Slashdot Mirror
MUTE: Simple, Private File Sharing
oohp writes "MUTE is a new file sharing network that provides easy search and download functionality while protecting your privacy. It does this by routing all messages through a network of neighbour connections, using virtual addresses and encrypting all the traffic (using RSA for public/private keys and AES for the actual encryption). MUTE's routing mechanism is inspired by ant behaviour. The program is available for Linux, Windows and Mac OS X."
...although CPD was able to find a few duplicate chunks.
The Army reading list
...with the same strengths (privacy) and weaknesses (slow).
My asymmetrical DSL connection just won't work well with a system like this. I don't have the bandwidth to act as a node that relays data for the sake of maintaining your anonymity. If we all had T3 connections in our home this would be great, but we don't.
An A for effort though. Implementations on most of the major platforms, with source code, and a neat analogy to how ants work to make it all understandable to the lay audience. Nifty.
(interesting that this story gets posted the day the federal appeals court forbids exactly the tactic by the RIAA this software attempts to work around.)
Is this truly the only Earth I can live on?
The way they explain things shows that the single reason for this software is to trade files that belong to the RIAA.
They might have wanted to think twice before doing that.
MUTE's routing mechanism is inspired by ant behaviour.
Rumour has it that the RIAA is secretly developing software that emulates a giant maginfying glass...
Sheesh, evil *and* a jerk. -- Jade
Well, I just installed it at home (thanks, VNC!) and did a search for "mp3" assuming that would generate a lot of hits but haven't seen anything happen. The docs are sparse, to say the least. "Is this thing on?"
Trolling is a art,
I know that we DO need one that both protects the user's identity, and one that does not pass your downloads through my asymmetrical connection.
Perhaps a web of trust is in order? Everybody exchanges AES256 keys, and only then can you transfer files on the network.
This is a much better approach than Legal or Court based ones. You can always count a crazy judge to screw things up. But good hard encryption and hidden internet paths are a much larger stumbling block to the likes of the RIAA, which is on the whole, technically incompetant.
Even IF they win the court battle with ISP's (they just took a hard knock in the last court case) there won't me much left for them to do if their ability to track is lost.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
... though from the top-level technical pages, the author(s) seem to think the idea is novel. Can someone explain how this compares to onion routing?
Mencken had it right. So glad that's old news.
How is this system different from Freenet in it's design?
Both seem to use a system of specilization for data, so that a specific node carries a series of data is one specific area, more than others. This is VERY useful, in that nodes can learn about what each one carries.
It also seems similiar in that routing is intelligent enough that nodes can hint to each other about a specilization, and share routing information..
I'm not knocking either project, I'm just not informed enough. What is the major differences? Wouldn't it be equally do-able to just replace the routing engine in Freenet, if that is the design goal?
The pacakage seems to be a very Freenet/Frost like utility, passing messages about the locations of keys around the anonymous ether.
-Colin
Colin Davis
All I got was a 404 when I tried to find the Crowds homepage (AT&T research labs), but it was one of the privacy-enhancing technologies I looked at while doing my thesis. It's a similar concept with connecting to many different nodes than directly with who you want to communicate with, download files from, etc.
People say I'm crazy, I got diamonds on the soles of my shoes...
sounds like the old anon email software mixmaster.
Why did anonymous email die, anyway?
The RIAA is investigating the purchase of several supercomputers.
The RIAA hasn't learned that necessity is the mother of invention. While they try hard to shove substandard products down our throats (oh yeah I'm sorry, the last Brittany album is a "work of art", my bad") we try hard to pick the weat from teh chaff. Lets face it, if I could by an album with at least 5 good cuts on it, I woulnd't be spending my time taking the albums I own and making MP3 version of just he "good songs". If the Recording industry even paid the artists what they agreed to I might feel guilty about the occasional MP3 download. Since the recording industry has a regular habit of screwing their "artists", I don't.
PS: RIAA - can you prove that I didn't by that PIL album back in 1986, and am now just D/L ing a legitimate eletronique copy? If the encryption on mute is any good, the answer is no. Thankfully I still have my PIL vinyl in case I get dragged into court.
AngryPeopleRule
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
No matter what, you can ALWAYS see who you are connected to. If A gives a file to B, but it actually goes through C, D, and E, then if it is determines that the content is infringing, then C, D, and E are all responsible too. Ingnorance is no excuse. Of course, IANAL, but I think this would be great for the RIAA, since they could theoretically sue just about anyone who RUNS this, since they're essentially ALL uploaders.
Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche
That's all there is to it. As long as you have an IP, there will be a method to trace. No software is 100% secure, and IP's are still used apparantly for this product.
It's like anonymous email. Yea, right, that't a real offer.
Call now and I got a bridge to sell for only 2 payments of $19.95. This is a $50 million dollar offer, but it's yours if you CALL NOW.
Come on, it's old.
MUTE - a song sharing system for deaf people...
From excellent karma to terible karma with a single +5 funny post...
The files do not belong to the RIAA. Few if any of the files on Kazaa belong to the RIAA (and only if the RIAA is actually listing them for download).
Well, thats a good point: sites with crappy upload speeds will not be valuable participants in P2P networks.
This may actually benefit the network by weeding out those nodes which are asymmetric leech-only types.
I have DSL too, and it sucks hard not being able to use my inroute to help my downroute (Bittorrent), or to lose download capacity whenever someone hits my website.
