Examing one's hard disk should tell the police nothing useful, since if the file was requested through your computer then they already know that it may have been cached. They wouldn't find anything that could add to the evidence against you.
Umm, if you did download the file, then you saved it somewhere, viewed it in your webbrowser, streamed it to a media player, or something. These things will show up on your harddisk. If people are actually using Freenet to download files on mass (as they do with file sharing tools today) then they will have a library of warez.
None of this is Freenet's fault, of course, but it does serve to illustrate that in most cases, the possible deniability will mean very little.
Frost's flooding isn't compensating for Freenet's routing, it is due to the fact that Frost must poll Freenet to find newly inserted messages. Even if Freenet's routing was perfect, Frost would still need to do this.
That an abusive application can bring the network to it's knees the way Frost has, is what I mean when I say that there are problems with the whole concept. The Freenet network is one big "tragedy of the commons".
Actually, just the size of the piece of content you are retreiving is very likely to tield enough information to identify exactly who retreived it, I'm afraid.
Pieces of data in Freenet are padded to the nearest exponent of two, so this particular attack would be pretty difficult.
What about someone whose life is important to other people -- i.e., the head of a large family who relies on him for income?
Child neglect can take many forms, and is completely independent of whether drug use is involved. If "large family" you are talking about consists of the persons own children, then he should be prosecuted regardless of whether the children suffered because he did drugs, or because he gave all his money to charity.
If the "large family" are not his children, then they are moochers with an entitlement complex and ought to make a living for themselves.
It isn't just probably, it is more than likely on the balance of probabilities. Given this - it is very unlikely that any sane court system could hold you liable.
That depends. If the HTL on the request is high, or exactly one below the default start value, then the probability is very high that it was you. Maybe not enough for a court conviction, but enough to get a warrant to take your computer away, and find the files in question on your harddisk (unless encrypt your entire harddisk (and swap file!) using hard crypto with a strong key)).
Also, the plausible deniability at the other end doesn't work at all. Using timing analysis, it is very easy to see whether a node contained the data previous to your request or not.
Wow - so if Freenet doesn't work then the conversation I am having on Frost right now about this very issue must be a figment of my imagination.
Since I spent three years and countless hours of my life working on freenet, I would certainly like to believe that it does work. However, Frost "works" by flooding Freenet to try to compensate for the lousy routing which, in an evil circle, is partially caused by overloaded nodes. That model is not sustainable and destroys the whole point with freenet (it was supposed to scale well).
Frost, to my mind, is more evidence that Freenet, even as a concept, doesn't work, than that it does. But maybe I am just a pesimist. I certainly hope that things will work out...
This is a complicated issue without a clear answer.
If you want to be theoretical, then yes, Freenet does not provide anywhere near "absolute" anonymity. In fact, it doesn't even provide the level of anonymity that is used when judging such things as anonymous remailers or mixnets.
Basically, Freenet purports to be "anonymous" because you files do not recide on the computer of the person who uploaded them, and because all downloads and uploads are chained and tunneled through each host involved in the transfer. That means that the host you download a Freenet document from just knows it got it from some other node, which got it from some other node, which got it through some other node, all the way back to the person who uploaded it. It certainly makes tracking the people upload and download things more difficult then on networks like Kazaa (where it is, as we have seen, trivial) but in theory, and with enough resources, it is of course not impossible.
It should be noted what Freenet does NOT provide however. Freenet does do what the serious mixnets reffer to as "Onion routing", which basically means that the message is wrapped in an onion of cryptographic layers, which are pealed off at every step. The idea behind this is only the very last node can see contents of the message, and only the first knows it came from you (and none of the other nodes know anything except where the message came from and where it went).
If you request something from Freenet, your node will call up another node and ask it for that file - if that node is controlled by the Feds then you are busted. It is argued that there is plausible deniability, because it is possible that your node was not downloading the file because you asked for it, but simply forwarding it for somebody else. Given the state of the judicial process at the moment, I'm not terribly optimistic about this defense.
Freenet also doesn't protect (at least not very well) against traffic and timing analysis, allowing one to track down the author of something using the timing and amount of encrypted traffic that nodes exchange. I don't know of any case of traffic analysis having been used (except maybe on the NSA hyper-spook level), but it isn't impossible.
Another thing that Freenet does not "anonymise", and this is the most important IMO, is that you are running a node in the first place. Your Freenet node has to be public, so the feds could definitely "fish" the network for node addresses and start busting those who run them. Again there is an argument of deniability: you don't actually know what is in your nodes cache because it is encrypted, but again I don't have a lot of faith in this defense when the prosecutor will argue that you knowning acted in bad faith.
