Anonymous file-sharing is booming. Whether it’s BitTorrent through a VPN, proxy, or other anonymizing services, people are increasingly looking to hide their identities online.
One application that gained interest earlier this year is RetroShare. Despite being actively developed for more than half a decade, its user-base suddenly increased tenfold in just a few months.
The RetroShare network allows people to create a private and encrypted file-sharing network. Users add friends by exchanging PGP certificates with people they trust. All the communication is encrypted using OpenSSL and files that are downloaded from strangers always go through a trusted friend.
In other words, it’s a true Darknet and virtually impossible to monitor by outsiders. At least, that’s the idea.
This week a Hamburg court ruled against a RetroShare user who passed on an encrypted transfer that turned out to be a copyrighted music file. The user in question was not aware of the transfer, and merely passed on the data in a way similar to how TOR works.
The court, however, ruled that the user in question, who was identified by the copyright holder, is responsible for passing on the encrypted song.
The judge ordered an injunction against the RetroShare user, who is now forbidden from transferring the song with a maximum penalty of €250,000 or a six month prison term. Since RetroShare traffic is encrypted this means that the user can no longer use the network without being at risk.
“The defendant is liable for the infringement of troublemakers,” the court explained in its ruling.
The Hamburg court’s decision goes quite far according to some legal experts. IT lawyer Thomas Stadler, for example, writes on his blog that the legal opinion is “quite risky” as it puts all users of RetroShare in danger.
“It ultimately accuses the offender of failing to secure his Internet connection by running RetroShare, and allowing other users of the RetroShare network to transfer copyright-protected works via his computer,” Stadler writes.
While the ruling is obviously a threat to RetroShare users, in part it’s also a human error by the user in question.
RetroShare derives its security from the fact that all transfers go through “trusted friends” who users themselves add. In this case, the defendant added the anti-piracy monitoring company as a friend, which allowed him to be “caught.”
More troubling is the precedent the ruling sets for people who run open wireless networks, as the same issues arise there. According to this ruling Internet subscribers are responsible for the transfers that take place on their networks, making them liable for the copyright infringements of others.
Update: Contrary to the U.S. and elsewhere, a previous ruling in Germany already makes wireless network operators liable for copyright infringements of others.
Update: Wilde Beuger Solmecke law firm told TorrentFreak that the ruling is “not compelling.”
“Exchanging data via Retroshare is not illegal as such. In contrast to many other file sharing websites, access to files to be exchanged can be restricted to selected friends and so these files are not offered to all users of the website. In such cases no copyright infringement occurs.”
“In my view, there is no evidence that copyright protected music has been made available to the general public. Although the firm Promedia’s investigations demonstrate that the respondent in this case offered a file via a file sharing website, these investigations are not conclusive of the fact that the said file was generally made available to the public. It is possible that Promedia posed as a “friend” of the respondent. The decision of LG Hamburg is not compelling.”