Jump to content

Talk:Friend-to-friend

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

AllPeers

[edit]

AllPeers uses a public login server, so it's not F2F according to the definition in the article. Should it be removed from the list of software? Michael Rogers 14:17, 22 September 2007 (UTC)[reply]

It doesn't belong here, and I am not sure it belongs in private P2P because of this public serverTouisiau —Preceding comment was added at 19:51, 23 October 2007 (UTC)[reply]

Anonshare

[edit]

There's not much documentation, but the code is here. Michael Rogers 11:11, 15 March 2007 (UTC)[reply]

Thanks. But there should be a warning that it is probably alpha software. Touisiau

WASTE is not F2F

[edit]

I don't agree that WASTE is a friend-to-friend network. It's an invitation-only network, but once you've joined you can discover the IP addresses of other users (including users you've never met before) from ping packets.

You don't have to set WASTE up that way, you could tell it not to search for new connections or accept new keys. It has enough of the characteristics of an F2F and with the proper set up, could easily act as an one. Mark

Minor Corrections

[edit]

"slow or stop his connexion with your node." - spelling error? "connection" instead?

Connexion is an acceptable spelling

Yes, it's the British spelling. Haakon 18:30, 15 September 2006 (UTC)[reply]
It is certainly not *the* British spelling. It may be acceptable, but it is very seldom seen. There is no sensible argument for using it for the global WP audience. —Preceding unsigned comment added by 62.245.224.131 (talk) 08:37, 2 July 2009 (UTC)[reply]

Technical Questions

[edit]

"Strong encrypted F2F networks will mainly use strong symmetric encryption (in particular, the only theoretically secure one-time pad) for every link." Who ever wrote this article could do with a brush up on practical cryptography (no..not the book). OTP is pretty unpractical here.

I make a 500 GB hdd full of random bytes, I give a copy of this hdd to a friend. We can now exchange up to 500 GB of data using OTP in the following years. If we only use F2F to share controversial text documents, that should even be enough for a lifetime. Only F2F P2P networks can allow friends to use OTP for link encryption. Men in the middle issues would be a major deterrent in any other kind of network. Note that in a F2F network, link encryption can be of a different type for each link. A plugin mechanism would just make this easier. Anyway, we're talking about future uses here.Touisiau
Key exchange and OTP encryption are general cryptogaphy issues - they are not specific to friend-to-friend networks, so why are they on this page?Michael Rogers
AS the current article explains in "future uses" section, F2F are the only kind of P2P network that can use the only provably secure encryption , namely OTP. This is noteworthy.Touisiau

"In countries where strong crypto is forbidden (or where you can be forced to give your keys), serious steganography should be used for every connection (and for storing files in your hard disk, since it could be seized.)." This is general computer security advice, does it reallly belong here? Michael Rogers 17:15, 1 March 2007 (UTC)[reply]

"Because of man in the middle problems, only F2F networks can use steganography to secure a link." Perhaps steganography can be used to avoid man in the middle attacks (I've never seen this suggested anywhere else), but why does it only apply to F2F networks? Michael Rogers 17:15, 1 March 2007 (UTC)[reply]

If there is a powerful MITM watching your connections in a country where strong crypto is forbidden, you have to use steganography. Steganography involves a secret convention, and the only safe way to share this secret convention in a country where strong crypto is forbidden is a face-to-face meeting. Thus only F2F networks can work in such countries. This is noteworthy. Touisiau

Thanks, the new wording is much clearer. Michael Rogers 09:33, 2 March 2007 (UTC)[reply]

NPOV Issues

[edit]

"You can even give their IP to the police, but since they are your friends you should kindly warn them first. Maybe one of their own friends made them do that. Now they can warn this friend in turn. And so on." Passages like this hardly seem appropriate in an encyclopedia.

