Slashdot Mirror
Combining BitTorrent With Darknets For P2P Privacy
CSEMike writes "Currently popular peer-to-peer networks suffer from a lack of privacy. For applications like BitTorrent or Gnutella, sharing a file means exposing your behavior to anyone interested in monitoring it. OneSwarm is a new file sharing application developed by researchers at the University of Washington that improves privacy in peer-to-peer networks. Instead of communicating directly, sharing in OneSwarm is friend-to-friend; senders and receivers exchange data using multiple intermediaries in an overlay mesh. OneSwarm is built on (and backwards compatible with) BitTorrent, but includes numerous extensions to improve privacy while providing good performance: point-to-point encryption using SSL, source-address rewriting, and multi-path and multi-source downloading. Clients and source are available for Linux, Mac OS X, and Windows."
The need for this has been brewing for a while. Hope it does what it says on the tin.
Hmmm. The "get source" button goes to an email form for me. Does anyone know whether the source is freely distributable? If so, could someone please upload it as a torrent?
Hmmm.
So how long before the **AA bury this is a mass of litigation?
Though the main advantage of this system is that you can limit the access to a selected list of identities so this to my mind becomes more like a private group.
But at some point you have to grant access to people or you will have no audience, and I have often thought that private groups are like encrypted networks - they only raise the suspicion you have something to hide.
"The Internet interprets censorship as damage and routes around it."
- John Gilmore, Co-Founder of the Electronic Frontier Foundation
Finally had enough. Come see us over at https://soylentnews.org/
I'll be charitable and assume you are just uninformed. Inform yourself.
It's weird. But when I download their binary .tar.gz there's a COPYING.txt file, and OneSwarm's license is GPLv2. Then why are they blocking downloading of source?
And also, it's written in java. Bleh.
#
#\ @ ? Colonize Mars
#
nice to see some NSF funds going to good use.
ôó
How is this any different to P2P over TOR, except for the fact TOR exit nodes tend to block several 'standard' P2P ports (which is easily fixed by using a non-standard port for your P2P)?
TOR has the added avantage of nobody needing to use some new piece of specialized software to be able to get the benefits of anonymity - and it's not used for a single purpose - so people can't go 'Oh! he's using OneSwarm! He must be P2P sharing, and want to hide it!' ....
One problem from the demo seems to be that you need to have friends. I don't know anyone that has the por^h^h^h files that I want already.
Everything you know is wrong, Just forget the words and sing along.
I believe there have been p2p networks in the past that have tried something similiar to this.
The problem is that they never scale well. Once they get very large it takes forever to download anything.
It works okay if you have just a small local network (like say a college campus worth), but then the amount of content is very limited.
I don't see anything different about this effort in reality.
We're just packaging up the source now (we just released this today), and will post a link on the website soon. Thanks!
This is the reply I got from using the mail form.
Please explain.
If "Joe" in Virginia and "Mike" in California each have a copy of Hannah Montana's latest episode, I use Utorrent to directly connect to their IP address and start downloading pieces. How does OneSwarm work differently to get this video over to my machine?
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
I was reading about TorrentPrivacy last week, and it sounded nice, except the site gave me a heavy "fishy" vibe, and they charge a fee for their service.
I'm reading up on OneSwarm, but I don't know enough about the technology to know if this works the same way, or better than TP. Any thoughts?
Raging in an online forum won't do anything for the world around you. To see change, you must take action.
Do you think that your average user will replace a software that works for a new one? Do you think that they care about privacy? Do you think that they know what SSL is?
Laws used to be about freedom and justice. But now corporations are making laws.
Lobbying used to be called bribery. It also used to be illegal.
That's lobbying for you.
Self reference paradox anyone?
Finally had enough. Come see us over at https://soylentnews.org/
ISPs, the RIAA, and the government cannot poison the well if they can't find it.
Why not implement it within TOR? We could use some more exit points, and this seems like a great method of accomplishing that.
I still insist that the TOR cloud should contain transparent caching proxies and the like so that it doesn't need to use those rare exit nodes as often...
And before somebody starts groaning about it, TOR isn't flawed or "insecure." It's not a security tool. It is an anonymizer. Its purpose is exactly what P2P users need.
Use my userscript to add story images to Slashdot. There's no going back.
freenet (there is a dark net mode since version 7).
I remember people arguing dark mode being an anonymity thread itself. I case you computer is seized you and your 'friends' are immediately identified as part the of same conspirative group (based on client's friend list). Might rather be a problem in totalitarian systems where being suspicious is enough to face personal detriment (no pun intended).
A while ago I used Grouper. It's a peer to peer system where you have to join a group to download files from someone else in the group or you can choose to make your files public and search for public files. If someone can't get into your group, they can't see what files you have or what you're transferring. I dunno if the error correction and speed were up to bittorrent levels though. It was awfully convenient and awesome for collaborating on projects and stuff. I loved it so if this is sort of similar, I think it will do well.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
There have been BitTorrent clients for I2P for years now. They're useless, largely, because anonymous networks are nightmarishly slow and unreliable, and very, very few people bother to upload anything interesting (at least in my opinion).
