Slashdot Mirror


New Kazaa Lite Protects Identity

Denver_80203 writes "Found this story about the new Kazaa K++ 2.4.0 and it's new sister program which claim to protect your identity while sharing files. Any of you folk know how legit this could be? We all knew it wouldn't be long... is this the war or just another battle?"

16 of 668 comments (clear)

  1. Great! by indros · · Score: 5, Interesting

    Who wants to bet that the news won't report that filesharing has jumped back up %15, and then some with the advent of this.

  2. K++ edition by Webtommy88 · · Score: 5, Interesting

    Well K++ edition bascially contains a wrapper on the Kazaa application so that one can modify the memory accessed by Kazaa easily, and thus those who use K++ edition automatically has the K-Lite Master (1000) ranking on Kazaa. Its simply a matter of manipulating the values at the memory address.

    I would think that extending on that principle, they could write protect or just dump gabarge into the memory space where idenities are stored.

    Of course, I don't have the K++ source, so how would I know, it's just a theory.

    1. Re:K++ edition by toddestan · · Score: 4, Interesting

      Like most people, I have a fairly large download pipe (about 1mbps) while a tiny upload pipe (128kpbs). Thus, I have a rather large collection of files people want. Whenever I go onto P2P networks, my upload pipe is almost always maxed with lots of people qued up waiting to upload.

      What this article says is not entirely true. While the leechers do not harm or take anything away from me, they do take bandwidth away from the people who are not leeching. And I do not have infinite bandwidth, because even if I left my computer on 24/7, more people will que up and try to upload than I ever could upload to.

      Since I cannot upload to everybody, it is in my best interests to upload to the people who share. Because the people who share are the only one who will actually make the network grow. Also, when they share a file they uploaded from me, it also makes that file more available on the network and takes a little bit of the load off myself.

      So there are practical reasons to kick freeloaders , besides just the moral ones. If I truly had infinite bandwidth (I interpet that as enough bandwidth to send my files to everyone who wants them, regardless of them sharing or not), then maybe I wouldn't care about freeloaders. But since I don't, I will continue to block leechers from uploading from me.

  3. All this seems to do... by Stinky+Glen20 · · Score: 5, Interesting

    From the article, all this seems to do is some basic housekeeping to ensure that your search history is not stored, and interact with a database of IP addresses known to be used by the RIAA

    This doesn't seem to be anything revolutionary, or, interesting.

    If the services went through some kind of anonymizer, that would be cuter. Of course, the bandwidth demands would be huge.

    What may be an alternative is to produce a collaborative download system. I request a download, which is proxied by another random user (provided I return the favor). Even if you had RIAA sniffers, all that could be proven is that MY IP address downloaded something, but not the ultimate destination of the data.

    Of course, if I have illegal music on my PC, then I am still screwed. But I leave solving that problem to the reader :)

  4. How legit? by AllUsernamesAreGone · · Score: 3, Interesting
    "know how legit this could be?"

    As legit as sharing copyrighted files? ;) IANAL, but I doubt that the Recording Industry Ass. of America can use existing laws to prevent this being done (although I doubt that'll stop them trying).

    If the Kazaa guys have done it right they may even be able to wave the good old DMCA under the Recording Industry Ass. of America's nose if they try to crack the system as well (oh the irony!)

    But this is just the latest volley in what is going to be a very drawn-out and bloody Information Cold War.

  5. Re:Just blocks IPs by Swamp · · Score: 3, Interesting

    From what I could gather from the article they were moving towards a system whereby suspicious IP addresses that perform wide scans are automatically recorded and perhaps added to a global 'block' list. A sort of reverse distibuted denial of service.

    However I'm not sure how a client could tell whether one IP address was 'suspicious' or not, and I can't see it would be feasible to collect all IP addresses that connect to all clients to find those that couldn't possibly be legitimate Kazza clients.

  6. Re:This isn't surprising. . . by nahdude812 · · Score: 4, Interesting

    Or a day to install AOL software, Earthlink software, Juno software, and many other popular ISP packages, then dial up to various cities across the country, foot the long distance charge, and tack it to the next lawsuit filed against some teenager. If they can get subnets for these guys kicked off the network, then they win this battle, and use the networks' attempts to protect themselves as a weapon to cause the network to shut down huge portions of itself.

