RetroShare



With the need for greater privacy and security measures becoming a given, RetroShare is newly timely. First developed 10 years ago, RetroShare sets up a private network and provides a graphical interface for encryption, which greatly simplifies privacy for users who might be too intimidated or too uncertain of their knowledge to take the measures for themselves. The question, though, is whether the solution ignores other security measures and is too limited to be practical.

RetroShare is reminiscent of Kontact, the KDE shell that groups personal information tools – email, contacts, calendars, to-do lists and notes – in a single window. In fact, RetroShare overlaps with Kontact in such features as email and news.

The difference is that, rather than personal information, RetroShare focuses on different means of communication, including not only email and news, but also file sharing, chat, and forums – essentially any online interaction that might risk privacy and security (Figure 1).

Figure 1: Started in 2006, RetroShare offers one possible solution to today’s security and privacy problems.

Retroshare establish encrypted connections between you and your friends to create a network of computers, and provides various distributed services on top of it: forums, channels, chat, mail Retroshare is fully decentralized, and designed to provide maximum security and anonymity to its users beyond direct friends. Retroshare was founded by drbob in 2006, as a platform to provide 'secure communications and file sharing with friends'. Since then other developers joined and steadily improved the software. A remarkable new component in Retroshare v0.6 is the generic data transportation system (internally named GXS) which abstracts the distribution of. Retroshare was founded by drbob in 2006, as a platform to provide 'secure communications and file sharing with friends'. Since then other developers joined and steadily improved the software. Retroshare v0.6 is a new milestone which is based on experience from previous releases. R/retroshare: RetroShare is a Open Source cross-platform, Friend-2-Friend and secure decentralized communication platform. Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts.

The Security of Private Networks

RetroShare resembles an updated version of darknets, the private networks created 40 years ago on ARPANET. The modern Internet, of course, is much larger and more complicated than its ancestor, but by communicating only with those you specifically invite, you automatically limit intrusions. Social engineering, such as identity theft or simply placing trust in the wrong people remains a problem, but that is true of most security measures. At least RetroShare includes a graphical indicator of each user’s reputation, which provides some idea of how much they should be trusted.

The first time you log in to RetroShare, you are required to create a new profile. Those who have tried PGP or some variant like GnuPG will recognize the request to move the mouse around in order to create as much randomness as possible while generating a public key (Figure 2), but nothing in the window indicates exactly what is being done. The generation of a passphrase is simply incorporated into the interface and work flow.

Figure 2: RetroShare requires a profile with a GnuPG public key.
RetroShare

Once you have created your profile, you might want to add an Avatar; however, before you can use your private network, someone else needs to belong to it. If you click the Getting Started icon, you can read brief but mostly adequate instructions for adding friends (Figure 3). Using these instructions, click the Add icon to run the Connect Friend menu. RetroShare includes a sample email invitation that invites friends to install it, which makes adding friends as simple as possible.

Figure 3: The instructions for RetroShare are minimal.

Note, though, that, contrary to the constructions, you cannot paste a friend’s public key into the wizard. Instead, you must either enter the certificate manually – which is impractical if the certificate is more than a couple of dozen characters, as it generally is – or else enter it from a file (Figure 4).

Node
Figure 4: You can add others to your private network using a convenient wizard.

When you log in to RetroShare, all members of your network who are currently online are available, although they might have used the status bar at the bottom of the window to indicate they are Busy or Away and not accepting communications. You can broadcast messages to everyone in your network by clicking the Network icon or set up a selected group to talk to with the Chat Lobbies icon. Similarly, you can share files or links with some or all of those on the network. Encryption is used in all interactions, which bars outsiders from seeing them. You also have the option of disabling access to some of RetroShare’s features using the Permissions tab in the Options dialog. The project pages suggest that a private network is more interesting if it has a minimum of five members, and the more the better.

RetroShare

Retroshare Review

However, before you start inviting too many friends into your network, spend some time investigating RetroShare’s Options. Many are cosmetic or a matter of preference, but many could potentially affect security (Figure 5). For example, do you really want friends to relay your communications to other friends? What about friends of friends of friends? As friends start to sign up, you should also consider which friends you want in each chat lobby.

Figure 5: Check options closely. They can be cosmetic, preferences, or a matter of security.

Problems with Other Security Measures

“Is RetroShare private and secure?” asks a question in the project’s FAQ. “Of Course RetroShare is private and secure,” is the answer. However, given that the answer goes on to talk entirely about private networks and encryption, it is clear that RetroShare relies on these two features at the expense of others.

Retroshare

The two are a powerful combination, but their effectiveness has its limitations. Unlike Tor, RetroShare has no claim to complete anonymity – while those outside a private network may have no access, those within the private network can view each other’s IP addresses. This limitation may matter little in a network of a few friends, but if the network grows into the dozens or hundreds, a user of RetroShare has to be careful about settings and even limit their use of some features if protecting their privacy.

Moreover, the effectiveness of private networks and encryption is marred in RetroShare by gaps in the documentation, especially for advanced or recent features. For example, the latest version is supposed to allow multiple identities with different keys for greater anonymity, but the only indication of this new feature appears to be in the FAQ , and no instructions are visible that even hints at how to implement it.

Just as importantly, other security measures seem to be largely overlooked. In particular, RetroShare’s own password has no limitations on it. No minimal length or combination of cases, characters, numbers, or symbols is required. Yet a weak password could easily make the application vulnerable, all the more so because public keys are stored unencrypted among the options.

Other security gaps are also visible. For instance, although file transfers are confined to a single directory, they are enabled by default. Similarly, hashed files are stored by default for 10 days, and if a firewall is blocking RetroShare’s operations, users are simply advised to open a hole in the firewall. Although encryption generally bars outsiders from reading your communication, you might not want friends of friends reading them.

It is one matter for users to choose such settings for themselves. However, it is an other thing altogether to install with such defaults. A dependable security relies on defense in depth – that is, a variety of security measures – not just a couple of high-profile ones. Dependable security should also enforce the principle of least access, or the limiting of the availability of tools and data to the essentials, and – among other actions – installing with many features turned off and leaving users to decide what they want to use.

Occasionally RetroShare does include more secure defaults, such as not enabling the downloading of embedded images, which are a common vehicle for malware. Yet while RetroShare uses some powerful tools that might very well be sufficient in themselves, users could have more confidence in the application if more security measures were tighter.

The Difficulty of Isolation

RetroShare provides a possible solution to security and privacy issues and deserves credit for making encryption accessible to desktop users. However, I am reminded of commercial services to secure email that sprang up around the time that RetroShare’s development first began. Like RetroShare, these services basically depended on a white list, and anyone not on the list had to request permission to communicate with a user. This practice undoubtedly reduced spam, but it was also undoubtedly a nuisance, and few of these services survived more than a couple of years. They were simply too limited.

Retroshare Chat Server

The truth is, knowing that common communications are secure may be a relief, but isolating yourself from other exchanges is simply impractical for most users. Although RetroShare may be full-featured, most people generally need privacy and security measures that can deal with unforeseen communications, and not just the expected ones. Nor do many people care to maintain more than one application for one function. For these reasons, RetroShare is a brave effort, but, in the end, an ineffective one.

Retroshare p2p

Retroshare Dht

Retroshare offers an Instant Messaging client and a private file transfer system in the same interface.
The application takes advantage of P2P technology and RSA security system to offer a safe way to share files while chatting.
Filesharing only takes place between users who are in your contact list. That means you share files only with your friends so your privacy is sure.
Conversations are encrypted to improve privacy as well as the networks used to share files. By this way, your privacy will be always protected. A good way to share files if you are worried about safety.