Poll!Should it be possible to disable the Browse Host function!
 

Hello!

In the news recently we have read that maybe in the near future the music industry will start making law suits against private individuals(well atleast the top 10% of sharers that supposedly are providing 90% of file sharing networks content).But nothing has been decided 100% about that yeat.But if it turns out that it will happen I think that something must be done about the new Browse Host function in the new 2.5.x beta of LimeWire.It was re-introduced by popular demand and sure is a great feature but that was before we heard about the recent threats to the network.So in a future update I think it is important for the survival of the network that we as users have the ability to turn that feature off in LW preferences so that no one using any client will be able to browse hosts that have disabled it in their preferences.

Sure maybe this will make the new Browse Host function less usable but it maybe a neccessity these days after the recent threats from the music industry.

The disable function have to be designed in such a way that it is impossible from someone outside to view someones complete shared directory.Yesterday and the day before I was attacked by Warner Music in a new way:

Read more about it in my post:

http://www.gnutellaforums.com/showt...&threadid=13401

So it seems that somehow they have designed a client that can Browse Hosts even if the target host do not have clients that have this function(I am using LimeWire 2.4.4 for Mac) which do not have a Browse Host function and yet Warner Music was able to browse my Shared Directory and download a wast amount of files from me.

What do the disableing of the Browse Host function have to do with the recent threats from the music industry?

Well they say that if they start to chase individuals they will target their efforts against the big sharers(the top 10% that provides the network with 90% of its content).And If LimeWire would have the option that makes it impossible for someone to browse their shared directory we would not loose many of those valuable persons data from the network instead many of them would probably switch to LimeWire and LimeWire would become a bigger Gnutella client compared to the competitors.

So now what do you think about this should the LImeWire development team incorporate this function in a future update?

I think they should!

Hope That You Liked My Inputs!


__________________
Sincerely Joakim Agren!

Why should the RIAA bother to browse your host, when your host constantly keeps advertising its shares. - There just has to be a RIAA spy node in the neighborhood and they'll have 90% of your shares within less than an hour without even bothering to connect to you directly.

If they connected to you directly somebody would soon become aware of the RIAA servers constantly trying to browse hosts and you could block them very easily.

If the single purpose of such an option was to keep the RIAA from scanning your host, it'd be pointless to implement it.

Hello!

You are both correct and incorrect!

Yes it is true that as a participating host(node/servent) you are advertising your Library(shares)constantly but here is one of the beautys of Gnutella:its anonymity and that it operates on a need to know basis you never reveals your identy upon a query unless the query matches something in your Library(database).You can make the following analogy:

Lets say I am walking on a street in a town that I have never visited before and that I know no one in this town.Suddenly someone a stanger walks up to me and says Hello and I respond with Hello then he asks me Do you have a copy of the latest Britney Spears single? I say No but then I walk up to a new set of strangers and says Hello do you have a copy of the latest Britney Spears Single to all of them?.The Resonse was No but these persons in turn walks up to a new set of even more people and ask them the exact same thing and eventually a person that have it will respond Yes I have and I am on this and this street....And once that happens the person who asked that person will send that information to the previous person in the chain and that person will send the same person the same data to the previous person in the chain and this will continue all the way back to the original person who made the query who receives the data with the persons who had a copy of Britney Spears latest single name and address(on Gnutella the file name and IP number).

Never once during this entire procedure my identity(my name and address)(on Gnutella File name and IP number) nor anyone elses identity was revealed only the person who had the single and the original person who made the query will be known to eachother.

So this means that for anyone in the music industry who want to check out who is the big sharers they have to make an original query to get some identity's(IP's) and once they have found some persons that share a few of their copyrighted material they will have to Browse That persons shared directory to decide if that person is a big sharer or not since they apparently are only interessted in the top 10% of sharers that provides the network with 90% of its content.Sure if they would make thousands of querys and then see an individuals IP repeatedly and eventually gathered enough files from that person to call him a big sharer and then trough that persons ISP get to know/reveal his/hers true identity and press charges against him/her they would not need to Browse someones directory.But this would be very time consuming and I personally do not think that they are willing to go that far in their efforts to catch individuals.

