基于社会性网络的可信Blog
游牧人Roger
Blog所代表的社会需求层次,应当跨越尊重需求和自我实现需求之间,然而虽然草根化的表现形式已经到位,但并非简单到可以让任何人都变成Blogger,甚至是对那些很有条件"永远在线"(AlwaysOn)的人们。这和个人的性格、行事方式,以及所处的生活环境有很大的关联。这和从前的思维定势有很大的不同,按照过去的理解,一旦一种方式能够大规模地降低成本,应当是人人都必须接受的选择。显然这是错误的,我们不能因为Skype上PC对PC语音通讯是免费的,就忽略了购买电脑、宽带网络以及学习操作上的基础代价。
但是,从开始Blog的第一天起,我们很多人就已经开始思考究竟什么是Blog。就会想到Blogger每天所作的Blogging行为,实际上就是人的时间快照。如此说来,其实任何其他记录方式(写作、录音、照片、视频等)也都是在做Blogging。如此说来,或者Blog所代表的含义过窄,或者Blog还可以延伸到更多内涵。如果延伸,也许人人每天都是在无意中持续地Blogging着,只是很多时候少了发布的工具而已(有人想像大脑与Blog的直接连接,起码是科学的幻想)。
那些幻想毕竟比较远,即使最终使能技术到位,也未必没有社会问题。更大的问题应当是隐私和公共空间的边界问题。社会性软件的另一个领域:社会性网络,应当是解决这个问题的突破口。很多人犹豫在Blog的边缘,正是因为顾虑公共性(Publicity)对自己所带来的潜在威胁。一些信息一旦进入公共领域,不但可能带来不同的解读,还可能因为包含的内容信息而对其他人的边界产生影响,甚至危害。下一代,我们需要更加信任的层面来支持。
今天的Blog,是最粗糙的发布形式,当你发布之后,面向的是任何人。结合了社会性网络的Blog(注意:不是今日SNS和今日Blog的简单加法),也可以称为"可信Blog",人们会消除对公共Blog的"恐惧",而愿意和自己的不同圈子(Ring)进行分享。新工具的设计会为我们提供几种发布范围:1.私人的(放在自己的存储介质中,或者托管在信任的网络存储中);2.
信任的联系人,当你发布的时候,可以选择哪些人可见(例如,群组"2005年BlogCon
China会议成员"或者Tag为"家人"的联系人),在一个安全的信息空间;3.
公众,也就是今天最原始的Blog形态,完全暴露在公共空间,容易遭到污染。在第2种层面,当然就是社会性网络最有价值可以发挥的地方。
************************************************************
今天的社会中,人们一生中平均有机会结识上万人,有150人左右会成为联系频繁的人,而只有12个人左右会成为最亲密的人。显然,基于信任的Blog概念,和延伸的Blogger群体是更大的潜力。在这层面,Meme会更大程度地延伸和传播,事情的真相更可以得以浮现,而不至于断裂(我们常发现因为公共Blog的局限而让事实扭曲或者草根声音无法传播的难题,更不用说Censorship的有形和无形影响)。到那时候,是否是Blogger已经不重要,Blog的概念也可以进入历史了。
在P2P的空间中,人们已经发现了很多缺乏信任所带来的弊端。简单的文件共享所能够提供的弱连接还不够增加信任,或者会轻易触及法律的红线,令自由文化倡导者多多沮丧。Clay
Shirky
已经提出了文件分享的社会化(基于信任的),而Robert
Kaye的思路已经接近了实践。Blog算是共用的知识共享,然后也会附加P2P的知识分享(如果假设其中的内容无关紧要),那么下一步,可信的Blog(Trusted
Blog)也会浮现出来了,那会是更自然的心灵释放。
********************************************************
From
http://blog.cnblog.org/archives/2004/12/uouecaoioeacaee.html
游牧人Roger
First published October 12, 2003 on the "Networks, Economics, and
Culture" mailing list.
Subscribe to the mailing list.
The RIAA has taken us on a tour of networking strategies in the last
few years, by constantly changing the environment file-sharing systems
operate in. In hostile environments, organisms often adapt to become
less energetic but harder to kill, and so it is now. With the RIAA's
waves of legal attacks driving experimentation with decentralized
file-sharing tools, file-sharing networks have progressively traded
efficiency for resistance to legal attack.
