Slashdot Mirror
Anonymous, Decentralized and Uncensored File-Sharing Is Booming
PatPending writes with this excerpt from TorrentFreak:
"The RetroShare network allows people to create a private and encrypted file-sharing network. Users add friends by exchanging PGP certificates with people they trust. All the communication is encrypted using OpenSSL and files that are downloaded from strangers always go through a trusted friend. In other words, it's a true Darknet and virtually impossible to monitor by outsiders. RetroShare founder DrBob told us that while the software has been around since 2006, all of a sudden there's been a surge in downloads. 'The interest in RetroShare has massively shot up over the last two months,' he said."
Let the games...continue.
Clamp down on torrents, clamp down on file sharing sites, what do you expect? People to meekly give up sharing files?
It only takes one person to write a darknet program like this and the game is back on.
It sounds a lot like a program I'd considered writing before and if done right it's basically impossible to shut down, or compromise effectively, without severely screwing up the internet. Which is probably the next step.
Encryption shields activities.
Soon to boom - questions about generating PGP certificates
The Singularity is closer than you think
Quant
A true darknet would not depend on traditiona DNS (root servers). I can't immediately tell from their FAQ if their methods are entirely independent of DNS.
Freenet has been around that long hasn't it?
Verifiability via PGP vs Anonymity: of course you can't have it both ways -- that's how PGP works. From the project FAQ http://retroshare.sourceforge.net/wiki/index.php/Frequently_Asked_Questions#Is_RetroShare_anonymous.3F
Is RetroShare anonymous?
RetroShare is partly anonymous. There are anonymous forums and channels where no one can tell who posted something and you can download files from people your are not connected to anonymously, using anonymous tunnels. However the people you are connected to, know who you are and know your IP address. They can also see which files you are sharing, unless you mark them as not browsable. No one else on the network can see this information.
The friends of your peers also know of your existence, and can attempt to connect to you through the Auto-Discovery system, but they can't connect to you unless you add them as friends.
Sheesh, has no-one read Little Brother??
"downloads go via trusted friends"
This immediately shows the disadvantage of anonymized networks: all traffic is bounced of via several nodes, and thus a magnitude slower than more traditional p2p (torrent,eMule) networks.
But it is still way faster than going to a real store, buying it and playing it. Especially if you are on a budget.
"...files that are downloaded from strangers always go through a trusted friend."
Doesn't that just make the "friend" instantly liable for contributory infringement? It's going to be hard (impossible)? for the "friend" to qualify for "common carrier" status, which could provide a safe harbor against an infringement suit.
It's true that this setup appears to be resistant to monitoring by outsiders, but keeping the people you don't want as members out of your online network is difficult, to say the least. It's certainly more work than busting up torrenters, but it's not exactly a difficult barrier either.
And, if I'm providing files, I want files downloaded TO strangers to go through one of my trusted friends (of course, that friend is going to have the contributory infringement problems I suggested earlier.) I don't give a *bleep!* about the downloader covering his tracks, (And when has the xxAA gone after downloaders? Don't they always go after uploaders?) I'm more worried about mine.
If you are being monitored the police/... can still see who you are talking to even if they can't understand what you are saying. OK: if messages are routed through a friend to some other ''accomplice'' it makes things a bit harder for them, but most private networks like this will not have huge numbers of people on them. Also you can learn a lot just by studying the timings of packets (eg: a packet from A to B is often followed by a similarly sized packet from B to C, it looks as if A is talking to C).
Private darknets are a step backwards, IMO. At the one end you could have a large number of small networks between people who trust each other very well, but are limited in the size of the shared pool of material. At the other end you have less trusted large networks with a more material, but still nowhere near as large the entire internet, thus you would often not be able to find what you want. And the larger a network is, the less you are likely to trust everyone on it and the more vulnerable it is to infiltration. Even a small network could be compromised by someone who decided to betray all of their 'friends' (not necessarily out of malice).
'Breaking into the scene' of private darknets is diffcult for anyone who doesn't have pre-existing, probably real-world contacts (much like having ready access to good drugs, it might be easy for kids in a college environment, not so much for your average person). And at the end of the day, if you are going to limit your file sharing activities with a few people you know, you might as well just use email.
