Slashdot Mirror
MUTE: Simple, Private File Sharing
oohp writes "MUTE is a new file sharing network that provides easy search and download functionality while protecting your privacy. It does this by routing all messages through a network of neighbour connections, using virtual addresses and encrypting all the traffic (using RSA for public/private keys and AES for the actual encryption). MUTE's routing mechanism is inspired by ant behaviour. The program is available for Linux, Windows and Mac OS X."
The way they explain things shows that the single reason for this software is to trade files that belong to the RIAA.
They might have wanted to think twice before doing that.
The RIAA hasn't learned that necessity is the mother of invention. While they try hard to shove substandard products down our throats (oh yeah I'm sorry, the last Brittany album is a "work of art", my bad") we try hard to pick the weat from teh chaff. Lets face it, if I could by an album with at least 5 good cuts on it, I woulnd't be spending my time taking the albums I own and making MP3 version of just he "good songs". If the Recording industry even paid the artists what they agreed to I might feel guilty about the occasional MP3 download. Since the recording industry has a regular habit of screwing their "artists", I don't.
PS: RIAA - can you prove that I didn't by that PIL album back in 1986, and am now just D/L ing a legitimate eletronique copy? If the encryption on mute is any good, the answer is no. Thankfully I still have my PIL vinyl in case I get dragged into court.
AngryPeopleRule
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
I could be wrong, but I think you may be reaching here.
I've never heard the ant analogy used to describe Freenet. Also, it seems likely to me that you haven't tried it and are just assuming that privacy implies slowness (you may be right, but maybe not). Lastly, if a p2p network is just beginning, it's very likely to be slow due to a lack of users rather than inherent technical limitations of the network itself.
This might be getting off-topic, but while CPD might be a nice tool, wouldn't a better plagiarism detector look for really similar code rather than identical chunks?
Mencken had it right. So glad that's old news.
Actually, the software features have nothing to do with what was actually ruled upon today - the RIAA can still get your name and information if the ISP knows your IP address, they just have to file a lawsuit first.
So, this IS still useful.
That's all there is to it. As long as you have an IP, there will be a method to trace. No software is 100% secure, and IP's are still used apparantly for this product.
It's like anonymous email. Yea, right, that't a real offer.
Call now and I got a bridge to sell for only 2 payments of $19.95. This is a $50 million dollar offer, but it's yours if you CALL NOW.
Come on, it's old.
I think the big difference is that Freenet lets you push content out into the net, whereas MUTE still works with the standard client/server model where the data must first be requested before being transmitted.
It's good to have the alternative. It's been awhile since I've checked out Freenet, but one of the fears I had for the system was that it would be susceptible to spam. If everybody took to trading their MP3's using it, for instance, the remedy on the part of the RIAA would be to simply publish terabytes of nonsensical data. MUTE doesn't seem to suffer from this weakness.
(although there still is the problem of the file you downloaded actually being the file you requested.)
Is this truly the only Earth I can live on?
Well, thats a good point: sites with crappy upload speeds will not be valuable participants in P2P networks.
This may actually benefit the network by weeding out those nodes which are asymmetric leech-only types.
I have DSL too, and it sucks hard not being able to use my inroute to help my downroute (Bittorrent), or to lose download capacity whenever someone hits my website.
If a decent ISP shows up with non extortionist pricing for symmetric connections, and static adressing (v4 or v6) then Im definitely switching.
> than identical chunks?
Hm. Yup, I agree that identical dupes are rarer than similar bits. That's why CPD discards comments and whitespace - so that it doesn't get thrown off by an extra newline or a "// copied from foo.c". I kind of feel like there's a continuum here - for example, if you ignore the variable names, you might find a lot of "duplicate chunks" that look like this:But does that really qualify as a duplicate code chunk? It's more of a language idiom.
Well, anyhow, you're right, there's a lot of ways of looking at this sort of thing. Fun stuff!
The Army reading list
I don't think it's fair, moral, ethical, right, good, proper, decent, or a Good Thing, but I believe there's legal precedent. I don't think you can go after ISPs, or, say, an entire country if the packets get routed all over the place, but if I give you a bomb and you give it to a terrorist, aren't you just as liable as I would be if I gave it to them directly?
