BEARSHARE clients & its encrypted packets (NOTE: Not related to it's 'spyware')
 

Bearshare is a very stable and good Gnutella Net client.
However, it does things, which are covert, deliberately encrypted to avoid us users in knowing what the packets contain, and apart from this, it installs 'spyware' into your PC.
The author of Bearshare tries to tell you, that it isn't spyware, but semantics are used by many to try to 're-educate' your conception of meaning to their meaning(s).

This thread is NOT in regards to this 'spyware', which is dealt with in other threads and forums already!

It is in regards to encryped packets, Bearshare clients send
out, to each other, over the Gnutella Network.

The 'Gnutella Net' is much more important than ONE (1) client, as good as it may be.
The Gnutella Net MUST stay FREE of uncessary traffic (packets) and free of ellbowing tactics from certain programs and their creators.

Bearshare falls into this category. There may be others, and there will be others.

Thanks to one amazing person, the creator of the original 'gnutella.exe', we now have a 'Gnutella Net', used by more and more people.
Here is where the problems start and won't stop. Commercialism, Greed for control and money suddenly rake their heads. Popup banners, surfing data covertely collected, surfing programs becoming copyright and doing all sorts of strange things, unbeknown to most users.
advantage of it (their advantage).

Before I get carried away further, below is what I have found so far on the 'Bearshare encryped packet' behaviour:
(Note that these are preliminary observations, and may contain 'incorrect assumptions').

Version used for testing: V2.23

1. Bearshare does NOT contact 'base' or 'phone home'.
It does its upgrade function (which one cannot turn off)
by communicating with AND through the host(s) one is
connected to!

2. It sends short & ENCRYPTED packes before, inbetween
and/or after 'normal' Gnutella Net Protocoll packets.
They must contain (at least) it's own version number
and some queries, which are only understood by other
Bearshare programs.

3. It instantly pops up the UPDATE Notice, when one
connects to another Bearshare client user, who uses
a higher version of Bearshare!
This can be several minutes AFTER one has started the
program.

4. If the host(s) connected to, don't use the Bearshare
program, (e.g. uses Gnotella, PHEX or whatever), it waits, sends sporadically (there must be some
timing/messaging sequence behind it) the encrypted
packets, and BINGO, there is somewhere another host with a higher version of Bearshare connected to us via other hosts, and up pops the UPDATE notice.
Now this host could be several hops away!!!
And could be connected to oneself via upto 7 (or whatever
max. TTL we all have set) other hosts (speak computers).

5. The creator of Bearshare, Vinnie, has acknowledged, that
(at least) previous versions of Bearshare where designed to preferably connected to OTHER Bearshare clients.
It seemed at times, that these earlier versions did
not connect to anyone else, but Bearshare users!
This 'feature' has beem either removed or at least
toned down.

6. The Encryption is more or less unbreakable, according to its author. Now this should get any programming wizzard
a spin in trying to 'translate' it!

7. Summary:
- Bearshare does not contact any specific IP or site
(only of course the 2 host servers) on startup or
thereafter.
- It sends encrypted packets to contact other Bearshare
programs on the Gnutella Network.
- It receives update information from these other
Bearshare programs it 'sees' on the network (which
also send their encrypted packets around of course).
- There is no stopping these packets.
- They cannot be decoded (at this stage) other than
by the author of Bearshare (and maybe his/her associated sponsors).
- The packets are short, around 600 bits of hex.
- The power such encrypted packets communicating with
each other and their own sources have, is too BIG.
They open doors for all sorts of doings. (Control of the Gnutella Net for starters).

Please continue to post any helpful findings on these encrypted packets either under this thread (preferable for easier compilation and finding) or make your own.

Hopefully somebody can come up with some answers on how to block these packets going out onto the network (and in/out of our computers).

JD

LOL hahahah reeducation i think you forgot mind control, the government, and aliens too.

You used a outdated version to do your little tests therefore they mean nothing. All your accusations and horrors of the encrypted packets are ALL false either because of how the protocol works, or by logic. No one in their right mind will take over gnutella because then they would get sued.

You exgerated things and used hints at threats and etc. to show your point which makes me believe you did not post that to show the truth or anything near it. Therefore i think your full of it.

The packets contain ONLY the version info and if they were as bad as you say they are then why hasnt the developers of the other servents blocked them yet?? Maybe because they are what vinnie says they are? If they were unnessecary as you say then why have they allowed them to stay?

Better research next time
 

As has been pointed out, your 'tests' as you like to call them, were done using BearShare 2.2.3 which is NOT the latest version, 2.2.4 is.

Vinnie (the author of BearShare) has explained the purpose of these encrypted packets in the BearShare forums, but obviously can't reply to every paranoid post on the web. The encrypted packets are there to exchange version information between BearShare clients, and are designed to stop hackers or other low-lifes from faking a new version of the software. Remember the fake version of PKZip that was in fact a virus!!?? Well I guess Vinnie is trying to stop that from happening to BearShare (which is after all, the most popular gnutella client today).

So, the author puts in a feature to protect the integrity of the software, and all you can do is bleat about what you don't understand. Shame on you... did you actually do any research anywhere to discover what these encrypted packets were about?

And what is your problem with BearShare warning you that your software is out of date by popping up an UPDATE notice? Later versions may include important bug-fixes or enhancements, so it is only right that the software should let you know about new versions. And what does it matter if this happens several minutes after you start the program...? Obviously you have never watched American TV! Adverts... Credits... Adverts... 5 minutes of the program you want to watch... More adverts.... you get the picture ;-)

As to the spyware thing, well that's been done to death. Suffice to say that in the latest version of BearShare (2.2.4) there are very clear messages about 'adware' during the install routine, and you have the option to NOT install these components. Problem solved.

