54
+ − 1 =head1 AnoNet2 FAQ
+ − 2
+ − 3 Back to homepage - L<http://www.anonet2.org/>
+ − 4
+ − 5 =head2 Resources
+ − 6
+ − 7 =over
+ − 8
+ − 9 =item Why do you use 1.0.0.0/8? It's been assigned to APNIC. You should use private (RFC1918) address space like 10.0.0.0/8.
+ − 10
270
+ − 11 AnoNet is a public internet, and as such it should use public address
57
+ − 12 space. ICANN (a private corporation) controls the public resources on
+ − 13 the IcannNet (a.k.a. the "public" Internet), and has delegated 1.0.0.0/8
270
+ − 14 on the IcannNet to APNIC. AnoNet is a separate public internet, that
57
+ − 15 doesn't answer to ICANN (nor to anybody else, for that matter). Now,
+ − 16 that said, when AnoNet started using 1.0.0.0/8 it was reserved (i.e.,
+ − 17 not to be allocated), but because of ICANN's mismanagement of the IPv4
+ − 18 address space (which is why nearly all 4 billion addresses have already
+ − 19 been assigned, in a world with only 6 billion total people, including all
+ − 20 the starving babies in Africa who don't even know yet what a computer is),
+ − 21 ICANN had to take 1.0.0.0/8 out of its "reserved" pool and to put it into
+ − 22 the "assignable" pool. AnoNet has no control over ICANN policy, so while
+ − 23 AnoNet did attempt to avoid directly conflicting with IcannNet addresses,
+ − 24 ICANN ultimately made sure that attempt would fail. (If you'd like to
+ − 25 connect to an internet with address space that's still in the ICANN
+ − 26 "reserved" pool, you may want to try VAnet.) Using private address
270
+ − 27 space is inappropriate for a public internet, per RFC1918. (If you'd
57
+ − 28 like to connect to an internet that uses private address space anyway,
+ − 29 you may want to try dn42 at L<http://www.dn42.net/>.)
54
+ − 30
270
+ − 31 =item You should register 1.0.0.0/8, before you use it.
+ − 32
+ − 33 By the same logic, ICANN should register 0.0.0.0/0, before it uses it.
+ − 34 ICANN claims divine authority over 0.0.0.0/8, and allows people to use
+ − 35 parts of it if they meet certain conditions set by the IETF and ICANN.
+ − 36 The IETF conditions are reasonable if you don't assume that Internet
+ − 37 is owned by ICANN. The ICANN conditions, on the other hand, are highly
+ − 38 unfair and actively hurt people who want their freedom (by requiring them
+ − 39 to give up their anonymity, to sign a restrictive agreement, and to have a
+ − 40 relationship with a regulated company with its own restrictive agreement).
+ − 41 Therefore, ICANN is not a suitable government for a free internet.
+ − 42 The AnoNet1 government claims "trust us instead," but AnoNet2 doesn't
+ − 43 require you to trust anybody. That's the only way for you to guarantee
+ − 44 that AnoNet will never mismanage IP space the same way that ICANN does.
+ − 45
115
+ − 46 =item ICANN isn't mismanaging the IPv4-space. IcannNet usage is just exploding faster than anybody ever predicted.
+ − 47
+ − 48 L<http://www.networkworld.com/news/2010/081610-5billion-devices-internet.html>
270
+ − 49 claims that the IcannNet only has about 5 billion total devices, of
+ − 50 which only about 1 billion "regularly connect" (PCs, laptops, etc.).
+ − 51 There are plenty of possible addressing schemes that could accomodate a
+ − 52 billion "regularly connecting" devices with an address space quadruple
+ − 53 the size (even without NAT, if you want). ICANN clearly isn't using
+ − 54 any of them. By any sane technical definition, that would certainly
+ − 55 qualify as "mismanagement."
115
+ − 56
54
+ − 57 =item If you use 1.0.0.0/8, you're squatting on somebody else's resources.
