Slashdot Mirror
Is Rodi BitTorrent's Replacement?
tilleyrw writes "From ZDNet Blogs: 'Rodi is a small-client P2P application, written in Java, that improves on BitTorrent by allowing both content searches and full anonymity. It's released under the General Public License (GNU). Even your IP address can be hidden using Rodi through a process called "bouncing." That is, if A wants a file from B, they get C to agree to stand-in on the exchange. B gets C's IP address, not A's. Through IP Spoofing A can even hide their identity from C. Rodi can also be used from behind corporate firewalls and LANs using Network Address Translation (NATs), something most home gateways have.' "
Now I can anonymously download all of those legal Linux distributions, and non-licensed music I've been holding off on, and nobody will be the wiser, mwahahaha!
-Jesse
Nothing says "unprofessional job" like wrinkles in your duct tape.
First Post?
__
Laugh Daily funny free videos
I'd hate to be C.
If someone says he and his monkey have nothing to hide, they almost certainly do.
So,
Someone can download illegal and immoral content and the server will have a record of my IP?
I don't think so.
Even if it is well known that my IP wasn't the final destination.
The Internet is full. Go Away!!!
I think Bit Torrent is here to stay. The most useful new features from Rodi (like IP anonimity) will eventually be implemented in Bit Torrent.
Other anonymous filesharing systems currently avaliable/in development
MUTE
ANTS p2p
GNUNet
and not specifically filesharing, but the I2P anonymity layer allows for anonymous bittorrent amongst other things.
Of these, I've found I2P is excellent, although requires a little time investment in setup, and MUTE seems quite promising - speeds are reasonable for an anonymous p2p system, but the user base is currently tiny. I've not had too much luck with ANTS, and haven't tried GNUNet
Curiosity was framed. Ignorance killed the cat.
I'm curious... would 'C' be seen as a Common Carrier in this case, much like ISPs ?
If not... could they be 'liable' for any of the more shady/outright illicit material passing through them from B to A as they've willingly and knowingly become part of this Rodi thing ?
( Not to be confused with thousands of hacked boxes through which spam/viruses/etc. get sent, as I doubt most owners of those boxes aren't willingly and knowingly part of a spam/botnet )
Sorry, the correct link is here
Every few weeks news, another modified version of BitTorrent comes along which promises better search or less tracking. From the standpoint of a person operating a legal BitTorrent site, all of the things that these guys are stating as a feature, I would definitely not want. I most certainly want to track my users, run up statistics and use all of that to better inform my users of how well certain files are doing. I know many are just interested in making new anonymous p2p apps for warez, but their unending focus on it can't be helping the stigma against such p2p apps. Many will say "but! but! the opressed political activist in China! what about him?!" yeah.. I'm sure the teenage mp3 sharer really cares about that guy with his new anonymous p2p warez sucker.
With Bittorrent, I am actively working on one single file.
This means that the RIAA/MPAA can only ever see that I am sharing one single file.
Compare and contrast with kazaa etc where my entire drive (shared folders) are available.
BT doesn't give anonymity, but it gives limited accountability, they can't prove I was uploading any other files unless they themselves connect to each one of them at the same time I am downloading. Once my client is closed, then bye bye.
liqbase
...is to embrace on-line distribution - even p2p itself!
.RIAA/etc_torrent of "Movie ABC" for $X that could only be used by their client software (iTMS, MusicMatch, etc) to download the music video or movie or what have you, then encrypt it. (This is what Apple does with the iTMS and why DVDJon was able to create another client that buys iTMS tracks but doesn't encrypt them.)
Look at how the iTunes Music Store put a dent in on-line music sharing by providing a better shopping experience and keeping the price low enough that people will choose it over p2p.
Now if the RIAA/etc would recognize the benefits of p2p for distribution of large files, they could benefit from companies like Apple and Napster running storefront trackers. The user would purchase the
The benefits would be an on-line revenue stream, lower costs of network bandwidth because of the torrent, and a way to win favor with the p2p file sharers today.
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
Distributing Java programs is tricky. Adding JNI DLLs makes it trickier. Write Swing and you know the interface is there, for free. You can distribute a jar file with a manifest and nothing else; no path problems, no DLL hell, just double-click the icon (hopefully). Path of least resistance.
I'm not saying Swing is better, just easier to distribute (and more widely known; again, path of least resistance.)
And I'd say the greatest SWT application ever is Eclipse.
1) There is no significant protection here. A and B have to agree on a proxy. All the MPAA/RIAA has to do is a have a list of acceptable intermediate nodes C that are owned by them and not easily traceable to them, and push them out on the network. Now there is end to end encryption, but the MPAA knows who is talking to whom.
Combine this with periodic searches as a client for restricted content, and you've got a list of people offering probable restricted content.
They can even get trickier and start advertising content with filenames that sound right (but of course really just say "you're busted, neener neener"). In this case they act as B, the machine with the content, and they can have a very selective list of intermediate nodes (C) also controlled by them. In short, with a small farm, maybe 30 boxes, the MPAA is right where they are with Kazaa and other P2P applications.
2) There's nothing new here. This is just a stripped down version of anonymous remailers/onion routing, sans encryption.
3) The latency overhead of hopping to a node in between will be significant (as seen with tor), and probably kill the app. Not to mention the assymetric encryption overhead.
In short, it raises the bar a little, and for that is a good thing, but I'm afraid it's not raising the bar enough to make a difference for people who want to download copyrighted content (sorry).
" Will it install Malware, adware, nagware like Kazaa? I still stick with Unet groups."
/. stating that no one will make mention of unet^H^H^H^H, um, never mind
Shhh!!!, there's an unwritten rule on
Sam
That one of the biggest BitTorrent trackers in the world, The Pirate Bay has just closed...