Before anyone accuses me of trolling, I've been using TOR off and on at home since 2005, and I've experimented with I2P for about 6 months in the wake of whistleblowing of the NSA wiretapping program. They're horrible, frankly, and I only put up with TOR still out of sheer cussedness. TOR at least lets you get content from the outside world; I2P is darknet-only, and darknet-only content isn't that exciting.
In fact, it's frankly dull as hell -- mostly political rants and porn (often of the less than legal variety). Sure, that could theoretically be overcome, but it won't, because performance is so bad that no one uses them but people stubbornly making a political point or people with downright criminal tastes (like the child porn freaks that seem to dominate the core.onion message boards). Mainstream consumers want convenience, and darknets don't provide it.
The performance is terrible because every download on a darknet is limited by the upstream bandwidth of the worst of your peers -- each of which is generally passing through streams from several other peers at the same time. Think about this. Think of the common 128 Kbps cap on most residential DSL or cable. And this is when you don't have unreliable or malicious peers.
So, frankly, who cares? I pirate copyrighted material because it's convenient and it lets me intelligently spend my money only on things I've vetted first -- spending my money only on things that have merit. Darknet torrenting is simply NOT convenient, and I simply wouldn't bother if it truly became necessary.
I like the concept of TOR and darknets because they provide an important technological counterbalance to tyranny, but I seriously doubt that they could survive as a useful tool for issues less relevant that free speech and survival, like wanting to get movies for free.
much more accommodating to the friendless. And who'd want to be, what with their stinky packages?
"The ability to delude yourself may be an important survival tool" - Jane Wagner -
But supposedly the honorable people of Slashdot only use Bit-torrent for legal purposes.
Are you implying that the government and RIAA are "poisoning" LInux iso torrents and Creative Commons music?
Had to happen eventually. But it would be nice if there were C-based clients rather than Java. Java is cool, but it is also slow.
Still, this is just the first of what one can hope will be many. Props for doing it first.
Try using Relakks, SwissVPN or a VPN service similar. I use BitTorrent with them and regularly get 600k/sec or more transfers.
Its not as fast as my ADSL2 connection but fast enough for most things.
A simple question from a noob in the area:
Why not just peer-to-peer encrypt communication between BitTorrent nodes on the network? With keys that are distributed privately. Would that not completely hide the BitTorrent traffic making it impossible to eavesdrop at? If I sit by a router and see it transfer a blob of something that does not resemble anything else but an encrypted stream of something, I only have one choice - decrypt it first to see if the traffic belongs to something I consider illegal. But thats where cryptography comes in, right?
Try the following:
I2P net ...and probably more.
MUTE/ Kommute/ Ants/ Dargens
Alliancep2p.com
Filetopia.org
GNUNet
Rodi
Emscher
Some of these like I2P use bittorrent over their anonymized network (a BT client is built into I2P but you can use some others... Note that Azureus aka Vuze has I2P support built-in!)
Received an email back after requesting source, it will be available shortly.
Email reads:
Hi Annon,
We're just packaging up the source now (we just released this today), and will post a link on the website soon. Thanks!
-M
Public keys are public... So if you can decrypt the data, you are probably using a public key. Now if we used a public AND private key we'd be in business. Unfortunately, now everyone needs your private key; doesn't that make it public?
... because in your scheme there is nothing preventing the RIAA/MPAA from getting in on the cryptography action to collect the evidence they need. In other words, there is no way to filter RIAA/MPAA spies out from your fellow pirates.
All they have to do is infiltrate the method of "private" key distribution (which won't be all that private for any scheme involving more than just you and 3 of your closest buddies)
We've been encrypting BT for a long time now. It works against eavedropping, but that doesn't work against most of the bad guys.
The bad guys just find a torrent they think is infringing, connect to the tracker as an end node, and write down the IP addresses of any peers they can connect to.
So the trick here is to hide your own IP from the other peers. Actually, I had thought that I2P already provided this service.
Are you implying that the government and RIAA are "poisoning" Linux ISO torrents...? Well, I named my Linux Distro "BritneySpears_BabyBaby", and somebody keeps poisoning the torrent... it must be the RIAA!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Ouch. Well there is the argument that if someone's seeding bandwidth is being monopolized by RIAA bots on an illegal torrent then they have less bandwidth to seed on legal stuff. Even serving up fake data can harm legit swarms, since downloading is also good for the network.
So a "darknet" is a private (trust-based) network.
You know, like a regular network or VPN.
Oh, and you want to use your darknet for P2P, so you want it to be popular? Then just chain your trust so friends of friends of friends can join in. They're trustworthy, right?
This is completely stupid.
You can't establish a successful P2P network without a large number of users to supply bandwidth and content.
You can't get a large number of users without making it easy to join.
You can't make it easy to join while keeping up a level of trust. If Joe Schmo from the internet can get on, then Joe Schmo from the RIAA can too.
You can't anonymize or encrypt traffic while staying decentralized. To anonymize traffic you need a central server where all traffic is routed through, or you need to route through other users and maintain some meta data centrally. If you encrypt traffic, you'll need to decrypt it, and then it becomes a key sharing problem.