The RIAA has slowly altered the environment so that relatively
efficient systems like Napster were killed, opening up a niche for more
decentralized systems like Gnutella and Kazaa. With their current
campaign against Kazaa in full swing, we are about to see another shift
in network design, one that will have file sharers adopting tools
originally designed for secure collaboration in a corporate setting.
Napster's problem, of course, was that although Napster nodes acted as
both client and server, the central database still gave the RIAA a
single target. Seeing this, Gnutella and Kazaa shifted to a mesh of
nodes that could each act as client, server, and router. These networks
are self-assembling and self-reconfiguring with a minimum of
bootstrapping, and decentralize even addresses and pointers to files.
The RIAA is now attacking these networks using a strategy that could be
called Crush the Connectors. A number of recent books on networks, such
as Gladwell's The Tipping Point, Barabasi's Linked, and Watts' Six
Degrees, have noted that large, loosely connected networks derive their
effectiveness from a small number of highly connected nodes, a pattern
called a Small World network. As a result, random attacks, even massive
ones, typically leave the network only modestly damaged.
The flipside is that attacks that specifically target the most
connected nodes are disproportionately effective. The RIAA's Crush the
Connectors strategy will work, not simply because highly publicized
legal action will deter some users, but because the value of the system
will decay badly if the RIAA succeeds in removing even a small number
of the best-provisioned nodes.
However, it will not work as well as the RIAA wants, even ignoring the
public relations fallout, for two reasons. The first is that combining
client, server, and router in one piece of software is not the last
move available to network designers -- there is still the firewall. And
the second is simply the math of popular music -- there are more people
than songs.
Networks, Horizons, and Membranes
Napster was the last file-sharing system that was boundary-less by
design. There was, at least in theory, one Napster universe at any
given moment, and it was globally searchable. Gnutella, Kazaa, and
other similar systems set out to decentralize even the address and
search functions. This made these systems more robust in the face of
legal challenges, but added an internal limit -- the search horizon.
Since such systems have no central database, they relay requests
through the system from one node to the next. However, the "Ask two
friends to ask two friends ad infinitum" search method can swamp the
system. As a result, these systems usually limit the spread of search
requests, creating an internal horizon. The tradeoff here is between
the value of any given search (deeper searches are more effective) vs
the load on the system as a whole (shallower searches reduce
communications overhead.) In a world where the RIAA's attack mode was
to go after central resources, this tradeoff worked well -- efficient
enough, and resistant to Napster-style lawsuits.
However, these systems are themselves vulnerable in two ways -- first,
anything that reduces the number of songs inside any given user's
search horizon reduces the value of the system, causing some users to
defect, which weakens the system still further. Second, because search
horizons are only perceptual borders, the activity of the whole network
can be observed by a determined attacker running multiple nodes as
observation points. The RIAA is relying on both weaknesses in its
current attack.
By working to remove those users who make a large number of files
persistently available, the RIAA can limit the amount of accessible
music and the trust the average user has in the system. Many of the
early reports on the Crush the Connectors strategy suggest that users
are not just angry with the RIAA, but with Kazaa as well, for failing
to protect them.
The very fact that Crush the Connectors is an attack on
trustworthiness, however, points to one obvious reaction: move from a
system with search horizons to one with real membranes, and making
those membranes social as well as technological.
Trust as a Border
There are several activities that are both illegal and popular, and
these suffer from what economists call high transaction costs. Buying
marijuana involves considerably more work than buying roses, in part
because every transaction involves risk for both parties, and in part
because neither party can rely on the courts for redress from unfair
transactions. As a result, the market for marijuana today (or NYC
tattoo artists in the 1980s, or gin in the 1920s, etc) involves trusted
intermediaries who broker introductions.
These intermediaries act as a kind of social Visa system; in the same
way a credit card issuer has a relationship with both buyer and seller,
and an incentive to see that transactions go well, an introducer in an
illegal transaction has an incentive to make sure that neither side
defects from the transaction. And all parties, of course, have an
incentive to avoid detection.
This is a different kind of border than a search horizon. Instead of
being able to search for resources a certain topological distance from
you, you search for resources a certain social distance from you. (This
is also the guiding principle behind services like LinkedIn and
Friendster, though in practice they represent their user's networks as
being much larger than real-world social boundaries are.)
Such a system would add a firewall of sorts to the client, server, and
router functions of existing systems, and that firewall would serve two
separate but related needs. It would make the shared space inaccessible
to new users without some sort of invitation from existing users, and
it would likewise make all activity inside the space unobservable to
the outside world.
