By now, probably everyone of you has had their hands on the new Blubster release that claims to protect the user's identity. So far, the only people who've claimed that is the company behind it called Optisoft. Others have merely quoted from Blubster's website. So what do you think? Anonymous or Not?

Originally posted by dock0184
So what do you think? Anonymous or Not? http://www.blubster.com/protocol1.html

Doesn't look like it. By the sounds of that, they could conceivably harvest the IPs from the servers or caches.

C'mon it's Pablo......Are you questioning his integrity?

In other words, of course it's anonymous! And it rules......I can't even see who I'm d/l from......From what I've seen, I don't have any reason to NOT believe it's anonymous.

Peace

nothing is anonymous

NOTHING!

proxies are close, but imperfect and still traceable (on an ISP's level)

as long as you have an IP address (which if you want to do anything on the internet you do) you can be tracked

if you mess with the address, you don't get your packets--which defeats the idea of downloading files, right?

First though, I can't really say about Blubster. Truthfully, I doubt they actually changed anything about the protocal. At the same time, Blubster was rather anonymous to begin with. All the transfers were done with UDP, which is rather hard to sniff out just what goes on in a udp connection. The newest Blubster just gives you the option of not allowing others to browse your files.

I don't think this would work perfectly. If a RIAA agent were to only download one song from one source, they could track the ip the data came from and still file suit against them.


I think Freenet is rather anonymous though. You can still see ip addresses, but it would be hard to hold people accountable for what you download from them since they don't actually control what they share. That would make for an interesting legal dilema I bet. Freenet is all but unstoppable from an ISP's standpoint. It uses the same traffic as the general web I believe. The RIAA could still go out on freenet and download some content they felt was copyrighted and see where it pulled from.

I don't really think proxies are the answer in the long run. The RIAA could just go after the proxy since the proxy is actually distributing illegal content. Then the whole system would crumble again. But... with ES5's proxies set up in places "untouchable" *cough* by the RIAA, I suppose they could get away with it. ES5 still seems fishy to me. I mean, who really sets up shop in the middle of a refugee camp?

Enough rambling,

Later,

Isamoor

blubster isnt entriely anonymous, but it's better than straight tcp/ip connections like in gnutella, where they don't even try to hide your ip address.

Originally posted by isamoor

Freenet is all but unstoppable from an ISP's standpoint. It uses the same traffic as the general web I believe.

[/B]


Hahhaha. Yeah i agree with you, but who'd want to download from freenet anyways. Even on my cable connection it runs slower than a modem.

Blubster and Piolet use the UDP protocol. Which doesnt send confirmation packets back to the downloader.

Take that as you will.

Every IP packet has a source and destination address. This includes the TCP and UDP protocols.

I'm not sure where this idea that UDP is more anonymous came from ... if you send someone a UDP packet, your return address is right there - unless you spoof it somehow.

So unless Blubster is spoofing the return address, this claim is false.

Originally posted by isamoor
First though, I can't really say about Blubster. Truthfully, I doubt they actually changed anything about the protocal. At the same time, Blubster was rather anonymous to begin with. All the transfers were done with UDP, which is rather hard to sniff out just what goes on in a udp connection. The newest Blubster just gives you the option of not allowing others to browse your files.

I don't think this would work perfectly. If a RIAA agent were to only download one song from one source, they could track the ip the data came from and still file suit against them.

I think Freenet is rather anonymous though. You can still see ip addresses, but it would be hard to hold people accountable for what you download from them since they don't actually control what they share. That would make for an interesting legal dilema I bet. Freenet is all but unstoppable from an ISP's standpoint. It uses the same traffic as the general web I believe. The RIAA could still go out on freenet and download some content they felt was copyrighted and see where it pulled from.

I don't really think proxies are the answer in the long run. The RIAA could just go after the proxy since the proxy is actually distributing illegal content. Then the whole system would crumble again. But... with ES5's proxies set up in places "untouchable" *cough* by the RIAA, I suppose they could get away with it. ES5 still seems fishy to me. I mean, who really sets up shop in the middle of a refugee camp?

