Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

Protect Your P2P Privacy 39

BillGatesInABikini writes "APC Magazine has a short piece on protecting your privacy online while using P2P software with the likes of Peerguardian (Windows) and MoBlock (Linux). It's concise and to the point, and a real eye opener if you don't currently protect yourself while using P2P for transferring files, legitimate or otherwise."
This discussion has been archived. No new comments can be posted.

Protect Your P2P Privacy

Comments Filter:
  • But don't we all know this already, being the tinfoil hat crowd that we are?
  • It's a panacea (Score:5, Insightful)

    by Anonymous Coward on Monday November 27, 2006 @10:10AM (#17001502)
    Even if you use these programs, your IP address will be exposed to others, if not directly than indirectly. It's simply part of how P2P works over TCP/IP.
    • Shouldn't the title be "It's no panacea"? I.e. There is NO cure-all because P2P is based on connecting directly to other IPs. That's simply how P2P.. yada yada..

      Or is this one of those Americanisms where words/phrases/idioms suddenly mean exactly the opposite of what they actually say and we're supposed to accept the fact that language is always changing?
  • :o\ (Score:5, Insightful)

    by TubeSteak ( 669689 ) on Monday November 27, 2006 @10:11AM (#17001508) Journal
    The scary part is, you don't know just how frequently and from the range of sources prying eyes come knocking until you use a piece of software designed to prevent exactly this sort of eavesdropping.
    It isn't so scary if a lot of those "prying eyes come knocking" because they're running P2P also.

    Just looking at the screenshot, why would you block 'the State of Wisconsin'? I suspect that those lists are just a big mashup of every corporate IP block ever, because a bigger list has to be more secure.
    • Re::o\ (Score:4, Insightful)

      by Sancho ( 17056 ) on Monday November 27, 2006 @10:39AM (#17001898) Homepage
      A bigger list is more secure. The fewer people you allow to talk to your machine, the less likely one of them will do something bad to it.
      • Surely the safest thing to do, then, is to unplug from the 'net and get CDs instead?
      • A bigger list is not more secure if someone else can get the same list you used and use it as a list of machines not to contact you from, which will allow them to save a lot of time. Kind of like how profiling makes the system less secure since they can deliberately avoid using people with those profiles.
    • I get the most hits on PeerGuardian from seemingly Chinese sources. Not sure why.
      • by Myen ( 734499 )
        Imagine what would happen if PeerGuardian blocked all of RoadRunner or Charter.

        Now imagine what happens when you're Chinese and wrongly blocked... You might not even know PeerGuardian exists; how would you file a complaint?

        Remember, they don't need to care about the *IAA as much over there - they'd just have their own equivalents that use different hosts to begin with.
  • Safest Method? (Score:5, Insightful)

    by FreyarHunter ( 760978 ) <Psycle@@@comcast...net> on Monday November 27, 2006 @10:11AM (#17001516)
    The safest method of using P2P software is not to at all.

    Seeing as how various law-groups continue to think they run the universe and thus have the right to destroy computers by "injecting" infected files onto the P2P network.. Egh.
    • So this is why you never download/block any files that could be executed (e.g. *.exe, *.vbs, *.bat, *.com), or, if you use Lime/Frostwire, right-click > block host. Works well for me.
    • Re: (Score:2, Funny)

      by killmenow ( 184444 )
      The safest method of using P2P software is not to at all.
      So, in essence, what you're saying is: A strange game. The only winning move is not to play.

      Well said, Joshua, well said...
    • by 4D6963 ( 933028 )

      The safest method of using P2P software is not to at all.

      And the safest way to avoid catching an STD is not to have sex at all. If hope nobody modded you insightful for your first line.

  • Tried peerguardian, and it blocked slashdot. Every over site I use seems to be fine, but slashdot didn't like it. Had to get rid of that (or at least enable all http).
    • Tried peerguardian, and it blocked slashdot.

