RetroShare for experienced users [Yuriy Iovlev] (fb2) read online

By On July 

coollib.com

67 min

July 20, 2014

View Original

RetroShare for experienced users 

FAQ 

RetroShare: ideology and terminology 

DEFINITION 

RetroShare is an anonymous, decentralized, encrypted file sharing and communication network based on the f2f paradigm. Anonymity : any file sharing and communication activities of a network participant are not personalizedboth by an outside observer - due to the privacy of the network - and by an arbitrary network node - due to the anonymous tunneling of encrypted data through random and constantly changing branches of the network environment. If there is such a need, the platform allows the user to personalize himself by using identities signed by a certificate. However, outside the so-called “trusted environment” there is no information at all about network participants - it is impossible to even determine the number of nodes outside the environment. The described case can be characterized as absolute anonymity , when authorized data about the user is not only difficult to detect, but in principle impossible to detectdue to the specifics of f2f: the information flow is distributed only from participant to participant. This approach takes the network to a qualitatively new level and, first of all, contributes to a significant increase in the speed of data exchange compared to other networks that provide good anonymity (see, for example, Perfect Dark ), where specific approaches are required to mask user activity on the network, which negatively affects its performance. Decentralization of RetroShare: the network does not have several or one central server computer designed to connect participants with each other or exchange data between them. Each member of the RetroShare network is both a client and a server. Encryptiondata on the RetroShare network is provided with 2048-, 3072-, or 4096-bit asymmetric keys and a 256-bit symmetric session key. The reliability of key exchange over an open communication channel is ensured by the Diffie-Hellman algorithm . RetroShare as a means of communication includes:

broadcast chat within a closed group; public and private chats; email; forums; VoIP; broadcast to the dark web of an RSS feed from the open web.

File sharing in RetroShare allows you to:

provide network users with anonymous access to an unlimited number of files; create thematic collections of files; provide access to certain folders to a certain group or groups of people (family, colleagues, my only friend, group1, group2, etc.); automatically give access to new files appearing in access folders; give fragments of undownloaded files to other interested participants; check the integrity of received files.

An auxiliary file sharing service in RetroShare is content announcement channels. Channels can be either public or private. The right to publish in channels can only be granted to its creator, or to a certain group of trusted participants to whom the creator has delegated the rights to publish. Downloading content announced in the channel can occur either manually or automatically as new announcements are published.

GENESIS

The idea of ​​creating RetroShare is rooted in the desire to create a reliable communication tool that allows you to connect two computers directly, without the participation of any auxiliary services.. Reliability refers primarily to the confidentiality of information transmission over open communication channels, and reliability is the key word here. The desire to create such a system did not seem impossible at the end of 2005, since for almost three decades within the framework of number theory, or rather, the theory of large numbers, effective algorithms for encrypting discrete information have been developed, which for a decade and a half have been widely used for strong encryption E-mail. Obviously, the emphasis on creating only a two-way encrypted communication channel could not be considered something breakthrough - encrypted FTP has already existed for a long time, for example - and therefore connections between friends must be extensible, which would turn the data transmission channel into a transmission network data. An additional impetus for the implementation of the idea at that time, apparently, was prompted by the rapidly growing popularity of the BitTorrent protocol. Thus, genetically, RetroShare turned out to be the brainchildstrong encryption and decentralization of data exchange.For further successful growth and development of RetroShare it was necessary to use many other small and large approaches, methods and technologies: distributed hash tables (DHT), Turtle routing, universal plug and play (UPnP) for automatic port forwarding, Diffie-Hellman algorithm for exceptions for compromising encryption keys, a beautiful graphical shell based on Qt and much more. In the process of using the RetroShare crypto platform, some of its shortcomings were discovered, and ways to modernization appeared. So, in 2012, the developers came up with the idea of ​​​​improving the cache exchange protocol, which led to the creation of GXS - General eXchange System - designed to reduce the amount of data transferred between participants. And earlier, in 2010, public chat rooms were implemented, where participants in the crypto platform could communicate with each other and exchange public keys, which significantly facilitated the growth of the network and made the user community more monolithic and united. Only the author of the idea and the first developer, a user under the pseudonym DrBob, can name the exact date of birth of RetroShare, but the approximate date is January 2006. As of 2014, the estimated cost of the project was about $20 million.

TERMINOLOGY 

Darknet , or dark network, or dark network is a private file-sharing communication network in which connection and data exchange is carried out only between nodes with established mutual trust. The term “mutual trust” has no relation to a similar concept accepted in everyday life . Establishing trust in the dark network is the mutual exchange of certificates between two dark network nodes for the subsequent creation of a private encrypted data transmission channel. In reality, two participants with “established mutual trust” in the human sense may not trust each other at all. The exchange of certificates and the connection of nodes creates an additional branch in the dark network topology, through which it becomes possible to anonymously tunnel data intended both for a neighboring node and for completely strangers, or, in other words, remote nodes. The data tunneling protocol does not provide information about the number and characteristics of remote nodes; according to the f2f paradigm, it is not possible to obtain such data under any conditions. The term “private” is understood in two senses:

closed to access and use of resources by third parties - unauthorized entry is prohibited; all data is transmitted from node to node in encrypted form - eavesdropping is excluded.

Establishing a private connection in the dark network is carried out according to a specially developed protocol that defines the essence, properties and characteristics of the network. The protocols of all existing dark networks are necessarily based on asymmetric encryption and authentication . Additional algorithmic features of protocols for establishing trust and data exchange are directly related to the tasks that the communication network is designed to solve, and can differ significantly from network to network. Due to the fact that darknet involves the establishment of an encrypted connection between specific nodes, sometimes they say that this is a network of trusted participants, or a network of friends - friend-to-friend (f2f, cf. p2p). The RetroShare cryptonetwork is a darknet, a dark network in which mutual trust is established through the exchange of personal certificates between participants. Here you can clearly reflect the difference between f2f and p2p networks: In fact, f2f networks in general and RetroShare in particular guarantee the user the anonymity of any activity, thanks to a specific structure and topology (f2f paradigm), and also naturally limit any destructive practices on the part of third parties . Anonymous p2p networks are relatively easy to analyze and collect a large amount of data, including the IP addresses of all network participants without exception.. This does not mean that the activities of participants are very easy to de-anonymize, but the very fact of participation in such a network cannot be hidden. In addition to the RetroShare crypto platform, FreeNet and GNUnet can also be classified as functioning and developing dark networks.

Attention! Despite the similarity of terms, dark networks (darknets [1] , private f2f networks) should not be confused with the dark Internet (lost Internet [2], <article deleted>) and with the deep Internet(invisible, remote Internet[3]). The dark, or lost, Internet is a part of the Internet that cannot be connected to using standard means and protocols that currently exist. The Lost Internet typically involves archaic departmental communications networks that have been in operation since the 70s and 80s to this day. The Deep Internet is a part of the Internet that operates using standard protocols, but is not indexed by search engines and is unknown to anyone except a limited circle of people. The Deep Internet is largely associated with criminal activity by individuals or groups of individuals on the Internet.

A friend is a participant in the f2f network with whom a mutual exchange of certificates has been carried out, which algorithmically means establishing an encrypted connection with one of the network nodes . The appearance of the term is associated with the earliest stage of development of the cryptonetwork, when the latter really consisted only of people who knew each other personally. Currently, the term “friend” does not correspond to the technical background of the platform, is an anachronism and often misleads users regarding the specifics, capabilities and RetroShare potential. Instead of the term “friend”, it is recommended to use a term that more accurately corresponds to the real state of affairs - “ network node ”, “ trusted participant ”, “ trusted peer ” or simply “ peer”“. User certificate is a text structure containing:

unique public key (2048-, 3072-, or 4096-bit number); location identifier (128-bit number); internal IP address and access port of the user computer; external IP address and access port of the user computer; location (text string) .

The value of the external IP address can be arbitrary and does not correspond to the real IP address. If it is necessary to establish a connection, RetroShare has the ability to determine the real IP address of the participant via DHT or discovery service. An internal IP address is useful if some of the trusted participants are on the local network. The location identifier is the lookup value in the DHT, which is used to establish the IP address of the potential trusted participant and make the connection. The location is set with the goal of using the same public key on different computers. The IP address present in the personal certificate is not a direct element of addressing in the dark network and is necessary to establish a private encrypted TCP connection with the network.The address of the packet recipient is the identifier of the public encryption key, which can be personalized - in the case of using a certificate - or anonymous– in the case of using a separate pair of public and private keys. The second option is used for anonymous tunneling of encrypted data, when the pair of encryption keys used is not tied to the user’s personal certificate, and therefore is not a de-anonymizing element of the network protocol. Keys intended for anonymous exchange can be created either automatically, for example, during file sharing, and manually, for example, when creating a message on a forum or in a chat on behalf of an anonymous identifier. There is no limit to the number of anonymous key pairs that can be created; you can manually synthesize as many of them as you like. RetroShare version 0.6 has several useful differences: 1) the contents of the certificate are unreadable by humans due to the special mixing and coding of the fields included in it; 2) the connection can be made through hidden services of the anonymous Tor network; There are no IP addresses in this case; See details here[4]. It should be noted:Both in the regular RetroShare network and in the network based on Tor hidden services, the anonymity of the user's file-sharing and communication activities is guaranteed by anonymous data tunneling through randomly reconfigured transmission channels . The reasons why it makes more sense to use Tor hidden services are listed in the article on connecting to the network (section " Objective function "). A trusted environment is a complete set of network nodes with which a private encrypted information transmission channel has been established.

