Poll!Should it be possible to disable the Browse Host function!
 

Hello!

In the news recently we have read that maybe in the near future the music industry will start making law suits against private individuals(well atleast the top 10% of sharers that supposedly are providing 90% of file sharing networks content).But nothing has been decided 100% about that yeat.But if it turns out that it will happen I think that something must be done about the new Browse Host function in the new 2.5.x beta of LimeWire.It was re-introduced by popular demand and sure is a great feature but that was before we heard about the recent threats to the network.So in a future update I think it is important for the survival of the network that we as users have the ability to turn that feature off in LW preferences so that no one using any client will be able to browse hosts that have disabled it in their preferences.

Sure maybe this will make the new Browse Host function less usable but it maybe a neccessity these days after the recent threats from the music industry.

The disable function have to be designed in such a way that it is impossible from someone outside to view someones complete shared directory.Yesterday and the day before I was attacked by Warner Music in a new way:

Read more about it in my post:

http://www.gnutellaforums.com/showt...&threadid=13401

So it seems that somehow they have designed a client that can Browse Hosts even if the target host do not have clients that have this function(I am using LimeWire 2.4.4 for Mac) which do not have a Browse Host function and yet Warner Music was able to browse my Shared Directory and download a wast amount of files from me.

What do the disableing of the Browse Host function have to do with the recent threats from the music industry?

Well they say that if they start to chase individuals they will target their efforts against the big sharers(the top 10% that provides the network with 90% of its content).And If LimeWire would have the option that makes it impossible for someone to browse their shared directory we would not loose many of those valuable persons data from the network instead many of them would probably switch to LimeWire and LimeWire would become a bigger Gnutella client compared to the competitors.

So now what do you think about this should the LImeWire development team incorporate this function in a future update?

I think they should!

Hope That You Liked My Inputs!


__________________
Sincerely Joakim Agren!

Why should the RIAA bother to browse your host, when your host constantly keeps advertising its shares. - There just has to be a RIAA spy node in the neighborhood and they'll have 90% of your shares within less than an hour without even bothering to connect to you directly.

If they connected to you directly somebody would soon become aware of the RIAA servers constantly trying to browse hosts and you could block them very easily.

If the single purpose of such an option was to keep the RIAA from scanning your host, it'd be pointless to implement it.

Hello!

You are both correct and incorrect!

Yes it is true that as a participating host(node/servent) you are advertising your Library(shares)constantly but here is one of the beautys of Gnutella:its anonymity and that it operates on a need to know basis you never reveals your identy upon a query unless the query matches something in your Library(database).You can make the following analogy:

Lets say I am walking on a street in a town that I have never visited before and that I know no one in this town.Suddenly someone a stanger walks up to me and says Hello and I respond with Hello then he asks me Do you have a copy of the latest Britney Spears single? I say No but then I walk up to a new set of strangers and says Hello do you have a copy of the latest Britney Spears Single to all of them?.The Resonse was No but these persons in turn walks up to a new set of even more people and ask them the exact same thing and eventually a person that have it will respond Yes I have and I am on this and this street....And once that happens the person who asked that person will send that information to the previous person in the chain and that person will send the same person the same data to the previous person in the chain and this will continue all the way back to the original person who made the query who receives the data with the persons who had a copy of Britney Spears latest single name and address(on Gnutella the file name and IP number).

Never once during this entire procedure my identity(my name and address)(on Gnutella File name and IP number) nor anyone elses identity was revealed only the person who had the single and the original person who made the query will be known to eachother.

So this means that for anyone in the music industry who want to check out who is the big sharers they have to make an original query to get some identity's(IP's) and once they have found some persons that share a few of their copyrighted material they will have to Browse That persons shared directory to decide if that person is a big sharer or not since they apparently are only interessted in the top 10% of sharers that provides the network with 90% of its content.Sure if they would make thousands of querys and then see an individuals IP repeatedly and eventually gathered enough files from that person to call him a big sharer and then trough that persons ISP get to know/reveal his/hers true identity and press charges against him/her they would not need to Browse someones directory.But this would be very time consuming and I personally do not think that they are willing to go that far in their efforts to catch individuals.

So this means that if LimeWire would have a function in its preferences that totally prohibited someone from Browsing his or hers shared directory then it would become significantly harder for the RIAA or anyone else to catch individual big sharers.And this also means that probably several of Gnutella's big sharers would switch to LimeWire because they would feel more safe from getting caught and it would benefit LimeWire as a Gnutella client.

