Emusic Tracking MP3s On Napster

Nice Geek sent us a wired story talking about EMusic tracking MP3s on Napster. Several issues: mainly the flaws of using MD5 checksums to determine the source of the MP3, but also the problem that using a bot violates Napster's terms of service. I don't really have any problems with this, but it'll be interesting to see what the next step will be.

Seems like a good thread to throw this into

[zzzzz]

A few days ago I posted a little teaser about Splooge. Anyone reading these threads would certainly be interested in this. We're currently looking for some beta testers for Splooge. We'll allow about 200 downloads before we take the beta download offline again. If anyone would like help us out and give it a try, it can be downloaded from www.splooge.com. Unfortunately, this is a Win app only at this time, a java client is in the works, however, development has been focused on the Win client. Any comments. concerns, or offers to work for free can be addressed to me at jbednar@splooge.com . Thanks! And no, despite the name, we're not a porn p2p engine. However... now that I think about it, thats not a half bad idea at all...

It will never stop

[DaSyonic]

MP3 trading has been going on for years before napster. Before this, it was simple web site MP3 search engines. Now its in the hands of everyone, and they try and stop it. No matter what, there will always be people getting free music, with or without napster, gnutella, scour (now dead), or any other public service. It mostly all started on IRC, with bots and fserves allowing people to trade their songs. No matter what happens to napster, the record labels need to realized, people dont have to pay for their songs, and theirs nothinig they can do about it. This will not put them out of business, there are tons of people who still go out and buy music, But they need to find a way to live with this technology, because it will never go away; it will just mutate into something else.

Re:And why not?

[puck71]

There're lots of bad laws, that's not much of an argument - I probably would lose in court, but that's not what I was saying - I was saying I don't consider it theft, and that's all that matters to me. They have not lost anything, therefore there is no crime. Plus, I don't see how income taxes have anything to do with this. The only thing it has in common with this is the fact that it involved me paying out money or not. Income tax is not something you can "steal", it's not a product, so it doesn't really have anything to do with music at all.

Re:And why not?

[puck71]

I did say that if I couldn't get the songs it would be ok, but since I can why not? Sure I'm not doing what the content providors want, but they're NOT LOSING ANYTHING.

Re:MD5?!

[Paradise_Pete]

you can just change the artist's name a bit - from "Spears, Britney" to "Britney Spears"

Thanks to recent elective surgery, I believe she now spells it "britnEy spEars"

Pete

Re:MD5?!

[gordyf]

Or just change something in the ID3 tag...

Two Wrongs?

[Speare]

And here is the crux of the matter. A) The artists often do not own the songs the write and sing, the record companies do. Many artists get little or nothing from "their" music. B) Considering the record industries "creative accounting" practices (i.e., screwing the artists), many people seem to find it difficult to accept the record companies claim of the higher moral ground.

You don't make a case against the theft of music via file-trading. It is theft, as the Napster user is getting the benefit of the music while the licensed distributor gets nothing in return.

I agree that the licensed distributors are sleazebags, fat cats who wine and dine little artists, seducing them into signing horribly restrictive contracts.

To shift the industry away from the fat cat executives,

Get the little indies to STAY independent. Those contracts are signed with their blood.

Organize secure downloads at reasonable prices. A buck a song, or even lower through a subscription service that can handle the microtransactions with a minimum of fuss.

Get debit cards in the hands of teenagers. They're the market for music money, yet so few teens have any purchasing power online due to the credit card hurdle.

Re:Two Wrongs?

[Darth+Yoshi]

You don't make a case against the theft of music via file-trading. It is theft, as the Napster user is getting the benefit of the music while the licensed distributor gets nothing in return.

And there you put your finger on one of the core issues in this argument (I was wondering if anyone would catch it :-). I'm not convinced it is theft, at least the way I think you mean. If someone steals my wallet, I think we all agree that's theft, my wallet is gone. If someone makes a copy of one of my music CDs, is that theft? I don't lose anything. The copyright owner technically doesn't lose anything but a potential sale (there's no guarantee the copier would have bought the CD in the first place). Is it a different type of theft? Perhaps it's a different degree of theft? Should it be called theft at all? Personally, I'm undecided.

Moreover, there's some evidence that downloading "illegal" MP3s inceases sales of CDs. Granted the evidence is controversial, but it puts an interesting philosopical twist on the controversy.

I agree that the licensed distributors are sleazebags, fat cats who wine and dine little artists, seducing them into signing horribly restrictive contracts.

At least we can agree on something. :-)

Get debit cards in the hands of teenagers. They're the market for music money, yet so few teens have any purchasing power online due to the credit card hurdle.

Nothing personal, but that's a disaster waiting to happen. There's a reason teenagers have a tough time getting credit and debit cards. I work retail part-time, believe me, I know.

Moreover I might point out there's no constitutional right that guarantees that music companies should make money. If their target customers don't have money for CDs, maybe they should rethink their business plan.

Re:Two Wrongs?

[Speare]

Moreover I might point out there's no constitutional right that guarantees that music companies should make money. If their target customers don't have money for CDs, maybe they should rethink their business plan.

I wasn't suggesting that teens get debit cards to purchase CDs. Heck, if they want CDs, they can go to the local brick and mortar shop with the cold hard cash daddy gives them.

Teens need online purchasing power to equalize the situation: indies can avoid the sleazy contracts purloined by big distributors if they can still make money from their audience. If the indies only target 40-somethings for making money, they'll starve. The indie needs to get cash from the teens, avoiding the big distributors.

Cash flow:

teen to debit card to online broker to indie

Content flow:

indie to online broker to teen

Re:Two Wrongs?

[Darth+Yoshi]

I've been thinking what might be done for indie musicians. Perhaps a company could be created to represent the indies and to pool resources. Etched on every employee's forehead (figuratively speaking of course) is the rule that their clients (the indies) and their customers (their fans) are to treated fairly, honestly, and with respect. Beyond that, I believe the internet could be the great equalizer between them and the record companies.

A few things I can think of that this hypothetical company could do is:

Build and maintain websites musicians websites. Pooling webserver space and web design talent.

Organize tours, recording sessions, CD manufacturing, jacket design, all that stuff...

Maintain an mp3.com-like online streaming library for registered users. Thereby creating a database of potential customers. And/or...

Streaming broadcast, via shoutcast, of all indies by genre. So fans can easily sample all the different talents.

And of course, since the streaming audio is only poor to fair quality, online shopping for CDs is only a click away. The company could offer precompiled collections of songs or offer to burn custom CDs.

Anyway, who knows, I'm not a musician or a businessman. Maybe it would work, maybe it wouldn't. It's late, I'm tired, and I'm going to bed.

But that obviously won't get around the TRM match.

[rakslice]

Jeez. You'd think that /. readers had never used a web browser before or something.

Ignore Wired. Go look at the EMusic press release for accurate information.

Re:yes, but not what

[g_bit]

Open mailbox

Re:Legitimate rips?

[TheCarp]

> If you read your CD it says that it is illegal,
> without prior consent, to copy it to another
> form.

And if you bought a new car, opened the hood, and saw a tiny little sticker saying "it is illegal to modify this car in any way, including but not limited to the addition of racing stries, repainting and tinting of glass without written permission from Honda" would that stop you?

Just because someone writes some words on a peice of paper (or plastic) doesn't make you legally bound by them. In truth, it has been ruled that its perfectly legal to make copies for personal use...in fact, the law explicitly states that you CAN.

Legally, the record companies can NOT stop you. they can not take that right away. However, they write their little fine print anyway because they know that they can fool some people, some of the time.

> How would you feel, for example, if a book you
> wrote, was disseminated on the internet, and as
> a result you didn't sell any books?

I would track down the person who distributed it and shake their hand. It feels great to creat something and have someone else like it enough to share it with others. It feels great to have your work accepted and praised in such a way.

In fact, I can think of no greater praise for my work than to have someone hand a copy to someone else and suggest that they take a look at it.

-Steve

Re:yes, but not what

[agentZ]

Opening the mailbox reveals a leaflet.

Re:yes, but not what

[agentZ]

No, but I understand that when I go to Piggly Wiggly, I'm paying for something (i.e. The transportation, storage, washing, and attractive shopping atmosphere) of the product. When it comes to music, the artists have to pay for their own recording, production, etc. i.e. The artists do the lion's share of the work, so they should get the money. The record company adds marketing, and probably should get something, but not $17.99....

