Slashdot Mirror
Gnutella Copyright Enforcement?
horos1 writes "Is copyright protection on gnutella enforceable after all? I thought that gnutella users were better off (ie: more anonymous) than napster users in this regard, but this story on zdnet implies otherwise." As I understand it, this app can report user names and IPs of people who download boobie trapped files that the software pretends to serve. Yes, you to can be Lars!
Get too many of your nyms shut down, and it'd be cheaper to buy the music CDs themselves.
"Hey, hey! Ho, ho! 100110!" - Robot rebels in Futurama
OK, I demand that you pay me $50 or stop breathing my air. With every breath you take, you inhale air molecules that have been in my lungs, making them my private property.
Mea navis aericumbens anguillis abundat
My understanding is that if someone reports illegal activity to an ISP, the ISP can take action according to their Terms Of Service, but cannot disclose any personal information to the person who reported the offense. So, if the RIAA tells me I have a user who's sharing illegal MP3s, and gives me the user's IP address, I can check to see who the user is, but I can't tell the RIAA. I can take action against the user (by terminating their account, etc.), and I can tell the RIAA that I have done so, but unless the RIAA presents me with a court order, they'er not getting the name of my user. If I do disclose the name of the user to the RIAA, the user can sue me.
I imagine that some ISPs could simply make exceptions to this, by explicitly stating in their Terms Of Service that they can give out personal information in this kind of situation, but there might actually be laws against it. I'm not sure.
--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Go ahead. Because of explicit trust such a system would be so small that not even the RIAA would conceive of it as a threat. If you open up the trust relationships to the point where you could actually do significant piracy (which is all some people around here seem to want to protect), then it will be open to infiltration and compromise.
A well-crafted lie appears unquestionable - Dama Mahaleo
Not only that, but imagine how the judicial system would react in front of the ensuing onslaught of litigation? After 5000 cases of "Plastika - vs - Joe-Blow-who-downloaded-the-latest-hit", judges will soon tell the RIAA to go screw itself pretty quick.
--
Here's my mirror
If they offer dummy files with the same name as copyrighted material then downloaders haven't committed any copyright infringment - they've downloaded a couple of megabytes of garbage and have therefore done nothing wrong.
If they offer the real thing and track who downloads; then doesn't the fact that they allowing free downloads of their copyrighted material affect the status of their copyright? If they're not protecting their material properly then they can't accuse anyone of abusing the copyright.
Whatever they offer for download they've lost the case.
This is really starting to piss me off. Whether you believe music should be free or not, the fact is that that decision should be up to the artist and the owner of the music. If they tell you you can freely copy the music, then you can. If they don't, and you obtain a copy of the music without obtaining a license, you are stealing. You are hurting the artist. You are telling the artist, that, while you think he/she makes good music, he/she is not competant enough to decide what to do with it. Worse, you are telling him/her that you don't think the music is worth anything.
I was under the impression that only the part that acutally creates and makes available copies of a copyrighted work does something wrong. In particular, I have a vague recollection of a newspaper article that stated that a person that creates pirated CDs can be sued, but that it is not illegal to accept CDs from him. (This was in Sweden, but copyright legislation should be the same everywhere).
If that is the case, then lists of people who has downloaded supposedly pirated content would be completely useless. Only a list of people who has served such content would be of interest (like the list that was presented in the Napster case).
That doesn't mean that some company can't come up with a court order saying that you must log them for a particular user, somewhat akin to a phone tap...
--
Restating the obvious since nineteen aught five.
grr, i cant stand it when THE MAN IS TRYING TO HOLD US DOWN. GRRRRRRRRRRRRRRRRRRRRRR, eeeoch okee, well, Im gon C ya
Beer.
Searching for a file name is not a copyright violation. Downloading copyrighted material would be, but the users wouldn't be doing that. they'd be downloading a "boobie trap". Even if that file is copyrighted, it's misrepresenting what it is , so downloading that can hardly be illegal.
Sounds like he's breaking laws by sneaking unauthorized software onto users' machines. Isn't there an anti-hacking law abotu trojan horses?
Well in the case of gnutella, i imagine 'authorities' recieve the 'lawbreakers' request for /metallica/.mp3, then generates a file w/ that name and pushes it to the 'lawbreaker'.
This is different from a case, say of narc@fbi.gov emailing you a link to metallica.mp3
The gnutella example is more like:
<Crackhead> (talking to NARC) Hey man got any Crack?
<Cop> Sure.
<Crackhead> ty!
<Cop> *savage beating/arrest*
I think it makes it difficult to call this entrapment.
but is just the IP of the person REALLY going to help any? So you might be able to track it down to the computer. Big deal! How exactly do you link *1* person with that computer? How do they know it wasn't your mother/wife/father/child/friend/neighbor/someone robbing your house/pet jumping on the keyboard? It's impossible to make a connection between IP and user. I'm guessing the most they could do is have your ISP stop giving you service.
It's like if the police clock you at 50 over the limit, but they don't catch you. However, they do get your liscence plate number. They have nothing on YOU because anybody could have been driving the car.
-- Dr. Eldarion --
so all they're going to be left with is the knowledge that their music is being pirated.
Well, if its being pirated, then that means people like it... Perhaps they could use it as a barganing chip in record company deals...
ReadThe ReflectionEngine, a cyberpunk style n
So is it the case that Media Enforcer can only report searches, and not actual downloads? That doesn't establish copyright infringement any more than you can convict someone of burglary because they were seen walking "suspiciously" around a building at night.
You might not get convicted, but you could get fucked up pretty badly. In the case of the guy who created DeCSS, arrested by the MPAA's corporate goons. In that guy from New York's case, shot 41 times.
I remember a story on the news here about a kid who got shot by a cop outside of a store at night. And, oh yeh, the kids parents owned it. The cop didn't even get fired.
I don't see how you could get convicted by searching for a file, but that doesn't mean you couldn't, say, have all your computer stuff confiscated or something like that...
ReadThe ReflectionEngine, a cyberpunk style n
Isn't such software entrapment? Just as police in the United States are not allowed to provide the means to commit a crime, this software seems to do just that.
I would love to see an eventual litigation of this topic. A "downloader" could say since the questionable files were placed there with the direct intention of having people download them that he was entrapped. That would put an interesting twist on this topic indeed.
-clump
Anyone know what the legal situation is on civilian entrapment?
--GrouchoMarx
Card-carrying member of the EFF, FSF, and ACLU. Are you?
I wonder if the RIAA really would file a lien against a college student to recover damages?
Further, you can sue colleges for allowing the students to use Gnutella by not providing blocking software or the like, as it is not a secret that a lot of, if not most, pirates are college students.
No shortage of people to sue! If you use your imagination, you can easily come up with some more.
At least not yet, you can bet the RIAA would love to be able to nail you for just *thinking* a copyrighted tune. I'm humming a metallica song right now, eat that lars!
The problem with this method is that since every client is a peer, and possibly now a relay, you could end up using someone on a slow connection as the relay.
I'd hate to be the poor sap on a T1 downloading from a T3 using a machine on a 28.8 modem as a relay.
If you have the time and the ip address, you can contact the ISP and ask for the information.
Note, however, that AFAIK there is no legal requirement that ISPs keep userIDIP address assignment records. So an ISP that doesn't keep that information for long enough for a warrant to be arranged wouldn't allow them to track you down.
Ooh, a sarcasm detector. Oh, that's a real useful invention.
I guess that's true, but that would only be effective against a repeat offender. If they wanted to get Joe Shmoe who downloaded a Metallica song from Gnutella last Thursday, and never returned, then there would be nothing the feds can do.
A sentence you'll never see on an Internet discussion board: "You know what? You're right."
Let me see if I understand this correctly, the only reason why this software works for napster is because you HAVE a central server to send this LIST to, so that they could deny users. With GNUTELLA you need to send a court order to EVERY ISP/IP address that this software types up. Which invalidates the point of the software.
-elmo
All of this is, of course, IMNSHO. Cheers, Elmo
Fundamentally, it is not my responsibility to make sure that materials I download are legal copyright-wise. If I go to what seems to be the "They Might Be Giants" website and download MP3s that are there, or grab bootlegs the owner says are legal, am I violating copyright if the files weren't legal for distribution? That shouldn't be the case, any more than I should be liable if I buy a copy of the New York Times that has a plagiarized story.
Ooh, a sarcasm detector. Oh, that's a real useful invention.
Given the money that the RIAA and various artists are willing to spend fighting this thing, it seems quite understandable that he would want to say something like that. It's not really an evil ploy, I'm sure, just a method of keeping himself out of the courts.
You are in a maze of twisty little relative jumps, all alike.
If you look closely at the definition of entrapment you'll notice "in criminal law". I dont think entrapment exists in civil law. Since copyright infringment isnt a crime, then entrapment would certainly not apply here.
But doesn't this just seem to log IP's that make requests to your computer? OR does this search out files on other peoples computer and get thier username and IP address? Either way, I really don't think it matters.
Survival of the fittest, I always say! -Erik
+= E
Ooh! An IP Address and a filename! Wow!
Do we even trust that this company can track Gnutella users? You have to send in a WRITTEN APPLICATION to get a fully operational version of the program. I suspect they are still trying to figure out how to get the correct IP for Gnutella users.
-- Too lazy to get a lower UID.
Gnutella's already slow enough as it is! ... and you want to make it slower?
-- Dr. Eldarion --
It means nothing. Anyone can create any username, and and IP's can be filtered, masqueraded; ports can be forwarded, and tunneled over in many different ways. Routers can be misconfigured even without bring down the traffic. What would that IP/username mean?
Sorry,
Hate to interject here, but if you are after Anonymous file transfers you need to look at Freenet. Gnutella is a distributed file sharing system not an anonymous system.
Lando
/* TODO: Spawn child process, interest child in technology, have child write a new sig */
What, exactly, does this program *do*? I can go run gnut and just search for an mp3. I then get a big list of matches, complete with IP addresses. How else am I supposed to download the file if I dont have the IP?
Anyway, I'm not worried about this kind of thing. So they have your IP address. Fortunately, they also have about 10K other IP addresses. Who can they complain to? The ISPs? They'd have to complain to hundreds of ISPs, most of which wouldn't care. It's just not feasable.
The whole SNR thing is much more of a problem, if you ask me.
