Japanese P2P Users Arrested, Creator Targeted

nutznboltz writes "According to a story on CNET Asia, two Japanese users of the Winny P2P application have been arrested for copyright violations, and the developer of the P2P software has also had his home searched by police. Winny was 'supposedly anonymous', and purported to be based on Freenet, although Freenet creator Ian Clarke is claiming that Winny is not really like Freenet, and that he's 'not concerned that the Japanese police have somehow found a way to compromise Freenet's security'."

First case of the Article not RTFA?

[The+Uninformed]

"I'm not concerned that the Japanese police have somehow found a way to compromise Freenet's security," Clarke

"..but probably not those that allow Freenet to protect user anonymity." Clarke

I'm confused, it looks like Clarke said Freenet's compromised and he doesn't care, and that Freenet isn't compromised.

Searched by police?

[ceeam]

So - what did they intend to find? Or do they use it like intimidation of some sort?

Freenet is not save.

[Krapangor]

Clarke wants to save his face, but it's well known in certain circles that freenet doesn't provide 100% anonymity if the attacker has enough resources, e.g. a large ISP or the gov.
It takes some time, but you can determine the IP and stored data of a user.
But I don't think that this is so bad, in free societies such anonymizer tools are often abused by criminals, spammers and perverts and in oppressive societies the use of the tool gets you in prison anyway. The Chinese gov is not so stupid to get caught by the "hahaha - my data was encrypted, you can't prove anything"-argument.
So it's really no loss there.

Ever *truly* Anonymous?

I am often amazed at the abilities of some. A 15 year old breaks a hard crypto for DVDs in what seems is a poetic 30 line program... And so many others who have contribuited to technology. But in my limited thinking I cannot see how a truly anonymous P2P network could ever be thought up.

After all the encryption, all the routing and packet filtering... eventually we're always left with unavoidable IP addresses. There's always going to be, has to be, a destinaton and origination. If a computer program can find the location of a song, so eventually can a human. ...So it seems to me.

The FBI tracked the release of an email virus to some upstairs apartment laptop with a temporary dial up connection in a third world country within three days of it's release. What was it, the I love you virus or something written by some tech students? I sat in wonder watching the news reports and the video of dirt streets and old third world buildings wondering how the hell they did it. How they knew it came from that upstairs apartment. Probably logged in just long enough to send it. Not just in three days, but probably sooner with them taking 1-2 days for the "public" release.

Then I consider a truly anonymous P2P file share and wonder if it is even possible. The song is going to be on a hard disk. That hard disk is attached to the net and will have a number representing it's network location. All of which can be traced. In my mind, again, if a program can find the song, even as difficult at it may seem, so eventually can a human.

Just like *they* can never make an unbrakable copy protection, Will *we* ever be able to completely anonymous while on the Net.

I'm just wondering....

Re:Ever *truly* Anonymous?

I can imagine the network that allows share of any data but is difficult to be sued and would have to be practically banned to shut it down.

Imagine the following system:

1) Basic requirements from the system:

Each computer in the network when signs to this software is commiting certain amount of disk space to store network data and certain amount of bandwitch to exchange storage information. The exchange of information consists of background traffic which is independent from the user and user request traffic to search and download data. The software is designed in such way, that for the remote machine the background and foregorund requests are in most cases impossible to distinguish.

The data on the network consists of packets.

There are two types of packets:
- encyphered packets with unique ID's
- data catalogue packets

Computers that are in any given moment logged onto the network are exchanging randomly its stored packets using preassigned disk space and preassigned amount of background badwitch.

2) Commiting the data to the network.

Each user can post any data to the network. The process is as follows. The software initially is breaking down the data file into the packets that have unique ID assigned to each packet and each packet remebers ID of the next packet. Then the packets are encyphered. The cypher is using previous packet data as a key to encypher the next packet (with the exception of the first packet which could be encyphered using some simple cypher). Also the software at the same time creates entry to the catalogue with data file title and ID of the first packet of the data. Then the packets of the file and the new catalogue packet are distributed randomely along the network using regular network background exchange traffic. The receiving computer cannot distinguish this from the regular background traffic exchange so it cannot identify that the new data is currently posted. Even more, becuase it is receiving only one packet, it cannot even identify what exactly this packet is representing since the packet is encyphered and in order to know its content one needs all preceeding packets that are sent to different random machines on the network. Part of the background traffic is also used to move packets randomely around network, so the data is never static. It is always floating around the network. The user of particular machine also has no idea, what is currently on his machine for the same reason, and the packets are constantly moving along the machines anyway so in a sense everybody shares all the packets virtually.

