OneSwarm network improves file-sharing control, anonymity
University of Washington researchers this week have released a peer-to-peer file-sharing technology that actually does, or can, limit one's sharing to one's actual peers. The client, called OneSwarm, uses a "friend-to-friend" (F2F) model that gives users extremely granular, extremely hard-to-expose sharing capabilities.
The OneSwarm technical paper, (PDF available here) submitted by graduate students Tomas Isdal and Michael Piatek and faculty members Arvind Krishnamurthy and Tom Anderson, is quite explicit in its concerns about the dangers of indiscriminate sharing. "Although widely used, currently popular P2P networks expose the sharing behavior of their users to scrutiny by third parties," the paper's conclusion states.
Anonymity's not a new consideration for the builders of file-sharing networks, but the OneSwarm folks tackle the matter from a slightly different angle. You're not exactly anonymous (strong anonymity being rather more difficult than one might expect, given a sufficiently powerful and determined monitor), but your data isn't out there flapping in the wind either -- unless you really want it to be.
In the paper they've submitted, the researchers explain that restricting direct sharing to trusted peers with verifiable, persistent identities disallows intrusive drive-scanning of, say, the sort the RIAA has done in the past. (As blogger David Barnett puts it, "Keep pushing, RIAA. You're giving birth to a very angry child. And if you think it's painful now, just wait until it grows up.")
Instead, the browser-based OneSwarm works to obfuscate the path the data takes between host and recipient. Data is forwarded through a mesh of multiple intermediaries, making it difficult to trace the source and even difficult to ascertain that the moving data is, in fact, a particular shared file. (Mmm, onionskin routing.) That approach also removes the "bottleneck" of node-organized sharing systems such as Tor.
Not everything has to be shared, even among friends. Files, directories or both can individually be shared with all one's friends, shared with some of one's friends, shared publicly, and so forth -- a security enhancement, quite possibly, for businesses that habitually pass files back and forth. Friends can be imported from a local network, added manually (for those among us comfortable working with public keys), or imported from one's Google/Gtalk stash.
The client -- available for Windows, Mac OS X, and Linux, but best used according to the FAQ with any browser that isn't Internet Explorer -- is based on BitTorrent, though its strongest privacy protections aren't available when doing straight-up Torrenting. The more secure friend-to-friend features are built on well-known cryptographic standards such as SSL and X.509.
The software is free and open-source. It's also still a work in progress; a prominent warning on the download page cautions that the software is still under active development. The page goes on to warn, once more, "Do not rely on OneSwarm for strong anonymity. Although we have been using OneSwarm internally for several months, many bugs likely remain undiscovered."
A player capable of transcoding a number of popular audio and video formats on the fly is included.