Thread: New P2P on the block: Perfect Dark
View Single Post
Old 2009-06-18, 18:53   Link #346
globus999
Junior Member
 
Join Date: Jun 2009
Quote:
Originally Posted by fireshark View Post
Let me rephrase what I meant, anything you *want* to download is treated as just another unity download except that it's converted after it's done.

Secondly, if Perfect Dark allowed you to selectively delete information regarding cache conversion, I'm sure that NetAgent wouldn't have mentioned that they can find it out.
Anything you *want* to download may be visible by NetAgent, since, if the info is correct, NetAgent works by mimicking a client. However, there are two parts to this:

1 - What you want to download are just search "keyword". So what? The agent has no way to know that you are actually downloading this or that file. Only that you are searching for it. So far, nothing illegal.

2 - Let's say that you found a file and you are downloading it. Then again, so what? It's in the Unity and it is indistiguishable from other hundredths of files that are also in the Unity. It is "your" file or is it PD's file? Just because there is a keyword match between your search and the name or description of the file it means bupkus! There are thousands of files with responding to the same keyword.

Wrt to your second part, the info about the file you downloaded is stored in a separate Database. If you erase all this info (and you can do so easily from the Downloaded tab through a right-click), then if you re-search for the same file and re-download, you will notice that it is treated as not-previously downloaded. So, in principle, yes. You can do this.

Now, taking into consideration that PD is of closed code, I can't provide 100% assurance to this regard.

Lastly, why would NetAgent say so? Because if you do NOT erase this info selectively, then YES. The agent can and will find out that you actually downloaded the file and decrypted it. Why? because only files selected for download can be decrypted.

Bottom line, as far as I can understand, you are only vulnerable during the moment your file is decrypted and the time it takes you to nuke this info.

Worth the risk? I dunno. Each one will have to make a decision.

In any event, it is NOT panic-button time. However, the general trend is worrying.

The main problem being that this seems to be a general attack against P2P clients from which there is no defense. All clients need to share info in order to share files. Anything mimicking a client will have the same info.

Can't wait to see what kind of solution will the P2P community come up with to neutralize this treat. It is going to be something trully creative!
globus999 is offline   Reply With Quote