  7. Re:This isn't surprising. . . by deman1985 · · Score: 5, Interesting

    Next move I see is for a single source to be limited to providing 20 seconds of a particular music file so that we can take advantage of more fair use laws.

    Really, I'm not sure why I haven't seen this used yet. Almost all the major sites out there that provide music content will let you play a 10 or 20 second sample of the music for free (and as far as I know, they don't have to license it), so why can't filesharing system users legally do the same?

    It just so happens that each user has a different clip... and the software is intelligent enough to piece them back together into one music file instead of me having to do it by hand ;)

  8. Re:How? by Zocalo · · Score: 3, Interesting
    The object, for those in a dubious copyright position, would primarily be to hide the identity of the uploader sharing the files, not the downloader retrieving them - that's just a bonus. Most P2P networks use some kind of hub system to collate requests and assign them to servers, at least initially. So, at a very basic level:
    1. Client contacts hub and requests a file
    2. Hub contacts available servers with details
    3. Server(s) sends data blocks to client
    4. Client receives data blocks and ticks off the file bitmap, making additional requests of the hub until all sections are retrieved.
    Therefore, if the servers fake their originating IPs and all data verification is done by the client only the hub needs to know the IPs of the servers. Apparently there is already a UDP based P2P client in development that does something like this - it's mentioned in this very thread in fact.

    Quite how you get around the issue of the RIAA et al operating a hub and looking at the traffic though is another matter. Ultimately, something *must* bring the source and destination IPs together to initiate the transfer, and that's the point that the copyright police are going to be working at. I think it's a problem with a solution though - the similar issue of public key exchange had people stumped for an age before it was first solved by James Ellis' team at GCHQ.

    In fact, that's another way of looking at the problem - who cares if Eve can see an ISOs worth of data transferred between Alice and Bob if they can't tell whether its the latest distro or the latest Hollywood movie DivX? They can't pursue every P2P downloader on the off chance it's a copyright violation, can they? And encryption is and essential feature of communications software to gain mainstream business acceptance in this paranoia ridden world, right?

    --
    UNIX? They're not even circumcised! Savages!
  9. So Why Is Everyone Negative Toward Peer Guardian? by The+Spie · · Score: 3, Interesting

    I run PeerGuardian's list on my system (either with its standalone program or through using its list with Sygate Personal Firewall). I've contributed IP blocks to it as well. So, unlike the sanctimonious among /., I know what I'm talking about here.

    What I can't understand is why so many people here seem to be down on it. Here is a project that's free as in beer, free as in speech, receiving a great number of contributions from a tech-savvy community, helping to maintain privacy rights, and is making a solid attempt to send a message to the **AAs. This sounds like something the Open Source community would jump on as an example of community action to solve a problem. The fact that K++ is offering it will increase participation among users.

    (By the way, the list is not only being constantly updated, a number of times a day, but it's being continually scrutinized for bad or inappropriate ranges. Congrats to eremini, dingdongding, and c00kies2000 for some great work on getting rid of inappropriates and dupes.)

    It's not perfect, but it's a good stopgap until a better solution can be found.

    The Spie

    --
    If using Linux is about choice, how come people complain when I choose to use Windows?
  10. The RIAA's Not-So-Secret Agenda by plasticmillion · · Score: 4, Interesting
    Actually the RIAA has been quite upfront regarding their plans to sue the pants off offenders. They have stated repeatedly that they plan to go after users who are sharing tons of files, not the zillions of normal users, which makes sense since supposedly a small minority of big sharers supplies the vast majority of files on the networks.

    From this perspective something like a proxy for file transfers is not so important (not to mention fairly impractical). If other users can't see your full library and can't see your IP address in their search results (the latter might enable smart bots to "guess" what your library contains), the only way they can determine that you are sharing massively is to download tons of files and see which IP addresses crop up. This is because they will only see your IP when they actually start downloading.

    All this to say that with the latest changes in K++ and Kazaa Lite, even big time file sharers can probably rest easy.

  11. Submitted for your approval: by DuckDuckBOOM! · · Score: 4, Interesting
    In a future release of [your favorite P2P app], an option which presents to peers requesting downloads or file lists one of those pseudo-word-containing images you see on eBay and Ticketmaster to block bots. The requestor has to type in the character string he/she/whatever sees to get the file or list. This wouldn't stop RIAA scans, but would sure as hell slow them to a crawl by de-automating the scan process, without substantially impacting a normal user. The only serious downside I see is that this method probably busts a patent somewhere. Is there a way to avoid that?

