You do not have permission to edit this page, for the following reasons:

This IP address has been blocked from editing Wikipedia.
This does not affect your ability to read Wikipedia pages.
Most people who see this message have done nothing wrong. Some kinds of blocks restrict editing from specific service providers or telecom companies in response to recent abuse or vandalism, and can sometimes affect other users who are unrelated to that abuse. Review the information below for assistance if you do not believe that you have done anything wrong.

The IP address or range 44.197.0.0/16 has been blocked (disabled) by ‪Blablubbs‬ for the following reason(s):

The IP address that you are currently using has been blocked because it is believed to be a web host provider or colocation provider. To prevent abuse, web hosts and colocation providers may be blocked from editing Wikipedia.
You will not be able to edit Wikipedia using a web host or colocation provider because it hides your IP address, much like a proxy or VPN.
We recommend that you attempt to use another connection to edit. For example, if you use a proxy or VPN to connect to the internet, turn it off when editing Wikipedia. If you edit using a mobile connection, try using a Wi-Fi connection, and vice versa. If you are using a corporate internet connection, switch to a different Wi-Fi network. If you have a Wikipedia account, please log in.
If you do not have any other way to edit Wikipedia, you will need to request an IP block exemption.

How to appeal if you are confident that your connection does not use a colocation provider's IP address:
If you are confident that you are not using a web host, you may appeal this block by adding the following text on your talk page: ((unblock|reason=Caught by a colocation web host block but this host or IP is not a web host. My IP address is _______. Place any further information here. ~~~~)). You must fill in the blank with your IP address for this block to be investigated. Your IP address can be determined here. Alternatively, if you wish to keep your IP address private you can use the unblock ticket request system. There are several reasons you might be editing using the IP address of a web host or colocation provider (such as if you are using VPN software or a business network); please use this method of appeal only if you think your IP address is in fact not a web host or colocation provider.

Administrators: The IP block exemption user right should only be applied to allow users to edit using web host in exceptional circumstances, and requests should usually be directed to the functionaries team via email. If you intend to give the IPBE user right, a CheckUser needs to take a look at the account. This can be requested most easily at SPI Quick Checkuser Requests. Unblocking an IP or IP range with this template is highly discouraged without at least contacting the blocking administrator.

This block will expire on 10:52, 20 August 2024.

Even when blocked, you will usually still be able to edit your user talk page, as well as email administrators and other editors.

For information on how to proceed, please read the FAQ for blocked users and the guideline on block appeals. The guide to appealing blocks may also be helpful.

Other useful links: Blocking policy · Help:I have been blocked
Your IP address is in a range that has been blocked on all Wikimedia Foundation wikis. The block was made by ‪AntiCompositeNumber‬. The reason given is Open proxy/Webhost: Visit the FAQ if you are affected .
- Start of block: 13:55, 18 August 2022
- Expiry of block: 13:55, 18 November 2024
Your current IP address is 44.197.119.13. The blocked range is 44.197.0.0/16. Please include all above details in any queries you make. If you believe you were blocked by mistake, you can find additional information and instructions in the No open proxies global policy. Otherwise, to discuss the block please post a request for review on Meta-Wiki. You could also send an email to the stewards VRT queue at stewards@wikimedia.org including all above details.

You can view and copy the source of this page:

((Multiple issues|
((more citations needed|date=April 2013))
((original research|date=May 2009))
((cleanup rewrite|date=May 2009))
))

[[Peer-to-peer file sharing]] (P2P) systems like [[Gnutella]], [[KaZaA]], and [[EDonkey network|eDonkey]]/[[eMule]], have become extremely popular in recent years, with the estimated user population in the millions. An academic research paper analyzed Gnutella and eMule protocols and found weaknesses in the protocol; many of the issues found in these networks are fundamental and probably common on other P2P networks.<ref name=":0">((cite web|last1=Bickson |first1=Danny |title=A Study of Privacy in File Sharing Networks |url=http://leibniz.cs.huji.ac.il/tr/631.ps |access-date=12 February 2013 |first2=Dahlia |last2=Malkhi |author2-link=Dahlia Malkhi |year=2004 |url-status=bot: unknown |archive-url=https://web.archive.org/web/20131012224207/http://leibniz.cs.huji.ac.il/tr/631.ps |archive-date=12 October 2013 ))</ref> Users of file sharing networks, such as eMule and Gnutella, are subject to monitoring of their activity. Clients may be tracked by IP address, DNS name, software version they use, files they share, queries they initiate, and queries they answer to.<ref name=":0" /> Clients may also share their private files to the network without notice due to inappropriate settings.<ref>((Cite book|last1=Liu|first1=Bingshuang|last2=Liu|first2=Zhaoyang|last3=Zhang|first3=Jianyu|last4=Wei|first4=Tao|last5=Zou|first5=Wei|title=Proceedings of the 2012 ACM workshop on Privacy in the electronic society |chapter=How many eyes are spying on your shared folders? |date=2012-10-15|chapter-url=https://doi.org/10.1145/2381966.2381982|series=WPES '12|location=Raleigh, North Carolina, USA|publisher=Association for Computing Machinery|pages=109–116|doi=10.1145/2381966.2381982|isbn=978-1-4503-1663-7| s2cid=13840840 ))</ref> 

