P2p apps ‘induce others to share’
p2pnet.net news:- P2p filesharing applications could cause people to be, “inadvertently sharing personal and sensitive data,” according to the US Patent Office.
Filesharing Programs and Technological Features to Induce Others to Share was, “prompted by the indictment of a gang that has used the LimeWire p2p software to ‘access names and account information from personal and business accounts across the country, and then use that information to open new bank accounts in the Denver area,” says PC Pro, quoting the report.
It, “found that the five filesharing applications it studied – BearShare, eDonkey, KaZaA, LimeWire, and Morpheus – ‘repeatedly deployed features that they knew or should have known could cause users to share files inadvertently’.
“It concluded that all five programs, by default, caused users to share every file that they would subsequently download from the Internet, whether they meant to share it or not.”
And were that not bad enough, “A decade ago, the idea that copyright infringement could become a threat to national security would have seemed implausible,” writes Jon W. Dudas (right), under secretary of commerce for intellectual property and director of the United States Patent and Trademark Office in a foreward.
“Now, it is a sad reality.”
If his name seems familar, you may be remembering that in 2005, he warned pupils at the Legacy Elementary School in American Fork, Utah, about, “downloading and copying music, movies and video games without…the artists’ or copyright holders’ permission”.
Click here for a .pdf of the report.
For now, below is the executive summary:
For years, computer-science researchers, Federal Agencies, concerned private citizens, IT-security companies, public-interest groups, news reporters, and others have also reported that users of popular filesharing programs have been sharing files unintentionally. More recently, in MGM Studios, Inc. v. Grokster, Ltd., the Supreme Court found ‘unmistakable’ and ‘unequivocal’ evidence that distributors of two popular filesharing programs intended to induce users of their programs to infringe copyrights. The findings in Grokster suggest that persistent reports of inadvertent sharing could signal the effects of duping schemes, a known means of inducement.
In a duping scheme, an entity that intends to use others as a means to achieve an illegal end tricks other people into inadvertently or unintentionally performing a potentially illegal act. In the context of filesharing, duping schemes could be particularly effective. Duping that caused infringing files to be shared inadvertently by young, new or unsophisticated users could still make millions of files available for downloading. Indeed, new users of filesharing programs tend to download many more files than established users, so duping that targeted new users could add a disproportionately large number of files to the network. Duping schemes that targeted young or unsophisticated users would also ensure that attempts to enforce copyrights against those infringers who upload hundreds or thousands of infringing files would tend to target young or sympathetic users.
This report reviews public data about the behavior of five popular filesharing programs; it focuses on the programs BearShare, eDonkey, KaZaA, LimeWire, and Morpheus. It seeks to answer two questions. First, have distributors of these filesharing programs deployed features that had a known or obvious propensity to trick users into uploading infringing files inadvertently? Second, if so, do the circumstances surrounding the deployment of such features suggest the need for further investigation to determine whether any particular distributor intended for such features to act as duping schemesââ¬as ‘technological features to induce users to share.’
This report concludes that the distributors of these five filesharing programs have repeatedly deployed features that had a known propensity to trick users into uploading infringing files inadvertently. Distributors deployed at least five such features:
* Redistribution features: All five programs analyzed have deployed a feature that will, by default, cause users of the program to upload (or ’share’) all files that they download. These features create a counter-intuitive link between downloading files for personal use and distributing files to strangers, and they have often been implemented in ways that could make their effects less obvious to new users. Since 2003, lawsuits against users of filesharing programs have made it more important for users to understand the effects of redistribution features. During this period, some programs tended to disclose less information about their redistribution features.
* Share-folder and Search-Wizard Features: All five programs analyzed have deployed share-folder or search-wizard features. These features are uniquely dangerous: They can cause users to share inadvertently not only infringing files, but also sensitive personal files like tax returns, financial records, and documents containing private or even classified data. Published research identified these features as causes of inadvertent sharing by mid-2002. By mid-2003, the distributors of the programs analyzed here had agreed to discontinue use of these features, and concerned legislators had warned that their continued use would compromise national security because government employees using these programs would inadvertently share files containing sensitive or classified data.
