Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet Software

Reputation System Fights P2P Junk 338

yeejiun writes "Many of the files that are shared on p2p networks tend to be junk. Organizations such as the RIAA and music labels regularly pollute these networks with nonsense files masquerading as real music/video files. These junk files make it difficult for users to find what they want on such p2p networks. Some researchers at Cornell University have developed a reputation system called Credence, that works on the Gnutella network, allowing users to tell the good files from the bad ones."
This discussion has been archived. No new comments can be posted.

Reputation System Fights P2P Junk

Comments Filter:
  • better answer (Score:4, Insightful)

    by eight and a quarter ( 904629 ) on Wednesday August 03, 2005 @11:57PM (#13237627) Homepage Journal
    quit downloading crap off of kazaa/grokster/morpheous/etc. dont trust brittneyspearsporno.avi.mpeg.exe
    • Even better answer (Score:2, Informative)

      by quadra23 ( 786171 )
      quit downloading crap off of kazaa/grokster/morpheous/etc

      Use a P2P program that actually includes some 'anti-junk" features. I typically use Shareaza (probably not the best, and I'm sure someone will state a better P2P but the points still remains, Shareaza does offer some features these clients do not -- including a rating/comment system that goes with the file whenever anyone finds a search result for it). Usually I know if the file is a fake before I download because I use some obvious signs:

      • How man
      • This is what happens.
        Company XYZ comes up with P2P app.
        Distributed online for free.
        Users who claim to be legit flock on P2P site.
        **AA lawyers swarm.
        Site is closed down.
        People are sued.


        Real losers?
        Company XYZ.
        Users who are sued as examples.
        You just lost the newest P2P site.


        Wash. Rinse. Repeat.
    • Re:better answer (Score:3, Insightful)

      by strider44 ( 650833 )
      That doesn't stop people from generating a random file 700MB big and calling it Serenity.Leaked.avi
    • by zaxios ( 776027 ) <zaxios@gmail.com> on Thursday August 04, 2005 @03:11AM (#13238153) Journal
      brittneyspearsporno.avi.mpeg.exe
       
      Link please.
  • Gotta love the torrents!
  • by ReformedExCon ( 897248 ) <reformed.excon@gmail.com> on Thursday August 04, 2005 @12:01AM (#13237646)
    I thought the primary purpose of P2P filesharing was to share legally swappable media files as well as other files like documents and useful freeware applications. Is there some nefarious entity flooding the P2P networks with garbage disguised as those files above? Why would you need to know the quality of the file's reputation?
  • this is stupid (Score:3, Insightful)

    by Madd Scientist ( 894040 ) on Thursday August 04, 2005 @12:03AM (#13237653)
    if the RIAA is willing to create junk files, you really don't think they are going to create fake accounts to rate their junk files as "good"? ANY system you put in place that gathers "votes" from users can be manipulated.
    • Re:this is stupid (Score:4, Insightful)

      by Creepy Crawler ( 680178 ) on Thursday August 04, 2005 @12:14AM (#13237716)
      Look at kuro5hin's rating system. In a democratic system, participation is the key. AT that site, very few comments are rated upon. The few that are rated are the...

      1: Master parent in big thread.
      2: 1 and 2 child of master parent (in a big thread)
      3: Obscene trolls (...you donkey-raping shit eater...)

      Past that, not many care. Of course we have had a few mod-trolls who create a few accounts to run everything into hidden (similar to beiong -1'ed here), but are countered by the users actually participate for a short while.

      Since the voices on K5 get out, nobody cares about democracy. Just hop on over there if you dont believe me.
      • This system specifically addresses kuro5hin's main problem.

        On K5, only a few people rate comments. Basically crapflooders cabals got together enough accounts to outweigh legitimate raters, giving them control of the rating system.

        With this system, the crapflooders would be able to rate each other up... but if you rate differently to them, your view would ignore or reverse their ratings.

        Wouldn't help anonymous users though.
    • rtfa, sucka. (Score:5, Informative)

      by knowles420 ( 589383 ) on Thursday August 04, 2005 @12:15AM (#13237718) Homepage Journal

      7. Can a group of spammers game the Credence algorithm by voting thumbs-up for each others' spam ?

      No. The trustworthiness computation is designed to preclude such attacks.

