aboutsummaryrefslogtreecommitdiff
path: root/template/faq.html.j2
blob: 7c395dc08daa83cbee3ebbbc8216c1a45584a353 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
{% extends "common/base.j2" %}
{% block body_content %}
<div class="container-fluid">
  <div class="container text-center">
    <h1>FAQs<h1>
  </div>
</div>
<div class="container">
  <div class="row">
    <div class="col-2 d-none d-lg-block"><!-- for large viewports show menu for better orientation -->
      <nav class="nav subnav position-fixed flex-column border-right" style="position:fixed">
        <a class="nav-link" href="#general">{{ _("General") }}</a>
        <a class="nav-link" href="#features">{{ _("Features") }}</a>
        <a class="nav-link" href="#gns">GNU Name System</a>
        <a class="nav-link" href="#errors">{{ _("Error messages") }}</a>
        <a class="nav-link" href="#fs">{{ _("File-sharing") }}</a>
        <a class="nav-link" href="#contrib">{{ _("Contributing") }}</a>
      </nav>
    </div>

    <div class="col">
      <article>
        <h2><a name="general" class="subnav-anchor"></a>{{ _("General") }}</h2>
        General questions about the project.
        <section>
          <h3>{{ _("What do I do if my question is not answered here?") }}</h3>
          <p>
          {% trans %}
          A: There are many other sources of information. You can read additional
          documentation or ask the question on the help-gnunet@gnu.org mailing list or
          the #gnunet IRC on irc.freenode.net.
          {% endtrans %}
          </p>
        </section>
        <section>
          <h3>{{ _("When are you going to release the next version?") }}</h3>
          <p>
          {% trans %}
          A: The general answer is, when it is ready. A better answer may be: earlier
          if you contribute (test, debug, code, document). Every release will be
          anounced on the info-gnunet@gnu.org mailing list and on
          <a href="https://planet.gnu.org">planet GNU</a>. You can subscribe to the
          mailing list or the RSS feed of this site to automatically receive a
          notification.
          {% endtrans %}
          </p>
        </section>
        <section>
          <h3>{{ _("Is the code free?") }}</h3>
          <p>
          {% trans %}
          A: GNUnet is free software, available under the
          <a href="https://www.gnu.org/licenses/agpl-3.0.en.html">GNU Affero Public License (AGPL)</a>.
          {% endtrans %}
          </p>
        </section>
        <section>
          <h3>{{ _("Are there any known bugs?") }}</h3>
          <p>
          {% trans %}
          A: We track the list of currently known bugs in the
          <a href="https://bugs.gnunet.org/">Mantis system</a>.

          Some bugs are occasionally reported directly to developers or the developer
          mailing list. This is discouraged since developers often do not have the time
          to feed these bugs back into the Mantis database. Please report bugs directly
          to the bug tracking system. If you believe a bug is sensitive, you can set its
          view status to private (this should be the exception).
          {% endtrans %}
          </p>
        </section>
        <section>
          <h3>{{ _("Is there a graphical user interface?") }}</h3>
          <p>
          {% trans %}
          A: gnunet-gtk is a separate download. The package
          contains various GTK+ based graphical interfaces, including a
          graphical tool for configuration.
          {% endtrans %}
          </p>
        </section>
        <section>
          <h3>{{ _("Why does gnunet-service-nse create a high CPU load?") }}</h3>
          <p>
          {% trans %}
          A: The gnunet-service-nse process will initially compute a so-called
          &quot;proof-of-work&quot; which is used to convince the network that your
          peer is real (or, rather, make it expensive for an adversary to mount a Sybil
          attack on the network size estimator). The calculation is expected to take a
          few days, depending on how fast your CPU is. If the CPU load is creating a
          problem for you, you can set the value &quot;WORKDELAY&quot; in the
          &quot;nse&quot; section of
          your configuration file to a higher value. The default is &quot;5 ms&quot;.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("How does GNUnet compare to Tor?") }}</h3>
          <p>
          {% trans %}
          A: Tor focuses on anonymous communication and censorship-resistance for TCP
          connections and, with the Tor Browser Bundle, for the Web in particular.
          GNUnet does not really have one focus; our theme is secure decentralized
          networking, but that is too broad to be called a focus.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("How does GNUnet compare to I2P?") }}</h3>
          <p>
          {% trans %}
          A: Both GNUnet and I2P want to build a better, more secure, more decentralized
          Internet. However, on the technical side, there are almost no overlaps.
          <br><br>
          I2P is written in Java, and has (asymmetric) tunnels using onion (or garlic)
          routing as the basis for various (anonymized) applications. I2P is largely used
          via a Web frontend.
          {% endtrans %}
          </p>
        </section>
        <section>
          <h3>{{ _("Is GNUnet ready for use on production systems?") }}</h3>
          <p>
          {% trans %}
          A: GNUnet is still undergoing major development. It is largely not yet ready
          for usage beyond developers. Your mileage will vary depending on the
          functionality you use, but you will always likely run into issues with
          our current low-level transport system. We are currently in the process of
          rewriting it (Project &quot;Transport Next Generation [TNG]&quot;)
          {% endtrans %}
          </p>
        </section>
        <section>
          <h3>{{ _("Is GNUnet build using distributed ledger technologies?") }}</h3>
          <p>
          {% trans %}
          A: No. GNUnet is a new network protocol stack for building secure,
          distributed, and privacy-preserving applications.
          While a ledger could be built using GNUnet, we currently have no plans in
          doing so.
          {% endtrans %}
          </p>
        </section>


