Limewire does not display the pathnames of found files. I mean the pathname (you could call it the complete file name) on the remote computer containing the found file. But it seems like Limewire must "know" the path name, which means it wouldn't be hard to hack Limewire or some other Gnutella client, to reveal pathnames of found files.

Is this correct?

If it is correct, should Limewire users be advised to eliminate identifying information from pathnames to shared folders? If, for instance, if my shared folder is stored in Bob Johnson's documents\my music\shared music, then someone out there, the RIAA for example, could easily find out that someone named Bob Johnson is illegally sharing music. That might make it easier for them to sue me. (My name is not Bob Johnson, by the way.)

Is this too paranoid?

KH

.......ROFL

Sorry, I couldn't resist.................besides, I've been thinking about this problem as well; thoughts from external HDD to earasing according to the DoD went through my mind, though I sit in a different part of the world and do not feel any threat as eminent as you might do. At the end of the day I decided to install Peer Guardian 2 http://phoenixlabs.org/pg2/ to give me some placebo protection feeling. But I am aware that there can't be any 100% protection, if you download something illigaly. A certain kind of risk will always exist (except if you download only legal stuff of course), like participating in the daily traffic, using a knife or a gun or just living life (if you understand what I try to say).

Highkite

Like you, I felt that I had to do something to protect myself (my PC, my identity and my financial info) from being hacked. So, before I started to use LW I got myself an external HD and then configured LW to use that as my shared drive. I also have a firewall and anti-virus software (NIS 2005), you would be surprised when you read the logs and see how many times your PC has been attacked, and that is just through normal internet browsing.

Also, like Foolofthehill, I also use PeerGuardian 2, which stops government agencies (from around the world), computer companies and a vast assortment of other organisations rummaging around inside your PC when you are using LW. I also use Prevx, which I will be upgrading to Prevx1 this weekend, this stops anything or anyone secretly installing stuff on your PC from the internet.

However, please note that whenever you surf the internet or use LW you leave your IP address behind and this can be traced back to you via your ISP, and there is nothing you can do about this.

Finally, if some hacker has targeted your PC and is determined to hack it then there is really not much you can do other than switch your machine off (although some firewalls can block all internet access to and from your PC). The protective software I, and many others, use are there to prevent PCs from being caught by the many traps that are out there, e.g. port scans, embedded viruses, bogus jpg/wmf files, spam and phising emails, keyloggers, browser hi-jacks, etc.

Saying all that though, I still feel safer having my PC protected and cannot imagine going on the internet or using LW without all my protective software working.




UK Bob

Only one way to positively hide yourself, and that is with an anon, dial up account, (you know those ones you buy ******* fromshops and service stsations) using a throw away (*******) mobile phone connection, then they can only ever get back to the particular cell phone hub you are coming in on. Download speed is so slow that you would not bother for file sharing, only good if you are look for totally anon email really! and using an internet cafe is almost as safe for that.

Thanks UKB, fool and ferral.

I hope we can continue this conversation one more round.

I've already got Norton Internet Security installed, and I update it regularly. I think my machine is pretty secure. I looked at peerGuardian2. It looks like it adds one more layer of spyware and firewall-like protection, and it's free, and opensourced, so it's probably a good thing. But I'm not sure it's going to give me a lot more protection than what I have already.

Am I missing something?

It seems peerGuardian2 offers unrealistic hope of protection from RIAA lawsuits for p2p users. The copyright police are going to appear like ordinary p2p users -- even to peerguardian2. The copyright police mainly identify p2p users from their IP addresses. It isn't possible to cloak your IP address and still share files on a p2p network.

The way to download anonymously is to use a wifi hotspot -- not your own, of course -- that is not password protected. That's almost unbeatable. The IP address cannot be traced to the p2p user in that case. But there might be a few flaws in that method.

One possible flaw is the one I mentioned. It seems likely that a little hacking of an opensource Gnutella client, such as Limewire, could easily reveal the path name of each shared file on the network. If the path name contains identifying information, that could be a problem for the p2p user who wants to remain completely anonymous.

As more and more p2p users get anonymity from unprotected wifi hot spots, the RIAA is going to be looking for other ways to identify p2p users. It just seems sensible for p2p users who use wifi hotspots to think about the path names of their shared files.

But I'm not an expert. Maybe I've misunderstood something. Comment?

