P2P-Zone - View Single Post - How would you manage identities in decentralized p2p?

SA_Dave · 08-09-02, 02:38 AM

Okay TankGirl, I understand this concept of assigning multiple "aliases" to a trusted node , possibly with different ratings in the case of different users. I also understand that this verified identity wouldn't discriminate against those who aren't really interested in community, but who contribute anyway by default. This would allow for profile-switching & even the use of multiple pcs by a single trusted user. However, as I posted above, this presents a new challenge as far as verification is concerned. How do you absolutely ensure that someone is who they say they are, without using unique biometric patterns such as fingerprints, retina & facial profiling, voice-printing & genetic markers?

As most people are probably aware, sophisticated biometrics systems cannot be bypassed by cutting off someone's fingers to gain access to a secured facility, as is commonly depicted in Hollywood movies!

I assumed that using a cpu fingerprint or similar would be the most reliable method of tracking identity. I guess what I'm asking you is : how would you translate this into practical computer terms? I don't believe that encryption is enough & passwords would probably be a weak point, as it relies on the end-user. Your proposed "hotlist" idea isn't very all-encompassing either and a zone of absolute trust wouldn't work in these conditions. I think it should be implemented across the board or not at all! At least, that's what I understood by your references to Thawte, Verisign etc.

Perhaps it's best to refer to your concept more as a "performance review", as this system would seem to apply more to content-distribution than to chatting & searching! The score is influenced by characteristics such as reliability, performance, stability and behaviour under 'real-world' conditions; which could be positively influenced if that particular node or user had a "dynamically permanent" cyber-address. The actual identity of the peer seems irrelevant if you look at it from this perspective.

These problems can be solved once more intelligently-structured networks arise Phoenix-like from the ashes of the current crop. The frustrations with the current decentralised topologies could be eliminated with a little foresight. The increases in bandwidth should help, but more efficient protocols would also be benificial. I believe that clients which have integrated community-friendly tools and features are the best solution, now & for the forseeable future. It's no good tacking a "peer rating" system onto an otherwise outdated or useless client!

You should also consider that many people might balk at this kind of profiling occurring on p2p networks. What with cookies, spyware/malware, ISP monitoring, the government passing anti-terrorism laws which give them free reign, Microsoft's .NET and similar scandals, notwithstanding the RIAA, MPAA & their spoofing pals, wouldn't people be a bit suspicious & might this not be seen to be in the RIAA's and advertisers' best interests?

The internet and P2P are so popular because they give you comparative freedom & anonymity. Most people don't want to live in episodes of the X-Files for the duration of their natural lives & decentralised p2p networks would be useless if someone managed to introduce an oppressive, invasive or uncomfortable atmosphere. If mere suggestions can scare people away from trying things out in the first place, imagine the possible effect this could have on p2p populations! Of course, this is assuming that the news wouldn't be censored by the mass-media or that another BDE/altnet scenaria wouldn't occur (which didn't affect official Kazaa downloads in any negative way whatsoever as far as I could tell!)

Maybe you're sick of my rambling by now TankGirl, but I'd like to know how you envision & plan to implement your proposed sytem, now & in the future. Perhaps a point-by-point rundown of the features, with a brief explanation of why you deem each one necessary or at least ideal for the future of p2p-networking "according to TankGirl". It would help me and others understand exactly why it is you're proposing this & whether it is possible to implement another, less complicated solution.

I understand the what?, where? and why?, it's just the how? that needs a bit of clarification. If it's not too much trouble O Great Tanked Dungeon Mistress!

08-09-02, 02:38 AM	#35
SA_Dave Guardian of the Maturation Chamber Join Date: May 2002 Location: Unimatrix Zero, Area 25 Posts: 462	Okay TankGirl, I understand this concept of assigning multiple "aliases" to a trusted node , possibly with different ratings in the case of different users. I also understand that this verified identity wouldn't discriminate against those who aren't really interested in community, but who contribute anyway by default. This would allow for profile-switching & even the use of multiple pcs by a single trusted user. However, as I posted above, this presents a new challenge as far as verification is concerned. How do you absolutely ensure that someone is who they say they are, without using unique biometric patterns such as fingerprints, retina & facial profiling, voice-printing & genetic markers? As most people are probably aware, sophisticated biometrics systems cannot be bypassed by cutting off someone's fingers to gain access to a secured facility, as is commonly depicted in Hollywood movies! I assumed that using a cpu fingerprint or similar would be the most reliable method of tracking identity. I guess what I'm asking you is : how would you translate this into practical computer terms? I don't believe that encryption is enough & passwords would probably be a weak point, as it relies on the end-user. Your proposed "hotlist" idea isn't very all-encompassing either and a zone of absolute trust wouldn't work in these conditions. I think it should be implemented across the board or not at all! At least, that's what I understood by your references to Thawte, Verisign etc. Perhaps it's best to refer to your concept more as a "performance review", as this system would seem to apply more to content-distribution than to chatting & searching! The score is influenced by characteristics such as reliability, performance, stability and behaviour under 'real-world' conditions; which could be positively influenced if that particular node or user had a "dynamically permanent" cyber-address. The actual identity of the peer seems irrelevant if you look at it from this perspective. These problems can be solved once more intelligently-structured networks arise Phoenix-like from the ashes of the current crop. The frustrations with the current decentralised topologies could be eliminated with a little foresight. The increases in bandwidth should help, but more efficient protocols would also be benificial. I believe that clients which have integrated community-friendly tools and features are the best solution, now & for the forseeable future. It's no good tacking a "peer rating" system onto an otherwise outdated or useless client! You should also consider that many people might balk at this kind of profiling occurring on p2p networks. What with cookies, spyware/malware, ISP monitoring, the government passing anti-terrorism laws which give them free reign, Microsoft's .NET and similar scandals, notwithstanding the RIAA, MPAA & their spoofing pals, wouldn't people be a bit suspicious & might this not be seen to be in the RIAA's and advertisers' best interests? The internet and P2P are so popular because they give you comparative freedom & anonymity. Most people don't want to live in episodes of the X-Files for the duration of their natural lives & decentralised p2p networks would be useless if someone managed to introduce an oppressive, invasive or uncomfortable atmosphere. If mere suggestions can scare people away from trying things out in the first place, imagine the possible effect this could have on p2p populations! Of course, this is assuming that the news wouldn't be censored by the mass-media or that another BDE/altnet scenaria wouldn't occur (which didn't affect official Kazaa downloads in any negative way whatsoever as far as I could tell!) Maybe you're sick of my rambling by now TankGirl, but I'd like to know how you envision & plan to implement your proposed sytem, now & in the future. Perhaps a point-by-point rundown of the features, with a brief explanation of why you deem each one necessary or at least ideal for the future of p2p-networking "according to TankGirl". It would help me and others understand exactly why it is you're proposing this & whether it is possible to implement another, less complicated solution. I understand the what?, where? and why?, it's just the how? that needs a bit of clarification. If it's not too much trouble O Great Tanked Dungeon Mistress!