A Survey of Anonymous Peer-to-Peer File-Sharing


This website provides a brief survey of searchable, peer-to-peer, file-sharing systems that offer the user some form of anonymity, including details of:

  • Designs for anonymity
  • Anonymous peer-to-peer file-sharing software
  • Links
  • More details can be found in the following pdf paper:

  • A Survey of Anonymous Peer-to-Peer File-Sharing Tom Chothia and Konstantinos Chatzikokolakis. To appear at IFIP International Symposium on Network-Centric Ubiquitous Systems (NCUS 2005)
  • Power Point slides to accompany this paper can be found here.


    The majority of anonymous peer-to-peer file-sharing systems are "friend-to-friend" networks. These are peer-to-peer networks in which each peer (node) only connects to a small number of other, known nodes. Only the direct neighbours of a node know its IP address. Communication with remote nodes is provided by sending messages hop-to-hop across this overlay network. Routing messages in this way allows these networks to trade efficient routing for anonymity. There is no way to find the IP address of a remote node, and direct neighbours can achieve a level of anonymity by claiming that they are just forwarding requests and files for other nodes.

    There is a danger that the attacker will be able to spy on the activity of their direct neighbours, and thus find out which files the neighbour is requesting or offering. Some systems contain faults that leak this information while others allow an attacker to be up to 50% certain of what their neighbour is doing. So make sure you trust your neighbours! None of the current systems try to make it hard for an attacker to work out whether or not someone is running the file-sharing software.

    The Theory

    When talking about anonymous systems it is vital to be precise about what is anonymous, from whom, under what conditions, and exactly how anonymous. Node-to-node message passing provides anonymity to the originator and final receiver of a message because they can plausibly claim to be nodes in the chain, forwarding the message for someone else.

    The agents involved in file-sharing are the sender, who initiates a search for a file, and the responder or receiver who answers the search query and provides the file. In peer-to-peer networks these agents communicate through a number of nodes that forward the request and possibly the search data. The attacker can be a node in the system or a more powerful global attacker that can see everything (i.e., subpoena your ISP logs). This leads to the following kinds of anonymity:

  • Sender anonymity to any node, the responder or a global attacker.
  • Responder anonymity to any node, the sender or a global attacker.
  • Sender-responder unlinkability to any node or a global attacker.
  • It is also necessary to ask what level of anonymity a system provides. Some useful definitions by Reiter and Rubin [RR98], are:

  • Beyond suspicion (B.S.): From the attacker's point of view, the detected user appears no more likely to have originated the action than any other node.
  • Probable innocence (Prob.I.): From the attacker's point of view, the detected user appears no more likely to have originated the action than to not to have.
  • Possible innocence (Poss.I.): From the attacker's point of view, there is a nontrivial probability that the detected user did not originate the action.
  • As a rough guide possible innocence is what you need to defend yourself in court and beyond suspicion is what you need to stop yourself been a suspect.

    The following table summarizes the kinds and levels of anonymity provided by some of the most popular designs for anonymity and links to papers where you can find out more information. N.B. most of the values in this table have not been proved; there may be errors in a system that mean it does not offer any anonymity at all. For some designs e.g., MIXes there are many versions that offer different levels of anonymity.

    Designs for Anonymity
    Ants Mixes Crowds Onion Routing DC-nets Multicast Spoofed UDP Freenet
    Sender anonymous to Global Attacker No No No No/B.S. B.S. No No No
    Responder anonymous to Global Attacker No No No No B.S. B.S. No No
    Sender anonymous to Responder Prob.I. B.S. B.S. B.S. B.S. No Prob.I. Prob.I.
    Sender anonymous to Node Prob.I. No Prob.I. No/B.S. B.S. No Prob.I. Prob.I.
    Responder anonymous to Sender Prob.I. No No No B.S. B.S. No No
    Responder anonymous to Node Prob.I. No No No B.S. B.S. No No
    Sender-Responder unlinkable to Node Prob.I. B.S. Prob.I. B.S. B.S. B.S. Prob.I. Prob.I.
    Sender-Responder unlinkable to Global Attacker No B.S. No B.S. B.S. B.S. No No
    Paper [GSB02] [Cha81] [RR98] [SGR97] [Cha88] N/A N/A [CSWH01]

    Implemented System

    This section contains links to, or papers on, most of the major anonymous peer-to-peer systems, but first a word of warning. Working on these systems can be more troublesome than one would at first suspect. A case in point was an anonymous peer-to-peer system known as "Winny". The author of this system pushed it as a truly anonymous file-sharing system and file-sharers who wished to swap movies quickly picked it up. While the specification of the system was never fully released, there was soon firm evidence that the system did not really guarantee anonymity, as police arrested two of the system's users and charged them with copyright theft. Shortly after this, the author of the software, who was a researcher in the Computer Science Department of Tokyo University, was also arrested and charged with aiding and abetting copyright theft.

    It should be noted that some of these systems do not offer the anonymity they claim, especially when multiple attackers or time-based attacks are concerned (see the Survey paper above for more details).

    Anonymous Peer-to-Peer File-Sharing Systems
    System Name Based On Web Page or Paper
    Ants Ants http://antsp2p.sourceforge.net
    AP3 Crowds [MOP +04]
    APFS Onion routing [SLS01]
    Entropy Freenet http://entropy.stop1984.com
    Free Haven Secret sharing and MIXes [DFM00]
    Freenet Freenet [CSWH01]
    GNUnet MIXes http://gnunet.org
    HerbivoreFS DC-nets [SGRE05]
    I2P Onion routing http://www.i2p.net
    Mantis Ants and UDP spoofing [BASM04]
    Mute Ants http://mute-net.sourceforge.net
    Nodezilla Freenet http://www.nodezilla.net
    Napshare Ants http://napshare.sourceforge.net
    Tor Onion routing [DMS04]
    SSMP Secret sharing and onion routing [HLX+ 05]
    Waste Friend-to-Friend http://waste.sourceforge.net

  • A list of research papers on anonymity can be found at the Free Haven site .
  • A web page with information on anonymous peer-to-peer can be found here .
  • There is also a wikipedia page on anonymous peer-to-peer file-sharing.
  • This page is maintained by Tom Chothia (tomc at lix.polytechnique.fr) comments and suggestions are welcome.