It all boils down to keeping the MAFIAA out. No one can ever explain how their various "trust" mechanisms ensure that the MAFIAA stays out (because they can't).
No one ever explains what happens when the trust is broken (the whole net instantly becomes untrustworthy).
No one ever explains how encryption helps untrusted connections (it doesn't), or why it is even necessary for trusted connections (well, I'll accept this since nowadays everyone is illegally snooping in on every bit of data it seems.)
Purely friend 2 friend based networks seem of quite limited use (come on, who knows anyone on the Internet really?).
There are implementations of Pseudonymous P2P clients like GNUnet which are much less trust reliant (more usable and robust). The only problem is, that they are somewhat alpha state and quite cumbersome to set up, and there are not too much files there. There are also a bunch of other approaches (here is a list of software: http://tinyurl.com/cvrvg7 )
Problem is, the *AA will probably run to the next congressman with bribes as soon as this kind of stuff gets mature and wide spread and will create a new law that makes proxying iProperty illegal, then start leeching..
What they are also doing (right now) is forcing everyone to keep traffic logs. They will probably want to extend it to make it querriable centrally (you know, to protect the children) and use it to track down people. Wait, the last one involves intelligence.. OK, forget about that.
just use freenet together with frost
./run.sh restart
./frost.sh
this is an index of all (?) "freesites" - you can visit as soon as you have freenet running
for linux users:
wget "http://downloads.freenetproject.org/alpha/installer/new_installer.jar"
java -jar new_installer.jar
cd "/path/to/freenet/"
mkdir frost
cd frost
wget "http://mesh.dl.sourceforge.net/sourceforge/jtcfrost/frost-04-Mar-2008.zip"
unzip "frost-04-Mar-2008.zip"
chmod +x frost.sh
you need to have java and I don't remember whether you need to run this as root. iirc you don't. The filename from the sourceforge link will vary - just check http://sourceforge.net/project/showfiles.php?group_id=25070
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
OneSwarm seems to have a lot more polish than the P2P networks I listed: In-browser previews, codec translation of media files, integration with GoogleTalk, etc.
The basic transfer functionality appears to be similar although based on the invite-only darknet idea. Personally, I do not think these darknets offer much advantage, as the other P2Ps (and also Tor) offer anonymity by maximizing the number of participating nodes... which provides resistance to authorities trying to social-engineer and recruit their way into smaller friend-based networks.
Really, what do you have to hide in your bittorrents that makes you so unconfortable?
Screw you, asshole, that's NOT the point. Goddamn motherfucking RIAA/MPAA troll..
Security is big issue that DarkNet has. I know that malware and other junk can come the neither regions of DarkNets and I worry about what pieces of malware that could affect file integrity in the P2P networks.
Because the investigators don't eavesdrop on your connections. They come into the network as a peer and ask your client to send them chunks of whatever file you are currently sharing. It's very easy for them to do:
Encryption occurs between peers - so your ISP can't decode the traffic, but the investigator can, because it is a peer.
...was that of a few University of Washington researchers being escorted into the back of an unmarked van.
You'll find plenty of "friends" on the net willing to trade in porn - or anything else, for that matter.
The question is, who do you trust?
In the case of OneSwarm ...an adversary would be able to correlate the increase in traffic between sender and receiver along an overlay path. FAQ
I can't quite shake the notion that a "web of trust" is inherently fragile.
That as they scale upward and are increasingly interwoven there will be a breach, a tear - that will unravel very quickly.
"Laws used to be about freedom and justice. But now corporations are making laws."
And what kind of laws are illegal down loaders making? So far as I've seen not one law has been changed because of "Arrr, I'm a pirate" and in fact the situation's gotten worse. So once again what has piracy done for "freedom and justice"? You know the "freedom and justice" that doesn't just apply to the "Arrr!" crowd.
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
What if you are doing something wrong but the authority think you're doing something worse? A real case scenario of this happening is the shooting of the innocent Brazilian in England.
The police thought he was a terrorist planning to bomb the trains, he thought the police were trying to catch him because of his expired visa.
But what happens when an investigator hired by a movie studio joins the swarm? How do you decide who gets a key and gets to participate in the network?
Mod points: Guaranteed to remove your sense of humor.
Side effects may include gullibility and temporary retardation
I can't think of a need for anonymous, untraceable exchanges of large volumes of data for something that isn't piracy.
Efficient transfer of large volumes of data? Sure.
Anonymous, untraceable exchanges of small amounts of data? Sure.
But really, if you're using this you're almost certainly a warez kiddie.
I'm a lead dev on a similar project called Anomos, which provides anonymous and encrypted BitTorrent without requiring the slow Friend To Friend system that this uses. OneSwarm is a cool project, but we have some advantages over this (although I'm sure they have advantages over us as well.) We're a funded project as well. If you're interested in this type of thing, you might wanna take a look at our project as well. (Also check out i2pSnark!) Ultimately (perhaps by the end of this summer), I'd like to see all of these approaches under a single roof.
Read the article, watched the video.
Very pretty, very nice, very private IF you have someone on the other end that you "trust". Gosh! This is just like IRC back in 1994 when you'd go begging for FSP logins to trade, and had to rely on some snot-nosed brat to deign to lower their [33+ selves enough to throw you a bone.
