Combining BitTorrent With Darknets For P2P Privacy

CSEMike writes "Currently popular peer-to-peer networks suffer from a lack of privacy. For applications like BitTorrent or Gnutella, sharing a file means exposing your behavior to anyone interested in monitoring it. OneSwarm is a new file sharing application developed by researchers at the University of Washington that improves privacy in peer-to-peer networks. Instead of communicating directly, sharing in OneSwarm is friend-to-friend; senders and receivers exchange data using multiple intermediaries in an overlay mesh. OneSwarm is built on (and backwards compatible with) BitTorrent, but includes numerous extensions to improve privacy while providing good performance: point-to-point encryption using SSL, source-address rewriting, and multi-path and multi-source downloading. Clients and source are available for Linux, Mac OS X, and Windows."

About time

[Keeper Of Keys]

The need for this has been brewing for a while. Hope it does what it says on the tin.

We already have this; it's pretty much worthless.

[Anonymous Coward]

There have been BitTorrent clients for I2P for years now. They're useless, largely, because anonymous networks are nightmarishly slow and unreliable, and very, very few people bother to upload anything interesting (at least in my opinion).

Before anyone accuses me of trolling, I've been using TOR off and on at home since 2005, and I've experimented with I2P for about 6 months in the wake of whistleblowing of the NSA wiretapping program. They're horrible, frankly, and I only put up with TOR still out of sheer cussedness. TOR at least lets you get content from the outside world; I2P is darknet-only, and darknet-only content isn't that exciting.

In fact, it's frankly dull as hell -- mostly political rants and porn (often of the less than legal variety). Sure, that could theoretically be overcome, but it won't, because performance is so bad that no one uses them but people stubbornly making a political point or people with downright criminal tastes (like the child porn freaks that seem to dominate the core.onion message boards). Mainstream consumers want convenience, and darknets don't provide it.

The performance is terrible because every download on a darknet is limited by the upstream bandwidth of the worst of your peers -- each of which is generally passing through streams from several other peers at the same time. Think about this. Think of the common 128 Kbps cap on most residential DSL or cable. And this is when you don't have unreliable or malicious peers.

So, frankly, who cares? I pirate copyrighted material because it's convenient and it lets me intelligently spend my money only on things I've vetted first -- spending my money only on things that have merit. Darknet torrenting is simply NOT convenient, and I simply wouldn't bother if it truly became necessary.

I like the concept of TOR and darknets because they provide an important technological counterbalance to tyranny, but I seriously doubt that they could survive as a useful tool for issues less relevant that free speech and survival, like wanting to get movies for free.

Re:

[CarpetShark]

In fact, it's frankly dull as hell -- mostly political rants and porn

Which is largely how the web was, before (non-porn) people realised they could make money on that network.

Re:We already have this; it's pretty much worthles

[ultranova]

There have been BitTorrent clients for I2P for years now. They're useless, largely, because anonymous networks are nightmarishly slow and unreliable, and very, very few people bother to upload anything interesting (at least in my opinion).

Ironically enough, Freenet is actually pretty fast nowadays. Still nowhere near BitTorrent, but automatically dividing each file into multiple pieces and the mechanism which causes each piece to become hosted in more peers the more it is accessed results in automatic load-balancing and a torrent-like effect. It's certainly much faster than Tor, and not subject to DoS attacks.

Before anyone accuses me of trolling, I've been using TOR off and on at home since 2005, and I've experimented with I2P for about 6 months in the wake of whistleblowing of the NSA wiretapping program.

Tor isn't a darknet. It's an anonymizer. The fact that you're running a Tor node is not hidden; only what you're doing with it is. Even then there's a simple way of locating hidden services: simply correlate the uptimes of the server in question with the uptimes of Tor nodes.

Freenet doesn't have that problem, since accessing inserted content doesn't require contacting the node that inserted it; however, on-demand insert by Frost might cause a vulnerability, if the attacker controls a node adjacent to yours, since they can then see that a disproportionate amount of pieces for that file are coming from your node. Premix routing should fix that once implemented.

Not a new idea

[Burz]

Try the following:

I2P net [i2p2.de]
MUTE/ Kommute [sourceforge.net]/ Ants/ Dargens
Alliancep2p.com
Filetopia.org
GNUNet
Rodi
Emscher ...and probably more.

Some of these like I2P use bittorrent over their anonymized network (a BT client is built into I2P but you can use some others... Note that Azureus aka Vuze has I2P support built-in!)

