I understand your point doug b but are you shure there isn't any way we could be safe maybe that's what is being suggested... all I hope is that limewire doesn't have fake options that won't work cause this sucks for all of us cause we might take risks we would not take without these options.
arne_bab I feel very sorry about what happened I hope it'll turn out allright. now this is starting to be a very big problem those money grubing(I need a dictionary don't I?) music industries are only interested in getting their money for this I believe that the software engeneers of the gnutella network and programs need to make safety settings to protect it's users

i agree limewire needs some privacy features

I'm not a law connaisseur, but I'm thinking, isn't it true that it's not how much you share but what you share that makes the difference? While sharing 1000000 files would earn you some RIAA or other similar organisation's interest, if they're all either non-copyrighted material (maybe .mp3s of your own renditions of songs) or legal material then you should be ok. On the other hand, if you share 2 files and one of them is a video of the President in a *ahem* "private" meeting, then you can be almost sure that the even the FBI might be looking for your a$$.
(Remember, I'm only speculating here, k?)
If all of this is true, wouldn't just removing the files most susceptible of getting you sued from your Shared folder(s) as they come in, be enough to make you seem less "outlaw"?
Now, I understand that, depending on the point of view, doing that is or isn't good for the Network (some might see it as less files for the network, while others might think that less trash will be shared), but, again, I'm just talking (or, more fittingly, writting) here. And again, I don't know squat about laws.

__________________
iMac G4 OSX 10.3.9
RAM 256MB
LW 4.10.5 Basic
ADSL anything from 3 to 8Mbps/around 1024kbps

"Raise your can of Beer on high
And seal your fate forever
Our best years have passed us by
The Golden Age Of Leather"
-Blue Öyster Cult-

I think that'd be a pretty good tip
now we just need to know what they are looking for.....

Yet again, if any of this is true (please, if someone knows if it is or isn't then come say it. We need some things clarified here), I would think that among their primary targets would be the latest movies. Someone mentioned that he recieved a call and they told him that they knew he had a copy of a recent movie: he was told that he had to erase it and destroy all copies of it and stuff like that. So, most probably, if you got into P2P to get the most recent movies for free in the first place, then your chances of recieving a call like that should go up tenfold.

__________________
iMac G4 OSX 10.3.9
RAM 256MB
LW 4.10.5 Basic
ADSL anything from 3 to 8Mbps/around 1024kbps

"Raise your can of Beer on high
And seal your fate forever
Our best years have passed us by
The Golden Age Of Leather"
-Blue Öyster Cult-

Folks face it, sharing copyrighted material for what you have not the copy right is most likely not allowed in countries where we're living (EU, North America, Japan etc). In some countries the lawyers differentiate between downloading and uploading, some have no copyright laws, other have a copyright laws but sharing is allowed or they don't care due to other (more important -- e.g. social or economic) problems or or or... It is foolish to believe there are share quotas or whatever where you get caught or not. Accept the risk (after making a personal risk analysis and don't be whiny if you get caught) or just don't share copyrighted material!

In this spirit, if I would be in Myanmar I would say "RIAA: kiss my shiny metal ***" and would turn on the acoustic coupler.

What I believe the proposed "secure" network arne_bab speaks of is to use "Ultrapeers" or "proxies" as a type of "bodyguard" for the network. Each computer connects to an Ultrapeer as a user, and their IP address is stored in a database on that computer that is not visible on the network. Then, when someone wishes to download a file they must go through the Ultrapeer to connect to that server (indirectly). In essence, the Ultrapeer then becomes a 'network host' between both computers.

This is most definately NOT a good idea, since it puts all the strain of the network on the Ultrapeers, bouncing raw data from computer to computer, ignoring the shortest internet route and slowing down the network in the process. In turn, this also makes it look like the Ultrapeer is actually the one originating the file. This means that not only network strain is put on these servers, but legal strain. It makes them responsible for the data they pretended to host. Then the Ultrapeers would be forced to release the IP information from their database to show the file's origin. So, this actually does NOTHING to protect you from getting caught distributing illegal material, except putting the network to blame for its members' mistakes (Napster, anyone?). All of what you wish to do here can already be done by connecting to your ISP via a proxy.

