|
Anonymity on Gnutella Network I have a proposal for making Gnutella a little bit more anonymous :D a) All clients should hide any data that would give information about other IPs. Like ListView fields or HostCache data or temporary data files for downloads. All IPs should be encrypted. Like Xolox does for its HostCache data. b) Instead of an IP, a nick name should be used to identify other clients. It is not nessecary to be unique for all the Network, just some info about the host you are connected. It could also be used in chats between two clients |
pointless. Even if the client hides the info from the user anyone that knows how to use a computer can still get it. And anyone that wants the info from the client could write their own client to display the info. Gnutella cant work without it so you cant get rid of it. If you want anonymity check out freenetproject.org It really is coming along quite nicely |
Quote:
|
ok, assuming you tried it a year ago you would have to say the current state is coming along nicely. Yes they have alot of work to do but it is usable now :-) |
Last time I tried it was a couple of weeks ago, - and it's not what I would call usable. |
Quote:
In some packets there is an IP and a PORT, IP is 4 bytes long and PORT is 2 bytes. My thought is to take the actuall ip:port and encrypt it. The encrypted result should be 6 bytes so that we can put the first 4 bytes into the IP field and the last 2 bytes at the PORT field. Servents dont have to encrypt/decrypt the packets all the time but only when it is neseccery ex: when we want to make a connection or download a file. I remind you that no ips should be exported visually in any servant. So the servants keep the encrypted data somewhere stored and when it needs an ip it decrypts it. The problem with this method is which encryption method should be used, what would be the password for the encryption, and finally that users with some knowledge of computers can still find an IP but ONLY for a connected servant. For example you can make a search for "faithless .mp3" and receive many query hits but you dont know which user shares what. Only when you try to download a file you can find that the user you are connected to is sharing this specific file and not a list of "illegal" files. Old clients that dont support this method are not compatible. This is the right thing because otherwise someone could connect to Gnutella with an old client and still find/track all the IPs. Any ideas? |
Veniamin, Wouldn't the decryption method not be public knowledge then? I mean, that'd kinda defeat the purpose. |
Cultiv8r, Well the encryption method should be known to all developers but only the password should be known by "registered" developers, from the GDF. Also the GDF should alter the password every 3 or 4 months to eliminate the possibility that the password be known by others. Other suggestions? :confused: |
More reasons to make Gnutella more anonymous: "A few years ago I was in the UMD dorms and after numerous violations of the network AUP I finally got a call one morning before going to class. It was Mr. So-and-so with the Nethics department. He told me there were some violations and asked if I knew what he was talking about. (Of course I did, what? was I just gonna confess? Idiot.) He then suggested that I come over to the computer and space sciences building for a 'chat.' Meanwhile at the CSC building I entered the Nethics office and was greeted by Mr. So-and-so, and he began his Gestapo interview of me. It came down to the fact that I had egregiously broke their rules, and I knew it, and he knew it, but he had no real proof (I firewalled almost everything, including all of the UMD space) with the exception of an email written by a barely literate teenager Narc'ing on me. Needless to say, I walked out unscathed. They are just a bunch of James Bond wanna-be jokers." So when this guy gets kicked out of school and his parents lose all their $$ they invested, who CAUSED the damage? "The Australian Electronic Frontiers foundation report that the Australian Government is looking at introducing changes to the Telecomunications Interception Act giving Government Agencies (NOT just police!) the power to intercept email, voice mail and SMS messages without a warrant." And it's not just a USA problem. Developers need to get with it. And who is the immature nerd who thinks deleting this thread will help anyone ? http://slashdot.org/articles/02/06/07/1648251.shtml http://yro.slashdot.org/yro/02/06/09/1627227.shtml |
and another reason "The RIAA is set to expand its FastTrack lawsuit to include Sharman Networks and FastTrack founders Niklas Zennstrom and Janus Friis" http://www.zeropaid.com/news/article.../06082002a.php Will you be next? |
We all know that anonymity in a P2P Network like Gnutella is very important. The difficult part is to find a way to do this and also keep Gnutella an open-source protocol. |
On the contrary. Anonymity on a p2p network is not important at all unless you plan on committing crimes. |
Quote:
Now if only all of the Gnutella Network users would read this simple statement and understand it!!!!!!! |
Crimes Taliban wrote: On the contrary. Anonymity on a p2p network is not important at all unless you plan on committing crimes. Read the Freenet philosophy page and decide if this statement is true. http://freenetproject.org/cgi-bin/tw...ain/Philosophy 7. But why is anonymity necessary? You cannot have freedom of speech without the option to remain anonymous. Most censorship is retrospective, it is generally much easier to curtail free speech by punishing those who exercise it afterward, rather than preventing them from doing it in the first place. The only way to prevent this is to remain anonymous. It is a common misconception that you cannot trust anonymous information. This is not necessarily true, using digital signatures people can create a secure anonymous pseudonym which, in time, people can learn to trust. Freenet incorporates a mechanism called "subspaces" to facilitate this. |
the future? Looking into the future I think the most needed features are (in order they should be implemented): -GGEP -Complete implementation of HUGE -gnet:// urls (clicking link launches search by hash) -Global searching (see Vinnies proposal at the_gdf) -Partail File Sharing -Publishing to Gnet (mirroring, proxy, ect) <-----------<<<<< -Advanced searching (and, or, +, -, ect) -More meta data!!! Maybe you can see where this could go ;-) |