So this means that if LimeWire would have a function in its preferences that totally prohibited someone from Browsing his or hers shared directory then it would become significantly harder for the RIAA or anyone else to catch individual big sharers.And this also means that probably several of Gnutella's big sharers would switch to LimeWire because they would feel more safe from getting caught and it would benefit LimeWire as a Gnutella client.

Not quite. You see, the RIAA spy nodes don't have to send any queries at all, nor do they have to browse any hosts. The best approach to spy on gnutella users is (and that's what MediaEnforcer, Ranger Online ... will most probably do) is set up a very well connected gnutella node with let's say 100 connections and save all queryreplies they receive. (The QueryHits aren't sent directly to the querying host, although LimeWire is working on out of band replies, they are passed to the next Ultrapeer and that passes them on again until it reaches the querying host and at some point the queryhit might pass through a RIAA spy node).
The spy node will map all queryreplies to the corresponding IP adresses of the sharing servent (contained in the query reply) and due to the massive amount of queries sent through the network (the one or the other will match a file you are sharing) they will have an almost complete list of your files while staying completely anonymous. It could be two hops away without you ever knowing or even the ultrapeer you are connected to, while claiming it was an ordinary LimeWire ultrapeer.

I don't think the spynode would bother browsing your host, since the spy node itself wouldn't remain anonymous that way. And it would have to ask thousands of hosts actively what files they are sharing instead of just sitting nearby silently, listening to your servent (and thousands of others) telling the whole world what files you are offering.

They really get their information quickly.
i only have an isdn-connection, but when I checked which files where asked for (or which my prog sent information about to others) via the information phex provides, I saw, that most of them where, even those, which I would have never deemed possible, that they could be asked for so often.

So browsing isn't necessary and if you just check the queries you can get most popular files quickly without ever sending a query to the network, which the RIAA could also do.

uery
 

Hello!

Now I get what you mean.You are talking about an Interception node also nicknamed an "Evil Eve" host.

What it does is listening to(Intercept) Pong messages but most importantly also QueryHit messages that contain information about Filename,its size,bandwidth,and IP number and port.

But it would be several big problems for the RIAA or any other to get enough evidence(Query Hit messages) to cath the big sharers.

1.It would be hard to get connected long enough to any individual node for long enough time to get enough Query Hit messages.To get effective they would have to set up an Ultrapeer and use a specialized client.If I would see an unknown strange vendor as one of my Ultrapeers under my connections tab I would instantly disconnect and reconnect to a different Ultrapeer.So this means that we should really start to look out for strange Ultrapeers.But it is also possible for the LimeWire developers to deny connections to hostile nodes for a future updated LimeWire version.I think that Bearshare have already done this in their new 4.X version.So lets hope that the LimeWire team are working on this.

2.Evidence value

The evidence value of Query Hit messages is not very high it is actually quite low.

It only proves that my files are indexed and shearchable and that someone is able to make a connection to me.

But in court I could always claim that I am a cheater or a Freeloader.That I take but do not give.I would tell the judge and the jury that In my Gnutella client LimeWire that I use there is an option to set the upload bandwidth and the number of upload slots to 0.So when someone tryes to download from me the download would stay at 0kB/sec and they would never get any files from me.So why do I have files in my Shared directory then?.

That is because I am aware of that many people on the Gnutella network has adopted an anti Freeloader policy.In LimeWire you could set the numbers of files that someone have to have in their shared directory before before they can download from you.And since I will not actually share any files but still be given permission to download from as many other hosts as possible I have alot of files in my shared directory but the upload bandwidth and the number of slots set to 0 so that I am not participating in any serious crime.

So this means that the Query Hit message is proof of the files that you have in your Shared Directory but it is not proof of that you are actually sharing them.

So this means that to get any real evidence that would really hold up in court they would have to browse my shared directory and download alot of files from me.But if LimeWire would have a function that prohibited such action then the RIAA or anyone else would have a significantly harder time catching big sharers.They would have to make thousands of querys and then download alot of files from a single individual and be lucky enough to get a large enough number of files from a single host to call that person a big sharer.

Lets hope that someone from the LimeWire development team read this thread because it sure is an interessting one!

Re: uery
 

You don't have to be connected to the individual directly, your querihits are broadcast to the network. That node only has to be somewhere in the neighborhood, not directly connected to you.

