Slashdot Mirror
Can Poisoning Peer to Peer Networks Work?
andrewchen writes "Can poisoning peer to peer networks really work? Business 2.0 picked up my research paper from Slashdot
and wrote an article about it. In my paper, I argue that P2P networks may have an inherent "tipping point" that can be triggered without stopping 100% of the nodes on the network, using a model borrowed from biological systems. For those who think they have a technical solution to the problem, I outlined a few problems with the obvious solutions (moderation, etc.)."
Have each user vote for each server they download from. If a specific server gives out bad files, the users would vote as a bad server. Then it would not be able to connect to the P2P network.
This would be moderation however, it would be the smartest way as each user would have their word on who is allowed and not allowed on the network.
*Headline News* censorship shuts down the Internet! More at 6PM!
Many users, when they download a "poisoned" file, get a little angry... and then they move on WITHOUT deleting the file! This leaves it in the system on yet another node and increases the chances that someone else will download it from them. If users take a little more responsibility for the network, these files wouldn't spread very well at all.
Why don't you both just do the RIAA's dirty-work for them?
No wonder geeks get beat up.
Because most users download files and never check them.
Really annoying especially with large files you've downloaded at 1kbps
By trying to deactivate part of the net you can't stop all of it. ... the other 20% will still be able to resist the attack.
For example , lets take a net of 2^n nodes, and lets say 80% of which have been poisoned
take, for example, IRC - splits will never kill it (while I am saying splits I really reffer to poisoning, ofcourse).
Another example is the iraqui internet during the golf war. it didn't came down. why ? because when using distributed networks (such as P2P and the net itself) the resistability is just plane great.
I outlined a few problems with the obvious solutions (moderation, etc.).
Are you trying to say, on Slashdot on top of all, that moderation could be a part of a solution?
Heretic!
A message from the system administrator: 'I've upped my priority. Now up yours.'
Although this idea [checksums] works for newsgroups and some other centralized services, it does not with P2P. Basically, it comes down to the fact that you must trust whomever is actually doing the checksumming, or else they can just lie and publish false checksums. In the case of P2P networks, the checksumming is done by the same person you want to figure out if you can trust! As far as I know, this is an unresolvable problem.
So, um... how about this... If it's a standard file, such as, say, the deviance rip of neverwinter nights, or the new MPEG of Two Towers, then it should always have the same checksum.
Somebody somewhere needs to maintain a website with these checksums on. Then there's no dependence on the person who you're pulling the file from.
Obviously doesn't work for random porn videos (although it would for more popular ones... which might also tell you whether they're any good).
And there's nothing illegal about it.
Problems?
If you can't see this, click here to enable sigs.
Why won't it work, you ask? If someone sent me a fake file, I would just delete it and grab another one. I think that is one factor (or side effect) about P2P networks that they didn't consider--each node in the network is not only self organizing, it also monitors and controls its own content. They can flood the netwok with as many fake files as they want, and while the P2P network nodes won't be able to tell whether those files are fake or not, the people that run those nodes will.
I disagree with your suggestion that checksums can't work. A way they could work is as follows.
Create a website with logins for the users. Users of this web site can create lists of checksum for the files they create or have downloaded and verified as valid.
Other users can check any given user's list, and perhaps even post comments about the user's list, a form of moderation, if you will.
The validity of any single file on any random user's list would certainly be questionable, but some lists would become "trusted" by the community through trial and error. Others would be recognized as bogus and ignored.
Just a thought. Give me more than a few minutes and I might be able to come up with a better one.
If for example, the company/person poisoning the p2p network was going for an "extreme" kind of attack, they could have their client respond to all searches with a filename that looks similar to the one searched for. This would make p2p networks a pain when their are legitimate uses for them. If they were just going to spam song names/artists with false files, then it would make it kinda hard to download songs. p2p networks are however an awesome source of advertising, so if I like a song that I download I'll download another couple and if I like them also I'll buy said artist's cd. Of course, if I get frustrated with downloading said artist's cd I'd probably just not bother. It seems to me that record companies in particular like to waste money to destroy something that IMO increases sales.
TRUSTED Peer to TRUSTED Peer computing.
Granted this will mean a slower growth in a P2P network, but it may be easier to defend file sharing when you are actually only sharing files with your friends and relations.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
Most of us who have been on P2P looking for files have been used to the fact that a large number of users are misconfigured (their firewall blocks your incoming request but heppily tells you they have the file you want) or are trading crap quality files. At that point you resort to brue force and using a bot to just grab everything it can to a large holding drive... a 40gig ide is dirt cheap and can easily hold the results of running a bot searching for "radiohead mp3" and grabbing EVERYTHING it finds over the course of about 3 days. but then you have to manually go in and delete all the crud, cruft and garbage. It's still faster than the old days of IRC trading but the signal to noise ratio has always been really bad.
Granted poisining it can start to drive away the gimmie-gimmie crowd or the newbies.. but the hardcore and old-timers will stay and simply find a way around it. Hell a group of about 100 of us now have our own private open nap network going and we have only high quality known good files. any clients connecting not sharing or sharing crap are instantly banned/blackballed... so we do the moderation thing.. with a side requirement that you must be asked to join and prove your worthyness to us. Maybe that will be the direction P2P will go... back to the roots of IRC where you had to prove your worthyness, ratios were encforced, and real people made decisions to keep out the troublemakers...(RIAA) granted you dont get 30 bajillion users that way, but then you dont have to spend a night and 10 gig trying to find that song or file you want.
Do not look at laser with remaining good eye.
Why not block all IP's in RIAA/MPAA IP ranges and any ranges that are putting crap onto the network.
thank God the internet isn't a human right.
From the webpage:
In particular, our analysis of the model leads to four potential strategies, which can be used in conjunction:
1. Randomly selecting and litigating against users engaging in piracy
This seems to be the option which involves the least technological action. However, randomly wouldn't work, if it were only because the P2P users don't all live in the same country, hence different laws apply. So some sort of not-so-random selection proces has to be implemented.
2. Creating fake users that carry (incorrectly named or damaged files)
Modern P2P programs support downloading files from multiple sources. If someone downloads such a fake file and discovers it, the file will almost always be deleted. So, these files will not propagate through the network, or at least not as fast and as much as the correct files. So a search where one file can be downloaded from many sources is in this case preferable before one with not many nodes serving the same file.
3. Broadcasting fake queries in order to degrade network performance
Now this is an interesting thing. The makers of the P2P programs who are being targeted by fake queries could ban such users, or could build in a feature where the user of a P2P program can ban a host his/herself, so that it will be excluded in further searches.
4. Selectively targeting litigation against the small percentage of users that carry the majority of the files
Some users carry gigs and gigs of files, but that doesn't mean they're very popular. If I setup a server where I host my 20CD collection of Mozart works I'll probably won't get as much traffic as when I publish the Billboard 100. It's not the quantity, but the content of the files served that counts. Search for Britney and you'll receive 1000's of hits. Search for Planisphere and a lot less results will show up.
Nevertheless it's a good paper.
The answer is quite simple, and would be very difficult for the sabateurs to subvert.
GPG signatures (which BTW include a checksum) of content, with said signatures refering to an online alias rather than a real person (thereby maintaining anonymouty).
A web of trust is formed, in which HollywoodDude is known and trusted, and has signed RipperGod's key, who in turn has signed FairUsers key, and so forth.
Provide a separate way of obtaining the keys (e.g. multiple independent websites, multiple independent keyservers, and so forth), and people can simply filter out anything submitted by untrusted users. If something submitted by someone outside of the trust ring, and someone who is trusted sees the item and determines that it is worthwhile/good/whatever and not a decoy, they could sign the item themselves.
Gaining trust would of course take time, probably requiring many worthwile submissions, but that is true in real life anyway, so why should it be any different online.
If someone violates their trusted status (or their private key is stolen, which BTW would be a violation of the law), others in the ring of trust could revoke their trusted access and blacklist their signature.
It isn't as convinient as just being able to share something with little or no thought, but it is emminently doable, and there really is no straightforward way to undermine such an approach.
The Future of Human Evolution: Autonomy
I say you're talking lame trash, unless you host it on YOUR site. YOU be the victim of **IA lawsuits. Unless you post a link to a site where you plan to host such a wonderfull page, shut the f**k up.
On a more technical issue, you you really think different rips of the same movie will have the same checksum? What if one rip is one second longer or shorter? Or the ripping prog compreses it in a slightlt different way? bang... different checksums.
You need to read a little more "PC Magazine" before you can start posting such dribble.
The problem faked hashes can be addressed using trees of checksums rather than just a simple checksum although a workable implementation would require embedding into the P2P protocol.
The idea is you break the file up into smallish sized blocks (100k or so) and generate a hash for each one of these. For each 8 first level hashes, you feed them into a crypto hash function to generate a second level hash. For each 8 second level hashes... you generate a third level hash. This allows a continuous (per 100k blocks) proof that the content is valid... The size of the proof grows with the log of the content so it is not much of a problem.
The RIAA/MPAA don't need to poison P2P networks. Nor do they need to use lawsuits and the threat of DMCA. The easiest, best way to stop illegal sharing of copyrighted materials is to provide a legal, reasonably priced electronic distribution alternative.
Really. Most users, given the choice, will pick the "honest" legal way to get their music and videos. Will there still be pirates? Of course, but you can never stop them and, heck, you're not losing money on them anyway. They wouldn't spend the money on the music.
Treat honest customers as honest, embrace new distribution methods. The problems go away. Think of the cost savings: they wouldn't have to buy any more senators.
tune, I may end up with somthing thats bland, repetitive and annoying.
And, pray tell, how am I supposed to know the difference?