+ − 58
57
+ − 59 If you use 1.0.0.0/8 on the IcannNet, then your statement is correct,
58
+ − 60 but AnoNet and IcannNet are two totally separate public internets,
57
+ − 61 so it's ridiculous to accuse a participant in one to be squatting
+ − 62 on resources on the other. ICANN has no divine right to 1.0.0.0/8
+ − 63 (nor to any other netblock, for that matter) outside the IcannNet.
+ − 64 Moreover, using 10.0.0.0/8 I<would> be squatting on private address
+ − 65 space (address space that's reserved for your own home network),
+ − 66 per RFC1918. (While AnoNet couldn't care less about ICANN, we do use
+ − 67 the IETF protocols (with s/IcannNet/AnoNet/), so if the IETF says that
+ − 68 10.0.0.0/8 is reserved for your own home network, far be it from us to
+ − 69 steal it for some "public" network.)
54
+ − 70
+ − 71 =item AnoNet runs on the IcannNet. Therefore, you _are_ squatting.
+ − 72
57
+ − 73 That last accusation has no logical basis. Just because most AnoNet
+ − 74 links are tunneled over the IcannNet doesn't give ICANN a right to rule
115
+ − 75 the content of those tunnels. (In almost exactly the same way, just
+ − 76 because most IcannNet links move over telecom equipment doesn't give the
+ − 77 ITU a right to rule the content of those links.) In fact, ICANN itself
+ − 78 will happily confirm that it has neither authority nor ambition to rule
+ − 79 the content of IcannNet communications between endpoints, inclusive of
+ − 80 AnoNet tunnels. Therefore, even if you buy the logical validity of your
+ − 81 claim, ICANN will still shoot it down.
54
+ − 82
270
+ − 83 =item Okay, you're not squatting, but now that 1.0.0.0/8 is being actively used on IcannNet, you should move to 10.0.0.0/8 to avoid conflicts.
+ − 84
+ − 85 AnoNet is under no obligation to shrink its address space just because IcannNet decided to create a conflict. Also, moving to 10.0.0.0/8 will create more conflicts than staying in 1.0.0.0/8 (since 10.0.0.0/8 is far more congested than 1.0.0.0/8 will ever be).
+ − 86
54
+ − 87 =item You should move to IPv6, then.
+ − 88
115
+ − 89 That's not the only logical conclusion, based on the above. However, AnoNet has no rules, so you're more than welcome to move to IPv6, and/or to try to convince others to do the same. As long as you don't start out with unrealistic expectations, you probably won't be disappointed with the results of your preaching effort. [Update: It appears that IPv6 may have some deployment on AnoNet, now. (Maybe somebody read the above as a challenge and decided to run with it.) Perhaps the guys using it will fill in some details here.]
54
+ − 90
+ − 91 =back
+ − 92
+ − 93 =head2 Peering
+ − 94
+ − 95 =over
+ − 96
+ − 97 =item What is peering all about?
+ − 98
187
+ − 99 AnoNet is an internet. An internet means an internetwork, or a
+ − 100 network that connects between networks. An internetwork is normally
+ − 101 constructed by making links between the different networks, and then
+ − 102 carrying internetwork traffic along those links. (If network A has
+ − 103 a link to network B, then traffic from A to B or from B to A should
+ − 104 probably pass through that link.) Such a link is called a "peering,"
+ − 105 and the two sides of that link are called "peers." On the IcannNet,
+ − 106 peerings are normally done over leased lines, but due to the nature of
+ − 107 AnoNet, using leased lines isn't much of an option for most peerings.
+ − 108 Therefore, most peerings are done over tunnels on the IcannNet.
+ − 109 The most common software for AnoNet tunnels is OpenVPN, although
+ − 110 tinc and L<quicktun|http://wiki.qontrol.nl/QuickTun> are also used.
57
+ − 111 (tinc in particular deserves special attention: it can create a mesh
+ − 112 between participants, sacrificing anonymity to achieve lower latency.)
54
+ − 113
+ − 114 =item Whom should I peer with?
