don´t show IPs please
 

I see how appreciated the "browse host" function is, however I feel VERY uneasy sharing a lot of stuff & knowing that it is so easy to find out about my (computer´s) identity.
Is it necessary to SHOW the IP? maybe a username instead?
i plead for more user protection.

(the same of course applies for the connections-windoiw)

thnx

IP Option or Fake
 

Well, it may not be hard to mask the ip address as an option.

Users could turn their IP ON or OFF at will on the fly.

Another possibility is that a MASKED or FAKE IP could be entered in its place that is not traceable on the internet, but that works on the p2p network for still allowing connections in and out, so a form of NAT (Address Translation) sort of a temporary proxy for security.

These ideas may be a bit more difficult to produce effectively for our LimeWire coder staff, but i heard that they have some pretty good skills none-the-less, and might hire another software engineer.

Its mostly a matter of 'Why they don't want to put this in'. If it was that good, they probably would have put it in already, and they haven't.

There is another program that offers secure connections called earth station 5 or something like that.

The downside to avoiding the security issue is that the limewire userbase shrinks. For instance, all but 1 of the last 30 limewire users that i talked, claim that they disconnect limewire at ALL times except just for a few minutes when they want a file, due to its lack of protection and security.

People, myself included, have been asking the Limewire developers to do this (hide IPs) for well over two years now. The requests always fall on deaf ears.

A good way to keep Limewire from showing your IP address is to put yourself behind a hardware router. Once you do that, Limewire only shows your private IP address, which is not unique to your computer and can't be used to trace you.

It's trivial to find out your real IP address in spite of hardware routers or LimeWire hiding the IP addresses in the GUI. You gain no protection whatsoever by hiding it.

But I already posted a way to do this more than once, and a quite simple one to give us all the anonymity, which we need (without making the IP impossible to find out, only much harder, so things like childporn etc. can still be traced _with much effort_ by the police).

This is what I posted in the GDF (Gnutella Developement Forum) on 29. Februrary 2004:

This wouldn't give complete anonymity, but enough to avoid being sued. This is very acute for me, because I am being sued at the moment, and I don't want that to happen to others.

Uploading only 2/3rds of a file isn't exactly necessary, but surely useful. You just have to be careful, that not everyone uploads only the same 2/3rds :)

Instead of having an ID change with every restart, you could use a different ID for every UP and Proxy. That way you would act as several distinct sources, but as soon as people begin downloading from you, they would see, that many of those are busy, as they already download from them. Means: Many routes to one and the same file, but almost no chance to prove, that all of those belong to one host/source.

PS: Don't say now "MUTE isn't really anonymous". Important is not, if MUTE is anonymous, but that Users, many Users want to be safe from being sued!

Trust me, if you were sued, it's not because LimeWire or any other client shows IP addresses in the GUI. It's because the Gnutella protocol includes IP addresses in every QueryHit and you cannot download or upload anything from Gnutella (or from most other networks) without letting the world know your IP address.

I AM being sued, your doubting sadly doesn't change it.

Instead of my IP, the protocol could also simply include the IP of my Proxy and a Transfer-ID.

Hmm,
Sad to read that Arne.
But can you get us any details on that ?
Was it becouse of gnutella use ?

Yes, it was because of Gnutella use, but indirectly. Sadly I am not allowed to say more. My lawyer got the files from the "Staatsanwaltschaft" and I am forced to keep them confidential.

As soon as I am allowed to say more, you can be sure, that I will!

But what I can say: They didn't found me using the Gnutella Protocol directly, and I hope their "evidence" is too weak.

It's also the very "feature" that I dropped by to ask about. Every so often I have to go through my pending downloads to prune out all the single-source transfers from Limewire hosts that started and never finished - usually having stopped at somewhere between 100 MB and 500 MB out of 700 MB or so. Gigs of wasted bandwidth and disk space, and I'm still not able to think of one good reason why.

Not displaying your WAN IP in Limewire doesn't protect you. If you're behind a router, view your log. You'll see the destination IP of every single outbound connection listed. Any of them with a router can also see yours. If you're a Windows user, drop to a command prompt and enter "netstat -a". Voila - the destination address of every single active connection. Every other Windows user can do this too, and I'd bet everything I own that similar tools are easily available for Linux, Unix, and OS/X.