Not quite. You see, the RIAA spy nodes don't have to send any queries at all, nor do they have to browse any hosts. The best approach to spy on gnutella users is (and that's what MediaEnforcer, Ranger Online ... will most probably do) is set up a very well connected gnutella node with let's say 100 connections and save all queryreplies they receive. (The QueryHits aren't sent directly to the querying host, although LimeWire is working on out of band replies, they are passed to the next Ultrapeer and that passes them on again until it reaches the querying host and at some point the queryhit might pass through a RIAA spy node).
The spy node will map all queryreplies to the corresponding IP adresses of the sharing servent (contained in the query reply) and due to the massive amount of queries sent through the network (the one or the other will match a file you are sharing) they will have an almost complete list of your files while staying completely anonymous. It could be two hops away without you ever knowing or even the ultrapeer you are connected to, while claiming it was an ordinary LimeWire ultrapeer.

I don't think the spynode would bother browsing your host, since the spy node itself wouldn't remain anonymous that way. And it would have to ask thousands of hosts actively what files they are sharing instead of just sitting nearby silently, listening to your servent (and thousands of others) telling the whole world what files you are offering.

They really get their information quickly.
i only have an isdn-connection, but when I checked which files where asked for (or which my prog sent information about to others) via the information phex provides, I saw, that most of them where, even those, which I would have never deemed possible, that they could be asked for so often.

So browsing isn't necessary and if you just check the queries you can get most popular files quickly without ever sending a query to the network, which the RIAA could also do.

uery
 

Hello!

Now I get what you mean.You are talking about an Interception node also nicknamed an "Evil Eve" host.

What it does is listening to(Intercept) Pong messages but most importantly also QueryHit messages that contain information about Filename,its size,bandwidth,and IP number and port.

But it would be several big problems for the RIAA or any other to get enough evidence(Query Hit messages) to cath the big sharers.

1.It would be hard to get connected long enough to any individual node for long enough time to get enough Query Hit messages.To get effective they would have to set up an Ultrapeer and use a specialized client.If I would see an unknown strange vendor as one of my Ultrapeers under my connections tab I would instantly disconnect and reconnect to a different Ultrapeer.So this means that we should really start to look out for strange Ultrapeers.But it is also possible for the LimeWire developers to deny connections to hostile nodes for a future updated LimeWire version.I think that Bearshare have already done this in their new 4.X version.So lets hope that the LimeWire team are working on this.

2.Evidence value

The evidence value of Query Hit messages is not very high it is actually quite low.

It only proves that my files are indexed and shearchable and that someone is able to make a connection to me.

But in court I could always claim that I am a cheater or a Freeloader.That I take but do not give.I would tell the judge and the jury that In my Gnutella client LimeWire that I use there is an option to set the upload bandwidth and the number of upload slots to 0.So when someone tryes to download from me the download would stay at 0kB/sec and they would never get any files from me.So why do I have files in my Shared directory then?.

That is because I am aware of that many people on the Gnutella network has adopted an anti Freeloader policy.In LimeWire you could set the numbers of files that someone have to have in their shared directory before before they can download from you.And since I will not actually share any files but still be given permission to download from as many other hosts as possible I have alot of files in my shared directory but the upload bandwidth and the number of slots set to 0 so that I am not participating in any serious crime.

So this means that the Query Hit message is proof of the files that you have in your Shared Directory but it is not proof of that you are actually sharing them.

So this means that to get any real evidence that would really hold up in court they would have to browse my shared directory and download alot of files from me.But if LimeWire would have a function that prohibited such action then the RIAA or anyone else would have a significantly harder time catching big sharers.They would have to make thousands of querys and then download alot of files from a single individual and be lucky enough to get a large enough number of files from a single host to call that person a big sharer.

Lets hope that someone from the LimeWire development team read this thread because it sure is an interessting one!

Re: uery
 

You don't have to be connected to the individual directly, your querihits are broadcast to the network. That node only has to be somewhere in the neighborhood, not directly connected to you.

The vendor string transmitted in the connection handshake is easily changeable. It might claim to be a LimeWire host but it doesn't have to be.


Bearshare is closed source. Security features like those Bearshare implemented are not an option for open-source software, since the security feature is always described in the source code. As far as I am informed, the LimeWire developers don't plan to go closed source again.

When your host is browsed, you submit a number of queryhits, without any guarantee that the files are downloadable.
And legally it doesn't matter whether or not those files were downloadable, since your ISP usually can shut you down (according to the standard terms of use), even if you only pretended to be sharing files. But in front of the law, query hits are probably evidence enough. Not to mention that the RIAA spy node could arbitrarily download a few files for further proof, - WITHOUT ever browsing your host.

If you simply admitted the crime you could probably hope for lesser punishment. The RIAA could have some nasty surprises for you, if they downloaded files from your computer.

Like most LimeWire users you are not very well informed about LimeWire's anti-freeloader feature. All that is currently working is keeping Browsers from downloading from you. Any other client can download from you without sharing. Freeloader blocking only works for gnutella connections, not for uploads.

Re: Re: uery
 

Hello!



Yes they do not have to be directly connected to me to get my QueryHits but it is a question about time.Since they are only after the big sharers they have to get a large amount of QueryHits to call someone a big sharer and probably they will only target their efforts against individuals that share for more then a $1000 worth of material.And since the nodes that you are connected to constantly changes they probably do not stay intouch with an individual servent for a long enough time to get all the QueryHits they need.