After viewing the demo video

[Burz]

OneSwarm seems to have a lot more polish than the P2P networks I listed: In-browser previews, codec translation of media files, integration with GoogleTalk, etc.

The basic transfer functionality appears to be similar although based on the invite-only darknet idea. Personally, I do not think these darknets offer much advantage, as the other P2Ps (and also Tor) offer anonymity by maximizing the number of participating nodes... which provides resistance to authorities trying to social-engineer and recruit their way into smaller friend-based networks.

Re:

[Burz]

Using p2p over TOR isn't going to get you very far.

I think you read too much into that. I mentioned TOR only in the sense anonymizing traffic.

It would be nice if more users ran relays and exit nodes. And really the latter is what we need... it would be nice if at least in the west people could find some more legal reassurance to running an exit node.

Re:After viewing the demo video

[Burz]

Um, "In The West" (the United States) over 1% of the adult population is currently behind bars and 17% of all adults have been put through the penal system. Minors are being sentenced as child pornographers for sending nude cameraphone shots of themselves to their girl/boyfriends.

I think your view of the West may be Hollywood-tinted and overly optimistic. The war on drugs (a kind of civil war) is just starting to abate; legislators and police-state apparatchiks are looking for the next new frontier to exercise their lust for punishment.

Re:

[ultranova]

I'm in The West, and run an exit node without fear. If some jack-hole starts spewing CP through my node, I'm covered... *I* wasn't the one who was transmitting the info.

"Your Honor and Honorable Jurors, this man knowingly and willingly ran software designed to allow pedophiles and other criminals, even terrorists, to hide their identities while conducting crimes against children online, and to circumvent filters put forth by lawful authority. He will continue to help these people exploit the defenseless, u

Re:

[Brian Gordon]

All very blah. Check out some screenshots [oneswarm.org] of OneSwarm. Slick! Plus you can access the web interface remotely, and play video and audio files from the network directly in the web interface. And you can exchange keys with trusted friends automatically via Google Talk, and there's a gmail-esque friends request interface. The coolest thing though is the fine tuned control you have over distribution.. you can control which friends and which groups you allow which shares to route through.

Re:About time

[Valdrax]

I've been doing BitTorrent over TOR for a while now. What makes this so great?

Stop it, jackass. TOR is not designed for that. It severely degrades the latency of the network, and the network does not have the bandwidth to sustain numerous users doing large file-transfers over it. The network is intended for anonymous expression -- not to transfer DVD after DVD.

Re:About time

[Anonymous Coward]

Honestly--I don't mind as long as he contributes at least $N_HOPS * $BANDWIDTH_PASSED back to the network--and as an exit node. Otherwise...yeah--they're a jackass. And the worst part is they probably don't care.

The more use use tor sees, the better crowd anonymity it provides. But given most people just abuse tor... well...all I'll say is it's been found there's a few substantial weaknesses--if you're using lots of traffic, you're probably going through a few private chokepoints. I sure hope they forward your information to appropriate third parties...

Re:About time

[Brian Gordon]

I sure hope they forward your information to appropriate third parties...

...Which would utterly ruin tor.

Re:

[morghanphoenix]

I've been doing BitTorrent over TOR for a while now. What makes this so great?

And this is one of the reasons I closed my exit node.

Re:About time

[Anonymous Coward]

And a big "stop it, jackass" right back at you. Don't tell people what anonymous expression can or cannot consist of. I express myself 4.7 GB at a time.

Re:About time

[The Master Control P]

It's manifestly obvious that transferring gigabytes and gigabytes of data in a manner which uses 5 or 10x more bandwidth than just sending from A to B is a bad idea unless your thought process before starting consisted of "Dur... Hey, it's anon-e-moos! There couldn't be any tradeoff for that!" Either way, if you do it you are a jackass and deserve to be called out as such.

Courtesy-in-kind: If you try to be nice, I'll be nice back. If you're a self-centered shithead who's intentionally hurting everyone else using TOR and you post about it, don't expect candy and flowers.

Re:About time

[Valdrax]

Well, not to be childish, but he started it by using the network in a way that (a) has been complained about by the designers of the network for years now, (b) is blocked by most exit nodes unless you deliberately change your port to avoid it.

Nearly EVERY article on using TOR with BitTorrent says "don't do it" and lays all this out. The only people who do this are people who *know* that it's discouraged and do it anyway. i.e. Jackasses.

Re:

[dgatwood]

Actually, assuming you're talking about an unmonitored repeater, you aren't knowingly doing anything, and thus, you should, at least in theory, be protected under the same sorts of DMCA exemptions as any other internet service provider that passes pirated/illegal content during the normal course of IP-based routing.