For a true culture of free information exchange, we need to look to systems that anyone with a connection and the right software can access and preferably search. This is far more technically challenging, and due to the measures taken to preserve anonymity, usually less convenient than what we are currently used to. But this will improve in due course. Tor, Freenet, I2P and others like them are the future, not walled gardens.
its not anonymous, its absolutely non-anonymous to your peers, and its not good cryptography. We will see a huge retroshare-bust, when the hype continues.
*downloading software*
Retroshare itself may not require any centralized resource at all, but... how do you find like-minded friends in the first place and establish a web of trust? You're going to need a centralized forum/chatroom, aren't you, where you can meet people and identify those with common interests and focus? Retroshare simply shifts the focus of the centralized resource from the actual sharing of data to the social aspect of creating and maintaining that web of trust.
And apparently all it would take, as hinted by someone else here, is one traitorous bastard in your web of trust to lay the whole thing out bare for the exploitation by others with selfish motives.
Now it would be nice if they make RS traverse NATs, because now connectivity ration is VERY low no matter how good that software is.
people will trust anyone with anything if the risk is low, and they find out their trusted friend is an fbi agent.
It only takes one person to write a darknet program like this and the game is back on. Crappy Home Remedies that don't Work
Nothing like spamming here to try to get the Slashdot "Bump".
I actually prefer store bought media material - known format, quality assurance & convenience. It takes me less time to find it in the store (hell even ask the staff) to get it than trawl through spam, traps, seo bullshit & so on. However availability is an issue - 'net has almost everything, stores not so much. Unless you want to order and wait, even then.
This availability factor can be a great annoyance. I discovered several years ago that the Dreaded P.D.Q. Bach Collection [*] was not available from any store in Finland, and that furthermore the stores within reach said they could not even order it. I ended up ordering it from Amazon UK, which involved waiting weeks and paying their shipping fees.
[*] I use the third movement of the Pervertimento for bagpipe, bicycle, and balloons from disk 2 as the primary ringtone on my phone. The third movement is mostly bagpipe and string quartet, and is rather attention-getting, in its own way.
Also the WAF (wife acceptance factor) who very much likes dropping the disk in the home cinema drive and doesn't like computers.
All of our CDs and BDs and most of our DVDs have been ripped to the media server. It's even easier to use than dropping disks in the home theater.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Crappy Home Remedies that don't Work
Or - Pearlyhomeremedy.com - I haz Crappy Home Remedies that don't Work pearlyhomeremedy.com
Web of trust models will only work where there is an incentive to keep people out of the network. In the P2P world its just exactly the opposite. Users want as many other users on the network as possible because it speeds up their transfers and increases the amount of available content. You could use web of trust for something like e-mail where users generally want to prevent spoofs, scams, and spam.
I realize that users of P2P networks want to keep *some* people (FBI,Secret Service,DOJ,Interpol,[M,R]P?IAA employees ) off but for the most part they want users on. The next problem is you have the lowest common denominator issues. Again you want it to be simple enough that everyone and anyone can use it so you have content selection but that also means you get the same idiots who are still providing the account and routing numbers to 419 spammers. All mister federal agent needs to is promise to upload tons of free porn and John HighSchool is going to cross sign his PGP key.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
At a glance, I don't see any hashes to validate the source files that are being downloaded.
If I were the Feds (of any country) or anyone who wants to inject malware (ie the recent Anonymous trojan), I'd replace the installers or redirect when people go to get source files or updates.
blindly antisocialist = antisocial
It has been hijacked by advertising agencies for commercial purposes.
es, that's true. Then again back when the internet was just taking off, there was hardly anything worth while - even the porn sucked - I mean wasn't any good.
The commercial interests got big corps interested in laying more fiber, beefing up the trunks, and having better home connections. AND it created more competition.
Sure there's a shit load of advertising, but for the first time ever, consumers now have the upper hand over most industries: we can compare prices, products, and service. There's still more work to be done, like with Doctors AND especially lawyers. Speaking as an investor, I wish all of these investor tools, free tools, were available back in the '80s when I started. Back then something that would look quaint to Yahoo! Finance would cost you hundreds of dollars a month.
No thank you, I don't want to go back to the "good 'ole days" of the Internet.
