1
0
Fork 0

New post: The state of darknet access on Android

This commit is contained in:
Lethe Beltane 2022-07-11 10:10:58 -05:00
parent cc68c44c55
commit 79f10b9224
No known key found for this signature in database
GPG Key ID: 21A3DA3DE29CB63C
5 changed files with 247 additions and 27 deletions

View File

@ -0,0 +1,129 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>The state of darknet access on Android - Archive - MayVaneDay Studios</title>
<link href="../../../style.css" rel="stylesheet" type="text/css" media="all">
<meta name="author" content="Vane Vander">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body class="mayvaneday">
<article>
<div class="box">
<h1>The state of darknet access on Android</h1>
<p>published: 2022-07-11</p>
</div>
<hr>
<div class="box">
<p>Although I've been publishing things on the internet since I was about eleven, it took me until I was seventeen to get reliable access to a computer of my own and nineteen to set up my first Tor hidden service, back when v2 addresses were a thing and one had a hope of memorizing the URL to share to others. Meaning, up until then, I was sharecropping on someone else's server: Blogger at first, then WordPress once I realized how evil Google was, then Neocities until I was harrassed off one day.</p>
<p>If I knew back then what I do now, then obviously I would have never put anything on the clearnet to begin with. What creative ideas did I let wither inside me because I had to constantly toe the line of being grounded and electronics confiscated for something innocuous? (So my brothers can openly joke about porn and violence against women and my parents refuse to do anything, but I wrote <em>one</em> poem about my ex-girlfriend that I had when I was fourteen- and while it wasn't very good by my current standards, I certainly wasn't wishing violence against the teenager- and they took all my devices and isolated me from my friends for a week...?) I can only guess how much better at writing I would be today if I hadn't had to constantly bite my tongue.</p>
<p>But Tor hidden services require a server, being that Tor is a client-server model. And while I cannot remember whether or not Orbot had hosting support back in 2014 when I was using it to get past my middle school firewall, I can attest that not only does Orbot have hosting support nowadays, but there are also <em>many more</em> options for publishing content on the "dark web" with nothing more than a phone and a little technical expertise.</p>
<p>For this post, I attempted to do as much as possible with that same device I spent so many hours typing into the WordPress editor on: a Motorola Moto X, Verizon edition, Android codename "ghost". It has not seen system updates in about five years, forever stuck on Android 5.1, and I have neither the bandwidth nor the patience to <a href="https://web.archive.org/web/20220708192015/https://wiki.lineageos.org/devices/ghost/build">attempt to compile an abandoned version of LineageOS</a> just so I can have Android 6.0 instead. For apps that require a more recent version of Android or otherwise crashed on the Moto X, I instead used the phone I had after it, a Samsung Galaxy Note 3 with the latest nightly of LineageOS (meaning some minor point version of Android 11 at the time of writing). For client-server darknets, I used <a href="https://f-droid.org/en/packages/com.example.flutter_http_server/">ServeIt</a>, available on F-Droid, as the backend server; it only supports static hosting from a directory of files, meaning no dynamic applications, but that would have been all I needed back then.</p>
</div>
<hr>
<div class="box">
<h2>Tor</h2>
<p>Once upon a time, there was a "Tor Browser" app named Orweb which was little more than an Android WebView wrapped in a very poorly-made UI. That eventually got abandoned and replaced with Orfox, which was slightly better and also allowed for niceties like bookmarks and tabs. (I am going off my memory from about a decade ago, so don't bother emailing me if I got something wrong.) Nowadays we are a bit more spoiled with an <a href="https://www.torproject.org/download/#android">official Tor Browser</a>. However, it seems to crash a lot, so I prefer to browser Tor hidden services on Android using <a href="https://f-droid.org/en/packages/com.stoutner.privacybrowser.standard/">Privacy Browser</a> instead.</p>
<p><a href="https://github.com/guardianproject/orbot/releases">Orbot</a> is best in class as far as "Tor on Android" goes, and I know of no other (non-proprietary) solution that doesn't come coupled to a browser. In Orbot, you can set up a hidden service by going to the meatball (three dots) menu, pressing "Onion Services", then "Hosted Onion Services". Ensure that "User services" is selected and then press the plus button in the lower-right corner. "Local port" should be the port ServeIt is running on, and "Onion Port" should be 80 as that is the default HTTP port. (You can make it something else, but then you would need to share that as part of the URL.) Long-pressing the service URL once created will show an option to backup the keys or copy the URL to the clipboard.</p>
</div>
<hr>
<div class="box">
<h2>I2P</h2>
<p>There are two I2P apps on F-Droid that I know of and have used. The primary one is slow and buggy and features a built-in browser that is even worse than Orweb was back in the day. Therefore I recommend using <a href="https://f-droid.org/en/packages/org.purplei2p.i2pd/">i2pd</a> instead. Any browser can be the "I2P browser" if set to use localhost port 4444 as HTTP proxy; the aforementioned "Privacy Browser" has a preset in the proxy menu to use I2P without messing with port numbers.</p>
<p>Unlike Orbot, i2pd stores all of its settings and keys in the filesystem instead of in the app settings. (This may or may not be a security risk depending on your threat model.) In your device's home directory will be a folder named "i2pd". Inside is the file <code>tunnels.conf</code>. If your file manager has the option to manually open the file as text, use that and open it in your favorite text editor; otherwise temporarily rename the file to <code>tunnels.txt</code> to edit it.</p>