I'm curious. Advogato claims that their trust metric is robust against a concerted attack of malicious users - how does that compare to the paper's conclusion about a trust network? Or is it a matter of scaling?
Aagh!
"Can moderation on Slashdot really work? Internot Publishing 2.0 stole my research paper about Slashdot and wrote an article about it. In my paper, I argue that CowboyNeal may have an inherent "tipping point" that can be triggered without modding-down 100% of the trolls on the network, using a model borrowed from biological systems. For those who think they have a technical solution to the problem, I modded-up a few problems with the obvious solutions (karma-whoring, etc.)."
I'm currently in the process of designing a opensource Peer-to-Peer network which will take care of some of these issues.
The network will be a semi-server-centered with a design similar to the NeoModus Direct Connect network.
The basic new idea is to reward users who share information by giving them more access to the network.
Hopefully this will make the network somewhat self-moderating since users sharing undesirable content will not rise in network status.
As I said, the project is still in the design-phase with a preliminary protocol spec just finished.
If you would like more details or contribute to the project, visit:
Bitpeddler project page
or
Bitpeddler homepage (with design/protocol spec)
I think webs of trust are a good idea.
Poisoning such a web could prove difficult. I trust personal friends highly, the aren't a poisoning group.
People I or they don't know well won't get a high trust rating, and would be suspected if they were poisoning the group.
I think slashdot type moderation works well too, combined with a decent sized web of trust should be a pretty stable system
To quote their summary: "GNUnet is an anonymous, distributed, reputation-based network." It's the reputation part that should cover poisoning pretty well (the anonymous part is pretty cool, too).
Yeah, the code is pretty much still at the Alpha stage, but if you want to help....it's gnu code after all.....
You can view a partial of almost all file types, even AVI if you use VirtualDub.
I hope their professors pointed this out...it's one thing to poison the habitat of a creature to kill it off. There's a very real consequence to this - the creature dies. With P2P networks, nobody dies, they look for another copy of the file to download. Not rocket science. Not even really a deterrent.
P2P networks have always had a certain percentage of bogus files. People wanting to be the first to upload the newest shooter, the newest album, the newest app sometimes make a bogus image and upload it. Sometimes people make crappy rips of songs, and don't bother to check them. Big deal. People who obtain files in this fashion usually know ahead of time that the file might not be what it says it is, or might be a bad quality rip, or whatever. They delete it if it's bad, and move on.
The other thing P2P networks have going for them is perserverence on the part of the user. People who want to get stuff for FREE will put up with a couple of false downloads. Dead fish can't do that...;)
-Jeff
Flooding a network with spoofed files would drive users to more reliable music sources -- like the labels' own online sites.
The problem is the labels don't have their own online sites. Sooner or later (its bound to happen) the labels are gonna hire some college grads who grew up on sharing and understand the problem. Maybe then a compromise will be reached.
'Same speed C but faster'
The crew at the Open Content Network have released a specification for serializing hash trees. The specification is called the Tree Hash EXchange (THEX) and is being implmented in both the Open Content Network and Gnutella. Furthermore, this specification is compatible with the TigerTree hashes used for Bitzi.
And so they run around, giving tips to the servers.
Even without p2p attacks from idiots like the RIAA, there are always problems using p2p networks. Try to dl a 600MB cd image. There are lots of times you can get a nearly 600MB file, but it's not all there so you waste a cd burn. It can be very difficult to tell before you dl if it's a good file. You just move on and find the right file eventually.
Most of the stuff the RIAA will try to attack are the latest Brittany Spears/'NSYnc albums, which I don't want anyway. They aren't going to waste time ruining obscure bands/out-of-date music, so you can dl all you want.
The only people who it hurts are the people who don't know what to look for when they're dl-ing anyway, or the poeple who want ONLY the most popular stuff (instead of the good stuff out there). I think the smart people can easily stay 15 steps ahead of the RIA
---gralem
If this is what people are forced to do to achieve Napster-like results, then RIAA et. al have basically won all that they set out to achieve. By raising the bar high enough and by forcing higher transaction costs on the users, industry effectively shuts internet piracy out for 99.9% of the population. Of course people like me, that 1% or whatever it is, will always be able to circumvent whatever they throw in my path (presuming that I'm willing and wanting to do so of course). However, that number is so small that they really would not bother spending much effort to enforce from a simple cost / benefit point of view. Why spend millions in legal and related fees to track down a group of consumers that only account for half that amount? They won't bother, like they didn't really before Napster came along.
In fact, I would further argue, against the conventional wisdom on slashdot, that RIAA has basically won the war against P2P and other forms of mass piracy. At least once they shut out networks such as Fasttrack, and let it be known that there will no financial return for those that fund the development of piracy networks. Certainly the average Schmoe can download that super popular song via GNUtella with some effort, but getting much more than that like, say, the entire album at decent quality from same artist, is like trying to extract blood from a rock. That is not to say that they will retire their guns, but rather that it will just be an on-going series of small battles, more like maintenance, to hammer down any network, system, or device that pops up and starts to hemmorage their intellectual property.
I just started using it last week -- I think I remember something whereby each file has some type of key / checksum (I'm not too familiar with the nuances of encryption)........... but I could be wrong.
So, this guy wrote a paper and had it discussed on Slashdot. Now, Business 2.0 is printing a story about it and that means it should be discussed on Slashdot again? Is there anything new to this since the last time it was on Slashdot, or are we just carting it out one more time?
Checksumming - no good. Any program could pretend to have the right checksum, but send false data. No point in figuring out *afterwards* the download is corrupt.
Webs of trust - hardly. Imagine a network of antis giving eachother good reviews, they'd certainly be better off than someone without any reviews at all. It's very *unlikely* that the one you're P2P'ing with has a trust chain you accept.
"Database" of who are good traders and not - Fake databases would screw that, you wouldn't know which ones to trust as you have no central server. The problem is that if there's to be any real P2P exchange happening, it's usually *strangers* meeting.
My friends could do a web of trust or a database, but then we'd much more likely to setup some mutual leech ftp servers instead and skip the entire P2P-networks.
Kjella
Live today, because you never know what tomorrow brings
anyways...
What about IRC?
I love it. The RIAA, MPAA, and other such entities are frumping over these P2P networks like KaZaA, Morpheus, the now-defunct Napster, Gorkster, etc. Meanwhile, the TRUE geeks are still trading away, right under their noses. The high profile nature of the P2P clients is giving us some GREAT cover! I'd like to personally thank them all for sucking the attention of the "super media conglomerates" away from us and our happiness.
Here. I'll even spell it out for you, but I'll encode it. Care to try and break this code? It's totally stupid simple, even a child could figure it out. When decoded, it tells you exactly how we do it. Good luck, and may the force be with you.
(1,2,5)(1,3,14)(2,4,52)
Face it: there is absolutely no way to stop P2P file trading unless you turn America into China and fear monger to keep us in line. And there's no way the American people will let that happen.
Oh, by the way. Wouldn't the RIAA (which is made up of many recording companies) be considered a kind of monopoly? When you get right down to it, what you have is a good majority of corporations working together to impose their collective will. There's no choice in the matter, it's their way or the highway. Isn't that anti-competitive? They're guilty of at least one thing: Price Gouging. They try to sell us CDs with minimal amounts of data for $15-20, when we can all go out and get a blank for around 20 cents a pop if you shop right.
The only reason they sign artists in the first place is to control that particular flow of data. The artist gets a minimal fee, and the record companies sit back and collect the profits. What wee need is an IRIAA, the first I being Independant. Once artists jump on the bandwagon and start releasing their own material (thanks to MP3, OGG, or whatever format they choose, on CD or over the Net), then they can leverage out the RIAA's member companies.
Blog Prophyts - Right On, Man
it won't solve the legality problem, but here's a simple solution to the file test problem. it's obvious, really.
... dual channel.
wrt checksums, i agree you can't really trust the person you're trying to donwload from. however, you have partially seen a solution with judges, you just haven't gone far enough with the idea.
consider a new kind of P2P
channel A = b/w for transfer of files.
channel B = judge traffic.
now consider three machines, X, Y, and Z. X wants to get a file from Y, but wants to be sure the file Y is sending isn't hacked in some way. so X randomly picks a new machine, Z, and asks Z if it believes Y has an authentic copy. X thinks the answer is 'yes' (default) since it has no information about the machine Y. Z also has no information about Y, so it says yes as well with non-authoritarian response (default).
now there are two cases. Y sends a valid file, or Y doesn't.
case 1: Y sends a valid file. X receives the file into the queue "untested". when X checks the file, the file is either marked Valid or Invalid. on a Valid, X notifies Z that the file was correct, and everything is ok. X and Z now have hard data and can provide an authoritarian response to any queries about machine Y.
case 2: Y sends a bogus file. repeat scenario, but notify fake. now X and Z know that Y is sending fake files.
how does this solve the problem? obviously, you begin to propagate truth through the system. machines that can't be trusted don't get traffic. you can obviously increase the number of machines in the discussion(s) for judging and broadcasting results.
to avoid spoofing the judge channel, no "notify" events of a judge result can take place without a corresponding query first. spurious 'valid' postings are tossed, and perhaps chalked up as hard evidence of a rogue system and hence untrustworthy.
this scheme works, but has one weakness: multiple machines can directly target the P2P network. here, RIAA machine A and B work in tandem. for every x in P2Pnet, A queries x about B, then A sends to x that B is good.
while this is a valid weakness, it's also a _short-lived_ weakness. by factoring in negative results at a higher weight, and keeping a history for some amount of time T, it becomes clear that negative feedback from bad files at certain machines will push through the network.
if a negative event has 3x the weight of a positive event, then these deliberate attacks can only succeed for a short period until sufficient negative feedback is in the network. by making T large enough, those machines involved in the rogue entries will be denied from further efforts (since it's IP based, not name based).
anyone see any weaknesses with this idea?
