BearShare 3.0.0 has a Secure Channels feature that makes it impossible for companies to snoop on your shared files and cause exactly this kind of problem (among other things).

Hey Vinnie, that sounds amazing! Where can I get more info about these Secure Channels?

was that sarcasm?

no it was not. honestly! sorry i'm not a frequent visitor of bearshare.net, any links to more specific information about that feature would be greatly appreciated.

This is not quite what I've expected.

First, it's not a technical solution but a legal one. whatever authorization methods are used, I'm sure they can be circumvented. the authorization handshake can be logged, if there's a digital key inside the servent it can be extracted, and will sooner or later.

Second, it only works because bearshare uses closed code. this is no offense against closed source products, but i'm sorry that it is not a possible solution for open source servents.

Third: You can choose to receive all query replies, downloads and uploads only from other BearShare clients?? did i understand that correctly??? the word blackhole is known to you, isn't it??? man, you're really provoking the next flamewar...the only reason why those anti-clustering folks are silent now is because they were told that clustering is not a bad thing as long as the servents respond to queries from outside the cluster...if this feature was enabled by all of your users gnutella would be only one last tiny step away from a private bearshare network: stop connecting the cluster to the gnutella environment, for it is not interested in their messages anyway...i took it for mere conspiration theory, but i get the impression that you are really moving in that direction, one step with every major release. do you want that? i thought you didn't...

I really don't want that, but I don't see an alternative. If you look at LimeWire's host graph, there has been a sharp increase in the rate of decline of the network size. It started about 3 weeks ago, and it coincides with reports of an increase in fake query hits and download troubles.

There was also a recent paper that shows that all it takes is a small decimation of a population in order to cause a catastrophe. In Gnutella's case, targeting less than 1% of the high-volume servents sharing files can cause a mass exodus of users from the network.

Therefore, the choice is in the hands of the users.

Notice that FastTrack, AudioGalaxy, iMesh, et. al. all have proprietary networks and they have the highest download success rate and best search results.

And no, Secure Channels authentication features are not vulnerable to a replay attack.

And even if they break the key, we have facilities for rotating the key schedule from an external source using special messages which are digitally signed. The method used to rotate the key schedule is such that a client has no knowledge of the "next" key in the rotation until a piece of a secret share (Shamir's secret sharing algorithm) is retrieved.

Besides, reverse engineering is a violation of the DMCA, and no legitimate company that receives venture capital would dare to do such a thing - they have too much to lose.

Comments welcome.

I was silent because nobody did really care (especially developers which gave me a troll rating), not that I was convinced clustering from those commercial vendors has a non-harming effect on Gnutella. I see Bearshare's politics getting worse and the marketing "arguments" more ridiculous.

PS: Reverse engineering is not forbidden in Europe.

But its forbidden in the EULA.

For e.g. german law (european law too?) an EULA on install time does not care, it's void. I'm no lawyer, at least it can not limit basic rights, free speech or reverse engineering are some.

Btw, for an application that mainly is used to copy/hurt DMCA protected material, an EULA building on DMCA is a funny thingie. Oops, I shouldn't have mentioned this....

I said ONLY time will tell who is right... now I see I was right, after Vinnie confirmed his future split!

@ Vinnie

And now what next? Will you use Gnutella as a leeching pool, or will you be "fair" and leave the net?

Morgwen