Does anyone else remember a story about the "wall of shame" - a list of people who attempted to download fake kiddie porn? I knew that as de-centralized as Gnutella was, it wasn't totally anonymous. Of course, it brings out the question of entrapment, if they attempt to enforce it thusly.
"I'm not even supposed to BE here today!"
Thanks for the tip...teach me to assume the poster knew what he was talking about....
It's not funny till someone gets hurt.
Makes perfect sense to me.. I mean, when you do a file transfer, it happens peer-peer, so you do know who the other party is (or at least, their IP).
In fact.. as soon as search results are returned, those results contain the IP address of the host holding the data, no?
So... the only thing anonymous about gnutella is that searches are anonymous until you actually download something.
But really.. the whole point of gnutella wasn't that it was 'anonymous', but that it is decentralized. There is simply no easy way to 'stop' people from using gnutella. we can switch ports easily.. it really doeos need randomized ports....
Now.. personally, I would think that putting up material to be downloaded in order to finger people would ammount to entrapment, as you are basically going somewhere where you *KNOW* that people are tempted to download software, and put up software they might want...
Your search is given a unique ID which is used to route the search results back over the gnutella network. They don't come back directly from the server that is replying to the search. So in theory from how i understand it, only the node which sends you the search result would know you had searched for it.
Decide if you want to search Napster, Gnutella, or both...
Media Enforcer is just a front end to search the respective sharing utilities for certain bands and/or titles, and lists the IPs and Usernames of anybody sharing a file you're interested in.
AFAI can tell, it doesn't "bobby trap" anybody...
In the text of this "story" we see the line "you to can be Lars."
It should read "you too can be Lars." To can be makes no grammatical sense. If you're going to be valued as a media site, please don't contribute to the degradation of the English language by using improper grammar.
--
If there is a God, you are an authorized representative. - Kurt Vonnegut Jr.
If there is a God, you are an authorized representative. - Kurt Vonnegut Jr.
you need a place to store records on each user's karma. this would mean a centralized server. which might not be a good idea since it probably means that every user's IP would at some point go across it, and thus, be loggable. and once u can match IP to username, you get the same bit as napster and the RIAA, meaning you can be ordered to deliver user records and so on.
-
"There is no off position on the genius switch." --Dave Letterman
-
And this affects people running the gnutella clones on linux,bsd or mac in what way? God how I wish you so-called "Security Experts" who are only familar with windows,msdos batch files and windows viruses would just shut up.
.vbs file that everyone seemed to have. The virus was obviously spreading, do a search for 'vbs' and see how many instances you find. I don't give a damn if your vulnerable or not. I said it was a Gnutella worm, not a Gnutella clone virus. Not like it couldn't be rewriten to target Linux/mac users. (as a bash or applescript file)
I never said I was a security exspert, dumbass. all I said was that I found a
ReadThe ReflectionEngine, a cyberpunk style n
Earthlink logs the following from what I could grep... username/password IP Address callerID (remember *70 disables it) ftp uploads/downloads from their servers nntp uploads/downloads from their servers You are right in assuming that they would have no way of knowing who requested the file, but I thought I could share a little information from what I know about earthlink's practices.
An Education is the Font of All Liberty
It just might be time for a civil equivalent to the Bill of Rights.
The Mongrel Dogs Who Teach
Hear Hear
It is, alas, a common police/investigative tactic throughout the world to turn up and gain access to premises on the mere threat of a search warrant.
In fact, in most jurisdictions, at least some form of prior judicial scrutiny is required before agents of the state can violate privacy in search of evidence. (And if they claim they don't, ask for full details of the enactment/statute under which they derive their power and take a careful note of what is said, in writing and at the time.)
When faced with police pressure, you should always insist on seeing a warrant/court order before permitting any intrusion - don't back down unless and until they threaten physical harm. It makes life so much more fun for the nice officer when he has to explain himself to the judge later.
Of course, your mileage may vary as to how effective judicial scrutiny of police action ever is...
-- AndrewD
A Maze of Twisty Little Laws, All Different.
If that system entraps the user by saying it provides some files but use that to log the user who attemped to download it, it may NOT have any legal value... To go further, the problem of the people to be sued will also arise... Is it the one who download the file (you may not know exactly what it does contain before having downloaded it) or the one offering it (in that case, providing trap files is legally of no help as those trapped are not the one to be sued). But, from what I read on the page of the incriminated program, it looks like it's more a Gnutella/Napster client doing the searches and logging who provides such files. If it is indeed a napster/Gnutella search-client, there is still something that could help showing to RIAA and other it's vain to try to find people to sue. Think of the guy thas has written a DeCSS program that... removes CSS tags from HTML pages... just to fool MPAA and DVDCCA into finding site providing the DeCSS DVD reading utility. The same thing may be done for MP3. There are many free MP3 (and you may make some by MP3Encoding free songs (.MOD/.XM/...)). The Demo Makers provide us with many songs that are frequently freely downloadable. So, take a few MP3's (or some dummy files with 3Mb of "RIAA_KEEP_OUT_RIAA_KEEP_OUT...") with filenames including great band names... that would drive RIAA and such crazy... and they couldn't even sue you as you were doing NOTHING illegal... after all, you may name your files as you want !!! If enough people act like that, RIAA and Co will eventually understant that it's useless to track people on Gnutella/Napster/... And that method will be fine for many other files (text, programs,...) that could be distributed by such media. If we want to make these system really a media of free speech with no censor possible, we can't do it by legal actions. These systems may be used as well for legal purpose that for illegal one so the law will probably never protect them. So we are only left with the possibility of showing that it's useless to try to restrict it. It may be done by technical ways (hiding the IP using crypto & relays) and psychological ways (as the filename trick above). ------------------ If privacy is outlawed, only outlaw will have privacy.
That's a VERY interesting point! I like the analogy of napster being a whore... that's nice. :-)
...seriously though, you're right.
-C
-C
"This above all, to thine own self be true"
Could you inform me how to get rid of the registry keys that prevent users from using Napster? I'm not interested in using Napster again -- I just don't like having a scarlett letter in my registry.
Certainly. Check out:
http://eccentrix.com/computer/napsterfix/
Not the best done site I've ever seen, but it appears to have the valid fix.
Yes, but the law doesn't care. Ever notice how hookers get busted, but the Johns do not? Ever notice how the pirate video stores get raided but no one follows up their customer list? Ever notice how they went after napster but not after its users (they nuked some nicks but never bothered real people). Ever notice how the FBI goes after bank robbers, but not after those who accepted the stolen money for various goods and services. It's all about stopping the supply, not the demand.
If he gets busted do all ISP users lose access?
Posted by 11223:
See my original post. It's called a Diffie-Hellman key exchange, and allows two parties to generate secure keys while being eavesdropped. It's one of the coolest things in modern crypto.
Further, you can sue colleges for allowing the students to use Gnutella by not providing blocking software or the like, as it is not a secret that a lot of, if not most, pirates are college students.
Well, you can sue anyone for anything... I have to say I find the idea of a judge holding a school responsible for not actively restricting the rights of the students to make it more difficult for them to possibly pirate stuff disturbing.
ReadThe ReflectionEngine, a cyberpunk style n
Yet another reason I should start looking into canceling my Earthlink account.
until (succeed) try { again(); }
It's called freenet. There is a solution to freenet, make it illegal. Unfortunately making things illegal does not stop them.
There are only two ways to solve this 'problem'
Give up.
Smash down the internet and move it from a 'peer-to-peer' network, to a monitored, client server, system. The interactive television that was the dream all the media corps in the early 90's. Get your watered down news and ideas from AOL-TW.com every morning.
Honestly, I see number 2, or at least some weaker form of it, coming out of this all. A ban on 'unlicensed' file transfer software?
ReadThe ReflectionEngine, a cyberpunk style n
Posted by 11223:
Multiple relays are possible - once you're on the network through at least one relay, you can get a list of more relays, and structure your network so that you're talking to the people with the highest connect speed. Basically, the modem users hang out on the fringes, while broadband users are clustered in the center.
Someone gets a copy through the legitimate channel and then shares it. All it takes is for one person to do this and there'll be 100's of people using it to search all the services at once and there's nothing anyone can do about except use the tool to find the tool.
;) ???
Any volunteer's
On the other hand, commercial ISPs have a financial interest in people using their service - the longer you are online trading files by Napster and the larger the bill you run up. So it would be a bad idea (financially speaking) for ISPs to crack down on Napster use. Have you noticed how hard it is to get most ISPs to do anything about spam which originates from their service? This would be a similar situation. The ISP would be unlikely to investigate the pirated MP3s or ban the user until they were forced to by a court order. Which brings us back to the situation that less successful artists are unlikely to have the financial means to drag this sort of thing through the courts.
Realize that people will pirate stuff, but also realize that companies should not be allowed to make money off of people stealing from other people and deliver the names to Napster. Soon enough, they'll be shut down for good.
That's one of the biggest complaints about piracy and Napster... Gnutella is still obscure enough that it doesn't really make much of a blip on the radar screen, i don't think... For instance, if i'm on the subway and hear someone talking about how cool "Napster" is, it's an easy name to remember... It I hear "Gnutella", it could be "Nutella", "Newtellah", etc... All the while, Napster's the brand name, trying to figure out a way to rake in some cash and some profits from other peoples' efforts and investments.
Ignorance is never an execuse according to the law. That is like saying I didn't know my neighbor owned that Plastic Jesus Lawn Decoration I just took it anyway.
Copyrighted Files Downloaded from Gnutella are just as illegal as copyrighted files downloaded from Napster the only differnce with Gnutella is there is no company to sue.
IRTechnocrat
Any Peer to peer networking (ie TCP/IP as it was meant to work) will expose the sender's address to the reciever and vice versa. Otherwise there can be no meaningful communication.
What you suggest simply puts a server in between which you will have to trust. So basically you are back to Napster with some sort of encryption.
The point of gnutella is to make all transfers peer to peer, not really anonymous. Of course you could always relay the packets from a central server on either end, but the goal should be to retain the "end-to-end" nature of the internet and you can never effectively encrypt routing information.
But I think just the intent is enough. After all, if cops setup a fake coke dealer, does it really matter if I walk up and actually receive the real stuff in the bag or just some powder sugar?
"Hot lesbian witches! It's fucking genius!"
Wow, you've described a great DDoS! 8)
It's 10 PM. Do you know if you're un-American?
Unless of course its about you. How about we free up everyones credit card numbers? Thats information right? Some information is meant to be kept private.
