Reputation System Fights P2P Junk

yeejiun writes "Many of the files that are shared on p2p networks tend to be junk. Organizations such as the RIAA and music labels regularly pollute these networks with nonsense files masquerading as real music/video files. These junk files make it difficult for users to find what they want on such p2p networks. Some researchers at Cornell University have developed a reputation system called Credence, that works on the Gnutella network, allowing users to tell the good files from the bad ones."

better answer

[eight+and+a+quarter]

quit downloading crap off of kazaa/grokster/morpheous/etc. dont trust brittneyspearsporno.avi.mpeg.exe

Re:better answer

[strider44]

That doesn't stop people from generating a random file 700MB big and calling it Serenity.Leaked.avi

Re:better answer

Well said my friend.

Re:better answer

[zaxios]

brittneyspearsporno.avi.mpeg.exe
 
Link please.

Re:better answer

[jonfr]

Link please.

Try /dev/null

Re:better answer

Try /dev/null

Wow! A lot of hip-hop is in there, along with the latest and newest pop-music from RIAA, too!

Thanks for the link!

Re:better answer

[mibus]

> > Try /dev/null

> Wow! A lot of hip-hop is in there, along with the latest and newest pop-music from RIAA, too!

No, that's /dev/urandom

FP? - And that's why I use Bittorrent...

[nonlnear]

Gotta love the torrents!

Re:FP? - And that's why I use Bittorrent...

[Ichigo+Kurosaki]

have you ever lloked at the files on torrentspy or piratebay? half of the "video" files are in exe or rar format which contains a trojan...

the good part about torrent site is usually there are comments on the files if it is a bad torrent.

Re:FP? - And that's why I use Bittorrent...

That's why you should try sites like http://www.seedler.org/ they seem to do a good job at removing the crap.

And indeed as somone said, watch the torrent comments. they help a lot.

Re:FP? - And that's why I use Bittorrent...

[stoph+ct]

rar is a compression format... good forbid they compress their files!

Re:FP? - And that's why I use Bittorrent...

[larry+bagina]

mpeg/avi/wmv/mp3/ogg/etc are already compressed with an encoder specific for video/audio, so secondary compression from zip or rar isn't particularly helpful. However, zip and rar can password protect files, so if you want to see britney's 6-month pregnant sex video, the password id the 3rd word of the 2nd paragraph after you sign up for a "totally free" pr0n site.

Re:FP? - And that's why I use Bittorrent...

A large amount of video releases posted to torrent sites are "scene" releases that come from usenet.

These releases are typically rar-ed into multiple parts to allow for easy and reliable posting to usenet.

People simply taking a scene release and uploading it to a torrent site is quite common, so these rar releases on places like The Pirate's Bay are nothing to worry about. It's usually a sign that it's a "good" release if you see many *.r0* or *rar files.

Of course be on the lookout for *exes inside of compressed releases, but the presence of rars means nothing negative as far as a torrent being legit.

Re:FP? - And that's why I use Bittorrent...

[MountainMan101]

RAR is not a compression format. It is an archiving format. The reason people use TAR is so that you can check if the file is broken during download. A broken AVI migth bork, a brroken TAR would tell you when untarring.

RAR, similar to TAR is an archiving format for splitting files into identical size chunks (for floppy disks). A ZIP file of RARs seems very pointless. The only advantage I can see is that if one RAR file is broken (1 or 25 say) then you only need to download that RAR again, not the whole thing. In practice this doesn't seem very simple and not useful for file sharing.

Re:FP? - And that's why I use Bittorrent...

[BarryNorton]

RAR also has a compression layer, so is easier to use than .tar.gzip's

Re:FP? - And that's why I use Bittorrent...

TorrentSpy, isohunt and piratebay are the 'kazaa' of the torrent world. There are many more reputable torrent sites which are far faster, have 0 fake torrents, and have more experienced torrent users. Filelist.org, for example....

Re:FP? - And that's why I use Bittorrent...

[EvilMonkeySlayer]

Sssh, you don't want them knowing about usenet do you?

Re:FP? - And that's why I use Bittorrent...

[MasterSLATE]

The main concern among torrent users is that videos/pictures/etc shouldnt be compressed in rars or zips etc because that doesnt allow the users to preview the download. That preview often times helps determine if it is a legit file or not.

Lots of users won't download compressed movies/pictures because the file cannot be verified before its completely downloaded.

Re:FP? - And that's why I use Bittorrent...

Simply prioritize the first rar chunks, or first few chunks of a torrent that has been rar-ed. Open, and preview with mplayer or vlc.

Grabbing the first chunk of a video out of a bunch of rars will actually allow you to preview a movie more easily than if torrent "contained" one large movie. If you're DL-ing a large movie file, you just get random chunks of it here and there. To preview something in mplayer or vlc you pretty much need to get the first chunk or last chunk. You will grab the chunks of a large *.avi file pretty much at random, so you may not be able to preview that DVD-rip for a good number of hours... just depends on when you happen to grab the right chunks.

With a release that is a bunch of rars, you can choose to grab the very first part, or couple parts, of a movie and then unpack and have a look at what you're getting. So it's actually quicker to preview a release that is in "usenet split rar" format than trying to get the right chunks from one big avi.

And mplayer will play everything... the first part of an *.iso or *.bin for example, just grab the first few rars and you can preview within minutes.

Of course an avi that is put in one big rar is fairly pointless, not much compression is gained, but for pictures compression will save some space and time, though as you say if it's just one big rar you won't be able to preview.

But a bunch of little rars is just fine for previewing releases.

Re:FP? - And that's why I use Bittorrent...

[MasterSLATE]

Azureus has that functionality built in. There's a setting for prioritize first chunks (maybe its first/last, but memory says its first).

Re:FP? - And that's why I use Bittorrent...

[toddestan]

Quite often, the compressed files are compressed to hide the fact that they are .exe files. Or they do it to put a password on the file, which is just plain annoying and stupid.

Though the .exe files are not always lost. Sometimes they are just self-extracting archives with a trojan attached. In that case, opening the file up in Winrar (or equilivent) and extracting the content works just fine.

Torrents can be bogus too.

Especially when there is no way of checking them in midstream.

Re:Torrents can be bogus too.

torrents have hash checking

Re:Torrents can be bogus too.

[mnemonic_]

...which only verifies file integrity. It doesn't check if the file is what its filename says it is. It only ensures correct data transfers, not correct data.

Re:Torrents can be bogus too.

[Creepy+Crawler]

Correct, torrent chunks DO have hash checking, but torrent agents also allow parts of chunks to be stored until a complete chunk can be completed.

If a rogue torrent clinet were created to give bad sub-units of data, they could corrupt a large amount of chunks. That would in turn create networks with small hash-files and %failed chunk recording.

Re:Torrents can be bogus too.

Thats a client issue then. The BT spec specifically disallows that.

Re:Torrents can be bogus too.

[A+beautiful+mind]

IF it consists of multiple files then there is, just priotize the first part of it ahead.

Re:Torrents can be bogus too.

[Creepy+Crawler]

Since I dont have the spec in front of me, Ill take your word for it (as it makes sence that would be in there).

Ok, iirc, BT uses what looks like sha. How can BT prevent hash collision attacks (rare, but in case of big media, possible)

Re:Torrents can be bogus too.

[nunchux]

True... But a bogus torrent usually doesn't survive too long and certainly doesn't see too many seeders. If it's been up for a day or two you can be reasonably sure it's valid.

Also, even the "pirate" torrent sites are centralized and often even have administrators, sometimes even comment boards. If a torrent is bogus, someone will take it down. (Not that I've been to those sites, of course...)

Of course this could all be manipulated, but AFAIK it hasn't been yet by the powers-that-be... And I don't see why they'd bother, when a threatening letter is all it usually takes to take a torrent site down, and it would take considerably more effort than turning a bunch of scratchy mp3's loose on kazaa.

Re:Torrents can be bogus too.

Ok, iirc, BT uses what looks like sha. How can BT prevent hash collision attacks (rare, but in case of big media, possible)

Not possible. Bittorrent uses SHA-1, which has only recently (Febuary) been reported to be collisionable in 2^69 hash computations.

So yes, if your chunk size is 536,870,912 Gb, and you have a supercomputer working on it for a year or so, you will be able to find a colliding hash.

Yeah. Possible indeed.

Re:Torrents can be bogus too.

[frostw]

Ummm, yes there is. For instance, VLC media player will play partly downloaded videos.

Re:Torrents can be bogus too.

[Irashtar]

True, but Torrents rely on the community, while with things like kaaza, many times what you want is hosted by one guy, and it's hard to kick fakes. In torrents, fakes die very quickly, thanks to the 'OMG fake' comments on the torrent sights.

Re:Torrents can be bogus too.

I happen to have a chunk size of 536,870,912 Gb and a supercomputer leased for the next two years you insensitive clod.

Re:Torrents can be bogus too.

But torrent files aren't like a normal partially downloaded file. You have parts from all over the place and they generally aren't put back together in the right order until you have all the parts. That's what makes BitTorrent so fast.

Re:Torrents can be bogus too.

[badfish99]

I haven't tried VLC, but mplayer will usually play partially-downloaded torrents if they are mpeg files. It just skips the bits that haven't been downloaded yet.
It's less reliable with avi files: it doesn't seem to like it if the first part of the file is missing.

Re:Torrents can be bogus too.

I've actually noticed many torrent poison attempts recently, and always for Six Feet Under episodes. Probably HBO isn't too keen on people getting to watch it for free.

Though I justify d/lling them because I pay for HBO on my TV, it's just way more convenient to download and watch on my laptop.

Re:Torrents can be bogus too.

[xouumalperxe]

make sure you set your client to do its utmost to get the first few chunks first. That'll allow you to preview the file if it is a film or song. Also, an increasingly large number of music torrents is becoming multi-file torrents rather than 1 0-compression rar file to encapsulate all the discrete songs in the album. This'll allow you to preview all files. Also works on PDFs (gotta love eBooks). This said, I'm not aware it works on CD images (gotta check if that Linux CD is real, heh).

Re:Torrents can be bogus too.

[Spudds]

And I don't see why they'd bother, when a threatening letter is all it usually takes to take a torrent site down

That's not really true. Depending on where the site is hosted, legal threats could be more humerous than scarry.

    Case in point.

      Btw, if you've got a few minutes to kill, you should really check out some of the emails to and responses from thepiratebay.com. They are hilarious!

Re:Torrents can be bogus too.

MPEG is a streaming format with a single codec, so you can start playing at any point in the file and get good video from it. AVI is a container format that can contain video compressed with any of a number of codecs. The header tells which codec has been used in that particular file. If you don't have the beginning of a file, you'd have to guess what codec has been used, so starting an AVI in the middle is difficult.

Re:Torrents can be bogus too.

[badfish99]

There also seems to be index information at the end of an avi, and many players won't play it if that is missing. But mplayer will. So mplayer is the tool that I always use for trying to play partially-downloaded files, to see if they are genuine.

Re:Torrents can be bogus too.

[SpecBear]

It's happening. Contrary to what many on slashdot think, the *AA orgs employ some pretty clever people, and the pirate networks are far more vulnerable than is often assumed. Check out the comment threads on some new releases at one of the torrent sites, and you'll see that a number of spoofing tactics are in use:

• Fake files. This is clearly a more primitive tactic and can be thwarted by clients that can be set to download the first parts of a file first.
• Incomplete files. The seeder reports having the entire file, but will never deliver certain parts of it. Thus, downloaders get stalled at 98.5%. And it's amazing how long people will wait for that last bit.
• Fake seeds. Haven't confirmed how this one works, but sometimes you'll see a torrent with an improbable number of seeders (e.g., 300 seeds and 100 leechers for a fairly new torrent). Lots of seeds attract more people.
• Timing. For example, demand for a movie will rise in the days shortly before its release. If you get your fake tracker up and running during that critical time before there's a real pirate version out, then you'll attract downloaders and waste their time. And there's a snowball effect: when people go to download from BT, all of things being equal they usually go for the tracker that has the most people on it.

Combine the tactics, and you've got a serious problem. Every user adds to the strength of the distribution network so tying up one client with a fake not only prevents that client from getting the material, it also keeps that client from helping others get it as well.

If you're patient, persistent, and knowledgeable, you can avoid or minimize the impact of these spoofing tactics. But patient, persistent and knowledgeable don't really describe the average pirate (or just about anyone else, for that matter). The dedicated pirate simply won't be stopped, and the content producers know this.

Like you, I once assumed that the various forms of moderation on the torrent sites would mitigate this. But the countermeasure are slow to work, as I've seen fake torrents stay up for weeks. It's easy to post multiple new fakes. And users are incredibly clueless. I have, on several occasions, seen comment threads where several people will post "This is a fake, don't bother," but the torrent will still have thousands of people downloading and the very next comment will be something like "I've been stuck at 99% for three days, will somebody fucking seed this!!" Remember, the goal isn't to elimiate the network. The goal is to make it so untrustworthy and unreliable that it's too much trouble for Joe User and he'll go to the theater instead.

Re:Torrents can be bogus too.

[hobbit]

Coffee. Laughed. Nasally.

Re:Torrents can be bogus too.

[sigloiv]

As someone said far above, all you have to do is prioritize the first pieces in files. It's a simple option in most clients. While it doesn't eliminate pieces that are farther back in the file, it does help a ton with previewing files.

Re:Torrents can be bogus too.

[NickFortune]

Contrary to what many on slashdot think, the *AA orgs employ some pretty clever people,

Interesting.I don't personally think of the *AA as being stupid.I think they're using some intelligent methods in persuit of a deeply stupid goal.

The goal is the surpression of file sharing. It's a stupid goal because it's doomed to fail. The way in which the world works has changed. Supposedly there was once a law requiring that the earliest automobiles be preceded by a man on foot waving a red flag to ensure no one was injured by the vehicle. That's what the *AA are doing; desperately trying uphold an outmoded status quo.

Why are these intelligent people doing this stupid thing? Well, it's the reason their organisations exist. In that sense, they have no choice.

Remember, the goal isn't to elimiate the network. The goal is to make it so untrustworthy and unreliable that it's too much trouble for Joe User and he'll go to the theater instead.

Mmm... exactly. They can't close the channel, so they'll try and jam it. A smart response in pursuit of a stupid goal

The sad thing is that is that the need to jam it to near 100% or the strategy fails. It only takes one guy per neighbourhood who can separate the wheat from the chaff and the tactic fails; partly because he serves as an example that it can be done, and party because local distributuion can be handled by sneakernet

But like I said before, they've no choice but to try...

Re:Torrents can be bogus too.

[cthulhu11]

Legit torrents don't survinve long either. This is one reason why edonkey is a superior system.

Re:Torrents can be bogus too.

Re Timing: Use nforce to check what releases have been out by the pirate groups. Then confirm the filenames and size using the nfos that the site provides.

I'm a little lost in this whole thing

[ReformedExCon]

I thought the primary purpose of P2P filesharing was to share legally swappable media files as well as other files like documents and useful freeware applications. Is there some nefarious entity flooding the P2P networks with garbage disguised as those files above? Why would you need to know the quality of the file's reputation?

Re:I'm a little lost in this whole thing

To make sure your useful freeware application hasn't been trojaned, of course.

Re:I'm a little lost in this whole thing

I'm afraid you're mistaken. Sharing legal files was the *rationalization* that P2P netorks used to allow massive amounts of piracy to take place on them... "but some people are doing legal things!! they may constitute about 2% of the total, but they do exist!"

Re:I'm a little lost in this whole thing

I thought the primary purpose of P2P filesharing was to share legally swappable media files as well as other files like documents and useful freeware applications

...
You're new, aren't you?

Re:I'm a little lost in this whole thing

[ReformedExCon]

That's a good point. I hadn't thought of that.

But as has already been pointed out in other posts in this story, if users need to rely on other users to rate the download good or bad, then the situation is right back where it started from. Untrustworthy users uploading trojaned executables will just rate their own stuff as good.

Re:I'm a little lost in this whole thing

[scsscs]

Your comment broke my sarcasm detector.

Re:I'm a little lost in this whole thing

[Chandon+Seldon]

Ever heard of trojan horses? Spam zombies are worth good money.

Re:I'm a little lost in this whole thing

[Descalzo]

That's exactly what I thought. I looked it up and apparently if you vote your trojans as good when other people vote them as bad, you are calculated to be untrustworthy and your votes don't count.

That's an oversimplification of the answer I found in the FAQ.

Re:I'm a little lost in this whole thing

[D'Sphitz]

Yeah, it reminds me of the pothead arguments like
"But it makes really good rope!" *lights bong*

Re:I'm a little lost in this whole thing

[mtenhagen]

So you first build a reputation by automaticly rating files as good (wich are already rated good) Then after a few months you rate one (only one) of your trojans (uploaded by another user) as good.

Re:I'm a little lost in this whole thing

[Orgazmus]

It does make really good rope!
But even better bongfill ;)

Re:I'm a little lost in this whole thing

[Various+Assortments]

It does?! I should really read these pamphlets I'm handing out.

Re:I'm a little lost in this whole thing

i dont know about where you live but where I'm from fifty dollars is a hell of a lot to pay for three and a half grams of rope

Re:I'm a little lost in this whole thing

[brainburger]

- And then other people rate your trojan as bad and its rating goes down.
Actually, I expect some technique like you describe could work, but it is a heck of a lot more effort to go to than with no rating system at all.

