April 18, 2014


The End of Gnutella?

Almost exactly 2 years ago, I wrote an essay that examined the case of Arista Records et al v. Lime Group et al. It was presented on Freedom-to-Tinker in a series of three posts (1, 2, 3). These articles presented an analysis which showed that any open filesharing network, such as Gnutella, is vulnerable to spamming. Lime Wire, without advertising as much, was acting as a spam cop for Gnutella, keeping the network safe for infringers. It was my view that the decision in the case could be made to turn on the actions that Lime Wire was taking to control spammers on the Gnutella network, and if the case were examined in that light, Lime Wire could be found liable for contributory infringement while still respecting the First Amendment rights of software publishers.

Since that time, a great deal has occurred in the world of filesharing. It is worthwhile to examine the the current state of affairs, which is predictable in some ways and yet quite surprising in others.

continue reading…

The Arista Records et al. v. Lime Group case has been a victory for the plaintiffs. On October 26, 2010, the court handed down an injunction that permanently prevents Lime Wire from distributing its software or running any servers that maintain the Lime Wire system.

Interestingly, the court largely sidestepped the technical issues as to whether Gnutella itself had non-infringing uses or not, or whether a Gnutella client can be legally distributed. The court’s decision instead turned on evidence submitted by the plaintiffs that LimeWire intended to facilitate filesharing.

As a part of the injunction, Lime Wire was required to “disable … all functionality of the Legacy Software”.

In response, Lime Wire took several actions.

  • Their website no longer advertises or distributes the LimeWire software. Instead, the entire site is replaced with fearsome notice of the court order, and the only thing downloadable now is a pdf file of the permanent injunction.
  • On Oct 26, 2010 LimeWire issued a final simpp.xml file. The simpp.xml file was used by Lime Wire to control various parameters of the operation of LimeWire clients. It contained, among other things, the ban lists – specific IP addresses of machines Lime Wire deemed to be engaged in “unwanted sharing”. No LimeWire client would connect to a machine on the ban list. The final simpp.xml file had an empty ban list, which had the effect of unblocking all files and IP addresses that had been banned from the network.
  • The simpp.xml file also controlled other aspects of LimeWire client operation – it could be used to inform running clients that a new version was available. In the case of LimeWire clients of version 5.5.11 or later, a feature had been added that shut down the client until the new version is loaded. No new version, however, was actually released. This had the effect of shutting off most LimeWire users.

This last action is rather significant. Many, if not most, modern programs include a feature that “phones home” to figure out when to inform the user that a new version has been released. Many allow automatic installations of the new version, without user intervention. It is most uncommon for such a notice to shut down the program if the user does not upgrade to the new version. It is doubtless unique among programs distributed under an open source license.

Indeed, this unusual feature of verson 5 of LimeWire was also accompanied by increased intrusiveness in Lime Wire’s ability to monitor the Gnutella network. Even before v5.5.11, in which LimeWire added this “kill switch” to the client, additional ability to inspect running clients had been added. It is interesting to contemplate just how intrusive these features were, all embedded in a very widely used open source program.

This state of affairs stands in sharp contast to what LimeWire told the court in its July 18, 2008 Motion for Summary Judgement:

[The simpp.xml file does not enable LW to] control what files users search for, choose to share, or download. Also, LW has no ability to alter, disable, or upgrade LimeWire remotely once it has been downloaded and installed by the user. If LW went out of business today, users could continue using LimeWire without interruption.

It appears that, behind the scenes, LimeWire knew it would be made to shut down its network well before the October injunction was issued. Version 5.5.11 was released on July 25, 2010, so LimeWire by that point was acting with the knowledge that it was going to be shut down.

Upon the demise of LimeWire as a useful client, many people simply stopped using Gnutella altogther. Though there are a large number of Gnutella clients, (see http://en.wikipedia.org/wiki/Gnutella#Software for a list) a substantial number of former LimeWire users switched to FrostWire, which got a great deal of buzz as a result. Unlike LimeWire, FrostWire does not embed ads in the client or distribute a “pro” version, and therefore the group that writes FrostWire does not have substantial revenue, as did Lime Wire.

Accordingly, the vigilant anti-spam activities that had been performed by Lime Wire disappeared from Gnutella. In a matter of short order, spammers of various sorts, including those whose intention was to block the sharing of infringing music files, managed once again to afflict the Gnutella network. In late June 2011, the FrostWire team announced that they would remove the Gnutella functionality from their code, and focus on improving the BitTorrent client. As argued before in this space, this outcome is exactly what should be expected of a filesharing network without effective spam policing.

Despite this victory over Lime Wire, and perhaps ultimately over Gnutella itself, it is unlikely that the RIAA and MPAA are raising the champagne glasses quite yet. In essence, the resurgence of BitTorrent as a music and video-sharing protocol brings the techical architecture full circle. The BitTorrent system resembles the original Napster more than Gnutella, as it has a centralized search and seeding system. The calculation made by the file-sharers appears to be that a game of legal whack-a-mole is sustainable in their favor, especially given the global nature of the hosting of trackers.

The next step for the copyright holders appears to be to get the ISPs involved in preventing filesharing, and to that end an agreement annouced on July 7 of this year between copyright holders and some of the largest ISPs is a step in that direction. Nonetheless, it is difficult to see how the relatively slow-moving copyright holders and ISPs will be able to shut down a network that is specifically intended to work as a darknet, hiding itself and moving from place to place.


  1. mitchell reichgut says:

    An excellent piece. I would add that much of Limewire’s users have simply shifted to the Web where “file lockers,” such as MegaUpload and RapidShare have made file sharing easier and safer (meaning more difficult to get caught) than ever.

    • golden says:

      Yes, and lots of people are getting their music by taking soundtracks from youtube as well.

