Slashdot Mirror

"Really? All you have to do is be on the torrent and connect to them."

What about protocol encryption or PeerGuardian? Do either of these help or are they worthless? Article is very light on details, just says "use torrent, we c u IPs"

Don't forget Peer Guardian!

Peer Guardian basically denies any connection from known hostile IP addresses. It works for Anti-p2p, spammers, scammers and adware sites, keeping them from ever connecting to your machine. If they can't see your torrent, then they don't have as strong a case to file a letter.

Remember, no defense is perfect by itself. But if you use a layered defense, such as encrypted torrents, programs such as PeerGuardian to deny connections from bad guys, and other tactics, then you can greatly increase your level of protection. But at the end of the day, nothing will protect you from the shotgun approach these jerks are using. It's going to come to a point where anyone using ANY form of torrent client is going to be automagically guilty of a crime.

Until that time, don't be ignorant of the tools you have to fight them.

Well, er... not quite. Anybody can connect to the same torrent, and they can connect to peers as well. Then all they have to do is nslookup the IP numbers, identify the ISP, and then with the ISP's cooperation they can get my personal details.

Well if I know (or can find out) those companies who may be interested in connecting to me for this reason. Then I can simply stop tme connecting to me and vice-versa

In fact such lists and maintainers of list already exist, very much similar to ad blocker lists.

peerguardian2 haven't tried in years

for real nerds linux:

moblock (google for debs)

Quake1 is both free and more fun than Quake3. Graphics in engines like FTEQuake work with Quake1 through Quake3 maps, and have shaders, bloom, etc.

Plus you can play CustomTF. =)

http://quake.phoenixlabs.org/

I used to recommend NOD32 but not anymore, given these tactics. Tried it and confirmed it for myself that they were doing this. I use Avast on my Windows box, and although it uses more resources than NOD32, it's not nearly so much more as to be a deal-breaker. And the actual level of protection seems to be about the same -- mind you, I make these observations after trying both on various computers over a period of three years.

You use a bittorrent (or whatever) client that supports automatically downloading a blocklist, like PeerGuardian, and then the RIAA jackasses can't download from you. Plus, the encrypted connection keeps your isp from knowing what you're sharing.

>>I had my fill of first person shooters years ago and yet for some reason they're still being developed and offer little to nothing different over the last one.

CustomTF is still an open source project under development (started in 1999). Quake engine is open source, game code is open source, anyone can submit patches to me, or fork off their own versions. It is based on Team Fortress, but modified so that you can build your own class, using a pricing system for each component you want to buy, so you can play a scout that drops sentry guns or a sniper with a rocket launcher.

It has all sorts of interesting options to it beyond what were in the original Team Fortress. A lot more.

Latest version came out, oh, today.

Information:
http://wiki.quakeworld.nu/Prozac-TF

Forums:
www.customtf.net/forum/

Server:
http://quake.phoenixlabs.org/

Download:
http://customtf.sourceforge.net/customtf/index.html

If you want me to kick your ass in Quake to prove the point, I can... provided you can get it installed, configure the game properly, and figure out how to join a server. Then after I beat you flawlessly, I can invite someone else to beat me flawlessly, and you'll be left with an appreciation of how wide the skill range can be.

Funny you should mention that, because I run a Custom-TF server - come drop by sometime. I didn't say these games don't exist, just that there aren't enough of them. Being a fellow quake player, I'm glad to know you appreciate the type of long-term games I'm looking for. Things like RJing, bhopping, skill maps, being able to manipulate the crappy but insanely fun physics to curve around obstacles while fighting - sure I know and understand all the game mechanics and am better than most, but after 10 years of play I have yet to master them and occasionally come across someone who painfully outclasses me. And that just makes it more fun.

On the subject of MMOs, I have played a few. I have played a lot of single-player RPGs. Sometimes the stories and roleplaying are enough to keep me, sometimes the fun teamplay is enough to keep me. On one occasion, a custom UO shard had enough cool GMs to make a lot of interesting situations every week. But most of the time I burn out quick, because there just isn't enough of a skill curve involved to make it fun in the long term.

You hit the nail on the head - make it easy to learn, fun for noobs. But also make the skill gap between noob and master take years to close, and be fun doing so.

Very funny. O(1) doesn't mean penalty-free. O(1) only means the look-up time is constant (assuming the hash-table is large enough), so this hare-brained idea is definitely technically feasible (although, politically it's stupid, since it's an added inconvenience that's only going to affect the average non-pedophile users).

An example of this scheme working "technically" is Peerguardian2, PeerGuardian prevents your computer from interacting/sharing files with Government ip addresses, anti-sharing ip addresses, spyware/malware/botnet ip addresses, and anyone else that may have pissed you off. The look-up time is fine, it's just the occasional updating and the rehashing that can take a few seconds to a half-minute depending on how fast your computer really is.

