Linked by Thom Holwerda on Wed 8th Feb 2012 23:15 UTC
Internet & Networking "While the file-sharing ecosystem is currently filled with uncertainty and doubt, researchers at Delft University of Technology continue to work on their decentralized BitTorrent network. Their Tribler client doesn't require torrent sites to find or download content, as it is based on pure peer-to-peer communication. 'The only way to take it down is to take the Internet down,' the lead researcher says." In a way, the efforts by Hollywood and the corrupt US Congress is actually increasing the resiliency of peer-to-peer technology. Karma.
Thread beginning with comment 506426
To read all comments associated with this story, please click here.
"pure" P2P
by Zifre on Wed 8th Feb 2012 23:37 UTC
Zifre
Member since:
2009-10-04

I keep hearing about these "pure" P2P systems. What I don't understand is, how does the client know what peers it can connect to? Wouldn't it need to get some sort of list from a central location at least initially?

Can anyone explain this?

Reply Score: 2

RE: "pure" P2P
by werterr on Wed 8th Feb 2012 23:50 in reply to ""pure" P2P"
werterr Member since:
2006-10-03

I keep hearing about these "pure" P2P systems. What I don't understand is, how does the client know what peers it can connect to? Wouldn't it need to get some sort of list from a central location at least initially?

Can anyone explain this?


From the article:

One thing that could theoretically cause issues, is the capability for starting users to find new peers. To be on the safe side the Tribler team is still looking for people who want to act as so called bootstraptribler peers. These users will act as superpeers, who distribute lists of active downloaders.

Reply Parent Score: 3

RE[2]: "pure" P2P
by westlake on Thu 9th Feb 2012 02:48 in reply to "RE: "pure" P2P"
westlake Member since:
2010-01-07

To be on the safe side the Tribler team is still looking for people who want to act as so called bootstraptribler peers. These users will act as superpeers, who distribute lists of active downloaders.


Who do you trust?

If a single superpeer is compromised every downloader is exposed.

Every uploader as well, for all practical purposes.

Reply Parent Score: 1

RE[2]: "pure" P2P
by Alfman on Thu 9th Feb 2012 04:22 in reply to "RE: "pure" P2P"
Alfman Member since:
2011-01-28

werterr,

"To be on the safe side the Tribler team is still looking for people who want to act as so called bootstraptribler peers. These users will act as superpeers, who distribute lists of active downloaders."


Granted I don't know the details of Tribler at all, but I can't see a technical reason the bootstrap peers must be any different from ordinary peers. Any peer with a static IP should do just fine for getting peers onto the network.

If there is some special task that these super peers will need to do, then that could lead to security trouble. Ideally peers don't exchange any information about other peers except what's required for connectivity purposes. This opacity would be good for privacy, but not so good for statistical analysis of the network.

Reply Parent Score: 2

RE: "pure" P2P
by Alfman on Thu 9th Feb 2012 03:51 in reply to ""pure" P2P"
Alfman Member since:
2011-01-28

"Pure P2P" systems need to be boot strapped somehow.
Once bootstrapped with some initial peers, the network can expand by itself to learn new peers. As long as enough peers are online, the network has a very good chance to recover itself.

The old freenet network was an example of this type of design. However the fact that the network exchanged peer information to repair and optimize the network implies that an attacker can join the network and build a list of peers over time. This enabled one to get IPs of peers in the network, which was considered a security problem in regimes like china where the simple fact of running an anti-censorship technology can land someone in trouble.

They developed a new freenet protocol and called it the "dark net". The principal difference is that this protocol does not exchange peers, and the user must enter "trusted" peers manually. This has/had so many obvious scalability problems that it was a terrible idea from the get-go in my opinion, but it was supposed to allow peers to operate with much better confidence that no one outside the trusted peers would know that they're part of the network. So, the state wouldn't have a way to identify peers by simply joining the network.


In practice, the freenet darknet between anonymous users is practically useless because users go to a clear IRC channel to exchange peer lists, which is far less secure than the previous freenet since it leaks even more information than before. And it tends to create very long if not completely broken routes between members who exchange peer information in the IRC channels at different times.


I'd be interested in hearing anyone else's take on this subject.

Reply Parent Score: 4

RE[2]: "pure" P2P
by galvanash on Thu 9th Feb 2012 06:47 in reply to "RE: "pure" P2P"
galvanash Member since:
2006-01-25

In practice, the freenet darknet between anonymous users is practically useless because users go to a clear IRC channel to exchange peer lists, which is far less secure than the previous freenet since it leaks even more information than before. And it tends to create very long if not completely broken routes between members who exchange peer information in the IRC channels at different times.


I'd be interested in hearing anyone else's take on this subject.


Darknets for file sharing are simply trust networks - they are only as trustworthy as the people you let into them. As such, it is all rather pointless to me, since they eventually succumb to their own popularity - once you reach the point that you no longer know everyone you can no longer trust it.

Its fine to a point for a small group of peers who actually do know each other - but then you never really gain the advantages you have with large P2P networks (namely diverse content and multiple seeders to speed up downloads).

Tribler does not seem to even try to behave like a darknet. There is no address anonymity as far as I can see - it is simply decentralized. You would of course need a few "superpeers" to bootstrap things, but once it got going it would be self-maintaining. That is the point I think - not address anonymity. It's not really anything like Freenet, where anonymity is actually the primary goal.

