WASTE

From Wikipedia, the free encyclopedia

WASTE
Design by Justin Frankel
Initial release 2003
Written in C++
Available in English
Genre Darknet

WASTE is a peer-to-peer and friend-to-friend protocol and software application developed by Justin Frankel at Nullsoft in 2003 that features instant messaging, chat rooms & file browsing/sharing capabilities. The name WASTE is a reference to Thomas Pynchon's novel The Crying of Lot 49. In the novel, W.A.S.T.E. is (among other things) an underground postal service.

After its release, WASTE was removed from distribution by AOL, Nullsoft's parent company. The original page was replaced with a statement claiming that the posting of the software was unauthorized and that no lawful rights to it were held by anyone who had downloaded it, in spite of the original claim that the software was released under the terms of the GNU General Public License.

Several developers have modified and upgraded the WASTE client and protocol. The SourceForge edition is considered by many to be the "official" development branch, but there are several forks.

Contents

[edit] Description

WASTE is a decentralized chat, instant messaging and file sharing program & protocol. It behaves similar to a virtual private network by connecting to a group of trusted computers, as determined by the users. This kind of network is commonly referred to as a darknet. It employs heavy encryption to ensure that third parties cannot decipher the messages being transferred. The same encryption is used to transmit and receive instant messages, chat, and files, maintain the connection, and browse and search.

[edit] WASTE Networks

WASTE networks are decentralized (see social networks), meaning there is no central hub or server that everyone connects to. Peers must connect to each other individually. Normally, this is accomplished by having individuals sharing their RSA public keys, ensuring that their computers are accessible via the appropriate ports (one or more parties must have an IP address & port that can be reached by the other), and entering the IP address & port someone on the network to connect to.

Once connected to the network, public keys are automatically exchanged amongst members (provided enough of the members are set to forward & accept public keys), and nodes will then attempt to connect to each other, strengthening the network (decreasing the odds that any one node going down will collapse or shut out any part of the network), as well as increasing the number of possible routes from any given point to any other point, decreasing latency and bandwidth required for communication and file transfer.

Since WASTE connects small, private groups rather than large, public ones, the network search feature is one of the fastest of all the decentralized P2P applications. Its instant messaging & file sharing capabilities are much closer to those of AOL Instant Messenger than more typical file sharing programs. Members of the network can create private and public chat rooms, instant message each other, browse each other's files, and trade files, including the pushing or active sending of files by hosts, as well as the more common downloading by users. Simple drag-and-drop to chat boxes will send files to their intended destinations.

The suggested size for a WASTE network (referred to as a "mesh" by users) is 10-50 nodes, though it has been suggested that the size of the network is less critical than the ratio of nodes willing to route traffic to those that are not. With original Frankel client legacy groups now approaching five years of age, it's not uncommon for stable meshes to host multiple terabytes of secure content.

By default, WASTE listens to incoming connections on port 1337. This was probably chosen because of 1337's leet connotations.

Since there is no central hub, WASTE networks typically employ a password or passphrase, also called a "network name" to prevent collision. That is, a member from one network connecting to a member of another network, thus bridging the two networks. By assigning a unique identifier (passphrase) to your network, the risk of collisions can be reduced, particularly with the original clients.

[edit] Nullnets

"Nullnets" are networks without a passphrase. It is impossible to know how many nullnets exist, but there is one primary nullnet. The best way to access the nullnet is to post your credentials to the WASTE Key Exchange. [1] [2] The nullnet can easily merge with other nullnets because there is no passphrase, which makes it a great place for public discussion & file sharing.

[edit] Strengths

  • Secured through the trade of RSA public keys, allowing for safe and secure communication & data transfer with trusted hosts.
  • The distributed nature means that the network isn't dependent on anyone setting up a server to act as a hub. Contrast this with other P2P and chat protocols that require you to connect to a server. This means there is no single point of vulnerability for the network.
  • Similarly, there is no single group leader, everyone on the network is equal in what they can or cannot do, including inviting other members in to the group, nor can any member kick another from the group, exclude them from public chats, etc.
  • WASTE can obfuscate its protocol, making it difficult to detect that WASTE is being used.
  • WASTE has a "Saturate" feature which adds random traffic, making traffic analysis more difficult.
  • The nodes (each a trusted connection) automatically determine the lowest latency route for traffic and, in doing so, load balance. This also improves privacy, because packets often take different routes.

[edit] Shortcomings

  • Trading public keys, enabling port forwarding on your firewall (if necessary), and connecting to each other can be a difficult and/or tedious process, especially for those who aren't very technically proficient.
  • Due to the network's distributed nature, it is impossible to "kick" someone from the network once they've gained access. Since every member of the network will have that member's public key, all that member needs to do to regain access is to connect to another member. Coordinating the change of the network name is exceedingly difficult, so the best course of action is to create another network and migrate everyone over to the new network. This could, of course, also be seen as a strength.
  • Since there is no central server, once someone disconnects from the network, they must attempt any and all previously known IP addresses to reconnect. It is possible that the network will drift from those IP addresses and they will need to contact some of the members of the network in another way (i.e. email, instant message, etc.) in order to reconnect. Indeed, it is possible that one network could unknowingly split into two networks this way. It takes at least a small amount of coordination to keep a WASTE network intact. This can be as simple as one or more volunteers with a static IP address (or a domain name, which can be freely obtainable[3][4]) keeping their node up to allow people to reconnect to the network.
  • Encryption is performed using the Blowfish algorithm (which is thought to be strong), but the mode used, PCBC, has several known security flaws.
  • Nicknames are not "registered," again allowing for eavesdropping or spoofing. Once again, WASTE version 1.6 uses public keys for communication, reducing the chances of eavesdropping, but anyone can still choose any nickname they want so one must know and recognize the hash of the person they're addressing to be sure it's really them.
  • In order to connect from behind a firewall, one party must have the proper port forwarded to their computer. Moreover, because WASTE networks do not depend on a central server to connect them, there is no way around this. However, as long as there is one node that accepts incoming connections, it can easily act as a server connecting one or more nodes that cannot themselves accept incoming connections. Indeed, the long term stability of any WASTE network depends on these hubs.

[edit] Versions

The latest Windows release on SourceForge is 1.7.3. This is a new branch created because of inactivity on the main WASTE development branch. This is the most feature filled version to date. [5]

The previous Windows release on SourceForge is 1.5 beta 3.[6]

A "non-official" 1.6 Windows edition addresses some UI and privacy concerns.[7] Waste 1.6 will not work with WASTE 1.7. [8]

A new cross-platform (including Linux, Mac OS, and Microsoft Windows) beta version of WASTE called Waste 1.5 beta 4 aka wxWaste, using the WxWidgets toolkit is available.[9]

VIA Technologies released a fork of WASTE under the name PadlockSL, but removed the product's website after a few weeks. The user interface was written in Qt and the client was available for Linux and Windows.[10]

[edit] See also

[edit] References

[edit] External links

[edit] Misc