Enough rambling,

Later,

Isamoor
If you use proxies that are not in your own country, it is a real hassle for them to track you down. It might even be impossible.

1) They would have to get a lawyer in that country (who knows its legal system).
2) They would have to get that lawyer to get a judge in that country to issue a subpoena
3) The proxy admin would have to be keeping logs. AND logs do NOT contain all the traffic, just the headers. Most proxies don't keep logs anyway.
4) The subpoena would have to be issued before the log filled up and the entries rolled off for whatever reason.

Why would RIAA risk go after ONE user who shared a file through a proxy when they have 10 million low hanging fruit in the United States and Australia? And even then, there is no guarantee the attacking the proxy will yield any results.

If you are really paranoid you can chain proxies if you want.

Otherwise, keep using a wide open p2p if you want.

Originally posted by Inverted Whale
Every IP packet has a source and destination address. This includes the TCP and UDP protocols.

I'm not sure where this idea that UDP is more anonymous came from ... if you send someone a UDP packet, your return address is right there - unless you spoof it somehow.

So unless Blubster is spoofing the return address, this claim is false. One way traffic is spoofable.
You can send UDP with a forged source address. This fact can be used to build up an anoymous protocol. However, it is not useable on many networks who deny such activity. It only takes one config statement on a Cisco router to block source ip addresses that do not belong to the router.

its definetly an improvement from fasttrack. also, on mp2p you can choose to ignore shared collection requests. its harder to build a case if you cant see someones entire collection. i doubt they would go after you for once song.

Originally posted by FileHoover
One way traffic is spoofable.
You can send UDP with a forged source address. This fact can be used to build up an anoymous protocol. However, it is not useable on many networks who deny such activity. It only takes one config statement on a Cisco router to block source ip addresses that do not belong to the router.

Wouldn't it be possible to spoof only such addresses that DO belong to that router, just not your own?

If not, then basically there's no point putting a lot of effort to develop something that is easy to make useless.

Dude Bublbster says a reason why it is so anon cuz it uses UDP. Fucking udp? Udp is 'fast' however extreemly un-reliable. I would think that if you made a p2p network based on UDP every download should be fucked. Have you ever looked at an image transferd over udp? It looks like shit from dammaged packets. In UDP there isn't a check sum like tcp, I supose it could be implemented, but then why not just use TCP? There also isn't a three way hand shake so it is easy to spoof. I would have too look into the protocall more, but i don't care.

Persionly i take the side of FreeNet where anon is there #1 consern. Even though Freenet isn' t for p2p file transfer, but they have the right idea. I still say using 6/4 for all your anon needs is the way to go.

Originally posted by Rahwgwar
From what I've seen, I don't have any reason to NOT believe it's anonymous.

Peace

You have EVERY reason to believe that nothing is anonymous unless it is VERY thoroughly explained just how is the anonymity achieved. By default, nothing in the net is anonymous.

Originally posted by isus
blubster isnt entriely anonymous, but it's better than straight tcp/ip connections like in gnutella, where they don't even try to hide your ip address.
Originally posted by isamoor
At the same time, Blubster was rather anonymous to begin with. All the transfers were done with UDP,
Originally posted by Psilaxs
Blubster and Piolet use the UDP protocol. Which doesnt send confirmation packets back to the downloader.
Originally posted by Munchables
Have you ever looked at an image transferd over udp? It looks like shit from dammaged packets. In UDP there isn't a check sum like tcp,

Blubster only uses UDP for the network: search queries, replies, IM's, etc. All file transfers still use TCP, the same kind of connection used by Gnutella, FastTrack, etc. to transfer files (Blubster/Piolet use their own protocol instead of HTTP, however.)

RFC 768 (http://www.faqs.org/rfcs/rfc768.html) seems to disagree with you, Munchables:

Checksum is the 16-bit one's complement of the one's complement sum of a pseudo header of information from the IP header, the UDP header, and the data, padded with zero octets at the end (if necessary) to make a multiple of two octets.

