February 24, 2004 2:15 PM PST

Covering tracks: New privacy hope for P2P

Related Stories

RIAA steps up file-trading suits

February 17, 2004

Building bridges between P2P networks

January 16, 2004

In refugee camp, a P2P outpost

August 14, 2003

P2P's little secret

July 8, 2003

Court: Anonymous P2P no defense

June 30, 2003
Jason Rohrer was battling an insect invasion last year when he hit on an idea that he hoped would help file swappers hide from the copyright police.

As ants marched with impunity through the Santa Cruz, Calif., home of the programmer, frustration turned to inspiration and Mute was born. The program, which seeks to hide the source of downloads by passing files between computers along twisting pathways, is gaining attention as an interesting solution to file swapping's hottest problem: privacy.


What's new:
As the Recording Industry of Association of America (RIAA) sues over 1,000 individual file-swappers, peer-to-peer software developers are trying new ways to cover their customers' tracks.

Bottom line:
The added privacy can mean a longer download time for music. And though customers have been willing to wait, the RIAA and companies that track file swappers say don't get your hopes up--we can still find you.

More stories on this topic

"If you're going to be anonymous, you can not use direct connections," Rohrer said.

Rohrer isn't alone in developing peer-to-peer privacy tools. In the past six months, the quest for anonymity on file-swapping networks has become the equivalent of a technological holy grail, thanks to a wave of lawsuits filed against individual file swappers by the Recording Industry Association of America.

So far, the RIAA, tracing digital fingerprints back to individual names, has sued almost 1,500 people it claims stole music over file-swapping networks.

Peer-to-peer network developers have been working on improving privacy ever since Napster was first targeted by a skittish record industry, but the results have been decidedly imperfect.

That's because most peer-to-peer systems require some degree of openness to work at all. In order to download a song from another computer online, a file swapper's computer must make some kind of connection to it. That leaves a digital record that can be traced back to a person's Internet service provider, and from there to the account holder.

At the very least, adding anonymity to peer-to-peer systems involves a trade-off in efficiency, creating performance headaches that bring a network to its knees. Some security experts go further, arguing that privacy is impossible to achieve in a peer-to-peer network, given that the technology requires creating direct connections between computers.

"The bottom line is that you just can't be anonymous on the Internet if you're going to have some kind of peer transaction," said Mark Ishikawa, chief executive officer of BayTSP, a company that tracks and identifies file swappers for music labels and Hollywood studios. "There is this myth that you can be anonymous. You can hide, but we can get you."

Proxies, keys and privacy
Most of the newest generation of file-swapping hopefuls use some kind of encryption, scrambling files so that they become impenetrable strings of data as they are transferred online. This helps keep out some prying eyes, but most monitoring services, such as BayTSP, simply pretend to be an ordinary file-swapper, searching and downloading files instead of trying to break into the network from outside. No matter how powerful the encryption in the network, that digital handshake is required, Net experts say.

Many of the services are also moving toward Internet "proxies" as a way to mask identities. Under this model, the direct handshake between uploaders and downloaders is interrupted by a digital middleman. Instead of being downloaded directly, a file is handed off to another Web server, or passed through another set of computers, before finding its way to the downloader.

The latest version of Streamcast Networks' Morpheus, as well as the smaller Earthstation V software , allow their users to connect to these online proxy servers, send search requests and upload and download through them.

Rohrer's Mute is a more extreme version of this proxy idea, in which every computer on the file-swapping network becomes a middleman, passing on search queries and actual files that are on their way elsewhere in the network. This makes it nearly impossible to determine who is uploading or downloading what information?-but the model has a cost.

Ordinary file-swapping networks work quickly, because only small bits of information?-search queries and background data--are relayed between most of the computers. In Mute's model, each computer potentially serves as a courier for vastly larger multimedia files. That can quickly clog people's Net connections, slowing or stalling the network altogether.

Rohrer says this is the natural trade-off between speed and perfect anonymity. What has been surprising is how many people have been willing to use the network even though it takes as much as an hour to download a song, he said. At last count, his software had been downloaded nearly 80,000 times, according to his host site.

"People seem to be willing to deal with it given the privacy issues involved," Rohrer said.

Spanish developer Pablo Soto, whose Blubster and Piolet software have attracted several hundred thousand users, is taking a decidedly different tack. While including strong encryption and some privacy-enhancing features in a new version of the software expected to be released in the next few weeks, he's also changing the way files are downloaded.

Information such as an MP3 song will still be downloaded from its original source, he said. But a song will be scrambled, and downloaded simply as raw, unintelligible data. This means that no actual copy of a song is being exchanged, he contends.

If downloaders want to turn that data into useable music, their software must seek elsewhere on the file-swapping network for the encryption "keys" that will unlock the data, transforming it back into an MP3. Separating the download of the data and the keys may help protect file sharers from lawsuits, making it more difficult for courts to say exactly which party is responsible for copyright infringement, Soto said.

"Our developments have always been a result of feature requests," Soto said in an instant message interview. "We are lately getting from our users hundreds of requests and ideas to enhance privacy, so it looked like the natural step to take, development-wise. If users want decentralized networks, there we go. If users want anonymity, there we go."

The RIAA remains as unimpressed by the latest generation of privacy seekers as with the rest. File swapping is file swapping, no matter how programmers change the way their networks function, the group's attorneys have argued in court. Moreover, the RIAA has already sued people who had used Blubster and other privacy-focused networks before, investigators note.

"File sharers need to take these types of claims with a grain of salt," an RIAA representative said. "Copyright owners can enforce their rights on these types of networks. Our investigators are well-versed in what these technologies do and how they work."

1 comment

Join the conversation!
Add your comment
remember the french revolution
This country is suffering an identity problem, the servants have forgotten their place and now think they run the show. Lets see, if your customers are not buying your product and instead go so far as to put them selves in legal danger, shouldnt that tell you that they dont think your product is worth buying? Though the music industrie's greed may blind them, they cannot force people to buy their over priced goods. First off, their is no reason in the world other than pure greed that a cd should sell for fifteen dollars or more. NO matter how good the music. The research and developement on the technology was paid off decades ago. The materials cost pennies. And we know that the poor artists have to work their butts off touring to try and make money. Its the media mafia that makes the money and we see this. I think I speak for many people with what I am about to say. RIAA beware, the people are fed up. You are going to push it too far and your going to start something that has never before been witnessed. YOu are sitting on a powder keg of hatred, and you are lighting it with the flame of fear. When the people explode, there will be little left that you will recognize. If the artists are mad, let them stop making music and go serve burgers like the rest of us. Sorry, most of us cant afford the luxury of spending money on music when we have to feed our familes and ourselves. As for me, I stopped buying music four years ago in disgust because I refuse to give profits to the evil empire known as the entertainment industry. I dont download, share, swap, record, or listen to music anymore. That is how much I hate the RIAA and those they represent. For those of you that feel anything about this I suggest we start a revolution in the one place that will hurt this enemy, their pocket books. Stop buying merchandise. Send this broken down system a message that your fed up. Take up the new motto..."Don't need it, Don't want it, Ain't gonna buy it." Then lets sit back and see who listens. And as for the editors of CNET that will read this and not post it...well my friends, you can't stop the people. You are here because of us, we are not here because of you. Have some guts and post this.
Posted by blacklightblacklight2 (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.