Folks face it, sharing copyrighted material for what you have not the copy right is most likely not allowed in countries where we're living (EU, North America, Japan etc). In some countries the lawyers differentiate between downloading and uploading, some have no copyright laws, other have a copyright laws but sharing is allowed or they don't care due to other (more important -- e.g. social or economic) problems or or or... It is foolish to believe there are share quotas or whatever where you get caught or not. Accept the risk (after making a personal risk analysis and don't be whiny if you get caught) or just don't share copyrighted material!

In this spirit, if I would be in Myanmar I would say "RIAA: kiss my shiny metal ***" and would turn on the acoustic coupler.

What I believe the proposed "secure" network arne_bab speaks of is to use "Ultrapeers" or "proxies" as a type of "bodyguard" for the network. Each computer connects to an Ultrapeer as a user, and their IP address is stored in a database on that computer that is not visible on the network. Then, when someone wishes to download a file they must go through the Ultrapeer to connect to that server (indirectly). In essence, the Ultrapeer then becomes a 'network host' between both computers.

This is most definately NOT a good idea, since it puts all the strain of the network on the Ultrapeers, bouncing raw data from computer to computer, ignoring the shortest internet route and slowing down the network in the process. In turn, this also makes it look like the Ultrapeer is actually the one originating the file. This means that not only network strain is put on these servers, but legal strain. It makes them responsible for the data they pretended to host. Then the Ultrapeers would be forced to release the IP information from their database to show the file's origin. So, this actually does NOTHING to protect you from getting caught distributing illegal material, except putting the network to blame for its members' mistakes (Napster, anyone?). All of what you wish to do here can already be done by connecting to your ISP via a proxy.

Encryption of files on a PUBLIC NETWORK is totally ludicrous! All encryption does is prevent people monitoring connections to read the file. But if those people can simply download the file from you and read it, they've just bypassed your encryption security! Encryption is only necessary for Private P2P communication, which Gnutella is not. When you put files on the Gnutella network you are sharing it with the world, not select "trusted" people.

At first this may seem a logical solution, since as an individual you will never share 100% of a file with anyone. However, if you think about it with more than 6 hz of brainpower, you'll realize that it would make downloads IMPOSSIBLE. In short, the only way you could make a download 100% complete is if the same file were located from 2 different sources! Therefore, nobody would ever be able to add anything to the network! Unless, of course, they happened to have access to 2 computers, which defeats the purpose of everything in the first place. If you are truely concerned about not having the full file downloaded, you should focus on having more sources available with that file. So, ironically, all the people who are way too paranoid about the lack of privacy on Gnutella are the ones causing this problem on Gnutella. Go figure. A network is only as good as its members; it can only give you what its members give out. In this case, it's strength in numbers.

One thing I would like to point out is that anywhere you go on the internet, using any internet protocol, has the capability of logging your IP address. Simply using the internet is a security risk. All networks are formed around the concept of trust. If you don't trust a website with your IP address, don't visit it. Same with Gnutella. I hate to say this, but, if you don't trust the people on Gnutella, don't use it. Whatever company gave you the data that you are sharing probably trusted you not to share that data. So to say that you do not trust the very people that you wish to share data that was entrusted upon you, is at the very least hypocritical. Not to mention the countless people of whom shared their own trusted data with you. To eliminate this trust by sharing anonymously would be catastrophic to the network.

And, if you are concerned about people hacking into your computer, or uploading viruses, there are already hundreds of client-side solutions for all of these. However, the more internet presence you have, the more you are at risk. I hate to use the cliche "The best internet security is not to use the internet at all," but it's true.

__________________
-Adrian

You know, that your ISP can't be held responsible for the data, which flows through it?
They even must not read it out, exactly like the postal office must not open your letters.

The Ultrapeers also don't pretent they had the data, but simply say, that a host they know (but whom they don't name directly) might have it, and that they can route that file to you.

For this they simply use a session ID for that host, which expires after some time. Should that host no longer be online after that time, the information gets useless, and even more important: The information should never be stored any longer than a few days, so you have no "releasing the routing table", because there is none anymore.

You can only get caught, when the police checks the logs of your provider and checks which connections correspond to which client, but that is much work, and thus they can't simply sue anyone, but have to focus on real crimes like distributing child porn, instead of hunting one half of the people with internet access.

So it gives you privacy as long as the state doesn't crack down with really hard methods (and much money). I know that the USA are famous for their war on drugs, but I hope this would be too expensive even for them to do it for sharers of simple files, which doesn't really harm anyone.

With this measure alone, getting the IP of a sharer will no longer be trivial, and you can't sue in masses.

Partly nonsense (sorry). Since you answered to my previous post, you should be able to count 1 and 1 and see, that they can't know from whom they just downloaded the file.
Those two measures work together.