Partial file sharing via HASH and have a option to not allow a complete file or say only 20% to reside on your system at any one time and If high speed people would simply let others share THROUGH their node, then it would be very difficult to say you are 100% sure it's on someone's computer. Even if people never use the pass through feature, since you can't tell if someone is using it or not, then there is still no 100% way to know where it's coming from. You also need a way to block IPs from passing through, let's say you only allow certian IP groups because you have nothing better to do. Why do that? because you could use another client and try to connect & pass your files through, and if it doesn't happen then you can say "that guy isn't passing through". But maybe, just maybe that guy is only passing certian IPs he likes! So no 100%. Oh, and if you say "that would make trading too slow", you haven't been paying attention. |
Re: Crimes Quote:
Gnutella is a file-sharing protocol, designed to find and transmit large amounts of data over a serverless and very stable network at the highest possible speed. If freenet was the WWW, then gnutella would be the FTP servers. |
The point was "But why is anonymity necessary?" Not just freenet. A "secure anonymous pseudonym" can be used anywhere you have a system for anonymous posting or file sharing. You need anonymity in order to have freedom. It's that simple. Besides, it's a great defense for the small guy against the super power greedy types. You should support and defend anonymity if you are a flag waiving, freedom loving person. The "press" keeps it's sources secret, and you would defend that wouldn't you? |
Quote:
What anonymity truly means (and you mistake for freedom) is, that you don't have to take responsibility for your actions. |
<sarcasm> Here's yet another reason why one should have anonimity and encryption on the web and Gnutella: http://www.msnbc.com/news/764107.asp </sarcasm> |
Quote:
What is that? It is an illusion, and as Taliban pointed out, it is also dependent on location and activity within that location. Everything you are saying is ignoring the simple fact that you could call yourself Bubbles... the rest of us would know that we were talking with 'Bubbles' and could even follow up an interest in what 'Bubbles' had to say yesterday, today and tomorrow. This is no infringement of some image of personal freedom. To anyone who either needs to know for their work or cares to know for their own interests, your IP is rarely a secret, so stop pretending that posting as unregistered is in any way superior in providing you, or anyone else, with enhanced freedom of speech. The entire argument regarding so called freedom of speech and maintaining an inviolate anonymity is meaningless and has nothing to do with the reality of a public or semi-public system. btw- "flag waiving" means to ignore or to do without...... To 'waive the rules'........ Try 'wave' next time. :p |
Okay from what I read you want encryption and DNS, Encryption on an open network is pointless because you would have to give out the key so other peoples clients can work. Thus any one even those you want to keep out get in and access to all the data again. Its like putting a lock on your house and giving everyone a key. As for DNS like service. You would have to have static DNS servers for the clients to work through. That is againest what the theory is, peer to peer, no server. What if the DNS server went down, all their data is gone. Also they are a huge target, they get sued and told they have to hand over the list of names and IPs. Then we are ALL in trouble. Its kinda all or nothing. Either all of us are safe or none of us are safe. |
Anonymity or evidence on Gnutella Network. In most countries evidence is required before an action can be brought before a person or organisation. Your ISP reporting xxGB of transfer on port x is simply not enough an analysis of the protocols and data is required. Bearing this in mind it does not matter if an allegation of ‘you downloaded a 3mb files and allowed x amount of people to share it’ they have to show what the file contained as it could have been your latest song, audio message to you friends, family photo album or a holiday video. Enter Encryption. As an example I will use PGP but feel free to replace with your chosen method. When you generate your key pair you can also generate and register a KEY ID, as part of the Gnutella protocol a user can request that the file be encrypted using their KEY ID. The acting server can the lookup the public key and send the encrypted data to the client who upon receipt decrypts it using their private key and pass phase. Who to trust? That is a difficult issue, but if you decide that the person is trustworthy you can add their KEY ID to your client, which automatically allows them to download files from you. I knock-on effect of this is you can remove people who just leach from you by banning their KEY ID. By storing the KEY ID as a text file in their shared files directory if their client is not configured to allow you to download from them, then you will not be able to send them the file that they have requested. |
It may work. But the network often has issues with speed right now, I fear adding encryption will only increase that issue. Not to mention programmers would have to learn how to build an encryption program. This is VERY hard to do. And if they have to make it, you then have people not skilled in crypto writing the software. Many security holes and tech issues will quickly arise. Sometimes its better to feel scared because you stay on your toes, rather than having a false sense of security. Its like that old joke, It better to know no karate than know just a little. With no skill you wont pick fights or try to get into fights, but with some skills you will be just strong enough to get your *** horribly kicked. |
The wheel has already been invented once so the client could just call GnuPG to encrypt files add/get keys etc over the users (normal) network via a simple call to gpg --keyserver certserver.pgp.com --recv-key 0xBB7576AC. Encrypting a file does not increase the file size (+- a few bytes) so the (Gnutella) network speed will not really be affected. User download time may notice a few seconds delay for the transfer to start while the acting server encrypts the file. I suggested encrypting not out a fear of what is being shared but rather a mechanism to stop agencies claims that then network is being used for (insert what you share) as they will not be able to show in court that xxxGb of copyrighted material was transferred over the Gnutella network as without all keys to prove this you would be slandering Gnutella users. |
Re: Anonymity on Gnutella Network Quote:
|
Quote:
|
This may work but it also will not be easy and you need to think about all the work that will be involved in it before you begin. |
| All times are GMT -7. The time now is 04:53 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2020 Gnutella Forums.
All Rights Reserved.