快猫短视频

Innocent file-sharers could appear guilty

Security weaknesses in file-sharing networks could lead to false accusations of illegal music sharing, according to a new analysis

A research paper highlighting security weaknesses in a popular internet file-sharing network has raised concerns that innocent users could in theory be wrongly accused of sharing copyrighted music.

The Recording Industry Association of America (RIAA), which represents the largest US music companies, has already begun legal action against 261 file-sharers who are accused of sharing 鈥渟ubstantial鈥 amounts of copyrighted material through peer-to-peer (P2P) networks.

The RIAA carried out surveillance of P2P networks to determine the usernames of alleged copyright infringers. A subset of these users was then tracked down via their internet service providers.

So far, 52 have agreed to settle with the RIAA for a few thousand dollars each. A further 838 have admitted infringements and promised to destroy illegally obtained files in return for a legal amnesty. An estimated 62 million Americans are thought to have used P2P networks, though it is not known how many have illegally shared music.

The anonymous paper, Entrapment: Incriminating Peer to Peer Network Users, was posted to a free Australian web hosting service and suggests some users could claim that the evidence on which they are brought to trial is flawed. Experts contacted by 快猫短视频 say the paper is a credible piece of work.

False request

The document focuses on the Gnutella file-sharing network that forms the backbone of a number of widely-used file-sharing clients including Morpheus and Bearshare.

The RIAA鈥檚 lawsuits have so far targeted users of the largest file-sharing network, Kazaa. The protocol used to trade files through this network is proprietary and has not been publicly analysed.

It describes various techniques that could be used to make it appear to a third party on the Gnutella network as if an innocent user is hosting or searching for copyrighted files. It also describes methods for tricking users into inadvertently downloading copyrighted files so that they actually host these files.

Some of the methods described are made possible because peer-to-peer networks like Gnutella rely on users passing on requests for files and information about the files stored on users鈥 machines. Manipulating these network messages can make it look as if a user is illegally offering files for download.

鈥淭hese Gnutella-specific attacks seem reasonable at first glance,鈥 says Adam Langley, a UK-based peer-to-peer programmer. But the techniques described are not surprising, he says: 鈥淕nutella was certainly never designed to resist an attack like this.鈥

Unreliable evidence

Others experts say the paper raises interesting issues about the ongoing legal furore. 鈥淭he core point the author is making 鈥 the unreliability of the 鈥榚vidence鈥 used to sue file sharers 鈥 is valid,鈥 says Ian Clarke, who invented Freenet, a file-sharing network designed to provide anonymity for users.

Theodore Hong, a peer-to-peer networking researcher at Imperial College London, UK, comments: 鈥淚t鈥檚 interesting that these technical weaknesses may actually be a legal strength [for P2P users] by introducing doubt as to who is really doing what.鈥

Langley says it is unclear whether other P2P networks might be similarly vulnerable to misuse. But he notes that there are other ways to incriminate an innocent party: 鈥淢ost Windows users will run any old attachment you send them, so if you want to implicate someone you can just send them a Trojan.鈥

More from 快猫短视频

Explore the latest news, articles and features