Reputation System Fights P2P Junk

yeejiun writes "Many of the files that are shared on p2p networks tend to be junk. Organizations such as the RIAA and music labels regularly pollute these networks with nonsense files masquerading as real music/video files. These junk files make it difficult for users to find what they want on such p2p networks. Some researchers at Cornell University have developed a reputation system called Credence, that works on the Gnutella network, allowing users to tell the good files from the bad ones."

Self-policing is needed

[case_igl]

"...allowing users to tell the good files from the bad ones."

Don't you mean the real illegal files from the fake illegal files? Seriously, it is no surprise to me why P2P has gotten a bad rap. Many of the users simply use P2P apps to commit piracy.

Yes, there are legit uses as well. But honestly, if you are looking for free music from a band that has released it as such, you can usually find it. It's the copyrighted commercial music and video that have tons of fake files, porn movies, etc...Not Jim Blow Sings the Blues, Live from Natrona, PA!

You can already tell

[ravenspear]

It is already very east to tell the junk files from the good ones. The junk ones will come from a very limited IP range. What usually happens is that the *AAs, and the companies they hire to pollute the networks will use the entire IP range they own to do that, but that usually still only amounts to a few class Bs. The good files on the other hand will come from all different class As.

You misunderstand

[fbartho]

You misunderstand what you quoted... if they flood the system with votes, it matches them with the type of vote they make, when you use it you are matched with the type of vote you make... Thus, if you mod real files up then another user who mods real files up will trust your mods more than somebody else. If the evilpeople mod real files down and bad files up, then they will trust the mods of other evil people, but they won't trust your ratings, and you won't trust them.

Thus if you wanted to have a really easy way to find a list of crap files, you just have to mod down every real file you have, and mod up every piece of crap you have, then do a search. Your results will be clustered by the trust that the file you are getting is "like yours" or in that case, a fake.

Re:Who cares

[PhreakinPenguin]

I'm thinking this is a troll but what they hey, I'll bite. The problem with the P2P flooding is not that people don't know how to use it. I've used P2P for quite awhile now and would consider myself somewhat "skilled" at searching for things I need. The junk files are the exact same size as a normal file would be. A song for example, will show that it's a 192KB song, lasts 4:30, and is shared by 40 people. So you download it and start to listen. The first 30 seconds is perfect audio, then it's followed by 4 minutes of either dead silence or some sort of annoying tone. I can almost guarantee that there's more junk out there than real files. And as a side note, you may want to know what you're talking about before you start calling people dumb.

Taking advantage of the hoarder mentality

[hellfire]

Many hardcore file shares and hosters, dare I say most that would call themselves hardcore, are not in it for getting free content on demand when they want it. They are into collecting absolutely anything and everything they can get their hands on. In some collections, people wouldn't possibly, in their lifetimes,be able to listen to all the music or watch all those movies. But just the thought of having it makes many hoarders happy. And it's not even necessarily reputation amongst others. It could be in many cases, but not always. They just have to have it.

What's my point? Well, this is the greatest strength and weakness of peer to peer. Hoarders ensure a healthy flow of files, but they rarely actually check what they have. They don't check to see the software works, or if the music is a complete copy, or that the movie was cut down to a quarter of the original screen size.

This is what companies take advantage of, both those who want to hurt swapping, and those who just want to seed files for the purpose of installing some evil spyware. It's nice to have a bunch of people trying to seed the masses but cmon the point of file sharing is to pool our independent resources. For someone who doesn't have all day to search for files and test quality and whatnot, it is sometimes less painful to just go buy the CD than it is to actually try to download it amongst the mess of files that are out there.

Re:Taking advantage of the hoarder mentality

[cowscows]

And that's why there's such a great business opportunity for downloadable content. That's why Apple is selling so many songs with their music store.

"Casual" downloading of shared content is hard, especially if you want decent quality. Convenience means a lot to people. There are lots of lazy individuals with plenty of money, and they'll happily give you a little money if you do some work for them. And figuring out a decent download counts as work.