Encryption of files on a PUBLIC NETWORK is totally ludicrous! All encryption does is prevent people monitoring connections to read the file. But if those people can simply download the file from you and read it, they've just bypassed your encryption security! Encryption is only necessary for Private P2P communication, which Gnutella is not. When you put files on the Gnutella network you are sharing it with the world, not select "trusted" people.

At first this may seem a logical solution, since as an individual you will never share 100% of a file with anyone. However, if you think about it with more than 6 hz of brainpower, you'll realize that it would make downloads IMPOSSIBLE. In short, the only way you could make a download 100% complete is if the same file were located from 2 different sources! Therefore, nobody would ever be able to add anything to the network! Unless, of course, they happened to have access to 2 computers, which defeats the purpose of everything in the first place. If you are truely concerned about not having the full file downloaded, you should focus on having more sources available with that file. So, ironically, all the people who are way too paranoid about the lack of privacy on Gnutella are the ones causing this problem on Gnutella. Go figure. A network is only as good as its members; it can only give you what its members give out. In this case, it's strength in numbers.

One thing I would like to point out is that anywhere you go on the internet, using any internet protocol, has the capability of logging your IP address. Simply using the internet is a security risk. All networks are formed around the concept of trust. If you don't trust a website with your IP address, don't visit it. Same with Gnutella. I hate to say this, but, if you don't trust the people on Gnutella, don't use it. Whatever company gave you the data that you are sharing probably trusted you not to share that data. So to say that you do not trust the very people that you wish to share data that was entrusted upon you, is at the very least hypocritical. Not to mention the countless people of whom shared their own trusted data with you. To eliminate this trust by sharing anonymously would be catastrophic to the network.

And, if you are concerned about people hacking into your computer, or uploading viruses, there are already hundreds of client-side solutions for all of these. However, the more internet presence you have, the more you are at risk. I hate to use the cliche "The best internet security is not to use the internet at all," but it's true.

You know, that your ISP can't be held responsible for the data, which flows through it?
They even must not read it out, exactly like the postal office must not open your letters.

The Ultrapeers also don't pretent they had the data, but simply say, that a host they know (but whom they don't name directly) might have it, and that they can route that file to you.

For this they simply use a session ID for that host, which expires after some time. Should that host no longer be online after that time, the information gets useless, and even more important: The information should never be stored any longer than a few days, so you have no "releasing the routing table", because there is none anymore.

You can only get caught, when the police checks the logs of your provider and checks which connections correspond to which client, but that is much work, and thus they can't simply sue anyone, but have to focus on real crimes like distributing child porn, instead of hunting one half of the people with internet access.

So it gives you privacy as long as the state doesn't crack down with really hard methods (and much money). I know that the USA are famous for their war on drugs, but I hope this would be too expensive even for them to do it for sharers of simple files, which doesn't really harm anyone.

With this measure alone, getting the IP of a sharer will no longer be trivial, and you can't sue in masses.

Partly nonsense (sorry). Since you answered to my previous post, you should be able to count 1 and 1 and see, that they can't know from whom they just downloaded the file.
Those two measures work together.

Thanks for the compliments.
As you use the number 6 in your post I assume you read the part, which stated, that this should only be done, if the uploader already knows 6 other working sources. So there are at least 7 sources avaible for that file and half your paragraph originates from a wrong assumption. I ask myself, if that assumption was intentional.

File Hashes make it possible to check, that you have the complete and correct file.

Ironically, using this, "legitimate" content could get a boost, because there the original sharers wouldn't enable this measure, and downloads from them would most likely be faster.

Also while this measure provides additional security against lawsuits, it only works against those lawsuits, which only holds as long as the laws aren't changed and even sharing only parts of a file is being made illegal. Butt till then it could give Gnutella a real boost of users.

Here you are completely right. I mean: the last two sentences only.

The first sentence is sadly completely wrong. I assume you didn't read the whole thread, else you would know, that I AM BEING SUED AT THE MOMENT, and your talk about being too paranoid somehow "STRIKES A VERY BAD CHORD".

