Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Courts Government News

Protecting Clients: Legal Impact of Filesharing Network Design 123

Cryogenes writes "InfoAnarchy has posted an excellent piece on legal issues faced by participants in a P2P network. The article is written by Fred von Lohmann who was previously noted on /. for the white paper IAAL*: Peer-to-Peer File Sharing and Copyright Law after Napster (which you can find on the EFF site here)."
This discussion has been archived. No new comments can be posted.

Protecting Clients: Legal Impact of Filesharing Network Design

Comments Filter:
  • I really never expected this to be worthy of Slashdot's attention.

    (note: I started the email dialogue with Fred von Lohmann back on August 3rd -- I wrote the indented text in the InfoAnarchy article. Fred replied on the 8th, and I posted it on InfoAnarchy on the 9th.)

    I think there are a lot of interesting ideas out there -- we have some very powerful technologies to use, but each one satisfies a different need. Someday someone much smarter than myself will find enough connections between enough individual ideas to find a way to connect them all. I think the perfect filesharing network must use lots of cool technologies -- the combined technologies of several current projects.

    Fred von Lohmann wrote an excellent paper that addressed the potential legal liabilities of *developers*. In open source applications and serverless peer-to-peer networks, the developer can be invisible or anonymous. If there are no servers, the only thing left to consider is the users -- the peer nodes.

    My first question to him was basically rephrasing the kind of caching and forwarding that programs like Freenet and Blocks do.

    The second question was based on an idea that an InfoAnarchy user started in an article's comments. I had always assumed that index servers will be a filesharing network's weak point -- the point where index data is being traded is the point where an attacker can best censor the network.

    This idea would really suck to implement. Your clients wouldn't even get to see the filenames of their search results -- they would have to trust that the hash system worked properly and that all of their search results are valid. I don't know about you, but I'd hate that. I'd be uninstalling that program in a heartbeat.

    But what if that was all there was? What if every other filesharing system with an index server was whitelisted, media company controlled, or was otherwise restricting access to certain information? If a user's alternatives are either a mangled no-filename service or a whitelisted service...or no service at all...perhaps they would choose to use this idea.

    Or in other words...it's technology. It's a tool. It doesn't work in all scenarios, but there may be a situation where this idea works better than any others. It's not a good Napster replacement, not by a long shot, but we should file this idea away and use it later instead of dismissing it because it isn't a magic solution.

    In my experience, information security is a tradeoff: security for convenience. To gain security you usually have to lose some measure of convenience. Really smart and well-designed security solutions can give you a lot of security for very little sacrificed convenience. Some other security solutions can give you a very small increase in security for a great loss in convenience. (For example, if a bad system administrator sets his NT servers to require frequent password changes with excessively complex passwords, in an environment where users are known to write their passwords down on post-it notes anyway, you're taking a lot of convenience away from users without giving them much extra security. They'll just use more post-it notes than before.)

    I have a few more ideas that may present interesting legal situations if they ever get implemented. I'll keep InfoAnarchy.org updated if Fred von Lohmann and I have any more interesting discussions.

    As a parting shot: Don't blame the hackers for all of this widespread copying of copyrighted media. We aren't the ones who sold millions of *general purpose* PCs to millions of consumers. They already have the tools -- we're just helping them use their tools to maximize the rights they already have.

    --Michael Spencer
    blocks@mspencer.net
    • Your clients wouldn't even get to see the filenames of their search results -- they would have to trust that the hash system worked properly and that all of their search results are valid.

      Maybe I should continue this discussion over at infoanarchy, but couldn't you associate a "title file" with each "content file"? The title file would be protected in the same way that the content file was, and indexed accordingly, such that as results are returned, they have references to the small quick downloads of the titles? You could maybe even write a client that went out and "translated" (downloaded, unpacked and displayed) the title files on the fly in a threaded fashion so as to give you a hint as to the contents.

      Legally and conceptually, I don't see this bringing about any less plausible deniability on the part of the index providers. It definitely increases the traffic, but there might be a similar way to break up the title files among index servers such that no single index server knows the content, but the client can decrypt and determine the contents of the link.

      • That's an interesting idea. If someone can come up with a way to do this that doesn't sacrifice filenames, it'd be almost good enough to implement.

        ----------

        Suppose that the servers return the list of hashes that each search result would have matched. These hashes still can't be 'reversed' back to the original words.

        When the client creates a list of possible results, suppose that the client uses a dictionary file to try every combination of 'extra hashes that I didn't search for' to try to find the other words that were probably in the file. If the user finds that the file contains fifty 'catch' words instead of words directly relating to the original search, the user can choose to not download the file.

        ----------

        Here's another try.

        The example I submitted to Fred von Lohmann already assumes that the index servers aren't allowed to collaborate, because every host on the network knows whether a host is an index server or not.

        Suppose that the clients are running a network service such that they can answer queries for a given 'file number' or 'file reference' with the original filename, size, etc.

        The index server is not allowed to connect to this 'filename lookup service' because the clients all know the network addresses of all index servers. They can simply refuse to answer queries from index servers.

        Note that some Napster clients already ping every returned search result.

        ----------

        I believe this can be implemented, as a Napster server replacement. This sounds good as I read it back to myself, but it's bound to be full of holes. Please tell me if anybody notices anything that doesn't seem right.

        Suppose we create a custom program that's designed to work with existing Napster clients and with existing OpenNap servers. The program runs on the user's computer. It emulates an OpenNap server running on localhost, so the client can connect locally and pretend it's talking to a normal Napster server. It's also using this special hashing logic to talk to existing OpenNap servers, masquerading as a Napster client.