Though the press is calling such systems "darknets" and intimating that
they are the work of some sort of internet underground, those two
requirements -- controlled membership and encrypted file transfer --
actually describe business needs better than consumer needs.
There are many ways to move to such membrane-bounded systems, of
course, including retrofitting existing networks to allow sub-groups
with controlled membership (possibly using email white-list or IM
buddy-list tools); adopting any of the current peer-to-peer tools
designed for secure collaboration (e.g. Groove, Shinkuro, WASTE etc);
or even going to physical distribution. As Andrew Odlyzko has pointed
out, sending disks through the mail can move enough bits in a 24 hour
period to qualify as broadband, and there are now file-sharing networks
whose members simply snail mail one another mountable drives of music.
A critical factor here is the social fabric -- as designers of secure
networks know, protecting the perimeter of a network only works if the
people inside the perimeter are trustworthy. New entrants can only be
let into such a system if they are somehow vetted or vouched for, and
the existing members must have something at stake in the behavior of
the new arrivals.
The disadvantage of social sharing is simple -- limited membership
means fewer files. The advantage is equally simple -- a socially
bounded system is more effective than nothing, and safer than Kazaa.
If Kazaa, Gnutella and others are severely damaged by the Crush the
Connectors attack, users will either give up free file-sharing, or
switch to less efficient social spaces. This might seem like an
unalloyed win for the RIAA, but for one inconvenient fact: there are
more people than are songs.
There Are More People Than Songs
For the sake of round numbers, assume there are 500 million people
using the internet today, and that much of the world's demand for
popular music would be satisfied by the availability of something like
5 million individual songs (Apple's iTunes, by way of comparison, is a
twentieth of that size.) Because people outnumber songs, if every user
had one MP3 each, there would be a average of a hundred copies of every
song somewhere online. A more realistic accounting would assume that at
least 10% of the online population had at least 10 MP3 files each,
numbers that are both underestimates, given the popularity of both
ripping and sharing music.
Worse for the RIAA, the popularity of songs is wildly unequal. Some
songs -- The Real Slim Shady, Come Away With Me -- exist on millions of
hard drives around the world. As we've moved from more efficient
systems like Napster to less efficient ones like Kazaa, it has become
considerably harder to find bluegrass, folk, or madrigals, but not that
much harder to find songs by Britney, 50 Cent, or John Mayer. And as
with the shift from Napster to Kazaa, the shift from Kazaa to
socially-bounded systems will have the least significant effect on the
most popular music.
The worst news of all, though, is that songs are not randomly
distributed. Instead, user clusters are a good predictor of shared
taste. Make two lists, one of your favorite people and another of your
favorite songs. What percentage of those songs could you copy from
those people?
Both of those lists are probably in the dozens at most, and if music
were randomly distributed, getting even a few of your favorite songs
from your nearest and dearest would be a rare occurrence. As it is,
though, you could probably get a significant percentage of your
favorite songs from your favorite people. Systems that rely on small
groups of users known to one another, trading files among themselves,
will be less efficient than Kazaa or Napster, but far more efficient
than a random distribution of music would suggest.
What Happens Next?
Small amounts of social file-sharing, by sending files as email
attachments or uploading them to personal web servers, have always
co-existed with the purpose-built file-sharing networks, but the two
patterns may fuse as a result of the Crush the Connectors strategy. If
that transition happens on a large scale, what might the future look
like?
Most file-sharing would go on in groups from a half dozen to a few
dozen -- small enough that every member can know every other member by
reputation. Most file-sharing would take place in the sorts of
encrypted workspaces designed for business but adapted for this sort of
social activity. Some users would be members of more than one space,
thus linking several cells of users. The system would be far less
densely interconnected than Kazaa or Gnutella are today, but would be
more tightly connected than a simple set of social cells operating in
isolation.
It's not clear whether this would be good news or bad news for the
RIAA. There are obviously several reasons to think it might be bad
news: file-sharing would take place in spaces that would be much harder
to inspect or penetrate; the lowered efficiency would also mean fewer
high-yield targets for legal action; and the use of tools by groups
that knew one another might make prosecution more difficult, because
copyright law has often indemnified some types of non-commercial
sharing among friends (e.g. the Audio Home Recording Act of 1992).
There is also good news that could come from such social sharing
systems, however. Reduced efficiency might send many users into online
stores, and users seeking the hot new song might be willing to buy them
online rather than wait for the files to arrive through social
diffusion, which would effectively turn at least some of these groups
into buyers clubs.