If a decent ISP shows up with non extortionist pricing for symmetric connections, and static adressing (v4 or v6) then Im definitely switching.
I used to use Kazaa on my DSL, but had a tendancy to get infected/bogus files. Then I switched to eDonkey and looked for published links to known good files. After that I always got good/safe files. I did notice eDonkey was MUCH slower. But I just adjusted my expectations and qued up many files that I wanted. Then I would add new files each day and check out the completed downloads as well. Once a que is going, it doesn't feel like a long wait!
This network sounds like it could be used the same way, only it is even safer. Also, folks could share files longer and feel safe in their privacy.
I know what you mean and you shouldn't be modded as flamebait (well, it's debatable) but heres the thing: File sharing networks and a new(er) concept in the way we are implementing them now days. There is a lot of research at places such as MIT (and other up-and-coming, less known campuses) into P2P networks and such. It's a rather exciting field to be involved in right now with new ideas coming up all the time.
I haven't used MUTE but it sounds like they use onion routing or some derivation of it. To me, that's interesting. Perhaps they are doing something Freenet is not? Then again, perhaps not.
Anyways, if you're interested in networks, graph theory and have some creative energy then P2P network research may be for you. ALthough most systems we see today are not very practical, they seem to all be trying to head to a certain goal: anonymous, encrypted file sharing. We are seeing the bandwidth costs these have but I digress.
So, even though we may not practically need another file sharing protocol, it's important people keep working on ideas and implementations so we can move the state of the art forward. I think many of these pioneer systems are laying the groundwork for a whole field of study within computer science as one day we will all have many networked devices that need to share information and the pure client-server approach will just not do it.
"If you are a dreamer, a wisher, a liar, A hope-er, a pray-er, a magic bean buyer
Didn't someone from nullsoft release WASTE that did just that?
I wonder what ever happened to it.
Here, CPD isn't looking for plagiarism; instead, it's looking for opportunities for refactoring.
I've played Waste the encrypted private network tool started by Justin Frankel.
MUTE sounds similar. Has anyone tried both? How do they compare?
nuclear iraq bioweapon encryption cocaine korea terrorist
I can't find any mentions of seed nodes here, I guess they don't plan on hosting one. That makes it kind of hard to use until you get some of your friends to use it too... Anybody feel like throwing out some MUTE node IP addresses so we can test this bitch?
-73, de n1ywb
www.n1ywb.com
Dear File-Swapping Pricks,
You may try to avoid us as much as you like. However, we have other means to discover who you are and sue you into oblivion. We have already employed Miss Cleo and we are willing to unleash her fury whenever we want to! Yes, Yes! Oh god, yes! You cannot hide from Miss Cleo when she picks your name randomly from a phone book.
We are also aware that there is a great deal of high-speed file sharing going on at your "LAN Parties". We will begin to infiltrate your so-called "LAN Parties", so that you cannot hide from us even from there! So, please ignore the balding lawyer taking pictures of your computer screens.
FEAR US!
The RIAA grows stronger by the day. No longer do we just sue people about music, but we have teamed up with SCO to protect their copyrighted information as well. Today, we are officially launching lawsuits against all those that dare share Linux Distros through Bit-Torrent, at "LAN Parties" or over any other sharing method!
We will continue to sue you until you learn that you cannot live without buying every CD that comes out, even if its not music that you like! Yes! You will give us all your money or you will suffer our wrath!
Sincerely,
David Bowie
and the RIAA
Not to draw flames, but what use does anyone put these p2p networks to other than pirating copyrighted media? If there was a p2p network where you could be assured that the only available music/video available were by indie artists who WANTED to share, then that would be terrific. Unfortunately, the behaviors of p2p users have only strengthened the case for DRM. The architecture of this one is obviously meant to thumb its nose at the RIAA.
As their Sourceforge page says, it only aspires to pseudo anonymous P2P.
There's no indication in the program of being "connected" nor is there a connect command, and searching results in nothing.
...
.... ? Not sure whtas wrong.
If you look at the "MUTE" file in the folder, apparently it's an error log. Here's what mine says:
L4 | Wed Dec 31 21:50:52 1969 (937 ms) | ConnectionMaintainer | Trying to add a new connection.
L4 | Wed Dec 31 21:50:52 1969 (937 ms) | ConnectionMaintainer | Trying to connect to katcher.2y.net:4900
L4 | Wed Dec 31 21:50:58 1969 (296 ms) | ConnectionMaintainer | Timed out connecting to host.
L2 | Wed Dec 31 21:50:58 1969 (296 ms) | ConnectionMaintainer | Connection failed to katcher.2y.net:4900
L4 | Wed Dec 31 21:50:58 1969 (406 ms) | ConnectionMaintainer | Adding a connection failed.
L4 | Wed Dec 31 21:50:58 1969 (406 ms) | ConnectionMaintainer | Trying to add a new connection.
L4 | Wed Dec 31 21:50:58 1969 (406 ms) | ConnectionMaintainer | Trying to connect to monolith.2y.net:4900
L4 | Wed Dec 31 21:51:03 1969 (406 ms) | ConnectionMaintainer | Timed out connecting to host.
L2 | Wed Dec 31 21:51:03 1969 (406 ms) | ConnectionMaintainer | Connection failed to monolith.2y.net:4900
L4 | Wed Dec 31 21:51:03 1969 (406 ms) | ConnectionMaintainer | Adding a connection failed.