Nevertheless, the distributors of BearShare, eDonkey, LimeWire and Morpheus programs kept deploying search-wizard or share-folder features, and the distributors of KaZaA eliminated these features in a way that would tend to perpetuate inadvertent sharing previously caused by such features. By late spring of 2005, the Department of Homeland Security reported that government employees using filesharing programs had repeatedly compromised national and military security by ’sharing’ files containing sensitive or classified data.
o Share-folder features: All five of the programs analyzed have deployed a feature that lets users store downloaded files in a folder other than the specially created folder that stores downloaded files by defaultââ¬but does so through an interface that does not warn users that all files stored in the selected folder will be shared. In most cases, the sharing caused by this feature will be recursive: The program will share not only the files stored in the folder selected to store downloaded files, but also all files stored in any of its subfolders.
o Search-wizard features: At least three of the programs analyzed have deployed a feature that will search users’ hard drives and ‘recommend’ that users share folders that contain certain ‘triggering’ file types, which usually include document files, audio files, audiovisual files, and image files. Some search-wizard features activate automatically; others require the user to trigger them. Some are activated during a program’s installation-and-setup process; others are an option that a user can activate after the program is installed and running. Some will select identified folders for sharing; others ‘recommend,’ but do not select, identified folders for sharing. All search-wizard features discussed will cause recursive sharing of identified or selected folders.
* Partial-uninstall features: At least four of the programs analyzed have deployed partial-uninstall features: If users uninstall one of these programs from their computers, the process will leave behind a file that will cause any subsequent installation of any version of the same program to share all folders shared by the ‘uninstalled’ copy of the program. Whenever a computer is used by more than one person, this feature ensures that users cannot know which files and folders these programs will share by default.
* Coerced-sharing features: Four of the programs analyzed have deployed features that make it far more difficult for users to disable sharing of the folder used to store downloaded files. This folder may be the default download folder created by the filesharing program or an existing folder selected to store downloaded files through a share-folder feature. In each case, the feature can provide misleading feedback indicating – incorrectly – that the user has disabled sharing of the download folder. But in each case, an obscure mechanism appears to allow sophisticated users to avoid the coerced-sharing feature and stop sharing the download folder.
All five of these features can cause users to share infringing files inadvertently. Redistribution and coerced-sharing features can cause users to share downloaded files inadvertently: As Grokster noted, these files are usually infringing. Share-folder, search-wizard, and partial-uninstall features can cause users to inadvertently share existing files on their computers: The design of these features ensures that the files shared may tend to include users’ collections of media files, like audio files copied from purchased CDs.
All five programs analyzed in this report have deployed most or all of these features during at least some portion of the period from 2003 to 2006. In many cases, versions of these features actually became more aggressive after their propensity to cause inadvertent sharing was, or should have been, known to reasonable distributors of filesharing programs. For example, the distributors of BearShare, eDonkey, LimeWire and Morpheus began or continued to deploy poorly disclosed redistribution features, share-folder features, search-wizard features and/or coerced-sharing features even after these distributors drafted a Code of Conduct that should have precluded use of any such features. Some distributors even responded to reports of inadvertent sharing by releasing new versions of their programs that seemed improved, but actually perpetuated inadvertent sharing caused by features previously deployed. Consequently, this report concludes that the totality of the circumstances surrounding the deployment of such features justify further investigation to determine whether particular distributors intended for such features to act as duping schemes.
However, Dudas adds, his report doesn’t, “draw conclusions about the intent of any particular distributor that deployed some or all of these features in its filesharing program. This report analyzes public data, and it is possible that nonpublic data now controlled by a particular distributor might show that it deployed these features mistakenly, negligently, or recklessly. This limitation on the scope of this report’s conclusions is a precautionary measure: It does not imply that a court obligated to draw conclusions about the intent of a particular distributor could not find that the data discussed herein provides ‘unmistakable’ or ‘unequivocal’ evidence of intent to induce copyright infringement within the meaning of MGM Studios, Inc. v. Grokster, 125 S. Ct. 2764 (2005).”
