MUTE Grows In Popularity, Iterations

jcr13 writes "MUTE is a search-and-download file sharing network that uses ant-inspired routing to make both downloaders and uploaders anonymous. Version 0.2 was released today (change log). Since its mid-December 0.1 release, MUTE has risen from complete obscurity to one of the top-ten most active SourceForge projects. Several people have described MUTE as a "third-generation file sharing network," with the first two generations being Napster and Gnutella (and generation zero being the web---remember when MP3s were traded through web pages?). Each generation circumvents the tactics that the RIAA used to squash the previous generation. Alas, each generation is less and less efficient (though MUTE's dynamic routing works surprisingly well). MUTE was discussed in a previous Slashdot story. Oh, and if you are wondering, it's M.U.T.E., lady, an acronym, not "mute," and we had best not go into it any further."

Network size?

[darkov]

So, rather than hyping MUTE, can anyone provide numbers for the network size?

Re:Network size?

[Nucleon500]

How would one collect such numbers?

Re:Network size?

[leviramsey]

You could try to estimate it by number of nodes you've routed messages to or for. If you had enough nodes logging this information and consolidating it, you could, probabilistically, be arbitrarily close to the actual number of nodes.

Or at least it seems that way to me.

Re:Network size?

[BrookHarty]

The website lists 393 seed hosts. Of course, I tried over 40 and couldn't connect. Unless it has really bad nat/firewall support, which is pretty bad, everyone uses nat routers. You have to have to support passive transfers with multi nat'ed hosts.

Re:Network size?

[XBL]

Mine connected to 4 of them automagically.

Re:Network size?

[BrookHarty]

Seems to be a firewall/passive issue, I bound a port and it connected. But didnt work without a bound 4900 port. Strange.

0th gen. was web? what about gen. -1, -2, and -3?

[You're+All+Wrong]

IRC, FTP, and NNTP
File sharing on the web is pretty recent though there was some in the early 90s. IRC file trading was well established by then, and FTP goes way back. And of course NNTP would never have bloomed without the a.s.b hierarchy.

Every generation of kids thinks that they were the generation that invented sex. Every generation of computer users is equally naive too.

YAW.

calling MUTE M.U.T.E is moot.

[robdeadtech]

sorry to go further... but anybody who thinks people are going to pronounce this program as Em. You. Tee. E. and not "myoot" when there is a mute in a trumpet as part of the logo is a dang fool.

-Rob

Re:0th gen. was web? what about gen. -1, -2, and -

[XBL]

IRC, FTP, and NNTP fit into "the web/gen 0" category in this context... as non-P2P apps.

You better watch out old man... or we young punks will invent a new generation of computers that are harder to use than a VCR remote control.

Ants are all very well but..

[aurum42]

From what I can gather from the project page (which is almost entirely presented in the ant colony analogy), this is an interesting idea to ensure anonymity - essentially a routing protocol at the TCP or UDP level, using a probabilistic mechanism to determine reasonably shortest paths. However, I'm not certain what implications this has for bandwidth efficiency, especially for relatively isolated nodes which may have high bandwidth connections to certain NAPs but not others. Might be workable in conjunction with a bittorrent like model with sections of a file downloaded from multiple peers, but keeping track of upload credits might be harder in this case. I doubt this will be much of a barrier to the RIAA however, as they might just decide to go after the machines that are routing the file to their ultimate destination, as this is different from the ISP case (which is still being tried in the courts).

Re:Ants are all very well but..

[computersareevil]

I doubt this will be much of a barrier to the RIAA however, as they might just decide to go after the machines that are routing the file to their ultimate destination, as this is different from the ISP case (which is still being tried in the courts).

You've missed several points:
1. The RIAA can't tell what files are passing through a node.
2. The RIAA can't tell if the file they download from your IP is hosted by you, or you are just forwarding it.
3. MOST IMPORTANTLY, YOU can't tell what files are passing through your machine. That's straight out of Freenet. RIAA may download a file from your IP, but you can prove you had no knowledge that the file was coming from/through your node. No knowledge = no culpability.