+ − 115
57
+ − 116 If you want to protect your anonymity, you'll want to peer with only
+ − 117 a few others. If you're more interested in getting good latency,
+ − 118 you'll want a more promiscuous peering policy. Your peers are able to
+ − 119 access certain information (like your IP) that isn't easy for others
+ − 120 to access, so the harm in having too many peers is that the secrecy of
+ − 121 that information is protected by the "weakest" link. (The greater the
+ − 122 number of people who know a secret, the greater the number of people
+ − 123 who are likely to hear about it within a given time interval.)
54
+ − 124
+ − 125 =item How can I talk to the rest of AnoNet, if I'm only peered with a few others?
+ − 126
57
+ − 127 How can you talk to Google, if you're only hooked up to your local ISP?
+ − 128 The answer is that your ISP offers you "transit" to its peers, which
+ − 129 in turn offer your ISP transit to their peers, etc. (If network A is
+ − 130 connected to network B, which itself is connected to network C, then
+ − 131 with B's permission network A can talk to network C.) On AnoNet, most
+ − 132 peerings have BGP sessions managing the routing tables on both sides,
+ − 133 in order to provide mutual transit. (On AnoNet, providing transit is
+ − 134 an advantage, since it improves your own anonymity.)
54
+ − 135
+ − 136 =item Won't providing transit slow down my Internet connection?
+ − 137
57
+ − 138 If you're the preferred transit provider between two guys who feel
+ − 139 like streaming a whole ton of real-time studio-quality video back and
+ − 140 forth all day, that can certainly slow down (to put it mildly) your
+ − 141 dial-up connection. In reality, most traffic on AnoNet is plain text,
+ − 142 so you probably don't have too much to worry about, especially if you
+ − 143 have some sort of broadband connection. That said, if it ever _does_
+ − 144 become an issue, all you have to do is stop providing transit (although
+ − 145 the particular case above is unlikely to persist even if you do nothing
+ − 146 at all, since the two streaming guys will quickly figure out that going
+ − 147 through you won't get them anywhere, and they'll most likely seek another
+ − 148 transit provider - or even just peer with each other directly), or use
+ − 149 simple BGP tricks to make transit through you less attractive to some
+ − 150 or all of the AnoNet.
54
+ − 151
+ − 152 =back
+ − 153
+ − 154 =head2 DNS
+ − 155
+ − 156 =over
+ − 157
+ − 158 =item How is DNS handled on AnoNet?
+ − 159
57
+ − 160 AnoNet has a number of TLDs (Top-Level Domains), the most interesting
+ − 161 one being .ano. The entire zone is public (unlike, say, the .com zone
+ − 162 on the IcannNet), so you can easily deploy your own TLD nameservers.
+ − 163 In fact, the git resdb already includes scripts to generate both
+ − 164 tinydns and BIND zonefiles automatically. That said, SRN has public
+ − 165 root and TLD nameservers, if you don't feel like setting up your own.
+ − 166 SRN also has a public recursive resolver (which also resolves IcannNet
+ − 167 names), which you can use if you can't even be bothered to set up your
+ − 168 own recursive resolver. Please note that you're telling SRN about all
+ − 169 hostnames that you lookup if you do this. (Right now, you're probably
+ − 170 telling your ISP the same information, BTW.)
54
+ − 171
+ − 172 =item I want my own domain. How can I set it up?
+ − 173
57
+ − 174 You have a number of options, depending on (a) your current
+ − 175 infrastructure, and (b) your interest/ability to deploy additional
+ − 176 infrastructure. The resource database is just a whole bunch of
+ − 177 directories/files stored in a git repository, so adding a domain into
+ − 178 "AnoNet" essentially boils down to adding the right files/directories into
+ − 179 everybody's git repository. (Fortunately, most guys send and receive
+ − 180 updates among themselves on a regular basis, so your new domain should
+ − 181 "propagate" around rather quickly, once it's made its way into one
+ − 182 repository.) If you have git, you can "git clone" the repository from
+ − 183 someone, add your domain (there's a small script to make the job easy,
+ − 184 if you don't want to do it by hand), and then send someone a diff.
