Overview of Decentralized Anonymous Networks

Today, let’s talk about decentralized anonymous networks (DANs). Besides TOR and I2P, what other networks do you know? First, let’s briefly outline the general principle of how DANs work.

In a decentralized network, any computer can connect to another computer and request resources. Each computer in the network acts as a server, processing requests from other computers, sending responses, and performing other auxiliary and administrative functions. There is no guarantee of a constant connection to any computer in the network—connections can be interrupted at any time. However, once the network reaches a certain size, multiple servers with identical functions exist simultaneously, allowing for seamless switching between them.

Current Decentralized Anonymous Networks

1) ANts P2P

ANts P2P is a third-generation peer-to-peer file-sharing network created in 2003, notable for its enhanced security thanks to tunneling and two-level AES encryption. Unlike BitTorrent, participants in this network exchange traffic not directly, but through several nodes. Each participant only knows the IP address of their immediate neighbor. As a result, the sender does not know where their file is sent, and the recipient does not know where it came from.

You can download the ANts P2P client at sourceforge.net/projects/antsp2p/, and find a user guide at tinyurl.com/eezq4.

Java Virtual Machine

To use the ANts P2P client, you need to install the Java Virtual Machine, available at java.com/en/download/. After downloading and extracting the client archive, run the ANtsP2P.jar file from the client folder. The installed ANts P2P application connects via the global network to other clients installed on computers of completely unknown users, creating an anonymous network that allows users to securely transfer files and information through virtually asymmetrically encrypted tunnels between nodes. The application also includes a built-in IRC client for real-time messaging.

Encrypted packets passing through intermediate nodes cannot be intercepted at those nodes. Key exchange uses an algorithm that allows two parties to obtain a shared private key over a channel that is unprotected from eavesdropping but protected from tampering.

2) Bitmessage

Bitmessage is an open-source cryptographic messaging system that allows users to send encrypted messages to other users. In this sense, Bitmessage can be used as an alternative to email. Anonymity in Bitmessage is ensured by the following:

• Messages are broadcast to all available network participants, mixing each user’s encrypted outgoing messages with those of all other users.
• Long addresses like BM-GuRLKDhQA5hAhE6PIX^kcvbttlAuXAdQ can be created in unlimited numbers by users.
• Public key encryption algorithms are used—only the intended recipient can decrypt the message. Even the sender cannot decrypt their own message, as the encryption key differs from the decryption key.
• Messages do not contain the recipient’s address, so every participant tries to decrypt all incoming messages, but can only successfully decrypt those intended for them.
• The sender can find out if a message was delivered via a confirmation system, but cannot determine which computer is the true recipient, since the message is stored by all participants regardless of its intended recipient.
• Encrypted messages are stored in the network for two days before being deleted by participants.
• Decentralized anonymous chat groups (called “chans”) are supported, where neither the sender nor recipient address is known. These groups cannot be disabled by removing any central server, and cannot be censored, as access only requires knowing the group name.

The official Bitmessage client is available for download at tinyurl.com/bp86c36 and is supported on Windows, OS X, and Linux. In addition to the official client, you can send/receive Bitmessage messages using almost any standard email program, such as Mozilla Thunderbird or Windows Mail.

3) Freenet

Freenet is a decentralized and strictly anonymous peer-to-peer network operating over the Internet, consisting of many equal computers and allowing the publication of any materials without the possibility of identifying the sender. Data confidentiality is guaranteed by strong cryptography—retrieving a file requires providing its associated key.

Freenet was created as an attempt to eliminate censorship in user communications. The core concept is that no one should decide what is acceptable and what is not. The network encourages tolerance of others’ values, and if that’s not possible, users are asked to ignore content that contradicts their views.

Perfect Dark is a Japanese-developed client for an anonymous file-sharing network based on a modified Kademlia protocol, currently in open testing. Its structure is similar to the latest versions of Freenet but uses distributed hash tables more intensively. Anonymity is achieved by avoiding direct connections between clients, hiding IP addresses, and fully encrypting all data. Data is stored and transmitted as encrypted blocks, separate from the keys used for encryption. The official project page is at tinyurl.com/2tyewa.

4) I2P

I2P stands for Invisible Internet Project, a branch of the previously described Freenet project. Created in 2003, I2P aims to organize a freely accessible, highly resilient, anonymous, overlay (i.e., built on top of another network), encrypted network and software suitable for web surfing, anonymous hosting (websites, forums, chats, file servers, etc.), instant messaging, blogging, file sharing (including peer-to-peer), email, VoIP, and more.

