Japanese P2P Users Arrested, Creator Targeted

nutznboltz writes "According to a story on CNET Asia, two Japanese users of the Winny P2P application have been arrested for copyright violations, and the developer of the P2P software has also had his home searched by police. Winny was 'supposedly anonymous', and purported to be based on Freenet, although Freenet creator Ian Clarke is claiming that Winny is not really like Freenet, and that he's 'not concerned that the Japanese police have somehow found a way to compromise Freenet's security'."

This is an outrage!

This must stop! If this continues, the P2P world's supply of tentacle rape porn and mech video clips could dry up overnight!

Freenet/Winny

Considering the un-userfriendly state Freenet is right now (not being able to "search the [free]net") it would have been a huge accomplishment to completely base a P2P software on it. So my guess is that Winny more or less just mention Freenet for recognition purposes.

Re:Freenet/Winny

You can search Freenet _exactly_ in the same way you can search the World Wide Web. If you use a messageboard/filesharing application on top of Freenet (like Frost) you can search with a nice little search box per board or in all of them.

But please, why not post uninformed opinions on Slashdot and get modded up as Insightful :)

First case of the Article not RTFA?

"I'm not concerned that the Japanese police have somehow found a way to compromise Freenet's security," Clarke

"..but probably not those that allow Freenet to protect user anonymity." Clarke

I'm confused, it looks like Clarke said Freenet's compromised and he doesn't care, and that Freenet isn't compromised.

Uh oh!

...while the teenager is being held for making the game Super Mario Advance available online.

Better ditch that copy of Space Invaders while I can!!

Searched by police?

So - what did they intend to find? Or do they use it like intimidation of some sort?

Freenet is not save.

Clarke wants to save his face, but it's well known in certain circles that freenet doesn't provide 100% anonymity if the attacker has enough resources, e.g. a large ISP or the gov.
It takes some time, but you can determine the IP and stored data of a user.
But I don't think that this is so bad, in free societies such anonymizer tools are often abused by criminals, spammers and perverts and in oppressive societies the use of the tool gets you in prison anyway. The Chinese gov is not so stupid to get caught by the "hahaha - my data was encrypted, you can't prove anything"-argument.
So it's really no loss there.

Re:Freenet is not save.

This is a complicated issue without a clear answer.

If you want to be theoretical, then yes, Freenet does not provide anywhere near "absolute" anonymity. In fact, it doesn't even provide the level of anonymity that is used when judging such things as anonymous remailers or mixnets.

Basically, Freenet purports to be "anonymous" because you files do not recide on the computer of the person who uploaded them, and because all downloads and uploads are chained and tunneled through each host involved in the transfer. That means that the host you download a Freenet document from just knows it got it from some other node, which got it from some other node, which got it through some other node, all the way back to the person who uploaded it. It certainly makes tracking the people upload and download things more difficult then on networks like Kazaa (where it is, as we have seen, trivial) but in theory, and with enough resources, it is of course not impossible.

It should be noted what Freenet does NOT provide however. Freenet does do what the serious mixnets reffer to as "Onion routing", which basically means that the message is wrapped in an onion of cryptographic layers, which are pealed off at every step. The idea behind this is only the very last node can see contents of the message, and only the first knows it came from you (and none of the other nodes know anything except where the message came from and where it went).

If you request something from Freenet, your node will call up another node and ask it for that file - if that node is controlled by the Feds then you are busted. It is argued that there is plausible deniability, because it is possible that your node was not downloading the file because you asked for it, but simply forwarding it for somebody else. Given the state of the judicial process at the moment, I'm not terribly optimistic about this defense.

Freenet also doesn't protect (at least not very well) against traffic and timing analysis, allowing one to track down the author of something using the timing and amount of encrypted traffic that nodes exchange. I don't know of any case of traffic analysis having been used (except maybe on the NSA hyper-spook level), but it isn't impossible.

Another thing that Freenet does not "anonymise", and this is the most important IMO, is that you are running a node in the first place. Your Freenet node has to be public, so the feds could definitely "fish" the network for node addresses and start busting those who run them. Again there is an argument of deniability: you don't actually know what is in your nodes cache because it is encrypted, but again I don't have a lot of faith in this defense when the prosecutor will argue that you knowning acted in bad faith.