      The trend seems to be that people are becoming more brazen – all the legal niceties of distributed search and sharing are no longer perceived as needed. People just figure they can run around and stay ahead of the copyright police.

    • Thomas-Xavier MARTIN says:

      Absence of legal liability (in many jurisdictions) is an added benefit of “file-lockers” for end-users (i.e. not the initial sharer).

      Usage of P2P networks where the end-user uploads (at least part of) the file she downloads results in legal liability (most European civil law jurisdictions will call it counterfeiting or a variation thereof) if the file is not free of sharing rights.

      Getting a (not free of sharing rights) file from a “file-locker” is usually not an illegal behaviour, as the legal theory of « recel de contrefaçon » (handling counterfeited goods) has been thoroughly denied in this specific meaning by almost all European civil law jurisdictions (including France, Spain, Belgium, Germany, Denmark and others).

      “File-lockers” are dominant these days; the only possible legal action is to go after the initial sharers, which is expensive, extremely difficult and generally something that the right-holders are loathe to do.

      Best alternative is clearly to use political pressure to obtain cooperation from the ISPs in spying on and controlling their users.

      At the same time, political establishments worry about loss of control and are eager to “police” the Internet (i.e. remake it in something less liable to upset the status quo).

      The perfect storm comes from the fact that in many national markets, there is an ongoing concentration of the ISPs themselves, while the “regulating” authorities sit on their collective thumbs…

      Net neutrality will die for the same reasons.

      • golden says:

        If I were the copyright holders, I wouldn’t put too much hope in the idea that ISP spying and control can solve this problem for them. It is easy enough for the filesharers to use cryptography and steganography to avoid being seen by the ISPs.

  2. saug says:

    I guess a tree doesn’t fall down in the forest if nobody hears it, and software isn’t open source if nobody looks at the source.

    • golden says:

      Yes, but what is even odder is that plenty of people were looking at the code. Several of the clients I mention (including FrostWire) are forks of the LimeWire code. One would have thought that all the “inspection” stuff would have garnered more attention in the community.

      • saug says:

        Perhaps there needs to be a code of ethics for open-source code–things it is understood that open-source software doesn’t do. If free-as-in-speech implies free-to-tinker, then a crypto approach to features or operations violates the spirit, even if the source code is 100% open. Perhaps the SOP for evaluating open source programs should include firing it up and then sampling the ports…

  3. David Wood says:

    Interestingly, LimeWire has long had logic that would have prevented any simpp-driven ban list from, in aggregate, banning more than a few percent of the Internet’s non-private IP space. I doubt this was widely known, but it’s such a funny contortion that I’m surprised it didn’t raise more eyebrows. I believe at some point in the past, its designers anticipated being ordered by a court to “turn off” the network, and intended to make it impossible for themselves to “ban the internet” even if they eventually lost control of the simpp system. Yet they did it while still preserving their ability to ban people and files in real-time, to fight “unwanted content” – i.e. advertisements where LimeGroup didn’t get a cut – and worms.

    I believe eventually, as the end neared, LimeWire’s management realized that the “we can’t stop it” defense might be a fun blow to strike for freedom but not a particularly smart legal maneuver. In fact, management’s best hope of avoiding jail and preserving some of their assets was to be seen as cooperating fully with the court. In this new context, saying “we can’t disable it” is dangerous even if true, and I belive this is when the decision was made to change the software so that they _could_ disable it.

    At the same time, as the anti-spam cat and mouse game evolved over the years, it was taking up increasing amounts of attention span within their organization. They were acutely aware of your point, Mitch – and would have known that making it impossible for a simpp to “ban everything” wasn’t a useful exercise in any case. Merely banning nothing would have a similar effect. The network requires continuous, determined editorial labor to live. Frostwire inheriting control of Gnutella, only to abandon it, is the most eloquent proof of the point. They lacked the business model to fund that endless and technically difficult drudgery. A v1 Napster architecture is trivial to maintain by comparison, and hosted in the Ukraine, is almost as safe.

    An open content repository cannot function without some non-voluntary enforcement mechanism for either centralized or decentralized editorial policy. Otherwise every user has at least means as well as motive, if not opportunity, to destroy that repository by attempting to skew its search results and contents for financial gain or personal pleasure. Only a small percentage need to choose self-interest rather than some paltry community aims or social norms for the destruction to be complete. Such is the sharpness of the cutting edge of ultra-low-cost data processing.

    As for the openness of LimeWire, I would say it worked exactly as it should have. You can see that as a steward of their project, Limewire was of course _able_ to insert remote control and extensive, real-time eavesdropping features, just as any open source figurehead can go off the rails. This is not something any dogma can prevent. The value of open/free software is demonstrated in the community response. No reverse-engineering was even needed to find and remove the offending code. The community did so, and there were indeed forks (such as Frostwire) and whole new codebases that were inspired in no small part by Limewire’s behavior. Only the final problem – that even with better alternatives, many users make poor choices with respect to their privacy and liberty – remains unsolved.

    • golden says:

      The PC magazine article I linked above


      claims that a source told them that Lime Wire had entered into a consent injunction with the plaintiffs in June. This would be consistent with their turning around and putting the shutoff code into the LimeWire client in July.

      It would be interesting is to know if this feature was explicitly discussed. The PC Magazine article says that the reason for the delay between the June decree and the October shutoff was because LW was arguing that it needed time to develop the paid service they planned. It seems more likely to me that they needed time to make sure most LimeWire users “upgraded” to a version of the software that could be turned off.

  4. Anonymous says:

    The elephant in the living room here would be Shareaza, a very widely used Gnutella client that has its own approaches to enabling users to filter spam and which I can assure you is quite usable to find and download music.