He makes a point. While bittorrent has been under fire from the RIAA and the like, many of us (myself included) feel that this is inappropriate. The argument being that Bittorrent is just a way to more easily share files.
Rodi,however, seems to add the ability to conceal your identity. I would have to side with "the man" on this one as this feature does nothing but facilitate illegal file sharing via anonymity.
In a way, it makes it harder to attack Bittorrent. As an analogy, it's legal to own a handgun even though guns can kill, but it's still illegal to put a silencer on that gun.
A goal is a dream with a deadline
The most useful new features from Rodi (like IP anonimity) will eventually be implemented in Bit Torrent.
I'm not sure if Bram Cohen would agree - he made BT to share software, not to pirate music or videos. Adding anonimity to BT is just what the lawyers need to say BT was MADE for copyright infringement.
I find it kind of sad that even on Slashdot there is the "if you aren't doing anything wrong then you have nothing to hide" mentality. I would like to be able to expect privacy even when I'm doing something *legal*.
The expectation of privacy also counts when exercising your freedom from unreasonable search... you have to have an expectation of privacy. It's sad that ours has gotten so eroded that we no longer seem to have one. Our own culture undermines the bill of rights... Good hack on the government's part, but -sigh-
Politics, Culture, Food?
This would be the first step in the evolution to anonymous p2p, it's a good compromise, and way better than the current method, where everything is done in plain view. If (or more likely, when) the thought police starts attacking this, _then_ we can move to the fully paranoid networks.
--
Stay tuned for some shock and awe coming right up after this messages!
Who cares if A can hide their identity? B can't.
There are no trails. There are no trees out here.
Why not just use TOR???
TOR
Well, I am not saying that this is how this works, but in theory the following is possible:
B = sender
A = receiver
C, D = intermediaries
We assume that intermediaries cannot be held liable for their intermediacy. Thus the "vulnerable" parties are A and B. Thus A and B must be protected from any other party, including each other.
For any sent packets that are UDP-spoofed, (spoof) appears after the step number.
Here's a scenario that achieves that:
1. A selects intermediary C, and requests customer id Q; C associates Q to A's IP address.
2. (spoof) A sends search request R for an object O to D.
R contains customer id H, C's IP address, and key K.
3. D broadcasts request to entire network.
4. B receives request R and decides it can satisfy it.
5. (spoof) B encrypts object O with key K and sends it to C.
6. C forwards encrypted O to A.
Now, let's analyze it:
C does not know the address of B, thus B is protected from C.
C also does not know the content of O as it is encrypted, thus A is protected from C.
D does not know the address of A, thus A is protected from D.
Since D has broadcast the request further on, D does not know that B has replied, thus B is protected from D. As a corollary, B is also protected from A.
Further indirection and cloaking can be introduced to avoid the situation where both C and D are in on the game, in which case A will be detected.
Yes, because the pirate is not closed, it is down for upgrades. You can read it here (in swedish :P): http://pirazine.blogspot.com
(yes this can be compared with sex)
Rodi can also be used from behind corporate firewalls and LANs using Network Address Translation (NATs), something most home gateways have
"Hello, Security? Hi, I need to have NATting set up for my workstation. What? Oh, just a P2P filesharing app. Yeah, it's pretty cool, it's fairly anonymous, and it can spoof its IP, and it.... Hello?"
I haven't read how this softare works yet, but I can explain a bit about how a very similar piece of software called Mute works.
The paths between the sender and receiver are of variable length, between 2 and 5 links. If you are C and you receive a query for a file from A, you cannot be sure that A was the start of the chain. More often than not, A was simply forwarding a query from someone else. There is no easy way to see where the query originates from, even if you own a relatively large number of the nodes on the network.
I'll probably be modded down for this...
No, it doesn't. But the vast, vast majority of people using a tool like this are doing so because it shields their illegal activities.
Now, as a general principle, I don't like restricting people's behaviour without a very good reason. More specifically, I don't believe in automatically banning things that have legitimate uses just because they also have illegitimate ones.
However, I also believe that with freedom comes responsibility, always. In exchange for the freedom to use these tools for their beneficial purposes, you take on the responsibility of not abusing that trust.
Sadly, not everyone can be trusted to act responsibly; if they could, we wouldn't need laws and police and armies. What's needed is a balance where those authorities don't interfere with someone exercising their freedoms responsibly, but can interfere when the trust is abused.
And that is why, on balance, complete anonymity on the Internet is not a good idea. I have no problem with being anonymous for routine use, but if you can't even be identified in the face of overwhelming evidence of a crime, backed by an order from the lawful authorities, something's wrong. At that point, for everyone who could genuinely take advantage of true anonymity to make a contribution to society -- and I'm sure these people do exist -- how many spammers, virus writers, phishers, fraudsters, copyright violators, organised criminals, paedophiles, and even (really, for once) terrorists are we letting get away with it?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
There is no massive commercial worldwide network of multi-terabyte servers where you can can download anything you want. No sirree.
And there certainly aren't any error recovery tools that have been developed for this hypothetical network, that have, in the last five years, solved all the previous complaints about dropped posts and incomplete binaries.
There's nowhere you can search for binaries and download a file to import into hypothetical clients for this hypothetical network, instead of having to update indexes.
And there aren't providers who decode binaries and provide direct downloads to copyright infringing material via HTTP. And provide services on ports besides 119 to get around ISP blocks.
Not that the network exists in the first place. The only place you can get stuff is shitty P2P networks with spyware-ladden clients and blocked ports. There is no Usenet^Wnetwork like this.
If corporations are people, aren't stockholders guilty of slavery?