        <hr/>
        <h2><a name="features" class="subnav-anchor"></a>{{ _("Features") }}</h2>
        <section>
          <h3>{{ _("What can I do with GNUnet?") }}</h3>
          <p>
          {% trans %}
          A: GNUnet is a peer-to-peer framework, by which we mostly mean that it can do
          more than just one thing. Naturally, the implementation and documentation of
          some of the features that exist are more advanced than others.
          {% endtrans %}
          </p>
          <p>
          {% trans %}
          For users, GNUnet offers anonymous and non-anonymous file-sharing, a fully
          decentralized and censorship-resistant replacement for DNS and a mechanism for
          IPv4-IPv6 protocol translation and tunneling (NAT-PT with DNS-ALG).
          {% endtrans %}
          See also: <a href="{{ url_localized('applications.html') }}">Applications</a>.

          </p>
        </section>

        <section>
          <h3>{{ _("Is it possible to surf the WWW anonymously with GNUnet?") }}</h3>
          <p>
          {% trans %}
          A: It is not possible use GNUnet for anonymous browsing at this point.
          We recommend that you use Tor for anonymous surfing.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("Is it possible to access GNUnet via a browser as an anonymous WWW?") }}</h3>
          <p>
          {% trans %}
          A: There is currently no proxy (like fproxy in Freenet) for GNUnet that would
          make it accessible with a browser. It is possible to build such a proxy and
          all one needs to know is the protocol used between browser and proxy and a
          swift look at the GNUnet code for file-sharing.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("Is there a graphical user interface?") }}</h3>
          <p>
          {% trans %}
          A: There are actually a few graphical user interfaces for different functions.
          gnunet-setup is to configure GNUnet, and gnunet-fs-gtk is for file-sharing.
          There are a few other gnunet-XXX-gtk GUIs of lesser importance.
          Note that in order to obtain the GUI, you need to install the gnunet-gtk
          package, which is a separate download.

          gnunet-gtk is a meta GUI that integrates most of the other GUIs in one window.
          One exception is gnunet-setup, which must still be run separately at this time
          (as setup requires the peer to be stopped).
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("On top of which operating systems does GNUnet run?") }}</h3>
          <p>
          {% trans %}
          A: GNUnet is being developed and tested primarily under Debian GNU/Linux.
          Furthermore, we regularly build and test GNUnet on Fedora, Ubuntu, Arch,
          FreeBSD and macOS.