The latest versions of limewire use hashes from a specification called HUGE that probably defeat this type of posioning attack. You can check out a recent interview with limewire team here. Go here if you want to download the code or check out the dev docs(Which are pretty outdated).
What the second-to-last paragraph in the paper? There's a missing word. A pretty important word, too. (How can this paper be featured all over the map and have an error like this?)
Anyway, is it:
"Or perhaps the carrying capacity of a well-designed P2P network is huge, and *NO* amount of flooding can overwhelm the network."
Or:
"Or perhaps the carrying capacity of a well-designed P2P network is huge, and *ANY* amount of flooding can overwhelm the network."
Which is it: "no" or "any?"
Goatse is so passé. It's been years since it was funny. And posting your little 'rap' makes you look sad, my reluctant-to-let-go-of-an-expired-trend friend.
I've read stories on /. and otherwise that make the comment that the recording industry is scared of P2P because it's a technology that they really don't understand. So, my question would be, do they really have the technology saavy to implement something of this nature?
Is the RIAA really going to hire a whole bunch of goons to sit at a computer and poison the networks every day? On that same note, are they going to hire people to moderate/meta-moderate servers on the network? The obvious question then becomes, "can't they do that with a script?", to which the answer is yes, to an extent, but the P2P networks should be able to detect that and disable it to some extent.
I know there are a legion of companies springing up to service the RIAA, but this is really going to be a cottage industry. What if their legislation gets shot down (however likely/unlikely), will these companies still survive on business that's now illegal?
Pick any two:
A members-only system that limited access only to verified non-*AA moles could never be implemented reliably for millions of users. (has 2,3 but not 1)
A trusted central server could look for and filter fake files, but would be an easy target to sue. (has 1,3, but not 2)
A distributed moderation or "web of trust" system would be too much trouble for the average computer novices, who are needed to bring the system from a few thousand geeks to millions of users. They would either blindly trust everyone (thus devaluing the whole system) or give up entirely. (has 1,2 but not 3)
People who think they are literate from reading John C Dvorak articles and Dell adds (like the poster I replied to) make me laugh.
You say, There already are plenty of these sites, and I say "show me the money." Not one link, eh? Plenty? Did you get that from a PC Mag article?
Oh, and about the checksums... look at a popular song, and see how many variations exist in file size at the same quality. Are you saying different files with different sizes won't have the same checksum? Maybe PC Magazine will have a little review on how Checksums work.
why does this guy assume that md5 summing and trust relationships are so hard to accomplish or that the weak points in p2p are simple unsolvable? Does he not have faith in the programming skills of the millions of programmers out there?
I love the smell of undergraduate sophistry in the morning...
The author of this paper seems to suffer from the common practice of those in a hurry to finish their term papers that if they somehow ignore the elephant in the room that disproves their point they might end up getting partial credit for impressing people with how well they can tap dance around the elephant. In this case the well-established practice of using a secure hash function as a self-verifying mechanism to prevent DoS attacks that try to flood a network with garbage files is the elephant.
In his FAQ regarding the paper, Mr. Chen correctly addresses the problem of a lack of centralized authority in using hash functions as distributed/P2P but apparently did not make more than a cursory examination of the subject or else he would have seen the various methods available for solving such a problem. I can only assume this is the case because reputation systems beyond simple moderation are not addressed and flow-constrained trust networks are never mentioned in this section.
As someone who seeks to pass off a "bad" file (this report) as a "good" file, perhaps sooner rather than later Mr. Chen will learn how the distributed moderation and trust system known as peer reputation works. Surely I am not the only one who finds it more than a little ironic that a paper by an author who claims that distributed moderation doesn't work is being submitted to a peer-reviewed journal in an attempt by the author to bootstrap his own reputation?
Another example is the iraqui internet during the golf war. it didn't came down. why ? because when using distributed networks (such as P2P and the net itself) the resistability is just plane great.
The hell? The PGA apparently got interesting while I wasn't looking!
Again, I disagree. It has been my experience than many users do not delete damaged files, they simply leave them. The so-called swarmed downloads only further expose the downloads to corruption since all it really takes is one corrupt segment to either cause the program to crash or at least play really unbearable sound (or whatever media). To further compound the problem, the industry could use their cash and their legitimacy to be the most available and desirable servers (so that your swarmed downloads are almost certain to select its servers).
This is impossible in any current decentralized P2P scheme, don't you get it? How is any routing servent to know that the other servent it is connected to is not passing legitmate requests the hosts it is purporting to represent? It can't. It might attempt to throttle the traffic of any from any given node, but then that would necessarily mean throttling the ENTIRE network, which would be self-defeating.
While it is almost certainly true that only 1% of the content accounts for 99% of the traffic, it is also true that only 10% of the hosts account for almost all of the servers. Of those 10%, roughly half of them, (those that HAVE the popular files, are SHARING, are on truly HIGH speed network, and are NOT FIREWALLED) account for the majority of it. If you take the biggest servers out first, you will have a big impact. What's more, once it becomes established that there are likely consequences for being an effective server of files, the industry need not literally attack every last one of them. They need only use fear to their advantage and allow the servers' own self-interest to take over.
Taken from Andrew Chens responses to the solutions:
Although this idea works for newsgroups and some other centralized services, it does not with P2P. Basically, it comes down to the fact that you must trust whomever is actually doing the checksumming, or else they can just lie and publish false checksums. In the case of P2P networks, the checksumming is done by the same person you want to figure out if you can trust! As far as I know, this is an unresolvable problem.
Actually, the checksums should still work I believe, in much the same way that file sizes work now. Consider the reason the files that are being injected are set to the same size as the real file; the purpose is to mask these files to the naked eye. Checksums could be used for the same purpose.
The reason for this is because as people find good files they will tend to keep them while deleting the bad files. Sure if we only get 1 result back then we don't know one way or other, but if we have 10 results back and 8 of the 10 of the same checksum, we can assume those 8 are the good files.
Of course the problem with this is that a great many people don't bother to delete bad files after downloading, but should the poisoning become too much of a problem we can entice more people to clean up their shared files by way of the client interface.
All in all, I think this would combat poisoning very well.
Sigs are awesome huh?
I hope the same people who defends the right to distribute mp3 they don't own the copyright for, will be the same people who defends a person/company's right to violate the GPL.
Je ne parle pas francais.
Here's something which is poisoning peoples minds against women. Clue: its a religion. Can you guess which one?
http://www.mertonai.org/amina/
The next P2P network comes out...
They killed Napster, then emerged Morpheus and Kazaa. They poison Kazaa, Network X comes out. By the time they figure out what to do with Network X, it will have millions of users happily trading songs again.
I wish the RIAA would figure out that if they would simply give us an alternate (and unrestricted) legal way to get our songs, a lot of users, myself included, would gladly abandon P2P.
Dream on...
The point is we need to get all of the potential problems with p2p out in the open so we can find a solution. If we work on a solution before the RIAA starts implementing it, we're that much better off.
The RIAA and all the lawyers in the world will never be able to completely stop pirating. Look at how much money the feds throw at drugs and the number of addicts on the street. If enough people want something, they'll get it.
:).
I know one of my chief frustrations is to search for a song and either have it incomplete, or be of poor quality (e.g. pops or other defects) or to simply have it not be the same song that I downloaded. If I could search for a song, pay $SOME_SMALL_AMOUNT (e.g. $1US) for it and download a 'known perfect' copy at my choice of bitrates (e.g. 128, 160, etc.) then sure as heck I'd do it.
Distributing these poisoned files would take an enormous amount of bandwidth, so they'd have to have some sort of agreement worked out with ISPs and a mass-content provider, say Akamai. Akamai has tens of thousands of servers located in hundreds (if not more) of ISPs throughout the nation. I think on peak usage they're pushing out 100 GB/sec. in the US (if not more). Simply say "Ok Akamai, can we buy 10GB on each of your servers and push all these MP3s out?". Then you write a gnutella client for each box which offers all the MP3s up for distribution.
I can't remember how the gnutella protocol works but I think it broadcasts search requests to the nodes that store a cache of what they have and what their neighbors offer and then can pass the request off. Have your client log all the requests (so you can tell the record companies which songs were requested more) and of course offer up your files when requested. If you do this with 10,000 boxes full of identical content chances are you're going to drown out any signal out there.
If you're really tricky, you can even have the client 'fake' files so you don't actually need to have the file on the box; you could send a pre-existing obfuscated file, or even dynamically build and stream the poisoned MP3.
Of course, all of this is moot if you still don't have a very easy, cheap method of offering MP3s online for the mass public. You could pitch it like this "Yeah, so you won't make much money off of offering $SOME_SMALL_AMOUNT for each MP3. But you're a fool if you think simply shutting Morpheus off will result in even 10% of the Morpheus users buying the actual CD or using a painful, userUNfriendly pay-per-MP3 system. However, what if we have a method to net you 20 or 30% of users who wouldn't pay you anyway?" So the pitch would be "We can't get you all of them, but our method would give you more than you're getting now!". Frankly the people who post on SlashDot (from the very negative response to the Subscription model) are not a good cross-section of the vast majority of internet users out there
So in your obfuscated file you have it play maybe 20 seconds of the file and then say "Sorry, this is a copywrited file. Pirating files costs artists money. If you want to buy this MP3 for $SOME_SMALL_AMOUNT, please visit http://www.somestore.com. 80% of $SOME_SMALL_AMOUNT earned will go directly to the artist."
