Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Combining BitTorrent With Darknets For P2P Privacy

kdawson posted more than 5 years ago | from the your-move dept.

Privacy 325

CSEMike writes "Currently popular peer-to-peer networks suffer from a lack of privacy. For applications like BitTorrent or Gnutella, sharing a file means exposing your behavior to anyone interested in monitoring it. OneSwarm is a new file sharing application developed by researchers at the University of Washington that improves privacy in peer-to-peer networks. Instead of communicating directly, sharing in OneSwarm is friend-to-friend; senders and receivers exchange data using multiple intermediaries in an overlay mesh. OneSwarm is built on (and backwards compatible with) BitTorrent, but includes numerous extensions to improve privacy while providing good performance: point-to-point encryption using SSL, source-address rewriting, and multi-path and multi-source downloading. Clients and source are available for Linux, Mac OS X, and Windows."

cancel ×

325 comments

Sorry! There are no comments related to the filter you selected.

About time (5, Insightful)

Keeper Of Keys (928206) | more than 5 years ago | (#26963301)

The need for this has been brewing for a while. Hope it does what it says on the tin.

Re:About time (0)

Anonymous Coward | more than 5 years ago | (#26963509)

I've been doing BitTorrent over TOR for a while now. What makes this so great?

Re:About time (5, Insightful)

Valdrax (32670) | more than 5 years ago | (#26963749)

I've been doing BitTorrent over TOR for a while now. What makes this so great?

Stop it, jackass. TOR is not designed for that. It severely degrades the latency of the network, and the network does not have the bandwidth to sustain numerous users doing large file-transfers over it. The network is intended for anonymous expression -- not to transfer DVD after DVD.

Re:About time (5, Insightful)

Anonymous Coward | more than 5 years ago | (#26963881)

Honestly--I don't mind as long as he contributes at least $N_HOPS * $BANDWIDTH_PASSED back to the network--and as an exit node. Otherwise...yeah--they're a jackass. And the worst part is they probably don't care.

The more use use tor sees, the better crowd anonymity it provides. But given most people just abuse tor... well...all I'll say is it's been found there's a few substantial weaknesses--if you're using lots of traffic, you're probably going through a few private chokepoints. I sure hope they forward your information to appropriate third parties...

Re:About time (4, Insightful)

Brian Gordon (987471) | more than 5 years ago | (#26963905)

I sure hope they forward your information to appropriate third parties...

...Which would utterly ruin tor.

Are you a paedo? Probably (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26963987)

Weirdo you not only steal flicks, you steal paedo flicks sicko

Re:About time (0)

Anonymous Coward | more than 5 years ago | (#26964247)

No need to be a jackass, dick. Instead of flinging names around, try being a decent fellow and just plainly state why he shouldn't do what he does.

Re:About time (0)

Anonymous Coward | more than 5 years ago | (#26964381)

No need to be a moron, you dolt. "The network is intended for anonymous expression -- not to transfer DVD after DVD." Clearly TOR doesn't have enough bandwidth to allow everyone to simply sit there and upload all their favourite juarez and waste all my secret bandwidth.

Re:About time (0)

Anonymous Coward | more than 5 years ago | (#26964019)

I seriously hope that the NSA spends my tax dollars to track you down, just because I hate people that use TOR for music downloading.

Re:About time (1)

indi0144 (1264518) | more than 5 years ago | (#26964399)

are you on drugs or logic challenged? maybe thats why I've been weeks without access to the TOR network. Someone just give this AC a Darwin Award.

Re:About time (0)

Anonymous Coward | more than 5 years ago | (#26963515)

Vulnerabilities aside, it should. While you probably can't go all in like tor or freenet and still have reasonable transfer rates, just a single step of misdirection should be sufficient to protect from lawsuits.

Well, if you live in country where the courts accept 10 misdirected search warrants for every hit, it might not help a lot, but in democratic countries such uncertainties would be unacceptable.

In other words, removing the evidence value of having an IP attached to a specific file is easier than establishing complete and total anonymity.

We already have this; it's pretty much worthless. (5, Insightful)

Anonymous Coward | more than 5 years ago | (#26963653)

There have been BitTorrent clients for I2P for years now. They're useless, largely, because anonymous networks are nightmarishly slow and unreliable, and very, very few people bother to upload anything interesting (at least in my opinion).

Before anyone accuses me of trolling, I've been using TOR off and on at home since 2005, and I've experimented with I2P for about 6 months in the wake of whistleblowing of the NSA wiretapping program. They're horrible, frankly, and I only put up with TOR still out of sheer cussedness. TOR at least lets you get content from the outside world; I2P is darknet-only, and darknet-only content isn't that exciting.

