Re: How to fight abuse of mldonkey [Was: Re: [Mldonkey-users] Emule]

[Christian Brandt]

Am Mittwoch, 4. September 2002 13:07 schrieben Sie:

> I'm thinking about a monetary system. Each action costs something.
> Each client accounts for the actions. If you upload the same you
> download the money balances and you don't have to pay and don't get
> payed. Thats the easy case.

 Monetarian Systems need either one/several central servers (baaad) or they 
demand execution of code on a local system (baaad). Try to avoid central 
servers and don't believe code running on a remote system.

 Some time ago I was thinking about a simple scheme which kicks out at 
least the lonely hacker: 

http://forums.edonkey2000.com/phpBB/viewtopic.php?t=31533&highlight=&sid=92d3af26e1c6a405970a83c0b5b2f780

 Its based on "upload/download bandwidth ratio"

 One could also think about using "other" ratios / balancing, like "trust" 
or "friendship" or "Up/Download-Byte-Ratio" but I think this wouldn't be 
the real donkey and most of those ratios would remove the "stateless" 
design of Donkey, e.g. you don't have to save information about your 
partners while mldonkey is not running. Statelessness is something good, as 
it makes it harder to "hack" data and removes your tracks by concept.

> If there is a inbalance the clinets have to exchange some monetray
> token. This could be a simple random number cryptographically
> signed (public/private key method). By knowing the public key of a
> client you can verify the signature.

 Well, Money can be faked, public oppinion not.

> The money tokens could then be passed on to other clients, they don't
> have to be the clients own tokens. As long as the recipient knows the
> right public key the token can be verified. The keys itself could
> carrie signatures about how trustworthy that clients tokens are. (Your
> idea of propagation of good clients).

 I would like some form of trust, too, but not like "here comes a token so 
you have to trust UserX from now on and offer him a better ratio". I would 
be ok with "Hi, I am running a donkey and everybody in my buddylist gets a 
little bit better ratio. Buddies of my Buddies may see me and ask me, but 
their buddies do not see me and can't ask me". That would be nice. But that 
wouldn't be the true Donkey anymore ;-)=

> Secondly the amount of money a client is willing to pay for something
> should set the priority of an upload. Of cause you would want to
> upload to the client paying you the most and download from a client
> that charges least. If you have a low download limit you wouldn't pay
> a extra fee for speedier download, since your limit would be maxed out
> anyway. and so on.

 Also Money is not stateless. It has "content" far beyond onetime-use and 
therefore prone to Hacking.

 You may ask, why have I all these weird ideas? Basically its all about 
Quake... when the quakesources were released we thought about a 
non-hackable protocol which nearly resembles parts of the 
donkey-core-protocol... no, we haven' implemented it, with todays 
connections lag would run somewhere at 500-5000ms...

-- 
Christian Brandt

 life is short and in most cases it ends with death
 but my tombstone will carry the hiscore