Slashdot Mirror
Protect Your P2P Privacy
BillGatesInABikini writes "APC Magazine has a short piece on protecting your privacy online while using P2P software with the likes of Peerguardian (Windows) and MoBlock (Linux). It's concise and to the point, and a real eye opener if you don't currently protect yourself while using P2P for transferring files, legitimate or otherwise."
But don't we all know this already, being the tinfoil hat crowd that we are?
A witty saying proves nothing. Voltaire (1694-1778)
Even if you use these programs, your IP address will be exposed to others, if not directly than indirectly. It's simply part of how P2P works over TCP/IP.
Just looking at the screenshot, why would you block 'the State of Wisconsin'? I suspect that those lists are just a big mashup of every corporate IP block ever, because a bigger list has to be more secure.
[Fuck Beta]
o0t!
The safest method of using P2P software is not to at all.
Seeing as how various law-groups continue to think they run the universe and thus have the right to destroy computers by "injecting" infected files onto the P2P network.. Egh.
Empathetic-- 94% You tend to walk in someone else's shoes a hundred miles before pointing a finger.
Tried peerguardian, and it blocked slashdot. Every over site I use seems to be fine, but slashdot didn't like it. Had to get rid of that (or at least enable all http).
how does Moblock compare against using the peerguardian plugin for Azureus on Linux? Whenever I start Azureus, it spends a short time fetching the "biglist" and then regularly updates that list according to how I've scheduled it. Moblock apparently has to be manually fed and launched
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Which is scarier? The need for P2P privacy or this being posted by Bill Gates In A Bikini?
Developers: We can use your help.
If people think for one second that RIAA and MPAA are using their public blocks of IP ranges to bust people, they should think again. There's a false sense of security in running these programs - people continually see blocked IP range hits and think, "Look at all the bad people I've blocked." If you think you're being smart by using peerguardian or protowall, consider that these companies are smarter by using public and spoofed IP addresses. Not to mention, the majority of those the downloaded lists include massive amounts of "safe" peers that are being unnecessarily cut off.
I protect my p2p privacy by leeching off my neighbors unsecured wireless. I kid, I kid....
Posting this article as if it were some brilliant nugget of wisdom is just plain retarded.
First, these tools truly do not anonymize your P2P activity. All they do is block whole groups of IP addresses. The blocked addresses are presumably the record labels and other alleged "bad actors".
Second, the assumption that this is an effective means of blocking the record labels or other entities from finding out what you are up to is seriously flawed. The breadth of the IP groups that these tools block are bound to yield many false positives (many innocent and unrelated sites get blocked). Additionally, they are fundamentally flawed because they presume that RIAA/MPAA/etc will confine their activity to obvious named entities and not one or several cable modems leased from comcast. Even when this monitorer has been active reporting copyright violations and such, there is generally no reliable means for these list-makers to establish which IP actually was responsible for the original observation/evidence gathering. Even if the list-makers could presumably establish that, they would need to ban whole blocks of IPs on dynamic networks (e.g., all of Comcast in LA) to just to block that one account...
Third, using these tools as akin to admitting you are committing piracy because the only concievable utility is to attempt to hide from industry. Though I personally believe that almost all of these P2P systems are used almost exclusively, in practice, for various forms of copyright infringement, with the exception of BitTorrent (which has clear legit uses), using these tools basically just reinforces that you are trying to hide your actions from a particular set of people, namely, RIAA, MPAA, and other related organizations that are trying to enforce copyright.
You might argue that the powers that be are misreporting violations, but I, for one, do not buy into the notion that users would go through the trouble of installing this tool (and all the pains that go with it) just to try to escape the very remote chance that RIAA/MPAA will falsely report your linux distro download as a piracy.
The whole idea that peerguardian and the like are a means of securing yourself is ludicrous. I'll give you a scenario.
