New Kazaa Lite Protects Identity
Denver_80203 writes "Found this story about the new Kazaa K++ 2.4.0 and it's new sister program which claim to protect your identity while sharing files. Any of you folk know how legit this could be? We all knew it wouldn't be long... is this the war or just another battle?"
Who wants to bet that the news won't report that filesharing has jumped back up %15, and then some with the advent of this.
Well K++ edition bascially contains a wrapper on the Kazaa application so that one can modify the memory accessed by Kazaa easily, and thus those who use K++ edition automatically has the K-Lite Master (1000) ranking on Kazaa. Its simply a matter of manipulating the values at the memory address.
I would think that extending on that principle, they could write protect or just dump gabarge into the memory space where idenities are stored.
Of course, I don't have the K++ source, so how would I know, it's just a theory.
From the article, all this seems to do is some basic housekeeping to ensure that your search history is not stored, and interact with a database of IP addresses known to be used by the RIAA
:)
This doesn't seem to be anything revolutionary, or, interesting.
If the services went through some kind of anonymizer, that would be cuter. Of course, the bandwidth demands would be huge.
What may be an alternative is to produce a collaborative download system. I request a download, which is proxied by another random user (provided I return the favor). Even if you had RIAA sniffers, all that could be proven is that MY IP address downloaded something, but not the ultimate destination of the data.
Of course, if I have illegal music on my PC, then I am still screwed. But I leave solving that problem to the reader
As legit as sharing copyrighted files? ;) IANAL, but I doubt that the Recording Industry Ass. of America can use existing laws to prevent this being done (although I doubt that'll stop them trying).
If the Kazaa guys have done it right they may even be able to wave the good old DMCA under the Recording Industry Ass. of America's nose if they try to crack the system as well (oh the irony!)
But this is just the latest volley in what is going to be a very drawn-out and bloody Information Cold War.
From what I could gather from the article they were moving towards a system whereby suspicious IP addresses that perform wide scans are automatically recorded and perhaps added to a global 'block' list. A sort of reverse distibuted denial of service.
However I'm not sure how a client could tell whether one IP address was 'suspicious' or not, and I can't see it would be feasible to collect all IP addresses that connect to all clients to find those that couldn't possibly be legitimate Kazza clients.
Or a day to install AOL software, Earthlink software, Juno software, and many other popular ISP packages, then dial up to various cities across the country, foot the long distance charge, and tack it to the next lawsuit filed against some teenager. If they can get subnets for these guys kicked off the network, then they win this battle, and use the networks' attempts to protect themselves as a weapon to cause the network to shut down huge portions of itself.
Slay a dragon... over lunch!
Next move I see is for a single source to be limited to providing 20 seconds of a particular music file so that we can take advantage of more fair use laws.
;)
Really, I'm not sure why I haven't seen this used yet. Almost all the major sites out there that provide music content will let you play a 10 or 20 second sample of the music for free (and as far as I know, they don't have to license it), so why can't filesharing system users legally do the same?
It just so happens that each user has a different clip... and the software is intelligent enough to piece them back together into one music file instead of me having to do it by hand
KappaStone
- Client contacts hub and requests a file
- Hub contacts available servers with details
- Server(s) sends data blocks to client
- Client receives data blocks and ticks off the file bitmap, making additional requests of the hub until all sections are retrieved.
Therefore, if the servers fake their originating IPs and all data verification is done by the client only the hub needs to know the IPs of the servers. Apparently there is already a UDP based P2P client in development that does something like this - it's mentioned in this very thread in fact.Quite how you get around the issue of the RIAA et al operating a hub and looking at the traffic though is another matter. Ultimately, something *must* bring the source and destination IPs together to initiate the transfer, and that's the point that the copyright police are going to be working at. I think it's a problem with a solution though - the similar issue of public key exchange had people stumped for an age before it was first solved by James Ellis' team at GCHQ.
In fact, that's another way of looking at the problem - who cares if Eve can see an ISOs worth of data transferred between Alice and Bob if they can't tell whether its the latest distro or the latest Hollywood movie DivX? They can't pursue every P2P downloader on the off chance it's a copyright violation, can they? And encryption is and essential feature of communications software to gain mainstream business acceptance in this paranoia ridden world, right?
UNIX? They're not even circumcised! Savages!
I run PeerGuardian's list on my system (either with its standalone program or through using its list with Sygate Personal Firewall). I've contributed IP blocks to it as well. So, unlike the sanctimonious among /., I know what I'm talking about here.
What I can't understand is why so many people here seem to be down on it. Here is a project that's free as in beer, free as in speech, receiving a great number of contributions from a tech-savvy community, helping to maintain privacy rights, and is making a solid attempt to send a message to the **AAs. This sounds like something the Open Source community would jump on as an example of community action to solve a problem. The fact that K++ is offering it will increase participation among users.
