1. What is Herbivore?
A peer-to-peer, self-organizing anonymous communication system that is resilient to subversion. Herbivore conceals the identity of communicating parties, ensuring that eavesdroppers with unlimited wiretapping abilities cannot determine the source or destination of a message.

2. What can I do with Herbivore?
Anonymously share files and instant message with everyone else on the network. Herbivore protects the identities of both people who distribute and those who retrieve information.

3. Why would anyone want to be anonymous?
Anonymity and privacy guarantees are critical for many real-world applications. Whether casting a ballot in a voting booth or getting tested for certain medical conditions, people expect that the transaction itself will not reveal their identity. Many other applications require privacy, where participants release their identity to parties of their choice, but need to cloak it from unauthorized interceptors. For instance, whistle blowers, witnesses, patients, press sources, attorneys and clients, among many others, call for private communication channels.

4. How much privacy do I currently have on the Internet?
Very little. Every time you go online, you reveal the network address of the computer you are using. Internet service providers can then map these network addresses to physical locations, for example your house, a library, etc.

5. What are the goals of Herbivore?

• Strong Anonymity: The system should provide computationally insurmountable mechanisms to guard the identities of participants. Herbivore ensures that even an adversary that listens to all communication on the network cannot determine the sender or recipient of a message.
• High Scalability: The communication protocol should achieve performance that does not degrade significantly as more participants join the network. Herbivore self-organizes to efficiently build large anonymous communication networks.
• Robustness: The protocol should be resilient to manipulation and shutdown. The system does not require central servers or trusted agents. Herbivore makes it difficult for attackers to shutdown the network or to launch attacks targeted at specific nodes.

6. Why is it called Herbivore?
In 2000, to aid criminal investigations, the FBI began using Carnivore to monitor electronic communications on the Internet. The name Herbivore is a gentle reminder that there is a fine line between law enforcement and harassment.

7. How is Herbivore different from other anonymous communication schemes, like Freenet and Gnutella?
Currently, all other anonymous communication systems that have been implemented on a large scale are based on source-rewriting. Messages are routed through several intermediary nodes who forward the message, masking the identity of the original sender. In practice this method provides a reasonable level of anonymity. However, diligent observers that monitor traffic within and around the anonymizing network can use statistical traffic analysis to compromise identities. Herbivore is resilient to this kind of attack: Eavesdroppers with unlimited wiretapping abilities cannot determine the source or destination of a message sent in Herbivore.

8. What are DC-Nets and how are they related to Herbivore?
Originally proposed by David Chaum in 1988, DC-Nets elegantly facilitate anonymous communication, and represent a fundamental building block of Herbivore.

9. How did Herbivore get started?
In late 2001, Emin Gün Sirer, Mark Robson and Milo Polte proposed CliqueNet, an anonymous communication system that partitions the global network into local anonymizing DC-Nets. The following summer, based on the divide-and-conquer approach advocated in CliqueNet, Sharad Goel began developing Herbivore. Coincidentally, all four researchers were at Cornell University and started collaborating on Herbivore later that year.

10. Are anonymous communication systems ethical?
As with many technologies, there is the possibility of misuse. By providing a medium through which individuals can express their ideas without fear of persecution, we hope that anonymous communication systems will in the end have a positive impact.

11. What do people at large think about anonymous communication systems ?
New Jersey considered passing a bill that would make anonymous communication illegal by forcing all forum participants to register their full name and address. The resulting reaction was fierce. It didn't help that Founding Fathers had used anonymous letters in newspapers to build their base.