Anonymous, Decentralized and Uncensored File-Sharing Is Booming

PatPending writes with this excerpt from TorrentFreak: "The RetroShare network allows people to create a private and encrypted file-sharing network. Users add friends by exchanging PGP certificates with people they trust. All the communication is encrypted using OpenSSL and files that are downloaded from strangers always go through a trusted friend. In other words, it's a true Darknet and virtually impossible to monitor by outsiders. RetroShare founder DrBob told us that while the software has been around since 2006, all of a sudden there's been a surge in downloads. 'The interest in RetroShare has massively shot up over the last two months,' he said."

Whackamole!

[MaskedSlacker]

Let the games...continue.

Re:Whackamole!

The more they clench their fists trying to maintain control, the more sand slips through their fingers. You can't stop firesharing, full stop, end of sentence. People will always find a way, even if it means SneakerNet. They need to give up trying and just accept the fact, dedicate their energies and resources to things that are actually productive.

Re:Whackamole!

[The+Master+Control+P]

"The more you tighten your grip, Tarkin, the more systems will slip through your fingers."

Re:Whackamole!

[DanielRavenNest]

25,000 downloads a day is utterly trivial in comparison to the hundreds of millions of downloads of file sharing software from CNET alone, let alone other sites:

http://download.cnet.com/windows/p2p-file-sharing-software/?tag=mncol%3Bsort&rpp=10&sort=downloadCount+asc

The amusing part of the CNET downloads, is that CNET is owned by CBS, a major media company. So any attempt by CBS to sue file sharers can be countered by the fact that they encouraged it by distributing the software on a massive scale. The same story, on not as massive scale, is true for Fileplanet, owned by IGN, which is a division of News Corp, owners of Fox:

http://www.fileplanet.com/73/0/1/2/1/section/File_Sharing

Re:Whackamole!

[Runaway1956]

Actually, we haven't stopped SOPA. SOPA is being recycled under different names, with different advertising soundbytes. Lamar Smith is authoring another SOPA already. http://www.itworld.com/security/251584/sopa-replacement-uses-child-porn-excuse-spy-997-percent-americans

http://www.gamermc.com/2012/03/02/tired-of-internet-censorship-bills-join-the-black-march/

Our friends in Europe are waging a war against ACTA that we Americans were to stupid and/or to lazy to wage for ourselves. TPP is being negotiated in the same secrecy with which ACTA was.

What a surprise

[Nursie]

Clamp down on torrents, clamp down on file sharing sites, what do you expect? People to meekly give up sharing files?

It only takes one person to write a darknet program like this and the game is back on.

It sounds a lot like a program I'd considered writing before and if done right it's basically impossible to shut down, or compromise effectively, without severely screwing up the internet. Which is probably the next step.

Re:What a surprise

[wvmarle]

One possible strength is also an obvious weakness: everything hinges on trusted friends - i.e. if you do not have any trusted friends that use this RetroShare then you can not join the network, unless you are willing to join through a non-trusted friend. A side effect is that the amount of content available on this network is highly limited.

This works until critical mass is reached, which very well may just have happened. Enough people in the network that most of the rest of the world has a friend that is connected already, and increased word-of-mouth advertising, and more content which in turn attracts more users. Closure of megaupload and some other legal wins against torrent sites will surely have helped them too. But without critical mass it's still not a viable option for many bittorrent/megaupload refugees.

Re:What a surprise

[StripedCow]

...it's basically impossible to shut down, or compromise effectively, without severely screwing up the internet. Which is probably the next step.

"You have transferred more than 100kB of encrypted data. Your internet connection will be suspended until the end of the month."

Re:What a surprise

[EdZ]

It basically sounds like Perfect Dark, but with manual initial per-finding and weaker security (if you always have the same web of friends, you can likely be tracked by this web).

Re:What a surprise

[bobbocanfly]

"You have loaded an HTTPS site. Your internet connection will be suspended to the end of the month". It would never work.

Re:What a surprise

[David+Gerard]

Scammers can sell the service of buying your way in.

Re:What a surprise

[sortius_nod]

Exactly. Most of my traffic is HTTPS these days - mail, search, twitter, work, the list goes on. Any ISP trying to bar encrypted traffic will lose customers quicker than they can ban them.

Re:What a surprise

[trancemission]

+1

Sadly here in the UK some ISPs just rate limit all traffic [unhappy Virgin Media customer - soon to change :) ]

http://www.virginmedia.com/images/tm-table-fu-large.jpg

Re:What a surprise

[biodata]

No this is backwards. The internet is a mechanism for exchanging data and messages between computers. It has been hijacked by advertising agencies for commercial purposes. Darknets will strip out the cancer.

Re:What a surprise

no it cannot.

if people found a meek way to circumvent monitoring, Govt. and peanut holders will find another way to montor and banish it.

it is a cat and mouse game where cat almost everytime wins as mouse is standing in an open place.

Re:What a surprise

[Vegemeister]

The FAQ makes it sound like file transfers are 0 or 1 hops, and you can only see the files shared by people up to 1 hop away. It seems more like a collaboration tool than a darknet.

Re:What a surprise

Around here the only options for western media are pirate copies, either you torrent them or you pay for a pirate copy. Unfortunately, even the ones in fancy boxes are typically TV rips rather than real copies.

