Brightnets are Owner Free File Systems 502
elucido writes "OFF, or the Owner-Free Filesystem is a distributed filesystem in which everything is stored in reference to randomized data blocks, as opposed to a 1:1 copy of the original data being inserted. The creators of the Owner-Free Filesystem have coined a new term to define the network: A brightnet. Nobody shares any copyrighted files, and therefore nobody needs to hide away. OFF provides a platform through which data can be stored (publicly or otherwise) in a discreet, distributed manner. The system allows for personal privacy because data (blocks) being transferred from peer to peer do not bear any relation to the original data. Incidentally, no data passing through the network can be considered copyrighted because the means by which it is represented is truly random." Their
main wiki page discusses a bit of what this means and how it might work as well. I've been saying that we need this for many years now, if only because we all have 10 gigs free on our machines and if we could RAID the internet we'd need fewer hard drives.
Re:Psst. Copyright doesn't work like that! (Score:4, Interesting)
The data would change from (Score:3, Interesting)
"copyrighted data"
to
"encrypted copyrighted data"
The first is merely infringement. The second is conspiracy to commit infringement, and you will have lost any chance of defending with "I didn't know it was copyrighted".
Curiously enough things like this are exactly why "conspiracy to commit" crimes exist.
Furthermore, unless I'm making a stupid mistake, it doesn't actually distribute the data, the key to find the data in the P2P net is the same length as the original data, in the random case, which buys you exactly ... nothing. You have to download the file twice.
This thing does not evade copyright law, and it's inconvenient to boot. I don't think I'll be placing a second look.
Re:Data != Information (Score:5, Interesting)
From the Wiki (Score:5, Interesting)
"A simple analogy is seen in that every number has an infinite number of representations (3+2=5, 2*2+1=5, 10-5=5, 10/2=5, etc). Even if the number (file) in question can be copyrighted under current legislation, it is practically impossible and unreasonable to state that every other representation of that particular number is copyrighted."
Actually, no, it's not unreasonable or impractical. In fact, that's how it actually works. Star Wars is copyrighted as a DVD, Film, mpeg, script, live performance, song, interpretive dance, etc. ..right?
Re:Psst. Copyright doesn't work like that! (Score:4, Interesting)
You copyright the actual tangible information. Attempting to abstract the law into mathematics is pointless. They are not compatible.
You're dead right. What is interesting is that if you're "caught" with some of these random blocks on your disk, they're just random blocks of data. You can't decode them unless you have the key, hence there's no charge of copyright infringement.
One problem with the proposal (which, by the way, is very obvious, and is how FreeNet and other systems work) is that their key length needs to be the same length as the data, because it's effectively a One Time Pad. If it's any shorter than the original data, then there will be a way to unencrypt the data without the key (proof by a simple counting argument).
Rich.
Worrisome... (Score:5, Interesting)
http://wiki.offdev.org/Talk:Why_is_OFF_safe%3F [offdev.org] :
Trojan detected with avg free
Another side to the safety issue. I'm hoping this is a false positive, as I like OFF
* avg free v7.5.516 virus base 269.17.13/1208 finds
o Trojan Generic9.AKLU in
+ offsystem.exe from OFFStystem-0.18.00-win-installer.exe from sourceforge January 3 2008
This is worrisome...
Re:Encryption (Score:5, Interesting)
Replying to my own post, but this IS just a sort of encryption - their main claim being because the data is encrypted, it's not copyright.
As has been pointed out below, the data transferred is not the thing copyrighted - it's what it represents. So it's an arduous and painful encryption, with high overhead, easy to crack and no plausible benefit. With some hand-wavy 'it annuls all badness from bad things' explanation.
Except that is probably bullshit to copyright lawyers
There's a great explanation of why in this essay, What Colour are your Bits. It's actually about another system based on the same sort of ideas.
http://ansuz.sooke.bc.ca/lawpoli/colour/2004061001.php [sooke.bc.ca]
The fallacy of Monolith is that it's playing fast and loose with Colour, attempting to use legal rules one moment and math rules another moment as convenient. When you have a copyrighted file at the start, that file clearly has the "covered by copyright" Colour, and you're not cleared for it, Citizen. When it's scrambled by Monolith, the claim is that the resulting file has no Colour - how could it have the copyright Colour? It's just random bits! Then when it's descrambled, it still can't have the copyright Colour because it came from public inputs. The problem is that there are two conflicting sets of rules there. Under the lawyer's rules, Colour is not a mathematical function of the bits that you can determine by examining the bits. It matters where the bits came from. The scrambled file still has the copyright Colour because it came from the copyrighted input file. It doesn't matter that it looks like, or maybe even is bit-for-bit identical with, some other file that you could get from a random number generator. It happens that you didn't get it from a random number generator. You got it from copyrighted material; it is copyrighted. The randomly-generated file, even if bit-for-bit identical, would have a different Colour. The Colour inherits through all scrambling and descrambling operations and you're distributing a copyrighted work, you Commie Mutant Traitor.