Regarding Winny, however, I think I agree with Ian. It seems doubtful that Winny works in the same manner as freenet, for the simple reason that Winny works, and well, freenet, umm, doesn't. Any time you try to put anonymity into something, useability IS going to take a hit, because trying to spread and bounce traffic necessarily hits performance. I have a very hard time believing that Japans most popular P2P network could be based on tunneling everything - purely for performance reasons.

(I have to run, so forgive typos and pitiful spelling errors.)

Re:Freenet is not safe.

Actually, just the size of the piece of content you are retreiving is very likely to tield enough information to identify exactly who retreived it, I'm afraid.

Pieces of data in Freenet are padded to the nearest exponent of two, so this particular attack would be pretty difficult.

This is the final straw

Stupid laws that cost thousands of extra police hours not only waste tax-payers money, they take police from their real job and priority number one which is keeping the peace. Not only that, but the RIAA is terrorising people with its tactics, it has become a mafia and should be shut down today. Whats going on here is a total inequality of justice. You cant choose people to make examples out of, and you cant have anyone in a cell for downloading music while there are muggers, murderers and rapists out on the streets. full fucking stop.

Re:This is the final straw

Stupid laws that cost thousands of extra police hours not only waste tax-payers money, they take police from their real job

Couldnt agree more. But this isnt the main culprit. Globally more is spent on 'THE WAR ON DRUGS' and chasing criminals who only steal to feed their habits than on ANYTHING ELSE. Apologies for the caps - just trying to be sensationalist because Im talking about drugs - which we all know are REALLY SCARY AND BAD.

Of course - these kids coul dhave been P2Ping to support a crack habit. It all comes back to wasted money on THE WAR ON DRUGS...

Background Info

Since Winny is pretty much unknown outside Japan, here is some background information for slashdot readers: Winny is a P2P file sharing program created by a Japanese programmer, who still remains anonymous to this day. It came out two years ago as an attempt to share copyright-protected materials "safely" when somebody was arrested for using another P2P program (WinMX). Since the application was extremely well designed and almost anything is available on its network, from movies to software, it has become immensely popular in Japan, so much so that there are a dozen book available on how to use it and network traffic in the country was down 20% after the news of the arrest broke. As for the reasons why the police was able to identify those two people who were arrested, they used an extra bulletin board feature, which does not guarantee anonymity unlike its file transfer feature, to distribute a list of warez videos. Therefore, I don't think this news has anything to do with the validity of Freenet's technology, or with that of Winny's for that matter.

Re:Background Info

Mod parent up. This discussion can't go anywhere without the participants having proper knowledge of the background and workings of Winny.

The reason that nobody's heard of Winny is that Winny has been deliberately kept off the radar of countries outside Japan by the author himself. He keept the source closed and only provided the program and documentation in Japanese.

Winny is "based" on Freenet only to the extent that the creator of it consulted Ian Clarke's papers to design the network. The possibility of Freenet code being reused in Winny is pretty low, as Winny is a native Windows application and there's that issue with GPL code anyway.

The architecture of Winny has some aspects in common with Freenet, but while Freenet was designed with anonymity as priority one and usability as backburner, Winny aimed to become both a usable AND anonymous P2P client. To achieve this goal, some of Freenet's anonymity features (such as the inability to know the data inside one's own node) was removed from the design of Winny, and some usability features such as searching within the program were implemented. Winny's design is not as modular or portable as Freenet is, either; Winny is a native Windows application tied to a GUI, more like "normal" P2P filesharing apps.

Winny version 2 also includes an anonymous message board system, a bit like Frost's TOF; Due to the original Winny's immense popularity, The Winny message board became a lively place of discussion, also often used to request and announce up/download of illegal files.

Presumably, it was this that the Japanese police used. Due to the way Winny implements the anonymous message board, reading and posting in the threads are anonymous, but creating a new thread is not. Both of the two people arrested were thread creators, and they announced the upload of files in their threads. As this was not anonymous, the police probably traced them using this.