Re:Ants are all very well but..

[aurum42]

I did not "miss" any of those points - I was thinking along the lines of a honeypot, where an RIAA minion sets up a server with lots of britney tracks, and watches for connections. I don't know if this is entrapment or not, but probably not. I doubt ignorance of the traffic hosted by your machine will be perceived as a valid excuse by the RIAA or indeed the legal system when the node has voluntarily joined a network primarily used for copyright infringement..but IANAL. If they can threaten an ISP and make them cave in, they can certainly intimidate enough MUTE users to cause a ripple effect.

Re:Ants are all very well but..

[computersareevil]

You've still missed the point. Even if they set up a honeypot and you connect, they have NO WAY to tell if you are requesting the file, or merely passing through a request from another node.

The part about whether or not you can get in trouble by running a node has been addresses by Freenet in their FAQ:

Is Freenet legal?
If by legal you mean not illegal, then yes it is. Of course, anything can be found to be illegal at some point in the future, and the law can be an ass sometimes, so we can make no guarantee about Freenet's future legality.

Can I get trouble if I run a node?
This is related to the previous question. We have done everything we can to make it extremely difficult for any sane legal system to justify punishing someone for running a Freenet node, and there is little precedent for such action in today's developed countries. Many legal systems recognise the importance of freedom of speech, which is Freenet's core goal. Having said that, there is risk in doing anything that your government might not agree with; you should make an informed decision as to whether to take that risk.

Though I do agree that MUTE should tone-down it's anti-RIAA rhetoric or face being labelled strictly as a "network primarily used for copyright infringement", when in fact it is just a secure file-sharing tool. But then morons and governments always like to outlaw tools rather than outlawing behaviour.

Re:Ants are all very well but..

[aurum42]

Thanks for the excerpt. I do appreciate the fact that in all likelihood, any connection to the RIAA honeypot isn't going to be from the user requesting the file - my point is that there have been near-precedents which seem to indicate that this does not matter. For instance, the RIAA took napster, grokster, Kazaa and so on to court for creating a network for file trading, even though none of those companies themselves were (well not as an aggregate) involved in copyright infringement - they merely enabled copyright infringement. Now, in the Freenet or MUTE model, there is no such centralized entity, so if either of those networks takes off, the RIAA will probably start with the scare tactics of issuing subpoenas to any network user they can get a hold of through things like the honeypot. All this is IMO of course, but I think it holds together as an extrapolation

Security holes

[BrookHarty]

I still think you it comes down to the encryption. With enough hosts you could figure out which virtual address are the most reponsive for replies. And make a best guess that person is responsible. Attack in numbers, and then over time, find out which IP's respond, fall back to normal IP logging. Then ask your ISP who had which IP's over time, and go after that user.

I liked how they stated, the virtual addresses and routing tables will be tweaked for best anti-spaming and spoof checking.

Seems like they are working hard on the transport, after thats perfected, then you can add all the features like hash checking, multipart downloads, and file searching.

I like this much better than freenet. Sorry, no internal search engine, and everyone has to give up disk space for cache.

-
Secondlife for programmers, artists and designers.

Re:Security holes

[computersareevil]

With enough hosts you could figure out which virtual address are the most reponsive for replies. And make a best guess that person is responsible. Attack in numbers, and then over time, find out which IP's respond, fall back to normal IP logging. Then ask your ISP who had which IP's over time, and go after that user.

But they can never figure out beyond a reasonable doubt which IP was serving what file. That's an old principle called "plausible deniability", frequently use by both Bush's and Reagan.

If you can't PROVE that file xxx.mp3 came from Billy Bob at IP 123.6.6.6, then you have no case.

Friends don't let friends post.

Re:Security holes

Unfortunately, the concept of "plausible deniability", like most things today, only works for the party who has the support of large corporations, not the opposition.

Just tried it out

[Apreche]

So I played with it for about 15 minutes and I found out a few things. First of all, it is really anonymous. There is no freakin' way to find out who anyone is. All you know are the IP addresses of the people who are directly connected to you on the network. You don't know which files they have or anything. And when you download or upload something you have no idea who is at the other end.