    Sanity check, anyone?

    --
    Life is like surrealism: if you have to have it explained to you, you can't afford it.
  12. Blacklisting RIAA's (and friends) networks by Aceticon · · Score: 4, Interesting

    Actually the thought just came to me that an interesting way to fight back would be having filesharing software somehow totally blacklist access to suspicious networks at the PC level (meaning not only filesharing - everything).

    The blacklisting should be done at a higher level than machines only - the whole network of the ISP providing RIAA with access should be blacklisted if one or more machines in the network are being used by RIAA (or related entities) to scan for filesharing.

    Also, the user of the filesharing program should be given a choice - "Do you want to block access to and from networks where RIAA is scanning filesharers (Yes/No)?"

    My basic idea goes down to a bit of social engineering - please follow me on this one:
    - RIAA contracts with an ISP to provide it with network connectivity to the Internet.
    - RIAA then uses machine(s) over that network connection to scan filesharing networks.
    - Said activity is detected (exactly how i don't know)
    - The whole network for that ISP (or at least a significant portion of it) is blacklisted in millions of machines (all those running the filesharing app). This can be scalled up to bigger sub-networks (the ISP of the ISP) if needed.
    - Other entities hosted on the same ISP are also in practice cut-off from some of their (potential) customers. Mostly their websites are ineccessible from millions of machines. This is especially bad for online shops and ASPs.
    - They complain to the ISP.
    - The ISP, faced with the choice between keeping RIAA as a customer and loosing several other customers or simply dumping RIAA will find that the choice that makes more business sense is dumping RIAA.
    - Eventually, RIAA and it's associates will become persona non grata to most ISPs (as in, they choose to not take RIAA's business).

    The nice thing about it is that it's all absolutelly legit:
    - Each individual user chooses to accept an autometed cut of contact with those networks that provide access to filesharing scanning. Everyone is in their right to do so.
    - ISPs choose to not sell their services to RIAA. It is their right to do so.

    Now, this whole theory has some holes in it, and a couple of weak points (not to mention no solutions for the technical problem) - still, a distributed, voluntary system that makes it bad business for ISPs to provide access for companies that do filesharing scanning would leverage the power of those "hundreds of millions of users" of the filesharing apps.

    Comments please ...

  13. Do the EULA by Zangief · · Score: 5, Interesting

    Why don't we put a EULA in the new Kazaa programs, which say something like this:

    I don't belong to any organization related to RIAA.... I won't use any information obtained from the use of this program, or the study of the way this programs works, to sue others users of this or related program... I don't suck

    And then require, from some point in the near future, that everyuser of kazaa has accepted this EULA

    IANAL, and I don't know how an EULA like this would stand in a court, but should work for a time at least.

    In the worst case, if the EULA doesn't stand in a court, it would provide a good case against crazy EULA's

    It's a win-win!!

  14. Re:!!!WARNING!!! New Kazaa-Lite turns file sharing by Pvt_Waldo · · Score: 3, Interesting

    How touching. Someone is concerned about Kaza-lite "put[ting] the user in violation of the policy at their ISP" and "[...]in violation of federal, state, and local laws." I'm so glad someone's concerned about trying to obey the laws and legally binding contracts!

    I'm sure you're just using it to put up scans of your art work you've put in the public domain, get the latest linux, and share open source PHP scripts.

    Right?

    You're not trading music, warez, and other stuff you don't have legal rights to.

    Right?

  15. trust and reputation management by mr_burns · · Score: 4, Interesting

    I believe the next major advance in P2P technology will be the inclusion of reputation management / trust relationship technologies.

    How do you know which IP's to blacklist? How do you know that the file you're downloading isn't a trojan?

    I don't think the answer is in a centralized database of 'evil-doers'. That's an arms race that can eventually get everybody censored. Especially with dynamic IPs.

    What needs to happen is you have to earn a reputation before you end up in those search results. You do this by people vouching for the quality of your files and not being a mole. Trust is gained by WHO vouches for that person and their metric of trustworthyness.

    There should also be an option to restrict access to a given file to those within your web of trust so when the death squads in your country are looking to kill people serving up books about democracy, they can't just do a search real quick.

    After we achieve a trust framework. I believe the next step will be dealing with traffic analysis. However, I'll rant about that when the time comes.

    --
    "Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)