Any additions/corrections from Japanese Winny users are welcome

Ever *truly* Anonymous?

I am often amazed at the abilities of some. A 15 year old breaks a hard crypto for DVDs in what seems is a poetic 30 line program... And so many others who have contribuited to technology. But in my limited thinking I cannot see how a truly anonymous P2P network could ever be thought up.

After all the encryption, all the routing and packet filtering... eventually we're always left with unavoidable IP addresses. There's always going to be, has to be, a destinaton and origination. If a computer program can find the location of a song, so eventually can a human. ...So it seems to me.

The FBI tracked the release of an email virus to some upstairs apartment laptop with a temporary dial up connection in a third world country within three days of it's release. What was it, the I love you virus or something written by some tech students? I sat in wonder watching the news reports and the video of dirt streets and old third world buildings wondering how the hell they did it. How they knew it came from that upstairs apartment. Probably logged in just long enough to send it. Not just in three days, but probably sooner with them taking 1-2 days for the "public" release.

Then I consider a truly anonymous P2P file share and wonder if it is even possible. The song is going to be on a hard disk. That hard disk is attached to the net and will have a number representing it's network location. All of which can be traced. In my mind, again, if a program can find the song, even as difficult at it may seem, so eventually can a human.

Just like *they* can never make an unbrakable copy protection, Will *we* ever be able to completely anonymous while on the Net.

I'm just wondering....

Re:Ever *truly* Anonymous?

Ever heard of onion routing? look it up.

Bascially, there is no source and destination, just a bunch of message passing between random nodes, the 'destination' just keeps and eye out for something that belongs to them. Put very basically. Theres a bunch of asymmetric crypto involved also. Look it up for more details.

Re:Ever *truly* Anonymous?

Have a second internet with a completely different method of assigning IP address. NAT all traffic passing through your box.
Hey presto, no-one knows if it came from you, or the person behind you, and there is no ISP that can be asked who "owned" an IP at a certain time.

Its OK... the RIAA may be paying for spam.

Here are the snippits from the spam.

Subject: Digital Music News: Don't Go to Jail

Music Industry Informs Internet Users of Risks Peer-to-Peer Networks Pose

STAY OUT OF COURT - USE LEGAL 'SHARING'

Staff Writer, The Digital Music News

The Recording Industry Association of America has filed 300 lawsuits against alleged file swappers. Don't want to become victim number 301? Then it's time to switch from programs like Kazaa and Morpheus to a legal music download service Songs purchased on legal services are more reliably of a higher quality than those downloaded from a peer-to-peer network where you're never quite sure if the file was properly labelled, ripped on an underperforming computer or contained a virus Below are the options that will help keep your life free of lawsuits To learn more about safe and secure ways of using the Internet http://www.riaa.com

The message then goes on to pimp for the various pay services. I have no idea if the RIAA actually paid for the spam, of if it is a joe job.

Speed of the Japanese legal system

The speed of the legal system here is notoriously slow.

And, I'm told, most people can escape imprisonment or heavy fining by just apologising well.

So, I'm not sure what kind of resolution the companies are expecting, but I'm sure it will be a long time til we hear anything :)

Re:Speed of the Japanese legal system

And, I'm told, most people can escape imprisonment or heavy fining by just apologising well.

Unless you're a foreigner [justicefornickbaker.org]

I'm not saying this guy is innocent, but he got a longer prison sentence than most murderers. Japan has a conviction rate above %90 percent. They can also hold someone on suspicion for up to 21 days without so much as a phone call. My greatest fear is just being a suspect. It doesn't matter if you're guilty or not here. So I get a heavy fine and no "prison sentence." I could still be in prison for almost a month before charges are even filed.

Hara-kiri Over Hanson!!

Arrested!!!! Holy shit that could lead to Hara-kiri over Hanson.

Winny is more advanced than Freenet

Winny was developped by the Japanese developper called "47", and it was after WinMX user was arrested here in Japan, in 2001. It was the world-first arrest of P2P users. Japanese copyright law was amended in the years before to crack down infringement over internet, protecting "right of enabling sending copyrighted material".
Since then, among Japanese users and hackers, non-encrypted P2P which is still popular in the West today became things of past.

