- Users of the Kazaa peer-to-peer (P2P) file sharing network are unwittingly trading private files due to the confusing and somewhat misleading nature of the software's user interface, a new report indicates.
Kazaa, which boasts millions of users performing more than 85 million downloads a day, is one of the most popular P2P applications available. But although users are well aware of its song and movie-swapping capabilities, a significant number of them don't realise that all the files on their computers are potentially up for grabs, according to the report.
"Our research shows that people are currently sharing and downloading personal files from Kazaa, and are capable of doing so with users oblivious to any private data being shared," write researchers Nathaniel S Good, from Hewlett-Packard Laboratories' Information Dynamics Lab, and Aaron Krekelberg, from the University of Minnesota's Office of Information Technology.
Good and Krekelberg's report, which was posted on Hewlett-Packard's website last week, describe how the design of Kazaa's user interface prompts unintentional sharing of users' private files.
"While facilitating file sharing and searching, the systems do a poor job of preventing users from sharing potentially personal files," the researchers say.
One of the main problems the researchers discovered with the interface is the way in which the application creates a default directory of files to be shared, which Kazaa calls the "download folder." Many users do not realise that when they add files to the download folder, all the files in the directory, as well as the directories below it can be recursively shared.
The report also criticises the way the software searches for files to be shared, noting that it does not give criteria for discovering folders to be shared, such as searching only for media files.
Therefore, when it discovers a folder to be shared, "it presumes that users have a perfect knowledge of what kinds of files are contained in those folders and what will be shared," the researchers write.
These usability issues have led a significant number of users to swap personal files, without knowing it, the report states.
In a series of tests, Good and Krekelberg sought to discover just how prevalent the swapping of private files was on the P-to-P network.
Over a 12-hour period, the researchers performed regular searches for Microsoft Outlook Express email files, figuring that users did not intend to share personal email messages on the Kazaa network. Of 443 searches performed over the 12-hour period, 61% of the searches returned one or more hits for the email files.
Additionally, other tests turned up word processing documents, web browser caches and cookies and financial software files.
Dismayed with the results, the researchers wrote that "while Kazaa is not a security application ... it nonetheless shares similar responsibilities to its users."
Kazaa spokeswoman Kelly Larabe says that the company was grateful for the report since it points out issues that need to be addressed.
"We feel strongly that they have done us a service," Larabe says, adding that Kazaa "will do everything it can do to improve and grow."
While the spokeswoman could not confirm that the researchers' suggestions would be incorporated into the next version of the Kazaa software, she did say that the company planned to post additional educational tips for users on its website within the next couple of days.