I read this over and over, and I still have no idea what it means, but I probably agree it is not appropriate. --Easyas12c 07:03, 25 August 2005 (UTC)[reply]
I think the point is that the first sentence seems to pit F2F users against the police who are, by definition, not friends. If I understand your point correctly, you are saying that innocent users may have inadvertently propagated something illegal, so one shouldn't necessarily call the police without giving them an opportunity to determine the source. There's probably a way to put this point that would be acceptable here.Bryan 14:56, 4 November 2005 (UTC)[reply]


Original: "Such a strong reputation network could be safely used to implement a system of Altruistic_Economics or electronic money with less greed and corruption" (not NPOV). Added "according to its advocates..." and then made their point more specific (after consulting the AE web page, which was very interesting). Bryan 14:56, 4 November 2005 (UTC)[reply]

ANts P2P, MUTE and Napshare ?

[edit]

Can someone provide references that show that the latest versions of ANts P2P, MUTE and Napshare can be configured to build a F2F network. There were such references in the past here, but they became too old and then became broken links.

Thanks for the information - do you have any links? Michael Rogers 09:48, 13 February 2007 (UTC)[reply]

Discussion about the definition of "F2F"

[edit]

A friend-to-friend software must not allow random people to connect to a node. Like a private FTP. But it is much more than a private FTP: it provides systematic anonymous forwarding of files and requests. Touisiau

Not all F2F networks provide anonymous forwarding, and Dan Bricklin's original definition makes no mention of anonymity. I don't agree that F2F is a subset of anonymous P2P - there is substantial overlap between the two sets, but neither contains the other. Michael Rogers
Please see my answers in the next section of this discussion page.Touisiau

Touisiau: the authors of Alliance say it's a friend-to-friend network, but you removed the Alliance link from the F2F page again. Why do you keep trying to enforce your own definition of F2F? Not everyone agrees that "F2F" means "anonymous forwarding" - it just means "friends connecting to friends". Please accept that other people's opinions are valid and stop trying to force everyone else to use your definition of the term. Michael Rogers

Your definition is exactly the definition of a private P2P network. That's why I think Alliance is a private P2P. Touisiau
No, my definition of F2F is not identical to private P2P. In my opinion F2F is a subset of private P2P, and F2F-with-anonymous-forwarding is a subset of F2F.
Got any peer-reviewed published article to back your own original definition ? Because the 3 published references at the end of the F2F article back my definition. And I think it is obvious to see why: without forwarding, a private connection between two "friends" is absolutely nothing new: that's exactly what you are able to with passwords and firewalls since the begining of the Internet, and before that with modems over standard phone lines. Non-anonymous/pseudonymous forwarding exist in most popular P2P networks since Gnutella and the likes, including the good old Freenet. So what is so new that it deserves its own new term in academic peer-reviewed papers since the Tanenbaum paper? Completely anonymous forwarding between friends ! That's why following peer-reviewed papers used the same definition.
Please see Wikipedia:No_original_research and Wikipedia:Verifiability Touisiau

OK, let's have a look at those references. The Turtle paper uses the term "friends-to-friends delivery network" to refer to anonymous forwarding, so that definitely supports your position. The NCUS paper is more problematic: it states that "The majority of anonymous peer-to-peer systems are 'friend-to-friend' networks... Communication with remote nodes is provided by sending messages hop-to-hop across this overlay network." (Section 1.) Again, this would appear to support your position. However, the authors don't actually provide a single example of the kind of network they describe, despite claiming that "the majority of anonymous peer-to-peer systems" fit their definition. The only example they give of a friend-to-friend is WASTE (see the table in Section 3) -- apart from the statement quoted above that's the only place the term friend-to-friend occurs in their paper. WASTE does not support anonymous forwarding: even if you disable ping packets, WASTE is pseudonymous. So the NCUS paper supports your position in one place, but undermines it in another.

On to third reference, the IPTPS paper. Thanks for the link, I hadn't come across this one before. Unfortunately it contradicts your position and supports mine. The paper talks about direct sharing between friends, but never mentions forwarding, anonymous or otherwise: "Nodes restrict themselves to sharing storage and network resources only with neighbors, but in return can expect that their neighbors (friends) will behave cooperatively. We call this way of structuring networks f2f." (Section 1.) "A f2f application can neither use all idle resources nor provide global sharing of common data." (Section 1.) "Data is only sent to neighbors, since these nodes are owned by individuals we believe will act cooperatively." (Section 4.)