The vendor string transmitted in the connection handshake is easily changeable. It might claim to be a LimeWire host but it doesn't have to be.


Bearshare is closed source. Security features like those Bearshare implemented are not an option for open-source software, since the security feature is always described in the source code. As far as I am informed, the LimeWire developers don't plan to go closed source again.

When your host is browsed, you submit a number of queryhits, without any guarantee that the files are downloadable.
And legally it doesn't matter whether or not those files were downloadable, since your ISP usually can shut you down (according to the standard terms of use), even if you only pretended to be sharing files. But in front of the law, query hits are probably evidence enough. Not to mention that the RIAA spy node could arbitrarily download a few files for further proof, - WITHOUT ever browsing your host.

If you simply admitted the crime you could probably hope for lesser punishment. The RIAA could have some nasty surprises for you, if they downloaded files from your computer.

Like most LimeWire users you are not very well informed about LimeWire's anti-freeloader feature. All that is currently working is keeping Browsers from downloading from you. Any other client can download from you without sharing. Freeloader blocking only works for gnutella connections, not for uploads.

Re: Re: uery
 

Hello!



Yes they do not have to be directly connected to me to get my QueryHits but it is a question about time.Since they are only after the big sharers they have to get a large amount of QueryHits to call someone a big sharer and probably they will only target their efforts against individuals that share for more then a $1000 worth of material.And since the nodes that you are connected to constantly changes they probably do not stay intouch with an individual servent for a long enough time to get all the QueryHits they need.




Yes you are correct about that but if they do that then they might be commiting a crime themselfes.





That is not entirely true.It depends on what security features you mean but just a new countermeasurment function to deny connections to hostile nodes is still very doable for the LimeWire team to impliment whitout beeing close source.




You are incorrect about that it does not mather if the files are downloadable or not it does.I just read my subscription terms for my subscription and It only says that I are responsible for any illegal "Information transfers" and if I have set the download slots to 0 and the Upload bandwith to 0 no illegal information of copyrighted material from me was transferred hence I have not done anything illegal.And the QueryHIt messages are not proof of any file transfers.And since the ISP's only give out their customers data when a crime has been proven I doubt that most ISP's will give out such data based on Query Hits especially since the RIAA or the company's in the music industry are not government agency's if it where the FBI or something that would have been a completely different story.

I think that you underestimate the US court system.After all the justice in the United States (Or in Sweden where I live) operates under the following conditions before anyone gets convicted:

"Not guilty until proven beyond a reasonable doubt that you are guilty"

And my arguments in my previous post would probably be enough to not be able to convict me.To get some real hard evidence they have to prove that I do really share files and hence they have to first make a query and in the search results that comes up they have to Browse My shared directory to see if I share alot of files or if I am a just a Small sharer.And then start to download files from me and aslo save the result from the Browsing of my host.




[QOUTE]If you simply admitted the crime you could probably hope for lesser punishment. The RIAA could have some nasty surprises for you, if they downloaded files from your computer.[/QUOTE]

That is ofcourse one approach.But If I won using the other approach then I will not get punished at all.


[QUOTELike most LimeWire users you are not very well informed about LimeWire's anti-freeloader feature. All that is currently working is keeping Browsers from downloading from you. Any other client can download from you without sharing. Freeloader blocking only works for gnutella connections, not for uploads. [/QUOTE]

That is not correct!.I have set the amount of files that someone have to have in their shared directory to 20 in order for them to download anything from me.LimeWire takes the information from the Pong messages that contain data about the IP,portnumber,number of files and the total size of all those files.If a host send out a number below 20 files in their Pong response then that node will be refused and my node upon a request will not send out the http string data to that node that he needs to make an http connection and upload from me.And yes ofcourse the Anti Freeloader only works for Gnutella connections and not for uploads but since he cannot make a http connection to me then he cannot make uploads.

What do zou do if there is a host in between zou two, who does share_

Or if thez jsut set their download slots to 0 and the speed to 0 *zour trick(.

Or if tehz just upload legal files without copzright_

Sorry for the _s instead of ?s. I accidently switched to american keyboard.

I don't think the network really is that volatile. And even if it was, the spynode wouldn't have to gather all that information in one session since your client has an unique servent id, that will allow to identify it, even after its IP has changed. They could track you for weeks, before they finally think they've gathered enough information.