Please. *clicks on enable encrypted torrents only* There. Fixed. Goodnight.
[End Of Line]
This is something that criminals will use to steal music and that is the bottom line.
This is as true as someone willing to steal your brain.
Usable: OneSwarms interface is web-based and supports real-time transcoding of many audio and video formats for in-browser playback, eliminating the need for casual users to master a new applications interface or search for custom media codecs.
Does it seem even remotely plausible that someone using Oneswarm (either now or in the future) would have problems mastering "a new application's interface" or searching for custom media codecs? If you're downloading bittorrent files, you can play avi files, and I'm sure most people would prefer to play media in their preferred media application rather than in some slow java app.
And as others have mentioned, it seems similar to freenet, but without the datastore of each other's material on each node, and no "open-net" option.
The Freenet anonymous forum software "Frost" is spammable, and has been under prolonged repeated attacks for some time, so it is fairly unusable.
Use the Freenet Messaging System (FMS) instead. It is a decentralised and highly spam-resistant anonymous forum system, using a web of trust. It has an NNTP interface, so you can use a regular newsreader to read and write messages.
(That is another Freenet link, you need to have Freenet installed for it to work.)
Enjoy having your information handed over to the authorities if they request it, atleast SwissVPN will do so without much fuss.
I've been looking for a good opportunity to tell this story, so I might as well do it now.
I once read an article about a solo singer-songwriter called Ladyhawke, which I found quite interesting. I did nothing about this for a while, until I saw Amazon UK were offering £3 worth of free MP3 downloads. I tried to buy her first album using this offer, but ran into problems using the Amazon MP3 Downloader*. So I found a much easier and more sensible solution in The Pirate Bay.
But at this point, I found I actually liked the single. Quite a lot. So I ended up going back to Amazon, and ordered the CD instead. I ripped this to FLAC and frequently listen to the various tracks. So in this case, I pirated it, liked it, and bought it legally. This is not an everyday occurrence for me, but it does happen, and there are some things that never would've gained enough attention for me to purchase them if not for piracy.
*Can anyone actually tell me why I have to use this for albums when I don't need to use it for singles and the tracks aren't even DRMed? Amazon's FAQ was a complete non-answer and no one else seems to have any idea.
For one? One of what? Please be specific kind sir.
http://www.zombieapocalypse.tv/
When was this golden age? Laws have always been about both freedom and justice, on the one hand, and oppression and inequality. Racial segregation was maintained through laws, as were many other kinds of discrimination and unfairness. And other laws protect people against abuse and limit the powers of corporations (e.g., antitrust). It's been a constant back-and-forth, and corporations have always had a lot of power (think of the "company towns" of the past, which couldn't exist in the same way today). You can say the system has flaws, and you'd be right, but it's absurd to imagine that things were once perfect.
.sig withheld by request
...asks the person who who is posting anonymously.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Well, I named my Linux Distro "BritneySpears_BabyBaby"
Passing off is just as illegal as copyright infringement.
I assume this is about initial publishing of a new torrent. If I got a file to "publish" I currently would have to ftp it to one of these questionable seeders, and whatever bandwidth they got takes awhile to seed, without hundreds being in a position to prove who started the torrent.
With this a new peer would then have a net of a dozen friends, that it can't be proven (outside the trust ring) who started the ball rolling. So before posting the tracker I could start with a large number of peers, without using a botnet first.
You forgot the asshats option in the equation. What makes you think that someone won't put a "node" into malware of some sort - and maybe one that simply proxies data flows.
We can't even stop malware's effects on SMTP, which every network admin in the world would demand (or at least consider) a death penalty to the spammers responsible for it.
Push P2P out as a stealth software product, and all bets are off, and plausible deniability is on - especially if the malware itself adds in a "random request/IP masquerade" feature...)
Why bother justifying the piracy with the story? Obviously you feel just fine doing it for the sake of growing your collection of entertainment. What's the point of making it seem like it actually has some noble purpose?
You're overlooking the fact that you can still use this program to download things from regular BitTorrent swarms. Looking over their program, if you want to download a file that's not available through any of your friends, you can just get it through BitTorrent using the same client, but if the file is available on the anonymous network, the option of getting it securely is still available to you, thus, best of both worlds
I'll tell you what. Our boys have taken up pirating! One of the worst and coolest of crimes.
Come on, the little guy has always been taking it bent over. If anything its amazing what freedom and justice we have stripped from those with power. But don't delude yourself into seeing the past with rose-tinted glasses. It wasn't so long ago that half the country was enforcing jim crow laws. And what about constitutional amendments banning gay marriage? If anything the few times freedom and justice have prevail stands in dark contrast to the multitude of times it hasn't.
The RIAA have this idea that filesharing is, by definition, sharing of files covered by their copyright. So they attack indiscriminately.
The government has this fascination with invasion of privacy.
So what is the answer? I mean you got +5 insightful, but you didn't actually answer the OP's question at all, you just made some vague remarks about corporations making laws. What are you downloading or seeding that could possibly need privacy, other than warez?
The entire idea of the so called darknet originated in the minds of kiddies who are full of goverment conspiracies but lack the intelligence to truly think about what this means.
