Reputation System Fights P2P Junk

yeejiun writes "Many of the files that are shared on p2p networks tend to be junk. Organizations such as the RIAA and music labels regularly pollute these networks with nonsense files masquerading as real music/video files. These junk files make it difficult for users to find what they want on such p2p networks. Some researchers at Cornell University have developed a reputation system called Credence, that works on the Gnutella network, allowing users to tell the good files from the bad ones."

better answer

[eight+and+a+quarter]

quit downloading crap off of kazaa/grokster/morpheous/etc. dont trust brittneyspearsporno.avi.mpeg.exe

this is stupid

[Madd+Scientist]

if the RIAA is willing to create junk files, you really don't think they are going to create fake accounts to rate their junk files as "good"? ANY system you put in place that gathers "votes" from users can be manipulated.

Re:this is stupid

[Creepy+Crawler]

Look at kuro5hin's rating system. In a democratic system, participation is the key. AT that site, very few comments are rated upon. The few that are rated are the...

1: Master parent in big thread.
2: 1 and 2 child of master parent (in a big thread)
3: Obscene trolls (...you donkey-raping shit eater...)

Past that, not many care. Of course we have had a few mod-trolls who create a few accounts to run everything into hidden (similar to beiong -1'ed here), but are countered by the users actually participate for a short while.

Since the voices on K5 get out, nobody cares about democracy. Just hop on over there if you dont believe me.

Here's a simpler idea...

[lightspawn]

If a file appears to by RIAA-affiliated music, treat it as a junk file.

Why bother with music the artist doesn't want you to have? Just forget about it altogether and discover new music, even new types of music that you'd never realize existed, much less that you could enjoy.

Nice countermove...

[barks]

I like this idea. Media hordes, read as RIAA and MPAA, will constantly try to find technical ways to put the P2P genie back in the bottle.

For every Napster (Kazaa, etc.) they close, another will be spawned. For every fake or intrusive system they create to battle downloaders, another downloading method will be innovated. For every commercial they feature a celebrity crying copyright heresy, /. mobs will just mock them.

It's no shattering concept there'll never be a checkmate for either side.

Re:One problem with this Credence system:

I think the main insight and contribution of the system is that the reputation of a peer according to you is determined by whether he/she votes in a similar manner as you.

So if the RIAA starts spamming Gnutella with lots of junk stuff, you will never vote in the same way as the RIAA dummy accounts, and you don't take their votes into account.

In fact, it seems the system is even smarter than that - it can take votes from people that are strongly uncorrelated with you and use that as negative information. So anything these people vote as valid files, you can treat as garbage as their definition of good/bad files is completely opposite to yours. And assuming you trust your own judgement, that means those files must be bogus.

Reminds me a lot of the google pagerank system, but with explicit learning/training instead of using back-links for determining correlation.

Re:This has to stop

[jericho4.0]

You're a troll, but your first paragraph accurately represents what many feel about this.

The research and motivation for this is important. If peer to peer networks can be subverted, then they have lost their usefulness. IMO, the sharing of copyrighted data is unavoidable, and sacrificing the freedom of a protocol in an attempt to prevent it is shortsighted.

It probably would have been better for Cornell if it had been left as a paper, rather than implementing it.

Huh

[TCM]

Who actually searches for files in the P2P client? Normally you visit some site where the releaser himself posted a torrent or an ed2k link and you download that.

I can't remember the last time I actually searched in eMule.

Re:Self-policing is needed

[EvanED]

But what the parent is saying (and which is a very legit argument if you ask me) is that if you're looking for a Debian repository, you're almost certainly not going to find a fake file!

If you want to be sure, you can compare the file size to the official one. If it matches, you can be all but completely confidant that it's real.

After all, there are probably far fewer people trying to flood P2P with bogus files just for the hell of it then there are trying to flood P2P with bogus files in an attempt to protect copyright.

Re:Torrents can be bogus too.

[Spudds]

And I don't see why they'd bother, when a threatening letter is all it usually takes to take a torrent site down

That's not really true. Depending on where the site is hosted, legal threats could be more humerous than scarry.

    Case in point.

      Btw, if you've got a few minutes to kill, you should really check out some of the emails to and responses from thepiratebay.com. They are hilarious!

Re:Torrents can be bogus too.

[SpecBear]

It's happening. Contrary to what many on slashdot think, the *AA orgs employ some pretty clever people, and the pirate networks are far more vulnerable than is often assumed. Check out the comment threads on some new releases at one of the torrent sites, and you'll see that a number of spoofing tactics are in use:

• Fake files. This is clearly a more primitive tactic and can be thwarted by clients that can be set to download the first parts of a file first.
• Incomplete files. The seeder reports having the entire file, but will never deliver certain parts of it. Thus, downloaders get stalled at 98.5%. And it's amazing how long people will wait for that last bit.
• Fake seeds. Haven't confirmed how this one works, but sometimes you'll see a torrent with an improbable number of seeders (e.g., 300 seeds and 100 leechers for a fairly new torrent). Lots of seeds attract more people.
• Timing. For example, demand for a movie will rise in the days shortly before its release. If you get your fake tracker up and running during that critical time before there's a real pirate version out, then you'll attract downloaders and waste their time. And there's a snowball effect: when people go to download from BT, all of things being equal they usually go for the tracker that has the most people on it.

Combine the tactics, and you've got a serious problem. Every user adds to the strength of the distribution network so tying up one client with a fake not only prevents that client from getting the material, it also keeps that client from helping others get it as well.

If you're patient, persistent, and knowledgeable, you can avoid or minimize the impact of these spoofing tactics. But patient, persistent and knowledgeable don't really describe the average pirate (or just about anyone else, for that matter). The dedicated pirate simply won't be stopped, and the content producers know this.

Like you, I once assumed that the various forms of moderation on the torrent sites would mitigate this. But the countermeasure are slow to work, as I've seen fake torrents stay up for weeks. It's easy to post multiple new fakes. And users are incredibly clueless. I have, on several occasions, seen comment threads where several people will post "This is a fake, don't bother," but the torrent will still have thousands of people downloading and the very next comment will be something like "I've been stuck at 99% for three days, will somebody fucking seed this!!" Remember, the goal isn't to elimiate the network. The goal is to make it so untrustworthy and unreliable that it's too much trouble for Joe User and he'll go to the theater instead.