New Wave Of File-Sharing Embraces Secrecy 500
twin-cam writes "There's an article over at The Inquirer that software developers are designing secret file sharing networks that will make it harder for the music and file industry to prove cases of piracy.
According to Reuters, three file sharing networks are being planned which its users think will make it a lot harder for
music industry to track and charge people on their networks. The first is Optisoft which runs on Blubster and Piolet, music-only file-sharing networks. Only a matter of time before the RIAA requests a data dump from the ISPs or just sues everyone using their network."
Good. (Score:5, Interesting)
It's pretty easy to design a network that will at least frustrate attempts to recover identities of sharers. Now if only freenet would stop sucking.
Data dump? (Score:5, Interesting)
DMCA to the rescue! Yes, that's right.... (Score:5, Interesting)
Protect your network communications under provisions of the DMCA. Obviously if the DMCA knows what you're trading then THEY are violating the DMCA because the only way they would know is if they somehow got on and broke encryption.
Someone more technically more adept should be able to figure out how to pull this off but there HAS to be a way to establish a peer to peer network (which is still legal) and protect it via the DMCA.
WASTE (Score:5, Interesting)
More new music is freely downloadable than cd-only (Score:5, Interesting)
I don't know how long the original mp3.com was around, but it was probably less than 5 years, and it probably put up mp3's at a faster rate near the end than near the beginning. But even at a uniform rate over the whole 5 years, it sounds like one web site was distributing more songs per year all by itself, than the entire CD industry released put together (1.7 million songs / 5 years = 340,000 songs/year). Add to that the number of musicians who distribute their stuff through their own sites, and it's clear there's a heck of a lot more music being released as gratis downloads than as proprietary CD's.
Some people blame diminishing CD sales on unauthorized CD copying; others blame it on technological obsolescence (people buy DVD's instead of CD's now); still others say it's because poor artistic decisions by record labels result in releasing uninteresting music that people don't want to buy. I haven't yet seen a connection made with authorized, freely downloadable music, that people can listen to instead of buying proprietary CD's, just like they can run GNU/Linux instead of buying Windows, Apache instead of IIS, etc. Sure, a lot of mp3.com downloads are crap, but lots of commercial CD's are crap too.
Anyway, it seems to me that most of the music even on these "secret" all-music p2p networks is likely to be freely downloadable.
(Note: this post mostly rehashes an earlier comment of mine from that other thread, but the statistic is interesting enough that I felt it was worth posting again).
Social Networks (Score:5, Interesting)
Hell, the new p2p app ... (Score:5, Interesting)
openswan and an IP address somewhere is all thats needed to 'bury a filesharing service'. It doesn't even have to be p2p
Its interesting that its come to this. Whats next - routers which won't route unless they know the protocols being encapsulated in the tund'd packets they're peer-transferring for? Sheesh, as if that will ever happen
(If anyone knows of some good VPN's, please share! heh heh...)
Re:Hell, the new p2p app ... (Score:2, Interesting)
An Easy Solution (Score:5, Interesting)
I proposed this solution about 4 years ago to one of the gnome-vfs guys at a Helixcode party in San Francisco "back in the day".
Basically you have a section of your local storage that is specifically set aside for this purpose, say a 5gb slice of your partition. This storage area is strongly encrypted with hashes that only you know (Blowfish, AES, whatever), via your own passphrase or private key.
When you send a file "to the network", that file is split into blocks, and encrypted with your public key, and those blocks are dispersed to everyone else on the network, in that encrypted fashion, and the "map" to reassemble them is dispersed likewise.
Every node with block #1, has a map which tells them how to get block #2, but not block #3. System with block #2 (which knows that block as block #1 to itself), knows how to get block #3, and so on. Sort of like the "Triad" mob system in Japan.
Your system requests a file, which is dispersed as a series of encrypted blocks, across hundreds, thousands, millions of other systems, and those blocks are reassembled, using those systems to find "The Next Block", and send it to you. You could also arrange it so that each "node" could know about the next 5 or 10 or 20 blocks, etc.
It is sort of a mesh between PKI + BitTorrent (which didn't exist when I came up with the idea), and the methodologies of common peer-to-peer networks.
You could further strenghthen the network by only accepting blocks from nodes you "trust" (via your own public keyring). Facilities to "swap blocks" across systems on a regular (or irregular) schedule, to keep the network "self-healing" would also be a good idea.. or keeping duplicate blocks in different parts of the "storage slice" for redundancy, etc. Storage is cheap.