Your ISP KNOWS!
Your ISP knows EVERYTHING!
Your darknet lights the ISP up like a christmas tree!
Darknets only work when the ISP doesn't care to monitor and report the traffic that crosses its routers and if they don't monitor/report the traffic then you don't need a darknet.
A darknet is often suggested as a solution of getting around opressive regimes. But the problem is that the kiddies thinking about it have grown up in free countries and just don't get how effective oppression can be. Oh we are not talking the Chinese here or even the RIAA or other such amateurs but the north-korean goverment.
How is your darknet going to work if ALL internet access is monitored. Send of a packet on an unknown port to an unknown destination and they don't need to decrypt it, you will tell them what was in it because there is only so much the human body can endure.
To make it understandable, imagine you invented an absolutely 100% effective way to hide content in a telegraph message. You could send any message of any length and embed you own content within it and nobody would ever know. This would get you around any goverment trying to stop you from sending said message right?
If you say YES, then you are an idiot. All they got to do is stop you from using the telegraph itself. Put an agent in the office and simply monitor who uses the machine.
If the RIAA and the likes get their way then sending ANY info via your ISP that they cannot read as harmless, then you can't use a darknet because a darknet by its nature shows up as unknown and therefor harmfull to the powers that be.
If the teachers forbids you to talk in the class room then the students can come up with the the fanciest unknown spoken language they wish, but they still can't talk in class because the act of using your voice itself is what is forbidden, not the language itself.
So, if you and a friend agree to use an unknown network type that crosses an ISP and that ISP is monitoring its own routers then that traffic will show up and by the nature of being unknown will send up a red flag. Only when your ISP doesn't care can you use it and as I already said, when it doesn't care, you don't need it.
The only think darknets protect against is OTHERS outside your network connect from knowing about it. I can easily see whoever else is using the torrent I am downloading because this information is public. I can't see the users of your site however. So it is only simple defence against a very primitive form of snooping. But don't worry, the RIAA and the likes are already well ahead of that and want the ISP's, who by their nature are part of EVERY network connection you make to monitor for them.
Read up on freenet and its darknet dreams. It is a laugh. They dream of being the tool to allow sensitive information to get out of places like North Korea undetected when the very act of sending information out of North Korea over any non-approved and monitored method is enough to get you killed.
Or to give the final anology, I don't need to know where the messenger crossing the border has hidden the secret message or the code to read it on his body if I simply shoot everyone crossing the border.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Wow, I've played around with it and it actually seems really nice. Slick interface, java is really not bad if you know what you are doing. The default is a web interface that is actually quite nice. The program runs in your system tray, and opening it opens the web interface by default. There is also an extremely utorrent-like client that you can use as well. Will test further, if I didn't know better I'd say it seems like they built on the source of utorrent. It looks like they did an excellent job of building a regular bittorrent client, can't wait to test out the privacy they have built in.
I2P works fine and has plenty of content. There are three trackers and two torrent indexers. Crstrack has all types of content except porn and postman has all types of content except illegal porn. You can safely get any aXXo movie on crstrack just by asking for it in their request forum. Plus there are people posting Coda.fm music and DVDRips of whole seasons of TV shows. I'm sure a request could get you pretty much anything you want. And the speed is fine so long as you're connected to a few peers. Check out the selection through a proxy at https://www.awxcnx.de/cgi-bin/proxy4/nph-proxy.cgi/000100A/x-proxy/start?URL=http://crstrack.i2p and https://www.awxcnx.de/cgi-bin/proxy4/nph-proxy.cgi/000100A/x-proxy/start?URL=http://tracker.postman.i2p
You are correct. I2P does hide your IP address over BitTorrent or any other protocol. You just have to stay within the network. There are enough peers that it works, really quite well.
What we really need is wireless mesh networks formed from a bunch of cheap routers.
It would not be feasible to monitor a distributed wireless network covering a whole city or county. TOR running on top of this wouldn't have the asymmetrical upload limits that we have with our wired Internet run by The Man.
It would be the Wild West all over again.
"Censorship interprets the internet as damage, and blocks it." - me
Here's an example http://yro.slashdot.org/article.pl?sid=09/02/24/028202
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Several years ago I had a really bad idea that I sort of implemented but then forgot about. Or to be honest I scrapped it because I didn't want everyone in the world to hate me.
The idea was filesharing over email.
I put up a mailserver with procmail and a few scripts. When mailing to a specific address with a specific command procmail would execute a few scripts and send me a file. Very insecure, I know, but it was just for fun.
Expanding on that idea what you need is just to put some gpg encryption there, scripts on the recieving end that would download and store incoming files so that the mailserver wouldn't choke, encrypted announcing to your "peers" (the ones in your address book) and a forwarding service where you'd forward requests that you can't serve to your peers.
I'm sure there are tons of problem with this but the small test I did worked and I enjoyed working on it.
The scripts are long gone but the idea is still fun to toy with. Too bad I'm a responsible adult these days...
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
Which is largely how the web was, before (non-porn) people realised they could make money on that network.
Imagine you're sued by MAFFIA (oh gosh!) and they accuse you of downloading their newest movie.