That said, if you do pass something inappropriate, IP number alone is almost certainly sufficient probable cause to obtain a search warrant. Having the same protection as an ISP doesn't mean the

Re:

[EdIII]

Your basically saying that the authorities cannot prove you facilitated the "theft" (copyright infringement is NOT theft) of an "apple", but they search your house and find 6 stolen kiwis, 23 oranges, 92 bananas, and 5 kumquats. You don't get convicted for the "apple", but instead get convicted for the other "stolen property".

1) If the warrant was obtained improperly on the basis of the "apple" theft, there is a good probability that the whole case could be thrown out. Miranda anyone?

It's excellent that y

Re:

[Dunkirk]

Tin foil hattery aside, your best defense is a combination of reasonable doubt (the foundation of TOR, Freenet, and these new darknets) AND STRONG NON-PROPRIETARY WHOLE HARD DRIVE ENCRYPTION.

I wouldn't put away the TFB just yet. I'm just cynical enough to believe that just about ANY court in the USA would demand you turn over your encryption key under threat of simply being in contempt of court. A judge can basically throw you in jail until you comply, and that doesn't even allow your case to proceed. Even if you somehow worked around this, not giving up your key would be seen as an admission of guilt. Look, I know it's wrong -- fifth amendment and all that -- but this is reality here, and the

Re:

[EdIII]

I'm just cynical enough to believe that just about ANY court in the USA would demand you turn over your encryption key under threat of simply being in contempt of court.

So? Give it to them :)

Let them find a couple thousand media files and pictures of big breasted women with cute little kittens between their breasts. It is the SECOND key that will unlock the rest of the data.

You have heard of TrueCrypt right?

A judge can basically throw you in jail until you comply, and that doesn't even allow your case to

Re:

[fredklein]

I had a similar idea years ago- when your bt client connects to a file tracker, it also connects to a 'proxy tracker' (which may or may not be the same server as the file tracker). Your client offers one or more 'proxy connections', and can take advantage of the same number of other people's proxies.

Hmmm.

[apodyopsis]

Hmmm.

So how long before the **AA bury this is a mass of litigation?

Though the main advantage of this system is that you can limit the access to a selected list of identities so this to my mind becomes more like a private group.

But at some point you have to grant access to people or you will have no audience, and I have often thought that private groups are like encrypted networks - they only raise the suspicion you have something to hide.

Re:

[L4t3r4lu5]

All the more reason to get the darknet up and running before it disappears.

Once the source code is out there, it'd be impossible to stop. Let's hope they post it instead of making you mail in requesting it.

Re:

[Walkingshark]

Once the source code is out there, it'd be impossible to stop. Let's hope they post it instead of making you mail in requesting it.

Well, you could always mail in and request the source and then post it, maybe on sourceforge? It is open source, right?

Re:Hmmm.

[Brian Gordon]

If nobody's out there promoting it with a website and support and a download link, few people will participate and it will slowly die.

You'd need kind of a large critical mass before the network can sustain its growth just by nodes emailing friends the source. A lot more than just "up and running".

Re:

[Chandon Seldon]

If nobody's out there promoting it with a website and support and a download link, few people will participate and it will slowly die.

Just like Gnutella. The "offical" client was up for one day in 2000 before being taken down, and it's still one of the top (if not the top) peer to peer protocols today.

Re:

[Brian Gordon]

Good point, but I have to point out that interest in Gnutella was massive, while fewer people are interested in the inconvenience, high latency, and very low bandwidth of this kind of darknet.

The internet at work.

[L4t3r4lu5]

"The Internet interprets censorship as damage and routes around it."
- John Gilmore [toad.com], Co-Founder of the Electronic Frontier Foundation [eff.org]

Re:The internet at work.

[Shadow-isoHunt]

I always thought that was Benjamin Franklin.

Re:The internet at work.

[Obfuscant]

Don't be silly. Why would the internet interpret Benjamin Franklin as damage?

Re:The internet at work.

[Brian Gordon]

No, the internet interprets censorship as Ben Franklin and routes around him.

Re:

[machine321]

No, he meant "The Internet interprets censorship as damage and Benjamin Franklins around it."

Re:

[brusk]

No, he meant, "With enough Benjamin Franklins, you can route around censorship."

Re:

[MichaelSmith]

No, he meant, "With enough Benjamin Franklins, you can route around censorship."

Thats because they all have the same name so if one breaks the law nobody knows which Ben Franklin did it.

funding

[binarybum]

nice to see some NSF funds going to good use.