Thanks for the compliments.
As you use the number 6 in your post I assume you read the part, which stated, that this should only be done, if the uploader already knows 6 other working sources. So there are at least 7 sources avaible for that file and half your paragraph originates from a wrong assumption. I ask myself, if that assumption was intentional.

File Hashes make it possible to check, that you have the complete and correct file.

Ironically, using this, "legitimate" content could get a boost, because there the original sharers wouldn't enable this measure, and downloads from them would most likely be faster.

Also while this measure provides additional security against lawsuits, it only works against those lawsuits, which only holds as long as the laws aren't changed and even sharing only parts of a file is being made illegal. Butt till then it could give Gnutella a real boost of users.

Here you are completely right. I mean: the last two sentences only.

The first sentence is sadly completely wrong. I assume you didn't read the whole thread, else you would know, that I AM BEING SUED AT THE MOMENT, and your talk about being too paranoid somehow "STRIKES A VERY BAD CHORD".

*calms down a bit*

I would even say (to come back to your two true sentences), that numbers are more important than to have the most efficient downloads. That means: the bandwidth we lose through proxying (most downloads will only work with half speed, except those which are being hosted by people who decide, that they don't fear to be persecuted) is less than that we win beause we get more sharers.

To increase the numbers of sharers, those must be able to feel halfways confident, that they won't be prosecuted for something which doesn't really harm the music industry (the australian music industrie even makes more money than two years before. They were _very_ shy in admitting that) and harms the artists even less (if you want to discuss this, please start a new thread. I'll be in it, when I see it).

Agreed. BUT: This is only true for direct connections. My first point simply states, that you don't use direct connections.

You mean: Now you tell us to trust anyone in the Gnutella network, after you said, that it is no private trusted network, but that it is public?

All that followed was sadly: Share only what you are allowed by whatever laws are valid in your country, even if those laws are completely ludicrous and harm the artists by supporting the claims of a few monopolists.

I don't trust the person I am downloading from, because I don't know that very person. Would you give your wallet to me, without knowing who I am? I wouldn't give mine to you (but presumable to some people in this forum, I might, because I got to know them, though not face to face).

The main strength of p2p-networks is that you don't have to trust or even know the people you are sharing with and downloading from. Everyone agreed to give something to the network, so everyone gets more for him-/herself. A very simple system, which is called the "commons", or in german: "Allgemeingut" and "die Allgemeinheit unterstützen".

The Network simply enforces strictures, which allow a certain trust which isn't bound to the person you are sharing with, but with the network.

In earlier time, people trusted based on personal honor. Today, we can trust the structures of the Network and don't have to trust the integrity of its Users.

So you say: If you are concerned about your privacy: Don't use Gnutella.
That means: Everyone should stop using p2p-networks, except, if they only share "legitimate" content.

Which is no way of thinking forward.
Try thinking of solutions to problems.
The problems are:
1) Users are being sued
2) Users are afraid of sharing because other users are being sued
3) We have too few Users who share because they are afraid of sharing because other Users are being sued because they shared
4) Files get downloaded completely from a single User, who can then be sued, because we have too few alternative locations for files, because we have too few Users who share because they are afraid of sharing because other Users are being sued because they shared

So the solution which tacks the root of the problem is to make it much harder to sue Users.

I think you can figure out, how that problem tree (more a problem parasite) shrinks into itself, as soon as the root problem is being rooted out.

Also: Don't be shy to think if those legal rights are legitimate rights. That means: Is it right, or better: Is is legitimate, that a music company can forbid me to share my music?
Is the balance between the
1) Artists,
2) Distributors and
3) Listeners/Users
as it should be, with the music industry mostly having a monopol and being able to control to quite some extent, which types of music the people can listen to (for example by not supporting smller artists and only supporting "blockbuster music")?

The balance between the artists rights to be paid for their works, the distributors rights to be paid for distributing the artists works and the Users rigths to have access to cultural works and goods, always needs to be reassessed and it needs to be checked, if it is the best possible balance for the general public.

At the moment I very much doubt it. Artists don't really get enought money (except the few big ones), people don't have enough legal access to cultural works for acceptable prices (No: 20$ for a CD isn't a reasonable price!), but big corporations make very much money.

The pendulum must swing back to the Users/general public and the artists, aand that naturally hurts the music industry, so they fight against Gnutella, because it removes the necessity of their distribution structures.

Maybe someday the Music industry will learn to use free sharing for their advantage by including a tag in the tags of CDs (in the CDDB or the FreeDB) which tells you, where you could get the whole CD, so you can buy it to support the artist, if you like the music (and yes: I buy CDs, even though I can get most of the music in Gnutella, because I want to support the artists (and those who enable artists to create their works). I simply think that filesharing programs should include an option to buy the CD of a music file you just downloaded with two or three clicks (maybe using the iTunes MusicStore or Amazon)).

