Two of the hottest applications in networking -- peer-to-peer networks and instant messaging -- are being combined in the form of private P2P networks that are taking shape in the more secretive corners of the Internet, industry insiders say.

The most popular software for creating these private networks is WASTE, which enables anyone with a computer and a Net connection to set up a private peer-to-peer network over the Internet.

”Between the FBI and the Justice Department and the Record Industry of America Association cracking down on file sharing, it was only a matter of time before users found a more secure, private way to swap software and music,” says Brian Bruns, security administrator at SOSDG (Summit Open Source Development Group). The SOSDG hosts one of about 30 different sites where the WASTE software can be downloaded for free.

WASTE differs from P2P networks like Kazaa and Limewire as it creates a closed network for instant messaging and file-sharing with trusted users. The person running the network has to swap a key with potential users before they are allowed on the network. An encryption layer is then set up between two computers using private keys to authenticate the parties. Up to 50 people can be on one network.

”There are thousands of copies out there, but there’s no way to tell exactly how many people are using it, as it’s designed to be secure,” says Bruns.

WASTE was developed a year ago by developer Justin Frankel, founder of Nullsoft. AOL (NYSE: TWX) acquired Nullsoft for its Winamp MP3 software, and while Frankel was with the company he wrote WASTE. However it was deemed to be an “unauthorized project,” according to Bruns, and AOL yanked it.

Michael Gartenberg, analyst with Jupiter Research Ltd., says anything believed to encourage illegal file sharing would have a major black mark against it, which is probably why AOL scrapped the project after posting it on a site for one day.

He says the crackdown by the RIAA on illegal file sharing has fueled the distribution of this software. “The more consequences there are for actions, the more the activity is driven underground… Criminals don’t hold public meetings,” Gartenberg says.

”It’s a way to chat without having someone watching you,” says Bruns. His open source group took a copy of the entire WASTE site as it was posted on AOL, and stored it away for future use. It has since been distributed widely, including to SourceForge, which has worked on improving the original code. Gartenberg notes that WASTE is unlikely to reach the lofty heights of fame achieved by Kazaa, which has been downloaded over 200 million times. “With WASTE you have to know someone in the network, it closes down the number of people available,” he says.

Still, the concept of private or personal P2P networks might still find its way into the mainstream, courtesy of Microsoft Corp. (Nasdaq: MSFT). The software giant is trialing a program called www.threedegrees.com (nothing to do with the 70s pop divas, it seems), which allows users to create small private networks of up to 10 people to exchange instant messages, animations, pictures and music.

Right now the software is part of Microsoft’s NetGen division, which aims to develop products aimed at 13- to 24-year-olds, but there are broader implications for this product within the corporate world. Think of workgroups collaborating on documents or powerpoint presentations.

Microsoft had not returned calls for comment by press time.

— Jo Maitland, Senior Editor, Boardwatch

For a Light Reading report on the latest developments in P2P click here.
To view the Webinar on which this report is based, click here.
jim_smith 12/5/2012 | 2:41:36 AM
re: P2P Gets WASTEd Something I found via google. Based on the info below, it appears that RIAA can only go after the uploaders, but not the downloaders. So as long as the uploaders are outside US jurisdiction, P2P without authentication should work.

Knowing a bit about how the RIAA currently investigates a user is key to avoiding this litigation. So, here is how they do it:

Technique One -- The RIAA has individuals join several of these networks, like KaZaa, as a user. They then utilize the software as a means to find users with the most content. Once they target a specific individual, they utilize several means to ascertain that user's true ident*ty. Most commonly, they look at IP addresses, which can be tracked back to the ISP, or Internet Service Provider, whom the RIAA will contact for information on this particular IP address at that particular time on the ISP's network. Drilling down into the logs of the ISP, it is quite easy to find the ident*ty of any specific user, as well as the activity of that user. This *ssumes that the ISP cooperates, and most do. There are other ways to ascertain the ident*ty of a user, including e-mail address and contacting the e-mail provider or domain registrar for all information regarding that user, etc. There are many ways to find a person on the internet, period.

Once the RIAA ascertains your ident*ty, it's only a matter of cooperating with ISPs, governement agencies, law enforcement, telephone companies, the US Postal Service, etc., to find your address. I can guarantee you that if they find your ident*ty, they will easily find your address.

Technique Two -- The RIAA shares bogus files on the file sharing networks in an attempt to frustrate users downloading copyrighted content. This works quite effectively. Those of you with dial-up connections to the internet can see why, I'm sure, as it takes thirty minutes or longer to download a song only to find out the file doesn't work properly. I can see a time in the not so distant future where the RIAA will actually attach trojan virii to these files, possibly gaining unauthorized access to your pc.

Technique Three -- The RIAA uses companies like BayTSP, which uses proprietary software to crawl file sharing networks looking for all types of copyrighted material. BayTSP is under contract with the RIAA, three music companies, and a movie studio currently, in an effort to extinguish sharing of audio and video copyrighted content. Once BayTSP finds these files using their proprietary software, they review the user name ([email protected]) and the ISP of the person in possession of those files on that specific file sharing network. BayTSP authors and mails letters to the ISPs, indicating this specific user is abusing their network by illegally downloading copyrighted content. The ISP sometimes drops users as a result. This means that that specific user would have to find another Internet Service Provider because that specific user would be banned from the network of their previous ISP.

So, now the RIAA knows who you are and where you are. The next step is simply requesting the appropriate permission, completing the appropriate probable cause paperwork for a subpoena, and mailing the document to you.
sandemon 12/5/2012 | 2:41:26 AM
re: P2P Gets WASTEd Think you guys have a typo in the paragraph referring to Justin Frankel. He's called "Frinkel" in the 2nd sentence.
Sign In