I'll delete the copies I have when I move back to the US, but it's pretty much the only access I have to my own culture right now.

Re:What a surprise

[lattyware]

Sky (on an LLU) offer a truly unlimited service, no FUP at all. ADSL24 also offer true unlimited packages on LLUs and unlimited off-peak (midnight-8am and weekends) on fibre and normal ADSL/2/+.

Re:What a surprise

[Runaway1956]

"in fact they lose money for the extra data transferred as adverts over and over again for no reason other than to push up a metric that says the advertisement was viewed,"

I should send a letter to my ISP, asking for a discount, since I don't see adverts. My router doesn't even pass requests to advertising sites. Multiply the savings by four computers, I'm saving them a LOT of money!

Re:What a surprise

[4phun]

It basically sounds like Perfect Dark, but with manual initial per-finding and weaker security (if you always have the same web of friends, you can likely be tracked by this web).

Now all of a sudden Google's new March first privacy policies make a lot of sense. If they can connect all the dots to reveal the connections things like DarkNet, Google would be of great value to the government and no one else need be any wiser.

Re:What a surprise

[pla]

Darknet is the opposite of the main commercial function of Internet - advertisement.

I will presume you don't mean that as a troll, and simply don't remember the internet back before "marketing" turned into a four-letter word.

The internet arose and thrived before the corporate world learned how to make money with it. Primarily universities, but also a steadily growing number of people who realized they couldn't live without it after graduation from uni, paid for a network connection so they could participate in this wonderful global sharing of ideas. And before that, people paid for access to very very crude (by comparison) dialup BBSs that gave them just the smallest taste of what an online global network had to offer.

The problem we have with the internet today, and I would say broadcast-vs-cable TV has the same problem - Companies simply got greedy. Once, they sold us cable as a great new way to get static-free TV with no ads. Now people pay over a hundred bucks a month for the same thing they used to get over the air (admittedly with more channels), and have to pay even more for premium channels that really don't have ads - Except, even those have started pushing the definition of "no ads". The internet did just fine back when it functioned as nothing but a pipe to your door, and everyone could attach whatever services to their end of the pipe they wanted.

Personally, I think the big shift really happened when ISPs started to ban "servers", basically reducing the network back to nothing more than one more way to reach consumers. As long as everyone and their brother could host whatever the hell they wanted, advertisers really had to bust their balls to reach more than a handful of people online; once people started accepting the internet as a set of places you go to get content, rather than a (albeit "Wild-West"-like) community in which you participate, the internet became nothing more than another 50k TV channels, complete with ads.

So I, for one, welcome the growth of darknets. It means We The People, rather than our corporate overlords, can once again decide what we allow on our network. If Hollywood and Madison Avenue, and even the government, doesn't like that - No problem, they can consider themselves not invited to my party.

Re:What a surprise

[thereitis]

The only way the governments are going to monitor this is if they crack every possible key, and/or get that quantum computer thing going.

The spammers will be all over this in due time: install a trojan onto people's computers that looks for darknets and start automatically sharing malware and/or adding the spammer's account to the list of trusted friends. If the spammers can do it, the government/big business can do it.

Re:What a surprise

[Anthony+Mouse]

Except that...no, not really. Google wouldn't actually know anything more than your ISP (or the NSA) would know by monitoring your traffic, namely, who your friends are but not what you're sharing with them.

Re:What a surprise

[pla]

Compared to how much content there is now it can hardly be said to have thrived during that time except by the most disingenuous of arguers.

"Fatter" does not mean "healthier".

Even a decade ago, I could find just about anything I wanted online - Key word there, "wanted". Source code snippets? Porn? Music? Movies (albeit of lower quality due to bandwidth constraints)? Slashdot? Magazine scans? How-Tos on anything from home repair to bomb making? Game guides and reviews by players rather than publisher shills? Check, check, checkitty-check.

Today, I can find terabytes worth of narcissists finding ever more bandwidth-hungry ways to tell me about their awesomeness. I can find all the Major Media talking heads doing the exact same thing that led a generation to completely ignore them in the first place, back when they did their thing for free over-the-air. I can find a million people who want to either sell me something, or just plain sell me. And the stuff I actually want? Well, technically still there, but the signal-to-noise ratio goes down with every passing year.

So yes, call me disingenuous if you must, but the internet today does not strike me as "thriving", despite its girth; quite the opposite, we have to constantly fight both corporations and governments to keep it in a form at least vaguely useful to us and prevent it from degenerating into just one more old-school push-media advertising/propaganda vehicle. The internet has degenerated into a 300Lbs middle-aged white guy huffing and puffing after climbing a flight of stairs.

But hey, I could always start a vlog to complain about it, right?

Re:What a surprise

[Opportunist]

Don't you worry too much. The reason why this isn't going to be the end of the internet is the same that NoScript, AdBlocker and whatnot weren't: Too many people who won't use it.

I don't know about you, but I use adblocker, NoScript and a few tools that disable tracker cookies and whatnot. What would change if I didn't use them? Not that much, actually. I'd just have to wipe my history clean manually and endure longer loading times for banners to load that I don't click at. The change for the ad industry? Generally, zero.

But I'm a minority, and this is why this model works. For every non-cooperative asshat like me that thwarts the attempts of the ad and profiling companies, there's at least a thousand who cooperate, who have a facebook profile filled with all kinds of personal info, who not only have banners displayed but also click them.

