Grad Student Project Uses Wikis To Stash Data, Miffs Admins

Anonymous writes "Two graduate students at the Ivy League's Brown University built a P2P system to use abandoned wiki sites to store data. The students were stealing bandwidth from open MediaWiki sites to send data between users as an alternative to BitTorrent. There was immediate backlash as site operators quickly complained to the University. The project appears to be shutdown, but many of the pages still remain on the web. The project homepage was also taken down and the students posted an apology this afternoon." The same submitter links to two different forum discussions on the project.

Theft?

[palegray.net]

The students were stealing bandwidth from open MediaWiki sites

The fact that some "admin" abandoned a site, with open privileges to post on it, does not constitute theft. I manage servers and write code for a living, and while I'd put a stop to such practices on any site I managed, the use of the term "theft" is laughable.

This is very much reminiscent of Microsoft crying to the media that all their security problems were due to evil hackers, and not their abject failure to follow long-accepted industry practices for code reviews and architecture. My response: cry me a river, and congrats to the grad students for their innovative work in the field of distributed communications.

Re:Theft?

[palegray.net]

Hey, I agree it was a dick move on the students' part, but I still respect the research. Everything is obvious in hindsight, by the way.

What these students have really done is make a very public demonstration of something that's possible before less ethical parties got a crack at doing it on a large scale. For that, they should be commended. Would you condemn those who release proof-of-concept code for security exploits just because a vendor sat on their ass for months, refusing to care about the problem?

Re:Theft?

The fact that some "admin" abandoned a site, with open privileges to post on it, does not constitute theft.

Indeed. That's just foolishness on their parts. Perhaps they were a bit naive. However, this does in no way excuse or ameliorate the fact that the usage was clearly not authorized, and that doing so does constitute an offense.

You can quibble over calling it theft if you want. It's still not appropriate.

These grad students made a mistake. Exploring the idea? Sure. Pointing out the vulnerability? Fine. Doing it? I'm not surprised it ended up backfiring on them.

Re:Theft?

On the other hand, imagine if you have a outlet on your front porch, and somebody comes up and starts using power tools from it.

Re:Theft?

[perryizgr8]

and if you are in Scandinavia, i can go into any house and use the washroom.

Re:Theft?

[pdbaby]

I think it was at a similar time to http://michaeldaw.org/news/news-221206 this, using TinyURL for storage (although I don't think tinyurl had the preview functionality back then?)

Re:Theft?

[palegray.net]

Just to reinforce the old saying that you only truly have the freedoms that you can actually defend yourself, anyone who enters my home on an unauthorized basis is likely to get a .40 caliber answer to their silent question. Screw prosecuting for trespass.

Re:Theft?

[mzs]

I have family in Norway. They would let someone sleep on their front lawn without being asked, but only let them into the house under circumstances that made sense. No someone just walking in to use the bathroom would not qualify, but if they knocked and asked and felt safe, sure. Norwegians value hospitality and when I was going to visit once the family gave me a phone number of an organization in Norway that arranges cheap safe places to sleep for students. I slept on the couch in some couple's flat in Oslo the night between when I landed in the airport and took the train out the next morning. They fed me breakfast and simply would not have it that I pay them.

Big difference between virtual and real worlds...

[fuzzyfuzzyfungus]

In the real world, good old meatspace, there are actually "abandoned" things and properties. Things that, save for a few extremists of the no-srsly-guys-property-rights-are-eternally-laid-down-by-god-no-matter-what school, we can agree don't actually have owners in any meaningful way. Various peculiar exigencies create them; but they do exist. Taking them over, and bringing them back into productive use, is a clear good.

On the interwebs, the situation is quite different. Since any "location" on the internet corresponds to an active server, actively sucking power and depreciating somewhere, there are no "abandoned" locations on the internet. There are locations that don't change much, or aren't visited much; but they all correspond to real hardware that real people are paying real bills for(though, it is conceivable that, for a short time, a piece of hardware might be lost between the cracks and unpaid for until it dies or the situation is straightened out and it is disconnected). Thus, any scheme that involves making use of "abandoned" location son the internet is a load of crap. At best, it is an obnoxious creative interpretation of a bunch of TOSes. At worst, it is arguably theft of poorly secured server resources. Most of the time, as in this case, it is probably just spam.

Now, on a slightly different topic, it could well be argued that, on the internet, abandoned data can and do exist. Here a more interesting case could be made for the ethical utility of salvage projects, "abandonware" websites probably being the best known example.

Re:This Isn't Thinking Outside The Box

It's just stupid. "Hey, we noticed that three quarters of that privately owned parking garage over there isn't being used at any given time. Why don't we open up a car salvage business and store all the derelict junkers that we're parting out in their unused parking spaces?"

If the privately owned parking garage has a deliberate policy of allowing the public to come and park whenever they want, for free, you don't have much of an argument.

These are graduate students?!?

Apparently. Graduate students often make good use of things that other people MAKE AVAILABLE FOR FREE.

Re:This Isn't Thinking Outside The Box

Because someone started the car metaphor: The privately owned parking garage doesn't have much of an admissions policy, but it's for the use of the owner and his friends, he doesn't go through much trouble to protect it because theres no reason anyone would really want to park there outside of visiting him. Congrats for prooving him wrong, and coming up with a creative way to use the parking lot he hadn't anticipated... now cut it out.

Tangentially, these places aren't all that 'abandoned' it happened on a wiki I frequent, that has about 15 contributors, the last edit was made within a week.

Re:Why????

[physicsphairy]

While I doubt it was the authors' intent, this could actually be useful for creating 'plausible deniability', e.g., you want to provide resources to host legally questionable content, but do not want to open yourself up to any liabilities.

The fact that the content is split between many sites in unrecognizable pieces would also provide legal cover to those wishing to plead ignorant victim rather than willful enabler.

It's sort of like steganography for bandwidth.

Re:SlashdotFS

[joe_bruin]

I did some research into this a number of years ago (before torrents were around). I found that you can store 64 KB (if I recall correctly) in a slashdot comment. Now, the idea was not to to use slashdot as storage, they'd quickly put a stop to that. The trick is using slashdot and other forums and wikis as a way to get your data into the Google cache, where it will be served rapidly for everyone who wants it. There should also be forward correction data uploaded (like parity files) so that if some segments get lost, they can be recovered. Then what you need is an index file (kind of like a torrent file) that tells you what Google keywords you need to search for to find any given segment of the file, and software that will parse this file, download, and assemble the chunks into the completed data.

I wrote a little bit of code for it. It's all very straightforward, I just never got the time to get enough of it implemented to release anything. With torrents, it seems somewhat worthless to pursue now.

Re:"Abandoned" my pasty white ass

Well, my wiki is on the the list as well. Mine gets over 10000 unique views per day, so it isn't a small site by any mean. I wonder what criteria they used to judge 'abandoned' wiki installation, seeing as they use the new installation page as the wiki identifier.
 
I never noticed the spam page though, because I implemented a simple puzzle extension.
 
If these kinds of experiments annoys you, I wonder how you would response to the real wiki spam that seems to flood my site daily before I installed the extension.

Re:SlashdotFS

[David+Gerard]

yes, it was.

"LOLbot, how do we reverse entropy?"
i dunno lol

I have a friend who seriously tried to tell me that 4chan was a CIA entrapment operation for online activists. I'm not sure even an AI could reach that level of WHAT.