The immediate environment is the union of the trusted environment and the trusted environments of each trusted participant.

The immediate environment limits the ability to send email within the network. File sharing and, in the presence of a large trusted environment, the distribution of forums and channels are not limited to the immediate environment, but cover the entire network. Public keys (not certificates!) of the immediate neighborhood are available in the “Key Array” tab of the global “Friends” section. An anonymous tunnel is a virtual encrypted data transmission channel based on a chain of connected nodes with established mutual trust; neither the source of the information packet nor its recipient knows which nodes it passes through; an outside observer cannot determine either the initiator of the chain creation or the target node. Anonymous data tunneling involves the use of encryption keys,not tied to a personal certificate. When the tunnel is rebuilt, the encryption key pair is automatically changed to another, even if communication is initiated with the same node as before. The essence and properties of anonymous tunnels in RetroShare are identical to the chains of the Tor network, except that in Tor the length of the chain is limited to 6 nodes, and in RetroShare the number of intermediate nodes is in principle unlimited and they constantly change during the transfer of even small files. Anonymous tunnels are created and destroyed without user interaction. At any time, an active tunnel can be destroyed due to the disconnection of a transit node from the RetroShare network. The farther the source and receiver are topologically from each other, the greater the likelihood of tunnel destruction and the less likelihood of creating a stable data transmission channel. Structurally, the data generated by various RetroShare services (chat, mail, file sharing, etc.) ) do not differ from each other - GXS (RetroShare General eXchange System) is used everywhere. Consequently, some encrypted data during transmission masks other encrypted data, which prevents the enemy from performing a statistical analysis of the traffic. (Principle adopted by another f2f network, GNUnet.) Content announcement channels , or channels for short, are a RetroShare service in the form of a list of messages, each element of which contains:

message header; message logo; text body of the message; information about the hosted file, files, collection; controls.

The right to publish in a channel has either only its creator, or the creator and a certain group of trusted participants to whom the rights to the channel have been delegated. Channels can be either public, when its content is distributed from subscriber to subscriber, or private, when its content is available for viewing only by persons predetermined by the creator. The Turtle router is a key low-level element of the RetroShare core, providing the creation and destruction of tunnels, the transmission of search queries, the functioning of chats and forums, and the distribution of content. In RetroShare v. 0.6 The Turtle router, called the global router, has undergone a major overhaul and currently has little in common with its original algorithm. Managing Trusted Participants. Set: global tab “Friends” → context menu of a friend → “Details about a friend”.

1) Trust is a term defined in the “network of trust” model, or web of trust. RetroShare does not play any direct role in the functioning. 2) Anonymous tunnels : accept/reject requests to create a tunnel from this participant. It is recommended to always take. 3) Detection : give/not give out information about my trusted participants to this participant. A very useful option when someone adds a trusted participant from an array of keys. The decision on admission is made based on the accepted security concept. 4) Forums and channels : allow/prohibit the sharing of existing forums/channels with this trusted participant. It is recommended to allow. 5) Direct source: allow/deny direct access to downloading files and exchanging network packets carrying information about channels/forums/publications. The decision on admission is made based on the accepted security concept.

The “Discovery” parameter can be set globally for all users in the “Settings → Server → Network Configuration” section.

IMPORTANT! Point 5 plays a special role in terms of anonymizing the activities of a participant in the dark network . When adding a new certificate, be sure to consider and monitor the installation of this option. Two possible situations: 1) Direct access is allowed : when encrypting a network packet, the private key of your certificate is used ; your trusted circle knows for sure that you are the source of the content being sent; the immediate environment and other network participants have no information about the source of the information packet. This way you are not an anonymous source to your trusted environment. 2) Direct access is prohibited: when encrypting/decrypting a network packet, thea randomly generated key pair that is not tied to your certificate ; your trusted environment, your immediate environment, and other network participants do not have information about the source of the packet. Thus, you are an anonymous source for your trusted environment and other users of the dark web.

The need for direct access is due to the fact that in some cases it is advisable to be sure that the content comes from that specific person and not from an anonymous source.
Network Visibility :

In the RetroShare crypto platform, it is possible to set the different nature of the client-server behavior on the network - network visibility. The type of network visibility is determined based on the user's accepted security concept. 1) Public mode - a type of client-server behavior in which the latter allows any  trusted participant  to broadcast information about other trusted participants, and is also involved in a distributed hash table (DHT), which means that information about the participant’s IP address is available to network users, and to outside observers. Knowledge of the IP address by third parties does not mean that they have access to information transmitted on the cryptonetwork: they will only know the fact that this user may be connected to the RetroShare network. Participation in DHT does not provide any other information. Access to transmitted data without knowledge of the participant’s private key is prohibited. The mode implements reliable mechanisms for searching and connecting new trusted participants and is useful at the initial stage of forming a group of trusted participants. Upon reaching the required volume of the trusted environment, it is recommended to switch to a mode that excludes working with DHT: private or darknet.2) Private mode is a type of client-server behavior in which only the discovery service functions , and the user’s IP address does not appear in open networks. This mode is optimal from the point of view of security and efficiency of client-server operation.3) Reversed mode: The client-server participates in DHT propagation but does not broadcast trusted peer information. The mode is used temporarily when it is necessary to quickly search and connect to a user when a false IP address is indicated in his certificate.4) Darknet mode , or “dark network” mode: information about the IP address of the user of the crypto platform is not available, the client-server does not broadcast any data about your trusted environment. Recommended in cases where the highest network security is required.
Network activity . Specifies the amount and type of traffic transmitted through this node, as well as some features of client behavior:

Normal mode : everything is broadcast at the highest possible speed; The client's behavior is normal. Without anonymous : prohibit the transit of other people's traffic through the node. The mode reduces traffic and processor load. Game Mode : Same as normal mode, but does not display pop-ups on the screen. Economical : Client-server operates as normal, but all types of traffic are limited. 

ADVANTAGES

The positive features, properties, characteristics and capabilities of the RetroShare crypto platform can be divided into three large groups:

1) effective file sharing; 2) extensive communication capabilities; 3) high degree of security.

An assessment of both the advantages of the RetroShare network and its disadvantages is the result of a comparison with existing networks and data transmission systems.
File Sharing The first thing that catches your eye and makes a strong impression when you connect to the RetroShare network is its extremely powerful and convenient system for searching and sharing files on the network. On the client’s side, there are ample opportunities to refine the results:

search by name or fragment of a name; search by extension or fragment of an extension; search of trusted participants along the path to a file; search by SHA1 hash of a file or collection; search by creation date and file size; search with or without case sensitivity,

on the server side, this is the above-mentioned ability to give various files or folders to various predefined groups of trusted participants , which is basically impossible in existing p2p networks . If the user does not need to differentiate levels of access to his own resources, then it is possible to establish a basic anonymous access mode. In this case, the resources are available for download by all users logged into the network. On the other hand, the same folder can be accessed by the “Family” group only anonymously, even though all members of this group are trusted, and by the “Friends” group - directly, with the ability to have information about who is from the trusted environment is the true source of data. Outside the trusted environment, files, if allowed by the user, are always accessible only anonymously. Here are the simplest examples, but in real situations it is possible to implement significantly more sophisticated ways of dividing local resources. The main part of the settings for accessing local resources is set by the folder management wizard - an icon in the form of a folder with a “plus” icon at the top left of the graphic window - and looks something like this:

Three basic modes of access to resources are set by one or more access flags: green folder – access to files ( viewing the folder structure and downloading files ) is allowed only to friends from groups (the strictest access); blue folder – access ( viewing the folder structure and downloading files ) is allowed to everyone in the trusted environment; The “blue” folder completely overlaps the “green” one in providing access to shared resources; blue mask – anonymous access ( only downloading files) is allowed to any network participant. This is the widest range of access. Searching for files shared in this way is possible only through an anonymous network search service or via a direct link. The clarifying part of the access settings is determined by the rights of each specific trusted peer, set by clicking the icon with a shield view at the top left of the client’s graphical interface.
Communication and communication between participants The material is well presented in the corresponding[5] section of the article on RetroShare in the Russian-language Wikipedia.
SafetyRetroShare is a very user-friendly system. On the one hand, it operates according to basic algorithms, including mandatory encryption of all types of traffic with an unchanged asymmetric key, a one-time symmetric session key and other specific approaches, on the other hand, all further guarantees of anonymity and confidentiality fall on the shoulders of the user . This especially applies to the user-implemented security concept, methods for expanding network connections, and the topology of the created subnet. Of course, absolute security is impossible and, first of all, this is due to the human factor, but of all the many existing crypto networks, RetroShare potentially gives the best results in terms of anonymity and confidentiality, and therefore safety. As an additional advantage, we should again mention the significantly higher file transfer speed in comparison with well-known networks and data transfer systems. To achieve the potential security of working in RetroShare: 1) you should not publish your own certificates either in forums and chats within the network, and, moreover, in open networks - you disclose the fact of using a cryptonetwork;2) you should not accept certificates of other participants if you are not sure of their trustworthiness ;3) in the network configurator, enable either private or darknet modeclient-server operation - your IP address will not appear anywhere on the open network. Look for opportunities to transfer certificates either personally or using reliable channels or methods of transferring information. The inaccessibility of your certificate to third parties and the reliability of trusted contacts is the basis on which your security is based. If you are not sure about a trusted peer, do not allow it to connect directly - Direct Source - and disable the discovery service for it. You will not hide the fact of using RetroShare from him, but you will significantly limit his knowledge about you, your resources and your trusted environment. Let us remind you once again: in almost all non-F2F networks, the enemy has the ability to compile a complete list of IP addresses of all network participants, which means revealing not only the very fact of using the network, but also in some cases de-anonymizing their activities using certain analysis methods. And only in f2f platforms, knowledge of the IP address is limited to only a small group of participants, and it is fundamentally impossible to detect other participants when DHT is disabled , since data in RetroShare is transferred from trusted to trusted and nothing else.