<p>At the end of the file, add the following:</p>
<pre>
[server]
type = http
host = 127.0.0.1
port = 8888
keys = http.dat
</pre>
<p>Please note that port 8888 in this example is what ServeIt was running on. If yours is on a different port, then change the number in the above config accordingly.</p>
<p>If you renamed the file, change it back to <code>tunnels.conf</code>. Go back to the i2pd app, press on the meatball menu and then "Reload tunnels", then "Open Web Console" and "I2P tunnels" to get the new URL of your eepsite.</p>
</div>
<hr>
<div class="box">
<h2>Yggdrasil</h2>
<p>There is a <a href="https://f-droid.org/en/packages/io.github.chronosx88.yggdrasil/">Yggdrasil</a> app which I have successfully used to navigate Yggdrasil sites before on my main phone, but it continuously crashed on both my Moto X and Note 3. On my main phone (a Samsung Galaxy S9) it was hard to see the full IP address... and the request to ServeIt from a different device also running Yggdrasil on the same network (so autopeering would have occurred) timed out. As Yggdrasil runs on Linux by creating a new virtual network adapter so that it can coexist with an existing network stack (instead of using proxies for access like Tor) and none of my devices are rooted, it does not make sense to attempt to compile and run it in Termux or UserLAnd.</p>
</div>
<hr>
<div class="box">
<h2>Lokinet</h2>
<p>There exists a <a href="https://oxen.rocks/oxen-io/lokinet/">dump of Lokinet binaries</a>, including APKs for Android, run by the developers... but I was immediately greeted with the following message:</p>
<blockquote>Builds from this server may work, may fail, may wipe your hard drive without asking, and are entirely unsupported.</blockquote>
<p>Being that Lokinet has a personal reputation of being clunky and inelegant at best and downright non-functional at usual, I did not go on with high expectations. My hopes were not bolstered by the fact that half of the Android binaries were named "anrdoid". Very classy. Truly the attention to detail I want to see in an anonymity network.</p>
<p>The Lokinet app white-screened and then crashed on the Moto X. It ran on the Note 3 (at least, it said it was running...?) but no pages loaded.</p>
</div>
<hr>
<div class="box">
<h2>Freenet</h2>
<p>There is a version of <a href="https://f-droid.org/en/packages/org.freenetproject.mobile/">Freenet mobile</a> on F-Droid that I've found works wonderfully on my current phone. As it uses the same FProxy interface as the desktop version, everything works the same, from adding bookmarks to managing peered friends to browsing sites. Although the app ran on the Moto X, it hung at "Starting up". It also seemed to make Orbot in the background go berserk, constantly crashing and bringing itself back up again.</p>
<p>As for publishing, jSite, which I use to publish freesites on the desktop, is a no-go unless one wants to spend several hours setting up a Java runtime environment and an X server and a desktop environment in either Termux or AnLinux. While I could probably do this on my current phone with little issue using desktop mode and my wireless mouse and keyboard, for most of the Moto X's useful lifetime (the battery has been shot and nonfunctional for a few years now) I did not have even so much as a Bluetooth keyboard and was stuck to tapping on the screen.</p>
<p>The Freenet devs, however, have provided a simpler method of freesite publishing for those unable to access an X server. Run the following in Termux:</p>
<pre>
termux-setup-storage
pkg install git python3
git clone https://github.com/freenet/pyFreenet
cd pyFreenet
</pre>
<p>To upload a single file. run the following command: <code>python ./fcpupload ~/storage/shared/path/to/file</code></p>
<p>(You can also just use the FProxy interface from a browser.)</p>
<p>To make an updatable freesite:</p>
<pre>
python ~/pyFreenet/freesitemgr add
python ~/pyFreenet/freesitemgr listall
python ~/pyFreenet/freesitemgr update NAME_OF_FREESITE
</pre>
<p>Please note that it may take a great while depending on the CPU speed of your phone, your internet speeds, and the size of the freesite.</p>
</div>
<hr>
<div class="box">
<h2>ZeroNet</h2>
<p>There have been several ZeroNet apps for Android. The most feature-packed is <a href="https://github.com/ZeroNetX/zeronet_mobile/releases">ZeroNetX Mobile</a>, which does not seem to be on F-Droid. Please keep in mind, however, that the latest public build as of writing is from December 2021. It hung on first start on my Moto X, but worked on the Note 3.</p>
<p>After the app downloads all assets, the UI <em>should</em> start in settings. Make sure to enable "Public DataFolder" and "Disable Battery Optimization".</p>
<p>After initialization and first start, go to ZeroHello and then open the left side menu. Wait for all zites to finish updating, then click the meatball menu by "Scribe" and then "Clone". If you're not good at HTML and want an in-browser editor and built-in comment support, you're done and can get to writing. If you want to drop your own HTML files into the zite, open your file manager and go to <code>Android/Data/in.canews.zeronetmobile/files/ZITEHASHHERE</code> and edit/add/delete to your delight. (Just leave <code>content.json</code> alone, as that contains some of your private keys.) Go back to your zite in whatever browser you're using and hit the "Sign &amp; Publish new content" button. It may fail since the zite is new and has no seeders, but that can be fixed by sharing the zite URL with some others who may be interested in your content.</p>
</div>
<hr>
<div class="box">
<h2>IPFS</h2>