*calms down a bit*

I would even say (to come back to your two true sentences), that numbers are more important than to have the most efficient downloads. That means: the bandwidth we lose through proxying (most downloads will only work with half speed, except those which are being hosted by people who decide, that they don't fear to be persecuted) is less than that we win beause we get more sharers.

To increase the numbers of sharers, those must be able to feel halfways confident, that they won't be prosecuted for something which doesn't really harm the music industry (the australian music industrie even makes more money than two years before. They were _very_ shy in admitting that) and harms the artists even less (if you want to discuss this, please start a new thread. I'll be in it, when I see it).

Agreed. BUT: This is only true for direct connections. My first point simply states, that you don't use direct connections.

You mean: Now you tell us to trust anyone in the Gnutella network, after you said, that it is no private trusted network, but that it is public?

All that followed was sadly: Share only what you are allowed by whatever laws are valid in your country, even if those laws are completely ludicrous and harm the artists by supporting the claims of a few monopolists.

I don't trust the person I am downloading from, because I don't know that very person. Would you give your wallet to me, without knowing who I am? I wouldn't give mine to you (but presumable to some people in this forum, I might, because I got to know them, though not face to face).

The main strength of p2p-networks is that you don't have to trust or even know the people you are sharing with and downloading from. Everyone agreed to give something to the network, so everyone gets more for him-/herself. A very simple system, which is called the "commons", or in german: "Allgemeingut" and "die Allgemeinheit unterstützen".

The Network simply enforces strictures, which allow a certain trust which isn't bound to the person you are sharing with, but with the network.

In earlier time, people trusted based on personal honor. Today, we can trust the structures of the Network and don't have to trust the integrity of its Users.

So you say: If you are concerned about your privacy: Don't use Gnutella.
That means: Everyone should stop using p2p-networks, except, if they only share "legitimate" content.

Which is no way of thinking forward.
Try thinking of solutions to problems.
The problems are:
1) Users are being sued
2) Users are afraid of sharing because other users are being sued
3) We have too few Users who share because they are afraid of sharing because other Users are being sued because they shared
4) Files get downloaded completely from a single User, who can then be sued, because we have too few alternative locations for files, because we have too few Users who share because they are afraid of sharing because other Users are being sued because they shared

So the solution which tacks the root of the problem is to make it much harder to sue Users.

I think you can figure out, how that problem tree (more a problem parasite) shrinks into itself, as soon as the root problem is being rooted out.

Also: Don't be shy to think if those legal rights are legitimate rights. That means: Is it right, or better: Is is legitimate, that a music company can forbid me to share my music?
Is the balance between the
1) Artists,
2) Distributors and
3) Listeners/Users
as it should be, with the music industry mostly having a monopol and being able to control to quite some extent, which types of music the people can listen to (for example by not supporting smller artists and only supporting "blockbuster music")?

The balance between the artists rights to be paid for their works, the distributors rights to be paid for distributing the artists works and the Users rigths to have access to cultural works and goods, always needs to be reassessed and it needs to be checked, if it is the best possible balance for the general public.

At the moment I very much doubt it. Artists don't really get enought money (except the few big ones), people don't have enough legal access to cultural works for acceptable prices (No: 20$ for a CD isn't a reasonable price!), but big corporations make very much money.

The pendulum must swing back to the Users/general public and the artists, aand that naturally hurts the music industry, so they fight against Gnutella, because it removes the necessity of their distribution structures.

Maybe someday the Music industry will learn to use free sharing for their advantage by including a tag in the tags of CDs (in the CDDB or the FreeDB) which tells you, where you could get the whole CD, so you can buy it to support the artist, if you like the music (and yes: I buy CDs, even though I can get most of the music in Gnutella, because I want to support the artists (and those who enable artists to create their works). I simply think that filesharing programs should include an option to buy the CD of a music file you just downloaded with two or three clicks (maybe using the iTunes MusicStore or Amazon)).

If they don't learn it, there is a good chance, that they will go down.

__________________

-> put this banner into your own signature! <-
--
Erst im Spiel lebt der Mensch.
Nur ludantaj homoj vivas.
GnuFU.net - Gnutella For Users
Draketo.de - Shortstories, Poems, Music and strange Ideas.

