CNET discusses P2P's little secret

[wessman]

P2P's little secret
By Declan McCullagh, Staff Writer, CNET News.com
July 8, 2003, 12:01 PM PT
http://news.com.com/2100-1029-1023735.html

File swappers hoping to share music and other works online without exposing their identity to the prying eyes of copyright enforcers face a tough choice.

Popular peer-to-peer networks such as Kazaa, where the lion's share of online trading of music and other files takes place, are designed such that participants who wish to remain completely anonymous must pay a severe price in terms of convenience and usability, experts warn.

"There is no good system out there for hiding identities," said Randy Saaf, president of MediaDefender, a Los Angeles-based company that investigates peer-to-peer networks for the music industry. "If they're sharing content, they're wide open--they're running the risk. It's hard to anonymize people on a big public network."

There are plenty of incentives for Web surfers to try to cloak their identity these days. Recently, the Recording Industry Association of America (RIAA) pledged to sue individuals who infringe copyrights, and it won a court order forcing Verizon Communications to divulge the identity of a Kazaa user. The RIAA has already filed suit against four university students, and some schools have disciplined students for inappropriate file-swapping.

So far, the RIAA's threats of litigation have had no effect, said Wayne Rosso, president of peer-to-peer company Grokster. "As far as I can see, nobody really cares," Rosso said. "Our downloads are up, traffic is holding steady. Come on, users know they can't sue 60 million of them. Who are they kidding?"

Hiding on a file-sharing system is hard for a very simple reason: Peer-to-peer networks are designed for efficiency, not anonymity. They rely on a straightforward mechanism that is ruthlessly efficient at trading files. But, by broadcasting the contents of shared folders, the system leaves users vulnerable to identification and, therefore, to possible legal action.

On a peer-to-peer network, files are directly swapped between computers, each of which has a unique Internet Protocol (IP) address that can be traced back to the Internet service provider, corporation or university to which it belongs. Because computers on a peer-to-peer network transfer files without going through an intermediary, the IP address of one person on the network is generally available to everyone else.

Typically, a copyright holder can unmask a suspected infringer by sending a subpoena--which invokes a controversial section of the Digital Millennium Copyright Act (DMCA)--to the company or university providing network connectivity to the IP address in question, asking it to reveal the identity of the suspect. Once it knows the suspect's name, a copyright holder has the option of filing a lawsuit or simply sending a cease-and-desist notice.

Donning the mask
Products that offer privacy for activities such as Web surfing and e-mail have been available for some time, although most have been greeted with indifference by consumers. That attitude could change, however, with the RIAA's new policy of filing lawsuits against individuals, potentially sparking a renaissance in anonymizing tools for peer-to-peer networks.



Anonymous P2P file trading?
Wayne Cunningham, senior editor, Download.com
A surge in interest in anonymizing technology could radically change the character of the Net, if strong privacy software were to become widely adopted.

In response to the possible threat to file swappers of litigation or even criminal prosecution, some companies have begun to offer products they say will make filing a lawsuit against file swappers more difficult. Last week, for instance, a peer-to-peer service named Blubster announced a new version of its software that it touted as a "new, secure, decentralized, self-assembling network that provides users with private, anonymous accounts."

Consumers hoping for a painless way to hide their identity on peer-to-peer networks may be disappointed, however. For example, Blubster does not conceal the telltale IP addresses used to connect to the file-swapping service, meaning copyright investigators can, in practice, unmask anyone on its system.

Blubster counters that, in practice, its system will still make it more difficult for RIAA investigators to figure out the total number of files an individual is offering for download, as it does not list the files at a specific IP address. On the other hand, Blubster's method would not block a software program that maps the network by performing thousands of automated searches.

Because the RIAA will seek to sue the most flagrant infringers, the thinking goes, its investigators may target peer-to-peer networks that make such information available--without requiring as much discovery effort.

RIAA spokesman Jonathan Lamy declined to discuss the specific techniques the group employs when investigating infringement on peer-to-peer networks. But Lamy said "not only can these services be held criminally responsible, but users who try to avoid detection can face the same charge as well, in addition to the obvious civil liability."

That's not to say that there are no techniques available for savvy file swappers who wish to keep their identity secret.

One way to achieve reasonable anonymity for downloading files, experts say, is to find a free 802.11 Wi-Fi access point that does not require a password or a subscription. Because anyone can access the wireless network without identifying herself or himself first, lawyers from the RIAA would have difficulty tracking down individual users.

Scores of wireless access points exist in New York City, and some municipal governments have funded free access points with tax dollars. Last month, a working group of the Institute of Electrical and Electronics Engineers gave a boost to the growing interest in 802.11 by approving the 802.11g specification as a standard, a faster version of the early 802.11b protocol.