DISADVANTAGES AND LIMITATIONS 

There are two groups of RetroShare shortcomings: 1) shortcomings related to the friend-to-friend concept; 2) shortcomings of the graphical interface and client implementation. If the second group of shortcomings is largely related to user preferences and the mistakes of developers, which means it can always be leveled out, then the first group is fundamentally irremovable and you need to remember this when you work in the RetroShare crypto platform. The disadvantages of RetroShare associated with the concept underlying it can be considered features of the crypto platform.

Disadvantages associated with the f2f concept

Significant load on the central processor and RAM. Working with large numbers, which are an integral part of certificates and private keys, requires a considerable amount of computer RAM and computing resources of the central processor. Considering that the RetroShare crypto platform encrypts not only file sharing, but also messages in forums, channels and chats, then on weak machines such a load can create certain problems in the operation of the client-server. As an example: with the number of trusted peers - 50 and connected - 18, several dozen channels, several hundred forums, active chats, the amount of RAM allocated for the client was 420 MB, and the constant load on the central processor (Intel, 2 cores; 2. 8 GHz) – 2…6%. Of course, the numbers are approximate, but this is the order.The comparative slowness of the spread of forums and channels across the network . The transmission of forums and, in particular, content announcement channels have a low priority in the operation of the Turtle router. First of all, chats are broadcast and tunnels are laid for file sharing. Therefore, messages from both services, depending on the network load and its topology, can reach the interested party from several minutes to several hours. The above does not apply to the immediate environment. There, content is distributed almost instantly. Content is distributed from subscriber to subscriber. If the network is not extensive, a channel or forum may “stall” in some node when the owner of the node has not subscribed to a particular resource. If the resource is filled with interesting unique content and has many subscribers, then no problems arise with the distribution of the channel or forum. This feature, de facto, is a naturally organized protection against spam on the network: useless or empty channels will not be distributed: their distribution will stop within the trusted environment.Unstable file transfer speed from a very distant source - 5 or more jumps. There is one peculiarity here. The Turtle router is a very flexible algorithm, and the RetroShare network topology is very branched and chaotic in its structure. At the first moment, Turtle can indeed build a tunnel to the source that is unsuccessful in terms of distance, but, as a rule, after some time more “closer” paths are found and then both the data exchange speed and the channel itself stabilize. In nine cases out of ten, a reliable data transmission channel is established within 1–10 minutes at a speed close to the maximum throughput of the recipient’s Internet channel. The difficulty of exchanging certificates in a secure manner. Since it is highly undesirable to publish personal certificates in open sources, the problem of transferring them to a potential trusted peer arises. Currently, the most secure means for transmitting RetroShare certificates are encrypted email and encrypted messaging services. It is clear that in this case, too, the problem of the authenticity of the correspondent arises. However, based on the real situation, you can always choose the most appropriate certificate exchange option for a particular user. But, as mentioned above, the most reliable way is to transfer the certificate in person.

Disadvantages of the GUI and client implementation 

Interface overload . Lots of fine-tuning client-server settings . With an ill-considered approach, this situation can lead to de-anonymization of a network participant. This especially applies to cases of file sharing or distribution of content through channels, when by mistake a private announcement can be made in a public channel. Remember! ONCE PUBLISHED IN A FORUM OR CHANNEL, IT IS IMPOSSIBLE TO REMOVE FROM THE NETWORK. Before you publish anything, look again at what you are publishing and what publishing mode is selected: private or public. Unpresentable appearance of forumsdefault. For people who respect not only content, but also form, there are difficulties in bringing the content of a published message into the proper form. The difficulty is that it is better to type the text of the message in a word processor and only then copy it to the forum. Lack of ability to set font size and type in channels . Lack of ability to monitor and analyze traffic structure . It is not clear from the status bar which part of the traffic is private and which part is transit. There is no visualization of different types of traffic. Inability to unhash files of a certain type .

PRACTICAL RECOMMENDATIONS

♦ For security reasons, the nickname in the chat must be different from the nickname in the certificate.♦ If possible, do not publish your own certificate in chat rooms and under no circumstances on forums.♦ Observe conversations in chat rooms. At some point, it will become clear who you shouldn't be wary of and who you shouldn't trust.♦ Silent people in chats cannot be considered people you should trust. Therefore, if you would like to exchange certificates with someone, identify yourself in some way, at least in general, non-binding phrases. By doing this, you will show that you are a living person who deserves attention. In the RetroShare community, it is considered good manners to indicate why you joined the platform, as well as where you heard about it. ♦ Find in the forums links to certificates of hosts constantly connected to RetroShare - the so-called “24/7 VPS” - and send emails with your certificate to several of them through the internal RetroShare mail service. Perhaps they will respond to you and you will have reliable 24/7 contact with the network.♦ Help two or three of your friends connect to RetroShare. You will now have nodes that are completely trusted.♦ If you have multiple computers at home or work, you can create one gateway node that provides access to RetroShare, and connect your main computer to that gateway. Thus, all communications with the network will be carried out by the gateway computer, and it will be your only peer that you can absolutely trust. This approach will have the greatest effect if two computers are located in different buildings or even in different localities, that is, they are significantly separated in space.♦ Try to make trusted contacts among people who are geographically far from you: for example, Brazil, South Africa, USA, Canada, Australia, etc. .P. Be wary of making trusted participants from Eastern European countries or repressive regimes in Asia, unless, of course, they are your real friends.♦ Beware of exchanging certificates with people who add everyone to their trusted list.♦ Once you reach the required number of trusted participants - no more than 60 …80 – enable either private or darknet mode in the client-server.♦ Carefully organize your distribution of folders and files. Make sure that there are no documents, pictures, etc. in shared folders. tags that may include your name or other information about you.♦ Think before you act. In a decentralized system, nothing can be undone.
By [6] 

RTFM 

RetroShare + Tor: classic darknet and hiding the IP address from a trusted environment

 A distinctive feature of dark networks until the release of RetroShare version 0.6 was the fundamental difficulty of hiding a participant’s IP address from a trusted environment. Despite the fact that the activities of network participants - publications in forums and channels, chatting, file sharing, etc. - are always hidden , the fact that IP addresses are in certificates often somewhat cooled interest in the network among potential users. This feature has always been noted in articles about RetroShare and, as a result, an important emphasis was placed, if not on the need for a selective approach to exchanging certificates with strangers, then at least on the requirement to refuse direct file transfer to trusted peers, which guaranteed the utmost degree of security of work in crypto networks. This is illustrated by the pictures below.

Figure 1 - Security of activities in the regular network RetroShare 0.6
For a regular network, the trusted environment only has information that this user is connected to the RetroShare network . Users who are more distant in the topological sense do not even know the fact that a particular user is connected to the network. Due to the fact that the vast majority of transactions (file sharing, distribution of channels, forums, publications and chats) are indistinguishable from each other and use anonymous tunneling through contact chains, and also based on the paradigm of equality of all users before each other, in a narrow, strict sense Anonymity is always maintained, i.e. any user activity is hidden even from a trusted environment, except when the user himself indicates his identity. The only exception to the list is VoIP, which uses a direct connection between two participants with PGP encryption with a private key.

Figure 2 - Security of activities in the RetroShare network version 0.6 based on hidden nodes of the Tor network
In version 0.6 of the crypto platform (Figure 2), the solution to the problem of special behavior with a trusted environment is transferred to the Tor network. That is, as long as the latter is reliable, RetroShare within a trusted environment is also reliable and safe, despite the possible disorder and illegibility in the exchange of certificates by the user of the crypto platform, as well as the specifics of the client-server settings. If the distance to the target node is two or more hops, then the absolute security of the RetroShare crypto platform is ensured by the friend-to-friend paradigm itself and the Tor network plays absolutely no role here, because the client directly works only with his own trusted environment and no one else. By the way, Figure 3 shows the anonymity of open networks, such as DC++ or BitTorrent, in which the user’s physical address is not hidden.

Figure 3 - Anonymity in p2p networks
The arrows in the figure indicate a fundamental lack of selectivity in making connections between the user and remote clients in p2p networks, which greatly aggravates the problems of security of communications and file sharing in such networks.

Data exchange in the RetroShare cryptonetwork when it works via Tor

In the RetroShare crypto platform version 0.6, three network connection configurations are possible: 1) regular connection with dark network participants - the classic scheme; a node with an open port (“green” NAT) acts as a server; 2) connecting a regular node to a hidden one - the IP addresses of both nodes are hidden from each other; a regular node on its side must have Tor configured and running; a hidden node always acts as a server; 3) connection of hidden participants - a node with a faster response acts as a server. The second and third configurations are illustrated in the figures below.