DMCA Again??? aww geez

[puck71]

"According the Digital Millennium Copyright Act, copyright holders can request that Internet companies refuse access to those people who are making unauthorized materials available for distribution." Why do all these things have to come out of the DMCA? the "Devil's Modia Conglomerate Ass-kisser" I like to call it. Actually I just made that up, but well it works. So are they saying that without the DMCA they wouldn't be able to do this? Or what? Anyway, napster isn't everything anyway, there's still a few (hundred) alternatives.

Re:Let Me Get This Straight ....

[jcsmith]

I'd think emusic isn't really concerned about all copyrighted music, but they probably check for mp3s from their site. I'd say that is a "legitimate" source

Theft

[buttfucker2000]

And do you rip the price stickers off CDs when you steal them from the shop?

And do you spray over the security marks on that bike you stole?

Do you remove the postcode from the things you stole from that house?

Scary

[moyet]

>"People don't have the right to privacy when they are publicly making available infringing songs," Hoffman said. "A burglar >doesn't have that right when he's walking with a television under his arm."

But they don't know if I have illegal music on my computer, unless they invade my privacy. How come people who try so hard to secure the artist rights so quikly forget about my rights?

SCARY

Re:Scary

[LocalH]

They probably don't know how to disable file sharing (or they enabled when they started Napster once, since it bugs you about file sharing EVERY TIME YOU LAUNCH NAPSTER).
_______
Scott Jones
Newscast Director / ABC19 WKPT

Re:Scary

[rakslice]

So, why would you share songs if you don't want to share them?

Re:Scary

[Bob+McCown]

Dunno. Ask the hundreds of users on Napster that cancel your downloads, and message "Stop downloading from me!"

MD5?!

[Cyberdyne]

One small problem here: MD5 is specifically designed to make sure that changing a single bit in the data changes the checksum. Assuming they check the ID tag at the end, this means you can just change the artist's name a bit - from "Spears, Britney" to "Britney Spears", say - and their `clever' software will regard it as completely different. Duh.

Failing that, chop the last byte off the file. It won't affect the music you hear - just cutting the last millisecond or so of sound out - but it will make the file size and MD5 hash different.

Finally, in order to calculate an MD5 hash, you need to download the whole file. EMusic plan to download every single file on Napster, just to check for files they claim rights to?? This, I must see!

Re:MD5?!

[mian]

Then there's the problem Emusic will be using a bot to do all this - at which point, they get barred from the service for ToS violations!

I agree that they should get barred, as I did (one of Napigator authors, barred us for publishing Napster server stats) however with the recent court cases I think Napster will strike a deal with them to show the courts good faith.

Re:MD5?!

[Fizgig]

If you go entirely on the MD5 hash, you will get false positives: look at the "birthday problem" to see why. With literally millions of different songs on Napster, there will be many random "collisions" (as they are known in crypto circles).

Well, technically yes. Practically no. MD5 is a 128-bit hash, so there are 2^128 hash values. You'd need 2^64 distinct MP3s before you're likely to find two which hash to the same thing. 2^64 is really, really big. MD5 may or may not be a perfect hash (I think there is some evidence of flaws), but even if specific attacks were known, it's not like people are going to specifically construct MP3s so that they get hash to a known value (making themselves "look guilty" on purpose).

Re:MD5?!

[mian]

Finally, in order to calculate an MD5 hash, you need to download the whole file. EMusic plan to download every single file on Napster, just to check for files they claim rights to?? This, I must see!

the napster client already sends your MD5 info into the servers on login, it was used for auto resuming which has been disabled now..and it only MD5's the first 300k so if you have an incomplete file that's 350k and the full file is 5Mb the MD5's will match as the first 300k will be identical and we can safely assume it's the same file and resume regardless of filename.

Re:MD5?!

[evil_one]

I'd make myself look guilty on purpose. I'd take freely distributable mp3s, like ones from my friend's band dead composer, and modify them to look like metallica songs. Let's see them sue me for distributing songs I've got permission to distribute.
---

Re:MD5?!

[Cyberdyne]

the napster client already sends your MD5 info into the servers on login, it was used for auto resuming which has been disabled now..and it only MD5's the first 300k so if you have an incomplete file that's 350k and the full file is 5Mb the MD5's will match as the first 300k will be identical and we can safely assume it's the same file and resume regardless of filename.

If you go entirely on the MD5 hash, you will get false positives: look at the "birthday problem" to see why. With literally millions of different songs on Napster, there will be many random "collisions" (as they are known in crypto circles).

Of course, you can then remove or randomise the hash from your Napster client. Since it is no longer used, why keep it?

Then there's the problem Emusic will be using a bot to do all this - at which point, they get barred from the service for ToS violations!

Using a bot

[C8H10O2+MF]

Violates Napster's user agreement?
Ehr..So does 80% of the Napster users, if not
more, by downloading Music files and keeping them
longer than a day.
Who cares..Sueing individuals for downloading
illegal music is the same nonsense as prosecuting everyone with a VHS copy of some
movie.
Napster's user agreement is a joke..
Then again, it's a very good joke that prevents
them from being guilty of spreading
illegal copies. They are not, and I think Napster
is doing a great job.

Re:Using a bot

[dohnut]

So does 80% of the Napster users, if not more, by downloading Music files and keeping them longer than a day.

That is not true, you cannot download them, period.

Check out http://www.soundby tin g.com/html/top_10_myths/myths_index.html

#8 is the one you're looking for. Btw, the same goes for arcade ROMs too.

Flawed analogy

[Jon+Erikson]

Sharing files on Napster is no different than lending someone one of your CDs for a day.

No it's not, because you can lend someone a CD and they can listen to it without making a copy, but when you put your files on Napster, people have to make a copy to listen to them.

The only way your analogy would work is if Napster deleted the track from your hard drive when someone downloaded it. Obviously, nobody would use it then.

This doesnt make sense.

[pallex]

How will this work? If N people mp3 a song, then unless they all use the same software, and the same options, they`ll get different files. Some may normalize the wav file before mp3`ing. Some will trim the file to remove silence at the end (for example, the penultimate track may have loads of silence to `hide` the bonus track).
If this took off, mp3 encoders could invert the song, or add some random bits to the end of the song.

Basically, there is no way they can do this. They`d have to constantly be downloading songs - any song - and then either listening to it, or use yet more vapourware - a tool to analyse a song and guess which song it actually is - before taking action.

I cant see how this would work!

Re:This doesnt make sense.

[pod]

No, no, you're confised about this a little. EMusic sells mp3 files. They intend to track down people uploading those files via Napster. They could care less about equivalent tracks encoded by someone else.

Re:And why not?

[McFiegolx]

I want to enjoy music I can download, and Napster stands in the way of this.

Actually I think you could argue the complete opposite. Napster forced the big 5 Record Labels to acknowledge the Internet as a potential market. I'm sure Napster's press citing 20 million users and previously unrecognised demand helped get the attention of record company directors.

Do you think that without Napster and MyMp3.com, you would be seeing the current rush by the big 5 to start their own distribution sites?

Paul

Legitimate rips?

[buttfucker2000]

I don't think so.

If you read your CD it says that it is illegal, without prior consent, to copy it to another form.

Like I said, the owner of the property has the right to do with it what he will. If he doesn't want you copying his music, you shouldn't - just as you don't want people abusing your things. You do not have owner's rights over the music - the fact that MS paid $millions for the Rolling Stones 'Start Me Up' will show you that. You just own the right to use a recording, in that form, and under certain conditions.

If you don't like those conditions, you don't buy the music. It is not right to say that music companies are overcharging you, or that they are monopolies, because nothing forces you to buy their music - just as nothing forces you to come into my supermarket and buy my goods if you think they're overpriced.

How would you feel, for example, if a book you wrote, was disseminated on the internet, and as a result you didn't sell any books?

Re:Legitimate rips?

[Yakko]

If you read your CD it says that it is illegal, without prior consent, to copy it to another form.

There is a problem. See, these fuckwits have no way (nor do they have the right in reality, imo) to tell me what I can and cannot do with something I bought when I'm using it in the privacy of my own home/car/other for MY enjoyment. I can do whatever I want with the stuff I purchased as long as I'm the only one involved.

Of course, my argument stops being valid once I distribute it.

--

Re:Legitimate rips?

[Dervak]

If you read your CD it says that it is illegal, without prior consent, to copy it to another form.

So? They can write whatever they want on the CD, that they own your first-born child or your Soul, it still doesnt make it valid. The only thing thats valid legally is what the law says.

The courts have ruled that private copying, time-shifting and space-shifting as well as backup is legal. According to some, even noncommercial trading is legal. But the corps try to make you believe it is illegal. Fuck them.

Like I said, the owner of the property has the right to do with it what he will.