Here's another peer-reviewed paper that supports my definition - actually I'm one of the authors: M. Rogers and S. Bhatti, How to Disappear Completely: A Survey of Private Peer-to-Peer Networks, to appear at the 1st International Workshop on Sustaining Privacy in Autonomous Collaborative Environments (SPACE 2007), Moncton, Canada, July 2007. Please see the definitions at the end of Section 2.1: "Some private peer-to-peer networks allow direct connections between any pair of users, while others only allow direct connections between users who know one another. We will refer to the former as group-based networks and the latter as friend-to-friend networks." In other words, F2F is a subset of private P2P, where direct connections are only made between friends. According to this definition, and the definition used in the IPTPS paper, a network does not have to support anonymous forwarding to be considered F2F.

To answer your other point: if F2F doesn't necessarily involve anonymous forwarding, what makes F2F different from "passwords and firewalls since the beginning of the internet"? I would argue that F2F involves the construction of a private overlay network, where the users of the network act as peers, and direct connections are only established between users who trust one another. Some F2F networks support anonymous forwarding (eg Turtle, Freenet version 0.7, and GNUnet with the F2F topology option). Others support pseudonymous forwarding (eg Alliance, Galet, Cryptic6, and WASTE with ping packets disabled). Some don't support forwarding at all (eg the BlockParty application described in the IPTPS paper). All of these systems have been described as F2F in peer-reviewed papers, so I believe you should accept that your definition of F2F is too narrow. The term should not be restricted to those systems that involve anonymous forwarding. Michael Rogers 11:33, 2 July 2007 (UTC)[reply]

So you say that overlays in private networks are new and are now called F2F? I would only agree if you say that these overlays are at least pseudonymous overlays that don't give informations useable to identify someone (like an IANA IP address can be used for). How can BlockParty involves an overlay without forwarding anything? As for the IPTPS paper, it cites the Tanenbaum paper as a reference since it is the first academic paper about F2F and thus it will remain a reference about the definition of F2F. As for citing your new own work, I'm not sure this respects the rules of Wikipedia. Touisiau

Not all private overlays should be called F2F, in my opinion - only those where connections are established between friends. I agree that this implies that communication between non-friends must be anonymous (eg Turtle), pseudonymous (eg Alliance) or impossible (eg BlockParty).

If you'd like to remove the reference to my work that's fine, I just wanted to point out that it's a peer-reviewed paper, and the reviewers accepted the definition of F2F given in the paper: a broad definition that explicitly includes systems like Alliance as well as Turtle.

I don't see how it's relevant that the IPTPS paper cites the Turtle paper, since it doesn't refer to that paper for a definition of F2F - instead it offers its own definition, which is broader than the definition you are trying to enforce. We have to accept that various people use the term F2F in slightly different, but overlapping ways. Perhaps we should add a section to the article describing different definitions of F2F? Michael Rogers 09:16, 5 July 2007 (UTC)[reply]

You say "I agree that this implies that communication between non-friends must be anonymous (eg Turtle), pseudonymous (eg Alliance) or impossible (eg BlockParty)." I'm glad we may finally agree on something :) My main concern is about pseudonymous networks: using pseudonymous IANA adresses is not new (see the old Freenet), and it doesn't provide many of the interesting security properties of F2F already described in several papers. This should be made very clear. Also, even non-IANA pseudonymous identities can be a liability for traffic analysis attacks. If you still intend to broaden the F2F definition, I think a separate "anonymous F2F" article, or at least a separate "anonymous F2F" section will be needed to make clear that some properties belong only to anonymous F2F networks, and which software is anonymous F2F. Touisiau
I think an "anonymous F2F" section is an excellent idea. I agree that there could be privacy concerns with pseudonymous F2F (for example you can tell a lot about a person from the nickname they choose and the times they're online), and we should probably mention those concerns when describing pseudonymous F2F software. Michael Rogers 14:28, 6 July 2007 (UTC)[reply]

improvements vs rewriting

[edit]

I think the article can be improved, but don't need a a complete rewriting.

