Slyck.com
 
Slyck Chatbox - And More

Semi-Anonymous P2P

A place for developers and programmers of file-sharing software to discuss issues.
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

Semi-Anonymous P2P

Postby doe6355323 » Sat Oct 13, 2007 6:56 pm

This is my theory for a semi-anonymous P2P Protocol, and I wanted to hear what the thoughts of this forum were.

- Distribution: Files are downloaded similarly to .torrent files. Website host the files that contain meta-information about the files hash, and its tracker port/IP.
- Role of Tracker: The tracker contains none of the files, the role of the tracker is... well to keep track of everyone uploading and downloading the file. However it is the key to anonymity on the uploading side. A downloader will use the file (for now we'll call it a .aup), which will point him to the tracker. Once he is at the tracker he requests a certain part of the file. That request is then handled by the tracker and given to another uploader (chosen by the tracker based on stats), so the downloader hasn't sent the request directly to the uploader, its been forwarded by the tracker.
- Role of Uploader: These guys contains the files, but like BitTorrent everyone becomes an uploader. So when the tracker sends a request to an uploader to send a section of a file to a certain IP/Port, it sends it via a Raw UDP Packet, where the last byte of the IP is randomised. This allows for greater compatibility with IP's that filter spoof packets, and still provides total anonymity.

So through all of this, the uploaders IP is never shown, only his subnet. The downloaders IP is well known, however this is not such a bad thing. For one its much easier to prosecute people for sharing copyrighted material because you can claim they are part of the 'distribution' chain, thats why you haven't seen the RIAA chase after a single person for downloading, only uploading. Secondly, the only way for the RIAA to see your IP address is for them to actually offer the file themselves, which gets into a legal grey area, because if they the copyright holders are offering you the copyrighted material then that really isn't illegal.

Post your thoughts.
doe6355323
 
Posts: 7
Joined: Sat Oct 13, 2007 6:38 pm

Re: Semi-Anonymous P2P

Postby Fartingbob » Sat Oct 13, 2007 7:05 pm

What you described seems very simular to BT.
The trackers in your example acts like a proxy, with all data going through it (only way to avoid downloaders knowing upoaders IP).
And that isnt very feasible, since the hgue bandwidth needed would make it very expensive to run, and so would have to charge.
And if they have to do that, you might as well go with usenet.
User avatar
Fartingbob
P2P Trafficker
 
Posts: 13248
Joined: Sun Nov 20, 2005 4:18 pm
Location: Serenity

Re: Semi-Anonymous P2P

Postby doe6355323 » Sat Oct 13, 2007 7:12 pm

The trackers in your example acts like a proxy, with all data going through it (only way to avoid downloaders knowing upoaders IP).[/QUOTE]


No you have that wrong. The tracker only acts like a proxy for the downloader, the downloader requests a file section from it and it hands that request to the most suitable uploaders (determined via stats). Then the uploader sends the downloader data in a Raw UDP Packet with a spoofed IP address. The tracker does not act like a proxy for this part. This will make it about as fast as BitTorrent and protect the uploaders IP at the same time.
doe6355323
 
Posts: 7
Joined: Sat Oct 13, 2007 6:38 pm

Re: Semi-Anonymous P2P

Postby Fartingbob » Sat Oct 13, 2007 7:15 pm

How easy is it to spoof your IP reliably?
Might as well incorporate such a idea into current BT trackers.
User avatar
Fartingbob
P2P Trafficker
 
Posts: 13248
Joined: Sun Nov 20, 2005 4:18 pm
Location: Serenity

Re: Semi-Anonymous P2P

Postby MrFredPFL » Sat Oct 13, 2007 7:18 pm

most ISPs, as far as i am aware, will discard packets with spoofed IPs.
User avatar
MrFredPFL
 
Posts: 15574
Joined: Wed Aug 17, 2005 4:48 pm

Re: Semi-Anonymous P2P

Postby doe6355323 » Sat Oct 13, 2007 7:21 pm

How easy is it to spoof your IP reliably?