      8. What happens when a large number of spammers vote each others' spam up ? Can they fool the reputation system ?

      No. Credence's reputation computation is similar to Google's PageRank, but is more general - every node computes a different rank based on its own votes. Reputation flows from a given good node along trust edges towards other nodes. Spammers can create tight cliques in which everyone votes on each others' spam, but the entire clique will be deemed untrustworthy. And if anyone in the spammer clique does a search, they will see each others' spam ranked high.

      or, just do whatever you want.
  • eDonkey (Score:5, Informative)

    by mnemonic_ ( 164550 ) <jamec@noSpaM.umich.edu> on Thursday August 04, 2005 @12:03AM (#13237654) Homepage Journal
    Doesn't the eDonkey2000 network already have a system like this? Users identify fakes and report them, then the phony file information propagates throughout the network and the fake file dies.
    • Re:eDonkey (Score:4, Informative)

      by mnemonic_ ( 164550 ) <jamec@noSpaM.umich.edu> on Thursday August 04, 2005 @12:09AM (#13237694) Homepage Journal
      Ah, found it: donkey-fakes [gambri.net]. eMule automatically downloads the fakes list upon startup, and prevents the files from spreading.
      • Re:eDonkey (Score:5, Interesting)

        by daikokatana ( 845609 ) on Thursday August 04, 2005 @07:56AM (#13238816)
        Indeed - but there is a big problem with that system. eMule recognizes the file hashes and reports them as fakse, but it stops after that.

        For the past few weeks, I have been rewriting part of the eMule source to have the following changes:

        1. I offer a valid file with a valid hash (no fake) 2. People try to download the file from me and move up fast in my queue 3. Once they download a chunk from me, the data I send them is invalid (generated random) 4. Since this part is invalid, they need to redownload it 5. Since they move up faster in my queue than others, they redownload the part from me. 6. etcetera...

        To be honest - I want to sell this tactic, that's why I do it. And so far it works! I get loads and loads of requests and rerequests for files, so this is a perfect tactic to kill the download of valid files - reputation system or no reputation system.

        Remember, the file is valid, but they'll get it much much slower and spend x times the bandwidth to get it. I have unlimited bandwidth (up/down) so I always win in the end.

        If whatever organisation I sell it to employs this on a large scale, the network will be flooded.

    • Re:eDonkey (Score:2, Funny)

      by Infonaut ( 96956 )
      Doesn't the eDonkey2000 network already have a system like this?

      It does, but unfortunately the name "eDonkey" immediately invalidates any utility the service might provide.

      Personal foul, hideous name. Loss of down and a 15 yard penalty.

    • Re:eDonkey (Score:2, Interesting)

      by noidentity ( 188756 )
      Doesn't the eDonkey2000 network already have a system like this? Users identify fakes and report them [...]

      So all the RIAA has to do is report all the real files as fakes? Well, along with the fakes, otherwise the real files would be marked as the fakes and the fakes as the real.
    • Re:eDonkey (Score:3, Interesting)

      by Jugalator ( 259273 )
      Yes, it's not too uncommon. On BT, I just check how many seeders the file has. People don't want to keep and spend their bandwidth on seeding fakes.

      So far, I've never fallen to a faked torrent with lots of seeds either. Even if RIAA could in theory set up networks to seed fakes, they don't seem to be doing it.

      I think there'd be less confusion if the article title was "New Reputation System for Gnutella To Fight P2P Junk".
    • First, you can't see the ratings in the search window. You must start downloading and only after connecting to some peers and starting the download, ratings start to appear.
      Second, if you want to leave a rating of "Fake/Bad" you still need to host the file. Thank you very much, 2.5GB of gay porn just to tell people it is not really SWIII-ROTS-DVD_QUALITY.AVI - only malicious seeders of these files will retain the description ("Great quality! Not Fake!") and everyone else will delete the file after downloadi
    • Most users are too lazy to post comments on files in the ed2k network. Any system that does not give an advantage for rating files will be discarded by most users, leaving big F*cking holes open for robot voters/spammers from the trolls on those networks.