<p>The <a href="https://f-droid.org/en/packages/threads.server/">official IPFS client</a> requires Android 9.0 or newer, so it can't run on my Moto X. <a href="https://f-droid.org/en/packages/com.termux/">Termux</a> to compile the CLI binary won't run on the Moto X either since it requires Android 7.0 or newer. I did not attempt to compile it in UserLAnd, and back in 2014 I wouldn't have known how to compile anything anyway. The IPFS app in my experience does not run well on any device and has issues with retrieving data, even from peers on the same network as it. (Plus the QR code scanner makes an annoying beep.)</p>
<p>To compile IPFS in Termux, run the following:</p>
<pre>
pkg install golang build-essential file git
git clone https://github.com/ipfs/go-ipfs/
cd go-ipfs
make build
./ipfs init --profile=lowpower
</pre>
<p>From there, all IPFS commands work as usual, but you must find a way to run the daemon in the background.</p>
</div>
<hr>
<div class="box">
<h2>Hypercore</h2>
<p><a href="https://gitlab.com/gateway-browser/gateway/#building-from-source">Gateway Browser</a>, which attempted to be "Beaker Browser but for Android", was last updated a year ago, and the developer never provided any publically available binaries, testing or not. The repo was so large that I had issues downloading it from my home connection; I had to clone it on my VPS and then move the git tree elsewhere and download the other files through SFTP to reduce it from <em>half a gigabyte</em> to only a few megabytes.</p>
<p>The README's instructions to compile it were absolutely awful and vague. When I finally got <code>npm</code> and Node.js working on my machine, I ran <code>node ci</code> to install the dependencies for the app, and at the end I got:</p>
<blockquote>76 vulnerabilities (2 low, 34 moderate, 24 high, 16 critical)</blockquote>
<p><em>I love unmaintained software!!</em></p>
<p>The build failed. What did you expect from Node.js?</p>
<p>Hypercore, the protocol Beaker Browser started using once they abandoned Dat, apparently provides <a href="https://hypercore-protocol.org/guides/hyp/">its own CLI</a>... unsurprisingly also written in Node.js like so much other "next internet" garbage. This was slightly easier to install, although I don't see how my early-teenage self would have even known how to look for this.</p>
<p><a href="https://f-droid.org/en/packages/tech.ula/">UserLAnd</a> failed every <code>npm</code> command with "Illegal instruction". <a href="https://f-droid.org/en/packages/exa.lnx.a/">AnLinux</a> in a Termux install got as far as running <code>npm install -g @hyperspace/cli</code> before <code>npm</code> crashed at the end with the message "Exit handler never called!"</p>
<p align="center"><img src="../../../img/node.png" alt="I HATE NODE.JS!!!" /></p>
</div>
<hr>
<div class="box">
<p>Hosting on mobile comes with two obvious challenges:</p>
<ol>
<li>When using a client-server model, the phone will likely have less "uptime" as far as the network is concerned than an actual server running somewhere. Not everyone has the benefit of a persistent Internet connection, much less one fast enough to handle more than a light load of traffic, or the battery life to safely have one's device connected to a network and pumping data 24/7. While mobile data can help alleviate network availability, not everyone has an "unlimited" data plan, and even "unlimited" ones often have a set amount of data at high speeds usable every month before the user is kicked to a subpar speed for the rest of that billing month, which may not be fast enough for hosting purposes. These mobile servers would be even more vulnerable to DDoS attacks. Being that phones are used for a hell of a lot more than just hosting and the trend of using chat apps instead of traditional SMS, network congestion and increased battery drain caused by a flood of traffic to one's hidden service could lead to a life-threatening situation.</li>
<li>When using a peer-to-peer model, not all mobile networks are friendly or accomodating towards peer-to-peer traffic. In some networks, whether mobile data or WiFi, said traffic may be filtered or blocked or even illegal in some jurisdictions. With ZeroNet, for instance, a VPN can be used to circumvent any blocks for the purposes of <em>viewing</em> content, but until one gets a substantial amount of peers on their own zite, said zite's availability is restricted by one's ability to get a certain port open on the network, which is often not possible with free VPNs or on mobile networks.</li>
</ol>
<p>Despite these challenges, the state of hosting one's content on darknets via Android is much more stable and accessible than it was several years ago. But many of these darknets still depend on being able to access the wider Internet to reach the servers responsible for controlling the darknet: Tor is heavily centralized in the sense that the network depends on the existence of a few <a href="https://web.archive.org/web/20220708210031/https://consensus-health.torproject.org/">consensus nodes</a>, and the app used in the ZeroNet section of this post depends on Github to retrieve the Python 3 runtime and other dependencies, and Yggdrasil requires at least one public peer configured in order to talk to devices outside of the local network. As much as I dislike the state of ZeroNet's development, it would probably be the most functional in a situation where Internet access is limited and one only has an Android device and needs to share information, followed by Freenet.</p>
<p>As far as creating that information, whether webpages or books or other media? Well, that is a problem for a later post.</p>
</div>
<hr>
<div class="box">
<p align=right>CC BY-NC-SA 4.0 &copy; Vane Vander</p>
</div>
</article>
</body>
</html>

View File

@ -17,6 +17,7 @@
<div class="box"> <div class="box">
<h2>2022</h2> <h2>2022</h2>
<ul> <ul>
<li>July 11 - <a href="./2022/july/android_darknet.html">The state of darknet access on Android</a></li>