L4 | Wed Dec 31 21:51:03 1969 (406 ms) | ConnectionMaintainer | Trying to add a new connection.
L4 | Wed Dec 31 21:51:03 1969 (406 ms) | ConnectionMaintainer | Adding a connection failed.
So apparently katcher.2y.net:4900 is the "connect" server, or something. It's trying to connect to it every 5 seconds. I can ping it OK so
Joseph?
Now I just noticed the date/time also.. not sure where it's getting that... My BIOS clock is correct and it shows the right date in Windows.. :O
Joseph?
One user mentioned a bandwidth concern, I would like a adress it.
I was working on a project like this, and am now looking into contributing to GNUNet, a similar project. My framework had peers moving data in a similar way as these ants. The way I looked at it was that most of the time I select some files, let them download, and come back later. I'm sure the downloading takes only ten or twentey minues, but I'm at work or busy otherwise. Once I'm done downlaoding my computer just sits there folding. The bandwidth is going un-used!
There is plenty of bandwith sitting idle out there, so long as the ants are clever enough to avoid busy relays noone will really notice the drop in their performance. I think that they would have a similar approach (it seems it would work this way as a concequene of their ant design).
I sincerely hope that one of these true P2P private networks takes off in a big way, till then I will support them in every way I can.
md5sum
d41d8cd98f00b204e9800998ecf8427e
This looks pretty cool, but it seems like there will be problems when nodes go on and offline, since broadcasts get used to find nodes. Won't nodes that come and go periodically cause problems -- or is this a non-issue?
Roving Web-Teleoperated Robot
Couldn't the RIAA just subpoena (theoretically) all the ISPs to find out which IP addresses are accessing this program? From what I gather, this program might be able to mask the actual downloads, but the RIAA could still prove that someone's computer was attached to the network (vs. the RIAA currently being able to state the actual music files being shared). I think the other concern would be that since each user is helping to transmit data files between users, it is probable that users will be hitting the downloading/uploading caps some of the broadband providers are instituting.
And for another question to the readers: why aren't people renaming the file types of MP3s shared? People have been doing this with "adult-oriented files" to fool AOL, Yahoo, Tripod, and other providers for years (i.e. labeling an MPEG file as a TXT or Word file and then have the end user rename them once the download is completed)...
"Right now, somewhere in this world, Scott Baio is plowing a woman he doesn't love," - Peter Griffin, *Family Guy*
Server1: Protect the Queen!
Server2: Server 2 thinks it's the master browser and is calling for an election. Which one's the queen?
Server3: I'm the Queen.
Server2: No you're not.
Freedom! Horrible, horrible freedom!
Server log ends.
Not only that, but the data being moved could be purely a bunch of 1's and zeros. For example, if I pass through a GZIP'ed version of a file... I send it through in chunks through various sources (even Kazaa will chunk files). For example:
(where Z is the final recipient, and A B C are senders of file chunks, others are random users in between)...
A--->G--->Z
B--->H--->Z
C--->J--->Z
Neither G, H, or J have an actual copy of the file, at most they have is a partial-derived work, or a bunch of bits passing through their bandwidth.
Now, Kazaa goes straight with A-->Z, B--->Z etc, by adding middlemen A, B, and C can be virtually unknown from the perspective of Z, and Z somewhat unknown from the perspective of A.
Anonymity for both side... and the middlemen don't actually have anything more than a few bits. How could anyone go after them when they don't have any copyrighted content on their PC's?
Install and connect to 208.191.148.152 [side note, watch my poor dsl line get slash doted] From what I can see its a W.A.S.T.E like aplication thats designed for a larger network arcatecture (automatic key transfer, less privacy and exclusion, but still better than kazaa) The icon for the program is a straight rip off of the waste trumpet For those of you in the know this comes from a book called the crying of lot 49, its a muted trumpet That is a sign for a secret postal service.
come comment on the madness at http://slashdot.org/~phreak03/journal/
If you want your idle bandwith to be used, try using Bit Torrent. It generally works well and you upload as you download. Honestly, the fact that more systems don't have this approach is sad. People don't seem to understand the ideas behind a paged, data multiplexing system.
"If you are a dreamer, a wisher, a liar, A hope-er, a pray-er, a magic bean buyer
Who's palm do I have to grease to get a decent article put on Slashdot?!?
....
That's not exactly how it works.
First, apply the grease to your own palm.
Then apply greased palm to a Slashdot editor
I'll not say more; I'm already making myself nauseous.
-kgj
-kgj
It doesn't matter how much you encrypt, there is always a final link where someone gets the illegal material from someone in the system whose IP address they have. Make that person liable, and the system will fall apart.
How did you "add" servers? I cant find anything like that.
Joseph?
Nice application, but why do these programmers keep wanting to use ports higher than 1024? Most firewalls will block it. Now what I want to see is an application like this or BitTorrent to use port 80. This way it will get thru proxies and firewalls without having to pull your hair trying to get it to work... uh, at work ;)
This is a test. This is a test of the emergency sig system. This has been only a test.
Besides which, some clients, such as Shareaza make use of multiple protocols (in this case, BitTorrent, EDonkey, Gnutella, and Gnutella2) in an attempt to unify those protocols. Not a bad idea, really. That said, I'm still waiting for them to add support for the WinMX networks.
--- Bwah?
Most "SWM"s on /. would mistake "SWF" for the Flash file format.
:)
Then they'd give you a good talking-to about not using SVG.