Quite easily, i believe it can be done with the libpcap libray for datagrams.

Might as well incorporate such a idea into current BT trackers.


The problem with BT is that the tracker will tell you all the IP's of everyone in the swarm, so it really needs to be a totally new protocol to work.

most ISPs, as far as i am aware, will discard packets with spoofed IPs.


This is true, however provided the IP range is within the ISP's subnet, they will not. This is why I suggested that we only spoof the last byte of the IP to retain the subnet, and still the anonymity.
doe6355323
 
Posts: 7
Joined: Sat Oct 13, 2007 6:38 pm

Postby MrFredPFL » Sat Oct 13, 2007 7:26 pm

are you sure that's how it works? i have my doubts about that.
User avatar
MrFredPFL
 
Posts: 15574
Joined: Wed Aug 17, 2005 4:48 pm

Re: Semi-Anonymous P2P

Postby doe6355323 » Sat Oct 13, 2007 7:40 pm

are you sure that's how it works? i have my doubts about that.


I'm sure. ISP's only filter based on their own subnet ranges.
doe6355323
 
Posts: 7
Joined: Sat Oct 13, 2007 6:38 pm

Postby MrFredPFL » Sat Oct 13, 2007 7:46 pm

how do you know that?
User avatar
MrFredPFL
 
Posts: 15574
Joined: Wed Aug 17, 2005 4:48 pm

Re: Semi-Anonymous P2P

Postby doe6355323 » Sat Oct 13, 2007 8:01 pm

It's logical. The only way for them to detect whether a UDP Packet is spoofed or not is to scan its subnet. How else are they going to determine whether its spoofed? The UDP Packet contains no other identifying data...
doe6355323
 
Posts: 7
Joined: Sat Oct 13, 2007 6:38 pm

Re: Semi-Anonymous P2P

Postby MrFredPFL » Sat Oct 13, 2007 8:14 pm

they know a packet is spoofed when it identifies itself as coming from somewhere other than where it did come from, i would think. personally, i can see extra incentive for them to discard spoofed packets which implicate another customer of theirs.
User avatar
MrFredPFL
 
Posts: 15574
Joined: Wed Aug 17, 2005 4:48 pm

Re: Semi-Anonymous P2P

Postby thunderstick » Sat Oct 13, 2007 8:32 pm

What about Mute?. It can be downloaded for free from here.
User avatar
thunderstick
 
Posts: 45
Joined: Sun Sep 30, 2007 5:28 pm
Location: Vancouver

Re: Semi-Anonymous P2P

Postby LANjackal » Sat Oct 13, 2007 9:04 pm

If you can make the idea work, do it.
Follow me around the internet!
[Windows 7 Pro x64 (Primary OS)
User avatar
LANjackal
 
Posts: 5895
Joined: Thu Feb 26, 2004 1:58 pm
Location: Various networks. In the physical world I'm an adaptive AI that pretends to be human

Postby MrFredPFL » Sat Oct 13, 2007 9:15 pm

you have no problems with a system that implicates innocent people in acts of copyright infringement, LJ?
User avatar
MrFredPFL
 
Posts: 15574
Joined: Wed Aug 17, 2005 4:48 pm

Re:

Postby LANjackal » Sat Oct 13, 2007 11:25 pm

MrFredPFL wrote:you have no problems with a system that implicates innocent people in acts of copyright infringement, LJ?
Well, if that's what it does, I do have a problem with that. I didn't really read the original post because I was volunteering all day today roofing a building and was too tired. I still haven't read it, no offense to the OP. I can't add anything constructive at this time as my mind is shot.