KH

Well, I do actually not think that PG2 tries to create unrealistic hopes (remember what I've written in my first reply: ".....to give me some placebo protection feeling." I guess, it's actually we who want to find a sort of reassurance for maybe not being caught (always assuming we DO download things illigally). At the end of the day, if you use a p2p client to illigally download stuff, and the RIAA or whoever wants to get you busted, believe me pal, then they will bust you because they have the money and the resources to do so. But ask yourself a question, how big is the chance that the RIAA is picking you to make an example, or the guy living next door? And what does busted mean anyway? The electric chair? Well, rather not (but, hwo knows, with such a president ). My philosophy is: If can't do the time, don't do the crime!! (Yes, and some of my friends call me Al C.)

Highkite

This thread has developed into two distinct flavours, which should not be confused with each other, and those flavours are protection and anonymity.

Now, your firewall, anti-virus, PG2, etc. only offer protection, the makers of these programs have never ever said that your PC would become anonymous when using their software while surfing the internet. I believe that you, like many others, have read into these protective programs facilities that just aren't there. Therefore, don't confuse protection with making you or your PC anonymous.

As for anonymity, if you take your laptop and sit outside a company's wi-fi station then you most definitely will remain anonymous but if you are spotted you are likely to be arrested, unless you are using a students' wi-fi set up.

Also remember, ISPs have ways of throttling back P2P traffic without affecting the rest of their internet traffic, so if certain wi-fi stations show excessive P2P traffic it can be cut without a moments notice.



UK Bob

Salut highkite,
Only YOUR LW knows the path of your shared files. What you send to queries and to UltraPairs are either a query hit table (QHT) with sha1 and sums of keywords for the former and a single sha1 and file name for the latter.

Ciao

__________________
Liens d'intérêt /Links of interest:
Gnutellaforums en français /The House's rules you have to respect / First search the forum, then create a thread / Free software alternatives! - Logiciels alternatifs gratuits!/

Aha!

I think et voila has the answer. And salut! back to you.

Et voila seems to say that the path names of shared files are encrypted by Limewire. He/she seems to be well informed. Probably true.

In re public wiFi spots, I don't know about the UK. As far as I know, using a non-protected wifi hotspot in the United States is not a crime. If it is illegal in some way, it's probably a civil matter, not a criminal matter.

Many public libraries in my state offer free wiFi connections, with no registration requirement. Some public parks, too. You don't even need a library card. If it's possible to get arrested, if spotted file sharing on a public library wifi hotspot in the U.S., I'd like to know about it. Is that really a crime in the UK, even when the wifi connection is not password protected? (Using a stolen password might be a different matter.)

In re anonymity vs. protection, it is true that the makers of PeerGuardian offer only a measure of protection, amount unspecified, and do not offer any degree of anonymity.

Unless the RIAA is planting spyware on machines owned by P2P users, I don't see how peerGuardian offers much protection to P2P users. The copyright police are going to be using the same IPs as everyone else. They are smart enough to avoid identifying themselves with distinctive IPs, probably. They -- the RIAA -- contract with independent bounty hunters, don't they?

It seems to me that the RIAA is risking lawsuits against itself if it is installing spyware on user's machines without their knowledge or permission, n'est ce pas? Are they doing that?

Of course, it goes without saying, the best protection from the copyright police is not to share copyrighted materials. Or at least to share them more discreetly than on a P2P network. Like borrow your friends' CDs and rip them, or connect directly to your friend's machine via Limewire or something.

More comments welcome,

SNAT

Highkite

Well, unauthorised access to a computer, aka hacking, is a criminal offence in the UK and, forgive me for this, I thought it was a crime in the US as well. Also, using publicly available computer access for what could be considered a crime, e.g. illegal downloads, could also get you a criminal record.

As for your RIAA, they really pose no threat to non-US citizens and our BPI (British Phonographic Industry) tends to play by the rules and go after uploaders rather than downloaders. However, the BPI has recently announced that they are going to adopt the RIAA policy and may now go after downloaders as well.

Protection versus anonymity:

Remember that unless you use someone else's network, i.e. one where you are not a registered user, a publicly available computer (internet café or library), etc. once your IP address is captured, say by the authorities or an organisation with enough resources, it then becomes very easy to trace you.



UK Bob