Re:I'm a little lost in this whole thing

[RLiegh]

Is there some nefarious entity flooding the P2P networks with garbage disguised as those files above? Why would you need to know the quality of the file's reputation?

Spoken like someone who's never downloaded UsingTheGNUSystem.pdf only to find that it's nothing but a picture of the Goatse Man!

Re:I'm a little lost in this whole thing

[senatorpjt]

But, like he said... It's REALLY GOOD rope.

Re:I'm a little lost in this whole thing

[z80kid]

Is there some nefarious entity flooding the P2P networks with garbage disguised as those files above?

Yes, there are. They are marketers, spammers, and trolls.

I've downloaded plenty of video, pictures, and document files that claimed to be something interesting and legal, but were really promos for (usually porn) pay-for websites, or gay / kiddie porn trolls.

If you'd actually tried to use P2P for legit files, you wouldn't have to ask.

Re:I'm a little lost in this whole thing

[jdigriz]

Pishtosh! Nylon is a far superior rope material in fields such as breaking strength, lack of shrinkage when wet, mildew resistance and UV resistance. No modern rope-dependent activity like rock-climbing or sailing uses hemp if they have any choice in the matter, assuming it's not some historical reenactment. Hemp is crap rope.

New slogan for Cornell University...

"making theft more efficient!"

Re:New slogan for Cornell University...

[Shafe]

Better than our current slogan, "I would found an institution where ... " yada yada yada. "Making theft more efficient" is something to be proud of!

Re:New slogan for Cornell University...

[typical]

While I agree that copyright-infringing uses will probably dominate this software (just as has happened on other P2P filesharing networks), I can tell you that there is definitely spam from spyware, etc. And content rating en-masse *is* a significant problem with major practical applications to society.

Re:New slogan for Cornell University...

[brainburger]

It is not theft,it is infringement, no matter how similar to theft you may feel it to be.

this is stupid

[Madd+Scientist]

if the RIAA is willing to create junk files, you really don't think they are going to create fake accounts to rate their junk files as "good"? ANY system you put in place that gathers "votes" from users can be manipulated.

Re:this is stupid

[Madd+Scientist]

"Our system relies on honest peers...."

yeah, the same honest peers you trusted not to put up "polluted content" in the first place. this is so retarded. cornell is really slipping.

Re:this is stupid

[Creepy+Crawler]

Look at kuro5hin's rating system. In a democratic system, participation is the key. AT that site, very few comments are rated upon. The few that are rated are the...

1: Master parent in big thread.
2: 1 and 2 child of master parent (in a big thread)
3: Obscene trolls (...you donkey-raping shit eater...)

Past that, not many care. Of course we have had a few mod-trolls who create a few accounts to run everything into hidden (similar to beiong -1'ed here), but are countered by the users actually participate for a short while.

Since the voices on K5 get out, nobody cares about democracy. Just hop on over there if you dont believe me.

Re:this is stupid

[Madd+Scientist]

nobody has a vested interest at K5. if corrupting the system will raise it's bottom line, and the only part of the system the RIAA would be corrupting is the part infringing their copyrights, then they have nothing to lose and everything to gain.

what if there were more "mod-trolls" at K5 than real users "actually participating"? what if there were more "mod-trolls" than actual users?! then how do you make the system work. any system that assumes people will vote correctly is inherently flawed.

Re:this is stupid

Look at the quality of the stories that get front-paged on K5. That's an argument against the success of peer rating if I ever heard it (as, of course, is Britney Spears' bank balance).

Re:this is stupid

[ytpete]

Not quite. If you read more carefully, what they mean is they rely on most peers being honest. This seems like a reasonable assumption. Something vaguely like a meta-mod system decides which peer's votes are actually trustworthy.

What's really clever is that consistently dishonest peers aren't flat-out ignored---their votes are reversed. Only nodes that essentially vote randomly get ignored.

Re:this is stupid

3: Obscene trolls (...you donkey-raping shit eater...)

as a donkey-raping shit eater, i take offense in that comment.

Re:this is stupid

[TheophileEscargot]

This system specifically addresses kuro5hin's main problem.

On K5, only a few people rate comments. Basically crapflooders cabals got together enough accounts to outweigh legitimate raters, giving them control of the rating system.

With this system, the crapflooders would be able to rate each other up... but if you rate differently to them, your view would ignore or reverse their ratings.

Wouldn't help anonymous users though.

Re:this is stupid

[Madd+Scientist]

but what if i voted exactlly like you on 1,000 items... or 10,000 items... and so did 10,000 users just like me. and then we ALL spammed a bad file and marked it good, and then spammed a good file and marked it bad. such that the ratio of thumbs up votes to thumbs down votes was the same in both cases... you can figure that out by knowing about how many people will vote on each file and how often they will vote correctly.

THIS ENTIRE SYSTEM IS JUST TRYING TO FIND LOOPHOLES AROUND THE RIAA'S INITIAL DEFENSE. there is no other reason for it, and it is doomed to fail if ANYONE chooses to make it fail.

Re:this is stupid

[Madd+Scientist]

this makes 2 completely wrong assumptions

1) that there will be more real honest users than fake users created by someone who wants to take the system down.
2) that the fake users will be used more than once and thus you could track them.

a user is nothing more than an entry in a database and if you let the public freely create users, then anyone who wants can create unlimited users. get their reputations up, then send them in for their suicide mission to screw up a few files and make the day 3 seconds harder for your average music pirate... i mean, face it, that is what we're talking about here. we aren't worried about viruses... we have anti-virus software... we're specifically talking about falsely advertised media content files.

Re:this is stupid

[TheophileEscargot]

but what if i voted exactlly like you on 1,000 items... or 10,000 items... and so did 10,000 users just like me. and then we ALL spammed a bad file and marked it good, and then spammed a good file and marked it bad

Then you would all have marked 2 files in 10,002 incorrectly, and 10,000 correctly. I can live with that.

Re:this is stupid

[maxreactor]

if the RIAA is willing to create junk files,

no, you've got it wrong. the artists create the junk files, the RIAA just promotes them and keeps all the profits

Re:this is stupid

[ytpete]

Good points... and I was too hasty in summarizing the article. A more accurate statement would be "they rely on a sizable number of peers being honest." Because honesty is determined by clustering peers whose votes are similar to yours, a majority is not at all necessary.

Also, it sounds like you need actual active nodes, not just registered users, to get your votes seen. Given that P2P networks boast 1.5-2.5 million simultaneous users, even a grid the size of Google's wouldn't put a dent in the voter pool.

Flooding with "98% honest" peers has been brought up by others here, but I'm guessing the Cornell people were careful to take that into account. E.g., for a given 'evil' node:

• If the 98 honest votes go against your evil buddies, you more than cancel them out.
• If you never contradict your buddies, you get clustered closer to them and farther from the honest nodes that do contradict them.

That being said, if this works it'll be kinda a shame. Making P2P inconvenient for infringers is exactly what the **AA should be doing more of, instead of reflexively suing the crap out of everybody. Well, that and offering a decent alternative....

eDonkey

[mnemonic_]

Doesn't the eDonkey2000 network already have a system like this? Users identify fakes and report them, then the phony file information propagates throughout the network and the fake file dies.

Re:eDonkey

[mnemonic_]

Ah, found it: donkey-fakes. eMule automatically downloads the fakes list upon startup, and prevents the files from spreading.

Re:eDonkey

[Seumas]

Shareaza has had this built in for quite a long time and it works fairly well.

I've switched to Apple, so I use aMule, Azeurus and SoulSeekX now, but . . .

Re:eDonkey

[Infonaut]

Doesn't the eDonkey2000 network already have a system like this?

It does, but unfortunately the name "eDonkey" immediately invalidates any utility the service might provide.

Personal foul, hideous name. Loss of down and a 15 yard penalty.

Re:eDonkey

[noidentity]

Doesn't the eDonkey2000 network already have a system like this? Users identify fakes and report them [...]

So all the RIAA has to do is report all the real files as fakes? Well, along with the fakes, otherwise the real files would be marked as the fakes and the fakes as the real.

Re:eDonkey

There's a similar mechanism in Shareaza and it kinda works if you only care about new files, but if you want an older movie of music file, these are mostly marked as fake.

i.e. The original versions of Charlie & Chocolate Factory and War Of The Worlds are generally marked "fake". Given that a lot of modern movies are remakes, it becomes increasingly hard to find the orignal version of it.

The same goes, to a lesser extent, for music. Over 50% of modern pop music is a cover, trying to find the original track is hard because they are mosly marked as "fake".

So in general, people are incapable of distinguishing properly between "fake" and "other media with same name".

Re:eDonkey

[Jugalator]

Yes, it's not too uncommon. On BT, I just check how many seeders the file has. People don't want to keep and spend their bandwidth on seeding fakes.

So far, I've never fallen to a faked torrent with lots of seeds either. Even if RIAA could in theory set up networks to seed fakes, they don't seem to be doing it.

I think there'd be less confusion if the article title was "New Reputation System for Gnutella To Fight P2P Junk".

Re:eDonkey

eDonkey2000 network

You mean the eMule network right? With less than 5% of people using the eDonkey client and more than 90% using eMule and the fact that eMule which is an open source project has many important additional stuff in the protocol (source-exchange, priority queues, etc.) I think eDonkey2000 can only be reffered to as a long forgotten historical name for this network.

Re:eDonkey

Just cancel the download of files that jumpstart with 50k/s.

Re:eDonkey

[leuk_he]

Most users are too lazy to post comments on files in the ed2k network. Any system that does not give an advantage for rating files will be discarded by most users, leaving big F*cking holes open for robot voters/spammers from the trolls on those networks.

Re:eDonkey

[the+new+supergod]

That is exactly why the network hasn't hit the mainstream media - the name is just so disgusting. The modern media love their hi-tech buzzwords and this just simply doesn't fit it.

I was thinking this yesterday while on eMule. There are over 8m current users on the eDonkey network, far more than ever on Kazaa or Napster, and yet a.) No lay person has ever heard of it and b.) I have never heard a squeek about it in the UK media.

For me this is a very good thing, and is one of the reasons the eDonkey network is the best imho. It is also one of the reasons why it hasn't yet been systematically attacked by the **AA forces.

--Richard Malone

Re:eDonkey

[antic]

Even if RIAA could in theory set up networks to seed fakes, they don't seem to be doing it.

The key is that you only need to stay ahead of their game. While they're hitting the P2P networks, you use IRC. When they start paying IRC more attention, you shift to the next thing.

By the time the RIAA start seeding fakes via networks, someone will have come up with something else.

Re:eDonkey

Why? Regardless of the individual apps used to access the network, why would you want to call the network by any name other than the one its original creator gave to it?

Re:eDonkey

[anhdres]

Yes, there's an option in eMule to attach a comment and a rating to a shared file and I don't recall seeing a misuse of that feature, not counting the "friend slot please!" comments. What continues to be succesful is common sense. For important (read popular) releases, reading the files' names and checking them back on nforce works just fine. Another aspect of the ed2k community that keeps it over others is that like torrents, most people gets their ed2k links from known indexing sites. While it's known that those can be shut down by the MPAA/RIAA they still are the true power behind the network. So when a new release comes out, the majority of users are sharing the proper file, acting as a snowball.

Re:eDonkey

[daikokatana]

Indeed - but there is a big problem with that system. eMule recognizes the file hashes and reports them as fakse, but it stops after that.

For the past few weeks, I have been rewriting part of the eMule source to have the following changes:

1. I offer a valid file with a valid hash (no fake) 2. People try to download the file from me and move up fast in my queue 3. Once they download a chunk from me, the data I send them is invalid (generated random) 4. Since this part is invalid, they need to redownload it 5. Since they move up faster in my queue than others, they redownload the part from me. 6. etcetera...

To be honest - I want to sell this tactic, that's why I do it. And so far it works! I get loads and loads of requests and rerequests for files, so this is a perfect tactic to kill the download of valid files - reputation system or no reputation system.

Remember, the file is valid, but they'll get it much much slower and spend x times the bandwidth to get it. I have unlimited bandwidth (up/down) so I always win in the end.

If whatever organisation I sell it to employs this on a large scale, the network will be flooded.

Re:eDonkey

Then you certify the client and let only ones that have been proven "legit" communicate. Or they will quickly move to a another authenication method that does more checks. Or they filter your POS client off the network because it keeps sending too many invalid files and is generating too much "bad" traffic. It would be trivial to spot this method once it was tried on any sort of scale. Your unlimited bandwidth won't do you much good then.

Either way your an asshole and won't make any money.

Re:eDonkey

[__aaxwdb6741]

This is easily counter-measured by "banning" sources which are unable to send me a valid chunk in X attempts.

I think that there could be an easy counter-measure for every measure that the anti-pirate industry takes.

Every thing they do is just an other inconvenience for the downloader, themselves, the legit downloaders, and Everybody Else (tm).

Re:eDonkey

[Clith]

7. People notice you are blocking them and report your IP.
8. Your IP gets banned.

Re:eDonkey

That's why BitTorrent is a better system. This kind of malicious crap doesn't work on a BT network.

Re:eDonkey

[TheoMurpse]

Azureus has a setting for blocking peers who send above a certain threshold of bad packets. Your technique would fail on BT. I don't know about eD2K and such.

Self-policing is needed

[case_igl]

"...allowing users to tell the good files from the bad ones."

Don't you mean the real illegal files from the fake illegal files? Seriously, it is no surprise to me why P2P has gotten a bad rap. Many of the users simply use P2P apps to commit piracy.

Yes, there are legit uses as well. But honestly, if you are looking for free music from a band that has released it as such, you can usually find it. It's the copyrighted commercial music and video that have tons of fake files, porn movies, etc...Not Jim Blow Sings the Blues, Live from Natrona, PA!

Re:Self-policing is needed

[KillShill]

there are fewer than a few thousand pirates in the world today.

oh you mean copyright infringers.

well, you can hardly blame me, i certainly try to use the right words to describe my intended targets. i also avoid using "politically venomous" euphamisms to portray copying digital data.

there's a reason it isn't treated as real property (except by the content cartels who would have you believe otherwise).

Re:Self-policing is needed

[Penguin]

Yeah, because 300 years certainly isn't enough for a word to be recognized...?

From http://www.etymonline.com/index.php?term=pirate :

"Meaning "one who takes another's work without permission" first recorded 1701"

Come on, the term is older than RMS!

Re:Self-policing is needed

[vhogemann]

I'll assume that the researchers out there realise that P2P is an amazing technology, and a good way to use the net resources to distribute files.

What they're trying to do is extend the protocol, so it can be used to legit purposes. I mean, Bittorrent is cool because you can check the identity of the files from the torrent... and Gnutella is cool because it's almost has no central nodes, and you publish your files directly on the network and a simple search will find them.

I can immagine several legit uses for P2P networks, with a trust/authenticity mechanism, for example I'd love to see Debian repositories over a P2P network! It would be amazing to download several files at the same time, always from the fastest source and without the need to update or configure any repository list!

Re:Self-policing is needed

[EvanED]

The OED has a citation dating even before that, 1668. It's not a precise match, because they are called "land pirates", but:

"J. HANCOCK Brooks' String of Pearls (Notice at end), Some dishonest Booksellers, called Land-Pirats, who make it their practise to steal Impressions of other mens Copies."

Re:Self-policing is needed

[EvanED]

But what the parent is saying (and which is a very legit argument if you ask me) is that if you're looking for a Debian repository, you're almost certainly not going to find a fake file!

If you want to be sure, you can compare the file size to the official one. If it matches, you can be all but completely confidant that it's real.

After all, there are probably far fewer people trying to flood P2P with bogus files just for the hell of it then there are trying to flood P2P with bogus files in an attempt to protect copyright.

Re:Self-policing is needed

[Kjella]

It's the copyrighted commercial music and video that have tons of fake files, porn movies, etc...Not Jim Blow Sings the Blues, Live from Natrona, PA!

Do you think the people sharing "brittneyspearsporno.avi.mpeg.exe" actually care what the part before ".exe" says? If he was popular, there'd be "jimblowsignstheblues.mp3.wma.exe". Most of the crap I see is from script kiddies. Maybe the RIAA is posting some fake files too, but not to the same degree.

Re:Self-policing is needed

Of course! I'd much rather use some revisionist term used to downplay the illegality of pirating copyrighted music.

Re:Self-policing is needed

[Haeleth]

If you want to be sure, you can compare the file size to the official one. If it matches, you can be all but completely confidant that it's real.

This doesn't work for media, though! Depending on the codec used, the quality settings, and the resolution, the file size of (for example) a single episode of a TV series can be anything from 50 megabytes to 500 megabytes, and there can be dozens of equally-real sources, all of them with different file sizes.

If you pick one at random, you have absolutely no way of knowing whether it's genuine or not.

Admittedly this is only a problem when there isn't a single official source, and mostly that's only the case when the media in question is being distributed illegally. But there are also legitimate usage scenarios. We should surely encourage the development of anything that has legitimate benefits, right?

Or shall we go back to living naked in caves, because clothes and houses can help make terrorists comfortable?

After all, there are probably far fewer people trying to flood P2P with bogus files just for the hell of it then there are trying to flood P2P with bogus files in an attempt to protect copyright.