Oh and as far as that content that "needs" to be shared? Pffft. Keep it. I have yet come across something where I just HAD to have it - legality of the acquisition be damned!
crap that doesn't work.
I am TheRaven on Soylent News
There are countries (France, afaiu) where encryption is illegal without a "licence".
So while many comments here say you simply can't ban encryption without banning safe commerce, that's not so true. The government simply makes using encryption require a license and said commerce sites get a license and commerce and advertising continues. Joe Average User doesn't get a license, and when he does use encryption (with another unlicensed party), they go to jail.
The one sticking point that I have never understood about such a situation though is that the government must also ban sending "garbage/random data" between two parties, otherwise how does it determine when two parties are using encryption and when they are just catting /dev/random to each other?
As someone who just the other day uploaded torrents of their own work to some torrent sites this news intrigues me.
I put my books on Amazon, Smashwords, Demonoid, ISOHunt and Pirate Bay. Search for 'Michael Cargill'
If the file is on the harddive of the friend of a friend of a friend of a friend.
Will the download go through 3 proxies?
It is perfect. Nice and traceable.
Well, they won't kill your connection, what my ISP did is reduce all SSL connections to 7Kb/s (my normal web usage was 600Kb/s). This means banks, basic SSL sites all work fine, but try to use a VPN for work and you're not going to have any fun. I had to switch to a much slower ISP that didn't throttle SSL connections because of it. I expect a LOT more throttling like this to start in other ISPs over the next few years :(
Essen sie Scheiss, Jueden.
The whole network is only as good as its weakest link. I.e., if one of your trusted 'friends' is stupid and adds a RIAA bot, everyone who is friends with your friend just got screwed.
DC++ has SSL encryption now.
It still needs a "hub" but you can join multiple hubs. DC++ isn't cross-platform, but is reported to work well in WINE.
I don't know if multiple instances for RetroShare are possible or if the sharing person has control over chain sharing ... i.e. if a friend of a friend can gain access to files.
the only slackbuild i could find is for 12.2 and an older version of RetroShare
Politics is Treachery, Religion is Brainwashing
try
http://interface.sf.net is a second client
with better gui, icons, and more easy to use for new users,
Yep, only the fool that invited the xxAA to the network can be monitored. Up until the xxAA says "Help us [insert fool's name here], in return for not getting sued."
Having never heard of this software before and hearing about it now I'm betting that usage is again about to shoot up! :-)
The "content providers" really need to get a clue. this comic says it all IMO -> http://theoatmeal.com/comics/game_of_thrones
They make it ever harder to get content and then wonder why people are sharing more and more. I have pretty much ceased downloading MP3 because I can easily and cheaply get them from Amazon. I have pretty much ceased BUYING E-books because publishers jacked prices through the roof and I can download them in SECONDS. I download and save TV shows for later viewing often even though I have a couple of TiVO and record many of the same shows. That saves me the EFFORT of pulling them off my TiVO, editing them, compressing them, and copying them. If the transaction is easy ala Amazon's MP3 (which even copy to cloud storage!) then the sales will come. Perhaps it won't be at the astronomical prices these idiots dream of but it sure beats a lost sale doesn't it? Their idea is to bottle things up such that everyone is FORCED into their business model - I'm sorry but that's not going to ever happen. Make the transaction friction-less, have an extensive easy to use catalog, and make it cheap enough I'll buy it like some throwaway app in an app store and "content" will sell like hotcakes.
Now then, I'm off to download and check out this new program. It will sure beat having folks over with portable drives for swap parties or participating in huge Torrent clouds!
Build it, Drive it, Improve it! Hybridz.org
If the "see no evil" defense didn't work for a whole host of file-sharing networks over the years (all of which had teams of well-paid lawyers), it isn't going to work for Joe Random File Sharing Helper either.
In any case, if illegal file sharing is being accomplished through your machine, even in the unlikely event the xxAA doesn't sue you, you can certainly be subpoenaed to cooperate to figure out who the upstream file provider is.
To turn your analogy around, this is akin to you sitting in your car while your passengers rob the bank, getting your license plate scribbled down, and the cops questioning you about who was in the car. Even if you don't actually know what was going on (unlikely), you can bet they'll still be dusting your car for prints.