In the end, this means that nobody can be accused of having "the full file", nor can anyone figure out what is in those encrypted blocks. Even if they had 1 block, there is no way to get all of them, or to accuse someone of distributing the material, since it would be moved around at irregular intervals.
What do you think?
Suggestion for anonymous sharing... (Score:5, Interesting)
All you have to do is allow the source of a file transfer it to the client without the client knowing the source's IP address. To do this, you simply have the server sending files with UDP and a spoofed source IP address. Since few networks have any egress filtering, this should not pose a problem.
Now, the client has to be able to tell the server to send packets faster/slower, and which packets didn't get through. Well, first you must have a huge window size (TCP term, but applicable) so that the server will send a massive ammount of packets before the client has to send back any responses...
When the client does eventually have to send a few packets to the server, it does so by broadcasting them to all-nodes (just as searches are handled). So, everybody gets them, and everybody but the server involved can just ignore them.
I left out some details, like all servers generating a random 32bit Unique ID every hour or so, and sending it instead of their IP address with search results.
Now, that's only the anti-RIAA anonymity. It'll make things 99% more anonymous, but any foe with the ability to monitor the network will be able to see what is happening. To combat that, you could just have search queries include the client's public key. The results can include the server's public key (encrypted with the client's public key) in addition to the search results... That would keep you completely anonymous, even from resourceful snoopers that can eavesdrop on your own network.
The best thing about this is the speed compared to other anonymous networks. No longer would it take an hour to download a small MP3, because you don't need any intermediary nodes (except for small-message-passing), direct from source to destination, at full-speed.
Re:A Bad Thing (Score:2, Interesting)
These guys just f**k up the internet for the rest of us.
What will happen is that the entertainment industry will leverage its weight to justify the broadcast flag and banning of "unauthorised" encryption for this reason, effectively painting any "encryption user" as being suspicious and illegitimate, and exerting greater control and oversight over legitimate users - leading to all sorts of privacy and data protection issues.
Isn't it about time that we all stopped stealing content from poor business models and started supporting content from newer business models?
Support the creation of a new and better world, not the plundering of an old and broken one.
They effectively already did this - in Canada (Score:3, Interesting)
I don't blame lawyers per say, but I do think that if political parties take coporate cash (Liberals in this case) you can expect that they are going to return the favor to their benefactors.
Re:Good. (Score:3, Interesting)
Sorry, I can't let this slide - its nowhere near the equivalent of asking for one segment of an orange. Its more like asking for the one or two segments that aren't rotten or sour to the taste. And yes, if I want it without peel, then that is what I will pay for.
Because in a capitalistic society, demand drives production, not the other way around. The only situation where this is not true is where a monopoly controls the market, a situation which is -rightly- illegal. How it perserveres in the States is a testament to the rules by which financial aid can be supplied to political candidates, and the overwhelming control of the media by the suppliers.
Ah the whole point is moot anyway, the RIAA and their ilk are going head to head with human nature... If I can get it for free, I will not pay for it. Not neccessarily my personal perspective, but really the only logical choice for most people.
Corporations outsource workers to save money. The average person saves money by not buying songs. The right, wrong, and long term consequences of these decisions matters not a whit to the decision makers.
Re:Good. (Score:1, Interesting)
Wrong direction for p2p (Score:3, Interesting)
By this I mean, if your looking for a old Micky Mouse (copyright symbol) cartoon, you go into the Disney (copyright symbol) 'channel', search through their offereings and download what you want... except since you are 100% positive what your downloading is what it says it is... you are willing to pay a small fee (how about $1 dollar a download, size independent... or some sort of subscription service... I pay Disney Inc. directly to be able to download their verified and authenticated content).
This would elminate 'piracy' on the 'overground' network because why would you need to go 'underground' if you allready have access to all the content you wanted through a minimal monthly (or per download) basis (instead of cable telvision... we pay the content creators directly for their shows). This will greatly help artists... because they will be able to market and sell directly to the 'listener' (or viewer)... and bypass the recording industries web of middlemen.
Now ofcourse the underground will still exists, but there will be no point going there... unless your looking for illegal (not pirated) content like child porn (and other nasty stuff). The bandwith costs of being a content producer are augmented through some sort of bittorrent like swarm download... where you are downloading parts of your content from other people who have also downloaded it. This will open up a whole new way to access media, eg. what if instead of going to the shitty theater (and paying a shitty price for shitty sugar water and burnt corn) you can wait until the release day... download a HD stream of that movie directly to your home theater. And since you have 24/7 access to all the content you want (and the downloads are fast because everyone has broadband or better (idlealy fiber)) there is no point of 'hordeing' all the content on your 400gig drive.
