practice here would be to always use ZeroNet inside the Tor browser to ensure that your real IP address never leaks to the clearnet through your browser. Optionally, you can set a non-working proxy or use your browser in offline mode when using ZeroNet, as ZeroNet doesn't require your browser to have access to the internet.
Protect your Identity
In ZeroNet, all identities are represented by private keys and certificates, which are stored in the users.json file. Therefore, it is essential to regularly back up this file if you want to ensure you don't lose your identity on ZeroNet.
Use ZeroID if possible
ID providers like CryptoID or KaffieID are considered "decentralized," but this decentralization comes at the cost of lacking uniqueness and regulation on IDs. As a result, anyone could generate the same ID that you have and potentially use your identity. On the other hand, ZeroID follows a different approach with a centralized server that ensures usernames and IDs are unique. However, it is worth noting that using ZeroID inside the Tor Browser should help maintain privacy despite the data being sent to the clearnet.
Anonymity
This section covers what you can do to seperate your real identity from the identity that you have on ZeroNet.
You need almost everything from the Security and Privacy sections
There's a lot of overlap between security, privacy, and anonymity, and you should have those to achieve anonymity.
You need good OPSEC
"OPSEC" stands for Operational Security. It involves using specific practices and strategies to protect sensitive information. When you have applied most of the security and privacy practices, it's mostly about OPSEC. You are the one who chooses what to share, where to share, and with whom.
Privacy is a human right, and digital privacy is necessary for people living in dictatorships, journalists, or activists to stay safe in the real world. If there's anything else that can be added, I'd be more than happy to know. This entire blog is available on GitHub, and you can contribute to it or simply give it a star.
https://github.com/zolagonano/zolagonano.github.io/
“The ultimate test of a moral society is the kind of world it leaves to its children.” ~ Dietrich Bonhoeffer