Re:

[AlHunt]

nice to see some NSF funds going to good use.

Why does the National Sanitation Foundation [nsf.org] even care about file sharing, I wonder ...

Re:

[brusk]

No, he's referring to a bounced check. There's a $25 fee for that.

Friends?

[honestmonkey]

One problem from the demo seems to be that you need to have friends. I don't know anyone that has the por^h^h^h files that I want already.

Re:

[SwedishPenguin]

But maybe you know someone, who knows someone, who knows someone, who knows someone who has the files you want? (assuming an average of 10 peers each, that would be anyone of 10,000 people)

Re:

[SwedishPenguin]

Hm, that's assuming no overlap, so probably less. :P

Re:

[tepples]

But maybe you know someone, who knows someone, who knows someone, who knows someone who has the files you want?

But how would I find out whether or not this is the case? I don't even know anybody who uses the existing darknet software. People liked to complain about this back when Orkut and Gmail were still invite-only.

Trust no one

[westlake]

One problem from the demo seems to be that you need to have friends.

You'll find plenty of "friends" on the net willing to trade in porn - or anything else, for that matter.

The question is, who do you trust?

In the case of OneSwarm ...an adversary would be able to correlate the increase in traffic between sender and receiver along an overlay path. FAQ [washington.edu]

I can't quite shake the notion that a "web of trust" is inherently fragile.

That as they scale upward and are increasingly interwoven there will be a breach, a tear - that will unravel very quickly.

Re:Trust no one

[Aladrin]

Wait wait wait... So you're saying that in order to keep my files transfers secret, I have to sign up for a network, add only my closest, most-trusted friends, route the secret files through the computers of complete strangers... And trust that the whole system is really secret and nobody along the way has a way to hack it?

Seriously? This is insane.

P2P has never been about trading with close friends. You can do that -much- more secretly with a USB drive. It's about sharing with complete strangers.

I don't understand.

[commodore64_love]

Please explain.

If "Joe" in Virginia and "Mike" in California each have a copy of Hannah Montana's latest episode, I use Utorrent to directly connect to their IP address and start downloading pieces. How does OneSwarm work differently to get this video over to my machine?

Re:

[L4t3r4lu5]

It works by you being friends with Joe and Mike. They in turn are friends with Rachel and Simon, Brad, Jamie, and Robert respectively. That's now seven people to download from. Those 5 people have more friends, maybe with the file, maybe not, but THEIR friends might have it...

Plus, because it's not an open network, the trust between peers is higher. It will always be a "friend of a friend" that you're downloading from.

We just need to make sure nobody is friends with the MAFIAA.

Re:I don't understand.

[complete loony]

But even if somebody is friends with the MAFIAA, that doesn't mean they can work out who you are. If the protocol is built correctly, (no I'm not going to read it) you would have to compromise every relationship between sender and receiver to work out who anybody else really is.

Nodes on this network know their immediate neighbors (friends), and pass messages around, but don't necessarily know anything about who the end points are.

Re:

[jaavaaguru]

It encrypts the communication so that "Bob" at the RIAA can't see what you're copying by looking at network packets.

At least that's what the summary says to me.

Re:

[Fry-kun]

More than likely, it hides Joe's and Mike's IP addresses in the OneSwarm database - you have to be a friend of someone who has it to actually download a copy. Similar to friend invites on Demonoid (need a friend who's already a member to get an account and start downloading) - except this is decentralized.

Re:

[tepples]

you have to be a friend of someone who has it to actually download a copy. Similar to friend invites on Demonoid (need a friend who's already a member to get an account and start downloading)

Then what are the steps to gain a friend who's already a member?

Re:I don't understand.

[InsertWittyNameHere]

Please explain.

If "Joe" in Virginia and "Mike" in California each have a copy of The Big Bang Theory's latest episode, I use Utorrent to directly connect to their IP address and start downloading pieces. How does OneSwarm work differently to get this video over to my machine?

There, saved you from ridicule. You owe me!

You don't understand because it don't work

[SmallFurryCreature]

The entire idea of the so called darknet originated in the minds of kiddies who are full of goverment conspiracies but lack the intelligence to truly think about what this means.

Your ISP KNOWS!

Your ISP knows EVERYTHING!

Your darknet lights the ISP up like a christmas tree!

Darknets only work when the ISP doesn't care to monitor and report the traffic that crosses its routers and if they don't monitor/report the traffic then you don't need a darknet.

A darknet is often suggested as a solution of getting around opressive regimes. But the problem is that the kiddies thinking about it have grown up in free countries and just don't get how effective oppression can be. Oh we are not talking the Chinese here or even the RIAA or other such amateurs but the north-korean goverment.