Originally posted by Munchables
Dude Bublbster says a reason why it is so anon cuz it uses UDP. Fucking udp? Udp is 'fast' however extreemly un-reliable. I would think that if you made a p2p network based on UDP every download should be fucked. Have you ever looked at an image transferd over udp? It looks like shit from dammaged packets. In UDP there isn't a check sum like tcp, I supose it could be implemented, but then why not just use TCP? There also isn't a three way hand shake so it is easy to spoof. I would have too look into the protocall more, but i don't care.

Persionly i take the side of FreeNet where anon is there #1 consern. Even though Freenet isn' t for p2p file transfer, but they have the right idea. I still say using 6/4 for all your anon needs is the way to go.
UDP has a checksum. If a corrupted packet is detected the ip stack throws the packet away. How did you download an image over UDP? What app did you use? What made you know it was UDP being used?

Freenet has one bad quality. The data comes from a member's computer. This means if someone wants to pursue a lawsuit they can subpoena the computer which appears to be the source of the data. Sure, there might be no evidence but do you really want the police and agents of the copyright holder serving a search warrant on you?

You would probably win in court if 1) they don't find other evidence of some kind on your computer 2) you can afford to get a lawyer and put of any kind of defense. But is it worth the hassle, especially when there is something better out there. Something that uses anonymous proxies out on the net and not another member-of-the-network's computer?

The users proxy should be one that is outside of the filesharing p2p network. Freenet is like playing Russian Roulet.

>Blubster only uses UDP for the network: search queries, replies, IM's, etc. All file transfers still use TCP
Shellreef, you usually know what you are talking about, have you specifically looked at blubster 2.5
(release a month ago)?

>C'mon it's Pablo......Are you questioning his integrity?
This is the first I have heard of him, do you have some links
eg forum's he posts in?

>I can't even see who I'm d/l from
Do you mean in the client or with netstat/ethereal/some other tool?

going back to blubster
>if you mess with the address, you don't get your packets
a packet has to have a valid destination address to
arrive but if you can get a packet with a forged source
address out onto the internet it will arrive (some ISP's
have border filtering requiring the packet has to have a
plausable source address which basically means forging
a source address at a different ISP to one it is going to).

>So unless Blubster is spoofing the return address, this claim is false.

Exactly.
The linked blubster page does not say if they are forging
souce addresses. I'l be surprised if they have solved all
the related problems but it's possible in theory.

>In UDP there isn't a check sum like tcp,
UDP does have a checksum on each packet, the problem is
that entire packets can be lost in transit.
There has to be a way to request that a file is sent to you
so there would also be a way to request that missing parts
17,34 and 63 are sent to you.

>UDP is 'fast'
UDP is only faster than TCP if you send packets more quickly.
The internet relies on everyone using TCP compatible systems
that send more slowly when packets are getting lost
in transit. Backbone connections are often not fat enough
for eveyone downstream to use there full capacity eg
an ISP with 300 modem users fed from one T1, if 60 of
those users are sending UDP packets as fast as they can
no matter what then the others find that they can't browse
the web anymore. If they all happen to be downloading
web pages at the same time then it just goes slow for everyone.

"Blubster uses compression technology to save thousands of IP addresses in an encrypted cache."
Hmm, if this refers to a cache kept solely by an individual client program
then this is completly useless. If the program can decrypt the data
then so can anyone who reverse engineers the program.

It does not matter if your ip address shows up in relation to a p2p program, as long as it shows up amongst thousands of other ip addresses!

The trick to to make sure that your ip address cannot be related to a specific shared file with certainty.

If you do a search and thousands of packets come back, from thousands of different ip addresses, and the packets themselves do not contain links between ip addresses and files, it is virtually impossible to tell with any degree of certainty who is sharing the file. That's one neat trick about using UDP as your search and discovery protocol. There are no "connections" to other computers to serve as a focal point for an attacker to raid and gather evidence. Every one of a thousand ip addresses are virtually identical in priority when you use UDP.

If juries have trouble convicting on DNA evidence that has a 1 in 10 billion chance of being wrong, they certainly aren't going to be convinced by evidence that only has a 1 in 1000 chance of being right, and no attacker will waste time, energy and money pursuing a case based on that flimsy evidence. No jury is going to be able to stay awake while the complainant lawyer tries to explain to them "proxy logs".