<li>July 7 - <a href="./2022/july/web3.html">Broke Dumbass Attempts To Web3</a></li> <li>July 7 - <a href="./2022/july/web3.html">Broke Dumbass Attempts To Web3</a></li>
<li>June 16 - <a href="./2022/june/mistakes.html">I Love Deleting Things, Actually</a></li> <li>June 16 - <a href="./2022/june/mistakes.html">I Love Deleting Things, Actually</a></li>
<li>June 9 - <a href="./2022/june/purity.html">Purity Spiral</a></li> <li>June 9 - <a href="./2022/june/purity.html">Purity Spiral</a></li>

View File

@ -1,5 +1,6 @@
# MayVaneDay ASS (https://tilde.town/~dzwdz/ass/) feed # MayVaneDay ASS (https://tilde.town/~dzwdz/ass/) feed
2022-07-11 http://yggdrasil.mayvaneday.org/blog/2022/july/android_darknet.html The state of darknet access on Android
2022-07-07 http://yggdrasil.mayvaneday.org/blog/2022/july/web3.html Broke Dumbass Attempts To Web3 2022-07-07 http://yggdrasil.mayvaneday.org/blog/2022/july/web3.html Broke Dumbass Attempts To Web3
2022-06-18 http://yggdrasil.mayvaneday.org/poetry/r/reciprocada.txt Reciprocada 2022-06-18 http://yggdrasil.mayvaneday.org/poetry/r/reciprocada.txt Reciprocada
2022-06-16 http://yggdrasilmayvaneday.org/blog/2022/june/mistakes.html I Love Deleting Things, Actually 2022-06-16 http://yggdrasilmayvaneday.org/blog/2022/june/mistakes.html I Love Deleting Things, Actually

143
feed.xml
View File

@ -10,6 +10,122 @@
<email>vanevander@mayvaneday.org</email> <email>vanevander@mayvaneday.org</email>
</author> </author>
<entry>
<title>The state of darknet access on Android</title>
<link href="http://yggdrasil.mayvaneday.org/blog/2022/july/android_darknet.html" />
<id>http://yggdrasil.mayvaneday.org/blog/2022/july/android_darknet.html</id>
<published>2022-07-11</published>
<summary type="html"><![CDATA[<article>
<div class="box">
<p>Although I've been publishing things on the internet since I was about eleven, it took me until I was seventeen to get reliable access to a computer of my own and nineteen to set up my first Tor hidden service, back when v2 addresses were a thing and one had a hope of memorizing the URL to share to others. Meaning, up until then, I was sharecropping on someone else's server: Blogger at first, then WordPress once I realized how evil Google was, then Neocities until I was harrassed off one day.</p>
<p>If I knew back then what I do now, then obviously I would have never put anything on the clearnet to begin with. What creative ideas did I let wither inside me because I had to constantly toe the line of being grounded and electronics confiscated for something innocuous? (So my brothers can openly joke about porn and violence against women and my parents refuse to do anything, but I wrote <em>one</em> poem about my ex-girlfriend that I had when I was fourteen- and while it wasn't very good by my current standards, I certainly wasn't wishing violence against the teenager- and they took all my devices and isolated me from my friends for a week...?) I can only guess how much better at writing I would be today if I hadn't had to constantly bite my tongue.</p>
<p>But Tor hidden services require a server, being that Tor is a client-server model. And while I cannot remember whether or not Orbot had hosting support back in 2014 when I was using it to get past my middle school firewall, I can attest that not only does Orbot have hosting support nowadays, but there are also <em>many more</em> options for publishing content on the "dark web" with nothing more than a phone and a little technical expertise.</p>
<p>For this post, I attempted to do as much as possible with that same device I spent so many hours typing into the WordPress editor on: a Motorola Moto X, Verizon edition, Android codename "ghost". It has not seen system updates in about five years, forever stuck on Android 5.1, and I have neither the bandwidth nor the patience to <a href="https://web.archive.org/web/20220708192015/https://wiki.lineageos.org/devices/ghost/build">attempt to compile an abandoned version of LineageOS</a> just so I can have Android 6.0 instead. For apps that require a more recent version of Android or otherwise crashed on the Moto X, I instead used the phone I had after it, a Samsung Galaxy Note 3 with the latest nightly of LineageOS (meaning some minor point version of Android 11 at the time of writing). For client-server darknets, I used <a href="https://f-droid.org/en/packages/com.example.flutter_http_server/">ServeIt</a>, available on F-Droid, as the backend server; it only supports static hosting from a directory of files, meaning no dynamic applications, but that would have been all I needed back then.</p>
</div>
<hr>
<div class="box">
<h2>Tor</h2>
<p>Once upon a time, there was a "Tor Browser" app named Orweb which was little more than an Android WebView wrapped in a very poorly-made UI. That eventually got abandoned and replaced with Orfox, which was slightly better and also allowed for niceties like bookmarks and tabs. (I am going off my memory from about a decade ago, so don't bother emailing me if I got something wrong.) Nowadays we are a bit more spoiled with an <a href="https://www.torproject.org/download/#android">official Tor Browser</a>. However, it seems to crash a lot, so I prefer to browser Tor hidden services on Android using <a href="https://f-droid.org/en/packages/com.stoutner.privacybrowser.standard/">Privacy Browser</a> instead.</p>
<p><a href="https://github.com/guardianproject/orbot/releases">Orbot</a> is best in class as far as "Tor on Android" goes, and I know of no other (non-proprietary) solution that doesn't come coupled to a browser. In Orbot, you can set up a hidden service by going to the meatball (three dots) menu, pressing "Onion Services", then "Hosted Onion Services". Ensure that "User services" is selected and then press the plus button in the lower-right corner. "Local port" should be the port ServeIt is running on, and "Onion Port" should be 80 as that is the default HTTP port. (You can make it something else, but then you would need to share that as part of the URL.) Long-pressing the service URL once created will show an option to backup the keys or copy the URL to the clipboard.</p>