  • by case_igl ( 103589 ) on Thursday August 04, 2005 @12:04AM (#13237665) Homepage
    "...allowing users to tell the good files from the bad ones."

    Don't you mean the real illegal files from the fake illegal files? Seriously, it is no surprise to me why P2P has gotten a bad rap. Many of the users simply use P2P apps to commit piracy.

    Yes, there are legit uses as well. But honestly, if you are looking for free music from a band that has released it as such, you can usually find it. It's the copyrighted commercial music and video that have tons of fake files, porn movies, etc...Not Jim Blow Sings the Blues, Live from Natrona, PA!

  • by Motherfucking Shit ( 636021 ) on Thursday August 04, 2005 @12:06AM (#13237670) Journal
    How is this any better than Bitzi [bitzi.com] and its Bitprints, which are already built into popular Gnutella servents like BearShare?

    "Our client provides a peer-based judgement that a given object will possess the properties with which it is labeled and enables users to evaluate search results for authenticity before downloading."

    Sounds exactly like Bitzi to me...

    "Many peer-to-peer reputation schemes have been proposed in academia. Credence is the first practical implementation of a peer-to-peer reputation scheme."

    I don't think so.
    • NO (Score:2, Informative)

      by zymano ( 581466 )
      OVERVIEW

      Credence is a robust and decentralized system for evaluating the reputation of files in a peer-to-peer filesharing system. Our goal is to enable peers to confidently gauge file authenticity, the degree to which a file's contents matches its advertised description.

      At the most basic level, Credence employs a simple, network-wide voting scheme where users can contribute positive and negative evaluations of files. On top of this, a client uses statistical tests to weight the importance of votes from the
  • by lightspawn ( 155347 ) on Thursday August 04, 2005 @12:08AM (#13237685) Homepage
    If a file appears to by RIAA-affiliated music, treat it as a junk file.

    Why bother with music the artist doesn't want you to have? Just forget about it altogether and discover new music, even new types of music that you'd never realize existed, much less that you could enjoy.

  • What outrage (Score:3, Insightful)

    by dedazo ( 737510 ) on Thursday August 04, 2005 @12:10AM (#13237696) Journal
    Because we all know that P2P is only used to trade legal content. How dare those evil record companies "pollute" the system.

    Shocking.

    I don't know that their tactics are effective - after all, networks like eDonkey|eMule seem to be pretty good at self-policing. But it's amusing to see the undercurrent of outrage in these 'stories'.

    We all know damn well why the *AA folks do what they do.

    • But it's amusing to see the undercurrent of outrage in these 'stories'.

      With laws like the Sonny Bono copyright extension act, outrage is entirely warranted. Furthermore, I have no sympathy for those companies; as far as I'm concerned, a lot of their copyrights are unjustifiable. (However, I have personally not downloaded music from P2P networks, so far.)
  • Good summary (Score:3, Informative)

    by kernel_dan ( 850552 ) <slashdevslashtty@@@gmail...com> on Thursday August 04, 2005 @12:10AM (#13237699)
    For those of you that can't be bothered to RTFA, this system takes a profile of how you vote on files and matches you with other people who voted similarly. Thus, the spammers would see different ratings than 'normal users.'
  • You can already tell (Score:3, Interesting)

    by ravenspear ( 756059 ) on Thursday August 04, 2005 @12:10AM (#13237700)
    It is already very east to tell the junk files from the good ones. The junk ones will come from a very limited IP range. What usually happens is that the *AAs, and the companies they hire to pollute the networks will use the entire IP range they own to do that, but that usually still only amounts to a few class Bs. The good files on the other hand will come from all different class As.
  • by distantbody ( 852269 ) on Thursday August 04, 2005 @12:11AM (#13237702) Journal
    The fact that I didnt get to play HL2 was compensated by the 2 hours of dwarf porn.
  • The RIAA could easily manipulate this to cause legit files to be rated lower.
    • No it can't. Read the article.
      • Actually, they can. With access to a large address space (not too hard to get really, especially if you don't care about the law), you can still do large amounts of pollution by gaming the system.