Computers slim back down in terms of hardware, and start to act more like what they should act like (for a typical consumer) vcrs. You turn on your fluxbox (I would like to call the system the 'flux') and on your screen is a list of stuff to watch, read, or listen to... and all you pay is a minimal monthly fee... (less than $50, and or pay per download)
Re:So the RIAA will just go ahead and sue everyone (Score:2, Interesting)
A P2P moderation system? (Score:5, Interesting)
So anyone looking into stopping sharing of illegal material can't launch lawsuits anymore because they don't know the identities of the users. Fine, but they (or anyone malicious enough) can still flood the network with garbage and create so much noise that it will drive people away.
So how about a P2P moderation system similar to the
Just a though, slightly off-topic.
Monopoly? Not. (Score:5, Interesting)
People toss the term "monopoly" around quite inaccurately, I think. I mean, of course record companies have a "virtual monopoly" on making records. But canned air makers have a "virtual monopoly" on canned air. Super glue makers have a "virtual monopoly" on super glue. So what?
Indie musicians release their music outside the traditional channels, and if you would like to make your own canned air, if you have the resources, no one is stopping you. But, if you want a piece of music (product) managed, owned, controlled by some major label, you have to give them what they want for it. It's their product; they manage it, own or manage the rights to it. They don't have to give it to you at all, if they don't want to.
If you buy a car off the lot, you don't tell the dealership what they are going to sell it to you for, they tell you. And, if you buy that car and start producing exact copies in your garage and distributing these copies, my guess is you will get a visit from a lawyer.
Re:Good. (Score:2, Interesting)
Repeat after me:
monopolies are NOT illegal
monopolies are NOT illegal
monopolies are NOT illegal
Look around you: how many companies do you want putting sewer pipes into your house? Or gas lines? Or providing police or justice systems? Or running phone lines to your house? Should we abolish all copyrights & patents? Ask Pfizer to continue to spend 8 BILLION dollars a year on R&D knowing that their discoveries will be immediately copied by others?
The
Monopolies are not always and everywhere bad. The power to set prices is not always and everywhere bad. The monopoly power granted patent and copyright holders exists to incentivize continued creation. Are there abuses? Sure. Do some/many of the items that can be patented/copyrighted seem dubious? I think so. But that doesn't call for the abolition of copyrights & patents, it calls for the reform of the system.
Monopolies are bad where a firm creates barriers to entry and then exploits those barriers to artificially support the price and reduce consumption. In the case of music, those barriers exist to incentivize continued production.
The natural
If any of you
Re:A few issues... (Score:3, Interesting)
Forget Freenet. Both Kazaa and Gnutella work on this priciple, and they are going strong. Bittorrent just isn't a system that can be applied to real file-sharing networks.
Not as trivial as you think. You are connected to 4 nodes, and the 4 servers you are connected to are connected to 4 nodes, and they are in-turn connected to 4 nodes, etc.
So, you might be able to narrow it down to 1/4, but what good would it do you to know that? That's still just the address of a node that might be directly or indirectly connected to the server. You can't get that node to tell you what nodes are connected to it, and if you could, you couldn't get that node to only broadcast your packets to one of the connected nodes at a time, in sequence.
Re:An Easy Solution (Score:1, Interesting)
Unless of course there is some way to mark "useless" files.
Add "Good" and "Garbage" buttons to the download windows. The results of pressing this button is stored with the metadata for the file, and is visible when someone is looking for files. Once someone downloads the whole file they can press the good/garbage button as needed to add thier rating to the file.
As the network nears 100% capacity the files with the lowest good/garbage ratios are deleted to make room for incoming material.
Of course the RIAA/MPAA and such could create fake downloaders to raise the good/garbage ratio of their spoofed files and lower it for the real files.
Hmm both are closed source? (Score:4, Interesting)
Neither facts instill confidence in them, that there isn't anything evil hidden away ( anyone remember earthstation 5? ), or its actually anonymous and hard to break its encryption.
Not ranting about 'everything needs to be open', but with stuff like this, it is important to know what you are dealing with. Before the man comes knocking on the door ( or you start broadcasting spam like crazy )
Re:Good. (Score:3, Interesting)
No, it's not that easy. The only way to do it is to forward the data via some intermediate node(s). That's what Freenet does, and it's really hard to make that work right. It makes data transmission tend to be really slow, which is one of the reasons Freenet sucks. I have yet to see a large scale network which forwards data like this that doesn't suck.
