Ratings server and protocol

Technical discussion about the NMDC and <a href="http://dcpp.net/ADC.html">ADC</A> protocol. The NMDC protocol is documented in the <a href="http://dcpp.net/wiki/">Wiki</a>, so feel free to refer to it.

Moderator: Moderators

Sapporo
Posts: 36
Joined: 2003-02-09 23:10
Location: AZ, USA

Post by Sapporo » 2003-02-21 22:32

volkris wrote:What is to stop users from saying "If you let me download from you I'll credit you with double the upload points"? I honestly don't have a final solution to this, though I don't know how big a problem it actually is.


Unfortunately nothing since the rating server has to trust that the transfer of XX bytes happened. The rating server has no way of seeing if and what transfers are occuring, since that's all direct client<->client communication.

Originally, I was thinking that for every point reported there would have to be a corresponding report from the other client involved. "Yeah, that transferred actually happened." This probably would cut down on "'casual forging", but I don't see it being very difficult to get around though. It wouldn't be that hard for 2 clients to both just lie to the rating server and award points for nothing being transferred.

I can now understand why the eMule client tracks it's own ratings with the users you download/upload from itself, locally.

mo
Forum Moderator
Posts: 81
Joined: 2003-02-06 11:20
Location: Ohio
Contact:

Post by mo » 2003-02-22 02:37

As long as there is some identifier that makes a user unique. You can look through his reports and spot inconsistencies that would trigger an alert.

Example
There are 4 users (A, B, C, & D)

A reports, File1hash, 10k downloaded from B
B reports, File1hash, 10k uploaded to A

C reports, File1hash, 5k downloaded from B
B reports, File1hash, 10k uploaded to C

D reports, File1hash, 5k downloaded from B
B reports, File1hash, 10k uploaded to D

This trend start to point out that A and B are lying, and as more users download from B it starts to prove the point more.

If cheating is found, their ratings are reset, or even locked at 0?

This does not stop users who only report false data when talking with x client, but it does adds another level of complexity for the client to successfully abuse the system.

volkris
Posts: 121
Joined: 2003-02-02 18:07
Contact:

Post by volkris » 2003-02-22 13:06

mo wrote:This trend start to point out that A and B are lying, and as more users download from B it starts to prove the point more.


Unfortunately, this doesn't help that much.
In the "technological" case, the deception is negotiated on a case by case basis, so the inconsistancies won't pop up (assuming the clients actually can trust each other).

In the "social conspiracy" case, the people in on it all know who the others are, so again the inconsistencies wouldn't appear there either.

In the end we probably just have to accept this as a flaw that will be inserting some invalid data into the system (it won't be the only one). Some people will profit off of it unfairly, but that's life. P2P systems just can't really be made foolproof by their very natures.

Sapporo
Posts: 36
Joined: 2003-02-09 23:10
Location: AZ, USA

Post by Sapporo » 2003-02-22 13:19

Well, I don't think file hashes have been discussed yet. It doesn't matter though, as they can just as easily be faked.

mo wrote:This does not stop users who only report false data when talking with x client, but it does adds another level of complexity for the client to successfully abuse the system.


I see this as something that would be simple to implement in a hacked client. Following the example presented by volkris, they could implement a "Grant double points to user X for open slot" button. The hacked client would then compute the appropriate hash(forged) and tell the other client (would probably have to also be a hacked client) about it. They would then both report the same falsified data to the ratings server.

All I'm saying is that its possible, but it may not be a frequent occurance. However, it really depends on the proliference of the hacked client and whether other hacked clients include this "feature".

Security through obscurity is not a solution, it's a bandaid. Unfortunately, I don't see anyway of preventing this system from being abused. If a solution is not presented that solves this sort of abuse, it needs to be considered a risk. If I have to charge a well fortified bunker and I know I'll lose some men. I'm still going to take that [email protected] bunker, because it's a calculated risk. The possible rewards out weigh the negative.

So the question to ask is "If 30% of the DC users in the Ratings System are reporting forged data. How is the system affected?"

mo
Forum Moderator
Posts: 81
Joined: 2003-02-06 11:20
Location: Ohio
Contact:

Post by mo » 2003-02-22 14:59

Sapporo wrote:Well, I don't think file hashes have been discussed yet. It doesn't matter though, as they can just as easily be faked.

