|    
			
				September 12th, 2003
			
			
			  | 
  |   | Novicius |  |  Join Date: September 12th, 2003 
						Posts: 1
					   |  | 
  |   ambiguity, if not perfect anonymity 
  Hello,
 This is an open letter intended to hopefully start a discussion about possible technical responses to the current RIAA experience. This would be a useful technology not only for the RIAA debate, but also for the exchange of any sort of politically sensitive data.
 
 It seems that one possible solution is to create ambiguity, if not perfect anonymity, during file sharing. For example: If file-sharing software acted as both a file server and as proxy relay, it would become impossible to say with certainty where the file being shared actually resided.
 
 The basic idea is that each machine would randomly connect to other sharing machines and request a list of offered files. The machine requesting the list would then randomly select 50% of the files from each list (dropping duplicates) and create a combined list. It would then randomly select 50% of the files it had available locally and add them to the combined list, again dropping duplicates. Subjecting it's own file list to the identical random selection before adding to the combined list is done to defeat statistical analysis to identify locally cached files. (otherwise locally cashed files would be persistent in each list)
 
 When a connecting client requests a list of available files, our machine would offer the combined list but not reveal if the file existed locally or actually resided on another machine. If a file selected for download was not local, the serving machine would simply relay the file (without keeping a copy) to the requesting machine by proxy. Ideally, the proxy would not cache the file, but rather only function as a proxying router to mask the origin of the file.
 
 This way the client would not know if the file it was receiving was coming from the machine it was connect to or if the file was simply being forwarded from some other machine. Or it may in fact have been relayed through several machines. As long as a system was in place for controlling the rate of data flow (and minor buffering with random start delays) the speed and latency of the connection would not easily betray the origin of the file.
 
 Of course, there would many technical issues to sort out, such bandwidth negotiations between sharing machines , list size, and how often the lists would be regenerated. The client software would also require a way to watch for a certain file to become available because the lists provided would not be complete and would change each refresh. And, of course, the software would have to be designed so that there was no cached record of file origins. But the basic idea could be expanded to include encrypting traffic between machines (with padding) so that not even a sniffing ISP could say what was shared.
 
 In the US the difference between acting as a router and actually having duplicated a file is legally significant. In one case you are only providing information and bandwidth, in the other you have actively duplicated a file. I suspect that it would be difficult to put providing bandwidth into the same class of crime, because that would end up possibly including any carrier of data.
 
 Thank you,
 Durllwyd
     |