July 21, 2003

P2P Anonymity Questions

Question: how much of a difference will proxy servers make?


First, will they actually work?  From what I’m reading, they will hide the IP of the sender and receiver. Is that true?


Second, could the owner of a proxy server be liable or required to identify the user?  Let’s put aside contributory liabilty arguments for the moment and consider DMCA 512.  It looks like proxy servers would fall under subsection (a) – they’re just passing information which they have no control over.


Here’s where the Verizon appeal is going to be very interesting.  The court read the subpoena subsection to apply to all service providers, even ones in subsection (a).  This seems contrary to the statute, given that those providers do not have a designated copyright agent and that there is no takedown procedure in that section.  (Perhaps a better way of dealing with Verizon would have been to put it in subsection c because the material in a loose sense resided on the network.)


If this result stands, a proxy server owner would have to turn over the identity of those who transmit through it. Do proxy servers even record such information? The information surely is “available” to them, even if they don’t record it. So would they be forced to record it?  


And would they have to block people who repeatedly infringe, subject to subsection (i)?  How do you construe account holders and subscribers?  Students at colleges and ISP subscribers obviously count, but proxy server users?


[added:] Another interesting anonymity feature is blocking others from viewing your file library.  I don’t know if you can get around this (searching using the file sharer’s name perhaps?), but, if you can’t, then it might be a way of slowing down the RIAA.  They won’t want to subpoena people for just one or two songs.

* Filed by Derek Slater at 1:37 pm under General news
* 5 Comments

5 Responses to “P2P Anonymity Questions”

  1. Joe
    July 21st, 2003 | 3:00 pm

    I just re-read 512 and I can’t find a way to hold proxy servers liable… however, with 1000 subpoenas being granted to the RIAA et al. per day… yikes…

  2. Eric Eisenhart
    July 21st, 2003 | 3:04 pm

    Proxy servers:

    Yes, proxy servers really can hide the IP of the sender and receiver, at their discretion.

    Basically, the sender and receiver both just need to connect to the proxy, so there’s no need for either to know who they are.

    You have to trust the proxy, though. The proxy will know the addresses of senders and receivers, and all data will pass through it. And you have to trust the network locations that the proxies are housed at, as well.

    The big problem with proxies is bandwidth; since everything has to go through them, they need to be capable of sustaining bandwidth equal to both the sum of all senders and the sum of all recipients. If they’ve figured out how to use existing proxies, such as those housed at the ISP the respective clients are using, this may not be as much of a problem. (Many ISPs have HTTP proxies set up; because they can cache content that’s fetched repeatedly, this helps the ISP reduce their own bandwidth usage. AOL is a good example where HTTP traffic mostly goes through a proxy)

  3. Eric Eisenhart
    July 21st, 2003 | 3:06 pm

    Also, even if they’re not liable, could their records still be seized? Could a court order to the proxy’s ISP allow the non-liable proxy’s traffic to be watched to determine who the liable end-points are?

  4. Eric Eisenhart
    July 21st, 2003 | 3:49 pm

    Whoops, missed something I wanted to respond to:

    “Do proxy servers even record such information?”

    Maybe.

    Depends on the operator, software, etc. In the case of common HTTP proxies, it’s common to record every “hit”, which includes the IP address of the requestor, specific URL retrieved, date+time, amount of data retrieved, status code (200, 404, etc.), and in the case of proxy servers that require authentication, the username of the requestor.

    A proxy configured by a paranoid administrator for the purpose of providing anonymity wouldn’t have any logging whatsoever. In the slightly less paranoid case, they might log just basic transfer amount statistics with no uniquely identifying information.

    If you want these proxies to be truly useful for anonymizing, you need to trust the proxy, you need to be communicating with the proxy over a strongly encrypted channel, there needs to be a random delay factor, and there needs to be a large pool of other users transferring data at the same time.

    In other words: you really need to trust the proxy, and a proxy that does all the things needed to disguise you thoroughly will take enough resources that you’d have to be paying for it.

  5. A Alexander Stella
    October 19th, 2003 | 5:20 pm

    Thanks to the Google search engine, I was able to find your e-mail address. Anyway, you might be interested to know about certain clauses in the United States Constitution.

    Those clauses are cited by one A Alexander “Bogey” Stella in an internet article. In his article, Mr Stella disputes the constitutionality of recent law suits, filed by the RIAA against people who download music. If you’re interested in reading the article, all you need do is scroll down a bit, after clicking on the pink hyperlink below:

    UP AGAINST THE BULKHEAD!

    ——————————————————————————–

    Well, it happens sometimes that hyperlinks have to transferred directedly, like so:

    URL: http://www.bcvoice.com/modules.php?name=News&file=article&sid=154

    Or, maybe, you need only click on my hi-lited name. Oh, one more thing, please ignore the snide remark some scabrous graffito vandal appended to the end of the article.

    ——————————————————————————–