</div>
<hr>
<div class="box">
<h2>I2P</h2>
<p>There are two I2P apps on F-Droid that I know of and have used. The primary one is slow and buggy and features a built-in browser that is even worse than Orweb was back in the day. Therefore I recommend using <a href="https://f-droid.org/en/packages/org.purplei2p.i2pd/">i2pd</a> instead. Any browser can be the "I2P browser" if set to use localhost port 4444 as HTTP proxy; the aforementioned "Privacy Browser" has a preset in the proxy menu to use I2P without messing with port numbers.</p>
<p>Unlike Orbot, i2pd stores all of its settings and keys in the filesystem instead of in the app settings. (This may or may not be a security risk depending on your threat model.) In your device's home directory will be a folder named "i2pd". Inside is the file <code>tunnels.conf</code>. If your file manager has the option to manually open the file as text, use that and open it in your favorite text editor; otherwise temporarily rename the file to <code>tunnels.txt</code> to edit it.</p>
<p>At the end of the file, add the following:</p>
<pre>
[server]
type = http
host = 127.0.0.1
port = 8888
keys = http.dat
</pre>
<p>Please note that port 8888 in this example is what ServeIt was running on. If yours is on a different port, then change the number in the above config accordingly.</p>
<p>If you renamed the file, change it back to <code>tunnels.conf</code>. Go back to the i2pd app, press on the meatball menu and then "Reload tunnels", then "Open Web Console" and "I2P tunnels" to get the new URL of your eepsite.</p>
</div>
<hr>
<div class="box">
<h2>Yggdrasil</h2>
<p>There is a <a href="https://f-droid.org/en/packages/io.github.chronosx88.yggdrasil/">Yggdrasil</a> app which I have successfully used to navigate Yggdrasil sites before on my main phone, but it continuously crashed on both my Moto X and Note 3. On my main phone (a Samsung Galaxy S9) it was hard to see the full IP address... and the request to ServeIt from a different device also running Yggdrasil on the same network (so autopeering would have occurred) timed out. As Yggdrasil runs on Linux by creating a new virtual network adapter so that it can coexist with an existing network stack (instead of using proxies for access like Tor) and none of my devices are rooted, it does not make sense to attempt to compile and run it in Termux or UserLAnd.</p>
</div>
<hr>
<div class="box">
<h2>Lokinet</h2>
<p>There exists a <a href="https://oxen.rocks/oxen-io/lokinet/">dump of Lokinet binaries</a>, including APKs for Android, run by the developers... but I was immediately greeted with the following message:</p>
<blockquote>Builds from this server may work, may fail, may wipe your hard drive without asking, and are entirely unsupported.</blockquote>
<p>Being that Lokinet has a personal reputation of being clunky and inelegant at best and downright non-functional at usual, I did not go on with high expectations. My hopes were not bolstered by the fact that half of the Android binaries were named "anrdoid". Very classy. Truly the attention to detail I want to see in an anonymity network.</p>
<p>The Lokinet app white-screened and then crashed on the Moto X. It ran on the Note 3 (at least, it said it was running...?) but no pages loaded.</p>
</div>
<hr>
<div class="box">
<h2>Freenet</h2>
<p>There is a version of <a href="https://f-droid.org/en/packages/org.freenetproject.mobile/">Freenet mobile</a> on F-Droid that I've found works wonderfully on my current phone. As it uses the same FProxy interface as the desktop version, everything works the same, from adding bookmarks to managing peered friends to browsing sites. Although the app ran on the Moto X, it hung at "Starting up". It also seemed to make Orbot in the background go berserk, constantly crashing and bringing itself back up again.</p>
<p>As for publishing, jSite, which I use to publish freesites on the desktop, is a no-go unless one wants to spend several hours setting up a Java runtime environment and an X server and a desktop environment in either Termux or AnLinux. While I could probably do this on my current phone with little issue using desktop mode and my wireless mouse and keyboard, for most of the Moto X's useful lifetime (the battery has been shot and nonfunctional for a few years now) I did not have even so much as a Bluetooth keyboard and was stuck to tapping on the screen.</p>
<p>The Freenet devs, however, have provided a simpler method of freesite publishing for those unable to access an X server. Run the following in Termux:</p>
<pre>
termux-setup-storage
pkg install git python3
git clone https://github.com/freenet/pyFreenet
cd pyFreenet
</pre>
<p>To upload a single file. run the following command: <code>python ./fcpupload ~/storage/shared/path/to/file</code></p>
<p>(You can also just use the FProxy interface from a browser.)</p>
<p>To make an updatable freesite:</p>
<pre>
python ~/pyFreenet/freesitemgr add
python ~/pyFreenet/freesitemgr listall
python ~/pyFreenet/freesitemgr update NAME_OF_FREESITE
</pre>
<p>Please note that it may take a great while depending on the CPU speed of your phone, your internet speeds, and the size of the freesite.</p>
</div>
<hr>
<div class="box">
<h2>ZeroNet</h2>
<p>There have been several ZeroNet apps for Android. The most feature-packed is <a href="https://github.com/ZeroNetX/zeronet_mobile/releases">ZeroNetX Mobile</a>, which does not seem to be on F-Droid. Please keep in mind, however, that the latest public build as of writing is from December 2021. It hung on first start on my Moto X, but worked on the Note 3.</p>
<p>After the app downloads all assets, the UI <em>should</em> start in settings. Make sure to enable "Public DataFolder" and "Disable Battery Optimization".</p>