(By the way, the list is not only being constantly updated, a number of times a day, but it's being continually scrutinized for bad or inappropriate ranges. Congrats to eremini, dingdongding, and c00kies2000 for some great work on getting rid of inappropriates and dupes.)
It's not perfect, but it's a good stopgap until a better solution can be found.
The Spie
If using Linux is about choice, how come people complain when I choose to use Windows?
From this perspective something like a proxy for file transfers is not so important (not to mention fairly impractical). If other users can't see your full library and can't see your IP address in their search results (the latter might enable smart bots to "guess" what your library contains), the only way they can determine that you are sharing massively is to download tons of files and see which IP addresses crop up. This is because they will only see your IP when they actually start downloading.
All this to say that with the latest changes in K++ and Kazaa Lite, even big time file sharers can probably rest easy.
Peer Pressure
Sanity check, anyone?
Life is like surrealism: if you have to have it explained to you, you can't afford it.
Actually the thought just came to me that an interesting way to fight back would be having filesharing software somehow totally blacklist access to suspicious networks at the PC level (meaning not only filesharing - everything).
...
The blacklisting should be done at a higher level than machines only - the whole network of the ISP providing RIAA with access should be blacklisted if one or more machines in the network are being used by RIAA (or related entities) to scan for filesharing.
Also, the user of the filesharing program should be given a choice - "Do you want to block access to and from networks where RIAA is scanning filesharers (Yes/No)?"
My basic idea goes down to a bit of social engineering - please follow me on this one:
- RIAA contracts with an ISP to provide it with network connectivity to the Internet.
- RIAA then uses machine(s) over that network connection to scan filesharing networks.
- Said activity is detected (exactly how i don't know)
- The whole network for that ISP (or at least a significant portion of it) is blacklisted in millions of machines (all those running the filesharing app). This can be scalled up to bigger sub-networks (the ISP of the ISP) if needed.
- Other entities hosted on the same ISP are also in practice cut-off from some of their (potential) customers. Mostly their websites are ineccessible from millions of machines. This is especially bad for online shops and ASPs.
- They complain to the ISP.
- The ISP, faced with the choice between keeping RIAA as a customer and loosing several other customers or simply dumping RIAA will find that the choice that makes more business sense is dumping RIAA.
- Eventually, RIAA and it's associates will become persona non grata to most ISPs (as in, they choose to not take RIAA's business).
The nice thing about it is that it's all absolutelly legit:
- Each individual user chooses to accept an autometed cut of contact with those networks that provide access to filesharing scanning. Everyone is in their right to do so.
- ISPs choose to not sell their services to RIAA. It is their right to do so.
Now, this whole theory has some holes in it, and a couple of weak points (not to mention no solutions for the technical problem) - still, a distributed, voluntary system that makes it bad business for ISPs to provide access for companies that do filesharing scanning would leverage the power of those "hundreds of millions of users" of the filesharing apps.
Comments please
Why don't we put a EULA in the new Kazaa programs, which say something like this:
I don't belong to any organization related to RIAA.... I won't use any information obtained from the use of this program, or the study of the way this programs works, to sue others users of this or related program... I don't suck
And then require, from some point in the near future, that everyuser of kazaa has accepted this EULA
IANAL, and I don't know how an EULA like this would stand in a court, but should work for a time at least.
In the worst case, if the EULA doesn't stand in a court, it would provide a good case against crazy EULA's
It's a win-win!!
How touching. Someone is concerned about Kaza-lite "put[ting] the user in violation of the policy at their ISP" and "[...]in violation of federal, state, and local laws." I'm so glad someone's concerned about trying to obey the laws and legally binding contracts!
I'm sure you're just using it to put up scans of your art work you've put in the public domain, get the latest linux, and share open source PHP scripts.
Right?
You're not trading music, warez, and other stuff you don't have legal rights to.
Right?
I believe the next major advance in P2P technology will be the inclusion of reputation management / trust relationship technologies.
How do you know which IP's to blacklist? How do you know that the file you're downloading isn't a trojan?
I don't think the answer is in a centralized database of 'evil-doers'. That's an arms race that can eventually get everybody censored. Especially with dynamic IPs.
What needs to happen is you have to earn a reputation before you end up in those search results. You do this by people vouching for the quality of your files and not being a mole. Trust is gained by WHO vouches for that person and their metric of trustworthyness.
There should also be an option to restrict access to a given file to those within your web of trust so when the death squads in your country are looking to kill people serving up books about democracy, they can't just do a search real quick.
After we achieve a trust framework. I believe the next step will be dealing with traffic analysis. However, I'll rant about that when the time comes.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)