I am not a programmer but I think it would be wise for others to start to brainstorm
some ideas to enchance security on the network before the dreaded RIAA takes our
rights and ISPs away.
Limewire told me encryption would be hard to implement. Perhaps there are other
solutions.

I just worry that with supernodes around the corner and all the big network
improvements Gnutella is gonna explode in popularity and gain the size of Fast Track.
Of course its great that it will grow but thats gonna attract the RIAAs attention. I
wouldnt be suprised if they take Limewire to court and drain our beloved Limewire
team of their assets and jobs. Even if the RIAA cant win in the courts they can bankrupt
all these start up companies developing Gnutella clients.

Maybe the hacking community can implements some slick ideas.

Not hard...

all client must use encryption than...

Morgwen

Hi Sweepicker, Morgwen,

hmm encryption is for sure a good idea! I find it hard to implement or to fit any needs: protect sharer and superpeers, protect traffic, fast and small traffic overhead, gurantee optimizing algorithms (query caches e.g.) still work and everything on a totally decentral system (which gnutella is). I guess FastTrack with a slightly centralized system has it much easier, with key management etc.

Does some concepts for gnutella or filesharing system allready exist, any ideas or URLs (at the_GDF)?

Encryption isnt a panacea thats one of the P2P myths and a dangerous on at that. Look at the fasttrack network they have encryption yet the RIAA was still able to figure out all it needed to sue them. Either way who would stop the riaa from downloading and modifying an open source program to track users.

The reasons why gnutella hasnt been sued is that its open which is the biggest reason, no log-ons or user names, it has many more uses than just file sharing, and search is really not that much different than any search engine out there.

Gnutella is alot like the web so if the RIAA wants to shut it down they will have to do it like they do on the web and go after indivdual users which will be a PR nightmare and the cost too high. Which it will be very unlikely they will do that. They will most likely try other ways like DRM and etc.

Encryption is NOT dangerous. Fasttrack is sued because it's not working completley decentral, not because it's using a kind of encrypted key exchange for a proprietary authorization mechanizm.


Encryption makes no sense in a peer to peer system, at least as long as download partners are not anonymous.... or as long as content is not anonymous! Look at Freenet, a user has no idea what is on his/her harddisk.
Similar to anonymous Freenet, but much much simpler, is swarming technology. Thousands have a small part of a file without knowing it.... so content is made (slightly) anonymous. Isn't it?

More ideas for Gnutella's future?

The thing that worries me is the fact that I can see a day soon where the RIAA or one of the big labels will use the full legal resources at their disposal to locate one individual who's sharing files and make an example of them.

Once that has been done, then a president can be set to go after others.

As others have quite rightly pointed out, Gnutella's main strength is the sheer number of servants out there. However, just as Metallica did with Napster in identifying a whole list of offending users, expect the same to happen with Gnutella.

Let's face it, regardless of whether encryption is used or not, it is easy enough to identify a remote servant hosting illegal files, either by viewing the web page or by starting a download.

Once the IP address has been obtained, a quick visit to ARIN will reveal the owner/ISP of the IP. Since most ISP's have either within their T&C or AUP that you should not partake in trading of illegal items using their network, it wouldn't be too difficult to have the connection discontinued or, even worse, for subsequent legal action to take place if so desired.

Whilst files are shared in their entirety, regardless of the method used to transmit the files, I personally feel that the risk remains that the RIAA etc will soon set the cross-hairs on both the Gnutella clients and the users sharing the files.

Rachel

__________________
But the fact that some geniuses were laughed at does not imply that all who are laughed at are geniuses. They laughed at Columbus, they laughed at Fulton, they laughed at the Wright brothers. But they also laughed at Bozo the Clown.

Carl Sagan

Rachel, I completly agree.
We need more ideas...

[quote]Originally posted by RachelHeath
[b]The thing that worries me is the fact that I can see a day soon where the RIAA or one of the big labels will use the full legal resources at their disposal to locate one individual who's sharing files and make an example of them.

Once that has been done, then a president can be set to go after others.
[\b][\QUOTE]

First that is very very unlikely to happen do to how gnutella works even if you scan it for a week you wont find every single "offender." If any action would come it would be in stop and desist e-mails or at an extreeme get a user internet service cut i doubt they would sue.

The RIAA wont make an example because the media would eat them alive and cause so much bad publicity the RIAA would be hated even more. Considering its the holiday season it would be a bad idea to **** off the consumers.


[quote][b]
As others have quite rightly pointed out, Gnutella's main strength is the sheer number of servants out there. However, just as Metallica did with Napster in identifying a whole list of offending users, expect the same to happen with Gnutella.
[\b][\QUOTE]

Gnutella is not napster its much better. On napster you can easily search an entire server easily. On gnutella you cant systematically search every inch of it like you could on napster. There are no log-ons so you cant just kick users off easily like what napster did during the Metallica thing.

