Anonymous, Decentralized and Uncensored File-Sharing Is Booming

PatPending writes with this excerpt from TorrentFreak: "The RetroShare network allows people to create a private and encrypted file-sharing network. Users add friends by exchanging PGP certificates with people they trust. All the communication is encrypted using OpenSSL and files that are downloaded from strangers always go through a trusted friend. In other words, it's a true Darknet and virtually impossible to monitor by outsiders. RetroShare founder DrBob told us that while the software has been around since 2006, all of a sudden there's been a surge in downloads. 'The interest in RetroShare has massively shot up over the last two months,' he said."

Does it depend on DNS?

[jdogalt]

A true darknet would not depend on traditiona DNS (root servers). I can't immediately tell from their FAQ if their methods are entirely independent of DNS.

"Goes through a trusted friend"?

[sirwired]

"...files that are downloaded from strangers always go through a trusted friend."

Doesn't that just make the "friend" instantly liable for contributory infringement? It's going to be hard (impossible)? for the "friend" to qualify for "common carrier" status, which could provide a safe harbor against an infringement suit.

It's true that this setup appears to be resistant to monitoring by outsiders, but keeping the people you don't want as members out of your online network is difficult, to say the least. It's certainly more work than busting up torrenters, but it's not exactly a difficult barrier either.

And, if I'm providing files, I want files downloaded TO strangers to go through one of my trusted friends (of course, that friend is going to have the contributory infringement problems I suggested earlier.) I don't give a *bleep!* about the downloader covering his tracks, (And when has the xxAA gone after downloaders? Don't they always go after uploaders?) I'm more worried about mine.

Traffic is still tracable

[Alain Williams]

If you are being monitored the police/... can still see who you are talking to even if they can't understand what you are saying. OK: if messages are routed through a friend to some other ''accomplice'' it makes things a bit harder for them, but most private networks like this will not have huge numbers of people on them. Also you can learn a lot just by studying the timings of packets (eg: a packet from A to B is often followed by a similarly sized packet from B to C, it looks as if A is talking to C).

Re:What a surprise

[EdZ]

It basically sounds like Perfect Dark [wikipedia.org], but with manual initial per-finding and weaker security (if you always have the same web of friends, you can likely be tracked by this web).

Re:Not very anonymous

[Jane Q. Public]

OneSwarm, from the University of Washington, addresses this issue. You can join any number of private networks or set up an arbitrary number of your own. And in that sense it is not completely anonymous, in the same way that RetroShare is not fully anonymous. But with OneSwarm, it is impossible to tell where the [pieces of] files reside on the network, or what nodes the files go through when you download. So while joining the network might not be completely anonymous, sharing files is.

Re:Traffic is still tracable

[Kjella]

Yes, there are much stronger anonymous designs but the downsides are equally high. I'd call several of these recent designs "anonymous light", good enough that the MAFIAA can't just hook up and collect IPs but not good enough if you have the FBI, NSA or anything like that after you. Personally I don't like this design exactly because what if one of those I trust download something nasty? They'll come to me. I'd much rather see a design that affords some plausible deniability, that no it wasn't me it must have been one of the other nodes in the network, downloading through me.

Re:What a surprise

[Anonymous Coward]

Around here the only options for western media are pirate copies, either you torrent them or you pay for a pirate copy. Unfortunately, even the ones in fancy boxes are typically TV rips rather than real copies.

I'll delete the copies I have when I move back to the US, but it's pretty much the only access I have to my own culture right now.

Web of trust can't work for something like this

[DarkOx]

Web of trust models will only work where there is an incentive to keep people out of the network. In the P2P world its just exactly the opposite. Users want as many other users on the network as possible because it speeds up their transfers and increases the amount of available content. You could use web of trust for something like e-mail where users generally want to prevent spoofs, scams, and spam.

I realize that users of P2P networks want to keep *some* people (FBI,Secret Service,DOJ,Interpol,[M,R]P?IAA employees ) off but for the most part they want users on. The next problem is you have the lowest common denominator issues. Again you want it to be simple enough that everyone and anyone can use it so you have content selection but that also means you get the same idiots who are still providing the account and routing numbers to 419 spammers. All mister federal agent needs to is promise to upload tons of free porn and John HighSchool is going to cross sign his PGP key.

Re:What a surprise

[4phun]

It basically sounds like Perfect Dark [wikipedia.org], but with manual initial per-finding and weaker security (if you always have the same web of friends, you can likely be tracked by this web).

Now all of a sudden Google's new March first privacy policies make a lot of sense. If they can connect all the dots to reveal the connections things like DarkNet, Google would be of great value to the government and no one else need be any wiser.

Re:"Goes through a trusted friend"?

[Anonymous Coward]

Doesn't that just make the "friend" instantly liable for contributory infringement?

Yes, but that isn't a problem.

The entire point of a invite only method is to make sure that everyone invloved is trusted. The problem with many systems like that is that when it grows too big it becomes easier for soeone of the RIAA to be "a friend of a friend" and get access to the whole network that way.

By only allowing the users to get access to the network through the "close firends" a member of the RIAA that gets access to the network can only monitor the firend that invited him/her. This means that you only have to trust the ones you invite and don't have to worry about them later inviting som random stranger they met on the internet.

Encryption to be regulated

[Anonymous Coward]

There are countries (France, afaiu) where encryption is illegal without a "licence".

So while many comments here say you simply can't ban encryption without banning safe commerce, that's not so true. The government simply makes using encryption require a license and said commerce sites get a license and commerce and advertising continues. Joe Average User doesn't get a license, and when he does use encryption (with another unlicensed party), they go to jail.