Your sky-is-falling prophecy of doom is akin to the cry heard when VCRs were labeled the doom of private TV because (teh horrorz!) people could not only skip ads with them but actually cut them out of shows!

Guess what? 30+ years of VCRs (and now even other, more sophisticated means of time shifting and recording that take a lot of work out of de-ading movies) and private TV is stronger than ever.

Re:What a surprise

[drinkypoo]

we have to constantly fight both corporations and governments to keep it in a form at least vaguely useful to us and prevent it from degenerating into just one more old-school push-media advertising/propaganda vehicle.

Eternal vigilance is the price of freedom, and the venue is irrelevant.

Re:What a surprise

[RyuuzakiTetsuya]

ISPs banned servers because as it turned out, letting customers do so clobbered their infrastructure.

Also, I quite like being able to file my taxes online and watch tv with out having to hit some malware laden death trap.

I agree darknets are great for the reason you describe, being able to go underground is great, but we already decided that anyone can come online and I find it ironic that some geeks are bitching about the fact that some of those people are
Involved in commerce and the government.

Re:What a surprise

[Surt]

If you were on a metered ISP, you'd be getting that discount.

Re:What a surprise

[Spamalope]

Of course we would never ban encryption. That would be unworkable and crazy!

Think of the children though. Criminals are using encryption to target the MPAA - I mean boy bands - wait The Children. That can't be allowed to continue!

Encryption is like lock picking tools. It's only ethical to possess in the hands of the media cartels - I mean professionals. It's use will be restricted to those who pass certification exams and are granted per website permits.

ISPs will be required to block all encrypted traffic, unless the destination is validated by our permit list server.

And that's how they could do it...

Re:What a surprise

[icebike]

The only way the governments are going to monitor this is if they crack every possible key, and/or get that quantum computer thing going.

They don't have to crack every possible key. Google openssl compromise. There is every likelyhood that they already have a backdoor to most encryption standards. Why else would the NSA publish its own blueprint for smartphones and lay out the proposed encryption standards if they didn't already have access to those encrypted streams?

Besides, you assume they would use cracking.
Why would they. There are easier ways.

With a darknet, you have a circle of friends that you trust. Every friend in your trusted network has other trusted friends. By the time the darknet grows enough to be useful there will be some friends of friend of friends that are not so careful and not so trustworthy, and not so cluefull. They will click a link somewhere. Their kids will install some internet game. They will get a piece of malware installed. They will get compromised, then the movies sitting on their computers will be discovered as well as their list of darknet friends, and the jig is up.

In some ways, a darknet is more dangerous to the participants than bittorrents. The level of trust between the participants can serve as a avenue for detection and tracking.

Re:What a surprise

[brit74]

> "Even a decade ago, I could find just about anything I wanted online..."

Really? Because I think the internet kind of sucked a decade ago. Sites were slow. You couldn't find good maps. (Ha! I used to have a city map.) I still had a phone book. Yahoo was one of the best sites available. iTunes, YouTube, Spotify, Pandora didn't exist. Podcasts didn't exist. Neither did most blogs. I don't recall whether or not you could even leave comments a decade ago, but probably not. Wikipedia was launched only 11 years ago (I'm sure it was crappy with virtually no articles only a year after startup).

Your whole post looks like a knee-jerk attempt to prove your original assertion about the internet going downhill thanks to business.

Re:What a surprise

[RyuuzakiTetsuya]

I've worked for two ISPs.

No. This isn't about raw bandwidth. This is also about the supporting infrastructure.

It makes no sense to try to support edge use cases. It also makes no sense to let a handful of users take down service because some person wanted to run a torrent tracker.

Yes there's an oversell, but no, it's not as bad as you think.

Re:What a surprise

[icebike]

If the NSA can do it, the FBI can do it, and we all know who's pocket the FBI is in.

TLAs never have to explain the means, they just need to show what was transferred to whom, when. Often, they don't even need a warrant, but if they compromise one member of a darknet, getting warrants on the other members will be easy.

Seriously, its naive to believe that most modern national governments are incapable of this.

Re:What a surprise

[Pseudonym+Authority]

If the NSA can do it, the FBI can do it, and we all know who's pocket the FBI is in.

I do not believe that that is the case. The NSA is staffed by the best and brightest that money can buy, with the computing power to match. The FBI, as a primarily civilian operation, has much less powerful toys and is staffed by glorified cops.

Disregarding that, there is no way that the NSA would risk giving away their best spying tools for spying, just to fight copyright infringement. That would be absurdly risky. All the governments would change their cyphers if they found out and it's probably 10000x more likely for the FBI to leak it than the NSA.

Re:What a surprise

[Man+Eating+Duck]

I've worked for two ISPs.

No. This isn't about raw bandwidth. This is also about the supporting infrastructure.

It makes no sense to try to support edge use cases. It also makes no sense to let a handful of users take down service because some person wanted to run a torrent tracker.

Yes there's an oversell, but no, it's not as bad as you think.

That is completely irrelevant. Selling a service you know you won't provide is fraud. I live in a country with strong customer protection laws, the first ISP to try to pull the "secret limits" shit that providers do elsewhere would likely get slapped down. Published limits are the norm on mobile connections, and practically do not exist on household broadband.

