Freenet Tor Browser

Using Freenet over Tor

This post outlines a method of using Freenet over Tor based on posts I wrote on my Freenet hosted blog and subsequent discussions about it. If you read my Freenet hosted blog there's little new here, I'm just making it available on my non-freenet blog.

This small open space browser claims that it provides an easy and fast browsing experience to all its users while still protecting their privacy. What's interesting about this browser is that the company behind doesn't actually have access to your personally identifiable data. Mar 31, 2021 The easiest way to access Tor is through the Tor Browser. You can download and install it for free. You might want to hide your Tor Browser download using a VPN and your existing browser's private/incognito mode. Based on Firefox, Tor Browser lets you surf both the clear web and dark web. The Tor software protects you by bouncing your communications around a distributed. Jan 27, 2021 If you are a beginner, it is the best choice for you to stick with. The Tor browser is an open-source deep web browser made available for Mac, Linux and Windows computers. It can also be treated as a mobile browser since it works well on both the Android and iOS operating system. The first anonymous browser ever introduced to get on the dark web is TOR. It offers the most secure ways to start browsing on the dark web.

One issue I've had with Freenet is that it exposes your IP address to peers. Recent law enforcement efforts to monitor Freenet have shown that they have been able to obtain search warrants based on logging requests for blocks of known data and associating them with IP addresses. If law enforcement can do this, so can random bad people.

You can avoid exposing your IP address to random strangers on opennet by using darknet but even then you have to trust your friends aren't monitoring your requests. If it was possible to run Freenet over Tor hidden services then only the hidden service address would be exposed using this logging method. A problem is that Freenet uses UDP which Tor does not support.

A recent post on the Freenet development mailing list pointed out that onioncat provides a virtual network over Tor and tunnels UDP. Using the steps they provided, and some tweaks, it's possible to set up a darknet node that doesn't expose its IP address. It uses the onioncat generated IPv6 address for communicating with peers - and this address is backed by a Tor hidden service.

The steps below outline how to set this up. Note that this is quite experimental and requires care to not expose your IP address. There are some Freenet issues that make things difficult so you should be aware that you do this at your risk and understand it may still expose your identity if things go wrong.

I'm assuming a Debian/Ubuntu like system for the steps.

Install Tor

Install Tor:

Edit the /etc/tor/torrc file to enable a Hidden Service with an entry like:

Restart Tor and find your hidden service hostname:

Install onioncat

Install onioncat:

Edit /etc/default/onioncat and change the lines matching the following:

Restart onioncat:

Find your onioncat IP address with:

Install Freenet

Install Freenet in the usual way and go through the browser based setup wizard. Choose 'Details settings: (custom)' for the security option. On the subsequent pages of the wizard:

• Disable the UPnP plugin.
• Choose 'Only connect to your friends'
• Choose 'High' for 'Protection against a stranger attacking you over the internet'
• Click the 'I trust at least one person already using Freenet' checkbox.
• For 'Protection of your downloads..' pick any option you want.
• Pick a node name that your darknet friends will see.
• Pick a datastore size that you want.
• Choose the bandwidth limit.

The node will now be started but have no connections. There will be warnings about this.

Configure Freenet over Tor

The following settings need to be changed in 'Configuration/Core Settings' - make sure you have clicked 'Switch to advanced mode'.

• Change 'IP address override' to your onioncat IP address retrieved in the previous section.
• Apply the changes.

Shut down Freenet and edit the wrapper.conf file in the Freenet installation directory. Change the line that contains java.net.preferIPv4Stack=true to java.net.preferIPv4Stack=false. In my wrapper.conf this is:

Edit freenet.ini file in the Freenet installation directory. Change or add the following (replace 'onioncat IP address' with the IP address obtained installing onioncat):

Save the file and restart Freenet. There might be a warning about 'Unknown external address'. Ignore this as you've explictly set one. I provide a patch later in this post if you want to get rid of the warning.

Add a friend

Now is the time to add a Darknet friend who is also using Tor/Onioncat. Go to 'Friends/Add a friend'. Choose your trust and ability to see other friends settings and enter a description of the friend. Paste their noderef in the 'Enter node reference directly' box.

Give your noderef to your friend and have them add it. Once both connections have been added you should see 'Connected' in the Friends list for that connection. The IP address should show the onioncat IPv6 address, beginning with 'fd'.