The file hash was only a scheme to connect the ul report with the cooresponding dl report while maintaining data anonymity.

Sapporo wrote:Security through obscurity is not a solution, it's a bandaid

Agreed, just trying to stop a 1 line hack of the client that any reasonable intelligent person could make.

volkris
Posts: 121
Joined: 2003-02-02 18:07
Contact:

Post by volkris » 2003-02-23 01:48

Well, I had written something verbose and informative on this subject, but Internet Explorer lost it. I swear, I don't know how you guys can stand that browser. It's like going back to a mouse without a wheel. It's uncivilized! :)

Anyway, the point of the post was that this is not that big of a problem. I'll retype the post tomorrow if I get a chance.

I mainly just wanted to bitch about IE. Me and Microsoft products just don't get along. Ever.

sarf
Posts: 382
Joined: 2003-01-24 05:43
Location: Sweden
Contact:

Post by sarf » 2003-02-23 09:38

volkris wrote:Well, I had written something verbose and informative on this subject, but Internet Explorer lost it. I swear, I don't know how you guys can stand that browser. It's like going back to a mouse without a wheel. It's uncivilized! :)

Hey, watch your mouth - I have a mouse without a wheel and only Microsoft products to use for my project!

Though I must admit that I installed Opera first chance I got - mouse gestures are a godsend when surfin' the 'net.

volkris wrote:Anyway, the point of the post was that this is not that big of a problem. I'll retype the post tomorrow if I get a chance.

The whole "as long as there are not that many clients doing it it won't get too much out of hand"-argument you used on the lichlord forum?

Well, in any case, what you could do is check the whole up/download history for a user and check out he's been transferring at 15 Gb/s for more than a few hours, and group transfers with clients so that you can ascertain connections between them (example: "hmmm.... client A and client B has one megabyte per second transfer rate to each other but not to anyone else... let's calculate that as if they had 50 kb/s").
Unfair to some users (users with same, local ISP) ? Most probably.
Will it fix the problem? No. It will alleviate it, if properly coded, and should be done server side, which means it is irrelevant to the first "reference" rating server. It is a serious problem, though.

volkris wrote:I mainly just wanted to bitch about IE. Me and Microsoft products just don't get along. Ever.

Microsoft bashing is an honored and traditional pastime wherever computer users meet and talk. Feel free to publish any humorous situation you have been involved in with Microsoft products, and we'll send you ours! :)

Sarf
---
For him to get a clue would require heroic implant surgery.

sandos
Posts: 186
Joined: 2003-01-05 10:16
Contact:

Post by sandos » 2003-02-23 12:09

The solution to the problem with cheating clients might be to have (super-)trusted clients, either ops or a bot, which seeds the rating server with ratings that are correct:

http://www.advogato.org/trust-metric.html

The problem here is that their model of a attack is different from this attack as near as I can see, and the ratings system is entirely different from the one proposed here. Theirs is based on giving out certificates to users, with a level attached to it. This could be translated into certificates relating to different stuff: one for being able to upload files, one for uploading files at certain speeds, or for uploading a set amount of bytes.

Anyway, I just wanted to mention it. I dont understand the math behind Avogato´s metric, so I cant really say whether its suited or not.

volkris
Posts: 121
Joined: 2003-02-02 18:07
Contact:

Post by volkris » 2003-02-23 22:18

sarf wrote:
volkris wrote:Anyway, the point of the post was that this is not that big of a problem. I'll retype the post tomorrow if I get a chance.

The whole "as long as there are not that many clients doing it it won't get too much out of hand"-argument you used on the lichlord forum?


I don't remember what I said on lichlord, but what you just said is part of the answer. The more immediate question is one of insuring that there aren't many clients doing it in the first place.

Let me try to summarize, I'm too tired to rewrite it all (not that I got anything at all accomplished this weekend :)

There are really two problems here. The case of users forming impromptu agreements will never be a huge concern unless it can be automated (IMO), and we can take steps to keep it from being automated pretty effectively. In the case of users conspiring to rip off the outside world, we can try to moderate the effectiveness of their consortium by gearing the ratings towards rewarding people in the same hub. Users can't really rip off the outside world if there is none, after all.