I claim first use of "Error No. 0B" - or "No. 0B error." It'll be the new ID 10T!
For computers, if you really want anonymity, you use encrypted files, broadcast everywhere always, and always listen to every packet (which you have to do anyway to select out yours) and see if it's yours. If it is, you keep it, otherwise ignore it and pass it on. Granted, this will not find the "most direct" route from source to target, but it is the most secure.
Network speed / anonymity are conflicting tradeoffs with the current implementation of the infrastructure.
Observation: if everyone always captures the whole file - like what if you just copied and stored every single packet that came your way, and everyone did this - then how could "ownership" be enforced? Would this (assuming it's technically feasible) be a Good Thing? I'm not sure I know how to answer that one...
"There are a dozen opinions on a matter until you know the truth. Then there is only one." - CS Lewis (paraprhase)
It's working great for those of us that have established private P2P networks with our friends.
but couldn't you create this with JXTA? I mean, It's a neat idea but doesn't JXTA already do all this? Except the bit about the ants...
Never by hatred has hatred been appeased, only by kindness - the Buddha
What else (besides the few who really advocate it purely for freedom's sake) do you think an "untraceable" network is for?
this is the ultimate product of RIAA's legal offensive. they have taken clear-text piracy, and driven it to encryption underground. it would be much harder for them to do anything about piracy with this in place.
More importantly, I can't believe how many people seem to think this is a valid approach to the problem.
First of all, anyone who writes FOSS should not be involved in developing these projects. Quite simply, this project is aimed at abrogating the rights of the copyright holder. If you develop FOSS, you too rely on copyright to protect your rights to distribute your code as you see fit. Why are you helping people to obviate the rights of other copyright holders? Doesn't this seem just a little antithetical?
Now, before the argument about how developers aren't responsible for how their software is used, well to a point I agree. But, I don't think that you can hide behind this with a clear conscience. Joe Sixpack can't write this software on his own, so if you aren't legally an accomplice, you are ethically and morally. As for the software being used for legal mechanisms, well and good, but that doesn't mean that you could not have built in safeguards to prevent it from being used for unlawful purposes...
Next, this is not the way to make the point to RIAA. For Joe Sixpack, the complaint is generally about the cost of music and so on and so forth. Well if Sears charges too much for _insert product here_ you buy it somewhere else. You don't go into Sears and steal it. Apparently this is simply because to do so means running a high risk of getting caught. So because the chance of getting caught is lower, that somehow justifies theft? Because that is what it is in the end. Rather than steal from RIAA, deprive them of income by lawful means, spend your money elsewhere. With all the artists in the world, I guarantee you can find some what create music you like, without having to resort to theft.
RIAA has proven that they will resort to the courts and legislation as their first considered reaction. Since most folk seem to abhor the legislation RIAA has had there hand in to date, why are you fueling that fire? Do you really think RIAA is going to relent? As long as you continue to abbrogate their rights, they will continue to lobby for more and more legislation. If you choose other alternatives, RIAA does not have a leg to stand on, what are they going to do, get Congress to pass a law forcing you to buy music only from their members? Not likely. If you vote with your dollar instead of voting by compromising your morals, perhaps some of those member organizations will reconsider their membership. But as long as people circumvent their rights, and deprive them of revenues thereby they will continue as they have to this point. If people vote to deprive them of income by exercising their other options, RIAA members will have little recourse but to reconsider their policies, which is what you all purport to desire.
Lastly, I _KNOW_ why I dislike RIAA, and why I won't conduct business with their members. My problems stem more from being a creator as opposed to being a consumer. For those of you who are only consumers, when you choose options that give RIAA grounds to complain, you are quite succinctly stating that you make your choices based on greed, just like RIAA does. It all comes down to the old adage, two wrongs do not make right.
P.S. Doesn't anyone realize that SCO can point to these software projects as anecdotal "proof" that FOSS developers seek to undermine copy and property rights? Why give them more ammunition in their FUD campaign?
"Talk minus action equals nothing" - Joey Shithead, D.O.A.
"Talk minus action equals
Copyright definition does not meet the definition of theft. Check your words before you use them.
Say for instance I have a Metallica mp3 being shared out. What's to stop the RIAA from just downloading said mp3 and then using netstat to see who is sending them pieces of it? After that they could try to sue everyone who's providing even a small part of the whole mp3, couldn't they?
My patience is infinite, my time is not.
Let me preface that I'm neither a lawyer or all that knowledgable about networks...
If I read it correctly, the RIAA can still get subpoenas. It has to do so with a judge involved, tho, making it much more expensive and time consuming.
Having subpoenas on the cheap would allow them to put up an automated version of the client, pull a download, do a netstat, and then have someone that checks if a "valid" file arrived. If it did, they'd subpoena everyone that they connected to, and that would be that.
Now, they can't use a cheapo subpoena method. MUTE is actually perfectly timed.
Jonathan
24.49.37.195 208.191.148.152 131.155.229.140 80.161.130.57 68.49.20.146 216.180.213.130
Hey, i allready got like 5 people connected w00t my aim is daphreak07 my icq is 17654783 EVERYONE put alias's of your file folders in the shared folder Lets test this out I'm downloading at 20k some mp3's right now Working quite well My only complaint is the compete lack of msging, But I'm used to WASTE From what I can tell this is just a striped down Easier to use WASTE Personaly I like waste better but thats just me
come comment on the madness at http://slashdot.org/~phreak03/journal/
After reading the ant behavior thing I did an experiment. Let's just say releasing a smelly "pheremone" trail to the filing cabinet is a good way to make people not like you.