        Suppose you represent company X. Look for legitimate files from company Y and Z's stuff. See who rated them up, then clone all their ratings (which would include some company X works as well). Create a bunch of permuations based on the data you have dumped, and mod the legit files from the company you represent
  • by barks ( 640793 ) on Thursday August 04, 2005 @12:17AM (#13237721) Homepage
    I like this idea. Media hordes, read as RIAA and MPAA, will constantly try to find technical ways to put the P2P genie back in the bottle.

    For every Napster (Kazaa, etc.) they close, another will be spawned. For every fake or intrusive system they create to battle downloaders, another downloading method will be innovated. For every commercial they feature a celebrity crying copyright heresy, /. mobs will just mock them.

    It's no shattering concept there'll never be a checkmate for either side.
  • If we had a P2P system that was encourage to boot off copyrighted works, we'd also have less junk (RIAA has no incentive to flood it with crap) but also maybe a viable platform for Independent artists to distribute their works...............

    I was going to go further down this line of thought, but now that I think about it, with bittorrent and a self-promotional website, an independent artist can get his stuff out their with minimal bandwidth expenditure. I can't really feel for either side in the debate -
  • by hellfire ( 86129 ) <.deviladv. .at. .gmail.com.> on Thursday August 04, 2005 @12:50AM (#13237817) Homepage
    Many hardcore file shares and hosters, dare I say most that would call themselves hardcore, are not in it for getting free content on demand when they want it. They are into collecting absolutely anything and everything they can get their hands on. In some collections, people wouldn't possibly, in their lifetimes,be able to listen to all the music or watch all those movies. But just the thought of having it makes many hoarders happy. And it's not even necessarily reputation amongst others. It could be in many cases, but not always. They just have to have it.

    What's my point? Well, this is the greatest strength and weakness of peer to peer. Hoarders ensure a healthy flow of files, but they rarely actually check what they have. They don't check to see the software works, or if the music is a complete copy, or that the movie was cut down to a quarter of the original screen size.

    This is what companies take advantage of, both those who want to hurt swapping, and those who just want to seed files for the purpose of installing some evil spyware. It's nice to have a bunch of people trying to seed the masses but cmon the point of file sharing is to pool our independent resources. For someone who doesn't have all day to search for files and test quality and whatnot, it is sometimes less painful to just go buy the CD than it is to actually try to download it amongst the mess of files that are out there.
    • And that's why there's such a great business opportunity for downloadable content. That's why Apple is selling so many songs with their music store.

      "Casual" downloading of shared content is hard, especially if you want decent quality. Convenience means a lot to people. There are lots of lazy individuals with plenty of money, and they'll happily give you a little money if you do some work for them. And figuring out a decent download counts as work.

      I don't mind the music and movie studios being against file s
  • Companies hurt (Score:4, Interesting)

    by jamienk ( 62492 ) on Thursday August 04, 2005 @01:02AM (#13237846)
    Many many companies (and individual artists) have faced SERIOUS economic damage by attempts to thrawt P2P from being absolutely ubiquitous and maximally effective. Estimates are in the BILLIONS of dollars (US only) of lost sales in broadband connections, blank media disks, large hard disk drives, software support, consulting fees, home audio/video equiptment, and the like. And Western countries are fast falling behind as the majority of educated citizens from developing nations take advantage of the black market for these goods and services while Western citizens are blocked in droves by propaganda, political corruption, inferior substitutes, and FUD from fully participating in the open exchange of science, the arts, poltical discorse, and culture in general.

    Credence will hopefully bring us a bit closer to reaching our current potential.
    • Re:Companies hurt (Score:3, Insightful)

      by Matey-O ( 518004 )
      That's a lovely, scary, statement you've made there, and it's earned youa buncha karma...care to back up the claims with a citation or two?

      Billions? I highly doubt Billions.
  • Another metric is Eigentrust out of Standard: link [stanford.edu] (warning: PDF). If I recall correctly, it computes the trustworthiness of a peer by computing its left principal eigenvector. This is the same method Google uses to rank pages in its search algorithm.