It gives them a reason to buy it - not only do you have SomeStore.com very easily accepting payment, but you ACTUALLY PAY THE ARTISTS A MAJORITY OF THE MONIES EARNED! So it can quell the naysayers who say "Well the artist wouldn't receive anything anyway!" (rant: but who are you hurting more, the billion dollar-industry or the Artist who NEEDS even the small cut they receive from each CD sold?).
Some drawbacks could be of course that someone writes a 'detector' to find and ignore the invalid MP3s, or they block the IP addresses of the servers, etc. but that is easily fixed. Most non-power users (e.g. the great and huddled masses of the internet) don't want to update their Morpheus client every time a new version is released. Heck, even programs which offer hassle-free updating (e.g. antivirus, windowsupdate.com) very rarely are by the majority of internet users. Also, you'd work out the server IP settings with the ISP so that they would rotate to a random IP in their pool - since most of the servers are located in most ISPs you couldn't ban the single IP but perhaps a subnet. But since the IPs are in the ISP, you have now banned a large chunk of users. If they are in every ISP, you will have to ban every ISP (see the problem in banning IPs?).
So, to boil it down to a sentence:
Have very easy-to-use, hassle-free, cheap, reliable, etc. method for users to buy MP3s and they WILL
Thanks,
--
Matt
Bitzi stores information on files found on P2P networks, indexed by a TigerTree hash appended to a SHA1 hash. Support for it has been integrated into several Gnutella clients (ShareAza, Limewire, etc.), which have also come up with their own URL systems (gnutella:// and magnet:// are the two existing ones right now).
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
One of the assumptions that doesn't hold is the speed of adaptation. In ecology adaptation is based on evolution, which can take multiple reproductive cycles of the species. In human social systems the speed of adaptation is closer to the speed of information diffusion in the system, which on the internet is hours or days.
Another assumption is that the disruptive force is stronger than the species being disrupted. While humans have the technology to destroy fish, the idea that record companies have advantages over file sharers is almost silly. Sue them? Lawyers only work 9 to 5, 19 year olds pull all nighters. Better technology? Same argument.
It's nice to see this brought to a wider readership, but don't take the paper of a couple of college kids too seriously. They have lots of peers with lots of ideas to get around the problems they raise.
No electrons were harmed creating this post, though some may have been subjected to electrical and/or magnetic fields.
Here is a file
Bobs_Song.mp3 5 M Hash -XXXXXXX
You don't know that I gave you the wrong hash till you're done.
It can only tell you that you have the wrong file, after you have it
If you find a poisoned file in a trusted chain, you can now discount that person, and that entire chain.
Trust should work both ways.
Several unrelated "I got a good file" ratings could give you a cloud of trust. I think it oculd work.
Did anyone notice the first paragraph, which said that someone holds a patent on these methods. If andrewchen wrote the first paper on the subject, I would imagine that its he who holds the patent. If he reads Slashdot regularly enough to post then I would think the RIAA would be screwed out of using this method. That's damn sweet.
violates copyright law. Just how easy would it be to shutdown something with a few trust servers? Probably not too difficult. A large scale WoT just invites the shutdown of any service that implements it.
A P2P program call edonkey (don't laugh) has partially solved this problem.
C D1.FTF.eDKDistro.Sharereactor.bin|559778352|1b153e 31f5fdbe829488989d04dda2b1|/
In order to dowload a file, you can use a URI such as (ed2k://|file|The_Adventrues_Of_Pluto_Nash(2002).
). The URI contains the "local filename", size and SHA-1 hash. A companion web site acts as a directory of URI's for popular content. The content is screened by the folks running the site. It has now reached the point where the "pirate" teams have accounts and post SHA-1 encoded URIs before releasing the content into the wild. Most edonkey users don't use the embedded search and instead use directories such as sharereactor.
And if the **AA's are going to start hacking the major file distributors on the networks, I give it about a week before these networks are entirely devoid of life.The reality of these situations is that it's an inverted pyramid. A few (relatively) honest people carry an entire community. I got sick of this stuff 3 months ago and left filesharing forever. I'm sick of providing free bandwith so the kids can get their copy of Warcraft 3.
Of course, arguing ethics in filesharing is probably something I shouldn't be doing...
The 2.5x version of Limewire prevent you from downloading bogus files.
With all the "Cannot move to library" errors and busy signals and never being able to connect as Morpheus ultrapeers have fsck'ed the network, you can't download anything, bogus or not,
Get rid of Morpheus on the network, fix Limewire's slashes in filenames bug and we'll be back to the 2+ Tb of files we used to have only months ago....
#include <sig.h>
Maybe I misunderstand Freenet, but I rather thought that this was all taken care of:
Checksums are often part of the content address - by incorporating a checksum into the 'url' of the page, a poisonous node passing false content would cause the this check to fail, thus identifying the poisonous node straight off. And if the content and the address were both fake, then the genuine content would have a different key.
By signing the keys a distributor of genuine content can become trusted by users (without exposing the distributor's identity, since the user trusts the signing key through experience rather than what they think they know about the signer personnally)
Look for CHK at http://web.mit.edu/fdabek/www/keys.html
Where I think that freenet fails is that it seems easily swamped with big files that people really want, pushing loads of 'important' smaller files away. If freenet was full of small commentary and text instead of binaries and dvd rips, it would be a nicer place IMO; what does it say for humanity?
Incidently the swamping works only if people really really want the stuff - any attempt at creating a web of conspiring swappers of massive files would just swamp the links between the conspirators, I think, so you'd need more conspirators than real users if you follow..
I give up trying to understand..
Yea, like they would never think of any of this stuff on their own, given time. Perhaps he's giving ideas to the people developing these P2P netowrks, so they can secure them against attacks such as these???
Is releasing the source code to Linux helping virus writers, or is it helping the community to find potential problems and fix them BEFORE problems are exploited???
The author writes
This is not an unresolvable problem at all; this is where web of trust comes in. The basic idea is for the publisher to sign the checksum using his or her private key. Others can then verify the signature using the publishers public key. This allows me to verify, using only a few bytes of information, that a publisher named SecretAgent did indeed publish a file. If I know that SecretAgent has previously published a lot of "good" files, then the file is probably good. If I don't have any experience with SecretAgent, but I do know that PrivateBenji is trustworthy, and PrivateBenji vouches for SecretAgent, then the file is probably good.
The author fundamentally misunderstands webs of trust:
A web of trust is not a "trust rating" ala eBay. A web of trust is a specific group of people who vouch for each other. Creating a malicious group of people who trust each other does not cause problems. (In fact, it can actually help.) If I trust A, based on experience, and if A trusts B, based on experience, then I can probably trust B. The fact that C, D, and E are malicious doesn't cause problems, because neither A nor B trusts them.
Is Mozart still in copyright?
David
-this is warfare 101. You NEVER fight a superior force on the battlefield they choose. You'll lose everytime. It's a waste of time and resources. and they have clueless cops and government prosecutors and paid off/bribed legislators on their side, so don't go there.
Instead,fight them directly in the courts, directly in the legislative process, and more importantly, in their wallet. You creat legal networks that only trade lewgit content that has been released as "free", or go capitalist route and just make it "cheap" like it should be. THEN, if those RIAA goons attempt to poison your networks, you track them done, sue the individuals responsible, turn it around right back on them, and if it can be proven they were part of an organized conspiracy, they will be in violation of at least the RICO statutes, as well as some others probably.
And if you wish to contemplete and discuss academic-theory only computer attacks, you attack the bad guy in other areas, make it impossible for them to conduct business in totally unrelated areas. This is just a for instance. Here's an analogy. In real warfare, a superior force has the tanks and air superiority. You can't defend right at that point, but you could attack the crews way off base, their supply lines infrastructure, etc. Tanks and planes need fuel, a point of vulnerability. Crews need food, another point. Look at the slave laborers in world war 2 working in nazi factories. They sabotaged what they were building. Geeks working in tech areas who are sympathetic to the cause can have accidental "glitches" show up in related business with the anti copying zealots, in totally unrelated areas but critical for their financial success. This would have to be an imagination exercise, but the slang term is "monkey wrenching". Are their ISP's in common usage around hollyweird that are "infiltrated" already by sympathetic geeks? Would any attention be garnered if the net ceased to exist for awhile for all those fatcat people? How about people working at the fat pipe nodes? Construction workers with backhoes and a series of 'whoops, sorry's"?
NOTE, this is THEORETICAL, I am NOT advocating delibarate sabotage, or anything else illegal, merely pointing out that guerrila warfare uses assymetrical techniques.
It just depends how far any person is willing to go for the "cause" of mp3's and movies they haven't bought. Personally, I don't see it. I think it's downright silly when there are so many more important "causes" out there. I neither exchange cash for those products, nor do I file trade or download or upload illegal copies, I honestly own zero MP3 music copies or digital movies, none, I stopped purchasing full over priced music or going to rock concerts way back in the 70's when bands and record companies started charging more than a few hours pay for me for their "products". I worked occassionaly in that industry, and the disgusting greed you could see just turned me off, so I ceased being a participant. It wasn't worth it at that point, I see no reason to make multi millionaires when they should be content with just being "millionaires'. They got greedy, I stopped being an financial enabler for that greed. It's that simple really.
My #1 recommendation is just to boycott excessive stupid profit oriented bands, movies, etc, and only support what I would term the "peoples" music and video, support with reasonable amount of cash, and spread the word to young people to stop trading and listening to fatpig/fatcat bands and movies. Just as the internet has allowed some of us who care to develop our own news services that will get out the facts instead of the propoganda the controlled press spews, so can the net bypass and step around fatcat greedy companies in the music and video and software fields. You just plain do NOT support them, even to NOT trading their products. Create your own networks with only cool content, give those fatcat record and movie goons nothing legitimate to complain about. I boycott major networks radio and TV, I only support patriot legit and honest radio on the shortwave and internet.