Beam me up....

Reply to Agros
 

Seems you guys don't like your little secrets being discussed and the pandorra boxes being opened up by users of your programs like me.

Just for your information, in case it's an oversight:
Would I have used the latest version 2.24 instead of 2.23, I would have not been able to test this curious update behaviour of Bearshare and I certainly haven't seen mentioned it or read an explanation about it anywhere.

Your reaction shows your disquiet on others finding out about it.

JD

Stop
 

Stop replying to these nuts, its a waste of time.

You're right
 

You are absolutely right, it's a waste of time replying to these twats.

The fact that he/she/it TOTALLY IGNORED the explanation, and just droned on about it like it's some conspiracy theory is evidence that they know their accusations have been refuted. However, like any other child - when presented with the prospect of losing their argument they just ignore the facts, stamp their little feet and throw more accusations.

Pathetic really. Thankyou and goodnight.

You are right, you could have it check CNET or other sites once a week to see if there is a new version available, no need for remote packet control.
You are right again, man you are good!
You are so right for making a little click box on the settings screen that shuts this check off so that smart non drug users can act like adults and check for themselves.
You are just so right!
It's right to not remote control peoples programs with packets no one really knows what is in them or what they really do for sure. You would have to be a fool to think people would put up with that for a minute, you are so right!
You are right that there would be no end to the bad karma you would produce from something like that, not to mention all the bad press you would get till you took it out. You may be right in thinking that even a large public company might never recover from bad press like that and that any smart CEO or even a janitor would have fixed it right away, no sane person would let something like that linger on and on, you are right again!
Thanks for being such a great programmer and developer and seeing all this from a users point of view instead of the way most shut-in control freak power trip never see the light of day little twit programmers that lock users into "their way or the highway". Don't you just hate that?
It's so nice to see highly trained, seasoned professional adult programmers understand the privacy issues invloved and make changes fast when this sort of thing comes up. You are so right that open source is the way to go to prevent misuse of gnutella by greedy interests.
Thanks again, and you are right!
Man, you are so cool! keep up the great work! thanks! wow! thumbs up! dude! man, dude! you da man!

After the Bearshare.net forums has been reset, I'm now very thankfull to know how Bearshare gets his "new bearshare" information and that Bearshare has added a second private feature into the Gnutella Protocol.

The original posting from JD was very friendly, let me continue there.

Hmm, to speak very friendly (I'll try)... I don't think it is a good idea that one client producer takes an open protocoll and adds some unknown features without informing or discussing with the global community about nessecary enhancements. You ask Why?
a) protocoll modifications affect the whole network and all other clients, they have to route them.
b) protocoll modifications should be coordinated or soon every client programmer will wildly add some features. This _may_ (not will) cause into incompability of clients or malfunction of the global gnutella network or simply improves complexity when all clients try to understand which "gnutella slang" an other client speaks.
c) writing new gnutella servants will be very difficult without having all necessary features documentated.
d) you need the other clients, you're not alone. Gnutella is an community, at least you started with that idea, don't you?
e) undocumentated features may open security problems in future. Any future client/proxy/application gateway _has_to_ filter out potential risks, this because undocumented protocoll features maybe used by exploits so they get blocked.
f) a non-productive client war may be started, because one client producer thinks he has to block or ignore features he does not agree with... mabye only because of misunderstanding or an lack of communication. Or does this client civil allready begun?
g) The variety of gnutella clients will be decreased, because the user will not decide for gnutella servant, but for a client (or one client will try to knock out every other competitor). Think about the webbrowser story, will your servant win?
h) Add more here. Do you remember all the problems and discussion about internet technology the last years?

At the end company interests are standing against users interests, is this what is all about? For the interest of users only an open standard will be good, proprietary is for the company interests. Let me play around with fantasy:
When gnutella protocoll will NOT be further developed as an open standard... other ideas like swarmcast or Morpheus will win and all fine gnutella servants (name them Bearshrae or Limewire or Moakella) will be vanished and theire programmers work for Warner Bros or Sony and an alternative money making P2P system.
So maybe cooperation is an possible business concept for Free Peers Inc, Lime Wire LLC, etc? Still name your client "the best" or "the most powerfull" but marketing or egoism won't help...
my suggestion: improve technology by using open standards and make money with usability and the real best client.

Hope you like my suggestion, thx for reading & enjoy your weekend! :)

Anybody succeeded in filtering out these encrypted packets Yet????

Yes, change one byte - the packets need a encrypted microsoft tagged RSA style key that is built into the code near the end. Take a hex editor and change one byte of that key and the key will be un-usable, so will the remote control spy packets. Since it checks all packets that come in before passing them on, it will not pass what it thinks is a invalid packet to anyone else!
This may not work for versions above 2.2.5 so make a copy of the exe file and give it a try!
There is no reason for ANY program like this to have secret RSA keys built into them! WHY IS IT THERE? Disable it today! It's easy and it's fun!
Everyone does this and all will be happy on Gnutella again.
Maybe programmers that think they are so cool and beyond everyone else will think again. Maybe not, arrogance sucks doesn't it? Respect peoples privacy and stop being greedy and maybe people will leave you alone.
Oh, you won't see this posted on that other forum, censorship is the word of choice over there, nor will you see any other truths about that silly program and all it's privacy invasions and lack of concern for privacy.