Figure 4 - Connecting a regular node to a hidden one

Figure 5 - Connection of two hidden services of the RetroShare network In the case of connecting a regular node to a hidden one when connecting trusted nodes (Figure 4), client-server 1 will not know the IP address of client-server 2 , because the latter provides data through the hidden service de77jgyfphhb2f45.onion of the Tor network, which is the only public identifier of node 2 in the RetroShare network. In the opposite direction, the data flow from node 1 to node 2 passes through a chain of random nodes of the Tor network and from the side of node 2 only the IP address of its output node is visible. In the case of connecting two hidden services (Figure 5), nodes 1 and 2
RetroShare crypto networks exchange data indirectly through the hidden services de77jgyfphhb2f45.onion and ab45c7777bdd44hh.onion. The physical addresses of the two RetroShare network nodes are hidden during this connection. Gateway ports can be arbitrary and are specified in the settings of the RetroShare crypto platform and the Tor configurator. Let us emphasize once again: we are talking here about hiding the IP address within a trusted environment, since outside it the impossibility of detecting the IP address of users of the RetroShare crypto network is absolute and is ensured by the basic principles of the functioning of dark networks. Friend-to-friend networks in the context of network anonymity have perhaps the highest potential, since in them the enemy does not have the opportunity to freely connect with an arbitrarily selected network user - the principle of privacy is strictly observed here. Unlike open (not private) anonymous networks (i2p, Perfect Dark, etc.), the user has the full right to choose with whom to connect and who to refuse connection; but even in the case of a connection with an ill-wisher, he (the user) has the opportunity to refuse (and refuse) partially or completely from transmitting data through a suspicious node. And, as stated above, the very possibility of determining the IP addresses of RetroShare users located outside the trusted environment is reduced to zero .

Connecting to the RetroShare network via Tor hidden services

(The material is outdated regarding the use of Vidalia. Use this article[!https://adorabilis.wordpress.com/2015/03/26/security-3d/ or further in the text!])

Necessary components using Windows OS as an example: 1) installed and running Vidalia Relay Bundle ;[!https://www.torproject.org/download/download.html.en!]2) RetroShare 0.6.
Launch algorithmcryptonetworks based on RetroShare + Tor1) In an arbitrary place on the hard drive, create a folder with an arbitrary name, for example “Hidden_service”. Let its full path be as follows: “d:\Install\Hidden_service”. This folder will store the onion address of the hidden service you create and the corresponding private encryption key.2) Launch the Vidalia control panel, go to settings, go to the “Services” tab. Click the button with the green plus sign icon on the right. By double-clicking the left mouse button, enter the access port to the created onion service in the “Virtual Port” field. Let it be the same as in Figure 5: 12040 . In the “Target” field, indicate the internal port that your computer will “listen” when receiving TCP packets: 127.0.0.1:13080. In the “Path to directory” field we indicate “ d:\Install\Hidden_service ”. Copy the onion address of the created hidden service to the clipboard by clicking the button with the white circle icon.3) Launch RetroShare. In the certificate creation wizard, check the “Create a new identity” and “create a Hidden Location” checkboxes. Set your login, password and location. In the “Tor address” field, paste from the clipboard the onion address of your hidden service, through which you will subsequently exchange data with your immediate environment.4) Make the following transition: Settings → Service → Tor Configuration. In the “Local address” field we indicate port 13080 , in the “Onion address” field – 12040 . Attention! Don't mix up the port numbers!The client and system are configured. Just in case, check the contents of the torrc file (located at c:\Users\<Username>\AppData\Local\Vidalia\). The following lines should appear there:

HiddenServiceDir D:\Install\Hidden_serviceHiddenServicePort 12040 127.0.0.1:13080 

Further actions involve the mutual exchange of certificates with users already logged into the network.
Attention! For those connecting to the dark web for the first time, RetroShare! Valid certificate of one working node:
CQEGAf8AAAJYxsBNBFP9wdkBCACr1mmpZdsiNJ1TRdAXN4GdA1+D7gWd7tHnvB8tzHy1IVorUn0B4dYvzpLEm2RVdcrlgwUP5HUMjh98ouhD0L/fSs1NtXceGa8k6gXpjS+l8zmKKIhR+r9IcGvLqsr1RpJkbUF2P7IXC0cxKjCNEx8VUuf4qLo4lF3D+N8TaffF58brw7cRrZXmda/OVuMRMEfRbSydnTfMkCwtrZWk4t5GMO6kqUIpBNzIrYgI9+6vuD0x9fxqE5fVhTdhF59h3bux308cnhso/1e2RMFokuUdEkXzThx5IYilj93ZDJHMf1vbasqrO3P969fEZfLY1JOXQG2npwjuMw0zHrzo0/vbABEBAAHNJHdyZXdvbGYgKEdlbmVyYXRlZCBieSBSZXRyb1NoYXJlKSA8PsLAXwQTAQIAEwUCU/3B2QkQtVrvnAMJ5a0CGQEAAPEWB/9poO+eENz+dBLygDIOjY4NS+LBqMjJREGik9W1cXZa3Y6zIwD3FiJWwHgdhnII7Tf+SZksxa6qooBJvQGg9l/WQzffssFm4+oLljxQcTbs/Ox7rNdyWKHYiHSx58y9oLI7NZy2uTwE8jVzIUbUn6QkkZCKA0s56V2leXHWqyM0oYXwpF1u4lkhvD6qHiN9vMBf0tVQK/EQo3HfidVpXDPlVZ/n35+Vg8bNbCSCTfN6Oz3ApjJ40nr9XZhpXJrl4GM9SRjUSlrtJ/8seFqFkw16cjQH0HEth707DpSr7wtUPCDZ9ZcVGTuEM/2xibGiNTUuaC7lpJiGH28yOu+7peP4CBt5emx6aHRwNmN4ajMybHptLm9uaW9uOjc4MTIGA3RvcgUQisFfCUPoqdwwvqjYk7+8awcDzmME
To send your own certificate, use the following address in the BitMessage network[!https://ru.wikipedia.org/wiki/Bitmessage!]: BM-2cXYZkxQ2qk75ApZgZWjPTuVZsMsUQVp19 . You can download the BitMessage client here[!https://bitmessage.org/wiki/Main_Page!]. As soon as the certificate you sent is noticed, you will definitely be added to the circle of trusted people. Users who have any questions about RetroShare can subscribe to the RetroShare thematic public channel in BitMessage: BM-2cUsYWk3KUfSUxGnYR3RLcQBZumA8zZ46v. More experienced users will tell you what to do if something goes wrong when connecting to the crypto platform.
To connect a regular client-server with a hidden one (Figure 4), it is required that the first side has Tor installed and functioning . Otherwise, the regular node will not “understand” how to connect to the onion address appearing in the hidden node’s certificate. After all, there are no IP addresses in such a certificate.

Objective function

When connecting to the RetroShare network through the anonymous Tor network, the problem of accessibility of the user’s IP address to the immediate environment is solved, which gives the attacker information about the fact of connection to the RetroShare dark network. Any file sharing and communication activity of the user, thanks to the GXS data tunneling system, is always anonymous for all nodes, unless the user himself wishes to indicate his identity. The price for deciding to use Tor is a significantly lower file sharing speed, averaging from 1/5 to 1/2 of the maximum bandwidth of the available Internet connection.
Indications for useA situation of total distrust of any Internet user. A situation when there are only two participants in the network who need to maintain anonymity (for a network of two participants, GXS tunneling, for obvious reasons, does not implement the anonymizing function). Fundamental reluctance to participate in a file-sharing network, where although if only one user would know the IP address of a personal computer ( we are only talking about the knowledge of the IP address to a trusted environment! any network activity in RetroShare is always anonymous and encrypted, unless you indicate your own identity; the user can freely publish his messages in channels / forums / cloud of publications, as well as communicate in numerous chats on behalf of one or many anonymous personalities created earlier).The connection to the Internet is not direct, but is provided through a proxy server on the organization's local network. A proxy server with the need for mandatory authentication is also possible. It is difficult or fundamentally impossible to “forward” an external port to an internal, opaque NAT. The ability to securely publish a personal certificate in open networks is required to subsequently establish direct communication with an anonymous correspondent.
Contraindications for use: none.
Situations when using RetroShare + Tor is inappropriate
File sharing and communications are supposed to be carried out with friends or with trustworthy people. The user, for objective reasons, does not worry about a trusted environment in the dark network. The highest possible file sharing speeds with users of the crypto platform are required. The main file sharing is supposed to be carried out in local computer networks.

Safety concept and practical recommendations

In order to extract maximum benefit from the potential of RetroShare 0.6, it makes no sense to use the same key pair for working in a regular network and a network operating through a system of hidden services. A trusted user will be able to connect both directly and through the hidden service of the Tor network, which eliminates the idea of ​​​​hiding the IP address. RetroShare over Tor works only if you create a separate certificate either for a single client or for a single client. on September 15, 2014 [!https://adorabilis.wordpress.com/2014/09/15/retroshare-tor/!]

Security über alles. Three-dimensional instructions for uncompromising users

The subject of this article is the deployment, configuration and management of the RetroShare crypto platform with extreme security settings. At the request of potential users, the review will be carried out for the Windows operating system , in connection with which an important point should be noted. If you very seriously, on a large scale, intend to organize hidden from prying eyes and/or anonymous activities on the Internet, then you should completely refuse to use any - commercial or non-commercial - closed source operating system, be it MS Windows, Mac OS X or other. Instead, it is highly recommended to install any user-friendly free software on your machine.operating system of the Linux or BSD family: Mint, Ubuntu, CentOS, OpenSUSE, Mageia, PC-BSD or other. A complete list of open secure operating systems along with their ratings can be found here[!http://distrowatch.com/!]. This approach to your own activities will increase confidence in your security by several orders of magnitude, and, scientifically speaking, will reduce the likelihood of unauthorized access to confidential data to an acceptably low level. This does not mean that the use of proprietary systems like Windows necessarily leads to your de-anonymization or unmasking of your work and interests. The anonymous RetroShare platform provides end-to-end encryption of all its services, is able to hide its users from ill-wishers, is capable of reliably transmitting encryption keys over insecure communication channels, guarantees the privacy of your activities, and more.