Only the State obtains its revenue by coercion. - Murray Rothbard
"I wish the need for this program didn't exist. Unfortunately, it does. There has been an explosion of online piracy of all types on different kinds of services- mainly because they disassociate the user from the feeling of stealing and allow them to act irresponsibly."
"Why did I write this application? I have a very clear interest in the success of the entertainment industry in the digital age. While many people try to argue their theft with variants of "information should be free" it is simply not true."
What a bunch of crap.
This is probably the work of some whore working for the RIAA.
There's no way to tell who's behind this: the domain is mediatracker.tripod.com, so they hosted by/hidden behind tripod.com, and the email mediatracker@hotmail.com is equally unhelpful.
Too bad the brother or sister who coded this can't be brought over from the Dark Side®, but they're probably too far gone...
Give some people enough money, and they'll do anything...
</conspiracy mode>
t_t_b
--
I'm on PJ's "enemies" list! Are you?
I just had what I think is a REALLY good idea, with the only downside being bandwidth. Every once in awhile, your gnutella server grabs one of the searches going through your computer (with limits as to size, ie it must be at least 3 characters or something like that), searches OTHER computers with that random string, and then downloads one of the results, again completely at random. Voila, the human motives component is obfuscated.
Go Kathryn Thurber!
Thank you, whoever designed said app. Now all
that remains is for the gnutella community to
completely prohibit the app and all apps like it
from ever functioning in gnutella again. Unlike
Napster, Gnutella will prove to be impossibly
adaptive for such RIAA ploys to work. Really,
is there anything to worry about here? If the
Gn. client software interacts with a boobie-
trapped file to cooperate with the tracing party,
then the client needs to be modified; if the
file is just an executable trap, or something
that, say, (hypothetically) caused xmms to help
in the tracing, then xmms or whatever other
software on the client machine needs to be
changed - it's just data, people.
Well, no, but then thats not what the software does.
The software looks people who are sharing files, not people who are looking for them.
ReadThe ReflectionEngine, a cyberpunk style n
Clicking on a file?
I'd expect that has exactly as much legal import as a click-wrap EULA, which apparently is still awaiting a useful precedent.
As far as downloading a fake, is "intent to pirate" a crime? If they are distributing the actual mp3, it's either analogous to a cop using an amount of cocaine in a sting, or they are not doing a good enough job of defending the copyright, so they lose it. IANAL, i don't know. But if they are only distributing a fake file, all zeros or whatever, is that against the law? If i find a web page with what is claimed to be the entire discography in mp3 format of a group, and start clicking away, am I guilty of intent, whether or not the links work?
I still think the best solution to all this is for someone to get a box on havenco.com and everyone can proxy through it, web, ip masq, anything. Since they won't divulge information, we'd be effectively anonymous. Granted it would be slow...
just my 2cp
-Tannin Kal
The average person looking for warez or kiddie pr0n isn't going to take the trouble of spoofing his ip, using wingates, hacking routers, etc etc.
Only the State obtains its revenue by coercion. - Murray Rothbard
I have do different questions relating to the who 'Music-Cops-On-The-Net' thing.
1. Very little mention has been made of mp3 (or any file for that matter) distribution over IRC. It certainly is easy enough to locate your favorite music on various channels. So is it trackable? If it is (it would have to be because of the peer-to-peer nature of DCC), why has IRC slipped through without being part of Lar's wrath?
2. What if I put up a file called 'Metallica - They've sold out, man.mp3' that consist of me ranting into a microphone about how Metallica has sucked since the 'Black' album. My name/IP could be snatched up by this software, right? So I get taken down by Napster, or hauled to court... what kind of recourse would I have? Heck, for even more fun, I take my rantings, but call it 'Metallica - Unforgiven.mp3'. How would that affect my legal standing?
"I shoulda never sent a penguin out to do a daemon's work."
Cat, the other, tastier white meat.
Freenet implements a variation of crowds. There's a routing protocol, such that your request is passed from one node to the next until it reaches the destination, and the file is passed back along the same path. There's no way (in principle) to tell if a node is the original requester or just passing the request on, and whether a file was stored on the node that gave it to you or just forwarded it from somewhere else. Unlike onions, neither end of the connection knows where the other end is.
U.S. Bill of Rights. Article Six. (6th Amendment)
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Is this all of a sudden different JUST because it's electronic? This IS people's property, and it IS private. These people are effectively making unreasonable searches just violating constitutional rights. And people are OK with this?
-MoOsE
It might just be my latest dumped core that I automatically rename to Metallica-DownloadThis.mp3 because the band pissed me off or I think it is funny. In that context, having a file called Metallica-DownloadThis.mp3 and sharing it though Napster or Gnutella is perfectly legal
It may not be illegal, but having a file names that is enough suspicion to investigate further. If I have a baggie that looks like it has crack in it, and I show it to a cop, he's going to arrest me. If you have something that looks exactly like a pirated file, they have enough grounds to pursue it. You may be found innocent in court, but that doesn't mean they aren't going to try and prove it was a pirated file.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
However it is badly documented, and I dont know if it really fakes the headers of the sender during sending or just for the search result.
I wonder what would happen if several thousand people subscribed mediaenforcer@hotmail.com to it's own "when this page is updated email me" service.
Not that I think anyone should actually do this, of course; that would be wrong.
--
I disagree with your assumption that a trust network would be too small to be a threat. 1 such ring would be - but thousands of trust rings would be operational at any time. This is how a lot of FTP piracy occurs anyway. No anonymous access, accounts only. I think more real piracy occurs through FTP than napster and gnutella, especially with regard to large files (movies, games etc.). I have seen vast FTP servers of mp3 content as well (hundreds of albums). Not to mention USENET which carries hundreds of mp3s and other copyrighted media everyday. Almost every major piece of software is cracked and released on USENET before it reaches a store near you. If technology such as Napster and gnutella are shutdown or monitored by authorities (creating paranoia in the user base), piracy will just move to more private mechanisms. In the pre-internet days this was mostly done by home BBSs. In the halcyon daze of my rebelious youth, I recall both national and international networks of pirates who used almost any mechanism available to distribute the illegal software. Half of the incentive to cracking into the local university's systems (pre commercial internet) was to gain access to FTP and the speeds available over the net for moving illegal data. And on the mechanical end, we would hop in the car with a two or three computers and drive several hundred miles to "warez parties" too. These types of "non-public" distribution methods can amount to a sunstantial level of piracy. Indeed, lack of software support on the Amiga platform in the early nineties was often blamed on exactly this sort of piracy. You can't make piracy go away, its not just Napster or gnutella or anything. Removing those pieces of software will just move piracy back into the "seedy", unseen but ever present underground. I think in many ways the RIAA is reacting to the potential loss of income from its chief market demographic - young people. Young people are more likely to pirate, they are more likely to have a friend who shows them how to use napster or make mp3s or burn playstation CDs (real popular with the 12-16 year olds out here). The RIAA is afraid of losing its share of allowance money which it feels should be allocated to that $17 Britaney Spears album. The bad news for the RIAA is that Napster is "cool" to young people. Now that the kids know the software and use it - they are also going to be acutely aware of who took it away - if the RIAA shuts them down. That plus an extra dose of "record corporations suck" talk from the likes of Courteny Love and others. I could care less if the RIAA goes the way of the Dodo, they are monolithic middlemen who control a distribution system which is overblown, obsolete and passes ridiculous cost to the end user while often times screwing the artists over as well. Not too mention their hand in creating the vast wasteland that is radio today. That being said, most people grow up, make a few bucks and are happy to pay for a quality product rather than spend hours trying to find a good bootleg (compare downloading mpg movies off the net to ordering a DVD). If corporations would offer a cheap, fast and quality mechanism to get digital media to me - I would love it and use it. No, emusic.com does not count - 128kbps MP3 is NOT a quality product.
Sometimes my arms bend back.
They'd have to: a) trace down everyone serving those copyrighted files, using nothing but their IP. b) sue each and every one of them.
Just as you don't have to catch every fish in the sea to keep from going home hungry, you need not catch every violator.
How many times have you seen a police officier stop one speeder out of a hundred? 'But, but', you stammer, 'what about all the other speeders? You didn't ticket them.'.
The goal of law enforcement isn't to keep every law from being broken all the time, only to catch enough violators that society doesn't fall apart. Cops deter. That's their job.
I'm all for copyright owners going after those who steal their product. If someone steals my computer, I'm going to go after that person. Same goes for my intellectual propertly. (Granted, the former is probably worth more than the latter.)
InitZero
Reading through these comments surprises me because one would think that most people are law abiding citizens.
But that seems to not be the case. :|
Why am I saying this?
While MP3's themselves are just music files, has anyone out there really considered that hey... that [name your commerical band]'s mp3 song file is out there for download! Oh wait... maybe that's an illegal copy?
Nope. People tend more to go: Cool. *download* *listen*
Yes, privacy is a good thing. Yes, information wants to be free.
BUT. You are still knowingly downloading songs which are illegally being trafficked. Where the copyrights are being violated. And most people who do this, do it knowingly. You can't stick a CD that skips into a player and go doing whatever with it. You CAN stick ripped or rip-off mp3's into an mp3 player and play it wherever.
Who got paid when you downloaded that MP3? Who was the one who got SCREWED OVER?
Oh wait, I'm sorry, this is similar to the software pirating scene: It doesn't matter who get's screwed and who doesn't get paid, because it is cool, convenient, and cheap to download the mp3's.
People worked hard to make the song that some one out there turned into an mp3 and decided that it was his/her god-given right to send that file wherever it needs to go. To let it be free.
That would have been fine had that person owned the rights to it, but that isn't the case with many mp3's out there right now. Most of which are tracks ripped from a CD and placed on a server where other people download from.
That is a direct violation of the copyright laws.
People find the reasons they want to hear. And when people are looking for a way to preserve their own gains, they will readily ignore the law and the respect of other individuals.
I think MP3's are great. I just hate the pirating that's going on. If the new portable players of present day are mp3 players, then artists are truly getting screwed if they sell a few thousand CD's which ends up as mp3's for people who never paid a cent for it.
This doesn't result in freedom of the artist or removal of the middleman, people. It only means that you replace the corporate middleman with a bunch of charge-for-download or ratio sites where people "out there" somewhere ripped off hard working artists to make money for themselves. The artists don't get a damned cent for their work from all the millions of people playing their mp3's... oh I'm sorry, it's not "their" mp3, it's "everyone's" mp3 because information just wants to be free.