To a computer scientist, on the other hand, bits are bits are bits and it is absolutely fundamental that two identical chunks of bits cannot be distinguished. Colour does not exist. I've seen computer people claim (indeed, one did this to me just today in the very discussion that inspired this posting) that copyright law inescapably leads to nonsense conclusions like "If I own copyright on one thing, and copyright inherits through XOR, then I own copyright on everything because everything can be obtained from my one thing by XORing it with the right file." That sounds profound only if you're a Colour-blind computer scientist; it would be boring nonsense to a lawyer because lawyers are trained to believe in and use Colour, and it's obvious to a lawyer that the Colour doesn't magically bleed to the entire universe through the hypothetical random files that might be created some day. You could create the file randomly, but you didn't. Maybe you could create a file identical to the complete works of Shakespeare by XORing together two files of apparently random garbage. "Why, so can I, or so can any man;" but that doesn't mean that I am William Shakespeare.
What colour are your bits? (Score:3, Interesting)
A solution in search of a problem (Score:2, Interesting)
First off, these people don't do themselves any favours with descriptions like this:
"No data stored or transferred in OFF is copyrighted because all data is random..."
and
"...the randomized blocks do not represent the original data inserted to begin with"
Of course the data is not random. And of course it represents the original data. If either of these two nonsensical statements were true, then it would be impossible to reconstruct the original data. They may randomly generate the blocks, but the selection of blocks and parts of blocks to represent data is anything but random. What they mean is that the distrubution across many blocks in complex relationships means that a happenstance collection of blocks alone is not of any use in reconstructing the content. Sure, private storage of copyrighted data would be acceptable in this sort of encoded, distributed format. But if you publish the URL required to decode the content, you will be every bit as much in violation of copyright law as with any other form of file-sharing.
In the end, the only possible response to this technology is "so what?". If you want online storage, you can buy it by the terabyte from Amazon S3, or for that matter from your ISP. If you want P2P, this is no better than BitTorrent - and at first glance not nearly as robust.
Plus: how many people are going to be willing to put their extra disk-space permanently online, and drill a hole in their firewall so that the world can access it? Heck, I don't even do things like Seti-Online anymore - even if I trust the application, it's extra work that I just don't have time for.
Re:Encryption (Score:3, Interesting)
Of course.
But then, without copyright there is absolutely no need for the GPL.
I'm amused by this strange idea that if a society wished to provide its citizens with the right to free speech and free cultural exchange they'd first have to enact a law that would prohibit such freedom.
Bear in mind that the GPL is a means to enjoy freedom, not a means to enjoy the operation of the GPL in a copyright encumbered society.
Re:Encryption (Score:2, Interesting)
Pros: Did you upload something that allowed the mp3 to be constructed exactly?
Def: No
The defendant uploaded only information which was either random or was created to construct a legal file. There is no way to prove that any of the uploaded data had a significance beyond that. If other data exists which can be used in combination with the defendants files to construct illegal files, then that data has not even necessarily existed at the time the defendant uploaded the questionable data. If you do something and there's no law against it at the time, then you have not broken the law. If you upload your holiday photos, I can XOR Britney's works with your files and publish the result. Then you have uploaded something which allows the MP3 to be constructed exactly, or haven't you? WTF indeed.
Reinventing the wheel (Score:4, Interesting)
I love kids these days, always thinking they are clever.
A long time ago a man wrote a book, he then made an index of all the words in the book and listed them in alphabetical order.
He then re-copied the book as a reference to the index.
Original: "I am the king of scotland"
Index: AM,I,KING,OF,SCOTLAND
Story: 2-1-3-4-5
Now this idea is nothing more then seeding a network with the index of data then to rebuild a particular file you pass is an index reference.
They would simply bust people for passing the index reference.