The RIAA's reaction to such social sharing will be unpredictable. They
have little incentive to seek solutions that don't try to make digital
files behave like physical objects. They may therefore reason that they
have little to lose by attacking social sharing systems with a
vengeance. Whatever their reaction, however, it is clear that the
current environment favors the development and adoption of social and
collaborative tools, which will go on to have effects well outside the
domain of file-sharing, because once a tool is adopted for one purpose,
it often takes on a life of its own, as its users press such social
tools to new uses.
游牧人Roger
by Robert Kaye
03/05/2004
Editor's note: At the recent O'Reilly Emerging Technology Conference in
San Diego, CA, Robert Kaye lead a talk on Next Generation File Sharing
with Social Software. For those who were able to attend, this essay
builds upon that session. And if you missed the talk all together, you
can now get up to speed.
Open file sharing systems like Kazaa welcome everyone on the net and
enjoy a broad selection of content. The selection is so vast that Cory
Doctorow calls it "The largest library ever created." (Personally, I'd
call it the "largest and messiest library ever created," but that is
another essay entirely.) However, this vast selection comes with a
significant risk attached -- outsider attackers who want to stop you
from sharing files and would like to throw you in jail or pilfer your
college fund.
The natural reaction is to run away and hide from the bad guys and play
in your own sandbox that the bad guys cannot even see. Due to the
recent massive lawsuit waves from the bad guys, there is more talk than
ever about Darknets, which are networks that hide themselves and their
members from public view.
Combining file sharing applications with social networks enables people
to create a trusted network of their friends to keep out the bad guys.
The definition of bad guys is up to the user to determine -- in a lot
of cases, the bad guys would be the lovely folks slinging lawsuits. But
these networks can easily be used for legitimate non-infringing uses,
such as sharing personal information with a network of friends while
keeping it out of reach of marketers and identity thieves.
Social networks designed for file sharing should focus on three goals:
share your files with others in your network, discover new files from
other members, and protect the network from outside attackers. To
achieve these goals, the social network needs to be founded on a
well-defined social model.
Social Models
To find social models that can be employed for these next generation
networks, we can look toward human evolution. Jared Diamond's
perspective on human evolution, as told in Guns, Germs and Steel,
points out that humans first formed hunter-gatherer tribes in order to
share the burden of food production. As tribes grew in size, they
combined to create chiefdoms, and from there they created states like
those in which we live now.
To apply this concept, the network starts with a group of trusted
people forming a tribe of people. Starting a tribe as a friendnet,
where each connection is backed up by a meatspace connection, is an
excellent starting point. However, sharing files inside of a small
tribe is only interesting for a short while because it presents a
limited search horizon. If tribes connect with other tribes to form
chiefdoms, the search horizon expands with each new connection in the
chiefdom. Finally, connect chiefdoms to other chiefdoms to form states,
and the search horizon may start to look similar to the search horizons
in open file-trading systems.
Each tribe should carefully select tribal elders who will set the tone
of the network and determine social policies for the network. The
elders should be aware of the tribal members and their strengths and
weaknesses in order to set policies that are effective for the group.
The elders should focus the tribe on its primary goals and continually
evaluate the state of the tribe to ensure that its members are well
educated on the tribal policies.
Tribal elders must be aware that outside attackers can use social
attacks on the network. For instance, if a number of members of a
movie-swapping tribe are hanging out at their local coffee shop, they
should be aware that attackers may appear as smooth-talkers with lots
of knowledge about movies and claims of having a large collection of
relevant movies. If one tribal member falls for the attack and invites
the attacker into the network, the entire network is at risk. We'll go
into the risks from attacks in more detail later, but tribal elders
need to understand these risks and educate their tribe to act
accordingly.
The tribal elders are the guardians of the network who should use their
awareness of the network and its members to continually reevaluate the
relationships between members and other tribes. These elders should
select or design the appropriate social policies for their tribes and
oversee privileges of their members as members establish (or destroy)
their reputations.
Social Policies
Social policies dictate who can be invited to the network; how must the
reputation of a potential member be verified, if at all? What other
tribes can this tribe link to and trade with? Is it OK for the tribe to
end their questions in prepositions? What structure is appropriate for
the tribe? A loose collaboration or a rank-and-file hierarchy?