The point of this is that it is not property and there is no owner. COPYRIGHT!=OWNERSHIP. Copyright is a govt-granted monopoly on the commercial distribution of certain works, not ownership. That said, IMO Copyright must be destroyed, because it is so blatantly abused.

/Dervak

Comment removed

[account_deleted]

Comment removed based on user account deletion

The Next Step

[Flavio]

The next step, which should've been the first step, is psychoacoustic modelling. MD5 is so inadequate for this application that I'm impressed they've decided to use it in the first place.

Now to distinguish one song from thousands of others WILL be difficult, and I'm willing to see how this works. [in comparison to software that's supposed to screen images for porn.]

Flavio

Re:The Next Step

[rakslice]

Did you even listen to the teleconf? The system _does_ use PA modelling.

Re:The Next Step

[Flavio]

What teleconf? I'm talking about the Wired article.

Even thought "acoustic fingerprinting" is mentioned, no importance whatsoever is given to this technique.

Flavio

Re:And why not?

[puck71]

My thing is this: I don't consider it theft, because most of the songs I download from napster, I would never pay for anyway, so they're not losing any money. See? I'm never gonna buy a backstreet boys CD, but maybe they have a song or two I wouldn't mind listening to once in a while. I'll download it. If I didn't have it, that would be fine too, I wouldn't buy it, but since I can get it free, heh why not?

emusic.... good!

[buckaroo-b]

emusic, IMHO has done more for legitimatising digital music than anyone else. they are providing all of the benefits of digital music, legally! i.e.: lower prices, lower entry cost for artists, higher profit margins for artists, increases variety, less money going to corporate bastard record companies, etc, etc, etc. while i don't necessarily like this tactic, if it is necessary for them to keep their business going then, it is worthwhile. (Situational ethics always rule in capitalism) while i don't neccessarily like this tactic, if it is neccessary for them to keep there business going then, it is worth while. (situational ethics alway rule in capitalism)

God, what's next.

[Perlguy]

Why don't we ALL fsck with Napster, everyone else does....

Thankfully I get all of my online music via usenet...

First!

Re:Emusic also sponsors open source Linux projects

[jcsmith]

Emusic is already an attractive alternative. I no longer have to waste my time downloading songs from users with 14.4 connections. I no longer have songs that are poorly ripped. No more partial rips. And no RIAA police banging on the door. All that for $10/month is a steal.

If only they had a system to suggest music I might like based on how I rate the songs I download.

This sounds familiar

[91degrees]

Sounds like the BSA's "Pirate software detector vans" that can detect when you're using an illegal copy of a program.

They just want to scare poeple into behaving.

Re:This sounds familiar

[linzeal]

Isn't that gaydar ?

Re:This sounds familiar

[Travoltus]

The BSA could actually do this in about 3 years, using TEMPEST radiation monitoring equipment.
Check these URL's:
http://www.sciam.com/1998/1298issue/1298techbus4 .html

and

http://www.newscientist.com/ns/19991106/newsstor y6.html
========================
63,000 bugs in the code, 63,000 bugs,
ya get 1 whacked with a service pack,

Re:This sounds familiar

[TheGratefulNet]

BSA's "Pirate software detector vans

huh? are the Boy Scouts of America into driving pirate-detector vans these days? I thought they were putting most of their muscle into gay-detection...

--

Oh no! They violated the EULA!

[sheldon]

Haven't you heard? EULA and copyrights are evil.

I just found it incredibly funny that someone would complain, especially a slashdot editor, about violating the terms of service on Napster.

Haven't you heard? Napster can't control what their users do.

But what will they track??

[web_angel_tr]

Nice. And it will take only a few weeks and then there is a crack which will mask the Files so that they can not be tracked anymore...

--

Re:But what will they track??

[mian]

actually it took about an hour.. http://forums.napigator.com/read.php?f=4&i=20820&t =20820&l=0 (scroll down to last post)

Re:But what will they track??

[True+Dork]

The md5 is created by the napster client stored in the shared.dat on windows machines and in ~/.gnapster/shared for gnapster. That is what is sent to the napster server for the search engine. All you have to do is alter the md5 in the file and poof, emusic's little bot is worthless. I made a dippy little bash script that scrambles the md5s in my gnapster shared file and then launches gnapster for me. No cracking involved.

Re:But what will they track??

[phaze3000]

Nice. And it will take only a few weeks and then there is a crack which will mask the Files so that they can not be tracked anymore...

A quick read of the article made the solution obvious to me. All they're doing is an MD5 sum of the MP3 - so all that needs to be done is to put random data in the comments field of the ID3 tag and hey presto, the MD5 sum is different.
-- Piracy is a vicitmless crime, like punching someone in the dark.

Re:But what will they track??

[TheCarp]

Its even easier. Just say...take the last 2 bytes of the mp3...and change them to random values. It wont really effect the sound of it much (2 bytes) but the md5 checksum will be totally different.

In reality...you can just change a single byte anywhere...but if its always the last two...then you wont get a kind of creeping change (if you picked random bytes differently and changed them every time...then through several itterations, it would start to effect the quality.

-Steve

boggle the bot!

[wheel]

Now's the time to connect with your 14.4 and 1000-song playlist! That'll keep it busy for a while...

Napster complaints:

[rakslice]

"I no longer have to waste my time downloading songs from users with 14.4 connections."

Just avoid slow users. Hint: ping times can't fraudulently lowered, so they are sometimes more useful than quoted bandwidth figures.

"I no longer have songs that are poorly ripped. No more partial rips."

Stick to high bitrate stuff, and avoid incomplete files.

"And no RIAA police banging on the door."

Same here.

"All that for $10/month is a steal."

All that for $0/month is a steal... even literally, some would suggest. =)

Re:Napster complaints:

[Mitaphane]

And how, dare I ask, does one accomplish that?

There are many simple things that you can do to make sure the file is the full song. Just look at all the search results and see what the most common song length is and there you go. Otherwise, lookup the song on some super huge online CD store like CDNow. They usually list the CD the song is on along with the length of the track.

Damn it would be nice if some of those peering clients indicated if a file had Variable Bit Rate encoding, any fixed rate sucks rocks.

Ahh, but you can do this with the Napster client. Just check for Bitrates that aren't in the set of numbers offered by most commerical MP3 encoders(ie 32,64,128,160,192,256,320, etc...). Those are usually VBR MP3s...

Re:Napster complaints:

[spankfish]

Stick to high bitrate stuff, and avoid incomplete files.

And how, dare I ask, does one accomplish that?

Damn it would be nice if some of those peering clients indicated if a file had Variable Bit Rate encoding, any fixed rate sucks rocks.

--

Re:Finally!

[Hewo]

Let's clear something up here. When you 'buy' a CD, or a DVD, or a book, or even a piece of software, the same rules apply: YOU DON'T OWN IT! You only purchase the rights to use/view/listen to it. You buy a license, but the material's copyright still belongs to the company or individual you bought it from. I'm a complete advocate of new business models which revolutionise the way money is made from music, and the crimes committed by Napster users is not theft - but it is obviously piracy, pure and simple. These people are not paying their license fees. The most surprising thing is how long it took for something like this to become an issue on the first unregulated and widely accessible information network ever seen (that's the Internet, for the slow or tired out there).

Finally!

[buttfucker2000]

We have something that can control Napster. Let's hope it succeeds - people think they have a right to steal music, and they don't. Just because it's not physical theft, doesn't make it not theft.

The artists (or the record company) own their recordings and have the right to do what they want with them.

Middle class white collar theft is no less theft than any other kind of theft.

Things about 'banning bots' etc are nothing set next to the fact that Napster is a tool for theft, plain and simple. These things are only used (or at lest 99%) to distribute stolen music.

Re:Finally!

[techno-at-nni.com]

fine, then let's take away your guns (or everyone elses) and let the government walk all over us.. or other countries for that fact.. since guns kill people. Oh, and take away music in general, because some of it is obviously "bad" and replace it with "good" music. When some rapper makes a racial slur about his own people.. Those are evil as well. Why not stop driving your car now, because walking is *much* safer? I dont think anyone is out to hurt the artists here. Hell, courtney love actually sued her own record company because they were sueing napster and she wasn't getting her cut. But the current way to distribute cds isn't working, OBVIOUSLY (otherwise, why is mp3 so popular?) I wouldn't want people to steal my music.. but at the same time, what are my other options to getting my hands on music? I know it's not a right to own it (if I can't afford it then I should just not buy it). So, next time you buy a cd, think of me and my poor family sitting around watching a black and white tv listening to records from 1945 (when I could afford them). Otherwise, don't tell me how to live. And if they made a new car that was soo much safer, would you want all those beautiful 60's and 70's classics destroyed? My friend, judging by your slashdot login, I think you have alot of growing up to do, even if you are older... age doesn't imply maturity.

