Reputation System Fights P2P Junk 338
yeejiun writes "Many of the files that are shared on p2p networks tend to be junk. Organizations such as the RIAA and music labels regularly pollute these networks with nonsense files masquerading as real music/video files. These junk files make it difficult for users to find what they want on such p2p networks. Some researchers at Cornell University have developed a reputation system called Credence, that works on the Gnutella network, allowing users to tell the good files from the bad ones."
better answer (Score:4, Insightful)
Even better answer (Score:2, Informative)
Use a P2P program that actually includes some 'anti-junk" features. I typically use Shareaza (probably not the best, and I'm sure someone will state a better P2P but the points still remains, Shareaza does offer some features these clients do not -- including a rating/comment system that goes with the file whenever anyone finds a search result for it). Usually I know if the file is a fake before I download because I use some obvious signs:
Re:Even better answer (Score:2, Insightful)
Company XYZ comes up with P2P app.
Distributed online for free.
Users who claim to be legit flock on P2P site.
**AA lawyers swarm.
Site is closed down.
People are sued.
Real losers?
Company XYZ.
Users who are sued as examples.
You just lost the newest P2P site.
Wash. Rinse. Repeat.
Re:better answer (Score:3, Insightful)
Re:better answer (Score:5, Funny)
Link please.
Re:better answer (Score:3, Funny)
> Wow! A lot of hip-hop is in there, along with the latest and newest pop-music from RIAA, too!
No, that's
FP? - And that's why I use Bittorrent... (Score:2, Insightful)
Re:Torrents can be bogus too. (Score:2)
Re:Torrents can be bogus too. (Score:4, Informative)
Also, even the "pirate" torrent sites are centralized and often even have administrators, sometimes even comment boards. If a torrent is bogus, someone will take it down. (Not that I've been to those sites, of course...)
Of course this could all be manipulated, but AFAIK it hasn't been yet by the powers-that-be... And I don't see why they'd bother, when a threatening letter is all it usually takes to take a torrent site down, and it would take considerably more effort than turning a bunch of scratchy mp3's loose on kazaa.
Re:Torrents can be bogus too. (Score:4, Insightful)
That's [thepiratebay.org] not [thepiratebay.org] really [thepiratebay.org] true [thepiratebay.org]. Depending on where the site is hosted, legal threats could be more humerous than scarry.
Case in point [thepiratebay.org].
Btw, if you've got a few minutes to kill, you should really check out some of the emails to and responses from thepiratebay.com. They are hilarious!
Re:Torrents can be bogus too. (Score:4, Insightful)
- Fake files. This is clearly a more primitive tactic and can be thwarted by clients that can be set to download the first parts of a file first.
- Incomplete files. The seeder reports having the entire file, but will never deliver certain parts of it. Thus, downloaders get stalled at 98.5%. And it's amazing how long people will wait for that last bit.
- Fake seeds. Haven't confirmed how this one works, but sometimes you'll see a torrent with an improbable number of seeders (e.g., 300 seeds and 100 leechers for a fairly new torrent). Lots of seeds attract more people.
- Timing. For example, demand for a movie will rise in the days shortly before its release. If you get your fake tracker up and running during that critical time before there's a real pirate version out, then you'll attract downloaders and waste their time. And there's a snowball effect: when people go to download from BT, all of things being equal they usually go for the tracker that has the most people on it.
Combine the tactics, and you've got a serious problem. Every user adds to the strength of the distribution network so tying up one client with a fake not only prevents that client from getting the material, it also keeps that client from helping others get it as well.If you're patient, persistent, and knowledgeable, you can avoid or minimize the impact of these spoofing tactics. But patient, persistent and knowledgeable don't really describe the average pirate (or just about anyone else, for that matter). The dedicated pirate simply won't be stopped, and the content producers know this.