Here are the problems. First off, it is slow and unstable. Not to be unexpected for a non mature project. Another problem is the lack of search results. Searching for led zeppelin, a common band, returned 2 results when I was connected to 20 nodes. That's kind of sad. Last problem is that there are so few features. This is a raw bare bones client. Someone needs to make another client that has more stuff, like DC++ did for direct connect. For now I'll stick to DC for everyday quick p2p and WinMX for those rare hard to find files.

Re:Just tried it out

[TheBoffin]

Led Zeppelin, a common band!!!

PaH!!!

hehe ... they may have their roots in the Midlands, and Planty may well have a black-country accent!! But common ... nah!! lol.

Guess the real problem with new p2p-networks, is having the quantity of folk, with the quantity of required material. Perhaps the 20nodes you connected to were full of Garage or Grunge...?

Bah, these kids today!

and generation zero being the web---remember when MP3s were traded through web pages?

Hell I remember when I actually traded *tapes* with *other people*! I mean I actually went out into the big blue place (eww, sunlight) and after a while I would like be in the same room with another person, or more than one!! And we would use instant messaging, only it was completely audio based and there was no computer or cell phone! The audio came out of my mouth and went straight into the other dude's ear! It was wild!

Sometimes when we wanted to express happiness, or anger, we would scrunch our faces up to look like emoticons, but turned sideways. It's pretty funny to think about it, lol.... :-) Oh yeah when something was funny we would lol not by typing "lol", but by making a "ha ha ha" sound!

Anyway then we would take our CDs and the ones we liked that we didn't own, we'd rip to cassette tape (an early encoding mechanism like MP3, but using particles on a plastic tape, really bizarre .. it didn't take any less space but it was still a lossy format). Man, if only the RIAA knew how to track *that* shit (I still have a few hundred tapes somewhere)...

Anyway I'm glad stuff like MUTE is being developed, because without it, there'd be NO way to listen to other people's music!

Re:Bah, these kids today!

[BigJimSlade]

Several people have described MUTE as a "third-generation file sharing network," with the first two generations being Napster and Gnutella (and generation zero being the web---remember when MP3s were traded through web pages?)

then apparently...

Generation -1: Usenet
Generation -2: Your local "WaReZ" BBS
Generation -3: Swapping disks & tapes.

My grandfather, God rest his soul, introduced me to "free" software at the ripe ol' age of 10, by giving me tapes of "free" games for my Tandy Color Computer 2. A guy he worked with got them (exactly how remains a mystery to me, as this was a *very* small town... think South Park on the east coast, but smaller.)

Ah, the memories...

Re:Bah, these kids today!

The audio came out of my mouth and went straight into the other dude's ear!

That sounds pretty unsanitary, not to mention being Not Safe For Work. Please keep that sort of thing to yourself from now on.

Usenet is P2P

[moncyb]

Errr...NNTP (Usenet) is peer to peer. How do you think all the news servers get their feed? They are peers who pass the posts between each other. Read rfc977. The IHAVE command shows the most obvious proof the protocol was made to be P2P--it is for transferring posts between servers (which are just dedicated peers on the network). You send a post to one server, and it ripples through the other servers--much like a search request on the Gnutella network.

At least it used to work that way, with all the consolidation, we may end up with one big ISP running only one big Usenet server with rec.arts.music.britney.spears as the only allowed group. ;-)

Re:Usenet is P2P

[XBL]

Yeah, I know. There are still servers though. P2P in this context is client-only P2P. No servers.

Haha. Usenet might as well be renamed Spamnet. Most groups are basically 100% spam it seems like. P2P Spamnet... horrible stuff.

Re:Usenet is P2P

[You're+All+Wrong]

P2P simply means that both parties can act as both clients and servers. IRC for file trading is also peer to peer. Ignore the fact that the servers are called servers, you might as well call them hubs for all the serving they do in that context. e.g. when you CTCP TIME, the remote client is the thing that _serves_ the time to your local client. His client is your server, and when he CTCP FINGERs you back, your client is his server. That's what peer to peer is.