ISPs have extremely good data about bandwidth usage distribution among customers, and can predict with a high degree of precision what kind of usage a particular service will see. If you, as an ISP, can't provide your customers with the bandwidth you promise, don't sell it. Put a non-secret limit on a cheap connection, and sell a premium service which supports 500GB/month or whatever. Or accept that a percentage of your customers will use far more than average, and provide for it (that's what they do here). What you don't do here is advertise "unlimited" service and start whining if a few people use it, as you perfectly well knew they would.

Saying that the poor ISPs HAVE to punish a percentage of "offenders" among the customers that buy their service is BS. ISPs who pull that stunt are ripping off some of their customers, and they know fully well that they do. Supporting edge cases makes no sense? WT flying F? It makes perfect sense businesswise to tinker with the meters on your gas pumps in order to pump less gas for the same price if you run a gas station, it's also fraud. Sorry, but these policies and their apologists just tick me off.

Re:What a surprise

[sjames]

Fortunately, the required level of trust is limited. You need only trust that the person isn't "the man".

Re:What a surprise

[JoeMerchant]

You make it sound like you're some brave freedom fighter struggling in deadly secret against a brutal oppressor. You're not, you're just another kid downloading films they can't be bothered to pay for.

Funny thing is, the same principles apply - and with $100K+ lawsuits flying around like V2 terror rockets in the blitz, literally destroying the families they hit, I'd expect a deadly secret response from the targets. Sure, they could just watch the movies they pay for, but why? What else do they really have to do with their time?

It's a sort of insurgency training for youth, like Army of One and so many other video games are military training and recruiting tools. If I were King, I'd try to restructure the system so that we don't end up training a generation of kids in methods useful for overthrowing the establishment...

Re:What a surprise

[AmiMoJo]

RetroShare allows your friends to see what you are downloading. Let's face it, a lot of P2P traffic is porn, and I don't think many people would want their friends seeing that particular list of files.

Perfect Dark makes it impossible for anyone to determine which files you are downloading or which you have on your HDD. No-one can tell the source, destination or content of encrypted data flowing over the network, or who has what, or who is connected to who, or associate message board posts with peers or IP addresses... And sure enough the mass lawsuits we see in the west don't happen in Japan, because they can't.

The only reason Japan was able to do this and we were not is because Japan had much faster internet connections. At a time when broadband was first becoming available and 10k/sec upload speeds were massive the absolute minimum allowed by Winny (predecessor of Share, the predecessor of Perfect Dark) was 50k/sec. Bittorrent works when there are a few very fast seeds, but darknets need lots of fast peers or they grind to a halt.

Does it depend on DNS?

[jdogalt]

A true darknet would not depend on traditiona DNS (root servers). I can't immediately tell from their FAQ if their methods are entirely independent of DNS.

Re:Does it depend on DNS?

[jon3k]

Not necessarily.

Freenet

[tudza]

Freenet has been around that long hasn't it?

Re:Freenet

[SuricouRaven]

Freenet is the most paranoid of the networks, which in turn means also the slowest performing. It's just really, really, slow. On the upside, I doubt the combined efforts of the US and Chinese governments could track down a user on Freenet through the network - it's that hard to trace. They'd have to rely on the human factor - maybe send him a unique link to a story on a news site, then take the logs and grep to see which IP requested it.

Not very anonymous

Verifiability via PGP vs Anonymity: of course you can't have it both ways -- that's how PGP works. From the project FAQ http://retroshare.sourceforge.net/wiki/index.php/Frequently_Asked_Questions#Is_RetroShare_anonymous.3F

        Is RetroShare anonymous?

        RetroShare is partly anonymous. There are anonymous forums and channels where no one can tell who posted something and you can download files from people your are not connected to anonymously, using anonymous tunnels. However the people you are connected to, know who you are and know your IP address. They can also see which files you are sharing, unless you mark them as not browsable. No one else on the network can see this information.

        The friends of your peers also know of your existence, and can attempt to connect to you through the Auto-Discovery system, but they can't connect to you unless you add them as friends.

Re:Not very anonymous

[Jane+Q.+Public]

OneSwarm, from the University of Washington, addresses this issue. You can join any number of private networks or set up an arbitrary number of your own. And in that sense it is not completely anonymous, in the same way that RetroShare is not fully anonymous. But with OneSwarm, it is impossible to tell where the [pieces of] files reside on the network, or what nodes the files go through when you download. So while joining the network might not be completely anonymous, sharing files is.

Re:Not very anonymous

[Vintermann]

Problem is, there are a thousand and one different schemes like these, from freenet to gnunet to oneswarm to - whatever this thing was called. And you need to know a good deal about cryptography to figure out which ones are safe, and a good deal about social dynamics on the net to know which one is actually going to get used for anything you're interested in. And you need friends who use it (in most cases).

The fragmentation is killing these efforts. The "connect only to friends"-model is hard enough to get to work in practice, without umpteen different incompatible implementations trying it.

"Goes through a trusted friend"?

[sirwired]

"...files that are downloaded from strangers always go through a trusted friend."

Doesn't that just make the "friend" instantly liable for contributory infringement? It's going to be hard (impossible)? for the "friend" to qualify for "common carrier" status, which could provide a safe harbor against an infringement suit.