There is a third group you haven't thought of: the people who are trying to flood P2P with bogus files in order to spread spyware and viruses. If this can be used against them, then it should be.

Isn't it better to risk helping people steal songs (sometimes not even a criminal offence) than to do nothing and thereby help criminal gangs spam, hack, and phish (major fraud)?

Re:Self-policing is needed

Yes. However, the kind of pirate an Internet Pirate is stems from that site's definition: sense of "unlicensed radio broadcaster" (from 1913)

Ye unlicensed radio broadcaster be one who share treasures, and not be digging into the ground to hide 'em! Yarrr.

//MMN-o

Re:Self-policing is needed

Right, then let's start officially calling Republicans "Motherfuckers" now so that in 20 years' time, nobody will have any room for complaint.

(Yes, I know they've been called that unofficially for ages now).

Re:Self-policing is needed

[no_opinion]

Not only that, but under the new Grockster ruling, if the point is to weed out the fake copyrighted files from the real copyrighted files, this will certainly be used as evidence that the purpose of the system is copyright infringement.

Re:Self-policing is needed

[evilviper]

"...allowing users to tell the good files from the bad ones."

Don't you mean the real illegal files from the fake illegal files?

Not true at all. Just seach for ANY popular terms, (celebrity names, current events, etc) and you will see a HUGE number of fake files that are not what they claim to be.

News video actually turns out to be porn. Pictures with any naming usually turns out to be an ad for one website or another. Worms/Viruses that will make-up filenames out of every combination of dictionary words it can come up with. etc.

I have, in-fact, searched for legal files numerous times, only to find the contents to be completely different, mislabeled junk.

You clearly have a serious bias on the issue, and don't use P2P networks much. These would be real problems even if the RIAA/MPAA wasn't contributing to the problem.

For an example, try searching for the trailers of a recent movie, and you'll see the problem. Surely the MPAA wants wide distribution of trailers, but you find lots of junk instead, and generally be unable to find the trailer you're looking for.

Re:Self-policing is needed

[shark72]

Politically venomous? I've known untold pirates who fly the Jolly Roger proudly. The guys who run the warez rings use -- and have always used -- the word "pirate" as a badge of honor. There's no shame or stigma in the word.

When access to pirated works exploded with the advent of P2P, many people new to the world of piracy (e.g. adults with real jobs) took umbrage at the term. Thus, the "call it copyright infringement" movement was born. I suppose this term does sanitize it a bit, and perhaps it does help it go down a little more smoothly for some people who'd otherwise feel a bit guilty, but why use an obtuse legal term when the word "pirate" has served the purpose perfectly well for centuries?

Re:Self-policing is needed

[KillShill]

yes because 300+ years ago, the british monarchy needed a way for people to accept that copies were in fact the original article (not to mention the censorship, for which copyright was born).

people back in the day (including now) didn't know any better. except for thomas jefferson and a few others who knew better, most accepted the propoganda of the time and treated copies as if they were physical property.

ideas are not owned by people, period. it belongs to everyone. anyone who tells you otherwise wants to be your master or some other nefarious purpose.

you want your ideas not to be used by anyone else? keep them in your own head. you'll be better off and so will the rest of the world who won't have to abide by your "terms".

i'd rather live free in the dark ages than to be handcuffed and shackled in the age of "information". but that's an extreme view. it'll never come to that. people who had the good sense, always shared freely with each other. sell actual goods, don't hoard knowledge.

One problem with this Credence system:

[nonlnear]

From the site itself: http://www.cs.cornell.edu/People/egs/credence/faq. html

3. How does Credence know who is trustworthy and who is a spammer ?

Initially, it doesn't. As you vote for files, it stores your votes and discovers the set of peers with whom your votes are correlated. It also communicates with peers to find out about other peers with whom they in turn are correlated. The outcome of this computation is a numerical value computed for each file appearing in query results that reflects the probability that the given file is trustworthy. If you vote thumbs-up for good files and thumbs-down for bad files, you will be grouped with the vast majority of people who also vote honestly. You will then compute a high trustworthiness metric for all files that this (potentially very large) group of users has ever voted on. If you vote inaccurately (i.e. you are a spammer), you will compute a low trustworthiness metric for other non-spam files, and honest users will compute a low trustworthiness coefficient for your opinion. It is thus in your best interest to vote honestly.

Seems the trust system is prone to spamming itself. If the RIAA (or anyone for that matter) flood the system with bogus votes, then the "honest" votes will get ruled out.

This seems only to be just another layer that's succeptible to the exact same pollution problems.

I put odds of this catching on and being succesful as currently documented at a big fat 0%

Re:One problem with this Credence system:

[patio11]

Amen to parent. At zero cost to impersonate a peer on the network and no central authority to measure a peer against you can trivially create any n, as large as you desire, of users and files to make your pronouncements on files as trustworthy as anyone else's.

Re:One problem with this Credence system:

I think the main insight and contribution of the system is that the reputation of a peer according to you is determined by whether he/she votes in a similar manner as you.

So if the RIAA starts spamming Gnutella with lots of junk stuff, you will never vote in the same way as the RIAA dummy accounts, and you don't take their votes into account.

In fact, it seems the system is even smarter than that - it can take votes from people that are strongly uncorrelated with you and use that as negative information. So anything these people vote as valid files, you can treat as garbage as their definition of good/bad files is completely opposite to yours. And assuming you trust your own judgement, that means those files must be bogus.

Reminds me a lot of the google pagerank system, but with explicit learning/training instead of using back-links for determining correlation.

Re:One problem with this Credence system:

[patternjuggler]

Seems the trust system is prone to spamming itself. If the RIAA (or anyone for that matter) flood the system with bogus votes, then the "honest" votes will get ruled out.

I haven't read the description closely, but it's hard to see why flooding the system would matter- it isn't majority rule, it's who do you trust and who do they trust. If the RIAA has ten million bogus users, I and a few hundred other people vote thumbs down on them but thumbs up for each other, then we have our little corner where a set of honest opinions exist (although it may take a while to initially connect to that group).

The way you would have to spam the system would be to vote honestly for a time and then switch abruptly, but even then the damage would be quickly mitigated as your credibility disappears.

Re:One problem with this Credence system:

[lysergic.acid]

how will honest votes get ruled out? unless more dishonest votes are put into the system than honest ones, spammers will still have low trustworthiness for non-spam files, and honest users will have high trustworthiness for them. the sytem groups people who vote similarly, so even if the RIAA floods the system with dishonest votes, it won't likely affect honest users who will calculate their vote influence with a low trustworthiness metric.

Re:One problem with this Credence system:

[J2000_ca]

It's odd how people can read but not understand. There is no "honest" votes in the eyes of the system. Just like and unlike votes. If you start spamming you just get associated with the other spamming votes. Likewise if you choice to disown bad files you will be grouped with other people who do the same.

Re:One problem with this Credence system:

[Stauf]

I love shooting people down with their own links - from http://www.cs.cornell.edu/People/egs/credence/faq. html:

7. Can a group of spammers game the Credence algorithm by voting thumbs-up for each others' spam ?

No. The trustworthiness computation is designed to preclude such attacks.

8. What happens when a large number of spammers vote each others' spam up ? Can they fool the reputation system ?

No. Credence's reputation computation is similar to Google's PageRank, but is more general - every node computes a different rank based on its own votes. Reputation flows from a given good node along trust edges towards other nodes. Spammers can create tight cliques in which everyone votes on each others' spam, but the entire clique will be deemed untrustworthy. And if anyone in the spammer clique does a search, they will see each others' spam ranked high.

So a 'good' rank is dependent on the whims of people who usually vote the same way that you do. So spammers will see high rated spam and non-spammer will see high rated non-spam. Simple.

Re:One problem with this Credence system:

It's essentially pagerank for P2P. As Google has shown, nafarious people can't actually affect ranking that much. In fact, googlebombing shows how technically inclined people can wipe the floor with traditional companies. I doubt the RIAA has a clue or the smarts to get a botnet big enough to outvote however many million P2P users there are. There's also the very clear bimodal voting pattern that would emerge for a "bad" file. The RIAA would vote it up with its botnet, and the rest of the p2p network would vote it down. It would be very easy to just plonk the entire botnet because they all voted the same on an obviously bad file.

Re:One problem with this Credence system:

[kernel_dan]

Seems the trust system is prone to spamming itself. If the RIAA (or anyone for that matter) flood the system with bogus votes, then the "honest" votes will get ruled out.

Please read your own quotation, specifically:

If you vote thumbs-up for good files and thumbs-down for bad files, you will be grouped with the vast majority of people who also vote honestly. You will then compute a high trustworthiness metric for all files that this (potentially very large) group of users has ever voted on. If you vote inaccurately (i.e. you are a spammer), you will compute a low trustworthiness metric for other non-spam files, and honest users will compute a low trustworthiness coefficient for your opinion.

Meaning, you see the ratings that people similar to you make.

Re:One problem with this Credence system:

[noidentity]

It sounds like it works like the common "people who bought this book also bought X, Y, and Z" (except "people who bought this book" is "people who consider A, B, and C to be real files"). Thus there are three general groups people's votes can fall into: those that like the real files, those that like the fakes (RIAA, spammers), and those that can't tell the difference. Each group has a different "signature" and only votes of those people in your group are used to rank files in your search.

Thus, the anybody making dishonest votes will make their votes irrelevant.

Re:One problem with this Credence system:

Seems the trust system is prone to spamming itself. If the RIAA (or anyone for that matter) flood the system with bogus votes, then the "honest" votes will get ruled out.

In order for you to trust their bogus votes, you'd have to have a strong correlation with them already. When you first start using this file rating system, you have no correlations with anyone, so their spam means nothing to you. As you rate more files, you will develop strong correlations with other users. If the spammers vote true to their motives, you will develop a strong negative correlation with them, and therefore you won't trust their votes in the first place. If the spammers try to gain your trust first before spamming the system, they would necessarily have to vote the same as you on many other files to garner a strong positive correlation with you. But that would mean they voted honestly on many files just to trick you into downloading one bad file. Not only does this seem far too sacrificial on the spammers' parts (after all, the idea is for you to download the wrong file all the time), this is far better than the current situation where up to half the files you download may be bad. And by voting falsely on a file, their correlation with you drops, so the next time they spam, it won't be as effective.

Re:One problem with this Credence system:

[dreadlock9]

Seems the trust system is prone to spamming itself. If the RIAA (or anyone for that matter) flood the system with bogus votes, then the "honest" votes will get ruled out.

This seems only to be just another layer that's succeptible to the exact same pollution problems.


If you vote honestly, you would have little correlation with RIAA's bogus votes, therefore your node would deem them untrustworthy. The pollution would end up being contained among the polluters, and their efforts to rate their junk files highly will distance them further.

Re:One problem with this Credence system:

[DingerX]

Look, there are two groups of people reading this article:
A) Those who get it
B) Those who don't.

members of group B have read through post after post from members of group A, yet persist in their error. So there's no sense in being redundant here.

Think of it as something akin to how you behave on a date with a total knockout. You wanna get root access, but you don't want to blow it by talking about your nerdy life.
So you start talking, and let her "lead" -- you then adapt the reality to what s/he finds important and fascinating. Yeah, sure you like n'Sync too! Absolutely, I just can't stand all these clever people at these clever people parties. While IRL you'd get dumped for being a spineless nerd, here the voting system plays your role, and you get to be the hot guy/girl: You vote, and the damn thing finds other people who voted like you.

OKay, none of you have been on dates, so maybe it'll just help to think of Amazon's patented system, or Tivo's: you buy something from Amazon, or a few things, and it starts recommending crap. On tivo, you start watching a few episodes of Xena, and it suddenly thinks you're a lesbian and fills the box accordingly. How do these systems work? By comparing your behaviour to others, finding a profile and behaving according to it.

That's all this credence system is -- you vote, and create a voting profile, and the system shows the results of others voting similar to you. There are no absolutes. A spammer doesn't have a chance.

Re:One problem with this Credence system:

[Mind+Booster+Noori]

Exactly... The real sollution is to use one of those p2p networks that has already a reputation system embeeded into it, that doesn't rely on the reports but on the network itself. Check GNUnet, for instance.

Re:One problem with this Credence system:

[nonlnear]

My eyes are rolling...

No. The trustworthiness computation is designed to preclude such attacks.

This is one of the lamest security fallacies around. By defeinition, the system is only designed to precludse those types of attacks that the system has been designed to preclude. Gramted, I don't think there will be botnets constructed that will fiddle with the system in a manner that will be effective, but it really IS possible.

In order to poison the ranking of one file effectively, you need a fake voting pool with clean reputation with size on the order of magnitude of the "honest" voting body. If you have that, it's a simple affair to poison a download pool (albeit temporarilly - until the honest votes start coming in to mod it down).

The key point is, poisoning is only a temporary effect (but that might be all that's needed, depending on the particular business problem the botnet is trying to solve.) The beauty of the system is that if you keep bolstering the botnet's reputations, one poisoned download is not really going to hurt their future usefulness. (Think 10000 good votes to one poisoned one.)

The key is that thios system is not effective at doing what the RIAA really wants to do: shut it all down. However, it could be very effective at suppressing a leaked movie for a couple days until release.

Re:One problem with this Credence system:

[sd_diamond]

As you vote for files, it stores your votes and discovers the set of peers with whom your votes are correlated. It also communicates with peers to find out about other peers with whom they in turn are correlated. The outcome of this computation is a numerical value computed for each file appearing in query results that reflects the probability that the given file is trustworthy. If you vote thumbs-up for good files and thumbs-down for bad files, you will be grouped with the vast majority of people who also vote honestly.

Oh, great. It's the high-school cafeteria all over again.

Bitzi all over again?

[Motherfucking+Shit]

How is this any better than Bitzi and its Bitprints, which are already built into popular Gnutella servents like BearShare?

"Our client provides a peer-based judgement that a given object will possess the properties with which it is labeled and enables users to evaluate search results for authenticity before downloading."

Sounds exactly like Bitzi to me...

"Many peer-to-peer reputation schemes have been proposed in academia. Credence is the first practical implementation of a peer-to-peer reputation scheme."

I don't think so.

Re:Bitzi all over again?

[zwei2stein]

Yeah, point is that bitzi is not tied to specifical network, protocol or client and it is free and easy to implement its support.

Too bad that not that many people use it...

Credence is simply not needed and fro what i read it is still rpone to false rating abuse (spammers will simply have to vote fro good files sometimes to get their trustworthyness to decent level, or they simply can flood network sp that cood votes will be minority)

Re:Bitzi all over again?

[gojomo]

Credence adds an interesting automatic custom-to-each-user trust metric, which we don't yet have at Bitzi. (At Bitzi, you should read over other users' comments and histories to make a judgement as to whether you'd like to rely upon them.)

- Gordon @ Bitzi

Yeah. This pisses me off alot. I had the idea too

[zymano]

-Most of the files on P2p are loaded with TROJAN Horses and Viruses ! Beware.

-You usually have to hold on to a 'bad' program just to review it for others in Kazaa . Kind of stupid.

-Usually have to look at size of file to determine if it's even worth downloading. Kazaa tried to use a metric like that for video.

-I thought of something like a Slashdot review system with creditable arbitrators . Damnit where are my props ?

-Emule does have good content but emule is ridiculously slow even with broadband.

Re:This has to stop

[NoGuffCheck]

lighten up.. dont you think your going a bit overboard?

exactly!

[eight+and+a+quarter]

if p2p files are legit, why do you need checksums.. these services will just cause more lawsuits nothing will be accomplished

Re:exactly!

if p2p files are legit, why do you need checksums..

Huh? Do you ask why ISBNs have checksums as well? Assuming they're "legit", of course...

Re:exactly!

[LuSiDe]

if p2p files are legit, why do you need checksums

To verify the integrity of the file(s).

Re:exactly!

[Secrity]

" if p2p files are legit, why do you need checksums.."

To verify that the file is, in fact, legitimate. There are a number of unscrupulous folks out there that would just love to have even just a few people install their trojans. As Ronald Reagan said "Trust, but verify."

Common carrier?

I thought the idea was to make a system where users can freely share files.

From 10-year-old girls sharing Britney Spears videos, to RIAA plants sharing crappy fake music, why can't we say that all people have rights online?

Here's a simpler idea...

[lightspawn]

If a file appears to by RIAA-affiliated music, treat it as a junk file.

Why bother with music the artist doesn't want you to have? Just forget about it altogether and discover new music, even new types of music that you'd never realize existed, much less that you could enjoy.

Re:Here's a simpler idea...

[KillShill]

one of the best suggestions in this thread.

deny them the money they use to brib^H^H err lobby congress with.

less money = less control.

Re:Here's a simpler idea...

Why bother with music the artist doesn't want you to have?

You're new here ?! Next time you'll say that we should all stop running windows and other pirated software !

Re:Here's a simpler idea...

[blake3737]

Yeah like glitch, everyone loves glitch music. I love listening to the sounds of a computer dying and consider it music.

Re:Here's a simpler idea...

[ciroknight]

I've always wondered why someone doesn't implement an algorithm that actually *listens*, rather, looks at the bit pattern's of the "song" and figures out if it's noise, or whether it's not. Of course, some music will hit false positives, but if you re-enforce the system with people, it'll get better. Neural networks and genetic algoritms could be used here.

