Graffiti Networks Project ate my wiki!

Today I noticed something strange while backing up the database from another website I manage, ComWiki. The database backup took much longer than usual, and I was surprised when the size of the backup started to go over a gigabyte. Either someone had been adding lots of pages to the wiki, or something weird was going on.

So I went to the “All pages” page on the wiki and noticed a bunch of pages with strange titles that appeared to be spam-like URLs. Visiting those pages gave me a big shock, as the content appeared to be some kind of binary code. It sort of reminded me of the old Usenet rar files, line after line of gobbledegook that looked suspiciously like a slice of Warez.

Then I got an even bigger surprise, when I got a message on my screen that Google had detected malware on the site. Oh boy.

After doing some more digging, I found a note from something called the Graffiti Networks Project. Apparently, this was a project started by a couple of students at Brown University to exploit a weakness in MediaWiki, the open source software that runs Wikipedia (and the software I use on ComWiki). Essentially, the project demonstrated how one could use this weakness to establish a peer to peer file sharing network.

Here’s the more technical description from their website:

In response to the lack of user anonymity and long-term data persistence in existing P2P systems, we developed the Graffiti Network distributed file sharing protocol that uses multiple third-party storage sites as a data replication and transfer medium between clients. Our approach is to use publically available web sites to store multiple copies of shared content. We use the term graffiti for our work since we are storing data in a way that non-network participants may regard as unsightly or unwanted vandalism.

Employing the same concept of a central tracker as in the BitTorrent protocol, a Graffiti client will connect to a tracker and receive well-defined instructions on where and how to retrieve segments of shared files from a remote storage site. Upon successfully downloading and decrypting some portion of the shared data, the client will receive further instructions to replicate that same data at different storage site. If the client succeeds in replicating the data, it notifies the tracker of the new replica location to receive the next data segment it needs and then repeats the process. Our approach has several key benefits over other P2P systems where clients transmit data directly with each other:

A newly arriving peer can still download files even if all other peers have long disconnected
A peer does not need to know about the existence of other peers
A tracker does not need multiple peers in order to enforce tit-for-tat policies.

Wow. You would think they would have at least asked me first before they started hacking at ComWiki. But then I guess that would spoil the fun.

Anyway, I’ve taken ComWiki down for now and put up a “parking page” until I can sort out this mess. When I do get ComWiki back up, I’ll probably have to put up a bunch of security measures, like CAPTCHA-style “type the letters you see in the box” routines, in order to keep out spammers…and Brown University students.

I can understand the theory behind this “experiment.” But I don’t appreciate the ethics, or lack of them, in its execution. I get the impression that these students felt that they were simply testing a “proof of concept,” and that no harm was done by storing their “encrypted data payloads” on wiki pages. But just because something CAN be done doesn’t mean it SHOULD be done. In the social sciences, I doubt if this kind of “experiment” would ever be approved by a human subjects research board.

Sure, running an open wiki means one has to expect some vandalism. I’ve come to expect some “edit wars” when running an open wiki, as people try to use the wiki to advance a particular agenda. Yet I’m still a real believer in the value of open wikis. I like the fact that on an open wiki, one can quickly correct a typo or add an important point to an article. No need to register, no need to squint at a CAPTCHA. Just hit edit and do it. Free and open. Anyone can edit. Yes, that means you have to expect edit wars, but that’s part of the wiki culture. And sometimes you can learn a lot from edit wars. If nothing else, you learn something about those who feel so compelled about their views that they take the time to engage in an edit war.

But to set up a P2P system that exploits this openness takes the “edit wars nuisance” to whole new level, one that just seems wrong to me. I don’t really care if people want to use the internet to share music or movies or warez. Indeed, that’s become part of the culture of the internet, and there’s not much I can do about it. Nor does it seem there is much the RIAA and MPAA can do about it. But to exploit a weakness in MediaWiki (and in particular, a default open installation of MediaWiki) just seems to spit in the face of the Wikimedia Foundation, one of the biggest defenders of openness on the internet.

In my opinion, the real shame in all of this is that when I finally do get comwiki.org back up, it will have to be a more closed wiki, which defeats one of the major advantages of a wiki: the fact that “anyone can edit it.” In fact, at one point I did have comwiki.org more closed, so that only registered users could edit articles. But when I did so, I noticed a significant decrease in edits from users. So I opened it back up, thinking that this might encourage a more open, freely-editable wiki experience. It was just such a freely open wiki environment that these students sought to exploit with their P2P experiment. And now it looks like I’ll have to lock it back up. What a pity.

By the way, even though the Graffiti Networks Projects’s web site claims they used their “removal tool” to delete their “encrypted data payloads” as of April 11, three weeks later I am still getting tons of hits to the wiki from bots. In the time it took me to manually delete a bogus wiki page and its edits, another page or two would pop up. So far this month, the traffic on this site is over 12 gigs. And even after completely removing MediaWiki and putting up a temporary parking page, the domain name is still getting hundreds of hits every day.

Network Neutrality: More complicated than it seems?

For a few years now, I’ve been asking students in my introductory mass communication course to consider the issues behind the “Network Neutrality Debate.”  As part of this exercise, I show students a couple of brief promotional videos from each side of the debate…


Save The Internet (In favor of Net Neutrality)


Hands off the Internet (Opposed to Net Neutrality)

I often hear from students that the Network Neutrality debate sounds like a no-brainer. Giving everyone equal access to the internet sounds fair. So why even debate it?