It's true that this setup appears to be resistant to monitoring by outsiders, but keeping the people you don't want as members out of your online network is difficult, to say the least. It's certainly more work than busting up torrenters, but it's not exactly a difficult barrier either.

And, if I'm providing files, I want files downloaded TO strangers to go through one of my trusted friends (of course, that friend is going to have the contributory infringement problems I suggested earlier.) I don't give a *bleep!* about the downloader covering his tracks, (And when has the xxAA gone after downloaders? Don't they always go after uploaders?) I'm more worried about mine.

Re:"Goes through a trusted friend"?

[Jane+Q.+Public]

Repeat of what I replied to someone else above: OneSwarm is a darknet-capable file sharing client (it is also compatible with regular P2P networks), that addresses this issue. OneSwarm is designed such that once a file is put on the network, it is impossible to tell exactly where the file (or pieces of the file) are hosted, and it is equally impossible to tell what nodes they go through to get to you.

So actual transfer of files is indeed anonymous.

Re:"Goes through a trusted friend"?

Doesn't that just make the "friend" instantly liable for contributory infringement?

Yes, but that isn't a problem.

The entire point of a invite only method is to make sure that everyone invloved is trusted. The problem with many systems like that is that when it grows too big it becomes easier for soeone of the RIAA to be "a friend of a friend" and get access to the whole network that way.

By only allowing the users to get access to the network through the "close firends" a member of the RIAA that gets access to the network can only monitor the firend that invited him/her. This means that you only have to trust the ones you invite and don't have to worry about them later inviting som random stranger they met on the internet.

Re:Virtually impossible to monitor by outsiders?

[Nursie]

Yeah, it's the most overrated book in geekdom, IMHO. Don't understand all the love it gets around here.

It read like Doctorow was whcking off under the table with his free hand while he typed it with the other. The main character was a mary-sue par excellence an, well, I just didn't think it was that good.

Traffic is still tracable

[Alain+Williams]

If you are being monitored the police/... can still see who you are talking to even if they can't understand what you are saying. OK: if messages are routed through a friend to some other ''accomplice'' it makes things a bit harder for them, but most private networks like this will not have huge numbers of people on them. Also you can learn a lot just by studying the timings of packets (eg: a packet from A to B is often followed by a similarly sized packet from B to C, it looks as if A is talking to C).

Re:Traffic is still tracable

[Kjella]

Yes, there are much stronger anonymous designs but the downsides are equally high. I'd call several of these recent designs "anonymous light", good enough that the MAFIAA can't just hook up and collect IPs but not good enough if you have the FBI, NSA or anything like that after you. Personally I don't like this design exactly because what if one of those I trust download something nasty? They'll come to me. I'd much rather see a design that affords some plausible deniability, that no it wasn't me it must have been one of the other nodes in the network, downloading through me.

Re:Traffic is still tracable

[betterunixthanunix]

if messages are routed through a friend to some other ''accomplice'' it makes things a bit harder for them, but most private networks like this will not have huge numbers of people on them

That depends on your definition of "huge numbers of people" -- Tor certainly has a lot of nodes, although Tor is not the most robust anonymity system out there (Mixmaster is much more robust, but has about 20 nodes).

Also you can learn a lot just by studying the timings of packets

Assuming that your system is based on anonymizing sockets as opposed to email messages, file transfers, etc. The most popular anonymity systems -- proxy servers, Tor -- are based on anonymizing sockets, which is why those systems are popular, but there are other systems that are more resilient to passive eavesdropping even against a global adversary. Mixmaster is an example, although it would be very difficult to transfer a large file through Mixmaster.

(eg: a packet from A to B is often followed by a similarly sized packet from B to C, it looks as if A is talking to C).

That is an easy attack to defend against; you do not even need a dedicated system. Send an encrypted message to alt.anonymous.messages, and have the receiver download all the messages that are sent to that newsgroup. The receiver's privacy is protected in one of the strongest ways possible; assuming that there is more than one person downloading the messages (which is certainly true right now), no information about the receiver's identity will be leaked. This technique will still leak information about the amount of data being sent by the sender, but that can be mitigated by sending cover traffic that is not part of the payload. It is not the most scalable system, but it certainly defeats the attack you described.

Luckily, there are more scalable approaches. The problem with the Usenet approach is that every single party must receive all messages and cover traffic. Imagine a network in which each node connects to 100 other nodes, and exchanges messages with those nodes; messages may or may not be cover traffic, but must first be forwarded to yet another node. A node could then choose to forward cover traffic or to replace it with part of a message, which helps to obscure how much data the sender is sending; the receiver and the sender agree on some subset of nodes to connect through, but never directly connecting to each other (similar to Tor's hidden services architecture, or the use of pseudonymous remailers in the remailer system).

Really though, these highly robust systems are overkill for the majority of users. The anonymity provided by Tor is more than enough for a typical file sharer -- the only potential global eavesdroppers (intelligence services of major world powers) are not interested in copyright infringement (thank God) or even more serious crimes (child pornography, murder plots, etc.). The problems with using Tor in this manner are:

1. Storage servers are required; there is no way a popular file sharing site would remain undetected even if it were deployed as a hidden service. It would require too many resources to run, and eavesdropping would not even be necessary to narrow down the targets.
2. Bandwidth is too limited; it would take days to download an HD movie over Tor, which is even less convenient than going to the nearest video store to buy it legally.