          We have reports of working versions on many other GNU/Linux distributions;
          in the past we had reports of working versions on NetBSD, OpenBSD and Solaris.
          However, not all of those reports are recent, so if you cannot get GNUnet to
          work on those systems please let us know.
          {% endtrans %}
          </p>
        </section>

        <hr/>
        <h2><a name="gns" class="subnav-anchor"></a>GNU Name System</h2>
        <section>
          <h3>{{ _("Who runs the GNS root zone?") }}</h3>
          <p>
          {% trans %}
          A: Short answer: you. The long answer is the GNUnet will ship with a
          default configuration of top-level domains. The governance of this default
          configuration is not yet established. In any case, the user will be able
          to modify this configuration at will. We expect normal users to have
          no need to edit their own GNS zone(s) unless they host services themselves.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("Where is the per-user GNS database kept?") }}</h3>
          <p>
          {% trans %}
          A: The short answer is that the database is kept at the user's GNUnet peer.
          Now, a user may run multiple GNUnet peers, in which case the database could be
          kept at each peer (however, we don't have code for convenient replication).
          Similarly, multiple GNUnet peers can share one instance of the database ---
          the &quot;gnunet-service-namestore&quot; can be accessed from remote
          (via TCP). The actual data can be stored in a Postgres database, for which
          various replication options are again applicable. Ultimately, there are many
          options for how users can store (and secure) their GNS database.
          {% endtrans %}
          </p>
        </section>


        <section>
          <h3>{{ _("What is the expected average size of a GNS namestore database?") }}</h3>
          <p>
          {% trans %}
          A: Pretty small. Based on our user study where we looked at browser histories
          and the number of domains visited, we expect that GNS databases will only
          grow to a few tens of thousands of entries, small enough to fit even on mobile
          devices.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("Is GNS resistant to the attacks on DNS used by the US?") }}</h3>
          <p>
          {% trans %}
          A: We believe so, as there is no entity that any government could force to
          change the mapping for a name except for each individual user (and then the
          changes would only apply to the names that this user is the authority for).
          So if everyone used GNS, the only practical attack of a government would be to
          force the operator of a server to change the GNS records for his server to
          point elsewhere. However, if the owner of the private key for a zone is
          unavailable for enforcement, the respective zone cannot be changed and any
          other zone delegating to this zone will achieve proper resolution.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("How does GNS compare to other name systems") }}</h3>
          <p>
          {% trans %}
          A: A scientific paper on this topic 
          <a href="https://grothoff.org/christian/ns2018.pdf">has been published
          </a> and below is a table from the publication.
          For detailed descriptions please refer to the paper.
          {% endtrans %}
          <table>
            <thead>
              <td></td>
              <td>MitM manipulation</td>
              <td>Zone walk</td>
              <td>Client observation (network)</td>
              <td>Client observation (operator)</td>
              <td>Traffic amplification</td>
              <td>Censorship/legal attacks</td>
              <td>Ease of migration</td>
            <thead>
            <tbody>
              <tr>
              <td>DNS</td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td>+++</td>
              </tr>
              <tr>
              <td>DNSSEC</td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td>+</td>
              </tr>
              <tr>
              <td>DNSCurve</td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td>+</td>
              </tr>
              <tr>
              <td>DoT/DoH</td>
              <td><i class="fa fa-check"></i></td>
              <td>n/a</td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td>+</td>
              </tr>
              <tr>
              <td>Confid. DNS</td>
              <td><i class="fa fa-times"></i></td>
              <td>n/a</td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td>++</td>
              </tr>
              <tr>
              <td>Namecoin</td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td>-</td>
              </tr>
              <tr>
              <td>GNS</td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td>--</td>
              </tr>
              <tr>
              <td>RAINS</td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td><i class="fa fa-check"></i></td>
              <td><i class="fa fa-times"></i></td>
              <td>--</td>
              </tr>

            </tbody>
          </table>
          </p>
        </section>
        <section>
          <h3>{{ _("What is the difference between GNS and CoDoNS?") }}</h3>
          <p>
          {% trans %}
          A: CoDoNS decentralizes the DNS database (using a DHT) but preserves the
          authority structure of DNS. With CoDoNS, IANA/ICANN are still in charge, and
          there are still registrars that determine who owns a name.
          <br><br>
          With GNS, we decentralize the database and also decentralize the
          responsibility for naming: each user runs his own personal root zone and is
          thus in complete control of the names he uses. GNS also has many additional
          features (to keep names short and enable migration) which don't even make
          sense in the context of CoDoNS.