Perhaps this is the sort of application that will finally push more people to use PGP. On of the main problems with PGP now is that so few people use it. Outside of my work, and the occasional other tech geek, nobody I know uses PGP. And they all should. Everyone should use PGP. It's like being the only person in the world with a fax machine. I hope that this is the type of application that finally pushes PGP over the hump into mainstream use.
Congratulations, you found the Safe Harbor provisions. However, if you want to claim "Service Provider" status, that same section (subsection (h)) also authorizes copyright holders to completely pick apart your "service" via subpoena and allow the xxAA to implement "infringement finding" tools on your "service" upon request.
Oh, and if you forgot to warn all your users that they could be cut off for repeated infringement, you aren't protected at all. That's right, if you failed to get your friends to agree to a TOS, you've waived your protections.
one could use spoofing to do some interesting stuff.....add proxu chaining inside a program form trusted sources and....well
ok, I can see several serious issues with this dark net. So. How about this:
1. A dark net where the data in the network is in a cloud
2. Every client can potentially also be a server
3. A file is never send from a to b it is always sent through c, and possibly d and e as well
4. The client keeps up a data stream of 1 to 2kb, some of which is files and indexes being propagated, some of which is encrypted garbage packets
5. The network is treated as a cloud service, your file could come from anyone
6. All clients have files stored as encrypted hash pieces. When a file is requested, any client with a hashed encrypted piece of the file can send it. This makes it hard to tell from where a file originated
7. All files are encrypted and segmented and hashed making it possible to distribute a file across the network without any single client knowing what they have
8. The key for decrypting file segments comes from the originator, or anyone with a full local shared copy off the file
users would need to download the client initially
Client will need an initial list of known network nodes
Thoughts on this idea welcome
I just wondered how resilient to a weak link this is.
Isn't your whole personnal network only as safe as the least safe member ? Say you get malware designed to fuck the network up, aren't you compromising your whole network, and therefore the whole network of each member of your network and so forth ... ?
I have a lot a friends I could use this service with, but I'm not sure I would trust them on security matters...
Because if (as always) the flaw is human, than this is nothing better than bit torrent. It is safer now because it is under the radar but that's all.
what WASTE does? http://en.wikipedia.org/wiki/WASTE
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
The problem with networks like this is that you have two extremes:
You can have a small network with is secure, but it has very little content.
You can have a large network - which means more content available, but it has a higher chance of being infiltrated (because the more people are in it, the less likely it is to stay secure, and the more high-profile the network becomes).
The natural tendency will be to grow the network into something larger all the time. Afterall, if you want to play that new game that came out last month, somebody's going to have to add it to the network, and if it's just you and a couple friends, you probably won't have an inside source to get it.
If people keep coming up with these "solutions" to enable piracy, then maybe it's best to attack the problem from another angle: focus on the bug in pirates' moral programming that makes them believe that piracy is okay.
if people found a meek way to circumvent monitoring, Govt. and peanut holders will find another way to montor and banish it.
And then when the Govt and "peanut holders" are too successful and bold in their tyranny, that's when The People start storming the Bastille and putting people's heads on display.
It is easy to comprehend how sharing works. The only problem is that the site doesn't explain how do I make friends.
I2P is a real time anonymous p2p network like TOR, it may be of interest.
http://en.wikipedia.org/wiki/I2P
"You passed more than 100 anti-American laws, Senator. Your life comes to an end now."
http://www.youtube.com/watch?v=0la5DBtOVNI
Shoes for Industry. Shoes for the Dead.
All websites are slowly going to 100% HTTPS. The only reason they ever weren't in the first place was that
...Internet Explorer on Windows XP and Android Browser on Android 2.x phones do not support Server Name Indication (SNI). Without SNI, name-based virtual hosting is impossible because the client can't see the SSL certificate for any site on an IP address other than the first. This won't change for another two years, after which point Windows XP will have finally left extended support.
Maybe someone will mod this up for others to see, but the thread is probably too old already. Thanks again.
Sounds much better to me. All kinds of protocols can run on top of it, mail, http, bittorrent, etc.
Which means you don't need separate programs, you can use your existing ones, like Thunderbird or Azureus.