Neither of these will stop the practices, but they'll hopefully lessen them to insignificance.

And sandos, I havn't read that Advogato's trust metric link in years. I need to go back through it. I thinnk I will in just a second...

NoFiX
Posts: 19
Joined: 2003-02-23 10:39

Post by NoFiX » 2003-02-25 09:07

This is a stupid ass idea. Not only is it a lame idea, it's a more effective way to incriminate yourself.

"hey cops, don't bother looking for who is doing the fuckloads of transfers, you got this rating system to tell you."

volkris
Posts: 121
Joined: 2003-02-02 18:07
Contact:

Post by volkris » 2003-02-25 12:09

NoFiX wrote:"hey cops, don't bother looking for who is doing the fuckloads of transfers, you got this rating system to tell you."


If all the cops cared about was the amount of transferring you've done they'd just go ask your ISP, moron. Nobody in this system reports WHAT you've downloaded.

NoFiX
Posts: 19
Joined: 2003-02-23 10:39

Post by NoFiX » 2003-02-26 08:39

I don't recall saying download in any of my previous posts about this ignorant method of stealing slots. Maybe you should learn how to comprehend before responding?

Oh and since when was DC++ the haven for ignorance? Oh, that's right, if it's open source and it's catching on...

sandos
Posts: 186
Joined: 2003-01-05 10:16
Contact:

Post by sandos » 2003-02-26 10:47

NoFiX wrote:I don't recall saying download in any of my previous posts about this ignorant method of stealing slots. Maybe you should learn how to comprehend before responding?

Oh and since when was DC++ the haven for ignorance? Oh, that's right, if it's open source and it's catching on...


"hey cops, don't bother looking for who is doing the fuckloads of transfers, you got this rating system to tell you."


I didnt know transfers were illegal in any way?

mo
Forum Moderator
Posts: 81
Joined: 2003-02-06 11:20
Location: Ohio
Contact:

Post by mo » 2003-02-26 14:25

NoFIX wrote:hey cops, don't bother looking for who is doing the fuckloads of transfers, you got this rating system to tell you


not only is there no data telling what files were transferred, there is also no data saying user x transferred it.

but thanks for letting us in on your great language skills

NoFiX
Posts: 19
Joined: 2003-02-23 10:39

Post by NoFiX » 2003-02-26 16:05

Mo, please, can you comprehend anything?

If DC++ would be able to discern users, thus ranking them, wether or not it shows the end user, the data would still be there regardless of what it is. Allowing anyone with minimal c++ skills to alter the DC++ code and show the rankings according on a per-channel basis.

Don't say it isn't possible. It would be easily possible, it's common sense.

sandos
Posts: 186
Joined: 2003-01-05 10:16
Contact:

Post by sandos » 2003-02-26 17:35

NoFiX wrote:Mo, please, can you comprehend anything?

If DC++ would be able to discern users, thus ranking them, wether or not it shows the end user, the data would still be there regardless of what it is. Allowing anyone with minimal c++ skills to alter the DC++ code and show the rankings according on a per-channel basis.

Don't say it isn't possible. It would be easily possible, it's common sense.


So what youre saying is that now they can easily spot people who share lots of copyrighted stuff? But, its DAMN easy to do that right now:

1) Search for newly released, copyrighted material +
2) Use the search spy / Snoop passive searchresults
3) ...
4) Profit!

In what way would a rating system improve much over this method? What edge would anti-piracy elements get from a rating system? This method could be easily automated today!

I dont get it, you make it sound like its hard to find people sharing (much) illegal stuff, am I misinterpreting you? If youre so scared, why dont you start using freenet right away?

volkris
Posts: 121
Joined: 2003-02-02 18:07
Contact:

Post by volkris » 2003-02-27 08:50

NoFiX wrote:Mo, please, can you comprehend anything?

Don't say it isn't possible. It would be easily possible, it's common sense.