I want free music as much as the next person, but knowing some musicians and artists myself, I think it is pretty fsck'd up when you have people running multi-hundred megs-gigs of mp3's on servers and earning money from it to distribute data illegally all in the name of "freedom of information".
Basically, pirating sucks *ss. It did in the past and it does now. The only difference is that there are more supporters of it. That and instead of large corporations being hurt, alot of individuals are as well. But obviously, that is the least of the concerns and worries of the pirating population.
- Wing
- Reap the fires of the soul.
- Harvest the passion of life.
- Wing
- Reap the fires of the soul.
- Harvest the passion of life.
For years, taping fromthe radio and tv has been commonplace, and by most artists, producers, whatever, accepted. Even Lars admitted bootlegs were good for business. It's an issue of the quality of the recording. Tape quality is admittedly bad, and gets worse with additional copies. Mp3s are better, _but not lossless._ And, given the ability to rip at a varying number or quality/size tradeoff points, some mp3s sound downright terrible, while others get really close to cd quality. If tapes are good, mp3s (say 128, 44) are bad, I'm curious as to what the acceptable quality/size tradeoff would be for the RIAA and artists.
Amusing thought though, "arrested for distributing unacceptably high quality recordings."
-Tannin Kal
What in the heck happened to my second "L?" Are two of them in a row not allowed by /.? Just odd, especially since I spell checked the entire thing. We'll see if they come up this time.
Andrew Borntreger
Andrew Borntreger
Champion of cinematic disasters
Ive written about this before, but no one replied to me.
/*
Lemme try again.What if you downloaded say the first 30 seconds of the song, the did a FFT on it. Take your reference (the one you took off the cd) and do a FFT on it, then compare the two. They should be very similar to eachother, and you should be able to crrelate a match.
Would this work?
*Not a Sermon, Just a Thought
*/
*Not a Sermon, Just a Thought
*/
When will these people catch on that tracking an IP or username means amazingly little?
If users on Napster had to register a username by giving personal information, then maybe this would be possible. But there's no such correlation.
Tracking by IP, on the other hand, is even more useless. If I'm a modem user and you know my ISP, how the hell does that help? Do you sue the ISP? I think not. They don't really have any control. However, some college campuses exert an insane amount of control over local networks. Most are completely lax, but some (I've heard UIUC does this) actually require you to register your MAC address with the computing center to obtain an IP from DHCP. So if a college ever cooperated with any sort of agency, however unlikely, they could trace you.
This brings up a question: how long will IP addresses not be traceable to a physical location?
Sure, a lot of modem pools will still assign IPs fairly randomly to dialup customers, but static IPs, or at least IPs that seldom change, are increasingly common.
> and the third generation will probably bring > metadata tagging facilities, more powerful > searching and search path optimization.
That's exactly what I'm working on in Freenet. We've already implemented metadata. Now I'm working on metadata query based searching as well as the ability to sign metadata to limit the search range. We already have path optimization and better anonymity.
Check us out at http://freenet.sourceforge.net
If use of this program becomes widespread, I'm going to make a nice little living for myself by making available phoney "pirated" material. When the user (who will of course not have actually downloaded and verified the contents of the "pirated" material I'm offering), accuses me of infringement, that's an instant defamation lawsuit.
And it posts images of gnutella showing the IP address of the people who are downloading the false images. The images are at the Zeropaid Wall of Shame.
--
EHC
What is the big deal about being anonymous when transferring files? I know you like privacy but if you're that paranoid about people watching you trade mp3s you have issues. If you are so scared about trading illegal copyrighted material maybe you should think for a minute about what you're really doing. How about working to change the copyright laws instead of finding new ways to piss off billion dollar corporations with large supplies of lawyers?
Only the State obtains its revenue by coercion. - Murray Rothbard
Makes it perfect tool for DDOS attack. Just tell 20 of your Guntella neighbours "that guy overseas really wanted that 10G movie clip, so please help me delivering it" and your victim is roasted and served with fries.
-- Si hoc legere scis nimium eruditionis habes.
And I was just watching the last JavaOne keynote webcast today and was pleasantly surprised when Tim O'Reilly brought up Gnutella and its role as facilitating sharing and communication. In a totally positive light. I'm sure for many in the audience this was the first time a Big Name had talked about Open Source. So I'm glad the FUD didn't get to them first.
It's 10 PM. Do you know if you're un-American?
Maybe that would give Jon Katz something useful to do, instead of wasting his and other peoples time worrying about 'Open Source Plumbing' and 'Open Source Pizza Delivery' or whatever nonsense he decides to foam on about...
That is, of course, if he isn't just a bot...
"It's tough to be bilingual when you get hit in the head."
Heh, Someone should con him into giving them the software, then post it on Gnutella. mmm doubly ironic :P
ReadThe ReflectionEngine, a cyberpunk style n
>Btw, this is somewhat offtopic, but I found a trogen/worm on Gnutella
>the other day as a VBS file. (I was looking for Evengelion stuff,
>honest!). I put the source (It's a Visual Basic Script) on my
>webserver if you want to check it out.
And this affects people running the gnutella clones on linux,bsd or mac in what way? God how I wish you so-called "Security Experts" who are only familar with windows,msdos batch files and windows viruses would just shut up.
Answer: YOU.
Or some other poor handful of randomly selected slobs.
The law doesn't require them to sue EVERYONE who violates their copyrights to sue anyone. What I would do if I were them would be to take a random handful to court and do my best to break them financially as an example.
How many people would pirate if they knew they were running that risk, of beign one of the spot-checks?
Welcome to cynicism and the real world.
:|
You wrote:
Reading through these comments surprises me
because one would think that most people are
law abiding citizens.
But that seems to not be the case.
Welcome to late 20th c. america.
Most americans don't refrain from shop-lifting because it's wrong and they hurt someoen else. By and large its simply fear of being caught.
If they could shoplift with the same anonymity and safety they cruise the net with currently, no store would stay in business.
Any distributed file-sharing protocol that is non-encrypted is insecure in this fashion. The reason is simple: Your computer requests the serving computer for the file in question. The other computer obviously knows your IP, then, and a modified client can serve up that info. That's why the Freenet project is so essential.
Here's a simple precaution that can be taken when desiging such a protocol: One computer never directly requests to another. Instead, it gets a piece of information from the serving computer through the network (x, n, and x^y mod n for some x, y, n) and creates a key (x^y^z mod n for some z) and sends another piece of information indirectly (x^z mod n), so that the server can get this number (x^y^z mod n) itself. Then you can establish a two-way encrypted link securly while having your packets be passed through other clients (so that the server never knows your IP). (BTW the encryption is a diffie-hellman key exchange and is one of the neatest things in modern crypto).
I think this goes with the topic and it is one I have been wrangling with since this whole Napster/Gnutella thing reared it's ugly head. In America, anybody can sue anyone. This is a civil case and the burdon of proof lies in the accused. There IS no innocent until proven guilty in civil cases. Rather you're guilty until proven innnocent. So RIAA and MPAA and whoever can bleet all they want, DMCA or not. If the Fed's get involved and try to prosecute, well, I would seriously wonder about the political ambitions of the DA who backed that case. Just my two non-cents. Kirch Signature! We don't need no steenking signature!
Diligence is the price of Freedom
Are something that you can never get from Gnutella, because it doesn't use them. When you do a search on Gnutella, the results you get back have the IP addresses of computers with matching files so that you can download them. When searching, however, you are mostly anonymous because searches are forwarded through the network.
That'd be "Alan Cox".
From what I've studied of the protocol when you send out a search for a file on gnutella, that is anonymous and cannot be traced back to you.
But when you actually establish a connection to download a file, that is done peer to peer, so the person serving the file to you, would be able to get your IP address.
I can't say for the US, and IANAL, but here in Canada, selective prosecution is illegal, and a valid defence.
Cheers,
Rick Kirkland
Here in Canada, if they do that the ticket would get thrown out. It's selective prosecution and illegal.
Cheers,
Rick Kirkland
http://music.zdn et.com/features/enforcer/screens/mediaenforcer.jpg
___
The thing I dont see anyone mentioning is that, while I can see that knowing the account on Napster that is distributing Metallica mp3s could be useful to disable that account. With Gnuttella there are no centralized servers to take accounts away from. Therefore, it means that any lawyer would have to go after each individual which they dont want to do. Its not like Napsters case where all they have to do is get accounts shut down.
And then what? The person hasn't done anything illegal, since the content was bogus. The person hasn't actually infringed on anything. If you buy a bag of oregano from an undercover cop who tells you it's pot, you can't be arrested for anything. You actually have to commit the crime you intended to commit to be held liable for anything.
This raises an interesting point. To actually convict someone of pirating mp3s, it strikes me that you would have to have direct evidence that the file you put up for download was, in fact, an illegitimate file. You would also have to strongly link the IP address to the actual person. It would be exceedingly difficult, if not impossible, to take any legal action against anyone using evidence such as a list of user names, IP addresses, and alledged song files they made available for downloading. It would take a serious investigation involving searches, stakeouts, time, and money to really get the necessary evidence to make a piracy charge stand up in court. The only people the police would go after to that extent would be real "pirates" who actively distribute illegal copies en masse, and who charge for it. I don't think there is any reason to believe that the government would or could go after individuals trading files for fun.
-Vercingetorix
"Necessitas non habet legem." -St. Augustine
I cannot imagine how with gnutella they could get anything but your ip address. So even if they went through the trouble to get name to go with hundreds of thousands of ip addresses, which is too costly. Who would they complain too? Gnutella has no head, or it has thousands of heads. Either way there is no master control switch to turn off. Just the courts.
Please don't forget that the Audio Home Recording Act specifically grants immunity to consumers who digital record music for non-commercial: another words, you can't be sued. (See section 1008 of the Audio Home Recording Act)
They'll have to contact each party one at a time. Call Earthlink and ask em who had xxx.xxx.xxx.xxx as of a certain time. If Earthlink wants to be a common carrier (as opposed to getting sued on your behalf), they supply the info. Then they contact you (or whoever administrates your firewall) and says they're suing. You tell 'em its a firewall, and then you either look through the logs to see who did it, or you're the target.