Re:Finally!

[thdexter]

I find it amazing this got modded up.. Anyway, Napster is a tool -- but not one for theft. It can be used for theft, but so can the Internet. So can Usenet. So can my car, ad infinitum. Napster does have a "no bots" policy -- because they're doing this in the name of Good, they should be able to walk over that? What if I made a rule for my DNS server that I didn't want anybody packet sniffing? It wouldn't stop anybody -- but then they'd also be violating my policy. If Napster has a "no bots" policy, it won't stop many people from using bots - but they're violating the policy. I come to my previous statement; Are they allowed to do this just because they're in the name of ethics? Morals? Commander Joe? I don't quite think so, myself. Nobody ever claimed to have a right to steal music, last I checked. I wonder - Did you use the "preview" button before you submitted?

Re:Finally!

[GeekDork]

Your modem/DSL/ISDN adapter is a tool for theft. Throw it out of your window immediately or I will sue your nuts off, bubba... ;-)

This discussion is old and boring. Napster itself is a tool for exchanging music. It is, however, used to exchange "illegal" music(???).

EMusic is using a bot on thre service and therefore should be banned from the network as anyone caught running one. I don't want to hear someone cry "it's a good bot!" or stuff like that. EMusic violates Napster' s TOS and even makes it public. There's no excuse for plain stupidity.

Aaaah! My blood pressure's coming down again...

Re:Finally!

[axo]

Okay. Your over simplification of a complex issue has riled me.

The artists (or the record company) own their recordings and have the right to do what they want with them. Middle class white collar theft is no less theft than any other kind of theft.

To clarify: theft is when somebody takes something from me and, as a result, I have lost that something forever (or at least until it is returned to me). Downloading digital info is not the same thing. It just isn't. I'm not saying it's good or bad, just different. We are never going to see a satisfactory resolution to THE NAPSTER PROBLEM until we insist on discussing it rationally. This is new technology that our various legal, ethical and moral systems never saw coming. Let's admit as much and seek higher ground.

Re:Finally!

[divec]

Napster is a tool for theft, plain and simple.

Some uses of Napster are legal. Besides, using Napster to obtain unauthorised copies of music is not theft. The law does not consider copyright infringement to be theft. Theft is worse than copyright infringement - if I steal your CD, you don't have a CD any more, but if I copy your CD, nobody loses their CD.

Re:Finally!

[buttfucker2000]

> EMusic violates Napster' s TOS

I think that's justified in the greater good of theft prevention - it's just like having a cctv camera monitoring a city center

Re:Finally!

[buttfucker2000]

If motor vehicles could be made so as not to cause deaths, I'd ban the ones that did.

It's the same with Napster - it must be controlled; if it's possible to make it so it isn't an accessory to theft, it's better than if it is.

Re:Finally!

[gumbo]

Finally, having a little bot to monitor the files you have is an invasion of privacy. Those files could be legitimate rips from CD's

Exsqueeze me? If you decide to share some music you have so anyone can download it, it's an invasion of privacy for someone to look at what you're sharing?

And if you have legitimate rips from your CD's, that's fine. If you're sharing those so anyone in the world can download them from you, that's not fine.

And anyway, emusic is going after people who've bought files from them and are now sharing them to the world. Any legitimate rips you have from CD are going to be encoded differently and have different a MD5 checksum, so they wouldn't even notice those.

It really is kind of funny to watch everyone try to figure out reasons to defend Napster and say that they should be allowed to download any music that they want to...

Gumbo

Re:Finally!

[Paradise_Pete]

Come on. Napster is no more a tool for theft than is, say, my Steal-O-Matic here.... wait, bad example.

Pete

Re:Finally!

[LostScorp88]

So, we are to assume that you NEVER right-clicked an image on a webpage and saved it and used it. Or that you never forgot to give credit to the original author for something you quoted. Or that you never, ever burnt a CD-R or gave someone something that may have been copyrighted (eg, a game or application). Well, you get the idea.

Napster may be used for theft, but the software itself is not a criminal. All it does is allow people to download songs from others. Some people view Napster as this evil tool, when all it really does is allow people to trade music. They could do this anyway, but Napster makes it much easier and more accessible. Very few people truly abuse it. Most of the users just downloaded a few selected songs, making the total loss to the artist virtually nothing.

And it's not like they make a ton on the CD either. They get very little of what they are sold for. Each song is worth cents. So buying CD's doesn't do them that much better.

Finally, having a little bot to monitor the files you have is an invasion of privacy. Those files could be legitimate rips from CD's. In short, any attempt to monitor Napster activity is no better than monitoring where you go on the Net - it is a blatant violation of privacy. Do you want some machine looking over your shoulder, seeing you downloading that "evil" music? Don't think so. The future lies in freedom, not in the old way of selling CD's costing in excess of 15 dollars.

Re:Offtopic digression.

[ichimunki]

I was going to moderate on this story, but there's no moderation tag for "-1, Obviously Stupid", so I'll have to respond. Last time I checked, farming was one of the few remaining commodity markets in existence, which practically gaurantees that farmers are at the mercy of the few large corporations who buy the bulk of their products, and with the ongoing consolidations in the agriculturally-derived manufacturing industries (look at RJR Nabisco, look at Pillsbury being merged with General Mills), expect this to get worse.

It simple economics, the fewer buyers there are, and as long as sellers are mostly dependent on those buyers, the buyers will be able to set their price about as low as they want to. Where I live in Minnesota, this is a continuous issue-- where families that have farmed for generations are now having to find other means to make money since farming is becoming increasingly unprofitable at the smaller, family-sized farm level. In fact, there is a large movement, especially among the devotees of organic produce, to support locally-owned, family-style, non-corporate farms in a very direct way (through co-ops and such).

In other words, this analogy is flawed, I hear about farmers being ripped off a lot more than I hear about rock stars being ripped off. I also hear about farmers consistently losing ground through no fault of their own. Given the ease of capitalizing a CD pressing and the incredible number of outlets for same, I can't say I have the same sympathy for musicians too dumb not to whore themselves to RIAA member corps.

the LAW and napster

[LifesABeach]

since when is it the responsibilty of napster to track ownership of files of anyone, for anyone?

since when is it the reponsibilty of nampster to observe and report events on the internet to anyone?

i think napster has done a service to the music community, because i find myself buying more cd's, because i can 'test' listen to them on napster. before that, i just waited.

i would dearly love to have my children listen to the wit and humor of bill cosby. but just try and go to the store and buy one of his albums.

i am to busy working on the internet to deal with the nonsense that the music industry is throwing in my face. the 'prosecution' would be well advised to consider the glorious industry of buggy-whips when challenging internet interactivies.

Re:the LAW and napster

[Stonehand]

Well, if they don't start tracking, the BMG deal is off...

Changing The File

[graystar]

The guy that reversed engineered the protocol said that you only need to change one bit. What is to stop, say something like Gnapster to just change one bit at the start and end randomly? Will this affect the song playability that much? This an example where open-source clients are going to be so much better, especially considering an move by Napster to do this would be against their case.

Re:Changing The File

[Steeltoe]

I seriously doubt this is the way MP3-compression works, but I'm aware that you're being sarcastic here.. ;-)

- Steeltoe

Re:Changing The File

[Ra-Rue]

The quality of some of the so-called "music" that is out there would probably benefit enormously if some of the bits were changed:)

The singular advantage of most modern songs, however, remains that they are so repetititititous that compression algorithms can really chop them down to a compact size - no larger than small wad of bubble gum, in fact.

Moderation for Dummies

[PD]

Whoever marked the above post 'flamebait' LISTEN UP.

1) The comment might have been serious, in which case it deserves an interesting or insightful

2) if the comment was NOT serious, then it's a TROLL. Flamebait is when I call you a yellow bellied sneech, and besides that, you're a Windows user.

A troll is when you post a bogus comment with the intention of getting numerous followups. Playing the devil's advocate is one example of trolling.

Posting goatse.cx is NOT a troll. It's 'offtopic'

BTW, this posting is also offtopic. If you must mod me down for this, please use the correct selection at least!

MD5 checksums might improve quality

[synq]

MD5 may not be the real means to track users or the real source of the files, but it may surely improve the quality of the files that you get from others.

Using MD5 you can know for sure if your file is complete and was not corrupted in traffic.