If you have knowledge that the contents are likely infringing and you transmit them to someone else, you are liable. I believe that "Oh, I didn't know what I was routing" will hold as much water as "But I didn't know that 'share my 40 gig mp3 collection with everyone in the world'-option was turned on"
Why do you think that you are required to hold the entire file to be accountable for it? If that was the case, then you and your friend could each store half of each mp3 and exchange them back and forth so you never actually hold the entire mp3. No way, it's not going to stand up in court.
Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche
RTFA -- the contents of the packets you are passing are encrypted. The only way to get around it would be for the RIAA to run the node hosting the file AND watch the packets reach your machine.
But if the RIAA is uploading the file, are you infringing if you download it?
If you want your idle bandwith to be used, try using Bit Torrent. It generally works well and you upload as you download. Honestly, the fact that more systems don't have this approach is sad. People don't seem to understand the ideas behind a paged, data multiplexing system.
"If you are a dreamer, a wisher, a liar, A hope-er, a pray-er, a magic bean buyer
Subject : Seems an awful lot like Freenet..
..with the same strengths (privacy) and weaknesses (slow).
My asymmetrical DSL connection just won't work well with a system like this. I don't have the bandwidth to act as a node that relays data for the sake of maintaining your anonymity. If we all had T3 connections in our home this would be great, but we don't.
I have a DSL connection with a p2 266, 128MB RAM, Redhat 8.0.
I find that my DSL connection is plenty of bandwidth the only thing that slows me down on Freenet (to the point of being unusable) is that it is written in *shivers* Java. Its a huge memory hog.
Candle burns its brightest in the dark
For computers, if you really want anonymity, you use encrypted files, broadcast everywhere always, and always listen to every packet (which you have to do anyway to select out yours) and see if it's yours. If it is, you keep it, otherwise ignore it and pass it on. Granted, this will not find the "most direct" route from source to target, but it is the most secure.
Network speed / anonymity are conflicting tradeoffs with the current implementation of the infrastructure.
Observation: if everyone always captures the whole file - like what if you just copied and stored every single packet that came your way, and everyone did this - then how could "ownership" be enforced? Would this (assuming it's technically feasible) be a Good Thing? I'm not sure I know how to answer that one...
"There are a dozen opinions on a matter until you know the truth. Then there is only one." - CS Lewis (paraprhase)
Of course not! You gave me a package that I couldn't open (encrypted) and had no idea what the contents were and asked me to deliver it. I had no idea that you were a filthy rotten terrorist sympathizing commie pinko scumbag.
I can see why you posted as an AC, because if you really believe this, there are some folks down along the US-Mexico border who would love to use your services. Ever heard of "mules"? They transport "packages of unknown contents and/or origin" across the US/Mexico border. Guess what happens when a mule is caught with a payload that contains illegal contraband? I can tell you that they don't escape jail time by claiming they didn't know what was in the payload.
It's only a matter of time before the same doctrine is applied consistently when it comes to transmission of illegal/infringing content across a network. Those of you who think Freenet/MUTE/etc. will somehow come to your legal defense might be surprised at how quickly those communities will scatter like leaves in the wind when the Feds come knocking.
As a previous poster mentioned, ignorance isn't an excuse for one's actions in the eyes of the law. If you are stupid enough to allow encrypted traffic to pass through a node under your control, with no idea of what exactly you are allowing to pass, expect to face the consequences.
My ISP might have something to say about that...
The ______ Agenda
Copyright definition does not meet the definition of theft. Check your words before you use them.
I think freenet works on a slightly different premise that the location of the file is unknown even to a user inserting a file into the network, much less anyone else. That means the file that I upload won't neccesarily reside on my machine for retrieval but on an area (or several areas) of the network that provides the shortest path to the most requests for that piece of information (which is of course encrypted). Requests go directly to the wherever the info is rather than necessarily to me.
MUTE would work quite differently in that nobody neccesarily knows who/where I am. Each node simply knows that the neighbouring nodes know more or less about who/where I am, and as such passes the information in the direction "most likely" to get the info to me. If my node happens to receive info intended for me, then the journey's over.
What's not so clear is how to stop propogation of info along nodes that have no idea who/where I am (broadcast nodes), since this amounts to (bandwidth) waste, especially if the info has long since gotten to its destination.
Cool idea though, and I'm looking forward to seeing how they work out these issues.
Say for instance I have a Metallica mp3 being shared out. What's to stop the RIAA from just downloading said mp3 and then using netstat to see who is sending them pieces of it? After that they could try to sue everyone who's providing even a small part of the whole mp3, couldn't they?