That being said, even Peerguardian is not without its problems, sometimes it will block you from going to/sharing with a legitimate site/user just because their ISP allocates IP addresses dynamically. In my case, it even prevented me from checking my own email, because a block from my own ISP was blacklisted. But at least Peerguardian lets you easily override/change specific settings/protocols and it lets white list any ip address/block that accidentally gets misclassified, so it's not going to have the crippling effect on the average non-pedophile user that this Australian harebrained scheme is going to have.

Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.

That's easier said than done. Here are some reasons:

• The page was almost certainly clean when the ad was set up.
• What if they use a database of known ip addresses (such as those available for free for PeerGuardian) to attempt to avoid attacking a Google ip address, rather than looking at the referrer?
• Many of the redirects are much more sophisticated today -- they don't do a server-side redirect request, they send some javascript to make the browser do a client-side redirect. That makes things difficult because now your spider must include a javascript interpreter.
• What if there's a 10-second delay before the redirect? If your spider leaves the site too soon, it'll never know. In contrast, many users would likely still be on the page after 10 seconds.
• What if the attack is only initiated as a result of some particular sort of user interaction, like a click on the page (similar to much of today's popup code)? How do you reliably test for all possible variations on that?
• How often do you test the links? Once a day? That'll take a lot of resources for someone as big as google. Once a week? On average that means a site will have 3-4 days in the wild before they even get checked, and that frequency still might take a lot of resources.
• What if, even after all that, the page only attempts to attack one out of every ten opportunities? Even if you check the link periodically, and are able to duplicate the circumstances necessary to trigger the attack, you may not catch the attempt until you've tested the page several times. At once a week checking each link, that would mean on average a month or more in the wild.

PeerGuardian

Just Install peer guardian and configure it to use the Level1 Bluetack blocklist... then your safe as this blocks the vast majority of all anti P2P organisations worldwide. If everyone did this the BPI's job of detecting file sharers would be a WHOLE lot harder and their deal with ISP would become worthless.

On another point, I think its naive to think that if your ISP send you one of these "informative" letters that they wont pass on your personal details to the BPI, who identified your IP address in the first place. The next logical step after is you end up in court fighting a copyright infringement case against the BPI or one of its "partners".

Peerguardian. http://phoenixlabs.org/pg2/

Use it or dont whine about getting nailed by the RIAA,MPAA,BSA,NAACP,etc....

Hence Peer Guardian 2...

http://phoenixlabs.org/pg2/

eh, yeah it's a stupid plan, I've spent long spans of time unemployed. So I can say yes I can sit around and babysit downloads all day long. But emule? mmmkay whatever... Personally I use stuff that allows me to whitelist who I share with, friends only. While you're at it run peerguardian, it's supposed to block known hostile ip ranges which might help. I do like to download music, but I steer clear of anything RIAA/major label, it's not even good enough to be worth pirating. I do leech a lot of independent stuff, and a lot of it sucks too, or is just so-so. But when I do buy, I am not feeding RIAA/major labels...

Also as far as companies, organizations, and government agencies creating propaganda pieces that appear to be actual news stories and sending them for local television to run... pretty low. I don't even bother watching the news because of it. I've heard 30% or more of the local news is run with these kind propaganda bullshit. Watch the news if you want to be entertained, but not cause it's going to inform you or be unbiased... It's just shallow trite bullshit and propaganda careful designed to encourage you to be a good mindless consumer robot drone. I think people on slashdot are probably aware of that already and doing a little better than the average but still. It's disgusting what passes as news these days...

PeerGuardian 2 is a fairly simple blocklist system: http://phoenixlabs.org/pg2/ and bluetack.co.uk has lists.

Now the RIAA can use this case to turn up the heat in their threat letters.


Unfortunately, the villagers recognise the angry bull elephant in town is thrashing anybody in the path and are responding. Moves are well underway to nuter the elephant http://www.techdirt.com/articles/20060503/0411203.shtml to shooting the elephant http://recordingindustryvspeople.blogspot.com/2005/10/oregon-riaa-victim-fights-back-sues.html to getting out of the way and getting out of sight. http://phoenixlabs.org/pg2/

What is the role of PeerGuardian in all of this?

I'm not sure I know how PeerGuardian works, but Wikipedia has an explanation: PeerGuardian 2 [is a] free and open source program developed by Phoenix Labs.

Wikipedia also says, "There are many trojan websites that look identical to PeerGuardian's website, but the installers come pre-packaged with spyware." Wikipedia also says Azureus requires the "SafePeer Azureus plugin".