I don't mind the music and movie studios being against file sharing. I don't even mind them suing people who share files. I just think it's kind of silly for them to be as vocal about it without offering something to compete with it. I mean, these people run giant media conglomerates. You don't get into that position without at least a decent amount of business savvy. Why are they so unable to see a big potential source of business?

But I agree with you with the hoarder mentality, and I find it sort of fascinating. A few years ago I had a roommate like that. He had every game imaginable, and no time to play them since he spent all his free time downloading more. He had every piece of graphics software I've ever heard of, and no time to really learn how to use them. He downloaded 320x240 copies of lots of crappy movies, and he watched some of them, but always secluded back in his room by himself, cause nobody else wants to watch sucky quality like that. While my other roommate and I would buy a few DVDs, and hang out in the living room with a couple other people and make it a decent social event. It was interesting to watch this kid go.

Companies hurt

[jamienk]

Many many companies (and individual artists) have faced SERIOUS economic damage by attempts to thrawt P2P from being absolutely ubiquitous and maximally effective. Estimates are in the BILLIONS of dollars (US only) of lost sales in broadband connections, blank media disks, large hard disk drives, software support, consulting fees, home audio/video equiptment, and the like. And Western countries are fast falling behind as the majority of educated citizens from developing nations take advantage of the black market for these goods and services while Western citizens are blocked in droves by propaganda, political corruption, inferior substitutes, and FUD from fully participating in the open exchange of science, the arts, poltical discorse, and culture in general.

Credence will hopefully bring us a bit closer to reaching our current potential.

Re:Companies hurt

[helgihg]

Yes, yes. Actually, the evidence behind sharing artwork simply does not stand with the case. It is ASSUMED that they're losing an X amount of money because of some Y factor, but no evidence has popped up yet to actually support these claims. I believe that it's a fundamental mistake to first of all assume that those who are downloading copyrighted material, are going to be less interested in buying a retail version. I think this whole thing is a misunderstanding. I think somebody who downloads Fight Club and loves it, is in fact MORE likely to buy the retail version than someone who never saw the movie to begin with (or experienced it as-good-as-it-gets in a moviehouse or something). I think the fundamental mistake here, is to assume certain behaviour upon dozens of millions of people, in a multi-billion dollar industry, and to me, that's not just scientifically shaky, it's also intellectually proposterous. People don't just work the way you (or the companies) assume they work. The companies are NOT losing money, quite on the contrary the industry is expanding faster than ever before, and absolutely nothing indicates that the free flow of information in general (regardless of copyright) has any consideriable negative impact on the interests of these companies, not to mention the good it actually does to the idea of a people, that have the opportunity to know what they're buying before they buy it. That's not a very high standard, to know what you're buying, and me being able to use my mother's car every once in a while does not mean that I don't have any reasons left to buy my own car. Quite on the contrary, if I'd *never* use my mother's car, I'd probably just be happy with bicycling. But I'm not. I like to drive, and I want my own car. I bought myself a Muse CD the other day after a buddy of mine showed me dozens of their songs, 100% illegally. This people-work-in-the-worst-possible-way theory just has to go. It just doesn't work like that. I'm betting on that not only the industry, but also the public, will have grown up from this scientifically shallow theory of a people that simply hate good products. It's just simply not the case.

Self-control is needed

"Don't you mean the real illegal files from the fake illegal files? Seriously, it is no surprise to me why P2P has gotten a bad rap. Many of the users simply use P2P apps to commit piracy."

I'm assuming Cornell has better sense than that, and is doing this research for much better reasons that to simply give piracy a hand.*

Of course technological solutions are "short-term" solutions, and never solve the underlying social problem. Only delay it ever being solved, by the real means it should be.

*The Semantic Web for example could benefit from a good reputation system.

--
"The "are you a script" word for today is notarize.

Re:eDonkey

[noidentity]

Doesn't the eDonkey2000 network already have a system like this? Users identify fakes and report them [...]

So all the RIAA has to do is report all the real files as fakes? Well, along with the fakes, otherwise the real files would be marked as the fakes and the fakes as the real.

Flaw in this approach

[typical]

Actually, while I doubt the OP intended it, he has a good point.