Like you, I once assumed that the various forms of moderation on the torrent sites would mitigate this. But the countermeasure are slow to work, as I've seen fake torrents stay up for weeks. It's easy to post multiple new fakes. And users are incredibly clueless. I have, on several occasions, seen comment threads where several people will post "This is a fake, don't bother," but the torrent will still have thousands of people downloading and the very next comment will be something like "I've been stuck at 99% for three days, will somebody fucking seed this!!" Remember, the goal isn't to elimiate the network. The goal is to make it so untrustworthy and unreliable that it's too much trouble for Joe User and he'll go to the theater instead.
Re:Torrents can be bogus too. (Score:2, Informative)
Re:Torrents can be bogus too. (Score:3, Insightful)
It's less reliable with avi files: it doesn't seem to like it if the first part of the file is missing.
Re:Torrents can be bogus too. (Score:2, Informative)
Re:Torrents can be bogus too. (Score:2, Insightful)
Re:Torrents can be bogus too. (Score:2)
If a rogue torrent clinet were created to give bad sub-units of data, they could corrupt a large amount of chunks. That would in turn create networks with small hash-files and %failed chunk recording.
Re:Torrents can be bogus too. (Score:2)
Ok, iirc, BT uses what looks like sha. How can BT prevent hash collision attacks (rare, but in case of big media, possible)
Re:FP? - And that's why I use Bittorrent... (Score:2, Informative)
Re:FP? - And that's why I use Bittorrent... (Score:2, Informative)
These releases are typically rar-ed into multiple parts to allow for easy and reliable posting to usenet.
People simply taking a scene release and uploading it to a torrent site is quite common, so these rar releases on places like The Pirate's Bay are nothing to worry about. It's usually a sign that it's a "good" release if you see many *.r0* or *rar files.
Of course be on the lookout for *exes inside of compr
Re:FP? - And that's why I use Bittorrent... (Score:3, Informative)
Re:FP? - And that's why I use Bittorrent... (Score:2)
RAR, similar to TAR is an archiving format for splitting files into identical size chunks (for floppy disks). A ZIP file of RARs seems very pointless. The only advantage I can see is that if one RAR file is broken (1 or 25 say) then you only need to download that RAR again, not the whole thin
Re:FP? - And that's why I use Bittorrent... (Score:2)
I'm a little lost in this whole thing (Score:5, Funny)
Re:I'm a little lost in this whole thing (Score:3, Informative)
Flaw in this approach (Score:3, Interesting)
See, let's be honest about this. While there will *always* be jackasses out there who spam networks just because they can, and a few more people trying to shove spyware down people's throats, a pretty big chunk of the folks producing spam are those trying to prevent their copyrights (however overly-long-lived they may be) from being infringed upon.
So, the point is, that it's a good bet that a sizeable chunk of the files being shared aren't exa
Re:I'm a little lost in this whole thing (Score:2)
But even better bongfill
this is stupid (Score:3, Insightful)
Re:this is stupid (Score:4, Insightful)
1: Master parent in big thread.
2: 1 and 2 child of master parent (in a big thread)
3: Obscene trolls (...you donkey-raping shit eater...)
Past that, not many care. Of course we have had a few mod-trolls who create a few accounts to run everything into hidden (similar to beiong -1'ed here), but are countered by the users actually participate for a short while.
Since the voices on K5 get out, nobody cares about democracy. Just hop on over there if you dont believe me.
Re:this is stupid (Score:2, Interesting)
On K5, only a few people rate comments. Basically crapflooders cabals got together enough accounts to outweigh legitimate raters, giving them control of the rating system.
With this system, the crapflooders would be able to rate each other up... but if you rate differently to them, your view would ignore or reverse their ratings.
Wouldn't help anonymous users though.
rtfa, sucka. (Score:5, Informative)
Re:rtfa, sucka. (Score:5, Informative)
In their system there is no single "high reputation" metric. Everyone had a different reputation to each other. Three people, A, B and C. A may have a high reputation as far as B is concerned, but C thinks A has a low reputation.
