Slashdot Mirror
Surveillance on Peer-to-Peer Networks
n7lyg writes "Salon has an article by Janelle Brown that asks (and answers) the question 'Who is spying on your downloads?' It discusses the use of various P2P tracking tools by RIAA and IFPI and others to monitor file trading on both Napster and Gnutella networks. Freenet seems to be more or less immune to this sort of monitoring at the present time, due to the distributing the files throughout the network. More big brother tactics..."
From the article: I know that your IP address is 28.294.22.1, your ISP is Earthlink, and you logged in last at 2:26 a.m
Whew... Don't worry about their spies... they don't even know the addresses can't go above 255... 8^)
Jethro
Quidquid latine dictum sit, altum viditur.
Perhaps this is why we need security features in peer-to-peer clients.
m sp encer.net/piratestuff/bigfile.iso
Blocks was an example of a filesharing client with too much security. It was well-designed and cross-platform, but required too many resources and too much security for...well, anybody except the most advanced users. It would be very difficult to find the IP number of someone sharing certain content on the Blocks network. It's also almost impossible to even find a file on the Blocks network.
Perhaps what we need is optional security. Some users are going to want to form a mixnet, and only directly communicate with trusted peers. Some people want encrypted disk caches, so if their computers are seized, it'll be impossible to tell exactly what they're sharing. Conversely, some people would like an easy way to tell whether content is copyright-protected and shouldn't be traded, without directly notifying anyone that they've come into contact with the content.
I've outlined some security concepts in a quick page I've put together: http://mspencer.net/fs. It's a work in progress, and is very long (22 KB and growing) with almost no index or table of contents. But if peer-to-peer filesharing is a topic you are enthusiastic and excited about, you'll find the page very interesting. (There are no ad banners at all on that page -- just text, except for my email address. I put my email address in a graphic, to spam-proof it.)
From the page:
Does all of this seem seedy? Do you think people will assume that anyone who participates in any of this extra security or identity protection is automatically a criminal? Remember that this is what computers do -- they take complicated things, and take the manual labor out of them. Sure, some of these methods may seem like seedy criminal behavior turned digital -- but this behavior is usually criminal in real life because it's so costly! It takes time and effort to route anonymous messages around -- take a 'layered' envelope out of the mailbox, unwrap only one envelope leaving (an envelope still inside, possibly with more envelopes inside that), and mail it out again. Pass things around by word-of-mouth only. Use aliases. In real life, these things are difficult to do and take time and effort...so it can be concluded that the people doing them probably need the extra security or protection. That is, they're probably doing something illegal, so the extra 'cost' is worth it. But this is digital -- these are computers we're talking about. It's very easy to let the computer stand out on the streetcorner for us. We're not peddling high-value illegal material -- many of us merely don't want certain advertising companies using our personal information to enhance their seedy business. This 'shifty behavior' becomes worthwhile at the half-penny-per-transaction level, because computers do all the work. Were it the real world, this same kind of 'shifty behavior' would only be justified at the tens-of-dollars-per-transaction level.
Such a system is possible, if enough motivated and excited people get together: adapt and borrow concepts from other projects. The other projects out there (MojoNation, Freenet, Blocks, ELF, and many more) have wonderful concepts and design, and they do a very good job of solving a particular problem with filesharing. But they don't solve all of the problems.
Perhaps if enough p2p project developers are inspired to bring their concepts together into one system, we'll finally rid our gift culture of these pesky intellectual property lawyers.
On a related note...I just thought of this really evil way to abuse three existing services (WWW, DNS, and Akamai proxying) to provide a kinda-anonymous web site:
1) Use an existing DNS zone to point an NS record for a subdomain to a special kind of DNS server. (Perhaps *.anon.mspencer.net)
2) Create a special DNS server (special software, or just firewalled) that is only allowed to hand out DNS query replies to Akamai servers.
3) Publish a URL:
http://a1.g.akamaitech.net/6/6/6/6/lmnop1.anon.
It would be impossible to get the true location of lmnop1.anon.mspencer.net unless Akamai servers were cooperating with you.
--Michael Spencer
(remove the first three letters from the email address above.)
I recently submitted an article about how I found a piece of spyware that is installed by a number of music sharing systems including AudioGalaxy and iMesh on my machine. Of course, Slashdot rejected it. Since it is ontopic for this discussion here it is:
The SpyWare Invasion
While writing a proxy server for a class I noticed that for each URL I clicked, a number of POST requests were being sent to d2.webhancer.com and d3.webhancer.com. Wondering what was up I decided to go to the Web Hancer website where I found out that WebHancer is a company that claims to have an installed base of millions of WebHancer agents that report web browsing statistics to their corporate headquarters.
WebHancer currently charges businesses $12,000 a month to access these usage statistics. I found the webHancer agent on my Windows machine (after a quick 'ps -W | grep gent')in "C:\Program Files\webHancer\Programs\whAgent.exe" and deleted it. What I am wondering is how the Web Hancer agent got on my machine since I don't recall being asked whether I wanted to install any spyware. Also exactly how many of their millions of anonymous usage statistics are being generated by unsuspecting users?
Which program did I install that decided to place this Trojan on my machine and is there a blacklist of such programs? AudioGalaxy
Finally, while searching for info on Web Hancer I found Ad-Aware which claims to locate and uninstall such spyware.
Freenet seems to be more or less immune to this sort of monitoring at the present time, due to the distributing the files throughout the network.
Good, so now the ten people who use Freenet can sleep easy.
--
--
#nohup cat
I can imagine what would happen if/when I get busted. I may pay a fine. Heck, I could see a few days in jail (doubt it for a non-violent crime, but this is the RIAA we're talking about here). More importantly, I would never, ever, ever buy another CD from that organization again. If it was the RIAA that was behind the persecution, then I'd boycott their member companies. What do they get? One less customer.
How long can record companies last that piss off and alienate their customers? It will be very interesting to see what happens when the contracts of well-known (and lesser well-known) artists come to an end.
That will leave them free to get with a good web host, a couple of programmers and voila - downloadable songs at a reasonable price. Who needs Best Buy/Tower Records/RIAA?
They can run, but they'll only die tired.
Yeah, right.