Slashdot Mirror

← Back to Stories (view on slashdot.org)

MUTE: Simple, Private File Sharing

Posted by michael on from the freshmeat dept.

oohp writes "MUTE is a new file sharing network that provides easy search and download functionality while protecting your privacy. It does this by routing all messages through a network of neighbour connections, using virtual addresses and encrypting all the traffic (using RSA for public/private keys and AES for the actual encryption). MUTE's routing mechanism is inspired by ant behaviour. The program is available for Linux, Windows and Mac OS X."

8 of 523 comments (clear)

  1. well this is circumventing... by garcia · · Score: 5, Insightful

    The way they explain things shows that the single reason for this software is to trade files that belong to the RIAA.

    They might have wanted to think twice before doing that.

    1. Re:well this is circumventing... by chatooya · · Score: 5, Insightful

      You know, we do have free speech in this country (most of the time). There's no reason to shy away from saying that this software is designed to avoid getting spied on by the RIAA. It's perfectly legal to code it and to use it.

  2. When will they learn by cluge · · Score: 5, Insightful


    The RIAA hasn't learned that necessity is the mother of invention. While they try hard to shove substandard products down our throats (oh yeah I'm sorry, the last Brittany album is a "work of art", my bad") we try hard to pick the weat from teh chaff. Lets face it, if I could by an album with at least 5 good cuts on it, I woulnd't be spending my time taking the albums I own and making MP3 version of just he "good songs". If the Recording industry even paid the artists what they agreed to I might feel guilty about the occasional MP3 download. Since the recording industry has a regular habit of screwing their "artists", I don't.

    PS: RIAA - can you prove that I didn't by that PIL album back in 1986, and am now just D/L ing a legitimate eletronique copy? If the encryption on mute is any good, the answer is no. Thankfully I still have my PIL vinyl in case I get dragged into court.

    AngryPeopleRule

    --
    "Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
  3. The Sender is quite vulnerable... by ThosLives · · Score: 5, Insightful
    This reminds me of an interesting bit of educated fiction I read about information passing methods used in intelligence communities (i.e., spy rings). The problem with this type of system is that you will always know the source of the (in this case) file. So, if you want to get the person sharing the file, you just back up the tree from anywhere. For instance - once you knoa a packet has stuff that you don't want sent, you can just back up the "sent from" arrow-tree and arrive at the sender, then send your cops or whatever to the point of entry. However, you have no way to locate the recipient quickly. This is NOT a Good Thing in some peoples' books, to be sure. The most secure information trasportation mechanism is the double-blind drop: the info source drops the [message] at some location, then the recipient picks it up from that spot. The recipient and sender do not know each other. (In spy rings, that means if one of them gets captured, the other one can't give info about them - the only weak point is the drop-point).

    For computers, if you really want anonymity, you use encrypted files, broadcast everywhere always, and always listen to every packet (which you have to do anyway to select out yours) and see if it's yours. If it is, you keep it, otherwise ignore it and pass it on. Granted, this will not find the "most direct" route from source to target, but it is the most secure.

    Network speed / anonymity are conflicting tradeoffs with the current implementation of the infrastructure.

    Observation: if everyone always captures the whole file - like what if you just copied and stored every single packet that came your way, and everyone did this - then how could "ownership" be enforced? Would this (assuming it's technically feasible) be a Good Thing? I'm not sure I know how to answer that one...

    --
    "There are a dozen opinions on a matter until you know the truth. Then there is only one." - CS Lewis (paraprhase)
  4. Netstat by visgoth · · Score: 5, Insightful

    Say for instance I have a Metallica mp3 being shared out. What's to stop the RIAA from just downloading said mp3 and then using netstat to see who is sending them pieces of it? After that they could try to sue everyone who's providing even a small part of the whole mp3, couldn't they?

    --
    My patience is infinite, my time is not.
    1. Re:Netstat by SydShamino · · Score: 5, Insightful

      Well, they could sue their own ISP, since it provided all the bits to them.

      Of course, the ISP didn't know that it was transferring Metallica.

      It could sue every ISP that delivered a bit.

      Of course, those ISPs didn't know that they were transferring Metallica.

      It could sue every user that passed a bit.

      Of course, those users didn't know that they were transferring Metallica.

      ---

      There really isn't a difference between any of the above examples, legally, unless any layer KNOWS that they are transferring material illegally. And the users can claim that THEY only trade bootlegs of Pearl Jam live sessions, which are just fine. It's not their fault that others use the system for other songs.

      --
      It doesn't hurt to be nice.
  5. Re:This will not protect you from the RIAA by Xentax · · Score: 5, Insightful

    Incorrect.

    You don't say *I* have XYZ. You say, "Virtual Address A123B456C has XYZ". Only you know that YOU are A123B456C -- the best your neighbors can do is realize that A123B456C must be close to them, because they have strong hints to route through you to reach A123B456C. Similarly, you can't ever nail down who asked for the file, because you just start seeing packets that say "Z789 wants XYZ". You'd have to be able to sniff a huge part of the network to find out who started asking for it first with any degree of certainty, because a node can't tell if its neighbors asked for XYZ, or are merely relaying one of their other neighbors, or one of THEIR neighbors, etc.

    The trick is that the system NEVER says WHERE A123B456C is, only who to route to in order to get "closer" to A123B456C. When you get packets headed for A123B456C, you (being the owner of address A123B456C) just happen to keep them, and not route them onwards. Even not routing isn't dangerous, because anyone who could observe THAT would just assume that your routing table has A123B456C as closer to the person who sent YOU the packet, and they have you as closer or don't know where it is -- that might tell them that one of you is A123B456C, but it might also mean that you just don't have good routing data either. Impossible to prove, that's the key.

    Virtual addresses, whose owners never identify themselves, are the key.

    And, of course, simply keeping all of the packets for A123B456C when you're NOT the owner of that address won't buy you crap, because you'd have to brute-force-decrypt every at least one of them against to determine the AES key (or the RSA private key, if you can somehow determine which packets were used for the key exchange). The RIAA doesn't have the resources to do that on any sufficient scale to make a difference.

    Xentax

    --
    You shouldn't verb words.
  6. ISP logging by Arch-out · · Score: 5, Insightful

    I am not sure, but is there a reason that ISP's have to keep logs of who used what IP address? If they did'nt then it could make the whole issue dissapear.