I got a Cease & Desist Letter!

[Heidi 4]

Oh yes I expected this... the standard exuse...

They are checked by default right? And you know the most people install what is checked because they think they NEED these progs, and if you start now to tell me something that this is mentioned... you know exatly that the most people don

 

[boatwoman]

BearShare 3.0.0 has a Secure Channels feature that makes it impossible for companies to snoop on your shared files and cause exactly this kind of problem (among other things).

 

[Rockwell]

Did you get a Cease & Desist letter? Want to know what to do if you get one?
The EFF put together a new site "ChillingEffects.org" at
http://www.chillingeffects.org/

"The Chilling Effects project works by publishing cease-and-desist letters received by Internet
users and providing detailed information about the relevant legal rules. For example, if an
Internet user receives a letter demanding that she remove a synopsis of a "Star Trek" episode
from her website, members of the Chilling Effects team would post the letter online, embedding
it with links to information about basic copyright protections, the rules governing synopses, and
the fair use doctrine.

"EFF receives hundreds of requests for help and information from recipients of
cease-and-desist letters," said EFF Legal Director Cindy Cohn. "This project should help
individuals gain access to greatly needed information as well as allow us to track who is sending
these letters and research larger trends."

(you should make this sticky or at least add the link to your sites)

 

[Crazy B]

Yes,

the most of the other developers don

 

[Ihkljhkjh]

to give it a name.

 

[blackopen]

Hey Vinnie, that sounds amazing! Where can I get more info about these Secure Channels?

 

[Supernatural Fan]

Great idea, but unfortunately the site doesn't exist. Maybe they were asked to 'cease and desist'.

 

[Over The Line!!]

Zeropaid has it too:

BearShare Blocks other Gnutella Clients
After months of badmouthing and disadvantaging other clients here is it finally. From Bearshare.Net: "You can choose to receive all query replies, downloads and uploads only from other BearShare clients". In clear works again: Bearshare is splitting the network! Remember the words from hackmaster Dr. Damn: Be nice and play fair. Uninstall BearShare.

http://www.zeropaid.com/news/articles/auto/06272002g.php

 

[Colby V]

It doesn't have to be. Since there are gnutella nodes located in the U.S. you can sue an entity that reversely engineered an authentication handshake in the U.S. although the entity might originally be located in Europe.

 

[Agent Krug]

In any event, reverse engineering or not, there are plenty of landmines and obfuscation techniques that will buy us many months of time before the security is compromised (even if it is illegally compromised).

There are encrypted portions of code which will be in the final release that aren't even going to get used for quite some time, we will be activating these additional security methods as the existing ones get broken.

True, even these additional hidden techniques will eventually be broken, but I have planned for that, instead of assuming that the protection methods are unstoppable.

Fortunately, with peer to peer software, frequent updates ensure that we will be able to combat the evils of corporate hacking as they appear.

 

[Maiden666]

I have Gnotella 1.05 and can't find any skins or information on it, what happened to Gnotella and how come it is no longer supported?

 

[helpme15]

was that sarcasm?

 

[Ivan John Chin]

Eh? Is Morpheus being "fair" by releasing millions of buggy servents?

Probably not, but you complaining about it isn't likely to change anything.

 

[mybabysocks]

aww.. don't tell me you're the same "anonymous"?

 

[Layna]

And now tell me why the people should use your advertising client, if they can better clients for free - like Gnucleus, Shareaza or soon Xolox!

You shouldn't use anything, unless you want to; no one is forcing you. Like you said, their are other clients out there. Use the one you like and get on with your life (or get a life), instead of argueing about trivial things.

So you want to leech from the Gnutella net as long as possible and if the net is destroyed you switch to your private net...

BearShare can upload and connect to every other client, so it isn't leeching off of anything. The only difference is if the rest of gnutella dies, BearShare users would have something to fall back on.

Of course ssh, SSL, PGP and all good commonly used secure protocols or hashs are available as open source. So why security by obscurity?

Even though the source to generate the encrypted data is available (ssh, SSL, PGP), the encryption algorithms are soo strong that it would take a LONG time for anyone sniffing the traffic to figure out what the data is. By the time they could crack the encrypted data, the encryption system would probably be changed and they have to start all over. You would need the special key to decrypt the data immediately.

This is the problem faced on gnutella when using a key-pair (private/public key) system. If you have an open source client that contains the keys needed to decrypt/encrypt the data... anybody can take the source, rip the keys and then decrypt/encrypt whatever they want. This is where security through obscurity comes into play. If others don't know the keys, don't know how the security works... it will be hard for them to crack. Otherwise you just go on blocking hundreds of IPs, or develop a centralised control system. This is not good.

These secure channels aren't the best solution, nor are they an absolute form of protection... but it's something! Does anyone else (Morgwen, Moak) have a better (non-proprietary) solution that everyone could use? No? That's what I thought.

 

[mnn]

The site works for me

 

[Agnostic Front]

This one could use a sticky, Morgwen It'll help people understand their rights and the legal mumbo-jumbo. For instance, take this Q and A from a C&D letter (found at http://www.chillingeffects.org/protest/notice.cgi?NoticeID=95):

 

[PEACE!]

no it was not. honestly! sorry i'm not a frequent visitor of bearshare.net, any links to more specific information about that feature would be greatly appreciated.

 

[cecilio]

I am no developer... but I said that the developers should work together and find a solution for the Gnutella net. But Vinnie walks again alone and is splitting the net with his GREAT new features...

Morgwen

 

[Softball Luva!]

This is not quite what I've expected.

First, it's not a technical solution but a legal one. whatever authorization methods are used, I'm sure they can be circumvented. the authorization handshake can be logged, if there's a digital key inside the servent it can be extracted, and will sooner or later.

Second, it only works because bearshare uses closed code. this is no offense against closed source products, but i'm sorry that it is not a possible solution for open source servents.

Third: You can choose to receive all query replies, downloads and uploads only from other BearShare clients?? did i understand that correctly??? the word blackhole is known to you, isn't it??? man, you're really provoking the next flamewar...the only reason why those anti-clustering folks are silent now is because they were told that clustering is not a bad thing as long as the servents respond to queries from outside the cluster...if this feature was enabled by all of your users gnutella would be only one last tiny step away from a private bearshare network: stop connecting the cluster to the gnutella environment, for it is not interested in their messages anyway...i took it for mere conspiration theory, but i get the impression that you are really moving in that direction, one step with every major release. do you want that? i thought you didn't...