The one sticking point that I have never understood about such a situation though is that the government must also ban sending "garbage/random data" between two parties, otherwise how does it determine when two parties are using encryption and when they are just catting /dev/random to each other?

Re:disadvange.

[Anonymous Coward]

This is a myth being propagated by MPAA & RIAA. As someone who's been around since the days of Hotline & IRC sharing, if anything, it's easier these days than before. Torrents are fast & there's not much you can't get from ISOHunt or TPB or the likes.

Pretty much this. I've been trading files online since years before even Napster was around, and it has never been easier than it is today. Hell, with our download speeds, we're getting close to instant gratification. Any reasonably popular album can be had in under a minute. You can pull down whole discographies in the time it took to download a single song 10 years ago. There are cams of any major movie online within hours of it's premier; blu-ray rips are out by street date, if not even sooner. Software is cracked before it even hits the streets...

There's just nothing that the MAFIAA can do to stop it. File sharing is a modern-day hydra, cut one head off, two grow in it's place, and short of monitoring everyone 24/7, which costs orders of magnitude more than the alleged "profits" they're "losing", they're never going to be able to keep up with it.

Re:What a surprise

[Opportunist]

Don't you worry too much. The reason why this isn't going to be the end of the internet is the same that NoScript, AdBlocker and whatnot weren't: Too many people who won't use it.

I don't know about you, but I use adblocker, NoScript and a few tools that disable tracker cookies and whatnot. What would change if I didn't use them? Not that much, actually. I'd just have to wipe my history clean manually and endure longer loading times for banners to load that I don't click at. The change for the ad industry? Generally, zero.

But I'm a minority, and this is why this model works. For every non-cooperative asshat like me that thwarts the attempts of the ad and profiling companies, there's at least a thousand who cooperate, who have a facebook profile filled with all kinds of personal info, who not only have banners displayed but also click them.

Your sky-is-falling prophecy of doom is akin to the cry heard when VCRs were labeled the doom of private TV because (teh horrorz!) people could not only skip ads with them but actually cut them out of shows!

Guess what? 30+ years of VCRs (and now even other, more sophisticated means of time shifting and recording that take a lot of work out of de-ading movies) and private TV is stronger than ever.

Re:Traffic is still tracable

[Kjella]

The problems with using Tor in this manner are:

Storage servers are required; there is no way a popular file sharing site would remain undetected even if it were deployed as a hidden service. It would require too many resources to run, and eavesdropping would not even be necessary to narrow down the targets.
Bandwidth is too limited; it would take days to download an HD movie over Tor, which is even less convenient than going to the nearest video store to buy it legally.

Personally I'm surprised that nobody has come up with an application that basically merges what TOR and Freenet does into one. A distributed storage would provide both the capacity and the upload bandwidth, while freeing up resources from onion sites. The network bandwidth is actually not that bad, I've had files run at 200 kB/s when connected to a high-speed site in the normal web. Of course if people did that in volume the exit nodes would choke and die, but the network itself is rather capable if you could move the files on the inside.

Never heard of it......

[BLKMGK]

Having never heard of this software before and hearing about it now I'm betting that usage is again about to shoot up! :-)

The "content providers" really need to get a clue. this comic says it all IMO -> http://theoatmeal.com/comics/game_of_thrones [theoatmeal.com]

They make it ever harder to get content and then wonder why people are sharing more and more. I have pretty much ceased downloading MP3 because I can easily and cheaply get them from Amazon. I have pretty much ceased BUYING E-books because publishers jacked prices through the roof and I can download them in SECONDS. I download and save TV shows for later viewing often even though I have a couple of TiVO and record many of the same shows. That saves me the EFFORT of pulling them off my TiVO, editing them, compressing them, and copying them. If the transaction is easy ala Amazon's MP3 (which even copy to cloud storage!) then the sales will come. Perhaps it won't be at the astronomical prices these idiots dream of but it sure beats a lost sale doesn't it? Their idea is to bottle things up such that everyone is FORCED into their business model - I'm sorry but that's not going to ever happen. Make the transaction friction-less, have an extensive easy to use catalog, and make it cheap enough I'll buy it like some throwaway app in an app store and "content" will sell like hotcakes.

Now then, I'm off to download and check out this new program. It will sure beat having folks over with portable drives for swap parties or participating in huge Torrent clouds!

Re:What a surprise

[Surt]

If you were on a metered ISP, you'd be getting that discount.

Re:Whackamole!

[Anonymous Coward]

The more they clench their fists trying to maintain control, the more sand slips through their fingers. You can't stop firesharing, full stop, end of sentence. People will always find a way, even if it means SneakerNet. They need to give up trying and just accept the fact, dedicate their energies and resources to things that are actually productive.

Re:Whackamole!

[DanielRavenNest]

25,000 downloads a day is utterly trivial in comparison to the hundreds of millions of downloads of file sharing software from CNET alone, let alone other sites:

http://download.cnet.com/windows/p2p-file-sharing-software/?tag=mncol%3Bsort&rpp=10&sort=downloadCount+asc [cnet.com]

The amusing part of the CNET downloads, is that CNET is owned by CBS, a major media company. So any attempt by CBS to sue file sharers can be countered by the fact that they encouraged it by distributing the software on a massive scale. The same story, on not as massive scale, is true for Fileplanet, owned by IGN, which is a division of News Corp, owners of Fox:

http://www.fileplanet.com/73/0/1/2/1/section/File_Sharing [fileplanet.com]