Hi all,
I want to answer some of the complains/issues here. Some of them are valid. some not. hope the detailed answers do not offend anybody.
+++++++++++++++++++++++++++++++++
I just wanted to point out that if you are genuinely worried about the NSA snooping your communications, do not use Retroshare
We are discussing here in a Bitcoin Forum. If this is important, you should drop your interrest in
BTC . IMHO the Bitcoin transactions are snooped too with METADATA + Money Data.
A/I explains why we they do not accept Bitcoins as donation method.
http://cavallette.noblogs.org/2013/07/8333#eng1 they are not really anonymous (it is stated also on their official website)
...
the real anonymous donations are made in a sealed envelope using latex gloves.
this firstly will offer zero protection for your metadata.
This isn't correct. RetroShare exposes some MetaData but you can define which of them are exposed. And reduce them effectively.
File Sharing is made with TurtleRouter:
http://retroshareteam.wordpress.com/2012/11/03/retroshares-anonymous-routing-model/Communcation via Distant $feature to non friends through the RetroShare Network via TurtleF2F
https://retroshareteam.wordpress.com/2013/08/08/distant-chat-and-messaging-using-generic-tunnels/The distant functions obfuscate the communication in the RetroShare network. They do not need a direct connections to friends. Only a chain of friends to your endpoint, which activate Turtle-Routing.
on your endpoint or perhaps one of the 300 or so of your 'trusted' friends
Normally your friendlist contains up to 50 users, and normally 5-10 needs to be online.
Secure endpoint environment is important. IMHO AirGap is the only working security feature, still can be pierced with social engineering.
This is a general claim, and valid to all Software as we know it.
How much of tech. max. 5000 Facebook friends are real friends with contact everyday or once a month?
TOR Support:It is planned to have IPv6 Support
http://sourceforge.net/p/retroshare/code/6735/ hopefully in v0.6
IPv6 offers the ability to use TOR via
https://www.onioncat.org/ OnionCat is a VPN-adapter which allows to connect two or more computers or networks through VPN-tunnels. It is designed to use the anonymization networks Tor or I2P as its transport, hence, it provides location-based anonymity while still creating tunnel end points with private unique IP addresses.
If you know a silver bullet for anonymization, pls tell me. Haven't found one yet.
sees you are a user of encryption software. So once your metadata is available for data mining, perhaps you are automatically flagged up as a person of interest
This could happen to all people which use any encryption software. Or any cypher technology. i want to point out we are discussing here on a Bitcoin Forum aka CryptoCurrency. If this is true, you are already a person of interrest.
that the SSL implementation is not forward secure
late, but it is in trunk now:
http://sourceforge.net/p/retroshare/code/6738/Enabled PFS for SSL connections, based on a 4096 bits safe prime. This is retro-compatible, meaning that old peers will connect to the new one using PFS if they act as a client (meaning they request the connection)
-------------------------
develop a FB lookalike plugin, though.
The GXS backend for General Cache Exchange is e revised and improved cache system. atm the cache system for Forums and Channels and browseable directorys is really bad implemented.
With the GXS release new features are implemented. rumours say twitter-wall-alike, decentralized Wiki, etc ...
the direction is more socialising stuff, and offers better and other features implemented too.
Think of a decentralized GIT repository... how cool could that be. Really decentralized as much as possible. Push and Pull via "Distant Git". git remote add origin GPG:location or something similar.
Haven't tested GXS yet, but it is openBeta development status. 2 packagers provide Win Portable Nightly builds, 1 is creating Ubuntu Builds, 1 is creating openSuse Builds. Arch & Gentoo should be able to compile it on their own with GXS enabled. atm GXS is implemented but switched off in trunk. You need GXS peers to test the new features.
Any new features are easier to implement with GXS.
------------------------
Firstly it wouldn't import my PGP key for some reason
If your PGP is using DSA/elgamel it is not possible to use them for retroshare. only RSA keys are possible.
RetroShare will bloat your keyring probably. this is why it is using its own keyring.
your mail address in the pgp key will counter the pseudonymity/anonymity
confusing and the GUI to be quite flaky and badly designed
It is confusing because it is new. the whole pure F2F approach is new and confusing. but you will get used to it.
yes it is not the best design. hopefully some QML/QT4 designers jump in and help to improve the Gui.
imho, if software is fancy, the time should have been invested in security instead. we all remember DeCryptoCat.
Then I tried to find a way to add that forum within the UI, but there wasn't one.
You can't add a forum from nothing. You need a friend who is subscribed to this forum and shares it to you.
This is a generic newbie question. heard it hundred times now. it was confusing for mee too when i started using RS.
http://retroshareteam.wordpress.com/2013/01/19/retroshare-forums/ <-- detailed explanation in DevBlog
figured out I needed to add a friend, but I don't have any RetroShare friends
Of course you need a friend to communicate in a Friend2Friend Network. Facebook, ICQ and Skype had the same Issue when they were used the first time of your life. Bootstrapping.
Thats were the Chatserver kicks in.
so I went through another very ugly website to add the Austrian pirate party.
Its not ugly, its called Retro
Its not a bug, its called a feature.