5) RetroShare

RetroShare is a platform for decentralized exchange of emails, instant messages, and files via an encrypted F2F/P2P network based on GNU Privacy Guard algorithms and perfect forward secrecy protocols. To use the network, you need to find at least 10 trusted participants who regularly connect to the network. Although RetroShare is somewhat complex to set up, it offers virtually unlimited opportunities for communication and content sharing, with security as its main feature.

Hybrid Anonymous Networks

In hybrid networks, unlike fully decentralized ones, servers are used to coordinate operations, search, or provide information about existing computers in the network and their status. Hybrid networks combine the speed of centralized networks with the reliability of decentralized ones, thanks to independent indexing servers that synchronize data among themselves. If one or more servers fail, the network continues to function.

6) Cjdns

Cjdns is a network protocol for creating hybrid secure decentralized networks. Cjdns can operate over the regular Internet, creating overlay networks, or directly between routers, forming a mesh network (e.g., Hyperboria). The protocol works via a network tunnel, and programs can operate in this network as long as they support IPv6. After installing the necessary software, traffic is automatically redirected into this network, avoiding extra configuration.

In a Cjdns-based network, each user is assigned a private IPv6 address, preventing collisions with real IPv6 addresses. When connecting via the Internet, users need to find an existing network node and obtain its address and key. When connecting router-to-router, this is done automatically. Routing is managed by a system similar to Kademlia DHT, with the route catalog constantly updated as the network configuration changes, ensuring optimal load balancing and shortest traffic paths.

Traffic in this private network cannot be decrypted by anyone except the intended recipient node. However, the network itself is not anonymous—tracing can reveal the chain of nodes and the real IPv4 address of the sender. When connecting router-to-router, this issue is resolved, and the network becomes anonymous. Cjdns is under development and available for most UNIX-like systems, such as Linux, OS X, FreeBSD, and Illumos. More information is available at cjdroute.net.

7) Psiphon

Psiphon is a Canadian project designed to provide citizens of countries with Internet censorship access to blocked online resources. In the Psiphon network, people in countries with free Internet access host proxy servers with encrypted connections, which are used by citizens in censored countries. Access to resources is provided through trusted project participants connected to the main Psiphon server.

To connect to a proxy server via SSH, SSH+, or VPN, users are given a unique web address, login, and password by the proxy server administrator, without changing browser settings. This can only be done by trusted individuals, and since the administrator has documented information about user activity, full data protection is not guaranteed. The program notifies the administrator of network changes so they can provide users with new web addresses.

Psiphon supports anonymous web surfing and blogging, but is not suitable for chats or VoIP. One key feature is that it does not require large downloads—just a small client and access to online services, which is a significant advantage for users concerned about their computers being checked for banned software. Each new version of Psiphon is simpler, and the current third version is one of the smallest and most discreet. Download it at tinyurl.com/n9avc6e.

Psiphon works as follows: the user downloads a small executable file (no installation required) to a computer or memory card. After launching, Psiphon automatically connects to a server via an encrypted channel, and a Psiphon window opens. In the dropdown menu at the bottom, you can select the server’s country. If you can’t connect, try restarting the program as an administrator.

Psiphon is only available for Windows and Android, so OS X, iOS, and other operating system users cannot access it. Another drawback is that, unlike anonymity tools like Tor, it does not guarantee protection of your personal data. Some blocks also cannot be bypassed, depending on your provider. Although traffic within Psiphon is encrypted, it is possible to detect that your computer is connected to Psiphon servers. There is no protection against traffic analysis by outsiders, even though the server list changes constantly. This means that, with the right tools, it is possible to identify a Psiphon user and their traffic content.

8) Tor

Tor is free software for organizing a network designed to protect against traffic interception and hide the real IP address of connected computers. This is achieved by sending data from the client computer to the web server through a chain of several randomly selected network nodes. Data is repeatedly encrypted along the chain, and at the network exit, the address of the last computer in the chain is substituted for the client’s address. This technology is called onion routing.

9) Java Anonymous Proxy (JAP)

The JAP network, also known as AN.ON and JonDonym, does not fit into the categories of decentralized or hybrid anonymous networks and is designed solely to anonymize web traffic. JAP stands for Java Anonymous Proxy. Like Tor, this proxy network allows anonymous web browsing. Traffic is forwarded in encrypted form through a fixed group of mix proxy servers, and users cannot create arbitrary server chains. This ensures a high degree of anonymity and high data transfer speeds.

Compromising JAP client anonymity is impossible without intercepting all incoming and outgoing traffic of all nodes in the cascade and their cooperation to decrypt packets. JAP can also use Tor routers as a cascade to anonymize HTTP traffic. Both free and paid (premium) versions of the JAP software are available. The free version has significantly lower connection speeds.