Collapsing P2P Networks

Andrew writes "I'm a undergraduate at the University of Washington, and after seeing this article on Salon, I dusted off a paper I had written last year. I examined P2P networks under a model usually used in describing animal populations, and found that it may be possible to cause a collapse in the network based on the intrinsic nature of the technology. Just as in animal populations, P2P networks require a sizable "critical mass" of users, and overharvesting can cause a systemic collapse - what if this were done on purpose? Quite ominously, my second recommendation on disruption was carrying damaged or incorrectly named files. You can read theabstract and the actual paper"

Start of a bad trend

[rattler14]

True, the music industry could make tons of phony user aliases and bombard the servers with numerous useless queries and corrupt files. But where does it stop? This same technique could be used by companies to overload a competitors internet servers and capabilities... This method, though very possible, seems more like a mild virus attack that could potentially lead to a backlash of similar attacks from some pretty pissed off users.

Seems like a plausible solution, with some negative side effects.

Re:Start of a bad trend

[oakbox]

Isn't that the point though? You can't go to court suing Sony because they created a lot of damaged versions of their songs. How does this sound?

"I was trying to download an illegal copy of their copyrighted music and it was damaged!"

I think this is one case where they could simply set up some distributed PC's (different IP's in different class C's) and just have P2P clients serving 'bad' versions of their own copyrighted music. Set up a little consortium of several different records companies, and it becomes DAMN hard to apply an effective filter.

You might counter by setting up a central key list of 'correct' MD5 checksums, but then THAT list becomes a target of litigation from the RIAA.

I don't like it, but it is an elegant solution. Use the power of P2P against itself. Anonymity works both ways.

Re:Start of a bad trend

> You might counter by setting up a central key
> list of 'correct' MD5 checksums, but then THAT
> list becomes a target of litigation from the
> RIAA.

This, of course, is the only effective solution to the problem of mislabeling the files.

A much more useful way to implement it, however, is as a public review/comment site, where the MD5 checksum (possibly in combination with the filename) is the key to the reviews and comments. This could be offered independently of any P2P system as a service like the CDDB. I can't see how this would be actionable by the RIAA or anyone else.

One cool side-effect of this would be the ability for people to post reviews and recommendations of particular songs. If you find a reviewer who likes the same music you do, then you can see the list of songs he recommends that you haven't heard yet, and go looking for them.

The P2P protocols would have to change a bit to also transfer the MD5 checksum, but once that happens you'd be able to see a song you want, click the "reviews" button and see what others have to say about it. If the rating was zero stars and all the comments were "RIAA pollution," you wouldn't retrieve it.

Re:Start of a bad trend

Actually, it's incredibly easy. Ever heard of eDonkey2000? Well, it uses HASHES instead of filenames to d/l files. What does that mean? Well, you can set up a site (preferably out of the grasp of USian authorities) where people can submit hashes of files. That makes it damn hard to put in fake files (unless you either hack the client or poison the hash list - both are hard to do). And in most countries other than the us, there is nothing illegal about such a list (you could easily use it for legal purposes - such as finding illegal files - which in most courts outside of the us is OK). They don't take up much bandwidth, and you can even distribute them via the same network, so they are hard to shut down.

Re:Start of a bad trend

[GodInHell]

I think this is one case where they could simply set up some distributed PC's (different IP's in different class C's) and just have P2P clients serving 'bad' versions of their own copyrighted music. Set up a little consortium of several different records companies, and it becomes DAMN hard to apply an effective filter.

Time to build the undernet.
The issue with the internet today is that everyone is welcome, as it should be. But it also mean that when devising open ended software systems, any user can recieve and make use of those tools, and by the same token, any user can misuse those tools.

The solution would be an undernet. Existing alongside the current internet, it would rely on some extenssions to the Protocol that are not made widely available. Software could then be written that would function only for memebers of the undernet. Now, change the phrasing slightly, to undernets. Append a group identifier to all packet headers sent by undernet members to other undernet members. If abstracted widely enough, it could even allow different members to remain connected while cycling through spoofed IPs.

This is most clearly desireable when the group that supports the undernet is working toward common goals or ideas. Then if members begin to polute the data-pool with broken files, picking out and removing the offender becomes both easier, and more effective.

I'm sure a one of the IP wizards could come up with something more graceful and effective, so don't judge the superficiality of the proposed solution, so much as the concept of the closed group with regulated, but anonomous, access.