  • F3F can easily be moved in future uses.
  • "you can do" is easy to transform into "one can do"
  • Forwarding is very important, otherwise the functionality would be the same as a private FTP.
  • Anonymity is very important, otherwise the functionality would be the same as a standard P2P. Touisiau 07:21, 13 February 2007 (UTC)[reply]
    • There's no need to move F3F into future uses if such networks already exist (eg Easta), but please consider whether it's appropriate to introduce a new term (F3F) to describe them.
    • In my opinion the key difference between F2F and private FTP is decentralization, not forwarding.
    • F2F without anonymity would not be the same as standard P2P - in standard P2P, any user can discover the IP address of any other user's node, whereas in F2F this information is restricted. However, that doesn't necessarily imply anonymous forwarding - most F2F networks (eg WASTE) allow forwarding, but others (eg Alliance) do not. Michael Rogers 09:47, 13 February 2007 (UTC)[reply]
      • I added explicit references to texts from Andrew TAnenbaum and Ian Clarke and a paper from " LECTURE NOTES IN COMPUTER SCIENCE, 2005 - lix.polytechnique.fr" . Reading this scholar references, it appears clearly that the most secure "anonymous P2P" are F2F and that "anonymous forwarding" is a necessary part of F2F to achieve this strong anonymity. How can you be anonymous if your peer knows that each request and each file that comes from you has not been forwarded and thus originated from you ?Touisiau 10:39, 13 February 2007 (UTC)[reply]
      • Modified to read "A F2F network is not just a group of private FTP servers.". The article Private P2P deals with these private networks. A quick web search shows that "private P2P" is clearly the most common term to do so.Touisiau 10:47, 13 February 2007 (UTC)[reply]
        • It may be true that some anonymous networks are F2F, but that does not imply that all F2F networks are anonymous. (Just as some Americans are tall, but not all tall people are American.)
        • Your argument about anonymity is a circular argument - you make two assertions (F2F is anonymous, F2F uses forwarding) and then use each assertion to prove the other. But some F2F networks are not anonymous and do not use forwarding - such as WASTE in its default configuration (ping packets enabled), Galet in its default configuration (tunneling disabled), and Alliance. If these networks are not F2F then what are they? Alliance states in the first sentence of its website that it is a friend-to-friend network. Michael Rogers 11:29, 13 February 2007 (UTC)[reply]
          • Since we are writing in an encyclopedia, we should use scholar references to decide what is F2F. That is research articles published in well known science sources. Using the only available references, F2F is always anonymous and always provide anonymous forwarding. End of the story. Any new software can claim on its homepage it is F2F, but it is no proof worthy of an encyclopedia. A quick Google Scholar shows that "private P2P" is also a scholar term.Touisiau 11:53, 13 February 2007 (UTC)[reply]
          • It seems that Alliance has updated their homepage to correct their mistake. Touisiau 12:13, 13 February 2007 (UTC)[reply]
            • You're right that we should provide references, but the references you provided (thank you) do not state that F2F is always anonymous.
            • The survey of anonymous file sharing systems states that most anonymous systems are F2F - it does not follow that all F2F systems are anonymous. Consider the example of Americans and tall people - if I could provide a scholarly reference showing that most Americans are tall, would you believe that all tall people are American?.
