Open Source P2P: No Malware, EULA

Ben Edelmen asks what P2P programs install what spyware and answers with a Comparison of Unwanted Software Installed by P2P Programs. Of the five programs analyzed, four (eDonkey, iMesh, Kazaa, and Morpheus) install malware or even more malware and come with voluminous End User License Agreements. LimeWire installs no additional software and has no EULA.

The comparison currently doesn’t note that only one of the five programs is open source: LimeWire. Note that LimeWire, like the others, is produced by a company that pays developers, so being commercial is no excuse for the others.

What about other open source P2P applications? I installed the current versions of BitTorrent, eMule, Phex, and Shareaza. No bundled software. BitTorrent has no installation interface to speak of, and no EULA. The others ask the user to agree to the GNU General Public License, which concerns freedoms associated with the program source code, not obtaining permission for the program to do whatever it wants with the user’s computer and data.

Each of the open source programs (excepting BitTorrent, which is a different kind of P2P app) has the same features as the proprietary P2P apps listed above. All of the open source programs lack the spyware anti-features of their proprietary equivalents.

Notice a trend?

If you want to keep control of your computer and your data, stick to open source. The threat is very real. I’ve seen friends’ computers (particularly those used by teenagers) with proprietary P2P programs that had dozens of distinct malware programs installed and were completely unusable (browsing porn sites with Internet Exploder, which teens are apparently really keen on doing, doesn’t help either; get FireFox already).

[Via Boing Boing.]

16 Responses

  1. links for 2005-03-12

    Open Source P2P: No Malware, EULA Want to use a file trading network without fear of infecting your computer? Go open source. (categories: p2p malware spyware opensource) Sneak preview: Engadget RSS feed as seen via Tiger Quartz Extreme -…

  2. Julian says:

    What about Shareaza?

  3. Julian, read the post again. I list Shareaza as an open source P2P app without bundled malware.

  4. spamblogging says:

    If you use P2P, go open source

    We recently posted a link which discussed which P2P programs don’t install spyware on your system. The page recommended using LimeWire. Now here is something which explains why you want to use LimeWire, it is open source….

  5. Chad Poirier says:

    Limewire’s great, but I find its ability to connect to a maximum of 5 ultrapeers frustrating. I love the hacked version of acqlite I use on my Mac that gives me an infinite number of ultrapeer connections, thus giving me tonnes of search results.

    Limewire’s still great though – especially its pro version with iTunes integration.

  6. Chad, I’ve not tried acqlite. It must be based on a rather old version of LimeWire, as the last acqlite release was Nov. 2003. I suspect there are rapidly diminishing returns for connecting to more ultrapeers, and if everyone tried to connect to as many ultrapeers as possible, ultrapeers would suffer unnecessarily. I gather LW tries hard to ensure that the network stays healthy, e.g., by limiting automatic requeries.

  7. Zark says:

    Any ideas about Soulseek?

  8. Matt says:

    Direct Connect helps me steal with little problems.

  9. Julian says:

    Hmm… You’ve added Shareaza afterwards, right? I think I’ve read the whole text…

  10. Julian, I was referring to my post, the one you’re commenting on. It always mentioned Shareaza. Perhaps you’re confusing me with the author of the article cited in the first sentence of this post, Ben Edelmen. His article still does not mention Shareaza.

  11. Zark, Soulseek claims to be adware and spyware free. I have no idea if it is. As far as I know the main client is not open source, though I could be wrong, and there may be alternative clients that are open source. Feel free to investigate and report back. :-)

  12. [...] Remember that LimeWire is Open Source P2P and thus pretty trustworthy — and you can always fork. [...]

  13. ulTRAX says:

    Mike said LimeWire is Open Source therefore trustworthy. What I find untrustworthy about LW is that the default settings permit total filesharing… and many users don’t know enough about P2P to protect themselves.

  14. ulTRAX, that’s a good point, but not entirely correct. LimeWire (at least the current version; 4.12.4) shares files only with the following extensions by default:

    asx;html;htm;xml;txt;pdf;ps;rtf;doc;tex;mp3;mp4;wav;wax;au;aif;aiff;ra;ram;wma;wm;wmv;mp2v;mlv;mpa;mpv2;mid;midi;rmi;aifc;snd;flac;fla;mpg;mpeg;asf;qt;mov;avi;mpe;swf;dcr;gif;jpg;jpeg;jpe;png;tif;tiff;exe;zip;gz;gzip;hqx;tar;tgz;z;rmj;lqt;rar;ace;sit;smi;img;ogg;rm;bin;dmg;jve;nsv;med;mod;7z;iso;lwtp;pmf;m4a;idx;bz2;sea;pf;arc;arj;bz;tbz;mime;taz;ua;toast;lit;rpm;deb;pkg;sxw;l6t;srt;sub;idx;mkv;ogm;shn;flac;fla;dvi;rmvp;kar;cdg;ccd;cue;c;h;m;java;jar;pl;py;pyc;pyo;pyz

    That’s a lot of file types, but most are “media” types. You don’t see spreadsheet or mailbox formats, or whatever unknown formats are used by e.g., finance software.

    I haven’t done a fresh install of LW in a long time, but IIRC correctly it gives you the option of scanning your drives for media. If you say no, only files placed in a sharing directory are shared.

  15. [...] If you can’t find the film on the lightnet fire up a filesharing client (I recommend LimeWire) and click on the magnet link below to start your P2P search and download. [...]

  16. [...] Open Source P2P: No Malware, EULA. The claim made is ridiculous in theory, supported by anecdote in a narrow domain. It’s clearly wrong today, and probably was wrong then as a practical matter for many people: though offical distributions of open source filesharing clients may not at the time have included malware, many secondary distributions did. [...]

Leave a Reply