If these problems can be solved, and if the system remains easy to use, it will take the downloading/copyright lobbyist battle to an entirely new level (one which will inevitably result in a technical victory for downloaders and multiple new rights-attacking laws to counter downloading activity; unfortunately, copyright enforcement will probably win over any argument about Chinese dissidents sharing videos of police crackdowns).

Re:Traffic is still tracable

[Kjella]

The problems with using Tor in this manner are:

Storage servers are required; there is no way a popular file sharing site would remain undetected even if it were deployed as a hidden service. It would require too many resources to run, and eavesdropping would not even be necessary to narrow down the targets.
Bandwidth is too limited; it would take days to download an HD movie over Tor, which is even less convenient than going to the nearest video store to buy it legally.

Personally I'm surprised that nobody has come up with an application that basically merges what TOR and Freenet does into one. A distributed storage would provide both the capacity and the upload bandwidth, while freeing up resources from onion sites. The network bandwidth is actually not that bad, I've had files run at 200 kB/s when connected to a high-speed site in the normal web. Of course if people did that in volume the exit nodes would choke and die, but the network itself is rather capable if you could move the files on the inside.

Re:disadvange.

[jamesh]

It's the first time I've ever seen any attempt at copyright protection that didn't resulted in worse outcome for their customers! For example...

. Funny sectors on floppy disks. Legitimate users can't make backup copies, pirates (with the copy protection removed) can make all the copies they want.
. "Find the nth word in the nth paragraph on the nth page of the manual". Legitimate users have to dig up the manual every time they want to play a game, while pirates (with the copy protection removed) can play any time they want without such annoyances
. Parallel port dongles. Legitimate users have to muck around with parallel port dongles that interfere with their printer. Pirates don't.
. Funny sectors on CDROM's. As per floppy disks, but it turns out that some CDROM drives couldn't play the games at all (RA2? or was it C&C2?). Pirates have no such problems
. Phone home via internet every time you want to play?... you see where this is going

It seems like every time the software industry introduces a new copy protection scheme, it really only annoys their paying customers. It doesn't hinder the pirates one little bit.

But it is still way faster than going to a real store, buying it and playing it. Especially if you are on a budget.

But on the other hand now it seems that the software industry has put enough pressure on the illegal file sharers that doing it that way is harder, or at least slower than it was. If the software industry allowed you to download the game direct from them for a reasonable price, they might be in with a chance. We all know they'll still continue to screw it up though.

Not the answer

[wormout]

Private darknets are a step backwards, IMO. At the one end you could have a large number of small networks between people who trust each other very well, but are limited in the size of the shared pool of material. At the other end you have less trusted large networks with a more material, but still nowhere near as large the entire internet, thus you would often not be able to find what you want. And the larger a network is, the less you are likely to trust everyone on it and the more vulnerable it is to infiltration. Even a small network could be compromised by someone who decided to betray all of their 'friends' (not necessarily out of malice).

'Breaking into the scene' of private darknets is diffcult for anyone who doesn't have pre-existing, probably real-world contacts (much like having ready access to good drugs, it might be easy for kids in a college environment, not so much for your average person). And at the end of the day, if you are going to limit your file sharing activities with a few people you know, you might as well just use email.

For a true culture of free information exchange, we need to look to systems that anyone with a connection and the right software can access and preferably search. This is far more technically challenging, and due to the measures taken to preserve anonymity, usually less convenient than what we are currently used to. But this will improve in due course. Tor, Freenet, I2P and others like them are the future, not walled gardens.

Re:Not the answer

[wormout]

Yup, because there's no such thing as multi volume rar archives.. OK, flippancy aside, the main point I was making is that if you're going to share files with only a small number of people there's not much need for new technologies, any number of existing ones that can support some form of encryption will do just as well.

Re:disadvange.

[sortius_nod]

But on the other hand now it seems that the software industry has put enough pressure on the illegal file sharers that doing it that way is harder, or at least slower than it was.

This is a myth being propagated by MPAA & RIAA. As someone who's been around since the days of Hotline & IRC sharing, if anything, it's easier these days than before. Torrents are fast & there's not much you can't get from ISOHunt or TPB or the likes.

Re:disadvange.

[SuricouRaven]

The serial-auth on ut2k4 was *almost* able to function with no negative effects for legitimate customers. Almost. There was but one flaw: The demand for legitimate serials for pirate use grew so great that some people wrote trojans for the express purpose of stealing the serials from those who actually purchased the game, resulting in the banning of many legal users after their serials were taken.

Re:Virtually impossible to monitor by outsiders?

[SuricouRaven]

I've never read it, but there is a class of books where characterisation is severely neglected yet the book is still good because it shows an excellent setting. The characters are really just a narrative tour guide.

Retroshare still requires a central server

[macraig]

Retroshare itself may not require any centralized resource at all, but... how do you find like-minded friends in the first place and establish a web of trust? You're going to need a centralized forum/chatroom, aren't you, where you can meet people and identify those with common interests and focus? Retroshare simply shifts the focus of the centralized resource from the actual sharing of data to the social aspect of creating and maintaining that web of trust.

And apparently all it would take, as hinted by someone else here, is one traitorous bastard in your web of trust to lay the whole thing out bare for the exploitation by others with selfish motives.

