Search Slyck
Anonymous
Welcome
LimeWire and Inadvertent File-Sharing Revisited
October 31, 2007
Inadvertent file-sharing. It's a contentious issue that the Congress of the United States recently investigated, questioning LimeWire CEO Mark Gorton why such an event is allowed to occur, and how his firm will correct the problem. Mark Gorton stood alone in the chambers of the Legislative branch, being held largely responsible for the inadvertent sharing that has supposedly compromised state security, personal banking, and police confidentiality.How significant of a problem is inadvertent sharing? Not nearly as significant as the music industry's problem with unauthorized file-sharing - not even close. Inadvertent sharing isn't causing billions of dollars in movie sale losses either. But inadvertent sharing is resulting in several high profile cases where an organization's security has been seriously breeched.
Let’s take a look at two high profile situations. In June of 2007, the pharmaceutical company Pfizer announced that up to 17,000 employees' identities may have been compromised due to inadvertent sharing. The application wasn't specified, however the individual shared documents contained up to 17,000 names and social security numbers.
Another case is the much fabled story regarding the Tokyo police officer who shared approximately 6,000 documents on various investigations. Some documents were related to common interrogations, while others involved confidential information on organized crime syndicates. Regardless, the exposure of such information was an embarrassment to the Tokyo police, cost the officer his job, and galvanized opposition to inadvertent sharing.
In virtually every case, whether high profile or not, the cause of the inadvertent sharing can be traced back to the individual's disregard for their organization's security policy. And unless the individual is masochistic, such security breaches are in violation of most people's own set of personal safety standards as well. So who's to blame for the repetitive nature of inadvertent sharing? LimeWire, LLC and Mark Gorton, CEO of LimeWire LLC, at least according to the latest report from The Progress and Freedom Foundation.
The Progress and Freedom Foundation released their report as a sort of report card following Mark Gorton's testimony in July of this year. The grade? A dismal failure of monolithic proportions, as Mark Gorton and LimeWire are lambasted for the entirety of the report’s 14 pages. Virtually nothing good was said about LimeWire's efforts to avoid inadvertent sharing, and any marginally positive statements were negated with the recurring theme of "recursive sharing".
The concept of recursive sharing is a bit complex, and like those who inadvertently share files, those who can't read at a college level will not be able to fully appreciate the report.
Recursive sharing in a nutshell is this: Let's assume a LimeWire user has version 3.5. This version doesn't have many of the newly incorporated security elements, such as graphically depicting the subfolders of a shared folder. Now, recursive sharing happens when all the subfolders of a shared folder are made publicly available. For example, let’s say this user shares C:\Downloads\LimeWire. All contents of that LimeWire folder will be shared, i.e., C:\Downloads\LimeWire\Music, C:\Downloads\LimeWire\Movies, etc.
According to The Progress and Freedom Foundation, this is a significant security problem. Apparently, most people don't realize when they select a shared folder, all contents of that folder, including all files and subfolders, are shared along with it. For example, the Foundation points out that LimeWire is misleading with its sensitive folder warning. If a user picks "Documents and Settings", he or she will be asked, "...Share this folder?" Because the warning refers to the singular, it could mislead the user to think that just that one folder, and not the more sensitive "My Documents" with all its subcontents.
However fundamental organizational hierarchy already implies that once one folder is selected, all its contents will be selected too. For example, if a user wanted to copy his or her "Documents and Settings" folder to a CD, the user would just click and drag that one folder into Nero - the end user wouldn't be expected to click and drag every folder and file within that folder's contents. This is done for convenience sake, as using a computer implies a certain amount of knowledge and responsibility.
There's another point in the report that bears notice. Towards the end the Foundation brings up this criticism, "By default, it still shares downloaded files, partially downloaded files, and torrent files not licensed for distribution over the Gnutella network."
As most know, torrent files are easily editable metadata files whose function is to communicate the location of information within the BitTorrent community - nothing more. The Gnutella feature and BitTorrent feature of LimeWire are completely independent; in other words, you can't download a torrent file from ThePirateBay and use it to grab a file from Gnutella - it's impossible. Additionally, even if such a feat were possible, there is no mandate in either Gnutella or BitTorrent doctrine that prohibits an individual from sharing torrent files on the Gnutella network. If the statement refers to copyright infringement, it is unclear how metadata files constitute infringement or what relation they have to the Gnutella network.
The report does make many valid points. One in particular is the complexity of the LimeWire program and its target populace. On average, the LimeWire program is way above the head of its population. However this is the case of most computer software - especially Windows. The problem of inadvertent sharing is unfairly blamed on P2P software developers, who are expected to bear the burden of educating the public. The problem is much more systemic. If inadvertent sharing is truly as problematic as reported, it's more a case of technology racing forward while leaving much of its audience behind. And who’s to blame for that?
Recursive sharing in a nutshell is this: Let's assume a LimeWire user has version 3.5. This version doesn't have many of the newly incorporated security elements, such as graphically depicting the subfolders of a shared folder. Now, recursive sharing happens when all the subfolders of a shared folder are made publicly available. For example, let’s say this user shares C:\Downloads\LimeWire. All contents of that LimeWire folder will be shared, i.e., C:\Downloads\LimeWire\Music, C:\Downloads\LimeWire\Movies, etc.
According to The Progress and Freedom Foundation, this is a significant security problem. Apparently, most people don't realize when they select a shared folder, all contents of that folder, including all files and subfolders, are shared along with it. For example, the Foundation points out that LimeWire is misleading with its sensitive folder warning. If a user picks "Documents and Settings", he or she will be asked, "...Share this folder?" Because the warning refers to the singular, it could mislead the user to think that just that one folder, and not the more sensitive "My Documents" with all its subcontents.
However fundamental organizational hierarchy already implies that once one folder is selected, all its contents will be selected too. For example, if a user wanted to copy his or her "Documents and Settings" folder to a CD, the user would just click and drag that one folder into Nero - the end user wouldn't be expected to click and drag every folder and file within that folder's contents. This is done for convenience sake, as using a computer implies a certain amount of knowledge and responsibility.
There's another point in the report that bears notice. Towards the end the Foundation brings up this criticism, "By default, it still shares downloaded files, partially downloaded files, and torrent files not licensed for distribution over the Gnutella network."
As most know, torrent files are easily editable metadata files whose function is to communicate the location of information within the BitTorrent community - nothing more. The Gnutella feature and BitTorrent feature of LimeWire are completely independent; in other words, you can't download a torrent file from ThePirateBay and use it to grab a file from Gnutella - it's impossible. Additionally, even if such a feat were possible, there is no mandate in either Gnutella or BitTorrent doctrine that prohibits an individual from sharing torrent files on the Gnutella network. If the statement refers to copyright infringement, it is unclear how metadata files constitute infringement or what relation they have to the Gnutella network.
The report does make many valid points. One in particular is the complexity of the LimeWire program and its target populace. On average, the LimeWire program is way above the head of its population. However this is the case of most computer software - especially Windows. The problem of inadvertent sharing is unfairly blamed on P2P software developers, who are expected to bear the burden of educating the public. The problem is much more systemic. If inadvertent sharing is truly as problematic as reported, it's more a case of technology racing forward while leaving much of its audience behind. And who’s to blame for that?
This story is filed in these Slyck News categories
P2P Clients :: LimeWire
You can discuss this article here - 4 replies
| Astraweb |   |
| NewsDemon | |
| Thundernews | |
| Binverse | |
| Newshosting |  |
| UseNetServer | |
© 2001-2008 Slyck.com