    - shadowmatter

  • To guard against a Sybil attack, they require you to get a certificate from a central server (single point of failure) to be able to rate files. To prevent you from just requesting an arbitrarily large number of certificates, they require you to first download a very large file before applying for the certificate (I assume they just create random data and have you respond to a challenge based on the data -- like "OK, you tell me the SSH2 hash of the file at www.gohere.com/youruseridhere.txt and I'll tell y
  • Renamers (Score:3, Interesting)

    by DuranDuran ( 252246 ) on Thursday August 04, 2005 @01:50AM (#13237958)
    Organizations such as the RIAA and music labels regularly pollute these networks with nonsense files masquerading as real music/video files. ...as do the "renamers". I wonder if anyone has studied why such people rename files in this way?
  • by fundflow ( 87625 ) on Thursday August 04, 2005 @02:34AM (#13238063)
    This may automate the reviewing process
  • by Kjella ( 173770 ) on Thursday August 04, 2005 @02:43AM (#13238082) Homepage
    1. Mark a bunch of good files as good
    2. Mark your bogus file as good
    3. Spread your vote list on zombie network
    4. Your votes corrolate highly with "good files", and there's no counter-votes by others (yet)
    5. Trick lots of people to download it (the rating goes to shit eventually, but...)
    6. New bogus file. Goto 1.

    In addition, you have an issue with semi-good files. What if the encoding is flawed, should you mark it as bad or good? Either case can put you at odds with the general opinion.

    Third, you have an issue with files trolling for incorrect votes. Create a "non-obviously" bogus file, which some people will mark bad, others good. You'll create a lot of conflicting votes and "noise" in the system to make attacks like above possible.

    Kjella
  • Huh (Score:5, Insightful)

    by TCM ( 130219 ) on Thursday August 04, 2005 @02:47AM (#13238093)
    Who actually searches for files in the P2P client? Normally you visit some site where the releaser himself posted a torrent or an ed2k link and you download that.

    I can't remember the last time I actually searched in eMule.
  • Litigation index (Score:5, Interesting)

    by xixax ( 44677 ) on Thursday August 04, 2005 @02:52AM (#13238108)
    Can this also be used as a metric for the RIAA and MPAA to decide which people to take legal action against? Go for the most trusted, most highly rated individuals and take out the most influential (central? critical?) nodes. In the same way that cliques of poisoners would stand out.

    Xix.
  • Despite everyone's views on the use of p2p networks, isn't it a dangerous precadent to set to allow these companies to steamroller over *anyone* who dares share copyrighted material. Is living in a DRM world where consumer rights are constantly reevaluated as to give us the least amount of enjoyment and freedom from our purchases worthwhile? It doesn't matter *who* these p2p sharers are, isn't setting the precadent of removing consumer rights by DRM (to copy, rip, burn for backup etc.) far more demeening an
  • by Kamiza Ikioi ( 893310 ) on Thursday August 04, 2005 @06:34AM (#13238543) Homepage
    The system seems like a tool to use against the RIAA/MPAA to block pollution efforts. However, then the other shoe drops, and the RIAA/MPAA has a tool to target the highest ranked nodes/cliches/people. No longer do they need to figure out how many files you have.

    They just have to find one file, extrapolate your rank to the average system rank, run a few numbers (and maybe a few inflated costs in there too), and bam... for sharing Happy Birthday To You.mp3, you get slapped with a $1 million infringement case because you happen to rank as a very high legitimate link.

    On the other hand, this might be benefitial to take the heat off of the majority of the file trading community that honestly is NOT costing them any money. They don't need to target the casual "weekend downloader", who's rank should be significantly lower (being a new node on the network) than some guy with 4 160GB HDD's of the latest releases to theater and DVD. Nobody feel sorry when these guys (or gals) get busted. When 14 year old choir girls get busted, there is PR hell to pay. This system allows them to do that.

    Didn't RTFA, but that's my first impression. A use to boost network quality, a use to increase (not decrease) the reach of the **AA's, and a use that may help both sides.

    "Every tool has at least 2 completely unassociated uses. A spoon can serve food to your mouth, or gouge the eyes out of your enemies." - Me
  • Evidence? (Score:3, Interesting)

    by venomkid ( 624425 ) on Thursday August 04, 2005 @08:16AM (#13238894)
    "As you can see, your honor, according to a ranking system on the pirate file-sharing network, the accused had a high rank for carrying real, pirated files."

    No, thank you.

Kill Ugly Processor Architectures - Karl Lehenbauer

Working...