Re:disadvange.

[hairyfeet]

Try a media tank like the WDTV or an NBox HD and your wife will change her tune REAL quick friend. Having ALL the movies and shows she likes at a press of a button, no messing around with discs? Priceless. This is why the current MPAA crap is so pathetic, as its holding back innovation. there is no damned reason why i shouldn't be able to just hop on Amazon and whip out a CC and get an .avi or .mkv file of whatever show or movie i just bought other than sheer stupidity. does it in ANY way hinder the pirates? Fuck no, they have the movie or show at release if not before in their choice of formats. Look at any torrent or emule search engine and you can have your choice in .avi or .mkv in every popular resolution from standard 700Mb DVD rips all the way up to 8Gb+ Bluray HD rips, no hassle. All you can get legit is a big pile o' DRM suck that makes you jump through hoops and won't work on a single media tank short of a full blown HTPC.

So trust me friend, try a media tank. To get your feet wet on the cheap I'd suggest an NBox HD (less than $60 most places) along with a 200Gb SATA or IDE drive with a $5 enclosure (If you're like most geeks you have some drives lying around and the enclosure is less than $10) and hook it up to the TV in the bedroom or den and watch how quickly she warms to having it all at her fingertips. Makes a great gift for older relatives too,and for those with kids they are a Godsend as you don't have to worry about little Suzy scratching her favorite Dora disc anymore.

Advantages and disadvantages

[AliasMarlowe]

I actually prefer store bought media material - known format, quality assurance & convenience. It takes me less time to find it in the store (hell even ask the staff) to get it than trawl through spam, traps, seo bullshit & so on. However availability is an issue - 'net has almost everything, stores not so much. Unless you want to order and wait, even then.

This availability factor can be a great annoyance. I discovered several years ago that the Dreaded P.D.Q. Bach Collection [*] was not available from any store in Finland, and that furthermore the stores within reach said they could not even order it. I ended up ordering it from Amazon UK, which involved waiting weeks and paying their shipping fees.

[*] I use the third movement of the Pervertimento for bagpipe, bicycle, and balloons from disk 2 as the primary ringtone on my phone. The third movement is mostly bagpipe and string quartet, and is rather attention-getting, in its own way.

Also the WAF (wife acceptance factor) who very much likes dropping the disk in the home cinema drive and doesn't like computers.

All of our CDs and BDs and most of our DVDs have been ripped to the media server. It's even easier to use than dropping disks in the home theater.

Re:Advantages and disadvantages

[BLKMGK]

Okay, I've been asked about this a few times. I'm also pretty long winded when it comes to describing it and I'm a bit of an evangelist on some of the software I use. So, rather than pouring out a description here again about how I do things I wrote a journal entry about it so that the discussion can occur out of this thread :-)

http://slashdot.org/journal/279035

Feel free to comment away or make suggestions. What I have works for me, it may not work for others. It suits my particular needs well though and I'm fairly picky when it comes to media playback I think :-)

Web of trust can't work for something like this

[DarkOx]

Web of trust models will only work where there is an incentive to keep people out of the network. In the P2P world its just exactly the opposite. Users want as many other users on the network as possible because it speeds up their transfers and increases the amount of available content. You could use web of trust for something like e-mail where users generally want to prevent spoofs, scams, and spam.

I realize that users of P2P networks want to keep *some* people (FBI,Secret Service,DOJ,Interpol,[M,R]P?IAA employees ) off but for the most part they want users on. The next problem is you have the lowest common denominator issues. Again you want it to be simple enough that everyone and anyone can use it so you have content selection but that also means you get the same idiots who are still providing the account and routing numbers to 419 spammers. All mister federal agent needs to is promise to upload tons of free porn and John HighSchool is going to cross sign his PGP key.

Source Verification

[sociocapitalist]

At a glance, I don't see any hashes to validate the source files that are being downloaded.

If I were the Feds (of any country) or anyone who wants to inject malware (ie the recent Anonymous trojan), I'd replace the installers or redirect when people go to get source files or updates.

Encryption to be regulated

There are countries (France, afaiu) where encryption is illegal without a "licence".

So while many comments here say you simply can't ban encryption without banning safe commerce, that's not so true. The government simply makes using encryption require a license and said commerce sites get a license and commerce and advertising continues. Joe Average User doesn't get a license, and when he does use encryption (with another unlicensed party), they go to jail.

The one sticking point that I have never understood about such a situation though is that the government must also ban sending "garbage/random data" between two parties, otherwise how does it determine when two parties are using encryption and when they are just catting /dev/random to each other?

Re:Encryption to be regulated

[betterunixthanunix]

otherwise how does it determine when two parties are using encryption and when they are just catting /dev/random to each other?

People do not generally do that. We already have a communication system in the US where encryption is banned entirely: the amateur radio service. Nobody is trying to send noise to anyone else over the air, and people are generally willing to live without encryption on that service (even when they are speaking with their spouse -- there is simply no expectation of privacy). As far as I know, nobody has ever tried to claim that they were just sending a bunch of randomness to another person (it would probably not stand up long in court -- there are few reasons for doing such a thing).