They do this by grouping people who vote the same way. So you trust the people that vote like you do.
Assuming that you vote good files up and bad files down, you will be grouped with people who do the same. At some point, the spammers have to start voting differently than you do.. voting their spam up. This will distance them from your trust network, and cause you to value their opinion less.
Re:rtfa, sucka. (Score:3, Informative)
assume the system is able to determine symmetric groups.
that is groups that have totally (or near totally) different
voting directions, an example would be the honest group and
the spammers group.
if say the spammers vote something up, instead of the honest
group ignoring their rating, they can use the symmetric
properties between their group and the spammer's group to
re-enforce their vote (aka the credence) of the file in
question - in this case rate it
rtfa, sucka.-Groupthink actually works? (Score:2, Insightful)
Re:rtfa, sucka.-Groupthink actually works? (Score:3)
Right after they implement a spell checker.
Re:rtfa, sucka. (Score:3, Interesting)
There are 3600 seconds in an hour. If you were to streamline the process of registering the accounts, so that the only human process were to decode the CAPTCHA image, I could definitely see myself performing one of these tests every 3.6 seconds, especially with some practice. (Depending on the difficulty of the test of course.)
This is where you employ people at minimum wage, or even illegal immigrants below minimum wage. I'm no
Re:rtfa, sucka. (Score:3, Interesting)
The authors have not shown that their system is resistant to attacks. Maybe it seems plausible to them and to you that it is, but plausibility is not the same as actually demonstrating that property.
Re:rtfa, sucka. (Score:2)
You don't understand how this works at all. Apparently you never will, because instead of finding out what people are doing, you'll just "sit back and think a few fucking thoughts of logic."
This is not at all as simple as counting who gets the most thumbs up.
eDonkey (Score:5, Informative)
Re:eDonkey (Score:4, Informative)
Re:eDonkey (Score:5, Interesting)
For the past few weeks, I have been rewriting part of the eMule source to have the following changes:
1. I offer a valid file with a valid hash (no fake) 2. People try to download the file from me and move up fast in my queue 3. Once they download a chunk from me, the data I send them is invalid (generated random) 4. Since this part is invalid, they need to redownload it 5. Since they move up faster in my queue than others, they redownload the part from me. 6. etcetera...
To be honest - I want to sell this tactic, that's why I do it. And so far it works! I get loads and loads of requests and rerequests for files, so this is a perfect tactic to kill the download of valid files - reputation system or no reputation system.
Remember, the file is valid, but they'll get it much much slower and spend x times the bandwidth to get it. I have unlimited bandwidth (up/down) so I always win in the end.
If whatever organisation I sell it to employs this on a large scale, the network will be flooded.
Re:eDonkey (Score:2, Funny)
It does, but unfortunately the name "eDonkey" immediately invalidates any utility the service might provide.
Personal foul, hideous name. Loss of down and a 15 yard penalty.
Re:eDonkey (Score:2, Interesting)
So all the RIAA has to do is report all the real files as fakes? Well, along with the fakes, otherwise the real files would be marked as the fakes and the fakes as the real.
Re:eDonkey (Score:3, Interesting)
So far, I've never fallen to a faked torrent with lots of seeds either. Even if RIAA could in theory set up networks to seed fakes, they don't seem to be doing it.
I think there'd be less confusion if the article title was "New Reputation System for Gnutella To Fight P2P Junk".
Yes, but... (Score:2)
Second, if you want to leave a rating of "Fake/Bad" you still need to host the file. Thank you very much, 2.5GB of gay porn just to tell people it is not really SWIII-ROTS-DVD_QUALITY.AVI - only malicious seeders of these files will retain the description ("Great quality! Not Fake!") and everyone else will delete the file after downloadi
Re:eDonkey (Score:2)
Self-policing is needed (Score:3, Interesting)
Don't you mean the real illegal files from the fake illegal files? Seriously, it is no surprise to me why P2P has gotten a bad rap. Many of the users simply use P2P apps to commit piracy.