        The (real) Napster client has its own list of shared files, probably indexed by actual filename. It can send search queries and receive search results.

        The fake Napster client built into our special program has its own list of shared files -- one list for each hash type.

        When the real Napster client wants to share its list of files with the world, it talks to our fake Napster server (running on localhost). It shares all of its files (with full filenames). The fake Napster server then hashes each of the words in the shared files' filenames and sends those hashes to the actual OpenNap servers out on the internet.

        The OpenNap server sees "F3B 892 B22". The fake Napster server running on localhost sees "suchandsuch 02 -- soandso.mp3". So now the OpenNap server is full of bogus-looking results that point to bogus files on real machines. The real OpenNap server might think that this "F3B 892 B22" file exists on the IP that shared it, but the file doesn't really exist.

        When the real Napster client wants to search for a file, it sends its search to the fake Napster server running on localhost -- our special software. The local machine then splits the search up into three parts, as described in the article. The hashed search items are sent out, some very long lists of results are sent back, and the local software processes the three result sets into one result set. It then queries the IPs returned, looking for original filenames.

        As far as the Napster client is concerned, nothing has changed. They still get search results with full filenames, and they still get the real IPs of people to download from. The downloading mechanism still works exactly the same.

        As far as the OpenNap server goes, people seem to be sharing lots of bogus files, or files with odd filenames. (instead of 89B we could use phonemes: ha-chi-ro-ni-ku-ba but without the dashes) And so many people are searching for the same odd words, that people keep requesting search result sets over 200. I hope the server operators decide to increase their max search result set.

        And the result: just as Napigator enabled Napster clients to connect to nonstandard servers while still making things very easy for the end-user, our 'transparent' program can be used by simple end-users without requiring them to learn anything new.

        Searches will take several times longer to complete -- but they won't be filtered any more.

        ----------

        Anybody feel like starting a SourceForge project? ^__^

        --Michael Spencer
        blocks@mspencer.net
  • One of the reasons software piracy is so rampant is that in order to prosecute someone, you have to take them to court where a representative of the software company in question will testify that yes, it is indeed their software.

    It is a major expense for software companies to fly in an 'expert' and for law enforcement agencies to prosecute someone so they avoid prosecuting the small fry users who pirate software. It is simply not worth their time even they it would be ridiculously easy to find some with pirated software.

    No matter what the legislation on P2P, I think it will be comaprable to jaywalking. Although it is illegal, nobody ever gets busted unless they are dumb enough to jaywalk in front of a police car.

    Interesting side note on file sharing:

    When cassette tapes came out, the recording industry tried to block it fearing that once people could record songs for free off the radio, record sales would drop.

    When video cassettes first came out, the movie industry tried to block that for the same reasons as above....

    Maybe the whole thing is much ado about nothing.
  • Peer-to-peer (Score:5, Interesting)

    by Nastard ( 124180 ) on Friday August 10, 2001 @09:33PM (#2118475)
    There is nothing inherently evil or illegal about peer-to-peer networking. "P2P" is a bullshit buzzword, and it's sexiness only proves how little anyone (including those in the industry) cares about staying true to defined tech terms.
    • I think the corporate pedophiles just like saying Pee-to-Pee out loud :)
    • Amen! (Score:5, Insightful)

      by SCHecklerX ( 229973 ) <greg@gksnetworks.com> on Friday August 10, 2001 @09:45PM (#2126691) Homepage
      The internet should be illegal. It's one big "p2p" network, after all.

      FTP, HTTP, Telnet, Usenet, Gopher, POP, SMTP...and of course, IRC!

      Ban it all! One computer connects to another computer and gets stuff from it. That's how it all works and always has, dimwits!

      • I agree about the net being inherently p2p.

        The difference between napster and apache is one of degree.
        I can run an http client on the same machine as an http server. (and I do: wget) But the client/server paradigm is valid. There are many machines whose primary purpose is providing a resource. And there are many machines whose primary purpose is accessing a resource.

        It seems p2p just means client and server services reside on a single machine.

        Of course, you could also create a separate napster client and napster server.

        • Well, I think the problem lies not in the fact that P2P is bad, but that the naysayers and lawmakers don't understand the fundamental concepts of P2P and the Internet.

          The Internet is inherently P2P. It allows any 2 people to give each other information directly. You can't outlaw a specific program that does that, but allow the actual act to continue.

          That would be like making murder _legal_, but making it illegal to shoot people (because that is a common, high-media-profile way of murdering people).

          The lawmakers and corporations opposed to P2P don't understand that the Internet is essentially P2P, and that to make P2P illegal is retarded if the Internet still exists at all.

          Is your "business friendly e-commerce buy-it-direct-now connection" to Dealer37362 not a P2P connection? :P
          • The legal opinion and other comments are touching on the problem of sharing copyright protected material or information which is not accompanied by the owner's release.

            P2P technology itself has almost nothing to do with this, because the problem also applies to those who plagarize or share content using cassette tapes. Nobody has ever seriously suggested banning tapes or hard drives or CD-[W]R's, or photocopiers, which are all equally powerful technologies of infringement: The reason napter got into trouble was due to it's blatant promotion of infringment itself and the cheerful knowledge of it, not because of it's software or it's servers.
      • "The internet should be illegal. It's one big "p2p" network, after all.

