New Kazaa Lite Protects Identity
Denver_80203 writes "Found this story about the new Kazaa K++ 2.4.0 and it's new sister program which claim to protect your identity while sharing files. Any of you folk know how legit this could be? We all knew it wouldn't be long... is this the war or just another battle?"
Who wants to bet that the news won't report that filesharing has jumped back up %15, and then some with the advent of this.
Well K++ edition bascially contains a wrapper on the Kazaa application so that one can modify the memory accessed by Kazaa easily, and thus those who use K++ edition automatically has the K-Lite Master (1000) ranking on Kazaa. Its simply a matter of manipulating the values at the memory address.
I would think that extending on that principle, they could write protect or just dump gabarge into the memory space where idenities are stored.
Of course, I don't have the K++ source, so how would I know, it's just a theory.
From the article, all this seems to do is some basic housekeeping to ensure that your search history is not stored, and interact with a database of IP addresses known to be used by the RIAA
:)
This doesn't seem to be anything revolutionary, or, interesting.
If the services went through some kind of anonymizer, that would be cuter. Of course, the bandwidth demands would be huge.
What may be an alternative is to produce a collaborative download system. I request a download, which is proxied by another random user (provided I return the favor). Even if you had RIAA sniffers, all that could be proven is that MY IP address downloaded something, but not the ultimate destination of the data.
Of course, if I have illegal music on my PC, then I am still screwed. But I leave solving that problem to the reader
Or a day to install AOL software, Earthlink software, Juno software, and many other popular ISP packages, then dial up to various cities across the country, foot the long distance charge, and tack it to the next lawsuit filed against some teenager. If they can get subnets for these guys kicked off the network, then they win this battle, and use the networks' attempts to protect themselves as a weapon to cause the network to shut down huge portions of itself.
Slay a dragon... over lunch!
Next move I see is for a single source to be limited to providing 20 seconds of a particular music file so that we can take advantage of more fair use laws.
;)
Really, I'm not sure why I haven't seen this used yet. Almost all the major sites out there that provide music content will let you play a 10 or 20 second sample of the music for free (and as far as I know, they don't have to license it), so why can't filesharing system users legally do the same?
It just so happens that each user has a different clip... and the software is intelligent enough to piece them back together into one music file instead of me having to do it by hand
KappaStone
From this perspective something like a proxy for file transfers is not so important (not to mention fairly impractical). If other users can't see your full library and can't see your IP address in their search results (the latter might enable smart bots to "guess" what your library contains), the only way they can determine that you are sharing massively is to download tons of files and see which IP addresses crop up. This is because they will only see your IP when they actually start downloading.
All this to say that with the latest changes in K++ and Kazaa Lite, even big time file sharers can probably rest easy.
Peer Pressure
Sanity check, anyone?
Life is like surrealism: if you have to have it explained to you, you can't afford it.
Actually the thought just came to me that an interesting way to fight back would be having filesharing software somehow totally blacklist access to suspicious networks at the PC level (meaning not only filesharing - everything).
...
The blacklisting should be done at a higher level than machines only - the whole network of the ISP providing RIAA with access should be blacklisted if one or more machines in the network are being used by RIAA (or related entities) to scan for filesharing.
Also, the user of the filesharing program should be given a choice - "Do you want to block access to and from networks where RIAA is scanning filesharers (Yes/No)?"
My basic idea goes down to a bit of social engineering - please follow me on this one:
- RIAA contracts with an ISP to provide it with network connectivity to the Internet.
- RIAA then uses machine(s) over that network connection to scan filesharing networks.
- Said activity is detected (exactly how i don't know)
- The whole network for that ISP (or at least a significant portion of it) is blacklisted in millions of machines (all those running the filesharing app). This can be scalled up to bigger sub-networks (the ISP of the ISP) if needed.
- Other entities hosted on the same ISP are also in practice cut-off from some of their (potential) customers. Mostly their websites are ineccessible from millions of machines. This is especially bad for online shops and ASPs.
- They complain to the ISP.
- The ISP, faced with the choice between keeping RIAA as a customer and loosing several other customers or simply dumping RIAA will find that the choice that makes more business sense is dumping RIAA.
- Eventually, RIAA and it's associates will become persona non grata to most ISPs (as in, they choose to not take RIAA's business).
The nice thing about it is that it's all absolutelly legit:
- Each individual user chooses to accept an autometed cut of contact with those networks that provide access to filesharing scanning. Everyone is in their right to do so.
- ISPs choose to not sell their services to RIAA. It is their right to do so.
Now, this whole theory has some holes in it, and a couple of weak points (not to mention no solutions for the technical problem) - still, a distributed, voluntary system that makes it bad business for ISPs to provide access for companies that do filesharing scanning would leverage the power of those "hundreds of millions of users" of the filesharing apps.
Comments please
Why don't we put a EULA in the new Kazaa programs, which say something like this:
I don't belong to any organization related to RIAA.... I won't use any information obtained from the use of this program, or the study of the way this programs works, to sue others users of this or related program... I don't suck
And then require, from some point in the near future, that everyuser of kazaa has accepted this EULA
IANAL, and I don't know how an EULA like this would stand in a court, but should work for a time at least.
In the worst case, if the EULA doesn't stand in a court, it would provide a good case against crazy EULA's
It's a win-win!!
I believe the next major advance in P2P technology will be the inclusion of reputation management / trust relationship technologies.
How do you know which IP's to blacklist? How do you know that the file you're downloading isn't a trojan?
I don't think the answer is in a centralized database of 'evil-doers'. That's an arms race that can eventually get everybody censored. Especially with dynamic IPs.
What needs to happen is you have to earn a reputation before you end up in those search results. You do this by people vouching for the quality of your files and not being a mole. Trust is gained by WHO vouches for that person and their metric of trustworthyness.
There should also be an option to restrict access to a given file to those within your web of trust so when the death squads in your country are looking to kill people serving up books about democracy, they can't just do a search real quick.
After we achieve a trust framework. I believe the next step will be dealing with traffic analysis. However, I'll rant about that when the time comes.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)