Optional Freenet patch

When running a Tor based node Freenet thinks the onioncat IP address is a local address. Some places in the Freenet code base check for this and reject it as a valid global routable address. In the FProxy user interface a large warning appears on each page that it couldn't find the external IP address of the node. The other issue is that local addresses aren't counted for bandwidth statistic reporting. The bandwidth box on the statistics page is empty as a result.

I use a patch, onioncat.txt, that provides a workaround for these two issues. The patch is optional as the node works without it but it's a useful improvement if you plan to run a Tor based node long term. You should check the patch before applying it blindly and assure that it's not doing anything nefarious.

Hybrid nodes

Tor

If you run a Tor based darknet node then at least one hybrid node must be in the darknet to bridge to the non-tor nodes. These hybrid nodes will have a public clearnet IP address exposed. I outline how to set up a hybrid node later below. For those that trust me, if you send a darknet tor noderef to me at the freemail address on the bottom of this page, or via normal email, I'll connect and send you a noderef of a hybrid node setup in this manner.

Install Tor and Onioncat as described previously. Install Freenet in the usual way and go through the browser based setup wizard. Choose 'Details settings: (custom)' for the security option. On the subsequent pages of the wizard:

• Enable or Disable the UPnP plugin as necessary depending on what you need for your clearnet connection to work.
• Choose 'Connect to strangers'
• Choose 'Low' or 'Normal' security as desired.
• For 'Protection of your downloads..' pick any option you want.
• Pick a datastore size that you want.
• Choose the bandwidth limit.

The steps below outline how to set this up. Note that this is quite experimental and requires care to not expose your IP address. There are some Freenet issues that make things difficult so you should be aware that you do this at your risk and understand it may still expose your identity if things go wrong.

I'm assuming a Debian/Ubuntu like system for the steps.

Install Tor

Install Tor:

Edit the /etc/tor/torrc file to enable a Hidden Service with an entry like:

Restart Tor and find your hidden service hostname:

Install onioncat

Install onioncat:

Edit /etc/default/onioncat and change the lines matching the following:

Restart onioncat:

Find your onioncat IP address with:

Install Freenet

Install Freenet in the usual way and go through the browser based setup wizard. Choose 'Details settings: (custom)' for the security option. On the subsequent pages of the wizard:

• Disable the UPnP plugin.
• Choose 'Only connect to your friends'
• Choose 'High' for 'Protection against a stranger attacking you over the internet'
• Click the 'I trust at least one person already using Freenet' checkbox.
• For 'Protection of your downloads..' pick any option you want.
• Pick a node name that your darknet friends will see.
• Pick a datastore size that you want.
• Choose the bandwidth limit.

The node will now be started but have no connections. There will be warnings about this.

Configure Freenet over Tor

The following settings need to be changed in 'Configuration/Core Settings' - make sure you have clicked 'Switch to advanced mode'.

• Change 'IP address override' to your onioncat IP address retrieved in the previous section.
• Apply the changes.

Shut down Freenet and edit the wrapper.conf file in the Freenet installation directory. Change the line that contains java.net.preferIPv4Stack=true to java.net.preferIPv4Stack=false. In my wrapper.conf this is:

Edit freenet.ini file in the Freenet installation directory. Change or add the following (replace 'onioncat IP address' with the IP address obtained installing onioncat):

Save the file and restart Freenet. There might be a warning about 'Unknown external address'. Ignore this as you've explictly set one. I provide a patch later in this post if you want to get rid of the warning.

Add a friend

Now is the time to add a Darknet friend who is also using Tor/Onioncat. Go to 'Friends/Add a friend'. Choose your trust and ability to see other friends settings and enter a description of the friend. Paste their noderef in the 'Enter node reference directly' box.

Give your noderef to your friend and have them add it. Once both connections have been added you should see 'Connected' in the Friends list for that connection. The IP address should show the onioncat IPv6 address, beginning with 'fd'.

Optional Freenet patch

When running a Tor based node Freenet thinks the onioncat IP address is a local address. Some places in the Freenet code base check for this and reject it as a valid global routable address. In the FProxy user interface a large warning appears on each page that it couldn't find the external IP address of the node. The other issue is that local addresses aren't counted for bandwidth statistic reporting. The bandwidth box on the statistics page is empty as a result.

I use a patch, onioncat.txt, that provides a workaround for these two issues. The patch is optional as the node works without it but it's a useful improvement if you plan to run a Tor based node long term. You should check the patch before applying it blindly and assure that it's not doing anything nefarious.