        FTP, HTTP, Telnet, Usenet, Gopher, POP, SMTP...and of course, IRC! "

        Although I agree with the point you are trying to make, it is important to note that the internet (at least the examples you mentioned) are definetly NOT P2P. They rely on a server/client architecture (servers being apache, wu-ftp, ircd, sendmail, etc, clients being mozilla, ftp, x-chat, evolution etc)
      • Telephones should be too. After all, how do we know someone isn't playing a CD in the background?
      • not at all (Score:2, Insightful)

        by mj6798 ( 514047 )
        That's not at all what companies want to do. What they want is a very controlled flow of information: advertising and content with product placement flows from their systems to yours, and payment and usage information flows from your system to theirs. Any content that doesn't pay money to one of the big media conglomerates shouldn't be on the network. You are a consumer, and only that.

        And companies seem perfectly capable of enforcing this world, using a variety of strategies: putting "no server" clauses in your access provider's TOS, forcing the world to adopt proprietary and patented content formats for audio and video, and legally going after anybody who writes software that does not fit into their master plan.

      • This is hilarious! But you're absolutely right! I mean what were they thinking? When the internet burst onto the scene, didn't they stop to ask someone that knew, what exactly it was? (Maybe they should have asked Al Gore...after all didn't he invent it?)
        "Let's put our stuff up on this cool new internet thing...Holy Shit!...people are stealing it and were not getting paid...make it stop!!!"
    • It is clear that P2P is being used to refer to something more precise than the traditional meaning of peer-to-peer networking, something with new relevance, which deserves its own name. So what are we going to call it?

      The distinguishing technical feature is nodes storing the bulk of the data (connected as peers on the underlying network), which are run voluntarily by the end-users of the system, so they appear and disappear relatively quickly. The distinguishing use pattern is almost exclusively copyright violation.

      "transient node architecture"?
      "peer today, gone tomorrow"?
      "thing sorta like Napster"?
      "copyright violation hack"?
      "litigation whack-a-mole"?
      "free as in peer"?

      In all seriousness, we can't go on calling it peer-to-peer and bitching that peer-to-peer is too general. Can anyone think of something technically accurate that doesn't come off as propaganda from either side?
  • Most relevant point (Score:3, Interesting)

    by Logic Bomb ( 122875 ) on Friday August 10, 2001 @10:32PM (#2121250)
    The most telling point I got out of the article was the sentence where he said that in the end, a court is really going to care whether any architectural decisions seem to have been made purely to obstruct the law. I think this was the lawyer's way of pointing out that the courts enforce the spirit of the law, not just the letter. When it comes down to it, no matter how well a system attempts to satisfy the various technical legal issues involved, if it's not used for much except infringing activities the courts will try to shut it down anyway.

    Of course, given nifty things like Freenet, such decisions might be essentially unenforceable, which would finally force some sort of action to move the law into the 21st century. It's a hell of a gamble though: start a revolution and hope things work out ok. To some, it definitely might seem a better idea to make the law safe for modern technology, then put it to good use.

  • ...go buy a CD, DVD, and a new piece of software once a month!

    Really, some people here are so out of it...The reason that the companies are so irritated is that they have it in their heads that they are losing big money because of illegal replication of their products. You know what? They ARE!

    I'll be the first one to say that CDs are overpriced, but companies only understand one thing and that is being profitable.

    Corporations, as well as the legal system, are organized and used to things taking years to play out. The community at large is not. I don't think for a second that designing new ways to share files is going to "win" against a corporation that knows they are losing sales.

    At best, more people share files illegally and get the media companies more upset. End result is they further increase prices for the majority of people worldwide who don't know how to download Metallica and burn it onto a CD for their Linux enabled car.

    It's not your right to steal someone else's product, regardless of what you think of the price. If you don't want to pay, don't buy it.

    People will be pretty upset in a few years when we lose more personal liberties because a small percentage of people insist they can pirate the latest Britney Spears type groups (which by the way the media companies you love to hate engineered from the ground up to be popular, yet you MUST have it!?)

    Case

    • go buy a CD, DVD, and a new piece of software once a month!

      Let's see...hm, give money to RIAA and MPAA so that they can in turn use it to corrupt government officials with their bribery (aka lobbying) influence to infringe on our rights? I THINK NOT! If they want to act like a menace to society, I will treat them like a menace to society, I will do what is in my power to weaken and destroy them.

      I can't help but to wonder if whoever modded your post as flamebait has it right.

      It's not your right to steal someone else's product, regardless of what you think of the price. If you don't want to pay, don't buy it.

      Do you think that by misusing a word such as "steal" it adds some kind of validity to your argument? I don't.

      If your argument is that I'm legally obligated to compensate a corporation for their so-called "Intellectual Property", well, when laws are made by those that can hire the most expensive lobbyists and make the biggest bribes or "campaign contributions", well, then the law can just kiss my ass.

      If your argument is that I'm morally obligated to do so, morals are entirely subjective, and that's something each person has to decide for themselves.

      When I was a poor student, I'd copy something if I wanted or needed it. What would it have accomplished to refrain from copying material I couldn't afford anyhow? But since I've started working, I've tried to buy the copyrighted software I needed when I could afford it (which was most of the time), because I WANTED to support the people who made it. And I think that system worked out very well. But ever since I began to understand how thoroughly evil and corrupt the MPAA and RIAA are, I've actively avoided purchasing anything that would support them in any way. Not that I've downloaded MP3s or copied DVDs myself (not much interest in the entertainment industry), but I fully support those who do.