Setting the task

I have a computer with Windows7 (x64) installed and a desire to fully utilize the almost limitless potential of the anonymous RetroShare platform. An additional parameter is the user’s reluctance to establish a direct connection even with a trusted environment. A serious approach to solving the problem requires a multi-step and somewhat diverse strategy: 1) installation and configuration of the official Tor distribution for the needs of the crypto platform, creation of a hidden service; 2) competent installation of RetroShare, generating a certificate, setting up a client-server, connecting to the RetroShare dark network;3 ) implementation of the security concept and qualified organization of activities on the dark network. The solution procedure is a kind of three-dimensional design,

CREATION OF A HIDDEN SERVICE

1. Go to the official website of the Tor anonymous overlay network project:[!https://www.torproject.org/download/download.html.en!]

2. Download the Tor assembly and signature for it.

It’s probably more convenient to get the signature like this: right mouse button → “Save object as...”.

3. We check the integrity and authenticity of the downloaded archive containing the assembly.

You can skip this point, but if you are determined to follow a safety mindset, then you should not do this.

To carry out the verification procedure, gpg4win is required. If your computer does not have the specified set of PGP utilities for Windows, download and install it from the official website.[!http://www.gpg4win.org/!]

Next, we perform the following sequence of actions: a) Start → Run → cmdb) For convenience, go to the folder with the downloaded files: cd \de:\_Downloads c) Import the public key of the Tor development team. To do this, enter in the command line: gpg –keyserver x-hkp:// –recv-keys 0x4E2C6E8793298290

d) Check the fingerprint of the loaded key: gpg –fingerprint 0x4E2C6E8793298290

i) Now we check the PGP signature of the downloaded file and its signature received from the site: gpg –verify tor-win32-tor-0.2.5.11. tor-win32-tor-0.2.5.11.zip

Below it is indicated that the key is not certified by a trusted signature. There is nothing wrong with this, since you have not met the Tor developers in person and their public key is not in your trust list.

4. Deploy Tor Expert

The main folder where we will store all the necessary components is “D:\Pool\”. Unpack the contents of the Tor expert bundle into it:

In the same place, in the “D:\Pool\” folder, create another folder with an arbitrary name, for example, “ Hidden_service_1 ”. The numeric index at the end of the folder name is added so that in the future you may be running multiple hidden services for multiple concurrent RetroShare clients. The created folder will contain the identifier of your hidden service and the private key to it.

5. Create and edit the torrc settings file, launch the hidden service

In the “D:\Pool\Data\Tor\” folder, create a torrc settings file with the following contents:

SocksPort 9060DataDirectory D:\Pool\Data\TorDirReqStatistics 0GeoIPFile D:\Pool\Data\Tor\geoipGeoIPv6File D:\Pool\Data\Tor\geoip6HiddenServiceDir D:\Pool\Hidden_service_1HiddenServicePort 12040 127.0.0.1:13080

Please note that the paths to the folders "D:\Pool\Data\Tor\" and "D:\Pool\Hidden_service_1\" in the generated file should not end with a backslash . The contents of torrc require some explanation. SocksPort 9060 – the standard Tor gateway port has been changed from 9050 to 9060. This is done so that the launched process does not conflict with other Tor processes that you may already have running on your system. The port can be set to any from 1025 to 65536, the main thing is not to forget to specify it in the settings of the anonymous RetroShare platform. By default, port 9050 is set there . DirReqStatistics 0– disable the recording of service request statistics and network response time. If you want to evaluate the quality of your connection, you can set it to 1. This does not affect security, but will slightly increase the resource intensity of the process and create a constantly swelling statistics file. DataDirectory D:\Pool\Data\Tor – the place where service files and the torrc settings file are stored. HiddenServicePort 12040 127.0.0.1:13080 . Port 12040 of the hidden service is specified, on which Tor will listen for incoming connections, as well as port 13080 for transmitting data to the operating system. Full information about the possible settings of the service being launched can be found here.[!https://www.torproject.org/docs/tor -manual-dev.html!] 

6. Launch. Checking the connection

Start → Run → cmd;D:\Pool\Tor\ -f D:\Pool\Data\Tor\torrc.

If you want the Tor service to start after every boot of the operating system, you need to make an appropriate entry in the system registry by running the following command:

reg add “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run” /v “RetroShare-Tor” /t REG_SZ /d “D:\Pool\Tor\ -f D:\Pool\Tor\Data\Tor\torrc” /f

If you want to remove a service from startup, do this:

reg delete “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run” /v “RetroShare-Tor”  /f

Attention! Quotes everywhere are ordinary straight ones! (Shift + 2 in Russian layout).
NOTE: Connecting via Tor, among other things, is convenient because you have the ability to connect to the RetroShare network while behind an opaque NAT, or even when you access the Internet through an organization’s “password” proxy. This is what the torrc file will look like in this case:

SocksPort 9060DataDirectory D:\Pool\Data\TorDirReqStatistics 0GeoIPFile D:\Pool\Data\Tor\geoipGeoIPv6File D:\Pool\Data\Tor\geoip6HTTPSProxy 192.168.1.1:8080HTTPSProxyAuthenticator OtdelSnabzhenia:pass12345passHiddenServiceDir D:\Pool\Hidden_service_1HiddenServicePort 12040 127.0.0.1:13080

 Check the contents of the “Hidden_service_1” folder. Immediately after launch, two files should appear there - hostname and private_key , - the first of which will contain the name of the hidden service through which you will communicate with the trusted environment in the RetroShare crypto platform.

Let's launch the Firefox browser and check whether Tor has connected to the network: Tools → Settings → Advanced → Network → Configure → Manual configuration of the proxy service. In the “SOCKS Node” field we indicate 127.0.0.1 , port – 9060 . Go to any site, for example, https://duckduckgo.com. If the site opens, everything is fine. If not, return to step 4 and check the sequence of actions again. Let’s check the security of the Tor service by opening the website http://ip-check.info/?lang=en in the browser. Click on the “ Start test ” link. After a while you should get something like this:

 The pictures tell us two things: 1) our Tor service is working as it should; 2) the browser is configured perfectly. If you received something like this,

then there is nothing wrong with that. These are satisfactory results, especially since the fact that Tor works properly is important to us. The anonymous RetroShare platform, unlike browsers, does not release anything de-anonymizing to the network. So, in this area we are all right. We have made sure: 1) the hidden service has been created ; 2) there is a connection to the Tor network . Do not forget to return the network settings of your browser to their original state. 

RETROSHARE DEPLOYMENT

1. Installation and first launch of RetroShare

Go to the news page[!https://adorabilis.wordpress.com/2014/08/03/retroshare-news/ Or - the official assembly from http://retroshare.sourceforge.net/downloads.html!] and download the current RetroShare build for Windows. It is recommended to use the portable version supplied as a 7zip archive. Create a RetroShare subfolder in the “ D:\Pool\ ” folder and unpack the archive with the platform into it:

Let's run the file:

2. Generating a personal certificate

Check the “Advanced” checkbox. We set the name, strong password for the certificate, location (any string of characters) and the length of the key pair for asymmetric encryption - 4096 bits. IMPORTANT! From “ D:\Pool\Hidden_service_1\hostname ” we take the name of the hidden service (Tor address), and also specify the access port: 12040 . Actively move the mouse and click “Generate new identity”.
We complete the certificate generation

and the anonymous RetroShare platform is launched:

3. Fine-tuning client-server

Click the Settings button and sequentially configure the client-server behavior:

Adjust the upload/receive speed values ​​according to your capabilities and needs:

The more you tunnel other people's data, the better your own activities will be masked. A value of 30 is the maximum possible.

Very important setting! Treat it with the utmost care.

The “Inbox OK” circle may not light up green. The address of the Tor hidden service can be checked against the address located in “D:\Pool\Hidden_service_1\hostname”. The maximum number of simultaneous downloads can be increased at least twice. The Tor network is not characterized by high file sharing speeds, so it makes sense to parallelize downloads. For security purposes, it is better to set the selection of parts of the transferred object to be random .

Specify the default target folder:

Let's create at least one anonymous person. You will need it to connect to chats. It is better to use different anonymous names in forums, channels and publications.

Later, you will create as many aliases as you like. Pseudonyms spread throughout local user databases over a period of time and, instead of anonymous numbers like f24534d95bcc9abd7b77e9ce4e55ae60, human-readable names appear. Aliases that are not used for a week are automatically destroyed.