I swear this place is becoming more and more like Digg everyday. I'm no longer renewing my Slashdot subscription while I can get this same quality news for free elsewhere. Where do I start?

1.The screenshots clearly show WinXP, not Vista. In fact, this guy's ultra-leet "port sniffing software and networking tools" is PeerGuardian 2. Straight from the product's home page: Note: PeerGuardian 2 does not support Windows Vista at the moment. This is a top priority, and we hope to have a Vista download soon.

2. Lame screen shots from some Windows app isn't enough to validate a conspiracy theory. Where's the complete traffic dump? And not from some random guy and his "fanboy" friend; how about a creditable network security organization? Hell, I'd even settle for an intern with his CCNA.

3. Hard to tell because all we have are screen shots, but it looks like nothing more than port scans. ::yawn::

(Guess is this is what I get for spending a beautiful Sunday afternoon indoors, on my computer).

Found a URL that might be of use to you. Or not, I'm not sure:

http://seclists.org/fulldisclosure/2005/Jan/0085.h tml

Possibly this one, too:
http://forums.phoenixlabs.org/archive/index.php?t- 11120.html

Although this does appear to be somewhat old, it may or may not be worth investigating at some point. Good luck in getting the MediaSentry information into the public record. The more I think about how secretively they treat the arrangements they have with them, the more convinced I am that there's a skeleton or two in that closet. Otherwise, couldn't they put together some production once and then just hand it over in all future cases where it became an issue? I could be over-analyzing it, but I somehow doubt that.

> lobbying California legislators for an exemption to proposed legislation that would outlaw pretexting.

Well why not? These guys already write in the DRM and Copyright extension laws for Congress. Right now everyday they break into tens and maybe hundreds of thousands of people's computers(*) to snoop around in the hope they might find you've got something of theirs. If you or I did this, we'd be sitting in a jail cell that has 'Kevin' scratched into the wall.

(*) = Try this: Load PeerGuardian 2 from http://phoenixlabs.org/ and watch them come!

psha, more like added their IPs to peer guardian!

http://phoenixlabs.org/pg2/

Alter their behavior? Like installing Peer Guardian? Or maybe a Tor client? Or perhaps just opening up a WAP?

What do these US lobby groups (note: not law enforcement agencies) think they can do against Canadian citizens?

PeerGuardian. And continue to be paranoid. No amount of technological security can protect us against the oncoming hoard of dickless morons who will sell out our freedom for a buck.

Has anyone here used PeerGuardian (a P2P IP blocker, with automatic whitelist updates)? Do programs like these actually work at blocker MPAA sniffers, or do they simply provide a false sense of security?

and they get a nice, neat list of IPs for everyone sharing their content.

*cough*PeerGuardian*cough*

Although, one would have to wonder, if your IP address alone would be enough to file suit, or if they would actually need proof that you were sharing the file... if they could not actually connect to your machine due to PG2 blocking, would they have enough evidence??

Not something I care to look into, as the US legal system scares me... seems like common sense/fairness lost out a looooooooong time ago

"when you start downloading a file, you expose your IP address to everyone that you're grabbing parts of the file from. Any one of them could be a government/MPAA/RIAA spy."

Sure, if you just use a torrent client wide open. Smart users will use something like Peer Guardian2 http://phoenixlabs.org/pg2/ to keep all the bad guys IP addresses from connecting to you...

O-M-G, I see smart people.

We do need to hold ISPs responsible to police their own neighborhoods (fat chance really).
For you that say this will infringe on your privacy ... check your TOS, your DSL/cable contracts are written by people that make mazes seem straightforward.

Brave New World
Corporations, ISPs, Spammers, Crackers - think: circlejerk
No ones gonna do nothing about anything and they'll inforce it too.
ref: scewed-blued-tattooed, NO CARRIER joke

http://www.macrovision.com/

http://www.softsummit.com/index.shtml

Old examples (where do you think you stand now?)

http://www.dslreports.com/forum/remark,2122413~roo t=comcast~mode=flat

http://arstechnica.com/news.ars/post/20030922-2852 .html

http://wiki.phoenixlabs.org/wiki/Type's_of_Infring ement_Letters

I hope I'm wrong, this internet thingy could be really cool if we could just find a really good "front door" of sorts and quit chaining down ALL THE FURNITURE, Something we could run *anything* - completely unpatched behind, tele-commute with bunnie slippers on - like God intended.
That freedom alone would contribute to ending dependence on oil.

Incidentally, by reading this you're agreeing to:

just kidding.

"it's only after you've lost everything that you are free to do anything"
Fight Club

Then you should read here.