In fact, it's frankly dull as hell -- mostly political rants and porn (often of the less than legal variety). Sure, that could theoretically be overcome, but it won't, because performance is so bad that no one uses them but people stubbornly making a political point or people with downright criminal tastes (like the child porn freaks that seem to dominate the core.onion message boards). Mainstream consumers want convenience, and darknets don't provide it.

The performance is terrible because every download on a darknet is limited by the upstream bandwidth of the worst of your peers -- each of which is generally passing through streams from several other peers at the same time. Think about this. Think of the common 128 Kbps cap on most residential DSL or cable. And this is when you don't have unreliable or malicious peers.

So, frankly, who cares? I pirate copyrighted material because it's convenient and it lets me intelligently spend my money only on things I've vetted first -- spending my money only on things that have merit. Darknet torrenting is simply NOT convenient, and I simply wouldn't bother if it truly became necessary.

I like the concept of TOR and darknets because they provide an important technological counterbalance to tyranny, but I seriously doubt that they could survive as a useful tool for issues less relevant that free speech and survival, like wanting to get movies for free.

Re:We already have this; it's pretty much worthles (1, Interesting)

Anonymous Coward | more than 5 years ago | (#26963743)

Try using Relakks, SwissVPN or a VPN service similar. I use BitTorrent with them and regularly get 600k/sec or more transfers.
Its not as fast as my ADSL2 connection but fast enough for most things.

Not a new idea (4, Informative)

Burz (138833) | more than 5 years ago | (#26963807)

Try the following:

I2P net [i2p2.de]
MUTE/ Kommute [sourceforge.net] / Ants/ Dargens
Alliancep2p.com
Filetopia.org
GNUNet
Rodi
Emscher ...and probably more.

Some of these like I2P use bittorrent over their anonymized network (a BT client is built into I2P but you can use some others... Note that Azureus aka Vuze has I2P support built-in!)

After viewing the demo video (3, Informative)

Burz (138833) | more than 5 years ago | (#26964149)

OneSwarm seems to have a lot more polish than the P2P networks I listed: In-browser previews, codec translation of media files, integration with GoogleTalk, etc.

The basic transfer functionality appears to be similar although based on the invite-only darknet idea. Personally, I do not think these darknets offer much advantage, as the other P2Ps (and also Tor) offer anonymity by maximizing the number of participating nodes... which provides resistance to authorities trying to social-engineer and recruit their way into smaller friend-based networks.

Re:After viewing the demo video (1)

Threni (635302) | more than 5 years ago | (#26964177)

>Personally, I do not think these darknets offer much advantage, as the other P2Ps (and also Tor) offer anonymity

Using p2p over TOR isn't going to get you very far. It's slow, and the TOR community hate you for doing it. It would be nice if there were a way of helping TOR by providing more users, rather that just taking from it.

Re:After viewing the demo video (1)

Burz (138833) | more than 5 years ago | (#26964275)

Using p2p over TOR isn't going to get you very far.

I think you read too much into that. I mentioned TOR only in the sense anonymizing traffic.

It would be nice if more users ran relays and exit nodes. And really the latter is what we need... it would be nice if at least in the west people could find some more legal reassurance to running an exit node.

Re:Not a new idea (1)

Brian Gordon (987471) | more than 5 years ago | (#26964267)

All very blah. Check out some screenshots [oneswarm.org] of OneSwarm. Slick! Plus you can access the web interface remotely, and play video and audio files from the network directly in the web interface. And you can exchange keys with trusted friends automatically via Google Talk, and there's a gmail-esque friends request interface. The coolest thing though is the fine tuned control you have over distribution.. you can control which friends and which groups you allow which shares to route through.

Re:About time (1)

dalhamir (1423303) | more than 5 years ago | (#26963877)

I bet it doesn't really give much legal protection. If you are knowingly forwarding information on to a third party, that's just as bad as you receiving it yourself. So while this might limit the scope of any suits, any agency could still sign on to any part of the network and have ample evidence to sue any of it's local neighbors. In theory, this limits the damage to only those people stupid enough to directly connect to the infiltrator. However, in a practical sense, BitTorrent is only successful because of the decentralized nature of the swarm. Anything but a extremely liberal connection policy will probably result in network hubs that will significantly impede network efficiency.

Re:About time (2, Informative)

dgatwood (11270) | more than 5 years ago | (#26964151)

Actually, assuming you're talking about an unmonitored repeater, you aren't knowingly doing anything, and thus, you should, at least in theory, be protected under the same sorts of DMCA exemptions as any other internet service provider that passes pirated/illegal content during the normal course of IP-based routing.