      Must be from all the GNAA and goat.cx trolls putting nasty stuff on slashdot.
    • You can leave your "Block HTTP" on, all you have to do is permanently allow the IPs from "Savvis-Sourceforge Split1 Start Range." (That's the name they gave to the IP ranges when visitting Slashdot.) Open up your Peer Guardian, find the above entry and just right-click "Allow Permanently." You might have to do this twice because I believe there are two different ranges. I'm not sure the reasoning behind it, but I would have to believe it has something to do with advertising. One word of caution: It seems
    • by deblau ( 68023 )
      Right-click the block entry, select "Allow [IP] permanently". Problem solved without enabling all HTTP.
      • by mgblst ( 80109 )
        Tried, it, it didn't work. Looks like is was just me, so I am going to go shoot myself.
  • Azureus plugin (Score:4, Interesting)

    by advocate_one ( 662832 ) on Monday November 27, 2006 @10:42AM (#17001924)
    how does Moblock compare against using the peerguardian plugin for Azureus on Linux? Whenever I start Azureus, it spends a short time fetching the "biglist" and then regularly updates that list according to how I've scheduled it. Moblock apparently has to be manually fed and launched
    • Re: (Score:3, Informative)

      by urbanriot ( 924981 )
      I think you mean "safepeer" plugin for Azurues. I don't know how you could compare the two - Moblock runs on Linux using iptables, interfacing with the kernel whereas safepeer runs within Azureus. Personally I've had issues with the safepeer plugin in the past utilizing considerable resources and not responding after importing massive IP ranges but that may have changed in the last year or so.
  • Scary (Score:5, Funny)

    by truthsearch ( 249536 ) on Monday November 27, 2006 @11:16AM (#17002482) Homepage Journal
    Which is scarier? The need for P2P privacy or this being posted by Bill Gates In A Bikini?
  • by urbanriot ( 924981 ) on Monday November 27, 2006 @11:54AM (#17003052)
    If people think for one second that RIAA and MPAA are using their public blocks of IP ranges to bust people, they should think again. There's a false sense of security in running these programs - people continually see blocked IP range hits and think, "Look at all the bad people I've blocked." If you think you're being smart by using peerguardian or protowall, consider that these companies are smarter by using public and spoofed IP addresses. Not to mention, the majority of those the downloaded lists include massive amounts of "safe" peers that are being unnecessarily cut off.
    • by tlhIngan ( 30335 )

      If people think for one second that RIAA and MPAA are using their public blocks of IP ranges to bust people, they should think again. There's a false sense of security in running these programs - people continually see blocked IP range hits and think, "Look at all the bad people I've blocked." If you think you're being smart by using peerguardian or protowall, consider that these companies are smarter by using public and spoofed IP addresses. Not to mention, the majority of those the downloaded lists includ

    • Re: (Score:2, Informative)

      by putch ( 469506 )
      agreed. but from my experience these programs are more useful for stopping bad blocks. i started using Peer Guardian about a year ago. i was trying to get the latest ep of an HBO show and it kept failing. other people were commenting on the same torrent that it was legit. but after three tries it still wasn't working. PG gets updated from the community to block those known to be corrupting torrent networks. most torrent clients these days will auto block an ip after a certain number of bad blocks. but
    • by MrGumby ( 177716 )
      Actually I do think the RIAA and MPAA would be using their public blocks of IP ranges. Mind you, not exclusively. You have to think about it this way. They are looking to scare people more than anything else. Pick out a few average Joes and make an example of them. Now think of how many people are actually trading material.

      True, anyone who thinks peer guardian is an airtight solution is an idiot, but that doesn't stop me from using it (or at least the azureus plugin). Like many aspects of internet security
  • by JoshuaSpringfield ( 984602 ) <JoshuaSpringfield@@@gmail...com> on Monday November 27, 2006 @11:57AM (#17003100)
    I protect my p2p privacy by leeching off my neighbors unsecured wireless. I kid, I kid....
  • by FallLine ( 12211 ) on Monday November 27, 2006 @12:13PM (#17003280)
    Posting this article as if it were some brilliant nugget of wisdom is just plain retarded.

    First, these tools truly do not anonymize your P2P activity. All they do is block whole groups of IP addresses. The blocked addresses are presumably the record labels and other alleged "bad actors".

    Second, the assumption that this is an effective means of blocking the record labels or other entities from finding out what you are up to is seriously flawed. The breadth of the IP groups that these tools block are bound to yield many false positives (many innocent and unrelated sites get blocked). Additionally, they are fundamentally flawed because they presume that RIAA/MPAA/etc will confine their activity to obvious named entities and not one or several cable modems leased from comcast. Even when this monitorer has been active reporting copyright violations and such, there is generally no reliable means for these list-makers to establish which IP actually was responsible for the original observation/evidence gathering. Even if the list-makers could presumably establish that, they would need to ban whole blocks of IPs on dynamic networks (e.g., all of Comcast in LA) to just to block that one account...