What if you say: "I didn't know this was copyrighted, I thought it was a special promotion from my favorite MAFFIA label! Can you prove it wasn't YOU who started spreading the movie and lured me into this trap just to get sued?"
A major problem with this and all 'anonymous' file sharing things is the traffic! If you go through 3 nodes, that means 4x as much traffic as if you just went straight peer to peer. That means -you- need to use your machine for that much traffic, too, to help the rest of the network.
I don't know about you, but I don't feel like waiting 4x as long for my transfers.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
Ironically enough, Freenet is actually pretty fast nowadays. Still nowhere near BitTorrent, but automatically dividing each file into multiple pieces and the mechanism which causes each piece to become hosted in more peers the more it is accessed results in automatic load-balancing and a torrent-like effect. It's certainly much faster than Tor, and not subject to DoS attacks.
Tor isn't a darknet. It's an anonymizer. The fact that you're running a Tor node is not hidden; only what you're doing with it is. Even then there's a simple way of locating hidden services: simply correlate the uptimes of the server in question with the uptimes of Tor nodes.
Freenet doesn't have that problem, since accessing inserted content doesn't require contacting the node that inserted it; however, on-demand insert by Frost might cause a vulnerability, if the attacker controls a node adjacent to yours, since they can then see that a disproportionate amount of pieces for that file are coming from your node. Premix routing should fix that once implemented.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
"Think as infringing"? They do have to decrypt it first, dont they? What is the point of collecting IP adresses of all the other nodes, if they do not even know the contents?
if you communicate on a network, your communications are not private
simple as that
sure, you can do various obfuscating measures, but essentially, you are placing your trust in a communcation network, and all sorts of things can be spoofed and spied upon
the only way to communicate with someone privately is to get on a plane, fly to them, and go walk on a beach with them (so the crashing surf drowns out your conversation over any appreciable distance)
any other means of communication, ie, any means of communication where you are not in the same room as the person you are talking to, is philosphically immune to the notion of privacy
that's why i find absurd a lot of the indignation you at the government spying on you. sure, you can make laws that spell out in bold 72 pt font written in the blood of a virgin that any government agency found to be spying on a private citizen will be shut down and fed into a woodchipper. ok, so what? why do people think this matters? why do you think a law will rpotect your privacy on a system that is essentially a bunch of nodes beyond your control, o even beyond your ability to fully perceive what teh ehll those nodes are really doing?
the network is essentially not private. irreducibly not private. so arguing about the government spying on you or not is moot: you've already given up your privacy the moment you hit send on that email, or hit that form button that webpage. all sorts of third parties can be spying on you. why do think some law will protect you from that?
the internet is philosophically immune to the notion of privacy. meet the person in person, or give up your privacy. there is no third choice
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Then you have no reason to hide what you are doing.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
He's saying that he uses pirating to cull out all the worthwhile entertainment. I have spent a LARGE amount of money on very disappointing entertainment (music, movies, games, whatever) where the sample (30-second song bite or 30-minute game demo) looked great, but the remainder was absolute trash. I would love to have the whole product to see if it's worth a purchase.
This method allows your money to go to people who truly deserve it and not people who simply have good marketing departments.
In the olden days, files were actually transferred this way. Check out UUCP. But you were not anonymous, even if you encrypted the files.
The situation hasn't changed much today, except that most people go through the bottleneck (or should we say choke- and surveillance points) of ISPs instead of calling each others with modems directly. But the problem of privacy and anonymity is just the same.
cpghost at Cordula's Web.
FTTH... will probably make the use of "darknets" explode since upstream bandwidth will skyrocket. Network load issue will shift from client <->ISP connection to ISP backbone and peering with others ISPs. Diffserv may help a lot to keep things flowing with such a "congested" nightmare.
If in fact they are only ever downloading small parts of the file from you, how do they definitively prove that the file comes from you? And what percentage of a file constitutes the legal definition of a file? Pieces of a file are mostly just gibberish, I would expect.
Maybe we need to make a lawsuit deterrent at the peer level
by automatically breaking a copyright agreement just by using a client:
(stop me if this is stupid IANAL, it is that kind of day)
1. Create a piece of copyrighted/licensed material that the investigator doesn't have rights to, owned by some "Robinhood" - client maker/license holder.
2. Make a client only work if it automatically shares that copyright material, breaking the terms of it's license. (The client itself maybe?)
3. Everybody who uses the client, knowingly breaks the agreement.
4. If a John Doe lawsuit is filed, the "Robinhood" counter files against the investigator, who is inadvertently doing the same thing by using the client to investigate.
5. "Robinhood" only files a lawsuit in protection of the innocents who are targeted by third party lawsuits.
If you cant beat them... join them? :-P
ok.. actually that is probably dumb.. and no better than the mafia, but i really think the world needs a Robinhood right now.
All these tools are complimentary technologies. In other words they don't need to compete with each other. They may compliment each other if they play it right. The more complexity in the anonymity toolset, the harder it gets to break the anonymity.
With regards to the actual use, it is not for anyone to judge. That's the whole reason for existing.