796F75617265616E65726400
Incorrect.
You don't say *I* have XYZ. You say, "Virtual Address A123B456C has XYZ". Only you know that YOU are A123B456C -- the best your neighbors can do is realize that A123B456C must be close to them, because they have strong hints to route through you to reach A123B456C. Similarly, you can't ever nail down who asked for the file, because you just start seeing packets that say "Z789 wants XYZ". You'd have to be able to sniff a huge part of the network to find out who started asking for it first with any degree of certainty, because a node can't tell if its neighbors asked for XYZ, or are merely relaying one of their other neighbors, or one of THEIR neighbors, etc.
The trick is that the system NEVER says WHERE A123B456C is, only who to route to in order to get "closer" to A123B456C. When you get packets headed for A123B456C, you (being the owner of address A123B456C) just happen to keep them, and not route them onwards. Even not routing isn't dangerous, because anyone who could observe THAT would just assume that your routing table has A123B456C as closer to the person who sent YOU the packet, and they have you as closer or don't know where it is -- that might tell them that one of you is A123B456C, but it might also mean that you just don't have good routing data either. Impossible to prove, that's the key.
Virtual addresses, whose owners never identify themselves, are the key.
And, of course, simply keeping all of the packets for A123B456C when you're NOT the owner of that address won't buy you crap, because you'd have to brute-force-decrypt every at least one of them against to determine the AES key (or the RSA private key, if you can somehow determine which packets were used for the key exchange). The RIAA doesn't have the resources to do that on any sufficient scale to make a difference.
Xentax
You shouldn't verb words.
Whoever developed this played Sim Ant a bit too much about ten years ago.
I found it interesting that mere days after Clay Shirky article was posted on slashdot, a program that essentially describes his solution is posted.
If you haven't read the article, you can find it here:
The Article
It's a pretty solid concept as far as defeating the RIAA for another round. I find it interesting that no matter what the RIAA does, someone always counters it. You figure they would adopt a new strategy, instead of just wasting enormous amounts of money on annoying everyone.
David Novosel "Two roads diverged, and I - I took the one less travelled by."
I didn't know ants were encrypting their pheromone! ;-)
When your ISP cancels your account for excessive usage you might change your mind.
:-)
A song from iTunes: 99 cents.
Keeping your Net connection: priceless.
But unfortunately, there is no central server (like gnutella or Napster 1.0) whereby one can simply launch the program and begin acquiring hosts. Maybe this should be a "bugfix" or feature consideration for the next version...
$DEITY bless $NATION
That's what Steve jobs said last week to Rolling Stone (yeah, I know, ancient news...). Jobs said people don't want to pirate, they want a quick way to get music. That's part of the reason iTMS is doing as well as it is.
Now, get the prices down on the songs, and I'll start buying. $1 is too much for a song I will listen to for a week and then delete.
Maybe you should ask why your DSL is so asymmetric.
Why are asymmetric connections so much cheaper and more common? Data flow is not more expensive one way than the other. Is it the man trying to keep the masses consuming what he dishes out, and keep them from distributing their own content?
Yet the RIAA will blame me as well as everyone else. They have already shown that they believe that *everyone* is a thief.
Why should anyone act differently? Even if there was a massive boycott of Industry music, the RIAA will still lobby for laws favorable to themselves, and anti-consumer/citizen/fair use. If you're going to get screwed, might as well have something to show for it.
OT - I still don't understand how with more content created every day than ever before, how and why copyright has gotten longer and longer. EMOT -Why are there so many ACs in this thread? Get a pair and log in, you pussies.
Would you be interested in sharing how you're doing that? I am seriously intrigued by your idea, and would like to set one up of my own.
Thanks!
beyond normal TCP level routing, the program is doing it's own routing on top of that. tracing utilities will not work when you have routing being done at the application level. traceroute is not gonna work here because the routing is happening above the IP level (read: no ping/tracert). as long as each node isn't logging all routed traffic (which it shouldn't) then the moment a byte is forwarded on it's forgotten.
example:
Node's X, Y, Z
-node X wants items A from node Z
-node Y is an intermediary
-a request for A is sent (at app level) from X to Y
-node Y forwards (at app level) request to node Z
-node Z responds to node Y
-and node Y responds to node X
traceroutes from X to Z are impossible because the nodes are identified by a application level network name and not an IP address, thus X doesn't know Z's IP, only Y's IP and that Y is able to talk to Z.
filetopia has been around for quite some time, they also have a larger user base. They don't use "hops" by default but it is an option.
...these notes will be sent to your neighbours each hinting that they be redirected to codename: "enter the sandman"
-Matt
--- Need web hosting?
Even the screenshots on that site clearly show distribution of copyrighted material that shouldn't be there after all.
At the moment, I'm more concerned about the fact that I can't legally listen to CDs I've bought on my computer anymore. I'm pretty pissed about the fact that I had to return one CD back to the shop, that I bought few days ago. (And, yes I emailed BMG about this.)
Although the tool has a good design, the fact that there are no pre-defined routers makes the tool almost useless to most potential file swappers. It would be nice if there was a couple IP addresses pre-configured, or at least some mention of where to look for a start up group, i.e. an irc channel. The author basically expects many people to come together and share their own files with each other. Although this might have good intentions, the other sharing networks which all contain pre-configured routers and are ready to go "out of the box" are going to be used, not this tool.