DMCA and the rest of the world

[Jim+the+Bad]

Surely the DMCA only applies to music shared on machines within the boarders of the USA? So mp3 that originate outside the USA (which can now be identified by the MD5 footprint) could still be shared around?
Probably not, but worth a try.

Seems sound...

[rakslice]

Note: the system doesn't use _only_ MD5. Duh. Get a clue before flaming, you idiots. =) (Yet again, /. readers are the lowest common denominator) Listen to eMusic's teleconference about their setup: http://www.streetfusion.com/custom/MediaPlatForm/C ustomPageTemplate2.asp?MediaEvent=%7BE5B 4EE7D%2DBEFC%2D11D4%2D940C%2D009027EEA37A%7D&Conta ctID=0 (Free streetfusion reg required)

Re:Seems sound...

[rakslice]

Except that it's not vapourware.

dilbert on Napster

[iso]

on a somewhat related note, i just noticed today that Dilbert is running a series of strips about musicians being paid with "digital tips." it's one of the funnier Dilberts in a very long while (and here i thought Scott Adams ran out of ideas long ago!)

- j

Re:This story sponsored by emusic

[rakslice]

It doesn't use _only_ MD5. Did you even read the press release? Go away and come back when you're not so stupid, stupid.

Re:And why not?

[atlep]

Let's face it, Napster has taken the concept of online music back ten years with its blatent support of piracy. Whilst the move to digital, downloadable music is inevitable at this point, Napster has made sure that the RIAA will move as slowly as possible whilst aiming for maximum control over every aspect of online music. If I were in the music companies place, I'd have taken Napster to court as well, they deserve whatever they get.

Digital technology and the internet is doing this. Napster is just a tool. If it had not been Napster it would be some other similar tool. Napster was simply the first easy to use tool. Blaming Napster for this is like blaming the first web-browsers for spreading porn on the net.

Re:MD5?! (parent overrated)

[burris]

If you go entirely on the MD5 hash, you will get false positives: look at the "birthday problem" to see why. With literally millions of different songs on Napster, there will be many random "collisions" (as they are known in crypto circles).

Uh, did you do the math here? MD5 is a 128-bit hash. The birthday attack reduces that to the square root, which means on average you'll need to generate 2^64 hashes before finding a collision. Last time I checked, 2^64 is quite a bit larger than "millions" (which is about 2^20). The magnetic particles on my hard drive platter spontaneously rearranging themselves into Britney Spears new single is more likely than any two songs on Napster accidentially having the same hash.

To put this into better perspective, distributed.net has been trying to find a single 64-bit key for close to three years now and the key rate is up to 121 billion keys per second without success.

Burris

Re:Let Me Get This Straight ....

[tom's+a-cold]

Why should this make Napster "dead meat"?

Napster's strategy seems to be to hold out for as long as possible, then settle with the big record companies. They've already started. The Napster folks can get rich and avoid getting sued or jailed, the RIAA can hide behind the Napster brand, and maybe there are some bucks to be made from the inertia of all the Metallica downloaders who stretched their brains to get on the site at all.

"heavy metal band Metallica"?

[Sloppy]

Apparently the author of this article hasn't listened to any Metallica songs recorded in the last 5-10 years.

---

No mp3's on the server if you use Web-Nap

[BadDogBadDog!]

When it comes time to pay for Napster, what will happen to the web based Napster client over at www.invalidpagefault.com? A single Web-Nap provider could purchase an account for the aprox 5$ a month that it is going be and offer access to all at no charge.

yes, but not what

[agentZ]

I agree with you that taking something without paying for it (e.g. Napsterizing music) is wrong, but what are the alternatives? I refuse to give my money to the record companies, I want it to go to the artists. What can I do? Send money directly to the artists for each song I download? (A sort of Street Performer Protocol...)

What's an ethical but not-willing-to-pay-the-pay-the-big-record-companie s person supposed to do?

Re:yes, but not what

[alpinist]

When it comes to music, the artists have to pay for their own recording, production, etc. i.e. The artists do the lion's share of the work, so they should get the money.

Actually, producers and record companies tend to 'front' the money to artists to record material, and believe me, studio time is expensive for people who haven't already sold 2 million albums. You are right, the distribution of money is pretty uneven. The actual cost of media, including burning the CD, printing the covers, etc, is less then a dollar. The contract with the record company will allow artists maybe a dollar or two per unit sold. In the case of bands, this money is divided amongst all the members. The highest earner per CD that I am aware of is Steve Vai, who gets about $7.50 per unit, but only because he owns the record company that distributes his work. There are many artists who agree to terms of pennies per unit, just for the chance to get their music out there, perhaps get some recognition, a following and hope they're in a position for better terms after they complete their 4 album deal. That is if the company doesn't decide to exercise their option to drop the artists due to flagging sales, or poor marketing on the company's part.

People say they can't sympathize with 'rock stars' who get ripped off. Well, 'rock stars' don't get ripped off, they've already made it, and have enough clout to protect themselves. The rich get richer, as they say. The people who get ripped off are talented yet struggling artists who pray for something positive to come back in the mail every time they mail a demo out.
--

Re:yes, but not what

[Pope]

I suppose you pay the farmer directly for everything you eat, right?

Pope

Freedom is Slavery! Ignorance is Strength! Monopolies offer Choice!

Re:yes, but not what

[g_bit]

No, but a more of the money that you spend on
your food goes to the farmer than the money that
you spend on music goes to the musician. How
many stories have you heard about farmers getting
ripped off by big farming corporations?

Re:yes, but not what

[Paradise_Pete]

East

Pete

Re:And why not?

[Patrik+Nordebo]

If the RIAA moves slowly this will only encourage people to copy more music illegally, since 99%+ of the songs on Napster were originally ripped from legitimately purchased CDs. Napster should spur them on to find ways to make it possible for people to easily get music over the net. Since searching for a completely secure method of distributing music is going to be futile, anyway, they should concentrate on getting money from people by giving them what they want.
Of course they may well be too stupid/naive to understand this, but then they should be replaced with people who aren't.

Re:And why not?

[(trb001)]

eh...i'll give you 50/50. Napster is theft, plain and simple, but more importantly it has opened people's eyes to a new way to do business. And although I do consider it theft, I see it in the same light as the misdeeds of Robin Hood...stealing from the rich to give to the poor. There's no reason that a cd should cost $17. Were it $5-10, yeah, no problem, I'm there. If Napster does adopt the pay-per-month thing, i'll be first in line to sign up for it. Clear conscience and music? Where do I sign...

--trb

Why not block Emusic from the network?

[Travoltus]

I'm sure if the Napster servers don't, the opennap ones will :)

Bye bye snoops!!
========================
63,000 bugs in the code, 63,000 bugs,
ya get 1 whacked with a service pack,

rules rules rules...

[Smhale13]

next thing you know they'll be telling people they can no longer loan their cd's to their friends...

Re:rules rules rules...

[Stonehand]

You've never gotten something marked "non-transferrable"? A lot of items come with strings attached, and they're not all digital.

Some folks here use the metaphor of a car engine, noting you aren't prohibited from tinkering with it. I'd be surprised, however, if doing things like replacing the engine yourself didn't have the very explicit consequence of voiding your warranty...

You can act, but there are often consequences -- and not just with CDs.

Re:And why not?

[lizrd]

I wasn't actually referring to the content of the traded mp3s but more to the quality of the mp3s themselves. Finding songs worth listening to is a bit of a challenge no matter where you look for them, be it at a record store, CDNow, or Napster. Dark side of the moon is also one of my favorite albums. But if I were to search for "Pink Floyd Money" on Napster chances are that what I would download would be complete and total shit. What I see as part of the value of paying for an album is getting a competent audio engineer to make the master that gets stamped onto the disk and not having that work undone by some AOL user trying to rip their CDs into a lossy audio compression format.

I agree with you that there is a great deal of crap on the market. There are also some real jems. Lately Blue Note has been releasing some of their prize recordings on CD. Say what you like about music today being a rip off of everything good that was done by Pink Floyd, the Stones et. al. in the 70s, but remember that most of what they did was building on what John Coltrane and Miles Davis et. al. did in the 40s.
_____________

MD5 ?

[Stavr0]

Last time I checked the MD5 check used in NAPSTER is calculated off the first 300kb (ballpark). So changing the last bytes of the files won't change the MD5.
---
Inanimate Carbon Rod thanks you for your support. See you in 2004!

Re:MD5 ?

[thdexter]

Well-- use id3v2 then :P

Re:MD5 ?

[borud]

Using MD5 to checksum an MP3 file is not very likely to produce the desired results. if people can't see that then I certainly wouldn't waste my time explaining it to them.

(oh, and I do know a thing or two about "fingerprinting stuff")

Re:And why not?