-GiH

Re:errors

[ObitMan]

HAH. I read the article but not the blurb. Is that a /. first?
The paper is a year old.
I wonder what the review of it was or if the prof or assistant even caught it.

gnutella has already been dos'd..

a few years ago a denial of service attack was launched against the gnutella p2p network. this was done by sending out large 'ping' packets, which were then sent all throughout the network, effectively using up the entire bandwidth of many slower nodes. i don't recall how this was stopped, perhaps by a client update, or maybe the attackers just stopped. if the later is the case, gnutella is probably still vulnerable to such attacks.

Why don't they....

[HowlinMad]

Just make a Beowolf cluster of these networks then?

Solution: Decentralized Collaborative Filters

[jake_the_blue_spruce]

Collobarative Recommendations such as Amazon.com uses, (or Eigentaste or RecTree in academia) finally have algorithms that make it fast enough for an average PC to perform the operations. A decentralized version would not only foil spoofing and spamming, but would let you discover new things beyond the industry marketing machine. Does anyone have information on such work?

Re:Well, atleast we know who skipped maths lessons

[LordLucless]

Yes, you can probably counter all these tactics, but they would still do their job.

If the labels can force p2p networks into a more complex model, it culls the less technically able users. I think if the p2p music sharing networks evolved into systems requiring md5 hash lookups, trust networks and other countermeasures, Joe Schmoe wouldn't be bothered using them. He wants something he can just hook up to, grab stuff, and leave.

Music piracy has always happened. Its just booming now. They just want to stop the boom, not eradicate it entirely.

Re:animal population requires food

[apt142]

Well, the information is the food. Like in the real world, food is abundant and replenishable. You could say that information is the same. Creative people (artist, musicians, etc.) grow the information in much the same way as a farmer.

The thing you have to remember here is that information is only needed once. For example: You only need to download your favorite song once. What good is two copies of the same thing? This works for software too. Why have multiple software that does exactly the same thing? Plus, if information is something that is learnable then once you have learned it, it becauses useless to you. You can't learn it again (barring any mental disorders).

Let's consider the overhunting issue. With so many users sharing information, you won't have to look far to find what you want. Meaning, you will be able to dl everything you want. With such access, you would have a pretty big store of information yourself, just by dl'ing what you look for. So, The more you have the less you will need.

Sure there will always be more stuff to download. But, you would need to download much less once you reach that saturation point.

Re:MD5, etc.

[jawtheshark]

The main issue is so-called leaching.

While I agree entirely with the fact that leeching is a problem, you should consider these facts:

• Not many people have the bandwith to share. I don't, I share nevertheless but restrict upload speed to 3KByte/second and 2 allowed connections. Why? I have only DSL 256/64kbps, which means I have about 8Kbyte/second upload and I give away a potential 6. I find that generous. This is however not enough! People do not have the patience to wait at these speeds, most of the time uploads that start on my machine (I check that from time to time) about 99% are cancelled by the remote side.
  Yet, I download! Most of the time pr0n, and from time to time music (usually when I heard a good song on the radio).
• Firewalls. I have a firewall... and I will not in any case turn it of because I want to run Gnucleus. This effectively reduces my own choices to download: anyone who runs a firewall too is not able to communicate with my machines. If everyone runs a firewall, P2P networks like Gnutella would become useless. PUSH only works when the receiver does not have a firewall.

So technically this makes me a leech: I want to share files but due to bandwidth restrictions and due to firewall issues my sharing-abilities are clearly diminished. I have the goodwill but not the resources.
It wouldn't be the first time a P2P client advertising T1 performance aborts me and I find that very frustrating. Probably people using the tools you mentioned, and considering me a leech. Nice... :-(

Oh, and one thing about the whole P2P thing I don't like are the insanely large filenames filled with idiot keywords. Keywords in filenames....tsss.... Better would be a kind of database that associates keywords with files you chose on your harddisk. At least that way your files could have halfway decent-length filenames. Of course maintaining that would be a bit of work, but maintaining a filesystem filled with junk-filenames isn't any better.

Finally a little question for the P2P junks out there: many people claim they get to learn new kinds of music by P2P sharing. I won't say it isn't true, but how? You still need a handle to search new stuff? You just type in random keywords, or what? Just curious, because I'd like to broaden my musical horizonts a bit.

Re:animal population requires food

Well, the information is the food. Like in the real world, food is abundant and replenishable. You could say that information is the same. Creative people (artist, musicians, etc.) grow the information in much the same way as a farmer.

The thing you have to remember here is that information is only needed once. For example: You only need to download your favorite song once. What good is two copies of the same thing?

Unfortunately your analogy fails. You say we only need information once. You're confusing your metaphysics here. We only need one specific piece (an instance?) of information once.

When we eat, we only eat a specific piece of food once (an instance of food, like that dish of fried chicken I had last night). However, food (in general) is abundant and replenishable, and constantly in need.