You cannot identify hostile hosts. The spynode could use any user agent string without anyone ever recognizing the spynode. It's not a crime to spoof a user agent string.

Advertising a huge index of stolen copyrighted material is proof enough for most ISPs to send their users a notice when the RIAA tells them to, and the ISP can shut you down, even it is not entirely proven that you actually uploaded those files. And if they did so, what are you going to do? Sue them? (You'd better not if you don't want your computer confiscated by the local police.)

And I think you should face reality. No judge would honestly believe you if you said you were just advertising this huge index of stolen copyrighted material to steal more copyrighted material and you weren't actually uploading anything. This is not only about proof. If a bomb explodes in your local mall and you happened to have bought the ingredients for that bomb, you go to jail, no matter what you did.

There are so many people that were found guilty although they were truly innocent and you think you would get away with saying:
"Hey, I weren't actually uploading anything." That's pathetic.

You simply don't get it, do you? THEY DON'T HAVE TO BROWSE YOUR F U C K I N G HOST, TO GET AN ALMOST COMPLETE LIST OF YOUR SHARES!

That's it. Okay, I really don't get it. Are you dumb or something? Somebody tells you that freeloader blocking does not work as you expected and what do you do? YOU SIMPLY MAKE SOMETHING UP, AND SAY THAT'S WHY IT WORKS AS I THOUGHT! You are unbelievable. I have the source code on my hard drive. I read the source code. I edited the source code and never it occurred to me, that LimeWire would ever reject a HTTP connection without even sending an error code. Not to mention that the algorithm you described wouldn't even work, since you don't necessarily receive many pongs at all and identifying a client according to their IP number is anything but safe.

The freeloader algorithm is in StandardMessageRouter.java in the method handlePingReplyForMe() and in HTTPUploader.java in the readHeader() method and all it does is killing uploads to browsers (identified by their user string) and killing gnutella connections to hosts not sharing files.

Hello!

I think it is pretty volatile I personally have never stayed in touch with one single Ultrapeer for longer then 15 minutes maximum so using the spynode approach to catch individual big sharers will probably take them atleast a couple of weeks to gather enough Query Hit messages like lets say a couple of thousand of them(so they have to spend alot of $$$$).And yes you are correct each servent do have a unique servent ID but I am not exactly sure if that ID is a steady one or if it changes everytime you restart your client using the Microsoft GUID system.Maybe you know better about that?




Yes that is true but I think that the Gnutella developers are working one some kind of thrusted node system that will help alleviate this probably not entirely but atleast make it harder for them to do so.




Yes the QueryHits is probably evidence enough these days since the introduction of the 0.6 Gnutella protocol and its implimentation of the Bearshare extended QueryHit message that also contains a trailer message with amongst other things a flag indicating how many uploads from a servent that has been succesfull.And If I where under investigation I would probably receive a letter from my ISP varning me and actually I would prefer to receive such a letter so that I know what is happening so that I could remove my shares of Gnutella(After all I do not want to loose my Internet connection).Lets just hope that I will be among the lucky ones as most people will be personally I think that the RIAA are a bunch of lazy people and that they will most likely target their efforts against US citizens so I think I am more safe and so are you.




This is irrelevant know since I now know that the QueryHit messages is all the evidence they need.




NO need to use such harch language!And you are correc they do not have to Browse my Shared directory to get evidence but I still think that they are lazy enough to use this method instead of the spy node tactic since that option will cost them much more and give them alot of work.Warner Music used the Browse Host method when performing a Interdiction attack against me which I wrote about in this thread:
http://www.gnutellaforums.com/showth...threadid=13401




You are correct that that Algorithm that I described do not work but the antifreeloader function does work anyway since pong messages with a less value then 20 files in shared directory will be rejected to connect to me over Gnutella so that means that my files will not show up in their search results.But I guess that this function is not bullet proof since I sometimes in my Monitor window see people that will initiate a http connection but the status will then imediatelly be File Not Found but I guess that many freeloaders are lucky enough not to send a pong message to me during a transfer so they will recieve the 200 OK value anyway and complete the download.Well it would be cool if the algorithm I described earlier did work.Maybe some genius could impliment it somehow in a future release of the Gnutella protocoll.

