WASTE
WASTE is a peer-to-peer and friend-to-friend protocol and software application developed by Justin Frankel at Nullsoft in 2003 that features instant messaging, chat rooms, and file browsing/sharing capabilities. The name WASTE is a reference to Thomas Pynchon's novel The Crying of Lot 49. In the novel, W.A.S.T.E. is an underground postal service.
In 2003, less than 24 hours after its release, WASTE was removed from distribution by AOL, Nullsoft's parent company. The original page was replaced with a statement claiming that the posting of the software was unauthorized and that no lawful rights to it were held by anyone who had downloaded it, in spite of the original claim that the software was released under the terms of the GNU General Public License.
Several developers have modified and upgraded the WASTE client and protocol. The SourceForge edition is considered by many to be the official development branch, but there are several forks.
Description
WASTE is a decentralized chat, instant messaging and file sharing program and protocol. It behaves similarly to a virtual private network by connecting to a group of trusted computers, as determined by the users. This kind of network is commonly referred to as a darknet. It uses strong encryption to ensure that third parties cannot decipher the messages being transferred. The same encryption is used to transmit and receive instant messages, chat, and files, maintain the connection, and browse and search.WASTE networks
WASTE networks are decentralized, meaning there is no central hub or server that everyone connects to. Peers must connect to each other individually. Normally, this is accomplished by having individuals sharing their RSA public keys, ensuring that their computers are accessible via the appropriate ports, and entering the IP address and port of someone on the network to connect to.Once connected to the network, public keys are automatically exchanged amongst members, and nodes will then attempt to connect to each other, strengthening the network, as well as increasing the number of possible routes from any given point to any other point, decreasing latency and bandwidth required for communication and file transfer.
Since WASTE connects small, private groups rather than large, public ones, the network search feature is one of the fastest of all the decentralized P2P applications. Its instant messaging and file sharing capabilities are much closer to those of AOL Instant Messenger than more typical file sharing programs. Members of the network can create private and public chat rooms, instant message each other, browse each other's files, and trade files, including the pushing or active sending of files by hosts, as well as the more common downloading by users. Simple drag-and-drop to chat boxes will send files to their intended destinations.
The suggested size for a WASTE network is 10-50 nodes, though it has been suggested that the size of the network is less critical than the ratio of nodes willing to route traffic to those that are not. With original Nullsoft-client groups now exceeding ten years of age, it's not uncommon for stable meshes to host multiple terabytes of secure content.
By default, WASTE listens to incoming connections on port 1337. This was probably chosen because of 1337's leet connotations.
Since there is no central hub, WASTE networks typically employ a password or passphrase, also called a network name to prevent collision. That is, a member from one network connecting to a member of another network, thus bridging the two networks. By assigning a unique identifier to your network, the risk of collisions can be reduced, particularly with the original clients.
Nullnets
Nullnets are networks without a passphrase. It is impossible to know how many nullnets exist, but there is one primary nullnet. The best way to access the nullnet is to post your credentials to the WASTE Key Exchange. The nullnet can easily merge with other nullnets because there is no passphrase, which makes it a great place for public discussion and file sharing.Strengths
- Secured through the trade of RSA public keys, allowing for safe and secure communication and data transfer with trusted hosts.
- The distributed nature means that the network isn't dependent on anyone setting up a server to act as a hub. Contrast this with other P2P and chat protocols that require you to connect to a server. This means there is no single point of vulnerability for the network.
- Similarly, there is no single group leader; everyone on the network is equal in what they can or cannot do, including inviting other members into the group, nor can any member kick another from the group, exclude them from public chats, etc.
- WASTE can obfuscate its protocol, making it difficult to detect that WASTE is being used.
- WASTE has a Saturate feature which adds random traffic, making traffic analysis more difficult.
- The nodes automatically determine the lowest latency route for traffic and, in doing so, load balance. This also improves privacy, because packets often take different routes.
Shortcomings
- Trading public keys, enabling port forwarding on your firewall, and connecting to each other can be a difficult and/or tedious process, especially for those who aren't very technically proficient.
- Due to the network's distributed nature, it is impossible to kick someone from the network once they've gained access. Since every member of the network will have that member's public key, all that member needs to do to regain access is to connect to another member. Coordinating the change of the network name is exceedingly difficult, so the best course of action is to create another network and migrate everyone over to the new network. This could, of course, also be seen as a strength.
- Since there is no central server, once someone disconnects from the network, they must know at least one network IP address to reconnect. It is possible that the network will drift from all the IP addresses used before so that none are known, and it becomes necessary to contact a network member and ask for address information to be able to reconnect. Indeed, it is possible that a network could unknowingly split into two this way. It takes at least some coordination to keep a WASTE network intact; this can be as simple as one or more volunteers with a static IP address or a fixed dynamic DNS address keeping their node up to allow people to reconnect to the network.
- While encryption is performed using the Blowfish algorithm, which is thought to be strong, the PCBC mode used has several known security flaws.
- Nicknames are not registered, which allows eavesdropping and spoofing. WASTE version 1.6 reduces the chances of eavesdropping by using public keys for communication, but as network members may choose any nickname a user must know and recognize the hash of the person they wish to communicate with to be sure of their identity.
- To connect from behind a firewall, one party must have the proper port forwarded to their computer; as WASTE networks do not depend on a central server there is no way around this. However, as long as one node accepts incoming connections it can act as a server, connecting nodes that cannot themselves accept incoming connections. Indeed, the long-term stability of a WASTE network depends on these hubs.
Versions
WASTE 1.7.4 for Windows was released on 24 December 2008, and was current. This is a new branch on SourceForge created because of inactivity on the main WASTE development branch. This is the most fully featured version to date.
A cross-platform beta version of WASTE called Waste 1.5 beta 4 a.k.a. wxWaste, using the WxWidgets toolkit is available.
VIA Technologies released a fork of WASTE under the name PadlockSL, but removed the product's website after a few weeks. The user interface was written in Qt and the client was available for GNU/Linux and Windows.