With regards to performance of anonynets, sure they are slower, but that's the price you need to pay for anonymity. What do you want: convenience or anonymity? Make up your mind. Obviously choosing anonymity means you will need to be patient.
The bittorrent-like anomos blends the best of tor and bittorrent so potentially it may actually provide better bandwidth than just tor itself for downloading files. That said, in order to announce your files to the public, there needs to be a mechanism to do so outside of the anomos darknet. It is obvious that the announcing part may be done through tor hidden web service web pages, i2p, or oneswarm. I can't speak about swarm because I haven't looked at the sources yet.
Ok you can score me 0 now because I am an anonymous coward. This scoring system sucks and should be revised.
A troll? No. But you sound like one because you don't know what you're talking about. Talking authoritatively does not make you an authority.
> There have been BitTorrent clients for I2P for years now. [...]
I2P is a diminutively small network. It numbered between 500-1000 users the last time I checked (fewer now, I would imagine), many of them using slow links on the other side of the world. That is the reason I2P is slow. You seem to imply that the fault is in I2P itself. That is not the case. I2P has never even had enough users on high-speed links to be able to discover bottlenecks in its protocols in the first place.
Analogously, when a torrent has 5 seeds, it will download very slowly compared to a torrent with 500 seeds. Is it BitTorrent's fault that a torrent with 5 seeds downloads slowly? Hardly.
> TOR at least lets you get content from the outside world; [...]
I2P was specifically designed to be a darknet and not an out-proxy. The rationale is a practical one and can be viewed at I2P's web site.
> In fact, it's frankly dull as hell [...]
More opining that slowness and lack of interesting content is somehow the fault of the software and not the users (or lack thereof) - specious.
> The performance is terrible because [...]
That's merely one minor reason why I2P is slow, and moreover: Duh? ITS A MIX-NET. This is a well-known problem with mix-nets, not with I2P specifically. And it becomes less of a problem as the network grows. One problem is there are no mix-nets the size of the BitTorrent network(s) to cite as an example, so I'll use Tor as my exhibit A.
Someone recently posted to the Tor mailing list some speeds they had seen while using it. I was surprised to see they were so high, from 50kb/s to over 1mb/s. And Tor has only ~1200 servers (many of which are highspeed, luckily), and less than half of them are exit nodes.
Now, as your criticisms of I2P are actually criticisms of mix-nets in general, who says mix-nets are doomed to slowness? I'd love to measure the throughput of a BitTorrent-size mix-net. If I2P had as many high-speed nodes as Tor, perhaps it would perform as well as, nor nearly as well.
> So, frankly, who cares?
People who know instead of acting like they know.
> but I seriously doubt that they could survive as a useful tool [...]
Fortunately, your doubts are mis-placed.
For the visual learners, here is your argument in pictoral format.
http://xkcd.com/538/
Information wants to be $1.98/lb.
sslsniff v0.5 : http://www.thoughtcrime.org/software/sslsniff/
dsniff (sshmitm) : http://www.monkey.org/~dugsong/dsniff/
ettercap : http://ettercap.sourceforge.net/
Nothing's secure.
Cool BS of the year From One Swarm FAQ:
Q: Isnâ(TM)t P2P software just for piracy? Donâ(TM)t you have better things to do?
Like the Internet itself, a P2P file sharing service is simply a mechanism for delivering data. The difference between P2P designs and existing client-server designs is the potential for radical scalability and open access. Today, popular services like YouTube, Flickr, and iTunes rely on costly, large-scale content distribution networks and/or data centers. In our view, the need to create an Internet-scale infrastructure to build an Internet-scale service represents a failure of the underlying network architecture and software interface. And, the centralized control of these services represents a barrier to sharing controversial or private content. Like other P2P services, OneSwarm is a step towards fully addressing these challenges.
did you read your own link? it clearly shows that the "passing off" as a trademarked work must have damaged the goodwill of the trademark holder.
I apologize for linking to the wrong page. In the case of intentionally mislabeling something free as something famous and non-free, does this page apply more? Trademark dilution
keep wasting your points kids
DRM-free indie games for the PC and Mac: Positech Games
Friend to friend is susceptible to infiltration. Why go to all the trouble? There are many p2p darknets out there and many more in the pipes that solve the problem of the fuzz zapping you for making copyrighted material available using a purely technical solution that doesn't affect the user experience. These solutions offer much higher assurance than 'only sharing with your friends' could ever offer.
These darknets work, and suffer only from lack of users. The question is: Why? Answer: There is no need for them.
Huh? You may ask. People are getting sued. How can you say there is no need? You might think: "If enough people get sued then there won't be any more illegal content for me to download!"
Yet there is plenty of illegal content available to download on P2P networks. There are enough idiots, and naive folks, ( and even a constant supply of new ones ) to make copyrighted material available that despite the best efforts to sue them out of existence, they are still there. And you can download copyrighted stuff illegally with impunity as long as you don't share it. The reason is that if they sue you for downloading, you can just say that you own what you downloaded. The cost of getting out of a lawsuit is the cost of whatever the content was on eBay. 'See judge, I already owned this, but I wanted to play it on my MP3 player and I don't know how to translate a CD into MP3 so I just downloaded the MP3. It's not worth their time to send you the notice.