-- "For every complex problem, there is a solution that is simple, neat and wrong." -- HL Mencken
Noone else sees the irony of naming a filesharing network MUTE?
I'd be interested in reading your thesis if it is publically accessible.
http://www.geek.com/news/geeknews/2002mar/gee20020 329010951.htm
-insert a witty something-
This is interesting. MUTE is created and coded by Jason Rohrer, the same Jason Rohrer who created and coded konspire2b. Now what is the relationship of these two programs, particularly from the view of their common author? Is he "dumping" k2b in favor of this all-new MUTE?
konspire2b came with a very intersting idea, but the implementation was less impressive. Especially the inability to deal with a "passive" Internet connection (behind NAT and/or firewall) is the reason that it hasn't gained a user base as large as it promised. It is simply a fact that many (if not most) private Internet users are using a passive Internet connection nowaday, and the procentage is even growing.
Now MUTE comes again with a very intersting idea, but as we know, problems of technical details can kill good ideas quite often. Obviously, the concept is in some points similar to Freenet. One of Freenet's biggest problem is, just like k2b, it's inability to deal with pass internet connection. I think this issue may be the corner stone for MUTE, too.
I am negatively biased against Jason, mainly because the "failure" of his k2b, and especially because of the document he published comparing his own k2b to BitTorrent, which earned quite some protests because many factual "findings" in the comparison seem wrong. To be fair, I must admit that since I am a member of the BitTorrent dev team, my opinion in this matter is biased from the start, although it has not prevent me to try out k2b, and will certainly not prevent me from trying out MUTE now.
http://waste.sourceforge.net/
Is this truly the only Earth I can live on?
Trying hard to respect your comment, but I keep thinking of you being "by that PIL album back in 1986" and thereby owning it.
Too bad you're not confusing it with "bi", which can get me hot.
Jim McCoy wrote MojoNation based on the advice he got from them. MojoNation has since then evolved into Mnet and HiveCache.
I think You can find him on irc://irc.freenode.net/mnet or mail him on mnet-devel on Sourceforge.
He should know more about this.
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
I am not sure, but is there a reason that ISP's have to keep logs of who used what IP address? If they did'nt then it could make the whole issue dissapear.
from the page:
"your identity available to spies from the RIAA and other unscrupulous organizations."
If you are the one breaking copyright laws, i dont see how the RIIA could be the "unscrupulous" one. I mean if what everyone wants is to legally share legal files, gnutella would work just fine.
The war with islam is a war on the beast
The war on terror is a war for peace
I read the description of how privacy is protected by directing traffic through "neighbors." In order to hide your IP address there are not any direct transfers. If my neighbors are using dial-up connections do I have to wait for them to upload and download each piece or is the software intelligent enough to route around the "weak" links?
Looking for a job?
Want your resume written professionally?
DON'T USE TUNAREZ!!!
Only I have more specific questions. The major problems with WASTE are as follows, in no particular order:
This is the big one. I cannot specify (by public key) who can access an individual shared directory. Since it already doesn't have any anonymity between users of the network, you don't lose anything by implementing this.
WASTE was designed to be used without centralized management, but has no access control. This is dumb. It means that anyone on the network can add people who can then download your files and suck up your bandwidth when you would rather give priority to people you actually know and care about. As such it is only useful amongst very small groups of people who are all good friends.
I plan to test MUTE very soon, perhaps as soon as this evening, but it would be nice to know if any of these problems with WASTE are addressed in MUTE.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
And here it is done the right way.
Give me Classic Slashdot or give me death!
Very good, quite funny, I wish you had a login though, that is some pretty subtle humour, and Lord knows I love subtle...
"Talk minus action equals nothing" - Joey Shithead, D.O.A.
"Talk minus action equals
but what do i know, i'm just a model.
Also eMule is very good for using idle bandwith. In fact, I'd say it's better than BitTorrent, because you can share more files at once with more easy. I've got 381 files shared (nothing RIAA or MPAA), and 1023 GB uploaded. That's since approximately November 2002 with my consumer ADSL connection.
Lalala
Well I'll probably get a RTFA because I'm not sure this would work, but fundamentally, the more a p2p protocall/program/implementation maintains anonymity and encryption, isn't it just that much easier for the RIAA to pollute it with bogus mp3s? Couldn't they "log-out" and "log back in" or whatever the equivalent concept is, with different handles/user names/whatever each time? If this technique can't track a file source's IP address, which would seem to be the whole point of going through all the obfuscation so the RIAA can't figure out who you are and sue you, then how would you be able to "blacklist" anybody who's collection is full of bogus tracks...like say some server the RIAA sets up to pretend to be 100s of users. In fact, if the "neighbor encryption" concept is good enough that you can't tell which users are near which other users, it wouldn't even matter if the RIAA used a block of 100s of IPs all in the same domain. As long as they log-out and log back in say every 10 minutes, you'll never be able to keep your search from finding them again. You could download one test file before downloading a whole album, but 10 minutes later, you might find the same bogus user again on a new search.
I guess I'm tired from watching LOTR late last night. "easy" in the second sentence should of course be "ease".
Lalala
Hmm...Downloaded it and installed it, but the seed hosts included with the program, katcher.2y.net and monolith.2y.net are not active on port 4900, which seems to be the default port this protocol uses.