    • It's not your right to steal someone else's product, regardless of what you think of the price.

      Right now, you are correct. In 50 years, I honestly think that downloading any and all digital content will be considered a right, in the same way that humming a tune you heard on the radio is now considered to be a right. If enough people can do something easily enough they come to expect it, and *poof* a new right is born.

    • by Anonymous Coward

      The reason that the companies are so irritated is that they have it in their heads that they are losing big money because of illegal replication of their products. You know what? They ARE!

      One little nitpick, along with the usual rant asking everyone not to use the words "steal". "pirate", "protect", etc....a LOSS is when a company spends more than it makes. The big media companies aren't experiencing losses. In fact, they might even be making bigger profits because prices are inflated on the stuff they sell (to compensate for the copying), and they get tax dollars from certain blank media.

      So don't confuse "losing money" with "making less money". It reminds me of Who Wants to Be A Millionaire: Regis would tell a contestant they will lose $64,000 or whatever if they miss the question.. well they actually don't lose anything, they don't have to pay $64k to ABC, they just win less!

      Since it costs so very little to make a CD (even when you figure the artist royalties into it), I feel justified in comparing media company profits to contest winnings.

      The best course of action is to completely ignore the media companies. Don't buy the music, etc., don't even listen to it or talk about it. Support artists who are "sharing-friendly". If you're an artist, take a stand for the right to copy. Work hard to come up with ways to get paid.

      People don't copy stuff because they want to "stick it to the man", they copy it because it's a natural part of human behavior. The difference today is that a) it's near-perfect copies, and b) it can be tracked by the media companies. Imagine of someone could've tracked each tape that was traded in the last 30 years!

      So really, keeping the media companies rich, with the hope that they'll leave us alone is silly, it's just like paying protection money!

  • Do it only with a very few people you know and do it over an encrypted pipe, storing into an encrypted filesystem.
    • How many systems have native disk encryption? Two? Perhaps, Three?

      That type of sharing isnt what "they" are afraid of unless its the largest pirates on the planet doing it...
    • why? (Score:2, Interesting)

      go to so much trouble to hide illegal activity that you believe is right? Instead of thinking of new ways to circumvent copy protection and sharing, how about lobbying your congressman to get the laws changed? They are after all servants to the people they represent.

      • How about doing something that is not currently illegal, but possibly could be in the future? I know that the U.S. Constitution prevents ex post facto laws, but that doesn't stop Congress from passing them. Why do companies need to know what I am sharing with my friends anyways?
    • Do it only with a very few people you know and do it over an encrypted pipe, storing into an encrypted filesystem.

      With the sig.

      "Beware of he who would deny you access to information, for in his heart, he dreams himself your master."

      Does no one see the irony?
    • Do it only with a very few people you know and do it over an encrypted pipe, storing into an encrypted filesystem.

      I think we've all had that talk with our parents, whether they understand computers or not.

  • Freenet (Score:3, Insightful)

    by Swaffs ( 470184 ) <swaffNO@SPAMfudo.org> on Saturday August 11, 2001 @12:17AM (#2125292) Homepage
    One point he failed to make concerning the Freenet issue was with nodes B and C passing traffic, and the DMCA. Correct me if I'm wrong, but aside from it being difficult for the node operators to know about what traffic they're passing along and to remove infrigning material, would it not be illegal, since the traffic is encrypted, for the node operator to find out what that traffic is, and hence filter it?
    • Re:Freenet (Score:2, Informative)

      by jesser ( 77961 )
      IIRC, The DMCA makes it illegal to break encryption used as part of a copy-protection system.

      But if it were illegal to circumvent Freenet's encryption for filtering purposes, and if it were also illegal to passively allow people to transfer copyrighted data through your computer, those two laws wouldn't be contradictory -- instead, they would together make it illegal to run a Freenet node.
      • and if it were also illegal to passively allow people to transfer copyrighted data through your computer

        If that's the case, the entire Internet is *dead*. If every node from here to outer Nowhere is liable for all information passing through it with regards to any and all laws and regulations in the place it exists in (and which may be legal at both endpoints btw), noone would dare operate a node.

        It doesn't make any real-world sense either. If I tell you the locked steel crate I'm shipping contains pillows, and I got papers to prove it's reasonably so, UPS won't get sued for attempted drug smuggling no matter what.

        Kjella
      • IIRC, The DMCA makes it illegal to break encryption used as part of a copy-protection system.

        You do not rcc. The DMCA has nothing to say on the subject of copy-protection. It is about access controls. It is illegal to circumvent a technological measure that effectively controls access to copyrighted information. When you create information it is by default copyrighted, and in any event you can't tell what the information is until you access it for which you would need to circumvent the access control... i.e. the DMCA does indeed effectively prohibit decrypting the information.

        Your second point was valid though. If the court believes that the scheme was set up primarily to circumvent the law then the scheme will probably be illegal to operate.
        • If the encyrption that freenet uses is a technological measure that controls access to copyrighted information, then it would be illegal for anyone to break the encryption. I see freenet's biggest shortfall is that it doesn't have enough "legal" copyrighted information on the network; a pretty good reason to start a complete sourceforge archive on freenet. If the IPDroids can use the dmca to protect their works, then us hackers should be able to use the dmca to protect our works.

