Friend-to-friend

A friend-to-friend (or F2F) computer network is a type of peer-to-peer network in which users only make direct connections with people they know. Passwords or digital signatures can be used for authentication.

Many F2F networks support indirect anonymous or pseudonymous communication between users who do not know or trust one another. For example, a node in a friend-to-friend overlay can automatically forward a file (or a request for a file) anonymously between two friends, without telling either of them the other's name or IP address. These friends can in turn forward the same file (or request) to their own friends, and so on.

Unlike other kinds of private P2P, users in a friend-to-friend network cannot find out who else is participating beyond their own circle of friends, so F2F networks can grow in size without compromising their users' anonymity. Turtle, WASTE, GNUnet and Freenet are examples of software that can be used to build F2F networks. (WASTE and GNUnet are not configured for friend-to-friend operation by default.)

Dan Bricklin coined the term "friend-to-friend network" in 2000. [http://www.bricklin.com/f2f.htm]

Advantages of F2F

*Users can exchange crypto keys face to face with their close friends, thus avoiding man in the middle attacks.

*F2F prevents random people from proving that a given IP address can be used to obtain controversial files. Once a user knows the IP addresses of all their friends, they can even use a firewall to prevent any other addresses from accessing their F2F port.

*Since F2F applications use link encryption and don't need end-to-end encryption to achieve their goals, they could allow users to control what kind of files pass through their nodes.

*Security: since only a user's friends can connect to their node, no random cracker can try to break into their computer by exploiting a bug in the F2F software. Dangerous files (e.g. documents infected with malware) could even be avoided using strong reputation based networks (see "future uses" below).

*Fewer leechers (or freeloaders). Since a user must use the bandwidth of their own friends, they may be more inclined to act responsibly.

Disadvantages of F2F

* A node in F2F network requires more effort to set up and maintain, because all peers must be connected manually. This is especially problematic if a person wants to try out several different P2P applications. To the contrary, "opennet" P2P applications are mostly plug-n-play. To address this problem, some networks like Freenet allow both network types: a user can start in opennet mode with very little effort, and later switch to more secure F2F mode.
* Often, not enough direct friends are motivated to run the application 24x7. Third party storage (see "Future uses" below) can solve this problem.

What F2F is not

* The many applications and websites that use public servers to enable friends to communicate are not F2F networks. These include IRC, instant messaging and social networking websites.

* A private FTP server is not an F2F network, since friends do not communicate with each other, only with the server.

* A private Direct Connect hub is not an F2F network, since any user of a hub can discover the IP addresses of all the other users, even those who are not their friends.

* F2F does not apply to Freenet version 0.5 because the software automatically makes new connections between nodes. However from version 0.7, Freenet is based on what its authors call a darknet, which is more precisely an F2F network.

* F2F software is not an F2F network by itself; such software can be used to participate in an existing F2F network, or to launch a new F2F network. Existing networks may be connected to form a larger F2F network. Since new members have to gain the trust of an existing member in order to join a network, it is impossible to know how many separate F2F networks exist. This is why F2F networks are part of the larger family of networks called darknets.

* The old UUCP based UseNet could be considered a F2F network, as it was usual that most people who exchanged UUCP with each other knew each other in real life, or at least had the phone number of their partners, in case of technical problems. The SPAM problem we now have in modern eMail was unthinkable in old UseNet, as members always needed a friend to connect them to the net, and the social control between those prevented abuse or spam. The main reason of spam is, that this honor system does not longer exist with anonymous SMTP based eMail, and SMTP also didn't implement a technical system to prevent spam and abuse.

Future uses of F2F

*Online reputations could be constructed and verified using an F2F network: each document on the network would be automatically given a new trust rating by each node forwarding it, for example by multiplying the old trust rating by the reputation of the provider. If a document appeared to be incorrect, the recipient could manually decrease the local reputation of the friend who provided it, decrease the trust rating of the document, or even block the document from being exchanged again through their node. (This kind of functionality is already implemented in the [http://oc-co.org Bouillon] P2P social wiki.)

*Such a strong reputation network could be safely used to implement a peer to peer system of electronic money based on the principles of Altruistic Economics; such a system would, according to its advocates, eliminate the inequities inherent in the present system of centralized money.