The reason I replied to it in that manner was just more an "ok do your thing" than "hey that's awesome".
Follow me around the internet!
[Windows 7 Pro x64 (Primary OS)
User avatar
LANjackal
 
Posts: 5895
Joined: Thu Feb 26, 2004 1:58 pm
Location: Various networks. In the physical world I'm an adaptive AI that pretends to be human

Postby MrFredPFL » Sat Oct 13, 2007 11:38 pm

:lol: :D
User avatar
MrFredPFL
 
Posts: 15574
Joined: Wed Aug 17, 2005 4:48 pm

Re: Semi-Anonymous P2P

Postby doe6355323 » Sun Oct 14, 2007 12:18 am

they know a packet is spoofed when it identifies itself as coming from somewhere other than where it did come from, i would think. personally, i can see extra incentive for them to discard spoofed packets which implicate another customer of theirs.


The part of the packet that identifies itself as coming from somewhere is the UDP Header containing MAC Address, Port and IP address. Using Raw packets these can be written in. But I see what you mean, it might be unreliable if the ISP isn't using the randomised IP address at that time or it might actually add to someone else's quota (although that would be neglible, since the IP is randomised every packet sent).

What about Mute?. It can be downloaded for free from here.


MUTE AFAIK is totally anonymous using a proxy like system. So speeds are pretty slow. What I'm trying to do here is provide a compromise between speed and anonymity.

you have no problems with a system that implicates innocent people in acts of copyright infringement, LJ?


Care to explain that ludicrous statement? In no way does the implicate innocent people in copyright infringement. For one the IP is randomised every packet. So each chunk of data comes from a seemingly different source, and secondly only 1 person is sending the data, so if it was known that this was how the program operated it would be foolish to send people to court who have clearly done nothing wrong.
doe6355323
 
Posts: 7
Joined: Sat Oct 13, 2007 6:38 pm

Re: Semi-Anonymous P2P

Postby IceCube » Sun Oct 14, 2007 12:43 am

No offense, but what's the point of being 'sorta anonymous'? Isn't that like saying 'I'm sorta unarmed'? (with lack of a better comparison for the time being) :?
User avatar
IceCube
 
Posts: 17079
Joined: Tue Jun 14, 2005 5:31 pm
Location: Igloo Country?

Re: Semi-Anonymous P2P

Postby MrFredPFL » Sun Oct 14, 2007 12:52 am

Care to explain that ludicrous statement? In no way does the implicate innocent people in copyright infringement. For one the IP is randomised every packet. So each chunk of data comes from a seemingly different source, and secondly only 1 person is sending the data, so if it was known that this was how the program operated it would be foolish to send people to court who have clearly done nothing wrong.


lol - did you just get here?

yes, it does implicate people. it's a human shield system, and you don't ask the human shields if they mind volunteering.
User avatar
MrFredPFL
 
Posts: 15574
Joined: Wed Aug 17, 2005 4:48 pm

Re: Semi-Anonymous P2P

Postby doe6355323 » Sun Oct 14, 2007 1:08 am

No offense, but what's the point of being 'sorta anonymous'? Isn't that like saying 'I'm sorta unarmed'?


It protects the uploader, not the downloader. Read the first post for reasons why.

yes, it does implicate people. it's a human shield system, and you don't ask the human shields if they mind volunteering.


Then I guess your opposed to basically every other anonymous filesharing system? They could be construed much worse than this because each client acts as a node, where here it simply adds a random IP address into every packet to prevent the destination being discovered, also note thats a completely random IP address every data packet. I see no way that a single IP address contained in these packets could be held responsible when it is known that they are anything but that according to the protocol.

If you want a better idea of what I'm talking about, it's like a Distributed version of SUMI (sourceforge it).
doe6355323
 
Posts: 7
Joined: Sat Oct 13, 2007 6:38 pm

Postby MrFredPFL » Sun Oct 14, 2007 1:11 am

i have no problem with anonymous proxy networks, the participants of which knowingly agree to be involved. that's not what you suggest, though.
User avatar
MrFredPFL
 
Posts: 15574
Joined: Wed Aug 17, 2005 4:48 pm

Postby MrFredPFL » Sun Oct 14, 2007 1:20 am

here's another thought, which has nothing to do with the morality of this system, but rather the effect on the user, as opposed to the 255 other people on that person's subnet.