I boycott professional sports, hollywood full price fatcat movies, and the vast majority of bands, especially the full fatcat priced ones on the major labels. There are alternatives to all those. You AREN'T real likely to get legislation changed,can try of course, it doesn't hurt,BUT, as you don't have the bribe money, and let's be realsitic, hollywood has the bribe money, and they use it, you probably won't win real soon there, so STEP AROUND the problem. There IS NO PROBLEM if you just IGNORE the evil fatcat "products". They fall flat on their over stuffed greedy faces then. And if they keep putting pressure on the major hardware providers to put anti privacy and usage features into hardware, you boycott those and build/aquire your own, or setup cottage industries to maintain and improve older hardware. We are doing this with linux as opposed to microsoft for example, so just apply this same reasoning to music and videos, just STOP, and do it yourself. Make correct choices, and don't make exceptions. Buy used if you must have that older video or music, but stop trading or having any interest in fatcat goon products.
I will call this aikido file sharing. Do that, and VPN for your sharing, and new members have to be vetted by actual for-real humans, person to person in real life meatworld, one at a time as they are added. people travel in cyber space and in real world space, use the real world travelling to add legit members, that way you can keep track of who is who and ban/refuse bogus quisling spies if they become "bad traders".
I hope this makes some sense. Government says that copying some of this or that is illegal, so be it, I only use that which is freely shared. government tells me that self defense is somehow wrong, that only "they" for some reason are responsible for my security, I saw screw em, I buy another gun for myself, and help n00bs make their first purchase and get legit self defense training. I here people bitch about legislation in DC that seems to defy common sense, I politely inform them that "gee, it appears that the dems and repubs have a stranglehold on politics, perhaps if you didn't vote for any R's or D's they might get the message?". Stuff like that. Fatcat international greedy companies want to control my food, only offer me frankenfoods and sprayed foods, seek to keep third world peoples in serfdom and put US small farmers out of business, then I buy from local small farmers and I make my own garden bigger, encourage others to do the same, help people start home canning. Fatcat greedy international monopolists want to control my energy, and make obscene profits into perpetuity, I've installed and use solar PV panels, and show them to people and get them to start to be energy independent. See? Same deal with these record and movie companies, and the so-called "news" orgs from the traditional fatcat mainstream. Screw 'em! Roll yer own! If they make crippled hardware, start boycotting games designed to run on it, and all their other products. Get those developers who make alot of profts for the hardware companies- to put pressure on the hardware people to NOT make crippled hardware, boycott them until they do.
There are solutions that don't require engaging in warhacking that will put young people in jail. this is real life we are talking here, it's not a game. Go sit in jail sometime, see how 1337 you feel. Believe me, it doth truly sucketh, especially if you are there from political persecution. And hollywood music and videos AREN'T WORTH IT. IGNORE THEM. And believe me part deux, these goons WILL put young people in jail over this. They will drag cash out of peoples pockets with fees for lawyers and government fines and confiscations. You really want that? For millionaire greedy fatcats moviesd and music? it just ain't worth it, pick a different battle to focus on. The government is run for the elite hyper-moneyed priveleged class, it is NOT run for the middle and lower economic classes. This is a big fat lie that we have a representative government, that lie is for the sheeples and lamers, time to get hip to reality. I'm not a commie by any stretch, I am a strict constitutionalist, an honest and non greedy capitalist, and as such I know "the system" as it stands now is completely corrupt and rigged, so STEP AROUND IT.
umm.. spammers have not stopped me filtering through my email for the actual mail .. I would consider spam that the single most successful poisoning campaign in the history of man. Yet, somehow I still use email. We ahve filters and RBL lists (these could simply be used to to identify p2p spammers and blackhole them) and whalla.. You have an entire new industry built up around this.. Guess I better start hacking up some RBL code to work with gnutella eh?
anime+manga together at last.. in real time.
You can do all the research papers you want; P2P does work, and I find and get whatever I want.
Use all the buzzwords you want; P2P must be "scaling" and surviving "poisoning" just fine. You can't just reason it out of existence.
Distributed trust and peer review are fine and good but not even needed for the simple task at hand.
Look at the warez scene to see how it goes. A handful of release groups whose names are known to everybody who is even vaguely interested is sufficient to ensure supply. If these groups are attacked by fake releases (rarely happens) they can use hash keys as you suggest (some already do).
Websites like www.sharereactor.com also safeguard against fakes - another mechanism which is strong enough to defeat the entire problem by itself.
What I am saying is that distributed moderating à la slashdot will not evolve. Instead, we will have a handful of "authorities" - Web sites or public keys - that everyone trusts.
Note that authority - when not combined with power - is a Good Thing (TM).
Taco is a corporate stooge.
The government has a defect: it's potentially democratic. Corporations have no defect: they're pure tyrannies. -Chomsky
If they get to poison the networks, then that means that they are using the networks --just as we are.
I wonder what would happen if some ordinary user did the same things? Right or wrong?
Dealing with the problem this way is far better than using the law because it is hard to define the law in a way that makes good sense for everyone long term particularly when we don't yet know how P2P could benefit us all.
Besides, they can place any number of promotional information into their files just as easily as they can garbage and they should. Why not? They might even be able to write off more of the expense.
What the media companies need is good marketing. They are the content source. (for now) All they need to do is add value in ways that leverage the network effect that P2P offers and they *will* make money.
Anyway, the result of this is likely not all bad because file sharing will get somewhat marginalized, we all preview before we download large files and everyone is reasonably happy and free to use the net in creative ways.
Blogging because I can...
Everytime I hear about the possibility of trashing P2P networks, the geek response is the same: "We can avoid that by using some soooper dizzy wizzy GNUPGABC123 2 quadra-trillion bit RSADSANSANASA encrypted mega-bit triple-hashed file on your public privates!" P2P networks are successful because non-geeks can use them - if you make it tougher than a username and password, no one will use them. (So if the disease doesn't kill you, the cure will)
The best thing about a boolean is even if you are wrong, you are only off by a bit.
Popular files are more likely to be valid. Poison is less likely to be popular. Poison sinks to obscurity.
Public key encryption's been around for quite a while.
Just give moderators private keys, and distribute the public keys. Bingo! Authenticated moderation...
What's this Submit thingy do?
one could keep a trusted block signature for each file. Say you have signature file that has one MD5 for each x bytes of the file. This file and it's MD5 hash is the identity of the file. On would then choose to download this file before the file itself and then download the blocks of x bytes from the file in a rendomised order, and possibly from diferent nodes. I guess this would add some otherwise uneeded downloads, but would help to restart the stoped downloads and would detect poison nodes easily.
To bad I am so late in posting this...
[]'s Victor Bogado da Silva Lins
^[:wq
As a number of posters have pointed out, you want some shared database/website which collects strong file checksums (crypto hashes), accurate descriptions of the corresponding files, and has a login/reputation system that allows bad users/data to eventually be weeded out.
Then third parties, no matter how prevalent on the P2P networks, can't mislead you about file contents, and their attempts to pollute the shared database can be more easily detected and suppressed.
This is exactly what my company, Bitzi, does. It is a general tool for disseminating accurate descriptive, rating, and editorial information about files -- as collected and cross-checked by an open community process.
Check it out.
Is to create a network specifically dedicated to trading, say, opensource code, research papers, personal public diaries, and the like.
(Bye bye, karma) I may sound like a troll, but at least I'm being honest.
Peer-to-peer filesharing has a great deal of potential, but if its only popular use is piracy, well, we already get enough bad press, don't we? It'll only get worse.
(Sorry about the soapbox I'm standing on...)
What's this Submit thingy do?
The billions spent to stop piracy could simply be replaced by lowering the price of a CD to $3. Why is it that the recording industry can't see this!?!?! Imagine if you walked into Best Buy tomorrow and every CD was $2.99. My god, I'd buy 10 CDs in a heartbeat. But I have NO desire to buy those same 10 CDs for $15.99 a pop. In my opinion it costs me about $3 of my spare time to log on, find, download, and verify an entire album. If there were an alternative.. then why bother with p2p?
But here is the true problem.. I just swapped over 40 gig of music with my buddies at work. 150 albums for 150 albums, simply out of spite. The RIAA, no matter how brilliant their argument has disenfranchised me and more importantly the youth of the world. Music sales are dropping because music diversity sucks. It's no longer original, it's broadcast 100 times a day, MTV has become nothing more than, spoiled 14 year old girls, unrealistic views of life via "The Real World", and glamorization of ridiculous lives. All it takes is finding a few teenagers, teaching them how to dance, and make sure that they can sing just enough so the DSPs can take over. Don't worry, here in the "industry" we will write your music for you, prepare the dance moves, and have someone direct your music video. Moreover, when a DVD movie is the same cost as a CD, and a console or PC game ranges from $20-50, CDs/music is showing it's lack of value when compared to these. Much more work goes into the creation of a movie or a game. As I have said before, it's time for the record execs to finally understand that they are going to have to stop living up here and start living down here (eminem). Sell the Lambo and get yourself a Toyota like the rest of us. Fly business class instead of private jet. Your job as a music peddler is really quite talent less. In case you forgot Mr. exec, the artist is called an artist for a reason.
I wonder if the author has considered that the primary applications of this work are probably not in influencing file-sharing networks so much as in politics. The P2P network that first comes to mind is ordinary web access within China. This is a situation where the government has an active interest in preventing any politically sensitive information from being propagated within the country, and so the ideas of this paper are directly applicable.
I'll leave the relevant ethical issues as a matter of discussion -- but I would suggest that this is a far more serious reason to be concerned about corporate research into network interruption.
I think that the problem lies in identifying whether a file on a P2P network is legit or not.