Plus, it may not even work legally. If I can request data from node X and it gives it to me, the fact that it forwarded the request to node Y and then forwarded the reply data back to me may not matter. X may still be liable. The legal doctrines of contributory and/or vicarious infringement can make servers liable even when they don't directly provide the data (and in fact you could even argue in this case that they are direct infringers).
People talk about 'common carriers' and such but this is not legally precise. Ironically the best defense may come from the much maligned DMCA, not the part that criminalizes decryption, but the other part, that provides 'safe harbor' loopholes for ISPs so they can't be found liable when their subscribers infringe. It's possible that Freenet-type node operators could find protection there. But it's written very specifically to protect ISPs. Napster (the old Napster) tried to take harbor there but was not successful.
So it is very questionable whether even a system like Freenet which forwards requests and data node-to-node can provide legal protection. And it is further questionable whether it can be made to work technically and can overcome the speed penalties this kind of transmission imposes. My suspicion is that these press announcements are more hype than reality.
Re:Hell, the new p2p app ... (Score:2, Interesting)
all i'm saying is, where are the RIAA gonna end up stopping this protocol-chasing stupidity? protocols are infinite. laws are infinite. none of this does anything for their markets, or the markets of their members.
sorry RIAA, but some of the most buried networks have been simple groups of people who trust each other enough to share a VPN setup. are the RIAA going to kill VPN's as well as p2p? because it doesn't look like they're going to stop their abusive law-making around -any- of the open public protocols.
See? You're relying on obscurity, not security. Anyone who would share with you will share with the RIAA.
ummm yeah, i guess my 'wry heh heh point' didn't really come across
what the RIAA, really, is up against, is the OSI model... when what they ought to be doing, perhaps, is using the model and getting someone to write them up a good RFC for media-content control, their own new in-band protocols, for protecting their own content and the content of their group of members...
But instead, it seems they're just on the warpath.
MAP (Score:4, Interesting)
Re:WASTE (Score:3, Interesting)
First, it's not even anonymous. You know the IP of the person you're getting data from.
Second, it's safe IF AND ONLY IF *you* personally know everyone on your node and are 100% sure they won't tell the authorities. As soon as your friends invite friends who invite friends, you never know who they work for and who they are. A potential law enforcement agent, RIAA employee, or flat out rat could screw you up just as bad as the RIAA doing scans of public IPs on popular P2P networks.
It's good if you want to just share files between people you know, but then again, why not just use AIM or something?
Instead of being decentralized with a ton of private networks, WASTE (or a p2p app like it) needs to be designed so it has the option of putting these branch networks on to ONE huge network (a la Gnutella/Gnutella2) AND provide a reliable means to search files (and transfer them) anonymously. Once you get 50+ people on there, the network starts getting shaky.
Re:Good. (Score:3, Interesting)
There's still contributory and vicarious infringement liability to worry about, but at least if you join a network with honest good intentions you can explain to a judge, and copyright infringement happens without your knowledge, you can't be held liable for direct copyright infringement without the judge ignoring precedent.
(If you're profiting from looking the other way and running a node with no other legal uses, that's vicarious copyright infringement. If you're materially contributing to infringement but not actually doing it yourself, and you know (or should reasonably know) it's happening, that's contributory copyright infringement.)
The bottom line here is: the law gives legal protection from automated acts of copyright infringement to ISPs, so they can continue to operate. We need to assume that sometime in the future, lawmakers are going to try to stop that body of law from being used to benefit home users on a filesharing network.
To do that, they are going to codify in law the difference between an ISP (with paying customers), a "volunteer ISP" (with nonpaying, anonymous customers, whatever it ends up being called), and a normal home user. Then they're going to have to explain to their fellow lawmakers why they are giving freedoms and granting exclusions for one class of citizen (including Cox Communications) but not for another class of citizen (including you and I).
I don't think they can make it illegal to start an ISP. I have to be able to go out to some little hick town in the middle of nowhere and set up a microwave relay and be a small-business ISP. If I can do that, I can set up an 802.11b repeater on my roof and be a free ISP for my neighbors. If I can do that, I can set up a virtual service using only my Internet connection that gives people "real Internet access" when they only have "cable modem web access". (That last one means: I'm a VPN, I'm enabling filtered ports, etc.) If I can do that, I can participate in one of these filesharing networks.
To forbid these filesharing networks they need to be able to draw the line in there somewhere, and codify that line with precise language in law.
I am not a lawyer, but one of my emails on this subject was featured in a slashdot article long ago. (Protecting Clients: Legal Implications of Filesharing Network Design) Check my posting history.
--Michael Spencer