Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Can Poisoning Peer to Peer Networks Work?

CmdrTaco posted more than 11 years ago | from the stuff-to-read dept.

The Internet 391

andrewchen writes "Can poisoning peer to peer networks really work? Business 2.0 picked up my research paper from Slashdot and wrote an article about it. In my paper, I argue that P2P networks may have an inherent "tipping point" that can be triggered without stopping 100% of the nodes on the network, using a model borrowed from biological systems. For those who think they have a technical solution to the problem, I outlined a few problems with the obvious solutions (moderation, etc.)."

cancel ×

391 comments

1st Post and more (-1, Redundant)

tilleyrw (56427) | more than 11 years ago | (#4188546)

P2P will live forever as nothing can be done to shut down a network that cannot be circumvented.

Re:1st Post and more (-1, Flamebait)

macksav (602217) | more than 11 years ago | (#4188667)

mondo cock mutherfucker!

that's really all that needs to be said, eh?

Re:1st Post and more (-1)

macksav (602217) | more than 11 years ago | (#4188755)

yawn. scratch. fart. what time is it?

The easiest solution to fix poisoning... (3, Insightful)

Blowit (415131) | more than 11 years ago | (#4188551)

Have each user vote for each server they download from. If a specific server gives out bad files, the users would vote as a bad server. Then it would not be able to connect to the P2P network.

This would be moderation however, it would be the smartest way as each user would have their word on who is allowed and not allowed on the network.

Re:The easiest solution to fix poisoning... (1)

Kristoffor (562485) | more than 11 years ago | (#4188585)

Actually I really like this idea especially if it were similar to the /. method of moderation where heavy contributers are more likely to get moderation points. Maybe karma could also be thrown into the mix by giving those nodes with more offered files more karma?

Re:The easiest solution to fix poisoning... (0, Flamebait)

Suppafly (179830) | more than 11 years ago | (#4188715)

Except the system doesn't really work that well here, so why not implement a better idea?

Re:The easiest solution to fix poisoning... (2, Insightful)

Stonehand (71085) | more than 11 years ago | (#4188631)

Does that require either centralization (which attracts lawyers and introduces a single point of failure) or trust (P2P propagation of votes, which might be spoofable by a small conspiracy)?

Re:The easiest solution to fix poisoning... (1)

PainKilleR-CE (597083) | more than 11 years ago | (#4188646)

That would only lead to intentionally false moderation from the record labels, or anyone else that simply wanted to screw things up. If they can give out bad files, they can also give out bad votes.

Re:The easiest solution to fix poisoning... (3, Insightful)

jeremy f (48588) | more than 11 years ago | (#4188648)

Unfortunately, that would lead to bias from potential downloaders of music, as well as for manipulation of ratings by an individual or a group of individuals. Ultimately, this would only serve to flesh out targets by would-be P2P 'hunters', i.e. RIAA agents.

If I see a list of servers, and a rating, I'm instinctively going to select one of the top rated servers. Most people's ratings of such servers would be a function of two distinct factors:

- Does the server have what I'm looking for?
- How quickly can I get this file from this server?

If both factors are very favorable to me, I'm going give this server a good rating. If I can't connect, or the server doesn't have what I'm looking for, I'm going give the server a poor rating.

If a server wants to become highly rated in this type of a system, the operators must provide

- Lots of bandwidth
- Lots of files

Not many people can afford to do both. As a result, a 'cartel' of sorts would be formed, where the top few servers serve to a majority of the users, and the rest of the servers, of which there may be 20 times or more of, all serve to the minority.

If the 'hunter' wants to kill this group, what does he do? He wouldn't want to poison each one systematically -- he'd want to go after the big targets that everyone feeds from. This rating system would only help him expedite this process.

Re:The easiest solution to fix poisoning... (1)

sir99 (517110) | more than 11 years ago | (#4188714)

Hopefully the P2P network has decent search capabilities, so if the file you wanted wasn't on that server, you wouldn't connect to it in the first place (unless the file's misnamed, in which case you could vote against them) So you probably wouldn't vote at all for servers with few files.

The idea of all this P2P crap is that you can find the content you want from many providers, and new files quickly get spread all over the network.

Maybe bad votes could be attached to their respective files, so that files with votes against them wouldn't propagate though the network.

Re:The easiest solution to fix poisoning... (1)

jeremy f (48588) | more than 11 years ago | (#4188771)

The idea of all this P2P crap is that you can find the content you want from many providers, and new files quickly get spread all over the network.

Yep, and tagging a particular user or server as 'good' or 'bad' would cause downloaders to flock towards the 'good' users/servers, and stay away from the neutral or bad ones.

You wouldn't really be looking at a P2P system anymore -- the idea of everybody being a 'peer' would go out the window if users had some type of status through such moderation.

Re:The easiest solution to fix poisoning... (1)

FreeQ (139632) | more than 11 years ago | (#4188671)

And how would you prevent the poison source from voting ?

Re:The easiest solution to fix poisoning... (3, Insightful)

plover (150551) | more than 11 years ago | (#4188686)

But if I were the RIAA, my legions of henchmen would be voting down the servers that supply "stolen" music, and voting up the servers that supply poison. And they would meta-mod down anyone who disagrees with their votes.

So to be useful, votes would require authentication in order to avoid ballot box stuffing. But authentication goes hand in glove with identification, and that's something the users of the P2P networks seem to be trying to avoid.

Bottom line: voting is subject to the same poisoning that the files are subject to. It adds a layer of complexity that simply delays poisoning, but probably not for long. Hell, with the inevitable bugs (that end up denying users unpoisoned files) and long-term ineffectiveness, voting would probably be smiled upon by the RIAA.

Re:The easiest solution to fix poisoning... (2, Insightful)

Blowit (415131) | more than 11 years ago | (#4188759)

However, if the voting is ONLY allowed after a download, then this poisoning can be significantly reduced...

Re:The easiest solution to fix poisoning... (2)

KelsoLundeen (454249) | more than 11 years ago | (#4188826)

If I were the goddamn RIAA or the MPAA (Jack "Maddog ... Grrrr!!" Valenti, I mean) I'd focus a little bit on image enhancement.

If I were the RIAA, I'd tell my employees to stop acting like a bunch of two-bit hackers start giving the customers what they want.

Really, this whole thing -- from poisoning P2P network to authorizing legal hacks on 14 year old uers -- is absurd.

Hilary and Jack "Maddog ... Grrrr!!!" Valenti oughta take their fingers from the sockets and start talking with users and figuring out how they can get users what they want and the users can give the RIAA and MPAA what they want.

It's a long process, but I'll tell you one thing: the more the RIAA and MPAA keep employing the shock-trooper tactics, the less goodwill and grace (if such goodwill and grace ever existed, but I think it did -- at least in part) they're gonna get from Joe and Joe-elle Consumer.

Re:The easiest solution to fix poisoning... (1)

snatchitup (466222) | more than 11 years ago | (#4188756)

One problem, I download straight to my shared directory. I guess I'd have to stop this. I may initiate a job of downloading serveral files from slow servers, and not check them for a day or two in which time, any bad files could be propagated.

Re:The easiest solution to fix poisoning... (0)

Anonymous Coward | more than 11 years ago | (#4188766)

Browse slashdot at -1 sometime. Valid points are moderated down as "trolls" or "flamebait" if the moderator disagrees with them. Goatse links are often moderated up once or twice if they are placed in an otherwise normal-looking comment.


Blatently wrong posts often make it up to +5 informative, while a reply to it that is accurate will only get a +2 insightful.


Is that the sort of p2p network you want?

One big problem: Lazy users (3, Insightful)

Anonymous Coward | more than 11 years ago | (#4188555)

Many users, when they download a "poisoned" file, get a little angry... and then they move on WITHOUT deleting the file! This leaves it in the system on yet another node and increases the chances that someone else will download it from them. If users take a little more responsibility for the network, these files wouldn't spread very well at all.

Re:One big problem: Lazy users (1)

tiedyejeremy (559815) | more than 11 years ago | (#4188601)

I have a friend who claims to have thousands of reggae tunes downloaded on her computer. She's listened to only a handful of them.
This is the type of lazy user that causes problems.

People tend to relish the act of acquisition when they don't need everything they take. The excess stuff just accumulates. This reminds me of that article about our discards polluting Asia..... [slashdot.org]

Re:One big problem: Lazy users (1)

Kristoffor (562485) | more than 11 years ago | (#4188627)

I am guilty of this in a way however the cause isn't lazyness. I usually download mp3's in batches and over the course of the next day or so I check each song, make sure the ID3 tag is correct, normalize the filename etc. By the time I get to many of the bad files the host is no longer connected to the network and I wouldn't necessarily remember where I got it anyway. So it would be difficult/impossible to mod down the host/file.

Re:One big problem: Lazy users (1)

rushiferu (595361) | more than 11 years ago | (#4188763)

True, but if you specify your download folder to be seperate from your shared folder you could screen your files before allowing others to download them. A little effort from P2P users to clear the crap off their systems would go a long way towards improving the overall quality of the network.

Re:One big problem: Lazy users (0)

tiedyejeremy (559815) | more than 11 years ago | (#4188790)

try to convince the "Gimme Gimme" generation that it is their responsibility to police themselves. Likely the response you get will be "d00d" followed by some mostly incomprehinsible alpha-numeric gibberish and a complete blow0ff reminding me of the Pubes and Greys of Mid-World.

Ugh. (1, Funny)

Anonymous Coward | more than 11 years ago | (#4188561)

Why don't you both just do the RIAA's dirty-work for them?

No wonder geeks get beat up.

it's already poisonned by users (3, Insightful)

curseur (567725) | more than 11 years ago | (#4188566)

Because most users download files and never check them.
Really annoying especially with large files you've downloaded at 1kbps

d00d (0)

Anonymous Coward | more than 11 years ago | (#4188728)

You can view a partial of almost all file types, even AVI if you use VirtualDub.

Re:it's already poisonned by users (2)

garcia (6573) | more than 11 years ago | (#4188797)

I could never understand the LONG lists of available files which are not usable.

In addition, anyone using ATTBI should be forewarned that you should remove ANY and ALL movies from your shared folder on any P2P network. The MPAA is reporting violations to ATTBI's legal demands center and ATTBI *is* disabling users who violate rules.

I suggest the removal of all shared movies if you are on ANY ISP, but especially large cable modem networks.

yes, if... (-1)

Trolling Stones (587878) | more than 11 years ago | (#4188568)

they can make downloading the file you want difficult enough, that most users will give up and search out other methods, such as buying. Not that downloading will be impossible, but if I have to spend a week non-stop, constantly monitoring, just to download Zeppelin IV or the latest Destiny's Child video, it might be worth it to buy the album or record it off TV.

g to the oatse
c to the izzex
fo shizzle my nizzle Troll or Interesting?

Re:yes, if... (-1)

govtcheez (524087) | more than 11 years ago | (#4188642)

While this topic doesn't interest me in the least, I must give a hearty welcome back to you, good sir!

[Trolling Stones] In the words... (-1)

Anonymous Coward | more than 11 years ago | (#4188685)

of one of those hot japanese actresses on Iron Chef, "thank you, nice to be here. Hee hee!"

g to the oatse
c to the izzex
fo shizzle my nizzle I'm thinking of bringing back the lyrics quiz next week.

Poisoning is not possible (1, Interesting)

CreatorOfSmallTruths (579560) | more than 11 years ago | (#4188572)

By trying to deactivate part of the net you can't stop all of it.
For example , lets take a net of 2^n nodes, and lets say 80% of which have been poisoned ... the other 20% will still be able to resist the attack.
take, for example, IRC - splits will never kill it (while I am saying splits I really reffer to poisoning, ofcourse).
Another example is the iraqui internet during the golf war. it didn't came down. why ? because when using distributed networks (such as P2P and the net itself) the resistability is just plane great.

Credibility? (1, Flamebait)

PissingInTheWind (573929) | more than 11 years ago | (#4188579)

I outlined a few problems with the obvious solutions (moderation, etc.).

Are you trying to say, on Slashdot on top of all, that moderation could be a part of a solution?

Heretic!

Re:Credibility? (-1, Offtopic)

CreatorOfSmallTruths (579560) | more than 11 years ago | (#4188699)

Just got modded down to bad today. so I know what I am talking about.

moderation will not work .
first - all users will have to identify themselves and stick with that login - which is in essence exactly the opposite of what you would expect from an open p2p network.
second, how would you moderate? by framing something in moderation codes you practicly give the administration of your country a legal way of saying "mod the people who break the law down !!", in such case, who wants to use p2p in the first place ?

How about this (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4188580)

How long does it take a palestinian woman to make a bomb?

9 months!

Obvious technical solution take 2 (3, Interesting)

Kragg (300602) | more than 11 years ago | (#4188587)

Although this idea [checksums] works for newsgroups and some other centralized services, it does not with P2P. Basically, it comes down to the fact that you must trust whomever is actually doing the checksumming, or else they can just lie and publish false checksums. In the case of P2P networks, the checksumming is done by the same person you want to figure out if you can trust! As far as I know, this is an unresolvable problem.


So, um... how about this... If it's a standard file, such as, say, the deviance rip of neverwinter nights, or the new MPEG of Two Towers, then it should always have the same checksum.

Somebody somewhere needs to maintain a website with these checksums on. Then there's no dependence on the person who you're pulling the file from.

Obviously doesn't work for random porn videos (although it would for more popular ones... which might also tell you whether they're any good).

And there's nothing illegal about it.

Problems?

Re:Obvious technical solution take 2 (2)

Yarn (75) | more than 11 years ago | (#4188609)

Yes, but by the time you've downloaded it to check the checksum you've wasted n hours downloading trash.

Re:Obvious technical solution take 2 (2)

dattaway (3088) | more than 11 years ago | (#4188663)

Solution (difficulty level: easy :)

We can GPG sign each megabyte of the files to be downloaded. If the P2P clients downloading from the infected server raise enough red flags, the server can be voted off the island.

Re:Obvious technical solution take 2 (1)

sp00nfed (518619) | more than 11 years ago | (#4188612)

Only problem with that is that the actual "poison" client is doing the checksum, so they can just browse to the same website, and set that checksum as being the one to return.

Don't talk lame trash... (0, Flamebait)

Eric_Cartman_South_P (594330) | more than 11 years ago | (#4188644)

You say, Somebody somewhere needs to maintain a website with these checksums on.

I say you're talking lame trash, unless you host it on YOUR site. YOU be the victim of **IA lawsuits. Unless you post a link to a site where you plan to host such a wonderfull page, shut the f**k up.

On a more technical issue, you you really think different rips of the same movie will have the same checksum? What if one rip is one second longer or shorter? Or the ripping prog compreses it in a slightlt different way? bang... different checksums.

You need to read a little more "PC Magazine" before you can start posting such dribble.

Re:Don't talk lame trash... (0)

Anonymous Coward | more than 11 years ago | (#4188789)

The word is drivel and the flame was unwarranted. The idea has flaws, but at least he's thinking.

Re:Don't talk lame trash... (2)

moonbender (547943) | more than 11 years ago | (#4188805)

You obviously aren't very experienced in the whole warez scene thing. Not that I'd blame you, but the original poster knows more about it than you do from reading PC Magazine.
I say you're talking lame trash, unless you host it on YOUR site. YOU be the victim of **IA lawsuits. Unless you post a link to a site where you plan to host such a wonderfull page, shut the f**k up.
There already are plenty of these sites, others mention concrete examples. So far, they have not yet had a problem with the RIAA, perhabs because what they do (provice checksums, not files) is not illegal, perhabs because the RIAA does not yet consider them relevant.
However, in any case, it is way easier to spread checksums by various means - internet boards, email lists, usenet, IRC - than spreading the actual file. If the situation arises, and the P2P net is "poisoned" with invalid files (and invalid checksums) I'm sure it won't be hard to acquire the valid checksums and download the correct files. Of course, "poisoned" clients sending out fake files with wrong checksums will still be a problem.
On a more technical issue, you you really think different rips of the same movie will have the same checksum? What if one rip is one second longer or shorter? Or the ripping prog compreses it in a slightlt different way? bang... different checksums.
Why would there be different rips? Typically, each movie is released only once (by groups specialising in it), all other releases are "dupes" and are not do be distributed. The same is true for virtually any sub-category of the scene, such games ISO/RIP, utils and audio.

Re:Obvious technical solution take 2 (2, Informative)

Dooferlad (101535) | more than 11 years ago | (#4188654)

eDonkey 2000 / http://www.sharereactor.com do this. The eDonkey network works by using links (as in clickable on web pages) that contain MD4 sums of the file + file size to let users know about files on the network. It does have some searching capabilities but they are limited. This is persumably fixed in the new Overnet project the guy is doing.

The files are all downloaded in segments from multiple sources, and you sometimes get bad segments, but they are only a fraction of the total file size so you don't really care.

You just plain can't poison eDonkey / Overnet - it won't work. It is also the only network that I would be tempted to use to distribute real content since it is guaranteed that the user will get what you want them to.

Doesn't Sharezilla do this too? (2)

Ride-My-Rocket (96935) | more than 11 years ago | (#4188798)

I just started using it last week -- I think I remember something whereby each file has some type of key / checksum (I'm not too familiar with the nuances of encryption)........... but I could be wrong.

Re:Obvious technical solution take 2 (0)

Anonymous Coward | more than 11 years ago | (#4188703)


At the risk of site pimping, there are already several sites which do checksum's and provide a rating system for various types of files, for example:

www.sharereactor.com

Re:Obvious technical solution take 2 (1, Insightful)

Anonymous Coward | more than 11 years ago | (#4188793)

What if each good file is tagged with text to the effect of:

The RIAA hereby places any and all performances of this song in the public domain.

Obviously, since it didn't come from the RIAA, is has absolutely no validity. But the RIAA would not be able to put this on a file without giving away the music.

Re:Obvious technical solution take 2 (1)

jackb_guppy (204733) | more than 11 years ago | (#4188820)

Check Sum are not a good way to validate if some thing is valid.

For each Check Sum value - N number of files different files will have the same Check Sum.

If we take the LRC (XOR) : adding nulls or pairs of characters (two 2's or 3's) will change a file and leave the Check Sum alone.

If we take the CRC (long division): adding leading nulls or adding binary adding the file to itself will result in the same CRC.

Check Sums can act as a "finger print" so you have a good idea if it is right, but you will never be sure until an outside (out of band) test is made -- one ears.

This won't work. (0)

Anonymous Coward | more than 11 years ago | (#4188590)

Why won't it work, you ask? If someone sent me a fake file, I would just delete it and grab another one. I think that is one factor (or side effect) about P2P networks that they didn't consider--each node in the network is not only self organizing, it also monitors and controls its own content. They can flood the netwok with as many fake files as they want, and while the P2P network nodes won't be able to tell whether those files are fake or not, the people that run those nodes will.

Checksumming can work (3, Informative)

Pedrito (94783) | more than 11 years ago | (#4188591)

I disagree with your suggestion that checksums can't work. A way they could work is as follows.

Create a website with logins for the users. Users of this web site can create lists of checksum for the files they create or have downloaded and verified as valid.

Other users can check any given user's list, and perhaps even post comments about the user's list, a form of moderation, if you will.

The validity of any single file on any random user's list would certainly be questionable, but some lists would become "trusted" by the community through trial and error. Others would be recognized as bogus and ignored.

Just a thought. Give me more than a few minutes and I might be able to come up with a better one.

Re:Checksumming can work (2)

anonymous loser (58627) | more than 11 years ago | (#4188659)

This is exactly what is addressed in the second part of his answer to this question in the FAQ:
Another idea that is often proposed is moderation, specifically "webs of trust." That is, people keep lists of people they trust, and then they implicitly trust (often with diminishing degree) the people they trust, and so on. In the context of P2P, the each user would then receive a "trust rating," reflecting the number of people that trust them. However, this can also be defeated fairly easily, by creating groups of malicious users that trust each other - then, untrustworthy users may have high scores leading to problems in the future. This kind of fraud has happened on eBay, where people give themselves recommendations to mislead future partners.

Re:Checksumming can work (1)

Kakarat (595386) | more than 11 years ago | (#4188717)

If you created a website for the users to login to, it wouldn't be P2P.

Re:Checksumming can work (0)

Anonymous Coward | more than 11 years ago | (#4188751)

A checksum is useful because it allows a person to decide whether a file is valid before downloading. What's to prevent the poisoner from spoofing the checksum by taking the correct checksum from this supposed website?

Re:Checksumming can work (1)

Graspee_Leemoor (302316) | more than 11 years ago | (#4188817)

"What's to prevent the poisoner from spoofing the checksum by taking the correct checksum from this supposed website?"

Do you mean writing a p2p client that allows you to send whatever hash you want for a file (which is not *too* difficult), or creating a fake file which has the same hash as a genuine file ?

This last is referred to a searching for a hash collision. It is, needless to say, very time-consuming. Maybe with MD4 and faster computers it could be done fairly quickly, but any thing longer in a hash and your search time goes way up.

Believe me- I have my computer searching for MD4 hash collisions (for, erm. some reason) and it takes a very very very long time.

graspee

Re:Checksumming can work (1)

Blowit (415131) | more than 11 years ago | (#4188825)

Sure this could work in conjunction with voting (AFTER the file is downloaded) so this would help strengthen the servers who are storing the same checksum files. However, the voting would have to be regulated in a way that would ensure that it is not being biased to one particular user. The data would all be passed and stored on each supernode to help maintain the integrity of the network and the good/bad servers. However, you will NOT see the rating of the server directly.

hey a guy who's a little too stuck on himself (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#4188593)

so he submits his own work to Slashdot.."Look at me! see what i did! I'm so smart!"

What a surprise..Linux geeks with big egos...!

Depends how the poisoning is done... (1)

sp00nfed (518619) | more than 11 years ago | (#4188597)

If for example, the company/person poisoning the p2p network was going for an "extreme" kind of attack, they could have their client respond to all searches with a filename that looks similar to the one searched for. This would make p2p networks a pain when their are legitimate uses for them. If they were just going to spam song names/artists with false files, then it would make it kinda hard to download songs. p2p networks are however an awesome source of advertising, so if I like a song that I download I'll download another couple and if I like them also I'll buy said artist's cd. Of course, if I get frustrated with downloading said artist's cd I'd probably just not bother. It seems to me that record companies in particular like to waste money to destroy something that IMO increases sales.

Re:Depends how the poisoning is done... (1)

Kylow (581998) | more than 11 years ago | (#4188700)

Yea, I hear it all the time. Everyone buys the CD's of the songs they snag on p2p. I've heard this a million times and I still don't buy it. I'm assuming you delete the songs you don't like? So how many mp3's are on your hard drive? 100? 300? 10,000? Are you saying that you have the CD's for all of those mp3's? I don't believe it for a second.

The simple fact of the matter is that many people are downloading music they would otherwise buy, particularly when there's only 2 or 3 songs on a CD that they'd like. I download music off p2p, but I don't make any illusions to myself about the legality of it. When I download music on p2p, I know that I'm stealing, and I do it anyway. Unethical? Perhaps. But at least I don't have any delusions that I'm in the right.

Re:Depends how the poisoning is done... (0)

Anonymous Coward | more than 11 years ago | (#4188788)

Unless they're downloading music that the aren't able to buy, ie obscurities, out of print mp3's, etc.

Which is what I use p2p for, myself (and it's gotten harder to get anything which isn't brittany since napster, I'll note).

s/that the/that they/g (0)

Anonymous Coward | more than 11 years ago | (#4188806)

anyways...

What about IRC?

Re:Depends how the poisoning is done... (1)

Kylow (581998) | more than 11 years ago | (#4188814)

This is the one ethical use for p2p music sharing, imho. I download Ben Folds concert .mp3's, and other Ben stuff that was only released in Japan and other places.

Re:Depends how the poisoning is done... (1)

sp00nfed (518619) | more than 11 years ago | (#4188803)

Heh. I have about 1700 mp3's... I have about ~60-70cd's.

Most of the mp3's I have been ripped off a cd. In saying that, I do download a fair few mp3's off of p2p networks, the only reason that stops me buying their cd is that I only like that song from their album.

I actually need to go through and deleted a ton of crud mp3's off my hard drive. On average my xmms/winamp playlists are about ~50-60 songs... I may have a load of mp3's but most I don't listen to regularly enough to warrant buying an album (I only pull em out every so often when I'm in a funny mood).

I do buy cd's just the other week I bought A$200 worth (that week's pay packet) of cd's. 8 cd's for $200. I have put 6 of those into my "don't listen regularly" box. I bought 3 cd's that I had downloaded songs from the net of, 2 of those are kept in my collection. The other 6 weren't worth my hard earned dollars.

Re:Depends how the poisoning is done... (0)

Anonymous Coward | more than 11 years ago | (#4188810)

So you know you're stealing and you know it might be unethical. And you do it anyhow.


It's called "sociopathy". It's not better than deluding yourself, either.

Re:Depends how the poisoning is done... (1)

Kylow (581998) | more than 11 years ago | (#4188838)

If that's how you'd like to define sociopathy, everyone's a little sociopathic. Who hasn't driven 5 miles over the speed limit EVERY DAY of their life?

To borrow a phrase from Microsoft... (1)

TheConfusedOne (442158) | more than 11 years ago | (#4188619)

TRUSTED Peer to TRUSTED Peer computing.

Granted this will mean a slower growth in a P2P network, but it may be easier to defend file sharing when you are actually only sharing files with your friends and relations.

Re:To borrow a phrase from Microsoft... (1)

tiedyejeremy (559815) | more than 11 years ago | (#4188733)

I see TP2TP and thin "TP" or toilet paper.

Curious.. (-1, Offtopic)

dark3r (14184) | more than 11 years ago | (#4188620)

I wonder how much Valenti cock they'll be slobbing once they get hired by the RIAA?

Always a way (5, Insightful)

Lumpy (12016) | more than 11 years ago | (#4188625)

Most of us who have been on P2P looking for files have been used to the fact that a large number of users are misconfigured (their firewall blocks your incoming request but heppily tells you they have the file you want) or are trading crap quality files. At that point you resort to brue force and using a bot to just grab everything it can to a large holding drive... a 40gig ide is dirt cheap and can easily hold the results of running a bot searching for "radiohead mp3" and grabbing EVERYTHING it finds over the course of about 3 days. but then you have to manually go in and delete all the crud, cruft and garbage. It's still faster than the old days of IRC trading but the signal to noise ratio has always been really bad.

Granted poisining it can start to drive away the gimmie-gimmie crowd or the newbies.. but the hardcore and old-timers will stay and simply find a way around it. Hell a group of about 100 of us now have our own private open nap network going and we have only high quality known good files. any clients connecting not sharing or sharing crap are instantly banned/blackballed... so we do the moderation thing.. with a side requirement that you must be asked to join and prove your worthyness to us. Maybe that will be the direction P2P will go... back to the roots of IRC where you had to prove your worthyness, ratios were encforced, and real people made decisions to keep out the troublemakers...(RIAA) granted you dont get 30 bajillion users that way, but then you dont have to spend a night and 10 gig trying to find that song or file you want.

Re:Always a way (3, Insightful)

warpSpeed (67927) | more than 11 years ago | (#4188698)

Hell a group of about 100 of us now have our own private open nap network going and we have only high quality known good files.

You hit upon a good theme here. To counter act the problems, the signal to noise ratio, poisoning, etc, users will have to PUT MORE EFFORT into downloading warz, and MP3s. The P2P networks will thrive, but you will not have as much of the global swap fests, and free warz that you can get now. The most the people poisining the P2P world can hope for is to increase the level of effort required to use P2P effectivly. And along the way they will create some stonger social ties between the users. Ultimately they will end up strenthening the whole P2P movement...

Re:Always a way (2, Insightful)

wa1rus (605203) | more than 11 years ago | (#4188711)

Granted poisining it can start to drive away the gimmie-gimmie crowd

To be fair though, that's pretty much the point, isn't it.

I agree and always have, but.... (3, Insightful)

FallLine (12211) | more than 11 years ago | (#4188796)

If this is what people are forced to do to achieve Napster-like results, then RIAA et. al have basically won all that they set out to achieve. By raising the bar high enough and by forcing higher transaction costs on the users, industry effectively shuts internet piracy out for 99.9% of the population. Of course people like me, that 1% or whatever it is, will always be able to circumvent whatever they throw in my path (presuming that I'm willing and wanting to do so of course). However, that number is so small that they really would not bother spending much effort to enforce from a simple cost / benefit point of view. Why spend millions in legal and related fees to track down a group of consumers that only account for half that amount? They won't bother, like they didn't really before Napster came along.

In fact, I would further argue, against the conventional wisdom on slashdot, that RIAA has basically won the war against P2P and other forms of mass piracy. At least once they shut out networks such as Fasttrack, and let it be known that there will no financial return for those that fund the development of piracy networks. Certainly the average Schmoe can download that super popular song via GNUtella with some effort, but getting much more than that like, say, the entire album at decent quality from same artist, is like trying to extract blood from a rock. That is not to say that they will retire their guns, but rather that it will just be an on-going series of small battles, more like maintenance, to hammer down any network, system, or device that pops up and starts to hemmorage their intellectual property.

IP address block banning (2)

oliverthered (187439) | more than 11 years ago | (#4188626)

Why not block all IP's in RIAA/MPAA IP ranges and any ranges that are putting crap onto the network.

Re:IP address block banning (3, Funny)

Ubi_NL (313657) | more than 11 years ago | (#4188683)

what if the they take a few AOL accounts to do the poisoning: mind you that these have flexible IP adresses. Therefore you have to block all of AOL, which is A-OK by the RIAA I suppose...

Or you could not live in the US and have no problem

Re:IP address block banning (2)

psavo (162634) | more than 11 years ago | (#4188712)

Therefore you have to block all of AOL, which is A-OK by the RIAA I suppose...

That would be nice to see, RIAA sat on by AOL.. cos ultimately that would be a breach of AOL's terms of usage.

Re:IP address block banning (0)

Anonymous Coward | more than 11 years ago | (#4188787)

Yeah, because AOL-TIME WARNER would never be against p2p usage!

Re:IP address block banning (1)

oliverthered (187439) | more than 11 years ago | (#4188722)

Well the RIAA would probably be breaking AOL's T's & C's(not that AOL/TimeWarner wouldn't help!) so we could target them individually.

Some comments on the conclusions... (3, Insightful)

decarelbitter (559973) | more than 11 years ago | (#4188628)

From the webpage:
In particular, our analysis of the model leads to four potential strategies, which can be used in conjunction:
1. Randomly selecting and litigating against users engaging in piracy
This seems to be the option which involves the least technological action. However, randomly wouldn't work, if it were only because the P2P users don't all live in the same country, hence different laws apply. So some sort of not-so-random selection proces has to be implemented.

2. Creating fake users that carry (incorrectly named or damaged files)
Modern P2P programs support downloading files from multiple sources. If someone downloads such a fake file and discovers it, the file will almost always be deleted. So, these files will not propagate through the network, or at least not as fast and as much as the correct files. So a search where one file can be downloaded from many sources is in this case preferable before one with not many nodes serving the same file.

3. Broadcasting fake queries in order to degrade network performance
Now this is an interesting thing. The makers of the P2P programs who are being targeted by fake queries could ban such users, or could build in a feature where the user of a P2P program can ban a host his/herself, so that it will be excluded in further searches.

4. Selectively targeting litigation against the small percentage of users that carry the majority of the files
Some users carry gigs and gigs of files, but that doesn't mean they're very popular. If I setup a server where I host my 20CD collection of Mozart works I'll probably won't get as much traffic as when I publish the Billboard 100. It's not the quantity, but the content of the files served that counts. Search for Britney and you'll receive 1000's of hits. Search for Planisphere and a lot less results will show up.

Nevertheless it's a good paper.

GPG signatures and web of trust (5, Insightful)

FreeUser (11483) | more than 11 years ago | (#4188643)

The answer is quite simple, and would be very difficult for the sabateurs to subvert.

GPG signatures (which BTW include a checksum) of content, with said signatures refering to an online alias rather than a real person (thereby maintaining anonymouty).

A web of trust is formed, in which HollywoodDude is known and trusted, and has signed RipperGod's key, who in turn has signed FairUsers key, and so forth.

Provide a separate way of obtaining the keys (e.g. multiple independent websites, multiple independent keyservers, and so forth), and people can simply filter out anything submitted by untrusted users. If something submitted by someone outside of the trust ring, and someone who is trusted sees the item and determines that it is worthwhile/good/whatever and not a decoy, they could sign the item themselves.

Gaining trust would of course take time, probably requiring many worthwile submissions, but that is true in real life anyway, so why should it be any different online.

If someone violates their trusted status (or their private key is stolen, which BTW would be a violation of the law), others in the ring of trust could revoke their trusted access and blacklist their signature.

It isn't as convinient as just being able to share something with little or no thought, but it is emminently doable, and there really is no straightforward way to undermine such an approach.

Re:GPG signatures and web of trust (-1)

trollercoaster (250101) | more than 11 years ago | (#4188724)


You, sir, are a terrorist.

Re:GPG signatures and web of trust (1)

Kylow (581998) | more than 11 years ago | (#4188750)

You're overthinking it. When mp3 trading was only prevalent in the seedy underworld of the internet (newsgroups, IRC) the RIAA paid little attention. When it became easy for regular Joe AOL to download (Napster), the RIAA became quickly concerned. That people will ALWAYS trade mp3's is not a question. The RIAA appears to be more concerned about everyday people trading files. Resorting to signatures is a step back, and progress for the RIAA.

faked hashes (3, Interesting)

vurtigo (605110) | more than 11 years ago | (#4188647)

The problem faked hashes can be addressed using trees of checksums rather than just a simple checksum although a workable implementation would require embedding into the P2P protocol.

The idea is you break the file up into smallish sized blocks (100k or so) and generate a hash for each one of these. For each 8 first level hashes, you feed them into a crypto hash function to generate a second level hash. For each 8 second level hashes... you generate a third level hash. This allows a continuous (per 100k blocks) proof that the content is valid... The size of the proof grows with the log of the content so it is not much of a problem.

Tree Hash EXchange (THEX) (2)

Orasis (23315) | more than 11 years ago | (#4188749)

The crew at the Open Content Network [open-content.net] have released a specification for serializing hash trees. The specification is called the Tree Hash EXchange (THEX) [open-content.net] and is being implmented in both the Open Content Network and Gnutella. Furthermore, this specification is compatible with the TigerTree hashes used for Bitzi [bitzi.com] .

They Don't Need to Poison P2P (5, Insightful)

Anonymous Coward | more than 11 years ago | (#4188652)

The RIAA/MPAA don't need to poison P2P networks. Nor do they need to use lawsuits and the threat of DMCA. The easiest, best way to stop illegal sharing of copyrighted materials is to provide a legal, reasonably priced electronic distribution alternative.

Really. Most users, given the choice, will pick the "honest" legal way to get their music and videos. Will there still be pirates? Of course, but you can never stop them and, heck, you're not losing money on them anyway. They wouldn't spend the money on the music.

Treat honest customers as honest, embrace new distribution methods. The problems go away. Think of the cost savings: they wouldn't have to buy any more senators.

Re:They Don't Need to Poison P2P (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4188737)

haha you are a funny guy

Re:They Don't Need to Poison P2P (1)

tiedyejeremy (559815) | more than 11 years ago | (#4188762)

I downloaded the audio version of Stephen King's book "Talisman" from usenet in mp3 format last week. I was at Half-Price Books on Sunday, and though I already had all the downloaded files, I bought the the mp3 version of the book because the price was only $18. If the record companies could see this they might understand. I would never shell out $49.95 for lossy mp3 files, but would pay $18. Because the used market is the only place one will find this type of pricing, the distributors will not see these sales, but if they lowered their prices, I would not jack with the trust issues of usenet.

Re:They Don't Need to Poison P2P (1)

Kylow (581998) | more than 11 years ago | (#4188768)

This is really the best idea for stopping illegal file sharing. I think the reason they're hesitant to do this is because you can't sell an .mp3 for as much as a CD. I know that I value a CD more than an .mp3, but I still download .mp3's because CD's are too cost-prohibitive. If I want 8 songs from 5 different artists, I'd pay at least 60 dollars. That's entirely too much. There is no middle ground, so instead I download all 8 for free.

So if I try to download the latest.. (4, Funny)

Anonymous Coward | more than 11 years ago | (#4188655)

tune, I may end up with somthing thats bland, repetitive and annoying.

And, pray tell, how am I supposed to know the difference?

trusted peers (0)

Anonymous Coward | more than 11 years ago | (#4188672)

I'm curious. Advogato claims that their trust metric is robust against a concerted attack of malicious users - how does that compare to the paper's conclusion about a trust network? Or is it a matter of scaling?

Why the hell do you give ideas to the RIAA? [n/t] (1)

Glog (303500) | more than 11 years ago | (#4188682)

Aagh!

Re:Why the hell do you give ideas to the RIAA? [n/ (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4188694)

A-Fucking-Men, brother.

Simple! (5, Funny)

Eric_Cartman_South_P (594330) | more than 11 years ago | (#4188689)

Everyone posting a real song should name it beggining with, "RIAA sucks, fair use is good, and Disney love$ politicin$". They would never want to spread such text, so every song name beggining with the text simply MUST be real.

In Other News... (1, Offtopic)

lildogie (54998) | more than 11 years ago | (#4188691)

"Can moderation on Slashdot really work? Internot Publishing 2.0 stole my research paper about Slashdot and wrote an article about it. In my paper, I argue that CowboyNeal may have an inherent "tipping point" that can be triggered without modding-down 100% of the trolls on the network, using a model borrowed from biological systems. For those who think they have a technical solution to the problem, I modded-up a few problems with the obvious solutions (karma-whoring, etc.)."

Shameless plug... (1, Interesting)

CoderByBirth (585951) | more than 11 years ago | (#4188695)

I'm currently in the process of designing a opensource Peer-to-Peer network which will take care of some of these issues.
The network will be a semi-server-centered with a design similar to the NeoModus Direct Connect network.
The basic new idea is to reward users who share information by giving them more access to the network.
Hopefully this will make the network somewhat self-moderating since users sharing undesirable content will not rise in network status.

As I said, the project is still in the design-phase with a preliminary protocol spec just finished.
If you would like more details or contribute to the project, visit:
Bitpeddler project page [sourceforge.net]
or
Bitpeddler homepage (with design/protocol spec) [sourceforge.net]

Trust webs (2)

nuggz (69912) | more than 11 years ago | (#4188697)

I think webs of trust are a good idea.
Poisoning such a web could prove difficult. I trust personal friends highly, the aren't a poisoning group.
People I or they don't know well won't get a high trust rating, and would be suspected if they were poisoning the group.

I think slashdot type moderation works well too, combined with a decent sized web of trust should be a pretty stable system

GNUNet (1)

gclef (96311) | more than 11 years ago | (#4188725)

GNUNet [gnu.org] is way ahead of you.

To quote their summary: "GNUnet is an anonymous, distributed, reputation-based network." It's the reputation part that should cover poisoning pretty well (the anonymous part is pretty cool, too).

Yeah, the code is pretty much still at the Alpha stage, but if you want to help....it's gnu code after all.....

Flawed analogy (1)

skippy5066 (563917) | more than 11 years ago | (#4188746)

I hope their professors pointed this out...it's one thing to poison the habitat of a creature to kill it off. There's a very real consequence to this - the creature dies. With P2P networks, nobody dies, they look for another copy of the file to download. Not rocket science. Not even really a deterrent.

P2P networks have always had a certain percentage of bogus files. People wanting to be the first to upload the newest shooter, the newest album, the newest app sometimes make a bogus image and upload it. Sometimes people make crappy rips of songs, and don't bother to check them. Big deal. People who obtain files in this fashion usually know ahead of time that the file might not be what it says it is, or might be a bad quality rip, or whatever. They delete it if it's bad, and move on.

The other thing P2P networks have going for them is perserverence on the part of the user. People who want to get stuff for FREE will put up with a couple of false downloads. Dead fish can't do that...;)

-Jeff

From the article... (2)

Fizzlewhiff (256410) | more than 11 years ago | (#4188748)

Flooding a network with spoofed files would drive users to more reliable music sources -- like the labels' own online sites.

The problem is the labels don't have their own online sites. Sooner or later (its bound to happen) the labels are gonna hire some college grads who grew up on sharing and understand the problem. Maybe then a compromise will be reached.

Tipping Point (1)

weatherbee (525519) | more than 11 years ago | (#4188769)

P2P networks may have an inherent "tipping point"

And so they run around, giving tips to the servers.

just be smart (1)

gralem (45862) | more than 11 years ago | (#4188791)

Even without p2p attacks from idiots like the RIAA, there are always problems using p2p networks. Try to dl a 600MB cd image. There are lots of times you can get a nearly 600MB file, but it's not all there so you waste a cd burn. It can be very difficult to tell before you dl if it's a good file. You just move on and find the right file eventually.

Most of the stuff the RIAA will try to attack are the latest Brittany Spears/'NSYnc albums, which I don't want anyway. They aren't going to waste time ruining obscure bands/out-of-date music, so you can dl all you want.

The only people who it hurts are the people who don't know what to look for when they're dl-ing anyway, or the poeple who want ONLY the most popular stuff (instead of the good stuff out there). I think the smart people can easily stay 15 steps ahead of the RIA

---gralem

I'm Confused (0)

Anonymous Coward | more than 11 years ago | (#4188799)

So, this guy wrote a paper and had it discussed on Slashdot. Now, Business 2.0 is printing a story about it and that means it should be discussed on Slashdot again? Is there anything new to this since the last time it was on Slashdot, or are we just carting it out one more time?

Not really working... (3, Insightful)

Kjella (173770) | more than 11 years ago | (#4188801)

Checksumming - no good. Any program could pretend to have the right checksum, but send false data. No point in figuring out *afterwards* the download is corrupt.

Webs of trust - hardly. Imagine a network of antis giving eachother good reviews, they'd certainly be better off than someone without any reviews at all. It's very *unlikely* that the one you're P2P'ing with has a trust chain you accept.

"Database" of who are good traders and not - Fake databases would screw that, you wouldn't know which ones to trust as you have no central server. The problem is that if there's to be any real P2P exchange happening, it's usually *strangers* meeting.

My friends could do a web of trust or a database, but then we'd much more likely to setup some mutual leech ftp servers instead and skip the entire P2P-networks.

Kjella

Are they THAT blind? (1)

E-Rock-23 (470500) | more than 11 years ago | (#4188818)

I love it. The RIAA, MPAA, and other such entities are frumping over these P2P networks like KaZaA, Morpheus, the now-defunct Napster, Gorkster, etc. Meanwhile, the TRUE geeks are still trading away, right under their noses. The high profile nature of the P2P clients is giving us some GREAT cover! I'd like to personally thank them all for sucking the attention of the "super media conglomerates" away from us and our happiness.

Here. I'll even spell it out for you, but I'll encode it. Care to try and break this code? It's totally stupid simple, even a child could figure it out. When decoded, it tells you exactly how we do it. Good luck, and may the force be with you.

(1,2,5)(1,3,14)(2,4,52)

Face it: there is absolutely no way to stop P2P file trading unless you turn America into China and fear monger to keep us in line. And there's no way the American people will let that happen.

Oh, by the way. Wouldn't the RIAA (which is made up of many recording companies) be considered a kind of monopoly? When you get right down to it, what you have is a good majority of corporations working together to impose their collective will. There's no choice in the matter, it's their way or the highway. Isn't that anti-competitive? They're guilty of at least one thing: Price Gouging. They try to sell us CDs with minimal amounts of data for $15-20, when we can all go out and get a blank for around 20 cents a pop if you shop right.

The only reason they sign artists in the first place is to control that particular flow of data. The artist gets a minimal fee, and the record companies sit back and collect the profits. What wee need is an IRIAA, the first I being Independant. Once artists jump on the bandwagon and start releasing their own material (thanks to MP3, OGG, or whatever format they choose, on CD or over the Net), then they can leverage out the RIAA's member companies.

how to solve the file verification problem (1)

namenick (190594) | more than 11 years ago | (#4188843)

it won't solve the legality problem, but here's a simple solution to the file test problem. it's obvious, really.

wrt checksums, i agree you can't really trust the person you're trying to donwload from. however, you have partially seen a solution with judges, you just haven't gone far enough with the idea.

consider a new kind of P2P ... dual channel.

channel A = b/w for transfer of files.

channel B = judge traffic.

now consider three machines, X, Y, and Z. X wants to get a file from Y, but wants to be sure the file Y is sending isn't hacked in some way. so X randomly picks a new machine, Z, and asks Z if it believes Y has an authentic copy. X thinks the answer is 'yes' (default) since it has no information about the machine Y. Z also has no information about Y, so it says yes as well with non-authoritarian response (default).

now there are two cases. Y sends a valid file, or Y doesn't.

case 1: Y sends a valid file. X receives the file into the queue "untested". when X checks the file, the file is either marked Valid or Invalid. on a Valid, X notifies Z that the file was correct, and everything is ok. X and Z now have hard data and can provide an authoritarian response to any queries about machine Y.

case 2: Y sends a bogus file. repeat scenario, but notify fake. now X and Z know that Y is sending fake files.

how does this solve the problem? obviously, you begin to propagate truth through the system. machines that can't be trusted don't get traffic. you can obviously increase the number of machines in the discussion(s) for judging and broadcasting results.

to avoid spoofing the judge channel, no "notify" events of a judge result can take place without a corresponding query first. spurious 'valid' postings are tossed, and perhaps chalked up as hard evidence of a rogue system and hence untrustworthy.

this scheme works, but has one weakness: multiple machines can directly target the P2P network. here, RIAA machine A and B work in tandem. for every x in P2Pnet, A queries x about B, then A sends to x that B is good.

while this is a valid weakness, it's also a _short-lived_ weakness. by factoring in negative results at a higher weight, and keeping a history for some amount of time T, it becomes clear that negative feedback from bad files at certain machines will push through the network.

if a negative event has 3x the weight of a positive event, then these deliberate attacks can only succeed for a short period until sufficient negative feedback is in the network. by making T large enough, those machines involved in the rogue entries will be denied from further efforts (since it's IP based, not name based).

anyone see any weaknesses with this idea?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...