Comments on: Finns tout new anti-P2P tool

New company Viralg wins local awards, backing of record label for file swap blocker.

[hadaso]

They are keeping low profile for a good reason!

They are keeping low profile for a good reason! Their "technology" will not last long when released, so they need to use whatever time they have. If they make too much noise the file-sharing world would be ready with better hash functions before they are out.

But the real way to circumvent their technique and any other technique that spreads garbage into the P2P networks is to build reputaion services into the networks that can recognize that certain searches produce faulty files (e.g., by users reporting that) and alerting users making these searches of the low probability of getting a good file. If just this is done then the downloader knows not to download (because the download would probably be useless) and the party trying to discourage downloading succeds in discouraging downloading with less frustration for the user (who is probably a "fan"). But there's a better way that can actually discourage the use of "poisoning techniques": if in the case downloads have high probability of failure the software would suggest to the user "similar content", then the use of poisoning techniques would amount to sending your fans to the competition, and there would be much lower incentive to use those techniques. Another advantage of this is that it can work to promote less well known artists, and would also encourage users to prefer downloading legal content by refering them to available legal content (or at least content whose "owner" hasn't bothered to "poison") that is likely to interest them!

[bobby_brady]

Hash codes are created locally

I hate to break the news to this dumb a$$ company, but the hash codes are created locally.

[bobby_brady]

Hey Jaakko Happonen,

Go get a real job, loser!

Short lived

It might be a problem for a short while. On eDonkey network a hash is generated for a file, file is split and downloaded in parts. If a hash is also generated for a part of the file that say you are downloading from someone then after downloading that part you can check if the hash of the known good part matches with the real hash of the part that you got. If it doesn?t then your p2p program would need to ban that source as sharing invalid contents and ignore it in future downloads. The time to detect a client which shares garbage is equal to the time it takes to download one part.
It doesn?t really matter if the Finish company keeps low profile or not, it has revealed the method and if say eMule developers re-evaluate their usage of hash strings and improve the program, if needed, then this new method of stopping p2p will go by unnoticed.

[unknown unknown]

Questionable at best

Even with the recently discovered collision flaws in the MD5 and SHA1 hashing alogrithms it still takes quite a bit of work to generate a file with same hash value much less the same hash value and same size. Baring a serious flaw in SHA256, a switch to said algorithm would make their job very hard. Using two different hash alogrithms would make their job next to impossible because it would take a very long time to generate file with the same hash values and size.

Not really

I agree with you. But as far as I understand they will not try to generate actual contents that has a valid hash value. At the moment the best p2p works like this: say you download a file - Britney.mp3 it has a hash value H1. Program is looking for sources (clients) that share a file with hash H1. You can place any number of machines in the particular p2p network which announce that they do share a file whose hash value is H1. Your client then connects to the fake source and starts downloading the file, but the client sends your garbage. As I wrote above - the time needed to detect the garbage is equal to the time it takes to download a part of a file and verify the hash value of that part.
And getting the hash values of legitimate files can be almost completely automated, just search for, say, Britney on eMule, get the hashes of result files and put them on your black list, ... when people ask for them you send them back garbage. Annoying at best, but not a p2p killer. One way to combat this, would be to make a public blacklist of fake source IPs and ignore them, this could also be automated, as clients discover machines that consistently send garbage then could add those ips to the global blacklist which is shared by say all 2 million active eMule clients.

bogus sell

Hey.. it doesn't even need to be a real product.
It's not the first time someone sells a product that doesn't exist.
For example... i can sell vacum fueled warp engines... i just need a **** load of money to work out some minor problems :)

[lvirden]

Sure hope they can isolate copy protected software

I would think that if this company starts corrupting firefox downloads, as well as other freely distributable software, which also are distributed via P2P, that lawsuits would soon
follow.