Much is known about the network structure, routing schemes, performance load and fault tolerance of P2P systems in general.<ref>((Cite journal|last=Eng Keong Lua Jon Crowcroft|title=A Survey and Comparison of Peer-to-Peer Overlay Network Schemes|journal=IEEE Communications Surveys & Tutorials |volume=7 |issue=2 |pages=72–93))</ref> It might be surprising, but the eMule protocol does not provide much privacy to the users, although it is a P2P protocol which is supposed to be decentralized.<ref>((Cite journal|last=Silva|first=Pedro Moreira da|date=19 June 2017|title=Mistrustful P2P: Deterministic privacy-preserving P2P file sharing model to hide user content interests in untrusted peer-to-peer networks|journal=Computer Networks|volume=120|pages=87–104|doi=10.1016/j.comnet.2017.04.005|url=http://repositorio.inesctec.pt/handle/123456789/4318))</ref>

== The Gnutella and eMule protocols ==

=== The eMule protocol ===
eMule is one of the clients which implements the eDonkey network. The eMule [[Protocol (computing)|protocol]] consists of more than 75 types of messages. When an eMule client connects to the network, it first gets a list of known eMule servers which can be obtained from the Internet. Despite the fact that there are millions of eMule clients, there are only small amount of servers.<ref>((Cite web|title=Top Project Listings|url=https://sourceforge.net/top/|access-date=2021-09-18|website=sourceforge.net))</ref><ref>((Cite web|title=Safe Server List for eMule. Generated: September 17 2021 18:28:20 UTC+3|url=http://www.emule-security.org/serverlist/|access-date=2021-09-18|website=www.emule-security.org))</ref> The client connects to a server with TCP connection. That stays open as long as the client is connected to the network. Upon connecting, the client sends a list of its shared files to the server. By this the server builds a database with the files that reside on this client.<ref>((Cite journal|last=Yoram Kulbak and Danny Bickson|title=The eMule protocol specification|journal=EMule Project))</ref> The server also returns a list of other known servers. The server returns an ID to the client, which is a unique client identifier within the system. The server can only generate query replies to clients which are directly connected to it. The download is done by dividing the file into parts and asking each client a part.((citation needed|date=March 2012))

=== The Gnutella protocol ===

==== Gnutella protocol v0.4 ====
In Gnutella protocol V0.4 all the nodes are identical, and every node may choose to connect to every other.<ref>((Cite web|title=privacy in file sharing|url=https://inba.info/privacy-in-file-sharing_578ff20cb6d87fba528b4600.html|access-date=2020-10-23|website=inba.info|language=en))</ref> The Gnutella protocol consist of 5 message types: query for tile search. Query messages use a flooding mechanism, i.e. each node that receives a query forwards it on all of its adjacent graph node links.<ref>((Cite journal|last1=Yingwu Zhu|last2=Yiming Hu|date=2006-12-01|title=Enhancing Search Performance on Gnutella-Like P2P Systems|url=http://dx.doi.org/10.1109/tpds.2006.173|journal=IEEE Transactions on Parallel and Distributed Systems|volume=17|issue=12|pages=1482–1495|doi=10.1109/tpds.2006.173|s2cid=496918|issn=1045-9219))</ref> A node that receives a query and has the appropriate file replies with a query hit message. A hop count field in the header limits the message lifetime.((citation needed|date=March 2012)) Ping and Pong messages are used for detecting new nodes that can be linked to the actual file download performed by opening [[Transmission Control Protocol|TCP]] connection  and using the [[HTTP]] GET mechanism.<ref>((Cite web|title=Gnutella Protocol Development|url=http://rfc-gnutella.sourceforge.net/src/rfc-0_6-draft.html|access-date=2020-11-12|website=rfc-gnutella.sourceforge.net))</ref>

==== Gnutella protocol v0.6 ====
Gnutella protocol V0.6 includes several modifications: A node has one of two operational modes: "leaf node" or "ultrapeer".((citation needed|date=March 2012)) Initially each node starts in a leaf node mode in which it can only connect to ultrapeers. The leaf nodes send query to an ultrapeer, the ultrapeer forwards the query and waits for the replies. When a node has enough bandwidth and uptime, the node may become an ultrapeer.((citation needed|date=March 2012)) Ultrapeers send periodically a request for their clients to send a list with the shared files they have. If a query arrives with a search string that matches one of the files in the leaves, the ultrapeer replies and pointing to the specific leaf.((citation needed|date=March 2012))