Again, the black helicopters could pay your ISP a visit and determine how much you have been transferring much more easily and reliably this very day than they couldby looking at someone's rating under this proposed system. Such a rating would be a combination of various elements not limited to sheet transfer amounts. Your ISP's logs, on the other hand, would flat out give them your transfer amounts.

Now, if you happen to live in an area of the world where transferring more than a certain amount is illegal then I would suggest immediately shutting down your DC client before you get caught, as you're incriminating yourself with every byte you transfer. I would also suggest rechecking the laws of your land, because as far as I know there IS no place on earth where it is illegal to transfer above a certain amount of data.

I would speak more slowly for you here, but I don't want to risk your having to download any extra bytes. You never know which byte might trigger law enforcement to swoop down on you, after all. It would be nicely ironic if the period at the end of this sentence did it, though.

volkris
Posts: 121
Joined: 2003-02-02 18:07
Contact:

Post by volkris » 2003-02-27 23:57

Ok, I reread the Advogato stuff and don't believe it would work very well here. If anyone wants to argue then great.

I belive the Advogato methods would rely on social networking that is just not very compatible with DC's ad hoc nature. It is well suited for things like mail servers, though, which is I believe where the article was really going.

It would also end up having to manage huge connected graphs that would take some serious magic to make perform well.

Lastly it seems to report less of a range of ratings, looking more towards a black and white, good versus bad type thing. The range is one of the great things about this proposal, as it lets clients focus on making the network a better place.

If I've missed something let me know.

As to the other problems, I finally remembered an old but powerful solution: weight reports based on reporters' scores (and perhaps reporters' rates of reporting). Honestly, if the top sharer in a hub wants to screw with the system I don't mind too too much :)

sarf
Posts: 382
Joined: 2003-01-24 05:43
Location: Sweden
Contact:

Post by sarf » 2003-02-28 11:03

volkris wrote:[snipped Avogato text]
As to the other problems, I finally remembered an old but powerful solution: weight reports based on reporters' scores (and perhaps reporters' rates of reporting). Honestly, if the top sharer in a hub wants to screw with the system I don't mind too too much :)

Agree.
We do need to specify some way to identify people, though (such as the client returning a list with the servers it is subscribed to and what usernames it has there, or just decide to return one).
The whole NoFIX issue might have been avoided (yes, yes, wishful thinking, I know).

Sarf
---
Bored people are boring people.

NoFiX
Posts: 19
Joined: 2003-02-23 10:39

Post by NoFiX » 2003-02-28 17:19

Is it really that simple to goto any old ISP and request private information regarding the transfer of data about random users? You should realize, though, that the feds would need a reason to do just that, right? They can't just go to the ISP and request private information about random users, without bearing.

And isn't it obvious the feds would rather take out the big-guys that feed all the little-guys, in the attempt to thwart the spread of illegal copy-written material? If this rating system was adopted and used then you, in effect, might as well dig the DC grave...

And, no, this wasn't my main point to begin with. But it's a logical point that should be taken seriously.

mo
Forum Moderator
Posts: 81
Joined: 2003-02-06 11:20
Location: Ohio
Contact:

Post by mo » 2003-02-28 23:09

It's pretty simple to make the user information useless to anyone except a dc client
the user/file information is held using hashes

It's a one way encryption method, like CRC or MD5.
once the hash is created it can't be reversed.

If person A wanted to know person B's rating, he would generate a hash of person B using some known user information (ip, nick, connection speed, etc...).

for this example well say the result is 1234ABC

The user askes the server what the rating for 1234ABCis
The server returns the rating cooresponding to the user

The same goes for filenames that are uploaded by the users.
hash of filename = 234jhgjh2k3j4

pretty useless information if you were looking at the tables of data trying to figure out who user 1234ABC is, that uploaded file 234jhgjh2k3j4

volkris
Posts: 121
Joined: 2003-02-02 18:07
Contact:

Post by volkris » 2003-02-28 23:29

sarf wrote:We do need to specify some way to identify people, though (such as the client returning a list with the servers it is subscribed to and what usernames it has there, or just decide to return one).


Well the major problem with this is that ratings should only be considered if they are from the same server (or a trusted one), or else a user could set up his own fake ratings server. The Advogato stuff could be used in the scope of measuring trust of external ratings servers, and therefore external ratings. This might be overly complicated, though. At the same time, perhaps it would allow some higher level features that would make it all in all worthwhile.