YAW.

They need to do some work before I run this

[spRed]

Wet blanket, HO!

This looks like a research project, and the author looks like a researcher. This will never be production code (unless forked).

The source is very hap hazzard right now,
* no LICENSE or COPYING file
* bizzare directory structure
* no INSTALL, README, HACKING files
* no mailing lists (none!)

The head sf admin is head of a bunch of other projects too. I didn't check all of them, but I'm pretty sure he's a _member_ of no one else's project. So you have a guy supporting 10 projects (and maybe more not on sourceforge) who has only written academic code, probably only by himself resume.
He also appears to be gung-ho C++, why not turn the 63k of C++ into 6k of python and worry about features instead of memory management? (bittorrent has proven the bottleneck isn't CPU).

Not a great mix for a successful open source project.

Re:They need to do some work before I run this

bittorrent has proven the bottleneck isn't CPU

Ha! You should check top while running bittorrent some time. Yeah, it uses all of my bandwidth, vs. 25% of my CPU, but that's still a lot of processor cycles just to shuffle some packets back and forth.

Too music-centric

[Nucleon500]

Governments are far too happy to ban the tools instead of just the crime. Copyright infringement is already illegal (as it should be), but since the DMCA, tools like DeCSS with very significant non-infringing uses are illegal. So I fear that at some point, the music industry will try to get P2P itself banned.

There's two battles: technical and legal. The technical battle is easily won - anonymous communication is possible. But as it becomes easier to communicate with true anonynmity, the temptation to ban such communication increases. I think it's pretty clear that such communication is protected speech, but I predict that Congress will pass a bill saying that it isn't. It will eventually fall to the Supreme Court to re-affirm that anonymous speech is protected too.

For this reason, I think it would be better if MUTE promoted itself as a tool for speech, not just copyright infringement.

Bound port??

as in foward it? PLease explain to me the nooooob.

I cant seem to get any connections.

Re:Bound port??

Do a google on port fowarding, your nat firewall should allow port forwarding. Linksys, dlink, etc.

SF.net glory...

[AlXtreme]

Finding it odd that I hadn't heard about this MUTE (M.U.T.E. whatever) thingy earlier and that this project was so active on sf.net, I took a quick look at their statistics. Seems strange huh? Well, this article explains it all.

1 Hype your project, get it slashdotted!
2 Brag about your own project's activity, get it slashdotted again yourself!
3 ???
4 PROFIT!!!

Nice way to keep in the publicity though, could use his PR manager. Self-organizing systems are fun though...

Remember, if you want to use this project

[dasunt]

Share what only is legal - MP3's where the artist doesn't mind sharing, project gutenburg books, etc.

Hey, I can dream...

Re:Remember, if you want to use this project

[OverclockedMind]

doesnt matter if the artist doesnt care about you sharing, doesnt make it legal, as their record label owns them

Generation zero, eh?

[n1k0]

> remember when MP3s were traded through web pages?

Remember when MP3s were traded through DCC and FTP?

Re:Generation zero, eh?

[CoolVibe]

Remember when ASCII porn was traded through Gopher?

Re:Generation zero, eh?

>Remember when MP3s were traded through DCC and FTP?

They still are. You should go on IRC more. Although any FTP sites are private or semi-private these days, but that never stopped me.

As a matter of fact, the highest quality mp3s I have only come from private FTP sites.

Contributory infringement

[Twylite]

Anyone bothered to read the MUTE site should be really worried about now. Apart from technical problems and generally suspicious statements, the entire workings of MUTE place every user at the risk of contributory infringement of copyright.

Why doesn't MUTE protect you? Because the "RIAA node" only needs to download a single copyright file and use netstat to take the address of its peer (neighbour) node. It then has the ability to track you (i.e. the neighbour, via your ISP) and has proof of your contribution to the infringement (you actively provided infrastructure for the transfer of the copyright material).