3) Searching for data.

The user posts a search to the network for a title using foreground traffic. The search itself is not a crime since we are only looking for a relationship of title to ID of the first packet of data. Just like you can review any type of music catalogue :-) There is no proof of downloading since the search only returns catalogue entry of ID and it is up to the user to do anything with this. But even the search is anonymized in the following way:

User generates query for the file title. The system assigns unique ID to the query and sends this to randomely chosen couple of the networked machines currently online. The quered machine checks its catalogue packets. If the match is found, the response is send with title - ID of the first packet. If the match is not found, the query ID and IP of the querying machine is temporarily stored by the software and the query then is posted in the background traffic to some more randomely chosen machines on the network. If they respond within given time with ID, the response is sent back to the querrying machine. In any case after the preassigned time, the stored ID/IP info is deleted so there is no trace of the search. The key here is that the machine that is being querred has no idea if the querrying machine is the original requestor of the querry or just another link in the chain.

4) Downloading data.

O

Re:This is the final straw

[squaretorus]

Stupid laws that cost thousands of extra police hours not only waste tax-payers money, they take police from their real job

Couldnt agree more. But this isnt the main culprit. Globally more is spent on 'THE WAR ON DRUGS' and chasing criminals who only steal to feed their habits than on ANYTHING ELSE. Apologies for the caps - just trying to be sensationalist because Im talking about drugs - which we all know are REALLY SCARY AND BAD.

Of course - these kids coul dhave been P2Ping to support a crack habit. It all comes back to wasted money on THE WAR ON DRUGS...

Its OK... the RIAA may be paying for spam.

Here are the snippits from the spam.

Subject: Digital Music News: Don't Go to Jail

Music Industry Informs Internet Users of Risks Peer-to-Peer Networks Pose

STAY OUT OF COURT - USE LEGAL 'SHARING'

Staff Writer, The Digital Music News

The Recording Industry Association of America has filed 300 lawsuits against alleged file swappers. Don't want to become victim number 301? Then it's time to switch from programs like Kazaa and Morpheus to a legal music download service Songs purchased on legal services are more reliably of a higher quality than those downloaded from a peer-to-peer network where you're never quite sure if the file was properly labelled, ripped on an underperforming computer or contained a virus Below are the options that will help keep your life free of lawsuits To learn more about safe and secure ways of using the Internet http://www.riaa.com

The message then goes on to pimp for the various pay services. I have no idea if the RIAA actually paid for the spam, of if it is a joe job.

Re:Freenet/Winny

[Troed]

When you install Freenet and go to your local gateway-page there are not one but two search engines linked. That's how you search WWW - that's how you search Freenet.

Or do you know of a way to search the World Wide Web that does not include using servers which have spidered the content? Please let me know.

Winny is more advanced than Freenet

[News+for+nerds]

Winny was developped by the Japanese developper called "47", and it was after WinMX user was arrested here in Japan, in 2001. It was the world-first arrest of P2P users. Japanese copyright law was amended in the years before to crack down infringement over internet, protecting "right of enabling sending copyrighted material".
Since then, among Japanese users and hackers, non-encrypted P2P which is still popular in the West today became things of past.

Since Freenet made of Java was very slow application then (not much improved today), he made Winny as native Windows P2P application, with encrypted storage distrubited across peers. According to the developper, Winny is good at the both anonymity and efficiency, but anonymity is slightly lower than Freenet. Because a receiver can't determine a sender is the one who originally inserted the file to the network or not, it was considered anonymous and then more secure than ordinary P2P network, say, Gnutella or eDonkey etc. Winny has other functions like forum system, and clustering by keywords combination set by its users which help users with similar interest mold cluster. Other remarkable difference from Freenet is it dosn't split files, but can do multiple-source download.