MediaDefender's Saaf admitted that this method offers effective cover for downloaders, but said he believes it is too inconvenient to become a serious conduit for illicit music and video files. "You can go into a Kinko's and plug into your laptop, too, and put files up on a P2P network," he said. "But, if people can't do it at home, they won't do it on a massive scale."

In addition, he predicted that wireless operators could come under fire from copyright holders if Wi-Fi file-sharing hubs become too widespread.

One file-distribution system that is trying to conceal even its users' IP addresses is the venerable Freenet, which breaks from the traditional mold of peer-to-peer networks by cloaking the identities of both the people distributing copies of a file and those downloading it. Because Freenet is intended to provide a near-uncensorable and encrypted way to communicate, its designers specified that individuals may not even know what files are stored on their hard drives. The downside: Freenet remains more difficult to search and offers less content than do the most popular file-swapping networks.

Ian Clarke, the project's inventor, said in an interview that the RIAA's recent legal actions and threats of additional lawsuits have heightened interest in Freenet. "The Freenet site has seen a threefold increase in Web traffic since the RIAA announcement," Clarke said. "We've received more donations to the project in the last week than we had in the past two months before that."

"We like the attention to some degree, and we certainly appreciate the donations, but it places us in a strange position," Clarke said. "Our concern and our goal is to protect political dissidents living in repressive regimes, not to let some kid get the latest Britney Spears album. But we can't prevent that without compromising the goal of Freenet."

Freenet's Web site describes the project as "free software designed to ensure true freedom of communication over the Internet. It allows anybody to publish and read information with complete anonymity. Nobody controls Freenet--not even its creators--meaning that the system is not vulnerable to manipulation or shutdown."

MediaDefender's Saaf admits that Freenet is a "a much more compelling technology" than its rivals. "But the problem with it is that it's not very user-friendly at this point," Saaf said. "It's always been more hype than practical utility. I don't know of anyone who uses Freenet."

In a recent debate, Matt Oppenheim, the RIAA's senior vice president of business and legal affairs, downplayed the problems that Freenet's anonymity may pose to lawyers for the music industry. "Other than the fact that most infringers do not like to use Freenet because it is too clunky for them to get their quick hit of free music, it is no more of a threat than any of the popular P2P services," Oppenheim wrote.

Lance Cottrell, founder and president of Anonymizer.com says one reason he has chosen not to extend his identity-cloaking service (which sells for $30 a year) to peer-to-peer networks is the threat of lawsuits from the music industry. Anonymizer provides only anonymized Web browsing and dial-up services.

"We have not enabled our service to work with the Gnutellas of the world," Cottrell said. "The problem is that the RIAA has the kind of money that, whether you're right or wrong, you're out of business. It's not whether you win or lose, but whether you survive the litigation."

Under a 1995 Supreme Court ruling, McIntyre v. Ohio Elections Commission, and other precedents going back to the pseudonymously published Federalist Papers, Americans enjoy a broad right to anonymity, especially for political speech. But courts have also held that someone's identity can be unmasked through a DMCA subpoena to an Internet provider or by filing a "John Doe" lawsuit.

In a ruling last week in the Aimster case, a federal appeals court went even further, suggesting that a file-swapping network that cloaks its users' activities might run afoul of copyright law, precisely because it is designed to conceal illegal acts.

"Aimster hampered its search for evidence by providing encryption," wrote Judge Richard Posner, a respected economist and jurist. "It must take responsibility for that self-inflicted wound."

Posner, who serves on the 7th Circuit Court of Appeals, wrote: "A service provider that would otherwise be a contributory infringer does not obtain immunity by using encryption to shield itself from actual knowledge of the unlawful purposes for which the service is being used."

Anonymity services
If large copyright holders begin to target privacy-protecting Internet services, advocates worry that the tiny industry may not be able to survive the eventual fusillade of laws and litigation. (In October 2001, Zero-Knowledge Systems, a pioneer in the type of identity-shielding technology that would be a boon to peer-to-peer networks, closed its flagship anonymity network, Freedom.)

Marc Rotenberg, director of the Electronic Privacy Information Center, says that anonymity should remain the default condition both online and offline. "It is in many different contexts in the physical world, whether it's travel or commerce," Rotenberg said. "The burden typically falls on organizations that want your personal identity to justify their reason."

Given the RIAA's history of lawsuits, Rotenberg said he fears the worst. "To the extent that anonymity appears on the RIAA radar screen--as have P2P and other technologies that stand in the way of copyright enforcement--you can be sure that RIAA attorneys will launch a frontal assault, regardless of the constitutional implications," Rotenberg said.