===== Tracking initiators and responders =====

In version 0.4 of the Gnutella protocol, an ultrapeer which receives a message from a leaf node (message with hop count zero) knows for sure that the message was originated from that leaf node.((citation needed|date=March 2012))

In version 0.6 of the protocol, If an ultrapeer receives a message from an ultrapeer with hop count zero then it knows that the message originated by the ultrapeer or by one of its leaves (The average number of the leaves nodes that are connected to an ultrapeer is 200).((citation needed|date=March 2012))

===== Tracking a single node =====

Many clients of Gnutella have an HTTP monitor feature. This feature allows sending information about the node to any node which supports an empty HTTP request, and receiving on response.((citation needed|date=March 2012)) Research shows that a simple crawler which is connected to Gnutella network can get from an initial entry point a list of IP addresses which are connected to that entry point.((citation needed|date=March 2012)) Then the crawler can continue to inquire for other IP addresses. An academic research performed the following experiment: At NYU, a regular Gnucleus software client that was connected to the Gnutella network as a leaf node, with distinctive listening TCP port 44121. At the Hebrew University, Jerusalem, Israel, a crawler ran looking for client listening with port 44121. In less than 15 minutes the crawler found the IP address of the Gnucleus client in NYU with the unique port.((citation needed|date=March 2012))

===== IP address harvesting =====

If a user is connected to the Gnutella network within, say, the last 24 hours, that user's [[IP address]] can be easily harvested by hackers, since the HTTP monitoring feature can collect about 300,000 unique addresses within 10 hours.((citation needed|date=March 2012))

===== Tracking nodes by GUID creation =====

A [[Globally unique identifier]] (GUID) is a 16 bytes field in the Gnutella message header, which uniquely identifies every Gnutella message. The protocol does not specify how to generate the GUID.((citation needed|date=March 2012))

Gnucleus on Windows uses the Ethernet [[MAC address]] used as the GUID 6 lower bytes. Therefore, Windows clients reveal their MAC address when sending queries.<ref>((Cite book|last=Courtney, Kylan.|url=https://www.worldcat.org/oclc/789644329|title=Information and internet privacy handbook|date=2012|publisher=College Publishing House|others=Murdock, Keon.|isbn=978-81-323-1280-2|edition=1st|location=Delhi [India]|oclc=789644329))</ref>

In the JTella 0.7 client software the GUID is created using the [[Java (programming language)|Java]] [[random]] number without an initialization. Therefore, on each session, the client creates a sequence of queries with the same repeating IDs. Over time, a correlation between the user queries can be found.((citation needed|date=March 2012))

===== Collecting miscellaneous information users =====

The monitoring facility of Gnutella reveals an abundance of precious information on its users. It is possible to collect the information about the software vendor and the version that the clients use. Other statistical information about the client is available as well: capacity, uptime, local files etc.((citation needed|date=March 2012))

In Gnutella V0.6, information about client software can be collected (even if the client does not support HTTP monitoring). The information is found in the first two messages connection handshake.((citation needed|date=March 2012))

===== Tracking users by partial information =====

Some Gnutella users have a small look-alike set, which makes it easier to track them by knowing this very partial information.((citation needed|date=March 2012))

===== Tracking users by queries =====

An academic research team performed the following experiment: the team ran five Gnutella as ultrapeer (in order to listen to other nodes’ queries). The team revealed about 6% of the queries.((citation needed|date=March 2012))

===== Usage of hash functions =====

'' SHA-1 hashes refer to SHA-1 of files not search strings.''

Half of the search queries are strings and half of them are the output of a [[hash function]] ([[SHA-1]]) applied on the string. Although the usage of hash function is intended to improve the privacy, an academic research showed that the query content can be exposed easily by a dictionary attack: collaborators ultrapeers can gradually collect common search strings, calculate their hash value and store them into a dictionary. When a hashed query arrives, each collaborated ultrapeer can check matches with the dictionary and expose the original string accordingly.((citation needed|date=March 2012))<ref>((Cite journal|last=Zink|first=Thomas|date=October 2020|title=Analysis and Efficient Classification of P2P File Sharing Traffic|url=https://www.researchgate.net/publication/271823708|journal=Universität Konstanz))</ref>