+ − 185 If you feel like setting up your own git server, then all you have to
+ − 186 do is make the changes on your own repo, and then tell somebody the URL
+ − 187 to your git server. You'll probably want to take advantage of the same
+ − 188 opportunity to add your own git URL into the resource database, so others
+ − 189 can pull from you on a regular basis. If you don't have git and don't
+ − 190 feel like setting it up, all you have to do is find someone else who
+ − 191 does have git (or feels like setting it up), and doesn't mind making
+ − 192 the changes for you. SRN is always such a "someone." Next, you'll
+ − 193 want to set up your nameservers to resolve names within your domain.
+ − 194 If you have tinydns or BIND, just read the relevant documentation.
+ − 195 If you don't have a nameserver and don't feel like setting one up, tell
+ − 196 SRN what names you want (like "www.yourdomain.ano," "ftp.yourdomain.ano,"
+ − 197 etc.), and he'll add them into his own nameservers.
54
+ − 198
+ − 199 =item What can I do with my own domain?
+ − 200
57
+ − 201 You can host Web pages, an FTP site, IRC, email, an online shop (but
115
+ − 202 taking payments may not be so simple), or anything else that strikes
57
+ − 203 your fancy.
54
+ − 204
+ − 205 =back
+ − 206
+ − 207 =head2 Censorship
+ − 208
+ − 209 =over
+ − 210
+ − 211 =item Is it safe to speak my mind on AnoNet?
+ − 212
57
+ − 213 The short answer is "probably." The long answer is that nobody has
+ − 214 ever been censored on AnoNet2, a fact that's not likely to change.
+ − 215 (If that fact ever does change, it'll be noted here as soon as possible.)
54
+ − 216
+ − 217 =item Will I be censored for child porn?
+ − 218
57
+ − 219 AnoNet1 has an official policy against CP, and it redefines "censorship"
+ − 220 to not include censoring CP. AnoNet2 has no policies. That said,
+ − 221 you're not likely to find any CP here, since that's simply not a common
+ − 222 contribution to AnoNet2. (Whether or not it'd be a welcome contribution
+ − 223 is something you'll want to take up with individual participants.
+ − 224 SRN would like you to know that he believes the CP (and porn, in general)
+ − 225 industry destroys the world for no useful purpose. Nobody else has
+ − 226 voiced an opinion here.)
54
+ − 227
+ − 228 =item Will I be censored for hateful speech?
+ − 229
57
+ − 230 It depends on the forum. If you do it on your own server, don't expect
+ − 231 too many people to hang around there if you make a practice of making
+ − 232 it unpleasant for them to be there. If you start cursing people out on
+ − 233 somebody else's IRC server for no apparent reason, there's a non-trivial
+ − 234 chance that the operator will /kill your connection. SRN encourages
+ − 235 you to set up your own channel on irc.somerandomnick.ano, and to say
+ − 236 whatever the heck you want there.
54
+ − 237
+ − 238 =item Will I be censored for trolling?
+ − 239
57
+ − 240 Since "trolling" is an overly ambiguous term, it's highly unlikely that
+ − 241 you'll ever get /kicked or /killed for doing it. In fact, SRN encourages
+ − 242 you to see if you can out-troll him on irc.somerandomnick.ano. That said,
+ − 243 you should certainly expect people to /ignore you if you make a practice
+ − 244 of saying stuff that people really don't want to hear. (You may want to
+ − 245 create a separate IRC nick for trolling, if you anticipate trolling a lot,
+ − 246 but want people to still hear you when you have something interesting
+ − 247 to say: this way, everybody wins.)
54
+ − 248
+ − 249 =item Will I be censored for spreading lies?
+ − 250
57
+ − 251 not likely, but people may /ignore you if you make a practice of saying
+ − 252 stuff that people don't consider worth hearing
54
+ − 253
+ − 254 =back
97
+ − 255
+ − 256 =head2 AnoNet1 vs. AnoNet2
+ − 257
+ − 258 =over
+ − 259
+ − 260 =item Why does AnoNet2 exist? What's wrong with AnoNet1?
+ − 261
+ − 262 There used to be only one AnoNet. Unfortunately, a few bad apples (who
+ − 263 happen to be the guys who control AnoNet1) split AnoNet by forcing a part
+ − 264 of AnoNet to become disconnected from the rest of AnoNet. That piece
+ − 265 (AnoNet2) has been steadily growing, while "the rest" (AnoNet1) has been
+ − 266 slowly decaying.