Reply Parent Score: 3

RE[2]: "pure" P2P
by Valhalla on Fri 10th Feb 2012 03:13 in reply to "RE: "pure" P2P"
Valhalla Member since:
2006-01-24

Yes, I find this interesting aswell, particularly the decentralized bit. I read up on the p2p methodologies a while back with torrents, e2dk, direct connect being examples of centralized networks and kademlia, DHT (partly), winny, share, being examples of decentralized networks.

Centralized networks relies on a server which provides vital information neccesary for file sharing, this is quite efficient but also has a huge vulnerability as the network is totally dependant on these servers operating and if they go down, so does the network functionality.

Decentralized networks are those where each peer take on part of the burden handled entirely by a server in a centralized setting and therefore has no central point of functionality, leading to a network where it can lose any peer and still continue to function as before.

From a network robustness standpoint it's obvious that decentralized networks are better, but there are as always other factors, such as efficency. A single purpose server in a centralized setting is more efficient in spreading necessary information to peers than it a decentralized network where more bandwidth use/cpu use is required for relaying the same information.

Other areas where centralized networks can be more attractive is how they can be community/interest targeted, and often with their own set of rules pertaining to how much peers must upload in contrast with how much they are allowed to download.

Then we have anonymity, popular networks such as bittorrent and ed2k/kademlia have no anonymity to speak of, the closest thing is protocol obfuscation but that is targeted entirely at preventing isp-throttling.

The reason why the demand for anonymity has been low is because there's a very slim chance of legal reprecussions while using networks like bittorrent today, and also that anonymity measures 'waste' bandwidth.

I found it very interesting that in Japan, where online copyright breaches are much more likely to cause legal problems the two major p2p applications (Winny, Share) are built from the ground up to be anonymous.

Obviously there's no real anonymity given that you need to expose your ip address in order to join any p2p network, however the difficulty in proving what an ip downloaded is what these 'anonymous' networks are based upon. Both Winny and Share require the user to allocate a large chunk of hd space as an encrypted buffer not only for the data they are interested in, but also data they will be relaying from one peer to another. It's this relaying of data which obfuscates the source->destination ip addresses and makes it very hard to prove who downloaded what from who'm. Naturally this makes for a less efficient network, as not only do each user need to spend their bandwidth on what they want, but also on relaying lots of data they have no interest in.

It will be interesting to see whether these types of pseudo-anonymous networks will start to rise in use here aswell if we end up with harder anti-piracy measures resulting in more resources being spent on identifying and prosecuting online piracy.

Oops, became a bit longwinded ;)

Reply Parent Score: 3

RE: "pure" P2P
by RMSe17 on Thu 9th Feb 2012 18:34 in reply to ""pure" P2P"
RMSe17 Member since:
2006-03-06

I keep hearing about these "pure" P2P systems. What I don't understand is, how does the client know what peers it can connect to? Wouldn't it need to get some sort of list from a central location at least initially?

Can anyone explain this?


It is possible to have a pure peer-to-peer protocol where initial communication from a new node would use broadcast/sudo-random IP "pinging" on specified communication port(s). Depending on the total number of connected nodes, it may take some time to stumble on to another node, but once another node is found, the initial node would be inserted into a graph. At this point nodes can communicate set of known positive points of other nodes found. In order to keep the spam down, once the node graph reaches certain size, the nodes can slow down discovery rate. So, as more nodes join the graph, each node would send discovery messages at a slower rate x^n. Thus discovery will never stop, but it will keep spam down.

The more popular this protocol, the more nodes/users exist in the IP space, making it faster to stumble upon another node, and the faster all of the partial graphs would join into a single connected network.

This would be a true P2P network.

Reply Parent Score: 1

RE[2]: "pure" P2P
by Alfman on Fri 10th Feb 2012 03:47 in reply to "RE: "pure" P2P"
Alfman Member since:
2011-01-28

RMSe17,

"It is possible to have a pure peer-to-peer protocol where initial communication from a new node would use broadcast/sudo-random IP 'pinging' on specified communication port(s)."


An internet-wide broadcast seems like a bad idea to me. First of all, it doesn't make sense to use a fixed port for this kind of P2P protocol (NAT users often don't have a choice about their port anyways). So the search space is really a cross product between the public IPs which could be running the P2P client and the ports it could be running on. This is essentially tantamount to each P2P user doing an internet-wide port scan.


If it's not clear why that's a bad idea, let's just guestimate some numbers. There are around 46 bits of search space. Assuming there are 10M publicly reachable nodes distributed randomly in the search space, what are the odds of reaching another peer?

10M/70,368,744,177,664 = 1 chance in 7,036,874

So let's just say on average it takes 3.5M packets to reach one's first peer. Let's say these raw packets are 200bytes a piece, that's 700MB bandwidth just to find one peer, and this is assuming no retries are needed due to heavy loads and dropped packets or peers which aren't running 24/7.

All this just for one user of one P2P client. What if all decentralized systems located peers this way? Everyone on the internet would receive useless background packets connecting to random ports.

Lets not even contemplate this scheme on IPv6.


No, it's better for most users to bootstrap it by getting a list from the source where they found the software. Also, anyone could publish an independent & random bootstrap list for new users to add as well.

Reply Parent Score: 3