  • by jesser ( 77961 ) on Friday August 10, 2001 @11:12PM (#2128181) Homepage Journal
    While the article says that Freenet is safe under current US lays, it doesn't address a large potential problem: Congress could pass a law making "anonymous, encrypted, peer-to-peer networks" illegal on the grounds that the only reason you would choose to use that kind of P2P network would be to trade illegal material (especially since Freenet tends to be slower than a P2P network that doesn't involve encryption).

    I think we should be thinking about ways to shift public opinion in favor of Freenet, so that such a law doesn't get passed, instead of trying to work around current laws. One thing that might help would be if official videos (movie trailers, convention broadcasts) were officially distributed through Freenet, saving the content providers money on bandwidth. That doesn't help to argue that anonymity and encryption are important, however. Can Freenet be defended, or is it truly only useful for trading kiddie porn and bootleg music?
    • What Freenet needs is a legal "killer app" -- some feature available nowhere else that will entice millions of normal individuals to install the client on their computer. The "shared bandwidth" idea is a good start -- you just need to get enough useful content on there to make it worthwhile for people to install. But it's just important that the content be legal, so it doesn't end up getting all sorts of bad publicity. (Unfortunately, the media is quick to jump on the backs of anything that could potentially threaten them -- especially when you consider megacorporations like AOL Time Warner that own just about everything. For example, Warner Music hates Napster, so they could get CNN to run stories about how evil Napster is and how it hurts the poor defenceless little record labels. But I'm probably just paranoid.)
    • The idea that struck me the hardest from Fred von Lohmann's reply is "substantial noninfringing uses". I already stated in another post how I believe that the ideal filesharing client will be a successful implementation of many ideas in one program.

      Hopefully law will follow logic here. If this filesharing network enables something that should be illegal, but is composed of many different parts which are all individually legal, it should follow that the process of combining these legal activities should not be illegal. The *intent* and the *actual usage* can be used to gauge the legality of the whole system.

      Note that Usenet isn't illegal. (I missed that too -- I think I wasted some of Fred von Lohmann's time by making him explain that.)

      Perhaps the most successful implementation of 'the perfect filesharing client' will create a large number of individual services that have tons of non-infringing uses, establish their value and their common use, and then all at once build a filesharing program that connects them all.

      I think that's what you just said. Movie trailers, convention broadcasts, etc.

      --Michael Spencer
      blocks@mspencer.net
      (use my IP's ARIN contact to reach me IRL)
  • As a freenet node operator, I feel no threat from IPDroids that I would ever be a direct infringer. I would be no more responsible for IP Infringement, than say a panty hose manufacture would be liable for using stockings in a robbery.

  • by jon_c ( 100593 ) on Friday August 10, 2001 @11:30PM (#2129075) Homepage
    A good example of a decentralized p2p network is FastTrack; you'll find FastTrack in some of the newer p2p software like Morpheus and Kazza. FastTrack extends what the Gnutella developers have been trying to do.

    1. It incorporates SuperNodes automatically. A SuperNode is a computer with the capacity to host serial other clients. Which solves the weakest-link problem with the Gnutella network; an example would be a user with a 56k connection having to relay all PING/PONG/QUERY messages for its section of the network. It also solves the problem of slow searches.

    2. It uses a hashing scheme to identify files, this allows for the software to positively identify identical files for simultaneous downloads.
    3. It's not file specific. Users could share anything. Or course he network is rampant with copyrighted software, pornographic material and mp3's. But at least it's not designed to do that - it's just used for that.

    The central problem with FastTrack isn't the technology but in how's it's marketed. FastTrack license its technology to be marked by third party developers, these third partly developers market as the next napster. To manage there user base they have established a login system which breaks the decentralized nature of the network.

    Thankfully the gnutella scene has been working on incorporating these features into the gnutella network. Namely the flagship gnutella companies, BearShare and Limewire.

    Freenet IMO is broken except for the most fanatic of freedom fighters. The central problem with Freenet is its speed, which I believe is inherently broken. When a user begins a transfer of a file over the Freenet network it is copied to every node (space abiding) along the path. This is to enforce redundancy, and is central to the anonymous nature of the Freenet network as it allows users to be unaware of what they are storing; it also has a weakest link problem in that a hop from the source might be very slow. In theory if a file is popular enough it will always be close, however we have yet to see that happen.

    The other problem with Freenet is that it is un-searchable; users are required to KNOW what they are looking for. I don't deem this is a death blow as other services could get around this, an indexing service for example

    Some links that you might find helpful:
    FastTrack [fasttrack.nu]
    BearShare [bearshare.com]
    Limewire [limewire.com]
    Gnutella Developer Forum @ Yahoo [yahoo.com]
    MusicCity's Morpheus [musiccity.com]
    Freenet [sourceforge.net]

    -Jon

    • The central problem with Freenet is its speed, which I believe is inherently broken. When a user begins a transfer of a file over the Freenet network it is copied to every node...a hop from the source might be very slow

      Performance-wise, this caching is actually one of Freenet's strengths. If a cached copy of the data you want exists on the near side of a slow link, you never have to traverse that slow link, and Freenet's caching makes this much more likely. Obviously cache hit ratios, miss penalties, etc. have a lot to do with exactly how well it works in practice, but the caching in general will help far more than it hurts.