4. Network connection.

Unfortunately, so far (as of April 6, 2015) none of the three working chat servers presented on RetroShare rocks[!https://retroshare.rocks/!] is able to connect to hidden nodes, so we will connect to one of the real RetroShare users. Below is the certificate of the user who is ready to provide entry into the dark web. Please note that the presented certificate, like yours, is associated with a hidden node of the RetroShare network, which means that it does not contain any personalized information, including an IP address .
CQEGAf8AAAJYxsBNBFP9wdkBCACr1mmpZdsiNJ1TRdAXN4GdA1+D7gWd7tHnvB8t zHy1IVorUn0B4dYvzpLEm2RVdcrlgwUP5HUMjh98ouhD0L/fSs1NtXceGa8k6gXp jS+l8zmKKIhR+r9IcGvLqsr1RpJkbUF2P7IXC0cxKjCNEx8VUuf4qLo4lF3D+N8T affF58brw7cRrZXmda/OVuMRMEfRbSydnTfMkCwtrZWk4t5GMO6kqUIpBNzIrYgI 9+6vuD0x9fxqE5fVhTdhF59h3bux308cnhso/1e2RMFokuUdEkXzThx5IYilj93Z DJHMf1vbasqrO3P969fEZfLY1JOXQG2npwjuMw0zHrzo0/vbABEBAAHNJHdyZXdv bGYgKEdlbmVyYXRlZCBieSBSZXRyb1NoYXJlKSA8PsLAXwQTAQIAEwUCU/3B2QkQ tVrvnAMJ5a0CGQEAAPEWB/9poO+eENz+dBLygDIOjY4NS+LBqMjJREGik9W1cXZa 3Y6zIwD3FiJWwHgdhnII7Tf+SZksxa6qooBJvQGg9l/WQzffssFm4+oLljxQcTbs /Ox7rNdyWKHYiHSx58y9oLI7NZy2uTwE8jVzIUbUn6QkkZCKA0s56V2leXHWqyM0 oYXwpF1u4lkhvD6qHiN9vMBf0tVQK/EQo3HfidVpXDPlVZ/n35+Vg8bNbCSCTfN6 Oz3ApjJ40nr9XZhpXJrl4GM9SRjUSlrtJ/8seFqFkw16cjQH0HEth707DpSr7wtU PCDZ9ZcVGTuEM/2xibGiNTUuaC7lpJiGH28yOu+7peP4CBt5emx6aHRwNmN4ajMy bHptLm9uaW9uOjc4MTIGA3RvcgUQisFfCUPoqdwwvqjYk7+8awcDzmME
To add a contact to your site list, copy the certificate to your clipboard. Go to the RetroShare program and click the “Add” button located in the upper left corner of the interface. In the window that appears, click “Next” and enter the copied certificate in the lower field:

Click the “Next” button and enter the password for your certificate:

A similar procedure should be carried out for each added certificate.
Now you need to transfer your certificate to remote contacts . Let's go to the Tor project website and download the anonymizer browser - Tor-browser - which we will use to anonymously transfer your certificate. We unpack the resulting archive to an arbitrary location (you can go there too – in D:\Pool\), run “Start Tor” and wait some time until the browser enters the Tor network. Next, go to the certificate exchange resource[! https://bin.cavebeat.org/?4e5ed633ca44eb4d#rB4vT2M3DdLPtgA9WkdArBqNkiRZri7HqBLnq6OIJAY= !] and leave your certificate in the comments. When noticed by your correspondents, you will immediately be added to their circle and you will receive entry into the anonymous RetroShare network. Let us remind you thatYour own certificate can be found in “Settings → Host → Certificate” . After some time, several or all of the added RetroShare network nodes will be connected to you:

You are online. And you can right now publish on other people’s forums or create your own; subscribe to content distribution channels; search for files, chat and much more:

The list of available resources will constantly grow. To strengthen your connection to the network, enter chats and exchange a certificate with someone else:

The third area of ​​security involves some rules for reasonable behavior on the dark web.

SAFETY CONCEPT

So you're online. RetroShare will perfectly hide your file sharing and communications, but no system will save you from the so-called social de-anonymization[!https://duckduckgo.com/?q=%D1%81%D0%BE%D1%86%D0%B8 %D0%B0%D0%BB%D1%8C%D0%BD%D0%B0%D1%8F+%D0%B4%D0%B5%D0%B0%D0%BD%D0%BE%D0%BD%D0 %B8%D0%BC%D0%B8%D0%B7%D0%B8%D1%86%D0%B8%D1%8F!], when you yourself give a stream of related information about a certain, albeit anonymous, person, t .e. - about you. Therefore, the first and most important rule of anonymous activity is not to rush to launch stormy, and therefore too noticeable, initiatives and campaigns. But at the same time, you shouldn’t be different from the masses of other users. You go into a chat, there is a heated conversation about North Korea, throw in a couple of insignificant phrases about this country. A day later there will be an equally heated conversation about cats - say that you like or don’t like cats. If on the third day everyone is silent, be silent too. At the very least, at first, don’t initiate anything noticeable or significant anywhere. In RetroShare chats, there’s a tradition of making fun of a newbie. Get the tone and respond with something that sounds like a joke, but don't go into too much detail. If you switched to the RetroShare platform for serious matters, you have nothing to do in chats at all.
Below are the elements of reasonable behavior point by point.

Настоятельно не рекомендуется использовать одинаковые псевдонимы в чатах/форума/каналах/публикациях и сертификате. Если вы назвались в сертификате как Stranger, пусть этот псевдоним там и остаётся. Возможности есть, используйте разные имена всегда и везде.По возможности, не публикуйте собственный сертификат в чатах и ни в коем случае – на форумах. Даже если ваш сертификат – скрытый.Понаблюдайте за разговорами в чатах. В какой-то момент станет понятно, кого можно не остерегаться, а кому лучше не доверять.Молчуны в чатах не могут считаться людьми, которым следует доверять. Поэтому, если вы хотели бы с кем-то обменяться сертификатами, обозначьте себя как-то хотя бы общими, ни к чему не обязывающими, фразами. Тем самым вы покажете, что вы живой человек, заслуживающий внимания. В сообществе RetroShare считается добрым тоном сообщить, с какой целью вы подключились к платформе, а также, откуда вы о ней узнали.Найдите в форумах ссылки на сертификаты постоянно подключённых к RetroShare хостов – так называемые «24/7 VPS» – и пошлите нескольким из них emails с вашим сертификатом через внутренний почтовый сервис RetroShare. Возможно, вам откликнутся и у вас будет надёжный круглосуточный контакт с сетью.Если у вас дома или на работе есть несколько компьютеров, можно создать один узел-шлюз, обеспечивающий доступ к RetroShare, а ваш основной компьютер подключить к этому шлюзу. Таким образом, все коммуникации с сетью будет вести компьютер-шлюз, и он же будет вашим единственным пиром, которому можно доверять абсолютно. Наибольший эффект такой подход будет иметь, если два компьютера находятся в различных зданиях или даже в различных населённых пунктах, т. е. существенно разнесены в пространстве.С опаской заводите доверенных участников из стран Восточной Европы или репрессивных режимов Азии, если, разумеется, они не являются вашими реальнымии друзьями.Остерегайтесь обмениваться сертификатами с людьми, которые добавляют в доверенные всех подряд.Тщательно организуйте ваши раздачи папок и файлов. Следите за тем, чтобы в разделяемых папках не оказались документы, картинки и пр., в тегах которых может значиться ваше имя или иная информация о васДумайте прежде, чем делать. В децентрализованной системе ничего отменить нельзя.

< The material will change slightly and be constantly updated > 

Attention! Information for those who have already read the article: anonymous encrypted certificate exchange resource[!https://bin.cavebeat.org/?4e5ed633ca44eb4d#rB4vT2M3DdLPtgA9WkdArBqNkiRZri7HqBLnq6OIJAY=!].Entered into the network! Don't forget to periodically check for new certificates from those wishing to connect.

By on March 26, 2015 [!https://adorabilis.wordpress.com/2015/03/26/security-3d/!] 

History 

“How do you use RetroShare?” - a look from the inside

In the anonymous forums of the encrypted RetroShare network, a discussion took place that might not have been of public interest if it had not been clear from the text that the participants in the exchange of opinions, with few exceptions, were ordinary Internet users. And, of course, the topic of discussion itself stands out from others. Why it stands out will become clear from the text below. On a network whose main goal is to guarantee the user the security of communications and file sharing from unauthorized eavesdropping and unauthorized access to resources, respectively, and in which, as a rule, people are in no hurry to tell anything about themselves, User No. 1 asks the following question:

People! I just recently joined the RetroShare network and want to know what the most popular services are here? Do people mostly use file sharing? Discussing in forums? Or is the main goal the desire to distribute your content on the dark web, away from bittorrent networks? I myself currently mainly use forums and chats. How do you use RS?

After 22 minutes, User No. 2 answers him:

Mostly chats and forums. I download a few movies and books. I broadcast traffic for my friends.

After another 3 minutes User #3:

Chats, forums. I download movies and TV shows. I like p2p networks like this.

After a quarter of an hour, another anonymous user (No. 4) joins the conversation, not distinguished by the brevity of his thoughts, but for this reason he is more interesting:

I have about 40 trusted nodes that I share content with. Most of them do not rely on downloading via torrents or other open sources because they are afraid of unknown services and are not technically savvy users. In this regard, through a remote administrator, I installed RetroShare for them and configured it as expected. In general, my friends and I are here to exchange books in such a cozy “get-together.” But because RS offers so much more than just sharing books, we also share video content, audiobooks, and other materials that aren't suitable for sharing via email. Occasionally we communicate in a private chat room, but most of the time we just sit there quietly. I also connected to other RetroShare users, which gave me and my friends access to a ton of content. And, of course, in chat rooms I met interesting people with whom I wouldn’t mind talking. In short, as you can see, my main goal of being here is private communication and secure file sharing.

In 2 minutes:

And yes, I forgot! Often, much more often than I expected, I use an RSS aggregator to read and distribute news.

Later, a RetroShare activist from the USA, well known to all users of the dark web for his endless rationalization proposals, spoke up:

File sharing is the most widely used, most enjoyable part of RetroShare's functionality. I made a lot of proposals regarding the platform’s support for torrent files, at least in terms of saving the downloaded torrent in a special folder from which the user’s torrent client could automatically extract and process them. An additional plugin linking RetroShare to qBittorrent, as well as aMule, would give users access to the enormous volumes of content provided by these networks via torrent files or ed2k links. Additionally, RetroShare users would be able to search for files across all networks via DHT without having to launch the corresponding clients.

