Brightnets vs. Darknets

Someone dugg the "Owner-Free Filesystem" a bit before they were ready with the proclamation "Darknets are SO last century." Unfortunately, I think reports of the death of darknets are greatly exaggerated.

OFF works very much like a system I had thought of myself and discarded because it doesn't actually provide protection: instead of storing any original data on your computer, you instead create a bunch of blocks of random data, then mix those blocks with the original data in such a way that the new blocks are also indistinguishable from the random data, then you distribute only those indistinguishable-from-random blocks. To recover a file, one just needs to download the right blocks and mix them in the right way. The mixing process is generally XOR, basically a bitwise add without carry, which happens to be its own inverse: 1 XOR 1 = 0, 0 XOR 1 = 1, 1 XOR 0 = 1, 0 XOR 0 = 0. If you XOR a random looking block with non-random data, the result is a block that looks just as random as the original random block.

The beauty of a system like this is that there is no actual connection between the individual blocks that one downloads and the file that one recovers. It doesn't matter which are the original "random" blocks and which are the ones that come from XORing the blocks with blocks of the file. OFF relies on these blocks' being reused over and over again for several different files so that a single block could be used in the Declaration of Independence, an open source software archive, and the latest Eminem track. None of those files could be recovered without this particular block, but since every block one downloads to recover a given file might also be necessary to recover a "legitimate" file, the downloader can have plausible deniability.

This all sounds good, and I wish it could provide protection against lawsuits, but I don't think the RIAA or judges are really going to care that the actual file is not transmitted across the wire. If that were the case, merely encrypting the file and distributing the password separately would be enough. What the law cares about is whether one is involved in making a copyrighted work available or making a copy of a copyrighted work. If someone from the RIAA can download enough blocks from a user's computer to recover a copyrighted work, that person will probably get nailed. Unless the software explicitly prevents this from happening, for example by intentionally erasing blocks from the cache, there is a risk. The other attack is for the RIAA to create their own groups of blocks that aren't mixed with any blocks from the network, then offer those blocks for download. Even if the software avoids downloading all the blocks for a single file from the same IP address, it would be trivial for the RIAA to set up computers with these "unmixed" blocks all over the place.

In order to provide the protection it does, OFF also requires a couple of things that most people probably will consider costly enough to completely offset the added protection: users must keep a local cache of a bunch of data they don't need, and recovering a file will require downloading up to twice as much data as the original file size. The first requirement is not unique to OFF; systems like Freenet and Gnunet have the same requirement, and even by itself the necessity of storing a bunch of data locally that one can't use for anything else is enough to prevent widespread use of these systems. Therefore, people will probably have a tendency to set their cache size very small and clear it out frequently as they run out of disk space (which pirates frequently do), reducing protection for everyone else but without reducing the user's own performance or protection. In OFF, unlike Bittorrent, self interest and network performance are actually at odds with one another.

Even if all of the attacks available to the RIAA turn out to be impractical and OFF sees widespread use among cooperative users who are willing to spend the extra bandwidth and disk space for extra protection, some of the OFF developers have made it very clear their intention in making this software is to allow people to share copyrighted material, so even if downloaders and uploaders are somewhat protected, the developers are not.

Fortunately, there is still a foolproof way to avoid getting sued by the RIAA, at least for your own actions: share with people you trust, via a "darknet." A darknet is basically any network where you are only interacting with trusted parties. Simple examples are private FTP servers, password-protected IRC and DC channels A meatspace example would be burning DVD copies for your friends (for pay, trade, or free, doesn't mater) rather than selling them on eBay. The main disadvantage of this approach is that you don't then have the entire planet to draw on, so it tends to work best for either popular content that everyone has or niche content among groups with shared interests like anime fans.

Fortunately, the Swedish Pirate Party is willing to be everyone's trusted third party with their Relakks service. Relakks is basically just a VPN. Once you've connected all of your packets travel to their servers through an encrypted connection and then out to the public Internet through a Swedish IP address. Assuming they are actually trustworthy and don't keep records, and they aren't secretly raided and operated by people you don't trust to know what you're up to, this should be a pretty good way to go. Unfortunately, Relakks is so popular neither their VPN servers nor their transaction provider can keep up. And once those are fixed you can expect that in the near future you will find it about as easy to send them money from the US as it is to send money to an online gambling site.

None of this is to say that I don't think artists should not be compensated for their work. However, for the most part it's the distributors and marketers we end up paying for, not the artists. The RIAA's lawsuits are last desperate gasps for relevance. They'll be pretty much obsolete in a world where any artist can set up a web site offering their songs for download for $0.99. CDs are already becoming irrelevant because who wants to deal with physical media any more, particularly media that requires moving parts? The marketing will still be necessary, but it may well be through sites like BlueO2, MySpace, last.fm, and Internet radio, which will eventually be delivered to cellphones, making satellite and broadcast radio mostly obsolete.

Share this