      Speed problems in Freenet are implementation artifacts, which I expect to be fixed. There is, however, a much more serious design-level problem with Freenet: its lack of reliability. Freenet drops data. While Ian Clarke always turns several pretty colors whenever someone characterizes the data loss as random, data loss that occurs in response to events or conditions that the requester cannot control or even know is just not practically any different. Even if the data exists somewhere in the system, you might not be able to find it. Search requests have a horizon, which Freenet developers in a classic instance of "Not Invented Here" syndroms call HTL (Hops To Live) instead of using the well-known term TTL (Time To Live). If you're 10 hops from where the data was inserted, and your requests use HTL=4, you'd better hope that not one but (at least) two nodes between you and the insertion point requested the data before you. One might argue that you could just use larger HTL values, but if everyone did that your overlay network would get totally clogged with everyone's search requests hitting every other node: ask the Gnutella guys how much fun that was. Freenet makes it even worse because the routing's not reliable enough to avoid loops. The basic problem is that Freenet doesn't have any solution better than HTL to prevent this sort of query-overload meltdown, and adopting HTL as your "solution" guarantees that search results will never be more than guesses.

      There are other less technical problems with the Freenet project, but it's not necessary even to go into those. On the basis of technical problems alone, I think that Freenet can never be more than a mediocre niche solution. It will certainly never be the world-changing tsunami that its self-appointed PR flacks (hello IC, OS, BW) would have us believe it is.

  • Freenet (Score:2, Informative)

    by reverius ( 471142 )
    Well, this sounds like it's time for Freenet to reach a usable state. :)

    That is the only real way we can be safe from bad laws made by people who protect business interests and don't understand technology.

    An encrypted, anonymous network can completely ignore legal implications, because there is nobody directly responsible for it, or even for any single transfer.
    • Re:Freenet (Score:5, Insightful)

      by jchristopher ( 198929 ) on Friday August 10, 2001 @09:39PM (#2115425)
      An encrypted, anonymous network can completely ignore legal implications, because there is nobody directly responsible for it, or even for any single transfer.

      No, you cannot ignore the legal implications, because:

      1. It will eventually made illegal to even run the P2P client;

      2. ISPs (already have) will start cutting you off for even running Napster, AudioGalaxy, Freenet, etc, bowing to pressure from megacorps.

      What good is an encrypted P2P client if you've got no internet connection?

      • I've been thinking about this as a possible "solution". A wireless "Internet". Now, at least with current tech, you wouldn't be able to get globe-spanning Internet without a few "shadow" Internet connections. But a over-the-air shadow Internet with 802.11b or those peer-to-peer 128k Ricochet modems, or some other such wireless technology. Wouldn't necessarily be fast or especially reliable, but with it's growing populatiry it could at least be a functional replacement.

        Now, the medium wouldn't be encrypted, but any normal IPSec or the like encryption could take place over it. You'd have to have a relatively dense concentration of people depending on the technology used, but with multiple discreet hookups to the land-line Internet you could serve patches of a city, and it's access to the world wouldn't be completely cut off if one connection was brought down.

        I've been toying with the idea, and I realize there are some serious limitations wrt range and reliability, but it could be a start. Wouldn't be anonymous, but it's not like AOL could shut off my access to it. COngress isn't especially likely to pass a law outlawing wireless networking equipment, seeing as many wireless companies contribute generous sums to political parties.

      • goddammit. You mean we'll have to resort to warez parties again?

        Actually, not a bad idea.. It's so rare that I see my friends these days...

        :)

      • People (especially me) will always find a way to have an internet (or something else) connection. ;)

        Check out this /. story [slashdot.org]. You'll notice the word "Freenets" in the title; that's a different freenet than the "Freenet project". In this case it just means "free network".

        But wouldn't you agree, that freenets make a perfect network for Freenet? :)
      • Then they start hiding Freenet in other protocols. Have it piggyback on https. Or ssh. Or hide it in ICQ messages.
    • An individual doing it is accountable, a mob doing it is diminished blame, a society doing it is a culture. Once people using Freenet are doing it, who are they going to finger?
      • Once people using Freenet are doing it, who are they going to finger?

        They don't have to finger anyone, they will just get a law passed making it illegal to run "un-certified" P2P networks, or get your ISP to chop you off at the knees just for running the client.

        Mega-media companies (TimeWarner/AOL) are buying up broadband like crazy. This should scare you, because without broadband, it slows to a trickle.

        • Back to the stoneage of that 56k modem chirp? No way, not me. All the cable and DSL providers are blocking port 80, so they're starting to get that axe ready for the knees. I'll go find something else to do.

          I don't think they realize the headaches that they give their customers are going to leave a sour taste in their mouth when they think Internet, meaning ecommmerce takes a hit.

    • There is an even bigger problem with freenet.

      If you are running a node, it is quite possible that you have illegal material encrypted on your hard drive. Not only that, but you also have keys and software necessary to decrypt it. So if law enforcement gets a hold of your computer, they can find the illegal material. It was on your computer, running as part of a P2P network, so technically you were distributing it.

      Until there is a way around that, you won't catch me running a node!

      This sig intentionally left blank.

      • Re:Freenet (Score:2, Informative)

        by reverius ( 471142 )
        From what I've read about Freenet, this is not the case at all. This is from their FAQ page [sourceforge.net]:

        4.3. Why hash keys and encrypt data when a node operator could identify them anyway if he tried?

        Hashing the key and encrypting the data is not meant a method to keep Freenet Node operators from being able to figure out what type of information is in their nodes if they really want to (after all, they can just find the key in the same way as someone who requests the information would) but rather to keep operators from having to know what information is in their nodes if they don't want to. This distinction is more a legal one than a technical one. It is not realistic to expect a node operator to try to continually collect and/or guess possible keys and then check them against the information in his node (even if such an attack is viable from a security perspective), so a sane society is less likely to hold an operator liable for such information on the network.