[Stonehand]

It really doesn't matter what you think it is; it matters what it is, legally.

You can go on hollerin' about how, say, income taxes are illegal, and weed shouldn't be, and then withhold taxes on income from marijuana trafficking -- but don't be alarmed when the DEA or IRS comes after you. And, in court, you'd lose.

Re:Policing is fine, but not when it the tool fail

[thdexter]

I hate doing this, considering I just replied to another post, but.. Policing Napster downloads isn't all fine and dandy, it violates their policy. If you agreed to the policy, you're therefore free to be banned from the service. Black and white. On or off. One or zero. That's it - nothing deeper. If there is an investigation system, then the only people who would be authorized to use it are Napster Inc., or people they in turn authorize. Besides, I have author permission on all 700 of my mp3's. I ripped and encoded them, gave myself permission.. Now, I don't allow you to copy them. Nyeh.

More for the lamers:

[rakslice]

- The system uses Relatable's TRM open-source audio recognition engine in addition to MD5 checksums.

See http://www.relatable.com/tech/trm.html for more info on it.

Re:More for the lamers:

[rakslice]

1)No matter which way you slice it, in order to use any kind of audio recognition software the song has to be downloaded.

Correct. That's what it does. It's already running, BTW.

2) Obviously, it doesn't download all the files. It only downloads those which have filenames that fuzzily match the names of the controlled tracks.

Yes, it does use fuzzy matching of some kind.

[rakslice]

E-music held a teleconference about their system yesterday morning. There's a copy online... The URL is in one of my later posts to this article.

The system uses Relatable's TRM "audio signaturing" software (which is open-source, btw.).

Re:Yes, it does use fuzzy matching of some kind.

[rakslice]

They do have access to your files. They're accessable via napster. That's the whole point, remember?

Hey clueless: Get more info.

[rakslice]

or use yet more vapourware - a tool to analyse a song and guess which song it actually is

That's what it does. It uses Relatable's TRM open source "audio signaturing" technology. See my post below for a link to e-music's teleconference about the system for much more info.

Also, see Relatable's page on TRM - also, check out the TRM-enabled freeamp.

Misleading

[rinkjustice]

"People don't have the right to privacy when they are publicly making available infringing songs," Hoffman said. "A burglar doesn't have that right when he's walking with a television under his arm."

What an incredibly misleading analogy. An mp3 is a digital representation of a song, not the real goods. Audio signals are removed and repetitous or similar patterns are looped, so what the listener is hearing is a reasonable fascimile of the music - no more. Comparing it to breaking into private property and stealing a television set is quite a stretch.

Your Support for Napster Can Make a Difference

Re:I agree.

[techno-at-nni.com]

ok, fine.. what do we do then? Stand outside and petition their offices? Sorry, I gotta work to afford all those great new cds. Sorry if I seem harsh but I think these companies have been running the show for awhile now and have it embedded in their heads that they are always right.. This napster thing got their panties in a bunch and their didn't have their fingers in it, which I think was a good thing.. that they woke up to see what's going on.

Uh... Napster computes the MD5s.

[rakslice]

1) The MD5s are always computed by the napster client and uploaded to the database, AFAIK.

2) But, yes, files will still have to be downloaded if TRM analysis is to be done on them. So that problem will probably come up.

Theft argument is moot

[Xuther]

The FCC classifies the internet as a series of transmissions, the FCC also regulates radio transmissions. Why is it that no one argues that listening to the radio is theft of copyrighted material? I mean you can't download yourself to the concert after all. People still go to see those, people still buy tour shirts, or videos of the concerts. People have been recording music from the radio probably since the introduction of magnetic recording media, I see no difference between recording from a transmitted source (radio, internet) to a magnetic storage medium (casette, hard drive). Or do you honestly believe that the recording industry should have the power to throw their weight around like this? I personally don't care to end up having a credit card reader built into my walkman or car stereo just so I can subscribe to content. Which if they can force mp3 to go that way I don't think radio will be that far behind. I seem to recall that sony electronics was under a similar lawsuit when it first introduced it's minidisc technology. (in fact I think they shouldn't even have been allowed to participate in the lawsuit considering that other divisions of their company make mp3 players, storage media, and market and sell rippers along with those devices.) Their argument was that the minidisc was not cd quality of the signal and thus roughly on par with radio. True audiophiles know that radio, minidisc, and mp3 are inferior to a full cd digital track. mp3 samples the signal which means there is a lot of information being cut out. (granted most of that information cannot be heard by human ears). However minidisc does the same thing, not sampling, but cutting out useless clutter that a human is incapable of hearing. However it was proved that minidisc wouldn't severly damage the industry, just as radio and in my opinion mp3 do not. People will continue to buy cds as long as the sound quality is considered the best. As someone who has been involved with music for a while (though not professionally, why would I want to? that kind of job would suck, I much prefer the IT world. :) tours, fans, late hours... that's depressing), I personally would like the proliferation of my music. After all it's about expressing things (or at least it used to be before all this pop britney crap where all the songs are the same and there is no real message to music anymore.) In medieval times the musicians would live on the suffrance of their patrons. Todays musicians have it easy by way of comparison and should be grateful that fans appreciate their music. It's a sad day when people are more interested in money than in getting their message across. And I don't care much of people end up flaming me for my opinions. Because they are just that, opinions. I don't plan on changing my stance, this is just the way I see it. After all people have a right not to agree with me. :P

No, It isn't theft

[Syllepsis]

We have something that can control Napster. Let's hope it succeeds - people think they have a right to steal music, and they don't. Just because it's not physical theft, doesn't make it not theft.

People do not have a right to copy music without permission under the current body of laws designed to compensate artists so that the increased body of art will further the public good. That being said, it is wrong to live under the contract of this society and disregard completely this piece of the contract.

Unauthorized copying is not ethical under the currently accepted system of artist repayment in the US. However, this is not a universal ethical guideline, and in other places it may not apply. Unauthorized copying is in no wy, shape, or form theft. The artist still has the master locked away for themselves and no one looses access to the artwork (actually the record company owns the work). Stealing an idea is akin to talking away the notebook of secret plans, copying such a notebook is simply unlawful replication, and not theft. The only thing that is possibly lost when an mp3 is downloaded illegally is the monetary compensation which the record company is entitled to by agreed upon US law, and this compensation is only truly lost if the kid had some intention of actually buying the work.

I am tired of the theft analogy. It was made up by software and record companies trying to sensationalize this entire process. Later society might realize that IP ownership applied to music has been in no way productive to society, esp. considering the downward spiral popular music has made in the last century, from baroque masterpieces and culturally viable folk art, to trite commercial music marketed to the LCD of the 14 year old population, with large stadium concerts (the worst accoustic environment imaginable) in which overpriced tickets result in riot and death.

Furthermore, as an owner of over 300 legally purchased CDs, I have found that through false promises and illegal trade restrictions, the music industry more of less owes me about $500-$1000. Add to that the piracy surcharge I paid on my blanks I used to copy BSD and Slackware legally. Fair, no?

You must own stock to actually support these theives.

Creating the New Business Model . . .

[jgaynor]

. . . Is what this is all about. Napsters obviously using Emusic as a contractor. Emusic shares their data to the mutual benefit of both companies - Emusic (as was posted earlier) gets a foot in the door as another Napster-type service with a different format and Napster uses the data to pitch the RIAA on its new micropayment system. This information is going to be the metric that decides how profitable micropayment will be. EVERYONE (including the RIAA) is drooling over this and Napster is of course eager to be the first on the block to cash in. My 2 cents.

Re:Oh no! They violated the EULA!

[sheldon]

Could you define the word 'complaint' for me?

Thank you. ;)

Fixed link:

[rakslice]

Sorry... That URL is very dynamic. Go here and click on the e-music special announcement in the list.

damn... too late again...

[tewwetruggur]

well, pooh. I had been working on shrinking hound dogs to the size of an electron to follow MP3's by scent. I'm sure I was only 2-3 weeks away from a major breakthrough on this, too...

damn damn damn!

and I already had the Milkbones ready for 'em.

Block Them

[graystar]

Couldnt you simply block them from connecting to you. I would imagine that to do this effectively they would need to connect often, this would expose where they are connecting from. Assumming, they dont use different points each time, but in practice would be limited. Just need a host.deny type file for Gnapster, and they cant get access to your files.

Re:And why not?