<p>After initialization and first start, go to ZeroHello and then open the left side menu. Wait for all zites to finish updating, then click the meatball menu by "Scribe" and then "Clone". If you're not good at HTML and want an in-browser editor and built-in comment support, you're done and can get to writing. If you want to drop your own HTML files into the zite, open your file manager and go to <code>Android/Data/in.canews.zeronetmobile/files/ZITEHASHHERE</code> and edit/add/delete to your delight. (Just leave <code>content.json</code> alone, as that contains some of your private keys.) Go back to your zite in whatever browser you're using and hit the "Sign &amp; Publish new content" button. It may fail since the zite is new and has no seeders, but that can be fixed by sharing the zite URL with some others who may be interested in your content.</p>
</div>
<hr>
<div class="box">
<h2>IPFS</h2>
<p>The <a href="https://f-droid.org/en/packages/threads.server/">official IPFS client</a> requires Android 9.0 or newer, so it can't run on my Moto X. <a href="https://f-droid.org/en/packages/com.termux/">Termux</a> to compile the CLI binary won't run on the Moto X either since it requires Android 7.0 or newer. I did not attempt to compile it in UserLAnd, and back in 2014 I wouldn't have known how to compile anything anyway. The IPFS app in my experience does not run well on any device and has issues with retrieving data, even from peers on the same network as it. (Plus the QR code scanner makes an annoying beep.)</p>
<p>To compile IPFS in Termux, run the following:</p>
<pre>
pkg install golang build-essential file git
git clone https://github.com/ipfs/go-ipfs/
cd go-ipfs
make build
./ipfs init --profile=lowpower
</pre>
<p>From there, all IPFS commands work as usual, but you must find a way to run the daemon in the background.</p>
</div>
<hr>
<div class="box">
<h2>Hypercore</h2>
<p><a href="https://gitlab.com/gateway-browser/gateway/#building-from-source">Gateway Browser</a>, which attempted to be "Beaker Browser but for Android", was last updated a year ago, and the developer never provided any publically available binaries, testing or not. The repo was so large that I had issues downloading it from my home connection; I had to clone it on my VPS and then move the git tree elsewhere and download the other files through SFTP to reduce it from <em>half a gigabyte</em> to only a few megabytes.</p>
<p>The README's instructions to compile it were absolutely awful and vague. When I finally got <code>npm</code> and Node.js working on my machine, I ran <code>node ci</code> to install the dependencies for the app, and at the end I got:</p>
<blockquote>76 vulnerabilities (2 low, 34 moderate, 24 high, 16 critical)</blockquote>
<p><em>I love unmaintained software!!</em></p>
<p>The build failed. What did you expect from Node.js?</p>
<p>Hypercore, the protocol Beaker Browser started using once they abandoned Dat, apparently provides <a href="https://hypercore-protocol.org/guides/hyp/">its own CLI</a>... unsurprisingly also written in Node.js like so much other "next internet" garbage. This was slightly easier to install, although I don't see how my early-teenage self would have even known how to look for this.</p>
<p><a href="https://f-droid.org/en/packages/tech.ula/">UserLAnd</a> failed every <code>npm</code> command with "Illegal instruction". <a href="https://f-droid.org/en/packages/exa.lnx.a/">AnLinux</a> in a Termux install got as far as running <code>npm install -g @hyperspace/cli</code> before <code>npm</code> crashed at the end with the message "Exit handler never called!"</p>
<p align="center"><img src="http://yggdrasil.mayvaneday.org/img/node.png" alt="I HATE NODE.JS!!!" /></p>
</div>
<hr>
<div class="box">
<p>Hosting on mobile comes with two obvious challenges:</p>
<ol>
<li>When using a client-server model, the phone will likely have less "uptime" as far as the network is concerned than an actual server running somewhere. Not everyone has the benefit of a persistent Internet connection, much less one fast enough to handle more than a light load of traffic, or the battery life to safely have one's device connected to a network and pumping data 24/7. While mobile data can help alleviate network availability, not everyone has an "unlimited" data plan, and even "unlimited" ones often have a set amount of data at high speeds usable every month before the user is kicked to a subpar speed for the rest of that billing month, which may not be fast enough for hosting purposes. These mobile servers would be even more vulnerable to DDoS attacks. Being that phones are used for a hell of a lot more than just hosting and the trend of using chat apps instead of traditional SMS, network congestion and increased battery drain caused by a flood of traffic to one's hidden service could lead to a life-threatening situation.</li>
<li>When using a peer-to-peer model, not all mobile networks are friendly or accomodating towards peer-to-peer traffic. In some networks, whether mobile data or WiFi, said traffic may be filtered or blocked or even illegal in some jurisdictions. With ZeroNet, for instance, a VPN can be used to circumvent any blocks for the purposes of <em>viewing</em> content, but until one gets a substantial amount of peers on their own zite, said zite's availability is restricted by one's ability to get a certain port open on the network, which is often not possible with free VPNs or on mobile networks.</li>
</ol>
<p>Despite these challenges, the state of hosting one's content on darknets via Android is much more stable and accessible than it was several years ago. But many of these darknets still depend on being able to access the wider Internet to reach the servers responsible for controlling the darknet: Tor is heavily centralized in the sense that the network depends on the existence of a few <a href="https://web.archive.org/web/20220708210031/https://consensus-health.torproject.org/">consensus nodes</a>, and the app used in the ZeroNet section of this post depends on Github to retrieve the Python 3 runtime and other dependencies, and Yggdrasil requires at least one public peer configured in order to talk to devices outside of the local network. As much as I dislike the state of ZeroNet's development, it would probably be the most functional in a situation where Internet access is limited and one only has an Android device and needs to share information, followed by Freenet.</p>