        • But that's exactly the point of the white paper. If the operator of a P2P service -- which could well be something as small as a single Freenet node -- either knew or should reasonably have known that his or her service was being used for infringing purposes, then he or she could be liable for indirect infringement. Since any node operator can be reasonably sure that their Freenet node is being used for infringing purposes, operating a Freenet node probably leaves you personally liable for contributory infringement.

          In fact, the operation of a Freenet node is probably direct infringement: you've made an infringing copy on the disk inside the node. That's direct infringement.
          • Fred von Lohmann was also talking about this when he referred to 'automated [data] reproduction' in his reply to me.

            I think there is a range of legitimacy for automated data reproduction acts. Large internet routers obviously should not be forced to shut down because some of their routed traffic may be infringing. On the other hand, a custom program or script designed to hide the identity of an OpenNap server by forwarding requests to the server and forwarding responses back is more likely to be required to shut down.

            Someone should probably ask Fred von Lohmann about 'prior restraint to speech', how he believes that was addressed in the Napster case, and how he feels it might be addressed in the future. He's already given us a very wise statement about this: "In the final analysis, a court will probably not be sympathetic to a system that is seemingly designed to frustrate the legal system."

            Only a lawyer can tell for sure, but my layman sense of right and wrong tells me that we shouldn't be forbidden from protecting the anonymity of people. Sometimes anonymity protection is used to evade law enforcement...sometimes it's used to keep our personal information out of marketing databases...sometimes it's used to keep people from being assassinated by other governments or organizations.

            --Michael Spencer
            blocks@mspencer.net
          • IANAL, of course, but...

            I don't think you can define "should have known" in court. Either you knew something, or you didn't.

            It is not a matter of simply looking at the files; you would have to find the keys and decrypt everything in your node.

            I think that holding someone responsible for what is on their node should not hold up in court any more than holding someone responsible for what is in a car they lent to an anonymous stranger.

            If you lend your car to an anonymous stranger, and they find drugs in it, I don't see how you can be liable.

            If you lend your hard drive space to an anonymous stranger, and they find stuff in it that violates the DMCA, I don't see how you can be liable. :)

            Freenet is specifically designed to circumvent this legal liability, by denying the (easy) ability for a node operator to see what is in their node.
            • Actually i beleive that if they do find drugs in your car, the owner is ALWAYS responsible. The idea being that you should take care not to let people with drugs into your car in the first place...
  • It's worth pointing out that most of the dialogue [infoanarchy.org] is only "fascinating" if you accept the clumsy application of copyright to electronic works. Surely it isn't necessary here to reiterate why copyright is so grossly inapplicable to electronic works.

    Or is it still necessary? While people have been offering well-constructed arguments against copyright for years, "progress" marches on, in the shape of lawyers and their loopy discussions about the "unexplored terrain" of "encrypted token servers". Look, if copyright law makes it illegal to copy work X, then everybody who participates, even unknowingly, is liable -- somehow or another. There is no question of finagling some workaround through encryption or any other scheme...sooner or later the copyright owner is going to come knocking. The real, unresolved questions, are still about whether copyright can be reformed or replaced with something that fits the technology space we live in.

  • First it sends a cookie, then it wants you to register. Those guys aren't anarchists, they're control freaks.
  • by jchristopher ( 198929 ) on Friday August 10, 2001 @09:33PM (#2146366)
    Is there any way for a P2P network to be anonymous? I've thought about this often, but given my admittedly limited networking knowledge, I really don't know.

    I know the purpose of something like FreeNet is that the content is encrypted, such that you don't know what you're storing, sending, and receiving. But anyone else on FreeNet also knows that you are running a FreeNet host, and your IP address, correct?

    What I'm getting at is that FreeNet sounds great... but what if in the future, it is made illegal/difficult to even run a node? (and that IS coming) What then? Is there any way to hide the fact that you're running a node, and still be able to access the network?

    The reason I bring this up is that many people are getting broadband. Frequently, there is only 1 DSL and 1 cable provider per community. You can't afford to get kicked off for a terms of service violation. (Whereas with dialup, you could just get another account...)

    So how can you participate in peer to peer networks without endangering your (possibly only) source of broadband connectivity?

    • I think the concern here is overstated, there is no reason for the server to be anonymous. 1. You are talking about the individual customer, no customer then no revinue. 2. The problem with napster is bandwidth, a busy napster server sucks up bandwidth the costs the ISP money. If the account costs more than its revenue, the the ISP is likely to shut it down. If that is not the case, the ISP has a real financial reason to leave it open. 3. You are not in business (receiving compensation for the service you are providing). Since your are providing a free service to your neighbors (fellow citizens) which has substantial legitimate use, getting any form of a jury conviction is about zero. 4. The cost of prosecuting an individual (for a corporation) far exceeds any remedy the corporation could expect to collect. 5. Bad publicity could cost the prosecutor dearly (political as well). Look at how fast Adobe backed down against Dmitry once public opinion has been aroused. 6. First Amendment rights probably apply which will also have a deterrant. I do not think that the private citizen is at risk. Notice how much hot water the police agency in Tiawan got into when they raided a school dorm looking for napster use.
    • A serious question: How many broadband ISPs would both a) kick you off, and b) refuse to ever allow you to sign up with them again? Considering that that means they'd refuse to ever take money from you again? Anyone know of cases where this has happened? Which ISPs?