If they don't learn it, there is a good chance, that they will go down.

__________________

-> put this banner into your own signature! <-
--
Erst im Spiel lebt der Mensch.
Nur ludantaj homoj vivas.
GnuFU.net - Gnutella For Users
Draketo.de - Shortstories, Poems, Music and strange Ideas.

Thank you for clarifying your points, since there were a few that I didn't quite understand. However, there are still a few things you seem to be missing from my post.

This is partly true. However, this doesn't stop them from suing your ISP. An ISP is responsible for keeping a log of all connections. If an organization had evidence that a hacker originated from a particular ISP, that ISP would be required to release the log of their connection or risk being sued. This particular case happened to the ISP I worked for for several years. I'm sure that no Ultrapeer would be willing to stick their necks out for any of its users, let alone have to deal with lawyers and the responsibity to search through activity logs. Their protection is that your information is freely available through the network.

Yes, this is true. Especially with the fact that they couldn't trace who exactly was uploading what to make themselves a case. However, I can see a huge lawsuit down the line that could force Gnutella to publish their logs globally (or to certain organizations). If you notice with all illegal activity (whether it should be illegal or not) they will always find some way to locate a culprit and prosecute them. This is especially true when "Big Money" is involved (e.g. the ever-growing music industry). Thank you Capitalism!

First of all, if you have merely 2 truly working sources, the task will be split up between the 2 sources. So you are already guaranteed that you won't send 100% of the file if a reliable source has the same file. Explicitly checking for this isn't necessary, and could provide false positives that harm the network (what if 6 of the 7 sources disconnect your download?). As a side-note the 6 hz joke was not intended as a crack at anyone's intelligence, so I apologize if I offended you.

I did read your post about your lawsuit, which absolutely sucks. I wish you luck with that, and for all the others going through the same thing. What I was trying to say here is exactly like your "problem parasite".

Numbers are important for a network like Gnutella simply because of how it was designed. If you use the proxy method, the network will be limited to the power of the Ultrapeers, and not the power of all its members. This means you could still have 5000000 sources of a single file and not have it be any faster than 2 sources due to network traffic. Although, it would increase the chances of more reliable sources. Arguably you could say that the more members you get, the more Ultrapeers you would get, so this might be a moot point. But my argument stands that the concept behind Gnutella would be compromised to accomplish this.

I never said you should be forced to comply with laws, since that is obviously up to the user. You use Gnutella AT YOUR OWN RISK.

You are absolutely right, you don't have to trust the individuals, only the network itself. But on a public network like Gnutella, you're giving data freely to the world, and receiving data freely from anyone in the world. Especially when you start allowing anonymous transfers, it means you won't even know who you're dealing with. Supposing a client abused the Gnutella network to spread a virus. How would we track down and eliminate this virus if we don't know where it came from? People could abuse the anonymity factor for this in the same way you want to use it for sharing illegal material.

Before I even touch on this subject I would like to state that I completely agree that music companies are huge corporations that do overcharge their customers and that the artist who intellectually made the product is extremely underpaid. But there is more than just creativity and talent needed to produce music for profit. If artists could do it themselves, they would. And quite a few do. However, they don't tend to make much profit over it.

To produce a CD is slowly becoming obsolete, since it is far cheaper to distribute the music files individually or in a package over the internet. So I must say, why would anyone buy a download to a file that is basically identical to the one they downloaded for free on gnutella? If you merely wanted to support the artist, you could easily send them a donation via PayPal off their website. It would be nice to have that link in the music file that could be gathered from CDDB or FreeDB. But honestly, how many files do you find on Gnutella that actually use this information? I'd say about 20% of all people who use Gnutella even know that such databases exist, and only about 10% of those people actually use them! Maybe someday music industries could compromise by allowing downloads as long as a link is attached, but this could result in some nasty adware music files like most promotional wmv movies.

__________________
-Adrian

Browse host works just fine and if someone wanted your IP all they would have to do is use a IP sniffer like ethereal. Personally I think it adds accountiblity and there by makes sure that end users don't spread viruses and trash -- like there doing now! If your afraid of someone getting your IP mask it if you've got something to hide if not a common firewall will protect you from hackers and the like. I think they should REMOVE the browse host feature completely and show ALL IP's to keep others from having to go thought the misery of having to clean viruses and malware off their systems due to some very unethical marketeers pushing their viral trash to unassuming end users.

Ringo ...

You're absolutely correct. It's P2P folks .. Point 2 Point. all it takes is a sniffer and You can see exactly who the host is your dealing with. I think it only fair that IP's be shown. If you're not doing anything destructive .. then don't worry .... get a firewall or switch to linux All IP's are traceable and are a matter of public record for a damn good reason. If people could hide their IP's think of all the crap people would do and never get caught.