<p>As far as creating that information, whether webpages or books or other media? Well, that is a problem for a later post.</p>
</div>
</article>]]>
</summary>
</entry>
<entry> <entry>
<title>Broke Dumbass Attempts To Web3</title> <title>Broke Dumbass Attempts To Web3</title>
<link href="http://yggdrasil.mayvaneday.org/blog/2022/july/web3.html" /> <link href="http://yggdrasil.mayvaneday.org/blog/2022/july/web3.html" />
@ -245,31 +361,4 @@ undeserving.
</summary> </summary>
</entry> </entry>
<entry>
<title>Purity Spiral</title>
<link href="http://yggdrasil.mayvaneday.org/blog/2022/june/purity.html" />
<id>http://yggdrasil.mayvaneday.org/blog/2022/june/purity.html</id>
<published>2022-06-09</published>
<summary type="html"><![CDATA[<article>
<p>It's midway through evening. The sun has set, but there is still plenty of light to see by, both from the half-moon and the fire raging in the brand-new firepit built only a few hours before. I'm sitting in a lawn chair in a half-circle with a few other people. My mother and the neighbor lady from the house behind us are drinking wine from a bottle with a tacky-looking trans flag plastered on it, because Corporate Pride is in full swing and apparently <a href="https://archive.ph/https://www.spectator.com.au/2022/06/when-will-companies-end-their-embarrassing-pride-hypocrisy/">"rainbow-washing"</a> everything is now profitable. My mother offers me a sip, but it burns the whole way down my throat. A three-year-old plucks weeds from my garden and keeps depositing the leaves in one of the pockets of my hoodie, no matter how much I tell her to stop. There is a man in one corner, but he keeps his mouth shut for the most part, mostly only there in case his wife accidentally drinks too much and needs to be helped home.</p>
<p>At one point my mother pulls out her phone and starts scrolling on Facebook. There's another food shelf pickup the next day. A reminder of her son's friend's upcoming graduation party. A "Facebook memory" with long-forgotten baby photos. Local offers and requests for help from the "local boomer containment group", as we like to call it.</p>
<p>I sit in my chair as the three-year-old girl slips a rock into my pocket full of leaves and think to myself how much more pleasant it is being outside with only women (well, except for the male who remains silent) than downstairs where one of my brothers screams obscenities into a Roblox roleplay channel on Discord.</p>
<p>I think to myself, do channers and Neocities sharecroppers and fediverse users think about moments like this when they wholesale declare Facebook and other mainstream social media sites as pure unredeemable trash? Do they consider the much-needed contact with extended family members? The struggling communities trying to support each other? The friendships attempting to prevent unraveling from physical distance? The human connections, exploited by advertisers as they are, there because <strong>they know no platform better</strong>?</p>
<p>I think to myself and wonder, how much of alt-tech's hatred of Facebook is genuinely because of the datamining and algorithmic manipulation, and how much is just hatred, misogyny in its purest sense, of the stereotype of the suburban winemom "Karen" just trying to go about her day?</p>
<p>One of the funny effects of having stared death in the face multiple times with the full acknowledgement of another meeting imminent within the year is that a lot of the things I prioritized are no longer so. It is true, as an oft-mocked article declares, that <a href="https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/2021/04/06/opinion/covid-personality-change.html">"you can be a different person after the pandemic"</a>. I still hate proprietary software and corporate surveillance, but now I find my conscience insists I weigh the pull of the <a href="http://yggdrasil.mayvaneday.org/blog/2020/august/endgame.html">purity spiral</a> against the value I put on the people I love and cherish in my real life. It insists that I weigh my insistence on only using open-source software against the inevitable isolation engendered by the fact that nobody I know away from the keyboard holds the same beliefs as me, by the fact that they refuse to learn and I simply don't have the time to convince them and also move enough of them to a personally-vetted platform that the network effect overcomes any inertia at learning something new.</p>
<p>Just because a social media site is built to be "ethical" does not necessarily mean that the end experience will be so. Take the fediverse, for example. Open-source software, self-hostable, ability to export data and (to a limited extent) take it elsewhere in case of a problem with the admin, no algorithms... But back on my final Pleroma instance before I decided to call it quits forever, I was constantly being bombarded with unsolicited messages from accounts on "manosphere" instances that I had had no prior contact with and certainly hadn't explicitly solicited attention from. I could have put the instance in whitelist mode, which I ended up doing in its final weeks, so that I could only accept posts from instances I explicitly authorized to send stuff to me... but then I didn't get 90% of the content my friends were "re-tooting", and then anyone who would want to interact with me couldn't use their own server and would be forced to use one of the ones I had already whitelisted. And if I posted something before the whitelist went up and then needed to delete it? On a centralized social media platform, I could delete said post and then be sure, save for screenshots and off-site archives, the post would be gone forever. But in the fediverse, outside of my own server, I have no assurance that others are using the same code I am. They could have modified theirs to not accept post delete requests or user blocks or even have a bot loudly announce whenever either of those requests came in.</p>