[mlong]

You seem to forget that Napster is technology. You're saying that Napster is responsible for music theft...that may be true, but its the USERS that do that. This is a flawed argument. It's like saying "two criminals used the telephone to plan their crime, so therefore, the telephone company should be sued". Sure napster makes it easy to steal music...the telephone makes it easy to talk to people too. (And no, I don't advocate pirating music, but I don't advocate destroying technology either)

Re:Automatic anti-MD5 scrambling?

[rakslice]

What would that accomplish? You'd need to change a lot more than a few bits to change the TRM signature.

Re:And why not?

[divec]

Napster [...] has merely solidifed the opposition of a lot of artists to making their music available online.

It's done more than that. Not all musicians want the publishing companies to have a stranglehold.

You can argue that having stuff available on Napster is likely to encourage people to go out and buy the CD, but this is a fallacious argument

Fortunately, we don't have to wildly speculate; it's possible to do scientific, statistical studies. Until there is evidence backing up the claim that Napster is, on the balance of probability, decreasing anyone's sales, they should be presumed innocent by default.

theft is still theft

Right - and copyright infringement is not theft. Please do not mislead people into thinking that it is.

... and was specifically allowed by Napster.

[rakslice]

Napster specifically told EMusic to take this action. In theory, that could counter the actual language in the license.

There's no excuse for plain stupidity.

Mirror, mirror...

Re:And why not?

[Darth+Yoshi]

A few quibbles.

Whilst the move to digital, downloadable music is inevitable at this point, Napster has made sure that the RIAA will move as slowly as possible whilst aiming for maximum control over every aspect of online music.

I would disagree. If anything Napster has accelerated the industry's move to online distribution. RIAA (and the music industry in general) is an established bureacracy who believe the adage, "If we're making tons of money from brick and mortar stores, why should we go online"? Napster et al, have given the music industry a well deserved kick in the butt.

Napster really is not the future of online music, ...

Strictly speaking, I agree, but I think something Napster-like may be.

and has merely solidifed the opposition of a lot of artists to making their music available online

And support from a lot of other artists, especially (but not exclusivly) indie artists.

teenagers won't go out and buy a Brittany Spears CD

You say this like it's a bad thing. :-)

b) theft is still theft - the artists have not given their permission to do this and so anyone uploading their tracks onto Napster is infringing upon their rights to control what they produce.

And here is the crux of the matter. A) The artists often do not own the songs the write and sing, the record companies do. Many artists get little or nothing from "their" music. B) Considering the record industries "creative accounting" practices (i.e., screwing the artists), many people seem to find it difficult to accept the record companies claim of the higher moral ground.

I want to enjoy music I can download, and Napster stands in the way of this.

You're entitled to your opinion. To restate my opinion, I think Napster has been a wakeup call and the record companies will have to move damn fast to come up with a consumer acceptable online alternative.

Careful!

[SPYvSPY]

Don't assume that Napster's terms of service are enforceable. No one knows whether the click through license during install or the posted terms on the website are enforceable legal documents. I can think of many arguments to defeat both.

Use the link, luke.

[rakslice]

When the system finds a suspicious file (apparently through a filename search) that doesn't match a known MD5, the file is downloaded and the fingerprint calculated. Is that legal? Probably not. =)

I was thinking the same thing, but...

[flimflam]

I don't think that they MD5 the whole file, just the beginning. It should be useful for avoiding the "booby-trapped" songs that some people upload -- you know, the ones that have the first couple seconds of a song followed by birds chirping or something like that.

Emusic also sponsors open source Linux projects...

[big.ears]

Emusic is one of the sponsors of the Freeamp open source music player (which has limited support for .ogg formats, and is available for Linux and Windows). They have teamed with a company called Relatable, and another project called MusicBrainz, to categorize and catalog mp3s and cds. Relatable has a signaturing system that I believe uses acoustic fingerprinting--which is robust to small errors (or maybe even large errors) in songs. MusicBrainz takes these fingerprints and uses them to determine what songs you actually have, and then can use collaboritive filtering techniques to suggest playlists to you. I think this combination and seamless integration is making freeamp a very attractive player, although it still needs a little work and a little more help from interested developers.

What does all of this have to do with napster and you? Well, freeamp allows you to download/stream music from emusic fairly easily (for a fee--something like $10 a month). So, if the napster distribution channel dries up, they become a quite attractive alternative. No more crappy searches, no more little red dots beside the songs, linux integration, artist-tipping support. Now, I'm not saying that emusic's actions here are good or bad, but do have a legal approach to digital music, while napster/gnutella/etc are questionable at the very least. They do support an open source project as well.

Policing is fine, but not when it the tool fails..

[Shivetya]

Policing the downloads of Napster users is all fine and dandy. However it is not fine when the software used to do it is flawed.

Napster users have no right to distribute music to users without proper authorization to have a copy of the copyrighted music. Yet at the same time they have a right not to be subject a flawed investigative system.

The best analogy of this software is the gene-sniffer (remeber that one?) used to determine if you were in the room, and then having the police say you obviously did the crime because your gene-sequence was found in the city.

Theft vs real open market

[synq]

You have a point. Stealing things is not right.

But opening a way to buy music while not letting the 'monopolist' record companies be the only ones to distribute it may make very well sense. Music that's not as good as other music may have a lower price. Plus, using the internet as a distribution medium is much cheaper than CD's that need packaging and handling.

Not a problem yet, but there is a solution

You know, no one would have to worry about all of this tracking business if they just accepted water marking, and played fair.

Water Marking at least makes it possible to track a music file without having to do all this fancy IP mapping stuff. Personally i don't want some company invading my privacy and tracking my movements on the Internet.

Now, i don't actually use Napster, so it's not my problem. But if this company moves into more mainstream systems, then i'll probably be upset. I would be quiet happy to accept SDMI marked files in return for my own privacy though, and i suspect most people here would too.

T. Lee

Emusic are a legitimate source

[TMB]

Looks to me like it would be useful only for detecting stuff that was downloaded from a "legitimate" source (are there any?) and put unchanged onto Napster.

The reason you're seeing this come from Emusic and not The Big Five(tm) is that Emusic are a legitimate source of digital music. Unless people go to the effort of purposely modifying the mp3 files they get from Emusic before putting them in their Napster directory, the files will be identical.

Before now, there's never been any reason anyone would go to that effort. But now, I suspect you will see lots of utilities that flip some number of random bits in a file to destroy the signature.

Incidentally, there are plenty of other legitimate sources, and they're growing by the day. The majority are band's own websites... often an exclusive remix or a live version of a song. As a current example, the official Nine Inch Nails site contains two tracks that were not put on the new remix album "Things Falling Apart".

[TMB]

no worries here

[mermonkey]

"*accoustic* fingerprint"?? i don't think my metal rapCore collection has any of those.

From Napster to Gnutella?

[atlep]

Let's say that after downloafding you change one bit in order to get a new checksum.

Who will bother doing this? The ordinary user will not have the knowledge or interesert in why or how. If this is to be built into Napster then Napster will be in serious trouble, because this will mean Napster will have functions that are exclusively made to support illegal trading.

So this means Napster will loose and gnutella will win?

I think the lawyers working for the music industry will never be out of a job.

My suggestion

[dodecahedron]

From the article:
"You can't forge MD5," Weekly said via instant message. "Napster uses MD5 to fingerprint each song. The thing is, if you change one bit in the song, you get a different MD5. Meaning that if you try and track songs by their MD5s, and the users find out, they will be able to very easily modify their songs to have wildly different MD5s."

My suggestion would be to construct a Napster client (there's a list of many open source Napster-type clients at OpenNap) that slightly altered each MP3 when transferring it, effectively randomizing the MD5. Sort of like Active Server Pages - the MP3 would be constructed 'on the fly'.

Re:My suggestion

[Vassily+Overveight]

Good idea, but there might be an even easier tactic. When listing the files you're sharing, the client reports the checksum to the server. This appears to be the checksum that the Napster server reports to a client doing a search. I don't see why you couldn't just make a client that reported the checksum as any old number for listing purposes. You could give the real one when actually transferring the MP3 itself, but it would force your opponent to do a transfer to get the genuine one. It would at least serve the purpose of slowing them up, and you could potentially also make your client reject requests from certain IPs if the word gets out on what ones are being used by the watchers. The advantage to all this would be that you wouldn't have to have the client make changes to the MP3 itself.

Re:Policing is fine, but not when it the tool fail

[swinge]

Napster users have no right to distribute music to users without proper authorization to have a copy of the copyrighted music.

this issue hasn't been determined. The law allows making noncommercial copies as a "fair use", and Napster users are doing it noncommercially.

Re:EMUSIC pulls your plug

[rakslice]

1) "Does this mean they will scan for popular modified copies too?" Yes. Listen to the teleconference about the system at http://www.streetfusion.com (it's under the "special events" category, requires 'doze media player).