Yes, there are legit uses as well. But honestly, if you are looking for free music from a band that has released it as such, you can usually find it. It's the copyrighted commercial music and video that have tons of fake files, porn movies, etc...Not Jim Blow Sings the Blues, Live from Natrona, PA!
Re:Self-policing is needed (Score:4, Informative)
From http://www.etymonline.com/index.php?term=pirate [etymonline.com] :
"Meaning "one who takes another's work without permission" first recorded 1701"
Come on, the term is older than RMS!
Re:Self-policing is needed (Score:5, Insightful)
If you want to be sure, you can compare the file size to the official one. If it matches, you can be all but completely confidant that it's real.
After all, there are probably far fewer people trying to flood P2P with bogus files just for the hell of it then there are trying to flood P2P with bogus files in an attempt to protect copyright.
Bitzi all over again? (Score:3, Insightful)
"Our client provides a peer-based judgement that a given object will possess the properties with which it is labeled and enables users to evaluate search results for authenticity before downloading."
Sounds exactly like Bitzi to me...
"Many peer-to-peer reputation schemes have been proposed in academia. Credence is the first practical implementation of a peer-to-peer reputation scheme."
I don't think so.
NO (Score:2, Informative)
Credence is a robust and decentralized system for evaluating the reputation of files in a peer-to-peer filesharing system. Our goal is to enable peers to confidently gauge file authenticity, the degree to which a file's contents matches its advertised description.
At the most basic level, Credence employs a simple, network-wide voting scheme where users can contribute positive and negative evaluations of files. On top of this, a client uses statistical tests to weight the importance of votes from the
Here's a simpler idea... (Score:5, Insightful)
Why bother with music the artist doesn't want you to have? Just forget about it altogether and discover new music, even new types of music that you'd never realize existed, much less that you could enjoy.
What outrage (Score:3, Insightful)
Shocking.
I don't know that their tactics are effective - after all, networks like eDonkey|eMule seem to be pretty good at self-policing. But it's amusing to see the undercurrent of outrage in these 'stories'.
We all know damn well why the *AA folks do what they do.
Re:What outrage (Score:2)
With laws like the Sonny Bono copyright extension act, outrage is entirely warranted. Furthermore, I have no sympathy for those companies; as far as I'm concerned, a lot of their copyrights are unjustifiable. (However, I have personally not downloaded music from P2P networks, so far.)
Good summary (Score:3, Informative)
You can already tell (Score:3, Interesting)
Its not all bad... (Score:5, Funny)
Legit Files (Score:2)
Re:Legit Files (Score:2)
Re:Legit Files (Score:2)
Suppose you represent company X. Look for legitimate files from company Y and Z's stuff. See who rated them up, then clone all their ratings (which would include some company X works as well). Create a bunch of permuations based on the data you have dumped, and mod the legit files from the company you represent
Nice countermove... (Score:3, Insightful)
For every Napster (Kazaa, etc.) they close, another will be spawned. For every fake or intrusive system they create to battle downloaders, another downloading method will be innovated. For every commercial they feature a celebrity crying copyright heresy,
It's no shattering concept there'll never be a checkmate for either side.
If........ then..... (Score:2)
I was going to go further down this line of thought, but now that I think about it, with bittorrent and a self-promotional website, an independent artist can get his stuff out their with minimal bandwidth expenditure. I can't really feel for either side in the debate -
Taking advantage of the hoarder mentality (Score:5, Interesting)
What's my point? Well, this is the greatest strength and weakness of peer to peer. Hoarders ensure a healthy flow of files, but they rarely actually check what they have. They don't check to see the software works, or if the music is a complete copy, or that the movie was cut down to a quarter of the original screen size.