<p>"Hey, friend! Come to Pleroma! It's like Twitter but without the celebrities! Or anyone else you know...! Yeah, just... just ignore the literal white supremacists... and the hentai spammers... and that dude who just told you to kill yourself for being a female on the internet..."</p>
<p>Another example is a site a person I know hand-crafted after having been banned from what seemed to him like every social media site under the sun. (I will not name names because I do not want to give any parties involved the benefit of free advertisement.) Specially coded at my request (as I was one of the first users) to be JavaScript-free and compatible with text-based browsers. But being that there was no block function, there was nothing to stop some moid from jumping on a post I made venting about the recent loss of free speech for abused women and said moid immediately launching into rape apologism and claims that my homosexuality is just a "belief" instead of a biological reality for me and denial of sex-based oppression in the first place. I thought I did a good job defending myself, but then the admin got angry at me for not coddling some internet stranger's feelings, so I left and never went back. (A shame. I usually have a lot of respect for the admin... I guess I just had too much faith.) If the rape apologist or the admin did any dick helicoptering after I insisted that I had done nothing wrong and I wouldn't apologize, I didn't see it, and I won't ever as I have no intention of going back.</p>
<p>"Hey, friend! Come to [insert free speech forum of the week]! It's like Reddit but without the ridiculous Automod! Or a block function... or self-moderation tools... or a simple content filter! Yeah, just ignore the dude spamming racial slurs at every opportunity... and the unmitigated deluge of porn..."</p>
<p>I text a friend to vent. She won't use Matrix or some other encrypted messaging app, but I refuse to use Discord, and so SMS is the compromise we make, if only "less <a href="http://yggdrasil.mayvaneday.org/blog/2021/september/not-harmful.html">harmful</a>" but still so. My mother well knows my displeasure at having my facial data harvested by "Fuckerberg", but she insists on having both family photos with me in it and photos to post on Facebook, so she takes multiple, both with and without me in it. Another friend in my life has myriad voice assistance scattered throughout her house, but she knows that I don't feel comfortable being listened to 24/7 by a corporation, so when we meet we do it somewhere outside well outside of the devices' listening range.</p>
<p><strong>The purity spiral demands that I cut ties with anyone who won't 100% kowtow to its rigid definition of an ethical way to use technology.</strong> Terminal-based exclusively in a TTY without ever touching an X server, but also somehow one-to-one replicable on Tails, but also somehow as operating-system-agnostic as possible in case corporate fuckery ruins the Linux kernel and I need to abandon ship to a BSD or Haiku or, Goddess forbid, <em>Windows</em>, but <em>also</em> entirely encrypted in case my brothers or parents decide to seize some of my devices and go trawling for data embarrassing or incriminating, but <em>also</em> on a battery-powered device that can be charged with one of the solar panels in my bedroom window to minimize my carbon footprint...</p>
<p>But also <em>still</em> somehow able to handle the occasional bill-paying and work-search-related email and interaction with the friends and family that live at least an hour away.</p>
<p>It's paralyzing. I take one step in a direction and necessity forces me to take two steps in another. My straight line from "bloat" to "perfect ideal computing environment" instead looks like a seismic counter and a spirograph had a drunken baby. Uncentered, unfocused. I'm trying to stretch myself in five different directions at once to accommodate everyone and everything while assuaging my own guilt at being alive in a system that abhors me and wants me subjugated or dead.</p>
<p><em>Why am I so guilty?</em> I wonder. <em>Why do I have to self-flagellate computing-wise while everyone else gets to have fun and never worry at all?</em></p>
<p>I look at the normies in my life. Perfectly happy in Apple's walled garden, scrolling away while Facebook feeds them a slurry of corporate-sponsored sludge, blissfully unaware of the algorithms at work to influence their emotions in whichever way makes GAFAM the most money. Blissfully unaware how their devices work, lacking desire to learn, to eat from the Tree of Knowledge. I'm a Lilith halfway out of a Garden with billions of Adams and Eves all in serene unknowing, the shrieking of a god in my ears incensed that I Know Too Much, indecisive, trying to decide how much to take with me to try to build my own oasis elsewhere and if tolerating the god berating me is worth visiting every now and then to see those I still cherish. I call upon the daemons Nitter and Bibliogram and Invidious and their friends to help, but the people I love are still <em>inside</em> and I am still <em>outside</em> and nothing the daemons can do can make the connection two-way. Even though I'd much rather kill the god outright and set everyone free, they would just wander right back into the corral and construct another god to oppress them.</p>
<p>You can't save everyone, after all. You can only love them...</p>
</article>]]>
</summary>
</entry>
</feed> </feed>

BIN
img/node.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 150 KiB