*F2F networks could avoid the key exchange problems of many other networks, such as man in the middle attacks, by exchanging encryption keys face-to-face. Users could even exchange one-time pads, such as hard disks filled with random bytes, to achieve provably unbreakable encryption.

*Third party storage (e.g. FTP, web or email servers) could be used to get faster downloads, and to prevent a user's ISP from logging their friends' IP addresses. [http://easta.sourceforge.net/]

Security issues

Besides the fact that current networks don't use provably secure crypto (see "future uses" above), here are some other breaches:
* In countries where anonymous P2P is forbidden, an ISP may be able to detect that a user is using P2P software by observing their connection patterns [http://www.securityfocus.com/infocus/1843/] . Imitating the connection patterns of popular encrypted programs like webphones or webcams, along with a layer of the same encryption used by those programs, would be a very simple form of steganography. Alternatively, F2F traffic could be routed through third party storage such as an email server [http://easta.sourceforge.net/] . Networks that use generic VPN software, as anoNet does, may be less vulnerable to this issue.
* Traffic analysis of a user's links by their ISP could easily show that they are automatically forwarding files. One possible solution, implemented in WASTE, is to send and receive a constant stream of meaningless data, so that traffic analysis cannot detect whether meaningful data is being transmitted at any given time. Another possibility would be to add padding to files.
* In countries where strong crypto is forbidden (or where users can be forced to surrender their keys), steganography could be used for every connection (and for storing files on a hard disk, since it could be seized). Because steganography involves a secret convention that must be established out-of-band, only F2F networks could be safe in such countries.

These breaches are not F2F specific: they are shared with most of the current P2P networks.

ee also

* Darknet (file sharing)
* Private P2P
* Ripple monetary system

oftware

* anoNet, pseudonymous, based on standard VPN software
* Freenet 0.7 (with the "opennet" option disabled)
* GNUnet (with the "F2F topology" option enabled)
* Turtle F2F
* WASTE (with the "ping packets" option disabled)

References

*B.C. Popescu, B. Crispo, and A.S. Tanenbaum. [http://www.turtle4privacy.org/documents/sec_prot04.pdf "Safe and Private Data Sharing with Turtle: Friends Team-Up and Beat the System."] In 12th International Workshop on Security Protocols, Cambridge, UK, April 2004.
*T. Chothia and K. Chatzikokolakis. [http://www.lix.polytechnique.fr/~tomc/P2P/Papers/AnonP2PSurvey.pdf "A Survey of Anonymous Peer-to-Peer File-Sharing."] In Proceedings of the IFIP International Symposium on Network-Centric Ubiquitous Systems (NCUS 2005), Nagasaki, Japan, volume 3823 of Lecture Notes in Computer Science, pages 744-755. Springer, 2005.
*J. Li and F. Dabek. [http://pdos.csail.mit.edu/~jinyang/pub/iptps-f2f.pdf "F2F: Reliable Storage in Open Networks."] In 5th International Workshop on Peer-to-Peer Systems (IPTPS '06), Santa Barbara, CA, USA, February 2006.
*M. Rogers and S. Bhatti. [http://www.cs.ucl.ac.uk/staff/mrogers/private-p2p.pdf "How to Disappear Completely: A Survey of Private Peer-to-Peer Networks."] In Workshop on Sustaining Privacy in Autonomous Collaborative Environments (SPACE 2007), Moncton, NB, Canada, July 2007.

External links

*Discussion about F2F involving Ian Clarke of Freenet: http://zgp.org/pipermail/p2p-hackers/2005-December/003272.html
*Dan Bricklin coined the term F2F [http://www.bricklin.com/f2f.htm in this article]
*F2F page at altruists.org: http://www.altruists.org/projects/ge/ff/
* [http://f2f.uni.cc/trust_metrics_f2f_money/ Adding simple and effective trust measurements to F2F P2P networks] is a paper about using a time-based currency for trust in F2F.
*Ripple: P2P money for trusted social networks: http://www.masternewmedia.org/news/2005/06/27/p2p_can_cut_banks_out.htm