But your isp just doesnt give your info out to everyone who askes nicely. The other side has to prove it and even then some isps like verizon still wont give them user info. The only isp that has taken any kind of action on a regular basis is @home and maybe a few others like AT&T and Qwest occasionally.

Try to design a P2P network thats fast, stable, and only gives info out to everyone except the riaa. Its impossible there cant be any kind of security like mentioned here without servely limiting users options and the fact that most security measures would hurt gnutella legally and bring more attention from people like the RIAA the benifits wouldnt be anymore than just bragging rights and a slower, limted network.

I can see where people are worried and etc. and thats perfectly understandable after napster but gnutella isnt napster, no prolonged action has been taken yet and until there is i dont think that security needs to be a major issue. Plus unlike all the other file sharing programs gnutella can be used for alot more than just P2P making it a extreemely hard for someone like the RIAA to attack it legally because they would lose.

Very optimistic and also ignoring reality, some ISPs and universities block Gnutella allready!
When RIAA has shutdown other peer to peer system, what makes you belive that they stop and do not attack gnutella? This is big business with a high money flow, think creative... if lawyers do not suceed, RIAA could try to abuse the network, flood the net with fakes (read Harry Potter floods on Slashdot) or DoS or.... is Gnutella really that strong?

You seem to look very conservative/reserved on Gnutella, what are your ideas to improve Gnutella?

Sephiroth,

A simple method is to view someone's web page. A host of goodies there.

A second method would be to write an application using the gnutella protocol that issues a search for a given artists name and start seeing what is returned. If the same IP address starts to appear a number of times then they've got their target.

As I said previously, all they would have to do is successfully sue one individual. Once they have done that, then the doors are wide open. That in itself might be enough to stop a large number of people from sharing. Once that happens, the topology becomes top-heavy as everyone tries to download from servants outside the RIAA's or WIPO's
jurisdiction.

I never said they'd do anything today, tomorrow or even this month. Don't forget, the RIAA already tried to sneak in legislation into a recent bill that would give them carte blanche to hack into peoples computers. If they are willing to got to that level, I do not think for an instant that the RIAA will be to worried about 'public opinion' if it comes to taking someone to court. Besides, what have they got to loose? The RIAA is paid for by the recording industry. I for one cannot see the general public suddenly boycotting all record releases etc simply because they got heavy handed and successfully sued someone...

True, but the RIAA will no doubt go in mob-handed. I doubt if the ISP will argue too much, after all, if they do, then there is the very real chance that they can be implicated along with the user. One ISP in the UK (Demon Internet) already lost a legal case about a news article stored on the USENET servers. A president for legal obligation there has already been set. Granted that was in the UK, but ISP's may not be as protective over their users as you would like to think they are.

As you already pointed out, @home and AT&T have both taken action against other users. They are arguably two of the largest Broadband ISP's in the USA (Road Runner being a third). Since Road Runner is itself owned by a media conglomerate, I wouldn't expect them to look kindly on users who have been positively identified as sharing illegal files.

True, GNet is not Napster, but as I said previously, Metallica ID'd over 330,000 users who were sharing 5 or more Metallica songs. They went after Napster itself because that was the 'main artery' for the file sharing system. GNet is a different ball game all together. Essentially each servant is a potential Napster when it comes to copyright evasion.

To say that the RIAA will not pursue a US based user sharing several GB of copyrighted material is completely off the base. They can and probably will. After all, there is no real difference in sharing nGB of illegal MP3's as there is copying DVD's and distributing them elsewhere. The only argument that could possibly be used is one of 'zero profit motive'. However, in the eyes of the law, copyright theft is copyright theft, regardless of the intention or not to profit from it.

Don't think either that public opinion will be against them. People said that about the Napster case and look what happened there. A very large proportion of the population does not, or ever will use GNet or any other part of P2P sharing.

Besides, what have the RIAA to loose? They are funded by the recording industry, not by the public.

Currently, the RIAA are looking at other P2P file sharing applications. Take a look at this except from an RIAA press release:

This sound something like GNet? I think it does. Granted the technology may be different, but the philosophy is the same. Whilst it is true that the GNet is not controlled by anyone since it's an open format, there is still enough damage that can be done legally to hurt it in one way or another. Look at Napster. It's not a shadow of it's former self, nor will it ever be. They took on the giants and lost, big time...