Related News
Piracy and peer-to-peer July 7, 2003
http://news.com.com/2010-1027-1023325.html

Labels aim big guns at small file swappers June 25, 2003
http://news.com.com/2100-1027-1020876.html

Wireless spec approved, next under way June 12, 2003
http://news.com.com/2100-1039-1016370.html

The mood among campus file-swappers May 14, 2003
http://news.com.com/2010-1071-1001272.html

Verizon gets 14 days to ID file-swapper April 24, 2003
http://news.com.com/2100-1027-998268.html

Watchdogs rap RIAA's file-trade assault August 30, 2002
http://news.com.com/2100-1023-956176.html

DOJ to swappers: Law's not on your side August 20, 2002
http://news.com.com/2100-1023-954591.html

Net users lose a secret-alias tool October 4, 2001
http://news.com.com/2100-1023-273956.html

Get this story's "Big Picture"
http://news.com.com/2104-1029-1023735.html

Copyright ©1995-2003 CNET Networks, Inc. All rights reserved.

[begoodbebad]

So does the aimster case mean that if freenet becomes identified as a means of sharing copyrighted materials the US courts could disable it on the grounds that making yourself wilfully ignorant is not a legitimate way to deny liability?
And where would this leave freenets beloved Chinese/Iranian/Saudi political dissidents (all three of them if they exist) and the kiddiepr0n fans (all two hundred billion of them who definitely are out there)?

[FileHoover]

"On a peer-to-peer network, files are directly swapped between computers, each of which has a unique Internet Protocol (IP) address that can be traced back to the Internet service provider, corporation or university to which it belongs. Because computers on a peer-to-peer network transfer files without going through an intermediary, the IP address of one person on the network is generally available to everyone else."

They have made a bad assumption. Earthstation5 in Stealth Mode goes through proxies. There IS an intermediary so your ip address is cloaked. ES5 makes it easy to use proxies also. You can configure up to 300 proxies. What that means is, you find a proxy list on the web (we supply thousands evey day at http://forums.es5.com), use your mouse to cut out a list, and paste it into your ES5 program proxy list. It takes 30 seconds. ES5 deletes each proxy if it becomes slow or unresponsive.

No one is going to subpoena the proxy in Ping Pong China looking for you, and 1000 other p2pers who are going through it. Especially since wading through a humungous logfile (if one even exists) would put a jury to sleep and a chinese judge isn't going to issue a subpoena for a capitalist-pig-youth-corrupting organization anyway. If that isn't enough protection for you, stop trading files because it isn't going to get any safer than that.

"Aimster hampered its search for evidence by providing encryption," wrote Judge Richard Posner, a respected economist and jurist. "It must take responsibility for that self-inflicted wound

Notice that encryption "hampered search for evidence". In addition to proxies, ES5 also SSL encrypts file transfers. Here a judge is telling you that this hampered search for evidence. i.e. it affords protection. If you aren't using a p2p app that encrypts, shame on you.

[FileHoover]

Originally posted by begoodbebad
So does the aimster case mean that if freenet becomes identified as a means of sharing copyrighted materials the US courts could disable it on the grounds that making yourself wilfully ignorant is not a legitimate way to deny liability?
And where would this leave freenets beloved Chinese/Iranian/Saudi political dissidents (all three of them if they exist) and the kiddiepr0n fans (all two hundred billion of them who definitely are out there)?

They can switch to ES5 which provides better anonymity than FreeNet (using freenet your ip address serves as a proxy for other freenet users and you are known about, ES5 uses 3rd party proxies. No ES5 user proxies for another). ES5 also has a global search function like Kazaa and other p2p apps which Freenet does not have. Why be a dissident when no one can find your message? ES5 has built in user filters that prevent downoading or sharing of kiddy porn (these can be disabled or changed by the user if he desires) but the default enables this. ES5 is not incorporated in the United States so the United States courts cannot shut it down. Even if they could, the protocol is decentralized so the network itself would continue to exist.

[begoodbebad]

filehoover some of the stuff you write is very very funny, very offensive but still funny. But trying to turn everything into an advert for ESV is just irritating.

You know I asked a question because it's a live issue and I'm interested to hear some feedback and some facts and get to the bottom of it, but you quote me and turn it into a cheap advertisement for an app i tried and dont even like that much.

You're in Haifa? Switch your PC off and get out into that sunshine, go down the coast, chill out in a shack in Mikhmoret or something but please try another tune.

Thankyou

[FileHoover]

Originally posted by begoodbebad
filehoover some of the stuff you write is very very funny, ery offensive but still funny. But trying to turn everything into an advert for ESV is just irritating.

You know I asked a question because it's a live issue and I'm interested to hear some feedback and some facts and get to the bottom of it, but you quote me and turn it into a cheap advertisement for an app i tried and dont even like that much.