The system's only gotta look at a few bits of the file to tell whether it's good or not, and as long as there are more people rating good music than people rating noise as good, then it'll work. It'd be worthy of an experiment at least.

Re:Here's a simpler idea...

Because then the RIAA could flood the networks with copies of "sunshine lolipops and rainbows" under a thousand different titles. It would certainly be recognized as a song to the software, but it wouldn't be the *right* song.

Or, in other words

It's a trust system that neatly tells the RIAA who to sue

NO

[zymano]

OVERVIEW

Credence is a robust and decentralized system for evaluating the reputation of files in a peer-to-peer filesharing system. Our goal is to enable peers to confidently gauge file authenticity, the degree to which a file's contents matches its advertised description.

At the most basic level, Credence employs a simple, network-wide voting scheme where users can contribute positive and negative evaluations of files. On top of this, a client uses statistical tests to weight the importance of votes from their peers. And finally, Credence allows clients to extend the horizon of information by selectively sharing information with their peers.
Authenticity and Pollution

We define pollution broadly as any file with content that does not match its description. An authentic file, by contrast, has content that is accurately described by its metadata. We find in practice that pollution in current networks can be easily identified by users without any special knowledge or expertise. As pollution becomes more sophisticated, more advanced detection techniques will need to be developed to help users safely identify malicious content.
Voting

The Credence system relies on individual users as the first line of defense against pollution. After a user downloads and uses a file, she is given a chance to submit a single vote to the Credence system: a positive (thumbs-up) vote for authentic files, and a negative (thumbs-down) vote for a polluted file. Each vote is cryptographically signed and entered into the system.
Vote Gathering

Credence uses these votes collected in the network to determine the authenticity of content. Credence displays a rating for each file that appears in response to a user query.

First, the client software executes a search for votes, and downloads a number of votes randomly selected from the network. These votes are then aggregated into a single estimate of the authenticity of the file in question.

Each vote collected from the network is not used directly, however, since some peers in the network may accidentally vote incorrectly, or even lie intentionally about the file's authenticity. Therefore we assign to each peer a correlation coefficient, or weight, reflecting the historical usefulness of the peer's votes. In effect, this helps remove the incentive for an attacker to lie about the authenticity of files. A consistent liar is, after all, just as useful as an honest peer when it comes to distinguishing authentic files and pollutions. And an inconsistent voter will come to be be ignored by others in the network.
Information Sharing and Transitive Correlation

Peer-to-peer networks can grow quite large, and many clients might participate rarely, sharing and voting on only a few files. This means that alone, a client may have trouble quickly discovering peer correlations and other historical data. To alleviate this problem, Credence uses a technique called transitive correlation to quickly spread information among small groups of peers and help clients expand their horizon .

In Credence, a client periodically requests historical data from selected peers in the network. This data contains information on how the peer voted in the past (cryptographically signed, as before), and information about how the peer is related to other peers in the network. The client can then validate this information for authenticity, then integrate it into its local databases. In this way, not only does the client take advantage of the work other peers do in evaluating files for authenticity, but also gains insight into the behavior of peers in the network. All this is done without need for user interaction, or any peer trust values, which can be difficult for a user to accurately determine.
Changes to the LimeWire Client and Gnutella Network

Credence is integrated into the LimeWire client, and works on top of the Gnutella network. The implementation is built entirely on top of existing primitives in the Gnutella protocol. It opens up no additional ports

Already been done by several networks.

Wow. I am so glad that these fine folks researched and invented a rating system for P2P networking. Because then networks like Shareaza and EDonkey wouldn't have to take the credit for having such a system several years ago.

While these "researchers" are writing their self-congratulatory paper for re-implementing other people's work, can I please get a doctorate in working them over with a baseball bat for being such jackasses?

Re:Already been done by several networks.

[Madd+Scientist]

a system just as vunerable to attack as their's as well.... if we all don't have unique identifiers as people, no system would be safe from a group of clone users working for the enemy.

Re:Already been done by several networks.

[Spad]

The ED2K rating system is fairly basic at best. Firstly you have to have the file sitting on your machine in order to rate it, which isn't too practical. Secondly it doesn't differentiate between filenames associated with hashes, so somebody might rate a file down because it's porn and not the movie they were looking for, but what if you're looking for porn? Finally, there's nothing to prevent people from spamming crappy/excellent ratings on files.

What outrage

[dedazo]

Because we all know that P2P is only used to trade legal content. How dare those evil record companies "pollute" the system.

Shocking.

I don't know that their tactics are effective - after all, networks like eDonkey|eMule seem to be pretty good at self-policing. But it's amusing to see the undercurrent of outrage in these 'stories'.

We all know damn well why the *AA folks do what they do.

Re:What outrage

[alexmagni]

Laughable. Nobody here is "shocked", and many people are as smart as you in guessing why *AA people do what they do.

Everybody decides which part they do belong.

The Cornell people simply developed a new weapon - if it will work we'll see - to be used in an escalating war. Possibly *AA will develop a countermeasure, hopefully not.

I don't see any reason for outrage either, the pollution of P2P networks is really old story (years).

Re:What outrage

[cahiha]

But it's amusing to see the undercurrent of outrage in these 'stories'.

With laws like the Sonny Bono copyright extension act, outrage is entirely warranted. Furthermore, I have no sympathy for those companies; as far as I'm concerned, a lot of their copyrights are unjustifiable. (However, I have personally not downloaded music from P2P networks, so far.)

Re:What outrage

[Jherek+Carnelian]

We all know damn well why the *AA folks do what they do.

Because it is easier than actually implementing a business
plan that co-opts people's natural desire to share good stuff
instead of fighting it?

Good summary

[kernel_dan]

For those of you that can't be bothered to RTFA, this system takes a profile of how you vote on files and matches you with other people who voted similarly. Thus, the spammers would see different ratings than 'normal users.'

You can already tell

[ravenspear]

It is already very east to tell the junk files from the good ones. The junk ones will come from a very limited IP range. What usually happens is that the *AAs, and the companies they hire to pollute the networks will use the entire IP range they own to do that, but that usually still only amounts to a few class Bs. The good files on the other hand will come from all different class As.

Re:You can already tell

It is already very east to tell the junk files from the good ones. The junk ones will come from a very limited IP range.

No. The RIAA/MPAA's of the world spam from a frequently changing IP space, and once their polluted content makes its way out to some users, it becomes impossible to tell apart from other legitimate-looking content. That's why we need a reputation system like Credence - no matter what the IP address, it should be possible to tell which content is worth downloading and disseminating further.

Its not all bad...

[distantbody]

The fact that I didnt get to play HL2 was compensated by the 2 hours of dwarf porn.

Re:Its not all bad...

[Glenneaux]

mm dwarf porn.

Re:Its not all bad...

http://www.penny-arcade.com/view.php?date=2002-11- 04

Re:Its not all bad...

[xlioilx]

dwarf porn huh ..where might I find the link for that torrent ;P

Re:This has to stop

It's just a very bad troll, no need to answer it :)

Legit Files

[Punboy]

The RIAA could easily manipulate this to cause legit files to be rated lower.

Re:Legit Files

from their FAQ:

8. What happens when a large number of spammers vote each others' spam up ? Can they fool the reputation system ?

No. Credence's reputation computation is similar to Google's PageRank, but is more general - every node computes a different rank based on its own votes. Reputation flows from a given good node along trust edges towards other nodes. Spammers can create tight cliques in which everyone votes on each others' spam, but the entire clique will be deemed untrustworthy. And if anyone in the spammer clique does a search, they will see each others' spam ranked high.

http://www.cs.cornell.edu/People/egs/credence/faq. html

Re:Legit Files

[Conspiracy_Of_Doves]

No it can't. Read the article.

Re:Legit Files

[karmatic]

Actually, they can. With access to a large address space (not too hard to get really, especially if you don't care about the law), you can still do large amounts of pollution by gaming the system.

Suppose you represent company X. Look for legitimate files from company Y and Z's stuff. See who rated them up, then clone all their ratings (which would include some company X works as well). Create a bunch of permuations based on the data you have dumped, and mod the legit files from the company you represent down. Sure, you're only 98% "accurate" in rating, but you are 3/4 of the people as well. Also, since you cloned a broad spectrum of people, you're likely to affect many different "sets" of voting people.

Re:Legit Files

[KillShill]

mmmm DRM

mmmm not being able to use a product you bought legally

mmmm having to phone home to get permission to play single player

mmmm gnome porn.

Re:Legit Files

[John+Nowak]

This is the problem with Linux: There are two kinds of porn! If everyone would get together and work on the same porn, it would be much better. I'm stick of seeing Stallman's ass anyway.

Re:Legit Files

[badfish99]

But to maintain your reputation, you've got to mod up company Y and Z. Meanwhile someone from Y has had the same idea and is modding up X and Z, and someone from Z is modding up X and Y.
The result is a net gain in accurate votes.

rtfa, sucka.

[knowles420]

7. Can a group of spammers game the Credence algorithm by voting thumbs-up for each others' spam ?

No. The trustworthiness computation is designed to preclude such attacks.

8. What happens when a large number of spammers vote each others' spam up ? Can they fool the reputation system ?

No. Credence's reputation computation is similar to Google's PageRank, but is more general - every node computes a different rank based on its own votes. Reputation flows from a given good node along trust edges towards other nodes. Spammers can create tight cliques in which everyone votes on each others' spam, but the entire clique will be deemed untrustworthy. And if anyone in the spammer clique does a search, they will see each others' spam ranked high.

or, just do whatever you want.

Re:rtfa, sucka.

[Madd+Scientist]

buddy, i did read it. let's say i am the RIAA, i pay a kid to vote on tons of files to gain a high reputation level. i record and duplicate that process and create 100,000 user accounts that all have high reputations automatically. now i upload a fake file and give it 100,000 thumbs up votes with my clone army. now because the thumb's up are in the majority, the thumb's down votes will actually result in LOWERING the reputation of the people voting correctly and RAISING the reputation of the people spamming the system. ok, so you ban all those users. ok, now the RIAA runs their user account creation script and has another 100,000 users ready with full reputation in minutes. if you put a delay on how fast users can get reputation then they'll just constantly be creating large sums of users. add some text image verification during user creation? i'll pay someone $10 to type in the text and automate it so i can get 3600 users an hour. do you think you can keep up getting 3600 new REAL users an hour to stop me? i doubt it. YOU CAN NOT run an honest voting system unless every vote can be linked with a unique human. without "barcoding" our nation we can't get anything truly intelligent done.

so how about instead of me reading the fucking article, you sit back and think a few fucking thoughts of logic. TAFFTOL. TAFFTOL.

Re:rtfa, sucka.

[PylonHead]

No, the pot smoker is right. Your brain is too small to absorb their goodness.

In their system there is no single "high reputation" metric. Everyone had a different reputation to each other. Three people, A, B and C. A may have a high reputation as far as B is concerned, but C thinks A has a low reputation.

They do this by grouping people who vote the same way. So you trust the people that vote like you do.

Assuming that you vote good files up and bad files down, you will be grouped with people who do the same. At some point, the spammers have to start voting differently than you do.. voting their spam up. This will distance them from your trust network, and cause you to value their opinion less.

Re:rtfa, sucka.

[NitsujTPU]

so how about instead of me reading the fucking article, you sit back and think a few fucking thoughts of logic. TAFFTOL. TAFFTOL.

You don't understand how this works at all. Apparently you never will, because instead of finding out what people are doing, you'll just "sit back and think a few fucking thoughts of logic."

This is not at all as simple as counting who gets the most thumbs up.

Re:rtfa, sucka.

[xquark]

yes correct, and in-fact it can be taken one step further:

assume the system is able to determine symmetric groups.
that is groups that have totally (or near totally) different
voting directions, an example would be the honest group and
the spammers group.

if say the spammers vote something up, instead of the honest
group ignoring their rating, they can use the symmetric
properties between their group and the spammer's group to
re-enforce their vote (aka the credence) of the file in
question - in this case rate it down even further.

If the right restrictions were put in place such as the fact
that the symmetric effect will only effect files that have a
negative credence and not files that have a positive credence,
then various forms of collusion can be over come.

A lie can always be turned into a truth and a truth into a lie...

Arash Partow
__________________________________________________
Be one who knows what they don't know,
Instead of being one who knows not what they don't know,
Thinking they know everything about all things.
http://www.partow.net/

Re:rtfa, sucka.

[Madd+Scientist]

actually, no. i am right. the way i said it would work is the RIAA gets users to BE IN YOUR TRUST CIRCLE, and then suicide bomb a bad file with thumbs up.

individual users don't mean anything if you can mold millions of them however you want and then dispose of them. like i said before, if the RIAA is the one distributing the bad files, then they obviously know which ones those are, so they can auto create tons of users who vote PERFECTLY, and thus everyone will value the opinion of extremely highly.

THINK.

Re:rtfa, sucka.

[Madd+Scientist]

i understand exactly what it is. if you value someone who votes like you, and we assume you vote perfect, then you will highly respect the vote of someone just like you. so the RIAA creates tons of users that vote perfect. this can be automated and can not be stopped. any sollution to stop creation of fake accounts is just another layer idiocy.

block certain IPs? ok well i'll call up a trojan author and get my account creation program put in his next virus.

require valid email addresses? come on, if this was possible we wouldn't have spam.

if the RIAA is willing to pollute the FILES, then OF COURSE they are willing to pollute the user base, and it is trivial for them to do so.

this is like putting a lock on your screen door after a robber broke the window next door. if he's willing to push through the screen he can still get in. dumb dumb dumb. and you idiots responding are even worse. no, it makes sense, i only trust people that think like me... isn't that how the nazis worked?

Re:rtfa, sucka.

[Madd+Scientist]

well, just answer this: i am a spammer who can create 1000 users an hour. all of these users will place 10,000 votes on files. his reputation will be perfect. then 24,000 of these "perfect users" will all give a thumbs up to a bad file. their voting record is 99.99% matching with your ideal user, and the 24,000 thumbs up votes FAR outweigh incoming thumbs down votes. if the thumbs down votes are able to catch up, i'll just increase the pressure to keep them down. how can you systematically stop that? you can't. you can't just discredit people because they voted "wrong" once... you can't figure out when this is happening, because for just as many good files you'll have a symmetrical group of clone users voting thumbs down to those... so you can't default on an action when there is controversy... you have to have a trusted governing body step in and make the ruling. the system has unstopable holes... the only reason the system exists is to stop the people who would exploit these holes, so you can't say it will discourage most people... because it probably will. and it may even work on some files for a while. but the second that it hurts the RIAA they'll step in and spend the time needed to execute the simple defense.

Re:rtfa, sucka.

[cahiha]

No, the pot smoker is right. Your brain is too small to absorb their goodness.

The authors have not shown that their system is resistant to attacks. Maybe it seems plausible to them and to you that it is, but plausibility is not the same as actually demonstrating that property.

Re:rtfa, sucka.

[danielrose]

put in a system with the image confirmation nonsense, like slashdot has now. this would prevent joe bloggs spammer from easily creating 1000 accounts per hour.

Re:rtfa, sucka.

[Redwin]

ok, so you ban all those users

What happens if you don't ban their votes just their ability to see the correct rating of something? If you can create trust links between peers (ie A votes something positive and so does B then A has a higher than normal trust of B and his vote is weighed more) If A downloads a file which is a fake and rates is as a fake then his trust of everyone who voted it positivly is reduced dramatically. Like in society, one has to work hard to build up a reputation but one error can undo a lot of good work except from their closest friends.

Mapping that concept to a peer to peer system, combined with sending false information to low trusted users could result in people having to be honest to get reliable ratings. Kind of like an eye for an eye system where the more you lie the less reliable the information you get back is. If groups of people all work to produce false high ratings, they will recieve those positive ratings between themselves but people not in that circle will see almost an inverse of that as they are not trused within their social group. As such spammers shouldn't be able to tell how reliable there ratings are.

Re:rtfa, sucka.

[andersa]

You don't get it. You can't infiltrate the trust circle. Those inside would shove you out, once they find out you are no good, so your basic premise fails.

Re:rtfa, sucka.

[pv2b]

1000 accounts per hour for an hour isn't outside the realm of possibility at all.

There are 3600 seconds in an hour. If you were to streamline the process of registering the accounts, so that the only human process were to decode the CAPTCHA image, I could definitely see myself performing one of these tests every 3.6 seconds, especially with some practice. (Depending on the difficulty of the test of course.)

This is where you employ people at minimum wage, or even illegal immigrants below minimum wage. I'm not that in to the exact figures for the United States, but I'd guess minimum wage would be somewhere around $5/hour. This makes it pretty cheap to create 1000 accounts. :-)

Now, going beyond say 1000 by a few orders of magnitude, the cost of passing CAPTCHA tests goes up the same way.

This, of course, is ignoring advances in AI technology that are starting to be able to identify and pass CAPTCHAs. It doesn't matter if they suck. Even if you only get 1% accuracy on them (lowball estimate), that only slows down an automated account generation attack by a factor of 100, and with *cough* clandestine grid computing *cough*, this becomes a quite effective attack in todays world with zombies etc.

Re:rtfa, sucka.

[wren337]

So in this case, this kid you're hiring has identified 100,000 good files for me in order to join my trust-clique? I would say that's money well spent by the RIAA.

Re:rtfa, sucka.