          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("What is the difference between GNS and SocialDNS?") }}</h3>
          <p>
          {% trans %}
          A: Like GNS, SocialDNS allows each user to create DNS mappings. However, with
          SocialDNS the mappings are shared through the social network and subjected to
          ranking. As the social relationships evolve, names can thus change in
          surprising ways.
          <br><br>
          With GNS, names are primarily shared via delegation, and thus mappings will
          only change if the user responsible for the name (the authority) manually
          changes the record.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("What is the difference between GNS and ODDNS?") }}</h3>
          <p>
          {% trans %}
          A: ODDNS is primarily designed to bypass the DNS root zone and the TLD
          registries (such as those for ".com" and ".org"). Instead of using those,
          each user is expected to maintain a database of (second-level) domains
          (like "gnu.org") and the IP addresses of the respective name servers.
          Resolution will fail if the target name servers change IPs.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("What is the difference between GNS and Handshake?") }}</h3>
          <p>
          {% trans %}
          A: Handshake is a blockchain-based method for root zone governance.
          Hence, it does not address the name resolution process itself but
          delegates resolution into DNS after the initial TLD resolution.
          Not taking sustainablility considerations into account, handshake
          could be used as an additional supporting GNS root zone governance
          model but we currently do not have such plans in mind.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("What is the difference between GNS and TrickleDNS?") }}</h3>
          <p>
          {% trans %}
          A: TrickleDNS pushes (&quot;critical&quot;) DNS records between DNS resolvers
          of participating domains to provide &quot;better availability, lower query
          resolution times, and faster update propagation&quot;. Thus TrickleDNS is
          focused on defeating attacks on the availability (and performance) of record
          propagation in DNS, for example via DDoS attacks on DNS root servers.
          TrickleDNS is thus concerned with how to ensure distribution of authoritative
          records, and authority remains derived from the DNS hierarchy.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("Does GNS require real-world introduction (secure PKEY exchange) in the style of the PGP web of trust?") }}</h3>
          <p>
          {% trans %}
          A: For security, it is well known that an initial trust path between the two
          parties must exist. However, for applications where this is not required,
          weaker mechanisms can be used. For example, we have implemented a
          first-come-first-served (FCFS) authority which allows arbitrary users to
          register arbitrary names. The key of this authority is included with every
          GNUnet installation. Thus, any name registered with FCFS is in fact global and
          requires no further introduction. However, the security of these names
          depends entirely on the trustworthiness of the FCFS authority.
          The authority can be queried under the &quot;.pin&quot; TLD.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("How can a legitimate domain owner tell other people to not use his name in GNS?") }}</h3>
          <p>
          {% trans %}
          A: Names have no owners in GNS, so there cannot be a &quot;legitimate&quot;
          domain owner. Any user can claim any name (as his preferred name or
          &quot;pseudonym&quot;) in his NICK record. Similarly, all other users can
          choose to ignore this preference and use a name of their choice (or even
          assign no name) for this user.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("Did you consider the privacy implications of making your personal GNS zone visible?") }}</h3>
          <p>
          {% trans %}
          A: Each record in GNS has a flag &quot;private&quot;. Records are shared with
          other users (via DHT or zone transfers) only if this flag is not set.
          Thus, users have full control over what information about their zones is made
          public.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("Are \"Legacy Host\" (LEHO) records not going to be obsolete with IPv6?") }}</h3>
          <p>
          {% trans %}
          A: The question presumes that (a) virtual hosting is only necessary because of
          IPv4 address scarcity, and (b) that LEHOs are only useful in the context of
          virtual hosting. However, LEHOs are also useful to help with X.509 certificate
          validation (as they specify for which legacy hostname the certificate should
          be valid). Also, even with IPv6 fully deployed and &quot;infinite&quot; IP
          addresses being available, we're not sure that virtual hosting would
          disappear. Finally, we don't want to have to wait for IPv6 to become
          commonplace, GNS should work with today's networks.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("Why does GNS not use a trust metric or consensus to determine globally unique names?") }}</h3>
          <p>
          {% trans %}
          A: Trust metrics have the fundamental problem that they have thresholds.
          As trust relationships evolve, mappings would change their meaning as they
          cross each others thresholds. We decided that the resulting unpredictability
          of the resolution process was not acceptable. Furthermore, trust and consensus
          might be easy to manipulate by adversaries.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("How do you handle compromised zone keys in GNS?") }}</h3>
          <p>
          {% trans %}
          A: The owner of a private key can create a revocation message. This one can
          then be flooded throughout the overlay network, creating a copy at all peers.
          Before using a public key, peers check if that key has been revoked.
          All names that involve delegation via a revoked zone will then fail to
          resolve. Peers always automatically check for the existence of a revocation
          message when resolving names.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("Could the signing algorithm of GNS be upgraded in the future?") }}</h3>
          <p>
          {% trans %}
          A: Yes. In our efforts to standardize GNS, we have already modified the protocol
          to support alternative delegation records.
          <br>
          <br>
          Naturally, deployed GNS implementations would have to be updated to support
          the new signature scheme. The new scheme can then be run in parallel with
          the existing system by using a new record type to indicate the use of a
          different cipher system.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("How can a GNS zone maintain several name servers, e.g. for load balancing?") }}</h3>
          <p>
          {% trans %}
          A: We don't expect this to be necessary, as GNS records are stored (and
          replicated) in the R5N DHT. Thus the authority will typically not be contacted
          whenever clients perform a lookup. Even if the authority goes (temporarily)
          off-line, the DHT will cache the records for some time. However, should having
          multiple servers for a zone be considered truly necessary, the owner of the
          zone can simply run multiple peers (and share the zone's key and database
          among them).
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("Why do you believe it is worth giving up unique names for censorship resistance?") }}</h3>
          <p>
          {% trans %}
          A: The GNU Name system offers an alternative to DNS that is censorship
          resistant. As with any security mechanism, this comes at a cost (names are not
          globally unique). To draw a parallel, HTTPS connections use more bandwidth and
          have higher latency than HTTP connections. Depending on your application,
          HTTPS may not be worth the cost. However, for users that are experiencing
          censorship (or are concerned about it), giving up globally unique names may
          very well be worth the cost. After all, what is a &quot;globally&quot; unique
          name worth, if it does not resolve?
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("Why do you say that DNS is 'centralized' and 'distributed'?") }}</h3>
          <p>
          {% trans %}
          A: We say that DNS is 'centralized' because it has a central component /
          central point of failure --- the root zone and its management by IANA/ICANN.
          This centralization creates vulnerabilities. For example, the US government
          was able to reassign the management of the country-TLDs of Afganistan and Iraq
          during the wars at the beginning of the 21st century.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("How does GNS protect against layer-3 censorship?") }}</h3>
          <p>
          {% trans %}
          A: GNS does not directly help with layer-3 censorship, but it does help
          indirectly in two ways:

          <ol>
            <li> Many websites today use virtual hosting, so blocking a particular IP
              address causes much more collateral damage than blocking a DNS name.
              It thus raises the cost of censorship.</li>
            <li> Existing layer-3 circumvention solutions (such as Tor) would benefit from
              a censorship resistant naming system. Accessing Tor's &quot;.onion&quot;
              namespace currently requires users to use unmemorable cryptographic
              identifiers. With nicer names, Tor and tor2web-like services would be even
              easier to use.
          </ol>
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("Does GNS work with search engines?") }}</h3>
          <p>
          {% trans %}
          A: GNS creates no significant problems for search engines, as they can use GNS
          to perform name resolution as well as any normal user. Naturally, while we
          typically expect normal users to install custom software for name resolution,
          this is unlikely to work for search engines today. However, the DNS2GNS
          gateway allows search engines to use DNS to resolve GNS names, so they can
          still index GNS resources. However, as using DNS2GNS gateways breaks the
          cryptographic chain of trust, legacy search engines will obviously not obtain
          censorship-resistant names.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("How does GNS compare to the Unmanaged Internet Architecture (UIA)?") }}</h3>
          <p>
          {% trans %}
          A: UIA and GNS both share the same basic naming model, which actually
          originated with Rivest's SDSI. However, UIA is not concerned about integration
          with legacy applications and instead focuses on universal connectivity between
          a user's many machines. In contrast, GNS was designed to interoperate with DNS
          as much as possible, and to also work as much as possible with the existing
          Web infrastructure. UIA is not at all concerned about legacy systems (clean
          slate).
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("Doesn't GNS increase the trusted-computing base compared to DNS(SEC)?") }}</h3>
          <p>
          {% trans %}
          A: First of all, in GNS you can explicitly see the trust chain, so you know if
          a name you are resolving belongs to a friend, or a friend-of-a-friend, and can
          thus decide how much you trust the result. Naturally, the trusted-computing
          base (TCB) can become arbitrarily large this way --- however, given the name
          length restriction, for an individual name it is always less than about 128
          entities.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("How does GNS handle SRV/TLSA records where service and protocol are part of the domain name?") }}</h3>
          <p>
          {% trans %}
          A: When GNS splits a domain name into labels for resolution, it detects the
          &quot;_Service._Proto&quot; syntax, converts &quot;Service&quot; to the
          corresponding port number and &quot;Proto&quot; to the corresponding protocol
          number. The rest of the name is resolved as usual. Then, when the result is
          presented, GNS looks for the GNS-specific &quot;BOX&quot; record type.
          A BOX record is a record that contains another record (such as SRV or TLSA
          records) and adds a service and protocol number (and the original boxed record
          type) to it.
          {% endtrans %}
          </p>
        </section>

