Slashdot Mirror
MUTE: Simple, Private File Sharing
oohp writes "MUTE is a new file sharing network that provides easy search and download functionality while protecting your privacy. It does this by routing all messages through a network of neighbour connections, using virtual addresses and encrypting all the traffic (using RSA for public/private keys and AES for the actual encryption). MUTE's routing mechanism is inspired by ant behaviour. The program is available for Linux, Windows and Mac OS X."
The way they explain things shows that the single reason for this software is to trade files that belong to the RIAA.
They might have wanted to think twice before doing that.
The RIAA hasn't learned that necessity is the mother of invention. While they try hard to shove substandard products down our throats (oh yeah I'm sorry, the last Brittany album is a "work of art", my bad") we try hard to pick the weat from teh chaff. Lets face it, if I could by an album with at least 5 good cuts on it, I woulnd't be spending my time taking the albums I own and making MP3 version of just he "good songs". If the Recording industry even paid the artists what they agreed to I might feel guilty about the occasional MP3 download. Since the recording industry has a regular habit of screwing their "artists", I don't.
PS: RIAA - can you prove that I didn't by that PIL album back in 1986, and am now just D/L ing a legitimate eletronique copy? If the encryption on mute is any good, the answer is no. Thankfully I still have my PIL vinyl in case I get dragged into court.
AngryPeopleRule
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
I could be wrong, but I think you may be reaching here.
I've never heard the ant analogy used to describe Freenet. Also, it seems likely to me that you haven't tried it and are just assuming that privacy implies slowness (you may be right, but maybe not). Lastly, if a p2p network is just beginning, it's very likely to be slow due to a lack of users rather than inherent technical limitations of the network itself.
Actually, the software features have nothing to do with what was actually ruled upon today - the RIAA can still get your name and information if the ISP knows your IP address, they just have to file a lawsuit first.
So, this IS still useful.
I think the big difference is that Freenet lets you push content out into the net, whereas MUTE still works with the standard client/server model where the data must first be requested before being transmitted.
It's good to have the alternative. It's been awhile since I've checked out Freenet, but one of the fears I had for the system was that it would be susceptible to spam. If everybody took to trading their MP3's using it, for instance, the remedy on the part of the RIAA would be to simply publish terabytes of nonsensical data. MUTE doesn't seem to suffer from this weakness.
(although there still is the problem of the file you downloaded actually being the file you requested.)
Is this truly the only Earth I can live on?
I don't think it's fair, moral, ethical, right, good, proper, decent, or a Good Thing, but I believe there's legal precedent. I don't think you can go after ISPs, or, say, an entire country if the packets get routed all over the place, but if I give you a bomb and you give it to a terrorist, aren't you just as liable as I would be if I gave it to them directly?
If you have knowledge that the contents are likely infringing and you transmit them to someone else, you are liable. I believe that "Oh, I didn't know what I was routing" will hold as much water as "But I didn't know that 'share my 40 gig mp3 collection with everyone in the world'-option was turned on"
Why do you think that you are required to hold the entire file to be accountable for it? If that was the case, then you and your friend could each store half of each mp3 and exchange them back and forth so you never actually hold the entire mp3. No way, it's not going to stand up in court.
Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche
RTFA -- the contents of the packets you are passing are encrypted. The only way to get around it would be for the RIAA to run the node hosting the file AND watch the packets reach your machine.
But if the RIAA is uploading the file, are you infringing if you download it?
For computers, if you really want anonymity, you use encrypted files, broadcast everywhere always, and always listen to every packet (which you have to do anyway to select out yours) and see if it's yours. If it is, you keep it, otherwise ignore it and pass it on. Granted, this will not find the "most direct" route from source to target, but it is the most secure.
Network speed / anonymity are conflicting tradeoffs with the current implementation of the infrastructure.
Observation: if everyone always captures the whole file - like what if you just copied and stored every single packet that came your way, and everyone did this - then how could "ownership" be enforced? Would this (assuming it's technically feasible) be a Good Thing? I'm not sure I know how to answer that one...