Assuming that you vote good files up and bad files down, you will be grouped with people who do the same. At some point, the spammers have to start voting differently than you do.. voting their spam up. This will distance them from your trust network, and cause you to value their opinion less.

Credence is decentralized and therefore easy to astroturf by someone with the resources to do it. Read their 'how it works' bit... The client generates the keys, the keys are not signed by a central trust authority. An attacker can request every user's voting profile as part of the system's standard operation and generate a different voting profile on the fly for each user's request. If the attacker's key is marked untrusted, it's no big deal. The attacker can simply generate a new key for every request and merrily continue to astroturf. Without a central key signing authority, the web of trust is weakened significantly.

Anatomy of an attack:

Attacker A receives a vote profile request from user B. In response, A requests B's vote profile. B sends the profile, A creates a profile matching B's exactly. In addition, A adds all of A's known corrupt files to the new profile, signs the new profile with a disposable key, and then returns it to B. B, now seeing a high correlation between B's profile and A's lumps A into B's trust network and begins downloading bogus files. B marks A's key as untrustworthy, but in vein. B makes another request, and A responds in an identical fashion, but with a new disposable key. Rinse, repeat.

And to top it all off, when the RIAA drags you into court, they now have a history of files you've illegally downloaded in addition to files being shared. Depending on how Credence identifies specific files, they might even have an upload count giving them very precise information on who to sue to do the most damage to the network.

Re:rtfa, sucka.

Hahahahahaha...

I love it when faggots get their pannies in a ruffle over a /. discussion.

Get out of the basement and get a fucking life.

Re:rtfa, sucka.

[d34thm0nk3y]

The authors have not shown that their system is resistant to attacks. Maybe it seems plausible to them and to you that it is, but plausibility is not the same as actually demonstrating that property.

You can prove things in math, logic and by extension computer science without having to physically demonstrate them.

Nice countermove...

[barks]

I like this idea. Media hordes, read as RIAA and MPAA, will constantly try to find technical ways to put the P2P genie back in the bottle.

For every Napster (Kazaa, etc.) they close, another will be spawned. For every fake or intrusive system they create to battle downloaders, another downloading method will be innovated. For every commercial they feature a celebrity crying copyright heresy, /. mobs will just mock them.

It's no shattering concept there'll never be a checkmate for either side.

Implications

[robertgeller]

Aren't there some implications with this idea, that maybe it's trying to enable people to download illegal or illegitimate files? I mean, many of these so-called "polluted" files are polluted for a reason: because they're illegal for just any person without a license to have. By coming out with an idea that goes against protections against this illegal downloading, I would think there's some sort of implied statement here.

Moderate Moderators

[zymano]

Like what Slash does.

You misunderstand

[fbartho]

You misunderstand what you quoted... if they flood the system with votes, it matches them with the type of vote they make, when you use it you are matched with the type of vote you make... Thus, if you mod real files up then another user who mods real files up will trust your mods more than somebody else. If the evilpeople mod real files down and bad files up, then they will trust the mods of other evil people, but they won't trust your ratings, and you won't trust them.

Thus if you wanted to have a really easy way to find a list of crap files, you just have to mod down every real file you have, and mod up every piece of crap you have, then do a search. Your results will be clustered by the trust that the file you are getting is "like yours" or in that case, a fake.

Is this new?

[distantbody]

Hasnt Bitzi been doing this for years? The major pain about Bitzi thought is that people are too lazy to comment on good files, its only when they get VISTA's ;) that they comment.

FYI, Virii/Infections/Spyware/Trojans/Adware

Re:Is this new?

FYI, Virii/Infections/Spyware/Trojans/Adware

So that's why MS came up with that silly name!

Re:This has to stop

In general its very disturbing how short sighted the high tech communicty has become. I don't think it's always been this way... but I haven't been around all that long.
If you look around you see this absurd childish opposition to any kind of laws that enforce copyright, or attempt to protect any kind intellectual effort. It's as if almost no one can go beyond the "I want it! I want it!" mentality to see how that attitude can come back to bite them in the ass.

Polluting?

[Brundylop]

I don't know about you guys, but I tend to like the horrible screeching noises coming from my newfound mp3's.

And my neighbors merely assume I have terrible taste.

Fuck Roland

[humberthumbert]

Fuc...oh wait. Sorry. Too quick on the trigger. My bad.

If........ then.....

[rolfwind]

If we had a P2P system that was encourage to boot off copyrighted works, we'd also have less junk (RIAA has no incentive to flood it with crap) but also maybe a viable platform for Independent artists to distribute their works...............

I was going to go further down this line of thought, but now that I think about it, with bittorrent and a self-promotional website, an independent artist can get his stuff out their with minimal bandwidth expenditure. I can't really feel for either side in the debate - people who want stuff for free and the RIAA who are even bigger leeches.

I haven't been on a P2P network for ages..... though I still lament the passing of old MP3.com because that was a convenient central place to find unsigned artists who wanted their stuff out there......

Who cares

[str8lazy]

So what if there is crap out there, your an idoit if you download it, it's your fault, serves you right. Your dumb if you download the crap, hopefully you can read and you should be able to decipher the crap from the good stuff anyway. That is how people normally get viruses, they are always messing with crap that they dont understand. Learn how to surf the web if your going to get illegally downloaded stuff. Your going to end up getting screwed if you dont know what your doing.

Re:Who cares

[PhreakinPenguin]

I'm thinking this is a troll but what they hey, I'll bite. The problem with the P2P flooding is not that people don't know how to use it. I've used P2P for quite awhile now and would consider myself somewhat "skilled" at searching for things I need. The junk files are the exact same size as a normal file would be. A song for example, will show that it's a 192KB song, lasts 4:30, and is shared by 40 people. So you download it and start to listen. The first 30 seconds is perfect audio, then it's followed by 4 minutes of either dead silence or some sort of annoying tone. I can almost guarantee that there's more junk out there than real files. And as a side note, you may want to know what you're talking about before you start calling people dumb.

Re:Who cares

There is something ironic about someone who says "your dumb if..." and "your going to..." talking about reading and dumb-ness....

Re:This has to stop

[jericho4.0]

You're a troll, but your first paragraph accurately represents what many feel about this.

The research and motivation for this is important. If peer to peer networks can be subverted, then they have lost their usefulness. IMO, the sharing of copyrighted data is unavoidable, and sacrificing the freedom of a protocol in an attempt to prevent it is shortsighted.

It probably would have been better for Cornell if it had been left as a paper, rather than implementing it.

50 percent

[PromANJ]

What happens if the 'polluters' mod 50% of the files correctly?

Re:50 percent

[patio11]

Polluters can mod 98% of the files they vote on correctly -- you can afford to create a hundred, a thousand, a hundred thousand spurious peers on the network and then have each of them vote "correctly" on either files you do not care about or garbage you have injected into the network which is designed to be garbage, not look like actual content ("Hah, look at user RIAAccount3458234, he has a 49500 of his last 50000 "bad" mods were accurate at picking out RIAA garbage! Imagine that!").

Now, take the set of identities you have constructed and hash them against the set of files you care about. If thats 40 files (say, the Top Fourty for this week), you can have 1,000 dummy accounts saying "RIAA crap!" for every "true" Top Fourty song you find on the network (or just mod everything down -- if the system says every file is illegitimate its useless, right?), or alternately you can mod up 4000 decoys with 10 "I downloaded it and it works for me!" mods. But your guys won't cluster together, because you can let those nice hashing properties keep people from discovering connections between your army of mod bots. They will look, from the outside, like dedicated users with 98% accurate detection rates who have never voted in common on any subset of songs before.

Taking advantage of the hoarder mentality

[hellfire]

Many hardcore file shares and hosters, dare I say most that would call themselves hardcore, are not in it for getting free content on demand when they want it. They are into collecting absolutely anything and everything they can get their hands on. In some collections, people wouldn't possibly, in their lifetimes,be able to listen to all the music or watch all those movies. But just the thought of having it makes many hoarders happy. And it's not even necessarily reputation amongst others. It could be in many cases, but not always. They just have to have it.

What's my point? Well, this is the greatest strength and weakness of peer to peer. Hoarders ensure a healthy flow of files, but they rarely actually check what they have. They don't check to see the software works, or if the music is a complete copy, or that the movie was cut down to a quarter of the original screen size.

This is what companies take advantage of, both those who want to hurt swapping, and those who just want to seed files for the purpose of installing some evil spyware. It's nice to have a bunch of people trying to seed the masses but cmon the point of file sharing is to pool our independent resources. For someone who doesn't have all day to search for files and test quality and whatnot, it is sometimes less painful to just go buy the CD than it is to actually try to download it amongst the mess of files that are out there.

Re:Taking advantage of the hoarder mentality

[cowscows]

And that's why there's such a great business opportunity for downloadable content. That's why Apple is selling so many songs with their music store.

"Casual" downloading of shared content is hard, especially if you want decent quality. Convenience means a lot to people. There are lots of lazy individuals with plenty of money, and they'll happily give you a little money if you do some work for them. And figuring out a decent download counts as work.

I don't mind the music and movie studios being against file sharing. I don't even mind them suing people who share files. I just think it's kind of silly for them to be as vocal about it without offering something to compete with it. I mean, these people run giant media conglomerates. You don't get into that position without at least a decent amount of business savvy. Why are they so unable to see a big potential source of business?

But I agree with you with the hoarder mentality, and I find it sort of fascinating. A few years ago I had a roommate like that. He had every game imaginable, and no time to play them since he spent all his free time downloading more. He had every piece of graphics software I've ever heard of, and no time to really learn how to use them. He downloaded 320x240 copies of lots of crappy movies, and he watched some of them, but always secluded back in his room by himself, cause nobody else wants to watch sucky quality like that. While my other roommate and I would buy a few DVDs, and hang out in the living room with a couple other people and make it a decent social event. It was interesting to watch this kid go.

Re:Taking advantage of the hoarder mentality

[leland242]

"Casual" downloading of shared content is hard, especially if you want decent quality. Convenience means a lot to people. There are lots of lazy individuals with plenty of money, and they'll happily give you a little money if you do some work for them. And figuring out a decent download counts as work."

I agree with everything you said except for this.

Time = money. That time might be your time spent relaxing or your time spent earning more money. Some people only want to slack off and others only want to work - most people have a balance. How is it lazy to pay someone to work for you? All you really did was purchase the time you didn't have to spend figuring something out. Think "$50 card installation" services - etc.

Also, I'm curious - what happened to your old roommate? :)

Re:Taking advantage of the hoarder mentality

[cowscows]

Yeah, I was generalizing a little bit with my "lazy" comment. A lot of what we pay people to do is because we don't have the time or ability to do it ourselves. I guess the point is, most people would rather spend their time consuming said content, then figuring out how to obtain it. Maybe it's not laziness as much as disinterest in the process. I didn't really mean it in a derogatory sense. If you go to work and dig up concrete all day, you're not a lazy bum just because you don't feel like spending all night fighting with Kazaa. But yeah, you get my point.

  I think you could argue that something like the iTMS actually almost reverses that, because it makes the process of finding music kind of fun. It's well laid out, it's useful, and it's immediate gratification. The only one of those that you can really say about p2p in general is that it's useful.

My old roommate graduated from college (he did usually get most of his work done), and he moved back to california. Now he's working as an intern architect last I heard. No clue how many harddrives he's filled up since he left. He's a good guy though.

When it comes to quality files...

[Ichigo+Kurosaki]

The only place I haven't seen a large quantity of fake files or trojans is on usenet.

But maybe I've just been lucky...

Re:When it comes to quality files...

[Beolach]

You've been lucky. Usenet has just as much spam crap as anything else, in my experience.

Re:When it comes to quality files...

[Quattro+Vezina]

Add IRC to the list.

I use IRC as my main means of getting TV shows that don't air in my country, and bogus files are rare, probably because people who run such servers can be kickbanned rather easily.

Re:When it comes to quality files...

[toddestan]

The only place I haven't seen a large quantity of fake files or trojans is on usenet.

Shhhhhhhh!!!!!

Reputation system for P2P network?

[Phidoux]

That sounds like a bit of a contradiction in terms!

Companies hurt

[jamienk]

Many many companies (and individual artists) have faced SERIOUS economic damage by attempts to thrawt P2P from being absolutely ubiquitous and maximally effective. Estimates are in the BILLIONS of dollars (US only) of lost sales in broadband connections, blank media disks, large hard disk drives, software support, consulting fees, home audio/video equiptment, and the like. And Western countries are fast falling behind as the majority of educated citizens from developing nations take advantage of the black market for these goods and services while Western citizens are blocked in droves by propaganda, political corruption, inferior substitutes, and FUD from fully participating in the open exchange of science, the arts, poltical discorse, and culture in general.

Credence will hopefully bring us a bit closer to reaching our current potential.

Re:Companies hurt

[Matey-O]

That's a lovely, scary, statement you've made there, and it's earned youa buncha karma...care to back up the claims with a citation or two?

Billions? I highly doubt Billions.

Re:Companies hurt

[helgihg]

Yes, yes. Actually, the evidence behind sharing artwork simply does not stand with the case. It is ASSUMED that they're losing an X amount of money because of some Y factor, but no evidence has popped up yet to actually support these claims. I believe that it's a fundamental mistake to first of all assume that those who are downloading copyrighted material, are going to be less interested in buying a retail version. I think this whole thing is a misunderstanding. I think somebody who downloads Fight Club and loves it, is in fact MORE likely to buy the retail version than someone who never saw the movie to begin with (or experienced it as-good-as-it-gets in a moviehouse or something). I think the fundamental mistake here, is to assume certain behaviour upon dozens of millions of people, in a multi-billion dollar industry, and to me, that's not just scientifically shaky, it's also intellectually proposterous. People don't just work the way you (or the companies) assume they work. The companies are NOT losing money, quite on the contrary the industry is expanding faster than ever before, and absolutely nothing indicates that the free flow of information in general (regardless of copyright) has any consideriable negative impact on the interests of these companies, not to mention the good it actually does to the idea of a people, that have the opportunity to know what they're buying before they buy it. That's not a very high standard, to know what you're buying, and me being able to use my mother's car every once in a while does not mean that I don't have any reasons left to buy my own car. Quite on the contrary, if I'd *never* use my mother's car, I'd probably just be happy with bicycling. But I'm not. I like to drive, and I want my own car. I bought myself a Muse CD the other day after a buddy of mine showed me dozens of their songs, 100% illegally. This people-work-in-the-worst-possible-way theory just has to go. It just doesn't work like that. I'm betting on that not only the industry, but also the public, will have grown up from this scientifically shallow theory of a people that simply hate good products. It's just simply not the case.

Re:Companies hurt

[realitybath1]

As a futuronomer, I hope Credence will bring us closer to reaching our future potential.

Re:Companies hurt

[jamienk]

How many of the following have YOU bought in the past 18 months?

• p2pod (iPod with the ability to play any audio ever made by wirelessly finding it and sharing it on the p2p networks)
  
  
• p2TV (Television set capable of playing any video ever made by finding it and sharing it on the p2p networks)

Do those not sound like miulti-billion dollar markets to you (hardware, peripherals, connectivity, service, suppport, and competition)? Those products would generate several other innovative industries, non-profit projects, and social movements that we can't even begin to imagine.

Re:Companies hurt

[Matey-O]

uh huh. While I'm a member of the lunatic fringe and download/PVR the stuff I want, I doubt I'd pay much more than what I'm paying for Satellite TV now to get it.

And I still don't see your citation.

Not the only one

[shadowmatter]

Another metric is Eigentrust out of Standard: link (warning: PDF). If I recall correctly, it computes the trustworthiness of a peer by computing its left principal eigenvector. This is the same method Google uses to rank pages in its search algorithm.

- shadowmatter

Even better answer

[quadra23]

quit downloading crap off of kazaa/grokster/morpheous/etc

Use a P2P program that actually includes some 'anti-junk" features. I typically use Shareaza (probably not the best, and I'm sure someone will state a better P2P but the points still remains, Shareaza does offer some features these clients do not -- including a rating/comment system that goes with the file whenever anyone finds a search result for it). Usually I know if the file is a fake before I download because I use some obvious signs:

• How many sources have this file? (more can be just as suspicious as legitimate
• Is the file size relatively the same to one fake file I already downloaded? (yes, sometimes they are just copies with different names)?
• What kind of comments/ratings does the file have when I select it in the search list? (of course this could be a little flaky if the 'junk spreader' decided to positively review the file)

I prefer the client program including these features, especially when it's available to connect to several networks at the same time. Nothing worse then getting a 100MB+ file and realizing you wasted the bandwidth for not, or the program you downloaded wasn't the same as the file name (more legit, but not what you were looking for).

Do be careful because some files that are really a virus can be detected by AV as 'ok'. Thankfully I found the virus before it did much damage and by reading the Symantec AV report I was able to make sure I removed it completely. Just because one 'setup.exe' claims to be a setup program don't trust it unless you trust the name of the setup program -- "Program Setup Wizard" does not cut it!

Since Shareaza also supports torrents I usually go through torrent sites and have rarely had any 'junk' files from the torrents. The more junk the RIAA (and other companies!) try to spread the better we get at ignoring and working around it!

Re:Even better answer

[eight+and+a+quarter]

This is what happens.
Company XYZ comes up with P2P app.
Distributed online for free.
Users who claim to be legit flock on P2P site.
**AA lawyers swarm.
Site is closed down.
People are sued.