But they need to show you have knowledge of the activity, right? Wrong. First because they'll just subpoena you anyway and it will cost lest to pay the requested amount than to fight them. Second because they only have to prove on a balance of probabilities that you were aware that your "service" was being used for illicit purposes. More on that later.

You also can't claim that you were just providing a service "like an ISP", because you're not. ISPs protect themselves by being telecommunications carriers (which are largely exempt from monitoring content), or having appropriate AUPs with the customers they provide the service for, or responding in an appropriate manner to compliants. For example if you can't or are not prepared to remove known illegal material from your service when you are notified about it, you become a contributory infringer!

Alright, so why can ISPs get away with it and you can't? Because they have AUPs, because they respond to complaints, and most importantly because there is a significant non-infringing use for their network. MUTE, on the other hand, is described specifically as a network dedicated to preserving your anonymity for the purpose of trading in illegal MP3s without getting caught by the RIAA.

Here's an anecdote for you: a landlord was arrested for pimping and money laundering. When he pleaded ignorance the police demonstrated to the court that they could ask virtually any member of the community where there were prostitutes and drug sellers at the building in question, and the answer would be "Yes". So a "reasonable man" was aware of the problem, yet the landlord tried to protect himself by never looking into it. Running a brothel is an offense that attaches to the property owner -- it is his responsibility to take reasonable measures to ensure that the property is not being used for illegal purposes.

The other problems? Phrases like "military-grade encryption" don't inspire confidence, especially in a system that uses asymmetric cryptography without a PKI (and a PKI in this system would pretty much kill the idea of being anonymous). The "RIAA node" could happily perform a man-in-the-middle attack on all secure connections that are established through it.

In general the documentation on MUTE appears to give little consideration to side-channel attacks, concentrating on how secure and anonymous the system is algorithmically.

Re:Contributory infringement

[computersareevil]

By your logic, Freenet is completely invalid and illegal too, right? Anybody running a Freenet node knows they are running a Freenet node, and so they are responsible for anything you can download from them?

Re:Contributory infringement

[phorm]

And anyone supplying internet services knows people could use them to pirate files...

All it takes is one person (or group) to stand up and make their arguents look stupid... and then we have precedent on our side.

Re:Contributory infringement

[Twylite]

Arguably, yes. You are always potentially at liability when you provide infrastructure. In general if it is reasonable to believe that what you are providing is being used for illicit purposes, you need to take steps to ensure that this is not the case, in order to protect yourself.

That said, I must make it clear that I'm not familiar with the mechanisms of Freenet; and I need to draw your attention to this:

Freenet is free software which lets you publish and obtain information on the Internet without fear of censorship. To achieve this freedom, the network is entirely decentralized and publishers and consumers of information are anonymous. Without anonymity there can never be true freedom of speech, and without decentralization the network will be vulnerable to attack

This is the introductory statement to Freenet. Significantly it is phrased in terms of freedom of speech, and does not mention that it can be used to violate Copyright.

Compare that with MUTE, which is described as a system for preventing the RIAA from catching you in the act.

The fact that Freenet is not clearly intended for violating Copyright, and likely has substantial non-infringing use, will stand for something in court. At the very least the prosecution would have a more difficult job proving that you should have reasonably suspected that your infrastructure was being misused.

something about a nail and a.. *scratches head*(nt

[slithytove]

i said no text:P

Why couldn't the RIAA just...

[Colonel+Panic]

OK, maybe I'm not quite getting the concept here, but it doesn't seem to me that it would be impossible for the RIAA to track where something came from.

I read the MUTE blurb about the ants and the arrows in the forest. So I'm wondering, why couldn't the RIAA send their own 'ants' into the system to experimentally figure out which way the 'arrows' are pointing? Sure it would take a bit of work on their part, but it seems like it could be doable. If node X has built up a lot of information about where messages are being routed and to who (the 'arrows' pointing to paths to various recipients/senders) then those arrows could be followed, and while no node has the complete picture, running enough 'ants' through enough nodes would probably give them some idea. Early on there would be very little of this information, but after a while a lot of this information would exist in the nodes.

Am I missing something?

