Slashdot Mirror
Japanese P2P Users Arrested, Creator Targeted
nutznboltz writes "According to a story on CNET Asia, two Japanese users of the Winny P2P application have been arrested for copyright violations, and the developer of the P2P software has also had his home searched by police. Winny was 'supposedly anonymous', and purported to be based on Freenet, although Freenet creator Ian Clarke is claiming that Winny is not really like Freenet, and that he's 'not concerned that the Japanese police have somehow found a way to compromise Freenet's security'."
This must stop! If this continues, the P2P world's supply of tentacle rape porn and mech video clips could dry up overnight!
1. p2p isn't piracy or crime, just like everything else it can be used to violate laws, so p2p != piracy.
2. copying software isn't theft or crime, it's just copyright violation (I'm not saying it's cool, it's just not a crime)
Piracy is a crime and these folks were arrested for it. I don't see why this is news.
Uh, not quite. Software piracy may be a crime, but writing a P2P application, which has practical purposes for sharing files legally, isn't (as far as I know).
It's a sad day when writing a file sharing application is enough to get your house turned upside down by the police or get you thrown into jail.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
You can search Freenet _exactly_ in the same way you can search the World Wide Web. If you use a messageboard/filesharing application on top of Freenet (like Frost) you can search with a nice little search box per board or in all of them.
:)
But please, why not post uninformed opinions on Slashdot and get modded up as Insightful
it's in my head
Since Winny is pretty much unknown outside Japan, here is some background information for slashdot readers: Winny is a P2P file sharing program created by a Japanese programmer, who still remains anonymous to this day. It came out two years ago as an attempt to share copyright-protected materials "safely" when somebody was arrested for using another P2P program (WinMX). Since the application was extremely well designed and almost anything is available on its network, from movies to software, it has become immensely popular in Japan, so much so that there are a dozen book available on how to use it and network traffic in the country was down 20% after the news of the arrest broke. As for the reasons why the police was able to identify those two people who were arrested, they used an extra bulletin board feature, which does not guarantee anonymity unlike its file transfer feature, to distribute a list of warez videos. Therefore, I don't think this news has anything to do with the validity of Freenet's technology, or with that of Winny's for that matter.
I am often amazed at the abilities of some. A 15 year old breaks a hard crypto for DVDs in what seems is a poetic 30 line program... And so many others who have contribuited to technology. But in my limited thinking I cannot see how a truly anonymous P2P network could ever be thought up.
...So it seems to me.
After all the encryption, all the routing and packet filtering... eventually we're always left with unavoidable IP addresses. There's always going to be, has to be, a destinaton and origination. If a computer program can find the location of a song, so eventually can a human.
The FBI tracked the release of an email virus to some upstairs apartment laptop with a temporary dial up connection in a third world country within three days of it's release. What was it, the I love you virus or something written by some tech students? I sat in wonder watching the news reports and the video of dirt streets and old third world buildings wondering how the hell they did it. How they knew it came from that upstairs apartment. Probably logged in just long enough to send it. Not just in three days, but probably sooner with them taking 1-2 days for the "public" release.
Then I consider a truly anonymous P2P file share and wonder if it is even possible. The song is going to be on a hard disk. That hard disk is attached to the net and will have a number representing it's network location. All of which can be traced. In my mind, again, if a program can find the song, even as difficult at it may seem, so eventually can a human.
Just like *they* can never make an unbrakable copy protection, Will *we* ever be able to completely anonymous while on the Net.
I'm just wondering....
Stupid laws that cost thousands of extra police hours not only waste tax-payers money, they take police from their real job
Couldnt agree more. But this isnt the main culprit. Globally more is spent on 'THE WAR ON DRUGS' and chasing criminals who only steal to feed their habits than on ANYTHING ELSE. Apologies for the caps - just trying to be sensationalist because Im talking about drugs - which we all know are REALLY SCARY AND BAD.
Of course - these kids coul dhave been P2Ping to support a crack habit. It all comes back to wasted money on THE WAR ON DRUGS...
This is a complicated issue without a clear answer.
If you want to be theoretical, then yes, Freenet does not provide anywhere near "absolute" anonymity. In fact, it doesn't even provide the level of anonymity that is used when judging such things as anonymous remailers or mixnets.
Basically, Freenet purports to be "anonymous" because you files do not recide on the computer of the person who uploaded them, and because all downloads and uploads are chained and tunneled through each host involved in the transfer. That means that the host you download a Freenet document from just knows it got it from some other node, which got it from some other node, which got it through some other node, all the way back to the person who uploaded it. It certainly makes tracking the people upload and download things more difficult then on networks like Kazaa (where it is, as we have seen, trivial) but in theory, and with enough resources, it is of course not impossible.
It should be noted what Freenet does NOT provide however. Freenet does do what the serious mixnets reffer to as "Onion routing", which basically means that the message is wrapped in an onion of cryptographic layers, which are pealed off at every step. The idea behind this is only the very last node can see contents of the message, and only the first knows it came from you (and none of the other nodes know anything except where the message came from and where it went).