Real losers?
Company XYZ.
Users who are sued as examples.
You just lost the newest P2P site.


Wash. Rinse. Repeat.

Re:Even better answer

Use a P2P program that actually includes some 'anti-junk" features... How many sources have this file? (more can be just as suspicious as legitimate) Is the file size relatively the same to one fake file I already downloaded? (yes, sometimes they are just copies with different names)? What kind of comments/ratings does the file have when I select it in the search list? (of course this could be a little flaky if the 'junk spreader' decided to positively review the file) You could do all this manually, and it might work, but the point is that Credence can help you rank files automatically without having to do anything. Think Google's ranking algorithm, for P2P.

this is stupid-Most Popular WM.

"ANY system you put in place that gathers "votes" from users can be manipulated."

That's what I keep telling the KDE users.

--
The "are you a script" word for today is deftly

Only vote AFTER download

12. How do I vote for a file? The search window has only a Ratings button, but no voting button. You can only vote on files after you download them. Once you have downloaded a file, go to the library window, select the file, and click either the thumbs up or thumbs down button.

Ofcourse I don't know whether a copy of said file on harddrive attained through other means counts as a full download...

Easiest Attack on Credence

[patio11]

To guard against a Sybil attack, they require you to get a certificate from a central server (single point of failure) to be able to rate files. To prevent you from just requesting an arbitrarily large number of certificates, they require you to first download a very large file before applying for the certificate (I assume they just create random data and have you respond to a challenge based on the data -- like "OK, you tell me the SSH2 hash of the file at www.gohere.com/youruseridhere.txt and I'll tell you your certificate").

So how do you break the system? Simple: request a lot of certificates, slashdot their "large file" server, and watch as legitimate peers are unable to use the system for lack of their own certificates. All you have to do is have more bandwidth at your disposal than two undergraduates do. What are the odds that the RIAA or an interested adversary with a bot-net can manage this? Survey says: pretty darn likely.

Re:Easiest Attack on Credence

Providing fake files on your own Gnutella nodes is quite different than knowingly DOSing someone's server. I think there are some legal ramifications to DOSing, even for the RIAA.

Usenet

[elong87]

Usenet is always reputiable.

Re:Usenet

[pandrijeczko]

Sssh!

Remember, we're supposed to keep Usenet secret from Joe Sixpack.

Re:Usenet

[Ph33r+th3+g(O)at]

Usenet is actually very vulnerable in that to get any recent stuff, one must subscribe to a "premium" (i.e. doesn't drop the warez and media groups) provider. I expect that soon one of these providers is going to be prosecuted, and that will be the end of premium news servers in the U.S. Next will come the clampdown on anyone subscribing to one offshore.

Re:Usenet

[badfish99]

But usenet has been running for years, and there's never been a legal attack of that sort. New PtoP systems get attacked quite quickly. It looks like usenet really is below the radar of the RIAA, simply because it is not new and not advertised.

Self-control is needed

"Don't you mean the real illegal files from the fake illegal files? Seriously, it is no surprise to me why P2P has gotten a bad rap. Many of the users simply use P2P apps to commit piracy."

I'm assuming Cornell has better sense than that, and is doing this research for much better reasons that to simply give piracy a hand.*

Of course technological solutions are "short-term" solutions, and never solve the underlying social problem. Only delay it ever being solved, by the real means it should be.

*The Semantic Web for example could benefit from a good reputation system.

--
"The "are you a script" word for today is notarize.

Re:This has to stop

[aussersterne]

I am not a pro-terrorist academic in the social sciences. I am a pro-communist academic in the social sciences. Get it straight.

Flaw in this approach

[typical]

Actually, while I doubt the OP intended it, he has a good point.

See, let's be honest about this. While there will *always* be jackasses out there who spam networks just because they can, and a few more people trying to shove spyware down people's throats, a pretty big chunk of the folks producing spam are those trying to prevent their copyrights (however overly-long-lived they may be) from being infringed upon.

So, the point is, that it's a good bet that a sizeable chunk of the files being shared aren't exactly legal.

Which means that you don't really want to make it especially obvious that you're sharing said file.

What this system does is provides a cryptographic signature on a small, publically downloadable piece of data that establishes that you have downloaded and *consciously examined* the file.

Frankly, this is pretty good evidence for someone trying to push an infringement lawsuit that you have infringed upon their copyright (yes, our work has MD5sum "foo" the same as the thing this guy is rating.

That being said, I do think that a more sophisticated method to this approach will win.

The largest problem on the Internet has always been rating and attributing data -- Google takes a pretty decent stab at some of the problem, and look how essential they've become. This just does a much better job.

One problem with this Credence Clearwater system:

I understand it perfectly. I also happen to see a hidden danger. Can you spot it?

--
The "are you a script" word for today is astute.

RTFA

[DarkJC]

I don't know how many times it's been said, but I'll say it once again: RTFA. To all those who are saying "this could easily be abused by the RIAA, making legit files seem bad": RTFA. Assuming you have the ability of making the decision whether a file you downloaded is bad or good, this system works by correlating your vote data with users that vote like you do, meaning that since the RIAA will obviously be voting for bad files, those files may appear even WORSE on your end because of their input. A clever system if you ask me, much like Google's pagerank.

Renamers

[DuranDuran]

Organizations such as the RIAA and music labels regularly pollute these networks with nonsense files masquerading as real music/video files. ...as do the "renamers". I wonder if anyone has studied why such people rename files in this way?

I second this.

[why say more?]

Problems

[iamnafets]

I can see two problems with this system. The first being if the spammers have a majority in the system and are voting all the spam files good and everything else bad. If this was the case, everyone else would be "untrustworthy" and the system would be flip flopped. A simple "absolute" would turn the system back around. The other problem would be more practical, in which the spammers vote a bunch of a good files good, and one of their bad files good. Making tons of these accounts, their trustworthiness should be alright (1 mistake is probably allowed for) and they succeed in polluting the pollution system. The ideal way to combat this is to say even one mistake makes you untrustworthy, but I'm thinking this would probably lead to a collapse of the entire system when the first user decides to vote wrong, and the system turns itself over. I'm not expert though.

Re:Problems

[Beolach]

Except the way it works is that the reputation of a file that you see is based not on the over-all votes of the total population (including spammers). The reputation of a file that you see is only based on the votes of other peers that you have a high correlation with, based on what files you rate as good and bad. So if you have rated 9 files, and I have rated those same 9 files in the same way you did, then Credence would trust my ratings for you.
From the FAQ:

3. How does Credence know who is trustworthy and who is a spammer?
Initially, it doesn't. As you vote for files, it stores your votes and discovers the set of peers with whom your votes are correlated. It also communicates with peers to find out about other peers with whom they in turn are correlated. The outcome of this computation is a numerical value computed for each file appearing in query results that reflects the probability that the given file is trustworthy.

If you vote thumbs-up for good files and thumbs-down for bad files, you will be grouped with the vast majority of people who also vote honestly. You will then compute a high trustworthiness metric for all files that this (potentially very large) group of users has ever voted on. If you vote inaccurately (i.e. you are a spammer), you will compute a low trustworthiness metric for other non-spam files, and honest users will compute a low trustworthiness coefficient for your opinion. It is thus in your best interest to vote honestly.
...
6. I hate the music group X. Should I vote thumbs-down for their songs?

No. See the question above - your votes should simply reflect whether the file's description is accurate and whether its contents are intact. Voting thumbs-down for a perfectly good file may cause your node to be lumped in with spammers and reduce the effectiveness of Credence for you (i.e. you will likely see more spam in your searches).

Re:Problems

[Beolach]

Whoops, posted too soon. The second potential problem you describe is more in line with how Credence is described to work, but I think it's unlikely to be a very big problem. Yes, the system will probably allow for "mistakes," but it will cull those mistakes out. So if the spammer rates most good files good and bad files bad, but rates their one spam file also good, then it is possible your client will report that spam file as having a high credibility. But, once you (or anyone else) download and find that it is not a good file, you will rate it bad, and as more people rate it bad, its credibility will go down. It's a case of diminishing returns for the spammer.

The real reason behind this research?

[markpapadakis]

Those researchers must have spent too much time downloading stuff, much of that time lost in downloading bogus files. I suppose one day they said 'enough is enough!, no more masquaraded files, we want our mp3s!', or something like that, so they did it. :)

Creativity and research usually comes from the needs of the very people who conduct it.

rtfa, sucka.-Groupthink actually works?

So, when's Slashdot going to impliment this "golden" system?

Re:rtfa, sucka.-Groupthink actually works?

[LinuxHam]

when's Slashdot going to impliment this "golden" system?

Right after they implement a spell checker.

Re:eDonkey/Mules

[porttikivi]

The system on Donkey/Mule network works in practice.

If a RIAA person marks all good files as bad, someone will notice this at some time and add a new, additional comment refuting the other one. At that point people will just have to accept the contradiction and see for themselves. The real good files propagate enough so that their availability will be the best recommendation.

Marking bad as good helps RIAA little, because many people will mark it bad anyway, or delete it from their disks before it becomes widely spread.

Another nice info on eMule is a list of differing names of all occurrences of the file (by its MD5 has) it has found. Those often reveal more info, because people rarely use the comment feature, but they might still change file names in an informative way. This is also useful in finding what language the video is, or codecs info, or release info.

This has to stop-Reality.

"The research and motivation for this is important. If peer to peer networks can be subverted, then they have lost their usefulness. IMO, the sharing of copyrighted data is unavoidable, and sacrificing the freedom of a protocol in an attempt to prevent it is shortsighted."*

Which one? There's two different P2P networks. There's the one that by design gives you the benefit of bandwith sharing. And there's the other one that gives you anonymity, and bandwith sharing is just a side-effect.

The first isn't really in danger (except from the naive) because any material on that network can be persumed to be in the legal clear. e.g. Linux iso's, permission granted by the copyright holder.

The other however is the one that is being threatened moreso, and needs a "reputation"[irony alert] in order to continue functioning.

So no the protocol really isn't what's in danger, but the continuation of an illegal activity.

*Oh I should point out that by your argument HTTP could be considered "subverted" and therefore has "lost it's usefulness".

--
The "are you a script" word for today is sketchy.

Can this system work on ./ ?

[fundflow]

This may automate the reviewing process

Re:Can this system work on ./ ?

[evilviper]

Go visit kuro5hin.org and see. Collective editing means lowest-common-denominator stuff gets to be the most popular.

I completely agree

[Silkejr]

Man I wish I had some mod points right about now cause I'd definitely mod you up.

Still an issue with "hit-and-run"

[Kjella]

1. Mark a bunch of good files as good
2. Mark your bogus file as good
3. Spread your vote list on zombie network
4. Your votes corrolate highly with "good files", and there's no counter-votes by others (yet)
5. Trick lots of people to download it (the rating goes to shit eventually, but...)
6. New bogus file. Goto 1.

In addition, you have an issue with semi-good files. What if the encoding is flawed, should you mark it as bad or good? Either case can put you at odds with the general opinion.

Third, you have an issue with files trolling for incorrect votes. Create a "non-obviously" bogus file, which some people will mark bad, others good. You'll create a lot of conflicting votes and "noise" in the system to make attacks like above possible.

Kjella

Re:Still an issue with "hit-and-run"

I think the point is that your rating will go to the dogs after you do that the first time.

It won't go up again and no one will listen to your opinion anymore. Except those who happen to share the same opinion i.e. the songs you have marked as good are in actual fact good.

So you and the RIAA will be in agreement but most others will disagree and rank you low...

Re:Still an issue with "hit-and-run"

[evilviper]

1. Mark a bunch of good files as good
2. Mark your bogus file as good

That would still have more of a positive effect than a negative one. That one file will be marked-down very quickly, and ignored. It's not like causing people to download one bad file out of 100 is doing any real harm.

In addition, you have an issue with semi-good files. What if the encoding is flawed, should you mark it as bad or good? Either case can put you at odds with the general opinion.

You have a good point there, but this could be fixed by either a more fine-grained voting system, or just a written policy saying something like "low-quality/damaged files, that don't say as much in the title, should be marked as "'BAD'".

Create a "non-obviously" bogus file, which some people will mark bad, others good.

That would not work for the RIAA/MPAA. Right now, they deliver complete trash and no content. If they, themselves, were delivering parts of movies or music they own the copyright on, that would essentially be them giving away that content for free, forfeiting their copyright on that segment of content.

Absolutely no chance they would ever do that.

Huh

[TCM]

Who actually searches for files in the P2P client? Normally you visit some site where the releaser himself posted a torrent or an ed2k link and you download that.

I can't remember the last time I actually searched in eMule.

Re:Huh

[gothfox]

First, Bittorent is not a P2P network. Visiting "some site" is the only way to find torrents, because no other way exists, as torrents are not interconnected.

Second, for P2P networks (like ed2k), searching in the client gives more accurate statistics on real file availability to you, based on the servers you are connected to, overnet information, etc.

Re:Huh

[akepa]

Well, I search in eMule all the time. I find it to be much easier and more efficient than scouring a hodgepodge of websites to find what I want. And I consider BitTorrent's lack of a search feature to be it's biggest flaw.

Re:Huh

[zaguar]

http://www.torrenttyphoon.com/

Merry Christmas

Re:This has to stop

[cliffski]

couldnt agree more. P2P is superb stuff, and has all kinds of legit uses, but to pretend that its not 95% used to download copyrighted music and movies and thus save a few bucks is just denial.
There are far too may slashdotters who reply to any article on copyright with "get with the system dude! copyright is over!" usually they seem to be 13 year old kids who dont understand what its like to have your income and career based on developing electronic products.
Do people really think that Lord of the Rings deserved to sell just 1 copy, to the p2p hacker who ripped it?

Litigation index

[xixax]

Can this also be used as a metric for the RIAA and MPAA to decide which people to take legal action against? Go for the most trusted, most highly rated individuals and take out the most influential (central? critical?) nodes. In the same way that cliques of poisoners would stand out.

Xix.

Re:Litigation index

[interstellar_donkey]

I thought the same thing, but ultimatly I would hope that a user (or a particular version of a file) would be ranked on a level of credibility independant of any other identifyable attributes.

So, for example, file X is posted to a file sharing site by user XYZ123, (which would use a unique identifyer as the username stored in the p2p client.) As file X reaches more shared directories across the Internet, so as long as it's unmolested and unchanged, the credibility lended to the file by the initial user who put it up remains intact withen the index for that particular file, while the actual ID of that user is thrown out.

And of course, at no time is any inditifyiable information about the highly credible user who first put the file up associated with the file itself. The rest of the network only knows that the file was initially offered by "a very credible source", but not who that source is, his user ID or his IP address.

Monitoring or "rating" the credibility of any one particular user is done on the server side, with the associated unique user ID of the file orginator attached to the file in the index, which again only looks at the user id and is compleatly independant from the originating IP of that user.

So, if for some reason the data in the index gets into the hands of a litigious party, the only thing they have to go on is the user IDs which aren't associated with any real, solid identifying attributes.

Upon knowing that the index had been comprimised, the client could automatically be informed of this when logging on to the index server and change the random user ID to something else, then broadcast the new user ID with the last known (to the client) level of credibility. The index server is then told that a new user has logged on who has in the past offered a particular level of credibility, without having the knowledge of who that person is or with what files they used to gain that reputation.

The major downside to this, as I see it, would be that it places a signifigant burden on the indexing server, as now it not only has to determine who is sharing what, but the credibility and anonymous source of that credibility for each of the millions of unique files on the service. Also, with all that data stored on the server, whoever opperates the physical machine could easily become the focus of various lawsuits.

Either way, it's a tough nut to crack to keep a record of the reputation of individual users and files while keeping thouse user's identity private.

Re:Litigation index

[Basje]

In short: upon installation, a keypair is generated. The public key is distributed with the votes, the private key is used to vote.

Good idea. One downside: when there's a reinstall, the keypair is regenerated. But as this system is dependent on lot's of users, this will be negligble.

Re:Litigation index

[Mind+Booster+Noori]

The major downside to this, as I see it, would be that it places a signifigant burden on the indexing server, as now it not only has to determine who is sharing what, but the credibility and anonymous source of that credibility for each of the millions of unique files on the service.

You can have ranking and anonimity without burden on any indexing server (you can even don't have such a server). Check GNUnet on that...

Re:Litigation index

[evilviper]

Go for the most trusted, most highly rated individuals and take out the most influential (central? critical?) nodes.

No, you don't rate individuals, you rate FILES. Specifically, the SHA1 checksum of the files.

There's absolutely no reason it should be rated by individual, rather than by file.

The RIAA could sue the people sharing the most legit files, but that's pretty much exactly what they do now, and this system won't make that any easier.

Yes, but...

[Vo0k]

First, you can't see the ratings in the search window. You must start downloading and only after connecting to some peers and starting the download, ratings start to appear.
Second, if you want to leave a rating of "Fake/Bad" you still need to host the file. Thank you very much, 2.5GB of gay porn just to tell people it is not really SWIII-ROTS-DVD_QUALITY.AVI - only malicious seeders of these files will retain the description ("Great quality! Not Fake!") and everyone else will delete the file after downloading - and stop spreading the rating.