That said, if you do pass something inappropriate, IP number alone is almost certainly sufficient probable cause to obtain a search warrant. Having the same protection as an ISP doesn't mean they can't charge you with a crime or sue you for copyright violation, doesn't mean they can't confiscate your equipment, and doesn't mean the charges won't stick if they find evidence of the crime or copyright violation on your computer.

In short, if you are an innocent repeater, you are probably protected (though you may incur significant difficulty getting your confiscated equipment back), but if you are abusing your status as a repeater to mask the fact that you are doing something wrong, chances are they'll find you through some other means outside the scope of the protocol itself---possibly even outside the scope of the Internet entirely.

Source? (1, Informative)

Anonymous Coward | more than 5 years ago | (#26963327)

Hmmm. The "get source" button goes to an email form for me. Does anyone know whether the source is freely distributable? If so, could someone please upload it as a torrent?

Re:Source? GPLv2, Java (1)

Janek Kozicki (722688) | more than 5 years ago | (#26963441)

It's weird. But when I download their binary .tar.gz there's a COPYING.txt file, and OneSwarm's license is GPLv2. Then why are they blocking downloading of source?

And also, it's written in java. Bleh.

Re:Source? GPLv2, Java (5, Informative)

hannson (1369413) | more than 5 years ago | (#26963485)

We're just packaging up the source now (we just released this today), and will post a link on the website soon. Thanks!

This is the reply I got from using the mail form.

This is clearly a criminal tool (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26963343)

Really, what do you have to hide in your bittorrents that makes you so unconfortable? This is something that criminals will use to steal music and that is the bottom line.

Re:This is clearly a criminal tool (5, Insightful)

Anonymous Coward | more than 5 years ago | (#26963557)

Laws used to be about freedom and justice. But now corporations are making laws.

Lobbying used to be called bribery. It also used to be illegal.

Re:This is clearly a criminal tool (2, Insightful)

L4t3r4lu5 (1216702) | more than 5 years ago | (#26963579)

That's lobbying for you.

Self reference paradox anyone?

This is clearly a BS tool (1, Insightful)

Ostracus (1354233) | more than 5 years ago | (#26964271)

"Laws used to be about freedom and justice. But now corporations are making laws."

And what kind of laws are illegal down loaders making? So far as I've seen not one law has been changed because of "Arrr, I'm a pirate" and in fact the situation's gotten worse. So once again what has piracy done for "freedom and justice"? You know the "freedom and justice" that doesn't just apply to the "Arrr!" crowd.

Re:This is clearly a criminal tool (3, Insightful)

Tubal-Cain (1289912) | more than 5 years ago | (#26963611)

ISPs, the RIAA, and the government cannot poison the well if they can't find it.

Re:This is clearly a criminal tool (1)

Anonymous Coward | more than 5 years ago | (#26963677)

But supposedly the honorable people of Slashdot only use Bit-torrent for legal purposes.

Are you implying that the government and RIAA are "poisoning" LInux iso torrents and Creative Commons music?

Re:This is clearly a criminal tool (1)

Locke2005 (849178) | more than 5 years ago | (#26964015)

Are you implying that the government and RIAA are "poisoning" Linux ISO torrents...? Well, I named my Linux Distro "BritneySpears_BabyBaby", and somebody keeps poisoning the torrent... it must be the RIAA!

Re:This is clearly a criminal tool (1)

Brian Gordon (987471) | more than 5 years ago | (#26964051)

Ouch. Well there is the argument that if someone's seeding bandwidth is being monopolized by RIAA bots on an illegal torrent then they have less bandwidth to seed on legal stuff. Even serving up fake data can harm legit swarms, since downloading is also good for the network.

Re:This is clearly a criminal tool (0)

Anonymous Coward | more than 5 years ago | (#26964185)

Really, what do you have to hide in your bittorrents that makes you so unconfortable?

Screw you, asshole, that's NOT the point. Goddamn motherfucking RIAA/MPAA troll..

why? its all legal (-1, Troll)

cliffski (65094) | more than 5 years ago | (#26963357)

But we only use p2p for distributing WOW patches and linux distros. Whyw ould be need all this security for what is perfectly legal?
Or could it be that the pretence that p2p is used for legal purposes has finally been dropped here at torrentfreak / slashdot?

Re:why? its all legal (5, Informative)

Anonymous Coward | more than 5 years ago | (#26963435)

I'll be charitable and assume you are just uninformed. Inform yourself. [schneier.com]

Re:why? its all legal (1)

LingNoi (1066278) | more than 5 years ago | (#26964291)

What if you are doing something wrong but the authority think you're doing something worse? A real case scenario of this happening is the shooting of the innocent Brazilian in England.