Hybrid nodes

Tor

If you run a Tor based darknet node then at least one hybrid node must be in the darknet to bridge to the non-tor nodes. These hybrid nodes will have a public clearnet IP address exposed. I outline how to set up a hybrid node later below. For those that trust me, if you send a darknet tor noderef to me at the freemail address on the bottom of this page, or via normal email, I'll connect and send you a noderef of a hybrid node setup in this manner.

Install Tor and Onioncat as described previously. Install Freenet in the usual way and go through the browser based setup wizard. Choose 'Details settings: (custom)' for the security option. On the subsequent pages of the wizard:

• Enable or Disable the UPnP plugin as necessary depending on what you need for your clearnet connection to work.
• Choose 'Connect to strangers'
• Choose 'Low' or 'Normal' security as desired.
• For 'Protection of your downloads..' pick any option you want.
• Pick a datastore size that you want.
• Choose the bandwidth limit.

The node will start and connect to opennet.

Shut down Freenet and edit the wrapper.conf file in the Freenet installation directory. Change the line that contains java.net.preferIPv4Stack=true to java.net.preferIPv4Stack=false. In my wrapper.conf this is:

Edit freenet.ini file in the Freenet installation directory. Change or add the following:

Save the file and restart Freenet. If you base64 decode the 'physical.udp' section of the noderef for the node you should see that it now contains the onioncat IP address as well as the public clearnet IP address.

Adding friends to this node will give those friends access to the wider Freenet datastore when they reciprocate.

Don't forget to check your noderefs to ensure that the ARK and the public IP address contain data you are willing to reveal. Check both the darknet noderef and the opennet noderef. You can decode the base64 of the 'physical.udp' line with the GNU base64 command:

Final steps and caveats

Try visiting a Freenet index site and see if it loads. If it does then the Freenet over Tor setup is working. It will be slower than normal Freenet usage due to Tor latency. If you connect to more darknet nodes it will get faster.

When adding a friends noderef you can check what IP addresses it will connect to by looking at the 'physical.udp' line. This is a base64 encoded list of IP addresses. You might want to check this to ensure that there are no clearnet addresses in there. If there is a clearnet address then it could deanonymize your node when it tries to connect to that in preference to the onioncat address.

The 'ark.pubURI' portion of the noderef is an SSK that points to updated IP address information. A node can subscribe to the USK version of this and learn about IP address changes. Your friends node could change their IP address to a clearnet address resulting in you connecting to that.

To avoid the above two issues it's worthwhile running Freenet in a VM or container that does not have clearnet network access and only has access to the onioncat network setup. Alternatively you can use iptables to only allow onioncat traffic for the Freenet process or user running it.

Freenet Tor Browser Download

The IP addresses exposed in the noderef include all local link addresses and their scopes. This is Freenet bug 6879. This may leak information you don't want leaked. It pays to check the 'physical.udp' and 'ark.pubURI' to see what you are exposing. Remember that any IP addresses exposed over the ARK is discoverable by looking at previous editions of the USK.

The traffic footprint of Freenet may make it easier to track down your IP address from your Tor ID. The volume of data and the nature of the traffic may make certain types of Tor de-anonymization techniques more effective.

Ideally it would be possible to have an opennet of Tor nodes so the exchange of darknet noderefs wouldn't be needed. I haven't been able to get this working yet but I'll continue to investigate it. Microsoft teams login.

I've been running a Tor darknet node for the past week to test how well it works. With three darknet connections it runs well enough for browsing freesites. Sone and the Web of Trust took quite a while to bootstrap due to the lower speed but once it was running it works well. FMS and Flip are also usable. I'd expect performance to be even better with more connections.

Tags

Get connected

If you are in a country where Tor is blocked, you can configure Tor to connect to a bridge during the setup process.

Select 'Tor is censored in my country.'

If Tor is not censored, one of the most common reasons Tor won't connect is an incorrect system clock. Please make sure it's set correctly.

Stay safe

Please do not torrent over Tor.
Tor Browser will block browser plugins such as Flash, RealPlayer, QuickTime, and others: they can be manipulated into revealing your IP address.

We do not recommend installing additional add-ons or plugins into Tor Browser

Plugins or addons may bypass Tor or compromise your privacy. Tor Browser already comes with HTTPS Everywhere, NoScript, and other patches to protect your privacy and security.

Check out the Tor Browser manual for more troubleshooting tips.

Stand up for privacy and freedom online.

We're a nonprofit organization and rely on supporters like you to help us keep Tor robust and secure for millions of people worldwide.

Freenet Tor Browser Reviews