Thanks, Lucky, for helping to kill gnutella

AARG! Anonymous remailer at aarg.net
Fri Aug 9 20:25:40 PDT 2002 

Several people have objected to my point about the anti-TCPA efforts of
Lucky and others causing harm to P2P applications like Gnutella.

Eric Murray wrote:
> Depending on the clients to "do the right thing" is fundamentally
> stupid.

Bran Cohen agrees:
> Before claiming that the TCPA, which is from a deployment standpoint
> vaporware, could help with gnutella's scaling problems, you should
> probably learn something about what gnutella's problems are first. The
> truth is that gnutella's problems are mostly that it's a screamer
> protocol, and limiting which clients could connect would do nothing to fix
> that.

I will just point out that it was not my idea, but rather that Salon
said that the Gnutella developers were considering moving to authorized
clients.  According to Eric, those developers are "fundamentally stupid."
According to Bram, the Gnutella developers don't understand their
own protocol, and they are supporting an idea which will not help.
Apparently their belief that clients like Qtrax are hurting the system
is totally wrong, and keeping such clients off the system won't help.

I can't help believing the Gnutella developers know more about their
own system than Bram and Eric do.  If they disagree, their argument is
not with me, but with the Gnutella people.  Please take it there.

Ant chimes in:
> My copy of "Peer to Peer" (Oram, O'Reilly) is out on loan but I think Freenet
> and Mojo use protocols that require new users to be contributors before they
> become consumers.

Pete Chown echoes:
> If you build a protocol which allows selfish behaviour, you have done
> your job badly.  Preventing selfish behaviour in distributed systems is
> not easy, but that is the problem we need to solve.  It would be a good
> discussion for this list.

As far as Freenet and MojoNation, we all know that the latter shut down,
probably in part because the attempted traffic-control mechanisms made
the whole network so unwieldy that it never worked.  At least in part
this was also due to malicious clients, according to the analysis at
http://www.cs.rice.edu/Conferences/IPTPS02/188.pdf.  And Freenet has been
rendered inoperative in recent months by floods.  No one knows whether
they are fundamental protocol failings, or the result of selfish client
strategies, or calculated attacks by the RIAA and company.  Both of these
are object lessons in the difficulties of successful P2P networking in
the face of arbitrary client attacks.

Some people took issue with the personal nature of my criticism:

> Your personal vendetta against Lucky is very childish.

> This sort of attack doesn't do your position any good.

Right, as if my normal style has been so effective.  Not one person has
given me the least support in my efforts to explain the truth about TCPA
and Palladium.

Anyway, maybe I was too personal in singling out Lucky.  He is far from
the only person who has opposed TCPA.

But Lucky, in his slides at http://www.cypherpunks.to, claims that TCPA's
designers had as one of their objectives "To meet the operational needs
of law enforcement and intelligence services" (slide 2); and to give
privileged access to user's computers to "TCPA members only" (slide 3);
that TCPA has an OS downloading a "serial number revocation list" (SNRL)
which he has provided no evidence for whatsoever (slide 14); that it
loads an "initial list of undesirable applications" which is apparently
another of his fabrications (slide 15); that TCPA applications on startup
load both a serial number revocation list but also a document revocation
list, again a completely unsubstantiated claim (slide 19); that apps then
further verify that spyware is running, another fabrication (slide 20).

He then implies that the DMCA applies to reverse engineering when
it has an explicit exemption for that (slide 23); that the maximum
possible sentence of 5 years is always applied (slide 24); that TCPA is
intended to: defeat the GPL, enable information invalidation, facilitate
intelligence collection, meet law enforcement needs, and more (slide 27);
that only signed code will boot in TCPA, contrary to the facts (slide 28).

He provides more made-up details about the mythical DRL (slide 31);
more imaginary details about document IDs, information monitoring and
invalidation to support law enforcement and intelligence needs, none of
which has anything to do with TCPA (slide 32-33).  As apparent support for
these he provides an out-of-context quote[1] from a Palladium manager,
who if you read the whole article was describing their determination to
keep the system open (slide 34).

He repeats the unfounded charge that the Hollings bill would mandate TCPA,
when there's nothing in the bill that says such a thing (slide 35);
and he exaggerates the penalties in that bill by quoting the maximum
limits as if they are the default (slide 36).

Lucky can provide all this misinformation, all under the pretence,
mind you, that this *is* TCPA.  He was educating the audience, mostly
people who were completely unfamiliar with the system other than some
vague rumors.  And this is what he presents, a tissue of lies and
fabrications and unfounded sensationalism.

Don't forget, TCPA and Palladium were designed by real people.  In making
these charges, Lucky is not just talking about a standard, he is talking
about its authors.  He is saying that those people were attempting to
serve intelligence needs, to make sure that people had to run spyware,
to close down the system so it could keep "undesirable" applications off.
He is accusing the designers of far worse than anything I have said
about him.  He is basically saying that they are striving to bring about
a technological police state.

And yet, no one (other than me, of course) dared to criticize Lucky for
these claims.  He can say whatever he wants, be as outrageous as he wants,
and no one says a thing.  I don't know whether everyone agrees with him,
or is simply unwilling to risk criticism by departing from the groupthink
which is so universal around here.

I asked Eric Murray, who knows something about TCPA, what he thought
of some of the more ridiculous claims in Ross Anderson's FAQ (like the
SNRL), and he didn't respond.  I believe it is because he is unwilling
to publicly take a position in opposition to such a famous and respected
figure.

But anyway, maybe I was too personal in criticizing Lucky.  Tell you what.
I'll apologize to Lucky as soon as he apologizes to the designers of
TCPA for the fabrications in his slide show.  Deal?

------------------------------------------------------------------------

[1] We are talking to the government now, and maybe this is where we get
some advantage from having a broad industry initiative.  Our fundamental
goal is "let's do the right thing." We have pretty strong feelings about
what the right thing is on terms of making sure that things are truly
anonymous and that key escrow kinds of things don't happen.  But there
ARE governments in the world, and not just the U.S. Government.
http://www.techweb.com/index/news/Hardwa...WB19980901S0016/INW20020626S0007

More information about the cypherpunks-legacy mailing list