No I'm sorry I don't agree with hiding IP's at all.

All people can already hide their IPs.
They simply use freenet ( http://freenet.sf.net )

But that program isn't intended for filesharing, but for real freedom of information (you also don't know who really published the articles there, and it is *almost* impossible to find it out, even for police and similar.

__________________

-> put this banner into your own signature! <-
--
Erst im Spiel lebt der Mensch.
Nur ludantaj homoj vivas.
GnuFU.net - Gnutella For Users
Draketo.de - Shortstories, Poems, Music and strange Ideas.

Just a thought but maybe, if we didn't use illegal warzes we wouldn't get sued.
Even if you use a proxy I can get your IP address or at the VERY least know exactly what network your on and who your IPS is. From there it only takes a phone call to get the rest. If someone wants your IP they can get it and contrary to what I have read here in the forums it's not hard.

Ringo

Ditto ...

I think another way to insure the saftey of all parties is to offer files under a request format. Someone wants a file they can request it and the sender can look up the IP if there paranoid and see where the request is coming from. I think the more information that is posted in limewire the MORE protection we have. If you can hide your IP so can the law. If everyone joining Limewire HAD to have their vitals (to a certain extent) posted so that one could verify that information as being a valid address and user, there would be far less paranoia and far less chance of anyone getting sued for any reason. Also as a side benefit you wouldn't be as likely to download trash,malwares and viruses.

I posted several IP's, phone numbes and email addresses this morning here in the fourms of individuals that were maliciously sharing malwares (usually a marketing company) under file names or program names, that are popular software, ebooks and other inticing names that usually look like: P_H_O_T_O_S_H_O_P! and the like, that will completely hose your system if you use them. I sniffed their IP's (of course they had browse host turned off) and found all I needed to know. What they are doing is just as illegal as any thing else I've seen on any P2P network. They know it. But it's the pot calling the kettle black isn't it? Ergo,
If we had a "bad files" list like e-donkey, e-mule and others. We would not waste our time nor take the chance of getting caught up in problems like the ones being mentioned here.

After the post I was semi bashed by one of the fourm admins for posting "private" information. In retorespect the only thing I posted that was out of line would have been their phone numbers. The IP and abuse@ email addresses are PUBLIC knowledge and are there for a good reason....

As it turned out Morgwen suggested that I post this information on a "Private server" for those that are Interested in keeping the community free of those with bad intent. I thought that a great idea and am creating a "private" by invite only area for those of you who would be interested in seeing exactly whom your dealing with and what wares are bogus. I would invite anyone with any information on bad files, IP's of those whom are invading OUR pricacy to join my effots and post this information in OUR forum. I'm also looking for a few admins to help in this effort to keep the forums and site running smoothly.

If you would like to read the orginal post:
even emule has a "fake File" list ....

I can be contacted at ringo@mindwire.us

-Ringo-

Correct, however like you said. It's not file sharing. God I love open source

Ringo

Uh, I said something else: I said: It isn't intended for file sharing. Still it is being used for file-sharing via frost (and not that ineffective).

Which means: Freenet is the only really anonymous file-sharing app (which suffers from all the downsides of anonymity: Slower downloads, much network overhead (some of it even intentional) and you have to give at least 250MB of your hard disk to freenet (better still: iGB or more), on which encrypted data is being stored, whoose content you may never know.).

Still it does work. It isn't very usable from the UI standpoint, but working.

About the post about anonymizing: I'll need some time for the answer. Many things happening in my life at the moment.

__________________

-> put this banner into your own signature! <-
--
Erst im Spiel lebt der Mensch.
Nur ludantaj homoj vivas.
GnuFU.net - Gnutella For Users
Draketo.de - Shortstories, Poems, Music and strange Ideas.

yeah its kinda screwed up there that we're so vulnerable to attacks from hax0rs n the enforcement alike... especially if the user doesnt have a standalone firewall, the average survival time before you get infected is 20 mins...

guess the only thing we could do is not share an alarming number of files at a given time, like maybe 1 gig or sumtin... that shouldnt raise an alarm, and IMHO the ppl who got caught were the ones who were mega sharing clients...

of course the downside of not sharing much files is eminent, but there should be a balance between sharing and security, privacy... any ideas?

__________________
the single source of gratification in your insignificant life...

Well, if you wanna dld vids (for example) dlding the ones that just got out in the theaters isn't very smart as they are the ones that are most "guarded" by the enforcement army.
One more reason to either buy them or get them from the video club.

__________________
iMac G4 OSX 10.3.9
RAM 256MB
LW 4.10.5 Basic
ADSL anything from 3 to 8Mbps/around 1024kbps

"Raise your can of Beer on high
And seal your fate forever
Our best years have passed us by
The Golden Age Of Leather"
-Blue Öyster Cult-