How is your darknet going to work if ALL internet access is monitored. Send of a packet on an unknown port to an unknown destination and they don't need to decrypt it, you will tell them what was in it because there is only so much the human body can endure.

To make it understandable, imagine you invented an absolutely 100% effective way to hide content in a telegraph message. You could send any message of any length and embed you own content within it and nobody would ever know. This would get you around any goverment trying to stop you from sending said message right?

If you say YES, then you are an idiot. All they got to do is stop you from using the telegraph itself. Put an agent in the office and simply monitor who uses the machine.

If the RIAA and the likes get their way then sending ANY info via your ISP that they cannot read as harmless, then you can't use a darknet because a darknet by its nature shows up as unknown and therefor harmfull to the powers that be.

If the teachers forbids you to talk in the class room then the students can come up with the the fanciest unknown spoken language they wish, but they still can't talk in class because the act of using your voice itself is what is forbidden, not the language itself.

So, if you and a friend agree to use an unknown network type that crosses an ISP and that ISP is monitoring its own routers then that traffic will show up and by the nature of being unknown will send up a red flag. Only when your ISP doesn't care can you use it and as I already said, when it doesn't care, you don't need it.

The only think darknets protect against is OTHERS outside your network connect from knowing about it. I can easily see whoever else is using the torrent I am downloading because this information is public. I can't see the users of your site however. So it is only simple defence against a very primitive form of snooping. But don't worry, the RIAA and the likes are already well ahead of that and want the ISP's, who by their nature are part of EVERY network connection you make to monitor for them.

Read up on freenet and its darknet dreams. It is a laugh. They dream of being the tool to allow sensitive information to get out of places like North Korea undetected when the very act of sending information out of North Korea over any non-approved and monitored method is enough to get you killed.

Or to give the final anology, I don't need to know where the messenger crossing the border has hidden the secret message or the code to read it on his body if I simply shoot everyone crossing the border.

Or, in cartoon form...

[AnotherSteve]

For the visual learners, here is your argument in pictoral format.

http://xkcd.com/538/

Better than TorrentPrivacy?

[rudeboy1]

I was reading about TorrentPrivacy [torrentprivacy.com] last week, and it sounded nice, except the site gave me a heavy "fishy" vibe, and they charge a fee for their service.

I'm reading up on OneSwarm, but I don't know enough about the technology to know if this works the same way, or better than TP. Any thoughts?

Re:

[Burz]

I believe TP is a simply proxy or VPN service. If TP is forced to rat on you by the government, they could conceivably do so by simply starting to log IP data.

OneSwarm is like TOR or I2P in that the needed IP information is beyond the reach of any one entity. Its temporarily distributed through the swarm just long enough to make transfers possible. You would have to own a large chunk of the machines in a swarm to be able to connect/prosecute a user with a particular file or activity.

Re:

[AHuxley]

Say a group of top US telcos all connected to the NSA?
Would that be a large chunk of the machines?
Always assume your US ISP is linked to the NSA
ie point to point logs of every IP session on US networks.
If the NSA could do it back in the day, so can the feds 'today'.
Or a company trying to play nice with the feds.

How about...

[Rhabarber]

freenet [slashdot.org] (there is a dark net mode since version 7).

I remember people arguing dark mode being an anonymity thread itself. I case you computer is seized you and your 'friends' are immediately identified as part the of same conspirative group (based on client's friend list). Might rather be a problem in totalitarian systems where being suspicious is enough to face personal detriment (no pun intended).

Re:

[evanbd]

That's not darknets being a threat; that's darknets being a less than 100% perfect solution. The alternative is a situation where your computer still has a list of other users (because you do have to connect to someone at some point), and where that list can be retrieved *without* the rubber-hose cryptography. In non-darknet networks like Bittorrent or opennet mode Freenet or any conventional P2P, the bad guys can generate a list of users just by sending queries to the network or central server.

Calling da

Yay!!!

[Jane Q. Public]

Had to happen eventually. But it would be nice if there were C-based clients rather than Java. Java is cool, but it is also slow.

Still, this is just the first of what one can hope will be many. Props for doing it first.

Re:

[thermian]

Had to happen eventually. But it would be nice if there were C-based clients rather than Java. Java is cool, but it is also slow.

Java is slower than C, yes, but having used it recently for the first time on some commercial work, I have to say that speed concerns aside, Java is vastly better in terms of additional libraries, ease of use, and general 'getting things done faster'.