        <hr/>
        <h2><a name="errors" class="subnav-anchor"></a>{{ _("Error messages") }}</h2>
        <section>
          <h3>{{ _("I receive many &quot;WARNING Calculated flow delay for X at Y for Z&quot;. Should I worry?") }}</h3>
          <p>
          {% trans %}
          A: Right now, this is expected and a known cause for high
          latency in GNUnet.  We have started a major rewrite to address
          this and other problems, but until the Transport Next
          Generation (TNG) is ready, these warnings are expected.
          {% endtrans %}
          </p>
        </section>
        <section>
          <h3>{{ _("Error opening `/dev/net/tun': No such file or directory?") }}</h3>
          <p>
          {% trans %}
          A: If you get this error message, the solution is simple. Issue the following
          commands (as root) to create the required device file
          {% endtrans %}
          <code class="block">
            # mkdir /dev/net<br>
            # mknod /dev/net/tun c 10 200<br>
          </code>
          </p>
        </section>

        <section>
          <h3>{{ _("'iptables: No chain/target/match by that name.' (when running gnunet-service-dns)?") }}</h3>
          <p>
          {% trans %}
          A: For GNUnet DNS, your iptables needs to have &quot;owner&quot; match
          support.

          This is accomplished by having the correct kernel options. Check if your
          kernel has CONFIG_NETFILTER_XT_MATCH_OWNER set to either 'y' or 'm' (and the
          module is loaded).
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("'Timeout was reached' when running PT on Fedora (and possibly others)?") }}</h3>
          <p>
          {% trans %}
          A: If you get an error stating that the VPN timeout was reached, check if your
          firewall is enabled and blocking the connections.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("I'm getting an 'error while loading shared libraries: libgnunetXXX.so.X'") }}</h3>
          <p>
          {% trans %}
          A: This error usually occurs when your linker fails to locate one of GNUnet's
          libraries. This can have two causes. First, it is theoretically possible that
          the library is not installed on your system; however, if you compiled GNUnet
          the normal way and/or used a binary package, that is highly unlikely. The more
          common cause is that you installed GNUnet to a directory that your linker
          does not search. There are several ways to fix this that are described below.

          If you are 'root' and you installed to a system folder (such as /usr/local),
          you want to add the libraries to the system-wide search path. This is done by
          adding a line "/usr/local/lib/" to /etc/ld.so.conf and running "ldconfig".
          If you installed GNUnet to /opt or any other similar path, you obviously have
          to change "/usr/local" accordingly.

          If you do not have 'root' rights or if you installed GNUnet to say
          "/home/$USER/", then you can explicitly tell your linker to search a
          particular directory for libraries using the "LD_LIBRARY_PATH" environment
          variable. For example, if you configured GNUnet using a prefix of
          "$HOME/gnunet/" you want to run:
          {% endtrans %}
          </p>
          <code>
            $ export LD_LIBRARY_PATH=$HOME/gnunet/lib:$LD_LIBRARY_PATH<br>
            $ export PATH=$HOME/gnunet/bin:$PATH
          </code>
          </p>
          {% trans %}
          to ensure GNUnet's binaries and libraries are found. In order to avoid having to do so each time, you can add the above lines (without the "$") to your .bashrc or .profile file. You will have to logout and login again to have this new profile be applied to all shells (including your desktop environment).
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("What error messages can be ignored?") }}</h3>
          <p>
          {% trans %}
          A: Error messages flagged as "DEBUG" should be disabled in binaries
          built for end-users and can always be ignored.