All of these questions will influence the social policies of the
network, and unlike open file-trading systems, care must be exercised
when creating and expanding networks that are designed to keep out
attackers. The social policies of these networks have a direct impact
on the security of the network. A loose network with few rules and lax
reputation verification is more susceptible to compromise. A tight
network with many access controls will be more secure, but it will have
more restricted search horizons. The key for the tribal elders is to
pick a set of policies that balances security with the utility of the
network.
The social policies also determine what sort of social network will be
created. Loose connection policies will yield more chaotic systems that
look like Friendster, and more refined policies will yield systems that
resemble systems like LinkedIn. Social policies will need to address
the most pressing social issues before they arise. For instance,
Friendster should have anticipated Fakester accounts and set a policy
for these accounts before it ever opened its doors. Changing terms of
service and social policies radically after a network has been formed
only serves to alienate its users.
Search Horizons
One of the drawbacks to using a social network to enable file sharing
is that the search horizons will be more limited in comparison to
Kazaa/Napster/et al. There will be fewer people in the network and you
will not have terabytes upon terabytes of data. Is having the world's
largest, messiest and duplicated library going to help you discover new
items of interest?
Not likely -- I think that file sharing through social networks enables
users to explore their strong and weak ties. Random connections in P2P
networks are not even weak ties -- they are random ties. Exploring the
weak ties in your network is likely to give you access to more relevant
information/content than a random tie. People tend to associate with
friends with whom they share some common bond, and this common bond is
likely going to result in some shared tastes.
Perhaps these social networks can influence some change and shift users
away from a "I'm looking for this track!" mentality to a "What are my
friends listening to?" mentality. Napster exemplified this focus on
quantity; it is time to consider quality above quantity and use the
network for discovery as well as sharing.
Architecture: Central Server
Related Reading
Dancing Barefoot
By Wil Wheaton
At the heart of this system lies a central server that implements the
social network features. This server would implement a generic social
network system via web services that could be used to create open
social networks like Friendster, or Darknet applications like
underground apple-pie recipe trading. This central server would be used
for identification, authentication, availability, and network
relationships of users. The server should not know what the social
network is being used for -- a legitimate application should look
exactly the same as an infringing application to the outside world.
P2P advocates will be quick to point out that a central server is a
weak link in the system -- both from a technical and an outside
attacker perspective. Granted, the server is a central point of
failure, but so far, algorithms that implement a distributed
web-of-trust have not come of age. As far as I can see, there isn't a
solid solution for implementing a distributed social network that is
resistant to outside attacks -- yet.
>From a legal attackers perspective, the central server presents no
useful information. Should a server be compromised, the legal attacker
would find no proof that any illegal activities were happening. In
fact, the central server should contain no incriminating or otherwise
useful information about the social network. The most useful thing
gleaned from the central server would be the IP addresses of other
members of the network -- that's all.
This approach has two other benefits: legal attackers cannot use direct
or vicarious infringement attacks on the server, since the server
cannot know if the networks are used for infringing uses. Also, the
central server solves the pesky P2P bootstrapping problem of finding
the network to join. Here the central server will be able to give
clients the IP addresses of other members who are currently online.
Architecture: P2P Client
To build a P2P client for this network, an existing client could be
employed or a new one could be developed. All of the learning from P2P
research in the last few years could be applied to creating a high-tech
client that uses best-of-class software like BitTorrent and Kademlia.
Given how many good P2P systems are floating about the world today, it
is clear that this is not a difficult problem.
The P2P client could employ a Gnutella-like query-routing protocol or
use external identifiers like Bitzi's Bitprints, MusicBrainz
identifiers, or IMDB identifiers, coupled with a distributed hash table
like Kademlia.
The system should undoubtedly use a system that automatically creates
the BitTorrent trackers to maximize the bandwidth utilization of the
file sharing clients.
No rocket science here, move along.
Invitations and Detection Avoidance
To join a social file-sharing network, you will need an invitation from
an existing member. Invitations are simply small XML files that contain
the right keys for joining the network. The invitations may also
specify the right parameters for finding the network, since Darknets do
their best to not operate out in the open.
First off, all traffic flowing through the social network, including
file transfers, should be tunneled via SSH, so that someone sniffing
your network connection cannot tell the difference between a legitimate
VPN connection or an infringing trade of the hottest apple-pie recipe.
Second, the applications that form the social network should attempt to
blend into the landscape and either be invisible or indistinguishable
from normal network infrastructure, such as an SSH server. The easiest
form of this is to operate on the same port as the SSH server itself. A
more complicated approach of Port Knocking was recently proposed on
Slashdot -- it requires a series of predetermined failed connection
attempts to the server before the server opens the real port for the
client.
