Slashdot Mirror
Reputation System Fights P2P Junk
yeejiun writes "Many of the files that are shared on p2p networks tend to be junk. Organizations such as the RIAA and music labels regularly pollute these networks with nonsense files masquerading as real music/video files. These junk files make it difficult for users to find what they want on such p2p networks. Some researchers at Cornell University have developed a reputation system called Credence, that works on the Gnutella network, allowing users to tell the good files from the bad ones."
quit downloading crap off of kazaa/grokster/morpheous/etc. dont trust brittneyspearsporno.avi.mpeg.exe
lameness filter thwarted.
Gotta love the torrents!
argumentum ad fallacium: Fallacy of defining a fallacy which allows one to dismiss the argument in question.
if the RIAA is willing to create junk files, you really don't think they are going to create fake accounts to rate their junk files as "good"? ANY system you put in place that gathers "votes" from users can be manipulated.
How is this any better than Bitzi and its Bitprints, which are already built into popular Gnutella servents like BearShare?
"Our client provides a peer-based judgement that a given object will possess the properties with which it is labeled and enables users to evaluate search results for authenticity before downloading."
Sounds exactly like Bitzi to me...
"Many peer-to-peer reputation schemes have been proposed in academia. Credence is the first practical implementation of a peer-to-peer reputation scheme."
I don't think so.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
If a file appears to by RIAA-affiliated music, treat it as a junk file.
Why bother with music the artist doesn't want you to have? Just forget about it altogether and discover new music, even new types of music that you'd never realize existed, much less that you could enjoy.
Shocking.
I don't know that their tactics are effective - after all, networks like eDonkey|eMule seem to be pretty good at self-policing. But it's amusing to see the undercurrent of outrage in these 'stories'.
We all know damn well why the *AA folks do what they do.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
I like this idea. Media hordes, read as RIAA and MPAA, will constantly try to find technical ways to put the P2P genie back in the bottle.
/. mobs will just mock them.
For every Napster (Kazaa, etc.) they close, another will be spawned. For every fake or intrusive system they create to battle downloaders, another downloading method will be innovated. For every commercial they feature a celebrity crying copyright heresy,
It's no shattering concept there'll never be a checkmate for either side.
Some aim to please, I aim to tease.
Like what Slash does.
I think the main insight and contribution of the system is that the reputation of a peer according to you is determined by whether he/she votes in a similar manner as you.
So if the RIAA starts spamming Gnutella with lots of junk stuff, you will never vote in the same way as the RIAA dummy accounts, and you don't take their votes into account.
In fact, it seems the system is even smarter than that - it can take votes from people that are strongly uncorrelated with you and use that as negative information. So anything these people vote as valid files, you can treat as garbage as their definition of good/bad files is completely opposite to yours. And assuming you trust your own judgement, that means those files must be bogus.
Reminds me a lot of the google pagerank system, but with explicit learning/training instead of using back-links for determining correlation.
Seems the trust system is prone to spamming itself. If the RIAA (or anyone for that matter) flood the system with bogus votes, then the "honest" votes will get ruled out.
I haven't read the description closely, but it's hard to see why flooding the system would matter- it isn't majority rule, it's who do you trust and who do they trust. If the RIAA has ten million bogus users, I and a few hundred other people vote thumbs down on them but thumbs up for each other, then we have our little corner where a set of honest opinions exist (although it may take a while to initially connect to that group).
The way you would have to spam the system would be to vote honestly for a time and then switch abruptly, but even then the damage would be quickly mitigated as your credibility disappears.
So a 'good' rank is dependent on the whims of people who usually vote the same way that you do. So spammers will see high rated spam and non-spammer will see high rated non-spam. Simple.
The research and motivation for this is important. If peer to peer networks can be subverted, then they have lost their usefulness. IMO, the sharing of copyrighted data is unavoidable, and sacrificing the freedom of a protocol in an attempt to prevent it is shortsighted.
It probably would have been better for Cornell if it had been left as a paper, rather than implementing it.
"A language that doesn't affect the way you think about programming, is not worth knowing" - Alan Perlis
This is what happens.
Company XYZ comes up with P2P app.
Distributed online for free.
Users who claim to be legit flock on P2P site.
**AA lawyers swarm.
Site is closed down.
People are sued.
Real losers?
Company XYZ.
Users who are sued as examples.
You just lost the newest P2P site.
Wash. Rinse. Repeat.
lameness filter thwarted.
So, when's Slashdot going to impliment this "golden" system?
True, but Torrents rely on the community, while with things like kaaza, many times what you want is hosted by one guy, and it's hard to kick fakes. In torrents, fakes die very quickly, thanks to the 'OMG fake' comments on the torrent sights.
Who actually searches for files in the P2P client? Normally you visit some site where the releaser himself posted a torrent or an ed2k link and you download that.
I can't remember the last time I actually searched in eMule.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
Do people really think that Lord of the Rings deserved to sell just 1 copy, to the p2p hacker who ripped it?