2) You always have an opportunity to dispute the DMCA notice.

3) They'll try suspending your napster account before going after your isp account.

Scary that you're so clueless.

[rakslice]

The napster usage agreement explicitly states that you consent to others accessing your shared files.

Pot calling kettle?

[FyreGryffon]

If EMusic's bot must download a file completely in order to build an MD5 checksum for the file, that means that it has to download essentially every file out there. However, they can't possibly be claiming that every file on Napster is one that EMusic owns the copyright for. Therefore, EMusic's bot is...wait for it...downloading music that *EMusic doesn't own*.

Which means that EMusic is comitting the very act they claim they are attempting to catch other people doing.

Hmm.
--

Uh... Right, but...

[rakslice]

The fuzzy matching part does require that the file be downloaded.

Re:And why not?

[lizrd]

I want to enjoy music I can download, and Napster stands in the way of this.

Couldn't agree with you more. All that Napster really does is make lots more really bad mp3s avaliable to a huge audience and see that they get handed around further. I stopped using Napster quite a while ago because so much of the music there sounds really bad (as if mp3s weren't bad enough to start with) and/or is missing the end of the song. As far as I'm concerned, it's still worth some money to be able to buy an album and know that I'm getting something quality.
_____________

Wired... Heh. =)

[rakslice]

You obviously haven't read Wired much (at least since it's previous owners sold out [souled out? =)] and it became vaporous. =)

I know. =) [ Mod that guy back up ]

[rakslice]

Right... Ironic, isn't it? =)

Uh...

[rakslice]

How so?

Must we forget ...

[korny69]

ok ... mp3 (even mp2 and below) were here long before Napster. Napster just so happen to give the end-user an easier way to distribute this media. This is why I think that the companies and artists who think they can govern the .net are wrong in their endevors. They will never develop technology that will out smart everyone in the world. As soon as they release this crap, some l33t script kiddie from .SK will develop a tool to rewrite the song.mp3 file and give it another check sum. I for one am not worried about this. And to the companies out there ... a little piece of advice...
YOU CANNOT MAKE A WONDER TECHNOLOGY AND EXPECT IT TO WORK FOR VERY LONG!

And why not?

[Jon+Erikson]

Let's face it, Napster has taken the concept of online music back ten years with its blatent support of piracy. Whilst the move to digital, downloadable music is inevitable at this point, Napster has made sure that the RIAA will move as slowly as possible whilst aiming for maximum control over every aspect of online music. If I were in the music companies place, I'd have taken Napster to court as well, they deserve whatever they get.

Napster really is not the future of online music, and has merely solidifed the opposition of a lot of artists to making their music available online. You can argue that having stuff available on Napster is likely to encourage people to go out and buy the CD, but this is a fallacious argument in that a) it only applies to a certain group of people - teenagers won't go out and buy a Brittany Spears CD because they downloaded it off of Napster, and they count far more than any tree-hugging Grateful Dead fans, and b) theft is still theft - the artists have not given their permission to do this and so anyone uploading their tracks onto Napster is infringing upon their rights to control what they produce.

So if this company can contribute to the downfall of Napster, then I say good luck to them. I want to enjoy music I can download, and Napster stands in the way of this.

Re:And why not?

[Captain_Frisk]

I agree with some points. Theft is theft. However, a good portion doesn't view downloading mp3s as wrong. Whether or not this is "morally" or "legally" wrong is irrelevant if the majority of society doesn't believe it to be so.

Sharing files on Napster is no different than lending someone one of your CDs for a day. You don't know what they are going to do with it, perhaps they just want to hear more of the band, perhaps they are going to copy it and sell it on the black market. The only difference is that Napster gets more press because it occurs on a larger scale.

I don't know what the solution to this is, but I think its unfair to say that Napster is completely wrong. Instead of trying to fight napster, the record labels should be looking for methods to compete with it, charging money if they desire, or finding ways to make purchasing records more popular. Peer to Peer is out of the bag. Even if they shut down Napster, there will be others. They should learn to adapt.

My 2 cents... Captain_Frisk

napster vs web?

[pyrrhos]

Maybe off topic: Can anyone explain to me why it is almost impossible to find mp3's on the web by doing a google search but you can find most music on napster?

Is it because on a web page it is considered published and on napster shared?

Automatic anti-MD5 scrambling?

[sid_vicious]

"You can't forge MD5," Weekly said via instant message. "Napster uses MD5 to fingerprint each song. The thing is, if you change one bit in the song, you get a different MD5. Meaning that if you try and track songs by their MD5s, and the users find out, they will be able to very easily modify their songs to have wildly different MD5s."

Why not make this part of the file-sharing protocol? The user could click a box that says "Use anti-signature device" before downloading and a few unimportant bits would get flipped intentionally during download. Then, every file would have a unique MD5 signature.

It is fair.

[chaztobaz]

Think about this, if it is ilegal to copy music, that is copy-written, then transfering that infromation via Napster is just another medium for copying that information. To, argue that whatever company uses this tracking service will eventually have laibilty problems is absurd. There is a trend within US courts, they have become very strict in regulatiing on-line distribution, meaning they don't give a damn about some person's ip address, being tracked to prevent copy-write infringement.

Legality of eMusic's actions, and identical files

[Inigima]

On the legality of eMusic's course of action:

Yes, eMusic has violated Napster's TOS by using a bot. I hope that (a) Napster bans them (I suspect they will, since they're probably looking for any excuse to do something like that), and (b) courts throw out any evidence obtained with this method on the grounds of illegal method.

Now, what about the Metallica/Dr. Dre suits? Did the security firm sit down and handpick through all of the Metallica/Dre hits to make sure they weren't live or mislabeled, or did they use a bot?

(... please tell me they used a bot, because then people can raise a fuss about it...)

Also -- what about identical files? If Person A, in, say, Connecticut, buys a track from eMusic and shares it, and Person B in... I dunno... New Mexico has another legitimate copy of the song (but not the one bought directly from eMusic) and downloads it, is that infringement? What if his CD-ROM drive can't extract digital audio (that was a problem for me until I got my burner)?

Basically, I'm not convinced that eMusic has the right to restrict access to content on the basis of whether or not the file originally came from their site (heck, when I think of it in those terms, it looks like an attempt to monopolize!).

inigima

Wait... You do realise that...

[rakslice]

...the filename must match fuzzily to the name of a controlled track for the system to do a download...

This does sound familiar

[alanjstr]

Its just like searching for people hosting Metallica songs except now they will be "checking" to see if its really a metallica song. Before, they were just doing a keyword search. The idea of verification that it really is a pirated song is good, now they just need something to find the fingerprint.

I'm not saying Napster or p2p is bad or good, I'm just saying that it needs work. As for it being a bot, since Napster wants to "comply" they'll surely let it run. But what about all the Napster and Napster Server clones?

... that are subsequently used for "evil". =)

[rakslice]

EMusic's Napster-seeker software uses Relatable's TRM engine to do the "acoustic signature" matching that takes care of non-bit-for-bit copies.

Let Me Get This Straight ....

[StormyMonday]

They go through Napster to find cuts with "their" particular MD5 checksum. Every ripper, of course, creates bit-by-bit identical .mp3 files (needed to get the same MD5).

Looks to me like it would be useful only for detecting stuff that was downloaded from a "legitimate" source (are there any?) and put unchanged onto Napster.

As soon as Napster starts letting the record companies run bots against their servers, they're dead meat. All the record companies have to do is look for people serving stuff that *might* be theirs, and then download it to check it out. Of course, they'll have to keep downloading it to see if it has changed. Bandwidth? What bandwidth?

--

EMusic & TMBG - little off topic

[BilldaCat]

Just thought I'd pass the word along on this really good deal they have.

Mmm, TMBG fleece jacket.

EMUSIC pulls your plug

[R_V_Winkle]

The article says if you are determined to be distributing illegal/unauthorized copies then
Emusic can "request" that your account with your ISP can be suspended? Yet this thing isn't even out there yet and everyone is already talking about how the MD5 fingerprint is easy to modify. Does this mean they will scan for popular modified copies too? Then will they report me to my isp because I am making available an mp3 that in reality doesn't belong to them but by some strange coincidence matches one of the MD5 signatures they are scanning for. This all sounds way too iffy to me for them to have their thumb on my freedom to be on the internet.
Napster will hopefully evolve into a marketable delivery method for today's media but letting some half-cocked geeks who only spent three weeks thinking about it scan my computer for possible terminable material, well that is just not something that sounds very legal or intelligent for that matter.