I would like to thank you for spiking me into seek out new knowledge of the Gnutella protocoll.Previously I had an extensive knowledge about the clients and a generall understanding of the Gnutella protocoll but now I know that had some knowledge gaps about some particular parts of the protocoll that I have now filled.

By the way I have looked at some of your posts on the forum and sometimes you are logged in as guest and sometimes as member.It is better if you are always logged in with your member account.

Since the facts in the previous posts are incorrect I am thinking of maybe delete this poll and re-write a new more accurate one.!

The spynode doesn't have to be connected to you directly. It can be anywhere up to seven hops away from you. Since your servent emits queryhits in all possible directions, they probably won't need weeks but days or even just hours. Even 15 Minutes could be enough if it is connected to you directly.

Next version of LimeWire will add information in the library table how often you sent a query hit for each file you share. Then you can see for yourself how aggressively you are advertising your shares to the network.

LimeWire's servent ID is steady. It's saved in the limewire.props file. I believe most servents keep their ID.

The flag is a boolean value and indicates if there have been any successful uploads at all.

Thanks!!! Krieger88 & Joakim Agren
 

Thanks to both of you for this dialogue - I find the discussion and the information contained within one of the best exchanges I have encountered!!!

Here's the latest LimeWire from cvs, now showing how many results your client has sent for each file you share. It might still show you some error messages if it is hashing files, - just click them away, they don't matter.

Although I knew that LimeWire was sending out lot's of queryhits, I was still astonished by the amount. - A spynode can have a list of all your shares within a minute without even bothering to browse your host.

http://mitglied.tripod.de/mdsgeist/LimeWire.zip

Changes include:
- shows numbers of alternate locations / upload attempts / successful uploads & queryhits sent for each file
- does only send queryhits while there are upload slots available

It's usable, however there might still occur some errors.

I'm with Bobomon: an excellent exchange. After reading earlier posts about RIAA attacks, I was curious about how they would go about compiling information. This thread has cleared up a lot of doubts. Thankyou Joakim and Kreiger88.

I hope Joakim has some ointment to rub into the burns, though.

RIAA bad ... LimeWire good ???
 

What's the deal here ... the RIAA Nazi Gestapo isn't going to be showing up on anyone individual's door with a subponea ...

though I did enjoy reading what everyone had to say here ... I think that somepoeple are being just a bit paranoid.

Ooops I'm the only imbecile who said
"I like to get caught by RIAA"

hehe, I voted for it too ;-)

Well, let's see. Everyone needs to do what they can to slow down [rectal orifices] like the RIAA who think simply because they control the music industry that they control the sounds my computer makes. Personally I see it as an invasion of privacy and a red flag when it comes to the destruction of basic rights and freedoms.

That being said, have you ever been to court? Have you ever had to pay a lawyer? Do you have any idea how much MONEY that costs? Be smart. The RIAA will go bankrupt if they have to chase every single person around to prove something, spending thousands of dollars in lawyer fees to persecute someone for a million dollars, who only has $5 to their name.

Not to mention, hackers who care about keeping information free, should find ways to create 'fake' limewire queries or whatever, so you can say "Well how do you know what you saw was real or not?" Confuse the matter, then watch how you manage your resources.

If you get a letter saying you're going to jail for software piracy. "Lose" your old hard drive. Where did it go? It stopped working, you replaced it, and it went in the garbage. Hopefully you throw it out before you get a subpoena otherwise you might get in a bit of trouble ;-P

Anyways, I'm not going to panic until people in my country start seriously getting persecuted. I share a few files, sometimes a lot, sometimes nothing; not terrabytes worth. Although I would really love to, (it's fun) I'm not going to take too many risks.

I'm sure my life won't be ruined if I had a few copywritten songs on my computer that were identified as being 'shared', but omfg. EVERYONE does this. It's like prohibition. You can't enforce a law the general public would be dead against.

The people who are pushing for this whole idiotic ban of the internet are the [non-bifurcated after exhaust vents] running / working for the major corporations that make billions of dollars off sellign propaganda to 12 year old girls/boys and getting them to spend all their parents money buying some stupid britney spears/nsync nonsense. Considering the techniques they use to sell and inspire desire for their products, I'm not really going to feel bad about making things difficult for them.

Welcome to the new war.