If attacker wants to pursue a case on such technical computer evidence, If they do, they'e be broke within weeks and defending themselves against frivolous litigation lawsuits from all the incorrect targets they try to sue. I'm sure lots of lawyers will take such a frivolous litigation case on contingency to get a shot at those RIAA deep pockets. Get the press involved and make sure the RIAA pays for all the damage to your reputation and lost income for life due to their false accusation that you are a copyright infringer plus punitive damages to stop them from frivilous lawsuits and perhaps even get them declared a vexacious litigant.

Stop thinking in terms of ABSOLUTE ANONYMITY which is probably impossible. 99.99% anonymity is good enough in the real world. The world does not revolve around your little computer, in your little house, in your little town. You are awash in a sea of millions and even partial invisiblity is good enough for now. If you want that, you must stop using

1) Programs that are open source. This makes it easy for BayTSP to automatically track you down. They can use the open source code to compile their own spider for the particular network involved

2) Programs that use direct TCP connections to transfer files. Your IP address as the source of a file download is very unambiguous. There is no doubt about where the file is coming from. Combined with the name and address information your ISP would divulge about you, a judge would issue a warrant to confiscate your computer an any other evidence related to file sharing if the attacker were going to really pursue a case in court.

I think it is anonymous. I like Piolet also. That is a good program. I use piolet over blubster though.

>and the packets themselves do not contain links between ip addresses and files
Nice dream but the software has to know how to reassemble the file from the
data it receives.

>Programs that are open source.
Two decades of software copy protection cracking and the ongoing reverse
engineering of the likes of kazaa show that keeping the source code
of software secret is not a effective protection measure.
Funded adversarys of filesharing are quite capable of employing
a few crackers to work full time on reverse engineering p2p software.

A 999 out of 1000 proability of guilt is quite enough to convict if
you are going to be bankrupted by a large fine rarther than given
life imprisonment.

I accept your point that being more anonymous than all the other
mainstream programs is currently a usfull achivement.

Originally posted by FileHoover

Freenet has one bad quality. The data comes from a member's computer. This means if someone wants to pursue a lawsuit they can subpoena the computer which appears to be the source of the data. Sure, there might be no evidence but do you really want the police and agents of the copyright holder serving a search warrant on you?

You would probably win in court if 1) they don't find other evidence of some kind on your computer 2) you can afford to get a lawyer and put of any kind of defense. But is it worth the hassle, especially when there is something better out there. Something that uses anonymous proxies out on the net and not another member-of-the-network's computer?

There's no point taking such case in to court where the "reasonable doubt" is built in feature in the network. You can't prove that someone is sharing something in FreeNet.

Originally posted by zaphodiv
>Blubster only uses UDP for the network: search queries, replies, IM's, etc. All file transfers still use TCP
Shellreef, you usually know what you are talking about, have you specifically looked at blubster 2.5
(release a month ago)?
Nope, have you? I still suspect it uses TCP though, as UDP would break backwards-compatibility, and file transfer over UDP is very inefficient and time-consuming to implement (you have to make your own flow control, error detection, sequencing, and so on). But don't quote me on that.

This project looks like a truly anonymous UDP file transfer solution (unless the ISP routers are not trusted and the spoofed IPs can be tracked): http://udpp2p.sourceforge.net/ . It gets championed at Slashdot occasionally but so far little progress has been made.

well one thing that i would like to add is that UDP is a connectionless protocol, meaning that it does not have a 3-way handshake like TCP/IP. This means that there is no error checking.. UDP does not even check to make sure the data got to the destination... IT does include the source and destination address... but there is no checksum...

Originally posted by Munchables
Dude Bublbster says a reason why it is so anon cuz it uses UDP. Fucking udp? Udp is 'fast' however extreemly un-reliable. I would think that if you made a p2p network based on UDP every download should be fucked. Have you ever looked at an image transferd over udp? It looks like shit from dammaged packets. In UDP there isn't a check sum like tcp, I supose it could be implemented, but then why not just use TCP? There also isn't a three way hand shake so it is easy to spoof. I would have too look into the protocall more, but i don't care.