Regarding Winny, however, I think I agree with Ian. It seems doubtful that Winny works in the same manner as freenet, for the simple reason that Winny works, and well, freenet, umm, doesn't. Any time you try to put anonymity into something, useability IS going to take a hit, because trying to spread and bounce traffic necessarily hits performance. I have a very hard time believing that Japans most popular P2P network could be based on tunneling everything - purely for performance reasons.
(I have to run, so forgive typos and pitiful spelling errors.)
You aren't quoting the Microsoft representative, but one of Palladium's detractors. I made the same mistake when I first read it, and though: "Wow, I have never heard anyone from MS be this lucid and honest about palladium."
Not sure if you would consider this as DRM but CD-key which are verified online such as HalfLife or Quake3 are pretty succesful.
Not that I share the grandparents optimism, but this isn't DRM. What it has done is basically changed from charging for a copy of the game, to charging for being able to connect to online game servers (you don't need DRM to charge for accounts).
Of course, it only works because the server operators play along. If I were a server operator, I would think if I'm controlling that players are paying for accounts, then I should have some of the money - but that is just me...
You'll notice that Stallman uses the term as "Digital Restrictions Management" in his essay. Stallman is, as we all know too well, pretty obsessed with what the choice of word conveys.
Otherwise, I thought that using the term "User Hostile Software" was a pretty good term for the whole thing. This describes exactly what seperates DRM, Palladium, TC, FairPlay etc from previous software. Or maybe FUCKware (where FUCK stands for "Futile Unnecessary Control Keeping").
This is an issue with the webserver, not the client. It is the webserver that translates the extension into a mime type, which the browser uses to determine the application.
My apache mime.type lists both "application/x-redhat-package-manager" and "audio/x-pn-realaudio-plugin" for rpm, but OTOH:
Since when do you need a college degree to hammer a nail.
Since when do you need a college degree to write code?
People need to get away from the delusion that anything that requires writing code should be done by somebody with a four year computer science degree. A website is a equivalent of a wall, not a fine arts center.
My system used to lock hard after a random amount of time when I used a Firewire drive (my ipod) in 2.4.20, but going to 2.4.21 fixed it (the system still locks suddenly, but now the lock releases after 2-10 seconds and everything comes back).
I didn't want to get into a discussion about this, so I thought I could grant the "US is just as bad as China" delusion brigade that much. I don't know if they have been mistreated: I think that the US could probably have followed the spirit of the Geneva convention better, but on the other hand it probably isn't as bad as some politically motivated agitators make it out to be.
According to the posting: She... posted messages in Internet chatrooms calling for the release of online dissidents.
How many of the "Free Kevin" crowd were arrested and sent to prison for calling for his release?
Mitnick was mistreated and had his crimes exagerated, but he was a criminal who got himself into the situation. The Guantanamo prisoners are mistreated, but they traveled to another country and took up arms fighting for a terrorist regime. This girl did nothing that you and I don't do every day. Could we gain some perspective please!
It seems to me that the only purpose of all this relativism is so that people can feel smug about having it just as bad as the Chinese. You don't. You don't have to worry about what say in public. You can post your feelings about the government all over the Internet without having to worry for a late night knock. You can start or join any political party you want.
The abuses of our governments should not pass silently, but for one second let us consider what it is like to live under a regime that is a thousand times worse. Give this girl and the thousands like her still held without even the senblence of fair process their due. They have showed more courage and sacrifice then any of us will ever be called upon to display.
Are you afraid of being inprisoned because you posted this comment?
There is nothing wrong with pointing out the wrongs of every government, but this type of relativism serves only to belittle the struggle against regimes that are far worse.
It doesn't matter the slightest in this case that the GPL has not been tested in court. Copyright law (which has been tested in court, I assure you) says that you may not distributed other peoples work. The GPL says that you MAY distribute my work, BUT ONLY if you agree to certain conditions.
If the companies in this story were to get the GPL thrown down in court, then the only thing they would achieve is to lose their (and everybody elses) right to distribute the kernel at all. This is the reason that all (*) companies have chosen compliance over going to court.
The only sensible way somebody could want to have the GPL overthrown in court would be for example if somebody who had previously distributed something under the GPL wanted to revoke the license.
(*) Modulo SCO. From the Darl-bots comments, my understanding is he somehow believes he can get the "BUT ONLY" part overthrown but keep the "MAY" part where it is.