And NoFiX, these days it seems like it just might be that simple. But that's not the point at all, the point is that there is nothing illegal about transferring information, which is the ONLY thing that the rating indicates.

Mo, hashing isn't useful here at all. The ratings server will never know anything about what content's being transferred, so it will never have any information to hide.

sarf
Posts: 382
Joined: 2003-01-24 05:43
Location: Sweden
Contact:

Post by sarf » 2003-03-03 12:08

volkris wrote:Well the major problem with this is that ratings should only be considered if they are from the same server (or a trusted one), or else a user could set up his own fake ratings server. The Advogato stuff could be used in the scope of measuring trust of external ratings servers, and therefore external ratings. This might be overly complicated, though. At the same time, perhaps it would allow some higher level features that would make it all in all worthwhile.

Yes. This is not something easily fixed, though. Hmm... have to think about different ways of handling fake servers, too (argh!).

Sarf
---
The next person to pass us will die within a fortnight.

volkris
Posts: 121
Joined: 2003-02-02 18:07
Contact:

Post by volkris » 2003-03-03 22:29

sarf wrote:Yes. This is not something easily fixed, though. Hmm... have to think about different ways of handling fake servers, too (argh!).


It might not be easily fixed, but it's not a huge problem in the first place.

Being able to trust ratings from other servers would really only add, not being able to wouldn't detract too much.

One thing to note is that without considering ratings from other servers there will be much more of a sense of hub loyalty. Many people out there would actually support this and think it's better anyway.

mo
Forum Moderator
Posts: 81
Joined: 2003-02-06 11:20
Location: Ohio
Contact:

Post by mo » 2003-03-03 23:04

volkris wrote:One thing to note is that without considering ratings from other servers there will be much more of a sense of hub loyalty. Many people out there would actually support this and think it's better anyway.

I like the idea

Sapporo
Posts: 36
Joined: 2003-02-09 23:10
Location: AZ, USA

Post by Sapporo » 2003-03-04 18:52

volkris wrote:One thing to note is that without considering ratings from other servers there will be much more of a sense of hub loyalty. Many people out there would actually support this and think it's better anyway.


Joining the Hub-centric camp now eh? lol

volkris
Posts: 121
Joined: 2003-02-02 18:07
Contact:

Post by volkris » 2003-04-21 09:00

Sapporo wrote:Joining the Hub-centric camp now eh? lol


Hub centricity (ha) has its place.
For example, people gathering together in specific hubs to share similar information helps others find that information better. It's a definate method of ad-hoc routing that begins to approach the distributed dc++ goal others have expressed.

That's not even to mention the social side of things.

But this is all talking about the hub as the group including the actual hub and the clients connected to it. Being hub centric in terms of the actual server process leads to problems that DC++ is now overcoming.

Sapporo
Posts: 36
Joined: 2003-02-09 23:10
Location: AZ, USA

Post by Sapporo » 2003-04-21 17:53

Damn, have you been gone on vacation this whole time or something? lol

volkris
Posts: 121
Joined: 2003-02-02 18:07
Contact:

Post by volkris » 2003-04-21 18:17

Sapporo wrote:Damn, have you been gone on vacation this whole time or something? lol


Ha, you know how it is.
Occasionally you look at the unconquerable pile of work in front of you and just get to thinking, "Gee, I wonder how my ol friends in DC++ forums are doing. I'll go ahead and set myself up for assured failure by spending hours in there checking."

[TVS]Dulf
Posts: 10
Joined: 2004-01-19 12:22

Post by [TVS]Dulf » 2004-01-19 13:38

Sorry for butting in as a newby, so long after the last update on this post, but I may have an idea on this..

What is to stop users from saying "If you let me download from you I'll credit you with double the upload points"?


How about a quasi-central system (per hub or per hub-network or something) where you can earn points for being a nice guy (using the reporting feature you guys will implement) AND where you have the ability to offer a certain amount of your points to the user you want to DL from. This can be easily atomated on the uploading side (he who offers the most points/MB gets the next open slot first), and requires only a small amount of extra work on the downloading side (offer x points for a download) which most ppl will gladly do if it helps them get a file faster.

now ppl that share good stuff will be offered lots of points for their stuff, in turn, they'll have lots of extra points for "buying" a download, and thats their reward for being a nice guy.

