File sharing apps slammed for sharing too much - report

 

Gallery

Posted on 7 Mar 2007 at 09:53

The US Patent Office has warned against the use of p2p filesharing applications that it claims could result in users inadvertently sharing personal and sensitive data.

The USPTO's report on 'Filesharing Programs and Technological Features to Induce Others to Share' was prompted by the indictment of a gang that has used the LimeWire p2p software to 'access names and account information from personal and business accounts across the country, and then use that information to open new bank accounts in the Denver area'.

Prosecutors allege that the gang intended to obtain methamphetamines and steal money and merchandise.

The report found that the five filesharing applications it studied - BearShare, eDonkey, KaZaA, LimeWire, and Morpheus - 'repeatedly deployed features that they knew or should have known could cause users to share files inadvertently'.

It concluded that all five programs, by default, caused users to share every file that they would subsequently download from the Internet, whether they meant to share it or not.

'These features create a counter-intuitive link between downloading files for personal use and distributing files to strangers, and they have often been implemented in ways that could make their effects less obvious to new users,' the report says

All five also deployed shared folder and search wizard features that the report says are 'uniquely dangerous'.

'They can cause users to share inadvertently not only infringing files, but also sensitive personal files like tax returns, financial records, and documents containing private or even classified data,' it states.

All five agreed to remove such features in 2003, but the USPTO found that none had.

'By late spring of 2005, the Department of Homeland Security reported that government employees using filesharing programs had repeatedly compromised national and military security by "sharing" files containing sensitive or classified data,' it says.

The reports final area of concern is the lack of comprehensive uninstall tools. At least four of the applications, the report does not say which, have an uninstall feature that fails to delete the software and all its associated files.

'If users uninstall one of these programs from their computers, the process will leave behind a file that will cause any subsequent installation of any version of the same program to share all folders shared by the "uninstalled" copy of the program,' it says. 'Whenever a computer is used by more than one person, this feature ensures that users cannot know which files and folders these programs will share by default.'

Jon Dudas, under secretary of commerce for intellectual property, described by the USPTO as the Bush Administration's point person on copyright policy, called for action to address the threat to the security of personal, corporate, and government data.

'A decade ago, no one would have thought that copyright infringement could threaten personal or national security,' he said. 'Today, that threat is a reality; we need to understand its causes and find solutions.'

The USPTO report is available here as a PDF.

Author: Simon Aughton