Another approach is port changing, where the server and the client
frequently switch ports on which they listen to for connections. The
invitation could include the parameters needed to calculate which port
a server would be listening on for any given time.
Regardless of which technique is employed, the goal is the same:
outside attackers see nothing but SSH connections.
Security
The applications that make up the social network should employ standard
off-the-shelf tools like SSH, PGP and BitTorrent. After all, these
tools specialize in their respective areas, and it is not wise to
reinvent the wheel -- especially when it comes to security. Any network
connection made by the file-sharing software should be tunneled via an
SSH connection.
The baseline security model of this software should be to revert back
to the same security of an open system in the case of a system
compromise. If the system is busted wide open for some reason, only the
IP addresses of the participants should be exposed. In today's legal
climate, having solely an IP address forces the attackers to file
anonymous John Doe lawsuits. This is exactly the same procedure
reserved for people who use open systems like Kazaa.
This fact gives users of social software file-sharing applications a
leg up on file sharers using Kazaa. Mounting an attack on Kazaa users
requires freely available and easy-to-use network tools. Mounting an
attack on a network fortified with SSH requires vastly different tools
and a brute-force attack is out of the question. Thus, the attackers
are more likely to stick to pursuing the users of open file-trading
applications.
The most vulnerable part of a social network is the users themselves.
As security experts have been saying for a long time, most successful
attacks are not technical attacks, but attacks that exploit the
weaknesses of the users. Passwords jotted down in insecure locations,
or smooth-talking attackers convincing users of their benign nature,
present far greater weakness than the SSH protocol.
Ultimately, the security of the network lies in the hands of the users.
This is why the social policies set by the tribal elders are so
important -- the policies affect the mindset of the user, which in turn
affects their behavior. Social policies that permit promiscuous
behavior can lead to security breaches.
Attack Model
Analyzing the possible attacks on a social file-sharing network gives
us three possible attacks:
Server attack: The central server gets hacked, raided by legal
attackers, or otherwise compromised. Since the server operates blindly
with respect to what the clients are doing, the server contains no
incriminating evidence. The attacker cannot tell a recipe-trading
network from a movie-trading network. At worst, the IP addresses of the
members can be exposed and those must be pursued with a John Doe
lawsuit.
Client attack: A client gets hacked, raided by legal attackers, or
otherwise compromised. The compromised client could potentially
continue operating and collect the IP addresses of everyone in the
network. Incriminating behavior could be observed.
Social client attack: An attacker gets invited to the network and
starts participating in the network. Over time, the attacker can
collect all of the IP addresses of the members and possibly observe
incriminating behavior.
At worst, the server attack yields IP addresses that may not have
committed any infringement. Client attacks expose the IP addresses and
possibly allow the attacker to observe infringing activities. While
this model may seem catastrophic, it's better than the open P2P system
model that Kazaa uses. Given that attackers are likely to attack the
easy targets first, using a social network to share files presents an
increased level of security -- for now.
References
Guns, Germs, and Steel: The Fates of Human Societies by Jared Diamond
Smart Mobs: The Next Social Revolution by Howard Rheingold
Urban Tribes: A Generation Redefines Friendship, Family, and Commitment
by Ethan Watters
File Sharing goes Social by Clay Shirky
Should a time come when all open systems have been eradicated, this
system will need extra fortification. As the much discussed
web-of-trust algorithms and anonymization algorithms come of age, these
algorithms should be adapted for use with social file sharing to
continually improve the attack resistance of these networks.
Conclusion
Over the past few years, we've learned a number of legal and technical
lessons that allow us to build more secure and effective file-sharing
systems today. Using detection-avoidance schemes and common security
tools like SSH and PGP forces the attackers to take a different track
when attacking next-generation file-sharing systems. Attackers must now
employ social attacks to take down file-sharing systems, and social
attacks don't scale as well as online attacks that can be assisted with
computer tools.
The security model presented here is only sufficient for a limited time
-- over time, more advanced web-of-trust algorithms should be used to
further mitigate the damage of a compromised network.
Finally, it should be stressed again that the security of a social
network grows out of the social policies set for the network. Tribal
elders and members of the network need to be continually vigilant to
keep the network safe from outside attackers.
Robert Kaye is the Mayhem & Chaos Coordinator and creator of
MusicBrainz, the music metadata commons.
from:
http://www.openp2p.com/pub/a/p2p/2004/03/05/file_share.html