Data Mining And Its Impact On The WPN Userbase

This topic has been added to cover the important area of recent aggressive "Data Mining" by anti-p2p companies and will present you with the simple facts that have brought the winmxworld support team to the conclusion that doing nothing is no longer acceptable nor an option for continued support of the WinMX Network

Some of the contents shown here is security sensitive, it has been shared with you simply to help you understand how and why we have reached our conclusion. We hope given the same information and concern for both the WinMX network and its users you too will reach the same conclusion, our thanks in advance for taking the time to read this important topic.
Please feel free to download a copy of this page for your own usage but please do not share its contents with those not invited to the discussion, many folks are relying on your silence.



Data mining of one sort or another has been with us on the WPN for some time now and has ranged from simple efforts to map the network to other more serious efforts to locate and index users shared files over a period of time and its this more serious threat that we have become concerned with of late.

Heres a normal activity snapshot that shows compromised Primary nodes issuing searches on behalf of the network attackers.

As you can see they operate from behind multiple primaries and route the searches across all of these following a 15 minutes pattern in most observations. Normal users searches will appear once only, not from hundreds of primaries. Its normal for the attackers to go through thousands of unblocking IP's in a single 24hr period, these will of course be host file users in the vast majority and a very small number of D-I-Y fixes some folks utilise that also feature no primary blocking of attackers.

Many searches are currently being performed on the network that originate from known WinMX attackers in fact its from the same range of IP's that are currently active in adding fake file listings to the network while posing as legitimate Secondary clients, this of course simplifies blocking of such parasites, however due to the design of the network, unblocking primaries are acting as conduits for the otherwise blocked attackers and gathering search results that bypass any method we have of blocking them.
Now although the above is pretty alarming its been going on on a small scale for some years and we suspect being used as marketing information, unfortunately there's a new threat in town.



What has caused us deep concern are new and more frequent searches made to root drives (d:, e: , f: etc)from this subtle but definite change in their normal routine and the passing of new laws in both the UK and other countries that allows "copyright owners" to claim copyright infringement with very little evidence it seems clear in our opinion that this is exactly the method they would use to map users who shared large quantities of files and thus would likely have more than one drive on their machine shared on the network. I's clear I hope that such folks would obviously cause the biggest impact on the network by their loss, also this is an ongoing process and as observed in the Kazaa cases in the USA, they aggregated many such sets of data over a period of time to build up rather formidable cases against selected users sharing content they had some interest in. The key data they are seeking is obviously what is being shared and by whom, all this data is available in the search results packets and thus its likely only a matter of time before we see some of the results of this activity, our collective aim should be to deny access to the nework for those invading users privacy with their illegal data mining.  



The search system can be summed up petty speedily with the help of this informative diagram


As you can see there is no way of telling where a query originates from, only the Primary actually originating the serch query and gathering the search results will know this data.