It doesn't use agents

So I'm wondering, why couldn't the RIAA send their own 'ants' into the system to experimentally figure out which way the 'arrows' are pointing?

I think the answer is that the system is ant-inspired (as far as how ants find efficient routs to food) but it isn't an agent based system meaning that there really aren't any 'ants' that roam the network. 'Ants' in that case would be agents of some sort - code that gets passed along and executed as the message goes from node to node. If it were agent-based, what you're proposing could be done. The RIAA could just write their own 'spy ant' agents and allow them to roam through the system gathering information.

On the otherhand, if it were agent based it might be more difficult for the RIAA to prove that you were willingly infringing. In an agent based system like that the fixed code running on each node wouldn't be doing much: it would just be sitting waiting for agents to arrive, execute the code they carry and pass them along. It would be up to the agents to deposit 'pheromone' information (or to build the direction information) on the node. Perhaps the agent could even 'inject' code into nodes thus adding to the functionality available at a node (this would be easy to do with a very dynamic language like, say, Ruby or Lisp). Since the code running on each node has no clear intent, perhaps it would be difficult for the RIAA or similar entity to prove that you _intended_ to do something illegal (but I'm not a lawyer). "Hey, my computer was just sitting here an these viruses arrived"

An agent-based system like this would sort of be like the MUTE system 'turned inside-out'. Nodes wouldn't 'know' how to do much more than how to run agent code and how to pass agent-code along to other nodes. I guess the agent could even be in charge of figuring out which node(s) to send itself to next.

Of course a system like that would be one huge security risk and nobody in their right mind would want to run one of these nodes unless there were some way to make sure that certain types of operations were not doable by an agent passing by. Perhaps there could be some way to determine if an agent came from a friend or foe so you could determine that you don't want to run the RIAA's ant... Hmmm... sounds like an interesting experiment.

Re:It doesn't use agents

[CatGrep]

An agent-based system like this would sort of be like the MUTE system 'turned inside-out'. Nodes wouldn't 'know' how to do much more than how to run agent code and how to pass agent-code along to other nodes. I guess the agent could even be in charge of figuring out which node(s) to send itself to next.


Perhaps the agent could even 'inject' code into nodes thus adding to the functionality available at a node (this would be easy to do with a very dynamic language like, say, Ruby or Lisp).

An intriguing idea. Speaking of biological inspiration, it almost sounds viral. There is evidence that viruses can have positive effects, for example moving DNA to different species.

some viruses are certainly able to travel quickly through a population - like the flu.


Perhaps there could be some way to determine if an agent came from a friend or foe so you could determine that you don't want to run the RIAA's ant...

Sort of like an immune system. Somehow we would need a way to reject agents of unknown (or known hostile) origin.

On the otherhand, if it were agent based it might be more difficult for the RIAA to prove that you were willingly infringing

Yes, the initial code running on a node would probably be fairly simple.
Also the 'injected code' would only reside in memory. It would be very difficult (impossible) for them to find out what you had been running after you turned off the power. Of course this could also be a dissadvantage since after you powerdown you lose all that 'injected' code, but it could issue a request for an update after powering up again, I suppose.

Of course a system like that would be one huge security risk and nobody in their right mind would want to run one of these nodes unless there were some way to make sure that certain types of operations were not doable by an agent passing by

Allow file copying from certain directories only, and disallow file deletion anywhere. I'm sure there would be more security details like don't allow 'system' commands to be run.


sounds like an interesting experiment.

It does. I'd like to prototype something like this. Agents (or Ants if you like) would have to also carry payloads (the files to transfer). When an Ant reaches it's destination it would drop off the payload. Perhaps multiple destinations could be specified for an ant if the file being transferred was popular.

Re:something about a nail and a.. *scratches head*

(nt) doesn't work on Slashdot. If we all have to read the "i said no text", you just end up looking silly.

generation zero is still alive and kicking

[axxackall]

and generation zero being the web---remember when MP3s were traded through web pages?

I still use web and only web to keep my MP3 collection with songs I like. Everything is legal: goto Google and get what you want without any suspicions from stupid RIAA :)