Hm. My brother uses my Amiga as his Internet gateway. I don't log any connection detail. If there was a third party who also used my gateway, I wouldn't know who to point at if some corp was breathing down my neck. Hm. I guess that I would be held responsible. Same issue with a company LAN, I would imagine.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
It might just be my latest dumped core that I automatically rename to Metallica-DownloadThis.mp3 because the band pissed me off or I think it is funny. In that context, having a file called Metallica-DownloadThis.mp3 and sharing it though Napster or Gnutella is perfectly legal.
It certainly seems to be that the whole MP3 thing has become a kind of move, counter-move, counter-counter-move kind of game between the establishment and the "pirates" (for want of a better word). How long before something else comes along that can defeat this kind of snooping?
Whilst artists do have some legitimate concerns over what happens to their music, they will have to realise that this kind of stubborn refusal to embrace new technology will simply leave them unable to benfit from new advances and just suffering all of the disadvantages. Of course, this seems likely to involve them striking out on their own, something many will find hard, if not impossible, to do...
---
Jon E. Erikson
Jon Erikson, IT guru
No matter what, if you connect to someone offering
something for download, they must get your IP
address.
The only way to ensure privacy on the internet
is to use an open proxy, anonymous redirector, or
some other mechanism to avoid detection.
Then, you must trust that the proxy or redirector
is not logging connections. If there are logs,
a court order can get to them!
That only protects downloaders, not distributors.
Distributors are the ones the most at risk in
any situation.
You cannot write anonymous software that uses
protocols that are not anonymous - without some
relaying, redirecting, or proxying in between the
source and destination.
--
Twivel
I was checking out one of the Gnutella clones, Gnotella ( http://gnotella.nerdherd.net/ ). I've had mixed success with it, but it does have a few interesting features which I'd love to see adopted by other Gnutella clients. You can choose to ignore files from certain IP addresses (say bye-bye to those spammers that return "Your Search.html") and also block searches containing key words (so a search for "kiddie porn" will get dropped instead of being passed on). Plus you can skin it. ;-) Might be worth a check. -Jason Levine
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
i hope this allows some artist to sue their own fans for copyright infringement. until then, this conversation will just keep going on until its tired. oh wait, its *already* tired.
I am just lowly tech supp rep at a regional isp, but i do know that we will NOT release any information no matter what the circumstances. The most we will do is disconnect the user. I distincty rememeber a FBI agent calling to get user info, we even verified he was real by looking up his FBI office in the phone book and calling, we still would not give out the info, we just disconnected the account. I don't know about other ISP's but thats way it works here.
all information transmitted on it is pretty much viewable by everyone
:P And second of all, While searches are broadcast, file transfers are peer-to-peer. You know you downloaded, and they know you downloaded, but no one else does (unless they tell their lawyers...)
That isn't quite right. First of all, Gnutella uses a 'haphazard' network topology, so you should say 'seen by a great number of people' not 'seen by everyone'
What this software appears to do is do searches for your stuff, and then tell you the IP of who has it up for serve
ReadThe ReflectionEngine, a cyberpunk style n
Gnutella is a non anonymous system
:)
Freenet sort of helps, but no crypto.
I wonder how long it'll take till someone
hacks a better anonymous system.
Say with rings of trust, and HEAVY crypto.
Main work would be helping NOT to flood
a client from MANY OC3 servers...
(sort of slow start on n-to-1)
Then RIIA and MEtallica nd all of them can go
to cry to their respective moms. }:)
Who does this guy think he is? You have to e-mail him and tell him why you want the program before he'll give it to you?
Sure, it's his program, and he can do with it what he wants, but it seems to be a bit pompous for him to set himself up as the moral authority on software usage.
This has to be the strangest license I have ever heard of.. call it moralware.. If I decide you're moral enough, you can use my software...
Whatever, man.. I won't be using it.. My gnutella client (gnut) gives me IP addresses anyway.
wish
---
Okay, here's how it works, folks...
Whenever you connect to someoen else, that other computer gets your computer's IP address. In the case of Gnutella, since Gnutella cts as a host for downlaod, anyone you connetc to to download gets your IP.
Now if they can get any more info depends on how your DSN is set up. There are three possibilities:
(1) You have a static IP and DNS. This means that your IP address and a DNS name (your machine's name) are bound semi-permenantly. In this case it is relatively easy to track an IP to its user.
(2) You have a dynamic Ip (DHCP) and have dynamic DNS. In this case a potentially different IP is assigned every tiem you log on, hwopever your machine's name is also bound to the Ip at that time. In this case it is easy to get your machien name but harder to track you down as an individual. The ISP basicly has to keep records and make those records available to the tracker.
(3) You have dynamic Ip (DHCP) and no dynamic DNS. This is the most anonymous form as they get no machioen name HWOEVEr you can still be tracked if your ISp keeps good records of its DHCP assingment.
The conclusion: There is no such things as 100% anonymity on the net. (Well, there ARE ways to hide your trail better, but those take a very sophisticated understanding of the net and no program can do it for you.) This is probably a good thing, as 100% anonymity brings 100% impunity to commit criems and without some order no society can exist.
I predict that some group will prosecute a handfull of people and try to use the publicity to scare "pirates" into stop using services like Napster or Gnutella.
Remember when the BSA (Business Software Alliance) camped out in an IRC warez channel and had about 20 kids raided? I think that some people are going to be taken to court and made examples of. (Not like it's going to stop anyone, peer-to-peer file sharing has become too mainstream to stop now. These people need to realize that and find a way to make it work for them instead of fighting it tooth and nail.)
"With sufficient thrust, pigs fly just fine." -- RFC 1925
You could make Gnutella support email attachments as a transfer protocol, so that paranoid people could have their files sent to a hotmail account.
MSN Hotmai1 supports attachments on1y up to 1,000 KB in size; any good sized *.mp* file is out.
Will I retire or break 10K?
Consider this: When you connect to a sevrer what are you doing? Youa re requesting it (ordering it) to make a copy. Your own software is also half that copy process.
Ergo, yes you have violated copyrights if you do not have the right to copy that work.
Wouldn't setting up 'boobie-trapped' files be a form of entrapment? Is this legal in the States?
...Ratings, tracking...
Or public humiliation according to this article at gnutellanet.net.
Apparently this would work like the police programs where they publicly list people convicted of crimes in order to deter them in the future.
What everyone needs to do to avoid having their private interests compromised by corporate lawmakers is to continue the democratizing work of freenet and gnutella. Along with spreading the knowledge of what these services do and how the distribution and copying of information is not inherently illegal.
"I have a cunning plan..."
It bothers me quite a bit that these people have decided that they know who can and should use this software. You can only get it if they want to give it to you, but they call it freeware-- I wonder what their policy is on other people copying and distributing this software? Fun that someone has decided it's at their discretion who has the right to violate someone's privacy and who doesn't.
Do something about world hunger. Click here
We Want Jack Daniels?
"With sufficient thrust, pigs fly just fine." -- RFC 1925
... is just as much a part of information theory as information distribution. Information wants to be free, whether it is m374lic4_5uXx0r5.mp3 or the log entry show the time, date and IP of the person who downloaded it. This program provides tracking for napster and gnutella. Ok.. big deal. It doesn't comprimise Gnutella in any way other than to provide accounting for file downloads, which isn't such a hard thing to do, since gnutella is a multi-access broadcast media anyways.. all information transmitted on it is pretty much viewable by everyone. This program does nothing to stop people from downloading soungs, files, etc.
Plus, think about it.. if everyone on Gnutella got subpoenas on their doorstep towmorrow for downloading copyrighted information, we would have even more popular support for the cause. The more people the RIAA piss off with these bully tactics, the better off we are.
//Phizzy
"Most European technology just isn't worth our stealing," -- Former CIA chief James Woolsey, referring to Echelon
What documentation must someone turn up with before you will release the customer identity associated with an IP address?
They are fighting back, and it's crude.
I would like to point out that it is not a store's fault if shoplifting occurs. Same goes for Napster. If we want to pirate music, no problem. But if we break the law, we should be prepared to pay the penalties. Focus on changing laws if we deem them unsuitable.
Article on MSNBC
The fact of the matter is that, despite its mostly decentralized and somewhat chaotic nature, certain entities within the Internet can and do make logs of user activity. True, perhaps they can only point to a dynamic IP address, but at the very least, you can usually trace back activity to a point of origin: an ISP, or a company line, for instance. From there, it is only a matter of pressuring the originating body into giving up a user list and submitting to monitoring of their activity, in much the way that a phone line can be tapped.
"But that invades my privacy!", you say. That's true, it does invade your privacy. But it is also perfectly legal--the ISP or the company is assisting the government in the investigation of a crime, and failure to do so can yield charges like obstruction of justice and aiding and abetting. If the crime is serious enough, it may also warrant a conspiracy charge. ISPs and companies hate that kind of pressure, and tend to fold under it rapidly, no matter what their stance is on user privacy. After all, a "you are totally anonymous" policy is hard to enforce when jackbooted thugs kick in your door and shut down your hosting operation.
We all have less privacy than we think. It's time to do something about this.
www.alarmist.org
This, and the related problem of hacked clients giving back hits for any search that just link back to banner sites, has been a real impediment for me in using gnutella over something more centralized like napster. The problem with anything de-centralized like this is that while you have all the benefits of abandoning centralized control, you have all the headaches of abandoning centralized control too.
:) is to implement, either at the protocol level or the client level, a moderation-style system, or actually, more appropriate still: a web-of-trust setup.
/. at -1. But if nothing gets implemented, we end up with a great distributed file sharing mechanism that is, much to the pleasure of Lars and his ilk, too contaminated to bother with.
The best solution I've come across (in the oh so many hours I've thought about it...
Unfortunately, the protocol as it currently stands, does not have much room for carrying this kind of information, and implementing it in any kind of non-trivial-to-circumvent way would require a fair bit of work. I mean, you can have clients digitally sign their hits, and the hits of people for whom they vouch, but ugh - think about the kind of traffic that goes across one of these clients, and the overhead that would come from signing or otherwise authenticating each one.
Maybe something more akin to the spam blacklists would be more appropriate: have a hook in the client that allows it to grab the current blacklist and filter those people out of the hits. Unfortunately, since a gnutella request doesn't pick and choose it's recipients, you'd have all sorts of traffic moving around that was just being dropped by the recipient, but at least this contamination would be harder to pull off.
Any thoughts on these, or other ways to keep the S:N on something like this up? I think client-side implementation is important, since it allows the protocol to remain unscathed, and choice is of course, essential, just like browsing
Johnath.