A return address is stamped on every single packet that Limewire sends, and Limewire doesn't really have any control over that. Whether or not you've heard of protocol analyzers, law enforcement has (for that matter, so have any "mad hax0rz" you might be concerned about). I'm not giving away any secrets here, folks - anyone that an IP would be useful to knows this and more. In short, Limewire reporting your LAN IP this way protects you from people who wouldn't know what to do with your IP, and that's about all.

Which brings me back to my purpose for dropping by - finding out the reason for this class C address thing. What in the name of creation is it supposed to accomplish, besides guaranteeing that an upload which stops will never resume?

When I first figured out why I had several GB worth of temp files for downloads which just never, ever resumed, I started trying to think of one good reason why Limewire would do that. I thought it was a mistake; when I found out that this was not only intentional, but default behavior, it blew my mind. Now, months later, I've thought about it many times (every time I prune garbage from my download list) and the only reason I can think of is "to make Limewire users feel safer than they really are". Is it worth it? Isn't that a disservice to... well, pretty much everyone?

I understand your point doug b but are you shure there isn't any way we could be safe maybe that's what is being suggested... all I hope is that limewire doesn't have fake options that won't work cause this sucks for all of us cause we might take risks we would not take without these options.
arne_bab I feel very sorry about what happened I hope it'll turn out allright. now this is starting to be a very big problem those money grubing(I need a dictionary don't I?) music industries are only interested in getting their money for this I believe that the software engeneers of the gnutella network and programs need to make safety settings to protect it's users

i agree limewire needs some privacy features

I'm not a law connaisseur, but I'm thinking, isn't it true that it's not how much you share but what you share that makes the difference? While sharing 1000000 files would earn you some RIAA or other similar organisation's interest, if they're all either non-copyrighted material (maybe .mp3s of your own renditions of songs) or legal material then you should be ok. On the other hand, if you share 2 files and one of them is a video of the President in a *ahem* "private" meeting, then you can be almost sure that the even the FBI might be looking for your a$$.
(Remember, I'm only speculating here, k?)
If all of this is true, wouldn't just removing the files most susceptible of getting you sued from your Shared folder(s) as they come in, be enough to make you seem less "outlaw"?
Now, I understand that, depending on the point of view, doing that is or isn't good for the Network (some might see it as less files for the network, while others might think that less trash will be shared), but, again, I'm just talking (or, more fittingly, writting) here. And again, I don't know squat about laws.

I think that'd be a pretty good tip
now we just need to know what they are looking for.....

Yet again, if any of this is true (please, if someone knows if it is or isn't then come say it. We need some things clarified here), I would think that among their primary targets would be the latest movies. Someone mentioned that he recieved a call and they told him that they knew he had a copy of a recent movie: he was told that he had to erase it and destroy all copies of it and stuff like that. So, most probably, if you got into P2P to get the most recent movies for free in the first place, then your chances of recieving a call like that should go up tenfold.

Folks face it, sharing copyrighted material for what you have not the copy right is most likely not allowed in countries where we're living (EU, North America, Japan etc). In some countries the lawyers differentiate between downloading and uploading, some have no copyright laws, other have a copyright laws but sharing is allowed or they don't care due to other (more important -- e.g. social or economic) problems or or or... It is foolish to believe there are share quotas or whatever where you get caught or not. Accept the risk (after making a personal risk analysis and don't be whiny if you get caught) or just don't share copyrighted material!

In this spirit, if I would be in Myanmar I would say "RIAA: kiss my shiny metal ***" and would turn on the acoustic coupler. :D

What I believe the proposed "secure" network arne_bab speaks of is to use "Ultrapeers" or "proxies" as a type of "bodyguard" for the network. Each computer connects to an Ultrapeer as a user, and their IP address is stored in a database on that computer that is not visible on the network. Then, when someone wishes to download a file they must go through the Ultrapeer to connect to that server (indirectly). In essence, the Ultrapeer then becomes a 'network host' between both computers.

