OneSwarm, a pirates dream?

Swedish newspaper Svenska Dagbladet published an article today named "no worries about new file-sharing service", (link in Swedish) regarding the OneSwarm application released by a group of students and faculty members of the University of Washington merely two weeks ago. The article focuses on the obvious use of OneSwarm -- piracy -- and how it isn't the end-all, be-all piracy tool some say it is.

In that regard, the article is correct -- if perhaps not for any technically sound reason. Henrik Pontén, a lawyer of the Swedish Anti-Piracy Bureau, (APB, link in Swedish) is quoted, translated by me, as saying:

"File-sharers always claim that new technology will make law enforcement impossible. It started with claims that the internet would make it impossible to get to people selling pirated goods, then people were saying that DC-hubs would make our job more difficult and then that BitTorrent technology would be impervious to legal attacks."

However, as faithful readers of the XKCD web comic can attest, correlation doesn't imply causation. Just because earlier file-sharing methods were open for pretty much anyone to monitor, it doesn't mean that OneSwarm is as well. In fact, unlike the DC and BitTorrent protocols, the OneSwarm authors claim that it has been specifically designed with the users privacy in mind. For a quick, easy-to-understand overview, I recommend this screencast.

The lawyer isn't completely wrong, though -- OneSwarm suffers from several issues, many of whom can be read in this technical report:

  • The performance, or download speeds, depends greatly on the speeds of the social graph. If your list of friends have poor internet connections, you're out of luck. Compare this with BitTorrent who hooks you up with a more-or-less global list of peers.
  • Even if your friends happen to have excellent, high-speed internet connections, you might not be the only one piping data through them -- you might be sharing their connection with multiple users in the cloud, limiting your download speeds. Unlike, for example DC, you're not only consuming your own and the peers bandwidth -- you're consuming bandwidth of others in the cloud as well, including atleast one friend.
  • Flooding a a distributed network for search requests introduces a quite remarkable overhead compared to other methods. (for example, pointing your browser to The Pirate Bay) In some cases as small as a few percent of the total stream of data is search overhead, but in other cases as much as 40 to 70 percent (!)
  • Even though the underlying BitTorrent technology, by nature, spreads the load if there are multiple peers, OneSwarm isn't completely fair -- depending on their number of friends and their shared objects, some nodes in the network will have their bandwidth less employed than others: a consequence of restricting sharing to the social graph.
  • Finally, OneSwarm doesn't offer strong anonymity. It might offer strong enough anonymity, it might not. No guarantees are given, a sufficiently strong attacker (think government agencies) could theoretically compromise OneSwarm anonymity.

As grim as this may sound, nothing beats real-world testing -- I for one, with a strong interest in communication privacy and encryption techniques, will look into OneSwarm further. It may be that any loss in performance is negligible, or that the benefits outweigh the drawbacks. My (rather safe) bet is that BitTorrent, OneSwarm and several other P2P file sharing techniques will co-exist for a long time ahead, in part because they serve fundamentally different purposes. As the report points out, time will tell.