On Dec 3, 2008, at 3:02 PM, DePriest, Greg (NBC Universal) wrote:
a) This helps but doesn't quite join the argument.
You state "There is a large amount of content that people view which
is
embarrassing but not illegal."
It's not that the content is "embarrassing but not illegal."
Rather, it's that it's being expeditiously and efficiently
distributed,
thanks to ALTO, without the content owner's permission (which I assume
is either the girls or the sheep).
It is not difficult to look out for their interests. Why wouldn't we?
Why does it have to be without the content owner's permission?
If I'm in charge of NSFWing-sheep.com, where I'm distributing large
video files in HD with all the ovine details, P2P swarms are very
attractive due to their high bandwidth and the large interest for such
things, because it shifts cost away from me and onto the ISPs. [1]
And I can maintain all my billing controls through access to the
tracker to only logged-in customers. So only those participating in
the BitTorrent swarm are the ones who have permission.
This is the entire thrust behind the commercialization of BitTorrent
and Amazon's S3 support for BitTorrent: it allows lower cost (to the
content provider) distribution of large, popular files.
In such an environment, the ovine afficianatos can find out each other
(thats the natural limit of P2P), but if someone can't access my
tracker, someone can't find out who else is interested.
It is natural to desire that any localization scheme have the same
property: only swarm participants should know BOTH the file AND the
participants. After all, the ISP can also know the participants
thanks to traffic analysis, but with encryption, can't know the file
contents.
And if the design is the tracker provides a random NONCE as a swarm ID
for purposes of localization, with the ALTO servers only telling peers
with the nonce about other peers with the same nonce, you have the
best-case privacy property:
The Alto server can only reveal participants to other participants
when both know the nonce, and the ALTO server doesn't know the file,
just the participants.
And you want arbitrary content hosts to be able to create localization
Nonces (no access control). You don't register with a central
authority to put up a web page, why should you register with a central
authority to improve P2P behavior?
b) Not to sidetrack my central point (above), but it seems to me
it's a
bit of a hollow exercise to call for privacy while noting "Someone
within the network can always see who else is viewing that file if
they
can get the hashkey for that file..."
I'm not a privacy expert. Am I missing something?
The key privacy constraint is that someone NOT participating in a P2P
swarm should not be able to query an Alto server to know who is
participating in that P2P swarm, and that the alto server itself
should not know what the file swarm is about unless it is specifically
notified.
After all, do you want the ISP's localization server to be told about
your taste in sheep?
Yet if the legitimate content provider HAS accessed the swarm, they
CAN identify the participants anyway, so an Alto server doesn't help.
And should they DMCA the nonce it doesn't actually do any good: part
of the model is localization is optional, if it fails, a P2P system
still works.
I am NOT a fan of BitTorrent and its primary use of content piracy.
But there are real reasons why, for legitimate content, Alto needs the
privacy-preserving properties.
[1] And if I was involved with Hulu, I'd be talking very VERY
seriously with Adobe about building some cache-aware P2P extensions
into Flash (or Microsoft into Silverlight). Thats some serious
bandwidth bill through Akamai you're dealing with, and it would be
nice to have the infrastructure in place to cut out that middle-mad.
_______________________________________________
alto mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/alto
