Do you know what your peers know about you?
The U.S. Patent and Trademark Office has released a report on some of the unsavory features included in peer-to-peer file-sharing applications that might come as a surprise to many users. It is not a particularly recent report; it was released in November 2006. But it contains some interesting information.
It seems that many of the mainline P2P applications can quietly make much more than the MP3 or video files in your shared folder available for downloading by others.
But first, why is PTO interested in file sharing? That's a copyright, not patent, issue, and the Library of Congress handles copyrights. The subject caught the attention of PTO Director Jon Dudas when the report's authors showed him some data on file-sharing programs they had gathered for a law review article.
'Because the data seemed to have potentially important implications, I asked the authors to present it in the form of a report,' Dudas wrote in a foreword. 'Having reviewed the resulting report, I conclude that this data should be made known to the public.'
The report focuses on five applications: BearShare, eDonkey, KaZaA, LimeWire and Morpheus. The first finding was that all of these programs give other network users access to files that you have downloaded and stored in a shared folder.
My first reaction to this was, 'Well, duh! Of course it does.' Everyone knows that P2P networks remove the distinction between client and server. That's why it's called file sharing. But a knowledgeable friend assured me that ' especially in the early days of file sharing ' this was not common knowledge, and it was not obvious even to some technically sophisticated users.
My friend said he avoided the problem of other P2P users sucking up his bandwidth by moving his downloaded files to another folder. What he was not aware of was the second finding of the report: All five of the programs examined made all of the files stored in the new folder available for sharing. It is like throwing water on a grease fire. Instead of putting it out, it only spreads the problem.
If the new folder happens to contain a tax return or old love letters as well as your MP3s, all of your peers have access to that, too. Some of the P2P programs included a search wizard that would scour your hard drive for other interesting folders for sharing.
The results are predictable. 'By late spring 2005 the Department of Homeland Security reported that government employees using file-sharing programs had repeatedly compromised national and military security by 'sharing' files containing sensitive or classified data,' the report said.
So what is the lesson here? I guess it is the same lesson that applies to screensavers, e-mail fonts and emoticons, and any other piece of software that is offered by strangers. It is difficult to know for sure exactly what any application does, so before you put it on your computer, be sure you can trust the source. If not, it is probably better to err on the side of caution.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.