The katcher.2y.net address resolves to 128.114.51.108, and monolith doesn't resolve at all. Reverse DNS lookup indicates that everything in that class C netblock belongs to UC Santa Cruz and nothing in there is talking on 4900. Seeing as how the seeders are not talking on port 4900 and there's no reference on the web pages for more of them, I'm going to guess that this program is more about a proof of concept than a serious contender on the p2p field.
-R
Can anyone provide a few IP addresses so I can actually test this thing out? The two main "seed" nodes appear to be slashdotted.
I attempted a download of MUTE via the Time Warner Telecom mirror of SourceForge, and it gave a 404!!! (Another mirror worked, not sure which one. . .)
Time Warner and big media looking out for their best interests???
There's lots of examples of this, if you search on google. The first one I found is in this powerpoint (slide 9). For those of you who don't want to download a ppt, here's the relevant text:
I googled with "learning bridge OR bridges" network switch algorithm.
The idea that nodes go down will probably not be an issue, because you have a (two-way) TCP connection to the node, so you know when it goes down.
P2P systems that rely on the users manually bootstrapping to a second connection aren't going to catch on until a well known list of stable master servers is provided. This is too hard for the average p2p user when compared to the almost zero intellectual cost of entry to something like the fasttrack network. I remember edonkey2000 having some teething problems in this regard also.
YLFIOne god, one market, one truth, one consumer.
$5 / month hosted VPS on linux = awesome!
hey, I signed up for "unlimited" internet... if they dare cut me off for "excessive usage" i'm going to send a bunch of lawyers in a VW bus with LART written on the side to my isp where they will say "NO YUO!" and hopefully get me some money in the process... or at least a bandwidth upgrade
May the coffee god Smile upon you!
Enough talk, where are the hosts??
Do not assume the RIAA is technically incompetent. Even if they are, they have plenty of money with which to buy expertise.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
In theory, mute beats the problem of using queries and traffic analysis to see who's sharing what.
However, since we no longer have a way of identifying those we download from and blacklisting malicious hosts, we are more vulnerable to an old problem:
The file you think you're downloading could actually be a trojan that scans your shared directory and reports back to 'mama'. This along with a traceroute report to a known server and whatever it could conjecture are your personal details from productivity software, registration info, web autocomplete etc.
So some form of pseudonymous reputation management system could be built in to mitigate that problem.
OR, there can be an anti-malware app out there tuned to the kinds of nasties you'd find on p2p.
Ideally both should be used, as each results in an arms race.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
how are these RSA pubkeys distributed?
It seems to me that if they're generated each time you start the app, that you'd need to give the keys to any host that requested them and trust that they aren't performing MitM. They're brand new keys, so they aren't signed and aren't part of any web of trust or certified by a trusted third party.
Key crypto is wankery without key security.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
Well, what with lack of seed IP's to get this whole thing started a few of us got together on efnet and setup a channel to try and get the whole thing moving. We have suceeded in transferring files amongst our selves at reasonable speeds now (we've seen 40-50K which ain't bad). SO come along and join us if you're interested in this new network. efnet #mute-net
These contents may be more useful than the defaults
202.52.36.144 4900
68.61.112.22 4900
24.208.214.50 4900
150.101.30.106 4900
65.71.169.148 4900
68.111.211.154 4900
Can't they both be unscrupulous?
Has anyone downloaded this yet?
After searching with little hope and no response for the song I want, I searched for 'Metallica', but still got nothing.
I searched for 'Britney Spears' (without quotes - those who listen to her are those who cannot spell - 8-year-olds), hell; even searching for 'hot babes xxx' didn't get me any response.
My settings are; Inbound Limit: infinite,
Outbound Limit: infinite,
5 connections to other computers,
Shares from files.
In other news, does anyone know where the excellent WinMX went? And what good p2p applications are there to use in it's stead? Not Kazaa.
You were obviously moderated up by someone who didn't bother to read the article.
The article is completely moronic. The author spends a great deal of time saying that the solution to anonymous P2P is PGP... In fact, PGP is designed to keep two individuals' conversation private, and P2P is supposed to be PUBLIC distribution of files. Sorry, the two are completely unrelated... Encryption is not going to do a dammed thing for normal forms of P2P.
OTOH, trusted networks will, but they do NOT need encryption of any kind, as the RIAA does not (yet?) have the authority to intercept all network communications through your ISP. Private/trusted networks need only to have some way to authenticate that their "friends" are not cops, or the RIAA/MPAA, and encryption doesn't offer that either.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
In theory, mute beats the problem of using queries and traffic analysis to see who's sharing what.
Mmmf. I'm dubious.
This sounds like a really neat project to play with (I like to bat around P2P ideas as well.).
However, I'm going to assume (I can't tell from the routing document) that something here is incorrect.
The TTL mechanism is UtilityCounter. You attempt to obscure the real TTL by randomly moving it around. However, it's still pretty easy to simply send a number of messages until a TTL range 20 apart is reached. The host distance is then identified. Thus, a map of the MUTE network may be built, though it will take more packets than the GnutellaNet.
The main concerns I have with the MUTE protocol relate to flooding vulnerability. This is the same problem that GnutellaNet suffers from (and I have been working on in my own time). MUTE, however, is *extremely* vulnerable to flooding, far more so than GnutellaNet, for a number of reasons:
* MUTE shoves data packets through the MUTE network. GnutellaNet sends them directly.