+ − 267
+ − 268 =item Is AnoNet1 dead, then?
+ − 269
514
+ − 270 AnoNet1 isn't dead yet. It's currently about half the size of AnoNet2.
+ − 271 AnoNet2 has more services online, and AnoNet2 is still growing, while
+ − 272 AnoNet1 is getting smaller.
97
+ − 273
+ − 274 =item What's the difference between AnoNet1 and AnoNet2, then?
+ − 275
514
+ − 276 AnoNet2 lost peering with AnoNet1 because AnoNet1 was too centralized
97
+ − 277 to avoid censorship. AnoNet2, therefore, is essentially a reboot of
115
+ − 278 AnoNet1, while paying careful attention to preventing another AnoNet split
+ − 279 from ever being necessary. (The irony, of course, is that the level of
+ − 280 decentralization engineered into AnoNet2 makes it trivial for anyone in
+ − 281 AnoNet2 to split it. Such a split doesn't happen simply because "the
+ − 282 management" hasn't done anything stupid enough to make one necessary.)
97
+ − 283
+ − 284 =item Who's "the management" in AnoNet2? What prevents it from becoming evil when AnoNet2 grows closer to the size of AnoNet1?
+ − 285
+ − 286 AnoNet2 (like AnoNet1) has no official government. Unlike AnoNet1,
+ − 287 though, AnoNet2's technical construction is such that the unofficial
+ − 288 government members (primarily UFO and SRN, at this point) don't have
+ − 289 enough power to force their way (not to mention that they don't really
331
+ − 290 _want_ to force their way, anyway). A recent practical example of this
+ − 291 anarchy is IPv6: SRN has made no secret of his strong opposition to IPv6,
+ − 292 but that didn't stop an enterprising new AnoNet2 user from deploying
+ − 293 it himself and connecting with others, even after "the management"
+ − 294 (both UFO and SRN) flatly refused to participate.
+ − 295
498
+ − 296 Update: The IPv6 version of AnoNet2 now has 6 members over roughly 11
+ − 297 IPv6-capable hosts, and lex is providing data to feed SRN's new IPv6
+ − 298 graphs, which are only reachable over IPv4. (After lex grew the network to
+ − 299 3, UFO joined.) lex also provides transit between IPv6 Anonet and dn42,
+ − 300 carrying traffic inside ULA ranges between the two darknets. Services are
+ − 301 starting to become available over IPv6.
97
+ − 302
+ − 303 =item Why don't AnoNet1 and AnoNet2 merge again?
+ − 304
514
+ − 305 We finally merged again. Routing between AnoNet1 and AnoNet2 is
+ − 306 fully integrated. AnoNet1 IRC is now linked into the L<UDPMSG4
+ − 307 cloud|http://www.powerfulproxy.com/do_it.php/http/www.srw.ano/udpmsg4>.
+ − 308 The remaining AnoNet1 "rootservers" use resdb. Some AnoNet1 users still
+ − 309 have BGP filters against part of AnoNet2, but they are now a minority.
97
+ − 310
+ − 311 =item Why does AnoNet2 filter advertisements to AnoNet1? Doesn't that prevent the two darknets from ever merging again?
+ − 312
514
+ − 313 AnoNet2 no longer filters advertisements to AnoNet1. AnoNet1 users that
+ − 314 do not want AnoNet2 routes filter them if they care.
97
+ − 315
+ − 316 =item Do I have to choose between AnoNet1 and AnoNet2, or is there a way to join both?
+ − 317
514
+ − 318 On the IP level, when you join one you automatically join the other. The
+ − 319 easiest way to claim resources is with the AnoNet2 resdb. It is the only
+ − 320 complete database of AnoNet resources, and it is the only decentralized
+ − 321 resource database. AnoNet1 IRC is now connected to L<the AnoNet2 chat
+ − 322 cloud|http://www.powerfulproxy.com/do_it.php/http/www.srw.ano/udpmsg4>.