This is most definately NOT a good idea, since it puts all the strain of the network on the Ultrapeers, bouncing raw data from computer to computer, ignoring the shortest internet route and slowing down the network in the process. In turn, this also makes it look like the Ultrapeer is actually the one originating the file. This means that not only network strain is put on these servers, but legal strain. It makes them responsible for the data they pretended to host. Then the Ultrapeers would be forced to release the IP information from their database to show the file's origin. So, this actually does NOTHING to protect you from getting caught distributing illegal material, except putting the network to blame for its members' mistakes (Napster, anyone?). All of what you wish to do here can already be done by connecting to your ISP via a proxy.

Encryption of files on a PUBLIC NETWORK is totally ludicrous! All encryption does is prevent people monitoring connections to read the file. But if those people can simply download the file from you and read it, they've just bypassed your encryption security! Encryption is only necessary for Private P2P communication, which Gnutella is not. When you put files on the Gnutella network you are sharing it with the world, not select "trusted" people.

At first this may seem a logical solution, since as an individual you will never share 100% of a file with anyone. However, if you think about it with more than 6 hz of brainpower, you'll realize that it would make downloads IMPOSSIBLE. In short, the only way you could make a download 100% complete is if the same file were located from 2 different sources! Therefore, nobody would ever be able to add anything to the network! Unless, of course, they happened to have access to 2 computers, which defeats the purpose of everything in the first place. If you are truely concerned about not having the full file downloaded, you should focus on having more sources available with that file. So, ironically, all the people who are way too paranoid about the lack of privacy on Gnutella are the ones causing this problem on Gnutella. Go figure. A network is only as good as its members; it can only give you what its members give out. In this case, it's strength in numbers.

One thing I would like to point out is that anywhere you go on the internet, using any internet protocol, has the capability of logging your IP address. Simply using the internet is a security risk. All networks are formed around the concept of trust. If you don't trust a website with your IP address, don't visit it. Same with Gnutella. I hate to say this, but, if you don't trust the people on Gnutella, don't use it. Whatever company gave you the data that you are sharing probably trusted you not to share that data. So to say that you do not trust the very people that you wish to share data that was entrusted upon you, is at the very least hypocritical. Not to mention the countless people of whom shared their own trusted data with you. To eliminate this trust by sharing anonymously would be catastrophic to the network.

And, if you are concerned about people hacking into your computer, or uploading viruses, there are already hundreds of client-side solutions for all of these. However, the more internet presence you have, the more you are at risk. I hate to use the cliche "The best internet security is not to use the internet at all," but it's true.

You know, that your ISP can't be held responsible for the data, which flows through it?
They even must not read it out, exactly like the postal office must not open your letters.

The Ultrapeers also don't pretent they had the data, but simply say, that a host they know (but whom they don't name directly) might have it, and that they can route that file to you.

For this they simply use a session ID for that host, which expires after some time. Should that host no longer be online after that time, the information gets useless, and even more important: The information should never be stored any longer than a few days, so you have no "releasing the routing table", because there is none anymore.

You can only get caught, when the police checks the logs of your provider and checks which connections correspond to which client, but that is much work, and thus they can't simply sue anyone, but have to focus on real crimes like distributing child porn, instead of hunting one half of the people with internet access.

So it gives you privacy as long as the state doesn't crack down with really hard methods (and much money). I know that the USA are famous for their war on drugs, but I hope this would be too expensive even for them to do it for sharers of simple files, which doesn't really harm anyone.

With this measure alone, getting the IP of a sharer will no longer be trivial, and you can't sue in masses.

Partly nonsense (sorry). Since you answered to my previous post, you should be able to count 1 and 1 and see, that they can't know from whom they just downloaded the file.
Those two measures work together.

Thanks for the compliments.
As you use the number 6 in your post I assume you read the part, which stated, that this should only be done, if the uploader already knows 6 other working sources. So there are at least 7 sources avaible for that file and half your paragraph originates from a wrong assumption. I ask myself, if that assumption was intentional.

File Hashes make it possible to check, that you have the complete and correct file.

Ironically, using this, "legitimate" content could get a boost, because there the original sharers wouldn't enable this measure, and downloads from them would most likely be faster.

Also while this measure provides additional security against lawsuits, it only works against those lawsuits, which only holds as long as the laws aren't changed and even sharing only parts of a file is being made illegal. Butt till then it could give Gnutella a real boost of users.