See, let's be honest about this. While there will *always* be jackasses out there who spam networks just because they can, and a few more people trying to shove spyware down people's throats, a pretty big chunk of the folks producing spam are those trying to prevent their copyrights (however overly-long-lived they may be) from being infringed upon.

So, the point is, that it's a good bet that a sizeable chunk of the files being shared aren't exactly legal.

Which means that you don't really want to make it especially obvious that you're sharing said file.

What this system does is provides a cryptographic signature on a small, publically downloadable piece of data that establishes that you have downloaded and *consciously examined* the file.

Frankly, this is pretty good evidence for someone trying to push an infringement lawsuit that you have infringed upon their copyright (yes, our work has MD5sum "foo" the same as the thing this guy is rating.

That being said, I do think that a more sophisticated method to this approach will win.

The largest problem on the Internet has always been rating and attributing data -- Google takes a pretty decent stab at some of the problem, and look how essential they've become. This just does a much better job.

Renamers

[DuranDuran]

Organizations such as the RIAA and music labels regularly pollute these networks with nonsense files masquerading as real music/video files. ...as do the "renamers". I wonder if anyone has studied why such people rename files in this way?

Can this system work on ./ ?

[fundflow]

This may automate the reviewing process

Re:eDonkey

[Jugalator]

Yes, it's not too uncommon. On BT, I just check how many seeders the file has. People don't want to keep and spend their bandwidth on seeding fakes.

So far, I've never fallen to a faked torrent with lots of seeds either. Even if RIAA could in theory set up networks to seed fakes, they don't seem to be doing it.

I think there'd be less confusion if the article title was "New Reputation System for Gnutella To Fight P2P Junk".

Still an issue with "hit-and-run"

[Kjella]

1. Mark a bunch of good files as good
2. Mark your bogus file as good
3. Spread your vote list on zombie network
4. Your votes corrolate highly with "good files", and there's no counter-votes by others (yet)
5. Trick lots of people to download it (the rating goes to shit eventually, but...)
6. New bogus file. Goto 1.

In addition, you have an issue with semi-good files. What if the encoding is flawed, should you mark it as bad or good? Either case can put you at odds with the general opinion.

Third, you have an issue with files trolling for incorrect votes. Create a "non-obviously" bogus file, which some people will mark bad, others good. You'll create a lot of conflicting votes and "noise" in the system to make attacks like above possible.

Kjella

Re:This has to stop

[cliffski]

couldnt agree more. P2P is superb stuff, and has all kinds of legit uses, but to pretend that its not 95% used to download copyrighted music and movies and thus save a few bucks is just denial.
There are far too may slashdotters who reply to any article on copyright with "get with the system dude! copyright is over!" usually they seem to be 13 year old kids who dont understand what its like to have your income and career based on developing electronic products.
Do people really think that Lord of the Rings deserved to sell just 1 copy, to the p2p hacker who ripped it?

Litigation index

[xixax]

Can this also be used as a metric for the RIAA and MPAA to decide which people to take legal action against? Go for the most trusted, most highly rated individuals and take out the most influential (central? critical?) nodes. In the same way that cliques of poisoners would stand out.

Xix.

Why is that AC post modded "Troll"?

[Travoltus]

I disagree that these scientists are breaking any *legitimate* law, but if you accept as a premise that they are, then they are in fact breaking the law using taxpayer dollars.

Instead of modding that down it should be modded up so more people can discuss the ramifications.

Do we allow taxpayer dollars to be spent on civil disobedience? On that issue, I am very unsure.

Re:this is stupid

[TheophileEscargot]

This system specifically addresses kuro5hin's main problem.

On K5, only a few people rate comments. Basically crapflooders cabals got together enough accounts to outweigh legitimate raters, giving them control of the rating system.

With this system, the crapflooders would be able to rate each other up... but if you rate differently to them, your view would ignore or reverse their ratings.

Wouldn't help anonymous users though.

Re:rtfa, sucka.

[cahiha]

No, the pot smoker is right. Your brain is too small to absorb their goodness.