Persionly i take the side of FreeNet where anon is there #1 consern. Even though Freenet isn' t for p2p file transfer, but they have the right idea. I still say using 6/4 for all your anon needs is the way to go.

Remember the days of Starcraft? Well....thats one game that supported UDP for internet gaming. From how well the game ran on Battlenet, UDP looked alrite overall

If Blubster is anon, we're saved, if it's not, it might take more time to impliment an anonymous protocol using UDP. But is it possible for someone to make up a new way of transfering files, like "XCP" or something, which is a one way transfer so you don't know where the packets are coming from?

File Hoover, the problem I see is that ES5 is just a temporary solution. Unless they've got the funds to proxy 60 million people, it's going to be a harvesting ground for IP addresses just like any other network.

Originally posted by Theinfamousone
If Blubster is anon, we're saved, if it's not, it might take more time to impliment an anonymous protocol using UDP.
Unless I'm missing something, Blubster is not anonymous. The source and destination IP address are stored in every MANOLITO packet. The IP header stores the source and dest IP, and the MANOLITO header stores the destination and forwarded-from address.

But is it possible for someone to make up a new way of transfering files, like "XCP" or something, which is a one way transfer so you don't know where the packets are coming from?
I've never heard of XCP, but I see a few problems with this proposal (which are handled by TCP):

A few ISPs block spoofed-source UDP datagrams, or even replace the spoofed source IP with the true IP
Some communication has to be made in order to tell the sender to start sending packets to the recipient
UDP is unreliable and the recipient must notify the sender of lost packets in order to resend them; lost packets are inevitable across a WAN (some routers will drop UDP over TCP under high load).
Flow control is necessary when sending from a faster host; for example, a T1 would overwhelm a 56K modem if it sent at its maximum speed

None of these problems are insurmountable, but it won't be easy.

subnet wrote: well one thing that i would like to add is that UDP is a connectionless protocol, meaning that it does not have a 3-way handshake like TCP/IP. This means that there is no error checking.. UDP does not even check to make sure the data got to the destination... IT does include the source and destination address... but there is no checksum...
This is incorrect, UDP has a checksum. The field is required in every UDP packet (but you can set it to 0 if you don't want to use it). The error detection from this checksum isn't bad; it has to include a "pseudo header" in the calculation which has the addresses, protocol, and length. If any of those (or the data) get damaged, the checksum will detect it.

MANOLITO also has its own checksum.

You're right about UDP not having a 3-way handshake nor acknowledgements nor a "connection" concept though. But neither does IP. TCP is built upon IP -- TCP adds reliability to unreliable IP, so all that would be needed is a reliability layer on top of UDP. Basically a reimplementation of TCP, over UDP.

Frankly I'm skeptical of whether it's even possible to create a network anonymous enough to keep from being sued, it may just have to be private DC hubs, FTPs, and AIM file transfers in the future. Or using a proxy like what ES5 has.

Nice to see someone with knowledge of the stacks.

Some good technical discussions here. I see in a PC Magazine review http://www.pcmag.com/article2/0,4149,1195018,00.asp that " In our attempts to scan machines accessing our client, we couldn't get originating IP addresses"

Thats a good start in that it is difficult to see who is downloading. Still - how difficult is it for someone to find out who the uploaders are with the Manolito protocol, especially if you are the only one offering a file at that particular time? Thats the real question. Pablo has been very quiet on that detail. I used to see a lot of posts on what he was trying to do on the old Unite the Cows website but there is nothing now.

Soooo, ZPers, we have a good tool with Blubster so far but its not perfect. What is the best way (perhaps with a combination of additional tools) to utilize it?

For the record, I use Dr. Damn's Clean Bubster (Die Gator Die) with Peer Guardian behind a router and find it to be very quick and reliable. Its blazing fast if you have multiple sources for a file:hole

Yes, it is usually pretty fast because there is no video queues like Kazaa has. That's why eMule is so slow I believe, because everyone is downloading large files and the queues just add up.

