MUTE Grows In Popularity, Iterations 50
jcr13 writes "MUTE is a search-and-download file sharing network that uses ant-inspired routing to make both downloaders and uploaders anonymous. Version 0.2 was released today (change log). Since its mid-December 0.1 release, MUTE has risen from complete obscurity to one of the top-ten most active SourceForge projects. Several people have described MUTE as a "third-generation file sharing network," with the first two generations being Napster and Gnutella (and generation zero being the web---remember when MP3s were traded through web pages?). Each generation circumvents the tactics that the RIAA used to squash the previous generation. Alas, each generation is less and less efficient (though MUTE's dynamic routing works surprisingly well).
MUTE was discussed in a previous Slashdot story. Oh, and if you are wondering, it's M.U.T.E., lady, an acronym, not "mute," and we had best not go into it any further."
Network size? (Score:5, Insightful)
0th gen. was web? what about gen. -1, -2, and -3? (Score:5, Insightful)
File sharing on the web is pretty recent though there was some in the early 90s. IRC file trading was well established by then, and FTP goes way back. And of course NNTP would never have bloomed without the a.s.b hierarchy.
Every generation of kids thinks that they were the generation that invented sex. Every generation of computer users is equally naive too.
YAW.
Usenet is P2P (Score:3, Insightful)
Errr...NNTP (Usenet) is peer to peer. How do you think all the news servers get their feed? They are peers who pass the posts between each other. Read rfc977. The IHAVE command shows the most obvious proof the protocol was made to be P2P--it is for transferring posts between servers (which are just dedicated peers on the network). You send a post to one server, and it ripples through the other servers--much like a search request on the Gnutella network.
At least it used to work that way, with all the consolidation, we may end up with one big ISP running only one big Usenet server with rec.arts.music.britney.spears as the only allowed group. ;-)
They need to do some work before I run this (Score:5, Insightful)
This looks like a research project, and the author looks like a researcher. This will never be production code (unless forked).
The source is very hap hazzard right now,
* no LICENSE or COPYING file
* bizzare directory structure
* no INSTALL, README, HACKING files
* no mailing lists (none!)
The head sf admin [sourceforge.net] is head of a bunch of other projects too. I didn't check all of them, but I'm pretty sure he's a _member_ of no one else's project. So you have a guy supporting 10 projects (and maybe more not on sourceforge) who has only written academic code, probably only by himself resume [sourceforge.net].
He also appears to be gung-ho C++, why not turn the 63k of C++ into 6k of python and worry about features instead of memory management? (bittorrent has proven the bottleneck isn't CPU).
Not a great mix for a successful open source project.
Too music-centric (Score:5, Insightful)
There's two battles: technical and legal. The technical battle is easily won - anonymous communication is possible. But as it becomes easier to communicate with true anonynmity, the temptation to ban such communication increases. I think it's pretty clear that such communication is protected speech, but I predict that Congress will pass a bill saying that it isn't. It will eventually fall to the Supreme Court to re-affirm that anonymous speech is protected too.
For this reason, I think it would be better if MUTE promoted itself as a tool for speech, not just copyright infringement.
Contributory infringement (Score:5, Insightful)
Anyone bothered to read the MUTE site should be really worried about now. Apart from technical problems and generally suspicious statements, the entire workings of MUTE [sourceforge.net] place every user at the risk of contributory infringement [chillingeffects.org] of copyright.
Why doesn't MUTE protect you? Because the "RIAA node" only needs to download a single copyright file and use netstat to take the address of its peer (neighbour) node. It then has the ability to track you (i.e. the neighbour, via your ISP) and has proof of your contribution to the infringement (you actively provided infrastructure for the transfer of the copyright material).
But they need to show you have knowledge of the activity, right? Wrong. First because they'll just subpoena you anyway and it will cost lest to pay the requested amount than to fight them. Second because they only have to prove on a balance of probabilities that you were aware that your "service" was being used for illicit purposes. More on that later.
You also can't claim that you were just providing a service "like an ISP", because you're not. ISPs protect themselves by being telecommunications carriers (which are largely exempt from monitoring content), or having appropriate AUPs with the customers they provide the service for, or responding in an appropriate manner to compliants. For example if you can't or are not prepared to remove known illegal material from your service when you are notified about it, you become a contributory infringer!
Alright, so why can ISPs get away with it and you can't? Because they have AUPs, because they respond to complaints, and most importantly because there is a significant non-infringing use for their network. MUTE, on the other hand, is described specifically as a network dedicated to preserving your anonymity for the purpose of trading in illegal MP3s without getting caught by the RIAA.
Here's an anecdote for you: a landlord was arrested for pimping and money laundering. When he pleaded ignorance the police demonstrated to the court that they could ask virtually any member of the community where there were prostitutes and drug sellers at the building in question, and the answer would be "Yes". So a "reasonable man" was aware of the problem, yet the landlord tried to protect himself by never looking into it. Running a brothel is an offense that attaches to the property owner -- it is his responsibility to take reasonable measures to ensure that the property is not being used for illegal purposes.
The other problems? Phrases like "military-grade encryption" don't inspire confidence, especially in a system that uses asymmetric cryptography without a PKI (and a PKI in this system would pretty much kill the idea of being anonymous). The "RIAA node" could happily perform a man-in-the-middle attack on all secure connections that are established through it.
In general the documentation on MUTE appears to give little consideration to side-channel attacks, concentrating on how secure and anonymous the system is algorithmically.
Re:Ants are all very well but.. (Score:2, Insightful)
You've missed several points:
1. The RIAA can't tell what files are passing through a node.
2. The RIAA can't tell if the file they download from your IP is hosted by you, or you are just forwarding it.
3. MOST IMPORTANTLY, YOU can't tell what files are passing through your machine. That's straight out of Freenet. RIAA may download a file from your IP, but you can prove you had no knowledge that the file was coming from/through your node. No knowledge = no culpability.
Re:Contributory infringement (Score:2, Insightful)