LionShare is back in the news. When the initial grant announcement went out nearly two years ago, the project received quite a bit of press. Most of the actual details were completely wrong because the press tends to get information from people who do not have a complete understanding of the project.
With the eminent release of LionShare 1.0, the AP and a few other major news providers are picking up stories about the project. Unfortunately, the same situation is occurring again. People quoted talking about the project have several misconceptions.
In the case of the AP article picked up by the Washington post, there is a blatant misconception. Fred von Lohmann of the EFF is quoted in the article. As someone who has contributed to the EFF and had the pleasure of seeing Fred speak, I have a lot respect for the organization and the person. Unfortunately, the quote in the article is way off.
But von Lohmann, who represents a file-sharing service in a copyright infringement suit, warns that LionShare’s access controls could possibly “create a neat, private sheltered place where people could shop music and movies to their heart’s content” without entertainment companies ever knowing.
When content is protected with authorization rules, it only limits who can download the protected content. By design, all files shared on the LionShare network are publicly searchable. So files with access controls or without are searchable by anybody.
When a search is executed, the searching peer receives digitally signed query hit information including a hash and detailed metadata. The actual authorization decision only occurs when a user attempts to download the file protected by access control rules.
While searching is open to anybody, users cannot share files without using institutional authentication. Files shared are digitally signed by the users using certificates obtained from a central authority. When results are listed after executing a search, the sharing user’s full name is placed in the results display.
In the hypothetical darknet scenario, anybody can find out who is sharing those files regardless of the authorization rules used. So lets say for instance a LionShare user happened to start sharing copyrighted content. To stop the user from sharing files on the network, a network administrator can simply disable the users account. Without being able to obtain certificates from our certificate authority, the offending user would not be able to share files on the LionShare network.
I realize LionShare is very complex project but it would be nice if the technology press would maybe talk to the people responsible or do a little research before posting information that is completely false.