The police thought he was a terrorist planning to bomb the trains, he thought the police were trying to catch him because of his expired visa.

Hmmm. (1)

apodyopsis (1048476) | more than 5 years ago | (#26963371)

Hmmm.

So how long before the **AA bury this is a mass of litigation?

Though the main advantage of this system is that you can limit the access to a selected list of identities so this to my mind becomes more like a private group.

But at some point you have to grant access to people or you will have no audience, and I have often thought that private groups are like encrypted networks - they only raise the suspicion you have something to hide.

Re:Hmmm. (2, Interesting)

L4t3r4lu5 (1216702) | more than 5 years ago | (#26963437)

All the more reason to get the darknet up and running before it disappears.

Once the source code is out there, it'd be impossible to stop. Let's hope they post it instead of making you mail in requesting it.

Re:Hmmm. (1)

Walkingshark (711886) | more than 5 years ago | (#26963475)

Once the source code is out there, it'd be impossible to stop. Let's hope they post it instead of making you mail in requesting it.

Well, you could always mail in and request the source and then post it, maybe on sourceforge? It is open source, right?

Re:Hmmm. (1)

hannson (1369413) | more than 5 years ago | (#26963755)

It is open source. From what I can tell this is a slightly modified version of Azureus, most of the changes are under the hood in a friend-to-friend plugin (I just took a quick look, waiting for the source code). My guess is that the most notable changes are already listed in the white paper [washington.edu]

Re:Hmmm. (3, Insightful)

Brian Gordon (987471) | more than 5 years ago | (#26964089)

If nobody's out there promoting it with a website and support and a download link, few people will participate and it will slowly die.

You'd need kind of a large critical mass before the network can sustain its growth just by nodes emailing friends the source. A lot more than just "up and running".

Re:Hmmm. (1)

Chandon Seldon (43083) | more than 5 years ago | (#26964305)

If nobody's out there promoting it with a website and support and a download link, few people will participate and it will slowly die.

Just like Gnutella. The "offical" client was up for one day in 2000 before being taken down, and it's still one of the top (if not the top) peer to peer protocols today.

Re:Hmmm. (1)

Brian Gordon (987471) | more than 5 years ago | (#26964377)

Good point, but I have to point out that interest in Gnutella was massive, while fewer people are interested in the inconvenience, high latency, and very low bandwidth of this kind of darknet.

Sometimes (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26963379)

The best isn't right.

Goatse. Kittens. [goatse.fr]

The internet at work. (4, Insightful)

L4t3r4lu5 (1216702) | more than 5 years ago | (#26963399)

"The Internet interprets censorship as damage and routes around it."
- John Gilmore [toad.com] , Co-Founder of the Electronic Frontier Foundation [eff.org]

Re:The internet at work. (3, Funny)

Shadow-isoHunt (1014539) | more than 5 years ago | (#26963705)

I always thought that was Benjamin Franklin.

Re:The internet at work. (4, Funny)

Obfuscant (592200) | more than 5 years ago | (#26963773)

Don't be silly. Why would the internet interpret Benjamin Franklin as damage?

Re:The internet at work. (4, Funny)

Brian Gordon (987471) | more than 5 years ago | (#26964101)

No, the internet interprets censorship as Ben Franklin and routes around him.

Re:The internet at work. (0, Troll)

iminplaya (723125) | more than 5 years ago | (#26963929)

Hmmmm, this looks like a good place to drop anchor...

A better solution (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26963433)

how about you thieves just buy something for one instead of being a bunch of thieving cunts?

funding (1)

binarybum (468664) | more than 5 years ago | (#26963443)

nice to see some NSF funds going to good use.

Re:funding (1)

AlHunt (982887) | more than 5 years ago | (#26963863)

nice to see some NSF funds going to good use.

Why does the National Sanitation Foundation [nsf.org] even care about file sharing, I wonder ...

Been done, and better supported. (0, Redundant)

srealm (157581) | more than 5 years ago | (#26963455)

How is this any different to P2P over TOR, except for the fact TOR exit nodes tend to block several 'standard' P2P ports (which is easily fixed by using a non-standard port for your P2P)?

TOR has the added avantage of nobody needing to use some new piece of specialized software to be able to get the benefits of anonymity - and it's not used for a single purpose - so people can't go 'Oh! he's using OneSwarm! He must be P2P sharing, and want to hide it!' ....

Re:Been done, and better supported. (1, Interesting)

Anonymous Coward | more than 5 years ago | (#26963497)

Tor isn't a darknet, it's an onion routing protocol. It's different in that a darknet only involves connecting to trusted friends (people you explicitly added to your peer list), whereas Tor connects you to random strangers in its attempt to hide your identity.

Exactly, TOR is a dorknet (1)

tobiah (308208) | more than 5 years ago | (#26963661)

much more accommodating to the friendless. And who'd want to be, what with their stinky packages?

Re:Exactly, TOR is a dorknet (1)

Brian Gordon (987471) | more than 5 years ago | (#26964135)

I'm sure most slashdotters know people on IRC who at least aren't RIAA lawyers..

Re:Been done, and better supported. (2, Informative)

L4t3r4lu5 (1216702) | more than 5 years ago | (#26963517)

It's a darknet [wikipedia.org] , therefore invite-only.

It relies on the model that "my friend knows 4 people who use that service, so I can acces my friend's connection to those 4 people. Those 4 people know 3 people each, so I can access those 4 people, and another 12. Those 12 people know..." and there we have a large, private, trusted network.

Plus, there's no need for any particular darknet to connect to another. you can run your own darknet between your friends, not connected to any other darknet.

Re:Been done, and better supported. (1)

CyprusBlue113 (1294000) | more than 5 years ago | (#26963769)

It's not just a darknet though, its a peer hidden secure darknet. You could invite the RIAA themselves and it wouldn't matter as long as the person who invited them did not share anything themselves illegal.

Re:Been done, and better supported. (1)

Brian Gordon (987471) | more than 5 years ago | (#26964237)

That's what he said:

so I can acces my friend's connection to those 4 people

Re:Been done, and better supported. (1)

Valdrax (32670) | more than 5 years ago | (#26963771)

How is this any different to P2P over TOR, except for the fact TOR exit nodes tend to block several 'standard' P2P ports (which is easily fixed by using a non-standard port for your P2P)?

Stop doing that. People block these ports for a reason, and that's because the network is not intended to handle this kind of load. People like you make using TOR miserable for everyone else.

Friends? (5, Insightful)

honestmonkey (819408) | more than 5 years ago | (#26963461)

One problem from the demo seems to be that you need to have friends. I don't know anyone that has the por^h^h^h files that I want already.

Re:Friends? (1)

SwedishPenguin (1035756) | more than 5 years ago | (#26964125)

But maybe you know someone, who knows someone, who knows someone, who knows someone who has the files you want? (assuming an average of 10 peers each, that would be anyone of 10,000 people)

Re:Friends? (1)

SwedishPenguin (1035756) | more than 5 years ago | (#26964141)

Hm, that's assuming no overlap, so probably less. :P

Trust no one (3, Insightful)

westlake (615356) | more than 5 years ago | (#26964243)

One problem from the demo seems to be that you need to have friends.

You'll find plenty of "friends" on the net willing to trade in porn - or anything else, for that matter.

The question is, who do you trust?

In the case of OneSwarm ...an adversary would be able to correlate the increase in traffic between sender and receiver along an overlay path. FAQ [washington.edu]

I can't quite shake the notion that a "web of trust" is inherently fragile.

That as they scale upward and are increasingly interwoven there will be a breach, a tear - that will unravel very quickly.

Not really that great (0)

Anonymous Coward | more than 5 years ago | (#26963467)

I believe there have been p2p networks in the past that have tried something similiar to this.

The problem is that they never scale well. Once they get very large it takes forever to download anything.

It works okay if you have just a small local network (like say a college campus worth), but then the amount of content is very limited.

I don't see anything different about this effort in reality.

I don't understand. (1)

commodore64_love (1445365) | more than 5 years ago | (#26963489)

Please explain.

If "Joe" in Virginia and "Mike" in California each have a copy of Hannah Montana's latest episode, I use Utorrent to directly connect to their IP address and start downloading pieces. How does OneSwarm work differently to get this video over to my machine?

Re:I don't understand. (2, Insightful)

L4t3r4lu5 (1216702) | more than 5 years ago | (#26963563)

It works by you being friends with Joe and Mike. They in turn are friends with Rachel and Simon, Brad, Jamie, and Robert respectively. That's now seven people to download from. Those 5 people have more friends, maybe with the file, maybe not, but THEIR friends might have it...

Plus, because it's not an open network, the trust between peers is higher. It will always be a "friend of a friend" that you're downloading from.

We just need to make sure nobody is friends with the MAFIAA.

Re:I don't understand. (1)

jaavaaguru (261551) | more than 5 years ago | (#26963595)

It encrypts the communication so that "Bob" at the RIAA can't see what you're copying by looking at network packets.

At least that's what the summary says to me.

Re:I don't understand. (1)

Fry-kun (619632) | more than 5 years ago | (#26963627)

More than likely, it hides Joe's and Mike's IP addresses in the OneSwarm database - you have to be a friend of someone who has it to actually download a copy. Similar to friend invites on Demonoid (need a friend who's already a member to get an account and start downloading) - except this is decentralized.

Re:I don't understand. (5, Funny)

InsertWittyNameHere (1438813) | more than 5 years ago | (#26963633)

Please explain.

If "Joe" in Virginia and "Mike" in California each have a copy of The Big Bang Theory's latest episode, I use Utorrent to directly connect to their IP address and start downloading pieces. How does OneSwarm work differently to get this video over to my machine?

There, saved you from ridicule. You owe me!

Better than TorrentPrivacy? (1)

rudeboy1 (516023) | more than 5 years ago | (#26963499)

I was reading about TorrentPrivacy [torrentprivacy.com] last week, and it sounded nice, except the site gave me a heavy "fishy" vibe, and they charge a fee for their service.

I'm reading up on OneSwarm, but I don't know enough about the technology to know if this works the same way, or better than TP. Any thoughts?

Re:Better than TorrentPrivacy? (1)

Burz (138833) | more than 5 years ago | (#26963985)

I believe TP is a simply proxy or VPN service. If TP is forced to rat on you by the government, they could conceivably do so by simply starting to log IP data.

OneSwarm is like TOR or I2P in that the needed IP information is beyond the reach of any one entity. Its temporarily distributed through the swarm just long enough to make transfers possible. You would have to own a large chunk of the machines in a swarm to be able to connect/prosecute a user with a particular file or activity.

Re:Better than TorrentPrivacy? (1)

AHuxley (892839) | more than 5 years ago | (#26964253)

Say a group of top US telcos all connected to the NSA?
Would that be a large chunk of the machines?
Always assume your US ISP is linked to the NSA
ie point to point logs of every IP session on US networks.
If the NSA could do it back in the day, so can the feds 'today'.
Or a company trying to play nice with the feds.

The average user don't care about security (1)

tkdrg (1484293) | more than 5 years ago | (#26963521)

Do you think that your average user will replace a software that works for a new one? Do you think that they care about privacy? Do you think that they know what SSL is?

Re:The average user don't care about security (1)

jaavaaguru (261551) | more than 5 years ago | (#26963621)

Perhaps not, but in that case they'll soon find out what being sued is.

Re:The average user don't care about security (0)

Anonymous Coward | more than 5 years ago | (#26963715)

Do you think that they know what SSL is?

Self-solving problem. Eventually the average user will understand security because those who didn't are removed from consideration.

Re:The average user don't care about security (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26963955)

Do you know where you're going to? Do you like the things that life is showing you? Do you get what you're hoping for? Do you know the way to San Jose? Well, do you?

What about TOR? (0, Redundant)

Khopesh (112447) | more than 5 years ago | (#26963617)

Why not implement it within TOR? We could use some more exit points, and this seems like a great method of accomplishing that.

I still insist that the TOR cloud should contain transparent caching proxies and the like so that it doesn't need to use those rare exit nodes as often...

And before somebody starts groaning about it, TOR isn't flawed or "insecure." It's not a security tool. It is an anonymizer. Its purpose is exactly what P2P users need.

How about... (2, Informative)

Rhabarber (1020311) | more than 5 years ago | (#26963619)

freenet [slashdot.org] (there is a dark net mode since version 7).

I remember people arguing dark mode being an anonymity thread itself. I case you computer is seized you and your 'friends' are immediately identified as part the of same conspirative group (based on client's friend list). Might rather be a problem in totalitarian systems where being suspicious is enough to face personal detriment (no pun intended).

already exists (1)

ILuvRamen (1026668) | more than 5 years ago | (#26963637)

A while ago I used Grouper. It's a peer to peer system where you have to join a group to download files from someone else in the group or you can choose to make your files public and search for public files. If someone can't get into your group, they can't see what files you have or what you're transferring. I dunno if the error correction and speed were up to bittorrent levels though. It was awfully convenient and awesome for collaborating on projects and stuff. I loved it so if this is sort of similar, I think it will do well.

Yay!!! (1, Flamebait)

Jane Q. Public (1010737) | more than 5 years ago | (#26963679)

Had to happen eventually. But it would be nice if there were C-based clients rather than Java. Java is cool, but it is also slow.

Still, this is just the first of what one can hope will be many. Props for doing it first.

Re:Yay!!! (1)

thermian (1267986) | more than 5 years ago | (#26963797)

Had to happen eventually. But it would be nice if there were C-based clients rather than Java. Java is cool, but it is also slow.

Java is slower than C, yes, but having used it recently for the first time on some commercial work, I have to say that speed concerns aside, Java is vastly better in terms of additional libraries, ease of use, and general 'getting things done faster'.

With multi core software being the way forward, it also has the edge because its easier to paralellise than C/C++ (well ok, debatable, but in my experience its easier and involves less dev time), and the increase in cores mean the old concerns about speed aren't as relevent, or won't be soon.

Not that I'm using Java for my own work, just for paid stuff. Since my own code is something I control, the reduction in dev time you get from Java isn't a factor, and I do like my C++.

Re:Yay!!! (1)

Jane Q. Public (1010737) | more than 5 years ago | (#26964179)

Preaching to the choir. Yes, even though I chide Java for being slow my language of choice is Ruby, which is even slower. For most of my purposes, though, it is still the best.

Re:Yay!!! (0)

Anonymous Coward | more than 5 years ago | (#26964103)

But it would be nice if there were C-based clients rather than Java. Java is cool, but it is also slow.

1998 called. They want their knee-jerk cliche back.

Re:Yay!!! (1)

Burz (138833) | more than 5 years ago | (#26964419)

Actually, Java isn't slow at all compared to other high level languages. It is very fast.

Sometimes I wonder why you C trolls don't just switch to assembler. ... Or why you're so quiet whenever (rather slow) PHP is discussed ... or .NET for that matter.

Granted, Java was too much overhead on 1998 PCs (and those painful memories of slowness).. but its time to move on newer perspectives dear.

Why not just put an encryption layer on top of BT? (1, Insightful)

amn108 (1231606) | more than 5 years ago | (#26963791)

A simple question from a noob in the area:

Why not just peer-to-peer encrypt communication between BitTorrent nodes on the network? With keys that are distributed privately. Would that not completely hide the BitTorrent traffic making it impossible to eavesdrop at? If I sit by a router and see it transfer a blob of something that does not resemble anything else but an encrypted stream of something, I only have one choice - decrypt it first to see if the traffic belongs to something I consider illegal. But thats where cryptography comes in, right?

Re:Why not just put an encryption layer on top of (1)

Pozican (864054) | more than 5 years ago | (#26963835)

Public keys are public... So if you can decrypt the data, you are probably using a public key. Now if we used a public AND private key we'd be in business. Unfortunately, now everyone needs your private key; doesn't that make it public?

Re:Why not just put an encryption layer on top of (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26963893)

... because in your scheme there is nothing preventing the RIAA/MPAA from getting in on the cryptography action to collect the evidence they need. In other words, there is no way to filter RIAA/MPAA spies out from your fellow pirates.

All they have to do is infiltrate the method of "private" key distribution (which won't be all that private for any scheme involving more than just you and 3 of your closest buddies)

Re:Why not just put an encryption layer on top of (0)

Anonymous Coward | more than 5 years ago | (#26963919)

We've been encrypting BT for a long time now. It works against eavedropping, but that doesn't work against most of the bad guys.
The bad guys just find a torrent they think is infringing, connect to the tracker as an end node, and write down the IP addresses of any peers they can connect to.

So the trick here is to hide your own IP from the other peers. Actually, I had thought that I2P already provided this service.

Re:Why not just put an encryption layer on top of (5, Informative)

Anonymous Coward | more than 5 years ago | (#26964203)

Because the investigators don't eavesdrop on your connections. They come into the network as a peer and ask your client to send them chunks of whatever file you are currently sharing. It's very easy for them to do:

  1. Search torrent site for popular movie/artist name
  2. Download torrent
  3. Connect to tracker, get peer IP addresses
  4. Connect to peers, ask for parts of the file
  5. File a John Doe lawsuit and subpoena ISPs for customer details

Encryption occurs between peers - so your ISP can't decode the traffic, but the investigator can, because it is a peer.

Re:Why not just put an encryption layer on top of (1)

quickOnTheUptake (1450889) | more than 5 years ago | (#26964315)

But what happens when an investigator hired by a movie studio joins the swarm? How do you decide who gets a key and gets to participate in the network?

Source incoming (0)

Anonymous Coward | more than 5 years ago | (#26963827)

Received an email back after requesting source, it will be available shortly.

Email reads:
Hi Annon,

We're just packaging up the source now (we just released this today), and will post a link on the website soon. Thanks!

-M

Dumb (5, Insightful)

sexconker (1179573) | more than 5 years ago | (#26964053)

So a "darknet" is a private (trust-based) network.

You know, like a regular network or VPN.

Oh, and you want to use your darknet for P2P, so you want it to be popular? Then just chain your trust so friends of friends of friends can join in. They're trustworthy, right?