Here you are completely right. I mean: the last two sentences only.

The first sentence is sadly completely wrong. I assume you didn't read the whole thread, else you would know, that I AM BEING SUED AT THE MOMENT, and your talk about being too paranoid somehow "STRIKES A VERY BAD CHORD".

*calms down a bit*

I would even say (to come back to your two true sentences), that numbers are more important than to have the most efficient downloads. That means: the bandwidth we lose through proxying (most downloads will only work with half speed, except those which are being hosted by people who decide, that they don't fear to be persecuted) is less than that we win beause we get more sharers.

To increase the numbers of sharers, those must be able to feel halfways confident, that they won't be prosecuted for something which doesn't really harm the music industry (the australian music industrie even makes more money than two years before. They were _very_ shy in admitting that) and harms the artists even less (if you want to discuss this, please start a new thread. I'll be in it, when I see it).

Agreed. BUT: This is only true for direct connections. My first point simply states, that you don't use direct connections.

You mean: Now you tell us to trust anyone in the Gnutella network, after you said, that it is no private trusted network, but that it is public?

All that followed was sadly: Share only what you are allowed by whatever laws are valid in your country, even if those laws are completely ludicrous and harm the artists by supporting the claims of a few monopolists.

I don't trust the person I am downloading from, because I don't know that very person. Would you give your wallet to me, without knowing who I am? I wouldn't give mine to you (but presumable to some people in this forum, I might, because I got to know them, though not face to face).

The main strength of p2p-networks is that you don't have to trust or even know the people you are sharing with and downloading from. Everyone agreed to give something to the network, so everyone gets more for him-/herself. A very simple system, which is called the "commons", or in german: "Allgemeingut" and "die Allgemeinheit unterstützen".

The Network simply enforces strictures, which allow a certain trust which isn't bound to the person you are sharing with, but with the network.

In earlier time, people trusted based on personal honor. Today, we can trust the structures of the Network and don't have to trust the integrity of its Users.

So you say: If you are concerned about your privacy: Don't use Gnutella.
That means: Everyone should stop using p2p-networks, except, if they only share "legitimate" content.

Which is no way of thinking forward.
Try thinking of solutions to problems.
The problems are:
1) Users are being sued
2) Users are afraid of sharing because other users are being sued
3) We have too few Users who share because they are afraid of sharing because other Users are being sued because they shared
4) Files get downloaded completely from a single User, who can then be sued, because we have too few alternative locations for files, because we have too few Users who share because they are afraid of sharing because other Users are being sued because they shared

So the solution which tacks the root of the problem is to make it much harder to sue Users.

I think you can figure out, how that problem tree (more a problem parasite) shrinks into itself, as soon as the root problem is being rooted out.

Also: Don't be shy to think if those legal rights are legitimate rights. That means: Is it right, or better: Is is legitimate, that a music company can forbid me to share my music?
Is the balance between the
1) Artists,
2) Distributors and
3) Listeners/Users
as it should be, with the music industry mostly having a monopol and being able to control to quite some extent, which types of music the people can listen to (for example by not supporting smller artists and only supporting "blockbuster music")?

The balance between the artists rights to be paid for their works, the distributors rights to be paid for distributing the artists works and the Users rigths to have access to cultural works and goods, always needs to be reassessed and it needs to be checked, if it is the best possible balance for the general public.

At the moment I very much doubt it. Artists don't really get enought money (except the few big ones), people don't have enough legal access to cultural works for acceptable prices (No: 20$ for a CD isn't a reasonable price!), but big corporations make very much money.

The pendulum must swing back to the Users/general public and the artists, aand that naturally hurts the music industry, so they fight against Gnutella, because it removes the necessity of their distribution structures.

Maybe someday the Music industry will learn to use free sharing for their advantage by including a tag in the tags of CDs (in the CDDB or the FreeDB) which tells you, where you could get the whole CD, so you can buy it to support the artist, if you like the music (and yes: I buy CDs, even though I can get most of the music in Gnutella, because I want to support the artists (and those who enable artists to create their works). I simply think that filesharing programs should include an option to buy the CD of a music file you just downloaded with two or three clicks (maybe using the iTunes MusicStore or Amazon)).

If they don't learn it, there is a good chance, that they will go down.