I'm curious. For those of you who know how to use Netstat or your firewall to find someone's IP address (I don't use a firewall and when I run netstat it only last for about .2 seconds, I can't even take a screen shot), does it tell you an IP address that you are connected to when you start downloading from someone?

Cuz obviously, if it shows you the real IP address of the person with the file, then this program isn't anonymous in the slightest.....am I right? Or is it more complicated then that?

I personally do not believe that there will ever be any perfect anonymity. But I do think 'effective anonymity' is achievable. By that, I mean that it is simply too difficult to break the anonymity, especially on a large scale, so difficult that it becomes financially infeasible to do so.

As for the question of who can proxy 60 million users, the answer to that is obvious: the 60 million users must be able to proxy THEMSELVES. This is the method used by FreeNet. And, at the moment, it is goddamn slow, far too slow to be truly useful. The reason that it is so infernally slow is that when proxying, every node is treated as equal in proxying capability (e.g. a 28k modem user is treated just like the guy with the OC3 connection). Clearly this doesn't work well, because the slower nodes bottleneck the overall network speed. But the author(s) are working on addressing this problem, and having more capable nodes shoulder more of the bandwidth burden. E.g., a 28k modem will probably not proxy much of ANY data, but that OC3 node will proxy a LOT -- since it can do so.

Ultimately, this future implementation of FreeNet, or one like it with some other different P2P software, seems like the way to go. It still won't be totally and completely anonymous, but it will be effectively anonymous. If you were to spend tens of thousands of dollars, and lots of time, and had legal professionals in every possible country, it's *possible* you could find the originator of of a file, but the odds of being successful, and the costs involved in the attempt, would be so prohibitive that no one would bother.

I do not believe that spoofing of addresses is any long-term solution, since spoofing can easily be defeated at the router level, and would be.

I don't see proxies as the end-all-be-all either, but I do see them as the best available method to achieve effective anonymity, and that would be enough for me. But I don't see the need for external (read: paid) proxies - a P2P network should be able to self-proxy, as FreeNet does now ineffeciently, and will (hopefully) do later much more efficiently.

The creater of blubster said in a interview with cnews and with another guy of a program i cant remember, he says his is breaking down in packets that get sent to the pc computer, and the administrator or your ISP cant confirm if anything is being downloaded.. So it would make me think riaa can send a subpoena but isp would know your logged in but nothing more then traffic change was taking place. who knows whawt they really get when the subpoena the ISP, they could investigate of how much bandwidth you use since becoming a member.

Yes, hopefully with Next generation routing, Freenet can become a viable alternative to what we have now. It seems that P2P networks are becoming more and more hard to use, they may never go away, but it will never be as easy it could be if not for the RIAA. For instance, Napster was centralized, you could search everyone in a matter of seconds, when centralized servers were found to be illegal (atleast if you have any hope of carrying anything copyrighted) then we had to use decentralized systems, and that makes searching a lot worse, with a network the size of FastTrack, you really don't miss it, but if we're forced to proxying everything we transfer, we'll see file sharing get even worse.

Originally posted by Ambush
Some good technical discussions here. I see in a PC Magazine review http://www.pcmag.com/article2/0,4149,1195018,00.asp that " In our attempts to scan machines accessing our client, we couldn't get originating IP addresses"

Thats a good start in that it is difficult to see who is downloading. Still - how difficult is it for someone to find out who the uploaders are with the Manolito protocol, especially if you are the only one offering a file at that particular time? Thats the real question. Pablo has been very quiet on that detail. I used to see a lot of posts on what he was trying to do on the old Unite the Cows website but there is nothing now.

Soooo, ZPers, we have a good tool with Blubster so far but its not perfect. What is the best way (perhaps with a combination of additional tools) to utilize it?

For the record, I use Dr. Damn's Clean Bubster (Die Gator Die) with Peer Guardian behind a router and find it to be very quick and reliable. Its blazing fast if you have multiple sources for a file:hole

I use Piolet and Blubster(Clean) I like it better than Kazaa right now. I get good music files with very little problems.