If you request something from Freenet, your node will call up another node and ask it for that file - if that node is controlled by the Feds then you are busted. It is argued that there is plausible deniability, because it is possible that your node was not downloading the file because you asked for it, but simply forwarding it for somebody else. Given the state of the judicial process at the moment, I'm not terribly optimistic about this defense.
Freenet also doesn't protect (at least not very well) against traffic and timing analysis, allowing one to track down the author of something using the timing and amount of encrypted traffic that nodes exchange. I don't know of any case of traffic analysis having been used (except maybe on the NSA hyper-spook level), but it isn't impossible.
Another thing that Freenet does not "anonymise", and this is the most important IMO, is that you are running a node in the first place. Your Freenet node has to be public, so the feds could definitely "fish" the network for node addresses and start busting those who run them. Again there is an argument of deniability: you don't actually know what is in your nodes cache because it is encrypted, but again I don't have a lot of faith in this defense when the prosecutor will argue that you knowning acted in bad faith.
Regarding Winny, however, I think I agree with Ian. It seems doubtful that Winny works in the same manner as freenet, for the simple reason that Winny works, and well, freenet, umm, doesn't. Any time you try to put anonymity into something, useability IS going to take a hit, because trying to spread and bounce traffic necessarily hits performance. I have a very hard time believing that Japans most popular P2P network could be based on tunneling everything - purely for performance reasons.
(I have to run, so forgive typos and pitiful spelling errors.)
Winny was developped by the Japanese developper called "47", and it was after WinMX user was arrested here in Japan, in 2001. It was the world-first arrest of P2P users. Japanese copyright law was amended in the years before to crack down infringement over internet, protecting "right of enabling sending copyrighted material".
Since then, among Japanese users and hackers, non-encrypted P2P which is still popular in the West today became things of past.
Since Freenet made of Java was very slow application then (not much improved today), he made Winny as native Windows P2P application, with encrypted storage distrubited across peers. According to the developper, Winny is good at the both anonymity and efficiency, but anonymity is slightly lower than Freenet. Because a receiver can't determine a sender is the one who originally inserted the file to the network or not, it was considered anonymous and then more secure than ordinary P2P network, say, Gnutella or eDonkey etc. Winny has other functions like forum system, and clustering by keywords combination set by its users which help users with similar interest mold cluster. Other remarkable difference from Freenet is it dosn't split files, but can do multiple-source download.
With the help of community and its own efficiency as P2P network, Winny become extremely populor in Japan unlike experimental Freenet in the West and consumed huge bandwidth.
But those who were arrested the last month was arrested because they sent files directly, without being a bridge, or put some warez onto web page and running Winny beside it. Therefore it is still not clear whether just running Winny and sending cached files without modest deliberation means guilty or not.
Winny is really WinNY, with WinMX N is the next of M, and Y is the next of X.
The way annoymity works is that files are stored in a "cache" in a scrambled format with filename concealed, even to the local user.
:)
Winny knows how to descramble the name and data, and it can search on the P2P network a specific file using its filename or MD5 checksum.
When a file is found, it is either downloaded directly or through another random user (think proxy).
Files goes into the cache either by local upload, by downloading a file (which Winny will descramble for you, leaving a copy in the cache), or by files passing through your node. It is then available for further download by other people.
This provides a kind of load-sharing where more popular a file is, it will be found in more people's cache and more easily available. Downloading from multiple sources is also possible.
You can find out who your immediate neighbour is, but he can claim he doesn't know what the content of his cache contains an infringing file, but of course this requires him to remove the original on his disk
To give an incentive to people to cache files, # of simultanenous downloads is limited to # of uploads+1 with a lower limit of 2.
It is a very convinent system because winny has a function that let you specifies search parameters and you can just leave it alone and it'll download everything that meets the parameters, meanwhile donating bandwidth and cache space to other people on the P2P network.
This model can be possible only because Winny is closed source. Cracks have both appeared for both the download limit and cache descrambling. It is easy to see widespread use of the cracks will compromise the model (less files to be found on the network).
Fortunately normally people don't care (it is just spare upload bandwidth and disk space, which broadband P2P users usually have surplus of).
And, I'm told, most people can escape imprisonment or heavy fining by just apologising well.
Unless you're a foreigner
I'm not saying this guy is innocent, but he got a longer prison sentence than most murderers. Japan has a conviction rate above %90 percent. They can also hold someone on suspicion for up to 21 days without so much as a phone call. My greatest fear is just being a suspect. It doesn't matter if you're guilty or not here. So I get a heavy fine and no "prison sentence." I could still be in prison for almost a month before charges are even filed.
Actually, just the size of the piece of content you are retreiving is very likely to tield enough information to identify exactly who retreived it, I'm afraid.
Pieces of data in Freenet are padded to the nearest exponent of two, so this particular attack would be pretty difficult.