This is what companies take advantage of, both those who want to hurt swapping, and those who just want to seed files for the purpose of installing some evil spyware. It's nice to have a bunch of people trying to seed the masses but cmon the point of file sharing is to pool our independent resources. For someone who doesn't have all day to search for files and test quality and whatnot, it is sometimes less painful to just go buy the CD than it is to actually try to download it amongst the mess of files that are out there.
Re:Taking advantage of the hoarder mentality (Score:3, Interesting)
"Casual" downloading of shared content is hard, especially if you want decent quality. Convenience means a lot to people. There are lots of lazy individuals with plenty of money, and they'll happily give you a little money if you do some work for them. And figuring out a decent download counts as work.
I don't mind the music and movie studios being against file s
Companies hurt (Score:4, Interesting)
Credence will hopefully bring us a bit closer to reaching our current potential.
Re:Companies hurt (Score:3, Insightful)
Billions? I highly doubt Billions.
Not the only one (Score:2)
- shadowmatter
Easiest Attack on Credence (Score:2)
Renamers (Score:3, Interesting)
Can this system work on ./ ? (Score:3, Interesting)
Still an issue with "hit-and-run" (Score:4, Interesting)
2. Mark your bogus file as good
3. Spread your vote list on zombie network
4. Your votes corrolate highly with "good files", and there's no counter-votes by others (yet)
5. Trick lots of people to download it (the rating goes to shit eventually, but...)
6. New bogus file. Goto 1.
In addition, you have an issue with semi-good files. What if the encoding is flawed, should you mark it as bad or good? Either case can put you at odds with the general opinion.
Third, you have an issue with files trolling for incorrect votes. Create a "non-obviously" bogus file, which some people will mark bad, others good. You'll create a lot of conflicting votes and "noise" in the system to make attacks like above possible.
Kjella
Huh (Score:5, Insightful)
I can't remember the last time I actually searched in eMule.
Litigation index (Score:5, Interesting)
Xix.
Setting a precadent (Score:2, Interesting)
Another for the RIAA/MPAA Tool to use... (Score:3, Interesting)
They just have to find one file, extrapolate your rank to the average system rank, run a few numbers (and maybe a few inflated costs in there too), and bam... for sharing Happy Birthday To You.mp3, you get slapped with a $1 million infringement case because you happen to rank as a very high legitimate link.
On the other hand, this might be benefitial to take the heat off of the majority of the file trading community that honestly is NOT costing them any money. They don't need to target the casual "weekend downloader", who's rank should be significantly lower (being a new node on the network) than some guy with 4 160GB HDD's of the latest releases to theater and DVD. Nobody feel sorry when these guys (or gals) get busted. When 14 year old choir girls get busted, there is PR hell to pay. This system allows them to do that.
Didn't RTFA, but that's my first impression. A use to boost network quality, a use to increase (not decrease) the reach of the **AA's, and a use that may help both sides.
"Every tool has at least 2 completely unassociated uses. A spoon can serve food to your mouth, or gouge the eyes out of your enemies." - Me
Evidence? (Score:3, Interesting)
No, thank you.
Re:One problem with this Credence system: (Score:2)
Moderate Moderators (Score:2, Insightful)
Re:One problem with this Credence system: (Score:5, Insightful)
So if the RIAA starts spamming Gnutella with lots of junk stuff, you will never vote in the same way as the RIAA dummy accounts, and you don't take their votes into account.
In fact, it seems the system is even smarter than that - it can take votes from people that are strongly uncorrelated with you and use that as negative information. So anything these people vote as valid files, you can treat as garbage as their definition of good/bad files is completely opposite to yours. And assuming you trust your own judgement, that means those files must be bogus.
Reminds me a lot of the google pagerank system, but with explicit learning/training instead of using back-links for determining correlation.
