Retroshare is a

free and open-source Free and open-source software (FOSS) is software available under a Software license, license that grants users the right to use, modify, and distribute the software modified or not to everyone free of charge. FOSS is an inclusive umbrella term ...

peer-to-peer Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network, forming a peer-to-peer network of Node ...

communication and

file sharing File sharing is the practice of distributing or providing access to digital media, such as computer programs, multimedia (audio, images and video), documents or electronic books. Common methods of storage, transmission and dispersion include ...

app based on a friend-to-friend network built by GNU Privacy Guard (GPG). Optionally peers may exchange certificates and IP addresses to their friends and vice versa.

History

Retroshare was founded in 2004 by Mark Fernie. An unofficial build for the single-board computer

Raspberry Pi Raspberry Pi ( ) is a series of small single-board computers (SBCs) developed in the United Kingdom by the Raspberry Pi Foundation in collaboration with Broadcom Inc., Broadcom. To commercialize the product and support its growing demand, the ...

, named PiShare, was available since 2012. On 4 November 2014, Retroshare scored 6 out of 7 points on the

Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an American international non-profit digital rights group based in San Francisco, California. It was founded in 1990 to promote Internet civil liberties. It provides funds for legal defense in court, ...

's secure messaging scorecard, which is now out-of-date. It lost a point because there had not been a recent independent

code audit A software code audit is a comprehensive analysis of source code In computing, source code, or simply code or source, is a plain text computer program written in a programming language. A programmer writes the human readable source code to co ...

. In August 2015, Retroshare repository was migrated from

SourceForge SourceForge is a web service founded by Geoffrey B. Jeffery, Tim Perdue, and Drew Streib in November 1999. SourceForge provides a centralized software discovery platform, including an online platform for managing and hosting open-source soft ...

GitHub GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...

. In 2016, '' Linux Magazine'' reviewed security gaps in Retroshare and described it as "a brave effort, but in the end, an ineffective one."

Design

Retroshare is an

instant messaging Instant messaging (IM) technology is a type of synchronous computer-mediated communication involving the immediate ( real-time) transmission of messages between two or more parties over the Internet or another computer network. Originally involv ...

and file-sharing network that uses a

distributed hash table A distributed hash table (DHT) is a Distributed computing, distributed system that provides a lookup service similar to a hash table. Key–value pairs are stored in a DHT, and any participating node (networking), node can efficiently retrieve the ...

for address discovery. Users can communicate indirectly through mutual friends and request direct connections.

Features

Authentication and connectivity

After initial installation, the user generates a pair of ( GPG) cryptographic keys with Retroshare. After

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an Logical assertion, assertion, such as the Digital identity, identity of a computer system user. In contrast with iden ...

and exchanging an asymmetric key, OpenSSL is used to establish a connection, and for

end-to-end encryption End-to-end encryption (E2EE) is a method of implementing a secure communication system where only communicating users can participate. No one else, including the system provider, telecom providers, Internet providers or malicious actors, can ...

. Friends of friends cannot connect by default, but they can see each other, if the users allow it.

IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...

was released in November of 2018.

File sharing

It is possible to share folders between friends. File transfer is carried on using a multi-hop swarming system (inspired by the "Turtle Hopping" feature from the Turtle F2F project, but implemented differently). In essence, data is only exchanged between friends, although it is possible that the ultimate source and destination of a given transfer are multiple friends apart. A search function performing anonymous multi- hop search is another source of finding files in the network. Files are represented by their

SHA-1 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecimal digits. It was designed by the United States ...

hash value, and

HTTP HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...

-compliant file and links may be exported, copied, and pasted into/out of Retroshare to publish their virtual location into the Retroshare network.

Communication

Retroshare offers the following services for communication: * a private chat; * a private mailing system that allows secure communication between known friends and distant friends; * public and private multi-user chat lobbies; * a forum system allowing both anonymous and authenticated forums, which distributes posts from friends to friends; * a channel system offers the possibility to auto-download files posted in a given channel to every subscribed peer, similar to RSS feeds; * a posted links system, where links to important information can be shared; *

VoIP Voice over Internet Protocol (VoIP), also known as IP telephony, is a set of technologies used primarily for voice communication sessions over Internet Protocol (IP) networks, such as the Internet. VoIP enables voice calls to be transmitted as ...

calls; * Video calls (since version 0.6.0); * Tor and I2P networks support, for further anonymisation (since version 0.6.0).

User interface

The core of the Retroshare software is based on an offline library, into which two executables are plugged: * a

command-line interface A command-line interface (CLI) is a means of interacting with software via command (computing), commands each formatted as a line of text. Command-line interfaces emerged in the mid-1960s, on computer terminals, as an interactive and more user ...

executable which offers nearly no control, but it is useful to run "headless" on a server * a

graphical user interface A graphical user interface, or GUI, is a form of user interface that allows user (computing), users to human–computer interaction, interact with electronic devices through Graphics, graphical icon (computing), icons and visual indicators such ...

written in Qt is the one most users use. In addition to functions quite common to other file-sharing software, such as a search tab and visualization of transfers, Retroshare gives users the potential to manage their network by collecting optional information about neighbouring friends and visualizing it as a trust matrix or as a dynamic network graph. The appearance can be changed by choosing one of several available style sheets.

Anonymity

The friend-to-friend structure of the Retroshare network makes it difficult to intrude and hardly possible to monitor from an external point of view. The degree of anonymity may be improved further by deactivating the DHT and IP/ certificate exchange services, making the Retroshare network a real dark net. Friends of friends may not connect directly with each other; however, a user may enable the anonymous sharing of files with friends of friends. Search, access, and both upload and download of these files are made by "routing" through a series of friends. This means that communication between the source of data (the up-loader) and the destination of the data (the down-loader) is indirect through mutual friends. Although the intermediary friends cannot determine the original source or ultimate destination, they can see their very next links in the communication chain (their friends). Since the data stream is encrypted, only the original source and ultimate destination are able to see what data is transferred.

Caveats

While Retroshare's encryption makes it virtually impossible for an ISP or another external observer to know what one is downloading or uploading, this limitation does not apply to members of the user's Retroshare circle of trust; adding untrusted people to it may be a potential risk. In 2012, a German Court granted an injunction against a user of Retroshare for sharing copyrighted music files. Retroshare derives its security from the fact that all transfers should go through “trusted friends” whom users add. In this case, the defendant added the anti-piracy monitoring company as a friend, which allowed him to be traced through aggregation of bad Opsec.

References

External links

* {{Cryptographic software 2006 software Anonymous file sharing networks Cross-platform free software Cryptographic software Free file sharing software Free file transfer software Free instant messaging clients Free Internet forum software Free software programmed in C++ Instant messaging clients that use Qt Internet privacy software MacOS instant messaging clients Peer-to-peer file sharing Peer-to-peer software Secure communication Unix instant messaging clients