Thank you for clarifying your points, since there were a few that I didn't quite understand. However, there are still a few things you seem to be missing from my post.

This is partly true. However, this doesn't stop them from suing your ISP. An ISP is responsible for keeping a log of all connections. If an organization had evidence that a hacker originated from a particular ISP, that ISP would be required to release the log of their connection or risk being sued. This particular case happened to the ISP I worked for for several years. I'm sure that no Ultrapeer would be willing to stick their necks out for any of its users, let alone have to deal with lawyers and the responsibity to search through activity logs. Their protection is that your information is freely available through the network.

Yes, this is true. Especially with the fact that they couldn't trace who exactly was uploading what to make themselves a case. However, I can see a huge lawsuit down the line that could force Gnutella to publish their logs globally (or to certain organizations). If you notice with all illegal activity (whether it should be illegal or not) they will always find some way to locate a culprit and prosecute them. This is especially true when "Big Money" is involved (e.g. the ever-growing music industry). Thank you Capitalism!

First of all, if you have merely 2 truly working sources, the task will be split up between the 2 sources. So you are already guaranteed that you won't send 100% of the file if a reliable source has the same file. Explicitly checking for this isn't necessary, and could provide false positives that harm the network (what if 6 of the 7 sources disconnect your download?). As a side-note the 6 hz joke was not intended as a crack at anyone's intelligence, so I apologize if I offended you.

I did read your post about your lawsuit, which absolutely sucks. I wish you luck with that, and for all the others going through the same thing. What I was trying to say here is exactly like your "problem parasite".

Numbers are important for a network like Gnutella simply because of how it was designed. If you use the proxy method, the network will be limited to the power of the Ultrapeers, and not the power of all its members. This means you could still have 5000000 sources of a single file and not have it be any faster than 2 sources due to network traffic. Although, it would increase the chances of more reliable sources. Arguably you could say that the more members you get, the more Ultrapeers you would get, so this might be a moot point. But my argument stands that the concept behind Gnutella would be compromised to accomplish this.

I never said you should be forced to comply with laws, since that is obviously up to the user. You use Gnutella AT YOUR OWN RISK.

You are absolutely right, you don't have to trust the individuals, only the network itself. But on a public network like Gnutella, you're giving data freely to the world, and receiving data freely from anyone in the world. Especially when you start allowing anonymous transfers, it means you won't even know who you're dealing with. Supposing a client abused the Gnutella network to spread a virus. How would we track down and eliminate this virus if we don't know where it came from? People could abuse the anonymity factor for this in the same way you want to use it for sharing illegal material.

Before I even touch on this subject I would like to state that I completely agree that music companies are huge corporations that do overcharge their customers and that the artist who intellectually made the product is extremely underpaid. But there is more than just creativity and talent needed to produce music for profit. If artists could do it themselves, they would. And quite a few do. However, they don't tend to make much profit over it.

To produce a CD is slowly becoming obsolete, since it is far cheaper to distribute the music files individually or in a package over the internet. So I must say, why would anyone buy a download to a file that is basically identical to the one they downloaded for free on gnutella? If you merely wanted to support the artist, you could easily send them a donation via PayPal off their website. It would be nice to have that link in the music file that could be gathered from CDDB or FreeDB. But honestly, how many files do you find on Gnutella that actually use this information? I'd say about 20% of all people who use Gnutella even know that such databases exist, and only about 10% of those people actually use them! Maybe someday music industries could compromise by allowing downloads as long as a link is attached, but this could result in some nasty adware music files like most promotional wmv movies.

Browse host works just fine and if someone wanted your IP all they would have to do is use a IP sniffer like ethereal. Personally I think it adds accountiblity and there by makes sure that end users don't spread viruses and trash -- like there doing now! If your afraid of someone getting your IP mask it if you've got something to hide if not a common firewall will protect you from hackers and the like. I think they should REMOVE the browse host feature completely and show ALL IP's to keep others from having to go thought the misery of having to clean viruses and malware off their systems due to some very unethical marketeers pushing their viral trash to unassuming end users.

Ringo ...