Ironical that old book became the foundation for modern day text compression schemes that used indexes and many of the key concepts that cryptography was born from.
Clever kids, if it was still the 1500's and you were trying to smuggle banned books under the nose of the inqusition. They just burned people with the indexes just as if they had the books themselves.
Honestly do they really thing that people are that stupid? If I use a pencil to stab someone I am going to jail just the same if I had used a knife. If someone is smuggling something across the border, but I don't know what, I am still an accomplice to some degree.
Plausable deniability is a great idea but the moment one of those indexes lands on you PC your gonna get dinged for whatever the index points too.
What OFF does (Score:2, Interesting)
Re:Psst. Copyright doesn't work like that! (Score:2, Interesting)
Maybe I've misunderstood you, but that sentence seems to suggest that you don't understand how public key cryptography works.
Re:Encryption (Score:3, Interesting)
The GPL obliges provision of source code because it operates in a copyright encumbered culture, and needs to persuade licensees used to the proprietary software development business model that there is no benefit to withholding source (their inculcated inclination).
There is no need to oblige disclosure of source to derivatives in a culture used to operating without copyright.
Looking at it another way, tell me why in a culture without copyright you'd have to enact a law that prohibited the distribution of binaries without source code? Would you have special stormtroopers that would raid Jimmy's bedroom because he was caught distributing binaries without source code?
No-one's freedom is constrained if the source is withheld or obfuscated in a culture without copyright. However, there is no market for withheld or obfuscated source code in such a culture. Binaries cost nothing to make and could not be sold - they'd only be used to demonstrate that the software had been produced prior to sale.
The GPL is about reproducing the culture that would result if copyright and patent were abolished, i.e. a free culture. But remember, free as in speech, not as in beer. You still buy and sell software in a free culture, just not copies or trivial derivatives such as binaries.
Re:Data != Information (Score:3, Interesting)
The result of that kind of argument will likely be that they ignore the part that's confusing to them, and focus on the part that's simple to understand: you have the Indiana Jones movie on your hard drive, and that's a copyright violation. Simple.
"The big guy nobody likes (RIAA/MPAA) don't like this technology because they can't control it. They framed me while I was downloading Knoppix linux because they don't like this software." Big guy vs small guy. Easy to understand as well. Really, I think that could work.
Re:Encryption (Score:3, Interesting)
People involved in file-sharing have already settled litigation out of court - even when they know they're entirely innocent. Guilt is immaterial if you want to avoid the penury of prosecution.
The 'bad actors' who are sued are those the **AA wishes to make an example of to other 'bad actors' - the more naive and apparently unprosecutable the better. After all, file-sharing is a problem precisely because it's engaged in by kids and their apple pie making grannies. If it was only incorrigible pirates that did it, what would be the point of litigated settlement?
In your classes of Brightnet participant, the ones being sued would be random 'participants' irrespective of what particular role classification you'd give them.
A decade later someone might look a little more closely to see if any copies or derivatives of copyrighted works are actually prepared or distributed by participants of Brightnets, and possibly whether only certain participants could be prosecuted (subject to being determinable), but by that time umpteen thousand geeks have missed out on a college education and find themselves on a watch-list of IP thieves along with other cyber-pariahs such as terrorists, paedophiles, and crackers.
If you're going to organise the flouting of copyright then call yourself protestants and martyr yourselves against the catholic maximalism of the modern Spanish inquisition. You still suffer the same, but at least you exhibit the courage of conviction.
Re:Psst. Copyright doesn't work like that! (Score:3, Interesting)
The thing is, with the right archiving algorithm, you could encrypt a given piece of data into any integer desired. For instance, XOR an MS Office zip against a tar file of the linux kernel. Take the output and go to the judge and ask for a Cease and Desist order, on the grounds that the kernel tar is in fact a representation of MS Office.
You'd need to be a bit more subtle than that, but I expect you make a reasonably convincing spoof encryption program without too much effort. You probably wouldn't go after something with such a solid provenance as the kernel, either, but you could probably shut down a lot of smaller legitimate online distributors.
Re:Encryption (Score:3, Interesting)
You are endangering the public welfare because you are distributing something without any assurances that it is what you claim it is.
But that only truly matters in any real sense if there's potential harm to those who use it.
You don't like the ramifications. That's fine.