The decentralization of Gnutella is a big problem for copyright enforcers, because it's a heck of a lot easier to put all the pressure on a big company. Plus, there's potential money there. The little guys using these programs aren't deep pockets.
When Metallica wanted to stop Napster users it got Napster to ban them (not that this was terribly effective, as two minutes in the registry got a user back in with a new account name). But if Metallica wanted to enforce its rights under Gnutella, there is no central company to put pressure on. They have to go after the individuals. They've said they don't want to do that, and I can't imagine there are many that would, because there's nothing in it for them.
If you want real anonymity, you have three options:
The first one can be had by anyone who will let you use their SOCKS5 server. With some servers, you may also be able to tunnel through an http proxy to obtain non-http service, however YMMV. Services exist online like Anonymizer.com or Freedom which will, for a small fee, happily remove all traces of your IP address from the request using one of their servers. Caveat emptor, however, as they likely need to keep logs as well to prevent absue.
Option #2, illegal proxying - crackers have known about this for a long time. Basically, grab yourself a copy of nmap and start scanning on ports 1080, 80, and 8080 and see how many proxies you can find. Scan for winproxies as well as they are often poorly configured.
Once you have your net of proxies up, or have compromised a bunch of computers and done the same, use those to relay your messages. Or just go down to a public terminal and install some proxy software.
Option 3, there is only one option here - MBone. It is basically an IP multicast network setup on top of IPv4 which allows one server to broadcast data to all other computers on the network.
I'd like to, at some point, start a project to create a self-healing mirroring network with crypto support do accomplish the same things GNUella does, but have it rely on multiple protocols and require no special software (ie, web servers, ftp servers, etc) for the clients to use to get information off the servers.
But I digress... in short, you have no privacy. Either do something illegal to get it back, or give up and accept it. No solutions exist at present to give you 100% anonymity. But.. there are projects in the works that aren't internet based that may be appearing in the not too distant future...
Aren't there (or soon to be) relay programs that act as waypoints for these file exchanges? The person you get the file from/through might not be the person who's sharing it. ISPs have been held harmless in the whole responsibility-for-content debate, wouldn't this be very similar?
What I find interesting is that as users (the neoluddites) become increasingly more technical (oh look at me, i can install winamp) they are going to want this type of technology more and more. Sooner or later people will become fed up with the traditional businiess model of the music industry. Eventually the companies will either die off from lack of income (which will be blamed entirely on the digitization of music) or they will just deal with it and find ways to make money using the technology. So in my head this is how I'd love to see it play out:
::let's be honest, they have way more money and they are motivated... they will win::
::again honesty, when users download all these new bands they've never heard of for free they are gaining incredible exposure. Admittedly I've downloaded some .. ahem.. non copyrighted works, and bought the CD's later because I chose too::
1) the music industry wins the legal battles
2) music sales drop significantly because of lack of awareness from new bands
3) suddenly the RIAA is lobbying against restrictive digital laws that forbid the transferrence of media.. they complain bitterly about the stranglehold that the govt. has on them.
4) the judges, already wary of the RIAA, decide to overturn their decisions and free media on the net. No one owns it, on one controls it.
ne0
Bah. I saw Metallica on the Black Album tour. The only vaguely interesting part was seeing Kirk play the guitar with his ass. They'd already sold out by then so who cares. Right now I've got visions of James in a wheel chair going 'pooped ma pants! hella sucks!'
All of these protocols involve direct peer to peer file transfering, without going through some sort of trusted intermediary or anonymous network. Thus, if you find someone has the item you are interested in, it is trivial to get the information: Just start the transfer, see the sucker's IP, and disconnect before you waste any more of your bandwidth. From there, you can go through whatever routines are necessary to associate an IP address with an individual.
Similarly, there is no means of authenticating files before downloading, so it is easy to make a tarbaby server: Just put up a bunch of bogus content, but interestingly named files. When someone tries to download it from you, you get the sucker's IP address.
Finally, under copyright law, the copyright holders do need to be rather active in defending their rites. Although I believe that Lars Ulrich and company are being rather ham-handed about how they go about it, they really have no choice but to at least make reasonable attempts. Otherwise, a copyright lapses if undefended, and someone could start manufacturing CDs of Metallica and the band could do nothing.
Is Napster really different from a company who's business model is "We want to make money by software piracy?"
Nicholas C Weaver
nweaver@cs.berkeley.edu
Test your net with Netalyzr
If they sued a college kid for downloading a particular album, if that same kid was able to bring into court his copy of the allegedly stolen CD, would he still be liable?
In that case, he already owned the music, but was merely downloading an MP3 version to play on his portable MP3 player.
I think a judge would have to throw out such a case...
It may not be illegal, but having a file names that is enough suspicion to investigate further. If I have a baggie that looks like it has crack in it, and I show it to a cop, he's going to arrest me. If you have something that looks exactly like a pirated file, they have enough grounds to pursue it. You may be found innocent in court, but that doesn't mean they aren't going to try and prove it was a pirated file.
Oh boy, that takes the cake! With all this garbage about how something "looks" illegal, and therefore is (ie. "looks like under 18" is kiddy porn, "looks like pirated song" is pirated song, "looks like cocaine" is cocaine, etc.) you'd think that everything will be illegal soon.
I can see it now:
Cop: What's in that bag?
Arrestee: Powdered sugar!
C: Take it to the lab!
a few hours later...
C: Chemical analysis proves that is indeed sugar, but since it looks like cocaine you are under arrest for posession with malicious intent to bake.
Judge: Fifty years in prison! Next! Oh hi, Mr. Hitler, that will be fifty days suspended sentence...
Deliver yesterday, code today, think tomorrow.
IANAL but...doesn't the fact that you have to put up a file as bait in order to get the ip address mean that this is entrapment? I mean if you offer someone drugs and they take them, you can't use that against them in a legal case, right?
It's not funny till someone gets hurt.
OK first off, do not compare physical property to intellectual property. The analogy never works, and in this case, it falls down immediately.
The argument of 'what if I didn't know it was being distributed illegally' is a valid one. Assume that you're doing some research on caramel corn. You go to your trusty friend google.com and start looking for pages relating to "caramel corn". You find an article that looks very promising, so you follow the link. Once you've loaded the entire page, you find that, sadly, the article is copyrighted by Caramel Media Inc., but John Francis, who is a caramel corn fanatic, copied the article on to his page without permission from Caramel Media.
In my mind, this would be analogous to what the OP described. You were looking for some poetry (do people distribute poetry on Gnutella?), found one that sounded interesting, and, after downloading it, found at that it was being distributed illegally.
In the first example, it would be ludicruous to phone up the ISP of *every* page you were about to view and say ("yes, I was thinking of reading an article you have saved on your website at ~users/bill/caramel.html, but I was hoping if you could check to see if has been illegally distributed first"). Likewise, it would be ludicruous to track down the ISP of the Gnutella user every time you wanted to download something, just so you could phone him up and say "yes, I want to download roses_are_red.txt from you, but I need to know if you are distributing it illegally or not first").
I constantly argue with myself as to whether we have more or less democracy than before. Everytime I read another report on copyright extension, monopolies, etc, I worry that we are becoming more and more controlled by the megacorp cartels.
Then I compare to what we had 100 years ago. 100 years ago unions were practically illegal, or perhaps just coming out from that status. Standard Oil, the railroads, etc -- huge monopolies. ATT started its monopolistic practices in the early 1900s. The National Guard was called out to break up strikes in the 1930s. General MacArthur used the standing army to break up a demonstration by WW I veterans around 1930.
Any period I look at, the abuses were worse. I start to come out of my funk, and look at the LA police and Rodney King, Ruby Ridge, Waco, and realize that a lot more abuses are known publicly now, and widely distributed. This publicity is not what the powers want -- they want darkness and invisibility. This openness can only get better.
In just 5 or 10 years, home computers will have a standard web site package included, people will wear micro cams at all times as a matter of course, broadcasting back to the home computer constantly, available for the world to see or review, and public crime will drop drastically.
I come to the conclusion that the megacorps are fighting for (and winning) the rights to the corpses of obsolete prizes. They are waging death matches for nothing that matters tomorrow. The new life is proceeding without them, they don't know how to react, so they lash out in their old style methods, and will win precisely nothing useful.
--
Infuriate left and right
Ok, if I am downloading "download this" from that sell out band. (Like that would happen) They could see what my "user name" and IP was. Great, what the hell are they going to do with that ??? The user name they are going to see is jengo, which is my Linux login name. Then my IP which is from earthlink. Then you would say my email address/login id for earthlink is jengo@earthlink.net WRONG! If I gave you a list of 2,000 IPs, times and dates, and "user names". How long would it take to research every single one. Think how long it would take on 5 differant ISPs, let alone 1,000. Maybe its easy on AOL, but, not the rest of the world. Who on my side of the firewall did that download go to ? Me, my girlfriend, or the other 10 people that could have been connected. What about the company LAN ? My point is that all of that information MIGHT help get a couple of people. But, not everyone. Just my $0.02
until (succeed) try { again(); }
First, let me start off by saying that I am a musician, and I fully believe in technologies like napster and gnutella (more in gnutella, but that's a personal preference). I see it as a way to fight back against the money-grubbing, over-charging, creativity-squashing record industry. But pertaining to the issue at hand: I can see how this would be a problem for napsterites, but us gnutellians should be in the clear. So the company can get a list of our IPs. Then what? Are they going to have gnutella ban them? Wait, that's not possible. Report us to the law? Well, no, since we didn't actually get the file to begin with, no crime has taken place. The most they can do is report us to our ISP, most of whom don't care.
What gives you the right to the software he wrote? And where do you get that anyone's privacy is being violated? I hope that you don't illegally download musicians' copyrighted works, because I don't think that I could handle so much irony this early in the morning.
Cheers,
ZicoKnows@hotmail.com
And just so you know, in Canada (and hopefully all sane countries) ignorance *is* nearly always a valid excuse. Ignorance of the law is not an excuse, but ignorance of the facts is.
Yeah, I agree that pirating software via Napster/Gnutella sucks, but these search engines are just as stupid. It'd be similar for going to google.com and running a search on a common word. Sure, you turn up 3 million URLs, but how many of them really have the CONTENT you're looking for, rather than just contain the word out of context somewhere... how do you tell the difference?