Also See:
PC Pro – File sharing apps slammed for sharing too much – report’, March 7, 2007
warned pupils – Anti-p2p propaganda in schools, May 24, 2005
If your Net access is blocked by government restrictions, try Psiphon from the Citizen Lab at thIs the end (of the Net) nigh?zze University of Toronto’s Munk Centre for International Studies. Go here for the official download, here for the p2pnet download, and here for details. And if you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent web site blocking outside of China. Download it here.
rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php | | And use free p2pnet newsfeeds for your site
Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local politicians. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance. Don’t just complain. Do something!
March 8th, 2007 at 1:19 pm
This is indeed a serious issue. For fun, search Limewire or the like for “resume”. You’ll know some stranger intimately before long.
Not only is this a potential tool for identity thieves, but it could potentially be used by the ??AA to first identify a person using Limewire and then browse that person’s file, trawling for treasure.
Don’t be a dope – only share your shareables.
March 8th, 2007 at 1:43 pm
The idea that the director of the United States Patent and Trademark Office (Jon W. Dudas, who is coincidently the under secretary of commerce for intellectual property) could become a shameless shill for corporate interests and go so far as to invoke the “threat to national security” gambit in a transparent attempt to vilify P2P technology would seem implausible.
However, it is a sad reality.
March 8th, 2007 at 1:52 pm
The series of tubes known as “The Intarnets” is far from idiot proof in general. To single out P2P technology and even more absurdly claim that P2P INDUCES stupid people to unwittingly share sensitive information is misleading at best, and at worst a blatant distortion of information designed to discredit P2P.
March 8th, 2007 at 2:13 pm
Nicely put.
March 8th, 2007 at 4:18 pm
is that Jon W. Dudas or Don W. Judas?
March 8th, 2007 at 5:08 pm
This is the same type of vilification that is done with the war on drugs. It is done for the vested interests of law enforcement to receive continuing funds from the money trough that is the federal government. It didn’t work and doesn’t work. The war on drugs was long ago lost. You can find these sort of drugs in any small town in the US.
Here again the same sort of mentality is used to try and coerce the average Joe 6 Pack into believing that p2p file sharing applications are the equivalent of turning you into a criminal just for having put it on your computer. I don’t see anything about malware and spyware being able to heist your computer to do much of the same things without your knowledge. Nor do I see anything serious in movement from the government in an attempt to actually rectify that threat in creditable actions that are meaningful and have any sort of teeth in them.
Even our courts of the land seem almost blind to the idea of your computer being hi-jacked by someone other than the user of the computer. Nothing in all these infringement cases even attempt to acknowledge this problem, preferring it lead to someone they can extort money from rather than acknowledge the reality of the internet. Crap, I see nothing of the file sharing program called Winnie that has so often leaked Japanese security secrets out into the public. Is it that our esteemed US Patent Office believes that Winnie is only used in Japan?
No, this is selective branding of whose pot is black while ignoring realities of problems outside their scope or even addressing real problems. This is nothing short of paying back favors to vested interests to be so narrowly aimed.
March 10th, 2007 at 10:22 pm
“* Partial-uninstall features: At least four of the programs analyzed have deployed partial-uninstall features: If users uninstall one of these programs from their computers, the process will leave behind a file that will cause any subsequent installation of any version of the same program to share all folders shared by the ‘uninstalled’ copy of the program. Whenever a computer is used by more than one person, this feature ensures that users cannot know which files and folders these programs will share by default.”
If he’s complaining about this, he might as well complain about every uninstaller. All programs leave their configuration files on the hard drive after they are uninstalled (and that’s only if you’re lucky; many are much sloppier). They reside in a little folder called Application Data on Windows machines. This folder is in the same location in the heirachy of folders as your My Documents and Desktop folders (C:\Documents and Settings in Windows XP and Windows 2000, C:\Users in Windows Vista, C:\Windows\Profiles in Windows ME, 98, and 95 if you turned multiple users on, or C:\Windows if you didn’t). Turn on hidden files, navigate to one of these locations, find your profile folder, them find Application Data, and inside resides the folder that contains the configuration files for all of your programs (they are usually either named after the program itself or its vender). Delete the folder with the name or the vender of the P2P application in question, and the problem is solved.
And yes, I too think that this kind of thing should be done by every uninstaller for every uninstalled program.