Actually, I don't give a shit about the ramifications. This is all hypothetical, anyway. And I'm not the "retard" (as you so eloquently put it) who refuses to address the difference between a product that has safety concerns, such as toys, food, or medicine, and a product that does not, such as a Tetris clone, despite your own use of the phrase "endangering public welfare" with respect to that Tetris clone.
All I can say is that I'd much rather live in a world with copyright and the GPL, as well as other licenses to choose from (choice is a wonderful thing), than a world without copyright that has your proposed mandatory source code forfeiture, where I could go to jail for putting a link on a website to a binary without source, all because you think that people are somehow in danger if they don't get to see the source code.
It's not encryption (Score:2, Interesting)
From what I am reading (I know, WTF am I doing actually R'ing TFA?), this isn't encryption in any sense of the word. It's hash comparison using random data. The blocks of data are not, in any way, related to the "stored" data. From what I can understand, a hash is generated using XOR against a random file block, based on some portion of the file you are "uploading". These blocks are then stored all over the place, and reused if they match someone else's (and it would seem they must, eventually... 128k is not an overwhelmingly huge address space). Each "node" (storage place) has its own unique identifier, and the blocks stored on it are referenced by other nodes to "store" the "inserted" data in the OFF.
From what I'm reading, this is either a really cool method of using up all those extra few gigs of space on everyone's hard drives (although "inserted" files triple in size, according to the wiki) which has nothing to do with copyright stuff (assuming you're not sharing the locator info), or this is just one more hoop to jump through in an attempt to keep the MAFIA (Movie And Film Industries of America) from noticing that your Brittney Spears collection is growing again. If the former, it's less than ideal. If the latter... well, at least Deep Packet Inspection (is that like a colonscopy for data?) won't be able to tell that you're pulling down mixes of "Oops I did it again" again. And, as other posters have stated... if you can show that the data you downloaded is actually a linux ISO and a video of you playing with your new dog in your own back yard, why does it matter that you can also convert it into a copy of that new blockbuster movie?
Obfuscation of a ubiquitous behavior seems like a poor solution, too.
If the majority of people are doing it, why is it still a legal issue?
On the other hand, the wiki has this bit about how game patches could be distributed using just a little more bandwidth than the executable itself. I'm wondering if that's per download, or if it's a one-time bandwidth chunk.
In summary, the concept of a global network of data storage is pretty neat, but I think we will find in the end that this particular implementation is flawed... assuming it doesn't turn out to be just a hack to hide illegal activites from the authorities. Paradigm-changing new tech I'm interested in. Arms race, not so much. Fight copyright, not enforcement.
Re:Encryption (Score:4, Interesting)
I read all the wiki had to offer. I agree that this is a problem - I'm going to see if I can post to their complaint forum as well.
Basically you have a URL that contains 4 pieces of information.. A file name (largely meaningless except to the end user), a file-size, and 3 30-Byte SHA-1 hashes, referred to here as a 3-tuple (represented in HEX). You search the local disk cache for file names that match each of the SHA-1 digests. For every digest file not found, search the local network for a match and download the block locally (this is the peer-to-peer part).
You XOR the contents of the 3 blocks (which happen to be sized at 128K - no significance) to produce the decoded data.
The first decoded block (provided from the URL) is a sequential-list of 90 byte 3-tuples (similar to the original URL). The contents of all of these 3-tuples are the desired data, except the last 3-tuple which is a chain to the next descriptor block.
The file-size tells you when to stop obviously.
The 'theory' is that highly randomized data should be randomly reused by completely unrelated data.. .mp3 and .txt files, for example. Moreover, there is 'no way to reconstruct' useful data w/o the 3-tuple AND the file-size. However, small files will have a high probability of SHA-1 collisions (and thus corrupted data - they only talk about virus corruption, but there's the more important inadvertant collsions which overwrite valid data - BackupPC resolves this by creating MD5;1 MD5;2 file-names). The large 128K should alleviate this, but also assures a low probability of block reuse.
The problem I see is that data-blocks are not inherently random by default.. In order to be practically random, you'd have to take the recommended 1TB file-system, randomize it - produce approx 8 million SHA-1 digests, then for each real-data insert, delete in an LRU fashion. Otherwise, if you only had a hundred-thousand blocks - It would not be THAT difficult to grab the first 30 bytes of every block and XOR them with several of the most recently inserted blocks until you found something that matched an existing file-name. If matched, try the next 30B, etc. Now you have a starting point AND the appropriate 3-tuple. You're only missing the file-size.. But if it spits out music in one of like 5 codecs, you've got a winner. Shouldn't be able to do statistical analysis to find random-noise or invalid media format. Many files contain internal end-of-file signifiers (.zip, .gz for example).