The obvious solution would be to make a list of these legitimate files. However, obviously these sites would then become the companies' main targets.
I think that we can borrow an idea from a file-sharing network called eDonkey where there exist websites that provide a list of fake/bad files. If the P2P developers could provide a way to tag/mark/block these fake files, I doubt that the companies can go after them for doing so. Imagine them saying:
"We wish to sue you for trying to prevent other users from downloading this file."
Of course, there are some issues that may arise from this, such as:
- the difficulty of maintaining such a listing
- someone always has to download and check the bad file (which is not much of a problem in the broadband age)
- the companies can perpetually create fakes with similar name patterns, thus vexing the users even more (again, the issue here is: when does it stop?)
What do you think? Can anyone come up with a better way to identify legitimate files (or rather , identifying fake files)?
Take off every 'sig'!
All your 'sig' are belong to us!
This is classic. Their products are in high demand and are priced higher than most people can afford. The result is that people are turning to these p2p networks to satisfy their demand for the products. If they really want to kill the p2p networks they need to lower the price of the goods to satisfy the demand. We never really had economics of scale pricing but we have the demand for it.
since this website that collections strong file checksums, descriptions, etc, is now a centralized location (as opposed to P2P which isn't centralized), could the website fall under legal attack for aiding and abetting illegal activity of swapping copyrighted material? just curious...
"Facts are meaningless. You could use facts to prove anything that's even remotely true." - Homer Simpson
I see two problems with this idea.
-or-
TodayTM BillyJoelTM GoogleTMd for StitchTMes due to WindowsTM while RollerbladeTMing with an AppleTM and a PopsicleTM
Imagine that, if an artist or publisher puts out a lot of bad music with their name on it, fewer people will want their music. Sure it stops piracy, but it doesn't seem like a good way to succed in the music buisiness.
The major labels should look to emusic.com. emusic.com has a great distribution system already in place, I get 300K/sec downloads and the ID3 tags are always good, unlike P2P networks. I just wish they'd name their files without the underscores, but that's easily enough fixed with software.
They're already a great place to find old/obscure stuff, as well as a few breaking bands like The Hives. I even saw some MCA stuff (90's country) on there, so maybe they're putting their toe in the water a bit. Any time I start downloading from emusic I probably get 50 songs.
Give people a way to download music legally and they'll do it. But I bet the big labels want huge royalties for each song.
Even simpler than all these attack strategies. Simply produce the produce the way customers want it.
Enough people will defect to the faster, more direct, legitimate servers. Where they can get the whole album and a movie in 2 hours instead of 2 weeks. The price should be good enough to encourage this.
The P2P networks relies on enough users mirroring enough copies of enough products. Reduce the user base and the number of nodes drops until it just doesn't work anymore.
You can see this on the unpopular P2P networks now.
So either you will end up with:
1. a few users sharing lots of files (which can be picked off with civil copyright laws).
2. a few users sharing few files (which means they can't find the files they want on the network, so are less likely to be running a P2P just to support other users, so the number of people spirals down).
The one thing I don't think you will end up with is many people legitimately downloading and then sharing the files. Quite simply, you would eat up your bandwidth using P2P which you need to do the downloading.
Another factor is the charging, many ISPs are moving to a download limit, e.g. TOnline is moving to 5GB limit per month, then pay 1.5 cents per MB.
So a movie would cost $7 to download after you've used up the first 5GB. Or for that matter to upload to another user!
So you could pull maybe 7 movies a month on the flat fee.
A lot of users on P2P systems will disappear as this becomes the norm.
So P2P is really just a temporary problem for copyright holders, just as long as they get their legitimate sales systems in place and don't go pissing off the consumers with DRM, funny licenses etc.
.
- First they ignore you, then they laugh at you, then ???, then profit.
Considering that the writer is correct and that, let's say, one thousand lusers are sharing corrupted files with the same file size and same file name. Considering that there isn't a way to control that, we still don't know what MD5 is or PARity files are.
.avi or .mp3 isn't going to spoil their day. The user will just be warned not to leech from that share again.
Even in this extreme scenario there would always be this other network. Direct Connect for instance is able to create hundreds of different networks with different content. And if you download a file from a guy that has corrupted files, you can simply ignore him next time. In fact most of the users of p2p networks are using high-bandwidth connections and a bad
Regarding massive networks like Gnutella you can work exactly the same way. It won't be because of a bad file that he'll think something like: "Oh my god, this sucks! I have to go out and pay 17 for this record I wanted to check it was good".
It was an interesting analogy but difficult to understand as it may be, fish are dumber than most of the p2p users. Fish don't adapt, p2p users do. P2p users can simply change the rules of the game... it's their game.
-- Would it be acceptable to just put my name on my sig?
LoL although "it might be a bit harder for the labels to defend copyright claims for individual songs.", you may forget that this would mean that everyone who connects to the network is illegal, so the DMCA wouldnt even need to check if a user has been downloading illegal things, it would be implied :)
look at DVD's...provide so much material that it is more work pirating than it is to buy. Why does a DVD cost the SAME as a CD ? Last time I checked a movie was SIGNIFICANTLY more expensive to produce than a ALBUM, and yet DVD's sell for the same or LESS, and quite often contain the BLOODY soundtrack as well. If a CD included multimedia stuff, editing room floor tracks, useless bio info and oodles of extra crap at a reasonable price it will be more trouble to rip it than it would be to buy it. When the RIAA wakes up and realizes that, maybe, just maybe things will turn around, otherwise, one way or another the industry is dead. The MPAA is actually beginning to come around, slowly and not without a FIGHT, but they are evolving. I don't hold out the same hope for the record industry.
errr....umm...*whooosh* *whoosh* Is this thing on ?
After reading this and some of the comments from the old posting, I realised the MD5 hash is not a bad approach. When a client scans its HD it creates MD5 checksums of its files. when some one requets a file the checksum is sent with the reply. when the file is d/l'ed the checksum is checked. if the checksum fails the user is notified and they can either re-try the d/l or accept it. after they can test the file. if (with a valid checksum) the file is corrupt, the client can store the checksum and filter it from future requests, also they can be shared to prevent others from d/l'in as well. this system could still be temerarily defeted by having many versions of the same file, but again that could be tested as well (too many bad files flags a bad host, etc)
I sig therefore I am...
A P2P program call edonkey (don't laugh) has partially solved this problem.
I'd hate to see the kinds of porno AVIs that get traded on a P2P program named "edonkey"! (shudder). At least there isn't one called FistOfFiles.exe yet.
GMD
watch this
Do GPG signatures on blocks(about 50-100k) of files instead of entire files. When you have a contradiction of checksum's on blocks of files, alert that the user that someone is a liar. Take all the results of the search for that file, and all the gpg signatures and present the user with two options that are the sum of their trust levels. Most files can be previewed to check if it is bogus, and the user can blacklist anyone that even trusted that host, and their IP's as well. From then on, none of those IP's will be allowed to connect to this host. Eventually, they'll exhaust their IP supply before they end piracy.
:) (A per file rating instead of a per host rating)
Obviously the user would get to select the appropriate action if one of the files are just better than the other with a rating mechanism as well
Other advantages to this method are:
*Checksums can't be faked except in NP time. (use a random block size to thwart a super computer precalculating bad blocks that MD5 to the right hash... use multiple hashes)
*Multiple host download is gauranteed to be the same file (even when being poisoned).
*A computer need not have the entire file to share a block of the file, therefore files propogate the network in a more exponential manner. (host A gets block 1 from B. Host C gets block 2 from B, Host C and A trade blocks 1 and 2. Host D comes along and wants the same file, and can download from A and C instead of bogging down B. Works even better because all connections that I've seen are duplex even if they have a slower upstream. Conserve network bandwidth by refering downloaders to other people who have downloaded before... search for the GPG signature of the hosts on the network.)
Overall, I see this kind of thing being implemented very soon because it's not that difficult, and it's pretty obvious. Maybe the next edition of Gnutella will support this.
Of course there are loopholes where the RIAA/MPAA could buy half a million IP addresses or have a lot of computers on the network, but you don't have to have an unbreakable system, just a system that costs more to break than they think they will see in profits from breaking it.
Karma Clown
even if all P2P stopped, it wouldn't hurt those of us with a semblence of a social life. A good number of friends and I swap mp3s all the time, it's how I got most of my collection. It's kind of a tradition; have a LAN Party, get another 10 CDs of music. We also have some leech servers running, or in some cases a webserver with all our mp3s. In fact, you can download all my mp3s from a nice hidden directory on my webserver, heh... shouldn't be too hard to guess either :)
Anyway... I'm going to do a tail -f on the access log and watch people try and leech off me... but just remember, no matter what happens to P2P, a good social network of people with FTP servers is the best way to get good quality mp3s with little risk of legal action.
--Justin Mitchell
"2nd Place is a fancy word for losing" --Bender (Futurama)
this is the most shameless self-plug i've ever seen. see his page:
Download paper (PDF)
Download the resume of XXXX (Word) (PDF)
wtf does his resume here?? and wtf makes his current slashdot appearance in his resume?
I graduated recently and will be available to work later this year (2002). I am particularly interested in a business-side position in the media/entertainment, finance, or software industries, especially on the product/program management track. Read my other papers on computational finance and predicting movie revenues here. -XXXXXX
oh i see! how nice to know.
there are many people doing way better research than this guy does (and not cheating paper length by using unreadable 1.5 line spacing). but they are not as priggish, career conscious and egocentric as this damn $$$-bitch abusing slashdot for his own purpose.