Until somebody comes up with a way of knowing that the file you found contains an actual song, rather than just a filename that appears to describe a song (this may even be impossible), what use are these searches?
It seems that alot of music savy people are looking towards these searches to protect themselves, but they are definitely not computer savy enough to realise that these searches are meaningless. The problem is that the lawyers and courts aren't computer savy either (Ask the 300K people kicked off Napster because of a filename).
Unix is user friendly, it's just selective about who its friends are.
To whom, exactly, are you supposed to deliver this? Napster's case is fairly clear, but in the case of Gnutella, who are you going to give this to? That's the crux of the argument that gnutella/freenet are stronger than Napster in this regard: there's no one to complain to about abuse except for the users themselves....and, yeah, like they care....
I think a court of law would see it differently 99.9% of the time. ...assuming you are correect about the whole copying part (which I don't think you are)then by downloading an MP3, you're moving it from a temporary buffer as you download it to a 'permanent' place on your hard disk... effectively you can't even download with out copying.
-C
-C
"This above all, to thine own self be true"
Gnutella uses HTTP to transfer files. Packets sniffers couldn't distinguish between GNUtella and an HTTP file transfer... try again...
> The problem is...who wants to shoulder the expense of running a proxy, while running legal risk at the same time, for free?
If you build the proxy into the gnutella server, then you can have a countless number of proxies to go through before reaching the real download server. Just an idea...
In the U.S., it is hard to graduate from a high school without attending classes that discuss what police can or can't do. In my high school, the class was called "Civics" (I think... it was 13 years ago).
the obvious proactive defense will be to use hacked clients which show you the IPs of the machines hosting the files you want.
Then there will be narcwatch.gnutella.org or some such, and hacked clients which automatically filter out DLs from IPs of known Gnutella narcs, based on an automatically DL'd narc list or query on a DNS record or something.
Nothing new under the sun, just me looking ahead a little.
(IYAM, until Freenet becomes viable, alt.binaries.* and a good feed [or a few decent ones] is still the way to go.)
--
Terrorists can attack freedom, but only Congress can destroy it.
Music is a commodity, give it UP its FREE, Turn on the damn Radio. If I really want a copy of a song that bad and I don't want to pay for it. I will throw on my favorite station run my recorder, and get a damn copy. If I want it on my PC I will record it to my machine, turn it into a .wav or .mp3...if my friend likes it I will mail it to him. Napsten, et al are just tools for doing it...it can't stopped. If these bands really want to make $$$ do it the old fashion way. TOUR! get on a damn bus and drive you ass to my town and play a gig, I will come hand you $30-100 for the privilage...thats the the way the music industry should be making money. it sickens me when my father tells me about all the bands he used to go see as a kid, for cheap $$$, because thats how they made $$$ they packed them into the parks, dance halls, etc night after night to watch the play. CD's etc, are promotional material for the band as far as I am concerned, I would much rather have the live expirence then listen to the Canned crap day after after day. Metallica, are the worst offenders right now, they have not been on a serious tour since practicaly the beginning of the 90's. Whats this summer a total of 14 dates, and at huge stadiums where I will barely even be able to see them. Get back to reality, come back and play 4000 person halls everynight, thats MUSIC.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
That's not only the hard part. It says a PRIME, literally ;)
no "relatively" prime bullshit.
You still have to keep in mind that this would merely be one of the many files of the same song on the system. Consequently, you wouldn't be able to get everyone who was downloading a particular song, just the people who download your particular file.
Chris Hagar
"The price of freedom is eternal vigilance." - Thomas Jefferson
It doesn't bother me that he WROTE the software, just that he thinks he is the voice of ethics to such an extent that he can decide whose proposed use of the software is moral enough to allow them to download it. I'm sure that his writing and distributing the software entitles him to distribute it however he'd like, but it bothers me that he thinks he can be the Morality Monitor.
Do something about world hunger. Click here
obviously there are grey areas, but infringement of copy and patent laws have the propensity to be enforced with or without willful knowledge of the act
..last post?
Mr. Last Post
If I have 100 MP3s on a 28k dialup, I'm probably not worth the time and money to try and stop. If I had a 1000 MP3s on a 256k DSL line I might be a target, but if I had 10,000 MP3s on an OC3 line that may constitute "intent to distribute" and it would be worth the time and money to try and stop me.
The real question is, how to make yourself less of a target? If I was taking the same 10,000 MP3s and splitting them across 1000 IP numbers then, just perhaps, I might be less of target for this type of NetPD search.
___
You should be running it through a grammar checker!
-bugg
I can do the same thing just by fucking searching Gnutella or Napster. Is it even a bot? What a worthless piece of tripe. Both protocols are open, so this is just another Napster or Gnutella Client with a little more automation.
And to dispel a myth about Gnutella you're not really anonymous, you're better off than on Napster because since there's no central server, there's no one to kick you off, but your IP Address is still open to anyone searching or returning Search results
Conscience is the inner voice which warns us that someone may be looking.
Conscience is the inner voice which warns us that someone may be looking.
-- H. L. Mencken
You're damn right.
Well I fired up Gnutella and did a search on "enforcer". Guess what I found! Media Enforcer, of course. You know, it's pretty nice piece of software. All they need to add is ping info and I'd be finding me some mp3s. The version I found only searched napster though.
Catch me on AIM: SigningiS
I prefer a void in conversation to a vacuous one.
You only need to forward everything through the clients if both sides want to be totally anonomous. If the reciever doesn't mind being known, then the sender can send directly to them using forged IP headers. Then the error-correction can be forwarded back to the sender through the clients. If the sender doesn't mind being known, but the reciever wants to hide, then the actual files must be forwarded, but the error correction can go directly. This would much faster for the case where the reciever doesn't care, and marginally faster when only the sender doesn't care.
I'm fairly sure it would be possible to set a distributed filesystem like Gnutella up so that people never know who they are recieving from, only who they are sending to (for forwarding). That would make tracking just about impossible.
seem to be what is insecure here. It looks like this program executes a simple search just like Napster and Gnutella do, returning a list of filenames and the username (or IP) that provides them. This is kind of necessary in order to be able to download anything.
So it seems what this program looks for is anyone that is sharing copyrighted material based on a filename search (which we all know is, of course, the most thorough search algorithm). Unfortunately, the easiest solution would be to become a Napster/Gnutella leech and not share any files.
Although I've only read a little on how Gnutella works, it seems that if you reply to a query, than you forfeit your anonymity -- although I'm sure you could modify it to forge IPs. Of course, Napster doesn't really have anonymity to begin with.
Great... now everyone can jump on the MP3-hating bandwagon.
This is basically useless. It wouldn't be too hard to write a gnutella client that simply returns the query with ".mp3" attached to the end in response to a query. Wasn't this already done? Plus, for all intents and purposes, you can't prove too much about the content of a file just by the file name...
Humorless sig goes here.
"Yes, you to(o) can be Lars"...
This isn't the first time.
I can see how this software may be useful for successful artists with enough money to attempt to prosecute people they suspect of distributing pirate MP3s. But I get the feeling that the author is hoping it will be used by smaller, less successful artists to protect their copyright. This leads to the question, what are these musicians going to do once they've got a list of IP adresses which are hawking their music? Smaller artists are unlikely to have the money to attempt to prosecute the pirates, so all they're going to be left with is the knowledge that their music is being pirated. Big deal. This software is of use only to the rich musicians and record companies - the people who are so rich that they are the people least financially affected by piracy. If the author of this software is unconnected with the RIAA, I wonder if he realises that the people his software is protecting are the same people who have been fucking him over for years with artificially inflated prices for recorded music.
Um, if you download boobietraped software, they can do whatever the fuck they want to you. And you can always see the IP address of people who download stuff from you in Gnutella.
I mean this isn't any diffrent then the web, take comet cursors for example. Once they get code running on your system (outside of a sandbox), any pretense of security is gone. (and if your running Linux, you they may not beable to see system files, but they can kill all your 'user' files, witch are probably more imporntant.)
Btw, this is somewhat offtopic, but I found a trogen/worm on Gnutella the other day as a VBS file. (I was looking for Evengelion stuff, honest!). I put the source (It's a Visual Basic Script) on my webserver if you want to check it out.
ReadThe ReflectionEngine, a cyberpunk style n
Every gnutilla client/server should be capable of acting as a proxy for another, and requests should bounce at random through the network. Why doesn't it already work like this? Peer to peer transfers are so easily compromised...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
If your search is done anonymously, and cannot be traced back to you, than how do you expect to receive results???
Stop by my site where I write about ERP systems & more
So they can get an IP address. That's all fine and happy. But who you gonna sue? They'd have to:
a) trace down everyone serving those copyrighted files, using nothing but their IP.
b) sue each and every one of them.
Good luck, and more power to them. You can't sue Gnutella like you sue Napster, since there is no such entity as Gnutella. Decentralization is the key. Gnutella is essentially nothing more than bunches and bunches of people acting independently to share files.
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Not in the eyes of the law anyway, its copyright infringement. It isn't trafficking in stolen goods, it's trafficking in pirated goods. And there is a pretty big difference.
And anyway, the people who download copyrighted material are never at fault legally, only those that distribute.
ReadThe ReflectionEngine, a cyberpunk style n
Napster has a 'strict' no bot policy, this program seems to be a 'bot' as it probably searchs many servers at once.. Why, thats grounds for banning right there, the opposite arguement of that banning would prove you have something to hide is bull, would you like it if the police came into your house and searched your sock drawer for drugs and drug paraphenelia? no, didn't think so. Privacy for all.
--
Insert Witty Sig Here
...and you be a ho.
My Slash-Caddy be out of impound and I be ready t'do some Pimp slappin'! Ya'll be cold, towin' da Pimp's Caddy like dat. Ain't like I was parked in a "no-troll" zone or somethin'.
I remembers it cleary: I was cruisin' da ghetto, checkin' on my ho's. Dey all be doin' some good work, and da crack-head mod's be throwin' dat karma all ovah da place like it be a Hindu festival or somethin'. Bitches be all singing, "Mod-ey Krishna, Karma Krishna, Whoring Karma, Moderate Us". It be worse than the bus station, so I whack a few o' dem bitches wit da Pimp Stick.
Anyhow, I be scopin' da streets, lookin' fo some fool leavin' time on the meter, y'know? All a sudden I see dis sign all sayin' "Taco's Parking Lot - Censorship Free!", and I be thinkin', "Damn! Dat's just what my ass needs! A Taco!".