The authors have not shown that their system is resistant to attacks. Maybe it seems plausible to them and to you that it is, but plausibility is not the same as actually demonstrating that property.

Setting a precadent

[gallondr00nk]

Despite everyone's views on the use of p2p networks, isn't it a dangerous precadent to set to allow these companies to steamroller over *anyone* who dares share copyrighted material. Is living in a DRM world where consumer rights are constantly reevaluated as to give us the least amount of enjoyment and freedom from our purchases worthwhile? It doesn't matter *who* these p2p sharers are, isn't setting the precadent of removing consumer rights by DRM (to copy, rip, burn for backup etc.) far more demeening and indefencible?

Another for the RIAA/MPAA Tool to use...

[Kamiza+Ikioi]

The system seems like a tool to use against the RIAA/MPAA to block pollution efforts. However, then the other shoe drops, and the RIAA/MPAA has a tool to target the highest ranked nodes/cliches/people. No longer do they need to figure out how many files you have.

They just have to find one file, extrapolate your rank to the average system rank, run a few numbers (and maybe a few inflated costs in there too), and bam... for sharing Happy Birthday To You.mp3, you get slapped with a $1 million infringement case because you happen to rank as a very high legitimate link.

On the other hand, this might be benefitial to take the heat off of the majority of the file trading community that honestly is NOT costing them any money. They don't need to target the casual "weekend downloader", who's rank should be significantly lower (being a new node on the network) than some guy with 4 160GB HDD's of the latest releases to theater and DVD. Nobody feel sorry when these guys (or gals) get busted. When 14 year old choir girls get busted, there is PR hell to pay. This system allows them to do that.

Didn't RTFA, but that's my first impression. A use to boost network quality, a use to increase (not decrease) the reach of the **AA's, and a use that may help both sides.

"Every tool has at least 2 completely unassociated uses. A spoon can serve food to your mouth, or gouge the eyes out of your enemies." - Me

Re:rtfa, sucka.

[pv2b]

1000 accounts per hour for an hour isn't outside the realm of possibility at all.

There are 3600 seconds in an hour. If you were to streamline the process of registering the accounts, so that the only human process were to decode the CAPTCHA image, I could definitely see myself performing one of these tests every 3.6 seconds, especially with some practice. (Depending on the difficulty of the test of course.)

This is where you employ people at minimum wage, or even illegal immigrants below minimum wage. I'm not that in to the exact figures for the United States, but I'd guess minimum wage would be somewhere around $5/hour. This makes it pretty cheap to create 1000 accounts. :-)

Now, going beyond say 1000 by a few orders of magnitude, the cost of passing CAPTCHA tests goes up the same way.

This, of course, is ignoring advances in AI technology that are starting to be able to identify and pass CAPTCHAs. It doesn't matter if they suck. Even if you only get 1% accuracy on them (lowball estimate), that only slows down an automated account generation attack by a factor of 100, and with *cough* clandestine grid computing *cough*, this becomes a quite effective attack in todays world with zombies etc.

Re:eDonkey

[daikokatana]

Indeed - but there is a big problem with that system. eMule recognizes the file hashes and reports them as fakse, but it stops after that.

For the past few weeks, I have been rewriting part of the eMule source to have the following changes:

1. I offer a valid file with a valid hash (no fake) 2. People try to download the file from me and move up fast in my queue 3. Once they download a chunk from me, the data I send them is invalid (generated random) 4. Since this part is invalid, they need to redownload it 5. Since they move up faster in my queue than others, they redownload the part from me. 6. etcetera...

To be honest - I want to sell this tactic, that's why I do it. And so far it works! I get loads and loads of requests and rerequests for files, so this is a perfect tactic to kill the download of valid files - reputation system or no reputation system.

Remember, the file is valid, but they'll get it much much slower and spend x times the bandwidth to get it. I have unlimited bandwidth (up/down) so I always win in the end.

If whatever organisation I sell it to employs this on a large scale, the network will be flooded.

Evidence?

[venomkid]

"As you can see, your honor, according to a ranking system on the pirate file-sharing network, the accused had a high rank for carrying real, pirated files."

No, thank you.