Since Freenet made of Java was very slow application then (not much improved today), he made Winny as native Windows P2P application, with encrypted storage distrubited across peers. According to the developper, Winny is good at the both anonymity and efficiency, but anonymity is slightly lower than Freenet. Because a receiver can't determine a sender is the one who originally inserted the file to the network or not, it was considered anonymous and then more secure than ordinary P2P network, say, Gnutella or eDonkey etc. Winny has other functions like forum system, and clustering by keywords combination set by its users which help users with similar interest mold cluster. Other remarkable difference from Freenet is it dosn't split files, but can do multiple-source download.

With the help of community and its own efficiency as P2P network, Winny become extremely populor in Japan unlike experimental Freenet in the West and consumed huge bandwidth.

But those who were arrested the last month was arrested because they sent files directly, without being a bridge, or put some warez onto web page and running Winny beside it. Therefore it is still not clear whether just running Winny and sending cached files without modest deliberation means guilty or not.

And Winny is really WinNY, means the next of WinMX

Winny is really WinNY, with WinMX N is the next of M, and Y is the next of X.

Winny Background

The way annoymity works is that files are stored in a "cache" in a scrambled format with filename concealed, even to the local user.

Winny knows how to descramble the name and data, and it can search on the P2P network a specific file using its filename or MD5 checksum.

When a file is found, it is either downloaded directly or through another random user (think proxy).

Files goes into the cache either by local upload, by downloading a file (which Winny will descramble for you, leaving a copy in the cache), or by files passing through your node. It is then available for further download by other people.

This provides a kind of load-sharing where more popular a file is, it will be found in more people's cache and more easily available. Downloading from multiple sources is also possible.

You can find out who your immediate neighbour is, but he can claim he doesn't know what the content of his cache contains an infringing file, but of course this requires him to remove the original on his disk :)

To give an incentive to people to cache files, # of simultanenous downloads is limited to # of uploads+1 with a lower limit of 2.

It is a very convinent system because winny has a function that let you specifies search parameters and you can just leave it alone and it'll download everything that meets the parameters, meanwhile donating bandwidth and cache space to other people on the P2P network.

This model can be possible only because Winny is closed source. Cracks have both appeared for both the download limit and cache descrambling. It is easy to see widespread use of the cracks will compromise the model (less files to be found on the network).

Fortunately normally people don't care (it is just spare upload bandwidth and disk space, which broadband P2P users usually have surplus of).

Chasing after file sharers doesn't work!

Just found a link to The Motley Fool [fool.com] that very much suggests that file-sharing isn't taking any revenue. If this is truly the case, how do they justify the restraint of freedom [slashdot.org] induced by laws and methods of enforcement? This appears to be less a case of protecting revenues as a simple imposition of unjustified power.

More musings on power and on civil disobedience [slashdot.org]. I should say that I admire the independent artist who chooses to share samples, and do not especially admire those who trade music illegally, but here, punishment is disproportionate.

Society is reaching a fork in the road

I believe that the words "arrested for downloading..." should not be appearing in our lives because "arrested for downloading music" sounds very similar to "arrested for downloading political material" and this is exactly how a society moves from free to big-brother. Lets put things in perspective here: You are not gaining unauthorized entry to a remote system, you are not 'stealing' (as in bank notes) money, you are not diverting electronic funds to yourself. Flaim me all you want about what you 'are' doing but those facts remain.

What you are doing is partaking in an activity that may negatively effect a large economy. Now there is no definite case here, it could be that you were not taking a potential sale because you would never have intended to buy it in the first place, who knows? its a very blurry area and no-one can claim they know all the facts. Having said that there are allot of things in our society that follow similar logic:

Driving your car for example, now you may not contribute a significant amount to pollution yourself but everyone together does (this has more proof behind it than the case against music downloading). If you go get a drink during commercials then you aren't doing anything personally but if every single person got up during that commercial it would have a zero viewer figure (which leads to the question are the advertising companies doing their job if no-one wants to watch their adverts?). As a society we have deemed that some things are ok and some are not for whatever reason but if its deemed that filesharing is not ok then you will have put that over driving your car and a whole host of other things we do that are far worse, is that ok? its up to you.