My patience is infinite, my time is not.
Hey, i allready got like 5 people connected w00t my aim is daphreak07 my icq is 17654783 EVERYONE put alias's of your file folders in the shared folder Lets test this out I'm downloading at 20k some mp3's right now Working quite well My only complaint is the compete lack of msging, But I'm used to WASTE From what I can tell this is just a striped down Easier to use WASTE Personaly I like waste better but thats just me
come comment on the madness at http://slashdot.org/~phreak03/journal/
Incorrect.
You don't say *I* have XYZ. You say, "Virtual Address A123B456C has XYZ". Only you know that YOU are A123B456C -- the best your neighbors can do is realize that A123B456C must be close to them, because they have strong hints to route through you to reach A123B456C. Similarly, you can't ever nail down who asked for the file, because you just start seeing packets that say "Z789 wants XYZ". You'd have to be able to sniff a huge part of the network to find out who started asking for it first with any degree of certainty, because a node can't tell if its neighbors asked for XYZ, or are merely relaying one of their other neighbors, or one of THEIR neighbors, etc.
The trick is that the system NEVER says WHERE A123B456C is, only who to route to in order to get "closer" to A123B456C. When you get packets headed for A123B456C, you (being the owner of address A123B456C) just happen to keep them, and not route them onwards. Even not routing isn't dangerous, because anyone who could observe THAT would just assume that your routing table has A123B456C as closer to the person who sent YOU the packet, and they have you as closer or don't know where it is -- that might tell them that one of you is A123B456C, but it might also mean that you just don't have good routing data either. Impossible to prove, that's the key.
Virtual addresses, whose owners never identify themselves, are the key.
And, of course, simply keeping all of the packets for A123B456C when you're NOT the owner of that address won't buy you crap, because you'd have to brute-force-decrypt every at least one of them against to determine the AES key (or the RSA private key, if you can somehow determine which packets were used for the key exchange). The RIAA doesn't have the resources to do that on any sufficient scale to make a difference.
Xentax
You shouldn't verb words.
Even if they did use the approach that "we noticed this illegal file going to his IP address" they would need to prove that you were the one willfully hosting and distributing the file, not your neighbor in apt 44b.
Maybe you should ask why your DSL is so asymmetric.
Why are asymmetric connections so much cheaper and more common? Data flow is not more expensive one way than the other. Is it the man trying to keep the masses consuming what he dishes out, and keep them from distributing their own content?
beyond normal TCP level routing, the program is doing it's own routing on top of that. tracing utilities will not work when you have routing being done at the application level. traceroute is not gonna work here because the routing is happening above the IP level (read: no ping/tracert). as long as each node isn't logging all routed traffic (which it shouldn't) then the moment a byte is forwarded on it's forgotten.
example:
Node's X, Y, Z
-node X wants items A from node Z
-node Y is an intermediary
-a request for A is sent (at app level) from X to Y
-node Y forwards (at app level) request to node Z
-node Z responds to node Y
-and node Y responds to node X
traceroutes from X to Z are impossible because the nodes are identified by a application level network name and not an IP address, thus X doesn't know Z's IP, only Y's IP and that Y is able to talk to Z.
Even the screenshots on that site clearly show distribution of copyrighted material that shouldn't be there after all.
At the moment, I'm more concerned about the fact that I can't legally listen to CDs I've bought on my computer anymore. I'm pretty pissed about the fact that I had to return one CD back to the shop, that I bought few days ago. (And, yes I emailed BMG about this.)
Although the tool has a good design, the fact that there are no pre-defined routers makes the tool almost useless to most potential file swappers. It would be nice if there was a couple IP addresses pre-configured, or at least some mention of where to look for a start up group, i.e. an irc channel. The author basically expects many people to come together and share their own files with each other. Although this might have good intentions, the other sharing networks which all contain pre-configured routers and are ready to go "out of the box" are going to be used, not this tool.
I am not sure, but is there a reason that ISP's have to keep logs of who used what IP address? If they did'nt then it could make the whole issue dissapear.
As a previous poster mentioned, ignorance isn't an excuse for one's actions in the eyes of the law.
"Ignorance of the law" does not mean the same thing as "plausible deniability".
If congress passes a law making it illegal to twiddle one's thumbs in public, and I do not realize this, then the idea of ignorance not giving me an excuse applies - The fact that I did not know about the anti-twiddling law does not exempt me from its penalties.