So I eases da Pimp-Mobile into a space, and as I leavin' dis pasty-lookin' geek shout out, "We support free speech! Speak your mind without fear!" I dunno what da cracker fool be jabberin' about, so I just go about my bidness straightenin' out da ho's. And lookin' fo' dat taco, 'cause da Pimp be gettin' hungry, you know what I'm sayin'?
I slaps a few ho's who be gettin' out a line, and gives a few others some o' dat good Pimp Lovin' dat dey always beggin' fo (but not Siggy. She be gettin' old and skanky an' I hear she just been playin' wit herself an' takin' karma outta da bank to make it look like she workin'). I never did find me a taco, so I Pimp Strut's my ass over to da Soul Food Diner fo' a bowl o' grits.
Then I be headin' back to da Caddy and damn if I don't get rolled in da alley by dem moderatin' sons-a-bitches! Dey all actin' like I be bad fo' da neighborhood, like I da one encouragin' da ho's! Mofo's took 8 o' my karma in under 30 minutes!
After dat I tell da pasty geek I want's to cruise a little in my Caddy, 'cause I be lookin' fo' dem mod thieves who jacked my shit, y'know? And then white boy tells me I can't get my wheels 'cause I lost too much karma! Tells me it be impounded, and if I gots a problem wit dat I needs to take it up wit some brother named "Pater".
Now I figure Pater be da muscles of da operation, and I already got jacked once already so I gonna play it cool, you dig? So I says to the pasty geek, I says, "Yo, sign be talkin' 'bout 'Censorship Free'. What up wit dat?" Whitey look at me and say, "That's right. You were censored and it didn't cost you a dime."
Take me 48 hours to get da Caddy out of da impound yard, and meanwhile all da ho's and crack-heads be runnin' around wit out a care in da world. Shit ain't right.
Then I checks out da car and it be all banged up and shit! Speedometer be stuck on 0, and I can't even pass an AC wit out a push from da mod's! It just be me and the FP jallopies pokin' along in da "Low Threshold" lane, like we ain't important.
'Course we still be blowin' by dat fool drivin' da NP-19. Homeboy ain't even got an engine and he still be tryin' t'cruise in style.
You wanna be a karma whore?
Fine, but don't forget...
...a bunch of start-up IPO security companies out to nail those punk bastards that are stealing copyrighted material on the internet -- Let's just go ahead and make vigilantes out of everyone.
Better yet, let's apply this model to the 'real' world and deputize everyone: "Bust your neighbors breaking the law and receive points to buy cool stuff, redeemable at vigilante.com!"
--
Wooden armaments to battle your imaginary foes!
IANAL, but I suspect that as a criminal prosecution, the copyright holders would not have to be involved, and so would not be in danger of offending their fans. It would just require a Federal prosecutor that wanted to get his/her name in the news.
Legally, you aren't stealing, your infringing copyright. The same laws to not apply. Its perfectly legal to have copyrighted material on your hard drive, the only thing you can't do is copy
:P
Technically, this could include copying the file into ram, and then into the soundcard buffer, but they'd have to catch you doing it
Copyright infringement is not theft, its copyright infringement.
ReadThe ReflectionEngine, a cyberpunk style n
Just running Gnutella on a PC and having copyrighted material available wouldn't amount to entrapment. I believe the standard involves coercion or enticement in order to make the suspect commit whatever act you're trying to target. Just like the cops can dress a female officer up and walk her down the avenue, waiting for a John to offer $20 for a quick "date"...
Stop by my site where I write about ERP systems & more
He's just covering his ass - if the RIAA finds this thing and discovers that it can be used to pirate music (by searching through it) he can say that he went through a reasonable precaution to prevent people for using it illegally. This is probably actually SAFER (legally) than requiring people to use a click-through licence saying that they'll be good with his program - he can get the e-mail and show it in court. Basically, he can point to the e-mail and say "see, they said they wanted to remove all their songs from gnutella, not that they wanted to create a complete collection of all of Metallica's songs on MP3." Much safer than saying "see, I said they could only use it if they'd play nice."
It's a lovely, lawyer filled, world we live in.
You are in a maze of twisty little relative jumps, all alike.
IANAL, but entrapment would be if NetPD actively contacted individuals and offered them bootlegs unsolicited (imagine the concept -- poison pill spam). Simply posting fake files and waiting for people to find and download them doesn't count. Compare to police officers posing as prostitutes or drug dealers. If they come up to you and initiate the deal, it's entrapment. If you go to them first, it's an arrest.
But I do agree that Media Enforcer isn't going to get very far against Gnutella. Perhaps they could try and get individual servers booted off their ISPs, but that's like fighting fire with a teaspoon.
Isn't odd how the Next link at the bottom takes you to a page on how to use GNUtella and Napster, and tells you all about mp3s and what software you should use?
couldn't slashdot use a proofreader?
Here, CmdrTaco said "Yes, you to can be Lars!", misspelling "too" and earlier Hemos posted "macdonalds.com" instead of "mcdonalds.com".
Gnutella wasn't designed so that downloads were anonymous. It's as easy to find a user there as on Napster.
What Gnutella *does* provide is a decentralized structure. So if you find 300,000 people pirating your music, you can't sue Gnutella's creators to stop them -- they're not serving the data, they have nothing to do with it, and putting them out of business won't affect the user transfers. To enforce your copyright on Gnutella users you will be forced to sue them all individually. *That* is what scares the RIAA.
And although others may have mentioned it, Freenet is the next step beyond Gnutella. Not only is Freenet decentralized, but users on it *are* anonymized.
Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
Now what's needed, short of a cryptographically-secure file sharing protocol, is an anonymous Gnutella repeater, a la the USENET anonymizer services.
But if Mettalica were to put this file up to be downloaded then either
1) They have put it up to be downloaded and hence have voided their copyright or
2)It wasn't copyright material anyway, as it was in fact just a booby trapped file not a copyrighted work
Those bastards should be neutered. C'mon, why would someone want to create an app like that?
All digital goods will become free on the net, deal with it, people, and try to think of some other way to make money. Leave the MP3s alone!!!
MediaEnforcer people should be ashamed of themselves, they can not be called programmers.
http://dtum.livejournal.com
[see subject]
ReadThe ReflectionEngine, a cyberpunk style n
Slightly off topic, but there is a website, http://www.stopnapster.com that is advocating sabotaging napster. article on zdnn: http://www.zdnet.com/zdnn/stories/news/0,4586,2592 245,00.html
It doesn't seem that the editors are reading the stories they link to. Reading the ZDnet article myself, it doesn't look like a "poison pill" file to me. It looks more like just another search engine that uses the gnutella protocol to log IPs of the people OFFERING files. It does NOT appear to be a way to entrap people DOWNLOADING files. Indeed, that's entirely unnecessary, as peer-to-peer file transfers, by their very nature, return the IP address of the downloader.
2)
Speaking of entrapment... If this WAS a "poison pill" file, a) it's not a copyrighted MP3 anyway, and b) isn't entrapment illegal as hell anyway?
3)
In the IQ war between computer geeks and dirty metalhead types... I'll wager on the geeks every time. How long before a countermove is made by the geek community to nullify this problem? The obvious first move is forged IP headers emailing the file request to an anonymous hotmail-type account, or posting to a specified usenet group. That could be an option EASILY added to gnutella... or napster for that matter.
4)
There is STILL no "single point of failure" in gnutella. That is, no master servers to shut down. Metallica would have to sue ALL 300,000 individuals, were they using gnutella instead of Napster. Just prosecuting a few to set up as "examples" could enable a "selective enforcement" defence... not to mention a VERY bad PR incident.
5)
Just HOW MANY ways are there to make sure a visible IP address does not actually lead back to you? Perhaps I could set up my own anon proxy, and announce it to alt.cubans.who.hate.castro... and it would just HAPPEN to be noticed by someone who hates the RIAA and crossposted to alt.metallica/RIAA.die.die.die.
6)
Freenet.... 'nuf said.
john
Resistance is NOT futile!!!
Haiku:
I am not a drone.
Remove the collective if
Imagine all the people...
So I downloaded a file called cracked_vmware.zip?
You can't press charges on that, there is no law against clicking on a file name. If the file is fake, then I didn't download any pirated program.
Finkployd
The best solution in this case is to have a system where each user has a Karma value, and users with low karma values are banned from searching/using the network. Moderators would assign Karma to users based upon comments in chat mode, downloads they've done, etc. Users with high Karma would get to execute their searches twice as fast (because they would get a priority flag). Autobots like this would be quickly moderated down and lose their right to search.
-o Disclaimer: My employer doesn't even agree with me about C indentation style. o-
In the US Legal system, not knowing the law is not a defense against your committing the infraction.
"Officer, I didn't know it was a 25MPH zone, I didn't see the sign because I was looking in the rear-view mirror at your blinking lights."
[
Granted that companies and big bands are fighting any sort of digital transfer medium and charge entirely too much for CDs, but...
...what I'm seeing is a huge amount of creativity (and original thought) put into circumventing a tracking effort. When you come down to it the only concerned parties would be someone who has 3087 mp3 files on their computer, but does not own even 1 album. Not exactly above reproach.
Everyone wants the price of buying music to go down, seeing a way to distribute it online would be a huge bonus as well. The obvious solution is not to purchase music until the Gods of Rock do so. The obvious problem is not enough people are willing to do that, hence our current conundrum.
What is the solution? Nothing easy for certain. Compiling a database of the music people own (so a central point could keep track of who is allowed to download what) is unrealistic. Unfortunately trusting your average human to work on the honor system is unrealistic as well. When a reckoning is finally arrived at I'm betting everyone will be unhappy, but one side much more so than the other.
Andrew Borntreger
Andrew Borntreger
Champion of cinematic disasters
'cause piracy is the record industy buzzword as far as MP3 goes.
/. posted a link about this software. Its usefulness, IMHO, won't be tracking down those evil bastards who like music, but finding out what exactly all those evil bastards are listening to. Ratings. Tracking. The same thing will be needed when the bandwidth to share moving pictures becomes commonplace. In a distributed media environment the loss of control scares a whole bunch of people, what they don't realize is that control is the expensive and difficult part of their jobs.
I mentioned this the last time
Oh, and we'll probably have to change some laws...or quit funding the folks who would rather sue and ignore new tech than compete.
--
+&x