With multi core software being the way forward, it also has the edge because its easier to paralellise than C/C++ (well ok, debatable, but in my experience its easier and involves less dev time), and the increase in cores mean the old concerns about speed aren'

Re:

[Jane Q. Public]

Preaching to the choir. Yes, even though I chide Java for being slow my language of choice is Ruby, which is even slower. For most of my purposes, though, it is still the best.

Re:

[Burz]

Actually, Java isn't slow at all compared to other high level languages. It is very fast.

Sometimes I wonder why you C trolls don't just switch to assembler. ... Or why you're so quiet whenever (rather slow) PHP is discussed ... or .NET for that matter.

Granted, Java was too much overhead on 1998 PCs (and those painful memories of slowness).. but its time to move on newer perspectives dear.

Why not just put an encryption layer on top of BT?

[amn108]

A simple question from a noob in the area:

Why not just peer-to-peer encrypt communication between BitTorrent nodes on the network? With keys that are distributed privately. Would that not completely hide the BitTorrent traffic making it impossible to eavesdrop at? If I sit by a router and see it transfer a blob of something that does not resemble anything else but an encrypted stream of something, I only have one choice - decrypt it first to see if the traffic belongs to something I consider illegal. But th

Re:Why not just put an encryption layer on top of

[Anonymous Coward]

Because the investigators don't eavesdrop on your connections. They come into the network as a peer and ask your client to send them chunks of whatever file you are currently sharing. It's very easy for them to do:

1. Search torrent site for popular movie/artist name
2. Download torrent
3. Connect to tracker, get peer IP addresses
4. Connect to peers, ask for parts of the file
5. File a John Doe lawsuit and subpoena ISPs for customer details

Encryption occurs between peers - so your ISP can't decode the traffic, but the investigator can, because it is a peer.

Re:

[quickOnTheUptake]

But what happens when an investigator hired by a movie studio joins the swarm? How do you decide who gets a key and gets to participate in the network?

Dumb

[sexconker]

So a "darknet" is a private (trust-based) network.

You know, like a regular network or VPN.

Oh, and you want to use your darknet for P2P, so you want it to be popular? Then just chain your trust so friends of friends of friends can join in. They're trustworthy, right?

This is completely stupid.
You can't establish a successful P2P network without a large number of users to supply bandwidth and content.
You can't get a large number of users without making it easy to join.
You can't make it easy to join while keeping up a level of trust. If Joe Schmo from the internet can get on, then Joe Schmo from the RIAA can too.
You can't anonymize or encrypt traffic while staying decentralized. To anonymize traffic you need a central server where all traffic is routed through, or you need to route through other users and maintain some meta data centrally. If you encrypt traffic, you'll need to decrypt it, and then it becomes a key sharing problem.

It all boils down to keeping the MAFIAA out. No one can ever explain how their various "trust" mechanisms ensure that the MAFIAA stays out (because they can't).
No one ever explains what happens when the trust is broken (the whole net instantly becomes untrustworthy).
No one ever explains how encryption helps untrusted connections (it doesn't), or why it is even necessary for trusted connections (well, I'll accept this since nowadays everyone is illegally snooping in on every bit of data it seems.)

Re:

[argent]

You don't know who you're getting the files from, so neither does Joe Schmo from the RIAA.

You don't know who's getting your files, so neither does Joe Schmo from the RIAA.

OneSwarm uses the "communist cell" model, where nobody knows anyone except their immediate neighbors, *and* they don't know who's requested or provided any file that's going through their node.

And at the top level of the collective are a bunch of drummers in nanobar tunnels under Puget Sound... oh, sorry, I'm channeling Neil Stephenson aga

Re:Dumb

[evanbd]

Freenet [freenetproject.org] has an answer to the trust chaining problem. Each user (when in darknet mode, anyway -- there's also a non-darknet option) only talks to their friends. Trust is not transitory; if I want data you have, it has to get routed over trusted links. Obviously there is a latency and bandwidth penalty for this, but it's probably smaller than you'd think -- the network topology is well behaved, so playing 6 degrees of separation works fairly well. If someone screws up and lets the MAFIAA on, then I don't care -- it's only a problem for the people who trusted them. The darknet style links compartmentalize the damage. (It's actually even better than that, thanks to plausible deniability arguments I won't get into, as long as they only have a limited number of compromised nodes.)

Of course, the bootstrapping problem -- you need users to get content, and you need content to attract users -- is very real. If there are easy magic solutions, I haven't heard of them, and Freenet doesn't have them. It's still a small niche network, with a limited though nonzero amount of content.