With 8 million records, that becomes hard(er) to do. But how long does it take to initialize that?
Now with respect to the network, there's no need to actually store the file-descriptor block remotely, Thus for highly sensitive files, you can probably encrypt the descriptor block and keep it locally (sharing on a private trusted network). But for text-based files, you'd probably still be weary of having network stored timestamp ordered data-blocks - as the contents of the last 100 blocks could easily be determined, (text files are not as order sensitive as mp3s and zip files).
The stated goal is purely open, freely shared, perfectly legal data-store... Which allows the occasionally masked sensitive data. Though the RIAA/MPAA would read it as, a front for illegal data.
They say they have better bandwith than obscured P2P networks, since you can allow open download by the RIAA as well as your clients, and it's all meaningless w/o the starting points/blocks. You do have a 3x bandwidth over a pure HTTP/FTP download - as you have to download 3 blocks to XOR against each other to produce 1 block of data. They suggest that once you have a descriptor block you 'should download the tuples in random order to reduce pattern matching by ISPs' which furthers the notion that this is for illicit purpose.
I'm highly suspicious that the SHA-1 digests produce useful collisions and provide you bandwidth reduction via your local disk-cache for the above comments.
I'm also
Reductionism vs the law (Score:3, Interesting)
The problem with this argument is it's reductionist. If you blend up 5 copyrighted works and pour them into 10 shot-glasses (the network), sure you can claim each individual shot-glass doesn't fall under the same copyright of any single one of the original works. But since you can extract each of the 5 original works from the collective set of the 10 shot-glasses, then the network as a whole does contain the copyrighted works, and does fall under copyright protection. In a sense, they have smeared each copyright out over many (possibly overlapping) chunks, but it's still there because the originals can still be retrieved. Banning the whole network seems a possible legal outcome, since non-infringing uses may still involve moving chunks which contain a partial copyright.
As much as the creators of OFF might claim their work is different to a darknet, actually it relies on very similar principles of obfuscation.
Re:Reductionism vs the law (Score:3, Interesting)
So, then, since a (good) dictionary contains all of the words in a language, it is violating the copyright of each and every creative work done in that language?
By your logic, it would seem so. I can recreate all of the works of Shakespear from a single Webster's Dictionary.
Not quite Encryption, not quite Good either (Score:3, Interesting)
Maybe, maybe not. It sounds like somebody was thinking about removing duplicate data from file systems in a significant way. They appear to have gotten side tracked by this idea of avoiding responsibility for copyright infringement, but the original concept is interesting. At least what I hope was the original concept.
Lets pretend I know the original concept, as I suspect I do, due to convergent thought processes. Essentially it is this, you get a large number of people to store chunks of indexed data and as more and more people add to the list, you remove duplicate entries beyond what is required for resiliency. For a couple thousand files, there is no significant improvement over regular existing compression algorithms, but over hundreds of millions, perhaps a couple billion, you end up with needing very little additional storage for your entire library of files. You can do backups of your entire system requiring additional storage of perhaps a couple hundred megabytes. Data is compressed on the end blocks with traditional algorithms, decompressed on the fly.
There are two problems with the implementation as I read it. First, they are randomizing the data rather than the distribution alone. I should be able to fearlessly store a couple gigabytes for anonymous users since I am gaining from the service a distributed resilient and redundant file system. However, the savings in storage are negated since two copies of the same file with different origins would have different (essentially encrypted) segments requiring double the storage of unencrypted versions.
Second, the system described in the only page I read doesn't adequately deal with data collisions. I'd be happy to make backups onto such a system if it were dependable, but leaving aside the nature of a voluntary anonymous Internet system, the possibility of data corruption would cut my desire down to practically nil.
Yes nitpickers, I do know that it isn't really encryption, but it is like enough for the purposes of my point. As to technical merits, I've done it at file level backups and it was hugely significant and reliable, I did md5.sha1 which was good enough for my purposes, but add more as fits your personal paranoia level. I was explaining my closest theory on a method that does almost this to coworkers complete with mysql database and whiteboard two weeks ago, i.e. convergent thought processes.