There was a time when home video didn't even exist, and yet movies still got made. After their initial run in theaters, movies would only be shown every now and then on tv late at night. They were basically filler programming for what would have otherwise been dead air. One might even argue that the average quality of new movies has been on a steady decline since then.
Just because I can package something for individual sale and ask people to pay for it doesn't mean it's right, copyrighted or not. Especially when the producers more than recouped the cost of production long before going to video and that copyright is going to be extended ad infinitum.
"Just because I can package something for individual sale and ask people to pay for it doesn't mean it's right, copyrighted or not." Hi, this is reality talking, we'd like to know where you could have possibly formed such a delusional idea that people don't deserve to sell the things they made. I guess I will just go over to McDonalds now and grab a big mac without paying. I don't think it's right to pay and I haven't eaten for about 2 hours, so why should I have to pay?
Too bad he wrote as AC, but he has one of the most insightful points of the entire thread, an entire aspect that is overlooked.
The basic premise of the slashdot story is how cool it is that researchers are defending the acts of people to trade in uncorrupted *illegal* file trading.
After all, it seems the most if not all corrupted files are ones that, if they weren't corrupted, would have been illegal to trade anyway.
I think the RIAA and MPAA are scum sucking pigs who need bacon carved off their arses and handed to them. Still, I also think their concern about massive illegal fileswapping is legitimate, even though the leaders of their respective industries are the ones truly responsible for raping their own artists...
But what the parent is saying (and which is a very legit argument if you ask me) is that if you're looking for a Debian repository, you're almost certainly not going to find a fake file!
If you want to be sure, you can compare the file size to the official one. If it matches, you can be all but completely confidant that it's real.
After all, there are probably far fewer people trying to flood P2P with bogus files just for the hell of it then there are trying to flood P2P with bogus files in an attempt to protect copyright.
That's a lovely, scary, statement you've made there, and it's earned youa buncha karma...care to back up the claims with a citation or two?
Billions? I highly doubt Billions.
"Draco dormiens nunquam titillandus."
You don't get it. You can't infiltrate the trust circle. Those inside would shove you out, once they find out you are no good, so your basic premise fails.
I haven't tried VLC, but mplayer will usually play partially-downloaded torrents if they are mpeg files. It just skips the bits that haven't been downloaded yet.
It's less reliable with avi files: it doesn't seem to like it if the first part of the file is missing.
And I don't see why they'd bother, when a threatening letter is all it usually takes to take a torrent site down
That's not really true. Depending on where the site is hosted, legal threats could be more humerous than scarry.
Case in point.
Btw, if you've got a few minutes to kill, you should really check out some of the emails to and responses from thepiratebay.com. They are hilarious!
" if p2p files are legit, why do you need checksums.."
To verify that the file is, in fact, legitimate. There are a number of unscrupulous folks out there that would just love to have even just a few people install their trojans. As Ronald Reagan said "Trust, but verify."
This is easily counter-measured by "banning" sources which are unable to send me a valid chunk in X attempts.
I think that there could be an easy counter-measure for every measure that the anti-pirate industry takes.
Every thing they do is just an other inconvenience for the downloader, themselves, the legit downloaders, and Everybody Else (tm).
- Fake files. This is clearly a more primitive tactic and can be thwarted by clients that can be set to download the first parts of a file first.
- Incomplete files. The seeder reports having the entire file, but will never deliver certain parts of it. Thus, downloaders get stalled at 98.5%. And it's amazing how long people will wait for that last bit.
- Fake seeds. Haven't confirmed how this one works, but sometimes you'll see a torrent with an improbable number of seeders (e.g., 300 seeds and 100 leechers for a fairly new torrent). Lots of seeds attract more people.
- Timing. For example, demand for a movie will rise in the days shortly before its release. If you get your fake tracker up and running during that critical time before there's a real pirate version out, then you'll attract downloaders and waste their time. And there's a snowball effect: when people go to download from BT, all of things being equal they usually go for the tracker that has the most people on it.
Combine the tactics, and you've got a serious problem. Every user adds to the strength of the distribution network so tying up one client with a fake not only prevents that client from getting the material, it also keeps that client from helping others get it as well.If you're patient, persistent, and knowledgeable, you can avoid or minimize the impact of these spoofing tactics. But patient, persistent and knowledgeable don't really describe the average pirate (or just about anyone else, for that matter). The dedicated pirate simply won't be stopped, and the content producers know this.
Like you, I once assumed that the various forms of moderation on the torrent sites would mitigate this. But the countermeasure are slow to work, as I've seen fake torrents stay up for weeks. It's easy to post multiple new fakes. And users are incredibly clueless. I have, on several occasions, seen comment threads where several people will post "This is a fake, don't bother," but the torrent will still have thousands of people downloading and the very next comment will be something like "I've been stuck at 99% for three days, will somebody fucking seed this!!" Remember, the goal isn't to elimiate the network. The goal is to make it so untrustworthy and unreliable that it's too much trouble for Joe User and he'll go to the theater instead.