>> The users proxy should be one that is outside of the filesharing p2p network. Freenet is like playing Russian Roulet.

Freenet's proxies dont know what is transferred through them - everything is encrypted. So, logging the traffic on a proxy would not bring much.
Also, you dont know what is in your own cache - it is also encrypted and meta data to this data is saved on another computers,so you don't know what is in your cache.
Also all inserts look like requested transfers by proxies, so it is not possible to determine if you are inserting illegal content or someone requested data from your cache which is encrypted.

Requester << ecryptedTraffic << Proxy << encryptedTraffic << MetaDataDonator
Requester << encryptedTraffic << Proxy << encryptedTraffic << EncryptedDataDonator

The proxy knows only the IPs, but not what has been requested
The Requester doesnt know donator's IP
The Donator doesn't know Requester's IP
The Donator doesn't know the Requested Content.

You are really secure. Read the Freenet protocol info.
BTW: The encryption algorithmus is very good, your best friends and helpers will just need too much time to decrypt data flowing through their proxy ... To encrypt it(bruteforce), itwould take just too much time (i read somewhere - several weeks for several kilobytes) and it is even unknown, if the data is useful. They would just need too much CPU power for a single user = too expensive. Our friends and helpers (police etc) will have to pass and the RIAA will have to flood the network with fakes, but since there is no search, this is not a real prob :]

BTW: I'm Russian and I know how it is to play Russian Roulet - it is a little different since the "code" and the other player are known: the bullet and your rival. The same is on KaZaA etc, but different on Freenet since the code is never known and there are no rivals.

Note: in some countries it is even a criminal action, to bruteforce an encrypted data piece. I would advice you to use encrypted networks since it gives you still more security than your favorite eHorse or a dumb FastTrack client.

BTW: i have here something for someone who doesnt believe in freenet:

State: Dec 2000

But, I said before that the only way to shut down Freenet was to shut down the Internet, and in fact, the creator of Freenet has said that with a few improvements, Freenet traffic will look just like any other encrypted traffic on the net. So the policing software will not be able to differentiate the two, which means you'd have to stop all encrypted traffic to stop Freenet. It looks like P2P will always stay one step ahead of the "police".

DIMA2001 - thank you for the in depth Freenet discussion. I look forward to using it when Next Generation Routing comes out.

It appears that Blubster has some of the characteristics of Michael Freedman and Robert Morris's proposed Tarzan anonymizing network layer in its utilization of UDP. Perhaps Blubster is using a process similar to Tarzan's to disassociate transfers from specific users.

Given that, I can understand how file sharing is fairly anonymous when there are multiple people sharing the same file on Blubster. However, no one seems able to answer my initial question in this thread which is - if you are the only person sharing a file on Blubster at a particular point in time, how hard is it for a third party to determine your IP?

If anyone would like some in depth reading of the issues obtaining anonymity with P2P networks here is a good place to start

http://freehaven.net/anonbib/

http://www.cs.dartmouth.edu/~zhaom/research/marianas/resource.html

Originally posted by DIMA2001
>> The users proxy should be one that is outside of the filesharing p2p network. Freenet is like playing Russian Roulet.

Freenet's proxies dont know what is transferred through them - everything is encrypted. So, logging the traffic on a proxy would not bring much.
Also, you dont know what is in your own cache - it is also encrypted and meta data to this data is saved on another computers,so you don't know what is in your cache.
Also all inserts look like requested transfers by proxies, so it is not possible to determine if you are inserting illegal content or someone requested data from your cache which is encrypted.

Requester << ecryptedTraffic << Proxy << encryptedTraffic << MetaDataDonator
Requester << encryptedTraffic << Proxy << encryptedTraffic << EncryptedDataDonator

The proxy knows only the IPs, but not what has been requested
The Requester doesnt know donator's IP
The Donator doesn't know Requester's IP
The Donator doesn't know the Requested Content.