Yes you are correct about that but if they do that then they might be commiting a crime themselfes.





That is not entirely true.It depends on what security features you mean but just a new countermeasurment function to deny connections to hostile nodes is still very doable for the LimeWire team to impliment whitout beeing close source.




You are incorrect about that it does not mather if the files are downloadable or not it does.I just read my subscription terms for my subscription and It only says that I are responsible for any illegal "Information transfers" and if I have set the download slots to 0 and the Upload bandwith to 0 no illegal information of copyrighted material from me was transferred hence I have not done anything illegal.And the QueryHIt messages are not proof of any file transfers.And since the ISP's only give out their customers data when a crime has been proven I doubt that most ISP's will give out such data based on Query Hits especially since the RIAA or the company's in the music industry are not government agency's if it where the FBI or something that would have been a completely different story.

I think that you underestimate the US court system.After all the justice in the United States (Or in Sweden where I live) operates under the following conditions before anyone gets convicted:

"Not guilty until proven beyond a reasonable doubt that you are guilty"

And my arguments in my previous post would probably be enough to not be able to convict me.To get some real hard evidence they have to prove that I do really share files and hence they have to first make a query and in the search results that comes up they have to Browse My shared directory to see if I share alot of files or if I am a just a Small sharer.And then start to download files from me and aslo save the result from the Browsing of my host.




[QOUTE]If you simply admitted the crime you could probably hope for lesser punishment. The RIAA could have some nasty surprises for you, if they downloaded files from your computer.[/QUOTE]

That is ofcourse one approach.But If I won using the other approach then I will not get punished at all.


[QUOTELike most LimeWire users you are not very well informed about LimeWire's anti-freeloader feature. All that is currently working is keeping Browsers from downloading from you. Any other client can download from you without sharing. Freeloader blocking only works for gnutella connections, not for uploads. [/QUOTE]

That is not correct!.I have set the amount of files that someone have to have in their shared directory to 20 in order for them to download anything from me.LimeWire takes the information from the Pong messages that contain data about the IP,portnumber,number of files and the total size of all those files.If a host send out a number below 20 files in their Pong response then that node will be refused and my node upon a request will not send out the http string data to that node that he needs to make an http connection and upload from me.And yes ofcourse the Anti Freeloader only works for Gnutella connections and not for uploads but since he cannot make a http connection to me then he cannot make uploads.

What do zou do if there is a host in between zou two, who does share_

Or if thez jsut set their download slots to 0 and the speed to 0 *zour trick(.

Or if tehz just upload legal files without copzright_

Sorry for the _s instead of ?s. I accidently switched to american keyboard.

I don't think the network really is that volatile. And even if it was, the spynode wouldn't have to gather all that information in one session since your client has an unique servent id, that will allow to identify it, even after its IP has changed. They could track you for weeks, before they finally think they've gathered enough information.

You cannot identify hostile hosts. The spynode could use any user agent string without anyone ever recognizing the spynode. It's not a crime to spoof a user agent string.

Advertising a huge index of stolen copyrighted material is proof enough for most ISPs to send their users a notice when the RIAA tells them to, and the ISP can shut you down, even it is not entirely proven that you actually uploaded those files. And if they did so, what are you going to do? Sue them? (You'd better not if you don't want your computer confiscated by the local police.)

And I think you should face reality. No judge would honestly believe you if you said you were just advertising this huge index of stolen copyrighted material to steal more copyrighted material and you weren't actually uploading anything. This is not only about proof. If a bomb explodes in your local mall and you happened to have bought the ingredients for that bomb, you go to jail, no matter what you did.

There are so many people that were found guilty although they were truly innocent and you think you would get away with saying:
"Hey, I weren't actually uploading anything." That's pathetic.

You simply don't get it, do you? THEY DON'T HAVE TO BROWSE YOUR F U C K I N G HOST, TO GET AN ALMOST COMPLETE LIST OF YOUR SHARES!

That's it. Okay, I really don't get it. Are you dumb or something? Somebody tells you that freeloader blocking does not work as you expected and what do you do? YOU SIMPLY MAKE SOMETHING UP, AND SAY THAT'S WHY IT WORKS AS I THOUGHT! You are unbelievable. I have the source code on my hard drive. I read the source code. I edited the source code and never it occurred to me, that LimeWire would ever reject a HTTP connection without even sending an error code. Not to mention that the algorithm you described wouldn't even work, since you don't necessarily receive many pongs at all and identifying a client according to their IP number is anything but safe.

The freeloader algorithm is in StandardMessageRouter.java in the method handlePingReplyForMe() and in HTTPUploader.java in the readHeader() method and all it does is killing uploads to browsers (identified by their user string) and killing gnutella connections to hosts not sharing files.