Re:One problem with this Credence system: (Score:3, Insightful)
I haven't read the description closely, but it's hard to see why flooding the system would matter- it isn't majority rule, it's who do you trust and who do they trust. If the RIAA has ten million bogus users, I and a few hundred other people vote thumbs down on them but thumbs up for each other, then we have our little corner where a set o
You misunderstand (Score:2, Interesting)
Thus if you wanted to have a really e
Re:50 percent (Score:2)
Now, take the set o
Re:One problem with this Credence system: (Score:3, Insightful)
Re:One problem with this Credence system: (Score:2)
A) Those who get it
B) Those who don't.
members of group B have read through post after post from members of group A, yet persist in their error. So there's no sense in being redundant here.
Think of it as something akin to how you behave on a date with a total knockout. You wanna get root access, but you don't want to blow it by talking about your nerdy life.
So you start talking, and let her "lead" -- you then adapt the reality to what s/he finds im
Re:This has to stop (Score:4, Insightful)
The research and motivation for this is important. If peer to peer networks can be subverted, then they have lost their usefulness. IMO, the sharing of copyrighted data is unavoidable, and sacrificing the freedom of a protocol in an attempt to prevent it is shortsighted.
It probably would have been better for Cornell if it had been left as a paper, rather than implementing it.
Re:This has to stop (Score:2)
Why is that AC post modded "Troll"? (Score:5, Interesting)
Instead of modding that down it should be modded up so more people can discuss the ramifications.
Do we allow taxpayer dollars to be spent on civil disobedience? On that issue, I am very unsure.
This modding down has to stop (Score:3, Insightful)
The basic premise of the slashdot story is how cool it is that researchers are defending the acts of people to trade in uncorrupted *illegal* file trading.
After all, it seems the most if not all corrupted files are ones that, if they weren't corrupted, would have been illegal to trade anyway.
I think the RIAA and MPAA are scum sucking pigs who need bacon carved off their arses and ha
Re:This has to stop (Score:4, Interesting)
There are far too may slashdotters who reply to any article on copyright with "get with the system dude! copyright is over!" usually they seem to be 13 year old kids who dont understand what its like to have your income and career based on developing electronic products.
Do people really think that Lord of the Rings deserved to sell just 1 copy, to the p2p hacker who ripped it?
Re:This has to stop (Score:3, Insightful)
There was a time when home video didn't even exist, and yet movies still got made. After their initial run in theaters, movies would only be shown every now and then on tv late at night. They were basically filler programming for what would have otherwise been dead air. One might even argue that the average quality of new movies has been on a steady decline since then.
Just because I can package som
Re:This has to stop (Score:2, Insightful)
Thats a falsehood (Score:2)
Thats a falsehood, the exact opposite is true. The high tech community is busy making all computers locked down with DRM to make big money from the *AA....erm... protect copyright for the *AA.
The backlash is against that, the idea that we can't make anything that MIGHT infringe copyright.
Here p2p is a good example of a corrupted data pool, it could be any body of deliberately corrupt data. Slashdot itself
Re:Who cares (Score:3, Interesting)
Re:New slogan for Cornell University... (Score:2)
Re:Problems (Score:3, Informative)
From the FAQ [cornell.edu]:
Re:Problems (Score:3, Informative)
Re:When it comes to quality files... (Score:2)
Re:When it comes to quality files... (Score:2)
I use IRC as my main means of getting TV shows that don't air in my country, and bogus files are rare, probably because people who run such servers can be kickbanned rather easily.
Re:Yeah. This pisses me off alot. I had the idea t (Score:2)
Re:Usefullness? (Score:2)
Granted, the bulk of file sharing going on on these P2P networks is the sharing of copywrited files without the permission of the copywrite owner. However, that does not preclude the many legitimate uses for the services.
As it stands, there's nothing to stop the RIAA from posting bogus files of a popular MP3 recorded by a non RIAA member studio who encourages the sharing of the file they own t
Re:exactly! (Score:3, Insightful)
To verify that the file is, in fact, legitimate. There are a number of unscrupulous folks out there that would just love to have even just a few people install their trojans. As Ronald Reagan said "Trust, but verify."