Warning to Gnutella developers: Design a system of anonymity or Gnutella is doomed
 

I realize Gnutella's entire concepts relies on public IPs, but if more people get their ISPs shut down, word will spead and people will quickly migrate to one of the secure apps, such as Freenet, filetopia, etc. I personally am very fond of my Gnutella apps and don't want to see this happen. This is why I warn the developers to somehow take some measures in this area or else Gnutella may not be here in a year or so. I'm not a programmer, so I don't know of the difficulties this may create. But somehow, regardless of the difficulties, Gnutella needs to evolve security without centralization or else it is doomed.

Gnutella is a filesharing network and not meant for copyright infringement. Of course you can use it for violations of intellectual property, but don't expect the developers to optimize the network for that purpose.

Perhaps this is true, but a majority of the transfers on the gnutella network are copyrighted mp3 files and so forth. Thus, if people no longer feel safe sharing these files they will go to a place where they do feel safe (freenet, filetopia,etc) Even if this wasn't gnutella's original intentions, if they want to preserve any semblence whatsoever of a network, they must address this issue.

Just for the record, freenet is NOT a file-sharing network. Ask the developers. Sharing large amounts of movies or mp3s just won't work reliably enough. And for the further record. Filetopia IS NOT anonymous. Whenever you establish a download connection, you will know the IP of the client you are connecting to. - In addition, the client server architecture makes it especially vulnerable to law suits.

If copyright infringement is not the main goal, why not just use ftp servers or webpages? Face it, people use "file sharing" to get songs, movies and software without buying it. You said it yourself in speaking of "freenet": "the client server architecture makes it especially vulnerable to law suits".

P2P mustnt be used for FileSharing. P2P networks are decentralised and more stable then a centralised system.
If you plug out the main server the whole network is down, that won't happen with P2P.

Point is moot
 

The P2P file sharing community has grown to the point that it can not be shut down .... you could sooner try to shutdown the internet. The Gnutella network especially is too large. What are these copyright lawyers going to do? Sue everyone with a gnutella client? The whole copyright arguement is impossible to make when nothing is centralized. Napster was centralized (so to speak) napster was killed.

BTW: Anyone know why sharks dont attack lawyers? Professional Courtsey.

What if RIAA and MPAA get the support of the large ISPs? Gnutella is all but invincible, you know.

The only weak point Gnutella has is the Initial Connection Problem. Gnutella is indeed decentralised but at first you always need a known host to connect to.

Today these known hosts are hosts like:
router.limewire.com:6346
public1.bearshare.com:6346
connect1.gnutellanet.com:6346
connect2.gnutellanet.com:6346
connect3.gnutellanet.com:6346
connect4.gnutellanet.com:6346

So this would be a good place to start killing p2p.
I think if anyone would shut down the most known
hosts no one could connect to the network since they
have no place to start.

Clients who are already connected however arent
affected by that problem because they have already
built up a big cache of known hosts.

Oh did I forget to say that all ISPs could block
messages like Gnutella 0.4 and messages needed to
communicate between the clients?

They could also block the port 6346 which is used by
most of the clients.

OK, now its quite easy to encrypt the Gnutella 0.4 msgs
and change the port but that would take quite long to manage.
If all ISPs work against Gnutella it will become quite hard to
keep the structure working if all developers dont work together.

Whilst in wonderland
 

While we are in wonderland .... you know the place where all ISPs consipire against the infamous port 6346 to shut down gnutella and untimately p2p forever .... i was looking up and saw a green pig flying high in the sky....

Get real.

Sorry but I think you're the one who's dreaming.
Gnutella is not invincible like Taliban said, and he's right.

OK, maybe it's impossible to let all ISPs block the port 6346 but...
it would make a big difference if all AOL, Compuserve or T-Online user couldnt use port 6346.

They could force the ISPs to block them by sueing them,
just to name an example.

Fact is, that it is indeed possible.
But maybe I'm just worrying too much.
:D

If you quit using bearshare and start using a advanced client, you would find that gwebcache is a distributed host cache system, and vinnie had nothing to do with it even though he will probably claim he saved gnutella again with it.

I do know the GWebcache.
I'm coding the ASP version of it.
Its called Lynn Gnutella Cache.

So now can the Gnutella developers get serious about more anonymity?
Will it take a complete shutdown of Gnutella by the big corps to get them to wake up?

"p2pNG, a public discussion/working group for establishing standards for the p2p community, has been started by the developers of the OpenP2P Project."

The group's primary goals are:

1) Unifying the currently fragmented p2p space through interoperability.
2) Establishing a viable, secure and anonymous communications standard over TCP/IP.

The URLs are:
http://lists.sourceforge.net/mailman.../openp2p-p2png
http://p2pNG.tk

Gwebcache is pretty darn cool, I must admit.

However, I was never fully comfortable with the idea that the IP address are not tested to make sure they can accept incoming connections.

I also feel that even Gwebcache is vulnerable to attacks, although the attacks will not be completely effective at blocking access to the network, they can cause connection establishment to take longer.

However, kudos to the developers of gwebcache for tackling this difficult problem head-on.

Thanks, good thing I came up with it when I did, we really need it now and more anon features.A little at a time, some of the security concerns have been addressed for the more basic attacks, and there are over 190 GWebCache servers running now so it is much better than the few dedicated "connect1.gxxx" we had before.
The IP addresses given on the system are mostly ultrapeers and are checked in a way since posting them from different IP sources will keep them around, otherwise they drop off. You can't just keep posting wild IP numbers to them from a single IP source either. If you had a bank of IP numbers available to you, you might be able to cause a little glitch in the system, but it would recover quickly and a lot of people would know who you are very fast.
GWebCache never would have happened if it wasn't for Open Source and many peoples' contributions.
Kudos also to ZeRO-G who picked this up and ran with it like a mad man on a wild mission when no one else paid any attention.
Some of the history and security concerns can be found here:
http://216.74.73.125/~c0re/gnuforum/...play.php?fid=7