"There are a dozen opinions on a matter until you know the truth. Then there is only one." - CS Lewis (paraprhase)
As a previous poster mentioned, ignorance isn't an excuse for one's actions in the eyes of the law. If you are stupid enough to allow encrypted traffic to pass through a node under your control, with no idea of what exactly you are allowing to pass, expect to face the consequences.
My ISP might have something to say about that...
The ______ Agenda
Say for instance I have a Metallica mp3 being shared out. What's to stop the RIAA from just downloading said mp3 and then using netstat to see who is sending them pieces of it? After that they could try to sue everyone who's providing even a small part of the whole mp3, couldn't they?
My patience is infinite, my time is not.
Incorrect.
You don't say *I* have XYZ. You say, "Virtual Address A123B456C has XYZ". Only you know that YOU are A123B456C -- the best your neighbors can do is realize that A123B456C must be close to them, because they have strong hints to route through you to reach A123B456C. Similarly, you can't ever nail down who asked for the file, because you just start seeing packets that say "Z789 wants XYZ". You'd have to be able to sniff a huge part of the network to find out who started asking for it first with any degree of certainty, because a node can't tell if its neighbors asked for XYZ, or are merely relaying one of their other neighbors, or one of THEIR neighbors, etc.
The trick is that the system NEVER says WHERE A123B456C is, only who to route to in order to get "closer" to A123B456C. When you get packets headed for A123B456C, you (being the owner of address A123B456C) just happen to keep them, and not route them onwards. Even not routing isn't dangerous, because anyone who could observe THAT would just assume that your routing table has A123B456C as closer to the person who sent YOU the packet, and they have you as closer or don't know where it is -- that might tell them that one of you is A123B456C, but it might also mean that you just don't have good routing data either. Impossible to prove, that's the key.
Virtual addresses, whose owners never identify themselves, are the key.
And, of course, simply keeping all of the packets for A123B456C when you're NOT the owner of that address won't buy you crap, because you'd have to brute-force-decrypt every at least one of them against to determine the AES key (or the RSA private key, if you can somehow determine which packets were used for the key exchange). The RIAA doesn't have the resources to do that on any sufficient scale to make a difference.
Xentax
You shouldn't verb words.
Maybe you should ask why your DSL is so asymmetric.
Why are asymmetric connections so much cheaper and more common? Data flow is not more expensive one way than the other. Is it the man trying to keep the masses consuming what he dishes out, and keep them from distributing their own content?
I am not sure, but is there a reason that ISP's have to keep logs of who used what IP address? If they did'nt then it could make the whole issue dissapear.
As a previous poster mentioned, ignorance isn't an excuse for one's actions in the eyes of the law.
"Ignorance of the law" does not mean the same thing as "plausible deniability".
If congress passes a law making it illegal to twiddle one's thumbs in public, and I do not realize this, then the idea of ignorance not giving me an excuse applies - The fact that I did not know about the anti-twiddling law does not exempt me from its penalties.
If, on the other hand, I run a shipping company (such as FedEx), no one could reasonably expect me to know the contents of every package I deliver. I have plausible deniability about knowing that I delivered, sone illegal package, and unless someone can prove that I knew the contents of that package and delivered it anyway, I would have no legal liability for its contents.
The same applies to file sharing and routing schemes such as MUTE uses. If I somehow don't know that trading (some) MP3s online violates the law, too bad, the RIAA can still screw me. If I allow my computer to serve as a waystation for packets, arguably for the same of overall network efficiency, why would I have any responsibility for those packets?
The word "waystation" gives me another good analogy - Harboring a fugitive breaks the law. Running a hotel that happens to unknowingly have a fugitive staying there does not.
this program's killer app is in evading law enforcement... copyright and homeland security implications be damned.
Oh for heaven's sake. Do you really believe that terrorists are using P2P to transmit secret plans? Why in the world would they do this? The thing about P2P is that you can't really control who gets your files. Does that really sound like something that would appeal to a terrorist?