The proposal has the right to exist, but, fortunately, the RetroShare developers have not shown any noticeable enthusiasm for the idea of ​​​​linking the RetroShare dark network and dangerous (open) networks, since this would inevitably lead to de-anonymization of the file-sharing activities of many users. Another user continues:

In the so-called "public" part of the RetroShare network, I mostly only anonymously publish my secret stashes of files. I also get some discussions in the forums, posts in channels and links in the publication cloud. In general, RS serves me to create a private network with my friends, which is essentially a replacement for Facebook.

In response - a small fly in the ointment:

I wish my friends were like this! My friends in the technical field mostly adhere to the “mainstream”, and, to put it mildly, are out of touch.

“Spoon” in the sense that the message implies the complexity of setting up RetroShare and its “non-mainstream” nature. If the second is simply debatable, then the first cannot be called true: among similar cryptographic products, RetroShare is perhaps the easiest to learn. Let's move on. Brief user:

File sharing, encrypted email service, some chats, reading messages from smart people on forums.

Apparently a newbie:

I would like to use it mostly as a social network to connect with close friends and family. At the moment I’m little by little figuring out what’s what so that I can then start promoting the topic.

Later one of the developers joins in:

At the moment, mostly for secure communication with other developers. Also mail service and chats. I don’t use file sharing. I hope that RetroShare will soon become a complete replacement for Skype, YouTube, Facebook, and Twitter. Not now, but in the future. According to my vision, the priorities for the further development of RS should be set as follows: - improving VoIP (to close the issue with using Skype); - channels (a YouTube-like service with the ability to stream); - completing work on the functionality of the social network (to close the issue with Facebook); — implementation of GXS groups and environments (private forums and channels of interest); — joint work of developers/employees (calendar/scheduling, access to the desktop, video/audio conferences, etc.); — wiki service; — photo service.

Another very colorful developer:

At the moment I mostly use it to solve development-related issues [laughs]. I also use it as a communicator because RS does some of the things that other programs can't do, like inserting a picture directly into a chat. Additionally, there are several forums not related to RS development that interest me. It’s also convenient from time to time to quickly find this or that file. But the main thing I’m here for is to create an effective network voting system based on the RetroShare encrypted f2f network [gives a link to the RS forum, where he explains the principles of delegated (liquid) democracy and approaches to its implementation in RetroShare; details in the English wiki].

 Isn't it time for you, dear reader, to join the topic? You can read this entire discussion on the RetroShare network at: retroshare://forum?name=What do you use Retroshare for%3F&id=c8c6d0b8d63029af76194f7f07c7c42f&msgid=a64f05b292d613368dcba744a5548e208a96dd9a By on August
17, 2015 https://adorabilis.wordpress.com/2015/ 08/17/inside-retroshare/

How can you use RetroShare? - crystallized cases 

Based on the article ““How do you use RetroShare?” - a look from the inside,” as well as often observing the bewilderment on the faces of newly connected people when they ask: “what can be done here?” and the old-timers of the network, without further ado, answer: “that’s it!” - it was decided to write this article. The bewilderment of new users of the dark web can be understood: how is “everything”? The browser opens the site, the player plays music, and text is typed in the office editor. There are specific tasks that are performed by specific software. What kind of answer is “everything”? Regular users are also easy to understand. Every newbie, every new day, entering the RetroShare public chat, says the sacred “Anyone? Hey, that's cool. Works. What can be done here?”, and forces patient network users to provide links to a real resource or on-line resources,Here it was decided not to write another article about “everything”, but to identify simple, understandable to everyone, “crystallized” cases - to fragment, split the functionality of the platform into individual tasks, the essence of which will be accessible and understandable to every user who is in search of a solution to these problems.

1. YOU NEED TO ESTABLISH PRIVATE COMMUNICATION BY CORRESPONDENCE WITH A REMOTE ANONYMOUS USER 

In what cases might this be needed? You are a journalist. You need to contact and receive information, incl. some important files, with your informant wishing to maintain his own anonymity. This approach gives the informant confidence that

it will not be disclosed - the principle of anonymity of the source of information is preserved; information transmitted through the communication channel will be available only to the journalist and no one else - the principle of confidentiality of data exchange is preserved.

You, as a journalist, receive unique information to prepare an original article. ( The story of Edward Snowden, the man who opened the world’s eyes to the Internet, and journalist Glenn Greenwald immediately comes to mind. ) How this is done in RetroShare The informant launches a hidden service, installs and configures RetroShare accordingly. Both participants exchange retroshare certificates, connect, initiate correspondence and file sharing. Why it is not advisable to use classic mail with PGP encryptionClassic email services are centralized, which makes it possible for an adversary to monitor the activities of exchange participants, collect statistics on the use of the service, and maybe even, under certain conditions, decipher the transmitted information. The use of third-party centralized services imposes serious responsibility on the participants in the exchange of information in terms of setting up software, choosing an operating system, etc. Classic email services are poorly adapted to ensuring client anonymity, which leads to additional, sometimes insurmountable, difficulties in setting up software and hardware participants in the exchange. The second remark is no less important than the first, because not every journalist is required to understand the techniques and technologies for ensuring anonymity. However, the informant may also not be the most technically advanced user. Of course, in terms of PGP encryption, RetroShare performs similar tasks, but there is still a fundamental difference: algorithmically (at the physical level, of course, everything is much more complicated) in RetroShare a direct connection is established between the computers of two participants. Thus, there is no third-party auxiliary (read destructive) service. In addition, RetroShare is implemented in such a way that it does not transmit extraneous information about each other: no information about screen resolution or type of operating system, no information about information sessions, no data about hardware, etc. In the context of the discussion, another important one should be noted moment: how to securely exchange certificates, if a secure channel between the informant and the journalist has not yet been established. After all, it will be installed only when the computers of both participants are connected via RetroShare (forgive the perhaps unnecessary recursion). This is the well-known chicken and egg problem - how to raise the first chicken if it should come from an egg that must be laid by a chicken - and there are no clear solutions to this problem. Perhaps you should resort to the services of a third party who is fully trusted by both parties to the exchange. But this option may not be acceptable to the informant. Another option involves the informant sending the journalist a regular paper letter with his certificate and instructions where the journalist should leave the medium with his own certificate: under a bench in the park, in a post office locker, or in a storage locker at a train station.

1a. YOU NEED TO ESTABLISH AN ANONYMOUS PRIVATE COMMUNICATION BY CORRESPONDENCE WITH A REMOTE ANONYMOUS USER 

In what cases may this be necessary? For example, you are a civil activist who wants, without revealing your identity, to contact another civil activist who also does not want to reveal himself. Here, as in the case above, both activists can be sure that

They are not wiretapped, they interact with each other anonymously.

Like this done in RetroShare Both activists launch hidden services, install and configure RetroShare accordingly. Both participants exchange retroshare certificates, connect, initiate correspondence and file sharing.
Let's look at the other edge of the territory of Freedom...

2. PRIVATE FILE SHARING AND PRIVATE COMMUNICATION BETWEEN TWO PERSONS 

Description of the situation A person close to you lives in another city or even country. You want to exchange photos, home videos and important documents with him with a guarantee against unauthorized access to information and the confidence that you are transferring it to this loved one and not to a third party. How it's done in RetroShare You and your loved one install and configure RetroShare. During a personal meeting, you exchange media with personal RetroShare certificates with each other. Upon returning home, each participant adds a remote user certificate, connects and begins exchanging files, communicating in text chat, and also gets the opportunity to make voice and video calls. Of particular note, that in this case (as in any other cases described here) not a single outsider has the ability to connect to the computers of network participants, i.e. spy on, steal, eavesdrop on, read something, even if a third party has certificates from both participants; connection in RetroShare involves the mutual exchange of certificates and an attempt to “one-way” connect to a remote network node will not bring any results; since the certificates were received by close people in person, the possibility of a so-called “attack in the middle” is excluded, which guarantees that in a month and in a year, your texts will be read and your videos will be watched only by a person close to you, but not by any stranger; artificially forge (synthesize a private key, knowing public) certificates with a key length of 2048 bits or more is impossible. Of course, the second statement is only true when you and a person close to you keep the private key, on the basis of which the RetroShare public certificate is synthesized, in the strictest confidence. By the way, the RetroShare private key is located in encrypted form in the “RetroShare\Data\pgp\” folder in Windows and “~/.retroshare/Data/pgp” in Linux. Be carefull! Do not allow third parties access to your personal computer. Be carefull! Do not allow third parties access to your personal computer. Be carefull! Do not allow third parties access to your personal computer.Please note , unlike RetroShare, all your files in the cloud storage, as well as correspondence on your favorite social network, even if you use the https protocol, are fully accessible at least to the company providing the service, and, obviously, to the punitive detective authorities of the state. In the worst case, it is available to everyone. However, for a person with self-esteem, the first step is enough to stop using services that do not respect the privacy of their users, no matter how convenient they are. RetroShare , in fact, helps you, using simple means, create your personal home server, controlled only by you, and implement secure, guaranteed from eavesdropping, data transmission over open communication channels.