Welcome to spelling class !!!

The word for today is

subpoena

Thanks a lot ursula :p

BTW...

Don't worry about any of this junk...

And, the poll is flawed because it does NOT include the ONLY rational reason for wishing to disable others from Browsing you...

It takes a whole big basketful of bandwidth !
A lot in comparison to that which is needed for many other things...
It's a really nice feature... It doesn't really bother me and I usually have it enabled...

The only other 'real threat' is that some people are sometimes going to Browse you and say, "Hmmm, OK... I'll just download ALL of it !!!"....
lol... It happens, a lot !
Sort of 'skews' the old sharing statistics, hmmm ?


Why shouldn't you worry ?
Because if you have not installed PeerGuardian than you're not really trying to protect yourself.

PeerGuardian blocks the IPs of the above mentioned baddies... ;)

"Tome-Raiders Of The Lost Forum"
 

btw 2...

Hey, Aro... Are you one of those ancient thread archaeologists ?
:eek:



:p

To get some real hard evidence they have to prove that I do really share files...
_____________________

You don't have to prove that sharing has taken place, only that you arranged things so that such a transfer can take place at the user's will. The fact that your machine pops up when they do a search on titles, alone, says you're sharing those files.

And therein lies the problem. If people don't share, the network doesn't work. If they do, and doing so it's against the law of the country in which they reside they're vulnerable. The solution should be obvious. Since at the moment they're looking only for large scale operations, don't keep thousands of titles in your shared folders.

Personally, I don't know why the government, and the industries, haven't set up thousands of machines all busily offering buggered copies of any file a downloader might want. Since most PC owners haven't the faintest idea of how to delete files these realistic do-nothings would multiply and mask the real copies by sheer volume. Couple that with the vast majority of users who take files but share nothing, and things could come to a grinding halt.

In fact, it may be happening. I've seen evidence of it lately both in film and music.

Jay

RIAA ip range
 

Who's to say they're gonna look from the IP's peerguardian thinks they are?
I think we all have to stay strong and keep sharing and not be afraid of the big bad wolf if we're to stand a chance influencing some real change in the industry.

I'd just like to say, I like that feature and I think it's cool. With the issue of privacy, give me a break, all they know is the IP address, and those darn Bureaucracies can do whatever they want to crack down on people, they have the expertise to do so without using some neat feature that's added in LimeWire....Thank You very much

The RIAA can fall death!

I dont know much about them... But as i have read now... They are people that hates other people sharing music...

Well... If i made a album, with some very good songs ( So i will get in top 10 )... And no-one may download/share my songs... Then ill get in a short time over 1 million euro... And so will others... And is it so hard to make one album? NO! Let people share... Maybe ill get 10.000 euro then... And ill get fans... I go play live... and then i will get more money... and that is how it must be!

Here in europe, we are all like 'We must help the poor people'... But if we all have to buy albums instead of sharing... Then get the artists/bands richs, and the others poor!


I also read that they go after people that have more than 1000 euro on files... But how can u say the worth of the files... if i have 56kb/s music files... well they are not as good as 192kb/s files. Well i havent any 56kb/s files, so i dont know if the quility is so worse than the 192kb/s... but i think u know what i mean...


// Im here more against the RIAA than agree with the 'option to completely disable the Browse Host function'...


Look at this: http://en.wikipedia.org/wiki/RIAA#Ef...t_File_Sharing

I also see that they are in America... Well if they ever get control... Come to Europe:D

And read the german laws, which aren't much better for you.

Much better than not sharing and disabling browse host is to shre free material, because that really hurts the RIAA by strengthening their competition.

I have gathered some free material in the Phex wiki:

http://wiki.phex.org/Free_and_Legal_Content

But it would be nice if it would be possible to only show selected material in the browse host :)

browse host
 

i voted no to blocking host browsing because half of what has appeared on the website lately is full of viruses. as for the industry trying to charge inderviduals for uploading to the website these big money people should push off and leave us alone,why should we pay through the nose for there goods especially as they only cost upto a pound to make but charge an arm and a leg to buy,they are really being greedy. if they do not want us to upload/download there software then they should make there goods cheaper to buy. also i believe if you download something and you like it you are more likely to go and buy it in the long term.:nono:

Let's see you make an album that I want to download :tease: