But I already posted a way to do this more than once, and a quite simple one to give us all the anonymity, which we need (without making the IP impossible to find out, only much harder, so things like childporn etc. can still be traced _with much effort_ by the police).
This is what I posted in the GDF (Gnutella Developement Forum) on 29. Februrary 2004:
Quote:
I realize there is far too little activity towards protecting the
identity of users in the Gnutella-Network, maybe due to some feelings,
that users shouldn't share copyrighted material, or due to something
else entirely.
Whatever the cause: This is a very bad situation. In a time, where
Users are afraid to share anything, for fear of being sued, Gnutella
could very easily become their safe port, failure to do so will simply
take away the sources from the Network.
The popularity of MUTE is just one indicator, that Users feel
threatened and want to have a way to protect themselves. Gnutella could
give it to them and gain back quite a bit of popularity, which would in
turn increase the number of files avaible.
To secure and anonymize Gnutella we need but three steps:
- No direct downloads (use push, push-proxy or download proxy for all
downloads, don't advertise your own IP in query replies and the
download mesh, but only those of your proxies/UPs; Don't use the Global
GUID for identifying at your proxies, but an ID, which changes with
every restart of the program)
- End-to-end encryption of file transfers (advertise encryption-method
in headers to allow for future changes).
- Never share complete files, when you have more than 6 working
alt-locs (only upload either the first two thirds or the last, the other
third the clients needs to download from another alt-loc. This will
disrupt the suings for sharing, because thhey can no longer prove, that
you really shared the whole file)
Call it SGNet: Secure Gnutella Network. The encryption makes the
difference.
This would double the bandwidth needed per download, but having far
more sources (not to forget: more Users) might easily turn this upside
down.
|
This wouldn't give complete anonymity, but enough to avoid being sued. This is very acute for me, because I am being sued at the moment, and I don't want that to happen to others.
Uploading only 2/3rds of a file isn't exactly necessary, but surely useful. You just have to be careful, that not everyone uploads only the same 2/3rds
Instead of having an ID change with every restart, you could use a different ID for every UP and Proxy. That way you would act as several distinct sources, but as soon as people begin downloading from you, they would see, that many of those are busy, as they already download from them. Means: Many routes to one and the same file, but almost no chance to prove, that all of those belong to one host/source.
PS: Don't say now "MUTE isn't really anonymous". Important is not, if MUTE is anonymous, but that Users, many Users want to be safe from being sued!