== Measures ==

A common countermeasure used is concealing a user's [[IP address]] when downloading or uploading content by using anonymous networks, such as [[I2P| I2P - The Anonymous Network]]. There is also [[data encryption]] and the use of indirect connections ([[mix network]]s) to exchange data between peers.<ref name="Wincah">((Cite web|url=https://www.wincah.com/2023/07/jangan-bingung-simak-langkah-langkah.html|title=Don't get confused! Check Out the Simple Steps to Configure the Right IP Address|date=2023|website=wincah.com))</ref>
Thus all traffic is anonymized and encrypted. Unfortunately, anonymity and safety come at the price of much lower speeds, and due to the nature of those networks being internal networks there currently still is less content. However, this will change, once there are more users.((citation needed|date=March 2012))

((Details|Anonymous P2P))

==See also==
* [[Gnutella2]], a reworked network based on Gnutella
* [[Bitzi]], an [[open content]] file catalog integrated with some Gnutella clients
* [[Torrent poisoning]]

==References==
((reflist))

==Further reading==
* A Quantitative Analysis of the Gnutella Network Traffic - Zeinalipour-Yazti, Folias - 2002
* Crawling Gnutella: Lessons Learned - Deschenes, Weber, Davison - 2004
* Security Aspects of Napster and Gnutella Steven M. Bellovin 2001
* Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition
* [http://www-db.stanford.edu/~daswani/papers/p115-daswani.pdf Daswani, Neil; Garcia-Molina, Hector. Query-Flood DoS Attacks in Gnutella]
* [https://web.archive.org/web/20070218105521/http://www.cs.huji.ac.il/labs/danss/p2p/resources/emule.pdf eMule Protocol Specification] by Danny Bickson and Yoram Kulbak from HUJI.

==External links==
* [http://www.emule-project.net/ eMule project] Official website
* [http://sourceforge.net/projects/emule eMule on SourceForge] ([[SourceForge]]) Contains archives of past versions of eMule
* [http://www.emule-mods.de/ List of allowed eMule-Mods]

((DEFAULTSORT:Privacy In File Sharing Networks))
[[Category:File sharing]]
[[Category:File sharing networks]]
[[Category:Gnutella]]
[[Category:Internet privacy]]

Pages transcluded onto the current version of this page (help):

Privacy in file sharing networks (edit)
Template:Ambox (view source) (template editor protected)
Template:Category handler (view source) (protected)
Template:Citation needed (view source) (protected)
Template:Cite book (view source) (protected)
Template:Cite journal (view source) (protected)
Template:Cite web (view source) (protected)
Template:Cleanup rewrite (view source) (template editor protected)
Template:Delink (view source) (template editor protected)
Template:Details (view source) (template editor protected)
Template:Find sources mainspace (view source) (template editor protected)
Template:Fix (view source) (protected)
Template:Fix/category (view source) (template editor protected)
Template:Further (view source) (template editor protected)
Template:Main other (view source) (protected)
Template:More citations needed (view source) (template editor protected)
Template:Multiple issues (view source) (template editor protected)
Template:Multiple issues/styles.css (view source) (template editor protected)
Template:Original research (view source) (template editor protected)
Template:Reflist (view source) (protected)
Template:Reflist/styles.css (view source) (protected)
Module:Arguments (view source) (protected)
Module:Category handler (view source) (protected)
Module:Category handler/blacklist (view source) (protected)
Module:Category handler/config (view source) (protected)
Module:Category handler/data (view source) (protected)
Module:Category handler/shared (view source) (protected)
Module:Check for unknown parameters (view source) (protected)
Module:Citation/CS1 (view source) (protected)
Module:Citation/CS1/COinS (view source) (protected)
Module:Citation/CS1/Configuration (view source) (protected)
Module:Citation/CS1/Date validation (view source) (protected)
Module:Citation/CS1/Identifiers (view source) (protected)
Module:Citation/CS1/Utilities (view source) (protected)
Module:Citation/CS1/Whitelist (view source) (protected)
Module:Citation/CS1/styles.css (view source) (protected)
Module:Delink (view source) (template editor protected)
Module:Find sources (view source) (template editor protected)
Module:Find sources/config (view source) (template editor protected)
Module:Find sources/links (view source) (template editor protected)
Module:Find sources/templates/Find sources mainspace (view source) (template editor protected)
Module:Format link (view source) (template editor protected)
Module:Hatnote (view source) (template editor protected)
Module:Hatnote/styles.css (view source) (template editor protected)
Module:Hatnote list (view source) (template editor protected)
Module:Labelled list hatnote (view source) (template editor protected)
Module:Message box (view source) (protected)
Module:Message box/ambox.css (view source) (protected)
Module:Message box/configuration (view source) (protected)
Module:Namespace detect/config (view source) (protected)
Module:Namespace detect/data (view source) (protected)
Module:String (view source) (protected)
Module:Unsubst (view source) (protected)
Module:Yesno (view source) (protected)

Return to Privacy in file sharing networks.

Retrieved from "https://en.wikipedia.org/wiki/Privacy_in_file_sharing_networks"