    Third, using these tools as akin to admitting you are committing piracy because the only concievable utility is to attempt to hide from industry. Though I personally believe that almost all of these P2P systems are used almost exclusively, in practice, for various forms of copyright infringement, with the exception of BitTorrent (which has clear legit uses), using these tools basically just reinforces that you are trying to hide your actions from a particular set of people, namely, RIAA, MPAA, and other related organizations that are trying to enforce copyright.

    You might argue that the powers that be are misreporting violations, but I, for one, do not buy into the notion that users would go through the trouble of installing this tool (and all the pains that go with it) just to try to escape the very remote chance that RIAA/MPAA will falsely report your linux distro download as a piracy.
    • Re: (Score:3, Insightful)

      Third, using these tools as akin to admitting you are committing piracy because the only concievable utility is to attempt to hide from industry.

      Ironically, the first thing that caught my eye about this article was the potential use of this software for spyware/malware protection in an organization. Eg, I think tools like spybot (free) and windows defender (free?) and adaware (not free for orgs) do not do this kind of ip blocking. Maybe I'm wrong? Anyways, the fact that it is open source makes it par
      • It also helps against most unwanted advertising.

        Anyone use MSN Messenger? If so, you've probably noticed those medium-sized advertisements at the bottom of the contact list. Well, fire up PeerGuardian with "Block HTTP" on, and you won't see any advertisements on your contact list at all!

        According to PeerGuardian those advertisements are coming from "Doubleclick," which is also why some Firefox+MSN Messenger users will occasionally have IE Doubleclick cookies pop up in a report after running AdAware or SpyB

  • The whole idea that peerguardian and the like are a means of securing yourself is ludicrous. I'll give you a scenario.

    RIAA/MPAA commissioned security firm runs an ultrapeer/server/hub and you connect to it. You happilly upload an index of your hashes. An automatic flag alerts them that you may be hosting someone elses copyrighted materials because you have a known hash. They attempt to connect via their corporate connection, but recieve no response, you have an IP range block firmly in place. They t
    • That is why the P2P indexing server run by the security firm commissioned by the RIAA/MPAA is on the block list.

      Revised scenario:

      Your computer tries to upload your list of hashes, but the packet never gets through, so they don't have your list of hashes or you IP in the first place. If you are using a client such as eMule that lists server info, it is very unlikely that you will even try to connect to said server since eMule is unable to query that server such as name, current/max users, and number of files
  • Makes no sense (Score:4, Insightful)

    by rduke15 ( 721841 ) <rduke15.gmail@com> on Monday November 27, 2006 @04:06PM (#17006994)

    Using P2P whith blocking blacklists makes absolutely no sense.

    The point of P2P is sharing. So you are supposed to share, or eventually there is no P2P at all.

    Yes, the blacklists are supposed to only block the "bad guys", and let you keep sharing with the "good guys". What an idiocy! Does anyone believe that people spying on P2P networks are SO stupid? It seems obvious that they will use plain DSL connections with dynamic IPs which are not on any blacklist, so you definitely won't block them.

    An effective blacklist would block everyone, and if everyone used it, it would destroy the P2P network.

    With a partial blacklist you can be pretty sure that you are NOT blocking the machines you would want to.

    Look at the screenshot in the article. Yes, it was choosen carefully so that you can see Sony in there. The rest is mainly (European) Universities, and the like. Do you really think that RIAA sying on P2P would be from European universities?

    Either use P2P and share, or don't use P2P.

    • Do I really think RIAA spying on P2P would be from European universities? No, but Europe has an RIAA equivalent that also sues people. Anyway, that's a strawman(?) if I've ever heard one.

      The lists work by adding addresses that have busted people, and other suspicious blocks. I've had two cease and desists, one from the studios, and one from Microsoft. If it wasn't for PeerGuardian, I would have had to stop using p2p altogether because a C&D would quickly become a civil suit if I didn't CEASE AND D

Nothing ever becomes real till it is experienced -- even a proverb is no proverb to you till your life has illustrated it. -- John Keats

Working...