            • Ian Clarke's email states that the main purpose of F2F is concealment, not anonymity. But anyway, linking to an argument in a mailing list is hardly a scholarly reference.
            • "Private P2P" is a perfectly good term, but you cannot just decide on a whim that any systems fitting your definition of F2F must be called F2F, and any systems not fitting your definition must be called private P2P. Please consider the literal meaning of F2F: "friend-to-friend". This means direct connections are only established between people who trust each other. It does not imply anything about anonymity. The fact that some F2F networks provide anonymity does not make anonymity an essential requirement for F2F. Michael Rogers 12:31, 13 February 2007 (UTC)[reply]
              • They are only two possibilities:
              • 1. One can find an academic reference that describe a F2F software that would be not anonymous or not forwarding. I am not aware of such a reference, and "private P2P" seems to be the term for this kind of software.
              • 2. The actual article is right when it says that F2F is anonymous and forwarding, since an encyclopedia should synthesize the academic papers about this subject.Touisiau 13:34, 13 February 2007 (UTC)[reply]
                • Two references: (1) WASTE is not anonymous in its default configuration. (2) Dan Bricklin's original article about friend-to-friend networks mentions nothing about anonymity, which suggests that the definition can cover anonymous and non-anonymous systems. Why do you insist on enforcing your own interpretation of a phrase that was coined by someone else? Michael Rogers 13:52, 13 February 2007 (UTC)[reply]
                  • WASTE doesn't officially claim to be a F2F software. And WASTE homepage would not be an academic reference anyway. The article says WASTE can be used to build F2F networks, which is true.
                  • Though he probably coined F2F (no academic reference confirms this), Dan Bricklin's homepage is not an academic reference. Touisiau 14:04, 13 February 2007 (UTC)[reply]
                    • This is getting ridiculous. The survey paper you linked to describes WASTE as friend-to-friend. This paper describes the WASTE protocol in great detail - notice that ping packets contain the IP address and port of the sender (page V of the appendix). "Each node sends a Ping packet when it connects to a network and then continues sending them with a fixed interval." (Page 17)
                    • If you don't believe that Dan Bricklin coined the phrase "friend-to-friend network", please provide an earlier reference where the phrase is used. If you can't, let's agree that the article from August 11, 2000 (which you linked to) is the earliest reference. The Internet Archive shows that the article has existed since at least October 2000. [1]
                    • So, to summarise: "academic references" show that WASTE is F2F, even if I don't necessarily agree. "Academic references" show that WASTE does not provide anonymity in its default configuration. The Internet Archive shows that Dan Bricklin coined the term F2F, and his article does not mention anonymity.
                      • You don't take into account that this article has to clearly explain the differences between F2F , P2P, "anonymous P2P" , private FTPs, and "Private P2P". Sure we can say "most F2F networks anonymously forward files from friend to friend", but then again, if we follow your reasonment, most articles in this encyclopedia should state something like "most of the times this term means...". That would be a confusing way to define words for most people.
                      • By the way you made a big mistake: you say that Polytechnique says that WASTE is F2F, this is not true, and what is more important is that here is their exact academic definition of F2F:

"These are peer-to-peer networks in which each peer (node) only connects to a small number of other, known nodes. Only the direct neighbours of a node know its IP address. Communication with remote nodes is provided by sending messages hop-to-hop across this overlay network. Routing messages in this way allows these networks to trade efficient routing for anonymity. There is no way to find the IP address of a remote node, and direct neighbours can achieve a level of anonymity by claiming that they are just forwarding requests and files for other nodes. These systems offer anonymity against an attacker that is a single node inside the system and that is looking for the IP address of someone"

  • This is exactly the same definition of the current article ! Touisiau 16:57, 13 February 2007 (UTC)[reply]
    • That definition comes from a paper about anonymous P2P, so naturally it only describes anonymous F2F networks. I still contend that F2F networks are not necessarily anonymous, but since most existing F2F networks are anonymous I guess it's a minor point, and I will give up trying to persuade you.
    • The Ecole Polytechnique paper does say that WASTE is friend-to-friend - look at the table on page 6. But that's also a minor point.
    • I agree that we should try to clarify the distinction between F2F, private P2P, private FTP, anonymous P2P, and darknets. What would you suggest are the key differences between these terms? In particular, how should we distinguish between a system like DirectConnect, where each hub is invitation-only and any peer can connect to any other, and WASTE, where each network is invitation-only and (by default) any node can connect to any other?
      • We should keep our current definition since it is exactly the same as the one from the Polytechnique paper and the one from the Tanenbaum paper, which are strong references. Private P2Ps are obviously P2P networks with a limited number of participants. Which make them very close in functionality to a group of private FTP servers. This is the current definition too. Obviously it includes private DC hubs, so the article "private P2P" needs an update. "Anonymous P2P" is a large group of software including many pseudonymous networks: this is the article that needs the most work because people should be aware which networks have a proven (academic paper) anonymity and which have not. AFAIK only F2F and onion networks offer a proven anonymity (but onion networks are not safe if all the routers of a message are compromised, that is a big but). Darknets are networks not reachable by the common people (the dark side of the net...), which obviously include F2F networks and all private networks .This is the current definition in the Darknet article though private P2P should be added in this article.
      • I just made the above minor modifications to the Darknet and Private P2P articles
      • OK, I'm glad we are reaching agreement. So would it be fair to say that WASTE is private P2P by default, but it can be configured as F2F? ANtsP2P, MUTE and Napshare are anonymous P2P by default, but they can be configured as F2F. (According to another entry on the talk page - do you know where we can find more information about this?) Freenet 0.7, Turtle and Galet are F2F by default. (What about Alliance? Why is it private P2P instead of F2F?) Aimster, AllPeers, DirectConnect, GigaTribe, Groove, Indi, PowerFolder, Shinkuro and SpinXpress are private P2P but not F2F, because they rely on central servers and/or allow any member of a group to connect to any other. Darknet is a more general term that covers F2F, private P2P, private FTP, and any other private network. Does this sound right to you? Michael Rogers 18:51, 13 February 2007 (UTC)[reply]
        • Yes, WASTE is a private P2P by default. GnuNET is pseudonymous by default (probably weaker than an onion, though i'm not sure). The homepage that provided informations on the way you can configure Ants and Mute was outdated and then became a broken link. It was for older versions, and I don't know if it would still work, if it ever did. Galet is F2F according to its description on its homepage. Alliance is a private P2P since there is no forwarding, AFAIK. I am OK with your other definitions and other lists of networks. I'm glad too ! :)
[edit]

I have removed the german link [[de:F2F]] If someone find a link about F2F or FriendToFriend in the german wiki, please add the link. --Lastwebpage 17:35, 18 July 2007 (UTC)[reply]

[edit]

Cyberbot II has detected that page contains external links that have either been globally or locally blacklisted. Links tend to be blacklisted because they have a history of being spammed, or are highly innappropriate for Wikipedia. This, however, doesn't necessarily mean it's spam, or not a good link. If the link is a good link, you may wish to request whitelisting by going to the request page for whitelisting. If you feel the link being caught by the blacklist is a false positive, or no longer needed on the blacklist, you may request the regex be removed or altered at the blacklist request page. If the link is blacklisted globally and you feel the above applies you may request to whitelist it using the before mentioned request page, or request it's removal, or alteration, at the request page on meta. When requesting whitelisting, be sure to supply the link to be whitelisted and wrap the link in nowiki tags. The whitelisting process can take its time so once a request has been filled out, you may set the invisible parameter on the tag to true. Please be aware that the bot will replace removed tags, and will remove misplaced tags regularly.

Below is a list of links that were found on the main page:

  • http://f2f.uni.cc/trust_metrics_f2f_money/
    Triggered by \buni\.cc\b on the global blacklist

If you would like me to provide more information on the talk page, contact User:Cyberpower678 and ask him to program me with more info.

From your friendly hard working bot.—cyberbot II NotifyOnline 17:09, 8 December 2013 (UTC)[reply]

 Resolved This issue has been resolved, and I have therefore removed the tag, if not already done. No further action is necessary.—cyberbot II NotifyOnline 05:56, 12 December 2013 (UTC)[reply]

Anonymous P2P is not F2F

[edit]

RetroShare and Freenet were anonymous P2P, if a F2F software contain strangers, it won't be safe like F2F, should not call it F2F. When a tool want be widely used, it has lost its mind, F2F is a private tool in your friend around you, not in the internet over the world. About F2F, i think it is useless, you and your frined realy need a software for you personally? Waste of labor, it is just a game of concept, just p2p with some rules.