And we are supposed to be denied Internet access if we use a router instead of a direct connection.
In order to connect through a router or gateway, that device will need to be "trusted". That device being "trusted" implies that it's software has been authorized to control it's user in the correct fashion. What is to stop them from making it a requirement of such authorization that this router also denies access to "non-trusted" PCs?
Apple's die-hard fans are not going to leave them because they can't play Britney Spears CDs
Apple's die hard fans will eat it up in the same way that the love the DRM they are subjected to today. Hell, one can hardly point out here that ITMS is DRM without getting modded down by the "we love Jobs the Leader" contigent.
Sure, Apple's implementation might leave the user a little more slack, but they have shown with ITMS that they do want to use DRM, and that their users love it. The fact that ITMS has been cracked has got to be a little annoying: when DRM hardware becomes cheap and ubiquitous, why would one expect that they will not want "protect" those tracks a little better?
The DMCA might not have stopped the spread of software that plays DVDs, but it sure has managed to stop the sale of CD-ROMs that ignore the corruption of so called "copy protected" audio CDs. You may have gotten ahold of a mod-chip for your X-Box, but it isn't always easy, and people have gone to jail to distributing them.
Their is a reason this is happening in the BIOS: they know that software circumvention is hard to persecute, but hardware circumvention is easy. Expect some very nasty time ahead...
Slashdot Mirror
"He" is used for non-gender third person in English. Everything I said holds for women to the same extent as men.
I wonder if you know what it means to be 100% anonymous?
Formally, 100% anonymous means that the set of suspects, given the information given, is exactly same as the entire population.
Examing one's hard disk should tell the police nothing useful, since if the file was requested through your computer then they already know that it may have been cached. They wouldn't find anything that could add to the evidence against you.
Umm, if you did download the file, then you saved it somewhere, viewed it in your webbrowser, streamed it to a media player, or something. These things will show up on your harddisk. If people are actually using Freenet to download files on mass (as they do with file sharing tools today) then they will have a library of warez.
None of this is Freenet's fault, of course, but it does serve to illustrate that in most cases, the possible deniability will mean very little.
Frost's flooding isn't compensating for Freenet's routing, it is due to the fact that Frost must poll Freenet to find newly inserted messages. Even if Freenet's routing was perfect, Frost would still need to do this.
That an abusive application can bring the network to it's knees the way Frost has, is what I mean when I say that there are problems with the whole concept. The Freenet network is one big "tragedy of the commons".
Actually, just the size of the piece of content you are retreiving is very likely to tield enough information to identify exactly who retreived it, I'm afraid.
Pieces of data in Freenet are padded to the nearest exponent of two, so this particular attack would be pretty difficult.
What about someone whose life is important to other people -- i.e., the head of a large family who relies on him for income?
Child neglect can take many forms, and is completely independent of whether drug use is involved. If "large family" you are talking about consists of the persons own children, then he should be prosecuted regardless of whether the children suffered because he did drugs, or because he gave all his money to charity.
If the "large family" are not his children, then they are moochers with an entitlement complex and ought to make a living for themselves.
It isn't just probably, it is more than likely on the balance of probabilities. Given this - it is very unlikely that any sane court system could hold you liable.
That depends. If the HTL on the request is high, or exactly one below the default start value, then the probability is very high that it was you. Maybe not enough for a court conviction, but enough to get a warrant to take your computer away, and find the files in question on your harddisk (unless encrypt your entire harddisk (and swap file!) using hard crypto with a strong key)).
Also, the plausible deniability at the other end doesn't work at all. Using timing analysis, it is very easy to see whether a node contained the data previous to your request or not.
Wow - so if Freenet doesn't work then the conversation I am having on Frost right now about this very issue must be a figment of my imagination.
Since I spent three years and countless hours of my life working on freenet, I would certainly like to believe that it does work. However, Frost "works" by flooding Freenet to try to compensate for the lousy routing which, in an evil circle, is partially caused by overloaded nodes. That model is not sustainable and destroys the whole point with freenet (it was supposed to scale well).
Frost, to my mind, is more evidence that Freenet, even as a concept, doesn't work, than that it does. But maybe I am just a pesimist. I certainly hope that things will work out...
Have you ever had to live in a neighborhood destroyed by both the drug pushers and the addicted users?
Where would you rather live, a neighborhood with a liquor store, or one with a Mob run speakeasy and bootlegging operation?