If, on the other hand, I run a shipping company (such as FedEx), no one could reasonably expect me to know the contents of every package I deliver. I have plausible deniability about knowing that I delivered, sone illegal package, and unless someone can prove that I knew the contents of that package and delivered it anyway, I would have no legal liability for its contents.
The same applies to file sharing and routing schemes such as MUTE uses. If I somehow don't know that trading (some) MP3s online violates the law, too bad, the RIAA can still screw me. If I allow my computer to serve as a waystation for packets, arguably for the same of overall network efficiency, why would I have any responsibility for those packets?
The word "waystation" gives me another good analogy - Harboring a fugitive breaks the law. Running a hotel that happens to unknowingly have a fugitive staying there does not.
but what do i know, i'm just a model.
Well I'll probably get a RTFA because I'm not sure this would work, but fundamentally, the more a p2p protocall/program/implementation maintains anonymity and encryption, isn't it just that much easier for the RIAA to pollute it with bogus mp3s? Couldn't they "log-out" and "log back in" or whatever the equivalent concept is, with different handles/user names/whatever each time? If this technique can't track a file source's IP address, which would seem to be the whole point of going through all the obfuscation so the RIAA can't figure out who you are and sue you, then how would you be able to "blacklist" anybody who's collection is full of bogus tracks...like say some server the RIAA sets up to pretend to be 100s of users. In fact, if the "neighbor encryption" concept is good enough that you can't tell which users are near which other users, it wouldn't even matter if the RIAA used a block of 100s of IPs all in the same domain. As long as they log-out and log back in say every 10 minutes, you'll never be able to keep your search from finding them again. You could download one test file before downloading a whole album, but 10 minutes later, you might find the same bogus user again on a new search.
Oh fine, rape my cable connection. My address is 24.208.214.50, port 4900.
this program's killer app is in evading law enforcement... copyright and homeland security implications be damned.
Oh for heaven's sake. Do you really believe that terrorists are using P2P to transmit secret plans? Why in the world would they do this? The thing about P2P is that you can't really control who gets your files. Does that really sound like something that would appeal to a terrorist?
At first, this was a hard decision to make, to mod parent down, or to give up my mods to reply (I'm sure you'll figure out what I decided). I've been researching software piracy on the internet for the last 10 years. My research has shown conclusively that complaining on Slashdot isn't going to stop this network from sharing copyrighted materials nor would any safeguards built into the program... they would be circumvented almost immediately just like people used to wrap files up in fake mp3 files to get them into napster. Now, if you had some ideas on how to tell the difference between a good file and a bad file, or who should have the power to censor, please speak up, because it's a lot more complicated than you think. How would you solve the problem of defining what safeguards would keep a anonymous network from being filled with irresponsible file trading and still not take away features for a successful market for free speech?
This project does not obviate the rights of other copyright holders any more so than http, or email, or even AOL. Any copyright safeguards added to this kind of project would go completely against the idea of free and unrestricted speech, and don't forget fair use! Is it morally wrong when I buy a game, the cd gets scratched, and I have no recourse but to go spend another 50 dollars on another game just for the license? We all know we don't pay for the software; we pay for the license to use that software. It's really a bad example because I haven't paid for a game in a long time, nor have I seen very many games that are even worth playing in a long time. Or how about this one, is it immoral for me to download a full game before I buy it to see if it's even playable on my computer? Every thing else I buy from the store comes with a money back guarantee normally, and if it doesn't work, they'll fix it. Is it moral for a company to sell me a game that really sucks and not allow me to return it?
More importantly, Free [Anonymous] speech, at least in my country is one of my inalienable rights. This project is not aimed at taking away rights from copyright holders; it's about something completely different, Free Speech. Arguably the most important right we have (at least in the US) is the right to free speech. Free Speech, like our other rights, isn't just handed to us on a silver platter. It's our responsibility to us, the people to go forth and implement our rights. This project isn't just a new network to download Paris Hilton sex tapes. This project and others like it, are the cornerstone to ensuring that we keep our god given rights in the information age. We have to ensure that we have some sort of mechanism to guarantee free speech and that's what the Free and Open Source Software is really about.