The proper analogy is that we are in need of information (in general) all the time as well, and it is over-abundant.

Sure there will always be more stuff to download. But, you would need to download much less once you reach that saturation point.

Nobody ever told my father that he wouldn't need newspapers once he was saturated.

Having said all that, what was the point of that analogy anyway? The paper was a valid application of theory, and was an interesting extrapolation from population models to a p2p network. The despensation model described seems to be a rapid cull of population (harvesting), and has no direct connection with food (except as a means of culling?).

Re:cheap music please

[ranulf]

What labels should do is let users download music for a small fee.

Good point. I actually very much approve of these tactics being used to hinder people freeloading, despite being shocked how expensive music and films are too buy.

However, I am very much for record compaies distributing music via the internet. By cutting out the end retailer, who typically take 50% of the final price of the CD, and removing the cost of media manufacture, there is no reason why these goods shouldn't be available for those that want to download them. There'll always be the hardcore fans who want the boxed editions (check out special edition box sets, etc..) but a lot of people also are only concerned about the actual music. In fact, it could probably even be argued that if music companies sold the music in MP3 formats, the die-hard music afficionardos would still buy the real CDs just for the quality difference.

But back to the P2P issue. You get what you pay for. If you expect to download things for free, you can hardly complain when those things aren't what you expected. If you use a warez search engine, chances are you'll spend the next 10 minutes closing all the popup windows, even if you never actually downloaded anything! You don't see many people up in arms about that.

And if you think the record companies don't deserve their profits, think again... Why do you think there are always scores of new bands signing up to these labels? Because the record companies invest heavily in lots of bands, many of whom will flop dismally. They invest in advertising, gigs, promotional CDs, PR parties, you name it. If they end up making 10 times the profit you think is far on a particular band, bear in mind that there were probalby four other bands that they promoted that didn't make it that got the chance.

Re:cheap music please

[MoneyT]

There's a slight difference here between the Warez sites and these new "tactics".

With the warez sites, the ads are there because these guys can't find anyone else to host them, so they need the money for the ads. The ads are not being put up by Bungie, or Blizzard or EA or any of the other companies.

As for the p2p networks however, these files are being placed with the intent of misleading the consumer. Unfortunately for the people trying to use this tactic is in the same way that moderation works on slashdot, so does moderation work in p2p. If a file is a crappy sound loop, no one (or very few people) will keep the file. They will simply go back out untill they find the right file. Then once they have it, they'll keep it. So picture it like this.

The company distributes 100 sound loop files. After a month or so, the number of soundloop files is probably still 100 give or take (and with certain programs like Limewire, identical files are grouped). Now, as soon as one person buys the CD, there is a legit copy (legit meaning real). One person downloads his copy, now there are 2. One person downloads from each of them, 4. One download from each of them, 8. 16, 32, 64, 128. Etc etc etc. In the mean time, the sound loop is still at 100.

Sure the soundloop tactic would be effective maybe for the first few weeks, but afterwards, it's more a waste of money.

Compare to the Tsetse fly approach

[iiii]

The comparison of P2P use and animal populations is fascinating, and although the parallels will be limited it might yield some useful ideas.

The most interesting parallel animal model has got to be the experiment designed to reduce (or eliminate) Tsetse fly (and other insects ) populations by releasing large numbers of sterilized males into the natural population.

The process of P2P sharing would correspond to mating, since you have to have two participants. A successful mating would correspond to a user getting the file they wanted, and therefore being more likely to use the service in the future. Getting a dud file is like a wild female mating with a sterilized male. Yields no offspring, user is less likely to continue using service. One or two cases of sterile matings have no impact, but when it is a significant percentage the population will decline, I'm sure the parallel with P2P holds.

The author seems focused on studying the best way to eliminate P2P, though, so he's probably hoping to get research grant money from RIAA.

"Undernets"

Hmm... how would you control who has access to the undernet? If access was given out by a central authority or privileged users, then it would be difficult to get the critical mass needed to start the service. On the other hand, if access is free, well it's not really an undernet, is it?

I think that the solution would involve many small "undernet" groups, each group pruning its own users, and then linking these undernets together. If an undernet is hit with a load of RIAA spammers, then have your undernet ignore all traffic from it. If your undernet is spammy, join a new one.

The theory is that if the Gnutella network could be cut into autonomous but smaller sections, it would be easier to authenticate users. Ultrapeers are already starting to partition.

I don't think this needs to be done on the IP level. OpenSSH or Kerberos could be used to create Undernet UDP/TCP connections that would be secure.

Of course, it's all pie-in-the-sky since i'm too busy to code it.