Users of the Kazaa peer-to-peer (P-to-P) file sharing network are unwittingly trading private files due to the confusing and somewhat misleading nature of the software's user interface, a new report indicates.
Kazaa, which boasts millions of users performing more than 85 million downloads a day, is one of the most popular P-to-P applications available. But although users are well aware of its song and movie-swapping capabilities, a significant number of them don't realize that all the files on their computers are potentially up for grabs, according to the report.
"Our research shows that people are currently sharing and downloading personal files from Kazaa, and are capable of doing so with users oblivious to any private data being shared," wrote researchers Nathaniel S. Good, from Hewlett-Packard Co. Laboratories' Information Dynamics Lab, and Aaron Krekelberg, from the University of Minnesota's Office of Information Technology.
Good and Krekelberg's report, which was posted on Hewlett-Packard's Web site Wednesday, describe how the design of Kazaa's user interface prompts unintentional sharing of users' private files.
"While facilitating file sharing and searching, the systems do a poor job of preventing users from sharing potentially personal files," the researchers said.
One of the main problems the researchers discovered with the interface is the way in which the application creates a default directory of files to be shared, which Kazaa calls the "download folder." Many users do not realize that when they add files to the download folder, all the files in the directory, as well as the directories below it can be recursively shared.
The report also criticizes the way the software searches for files to be shared, noting that it does not give criteria for discovering folders to be shared, such as searching only for media files.
Therefore, when it discovers a folder to be shared, "it presumes that users have a perfect knowledge of what kinds of files are contained in those folders and what will be shared," the researchers wrote.
These usability issues have led a significant number of users to swap personal files, without knowing it, the report states.
In a series of test, Good and Krekelberg sought to discover just how prevalent the swapping of private files was on the P-to-P network.
Over a 12-hour period, the researchers performed regular searches for Microsoft Outlook Express e-mail files, figuring that users did not intent to share personal e-mail messages on the Kazaa network. Of 443 searches performed over the 12-hour period, 61 percent of the searches returned one or more hits for the e-mail files.
Additionally, other tests turned up word processing documents, Web browser caches and cookies and financial software files.
Dismayed with the results, the researchers wrote that "while Kazaa is not a security application ... it nonetheless shares similar responsibilities to its users."
No one from Kazaa was immediately available to comment on the report Friday.