How safe are the searches ?

OneSwarm Forum » General

How safe are the searches ?

(8 posts) (4 voices)

Started 2 years ago by cronborg
Latest reply from lah

Tags:

No tags yet.

cronborg
Member

I am supposing a client that has only limited friends and using 1S network only, no BT at all.

There are plenty of ways to configure the searches and to launch searches. How were they impacting the security.
First, there is the option of "request file list" for every friend. How does it work regarding security and in what direction does this work. Whose file goes to whom. Mine to him, his to me or we exchange both of ours. Is there a search list forwarding system as for the file exchange ? This would mean I needn't any friend to request his file list since I can get that of his friends...
Another problem is when applying a search, I'll get some result. If I am not be able to download 100% the torrent because it's stuck, if I try another search, many times I get less or no results. Weird. It is as if first try must be the good one. If I wait for a while, I'll get back something close to my first try.
Very intriguing too.
If I use classic UI there is the old way to force a download a bit by trying to "Force Download". If it's already on "Force Download" I'll make it back to "Download" and back to "Force Download". This is known to reask connections do the tracker on BT.
1S network reacts like BT.
1) If there is no connection, it may find one or more (color red passes to blue), seeds or peers.
2) If it's connected to peers/seeds (color blue), how

Now big question is 'Is there a security breach in forcing downloads'?
Other question regards the searches (Web UI): Is there a security risk when we ask and insist on reasking on the same topic?
Third question is: How the 'request file list' on a friend affects the security in the two previous questions?

Posted 2 years ago #
Rafa
Member

Heya Cronborg,

In my comprehension, the "request file list" option is usable only for Unlimited Friends.
If you disable this option, their 'Metadata' databases (name + hash + preview +...) of their shared files will simply not be added to your own 'Metadata' database.
(Very useful when you have friends with 1,5 - 2 To of datas !)

> If I am not be able to download 100% the torrent because it's stuck,
> if I try another search, many times I get less or no results"

Sure ! :)
Oneswarm does not return in the search result the files that you already have in your share/downloads.

Now for your first 'big' question : do not use this *bloody* Classic-UI !
You will not risk to break you security anymore ... :p

Seriously, I am not sure there is any reasons to force download in the Classic-UI.
Ok, maybe Oneswarm will be able to rebuilt paths between you and the (single?) source.
But theses (forced) paths will be still 'unstables' and they will die again.
Your download will not start by this way ...

> (Web UI): Is there a security risk when we ask and
> insist on re-asking on the same topic?
The search request are not traceable in Oneswarm.
But there may be a way to find an angle of attack on the origin if you repeat it 15 million times by hour (if you have 80% of spy nodes around you of course) ;)

> Third question is: How the 'request file list' on a friend
> affects the security in the two previous questions?
It does not.

Posted 2 years ago #
cronborg
Member

About your answer about a file I already have in my list, I was talking about a different file with the same name. Trying to get better download speed, you never know.
Just try a search about anything. First time you will get plenty of answers, second time fewer, even if you haven't grabbed anything.

About the Classic UI. There is nothing to worry about. If you grab a torrent from the WebUI search, it will load as a simple 'download' in the Classic UI. If you ever load a torrent with the WebUI, it will load as 'forced download'. After, if 'manage his visibility' so you don't use standard bittorrent network, it will stay on 'forced download'. All that without touching the ClassicUI. Would this be a security risk ?
Keep in mind you will have to remove the public network (standard bittorrent) fast enough so it never connects to the tracker or mislead the connection to the tracker with a false proxy (in Classic UI).

About the behaviour affecting the security in searches, I am thinking about this, because one can filter the searches, and maybe, stop passing them if needed, understanding we can even share that on the CS. I franckly see that option as a proof there is a way to understand quite easily what the searches of one's friend are.

Posted 2 years ago #
isdal
Administrator

# About the forced downloads:
the only difference between a forced download and a normal one is that the forced one never is queued by azureus (by default azureus has limits on number of active downloads). The network limitations are always enforced (for example, even if you ask for a tracker update in the classic UI the update will fail with "network not enabled" unless you allow "public internet" visibility).

# About search results appearing and disappearing:
This is due to traffic prioritization, these are the rules:
1. If seeding* and forwarding, always send seeding packets first, only forward using any spare capacity.
2. If the upload (seeding* upload rate + forwarding upload rate) is over 90%: stop forwarding searches to avoid getting a higher forwarding load.)
3. If the seeding* upload rate is higher than 90%, stop responding to searches until the seeding rate goes down (this is to avoid getting completely overloaded).
*(I use the word seeding but it really is any upload of data you have locally no matter if the download is completed or not)

Posted 2 years ago #
cronborg
Member

#1 : Ok, so my understanding is downloads may be forced in 1S only since the bt network is some kind of an overlay to 1S. Or is there any link to sth else, like some kind of supplemental management over BT in Azureus not related to 1S layer.

#2 : Ok. As I understand, the behaviour may produce constant variations of results and the network of searches may be sent through waves. Also for a client if the friends are using their connection at full, there is a big chance they may forget about searches.

About searches, do we get direct hit results from limited friends ?

Posted 2 years ago #
Rafa
Member

>*(I use the word seeding but it really is any upload of data you have locally no matter *if the download is completed or not*)

Why do need to upload uncompleted swarm ?

Posted 2 years ago #
lah
Member

About searches, do we get direct hit results from limited friends ?

Probably yes, because if the limited friend knows the search is originating from You then something is broken :-)

But You should not be able to tell the hit is from Your limited friend (there should be some random delay)

Posted 2 years ago #
lah
Member

The load on seeders would probably be to high (for popular swarms) if swarms in progress wasn't uploaded... But I think staled swarms no longer are uploaded - that's good for limiting spread of broken swarms.

Posted 2 years ago #

RSS feed for this topic

Reply

You must log in to post.