Retroshare


Retroshare is a free and open-source peer-to-peer communication and file sharing app based on a friend-to-friend network built on GNU Privacy Guard. Optionally, peers may communicate certificates and IP addresses from and to their friends.

History

There has been an unofficial build for the single-board computer Raspberry Pi, named PiShare, since 2012.
The web site 'PRISM Break' has recommended Retroshare for anonymous file sharing since 2013.
On 4 November 2014, Retroshare scored 6 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard. It lost a point because there has not been a recent independent code audit.
In August 2015, Retroshare repository was migrated from SourceForge to GitHub.

Design

Retroshare is an instant messaging and file sharing network that uses a distributed hash table for address discovery. Users can communicate indirectly through mutual friends and request direct connections.

Features

Authentication and connectivity

After initial installation, the user generates a pair of cryptographic keys with Retroshare. After authentication and exchanging an asymmetric key, OpenSSL is used to establish a connection, and for end-to-end encryption. Friends of friends cannot connect by default, but they can see each other, if the users allow it. IPv6 support was merged into the master branch and will be released in the next version.

File sharing

It is possible to share folders between friends. File transfer is carried on using a multi-hop swarming system. In essence, data is only exchanged between friends, although it is possible that the ultimate source and destination of a given transfer are multiple friends apart. A search function performing anonymous multi-hop search is another source of finding files in the network.
Files are represented by their SHA-1 hash value, and HTTP-compliant file and links may be exported, copied, and pasted into/out of Retroshare to publish their virtual location into the Retroshare network.

Communication

The services that Retroshare offers for communication are:
The core of the Retroshare software is based on an offline library, to which two executables are plugged:
The friend-to-friend structure of the Retroshare network makes it difficult to intrude and hardly possible to monitor from an external point of view. The degree of anonymity may be improved further by deactivating the DHT and IP/certificate exchange services, making the Retroshare network a real dark net.
Friends of friends may not connect directly with each other; however, a user may enable the anonymous sharing of files with friends of friends. Search, access, and both upload and download of these files are made by "routing" through a series of friends. This means that communication between the source of data and the destination of the data is indirect through mutual friends. Although the intermediary friends cannot determine the original source or ultimate destination, they can see their very next links in the communication chain. Since the data stream is encrypted, only original source and ultimate destination are able to see what data is transferred.

Caveats

It is important to remember that while Retroshare’s encryption makes it virtually impossible for an ISP or another external observer to know what one is downloading or uploading, this limitation does not apply to members of the user's Retroshare circle of trust; adding the wrong people to it is a potential risk.
In 2012, a German Court granted an injunction against a user of Retroshare for sharing copyrighted music files. Retroshare derives its security from the fact that all transfers should go through “trusted friends” whom users add. In this case, the defendant added the anti-piracy monitoring company as a friend, which allowed him to be “caught.”