Its society's job as a whole to decide the balance here, personally i think filesharing should be accepted and that it will lead to a positive change in the way things are done and the way music is made. Maybe it will lead to the downfall of the RIAA as we know it and music will suddenly become not a money driven thing but a enjoyment driven thing maybe like open source software, is that good? is society happy with the way things are now? are you happy with the way things are with the RIAA? because its the majority of the people that matter in a democracy not the richest and if you live in a democracy then thats the way it goes.

PS. It might happen that you dont live in a democracy or your democracy is broken and for example 2 million people all getting together in a park to demonstrate over something does not sway your PM's view atall even though it was one of the biggest demonstrations in your country's history. Or, your government openly receives funding from major corporations and just happens to churn out laws that suit those corporations and has now allowed one of those corporations to run its voting. If this is true for you then the above post means nothing, go back to your work, do what you are told and let it get worse. If you dont live in a democracy and dont want one than also ignore this post and i hope you have better luck than us and that we dont try and invade you anytime soon, if we do im sorry i had nothing to do with it.

AUdit the code?

If its so great ( even though we havent seen it in the west ) has anyone audited the code to see if ts really the 'next generation' or not?

If so, its time to let it come across the pond... and see if it flys or dies....

What democracy? (rhetorical)

Well IANAJC (I am not a Japanese Citizen), but as a citizen of another known "democratic republic", I just have to wonder. Weren't we supposed to be pretending that government did something other than <<protecting rich people's stuff>>?

Just as a gas, I'm including a relevant clip from Japan's constitution. Reach your own conclusions.

Article 21:
Freedom of assembly and association as well as speech, press and all other forms of expression are guaranteed. 2) No censorship shall be maintained, nor shall the secrecy of any means of communication be violated.

Re:Piracy is a crime

You just voice anti-Slashdot opinion somewhere else, mister! We have learned to like our daily share of "same story, different country" posts!

MOD DOWN, troll

1. p2p isn't piracy or crime, just like everything else it can be used to violate laws, so p2p != piracy.

2. copying software isn't theft or crime, it's just copyright violation (I'm not saying it's cool, it's just not a crime)

Uh, not quite...

Piracy is a crime and these folks were arrested for it. I don't see why this is news.

Uh, not quite. Software piracy may be a crime, but writing a P2P application, which has practical purposes for sharing files legally, isn't (as far as I know).

It's a sad day when writing a file sharing application is enough to get your house turned upside down by the police or get you thrown into jail.

Re:Uh, not quite...

why not also go after the firearms industry, because people get shot by guns?

Because the firearms industry is (relatively) huge, has lots of money, generates a lot of tax revenue, and has a few volunteer groups campaigning against it. In contrast, file-sharing tech is (relatively) tiny, has next to no money, is used by people to avoid paying for stuff and therefore generating tax revenue*, and has large, multinational groups with lots of money campaigning against it. Logic doesn't come into it, money does.

* Yes, I know, it has legitmate uses too, but they don't generate any tax revenue either

Re:Piracy is a crime

Actually on this point I have a question. Isn't the problem with true anonymity when downloading from the net the connection between your system and your ISP? If nothing else, wouldn't your ISP be able to detect a massive upload/download bandwidth usage? Given the usual way thing work here, I imagine ISPs would be very open with dealings with the police if they came around asking questions. Right now in Japan they are starting to roll out fibre-optic cable connections to the net. Two people in my apartment complex have applied for it and the entire complex was given information on it. Currently they are offering 100Mb/s down and 2Mb/p up. I'm on Cable at the moment which only offers 10M down and .5M up and was thinking of getting it. After hearing about this latest arrest however a few of my friends who already have it are getting worried. They often download TV programs from Bit Torrent (Japanese TV sucks...) but after downloading some 5gig worth of some program they noticed they had uploaded 10gig. They are a little worried that that will ring a few bells back at their ISP.