If you're curious about how attacks work in the context of a strong darknet like Freenet, I suggest you ask around on the irc channel / mailing lists. Yes, there are attacks that will work -- the Freenet authors won't try to pretend otherwise. What Freenet *does* do is make those attacks very difficult with only comparatively modest assumptions about trust.

Re:Dumb

[grumbel]

Freenet has an answer to the trust chaining problem.

I wouldn't call it an 'answer', because it is complete non-functional in practice, there are just way to few people in the world who have enough trustworthy friends who also run freenet to make it function and for those that have sneakernet likely runs a hell of a lot better. The whole problem with darknet is that it pretty much completly breaks apart when you add an untrusted friend, so you have to be really careful with whom you add, which in turn makes it impossible to get enough people.

Re:

[Zironic]

You might want to actually read the paper before you debunk it.

Not *that* new.

[Seth Kriticos]

Purely friend 2 friend based networks seem of quite limited use (come on, who knows anyone on the Internet really?).

There are implementations of Pseudonymous P2P clients like GNUnet which are much less trust reliant (more usable and robust). The only problem is, that they are somewhat alpha state and quite cumbersome to set up, and there are not too much files there. There are also a bunch of other approaches (here is a list of software: http://tinyurl.com/cvrvg7 [tinyurl.com] )

Problem is, the *AA will probably run t

That sound you just heard...

[Eil]

...was that of a few University of Washington researchers being escorted into the back of an unmarked van.

Anomos: Anonymous BitTorrent Without F2F

[EverStoned]

I'm a lead dev on a similar project called Anomos [anomos.info], which provides anonymous and encrypted BitTorrent without requiring the slow Friend To Friend system that this uses. OneSwarm is a cool project, but we have some advantages over this (although I'm sure they have advantages over us as well.) We're a funded project as well. If you're interested in this type of thing, you might wanna take a look at our project as well. (Also check out i2pSnark!) Ultimately (perhaps by the end of this summer), I'd like to see all of these approaches under a single roof.

Oooookay?

[IonOtter]

Read the article, watched the video.

Very pretty, very nice, very private IF you have someone on the other end that you "trust". Gosh! This is just like IRC back in 1994 when you'd go begging for FSP logins to trade, and had to rely on some snot-nosed brat to deign to lower their [33+ selves enough to throw you a bone.

Please. *clicks on enable encrypted torrents only* There. Fixed. Goodnight.

Re:Oooookay?

[EverStoned]

Encrypted != Anon. See above.

Traffic spike.

[Aladrin]

A major problem with this and all 'anonymous' file sharing things is the traffic! If you go through 3 nodes, that means 4x as much traffic as if you just went straight peer to peer. That means -you- need to use your machine for that much traffic, too, to help the rest of the network.

I don't know about you, but I don't feel like waiting 4x as long for my transfers.

Re:why? its all legal

[Anonymous Coward]

I'll be charitable and assume you are just uninformed. Inform yourself. [schneier.com]

Re:

[LingNoi]

What if you are doing something wrong but the authority think you're doing something worse? A real case scenario of this happening is the shooting of the innocent Brazilian in England.

The police thought he was a terrorist planning to bomb the trains, he thought the police were trying to catch him because of his expired visa.

Re:Source? GPLv2, Java

[Janek Kozicki]

It's weird. But when I download their binary .tar.gz there's a COPYING.txt file, and OneSwarm's license is GPLv2. Then why are they blocking downloading of source?

And also, it's written in java. Bleh.

Re:Source? GPLv2, Java

[hannson]

We're just packaging up the source now (we just released this today), and will post a link on the website soon. Thanks!

This is the reply I got from using the mail form.

Re:

[L4t3r4lu5]

It's a darknet [wikipedia.org], therefore invite-only.

It relies on the model that "my friend knows 4 people who use that service, so I can acces my friend's connection to those 4 people. Those 4 people know 3 people each, so I can access those 4 people, and another 12. Those 12 people know..." and there we have a large, private, trusted network.

Plus, there's no need for any particular darknet to connect to another. you can run your own darknet between your friends, not connected to any other darknet.

Re:Been done, and better supported.

[tepples]

It relies on the model that "my friend knows 4 people who use that service, so I can acces my friend's connection to those 4 people."

So how do I join if 0 of the people on my buddy list know about the darknet?

Re:

[Brian Gordon]

That's what he said:

so I can acces my friend's connection to those 4 people

Re:

[Valdrax]

How is this any different to P2P over TOR, except for the fact TOR exit nodes tend to block several 'standard' P2P ports (which is easily fixed by using a non-standard port for your P2P)?