Thank you for clarifying your points, since there were a few that I didn't quite understand. However, there are still a few things you seem to be missing from my post.

This is partly true. However, this doesn't stop them from suing your ISP. An ISP is responsible for keeping a log of all connections. If an organization had evidence that a hacker originated from a particular ISP, that ISP would be required to release the log of their connection or risk being sued. This particular case happened to the ISP I worked for for several years. I'm sure that no Ultrapeer would be willing to stick their necks out for any of its users, let alone have to deal with lawyers and the responsibity to search through activity logs. Their protection is that your information is freely available through the network.

Yes, this is true. Especially with the fact that they couldn't trace who exactly was uploading what to make themselves a case. However, I can see a huge lawsuit down the line that could force Gnutella to publish their logs globally (or to certain organizations). If you notice with all illegal activity (whether it should be illegal or not) they will always find some way to locate a culprit and prosecute them. This is especially true when "Big Money" is involved (e.g. the ever-growing music industry). Thank you Capitalism!

First of all, if you have merely 2 truly working sources, the task will be split up between the 2 sources. So you are already guaranteed that you won't send 100% of the file if a reliable source has the same file. Explicitly checking for this isn't necessary, and could provide false positives that harm the network (what if 6 of the 7 sources disconnect your download?). As a side-note the 6 hz joke was not intended as a crack at anyone's intelligence, so I apologize if I offended you.

I did read your post about your lawsuit, which absolutely sucks. I wish you luck with that, and for all the others going through the same thing. What I was trying to say here is exactly like your "problem parasite".

Numbers are important for a network like Gnutella simply because of how it was designed. If you use the proxy method, the network will be limited to the power of the Ultrapeers, and not the power of all its members. This means you could still have 5000000 sources of a single file and not have it be any faster than 2 sources due to network traffic. Although, it would increase the chances of more reliable sources. Arguably you could say that the more members you get, the more Ultrapeers you would get, so this might be a moot point. But my argument stands that the concept behind Gnutella would be compromised to accomplish this.

I never said you should be forced to comply with laws, since that is obviously up to the user. You use Gnutella AT YOUR OWN RISK.

You are absolutely right, you don't have to trust the individuals, only the network itself. But on a public network like Gnutella, you're giving data freely to the world, and receiving data freely from anyone in the world. Especially when you start allowing anonymous transfers, it means you won't even know who you're dealing with. Supposing a client abused the Gnutella network to spread a virus. How would we track down and eliminate this virus if we don't know where it came from? People could abuse the anonymity factor for this in the same way you want to use it for sharing illegal material.

Before I even touch on this subject I would like to state that I completely agree that music companies are huge corporations that do overcharge their customers and that the artist who intellectually made the product is extremely underpaid. But there is more than just creativity and talent needed to produce music for profit. If artists could do it themselves, they would. And quite a few do. However, they don't tend to make much profit over it.

To produce a CD is slowly becoming obsolete, since it is far cheaper to distribute the music files individually or in a package over the internet. So I must say, why would anyone buy a download to a file that is basically identical to the one they downloaded for free on gnutella? If you merely wanted to support the artist, you could easily send them a donation via PayPal off their website. It would be nice to have that link in the music file that could be gathered from CDDB or FreeDB. But honestly, how many files do you find on Gnutella that actually use this information? I'd say about 20% of all people who use Gnutella even know that such databases exist, and only about 10% of those people actually use them! Maybe someday music industries could compromise by allowing downloads as long as a link is attached, but this could result in some nasty adware music files like most promotional wmv movies.

Re: don´t show IPs please
 

Browse host works just fine and if someone wanted your IP all they would have to do is use a IP sniffer like ethereal. Personally I think it adds accountiblity and there by makes sure that end users don't spread viruses and trash -- like there doing now! If your afraid of someone getting your IP mask it if you've got something to hide if not a common firewall will protect you from hackers and the like. I think they should REMOVE the browse host feature completely and show ALL IP's to keep others from having to go thought the misery of having to clean viruses and malware off their systems due to some very unethical marketeers pushing their viral trash to unassuming end users.

Ringo ...