You're right about one thing; the FOSS movement really is the antithesis of Copyright. The very existence of the GPL threatens it. While I may not see its end of Copyright while I'm alive, it is an antiquated and dying beast. The system is so full of special interests and loops holes that it only serves to hold back man kind and stifle innovation and make the super rich even richer. Those with the most lawyers hoard other people's inventions, become filthy rich, and tell other people what they can and cannot do. I'm not sure that I will see the end of copyright during my day, but the FOSS movement will make copyright worthless someday. What value will software have when you can find something free that works better?
And BTW, nothing is going to stop SCO from bitching either. Their ship (the traditional software development model) is sinking and they're just trying to clutch onto FOSS to stay afloat.
::i visited slashdot and all i got was this lousy sig::
No. It's because most people have a gut feeling that taking a physical object from someone else deprives the owner of the object, but making a copy of an intangible thing, at zero marginal cost, leaves the original untouched, and doesn't appear to deprive anyone of anything. Fear of punishment doesn't really factor in, because if I could make near-free molecular copies of Sears' products, I WOULD, because it would just feel right to break the law of artificial scarcity.
Still, most people understand that the artists who create the intangible need to eat and might need an added financial incentive if they're going to create more (expensive) works, and so they'll gladly support them by going to unique movies, unique concerts, buying scarce merchandise, by directly donating/patronizing, by buying celebrity endorsed products, etc.
--
Power to the Peaceful
P2P systems that rely on the users manually bootstrapping to a second connection aren't going to catch on until a well known list of stable master servers is provided. This is too hard for the average p2p user when compared to the almost zero intellectual cost of entry to something like the fasttrack network. I remember edonkey2000 having some teething problems in this regard also.
YLFIOne god, one market, one truth, one consumer.
wtf, it's not stealing... there is nobody being disadvantaged... media is coppied, not stolen, there is no disadvantaging the end user, if i could go to sears with a little raygun, point it at a product, duplicate it, and take it home, i would... at which point i suspect that there would be little need for currency under those circumstances anyway. now, in this current situation, an artist signs on with a label in a contract, the label publishes the music, the end user pays the record store, the record store pays the label, the label uses that money to sue people, the artist makes barely enough to eat and pay the rent. i'm not seeing how it disadvantages anyone but the record label because by means of darwinian evolution shouldn't exist in the near future anyhow. artists should begin to make deals with record stores and or make their music downloadable on web sites... i would hapily part with my hard earned cash if i knew it were going directly into the hands of the artist that i know and love. i'm all for supporting the artist, but the labels are obsolete.
May the coffee god Smile upon you!
In theory, mute beats the problem of using queries and traffic analysis to see who's sharing what.
However, since we no longer have a way of identifying those we download from and blacklisting malicious hosts, we are more vulnerable to an old problem:
The file you think you're downloading could actually be a trojan that scans your shared directory and reports back to 'mama'. This along with a traceroute report to a known server and whatever it could conjecture are your personal details from productivity software, registration info, web autocomplete etc.
So some form of pseudonymous reputation management system could be built in to mitigate that problem.
OR, there can be an anti-malware app out there tuned to the kinds of nasties you'd find on p2p.
Ideally both should be used, as each results in an arms race.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
In theory, mute beats the problem of using queries and traffic analysis to see who's sharing what.
Mmmf. I'm dubious.
This sounds like a really neat project to play with (I like to bat around P2P ideas as well.).
However, I'm going to assume (I can't tell from the routing document) that something here is incorrect.
The TTL mechanism is UtilityCounter. You attempt to obscure the real TTL by randomly moving it around. However, it's still pretty easy to simply send a number of messages until a TTL range 20 apart is reached. The host distance is then identified. Thus, a map of the MUTE network may be built, though it will take more packets than the GnutellaNet.
The main concerns I have with the MUTE protocol relate to flooding vulnerability. This is the same problem that GnutellaNet suffers from (and I have been working on in my own time). MUTE, however, is *extremely* vulnerable to flooding, far more so than GnutellaNet, for a number of reasons:
* MUTE shoves data packets through the MUTE network. GnutellaNet sends them directly.
* MUTE has phenomenally large TTLs, averaging 100.
One can probably destroy a massive MUTE network (unless I'm missing something in the routing protocol) with no more than a modem by flooding the network with data transfer packets of 32KiB (the largest the MUTE protocol allows) and bogus to virtual addresses.
I'd be interested in knowing whether there's an IRC channel for MUTE, since I'd be interested in poking at the design a bit. If any MUTE developers read this, would you point me in the right direction?
May we never see th