Just a thought: The idea is to poison enough files that enough people get frustrated and leave. You can fight this by making the bounty better. It might not be worth your time to download 8 files to get one good copy of LucyInTheSkyWithDiamonds.mp3. But it would be worth your time to get a copy of AllBeatlesAlbums.tar. If the rewards are sweet enough, the population will stick around... RIAA isn't the only one who can change the population dynamics!
In particular, our analysis of the model leads to four potential strategies, which can be used in conjunction:
1. Randomly selecting and litigating against users engaging in piracy
2. Creating fake users that carry (incorrectly named or damaged files)
3. Broadcasting fake queries in order to degrade network performance
4. Selectively targeting litigation against the small percentage of users that carry the majority of the files
This mostly summarizes the war on drugs and the government's strategy against alcohol prohibition in the 1920's. Neither worked and the countermeasures are simple and straight forward.
A "directed" web of trust, objective quality measurement, and knowledge compartimentalization defeat the above strategy. The countermeasure of creating large numbers of mutally trusting attackers doesn't work when trust "flow" is taken into account. The keys to such a system are:
1) trust is assymetric
2) nodes define and change who they trust based on their own assessments
3) Nodes protect their knowledge of the web of trust
To see how this works, consider the cops and the drug dealers. The fact that the cops all trust each other does not result in the drug dealers trusting them. When a dealer is compromised, no matter how high up the chain it goes, trust shifts to rivals. Even when a kingpin falls, lines of trust will still exist that aren't compromised.
Drug dealing is not as popular as file sharing, is substantially more damaging to peoples lives and society, and has motivated levels of funding that are not matchable by publicly traded firms (who must demonstrate at least mid-range ROI). Despite all of these advantages, the war on drugs has been a dismal failure. The bottom line is that the internet makes distribution of content a commidity, where it was formerly a task of enormous complexity and value add. Economics will determine the rest, unless the US adopts and maintains a totalitarian government.
ED2K quicklinks show how moderation and secure hashes work in reality. You get the damn right file. See Sharereactor et al.
I got a popup when I went to Businessweek, and yet another when I left.
I think someone is trying to poison the environment with these things and kill Businessweek.
Bitzi and similar descriptive/discussion services never store, deliver, or link to the location of any specific files. Only accurate identifying info is collected and republished.
There are overwhelming legitimate uses for a service which distinguishes between official and unofficial, safe and unsafe, accurate and fraudulently labelled files. Further, it is undoubtedly legal to survey and report on P2P activity -- in fact, large copyright holders have themselves have hired outsiders to do just this.
So a service which simply "tells the truth" about what's circulating, without itself delivering or offering access to any files, has a much firmer legal standing than any centralized network which actually enables the sharing of files.
New laws and novel indirect infringement prosecution theories could arise, but in the case of an open directory/review publishing site, like Bitzi, such legal attacks would also have to overcome first amendment protections for free speech -- protections which even cover much speech describing illegal activities. (If this were not the case, Hollywood's own movies and music about all sorts of criminal activity would be under constant attack!)
Napsters biggest annoyance was that when the person you were downloading from dropped the connection, you had a partial file, a part of a song.
As you say, people are lazy.
However, I'm not getting nearly as many partial files as before. I'm starting to suspec that some people would rather have 2/3rds of a song than none of it.
They're already doing this.
The day after George Harrison's death (the heartless bastards) Beatles songs were being "sucked" off of my hard drive at an incredible rate. I didn't know I had such a fast connection.
The user had no name, just "@kazaa.com". It made my own downloads (ironocally or not so ironically, of stuff you can't buy in the store) go slower than if I were on a 28.8 modem (and I regularly get Quake pings of 40)
I had to disconnect and obtain a new IP before I could resume my downloads. I also unchecked the "supernode" box.
I've since blocked Beatles from both my file shares, AND my purchases. If I get stupid and want to replace an old Beatles album, I'll just download the damned thing. McCartney has gotten all the money from me he's going to.
They're getting a little less stupid, using "realer" sounding names and not downloading the same file over and over like they were.
So now, if I get a user trying to DL the same file twice, I IM him. No answer, user blocked.
Here's another way to look at the problem: the physics of evolution. If we can treat p2p as an ecosystem, we can apply the same types of energy balances. The paper isn't talking aobut extinction of p2p, it's talking about a change in the observable patterns it exhibits. Because stressing a network can't eliminate p2p, a new one will pop up in its place. If you treat user demand as "free energy" the most stable state of those users is in sharing. Fundamentally, when you stress an ecosytem, it can "fail" in that the species in it aren't the same, but new ones pop up. The dinosaurs went extinct, but here we are!
If you think Metallica and NStync is the sharing they want to stop, think again.
What they don't want shared is the indie music that you had no way of ever hearing about before the internet.
They know full well that P2P increases, not decreases sales. They also know that it increases indie sales more than their own.
What they fear losing isn't songs, it's control. Neither you nor the musician needs the major labels and their larcenous ways, as now the musician can use the internet both for publicity and sales. He wins, you win, RIAA loses.
The RIAA wants downloads stopped for the same reason Bill Gates wants Linux stopped. It threatens their (already lost) monopoly.
MAybe Dal.net is not being hit my packet kiddies...
You are probably correct as far as how things will play out in the real world (fewer sources of authority, but well-known and trusted sources) simple because of how the background social networks that currently exist can be used as a bootstrapping mechanism by the trusted source solution. Part of my original point is that this solution, as long as multiple sources of authority are allowed to exist, is a part of the general distributed trust solution to the original problem. Distributed trust can be "client-server", "peer-to-peer" or some hybrid of the two.
You only have to take a look around the real world to see that reputations are an efficient and attack resistant mechanism for allowing untrusted parties to exchange info/goods/services. Credit ratings, movie ratings, "best of" lists, gossip, etc. We are surrounded by and enmeshed within distributed trust and reputation systems so completely that most people do not even realize how many times a day they use such a system.
Someone posted here - "Checksumming - no good. Any program could pretend to have the right checksum, but send false data. No point in figuring out *afterwards* the download is corrupt." This is incorrect. Gnutella currently does HUGE-format full file hashes. If you are doing a multiple source download on Gnucleus, it overlaps data eg it downloads 0-10K from one source and 9-19K from another and 18-28K from another. If 2 and 3 (and 4 and 5) hook up, but 1 and 2 don't, it dumps 1. Actually tiger hashes are an even better method of doing this, you can hash any portion of the file to see if it is good or not, that is coming soon to Gnutella within the partial file sharing scheme. So in Gnutella, fake hash senders are already put down in the current system during multi-source downloads, and when tiger hashing is implemented, they will be eliminated.
The 3 components I see in solving this problem are hashes, unique IDs and distributedness. It is a very complex problem because it is not a technical problem, it is a security problem, e.g. you will have thinking humans on the other end of it trying to foul it up. A bad guy (RIAA/MPAA) can send out good data for weeks and then shift to all bad - by that time s/he will probably be trusted and their shift will have to be dealt with. But then we have to consider people who download bad data and then accidentally distribute it - we don't want them blackballed for becoming an unwitting dupe one time. It's complex and I doubt will ever be 100% solved, the best that we can do is make the network as usable as possible and filtering out as much junk as possible. Basically score data on it's likelihood of being good or bad. As long as we can keep the system 80-99% usable I think we're OK.
The best ideas I have seen here are voting on bad server, a ring of trust and gojomo's post about Bitzi.com. As far as voting on bad servers, or server keys, or user keys - I think we need to vote on bad AND good user keys, if it's just bad keys they'll keep coming back with new keys and it will be futile - the core of good keys will be what is more constant.
As far as a ring of trust - that's a good idea, especially if it's scored, e.g. people I directly endorse get 1.000, people that two of them endorse get a .9500, and so forth. One thing that can be done is all the prominent developers can get keys and then mark hosts which are transmitting legitimate data (mp3's of Martin Luther King Jr.'s I Have a Dream speech and whatnot) and sign each others keys. That's an easy base of trust of a handful of people, and I'm sure other bases of trust will arise. Once the tiger tree hashing gets in place on Gnutella, we can start seeing stuff like the latest linux kernel distributed on Gnutella. This will be a great way to allow for distribution of popular programs that can't afford expensive hosting.
As far as gojomo's Bitzi.com post, that is the most concrete example of this stuff being currently implemented. Someone responded to his post that the data is centralized on his web site. Well, he has an opend ata policy so anyone can download the whole database and set up their own website with it - as long as they credit the Bitzi data as coming from Bitzi. I do agree that the hash and trust metric has to be distributed within P2P (or concurrent with it to where it's transparent), but right now it's a beacon of what will be, and since the database is open all the work put into it can exist indefinitely even if the RIAA and/or MPAA sues Bitzi.
First, you use something like Freenet for the p2p network.
Second, you connect to the p2p network using a web of trust, built just as you would using the PKI. Maybe you could base the whole thing on GPG and the existing keyservers. The p2p servers could offer a signiture block on connections, where on the keyserver could provide a list of who signed the key.
So you connect to peers you trust, and they connect to theirs. Files are still annonymous as they flow through the network, only the network topology is described (and that is easily discovered/traced by the ISPs/Gov.)
If find one of your firends is serving broken files -- you can 1) Ask them to check with their friends, in turn.; and 2) Untrust them.
The GPG/PKI "web of trust" concept is designed, supposedly, so that "you know who you are dealing with". I know anybody I knew as RIAA/MPAA & Co. would have a hard time getting my machine to accept files from them.
There will be some file trashing, but broken file sources should become known and untrusted, and be pruned from the network.
time to masturbate
goatse has more staying power than "all your base"
eDonkey is wonderful, but file SHA-1 hashes are just the first step. Problem is, 'enemy' users can also go to sharereactor and find out the hashes and file sizes in question.