What I like though is that you can give a description explaining WHAT is wrong with the file. Say, I started downloading LOTR-ROTK. After a while I see red icon: "bad/fake". So I read - Oh, yes, some idiot is spreadtng FOTR DVD edition, misnamed as ROTK. But I have the Fellowship only in the cinema screener with spoilers. So I just continue and end up with something different I had intended, but in the end something I like. It also allows for describing the file accurately - "VHS quality", "Heavy rip, all sound missing" or such.

RIAA

[mynickwastaken]

So, RIAA is doing Filesharing. Somebody sue them.

Re:This has to stop

[utexaspunk]

Do people really think that Lord of the Rings deserved to sell just 1 copy, to the p2p hacker who ripped it?

There was a time when home video didn't even exist, and yet movies still got made. After their initial run in theaters, movies would only be shown every now and then on tv late at night. They were basically filler programming for what would have otherwise been dead air. One might even argue that the average quality of new movies has been on a steady decline since then.

Just because I can package something for individual sale and ask people to pay for it doesn't mean it's right, copyrighted or not. Especially when the producers more than recouped the cost of production long before going to video and that copyright is going to be extended ad infinitum.

Why is that AC post modded "Troll"?

[Travoltus]

I disagree that these scientists are breaking any *legitimate* law, but if you accept as a premise that they are, then they are in fact breaking the law using taxpayer dollars.

Instead of modding that down it should be modded up so more people can discuss the ramifications.

Do we allow taxpayer dollars to be spent on civil disobedience? On that issue, I am very unsure.

Re:Why is that AC post modded "Troll"?

[rbarreira]

Don't feed the trolls...

Re:Why is that AC post modded "Troll"?

Because it is a troll, and it's annoyingly written in a pompous tone by someone trying to give the impression they have a better language skills than they actually do.

Cutting through the crap, all it says is "I don't want my tax money to pay for this research.".

They are not breaking any law. Nor is there any evidence that it's being financed with taxpayer money. So it's just a load of bullshit.

Re:Why is that AC post modded "Troll"?

>Do we allow taxpayer dollars to be spent on civil disobedience?

Um, is there any indication whatsoever that the Credence project was supported with taxpayer money?

Hate to rain down on your rant-parade, but not all university work is funded by the (American) taxpayers. In fact, increasingly less so under the current administration. There are many companies that support research, and on occasion, professors and students will devote unpaid hours towards projects.

So, unless you know something specific about this project's funding, take your rant and ... well, find some other topic to troll.

Re:Why is that AC post modded "Troll"?

[spood]

Cornell has a few state schools, but both the Arts and Engineering schools are private. My CS degree was in Eng, my big brother's was in Arts.

I very much doubt this research was funded with a federal or state grant.

Re:Yeah. This pisses me off alot. I had the idea t

Good, get your shit files, load up your computer with trojans, and then do us all a favor and fuck off.

Won't work

Creedence Clearwater Revival will sue to stop this project from plying on their good name. Maybe this is the thing that brings the band back together.

Thats a falsehood

[NigelJohnstone]

"If you look around you see this absurd childish opposition to any kind of laws that enforce copyright,"

Thats a falsehood, the exact opposite is true. The high tech community is busy making all computers locked down with DRM to make big money from the *AA....erm... protect copyright for the *AA.

The backlash is against that, the idea that we can't make anything that MIGHT infringe copyright.

Here p2p is a good example of a corrupted data pool, it could be any body of deliberately corrupt data. Slashdot itself could improve its moderation system using this. But because you're so hung up on protecting copyright, you would prevent these guys looking into the problem?

Re:This has to stop

[Durzel]

Actually their research is valuable from a holistic point of view, and I'd argue that it is the MPAA/RIAA that is subverting P2P by doing what it's doing.

People who download music and videos illegitimately may be breaking the Law, but they are not subverting the P2P mechanism by doing so. The MPAA/RIAA are, and this represents a bigger technological obstacle to P2P as a medium than illegal files do.

This research attempts to address "the problem" of a single entity being able to corrupt the P2P mechanism and dilute confidence in the files on it. It could equally be a disgruntled ex-company employee or a rival company who could pollute the files of another entity for its own ends.

Setting a precadent

[gallondr00nk]

Despite everyone's views on the use of p2p networks, isn't it a dangerous precadent to set to allow these companies to steamroller over *anyone* who dares share copyrighted material. Is living in a DRM world where consumer rights are constantly reevaluated as to give us the least amount of enjoyment and freedom from our purchases worthwhile? It doesn't matter *who* these p2p sharers are, isn't setting the precadent of removing consumer rights by DRM (to copy, rip, burn for backup etc.) far more demeening and indefencible?

Re:Setting a precadent

[interstellar_donkey]

It is. No matter what, people are going to find a way to share copywrited material against the wishes of the copywrite owner.

All DRM will eventually accomplish is placing so many restrictions on the free, personal and moreover legal use of owned materials that consumers will find it's actually much, much easier to possess illegal copies of various media then purchasing them.

I may spend $18 on a CD because I want to own the music on it, but if it turns out that the CD won't play in all of my players and it's impossible for me to rip tracks off of it to make a legal 'mix tape', it doesn't take a brain scientist to figure out I'm going to bypass the tedious process of purchasing the CD and find the tracks I want online, with which I can do with whatever I want.

Good business thinking would suggest that if your sales are slumping, pissing off your remaining paying customers is probably not a good idea.

Re:Setting a precadent

Well, you are stupid, but consistent: The word is "copyright".

Re:Setting a precadent

[interstellar_donkey]

Spelling error noted. It's the only way I'll learn. But why'd you have to call me stupid?

The "skillful" art of Hijacking

The MPAA / RIAA (or MPA / RIA as known internationally) and sister organizations are on a rampant -- a 'Shopping Spree' of sorts...

Which is why it is so critical to 'intercept' the cartels (which is illegal by definition) from the "games" they play. It is important to be able to recognize the games, and put and END to them.

The cartels (BSA, RIAA, MPAA, etc, etc, etc) are not separate entities, but "ONE" organization. Their 'networks' extend and reach into every nook and craney of our civilization, and have been doing so for centuries at least. These cartels have an extensive history of overthrow and corruption -- having infiltrated the highest levels of society and government.

These seamingly 'separate' groups, actually are a single entity through centuries of inter-breeding. Their tactics have been extensively and thoroughly documented. Being able to identity them and their acts in the key to preserving your rights.

>>>>>>>>>>>>>. A particular weapon of choice these Cartels employ, is a category called "mind games." The LAW, which is based on human language, is naturally subjected to "interpretation" and manipulation. The reality is such that LAWS are essentially POWERLESS, if it were not for the support of 'police' enforcement. This is true of all nations. Enforcement is through COERCION (by physical, economic, psychological, and whatnot) and BRIBES (kickbacks, "mutual assistance", etc).

Hand in hand with the above methodology, the 'cartels' have also employed a "classic" technique often seen in "magical acts." For those of your who know a magic trick or two -- the key element is "Deception by Diverting the Audiences' Attention Somewhere Else" while you do your 'trick.'

And this is exactly what has happened and are currently witnessing.

And this is the "Moral Abuse" on the people. The Western world, or the entire world for that matter, holds in high regards for "doing the right thing" and shunning "acts of evil."

By repeatedly POUNDING over and over and over again, into peoples' heads that file sharing, 'public showings' of music/video, and P2P, etc --- is STEALING --- what the CARTEL has effectively archieved, is the weakening of the person's moral fibre and their ability to defend themselves.

So what we have is "guilty WITHOUT the need to be PROVEN guilty." Henceforth, currently over 12,000 "lawsuits" and EXPONENTIALLY escalating WORLD-WIDE to rediculous numbers.

>>>>>>>>>>>>>>>>>> What the MPAA / RIAA "forget" to mention to address is the issue of whether or NOT they have the "right" (in its truest and purest form) to lay CLAIM to the "works of art" in question (whether music, literature, movies, or "ideas").

Because when you look at history and precendent, you will see that EVERY SINGLE 'work of art' has precedent and DEPENDED on PRIOR 'work of arts'. Not a single musician, producer, artist, intellectual, or any person for that matter, can claim they "created" it ALL ON THEIR OWN WITHOUT having learned and prospered from OTHER people's prior works. Not a single person, not a single ground of people, nevertheless a superficial cartel can possible lay TOTAL CLAIM of a "work of art" as ONLY theirs alone -- to do whatever they wish and to use as a tool to persecute people with.

Even the instruments and tools used to 'create these works of art' are the DIRECT influence from DIVERSE AREAS of the world --- with each nationality, each tribe, each person contributing, whether a lot or a little. Take for example the GUITAR and VIOLIN, which are the "classical" and "traditional" musical instruments in EUROPE --- But, did you know that the Europeans BROUGHT THIS OVER FROM THE MIDDLE EAST during their centuries of religious conquest. Heck, many many words in English are Arabic in origin. The same is true with Science and Technology, with the West originally benefiting from the knowledge and experence of the East -- only to later surpase the East, in wh

Re:Yeah. This pisses me off alot. I had the idea t

[BarryNorton]

Where are "your props"? Learn to speak English, build a credible research basis (which may involve taking research training in the form of a PhD, and which will definitely involve implementing prototypes), and then publish...

Usefullness?

[zaguar]

All of the stuff that the RIAA/MPAA copies/dupes/fakes/places on P2P networks such as Gnutella is illegal, and yet these university students are actively attempting to fix this problem?

Isn't there a better use of University research time than wasting it on programs attempting to make it easier to perform illegal acts?

Re:Usefullness?

[interstellar_donkey]

You're assuming that everything done on a P2P network is "illegal", and everything done by **AA members is "legal".

Granted, the bulk of file sharing going on on these P2P networks is the sharing of copywrited files without the permission of the copywrite owner. However, that does not preclude the many legitimate uses for the services.

As it stands, there's nothing to stop the RIAA from posting bogus files of a popular MP3 recorded by a non RIAA member studio who encourages the sharing of the file they own the copywrite to. If non RIAA record companys start to find that allowing the free exchange of music to be a marketing technique which ultimatly yeild more profits (which some are doing, and it's happening more and more each day), I wouldn't put it past the RIAA to try to sabotage that with underhanded tactics.

Considering the ethical track record of record companies for the last 50 years, suggesting they would start to employ subtrifuge and trickery to hurt comptition--especially when that compitition threatens their triditional marketing and distribution channels--is not an unreasonable idea.

File sharing of mp3s may technically be illegal, but the companies who are combating it are immoral and unethical. A research project such as this might make it easier to perform illegal acts, but its ultimate utility lies in dismanteling dishonest and unethical practices by the RIAA et. al.

And that is a very worthwhile thing.

Re:Usefullness?

[Mind+Booster+Noori]

Isn't there a better use of University research time than wasting it on programs attempting to make it easier to perform illegal acts?

Their research isn't about making easier to perform illegal acts, is about solving the spam problem on Gnutella.

Re:Usefullness?

[badfish99]

Not all university research has to be immediately useful. Students can learn a lot by simply picking a hard problem (like this) and trying to solve it.

Another problem that the students might like to ponder is this: should there be unenforcable laws against copying music, and if not, how could the music industry be profitable in the absence of such laws? An answer to that problem might be really useful.

Re:This has to stop

[wilsonao]

"Just because I can package something for individual sale and ask people to pay for it doesn't mean it's right, copyrighted or not." Hi, this is reality talking, we'd like to know where you could have possibly formed such a delusional idea that people don't deserve to sell the things they made. I guess I will just go over to McDonalds now and grab a big mac without paying. I don't think it's right to pay and I haven't eaten for about 2 hours, so why should I have to pay?

No need to check user comments....

[KiroDude]

What I usually do (I'm using aMule) is to verify the "file description" tab. There you have the filenames that are given by different people on the network. So if you see 3 or 4 different names for the same file, it is usually a fake. And this goes for every type of file, not only music/films. You can also do a "check fake" and it will redirect you to a site where information on fake files is kept more or less up to date.

Not entirely correct

[EireannX]

I believe the parent to this had a lot of sarcastic wit in its invention, but there are serious uses for this.

Imagine a P2P network where there were no restricted copyright files. So all content on this network is released under a distributable licence or is public domain.

Say I am an avid astronomer. When I go looking for star charts and the like I will be rating up accurate astonomy papers and the like and rating down material that is based on astrology, which may have similar descriptive terms. My search results will closely align with other astronomers who have similar interests to myself, so in effect we will filter for the material we are interested in.

At the same time we will be voting down astrology papers, which people interested in astrology are voting up. Those with interests in astrology will have made their searches more relevant through this feature, while filtering out the 'noise' of astronomy documents.

There would also be two other sets created, documents neither group voted up, which may have nothing to do with the topic or may be spam or corrupt. And there would be items that both groups voted for. These might be very accurate star charts for example.

If I were a music fan and I enjoyed dance music, listening to every free act available to select stuff I like could be a painful and time consuming experience. However as the rating system learns my preferences it can direct me to songs that people of similar tastes have enjoyed. And by my rating them it may further align me with people of similar interests, beyond just saying we are say, trance music fans. On the other hand, I could always just download some lower rated stuff to broaden my horizons, so that option is not taken away from me. This also avoids the current music selection method of 'whatever we throw marketing dollars at / buy radio airtime for' and songs will have to sink or swim based on their own quality to a given group. If Sony have a botnet rating up their latest release (assuming they release some songs on a free distribution network to get more buyers) and the music isn't up to scratch, the botnets opinion will fade from relevancy in the human listener groups.

The particular strength of this system though is the ability to filter out spam and other junk. Your botnets that are misrepresenting say an audio advertisement file as the latest song from some rap artist will very quickly become its own community. Further because people have hopefully been 'categorised' as more than just rap fans due to subtleties in tastes, it would be very difficult for a bot net to align itself with all rap fans to infect the network with the spam.

Further if you are a person with strong beliefs, whether it be religious, political, gender-based or parental concern, if you rate items on the network according to what offends you and what doesn't, you will align yourself with people of similar mind and will avoid being 'offended'. When someone decides to be funny by posting photos of dead soldiers as 'rabbit pictures for children' because the are being funny (and I knew people who would have thought that hilarious in college, so people with that kind of dementia do exist) would either never make it into the 'concerned parent' rating group, or would have their credibility with that group shot quickly.

It also protects against censorship, because instead of 'offensive to most' posts being erased, they would simply be rated out of existence within thoise circles, while being rated highly in circles that appreciated that line of reasoning. So your conspiracy theorists or anti-establishment groups eg EFF could not be rated out of existence by bot-nets.

And for the true seedy underside, your terrorist or paedophile cells, only included because if I don't I could be attacked for advocating them, it actually would create clustering of people of such mindsets, which should make it easier for enforcement to identify them if they are doing their job right.

So...

[msormune]

the article clearly states p2p networks are being used to pirate warez and RIAA is just trying to make it a little harder by introducing bogus files. This is really shocking. Gonna spank my hamster now.

This modding down has to stop

[gorim]

Too bad he wrote as AC, but he has one of the most insightful points of the entire thread, an entire aspect that is overlooked.

The basic premise of the slashdot story is how cool it is that researchers are defending the acts of people to trade in uncorrupted *illegal* file trading.

After all, it seems the most if not all corrupted files are ones that, if they weren't corrupted, would have been illegal to trade anyway.

I think the RIAA and MPAA are scum sucking pigs who need bacon carved off their arses and handed to them. Still, I also think their concern about massive illegal fileswapping is legitimate, even though the leaders of their respective industries are the ones truly responsible for raping their own artists...

Re:This modding down has to stop

[rbarreira]

Don't be an idiot. Read his second paragraph. He's clearly a troll!

Too bad he wrote as AC

Yeah, trolls almost always do.

however Re:You can already tell

[leuk_he]

except that a lot of downloaders are too lazy to remove the fakes from their downloads (as seen on kazaa) so the fakes come from all over internet. It get even worse for files you cannot determine their validity during the download. They are availabel from the peers that share only a small part of the file.

ip filtering is a loosing battle.

However this credence thing will only be useful if a large enough percentage of the users uses this. And even then credence can be discredited (on a limited scale) by voting robots.

Re:however Re:You can already tell

[IpalindromeI]

If only LoseNotLooseGuy had not abandoned us, this tragedy may have been averted.

Another for the RIAA/MPAA Tool to use...

[Kamiza+Ikioi]

The system seems like a tool to use against the RIAA/MPAA to block pollution efforts. However, then the other shoe drops, and the RIAA/MPAA has a tool to target the highest ranked nodes/cliches/people. No longer do they need to figure out how many files you have.

They just have to find one file, extrapolate your rank to the average system rank, run a few numbers (and maybe a few inflated costs in there too), and bam... for sharing Happy Birthday To You.mp3, you get slapped with a $1 million infringement case because you happen to rank as a very high legitimate link.

On the other hand, this might be benefitial to take the heat off of the majority of the file trading community that honestly is NOT costing them any money. They don't need to target the casual "weekend downloader", who's rank should be significantly lower (being a new node on the network) than some guy with 4 160GB HDD's of the latest releases to theater and DVD. Nobody feel sorry when these guys (or gals) get busted. When 14 year old choir girls get busted, there is PR hell to pay. This system allows them to do that.

Didn't RTFA, but that's my first impression. A use to boost network quality, a use to increase (not decrease) the reach of the **AA's, and a use that may help both sides.