With the help of community and its own efficiency as P2P network, Winny become extremely populor in Japan unlike experimental Freenet in the West and consumed huge bandwidth.

But those who were arrested the last month was arrested because they sent files directly, without being a bridge, or put some warez onto web page and running Winny beside it. Therefore it is still not clear whether just running Winny and sending cached files without modest deliberation means guilty or not.

And Winny is really WinNY, means the next of WinMX

[News+for+nerds]

Winny is really WinNY, with WinMX N is the next of M, and Y is the next of X.

Re:Speed of the Japanese legal system

[dbleoslow]

And, I'm told, most people can escape imprisonment or heavy fining by just apologising well.

Unless you're a foreigner

I'm not saying this guy is innocent, but he got a longer prison sentence than most murderers. Japan has a conviction rate above %90 percent. They can also hold someone on suspicion for up to 21 days without so much as a phone call. My greatest fear is just being a suspect. It doesn't matter if you're guilty or not here. So I get a heavy fine and no "prison sentence." I could still be in prison for almost a month before charges are even filed.

Chasing after file sharers doesn't work!

[Morosoph]

Just found a link to The Motley Fool that very much suggests that file-sharing isn't taking any revenue. If this is truly the case, how do they justify the restraint of freedom induced by laws and methods of enforcement? This appears to be less a case of protecting revenues as a simple imposition of unjustified power.

More musings on power and on civil disobedience. I should say that I admire the independent artist who chooses to share samples, and do not especially admire those who trade music illegally, but here, punishment is disproportionate.

Society is reaching a fork in the road

[t_allardyce]

I believe that the words "arrested for downloading..." should not be appearing in our lives because "arrested for downloading music" sounds very similar to "arrested for downloading political material" and this is exactly how a society moves from free to big-brother. Lets put things in perspective here: You are not gaining unauthorized entry to a remote system, you are not 'stealing' (as in bank notes) money, you are not diverting electronic funds to yourself. Flaim me all you want about what you 'are' doing but those facts remain.

What you are doing is partaking in an activity that may negatively effect a large economy. Now there is no definite case here, it could be that you were not taking a potential sale because you would never have intended to buy it in the first place, who knows? its a very blurry area and no-one can claim they know all the facts. Having said that there are allot of things in our society that follow similar logic:

Driving your car for example, now you may not contribute a significant amount to pollution yourself but everyone together does (this has more proof behind it than the case against music downloading). If you go get a drink during commercials then you aren't doing anything personally but if every single person got up during that commercial it would have a zero viewer figure (which leads to the question are the advertising companies doing their job if no-one wants to watch their adverts?). As a society we have deemed that some things are ok and some are not for whatever reason but if its deemed that filesharing is not ok then you will have put that over driving your car and a whole host of other things we do that are far worse, is that ok? its up to you.

Its society's job as a whole to decide the balance here, personally i think filesharing should be accepted and that it will lead to a positive change in the way things are done and the way music is made. Maybe it will lead to the downfall of the RIAA as we know it and music will suddenly become not a money driven thing but a enjoyment driven thing maybe like open source software, is that good? is society happy with the way things are now? are you happy with the way things are with the RIAA? because its the majority of the people that matter in a democracy not the richest and if you live in a democracy then thats the way it goes.

PS. It might happen that you dont live in a democracy or your democracy is broken and for example 2 million people all getting together in a park to demonstrate over something does not sway your PM's view atall even though it was one of the biggest demonstrations in your country's history. Or, your government openly receives funding from major corporations and just happens to churn out laws that suit those corporations and has now allowed one of those corporations to run its voting. If this is true for you then the above post means nothing, go back to your work, do what you are told and let it get worse. If you dont live in a democracy and dont want one than also ignore this post and i hope you have better luck than us and that we dont try and invade you anytime soon, if we do im sorry i had nothing to do with it.

WiFi network without TCPIP

Its simple, use UDP, and use WiFi. Use a portable storage device to access WiFi. Suddenly you have an annonymous network with no IP addresses.

We just do not have enough WiFi access points to do this and still depend on ISPs