It was designed this style as much as i could. No Java Script, no Third party things, no Content Delivery Network, no analytics/beacon/cookies/widgets/adds, no logging, no piwik, no anything.
Rock solid plain HTML like 1995.
It didn't work. Seemed like network issues, but eventually it managed to get a connection to the DHT - it was just very slow. But even then I couldn't add the forum.
The ChatServer are crippled RetroShare nodes. They offer ONLY Chatrooms like a IRC Server for example.
For some legal reasons they do not forward or exchange any traffic. NO File Sharing. No Forum Sharing. No Channel Sharing.
Compared with a IRC Server, you wouldn't expect from an IRC Server to serve Forums or Files or anything.
For Privacy Reasons the chatserver runs in DarkNet Mode. It has a static IP address, so there is no need for any Discovery or DHT. #OPSec Keep as much private as possible. Disable all features which are not needed.
For more information please read:
http://retroshareteam.wordpress.com/2013/01/06/privacy-on-the-retroshare-network/ &
http://sleeplessbyte.com/blog/2013/07/31/retroshare-network-configurations/It only needed some time to add your RS-Key to the chatserver, and the chatserver key to your RS friendlist. Connect attempt is done every XX seconds.
Small simple picture-rich HowTo:
https://retrochat.piratenpartei.at/w2c/howto.htmlThe ChatServer breaks the whole "serverless" approach. To counter this issue, the ChatServer has only a limited Friendlist. If you add yourself to the Friendlist via
https://retrochat.piratenpartei.at/ you will add yourself at slot #1 and kick out the user of slot #101. FIFO
This forces the users of the ChatServer to bootstrap their friendship network and become independent of the ChatServer till he kicks them out.
Other Users provide for newbies Bots which run 24/7 and add without permissions to only share public chatrooms or forums.
Information about the ChatServer:
https://retrochat.piratenpartei.at/w2c/info.html I'd need to add you anu - but I don't know how because I don't have your certificate.
https://bitcointalk.org/index.php?topic=295930.msg3173564#msg3173564 <-- post #3 in this thread
Then finally I could find and subscribe to the ZeroReserve forums. However they appeared to be empty.
This is related to the cache transfer things. All subsribed Forums of the friendly bot are transferred to you. Every Forum you subscribed is writeable. Every subscribed forum is shared to your friends.
cache system which shares the forums/channels is implemented very bad. all is resent always... new GXS implementation will do that in a more GIT Style. Resend only Deltas.
Synching the cache needs his time the first time.
The Forums are reimplemented with the GXS too. atm they are shown as missing if the data is not synched yet.
but given the ridiculous process required to use
True. Though starting together with a single friend or together with group of friends is a lot more easy. Than starting without any advice or friends to connect.
+++++++++++++++++++++++++++++++++
Related to the bad Gui.
I am in contact with the Team of
http://www.mailpile.is/They maybe want to add RetroShare as a Mail Backend to solve the Problem of the METADATA with PGP encrypted Mails.
Distant Messaging of RetroShare is more scaleable and is totally decentralized. And solves the MetaData Issues of e-Mail because they are forwarded through the RetroShare network like packets of FileSharing.
Pls consider: the ChatServer itself blocks all FileSharing. You need "real" friends with AnonRouting/Turtle enabled to participate.
If you are interrested in Mailpile Frontend for RetroShare, please drop them a line and ask them friendly if they want to put it on their ToDo or Technololgy of Interrest lists.
++++++++++++++++++++++++++++++
I'd do it in Java
@Mike
Pls get in contact with
https://github.com/G10h4ck/RetroShare-Android-Client G10h4ck, he is implementing RetroShare for Android.
Atm he is doing it for RetroShare noGui via the SSH-RPC interface.
He is planning a RetroShare miniCore for Android too (future).
Have a look at the Repos of
https://github.com/RetroShare/ There is the
https://github.com/RetroShare/pyrs Python Retroshare Interface Library
+++++++++++++++++++++++++++++++++
All in all these questions are known "Newbie" Problems. i faced 99% of them too and had similar feelings about RetroShare. Especially the undead WebForum which made me feel the whole project is abandoned and undead dropped years ago. no active userbase. But this isn't true. The RetroShare users do most communication inside. Offline from any webcrawlers or spying or advertising or any organizations.
There are several RetroShare Island-Nets in the world. Without any connection between. Without any knowledge of existence.
I have heard of Closed-Private-RetroShare networks for a defined group of users.
If anyone has detailed or generic questions, please feel free to ask.
Read
http://redd.it/18vsq5 before
it solves most questions.
If someone is interrested to run its own ChatSever to bootstrap RetroShare in his favored community, like a BTCchat or any other topic to bootstrap the UserBase. pls let me know. I would kindly help you to setup the ugly frontend and the retroshare-chatserver backend.
or ask directly in one of the ChatServer rooms:
https://retrochat.piratenpartei.at/ & HowTo
https://retrochat.piratenpartei.at/w2c/howto.htmlThe other chatserver shares the same rooms:
http://retrosharechatserver.no-ip.org/w2c/en/ and is community driven.
You are free to run RetroShare without any connection to other RetroShare-Nets and use it only as DarkNet for your closed circle of friends as a secure communication tool.
br cave