A user that is new to a hub (or to that rating server) first has to earn points by sharing good stuff, or having a decent upload rate, before he can spend points on "cutting in line"

just my two cents

GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

Post by GargoyleMT » 2004-01-19 20:24

[TVS]Dulf wrote:Sorry for butting in as a newbie, so long after the last update on this post, but I may have an idea on this..

Don't bother thinking twice about it.

This can be easily atomated on the uploading side (he who offers the most points/MB gets the next open slot first), and requires only a small amount of extra work on the downloading side (offer x points for a download) which most ppl will gladly do if it helps them get a file faster.


Novel idea. For me, it feels like that system would allow rich/old users to easily muscle out new users. If I came into such a system, it would probably feel quite daunting. That might be a bad initial reaction though. :)

You could probably tune the "exchange rate" so that old users couldn't afford to use it all the time (and still build up a stockpile of points).

The manual portions of your suggestion might play badly to DC++'s strong points: global users. If you want, say, a particular piece of music to download overnight, you could get outbid by someone in a different timezone who's still awake.

Also, is there any risk of either uploaders (or downloaders) "ripping off" the system somehow?

Some of these points may be more broadly applicable, it has been a while since I last posted here.

On a smaller scale, it looks like eMule's secure user identification might make per-client ratings/karma/ratios more possible without abuse.

[TVS]Dulf
Posts: 10
Joined: 2004-01-19 12:22

Post by [TVS]Dulf » 2004-01-25 16:37

The security agains ripping off would mean something like:
A tells ratingserver "I just uploaded 10MB of this great new movie to B, for which B offered x points per 10MB, please give me x points from B"
rating server asks B: "that true?" B could say:
- yes thats true! all's well, A gets x point from B, next 10 MB
- no, not true: 2 possibilities:
- - It actually is true, but B cheats: server informs A, A terminates upload
- - It really isnt true, A made a mistake/tries to cheat, A terminates upload (or not if he's in a giving mood)

if halfway DLing the great movie the connection breaks, only points for 10 MB are not transferred, "most" of the points agreed upon are still transferred

sandos
Posts: 186
Joined: 2003-01-05 10:16
Contact:

Post by sandos » 2004-01-29 11:25

Im just dumping some thoughts I had about ratings the other day here, and Im not replying to anyone in particular.

I was basically thinking of non-centralised ratings, and the problem with trust. You can basically never trust other peers 100%, and this makes it bad to let trust propagate too much. This means, you cant send out any rating that youve based on anything other than youre own experiences.

The idea here is a simple client-2-client protocol that has the ability to lookup what a client thinks about any another client, and this will of course mostly return unknown. This way a client that wants to know a rating for a client can ask arbitrarily about it in the hub, and it CAN apply a chain-of-trust type algorithm to the received ratings if it wants to, BUT it may never return such mangled, un-safe ratings to any other asking client.

This doesnt apply to a central repo of trust, but Im starting to like that idea less and less.

IntraDream
Posts: 32
Joined: 2003-12-12 14:28
Location: FL,USA
Contact:

Post by IntraDream » 2004-01-29 22:35

The idea of rating is IMO not very good, because as we all know the servers only know what we tell them. say u have 2 ip address's all of a sudden the rating system is out the door when u stick a fake client on both and notify the server u just uploaded 500 mb file from one and downloaded a 500 mb file from another. how long did it take for 90% of kazaa users to have 1000 superuser or whatever there gay system was after the implemented it. im not saying its a bad idea just its a bit of a dream its much like thinking of a way to make shared files hidden from the riaa. imposible unless u screen/trust every user.

GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

Post by GargoyleMT » 2004-01-31 17:26

1. IP addresses do not have to be the basis of your karma identity - see eMule's secure user ID
2. Kazaa's ratings were stored locally, and broadcast locally when sending search results (from what I've seen). It is a mockery of how a good system would be implemented.

I think client-side is the best way to go, if it does get coded.

Locked