You're a FUCKHEAD whose "interests" are obviously threatened by what was said by the poster you replied to - are you in "advertising" by any chance? I'd say so - making your "living" off of adbanners online perhaps?? You're a FUCKING LEECH, point-blank/bottom-line, period...
I pay for my online time out of pocket - I am going to BLOCK THE HELL out of scum like yourself that take away from the bandwidth I pay for with your adbanners, and outfox your STUPID ass. You're also not going to track me, or put malware into my system via your adbanners either (which has happened MANY times due to the incompetence of "profit seekers" for easy-money like yourself!).
Additionally - On your "business model" bullshit - do you even HAVE a business degree? What exactly makes YOU an "expert" on business models, exactly then??
Go away, fuckhead: You and "your kind" out there today? You make myself and anyone else reading here, FUCKING LAUGH, & especially @ you & "your kind" (deadweight useless wretches that pass through life "faking it until you make it" living off of the efforts of others, nothing more).
Best part is, per subject line above? Is that I can BLOW AWAY your stupid attempts @ emotive manipulation by cutting out the tools you use to do it (via HOSTS files, AdBlock (though it's not what it used to be), &/or NoScript) in adbanners!
Adbanners - which suck away the online time bandwidth & speed I pay for out of pocket, and for what? So you can attempt to psychologically manipulate me into thinking "Gosh, IF I drive that kind of car, or drink that beer, then I too will be a 'cool guy' and have all the chicks, etc./et al"?
LMAO!
Man... THAT is COMPLETELY utterly deceptive and manipulative bullshit, that only weak-minded FOOLS fall for anyhow...
HOWEVER:
The best part of this is your reactions here:
http://it.slashdot.org/comments.pl?sid=2706161&cid=39244491
* QUITE "EMOTIONAL" and based on "feelings" on YOUR part there too, eh?
Yes... you "tip your hand" & give away your "tell" by your reactions there in the link above...
(Clue: You've just been manipulated yourself into said reaction, giving away the fact YOU live off of adbanners etc./et al yourself). Pitiful, and you're EASILY "seen through" (you have revealed yourself as just another marketing useless scumbag who lives off of attempts @ psychologically manipulating others for profit... low!)).
The number of low-income individuals who continue to make do with some anachronistic Pentium 4 is really quite large
A lot of the people who have posted comments to the story Ask Slashdot: Life After Firefox 3.6.x? appear not to understand this. They think $100 a year for a new computer every four years is cheap, not realizing that the $ itself is expensive in economies whose currencies are depressed by the Balassa-Samuelson effect.
and those people are not about to go out and spend a few hundred bucks they don't have on a new computer or OS just because Microsoft discontinues support.
Why would people who own a PC based on a P4 or Atom CPU (they're roughly comparable clock for clock) buy a new operating system when they can install Xubuntu?
And anyway, the point I was trying to make wasn't that SNI would immediately become deployed in April 2014 but that there was a damn good reason not to deploy it before then. Please allow me to correct myself: "This won't change for at least another two years."
Love the idea, not so much on the execution, tried this out and ended up with errors and a bsod. Uninstalled.
The website knows what the client's browser is.
How so? The server has to provide the correct certificate before the client sends the User-agent: header. Otherwise, the server would know which site's cert to use from the Host: header, which is sent just before the User-agent: header.
There is nothing stopping it from redirecting all users with compatible browsers to the HTTPS version, today.
Say someone with an SNI browser shares a link with me via e-mail, IM, social network, or however, but my browser doesn't support SNI. Because the person who sent the link is using an SNI browser, the user was redirected to HTTPS and therefore the link is HTTPS. But when I try to open the link, I get a certificate error: "the URL says example.com but the certificate says webhostingcompany.net".
providing a message to users of older browsers that their shit is old and busted and click here to download the new shiny
Such a download won't work for users who aren't the computer's owner or otherwise the administrator. Nor will it work for devices whose browser is part of an operating system package that only the manufacturer and/or carrier can update, such as any Android phone stuck on Android 2.x.
My ISP has already shut it down by disallowing and scanning for open ports on my machine or router. They simply do not allow me to operate a server in any capacity, all under the guise of protecting the internet from any viruses I may have.