You're in Haifa? Switch your PC off and get out into that sunshine, go down the coast, chill out in a shack in Mikhmoret or something but please try another tune.

Thankyou

Well, I don't know ANY very funny comedian, who is NOT offensive. Humor and offense go together.

I don't believe in advertising just so you know. You will find that EVERY post I make about ES5 is ALWAYS in response to something. Most cases I am responding to people who mention ES5 first.

However, this article had to be responded to because it is WRONG. I am stating some facts. Why do you find it offensive when I tell you there is a solution to a problem? Someone asked a question; "what are the Saudi dissidents are going to do?". I answered it with a valid answer.

It's like you're saying, "I"m thirsty" and I say, "Here's some water" and you say, "I find that offensive, you advertising water".

If someone says, "I want to get busted for sharing files and go to jail" I would not respond by saying ES5 is the solution. I would probably suggest using Kazaa if I bothered to respond at all.

You might find it irritating but the message is sinking in. If you have the luxury to use a p2p app that doesn't protect your ip identity, that is great. You'll put your finances and freedom at risk just because FileHoover is irritating. I can understand that.

[cheapprick]

Filehoover, this thread had nothing to do with ES5, so maybe his post is justified. As far as I'm concerned, you're a spammer. If I rambled into every single thread that claimed any level of security and bragged up Koala Ninja: The truly safe way to share pretty soon people would notice.

I'm not looking for debate, just trying to slow you down.

Second, your comments on Freenet vs. ES5 in child porn is just disturbing. What is the value of a filter that can be disabled? Can a Freenet user not choose to exhibit a little rationality of his own and avoid that material on Freenet? Of course they can, brag about your feature when it is mandatory.

edit replaced your with you're

[begoodbebad]

if that wasn't a spamming advertisment then i'm bill gates (twice). whats next....sponsored product placement?

[Krell]

To say that you are an opportunist is an underestimate.

It should be abundantly clear, that most of the members who frequent Zero Paid are sick and tired of your going on about ESV.

Perhaps you didnt read my posts where I state that the ESV threads and ESV discussion here will be trimmed refereed.

If you continue to post about ESV in every thread and news article posted, I will either limit your participation to strictly the ESV forums, or have to ban you, it has come to that.

We will contact you and Steve15, Kabair soon regarding acceptable use of our forums, in the best interest of the overall membership. You may not submit news to the news section, and ANY posts outside of the ESV forums are subject to deletion.

[Brycen257]

To Krell. Thank You !!. Thank You!!. Thank You!!. I am glad someone finally said something . I haven't been a zeropaid member for long and I am already sick of every second post turning into a praise ESV lecture. Give it a rest Filehoover. All you are doing is further turning everyone off ESV.

[beardedwonder]

Thanks Krell, hit the nail on the head! Does this news article tell us anything new? I don't think so but it does put a lot of info together. The whole thing with the RIAA being able to drag companies through the courts until the go bankrupt is really annoying though.

[Crazy Horse]

I'm with Cheap & Krell (and almost everyone here at ZP). This has got to stop FileHoover. You are doing more harm than good. Of your 175 posts I think 174 are just plain spam of ES5. Youv'e got a damn banner ad, your sig AND a forum. Don't you think that is quite enough?!?!?!?!?!?!?!?! Give it a break ! Geez !!

[camoor]

koala ninja... tell me more :D

[FileHoover]

That is bullshit. The original poster mentioned SEVERAL p2p apps in the article. The responding poster mentioned Freenet. That person is spamming about Freenet by your standards.

If you want to be fair, no one can ever mention any p2p app in a positive light, otherwise, they should be considered spammers.

I have valid information to contribute about the p2p anonymity scene, far more than anyone else here who can only make educated guesses. I and the other p2p programmers who are actually building this stuff have real information to impart.

The other P2P programmers don't post, probably because they have been hounded off the board by people who prefer rumor and other "politically correct" information.

If you prefer rumors, innuendo, guesses, false planeted information, press releases by ignorant reporters then that is your perogative. But you don't speak for everyone.

A lot of people want this information but they are too bashful to speak up because all these whiners make the atmosphere hostile.

If you don't like what I post, put me in your block list and then shut up. Stop trying to censor everyone else.

Actually, let's do it this way, if anyone out there likes what I post, go ahead and tell me publically in this thread, otherwise, I'll just delete my account here since judging by the people here, I'm in the wrong crowd.

[Lucian]

How about GNU-Net? It seems to be secure in theory. In fact its even more secure than Freenet in theory.

Of course while it has search features and ease of use in its favor, its also buggy and currently still in development.

I do think however that within a few months there will be a Windows port which may be feature complete.
http://mail.gnu.org/archive/html/gnunet-developers/
http://www.ovmj.org/GNUnet/