Stop doing that. People block these ports for a reason, and that's because the network is not intended to handle this kind of load. People like you make using TOR miserable for everyone else.

Exactly, TOR is a dorknet

[tobiah]

much more accommodating to the friendless. And who'd want to be, what with their stinky packages?

Re:

[Brian Gordon]

I'm sure most slashdotters know people on IRC who at least aren't RIAA lawyers..

Re:This is clearly a criminal tool

[Anonymous Coward]

Laws used to be about freedom and justice. But now corporations are making laws.

Lobbying used to be called bribery. It also used to be illegal.

Re:

[L4t3r4lu5]

That's lobbying for you.

Self reference paradox anyone?

Re:

[brusk]

When was this golden age? Laws have always been about both freedom and justice, on the one hand, and oppression and inequality. Racial segregation was maintained through laws, as were many other kinds of discrimination and unfairness. And other laws protect people against abuse and limit the powers of corporations (e.g., antitrust). It's been a constant back-and-forth, and corporations have always had a lot of power (think of the "company towns" of the past, which couldn't exist in the same way today). You

Re:This is clearly a BS tool

[Saffaya]

It has something to do with what all cartels do :
Jack-up the price of a product by artificially restricting its availability.

Examples that come to mind are the DeBoers cartel for diamonds, or the cartel of the music industry.

And btw, the US department of Justice does officially refer to the music industry as a cartel.

Re:This is clearly a BS tool

[Tom]

Here is what has changed:

Germany used to have a law that makes "private copies" legal. Where "private copy" is defined as making a low number (five is generally regarded as the "magic number") of copies for personal use of friends (with "friend" being defined as persons you have a close personal relation with, so most of your 1624 Internet "friends" wouldn't count).

It was perfectly good and everyone was happy. This law was, for example, what made it legal over here to create a mix tape (or CD) for your girl-/boyfriend. Or to say "sure, no problem" when your best friend said "wow, that's a cool album. Can you make me a copy?" - even the music industry seemed to be ok with it (free advertisement) and it made sure that law enforcement didn't have to waste resources on the ridiculous.

For the past four years or so, the music industry has changed its mind and pressured, bought, lobbied, etc. our lawmakers into changing the law. And they've finally succeeded (last year, I think).

And that does apply to the non "Arrr!" crowd. These changes make 15 year old teenagers who are in love into criminals. It makes grandma a criminal if she records her favourite song from the radio. It makes you and your wife criminals if you put a copy of the CD you bought on both yours and hers MP3 player.

PS: Don't lecture about loopholes and exceptions in american copyright law, I'm talking about german law and this whole virtual property rights bullshit is highly international.

Re:This is clearly a criminal tool

[Tubal-Cain]

ISPs, the RIAA, and the government cannot poison the well if they can't find it.

Re:

[Locke2005]

Are you implying that the government and RIAA are "poisoning" Linux ISO torrents...? Well, I named my Linux Distro "BritneySpears_BabyBaby", and somebody keeps poisoning the torrent... it must be the RIAA!

Re:

[Brian Gordon]

Ouch. Well there is the argument that if someone's seeding bandwidth is being monopolized by RIAA bots on an illegal torrent then they have less bandwidth to seed on legal stuff. Even serving up fake data can harm legit swarms, since downloading is also good for the network.

Re:

[Tubal-Cain]

The RIAA have this idea that filesharing is, by definition, sharing of files covered by their copyright. So they attack indiscriminately. [slashdot.org]

The government has this fascination with invasion of privacy.

Re:

[Matt Perry]

Really, what do you have to hide in your bittorrents that makes you so unconfortable?

...asks the person who who is posting anonymously.

Re:

[jaavaaguru]

Perhaps not, but in that case they'll soon find out what being sued is.

Re:

[arevos]

Honestly, the biggest problem for darknets is bandwidth. Security is no more an issue for darknets than it is for the internet as a whole.

Re:

[Rhapsody Scarlet]

I've been looking for a good opportunity to tell this story, so I might as well do it now.

I once read an article [guardian.co.uk] about a solo singer-songwriter called Ladyhawke, which I found quite interesting. I did nothing about this for a while, until I saw Amazon UK were offering £3 worth of free MP3 downloads. I tried to buy her first album [wikipedia.org] using this offer, but ran into problems using the Amazon MP3 Downloader*. So I found a much easier and more sensible solution in The Pirate Bay.

But at this point, I found I a

Re:

[jaxtherat]

For one? One of what? Please be specific kind sir.