Well, as I try to point out to students, the issue essentially boils down to which freedom is more important: freedom of speech or freedom of the marketplace. Of course, that’s a generalization, but I think it is a reasonable one. Still, the issue is a bit more complicated once you start to unravel it.

Here’s another way to think about it…

On one level, the internet is a communication network, an infrastructure for communication built with cables and fiber and switches and servers. Building and maintaining that network costs money, and someone has to pay for it. While the initial development of the internet was paid for by government and academia, most development of this infrastructure in the last 15 years or so has been paid for by large companies, like AT&T, Verizon, and Comcast. They’ve spent this money with the intent of eventually making it back, along with a profit.

On another level, the internet is content, the “stuff” people get from using this network. Things like Google searches, YouTube videos, Facebook pages, iTunes downloads, torrents, AIMs and e-mails. Most people don’t care very much about the “hardware” of the internet, as the real value lies in what they can do with it, the content they can receive. And like the hardware side, most of the internet content developed in the last 15 years or so has been paid for (or at least enabled by software platforms developed by) large companies, like Google, Microsoft, and Yahoo.

Now here’s where the network neutrality debate comes in. Both the hardware companies and the content companies want the “freedom” to make as much money as they can. But…

For the hardware companies, “freedom” means being able to charge as much as the market will bear for internet access. They want the freedom to build special “fast lanes” on the internet for those willing to pay more for faster, more reliable internet access. They want the freedom to be able to spend their money on the development of internet infrastructure with the assurance that they can get their investment back, along with a profit. Perhaps most importantly, they want the freedom to be able to deploy their business strategies without the threat of government regulation that could make it difficult to make money. Essentially, this means freedom of the marketplace.

For the content companies, “freedom” means being able to provide their content at the same rate as everyone else, the same “level playing field” that is often characterized as “network neutrality.” They want to take advantage of the traditionally “wide open” nature of internet access that makes it difficult for network providers to discriminate when providing service. They don’t want to have to pay more to get their data on the internet than anyone else has to pay. At the very least, they want the same opportunity to make money providing content on the internet as everyone else does, including their competitors, some of whom are in the infrastructure business. Essentially, this means freedom of expression, or more precisely, equal opportunity for expression.

Perhaps a few examples would help to illustrate this…

Suppose you want to get your phone service through Vonage rather than through your local phone company. You’ve been a Verizon customer for a long time, but you want to save money, so you call up Verizon and say you want to cancel your phone service, but keep your internet service through Verizon. In essence, you want to use your Verizon internet access in order to avoid paying the high cost of Verizon phone service by paying Vonage for a cheaper phone service. Sooner or later, Verizon is going to get tired of this, and try to do things to make it more difficult for Vonage to steal their lunch. They could, for example, charge Vonage more for the privilege of using their networks, which would eventually mean Vonage might have to raise the price you pay. Or perhaps they could reduce the quality of service for Vonage data, so that Vonage calls are noisy and unreliable. Verizon says they want freedom of the marketplace, so they can do what it takes to make money. Vonage says they want freedom of expression, so they can compete with Verizon on a level playing field.

Here’s another example. Suppose you are tired of paying for cable TV, so you call up Comcast to cancel your subscription. But you still want your high-speed internet service from Comcast, because you need to feed your addiction to Family Guy and American Idol. Instead of paying to get these shows from Comcast cable, however, you intend to use your internet connection to download the shows from Hulu.com. In essence, you want to use your Comcast internet access in order to avoid paying for the high cost of Comcast cable TV service. Sooner or later, Comcast is going to get tired of this, and try to do things to make it more difficult for Hulu.com to eat their lunch (or more precisely, NBC Universal, which owns Hulu; or even more precisely, General Electric, which owns NBC Universal). Comcast could, for example, start charging NBC Universal more money for the privilege of using their networks. Or they could demand a share of Hulu’s advertising revenue. Or both. And if NBC Universal refused, then perhaps Comcast would start their own competitor to Hulu (they already have, by the way, with fancast.com). Comcast might even start reducing the quality of service for Hulu data, so that shows from Hulu looked fuzzy and got interrupted a lot, while shows from fancast looked great. Comcast says they want freedom of the marketplace, so they can do what it takes to make money. Hulu/NBC Universal/GE argue they want freedom of expression, so they can compete with Comcast on a level playing field.

Do you see a pattern here? In the one corner, you have the big companies who have a lot of money invested in infrastructure, wanting to make a return on that investment. The big players in that corner include Comcast, AT&T, Verizon, and Cisco.  In the other corner, you have the big companies who have a lot invested in content, wanting to make a return on that investment.  The big players in this corner include GE/NBC Universal, News Corporation, CBS/Viacom, and Yahoo.  Time Warner has a stake in both corners; for that matter, so does Comcast.  Google is so big it should probably get it’s own corner, although until recently, Google has been a major voice in favor of network neutrality. (See this excellent Wall Street Journal article regarding the apparent change of heart by Google and other big names in the net neutrality argument.)

So who will win? It would seem that at the moment, the content providers have a head start in the arena of public opinion. Most people can’t really get their heads around all the nuances of the network neutrality argument. Network neutrality just sounds right. Save the Internet.  But is this principal of network neutrality something that warrants government intervention in the marketplace? That’s the tougher question.

Perhaps the only thing that’s certain: however this network neutrality debate is resolved, consumers will ultimately pay the bill.  Opponents of network neutrality like to say that the content providers want the consumers to pay the bills while they laugh all the way to the bank.  But that’s a hollow argument.  Sooner or later, the consumer always pays the bill.  So the real issue behind the network neutrality argument may simply be who will wind up with the biggest share of those consumer dollars.