Security Information

Ok, so, I don't want to release this beast into the wild until I can mitigate and/or rationalize the security risks that may come along with it. The most important aspect of that is to make sure that users understand a little bit about how the system works and what the issues are. So I'll take the time to explain how security works on belnet and what you have to be careful about in two different cases:

1. You browse the network and download files.
• This is pretty much like anywhere else on the internet. Don't open programs you don't trust, and virus scan them first if you really must. The basic safety rules apply here but you don't really have anything extra to worry about. 
2.  You want to run your own node.
• This is the fun part, where you actually have to learn a little bit about computer security. There are three main concepts here. I'll give you the bad news first in 1, which requires your attention, followed by the good in 2 and 3, which should be re-assuring.
1.  belnet is an open, distributed network. That means that any person on the network can change what that their node serves. Therefore this site is the only fully trusted source of information about belnet. If you read a scary warning or plea to install something on a node, please report it to belnetstatus@gmail.com immediately; all legitimate news and updates will be posted/verified through this site. Also, when you download a distribution from another node, it could have been tampered with. In order to ensure that the distribution is legit, you MUST verify its digital fingerprint or "hash" with one of the hashes listed on this site.
•  Google "how to md5 file on _____" <--- your operating system here
•  Follow the instructions given, and apply the process to your belnet_distro.zip file.
•  Make sure that the result you get is listed somewhere on this page. 
2. belnet is based on Apache Server and MySQL. These are industry standard technologies which have been battle-tested against legions of hackers and barely ever fail these days. While it is true that by hosting a node, you are allowing users to upload files to your computer, they can only upload files to your shared folder, and they cannot cause anything to run on your computer. So, they can upload a virus to your computer, but the virus would either be defended by Apache's bomb-proof security, or it would lie lifeless on your hard drive until you open it. So, the age-old rule still holds: you should be safe if you don't get tricked or run sketchy programs.
3. belnet can be considered a darknet. That means that it is not visible or accessible from the greater internet. So, no matter how much lobbying / spying the movie and music industry fat cats do, they won't find you here. Same with the U.S. government. So belnet is a place where you can post copyrighted or sensitive information without worrying about legal threats. All traffic between nodes is encrypted, and access to nodes is password protected, so from the college's perspective, all they see is encrypted data being interchanged, nothing more. So, assuming that the web of trust (people who know the password) stays intact, the network is truly secure.