Lots of things are bad, but we don't legislate sensibility. Throwing ones life away is a basic human freedom.
This is a complicated issue without a clear answer.
If you want to be theoretical, then yes, Freenet does not provide anywhere near "absolute" anonymity. In fact, it doesn't even provide the level of anonymity that is used when judging such things as anonymous remailers or mixnets.
Basically, Freenet purports to be "anonymous" because you files do not recide on the computer of the person who uploaded them, and because all downloads and uploads are chained and tunneled through each host involved in the transfer. That means that the host you download a Freenet document from just knows it got it from some other node, which got it from some other node, which got it through some other node, all the way back to the person who uploaded it. It certainly makes tracking the people upload and download things more difficult then on networks like Kazaa (where it is, as we have seen, trivial) but in theory, and with enough resources, it is of course not impossible.
It should be noted what Freenet does NOT provide however. Freenet does do what the serious mixnets reffer to as "Onion routing", which basically means that the message is wrapped in an onion of cryptographic layers, which are pealed off at every step. The idea behind this is only the very last node can see contents of the message, and only the first knows it came from you (and none of the other nodes know anything except where the message came from and where it went).
If you request something from Freenet, your node will call up another node and ask it for that file - if that node is controlled by the Feds then you are busted. It is argued that there is plausible deniability, because it is possible that your node was not downloading the file because you asked for it, but simply forwarding it for somebody else. Given the state of the judicial process at the moment, I'm not terribly optimistic about this defense.
Freenet also doesn't protect (at least not very well) against traffic and timing analysis, allowing one to track down the author of something using the timing and amount of encrypted traffic that nodes exchange. I don't know of any case of traffic analysis having been used (except maybe on the NSA hyper-spook level), but it isn't impossible.
Another thing that Freenet does not "anonymise", and this is the most important IMO, is that you are running a node in the first place. Your Freenet node has to be public, so the feds could definitely "fish" the network for node addresses and start busting those who run them. Again there is an argument of deniability: you don't actually know what is in your nodes cache because it is encrypted, but again I don't have a lot of faith in this defense when the prosecutor will argue that you knowning acted in bad faith.
Regarding Winny, however, I think I agree with Ian. It seems doubtful that Winny works in the same manner as freenet, for the simple reason that Winny works, and well, freenet, umm, doesn't. Any time you try to put anonymity into something, useability IS going to take a hit, because trying to spread and bounce traffic necessarily hits performance. I have a very hard time believing that Japans most popular P2P network could be based on tunneling everything - purely for performance reasons.
(I have to run, so forgive typos and pitiful spelling errors.)
You aren't quoting the Microsoft representative, but one of Palladium's detractors. I made the same mistake when I first read it, and though: "Wow, I have never heard anyone from MS be this lucid and honest about palladium."
I guess I still haven't.
Not sure if you would consider this as DRM but CD-key which are verified online such as HalfLife or Quake3 are pretty succesful.
Not that I share the grandparents optimism, but this isn't DRM. What it has done is basically changed from charging for a copy of the game, to charging for being able to connect to online game servers (you don't need DRM to charge for accounts).
Of course, it only works because the server operators play along. If I were a server operator, I would think if I'm controlling that players are paying for accounts, then I should have some of the money - but that is just me...
You'll notice that Stallman uses the term as "Digital Restrictions Management" in his essay. Stallman is, as we all know too well, pretty obsessed with what the choice of word conveys.
Otherwise, I thought that using the term "User Hostile Software" was a pretty good term for the whole thing. This describes exactly what seperates DRM, Palladium, TC, FairPlay etc from previous software. Or maybe FUCKware (where FUCK stands for "Futile Unnecessary Control Keeping").
Actually it means that people who do not trust your computer configuration can pass data to you and be confident at some level that it is not exposed.
TO YOU. That it is not exposed _to you_.
Why do the MS apologists always leave out those little important words that make all the difference!
MS is not forcing you to connect to the Internet!
This is an issue with the webserver, not the client. It is the webserver that translates the extension into a mime type, which the browser uses to determine the application.
/test.rpm HTTP/1.0\r\n\r\n" | nc localhost 80 ...
My apache mime.type lists both "application/x-redhat-package-manager" and "audio/x-pn-realaudio-plugin" for rpm, but OTOH:
$ echo -e "GET
HTTP/1.1 200 OK
Date: Wed, 03 Dec 2003 00:39:53 GMT
Server: Apache/1.3.29 (Debian GNU/Linux)
Content-Type: audio/x-pn-realaudio-plugin
So it seems that by the default configuration even Apache will claim rpm files are Real Audio. It isn't what realplayer thinks that matters...