If the protocol is open, or easy to reverse ( I don't know the truth of either of these statements for Donkey ), knowing this data makes these protection schemes trivial to circumvent. The solution is:
i ) Trusted hash providers.
This part is already in place, for example Sharereactor.
ii ) Smaller hashing blocks. Instead of hashing the files, we need to hash the transfer blocks, the basic transactional units of the network. Perhaps hashing each 100K or so.
iii) The program needs to check these hashes as the chunks of the file come in. A bad comparison drops the chunk, and blacklists the person who served it up.
Bryn.
Reading over the article, I noticed that targeting specific users for litigation is mentioned as a way to stop P2P. Am I the only one who sees this as dangerous?
For example, if someone is prosecuted for sharing information from their computer, what have they actually done?
1. Allowed access to their system
2. Placed files to be shared on the system
They do not force a user to download the material; the user does this of their own free will.
Now, take this a step or two further. If I can be charged with a crime for the above actions, what is to prevent the prosecution a clueless user on a corporate LAN that allows a hacker or virus into the LAN, or even an educated user who has a legitimate reason to have a share on his system, and some company data is stolen?
When we start prosecuting people for sharing information on their NON COMPANY OWNED, personal, private PC, we open up a huge can of worms that will eventually stifle innovation and growth.
The RIAA has a valid case, theft of property is a crime, but the solution to the problem cannot be so invasive as to threaten the rights of people with legitimate reasons for their actions. If anyone should have a case, it should be the artist, not the recording companies. I have seen several artists who welcome P2P as a new way to distribute their wares, allowing them to break away from the "legal criminals".
Just because a company has enough money to have a law passed making a morally questionable act legal does not make it right. Who knows, maybe P2P will cost the RIAA enough money that they will go out of business(fat chance), but alcohol was legalized due to the fact that the people wanted it.
What's worse, it's very difficult to identify bad files automatically, because different rips of the same original can have different checksums, so the poisoners can spread lots of versions with different checksums, so you can't tell whether two files claiming to be a 128kbps ogg of "Whoops I Cloned It Again" came from the same original, only that they're not the same, so you have to listen to the thing all the way through to be sure that it doesn't suddenly turn into an FBI/RIAA/KGB warning against copying music, or a commercial for the CD containing the FM version of the track, or that it doesn't have a lot of low-level static in it. (If I were an artist, I might be more annoyed about the latter.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
CRCs aren't the only kind of checksum out there, though they're nice and fast. Cryptographic-quality checksums avoid the problems - if you change one bit of the input, they change about half the bits of the output, and it's nearly impossible to predict what the changes will be. MD5 was the most popular for a long time, though SHA1 has been replacing it for a variety of technical reasons. MD5 is 128 bits long, SHA1 is 160, so you don't need to worry about collisions unless you have more than 2**64 or 2**80 files.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Karma deserved... Thanks for the references.
If you can't see this, click here to enable sigs.
Unlike Warez or some lossless compression systems, this doesn't work for audio or for video applications using lossy compression instead of distributing exact copies. The reason is that different compression runs don't need to have identical checksums, depending on your compression parameters, equipment, etc., so the Poisoners can go create lots of different files all claiming to be a rip of the real thing, and they can have multiple identities all claiming to have a version to share, so even if you burn one file and one identity, they can trivially create more. If they're clever, they can do this with very little extra work - each version has identical data except in the last block (448 bits for MD5, I forget how many for SHA1), which is juggled a bit. Since music files are large, this means they can do 99.99% of the work once and only have to repeat the last 0.01% multiple times. GPG signatures on the files don't help much either - they've provided a genuine signature saying that jack12345 and lars6789 both downloaded this file of "Whoops I Cloned It Again" and got checksum 12903849021834, but when you listen to it, it's just Poison singing "Happy Copyright Violation Lawsuit To You" with a burst of noise in the last few milliseconds.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
This is different - there's no penalty other than your reputation, the Poisoners have a much stronger legal position than anybody who might complain (Hey - I tried to rip off their music and they gave me a Bad Copy!), identities can be created free by robots, reputations for the identities don't take too much work to forge, and there are lots of creative ways to cheat.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
It's very easy to create a large number of identities in this system, each pretending to be a real person but really just Yet Another Tentacle of the Poisoners. They can all build up great reputations by signing each others's keys, and sending reports into the whoever-archives-reports-about-users system claiming to have done lots of downloads to each other, and they're all listed as having T3 or Ethernet connections so they're very attractive. And they can pump out a large number of files that they've signed, indicating correctly that the checksum on File#12345 is 290384098213 or whatever, for many different files with many different names, all of which are really Poison singing "Happy Copyright Violation Lawsuit To You!" with a different serial-number burst of noise at the end. They can distribute enough non-poisoned songs to create some good genuine reputations, use those to sign peoples' keys and get people to sign their keys, use these reputations to sign the keys of their other tentacles, and start distributing poisoned songs to people who trust them directly or indirectly, using their keys which have been outed as Poisoners to sign the keys of people who aren't tentacles. Even more fun, you can distribute lots of poisoned index data - some P2P systems are much easier to kill that way.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
But if you *do* have Trusted Third Parties, Poisoners will either attack them technically, sue them, or pretend to be them, or all three. And Slashdot MetaModeration isn't directly applicable to this problem, because the disputed event is private, unlike Slashdot postings which third and fourth parties can look at and decide whether they're really Insightful or Trolls.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Bitzi is based on checksumming. After you download a file, you run it through the Bitcollider app to generate a unique checksum which is automatically uploaded to the Bitzi site. Meta-information like ID3 tags, etc. is also extracted from the file if present, and all of this data is combined to create what's known as a "Bitzi ticket." You can vote for the (in)validity of a particular file, and you can also leave comments about a particular file for other users. A ticket can be created for any file, not just MP3s; there are already lots of pornos with Bitzi tickets
The eventual goal is that, before you take the time to download a file, you'll be able to look up its Bitzi ticket and determine whether or not it's what you're really looking for. If 10 people have already indicated that the file is bogus, corrupted, incomplete, etc. you'll be able to safely skip it without wasting time or bandwidth. In order for this to happen on a broad scale, Bitzi needs more users. It's totally a volunteer community effort; someone has to be the first person to run each file through the Bitcollider and generate the initial ticket. Please visit the Bitzi site, register (I can vouch for the fact that it's possible to register with an @example.com address and still access the site just fine), then run all your shared and/or downloaded files through Bitcollider. The more files that get into the Bitzi system, the better; this includes "bad" files, and in fact ticketing "bad" files is probably more useful than ticketing "good" files.
Several popular P2P filesharing clients, including BearShare and eDonkey2K, already have built in support for Bitzi tickets. I hope others will follow suit.
Shaun
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
I've separately posted a discussion about how it's easy to create large numbers of files with different checksums pretending to be different audio rips of the same tune. Not only does this flood the typical index system, but if the Poisoners can create lots of users, they can all rate the poisoned files as good, or rate non-poisoned files as bad, and they can probably give themselves great karma by first sending in lots of reports about having successfully shared lots of good files with each other.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Do go read about BitTorrent, though - it does use a number of the ideas you've mentioned for efficient distrubtion.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
how about all new p2p users proclaiming the oath to other friends online, etc. this would make all "unoathed" servers not advisable to go to, and would solve the problem
Imagine if identification was non existent, there was no central authority for servers, no way of determining domains to trust or blacklist, and from the outside spams looked exactly like the EMails you wanted to receive, *and* you expected to receive most of them from strangers you'd never heard of before.
Wouldn't EMail become an utter bitch to use?
You can shove your head in the sand all you want; P2P is under threat, and if these trends continue you may no longer be able to find what you want without an exuberant amount of effort.
Use all the self deception you want, if you'd bothered to read the article and think it through you'd realise that the P2P model is vulnerable to poisoning, and that it's quite feasible the recording industry has the power to reach the threshold.
Something that's always been lacking on P2P networks has been something some people harped on when napster hit, community. They bring people's computers together, but they do not bring people together.
Having millions of crap files floating around would push people into the chat channels, where they could find out without downloading who has real files and who is a poisoner/has been contaminated. More people in the channels, and maybe more people will actually talk to each other?
And thus the advantage of IRC for file trading will be eliminated.
Is pretentious, self-important twits like the poster of the parent comment.
Get over yourself, Jim McCoy.
If you discourage people from p2p then you might send them away from the internet period.Since the early days of the net as we know it people have been serching for that "killer app" on the net,especially brodband.P2P justified the cost and hours spent(or waisted) on the net.No killer app,no need for net.Then the net itself can collaps for big buisness.It's called BACKLASH.
... by the time a movie reaches DVD it has usually already made a profit from its cinema release. CDs would be a lot cheaper if bands only released them *after* the tour. Just like movie studios throw a lot of movies at the cinemas, most of which flop, record studios throw out a lot of CDs. Since they are crap at their job, and don't know which ones are good, they price them all the same.
--
E_NOSIG
Andrew,
/rr
I've read your paper with great interest.
One thing I've mulled for some time is binding the P2P mechanisms with the player/viewer in such a way as to validate the value of a property through actual use.
Consider an MP3 player which reports back to the network its current IP address, the checksum of the current property and whether or not the performance of the property completed.
Based on consumer behavior, might not this information be used to assure the value of a property?
To combat this, an attacker would need to marshall a large number of invalid players on separate IP addresses in diverse network subnets, which while possible, would create enormous expense.
--
Moore was a pessimist.
I have no desire to intentionally spam people, but if that ad isn't all in their faces, is it really that bad of a thing? And honestly, Shareaza works 5x as well for me as Gnucleus ever did. Plus, it looks / feels like a mature application....... not a big deal to some, but a trait that I definitely miss from the Napster days of yore.