IP spoofing is a violation of the TOS of probably every ISP on the planet ;)
User avatar
MrFredPFL
 
Posts: 15574
Joined: Wed Aug 17, 2005 4:48 pm

Re: Semi-Anonymous P2P

Postby LordOfThePigs » Sun Oct 14, 2007 1:34 am

Well, the idea is not so bad and might be feasible. However, I'm going to bug you with a little bit deeper technical details:

UDP has several limitations going with it, which are:

- UDP packets are not guaranteed to arrive in the same order that they were sent.
- While the maximum size of an UDP datagram is 64KB, the UDP specifcation specifies that only datagrams that contain 576 bytes or less are guaranteed to be correctly transmitted by all IP protocol implementations. That's 576 bytes total, header + data, leaving about 0.5KB per datagram for data.

Ok, so now, your problem is the following: how does the downloader reconstruct the file in the correct order from the set of UDP datagrams that it receives.

First of all, you have to make sure that you can place the different datagrams you receive in the correct order, which would typically require you to indicate which position in the file the data should go to. That's a 4 bytes overhead that must add into the datagram body.

Second, since you can't identify the uploader, you have no idea which file the data is for. This means you need to add the file identifier to the data. Typically, file hashes use SHA1, which uses 20 bytes. So you need to have at least 24 bytes additional header. UDP datagrams already use an 8bytes header, so that means you will actually be using 32 bytes of header and 542 bytes of data. An IP packet has a 24 bytes header, which means that each of the packet you send will at best be 600 bytes in length with 56 bytes header information. You will lose 10% of you bandwidth. Granted, that's not a lot, but it needs to be kept in mind.

Then you need to keep in mind that many of the routers that are used by privates (not companies) are relatively cheap routers. And cheap router absolutely hate heavy UDP traffic, they will just reboot, lock-up or shut down randomly when subjected to that kind of UDP traffic, especially if all those packets come from several hundred different IPs.

Here is a bigger problem: what if a packet is lost? This happens very frequently, the average packet on the internet is usually thought to be somewhere between 1% and 2%. This means you lose one packet every for 55KB. Depending on your connection speed that may mean from one every few seconds, to several per second. That may seem like a low number, but remember that you have to go through the tracker to ask for this packet again. Now multiply once every few seconds by the number of peers on each torrent, multiplied by the number of torrents tracked by a tracker.... You're going to need a hell of a tracker to accomodate that huge amount of requests for 0.5KB.

Another problem is, since there is no way to identify the uploader, it is extremely easy to spoof such a network. Anybody can send a packet towards you with the correct header but bogus data. How do you identify those bogus packets from legitimate packets? Since the source IP is spoofed anyway, how can you guarantee that you receive the data from a trusted peer? You will just be accepting data coming from somebody that you have no way to identify.

The way the IPs are randomly spoofed also nukes pretty much all attempts at NAT traversal.

And remember that in a networked environment, it is not safe to trust peers. This means among others that the only way for the RIAA to see your IP is not to make the file available for download, but to make a file they pretend to be the real one available for download and send you bogus data.

And of course, as everyone pointed out, spoofed packets may have a hard time going through your ISP.

So while this idea might be possible, it doesn't seem very practical to me.
Last edited by LordOfThePigs on Sun Oct 14, 2007 2:13 am, edited 1 time in total.
LordOfThePigs
 
Posts: 79
Joined: Sat Jun 18, 2005 8:13 am

Re: Semi-Anonymous P2P

Postby LordOfThePigs » Sun Oct 14, 2007 2:05 am

doe6355323 wrote:
are you sure that's how it works? i have my doubts about that.


I'm sure. ISP's only filter based on their own subnet ranges.


Are you sure that ISP always use subnets covered completely by the last byte of the IP? How can you be certain that some don't use only 7 bits or whatever?
LordOfThePigs
 
Posts: 79
Joined: Sat Jun 18, 2005 8:13 am


Return to Developers Forum

Who is online

Users browsing this forum: No registered users and 3 guests

© 2001-2008 Slyck.com