Re: How to fight abuse of mldonkey [Was: Re: [Mldonkey-users] Emule]

[Goswin Brederlow]

Christian Brandt <address@hidden> writes:

> Am Mittwoch, 4. September 2002 13:07 schrieben Sie:
> 
> > I'm thinking about a monetary system. Each action costs something.
> > Each client accounts for the actions. If you upload the same you
> > download the money balances and you don't have to pay and don't get
> > payed. Thats the easy case.
> 
>  Monetarian Systems need either one/several central servers (baaad) or they 
> demand execution of code on a local system (baaad). Try to avoid central 
> servers and don't believe code running on a remote system.

No, electronic cash can be made with simple cryptographic methods.
The problem is that you have to trust the creator of that money. Thats
where the public opinion comes in. I would trust and accept money from
anyone I donwloaded some files from, esspecially friends. With
signatures I would also accept money from clients my friends
downloaded files from and so on.

This would add states of trust to clients. One might not want
that. Also by tracing the money one could trace what files a client is
intrested in, but you can do that now too.

>  Some time ago I was thinking about a simple scheme which kicks out at 
> least the lonely hacker: 
> 
> http://forums.edonkey2000.com/phpBB/viewtopic.php?t=31533&highlight=&sid=92d3af26e1c6a405970a83c0b5b2f780

I will look at that.

>  Its based on "upload/download bandwidth ratio"
> 
>  One could also think about using "other" ratios / balancing, like "trust" 
> or "friendship" or "Up/Download-Byte-Ratio" but I think this wouldn't be 
> the real donkey and most of those ratios would remove the "stateless" 
> design of Donkey, e.g. you don't have to save information about your 
> partners while mldonkey is not running. Statelessness is something good, as 
> it makes it harder to "hack" data and removes your tracks by concept.
> 
> > If there is a inbalance the clinets have to exchange some monetray
> > token. This could be a simple random number cryptographically
> > signed (public/private key method). By knowing the public key of a
> > client you can verify the signature.
> 
>  Well, Money can be faked, public oppinion not.

You can only fake your own money. You can start a new client and start
giving out money. But after a short time everyone would have some of
yor money and nobody would trust it. They couldn't pay anyone else
with your money. Then noone gies you any files and you have to make a
new client.

So question is how often do you have to start new?

Also a very strict and secure system would need everyone to be online
for their money to be usefull. With a little bit of trust money from
offline people can still be used. It depends on how save you want it
to be.

Does it realy hurt giving some unknown person, probbly a leecher, some
files? Don't make him a priority but give him some. Maybe he actually
is a honest guy and is out of cash or just started. I would never make
the system so secure that o abuse is possible, because that would hurt
the sharing more than it helps by stopping abuse.

Think about the money as a way to get more bandwith instead of
bandwith at all. You get a standart 1KB/s for 0, 2KB/s for 1, 4KB/s
for 2, 8Kb/s and so on. How does that sound?

> > The money tokens could then be passed on to other clients, they don't
> > have to be the clients own tokens. As long as the recipient knows the
> > right public key the token can be verified. The keys itself could
> > carrie signatures about how trustworthy that clients tokens are. (Your
> > idea of propagation of good clients).
> 
>  I would like some form of trust, too, but not like "here comes a token so 
> you have to trust UserX from now on and offer him a better ratio". I would 
> be ok with "Hi, I am running a donkey and everybody in my buddylist gets a 
> little bit better ratio. Buddies of my Buddies may see me and ask me, but 
> their buddies do not see me and can't ask me". That would be nice. But that 
> wouldn't be the true Donkey anymore ;-)=

No it wouldn't. Also money would not mean that you have to trust
someone.

But think about this. Two stranger connects to you. One has some money
from one of your buddies. So you know one has uploaded some files to
one of your buddies. Wouldn't you prefer him?

> > Secondly the amount of money a client is willing to pay for something
> > should set the priority of an upload. Of cause you would want to
> > upload to the client paying you the most and download from a client
> > that charges least. If you have a low download limit you wouldn't pay
> > a extra fee for speedier download, since your limit would be maxed out
> > anyway. and so on.
> 
>  Also Money is not stateless. It has "content" far beyond onetime-use and 
> therefore prone to Hacking.
> 
>  You may ask, why have I all these weird ideas? Basically its all about 
> Quake... when the quakesources were released we thought about a 
> non-hackable protocol which nearly resembles parts of the 
> donkey-core-protocol... no, we haven' implemented it, with todays 
> connections lag would run somewhere at 500-5000ms...

The money would have the reverse effect. Hacking can be only done for
a very short time. Of cause it would introduce a state but hacking
would reduce that state so that noone is willing to upload to you or
at least not much. Given the creator of a money token is online you
can allways check the money. If not you need some trust, but not
much. If the trust fails you also can know who cheated and with proper
tokens that can be proven.

Electronic cash has been studied a lot and some nice safe ways for it
are known and can work with p2p networks.

MfG
        Goswin