You're absolutely correct. It's P2P folks .. Point 2 Point. all it takes is a sniffer and You can see exactly who the host is your dealing with. I think it only fair that IP's be shown. If you're not doing anything destructive .. then don't worry .... get a firewall or switch to linux ;) All IP's are traceable and are a matter of public record for a damn good reason. If people could hide their IP's think of all the crap people would do and never get caught.

No I'm sorry I don't agree with hiding IP's at all.

All people can already hide their IPs.
They simply use freenet ( http://freenet.sf.net )

But that program isn't intended for filesharing, but for real freedom of information (you also don't know who really published the articles there, and it is *almost* impossible to find it out, even for police and similar.

Just a thought but maybe, if we didn't use illegal warzes we wouldn't get sued.
Even if you use a proxy I can get your IP address or at the VERY least know exactly what network your on and who your IPS is. From there it only takes a phone call to get the rest. If someone wants your IP they can get it and contrary to what I have read here in the forums it's not hard.

Ringo

Ditto ...

IPs
 

I think another way to insure the saftey of all parties is to offer files under a request format. Someone wants a file they can request it and the sender can look up the IP if there paranoid and see where the request is coming from. I think the more information that is posted in limewire the MORE protection we have. If you can hide your IP so can the law. If everyone joining Limewire HAD to have their vitals (to a certain extent) posted so that one could verify that information as being a valid address and user, there would be far less paranoia and far less chance of anyone getting sued for any reason. Also as a side benefit you wouldn't be as likely to download trash,malwares and viruses.

I posted several IP's, phone numbes and email addresses this morning here in the fourms of individuals that were maliciously sharing malwares (usually a marketing company) under file names or program names, that are popular software, ebooks and other inticing names that usually look like: P_H_O_T_O_S_H_O_P! and the like, that will completely hose your system if you use them. I sniffed their IP's (of course they had browse host turned off) and found all I needed to know. What they are doing is just as illegal as any thing else I've seen on any P2P network. They know it. But it's the pot calling the kettle black isn't it? Ergo,
If we had a "bad files" list like e-donkey, e-mule and others. We would not waste our time nor take the chance of getting caught up in problems like the ones being mentioned here.

After the post I was semi bashed by one of the fourm admins for posting "private" information. In retorespect the only thing I posted that was out of line would have been their phone numbers. The IP and abuse@ email addresses are PUBLIC knowledge and are there for a good reason....

As it turned out Morgwen suggested that I post this information on a "Private server" for those that are Interested in keeping the community free of those with bad intent. I thought that a great idea and am creating a "private" by invite only area for those of you who would be interested in seeing exactly whom your dealing with and what wares are bogus. I would invite anyone with any information on bad files, IP's of those whom are invading OUR pricacy to join my effots and post this information in OUR forum. I'm also looking for a few admins to help in this effort to keep the forums and site running smoothly.

If you would like to read the orginal post:
http://www.gnutellaforums.com/showth...threadid=28024

I can be contacted at ringo@mindwire.us

-Ringo-

Correct, however like you said. It's not file sharing. God I love open source ;)

Ringo

Uh, I said something else: I said: It isn't intended for file sharing. Still it is being used for file-sharing via frost (and not that ineffective).

Which means: Freenet is the only really anonymous file-sharing app (which suffers from all the downsides of anonymity: Slower downloads, much network overhead (some of it even intentional) and you have to give at least 250MB of your hard disk to freenet (better still: iGB or more), on which encrypted data is being stored, whoose content you may never know.).

Still it does work. It isn't very usable from the UI standpoint, but working.

About the post about anonymizing: I'll need some time for the answer. Many things happening in my life at the moment.

yeah its kinda screwed up there that we're so vulnerable to attacks from hax0rs n the enforcement alike... especially if the user doesnt have a standalone firewall, the average survival time before you get infected is 20 mins...

guess the only thing we could do is not share an alarming number of files at a given time, like maybe 1 gig or sumtin... that shouldnt raise an alarm, and IMHO the ppl who got caught were the ones who were mega sharing clients...

of course the downside of not sharing much files is eminent, but there should be a balance between sharing and security, privacy... any ideas?

Well, if you wanna dld vids (for example) dlding the ones that just got out in the theaters isn't very smart as they are the ones that are most "guarded" by the enforcement army.
One more reason to either buy them or get them from the video club.