What's even more worrying are the list of plaintiffs in the case: Metro-Goldwyn-Mayer Studios Inc., Columbia Pictures Indus-tries, Inc., Disney Enterprises, Inc., New Line Cinema Corporation, Paramount Pictures Corporation, Time Warner Entertainment Company, L.P., Twentieth Century Fox Film Corporation, Universal City Studios, Inc., Arista Records, Inc., Atlantic Recording Corporation, Atlantic Rhino Ventures Inc. D/B/A Rhino Entertainment Company, Bad Boy Records, Capitol Records, Inc., Elektra Entertainment Group Inc., Hollywood Records, Inc., Interscope Records, Laface Records, London-Sire Records Inc., Motown Record Company, L.P., The RCA Records Label, A Unit Of BMG Music D/B/A BMG Entertainment, Sony Music Entertainment Inc., UMG Recordings, Inc., Virgin Records America, Inc., Walt Disney Records, Warner Bros. Records Inc., WEA International Inc., WEA Latina Inc., and Zomba Recording Corporation

Anyone of these organizations alone makes for a scary legal competition. Them all combined makes for a verifiable rotweiller. Also, notice where I highighted WB? Since they are already fighting this case, expect them to fight the next - and Road Runner users will be directly in view. The won't need to ask the ISP for user details since they ARE the ISP!

Finally, in the US alone, the RIAA represents an industry worth $15billion. With that much money, I would not expect them to take this lying down...

Rachel

__________________
But the fact that some geniuses were laughed at does not imply that all who are laughed at are geniuses. They laughed at Columbus, they laughed at Fulton, they laughed at the Wright brothers. But they also laughed at Bozo the Clown.

Carl Sagan

Oh yes the blocking done by universities. Do you also know that you can get around that by using something like Socks2http and use a proxy.. Its a pain to get working but it works. Isps/universities blocking is a problem for all of P2P and isnt specific to just gnutella...

Why i think that the riaa wont succeed. One because unlike all the other networks out there gnutella is truely decentralized because its open, has many more uses than just file sharing and do to the protocol it is impossible to shut down.

Your right the RIAA does have deep pockets which is why they are pushing for things like DRM and SMDI to be standard and manadatory on everything.

As for this comment "RIAA could try to abuse the network, flood the net with fakes (read Harry Potter floods on Slashdot) or DoS or.... is Gnutella really that strong?"

Replace try to with is doing. The RIAA has been doing that for a while now flooding gnutella, abusing the network and etc. The RIAA has been monitoring gnutella for months. Gnutella is still here and as the protcol gets better i firmly believe that it will be able to withstand because its holding up now..

Right now i think the best way to improve gnutella is to improve the speed and capacity of the network with things like supernodes. Really until things like that are added which are going to in the near future its kinda pointless for me to think up ideas when others have allready sloved them. Metadata should include more than just mp3s.

Packethound is software already in use at the University of Missouri (if not others).

It examines the contents of each packet and already has rules to identify and block Gnutella data. Once it see's a single packet with a pattern that matches GNet data, the connection to the remote computer is immediately dropped.

Rachel

__________________
But the fact that some geniuses were laughed at does not imply that all who are laughed at are geniuses. They laughed at Columbus, they laughed at Fulton, they laughed at the Wright brothers. But they also laughed at Bozo the Clown.

Carl Sagan

No Electronic Theft Law (NET Act)

The Digital Millennium Copyright Act (DMCA)

Rachel

__________________
But the fact that some geniuses were laughed at does not imply that all who are laughed at are geniuses. They laughed at Columbus, they laughed at Fulton, they laughed at the Wright brothers. But they also laughed at Bozo the Clown.

Carl Sagan

It's a big problem. Let's imagine 1000 students have been blocked, only a few computer geeks manage to set up a working tunneling (and might get caught). The majority, let's say 900 student are off or will move to an alternative P2P system. With every university or ISP the RIAA convinces/forces to block, gnutella will loose users, bandwith and files.
However I got your point, you think Gnutella is safe and has more umportant problems, okay.

Personally I would be interest in ideas how to make Gnutella stronger and remove possible weak spots. Anyone has ideas?

I know this may sound slightly silly, but I've heard that it can work reasonably well elsewhere...

How about each client, when asked to upload a file, also get's a chance if it decides (for whatever reason, say for example, it's never uploaded to this IP address before) to upload a message that has to be OK'd before the upload commences.

This message could be something along the lines of 'I agree that I do not work for any law enforcement agency, nor for trade organizations such as the WIPO, RIAA (etc etc) and that I agree to indemnify both the owner or owners of the remote computer currently identified as having IP address x.x.x.x from any legal action as a direct or indirection consequence of this or any subsequent download download that I, or the organization I represent, perform. I further agree that I am solely responsible for ensuring that any and all copyright infringements are not violated by performing this or subsequent downloads and that I/we do not hold the owner of the remote computer responsible in any way, shape manner or form.' (Yada, yada, yada)

Long winded? Yes. Turgid? Certainly. Protective? Possibly...

Perhaps something like this would then put the onus on the uploader to ensure that no copyright infringement takes place. Since the uploader is significantly harder to ID than the sharer, this might make the job of the RIAA harder to perform...

Just an idea is all. Perhaps my head is somewhat in cloud cuckoo land here, but you never know...

Rachel

__________________
But the fact that some geniuses were laughed at does not imply that all who are laughed at are geniuses. They laughed at Columbus, they laughed at Fulton, they laughed at the Wright brothers. But they also laughed at Bozo the Clown.

Carl Sagan