          Error messages flagged as "INFO" always refer to harmless events that
          require no action. For example, GNUnet may use an INFO message to
          indicate that it is currently performing an expensive operation that
          will take some time. GNUnet will also use INFO messages to display
          information about important configuration values.
          {% endtrans %}
          </p>
        </section>

        <hr/>
        <h2><a name="fs" class="subnav-anchor"></a>{{ _("File-sharing")}}</h2>
        <section>
          <h3>{{ _("How does GNUnet compare to other file-sharing applications?") }}</h3>
          <p>
          {% trans %}
          A: As opposed to Napster, Gnutella, Kazaa, FastTrack, eDonkey and most
          other P2P networks, GNUnet was designed with security in mind as the
          highest priority. We intend on producing a network with comprehensive
          security features. Many other P2P networks are open to a wide variety
          of attacks, and users have little privacy. GNUnet is also Free
          Software and thus the source code is available, so you do not have to
          worry about being spied upon by the software. The following table
          summarises the main differences between GNUnet and other systems.
          The information is accurate to the best of our knowledge.
          The comparison is difficult since there are sometimes differences
          between various implementations of (almost) the same protocol.
          In general, we pick a free implementation as the reference
          implementation since it is possible to inspect the free code. Also,
          all of these systems are changing over time and thus the data below
          may not be up-to-date. If you find any flaws, please let us know.
          Finally, the table is not saying terribly much (it is hard to compare
          these systems this briefly), so if you want the real differences, read
          the research papers (and probably the code).
          {% endtrans %}
          </p>
          <table width="90%" border="0" cellpadding="0" cellspacing="0"><tbody><tr><th >Network</th>
                <th ><a>GNUnet FS</a></th>
                <th ><a>OneSwarm</th>
                <th ><a>Napster</th>
                <th ><a>Direct Connect</th>
                <th ><a>FastTrack</th>
                <th ><a>eDonkey</th>
                <th ><a>Gnutella</th>
                <th ><a>Freenet</th>
              </tr><tr><th >Distributed Queries</th>
                <td >yes</td>
                <td >yes</td>
                <td >no</td>
                <td >hubs</td>
                <td >super-peers</td>
                <td >DHT (eMule)</td>
                <td >yes</td>
                <td >yes</td>
              </tr><tr><th >Multisource Download</th>
                <td >yes</td>
                <td >yes</td>
                <td >no</td>
                <td >no</td>
                <td >yes</td>
                <td >yes</td>
                <td >yes</td>
                <td >no</td>
              </tr><tr><th >Economics</th>
                <td >yes</td>
                <td >yes</td>
                <td >no</td>
                <td >no</td>
                <td >no</td>
                <td >yes</td>
                <td >no</td>
                <td >no</td>
              </tr><tr><th >Anonymity</th>
                <td >yes</td>
                <td >maybe</td>
                <td >no</td>
                <td >no</td>
                <td >no</td>
                <td >no</td>
                <td >no</td>
                <td >yes</td>
              </tr><tr><th >Language</th>
                <td >C</td>
                <td >Java</td>
                <td >often C</td>
                <td >C++</td>
                <td >C</td>
                <td >C++</td>
                <td >often C</td>
                <td >Java</td>
              </tr><tr><th >Transport Protocol</th>
                <td >UDP, TCP, SMTP, HTTP</td>
                <td >TCP</td>
                <td >TCP</td>
                <td >TCP?</td>
                <td >UDP, TCP</td>
                <td >UDP, TCP</td>
                <td >TCP</td>
                <td >TCP</td>
              </tr><tr><th >Query Format (UI)</th>
                <td >keywords / CHK</td>
                <td >filename / SHA?</td>
                <td >keywords</td>
                <td >filename, THEX</td>
                <td >filename, SHA</td>
                <td >filename, MD4?</td>
                <td >filename, SHA</td>
                <td >secret key, CHK</td>
              </tr><tr><th >Routing</th>
                <td >dynamic (indirect, direct)</td>
                <td >static (indirect, direct)</td>
                <td >always direct</td>
                <td >always direct</td>
