Journal rusty0101's Journal: An idea for safegaurding files in p2p networks.
With the RIAA negotiating with congress to be able to attack people they believe are violating their copyright, rather than take them to court, and elements of the RIAA, or sympathetic P2P users, distributing files that are full of garbage rather than the content expected, perhaps it is time to add a couple of features to applications and file sharing tools to give users a better experience.
One of the concerns that I have is the prospect of a document being made available that contains trojan horses, or destructive worms. Additionally Viri could end up being distributed this way as well, compromising other documents or applications.
A scenario that makes use of these would be if the RIAA got approval to hack into p2p users computers, and distributed a file with a trojan horse that opened a port back to the RIAA to allow them to review your compilation of music files for copyright infringement. The trojan horse also looks for a shared music file large enough to hide itself in, replacing the content of that file. To continue to be operational it modifies your startup files to re-start itself after a power failure or reboot.
The Idea I am proposing is to add two features to file sharing and content creation tools. One feature is already in exestance in e-mail, and available though not as widely used as it should for other applications, potentially including p2p. The other is also widely available, though also underutilized. There is also one feature that I would like to recomend, though I am not sure how well it could be implemented.
The first feature is to do pgp/gpg signing of files being shared. The pgp/gpg signature does not have to be part of the file, but I would recommend it being an attribute of the file that gets transfered when a p2p client pulls the file from a p2p server. This signature would be ammended by other users as they review the file and confirm it's integrity.
An alternative would be for users to encrypt their shared files with their private key to be decrypted with their public key.
In either case, some form of trust prioritization should be done by the file sharing application. Meaning that if you are looking for a copy of the Declaration of Independence, as a high resolution image, so you can clarely read all the signatures, the application will provide you with a prioritized list, giving those people you trust most the highest likelyhood of being the source for that document.
Trust should also be Mime or File Type specific. Just because I trust the RIAA to provide an accurate copy of the DMCA, does not mean that I expect that a copy of Al Jolson's Mammy will be trustowrthy.
So far as I know, the Trust relationship built into PGP/GPG is content independent. Meaning if you trust someone completely for e-mail, that trust also applies to any technical drawings they may provide. While I will not claim that that trust would be specifically misplaced, if the trusted user is a political activist, but not an engineer, then I don't know that the trust is properly placed in the drawings.
The second major feature that I would like to suggest is the use of an editorial or comment attribute in a meaningful way. An example being the ability to do comparative recomendation searches. Lets say you are a fan of a specific composer, Mozart for example. It would be handy if a modern composer, providing new music, could be compared to Mozart. Likewise as you rate the music you have, it would provide you with the results of what other people with similar collections liked, so you could find new music that you would enjoy.
The above, in combination with a trust based system would also provide a method of rating music based upon other peoples trust and approval levels. So if you are Abe, and you trust Bob and Carol, but not Deb, or Ernie, and you have never delt with Fred before, you can look at trust relationships that Bob and Carol have, and base your decision on whether to trust Fred on relationships they may have.
Why might you want such a setup? Because you very well may want to access a p2p system through some anonymization facility, and not use the same public/private key set for p2p that you use for e-mail. This may be because you don't want the same level of encryption, perhaps you want 1024 for signatures on music files you are sharing, but 4096 for your e-mail encryption and signing. Or you may be using different id's depending on what you are doing, being "bigtimefilesharer@some.music.domain" for music sharing, "smallfrywriter@writers.domain" for your poetry, and "e-mail.user@myname.domain" for your e-mail.
Some people would even note that it may be a good idea to hide your username when it comes to sharing music. If for no other reason than to make it more difficult for the RIAA to attack you.
Are there flaws in this system? Sure. At it's core it is an honor based system. If you decide to write your own trojans, worms, or viruses, and distribute them via a p2p system, because you happen to have a high level of trust with several people, you can cause trouble.
Additionally, while I am not impressed with the RIAA or it's supporting members interest in making music available to potential customers on a shared basis, they should be the most trustworthy as they actually hold the copyright to the music. Unfortunately their actions speak louder than their trustworthieness.
The other downside is that there isn't much that you can do about someone else's file that is being shared. As an example, if Fred from above, is going to build a honeypot with files about the right size for top 40 hits, but containing nulls rather than data, there isn't a lot Bob or Carol can do to warn Abe that those files are junk. The only thing they can do is downgrade Fred's trust level, and hope that Abe will subsequently avoid him.
That's about it for now. For the most part this idea is to build PGP/GPG into a file sharing program. The program would then be able to help users determine if a file is actually desireable.
-Rusty