Since when do you need a college degree to hammer a nail.
Since when do you need a college degree to write code?
People need to get away from the delusion that anything that requires writing code should be done by somebody with a four year computer science degree. A website is a equivalent of a wall, not a fine arts center.
My system used to lock hard after a random amount of time when I used a Firewire drive (my ipod) in 2.4.20, but going to 2.4.21 fixed it (the system still locks suddenly, but now the lock releases after 2-10 seconds and everything comes back).
So is Kaffe a Java emulator then? Is GCC a C compiler emulator? Is glibc a libc emulator?
WINE is another implementation of the Win16 and Win32 APIs (just not a very functional one). Calling it an emulator is silly.
How are they mistreated? Have any proof of this?
I didn't want to get into a discussion about this, so I thought I could grant the "US is just as bad as China" delusion brigade that much. I don't know if they have been mistreated: I think that the US could probably have followed the spirit of the Geneva convention better, but on the other hand it probably isn't as bad as some politically motivated agitators make it out to be.
According to the posting: She ... posted messages in Internet chatrooms calling for the release of online dissidents.
How many of the "Free Kevin" crowd were arrested and sent to prison for calling for his release?
Mitnick was mistreated and had his crimes exagerated, but he was a criminal who got himself into the situation. The Guantanamo prisoners are mistreated, but they traveled to another country and took up arms fighting for a terrorist regime. This girl did nothing that you and I don't do every day. Could we gain some perspective please!
It seems to me that the only purpose of all this relativism is so that people can feel smug about having it just as bad as the Chinese. You don't. You don't have to worry about what say in public. You can post your feelings about the government all over the Internet without having to worry for a late night knock. You can start or join any political party you want.
The abuses of our governments should not pass silently, but for one second let us consider what it is like to live under a regime that is a thousand times worse. Give this girl and the thousands like her still held without even the senblence of fair process their due. They have showed more courage and sacrifice then any of us will ever be called upon to display.
Are you afraid of being inprisoned because you posted this comment?
There is nothing wrong with pointing out the wrongs of every government, but this type of relativism serves only to belittle the struggle against regimes that are far worse.
Threads dead, but maybe you are still reading.
It doesn't matter the slightest in this case that the GPL has not been tested in court. Copyright law (which has been tested in court, I assure you) says that you may not distributed other peoples work. The GPL says that you MAY distribute my work, BUT ONLY if you agree to certain conditions.
If the companies in this story were to get the GPL thrown down in court, then the only thing they would achieve is to lose their (and everybody elses) right to distribute the kernel at all. This is the reason that all (*) companies have chosen compliance over going to court.
The only sensible way somebody could want to have the GPL overthrown in court would be for example if somebody who had previously distributed something under the GPL wanted to revoke the license.
(*) Modulo SCO. From the Darl-bots comments, my understanding is he somehow believes he can get the "BUT ONLY" part overthrown but keep the "MAY" part where it is.
Everyone has been selling OSS as free software, when it is explicitly not. There are obligations involved that must be followed.
It is the software that is free, not the distributers and users of it.
And we are supposed to be denied Internet access if we use a router instead of a direct connection.
In order to connect through a router or gateway, that device will need to be "trusted". That device being "trusted" implies that it's software has been authorized to control it's user in the correct fashion. What is to stop them from making it a requirement of such authorization that this router also denies access to "non-trusted" PCs?
Apple's die-hard fans are not going to leave them because they can't play Britney Spears CDs
Apple's die hard fans will eat it up in the same way that the love the DRM they are subjected to today. Hell, one can hardly point out here that ITMS is DRM without getting modded down by the "we love Jobs the Leader" contigent.
Sure, Apple's implementation might leave the user a little more slack, but they have shown with ITMS that they do want to use DRM, and that their users love it. The fact that ITMS has been cracked has got to be a little annoying: when DRM hardware becomes cheap and ubiquitous, why would one expect that they will not want "protect" those tracks a little better?
The DMCA might not have stopped the spread of software that plays DVDs, but it sure has managed to stop the sale of CD-ROMs that ignore the corruption of so called "copy protected" audio CDs. You may have gotten ahold of a mod-chip for your X-Box, but it isn't always easy, and people have gone to jail to distributing them.
Their is a reason this is happening in the BIOS: they know that software circumvention is hard to persecute, but hardware circumvention is easy. Expect some very nasty time ahead...