"Every tool has at least 2 completely unassociated uses. A spoon can serve food to your mouth, or gouge the eyes out of your enemies." - Me

Re:Yeah. This pisses me off alot. I had the idea t

[WoodieR]

Yes, one would like to think that some of these goofs out there - though smart enough to download, would also have heard tell of anti-virus programs and STOP sharing the infected crap / clean their systems occasionally ...

Even on a copyright-friendly p2p system

[Julian+Morrison]

...you still have to guard against vandals, virus spreaders, reputation poisoning attempts by unscrupulous rival operators, and innocents whose files have been trashed by coincidental factors eg: a failing hard drive.

Don't be too smart!

In fact, it seems the system is even smarter than that - it can take votes from people that are strongly uncorrelated with you and use that as negative information.

No, you can't. Imagine this: The RIAA posts a lot of bogus files and rules Thumb Up. You now use this Information to rate files bogus.

Now some file named "TittneySpeasFullyNaked.mpg" comes out, which is *not* bogus. But the madam couhht real naked has enough $$$ to make the RIAA dummy accounts to vote Thumbs Up for this file, such that you, the one, who uses the nagative rating of them, will never see this file, as it must be bogus.

Thus, don't try to be too smart. Stick to the people you trust. As you even cannot trust those you don't trust that they never vote trustworthy.

-Tino

It's even simpler than this...

[Linker3000]

Just start downloading/sharing a 'blockbuster' and if you get a cease and desist email from a law frim, forwarded to you by your ISP, you are downloading 'the real thing'.

Re:Yeah. This pisses me off alot. I had the idea t

Wait, you want to build a reputation system based on \.'s? You must be new here.

Re:This has to stop

[badfish99]

There are lots of precedents for academics subverting what the business world wants to do: look at the GNU project, for example.

Businessmen make money by selling things, so their priority is to keep the supply of whatever they are selling (music, videos,...) under their control and to limit the spread of information in order to keep it rare and valuable.
Academics make money by having a reputation, so their priority is to do things that maximize the spread of information, because this boosts the reputation of the author.

In regards to legitimacy of P2P

[mitcheli]

Couldn't help but notice that WoW uses a P2P engine to spread it's patch cluters from user to user. So if we just go and make P2P illegal to stop the piracy since "that's the majority of its use". Then we're going to be mucking up some other more serious business models like WoW.

-- Just a thought.

Sure it is...

[Kythe]

Since the inalienable right to maximum profits is found right there in the Constitution, anything that gets in the way of maximum profits (thereby denying you your riches without limits) must, by definition, be "theft". QED.

Downside?

[Luveno]

Will this make finding CCR on P2P harder?

Evidence?

[venomkid]

"As you can see, your honor, according to a ranking system on the pirate file-sharing network, the accused had a high rank for carrying real, pirated files."

No, thank you.

vigilante tactics

I don't know why ppl would be against shoring up the p2p phenomenon. The RIAA is making obvious weaknesses with P2P, shutting them out - even if they're only contaminating the pool of pirate material can only be a good idea. What's to stop them from anonymously screwing with non-RIAA competetion or others from spreading garbage with similar tactics when noone is expecting it, like slipping advertisements into media for viagra.

Re:This has to stop

Are you too stupid to know the Time Cube [timecube.com]? Dumbass!

That site sucks. Do they know that font sizes go below 72pt? I didn't even bother to look at the crappy content because the (lack of) design was ugly and unreadable. (And it sounds really lame and wrong anyway.)

Re:This has to stop

[utexaspunk]

that's not a fair analogy. here's a fairer one- McDonalds, through the magic of science, creates a machine that can produce a Big Mac out of thin air at zero cost. The development of this machine cost 10 million dollars. They have since sold a billion hamburgers for $1.00 each. People are now starting to get upset that they're charging $1.00 for something that costs them nothing to make, and whose capital investment they have long since recouped. How dare they!?

Re:This has to stop

[towaz]

I very much doubt that the people downloading lord of the rings never actually bothered to pay for it later.

Most people I know download the movie instead of watching it in some overpriced cinema, in the case of lotr. I after went to see the last two in the cinema as the first was impressive.

I'm sure most people here on slashdot have also downloaded the movies... but then went out and purchased the super super incredibly stupidly long lotr edition on dvd.

Same happened with Sin City, was a good pirate, went again to the cinema as it was kick ass and will be sure to buy the dvd.

On occation I would download films that I would not even consider purchasing a cinema ticket or dvd for.

Heh they are so many films on sky movies that I would not normally watch.. I'm not going to run out and buy the dvd just because I decided to watch the film.

where is the loss of profit?

If its good I pay.. if its shit they should not expect money for trash.

Hmmn...it doesn't seem that hard to avoid them

I use limewire, and I assume they are referring to those files that are about 106kb each that come up, regardless of what you're searching for. Like if you search for 'peanut butter apple monkey', you will possibly get peanut_butter_apple_monkey.mp3 up on the list, as a 106kb file. (I don't know how or why, I've just noticed this)

I for one never download those files, because I am rarely downloading anything that SHOULD be 106kb, so I leave them alone. If I'm downloading something that should rightly be 2 or 3 mb, then I'll not download files that are significantly smaller or bigger than that. Hence, I don't see why they need to create a system for this- I just assumed that people would get wise to it after a while.

This has to stop-BlockBuster

Gee. It's good to know that we have this invention known as a Blockbusters, so you don't have to go out on an ethical limb.*

*Or do people not even try to stay off them?

They (RIAA/MPAA) have a different goal.

[acomj]

They don't have to stop piracy completely, they're trying to make it more difficult for everyone to find what they want when they want it. And thereby push people to use pay services.

Take Napster. They hated napster, because everyone used napster, the selection was fantastic, and it was easy and fast.

If the RIAA can break the piracy up into smaller "p2p" networks it becomes more difficult to find want you want instantly on the different networks. Scare some of the big sharers off and its even harder to search.

All of a sudden 99 cents seems a nice price versus hours of searching. Steve Jobs noted when he released itunes, they had to make it easier/faster/more reliable/better quality than the free networks. They couldn't compete on price, (unless you count time).

As someone who is pretty busy(instert slashdot reading joke here) 1 dollar a song seems fair. Now if they'd make TV shows and other content available, things would look up.

This has to stop-Term limits

Unfortunately, for you. Reality shows just how false your premise really is. The majority of the material on P2P networks is stuff that came out recently. That's also why all those arguments about copyright being too long are irrelevent, because anything shorter wouldn't make a difference as far as what people are actually doing.*

*The whole argument sounds like a "If she hadn't dressed like that. I wouldn't have raped her." type of blame that's favoured around here. e.g. "If the RIAA/MPAA didn't make their material look so good? I wouldn't have illegally downloaded it."

Re:This has to stop

[jamienk]

I am outraged at the idea that my tax dollars might be going to fund technologies that would subvert that very economy and lead to the downfall of our technological dominance.

On the contrary, our tax dollars are going towards subsidies for industries whose business models depend on a market that no longer exists. When distribution and reproduction were expensive, you could make a lot of money in the IP racket. Now that distribution and reproduction are pretty much free, our taxes go towards:

• New laws and law enforcement whose goal is to increase the costs of distribution and reproduction
  
  
• Direct taxes on blank media
  
  
• Public airways/Public space polluted with spreading pro-dying industry FUD

As for technological dominance, gigantic potential economies are now suppressed in the name of protecting IP. And the curious, innovative, bravest, and smartest among us are systematically repressed to feed a petty, bullshit propaganda machine.

You, sir, are only a small bead of the slimey, glistening discharge of the cancer that has inflicted the youngest, most promising child of our culture. But you respond well to simple salves.

CCR has more E's

[tepples]

Will this make finding CCR on P2P harder?

No. Either search for "Creedence" (intentionally misspelled in the name of the band) or search for "Clearwater Revival". Or just look for the bathroom on the right.

No

[AntiCopyrightRadical]

This is a simple case of resarchers finding a way to make it easier to fulfill our basic right to copy.

Distributing a file on P2P might be illegal, but it is not immoral. This project is every bit as valid as anonymizer systems that let people in more oppresive regimes communicate illegal ideas.

Many problems, same solution

[fulldecent]

The most effective way to filter undesirable content including:

• Bad P2P files
  
• Spam
  
• Trolls on slashdot
  

Is to have a trust network.

One way to set up a trust network is activly. That means you make friends and trust them. This is like PGP. And is very effective for strong whitelisting.

Another way is passively. This includes looking for low-quality posts on slashdot and foe'ing them. People who care to make high-quality posts, in my oppinion, care enough to have high-quality-posting friends. Anybody who wants to can benefit from this by friending that person, and then +3 friend/friend-of-friend.

Sidenote: this is great because you can +3 trolls to find them and then foe them. It's fun to find bad content once in a while since I can ban it from then on.

---------

<New idea>
However, what has not been implemented yet, is an automatic friending mechanism. This is where you mark content as good or bad and the trust network is automatically updated based on how you trusted that file in the first place. This is more difficult to implemently as the wrong parameterization can easily lead to abuse of the system.
</New idea>

Re:Many problems, same solution

There needs to be some serious considerations to issues like this, including good implementation, in order to make p2p networks anything like the c2s ones.

So...

When can we expect this for the slashdot editors?

Clearly...

[game+kid]

...you were midgOWNED!!1 Gotta love those fakes.

This has to stop-Reasonable Discussion.

"On the contrary, our tax dollars are going towards subsidies for industries whose business models depend on a market that no longer exists. When distribution and reproduction were expensive, you could make a lot of money in the IP racket. Now that distribution and reproduction are pretty much free, our taxes go towards:"

Distribution and reproduction aren't the only costs. Why does your side keep ignoring that?

"* New laws and law enforcement whose goal is to increase the costs of distribution and reproduction"

So you basically want selective enforcement of the laws? Are you sure you want to go down this particular slippery slope?

"* Direct taxes on blank media"

Agreed, but then I'm not certain why people believe that actions (illegal copyright violations) shouldn't have consequences (DRM)?

"* Public airways/Public space polluted with spreading pro-dying industry FUD"

Another slippery slope. They're paying for that airtime, much as religion (another hated group) pays for their broadcasts.

"As for technological dominance, gigantic potential economies are now suppressed in the name of protecting IP."

Only if you *assume* that MegaCorps are the only benificiaries of IP.

In the parlance of our times

[M.+Baranczak]

Cop 1: I wouldn't hold out much hope for the stereo, though.
Cop 2: Or the Credence.

http://imdb.com/title/tt0118715/

What outrage-Asking for money.

"With laws like the Sonny Bono copyright extension act, outrage is entirely warranted."

The prblem with the "I download because of the Sonny Bono Act" argument is that pirates have made it a known fact that they'll distribute the minute (if not before. the latest SW's) it becomes available.

"Furthermore, I have no sympathy for those companies; as far as I'm concerned, a lot of their copyrights are unjustifiable."

"Unjustifiable"? You might want to think through the ramifications of your position. Starting with ditching the "copyright is only about the RIAA/MPAA" attitude.

Re:What outrage-Asking for money.

[cahiha]

"Unjustifiable"? You might want to think through the ramifications of your position. Starting with ditching the "copyright is only about the RIAA/MPAA" attitude.

Believe me, I have: the problems with current copyright law go far beyond RIAA/MPAA. Copyght should be far more limited than it is right now; that's even more important for books and other content than music.

The prblem with the "I download because of the Sonny Bono Act" argument is that pirates have made it a known fact that they'll distribute the minute (if not before. the latest SW's) it becomes available.

I don't see a "problem". The Sonny Bono Act should provoke outrage, but obviously, many people disagree with current copyright law beyond what the Sonny Bono Act contains. The real question is why we should continue to have copyright laws that so many people obviously don't want.

Re:What outrage-Asking for money.

"I don't see a "problem". The Sonny Bono Act should provoke outrage, but obviously, many people disagree with current copyright law beyond what the Sonny Bono Act contains. The real question is why we should continue to have copyright laws that so many people obviously don't want."

Well first I don't think that the "obviously don't want" contingent is as large as people think. Just more vocal. The proof is in the growing crowd of people using legal download services like iTunes.

Second you're making the assumption that the "obviously don't want" contingent is doing what they are for alturistic, instead of selfish reasons.

"Believe me, I have: the problems with current copyright law go far beyond RIAA/MPAA. Copyght should be far more limited than it is right now; that's even more important for books and other content than music."

The pont being is that copyright isn't just for the big corporations. It applies to the small guy running a webcomic, or publishing a story.* Focusing on just the big guys leads to a crippling myopia that's not conducive to a viable solution to what's a real problem.

*and yes, YOU could be one of those "small-guys" in the future.

Re:What outrage-Asking for money.

Second you're making the assumption that the "obviously don't want" contingent is doing what they are for alturistic, instead of selfish reasons.

I make no such "assumption"; in fact, I fully believe that they do it for selfish reasons. Their reasons don't matter for the observation that their views on copyright obviously differ from the law.

Well first I don't think that the "obviously don't want" contingent is as large as people think.

The surveys and studies I have seen suggest it's the majority of Americans.

The pont being is that copyright isn't just for the big corporations. It applies to the small guy running a webcomic, or publishing a story.* Focusing on just the big guys leads to a crippling myopia that's not conducive to a viable solution to what's a real problem. *and yes, YOU could be one of those "small-guys" in the future.

I already am one of those small guys (publishing about a dozen articles a year). Cutting copyright protection to 20 years after first publication, together with liberal "fair use" provisions, would be no problem for me and shouldn't be a problem for any "small guy" as far as I can see.

Human review is still the best way...

[holiggan]

Like someone mentioned, there is a much more efective method in sorting out the bad files from the good ones: "peer review". If someone posts on a forum a give hash (in case of eMule), and if a couple of people confirm that it's the real stuff, there is no need for algorithms and thingamajigs like that. If someone tries to sneak a bad one in, it will be easely spoted and exposed. If you still want to search "in the wild" for your stuff, there are a couple of sites that keep a "fakes database", and it's pretty easy to check a given search result against those databases.

This aplies to emule/edonkey networks, since it's the ones that I.. er... read more about... in a book... cof cof...

Re:This has to stop

[civilizedINTENSITY]

The GP lost me at casting Cornell as "this superficially respectable University".

Further comment: "As an American who understands the role strong copyright laws play in the knowledge-based economy of today...", but most Americans don't live in the USA. Does strong copy right really help the developing American nations?

You can't put the genie back in the bottle.

[MacDork]

P2P is superb stuff, and has all kinds of legit uses,

Glad we can all agree on something.

but to pretend that its not 95% used to download copyrighted music and movies and thus save a few bucks is just denial.

The same argument is made every time a new technology emerges and it turns out to be wrong every time. Cassette tapes, VCRs, hell, the printing press. Every time it is fought tooth and nail until the distributors eventually wake up to the fact that, "Hey! We can make a lot of money here!" See the iTunes Music Store (iTMS) if you need an emerging example. Personally, I hope the clowns suing children go under permanently because they've really shown their asses this time.

There are far too may slashdotters who reply to any article on copyright with "get with the system dude! copyright is over!" usually they seem to be 13 year old kids who dont understand what its like to have your income and career based on developing electronic products.

Most slashdotters defend copyright, since it is the foundation of the GPL. (And since 13 year olds aren't being excluded by the lawsuits, I'd say they have as much right to voice their opinion on slashdot as anyone else.)

Do people really think that Lord of the Rings deserved to sell just 1 copy, to the p2p hacker who ripped it?

Only one copy was purchased? It was without a doubt available on P2P for free. The only way the content distributors lost money was by not making it available as a paid, burnable download that works... like iTMS does with music.

This will *not* help the cause of P2P

[DoktorTomoe]

1. RIAA & Co. create dummy files for content they have a valid right of protecting.
2. While this is annoying for some P2Pers, it will not affect people searching for legitimate content in the Public Domain or under one of the many copyleft licences.
3. People working on systems to enrich non-licenced content on P2P networks, e.g. copyrighted movies, software or music, are in the long term working to induce a prohibitive legislation not on filesharing of such content, but on filesharing per se.
4. If we acutally want to protect filesharing as an useful, not a criminals tool, we should promote not systems whose goal is to download more illegal material.

Reverse Law Suit

[Crim-Prof]

I always find it interesting how the RIAA and MPAA are able to pollute these networks.

The direct relation could be the Law Enforcement putting out fake drugs.

Both are attempting to reduce the criminality by providing a "fake". The goal is to pollute the network with so much junk that the behavior will cease to exist.

If law enforcement attempted this it would be a violation on so many levels. Why do we as a society allow this to occur.

I myself have never used one of these applications outside of research (I can hear the jokes already) but it plagues me that we allow the RIAA and MPAA to use these underhanded practices.

Question

[Jesus+IS+the+Devil]

Could someone help clarify as to how this system calculates who you are similar to in terms of voting pattern? Suppose I'm a user that has downloaded A, B, and C. Does this mean the system would have to take someone who has also downloaded A, B, and C, and have voted the same way as me to give me an idea if file D is likely to be good?

With so many files, there would be a very small number of peoople that would have downloaded the same files as I have.

Fake Drugs.

One major error in your analogy, while...

fake P2P files = fake drugs
riaa/mpaa != law enforcement

solution: hashed file links

emule

and a good link site you trust.

eg:

example

But users need to find their own link sites, not one linked to above.