Even Better Solution:
Just opt-out of the "genuine advantage" crap. Seriously, what does this "non-pirated advantage" give you anyway? Crappy updates to WMP10 that you don't want anyway? Security updates are (supposedly, I think) available for every computer. What else... Royale theme? Wow, the colors look a little different.
I've actually be anti-virus free, windows update-free, and "genuine advantage"-free. Haven't gotten a virus or worm in over 2 years. Good alternative to updates, etc:

(a) not being a dumbass regarding email attachments, etc
(b) Peerguardian 2

You're looking for Peer Guardian. It also protects your PC against those RIAA-bastards.

Maybe Mac and Linux folks are laughing like crazed loons after reading this "heroic" article.

Yes, we are. Seriously though, phishing is growing into a problem for *nix-users these days, and so far as I know, the only state in the US in which phishing is illegal is California (I might be wrong there, though). You'd think "well, they should be smarter" but the phishers can be very clever, such as sending you an email that looks for all the world like it's from your ISP. (Yes, I was smart enough to check with my ISP before clicking that link, but I'm not gonna blame the people who didn't think of that. After all, if looks like a duck and quacks like a duck.....) So no matter what OS you're using, you should be paranoid.

How to solve the spyware problem on Windows? Well, Peer Guardian can help block tons of it. Besides anti-p2p, it has a spyware list and uses little memory to run in the background. It also updates itself automatically unless that is disabled. And you can keep only the spyware list checked to block, nothing else, if you want.

Another thing that can help is a router. I worked on a guy's computer that was loaded with spyware and had a few viruses to boot. He had a software firewall, Kerio I think, plus Avast antivrus and ran Ad-Aware twice a week. So why was he still getting all this crap? His ISP. They had no filters whatsoever. Their servers were set to allow anything to come through. Combined with an older computer with 128 mb RAM plus a fast DSL connection and it literally just couldn't keep up with all the malware pouring through from his ISP's servers. So he got a router and poof! After a fresh reinstall of Windows along with Avast, Ad-Aware, Spybot and PG his computer ran fine. But still.... from a *nix-users point of view, it seems ridiculous to have to spend so much money and effort just for basic protection that a more secure OS automatically provides.

But spyware is always going to be a problem on Windows because of MS's bad security model. If they fixed it so remote users can't install, run or modify anything on your computer without your express permission, it would go a long way towards fighting spyware and a lot of viruses - I know from experience that you don't need to download or click anything to get spyware or a virus, many download themselves straight to your computer. And Windows just lets them do anything it wants. This ability for a remote user to modify your system without needing permission is called a FEATURE by Microsoft, as demonstrated by Active X and the recently-patched .wmf vulnerability. People say "well if these *nix OSes were as widespread in use as Windows they'd have all the same problems", but if that were true, where are all the Unix viruses? If MS changed Windows so that it requires an admin to password to modify the registry, install anything, or for a remote user to run anything on your comptuer you'd see a marked improvement right away.

Most spyware downloads itself into your OS through the internet and installs itself without you even knowing it. Dude, if you think you have to click an "OK" to get spyware then your comp must be loaded with the crap.

People should learn something about Windows if they're going to use it - you'd be shocked at how changes can be made to the operating system without the user's consent or knowledge. Every version since 3.1 has been designed like that on purpose. Yes, on purpose.

Anybody using Widnows is fair game on the net and the people who code this shit know that there are many, many people like you who think they're safe as long as they don't click things or go to certtain sites. The people who make this stuff love you guys, btw. It doesn't work that way, buddy - when you're connected to the net you're connected to millions of other machines, and anybody whose sending out packets of data can send them to thousands or millions of other computers without directly connecting to them or sending them a pop-up message that reads "click here to speed up your computer!". And, yes, Windows just lets them install this on your computer by default; it doesn't matter what site you're on or what, if they're sending, you're receiving it. A decent firewall prevents a lot of that, but doesn't prevent spyware. Why not? Firewalls are only designed to block certain types port connections and type sof data packets, which dont' involve psyware. And firewall-makers will tell you that it's the user's responsibility to prevent spyware by using a decent anti-spyware program.

A good way to prevent spyware? Run peerguardian and make sure you've got the spyware list checked, even if you don't want or need to block anti-p2p or goverment ip ranges. I was very careful for over three years, but I still got an spyware. I now have ad-aware and spybot and use them weekly, but I rarely every find anything since I've been running peerguardian everyday, whereas before I found two or three pieces of spyare every time I scanned, no matter how careful I was.

Ignorance about this stuf fisn't bliss; it's part of the problem.

talking about a community built on sharing data, I doubt that the individual sites are going to be keeping their lists to themselves either...

Lists like this of bad IPs have been shared for a while. See PeerGuardian.