I think some people just don't know how to turn sharing off, or don't understand the increased legal risk of sharing, or like to feel important looking at their server logs and seeing all the people using the service they provide of sharing illegal content. There will always be children and teenagers downloading and sharing music unaware of the trouble they could get their parents in.
So the leachers can leach as it is, and the sharers are largely too naive to understand that they need a safer way to share music. Once one of the newbies wises up, they don't even need to switch networks to continue getting their copyrighted material illegally. They just become leaches. Nobody in the game has any need that can only be satisfied by a darknet. And because the P2P software companies don't really help users hide, nobody can say they built the system to be abused for illegal purposes. If that were the case it would be very simple to add at least some rudimentary security against snoopers.
Any darknet is going to have to offer very good speed, and some compelling feature other than security to take off. People won't switch for security, though they might switch for something only possible with such security.
What features? How about being able to host a distributed website, where you can post anything without fear or reprisal or of having it traced back to you? You post your signature, and it's like your tld.
One can imagine URLs such as: http://localhostport/tims-signature/filename?version=3.0+ that would get any file named 'filename' signed by Tim with version greater than or equal to 3.0. Of course you would design the URL query syntax to support ranges of versions, specific versions etc. You might want the earliest available version with version greater than X, or the latest version, or the latest version greater than X, or whatever.
Current P2P illegal filesharing occurs because the users are naive. But these users aren't PRODUCING any content. They are downloading it and mostly accidentally sharing it, requiring no effort on their part. Someone who produces content on the other hand is not going to be so naive. They are going to have to understand the tool to use it. If they choose to share ( publish ) something, they are going to see dialog boxes that will inform them as to some of the implications. Because they are actively taking an action, they are going to look before they leap.
The current web does a g
...
well, maybe this will make the point clearer. What are you sending in the mail that you don't want three tiers of post office inspectors checking? What are you cooking on your barbecue on Saturday that you don't want the police coming over and sampling? What are you doing late at night in front of the computer that you don't want a federal trace record of that is available as a matter of public record? Personally, I don't want a federal public record of my internet traffic because I don't think my neighbors really need to know what kind of porn I enjoy...
Yeah, I know, I get that. It's still just padding out the entertainment collection through piracy. Only watching/listening/playing/whatever once doesn't change the basic fact. I just wonder what the point of bothering to justify it as something more is. Is it for recruitment of new infringers? To calm lingering guilt? Perhaps a humble method of bragging? I'm genuinely curious.
NSF Grants require they choose an Open Source license. Though not necessarily GPL.
I wouldn't really consider this method "padding the entertainment collection" if they delete all the rubbish that is collected.
If you go to a restaurant and get a shitty meal, you have an option to get your money back. You then have the option to try that restaurant again at a later point or just not go ever again. You also might have a hard time removing the awful taste from your memory. (this analogy is wearing thin, but you get the idea)
Most stores don't allow opened movies or games to be returned, so you're stuck with your $20-50 purchase.
Because the government believes that the default content of "privacy" is "criminal activity".
~REZ~ #43301. Who'd fake being me anyway?
The pelagic argosy sights land. Repeat. The pelagic argosy sights land. Groups to follow. 25. 16. 44. 44. 25. 16. 48. 37...
Errm. I don't agree that the War on Drugs is starting to abate. Most of the latter part of the campaign has indeed been a sort of civil war.
Unless it's changed substantially in the last year or so, that's not been my experience AT ALL. Tor is usable, but freenet was never anything more than an interesting demo to me.
Why not a network that changes it's protocol every week. And publishes a protocol .dll, .so and .jar file to those who register with it. That way, the cost of development efforts for those not on the distribution list (e.g. MPAA) becomes too great to keep up with it. Not private, but kind of like changing the locks to the house every week and only giving the key to people that aren't going to sue you for what they find inside.
Use some kind of signing mechanism to ensure the protocol library can only be used by registered applications, don't give the protocol libraries out to MPAA/RIAA
Problem solved?
outside your control
you can not be certain it is private
its simple as that friend
no technology gets around that concept
even these fancy quantum entanglement set ups, spooky action at a distance: they barely have the things working and there are already theoreticians talking about decoding that communication
if you want privacy, stay off the internet
if you want to use the internet, be prepared to have a sliver of doubt about all of your communications
you don't get communication on a network of wires outside your control that is private
its simply philosphically impossible
get used to it
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
> Which is largely how the web was, before (non-porn) people realised they could make money on that network.
...) and silly goofing around (e.g., the Church of Spam). Occasionally these two categories combined on a single website (e.g., look at all these cool Mandelbrot-set images we generated).
I don't remember it that way. I remember the web being dominated by two things: academic information (e.g., history, science, mathematics,
Then sometime around 1995, people started getting on the internet who were *not* in college, and the rest is history.
Cut that out, or I will ship you to Norilsk in a box.
thinking about the fact that every hobo today sports lists of at least 200 myspace friends, it seems only a matter of time (and demand), till the social networking mania spreads towards darknet like structures that don't only share personal details, but also content in your network of friends... just the next step.
Then don't run a TOR node. You can run a hidden service without running a node these days.