* MUTE has phenomenally large TTLs, averaging 100.
One can probably destroy a massive MUTE network (unless I'm missing something in the routing protocol) with no more than a modem by flooding the network with data transfer packets of 32KiB (the largest the MUTE protocol allows) and bogus to virtual addresses.
I'd be interested in knowing whether there's an IRC channel for MUTE, since I'd be interested in poking at the design a bit. If any MUTE developers read this, would you point me in the right direction?
May we never see th
No one will ever see a post this far down and this late in the story, but..
According to your article, the NSA may be able to crack 512 bit RSA keys. The 128 bit keys you're talking about are AES keys.
The nice thing about cracking RSA keys is that you only have to try combinations of primes, not combinations of all numbers in the keyspace. It's quite a bit faster than brute-force.
The best public algorithms for cracking AES is not that far off from brute force. Your 128 bit AES keys are still relatively safe.
Silverman estimates that one needs a 1620-bit RSA key to provide security equivalent to a 128-bit symmetric cipher key (e.g. AES).
Hope that helps
Ok, you didn't read the article too well yourself now, did you. He mentions PGP a few times, but in no way does he say that is what P2P networks have to do. For a description of why encrypting the data is important, I point you to a link on the MUTE page:
The Article
I suggest you read the bit at the very bottom of the page. It descibes how encryption can help prevent the RIAA from catching you.
To make a brief summary of the article, the encryption would mean the RIAA could not see what you were trying to find, or even what you were actually downloading. Sure they could know that you might be downloading something illegal, but you could just as easily be downloading a new song your buddy wrote.
So basically, maybe you should educate yourself, before you start making ill-thought remarks.
David Novosel "Two roads diverged, and I - I took the one less travelled by."
I wondered what the hell was going on! Thanks dude.
It's GNU/Linux dammit!
I have created firewall rule allowing all traffic on TCP port 4900 but MUTE doesn't work. There is no documentation with the user distribution or on the sourceforge site either.
Or just move to Canada and download all you like. :)
Don't just stand there, get that other dog!
*nt*
The most burning legal issue is being detected as a file-sharer by RIAA, right? So how does disabling direct connections by routing traffic through mediate nodes achieve that? At least theoreticaly speaking, if RIAA were so inclined, they could deploy a large number of MUTE nodes until they create a situation in which the connection between the pirate-file-sharere and the RIAA-spy-node is completely filled with RIAA nodes (which could practically mean only a few nodes). It seems feasable. RIAA could then sue that sharer for whatever rediculous sum of money they manage to conjur up and cover the cost of this sting operation. So how does the ant protocol deal with this issue? Or did I misunderstand the basic idea behind the procotol in which case my point is MOOT?
The power of Christ compiles you!
join #mute-net on efnet here is a list of seeds: http://www.crimsonreport.com/mute-net/
The whole point is to thwart the type of investigation used by the RIAA where they download a file, then track down and prosecute the sender.
It does not prevent the ISPs from sniffing out who is sending to whom if they were inclined to do so (they aren't).However you may really be onto something with that last idea. You've got extra overhead anyway, so just add a random 0-something number of extra hops on the end. Doesn't have to be many as long as it is fairly random.
Still doesn't conceal the origin from an ISP or an agency tied in at the ISP (Carnivore part 3, anyone?).Good thinking.
Free Mac Mini Yeah, it's
Mute didn't work for alot of people because it was slashdotted. Please post up this URL http://www.crimsonreport.com/mute-net/ It's a list of seednodes.
People don't exist to serve systems, systems exist to serve people.
Well if the servers eventually end up in a country that .
does not care about file sharing, then it will float
Peace,
Ex-MislTech
google "32 trillion offshore needs IRS attention"
Their is a major flaw. RIAA could take the source code an modify the program so that it gives the real address of every node and with a little number of "trap computers" they would be able to bring some people to court.
Yes, he does say encryption is what is needed, indirectly of course... Multiple phrases saying things like the RIAA created "a real-world version of the scenario that drove the invention of user-controlled encryption in the first place." And comments like this one:
In response to the RIAA's suits, users who want to share music files are adopting tools like WINW and BadBlue, that allow them to create encrypted spaces where they can share files and converse with one another.
There are some very very big holes in their arguments. First:
Thus, the RIAA performs a search for "mp3", and your node returns over 1000 results
[...]
the RIAA has all the information that it needs, so it stops right here. With the list of 1000+ infringing songs in hand, it files a subpoena against your ISP
The truth is, they can NOT sue you based upon that information... They need some PROOF that you are ACTUALLY SHARING, and they need proof that those files actually contain the material that the name would seem to indicate. If they don't do that, then they have no basis for a lawsuit, since you can claim that it was anything else.
Now, to the more prudent point:
the RIAA might set up a computer on your local network that would listen to all of your Internet traffic
Now, first of all, that would be completely illegial... The RIAA (wether they like it or not) do not have police powers, and so if they were to listen-in on the network, they would be doing so illegially.
Secondly, that would be technically unfeasable... The RIAA is already wasting much money with this current tactic, so it's incredibly doubtful they would resort to something like this even if it would be legal.
Finally, I never said that encrypt was bad, wrong, etc... Only that it will do nothing on it's own to increase privacy, and that there are many ways where encryption is not even needed.
Take your own advice...
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
celerian is a fag. thatis all.
*MRRP FUCK MRRP FUCK MRRP MRRP FUCK MRRP SHIT*