      Also, couldn't one go through a reseller or
      sign up under a different name if one has been
      banned?

      • Comment removed based on user account deletion
        • If AOL or another big ISP decided to 'crack' down, I'd imagine that an event could be organized where massive amounts of users cancelled at the same time/same day.

          Yeah, just assume that they'd pick the worst possible strategy for their own purposes, because it'd be the way to punish the greatest number of their paying customers. That makes sense.

          More realistically they'd:
          -announce loudly that P2P clients were banned
          -loudly kick a few dozen of the most-connected nodes
          -send scary warnings in the email of other P2P users
          -continue making examples until the majority complied

          This is the way ISPs enforce any new restriction on widespread abuse. It works.
          • Comment removed based on user account deletion
        • By the end of that process, at least 2 out of 3 users would be gone from AOL, off to Bob's Local ISP Who Doesnt Filter.

          That sounds fine, except that AOL is probably the only cable modem provider in your community, whereas "Bob's" can only provide 56k or a $800 T1 line.

          No, ISPs, especially smaller ones, can't afford to bow to this pressure.

          They already are! Look at Adelphia cable. (Do a search). If they are a monopoly in your community, and you don't like their terms of service, what do you do?

      • I can see it now, if the practice of banning people gets _really_ prevalent & draconian or automated, someone will write a M$Virus (tm) that fakes heavy webserver activity originating from the infected computer. 30 minutes later people start getting kicked, and the ISPs start losing customers.

        Jaysyn
    • Ultimately this big ole network has to have some way to figure out how to get those little packets of information into your computer, rather than MIT's mainframe or Aunt Mildred's or mine. That's what the IP is for. It's like trying to "anonymously" send a letter by putting it in the mailbox in front of your house. You may misrepresent the return address (IP spoof) but unless you go to a public mailbox (internet cafe) the Post Office (net) can trace the letter back to you if it wants to badly enough.
      • Although you're ultimately correct, your example is a little deceptive. In fact, for all pratical purposes, an anonymous P2P network can be built.

        In your examples (IP address, postal address), address were used to uniquely and permantely identify a person or other entity. This is fast and efficent for networks that are not required to function anonymouly. The router 'knows' which router it needs to send a packet to to get it closer to it's final destination, and a postal office knows which other piece of postal infrastructure to send a letter off to to get it closer to the person. However, this is not the only way to do addressing.

        It is possible to do addressing on the basis of 'conversations'. Your computer sends a packet off to the P2P network with a unique(ish) idenitfying number. The other nodes of the P2P network broadcast your packet to each other, but each node remembers which node immediately before them sent them the packet. This builds sort of a 'temporary routing entry', which allows each router to appropriately route responses closer to where they have to be. However, each router only knows the identity of the router that came before it, so you would need to have control of all the routers in the route from the originating host to to your host to fully trace a packet.

        Although it is still possible to find the identity of an originating host, it's entirely impractical in all but an extremely comprimised network, where the attacker controls a large number of nodes. Also, it's not only impratical to associate a packet with an originating internet host, it's also impratical to tell if two packets are originating from the same node, because the addressing scheme is conversation based instead of node based.

        I have a strong feeling that this is exactly how Freenet operates, but I don't know, as I haven't done much research in to it. This is just how I would architect a P2P network.

        -Bodnar42

        • You've touched on what ultimately must happen if individual internet users are to continue have any control over how they use this tool.

          A few years ago if you had a DSL connection and you wanted to host a small website it made more sense to use your already existing static ip to host the site than to co-locate or pay rent on a virtual server. That is no longer the case. Ports are being blocked and I for one would not be surprised to see them remain so forever in the interests of "network security". Realize the following:

          1. Servers are becoming geographically centralized as illustrated by the recent slashdot feature. Co-location and virtual hosting are becoming the only economicaly feasible way to get your site hosted.

          2. The big corporations are learning to control the internet. Right now they know that they want to control the content you see but the recent threats of litigation are forcing the big ISP's (who also may be publishing their own content. the lines are blurred here(AOL/TW))to learn how to control content gets published and how it gets published.

          My gut feeling here is that P2P over the existing internet is a losing battle. Just like you hear people say here on /. "let them make a new copyright prevention scheme, we'll just crack that one too", the big corps will turn that philosophy back on to file sharing networks, no matter the protocol. They own the tools and the talent. Whether it's port blocking, packet filtering, litigation, or what-have-you, everytime a "new" P2P network reaches a popularity threshold high enough to be considered "dangerous" it will be snuffed out.

          The only solution is a truly free and open internet that is not controlled by anyone. It would start with me running some CAT5 across the backyard to my neighbors house and setting up a wireless connection to the guy across the street. The biggest hurdle to this "internet" is addressing. The addressing scheme you described may be a solution. This is one of those things that so big no one tries to get it going, but I'm sure there's a few million people who've thought along these same lines. I've never coded anything beyond "hello world" but I do think this is possible if someone just takes the first step and starts a project on sourceforge

    • I've thought about this. You want to be anonymous, but at the same time you want to make sure the person that just joined up isn't a narc waiting to bust your mp3 sharing ring. Can't have both. Would you trust that blank certificate? You basically have to resort to the ignorance of not knowing what it is you are carrying and letting the folks who encrypted it and put portions of it on your server worry about who they talk to.

If you think nobody cares if you're alive, try missing a couple of car payments. -- Earl Wilson

Working...