The idea that ciphertext should be indistinguishable from random data is not meant to imply that you are trying to pretend that you are sending random data to someone. There are uses of block ciphers that require the output of the cipher to be indistinguishable from uniform random samples of data. At a more theoretical level, if ciphertexts are indistinguishable from uniform random samples even when you know the plaintext, then it is the case that an eavesdropper will have a hard time determining if two ciphertexts encrypt the same message (or even more theoretically, which message a particular ciphertext encodes). This is just a way to model the security of a cipher, so that cryptography is not just a matter of guesswork or instincts about complexity -- it is a way to evaluate the security of a cipher, without necessarily knowing what possible attacks an adversary might try (to some degree; new methods of distinguishing ciphertext from random data may be discovered, and may threaten the security of block ciphers).

It is actually pretty rare for people to send ciphertexts that are indistinguishable from random data; there are headers, handshakes, and various protocol elements that quickly reveal that you are using cryptography. It may also be the case that the ciphertexts themselves can be distinguished from random bit strings, but that if you are restricted to some subset of bit strings the ciphertexts appear to be randomly sampled from that subset (this could be the case with a public key cryptosystem; perhaps the ciphertexts will always contain a substring that is less than some public parameter, e.g. because the ciphertexts are elements of the integers modulo N). It is probably going to be pretty hard to hide the fact that you are using encryption, except in very simple cases (a file sitting on your disc). If you need to hide the fact that you are hiding a message, you need to look at steganography, not cryptography.

Re:Encryption to be regulated

[Jedi+Alec]

For the record, a 5-second Google search reveals that these laws were mostly revoked in France in 1999.

Speaking from personal experience, any encrypted protocols an end-user might want to use are fully available.

Re:disadvange.

This is a myth being propagated by MPAA & RIAA. As someone who's been around since the days of Hotline & IRC sharing, if anything, it's easier these days than before. Torrents are fast & there's not much you can't get from ISOHunt or TPB or the likes.

Pretty much this. I've been trading files online since years before even Napster was around, and it has never been easier than it is today. Hell, with our download speeds, we're getting close to instant gratification. Any reasonably popular album can be had in under a minute. You can pull down whole discographies in the time it took to download a single song 10 years ago. There are cams of any major movie online within hours of it's premier; blu-ray rips are out by street date, if not even sooner. Software is cracked before it even hits the streets...

There's just nothing that the MAFIAA can do to stop it. File sharing is a modern-day hydra, cut one head off, two grow in it's place, and short of monitoring everyone 24/7, which costs orders of magnitude more than the alleged "profits" they're "losing", they're never going to be able to keep up with it.

Never heard of it......

[BLKMGK]

Having never heard of this software before and hearing about it now I'm betting that usage is again about to shoot up! :-)

The "content providers" really need to get a clue. this comic says it all IMO -> http://theoatmeal.com/comics/game_of_thrones

They make it ever harder to get content and then wonder why people are sharing more and more. I have pretty much ceased downloading MP3 because I can easily and cheaply get them from Amazon. I have pretty much ceased BUYING E-books because publishers jacked prices through the roof and I can download them in SECONDS. I download and save TV shows for later viewing often even though I have a couple of TiVO and record many of the same shows. That saves me the EFFORT of pulling them off my TiVO, editing them, compressing them, and copying them. If the transaction is easy ala Amazon's MP3 (which even copy to cloud storage!) then the sales will come. Perhaps it won't be at the astronomical prices these idiots dream of but it sure beats a lost sale doesn't it? Their idea is to bottle things up such that everyone is FORCED into their business model - I'm sorry but that's not going to ever happen. Make the transaction friction-less, have an extensive easy to use catalog, and make it cheap enough I'll buy it like some throwaway app in an app store and "content" will sell like hotcakes.

Now then, I'm off to download and check out this new program. It will sure beat having folks over with portable drives for swap parties or participating in huge Torrent clouds!

Keep reading...

[sirwired]

Congratulations, you found the Safe Harbor provisions. However, if you want to claim "Service Provider" status, that same section (subsection (h)) also authorizes copyright holders to completely pick apart your "service" via subpoena and allow the xxAA to implement "infringement finding" tools on your "service" upon request.

Oh, and if you forgot to warn all your users that they could be cut off for repeated infringement, you aren't protected at all. That's right, if you failed to get your friends to agree to a TOS, you've waived your protections.

Re:disadvange.

[BLKMGK]

http://theoatmeal.com/comics/game_of_thrones

I could have GoT on my drive in minutes if I really wanted it - in HD would take a bit longer. I have at least two sources I could go through and neither of them would shower me with spam or anything else unseamly. Sure, I won't get the DVD extras but I seldom watch those. When I rip a BD I do save off the director's sound track though and if it was a DVD I store it lock stock and menu which my front-end plays without flinching. I can peruse tons and tons of media without getting off the couch. I can stream it to my portable devices anywhere, and I can stream media from my portable devices to my TV.

Do I still prefer store bought media? Yup, I prefer it because I process the video myself with my settings for the best picture. I then throw it in a box in my storage space never to see it again unless someone wishes to borrow it. why in this world have that stuff out where thieves can see it and where I must pore through it looking for it when I want to watch it? Even binders didn't work well for me, I'm way happier with everything ripped and ready to go!

Isn't this smiliar to

[future+assassin]

what WASTE does? http://en.wikipedia.org/wiki/WASTE