The Washington-based conservative Progress and Freedom Foundation has published a study titled "Inadvertent File-Sharing Re-Invented: The Dangerous Design of LimeWire 5" today that makes Limewire sound like the most dangerous application ever.

Limewire's features help "identity thieves, pedophiles, terrorists, and spies," "can also grant reduced jail sentences to dangerous pedophiles," and "knowingly (inflict harm) upon children and their families," according to the study. Scary stuff, all thanks to what has been called inadvertent file sharing, meaning that users share some files they didn't really mean to.

Limewire has gotten some heat for inadvertent file sharing before. There've been congressional hearings about the subject, including one earlier this year. The company responded to its critics by redefining the way its new version 5.0 shares files - but that didn't please the Progress and Freedom Foundation's Thomas Sydnor. "No prior version of LimeWire inflicted such serious risks upon so many of its users and their families," he writes in the new report.

So what is all of this about? Limewire 5 introduced the idea of a content library that by default isn't shared with anyone. Users have to take an extra step to select files within the library and share them to make them available for download via the Gnutella network. At the core of Sydnor's criticism is a feature that makes it possible to share bulk selections of these files by clicking on "share all with P2P network":

"The design of LimeWire 5 centers upon a premise that verges upon lunacy: LimeWire 5 presumes that most users really want to be one click away from “sharing” all of the audio, video, image, and, (perhaps) document files stored in their My Documents folders and all of its subfolders—in other words, their entire collections of popular music and movies; all of their family photos; all of their home videos; and many or all of their scanned or faxed business, medical, legal, and identifying documents. "


Of course, one could debate whether the option "share all with P2P network" is really that unclear. Sydnor thinks that it's written so small that you could easily get confused and share everything when you'd want to unshare all of your files.

He forgets however to mention that Limewire 5 offers multiple ways of monitoring which files you're sharing. Each and every file comes with an icon that visualizes its status. It's green if you share it and grey if you don't. Secondly, there's a whole menu entry in the side bar called "P2P network." Click on it, and you'll see all the files you are sharing with the world in one list. Doesn't really get any easier than that.

But that's not all. Did you notice how Sydnor writes that users "(perhaps)" share documents by accident. That's because by defition they don't. Limewire makes it impossible to share any pdf, txt, doc or xls files through Gnutella without changing a setting under "Tools > Options > Security > Unsafe Categories." Hard to do that accidentally. However, Sydnor has still found a way how users can expose some personal data:

"Most consumer and business scanners and multi-function copier-printers can save scanned documents in bitmap, TIFF or JPEG formats. Scanned documents can include very sensitive or personal records like tax returns, business records, financial data, legal documents, medical records, lists of account numbers and passwords, and identifying documents."

Sure, that's possible, even though I'd assume that most scanners by default save documents as PDF files nowadays. However, users still have to explicitly share these files. One should probably also point out that all of the previous stories about massive breaches through inadvertent file sharing focused on actual document files. The blueprint of Obama's helicopter wasn't leaked through a scanned BMP file, and those 150,000 tax returns that the Today Show supposedly found on P2P networks weren't JPEGs either.

But wait, that's not all: Sydnor stretches the definition of sensitive information even further:

"By definition, most music collections will tend to contain a lot of popular music—and almost none of it will be legal to “share” over the Gnutella network. Consequently, when entire collections can be “shared” at once, audio files become 'sensitive.'"


Riiiiight. Michael Jackson MP3s are pretty much the same as Social Security numbers ...

It's not really a surprise that Sydnor deems audio files that valuable. The Progress and Freedom Foundation foundation has a track record of copyright maximalism, and one has to wonder whether its repeated attacks against Limewire aren't really just attempts to rid the net of copyright infringement.

The foundation is funded by entertainment industry heavyweights like EMI, Viacom, Vivendi and Sony Music. Those companies apparently pay enough money to fund 27-page studies that boil down to one single point of criticism: Limewire 5 has a "share all" feature that may or may not be used to accidentally share files.

Well, I got good news for Mr. Sydnor. I've recently had a chance to take a look at the upcoming Limewire version 5.2, which includes further refinements of the new Limewire UI. One of them is that the "share all" button is gone. Somehow I doubt that this will stop Thomas Sydnor from plotting new attacks against Limewire ...

Tags: , , , ,