RIAA/MPAA commissioned security firm runs an ultrapeer/server/hub and you connect to it. You happilly upload an index of your hashes. An automatic flag alerts them that you may be hosting someone elses copyrighted materials because you have a known hash. They attempt to connect via their corporate connection, but recieve no response, you have an IP range block firmly in place. They then inturn try to access your machine via *GASP* AOL! Sure, it's dial up, but they are just out to verify anyway. They recieve confirmation that you are hosting the latest Brittany Spears album and proceed to email your ISP with the details of your infringing activities.
There is security, and then there is a false sense of security.
To a noob, root is like a gay bar...and he's wearing assless chaps
It seemed that tor stopped working with bittorrent, but I heard somewhere that it still worked if you changed the default listen ports.
Anyway, there's so much content out there on the net these days I am sure that most of it is not associated in any way with either the RIAA or the MPAA. THe net is international. You can download experimental Soviet cinema and thousands of obscure art films there's thousands of documentaries and then there's thousands of hollywood produced films that are already in the public domain for all sorts of reasons aside from simple expiration. I'm sure that the truth is that only a very small minority of the material being traded on file sharing networks is actually in any way associated with the RIAA or MPAA.
http://azureus.sourceforge.net/doc/AnonBT/i2p/I2P_ howto.htm
;-)
Crypto is the key my friends
Anyone use MSN Messenger? If so, you've probably noticed those medium-sized advertisements at the bottom of the contact list. Well, fire up PeerGuardian with "Block HTTP" on, and you won't see any advertisements on your contact list at all!
According to PeerGuardian those advertisements are coming from "Doubleclick," which is also why some Firefox+MSN Messenger users will occasionally have IE Doubleclick cookies pop up in a report after running AdAware or SpyBot: Search & Destroy.
That is why the P2P indexing server run by the security firm commissioned by the RIAA/MPAA is on the block list.
Revised scenario:
Your computer tries to upload your list of hashes, but the packet never gets through, so they don't have your list of hashes or you IP in the first place. If you are using a client such as eMule that lists server info, it is very unlikely that you will even try to connect to said server since eMule is unable to query that server such as name, current/max users, and number of files.
I'm not saying that PeerGuardian/MoBlock are the be-all and end-all of security, but if you are going to participate in illegal file sharing, running such tools is better protection than nothing.
Karma: Incomprehensible (Mostly affected by posting at +5, reading at -1, and metamoderating everything unfair.)
Using P2P whith blocking blacklists makes absolutely no sense.
The point of P2P is sharing. So you are supposed to share, or eventually there is no P2P at all.
Yes, the blacklists are supposed to only block the "bad guys", and let you keep sharing with the "good guys". What an idiocy! Does anyone believe that people spying on P2P networks are SO stupid? It seems obvious that they will use plain DSL connections with dynamic IPs which are not on any blacklist, so you definitely won't block them.
An effective blacklist would block everyone, and if everyone used it, it would destroy the P2P network.
With a partial blacklist you can be pretty sure that you are NOT blocking the machines you would want to.
Look at the screenshot in the article. Yes, it was choosen carefully so that you can see Sony in there. The rest is mainly (European) Universities, and the like. Do you really think that RIAA sying on P2P would be from European universities?
Either use P2P and share, or don't use P2P.
Shouldn't the title be "It's no panacea"? I.e. There is NO cure-all because P2P is based on connecting directly to other IPs. That's simply how P2P.. yada yada..
Or is this one of those Americanisms where words/phrases/idioms suddenly mean exactly the opposite of what they actually say and we're supposed to accept the fact that language is always changing?
The lists work by adding addresses that have busted people, and other suspicious blocks. I've had two cease and desists, one from the studios, and one from Microsoft. If it wasn't for PeerGuardian, I would have had to stop using p2p altogether because a C&D would quickly become a civil suit if I didn't CEASE AND DESIST IMMEDIATELY. A suit I would likely not win against a major corporation.
If it weren't for PeerGuardian, I would have dropped out in 2001.
Your post is nothing but FUD. PeerGuardian and the like is keeping p2p alive. You are acting like it is killing p2p. You are, quite frankly, completely and utterly full of shit.
What is going on is a TECHNOLOGY WAR. If you can't keep up in the arms race, you will simply become collateral damage in the long run.
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com