                <td >always direct</td>
                <td >always direct</td>
                <td >always direct</td>
                <td >always indirect</td>
              </tr><tr><th >License</th>
                <td >GPL</td>
                <td >GPL</td>
                <td >GPL (knapster)</td>
                <td >GPL (Valknut)</td>
                <td >GPL (giFT)</td>
                <td >GPL (eMule)</td>
                <td >GPL (gtk-gnutella)</td>
                <td >GPL</td>
              </tr></tbody>
          </table>
          <p>
          {% trans %}
          Another important point of reference are the various anonymous
          peer-to-peer networks.
          Here, there are differences in terms of application domain and how
          specifically anonymity is achieved.
          Anonymous routing is a hard research topic, so for a superficial
          comparisson like this one we focus on the latency.
          Another important factor is the programming language.
          Type-safe languages may offer certain security benefits; however, this may come at the cost of significant increases in resource consumption which in turn may reduce anonymity.
          {% endtrans %}
          </p>
        </section>
        <section>
          <h3>{{ _("Are there any known attacks (on GNUnet's file-sharing application)?") }}</h3>
          <p>
          {% trans %}
          A: Generally, there is the possibility of a known plaintext attack on
          keywords, but since the user has control over the keywords that are
          associated with the content he inserts, the user can take advantage of
          the same techniques used to generate reasonable passwords to defend
          against such an attack. In any event, we are not trying to hide
          content; thus, unless the user is trying to insert information into
          the network that can only be shared with a small group of people,
          there is no real reason to try to obfuscate the content by choosing a
          difficult keyword anyway.
          {% endtrans %}
          </p>
        </section>
        <section>
          <h3>{{ _("What do you mean by anonymity?") }}</h3>
          <p>
          {% trans %}
          A: Anonymity is the lack of distinction of an individual from a
          (large) group. A central goal for anonymous file-sharing in GNUnet is
          to make all users (peers) form a group and to make communications in
          that group anonymous, that is, nobody (but the initiator) should be
          able to tell which of the peers in the group originated the message.
          In other words, it should be difficult to impossible for an adversary
          to distinguish between the originating peer and all other peers.
          {% endtrans %}
          </p>
        </section>
        <section>
          <h3>{{ _("What does my system do when participating in GNUnet file sharing?") }}</h3>
          <p>
          {% trans %}
          A: In GNUnet you set up a node (a peer). It is identified by an ID (hash
          of its public key) and has a number of addresses it is reachable by
          (may have no addresses, for instance when it's behind a NAT).
          You specify bandwidth limits (how much traffic GNUnet is allowed to
          consume) and datastore quote (how large your on-disk block storage is)
          . Your node will then proceed to connect to other nodes, becoming
          part of the network.
          {% endtrans %}
          </p>
        </section>

        <hr/>
        <h2><a name="contrib" class="subnav-anchor"></a>{{ _("Contributing")}}</h2>
        <section>
          <h3>{{ _("How can I help translate this webpage into other languages?") }}</h3>
          <p>
          {% trans %}
          A: First, you need to register an account with our weblate system.
          Please send an e-mail with the desired target language to
          translators@gnunet.org or ask for help on the #gnunet chat on
          irc.freenode.net. Typically someone with sufficient permissions will
          then grant you access. Naturally, any abuse will result in the loss
          of permissions.
          {% endtrans %}
          </p>
        </section>

        <section>
          <h3>{{ _("I have some great idea for a new feature, what should I do?") }}</h3>
          <p>
          {% trans %}
          A: Sadly, we have many more feature requests than we can possibly
          implement. The best way to actually get a new feature implemented is
          to do it yourself --- and to then send us a patch.
          {% endtrans %}
          </p>
        </section>


      </article>
    </div> <!-- col -->
  </div> <!-- row-->


  <!--
    <h2>{{ ("Q?") }}</h2>

    <h2>{{ ("Q?") }}</h2>

    <h2>{{ ("Q?") }}</h2>
  -->

</div>
{% endblock body_content %}