+ − 323 You can contribute to the AnoNet1 wiki or the AnoNet2 wikis, or you can
+ − 324 make your own.
97
+ − 325
331
+ − 326 =item If the two parts of AnoNet are connected again, why are they still being advertized separately?
+ − 327
514
+ − 328 We still did not combine marketing again ;-)
286
+ − 329
97
+ − 330 =item Which darknet preserves my anonymity better, AnoNet1 or AnoNet2?
+ − 331
514
+ − 332 [Update: This question is no longer relevant.]
+ − 333
97
+ − 334 Well, AnoNet1 has stricter rules (and more centralization, as a
+ − 335 prerequisite to rule enforcement), so as long as you trust "the powers
+ − 336 that be" to preserve your anonymity, you get better anonymity guarantees.
+ − 337 However, your anonymity faces significant risk if any member of the
+ − 338 AnoNet1 "government" (which doesn't even admit who's who) betrays your
+ − 339 trust. (That risk isn't so far-fetched, incidentally, since any type
+ − 340 of law enforcement "sting-type" operation against one of those guys is
+ − 341 likely to compromise his guarantees, even through no malice on his part.
+ − 342 Now, since malice has already been observed, the guarantees become even
+ − 343 less reliable.) The AnoNet2 rules have more room for flexibility,
+ − 344 since centralized police authority is not available on AnoNet2.
+ − 345 Therefore, your anonymity guarantees are somewhat weaker, but far more
+ − 346 likely to be reliable. You also have better theoretical anonymity on
+ − 347 AnoNet2, because marking a subnet "reserved" on AnoNet1 no longer works.
+ − 348 ("The management" is too nosy, and threatens disconnection against anyone
+ − 349 who doesn't provide requested information.)
+ − 350
+ − 351 =item Where, then, am I more anonymous?
+ − 352
+ − 353 In the real world, AnoNet2 anonymity wins, hands down. (On AnoNet1,
+ − 354 any Easystreet network administrator can easily correlate IcannNet IP
+ − 355 addresses with CP IP addresses and IRC nicks, allowing him to reliably
+ − 356 learn the identity of all new AnoNet1 members. AnoNet2 has many different
+ − 357 ways of joining, including one rather interesting tor-based approach
+ − 358 recently demonstrated, where the user never showed his IcannNet IP
+ − 359 address to anyone on AnoNet2.)
+ − 360
98
+ − 361 =item How can I learn more about AnoNet1 vs. AnoNet2?
+ − 362
115
+ − 363 L<http://www.anonet2.org/darknet_comparison> gives a basic comparison.
+ − 364 If you want more in-depth information about the relative anonymity value
+ − 365 of each, L<http://www.anonet2.org/anonymity> may be what you're after.
98
+ − 366
97
+ − 367 =back
+ − 368
+ − 369 =head2 AnoNet vs. IcannNet
+ − 370
+ − 371 =over
+ − 372
+ − 373 =item What's IcannNet???
+ − 374
+ − 375 IcannNet is the internet (mis)managed by ICANN. It's what most people
+ − 376 call "the" Internet.
+ − 377
+ − 378 =item What's wrong with IcannNet?
+ − 379
+ − 380 The short answer is that ICANN is very highly centralized, resulting
+ − 381 in centralized decision-making (and centralized lobbying, arm-twisting,
+ − 382 etc.).
+ − 383
+ − 384 =item Does AnoNet really aim to replace IcannNet?
+ − 385
+ − 386 Yes, the long-term goal behind AnoNet is to render IcannNet obsolete.
+ − 387 In the short-term, though, it'd be highly unlikely for IcannNet to
+ − 388 disappear even in the hypothetical case where everyone were to move to
+ − 389 AnoNet tomorrow, since the overwhelming majority of AnoNet peering is
+ − 390 tunneled over IcannNet.
+ − 391
514
+ − 392 =item Sometimes in IcannNet I don't want to be anonymous. Can I replace IcannNet for then also?
+ − 393
+ − 394 Nobody can force you to be anonymous. If you protect the anonymity of
+ − 395 your peers then it is not a problem that you don't protect your anonymity.
+ − 396
97
+ − 397 =back
