Women in Technology

Article:		It Doesn't Pay to be Popular
Subject:		Bittorrent guarantee identical to direct download
Date:		2003-05-31 09:04:16
From:		eggboard
Response to: Bittorrent guarantee identical to direct download
That's not exactly what I was writing about: if you distribute the file directly and have it distributed through the system, yes; but people downloading have no assurance that any file named X is the same file as X. You see what I mean? If you don't know the author, and there's no trust mechanism that currently allows you to "know" an author, then you don't know whether a file originated from the author who is distributing it or not. Someone could take our book PDF, add a virus, bundle it up, and name it "Real_World_Adobe_GoLive_6.pdf.exe". BitTorrent isn't an excellent choice at the moment for the reasons I cited: people can be fired, suspended, or expelled for using ANY P2P in many places, and our likely reader base wouldn't use a program like BitTorrent for reasons of obscurity (they're not in that community of people who know what P2P is) or job security.

Showing messages 1 through 2 of 2.

• Bittorrent guarantee identical to direct download
  2003-08-13 06:11:34  anonymous2 [View]
  
  
  you need to just also include an MD5 file so people can check if their file is the real one. search for it on google not too sure whats the easiest way to do it but you see it all the time with big files like linux distros etc.

• Yes, but the problem is not specific to BitTorrent
  2003-05-31 15:27:47  anonymous2 [View]
  
  
  Let's review how BitTorrent works.
  
  1. You create .torrent file from original content. The .torrent file contains crypto strong hashes of the original content.
  2. You distribute .torrent file through website, mail or some other mechanism.
  3. User's download content as described by .torrent file.
  4. BitTorrent checks hashes in .torrent file.
  
  The weak link here is step #2. User's don't have a strong guarantee that the .torrent file is the one you generated.
  
  Note that this weakness is identical to direct download. Users do not have a strong guarantee that downloaded file named X is identical to the original file X.
  
  You can make a stronger guarantee in the direct download case by using https, but the same holds true for distributing the .torrent file.
  
  Just to be clear, you create the .torrent file containing the hashes and you distribute the .torrent file containing the hashes. The weak link is in the distribution and that weak link is identical to direct download.
  
  By singling out this issue with BitTorrent, you lead readers to believe that this is a weakness of BitTorrent compared to direct download. There's a lot of FUD about p2p. It's sad to see that you are adding to it.