FMS: Spam-proof anonymous message boards on Freenet

The FMS websiteA few weeks ago I started hearing quite a bit of buzz about a new tool called the Freenet Messaging System or FMS.  I went to its website within Freenet (we call them “freesites”), and downloaded it.  Normally downloading and running code from an anonymous system isn’t a good idea, but Freenet makes it easy to digitally sign content, and the author, while anonymous, seems pretty honorable.

If you are familiar with Usenet, feel free to skip the rest of this paragraph.  Usenet is a discussion system that was very popular in the early days of the Internet.  To use Usenet you need a NNTP client, which are a bit like email clients,  and then you can post to newsgroups, forums on particular topics.  NNTP is the protocol used to access Usenet, just as HTTP is the protocol used to access the web, and SMTP is the protocol used to send emails.  Newsgroups have names like alt.humor.puns.  These days the easiest way to use Usenet is probably through Google Groups, which, among other things, provides a web-based interface to Usenet.  A number of dedicated NNTP clients still exist, one of the better ones is Thunderbird, which is primarily an email client created by the Mozilla Foundation, the creators of the Firefox web browser.

FMS evokes some nostalgia because it’s pretty-much Usenet over Freenet, allowing users to read messages posted to online forums, and also to post their own messages. The major difference is that because it is Freenet, everyone can remain anonymous.   Currently FMS  has about 30 boards on topics ranging from science, to religion, to discussion of Freenet and FMS itself. Here is what it looks like in Thunderbird:

freenet on 127.0.0.1
Uploaded with plasq‘s Skitch!

FMS is not the first such messaging system in Freenet, another popular one is called Frost. Unfortunately, over the past few months Frost has been plagued by a familiar problem on the Internet, spamming. Unlike the Internet, Frost’s spammers are not motivated by financial gain, rather their goal seems to be pure mischief. Whatever their motivation, they’ve rendered Frost next to useless. Freenet’s anonymity makes it next to impossible to prevent spam using the same techniques that are conventionally employed on the Internet.

 

So how does FMS address this problem?  It’s pretty cool, but first I need to give a quick crash course in how Freenet works.

Freenet is basically a globally distributed “Map” or “Dictionary”.  You can insert data under “keys”, and then someone else, given the appropriate key, can retrieve that data.  Freenet keys are somewhat analogous to URLs on the world wide web, except unlike URLs, they don’t point to the physical location of the data.

Freenet has a few different types of keys, which impose various constraints on the data that can be inserted under them.  The type of key used by FMS is called a “Subspace-Signed Key” or SSK.  The SSK itself contains a cryptographic public key, and any data inserted under a SSK must be signed by the corresponding private key.  An SSK is used much like a file-system directory from which anyone can read, but only the “owner” of the SSK can write.  Websites in Freenet are typically inserted under an SSK so only the author can update them.

Typically, email is “push” – senders push email to your email inbox.  FMS takes the opposite approach, to receive messages from people you must “pull” it from their outbox.  Because user’s outboxes are SSKs, all of a user’s messages are automatically signed and their integrity is checked by Freenet.  With FMS, receiving messages from a particular person is a voluntary act – and the only result of spamming is to flood your own outbox.

So how do users decide whom they should pull from?  FMS creates a “web of trust” between users, where each user indicates how much they trust other users they’ve communicated with. If person A trusts person B, and person B trusts person C, then person A can trust person C – and so on. Here is a representation of the current web of trust in FMS:

messagetrustgraph.png (PNG Image, 9476x11408 pixels) - Scaled (4%)

If a user proves to be untrustworthy, by spamming for example, then users can change their trust rating for that user, and this will propagate through the trust web, so that others quickly stop pulling messages from the spammer’s outbox.

Ok, so how do you join the web of trust in the first place? FMS employs a clever mechanism based on the concept of “thinkcash” or CAPTCHAs. Every FMS user inserts these CAPTCHA tests, which can then be solved by a new user in order of that person to become minimally trusted by the existing user. Basically, you need to prove you are human. This is what this looks like in FMS:

Freenet Message System
Uploaded with plasq‘s Skitch!

FMS is not without its shortcomings.  It is likely that the necessity to pull from the outbox of every user will only scale to a limited point, however FMS is being actively developed, and it is likely that these problems can be overcome in due course.

 

If you would like to try FMS, go and install Freenet, then click on the link to the Freenet Message System that will appear on the front page, you can download it from there.  Pre-built versions of FMS are provided for Windows and Linux, however if you use a Mac you’ll need to compile it yourself (although this was pretty painless once I discovered I needed to add a -D USE_BUNDLED_SQLITE=ON to the cmake command).

Leave a Reply

Your email address will not be published. Required fields are marked *