You are really secure. Read the Freenet protocol info.
BTW: The encryption algorithmus is very good, your best friends and helpers will just need too much time to decrypt data flowing through their proxy ... To encrypt it(bruteforce), itwould take just too much time (i read somewhere - several weeks for several kilobytes) and it is even unknown, if the data is useful. They would just need too much CPU power for a single user = too expensive. Our friends and helpers (police etc) will have to pass and the RIAA will have to flood the network with fakes, but since there is no search, this is not a real prob :]

BTW: I'm Russian and I know how it is to play Russian Roulet - it is a little different since the "code" and the other player are known: the bullet and your rival. The same is on KaZaA etc, but different on Freenet since the code is never known and there are no rivals.

Note: in some countries it is even a criminal action, to bruteforce an encrypted data piece. I would advice you to use encrypted networks since it gives you still more security than your favorite eHorse or a dumb FastTrack client.

Question, isn't Freenet essentially a server only? In other words, you don't have access to the files you are sharing. It isn't like a run of the mill p2p program where you have files that you can play, read, watch, but that you also share. All the material you are sharing is stored encrypted and you only have part of it anyway. None of it is accessible as "files" on your own computer.

Correct me if I'm wrong.

Originally posted by notbob
nothing is anonymous

NOTHING!

proxies are close, but imperfect and still traceable (on an ISP's level)

as long as you have an IP address (which if you want to do anything on the internet you do) you can be tracked

if you mess with the address, you don't get your packets--which defeats the idea of downloading files, right?

Well sorry but if the proxy send X-FORWARDED-FOR then you are screwed.

With Freenet I assume the final destination is encrypted I suppose, otherwise, it would be worthless as you point out Triniti.

i doubt any progs other than Freenet and Es5 are really "safe" and so sure about trusting some people who run their network from a palestinian refugee camp. Suppose Israel raids the camp and just happen to stumble upon a couple of servers?

Thankx for some great reading material. You guys really sound like you know what you are talking about.

Some good technical discussions here. I see in a PC Magazine review http://www.pcmag.com/article2/0,4149,1195018,00.asp that " In our attempts to scan machines accessing our client, we couldn't get originating IP addresses"

Thats a good start in that it is difficult to see who is downloading. Still - how difficult is it for someone to find out who the uploaders are with the Manolito protocol, especially if you are the only one offering a file at that particular time? Thats the real question. Pablo has been very quiet on that detail. I used to see a lot of posts on what he was trying to do on the old Unite the Cows website but there is nothing now.
It is very easy to obtain the addresses of those you are transferring to and from. In my testing, search queries were also traceable to the originator. A MP2P dissector should be available soon in the next release of Ethereal.

No but I can definately say earth station 5 is





J/k everyone, I have no clue, truely nothing can fully be anonymous, what should be attempted is to hide what it is your sharing so others canot see what it is unless they are downloading the file from you. That way the riaa could not sue you as they cannot proove what it is you are sharing. Then once that is done you can try and hide peoples identity to further the difficulty of identification.

No but I can definately say earth station 5 is





J/k everyone, I have no clue, truely nothing can fully be anonymous, what should be attempted is to hide what it is your sharing so others canot see what it is unless they are downloading the file from you. That way the riaa could not sue you as they cannot proove what it is you are sharing. Then once that is done you can try and hide peoples identity to further the difficulty of identification.

From what I know, hiding your file list will not help you. The RIAA employs companies (again, last I remember) that are paid to search for certain illegally shared files, download them from you, and collect your data in the process.

So essentially, hiding your file list is useless if you still plan to share.

You know what a filesharing app should do, they should take the list of the riaa dudes, and if they connect to you the only files they get are legit files. That way they think everything on p2p is good. Although secretly everyone is sharing their files.

The simple answer is no,it's not!

blubster isn't anonymous at all, it's probably more secure than fasttrack, but that shouldn't be that difficult :)

Though it has its perks it is far from annoymous depending on what is considered anonymous. Dont get me wrong at one time I enjoyed the network myself for music and it does do a little better then some other networks in making your file list unretrievable but other then that it is pretty much wide open for the taking unless there using something else I dunno about.

-infringer-