This is completely stupid.
You can't establish a successful P2P network without a large number of users to supply bandwidth and content.
You can't get a large number of users without making it easy to join.
You can't make it easy to join while keeping up a level of trust. If Joe Schmo from the internet can get on, then Joe Schmo from the RIAA can too.
You can't anonymize or encrypt traffic while staying decentralized. To anonymize traffic you need a central server where all traffic is routed through, or you need to route through other users and maintain some meta data centrally. If you encrypt traffic, you'll need to decrypt it, and then it becomes a key sharing problem.

It all boils down to keeping the MAFIAA out. No one can ever explain how their various "trust" mechanisms ensure that the MAFIAA stays out (because they can't).
No one ever explains what happens when the trust is broken (the whole net instantly becomes untrustworthy).
No one ever explains how encryption helps untrusted connections (it doesn't), or why it is even necessary for trusted connections (well, I'll accept this since nowadays everyone is illegally snooping in on every bit of data it seems.)

Re:Dumb (0)

Anonymous Coward | more than 5 years ago | (#26964209)

Can't the DMCA be used for privacy? Meaning, if you had a distributed proxy p2p network that did (trivial breakable) encryption between source and destination, a malevolent proxy node would be breaking the DMCA's anti-circumvention clause(s) by looking at was being transferred (because the message is assumed to be private, subject to copyright by default). Or is that just wishful thinking?

Re:Dumb (1)

argent (18001) | more than 5 years ago | (#26964213)

You don't know who you're getting the files from, so neither does Joe Schmo from the RIAA.

You don't know who's getting your files, so neither does Joe Schmo from the RIAA.

OneSwarm uses the "communist cell" model, where nobody knows anyone except their immediate neighbors, *and* they don't know who's requested or provided any file that's going through their node.

And at the top level of the collective are a bunch of drummers in nanobar tunnels under Puget Sound... oh, sorry, I'm channeling Neil Stephenson again.

Not *that* new. (1, Interesting)

Seth Kriticos (1227934) | more than 5 years ago | (#26964061)

Purely friend 2 friend based networks seem of quite limited use (come on, who knows anyone on the Internet really?).

There are implementations of Pseudonymous P2P clients like GNUnet which are much less trust reliant (more usable and robust). The only problem is, that they are somewhat alpha state and quite cumbersome to set up, and there are not too much files there. There are also a bunch of other approaches (here is a list of software: http://tinyurl.com/cvrvg7 [tinyurl.com] )

Problem is, the *AA will probably run to the next congressman with bribes as soon as this kind of stuff gets mature and wide spread and will create a new law that makes proxying iProperty illegal, then start leeching..

What they are also doing (right now) is forcing everyone to keep traffic logs. They will probably want to extend it to make it querriable centrally (you know, to protect the children) and use it to track down people. Wait, the last one involves intelligence.. OK, forget about that.

just use freenet (1, Informative)

AlgorithMan (937244) | more than 5 years ago | (#26964077)

just use freenet [freenetproject.org] together with frost [freenetproject.org]

this [127.0.0.1] is an index of all (?) "freesites" - you can visit as soon as you have freenet running

for linux users:
wget "http://downloads.freenetproject.org/alpha/installer/new_installer.jar"
java -jar new_installer.jar
cd "/path/to/freenet/"
./run.sh restart
mkdir frost
cd frost
wget "http://mesh.dl.sourceforge.net/sourceforge/jtcfrost/frost-04-Mar-2008.zip"
unzip "frost-04-Mar-2008.zip"
chmod +x frost.sh
./frost.sh

you need to have java and I don't remember whether you need to run this as root. iirc you don't. The filename from the sourceforge link will vary - just check http://sourceforge.net/project/showfiles.php?group_id=25070 [sourceforge.net]

DarkNet is great for privacy but... (0)

Anonymous Coward | more than 5 years ago | (#26964201)

Security is big issue that DarkNet has. I know that malware and other junk can come the neither regions of DarkNets and I worry about what pieces of malware that could affect file integrity in the P2P networks.

That sound you just heard... (4, Funny)

Eil (82413) | more than 5 years ago | (#26964241)

...was that of a few University of Washington researchers being escorted into the back of an unmarked van.

And..... what's the legitimate use for this? (1, Interesting)

Anonymous Coward | more than 5 years ago | (#26964395)

I can't think of a need for anonymous, untraceable exchanges of large volumes of data for something that isn't piracy.

Efficient transfer of large volumes of data? Sure.

Anonymous, untraceable exchanges of small amounts of data? Sure.

But really, if you're using this you're almost certainly a warez kiddie.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>