2a. PRIVATE FILE SHARING AND PRIVATE COMMUNICATION BETWEEN SEVERAL PERSONS 

Description of the situation One-on-one communication is necessary, but you have many relatives living in different cities and countries. You want to share all your intimate photos, home videos, and important documents with the same guarantees stated in the paragraph above. How it's done in RetroShare You and people close to you install and configure RetroShare. During personal meetings with each of them, you exchange media with personal RetroShare certificates. Upon returning home, each participant adds certificates of remote users, they connect with each other and begin exchanging files, communicating in text chat, and also get the opportunity to make voice and video calls. HereThere are pleasant moments and unique features not inherent in any existing platform that should be especially noted. You can selectively share access to personal files. For Vasya, open one folder for downloading, for Katya – another, and for the strict Aunt Masha – a third, which does not contain photos of your trips to the nightclub. RetroShare also has the ability to share a folder with multiple users at the same time. You can communicate with each other either privately, tet-a-tet, or in a general chat or forum. Theoretically and practically, you can even anonymously open access to any folder, everyone will be able to download files, but no one can reliably say who the source is. It’s another matter how much this is in demand online, where everyone knows each other personally.

3. ANONYMOUS DISTRIBUTION OF ORIGINAL CONTENT AMONG A LARGE AUDIENCE 

Description of the situation You are a releaser of interesting original content. Do you want to anonymously and privately, and therefore safely for yourself, distribute, for example, films on the RetroShare dark network. How this is done in RetroShare Here, unlike points 1 and 1a, where two people participate in the exchange, the mandatory use of hidden services is not required. You install RetroShare, enter one or more chats and gradually create your own network environment, exchanging a certificate with 15-20 users 24/7 or 40-50 randomly selected users. After completing the formation of your environment, you maintain a so-called “active pause” in activity for a short time. Then, on behalf of an anonymous user, you create your own channel and/or forum, where you start publishing links to your content, after which you actually start distributing the content. To help dark web users discover your channel and/or forum quickly, you can post a link to it (them) in one or more of the most visited dark web forums.

Active pause - the behavior of a dark web user who, for a week or two, does not actively participate in any file sharing, or better yet, participates in the distribution of known content; communicates moderately in chats and, on behalf of an anonymous user, communicates unlimitedly in forums on abstract topics.

The need for an active pause is inherent in any private network , since there is a significant correlation between the appearance of a new user on the network and the massive distribution of new content, which can, with some degree of probability, de-anonymize the distributor. We especially note that the distributed file, even if it has not been downloaded by remote users, begins to be simultaneously distributed between them (leechers), i.e. as is customary in other file-sharing networks. Anonymous tunneling of data fragments, adopted by default in RetroShare, does not make it possible to determine, either by an outside observer or even by the trusted environment of the source, who has the complete distribution file. The client-server does not distribute such information, of course, unless you yourself have enabled this feature in the distribution settings. After downloading the file from other sources, each of them becomes a seeder, but even in this case it is not possible to indicate who is the distributor: the reconstruction of anonymous tunnels occurs constantly and completely randomly. (By the way, approximately the same thing is observed in the case of the distribution of channels, forums and publications.)

3a. ANONYMOUS DISTRIBUTION OF ORIGINAL CONTENT AMONG A LARGE AUDIENCE THROUGH HIDDEN SERVICES 

Description of the situation You are a releaser of interesting original content. Do you want to safely distribute, for example, the same films on the dark web? Unlike the point above, you do not have the opportunity and/or time to sustain an active pause in activity. How it's done in RetroShare The releaser launches a hidden service, installs and configures RetroShare accordingly. Next, as in the previous paragraph, a network environment is created and, at the same time, content distribution is initiated. There is only one disadvantage of this approach: significantly lower file sharing speeds through hidden services. Plus : there is no need to maintain an active pause and you can start any file sharing and communication activities immediately.

4. COMMUNICATION WITH A LARGE GROUP OF PEOPLE IN PRIVATE MODE 

Description of the situation You work in a large organization, whose employees are widely separated in space, and you need to discuss work issues in private. How it's done in RetroShare You and your colleagues install and configure RetroShare. During personal meetings with each of them, you exchange media with personal RetroShare certificates. Upon returning to the workplace, each participant adds certificates of other participants, they connect with each other and organize communication in a text chat and/or forum, if necessary, together with file sharing.

5. ORGANIZING EFFECTIVE FILE SHARING ON YOUR HOME NETWORK 

Description of the situation For example, you have 1 stationary (desktop) computer and 3 laptops at home. Are you tired of going back and forth between machines with a flash drive or SD card when transferring a movie or new family photos from computer to computer? You want to see on one or all computers at once all the necessary folders and files located on other computers, and be able to download what you need at the first call of your heart. How this is done in RetroShare We install RetroShare on each computer, generate a certificate, write all 4 certificates to media and, one by one, moving from one room of your house to another, add 3 of them on the corresponding machines. The procedure is one-time, and from now on all your 4 computers will be able to directly connect to each other.AmenitiesIn the situation described, you do not need to configure your router or modem in any special way. You don’t have to worry at all that someone from the external network will encroach on your personal files - this is impossible without the mutual exchange of certificates with the counterparty. That is, as in point 2, even if someone takes possession of your certificate, until you add it to your client, the connection will not be established. You can easily manipulate access rights for your different machines. For example, you open one group of folders for your other half, and another for your children. Children, by the way, can open their own group of folders, accessible only to them (of course, from the appropriate computer). With RetroShare, you yourself become the full owner of your own home local network, and, again, if someone from the outside tries to intercept and listen to your traffic,

6. YOU WOULD LIKE TO LINK YOUR HOME COMPUTER WITH YOUR WORK COMPUTER FOR SECURE, SECURE FILE EXCHANGE 

Description of the situation Do you still use Dropbox or some other cloud storage? You are in vain! You shouldn’t do this, at least when it comes to personal documents and other files from the “not for prying eyes” category. Whatever they tell you about “reliably encrypting your data on our servers,” don’t believe it. The owner of the service, and therefore other interested parties, almost always have the opportunity to receive an unencrypted copy of your files, especially if you do not take any steps to ensure security. But you have the opportunity to connect your work computer with your home one without third-party services . using the RetroShare cryptographic platform, an open source software that alreadyare concerned about your safety as it should be done. How to organize an exchange using RetroShare At home, you install RetroShare, generate a unique personal certificate and write it to the media. When you arrive at work, you install and configure RetroShare in the same way as at home. Add a home certificate to the client of the working machine. You write the certificate generated on your work computer onto a medium and, when you are already at home, add it to your home computer in the same way. If your work computer is turned on at this moment, then after some time the connection will be established and you will be able to use all the services provided by RetroShare. Why is it necessary to record on media?Isn't it easier to send the certificate by email? Your work files, like your home files, may be of particular significance and importance to you. In this regard, it is better to play it safe and not transfer the certificate over an open channel and through a third-party service , which theoretically will allow organizing a so-called “attack in the middle.” If you decide to simplify your task and use e-mail, then at least archive your certificate using a strong password. After connecting your home and work machines using RetroShare, you will have a direct, reliable, secure information transfer channel through which you can safely transfer important data. What do you get globally?
While at work, the ability to freely download files from your home machine (of course, if you have previously opened access to certain folders at home). While at home, the ability to freely download files from your work machine. Freedom of action, being sure that the data transfer channel you have installed is protected from interception, and unauthorized access to your files – both home and work – is impossible. Little joys You will have the opportunity to send yourself emails in a secure mode with notes, memos, files, etc. You can create your own announcement channel and, by setting auto-download in the channel properties, it is very easy to transfer any data arrays from machine to machine, being at that moment “at the other end of the line.”

6a. YOU WANT TO LINK YOUR WORK COMPUTER WITH YOUR HOME COMPUTER, BUT YOUR WORK HAS A PASSWORD ACCESS TO THE INTERNET AND/OR HAS AN OPAQUE NAT AVAILABLE

Description of the situation You want to connect your home computer with your work computer, but the organization you work for has very strict requirements for Internet access. Simply put, it is carried out strictly using a password and login. In addition, there are insurmountable problems with port forwarding, in other words - opaque NAT. How this is done in RetroShare There are no special barriers to overcoming this problem. Start the hidden service on the working machine. Install the crypto platform, generate a certificate, save it to a storage device. While at home, also install RetroShare and generate a certificate. Add a working certificate to the client. Once you add a home certificate on your production machine, the connection will be established very quickly.

Important! Even if you do not use a hidden service on your home machine, to connect to a remote client that uses such a service, you must install and run Tor .

What you get is absolutely the same as in point 6 : a secure channel, several very useful services, a lot of opportunities. New characteristic cases will be constantly added where the use of a crypto platform is indispensable > on September 9, 2015 [!https://adorabilis.wordpress.com/2015/09/09/crystal-retroshare/!]

Notes

1

https://en.wikipedia.org/wiki/Darknet ( back )

2

https://en.wikipedia.org/wiki/Dark_internet ( back )

3

https://en.wikipedia.org/wiki/Deep_Web ( back )

4

https://adorabilis.wordpress.com/2014/09/15/retroshare-tor/ and further in this guide ( back )

5

https://ru.wikipedia.org/wiki/RetroShare#.D0.9E.D0.B1.D0.BC.D0.B5.D0.BD_.D1.81.D0.BE.D0.BE.D0.B1 .D1.89.D0.B5.D0.BD.D0.B8.D1.8F.D0.BC.D0.B8_.D0.B8_.D1.81.D0.B2.D1.8F.D0.B7.D1 .8C ( back )

6

Original manual - https://adorabilis.wordpress.com/2014/07/20/retroshare-ideology/ ( back )

7

https://adorabilis.wordpress.com/2015/03/23/retroshare-for-people/ ( back )

Просмотры: