Slashdot Mirror
Surveillance on Peer-to-Peer Networks
n7lyg writes "Salon has an article by Janelle Brown that asks (and answers) the question 'Who is spying on your downloads?' It discusses the use of various P2P tracking tools by RIAA and IFPI and others to monitor file trading on both Napster and Gnutella networks. Freenet seems to be more or less immune to this sort of monitoring at the present time, due to the distributing the files throughout the network. More big brother tactics..."
If they cared about facts, they wouldn't be Salon.
Firstly, I'm pro-freedom. But everyone should be using Linux! Secondly, I am pro-American-way, even though I don't understand to whom the constitution applies.. oh, did I mention I support a Leftist system for licensing.. when I'm not making my 100 grand a year writing boilerplate perl for some company.
I am a nerd. Or at least, I *act* like a nerd. I am great at reading short snippets from some populist website and using them to form a complete and authoritative opinion. I have been known to stick to my guns even when it's clear I fire blanks.
I dislike commercialism and banner advertising. But I like Slashdot. I believe Slashdot's operation is far more than browsing other news sites and copy-pasting a few notes.
One day, I'm going to leave my parents' place, or my little student dig, and drive topless cars and spend time with topless chicks (without paying!).
I abhor hypocrisy, and believe in equality for minorities. But I _am_ better than everyone else!
What really surprises me is that if I discover a government agengy spiying me without a warrant, I could sue the hell out of them, however, if a company does the same I can't do anything.
Only in America...
--
Because, with a court order, the RIAA can get Napster's encryption protocol, and build a packet analyzer that de-encrypts the relevant fields, and automates the whole process for the voyeur.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Yes, guerilla seems to perform downloads in a manner similar to the extensions I'm proposing for the gnutella network. The only problem is that there aren't very many people using it. My proposed extension to gnutella would be usable immediately, even if only a few people adopted it.
I've been thinking about this for a while now.. gnutella search results currently contain the IP of the person with a match for the search request. But wouldn't it be great if there was a way to get the file back to the end user without revealing the posessor's IP address?
If one or more hosts between the file posessor and the requester supported a special extension whereby the search results were rewritten to traverse a HTTP proxy chain created on the fly, privacy would be improved. Furthermore, if those HTTP proxy chains supported caching, performance might be improved too.
Here's how it works:
Host X joins the network, connecting to host Y, which is connected to host Z. Host Y supports the new anonymous downloading feature. Host Z does not support the anonymous downloading feature.
Host A, which may or may not support anonymous downloading, connects to the gnutella network and searches for a document. The search request is broadcast to attached hosts B and C. Host C happens to be connected to host Z, which is connected to Y, and thus Z. Host X sees that it has received a search request for a document it has from host Y, and sends a routed message back through Y to the gnutellanet network. Host Y rewrites the search result to include its own IP address. It also makes an entry in a time-expired table and agrees to proxy the request to host X for anyone that asks. If for some reason Y can not agree to proxy the request (perhaps it is over its bandwidth cap) it will pass the search result unmodified to Z. When a request comes for that document, Y it will fetch it from X. Host Y hands off the rewritten packet to Z, which goes to C, B, and A. From host A's perspective, Y had the file, not Z. At Y's discression, Y will enter the file it got from X in its cache and also answer search requests matching it affirmatively.
Now the response is passed up the chain, eventually to host A. Host A requests the document from host Y, which proxies it to host X, which has the document. Who did the user get the document from? They think they got it from Y, but did they? No. They got it from X. Even if host Y leaves host X's IP in the response, how can we be sure host Y isn't just forwarding the request for someone else? Even when responding to requests that can be fulfilled locally, servers should insert a random delay. In fact, if such a system is in use, there is no reliable way to prove who you got a document from unless you can monitor the Internet connections between every site involved in the transaction.
Further complicating the matter might be the use of encryption and connection multiplexing between involved hosts. Hosts X and Y, for example, might communicate all information including proxied requests over a single encrypted channel. They might pass fodder on that channel when no transactions were in progress to reduce the effectiveness of traffic analysis.
One other great advantage is that caching could be employed to much improve download rates for popular files. Host Y, for example, could agree to keep around a few hundred megs of recently downloaded files. It then could respond to search requests for those files.
Somehow you installed this software. It may have been attached to something else you installed, such as a free preview copy of some program.
But software doesn't just automatically install on Windows desktops. Even with ActiveX controls you have to specifically authorize the download, and even then they are limited in where the files can be installed to. (hint: C:\Program Files is not one such location)
Steve Gibson at grc.com has warned about this in the past, along with others.
Especially with Napster, the whole process of spying on users seems rather simple.
Napster provides a index mechanism which makes it very easy for some entity to watch what users make available for download.
On top of that, by making downloads available yourself, you could easily monitor what people actually download.
I don't see how you can realistically get around this, at least not with Napster. Your either offering stuff for download, or you are downloading information yourself.
I suppose if you know who the trojan sites are offering Napster content, you can avoid downloading from them... But how could anyone know?
I'm an occasional Napster user. I mostly download tracks for old 70's and 80's music for which I own the vinyl records but that I didn't bring with me to the US. I also download current music not available in the US because the recordings are in Russian, French, Spanish, or some other foreign language.
I realized that tracking the IP address down was probably the next step by recording companies. What I do now (Napster and Gnutella) is simple: I don't share directories for longer than it takes me to download a track or two. I also purge my music directories periodically, moving the downloaded files to a non-public part of the disk. This reduces the risk of someone downloading files from my system, thus my IP address is less exposed.
Purging the public directories also has a nice side effect: Most of the time you can kill your Napster session without having to worry about "uploads in progress."
Before you start flaming: I make "music collections" available once per week by sharing additional directories for several hours over a dial-up IP independent of my high-speed connection. That way I can make some of those files available to others.
Comments?
Ehttp://eugeneciurana.com | http://ciurana.eu
It's not like Salon can't afford some professional fact checkers among their editorial staff. --M
I found Onflow too, also due to ZoneAlarm. Does anyone know exactly what Onflow does?
Here are some screenshots of one of the 'spy' progams.
--
Why pay for drugs when you can get Linux for free ?
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
So all Napster users who pirate MP3s are deliberately breaking copyright law in order to knock the RIAA down a step, and thereby helping the smaller artists? I doubt it. IMO, it should be up to the artists themselves to come up with an alternative to the RIAA. This argument strikes me as 75% excuse for most people to do something they'd likely do anyway. People have always pirated music; this just makes it quicker, easier. (Not to say that you, dachsund, are personally pirating MP3s using Napster, or to try to claim a higher moral ground by saying I've never in my entire life ever pirated music - because I'd be lying.)
Shirley there are better ways to show contempt for the RIAA. I can think of one that's been proclaimed: boycott all RIAA artist CDs. Don't buy them new, certainly, but further, don't buy them used either. Why not? Because at one point, those WERE new CDs, resold by somebody who knew that the option of reselling them was there. If people stop buying used RIAA-artist CDs, soon the used CD stores won't have a market for them and will no longer buy them, or (more likely) they'll get overstocked and won't buy any more. Granted, you're hurting the used CD stores this way, but IMO it's one of the few things an individual who isn't directly involved in the music industry can do in order to hurt the RIAA, at least in a morally-correct fashion.
No, they're doing it to get free music from the world's largest catalogs of downloadable music.
;)
OK, just so we're clear on that point.
I find "I know it's wrong, I'm doing it anyway" much more acceptable than "it isn't wrong! the riaa's ripping them off anyway!"
Incidentally, if most artists are not members of the RIAA, then how exactly does downloading their music without paying for it hurt the RIAA? It looks to me as if it's hurting the smaller artists more directly.
Who needs Best Buy/Tower Records/RIAA?
I nominate "anybody who doesn't have a computer but likes music anyway".
Right now, the RIAA is a devil the artists know. They might not LIKE the RIAA, but they know how it works and how to deal with it. Is replacing the RIAA wholesale, which is what you and most other advocates are talking about, really the best thing to do?
"I went into the business for the money, and the art grew out of it. If people are disillusioned by that remark, I can't help it. It's the truth." - Charlie Chaplin
Don't forget, musicians would like to make money. I'm sure most of them would perform for free if they could eat and live and have all the other amenities most people want, but that just doesn't happen without money in our society, so they're going to want to get paid. Some of them will want to get paid a lot. Does any musician deserve to get paid a lot? Why not? If people are willing to fork out money such that an individual or a group get paid a lot (see professional sports for another example) then of course they deserve the money.
Ok now what happens when you start providing substantial disincentives or risk? Much much less people will be willing to "contribute". For instance, if RIAA simply starts making a few well placed calls to the largest ISPs, causing the user to lose his connection in short order. Even if it's only for a few days, or even an hour or two, most users would find this absolutely unacceptable. Those that are most likely to setup a site like that, also tend to be the most attached to their "fast" connections. When the pirate is presented with a choice between providing goods to hundreds of people he doesn't even know and incurring risk in the process or merely leaching like everyone else, the choice is simple. Add to this mix permanent bans, public embarassement, potential legal action, etc etc, and you have even less reason to take the chance. Remember, they need not bust EVERY pirate that is out there, just enough to provide a credible threat. Also, remember that this approach wouldn't take much in the way of resources or money.
Now sure, there will still be SOME nuts out there that will persist for whatever reason, but those will be so small in comparison to the downloading public that their effect will be nominal. The point is that greed works against the pirates as much as it does against the industry. I fully believe the industry is capable of doing this and that it would be highly effective. Against just about any known P2P-like system (e.g., Napster, GNUTella, Scour, CuteMX, or whatever.)
This is a seperate subject, but I think you're completely underestimating the absolute importance in promotion and marketing on the part of the record labels. While marketing and promotion do not necessarily have to come from the industry, a simple website will not suffice. The odds are that the artist(s) will be competing for scarce eyeballs no matter what medium they're on. Scarcity, in turn, means it'll cost lots of moola. Who has lots of capital and is willing to risk it on music investments? The industry. One way or another, capital must be risked to gain a sufficiently large following. The backers will probably be the same industry that we know today, but, even if not, it doesn't really matter. The internet isn't some kind of magical pill to make all these concerns go away.
Basically, from what I understand of how this all works, a good IP spoofer would defeat all of these survaillance measures.
You say you want a revolution....
They aren't monitoring your traffic, that would probably be illegal without a court order, and would require a hugh amount of cooperation from ISPs. All they are doing is watching which songs people make available. By seeing new songs appear in your shared directory, they can guess that you just downloaded that song. I can't really see any legitimate complaints about them monitoring in this way. After all, you are making the songs available to anybody who asks, with no authentication or authorization at all. Can you really complain if the copyright holders stop by to see what you are sharing? It's like claiming that you can setup a sidewalk stand giving pirated cassettes away to the public, but RIAA employees should avert their eyes as they pass.
Don't get me wrong, I'm not a fan of the RIAA. But all they are doing is looking for people who are illegally making copyrighted works available to the public. If you want to create "junk" info for them, you could share a whole bunch of files with junk contents and suggestive names. But, if you do this, it not only confuses their software but other Napster users, which is a bit like burning the villiage in order to save it. In fact, I'm suprised that the RIAA hasn't hired consultants to start polluting the Napster and Gnutella services with junk files, broken links, and anything else they can think of to make the systems unreliable and hard to use. Anyway, my point is it's foolish to expect that you can offer an illegal service (not Napster in general, but the specific act of distributing copyrighted works without authorization) to an anonymous public and not have the "authorities" check up on you.
That was a joke -- hence the smiley...
Jethro
Quidquid latine dictum sit, altum viditur.
Yep -- snagged it out of /usr/games/fortune -- I just had to use it. 8^)
Jethro
Quidquid latine dictum sit, altum viditur.
From the article: I know that your IP address is 28.294.22.1, your ISP is Earthlink, and you logged in last at 2:26 a.m
Whew... Don't worry about their spies... they don't even know the addresses can't go above 255... 8^)
Jethro
Quidquid latine dictum sit, altum viditur.
A corporation or other organization looking at data freely available to them from all those gnutella clients is not a violation of your rights.
They are only finding out what your computer willingly offers them (and every other gnutella client)
Perhaps this is why we need security features in peer-to-peer clients.
m sp encer.net/piratestuff/bigfile.iso
Blocks was an example of a filesharing client with too much security. It was well-designed and cross-platform, but required too many resources and too much security for...well, anybody except the most advanced users. It would be very difficult to find the IP number of someone sharing certain content on the Blocks network. It's also almost impossible to even find a file on the Blocks network.
Perhaps what we need is optional security. Some users are going to want to form a mixnet, and only directly communicate with trusted peers. Some people want encrypted disk caches, so if their computers are seized, it'll be impossible to tell exactly what they're sharing. Conversely, some people would like an easy way to tell whether content is copyright-protected and shouldn't be traded, without directly notifying anyone that they've come into contact with the content.
I've outlined some security concepts in a quick page I've put together: http://mspencer.net/fs. It's a work in progress, and is very long (22 KB and growing) with almost no index or table of contents. But if peer-to-peer filesharing is a topic you are enthusiastic and excited about, you'll find the page very interesting. (There are no ad banners at all on that page -- just text, except for my email address. I put my email address in a graphic, to spam-proof it.)
From the page:
Does all of this seem seedy? Do you think people will assume that anyone who participates in any of this extra security or identity protection is automatically a criminal? Remember that this is what computers do -- they take complicated things, and take the manual labor out of them. Sure, some of these methods may seem like seedy criminal behavior turned digital -- but this behavior is usually criminal in real life because it's so costly! It takes time and effort to route anonymous messages around -- take a 'layered' envelope out of the mailbox, unwrap only one envelope leaving (an envelope still inside, possibly with more envelopes inside that), and mail it out again. Pass things around by word-of-mouth only. Use aliases. In real life, these things are difficult to do and take time and effort...so it can be concluded that the people doing them probably need the extra security or protection. That is, they're probably doing something illegal, so the extra 'cost' is worth it. But this is digital -- these are computers we're talking about. It's very easy to let the computer stand out on the streetcorner for us. We're not peddling high-value illegal material -- many of us merely don't want certain advertising companies using our personal information to enhance their seedy business. This 'shifty behavior' becomes worthwhile at the half-penny-per-transaction level, because computers do all the work. Were it the real world, this same kind of 'shifty behavior' would only be justified at the tens-of-dollars-per-transaction level.
Such a system is possible, if enough motivated and excited people get together: adapt and borrow concepts from other projects. The other projects out there (MojoNation, Freenet, Blocks, ELF, and many more) have wonderful concepts and design, and they do a very good job of solving a particular problem with filesharing. But they don't solve all of the problems.
Perhaps if enough p2p project developers are inspired to bring their concepts together into one system, we'll finally rid our gift culture of these pesky intellectual property lawyers.
On a related note...I just thought of this really evil way to abuse three existing services (WWW, DNS, and Akamai proxying) to provide a kinda-anonymous web site:
1) Use an existing DNS zone to point an NS record for a subdomain to a special kind of DNS server. (Perhaps *.anon.mspencer.net)
2) Create a special DNS server (special software, or just firewalled) that is only allowed to hand out DNS query replies to Akamai servers.
3) Publish a URL:
http://a1.g.akamaitech.net/6/6/6/6/lmnop1.anon.
It would be impossible to get the true location of lmnop1.anon.mspencer.net unless Akamai servers were cooperating with you.
--Michael Spencer
(remove the first three letters from the email address above.)
And even worse, here's something I just read about recently. The NET Act (No Electronic Theft) :
"The No Electronic Theft law (the NET Act) is significant because now sound recording infringements (including by digital means) can be criminally prosecuted even where no monetary profit or commercial gain is derived from the infringing activity. Punishment in such instances includes up to 3 years in prison and/or $250,000 fines. The NET Act also extends the criminal statute of limitations for copyright infringement from 3 to 5 years.
Additionally, the NET Act amended the definition of "commercial advantage or private financial gain" to include the receipt (or expectation of receipt) of anything of value, including receipt of other copyrighted works (as in MP3 trading). Punishment in such instances includes up to 5 years in prison and/or $250,000 fines. Individuals may also be civilly liable, regardless of whether the activity is for profit, for actual damages or lost profits, or for statutory damages up to $150,000 per work infringed."
Rader
Rader
Which has been dead as a door nail for over a year now. For crying out loud, if you're going to troll, at least make it factual.
Good point.
A centralized server in a forigen country will get choked but at least you can get around the legalities.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
That's OK, they'll just add a surcharge to music that they sell and pass on the cost to the consumer. It's easy to be stupid when you don't have to pay.
Xix.
"Everything is adjustable, provided you have the right tools"
People can always switch ISPs.
That kind of makes me scared to get stuff off a decentralized network.
Yes, the internet has made it easier for folks to get their music. Does this really help artists? I see how it could be a lot easier for an unknown band to get noticed, but how does it help them make money?
Here is an excellent essay/letter form sam Rosenthal, the owner of Projekt records (an independent label) on how napster helps unknown bands.
GPG or PGP
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
They are using a modified version of the standard client so any grief you cause them with traffic increases you will cause your own users as well.
I guess the only defense would be lots of metallica.mp3 files that are not mp3 files... but again you will be confusing normal gnutella users too.
Freenet is probably the best defense.
-pos
The truth is more important than the facts.
The truth is more important than the facts.
-Frank Lloyd Wright
-----
crazy dynamite monkey
I know that WinACE also installs WebHancer, actually it won't run until you install WebHancer. Although after it's installed you can remove it via Add/Remove.... as far as I know it doesn't leave bits behind to still spy.
The RIAA better catch people with thousands of MP3's on their system, because the first person they put away for stealing 1 or 2 of Metallica's songs will cause them a PR nightmare. They are faced right now with having to do the near unthinkable (but they have few options left) and that it to put their customer in jail. The outcry from the public will be huge. Why? Because the penalty will far outweigh the crime and because of the outrageous markup on CD's these days. C'mon if I can buy a burnable CD for a dollar pressing out thousands of CD is costing cents (if that) per CD.
If the penalty for the first few examples the RIAA chooses to go after (stealing bits) exceeds the penalty that a first time drunk driver (putting other peoples lives in jeopardy) gets, then the message will come across to the public loud and clear, and they'll be mad as hell.
They cannot stop us from sharing the files we have on our computers.
I'll be the first ski mask wearing coder right on the front lines if file sharing is outlawed baby!
It's ridiculous to think they can even try. The nature of the net is to route around broken links, like napster. Bearshare, http://www.bearshare.com has over a million registered users now. Fuck the riaa, who needs em. We should all download the music we want and then mail a dollar to the artists whose albums you've downloaded. That's more $ than they would get from their record companies anyway.
http://www.hyperpoem.net
hyperpoem.net
Can we now have a serious discussion about the privacy invasion and unauthorized search and seizure of my IP packets without a warrant by the RIAA? Who do these guys think they are the NSA?! I am sick and tired of the RIAA doing unauthorized search and seizures of my IP packets on private peer-to-peer networks. Who authorized them to run monitoring software on a privately owned peer-to-peer network?
According to written U.S. law all evidence obtained through an illegal search and seizure is in admissible in a court of law, which would make all evidence in the past trials null and void. In theory this should allow all rulings to be over turned all evidence uncovered without a valid warrant should never be allowed to see the light of a court room again. Also, both Napster and Gneutella can sue the RIAA for the invasion of privacy, hacking, intercepting communications, & trespassing on virtual private property.
Think this over and get back to me!
"Help me Obi-/.-Kenobi,your my only hope!" -$
A wasteland of porn sounds good to me...
one mans junk
Sigs are awesome huh?
Unauthorized use of a computer system.
Snooping your system = cracking your system.
It should be illegal for the RIAA, et. al., to snoop into your computer system because they are attempting to access a computer system that is not theirs. Any "evidence" gathered in an illegal way would be inadmissable in court, just as if a police officer gathered evidence without a warrant*. Of course, as soon as someone brings this up as a defence to their flood of lawsuits, you know that they'll be whinning to Congress to get an exception to that too.
* IANAL (but I did take some law classes) but I believe that only the police can conduct a search without a warrant on the basis of probable cause. An private individual or organization would be guilty of breaking and entering.
I think the RIAA would use the same argument they used against Napster - you may not be directly violating the law, but you're deliberately trying to help people break it. And we all know how successful Napster was at defending itself.
Actually, with all the talk about the relative advantages & disadvantages of Freenet & the other P2P services, how 'bout a combo?
The way I understand Freenet, you can request files based on some calculated key values (hopefully unique for a given file's contents) and it will be sent to you through the Freenet network in some fashion which makes it anonymous to all of the nodes inbetween.
The current main difficulty with Freenet was associating search requests with those key values.
So how about a combo solution? Use normal P2P techniques (and normal search engines for that matter) to return key values based on search criteria. Then use the key value to download the file from Freenet.
By decoupling the searching mechanism from the download mechanism, then you can have all kinds of ways of searching without compromising the robustness & security of the download network.
Here's another idea for distributing search/key value pairs w/o compromising the identity of the people making those associations - use USENET (or a similar mass-distribution channel) with the anonymous mail-to-news gateways to distribute batches of search condition/key value pairs at a time.
Hotline and Carracho are two systems that would probably be most similar to Freenet.
I'm wondering - how much surveillance takes place on these networks? I would expect more takes place on Hotline than Carracho as it's mac-only.
Several admins put "spider traps" on sites to foil scans of the directory structure. Not sure how effective that strategy is, as they're usually just recursive folder loops.
-carl
. We've got computers, we're tapping phone lines, you know that ain't allowed - Talking Heads, "Life During Wartime"
As another post pointed out, the RIAA is not monitoring which files are flowing through the various networks. The RIAA is simply monitoring what is being offered by the users of the networks. A user that shares a thousand songs but downloads few will get caught by this new scanning technology, while a user that downloads many songs but shares none will not be punished.
It's ironic that the "good Samaritans" of the P2P world are the ones who get punished, while those who only leach will remain unmolested.
Sig goes here
I recently submitted an article about how I found a piece of spyware that is installed by a number of music sharing systems including AudioGalaxy and iMesh on my machine. Of course, Slashdot rejected it. Since it is ontopic for this discussion here it is:
The SpyWare Invasion
While writing a proxy server for a class I noticed that for each URL I clicked, a number of POST requests were being sent to d2.webhancer.com and d3.webhancer.com. Wondering what was up I decided to go to the Web Hancer website where I found out that WebHancer is a company that claims to have an installed base of millions of WebHancer agents that report web browsing statistics to their corporate headquarters.
WebHancer currently charges businesses $12,000 a month to access these usage statistics. I found the webHancer agent on my Windows machine (after a quick 'ps -W | grep gent')in "C:\Program Files\webHancer\Programs\whAgent.exe" and deleted it. What I am wondering is how the Web Hancer agent got on my machine since I don't recall being asked whether I wanted to install any spyware. Also exactly how many of their millions of anonymous usage statistics are being generated by unsuspecting users?
Which program did I install that decided to place this Trojan on my machine and is there a blacklist of such programs? AudioGalaxy
Finally, while searching for info on Web Hancer I found Ad-Aware which claims to locate and uninstall such spyware.
I think you're right. It looks like they're searching for files people have shared for others to upload.
Of course the other issue here is that in a way the RIAA has come to our stadium to play our way. They're trying to use technology to win, which on the surface may seem like a good idea, but one imprtant thing results that the article does not mention. Speed of innovation. I agree with the statement that the people will always be ahead of the censors. I've said that for years whenever a new media fiasco resulted from some form of "pirating" (note not my term at all) or another. So when the RIAA throws it's hat into the technology ring, instead of preventing P2P they will drive talented developers to create better and greater and more secure methods for file sharing. And every time the RIAA catches up developer speed increases. So the benefit to everyone is new, improved technology for trading files at a faster rate than if the RIAA hadn't tried to monitor us.
To belabor the obvious, this whole media thing with P2P and the RIAA is surely driving more users and potential developers to share files anyway.
I'm the big fish in the big pond bitch.
...technically it's a computer crime to use a computers resources to which you do not have legitimate access. Even if the door is wide open and there is no security of any kind, you are (legally) in the wrong, even more so if the only security is a warning or disclaimer. Crackers have bee prosecuted on these grounds before. Now surely as things stand the RIAA has every right to monitor P2P networks, if they have the resources and desire, they can look at public files like anyone else. But what if it wasn't strictly public, what if there was a disclaimer barring anyone associated with the RIAA or whomever from viewing these files? Would that work? Probably not, although I believe that it would be legally correct, Johnny Law would never allow the same rules that apply to a 15 year old cracker be turned around and used on a corporation. I'm sure there's a special section in the DMCA for just that circumstance. Anyway something to think about. Kind of hypocritical I think.
I'm the big fish in the big pond bitch.
Yes, as others have pointed out this is a fairly alarmist article, but nevertheless, Freenet is the one system designed for true security. Let's make sure this thing gets stable before the RIAA starts hunting down Gnutella IPs.
"The question of whether a computer can think is no more interesting than that of whether a submarine can swim" -EWD
On a slightly offtopic note, I was just wondering how many people find Freenet usable. It's hard to find useful information and it seems to be degenerating to a wasteland of p0rn. And the lack of search tools makes it difficul to find material.
It's well past time for our generally worthless politicians to get off their collective asses and pass laws against this kind of electronic stalking. I don't listen to music, it's so much white noise to me, but I am going to begin downloading songs because the RIAA pisses me off.
He's not monitoring anything by reloading the Napster web page every 10 seconds.
That's not how you do it Lars
--
Je t'aime Stéphanie
Well thank you very much Mr. history major. That was not the point of my comments and you know it. Thanks for pointing that out, though. While I was aware of TJ's business in France, I was simply using his name because most people know that he is a big writer from those days, and most people believe that the Constitution was written and signed in 1776. Sad, right? Sorry... I just wanted a name, and I didn't think people would remember John Adams as well.
That's your opinion, and mine was mine. So based on your opinion of freedom of speech, then, what is so wrong about my comments? I merely stated what I felt, and all of you are saying that I am wrong? Freedom of speech, man. And thank you... but don't assume what I know or don't know about the Constitution. And you're right, there is no limit to what we can say, but there is a limit to the situations in which some things should be said. And somethings, regardless of our freedom to do so, should simply never be said.
those with less spare time and with some extra moneys on their hands. it is quicker to purchase CD from some on-line store than spending hours searching for some song, then download it in a highly-questionable quality mp3 format (and probably burning onto CD-ROM as well).
They hid it in "Program Files"? Bastards.
Maybe the state's highest function is to grind out insoluble problems. (Zelazny, Hall of Mirrors)
I've seen articles about advertisers spying on downloads in order to send "targeted ads", usually in the form of instant messages, to users about other products/songs/whatever they may be intrerested in. These protocols are totally open, so basically anyone can see waht you trade.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
With a couple thousand hits an hours security through obscurity DOES work for minor things like this unless RIAA has enlisted the help of the NSA for number crunching for who downloaded what.
The other thing I wonder is why don't sites like napster et al use basic encryption techniques to keep WHAT is seen secret? It's not like there is a derth of encryption enabled software out there, much the opposite, recent browsers all can deal with port 443 and https. Start using it. Sniffers can only tell that a connection was made, they cannot tell what the contents of that connection did or is doing.
Come on people, time to stop whining and start using what is available to us to keep big brother from tracking everything.
DanH
Cav Pilot's Reference Page
Cav Pilot's Reference Page
UNIX - Not just for Vestal Virgins anymore
Those are the statutory limits on a Class A federal felony. Yes, it is possible for a judge to impose that sentence, but if he did it would almost certainly be overturned.
Federal felonies are sentenced according to some fairly strict guidelines. There's a tidy little table with the offense level vs. the criminal history. You get the offense level from another table (dollar amount of the theft) here. There's also a table for fines. It's almost like playing a role-playing game, isn't it?
For a $40,000 to $70,000 theft, you get a base offense level of 11, which is 8-14 months and a $2,000 to $20,000 fine. If you take the usual plea deal, you drop two offense levels (4-10 months, $1,000-$10,000 fine) and should get the low end of the range. That's 4 months with probably no fine. You'd also pay restitution to the victim for the full amount of the theft. So you could be paying Metallica full price for every MP3 someone downloaded from you. People better hope Napster doesn't keep usage records.
--
"Is the RIAA and its friends doing some kind of technology surveillance? Yes. Is it going to work? No. It's really dumb. It's another serious mistake by an industry going out of business in the stupidest way, bumping its head on the steps on the way down, because the record industry was always a bunch of thugs and that's what they still are."
I really love this quote...It's a great analogy as to how the recording industry is acting. However, I have to ask myself, "Is the recording industry ever really going to go out of business?" Yes, the internet has made it easier for folks to get their music. Does this really help artists? I see how it could be a lot easier for an unknown band to get noticed, but how does it help them make money?
I would love to see the recording industry split its head open on these "stairs", but is this really what we need?
--
---- nohup: appending output to `/nev/dull'
That's odd, I submitted a related article, one pointing to a good website: www.spychecker.com. My article also got rejected.
________
Does anyone actually have a Java program designed to control air traffic, or for the operation of a nuclear facility?
And if you get in trouble for having those Limp Bizkit tunes in your public directory, well, that's your own problem too. You are allowing the general public to pirate copyrighted tunes off your hard drive -- no matter if your own MP3 copies are perfectly legal.
Could someone please explain to me why the hell it's illeagal to make something available to someone else? Isn't the crime in actually taking it?
If I were to leave the door to my house unlocked, and someone came in and recorded all of the videos in my VHS collection, and left without harming a single thing in my house, have I committed a crime? What if I told this person that the door would be unlocked? What if I gave the person a list of the movies in my collection and gave them a key to my house?
If that's not enough to make someone think twice about this file sharing thing, what about the case where I own or have developed or whatever, the technology to rip a couple of mp3's from my CD collection - all of which were obtained legally... Then, I send these mp3's to my best friend, who has also purchased the same CDs, but doesn't have a working CD drive in his machine (ok, this is highly unlikely, but still possible)... Was a crime committed?
As for the "monitoring software"...
If I were to post a sign on my door saying that it was unlocked and anyone who wanted to come in and copy my VHS collection should do so, I'd be a complete moron if I thought that there wouldn't be people there just to see what I had.
Personally, I really don't care if someone wants to monitor my downloads et.al.- anyone who wants to badly enough is going to get their way. Next time you're browsing in the local bookstore, are you going to be looking around frantically for someone watching to see what you're looking at?
Everyone seems to be overreacting to this "on-line privacy" thing - if you want privacy, you're going to have to work for it... Use a library computer, a co-worker's, your neighbor's - whatever. If you want privacy, the oness is on YOU and YOU ALONE. Don't start whining about how you're the powerless victim - TAKE YOUR BOX OFF THE WEB if you can't come up with a better way...
If you don't understand how to use PGP, stop whining about Carnivore, or whatever other "radical" privacy invasion tools the government is comming up with. The only way you're going to be able to keep your stuff private is if you do just as much work as the people interested in your private stuff.
Cordless phones allowed for the possibility of someone monitoring your phone conversations - now we've got 9 GHz phones - impossible to monitor? Probably not in the long run, but you'll just have to buy a better phone when it becomes possible...
Alternativly , you could just stop talking... Likewise, just stop using P2P systems if you're hung up on the fact that someone somewhere may be able to find out what you're essentially broadcasting to the entire f***ing planet...
-bs
That that is is not that that is not. That that is not is not that that is.
"It might be stored on that node after you requested it, but it would be silly to blame someone for having some data on their computer that you put there. That would be akin to planting drugs on someone before arresting them."
And we all know that never happens...
"Truth is like a tragedy" -Coal Chamber
Since this enforcement software seems to run as a modified client for Gnutella, Napster, etc., why not encrypt the traffic between the clients, servers, etc. using some form of public key encryption (similar to SSL)? Then just place some boilerplate legaleze in the EULA to disallow any reverse engineering of the encryption, under the DCMA...
Help save the critically endangered Blue Iguana
Freenet seems to be more or less immune to this sort of monitoring at the present time, due to the distributing the files throughout the network.
Good, so now the ten people who use Freenet can sleep easy.
--
--
#nohup cat
More big brother tactics..."
Big brother? I'm more worried about Icarus and Daedalus.... and how all are info gets routed through Area51, and how everything we do is monitored by something greater than our governments.... its all because of The Illuminati!!!
Sorry... had a five hour session of "Deus Ex" last night...
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
The copyright infringer in Napster use is person downloading music they do not have the right to download. So while the RIAA surveillance sounds threatening, they're really counting on no-one calling their bluff. Consider:
They must either show that I downloaded music (more difficult), and then show that I did not have the right to do this (more difficult again - especially if I own the CD, and for all their snooping, they don't know what music I own).
Merely showing that I have files available is not enough, but unlike Napster (the company), showing that I benefited from someone downloading a file from machine (and thus allowing me to be caught as a contributory infringer) will be quite difficult.
If I own the CD, do I have the right to download the music (space shift)? (I'm guessing the MP3 case suggests otherwise). If the case can be made that I do have the right, (perhaps via the betamax decision, which should still apply to individuals), can we launch a class-action against the RIAA for unjustified (or perjerous) complaints to our ISPs and intimidation tactics?
Napster users may be walking a fine line, but so is the RIAA - their threats are based on some very contentious and unresolved interpretations of the law, and I don't think the law gives them the green light to do these things.
What I want to know is where they came up with the values for the fine? Same with the huge statutory damages. If a cd costs $15, and has 7 songs, each song is about $2.50.
How does one infringment cost $150,000 in damages? Supposing I distribute 1000 copies of it, that's still only $2,500 in damages, and the odds of distributing that many copies are slim.
This is after a $250,000 criminal fine? 5 years in prison? If someone were to get drunk and hit someone while driving, they'd be punished less severely. This is total BS.
That's some nice math there on my part. 15/7 = 2.5??
..
so scale all the numbers down a bit.. makes my point even more
It can't be R/Eed without violating the DCMA, so no one can write an agent for spying.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
To think I actually trusted someone. BTW, AdAware is excellent.
Milo
It would probably be enough to have your mobile code use an API (force them to use it, actually) which allows the code to migrate but prevents it from spreading lika a virus.
Combine that with a way to account the originating user's / computer's network usage, and you can start having fun.
I like your ideas about paying the cycle providers, though. Although I think that cycle usage (and ofcourse also network usage) should be free.
Don't you just love it when some wannabe Constitutional scholar tells you how the founding fathers thought?
I think the conversation probably went something more like this (and so does the ACLU!):
Madison to Jefferson- "Hey Tom, don't you think that wording is a little vague?"
Jefferson- "Yea, Jim you know it is. But it's that way because I don't have a time machine so I can't predict the future and what the people will want to do 250 years from now."
Madison- "Good point Tom, that's what the Supreme Court is for."
And by the way, yes you do seem biased which does cast doubt on your arguement in the first place. But, by definition, you can't prove a negative.
"I'm just here to regulate funkyness." - James Gandolfini, as Winston in The Mexican
I think it would be difficult to monitor downloads. Uploads, or rather, making files available on a P2P network, on the other hand, would be far more easy to moonitor, I'd think.
--
--hongpong.com
And there they are in the article, talking about how great Freenet would be as a Napster successor.
AAAAAAAAAAAARRRRRGH!!
Why can't people leave this ALONE until the RIAA finishes destroying itself? It's still quite powerful enough to do away with Freenet, be certain of that. You're all going to snidely remind me of Freenet's intricate security features... Folks, that doesn't mean a damn if the physical machinery used to constitute it is put a stop to. The RIAA can and *will* destroy Freenet if it becomes the "new Napster".
Jeezus Christ!!
Salon.com pisses me off frequently, but Today Is Special. No amount of beautiful and inspiring speeches from Messrs. Boucher and Moglen can save us if something isn't done. The only thing I see at the moment that is do-able within the time frame we're talking about, is sitting back and pirating on GNUtella and letting the RIAA finish bringing about its own doom.
Instead, we have the whole jolly Napter crew giving a big hearty "nyuck nyuck" and charging off to Freenet. The RIAA's lawyer-guns merely require a slight adjustment in aim and declination, and the bombardment recommences. =/
-Kasreyn
Kasreyn: Cheerfully playing the part of Devil's Advocate to hairtrigger
Sorry, I see it the same program.
-- The question with Unix is NOT "Can I?" it's "How do I?"
I just don't understand why the RIAA doesn't realize the absolute gold mine they're sitting on. They have the potential to reach millions of listeners, and what do they do? They try to shut it down.
The recording industry's business model is woefully outdated. They're playing the traditional head in the sand role. If they'd wake up and realize what they had here, they'd drop this whole mess! But of course, this is corporate America we're talking about. They've had this case of cranial-rectal inversion for quite some time.
I refuse to answer that question on the grounds that you're an idiot!
I've said this same thing over and over again... As soon as FreeNET gets search capability (downloads a list of all available files from connected hosts and updates the list every few minutes) it will kill Gnutella because your bandwidth matters little, popular files are automatically mirrored so you don't end up being the only person making something available, and people are anonymous...
I can imagine what would happen if/when I get busted. I may pay a fine. Heck, I could see a few days in jail (doubt it for a non-violent crime, but this is the RIAA we're talking about here). More importantly, I would never, ever, ever buy another CD from that organization again. If it was the RIAA that was behind the persecution, then I'd boycott their member companies. What do they get? One less customer.
How long can record companies last that piss off and alienate their customers? It will be very interesting to see what happens when the contracts of well-known (and lesser well-known) artists come to an end.
That will leave them free to get with a good web host, a couple of programmers and voila - downloadable songs at a reasonable price. Who needs Best Buy/Tower Records/RIAA?
They can run, but they'll only die tired.
Yeah, right.
Imagine the amount of cash RIAA will have to sink into both manpower and hardware to do this snooping effectively. Janelle Brown (the Salon writer) is correct; the music industry's efforts would be much better spent on innovation rather than trying to defend an out-dated business model. Little more needs to be said.
-- "Sucks to your ass-mar"
If folk must trade Warez then they could at least save the rest of us the holier than thou "we are doing the artists the biggest favor" line.
Napster is no longer the threat to the RIAA, and not just because the filter means that it is no longer any use. With Napster the unit of exchange is the track. With an MP3 player built round a large hard drive the unit of exchange is suddenly the CD collection.
I have one of the Acrchos devices and have so far ripped about 40 CDs for my own use. However there is nothing to stop me from copying my CD collection onto the Jukebox and then going round to a neighbor and copying them onto his hard drive.
What is more this mode of exchange is probably 'fair use' since it is genuinely peer to peer and does not involve Napster corporation acting as middleman contributing to the infringement.
Jukebox copying does not have the same geographic reach as Napster. But the number of tracks exchanged at a time is dramatically higher.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Does any corporation have a right to gather information on individuals? Maybe they can for advertising purposes (and maybe not) but for law enforcement?
I think of it this way, if the RIAA suspected me of running a bootleg CD business out of my home, would it be legal for them to park across the street and take pictures with a telescopic camera? To use a high-powered microphone to listen to what I do in the house? To tap my phone line, or try to intercept my cel phone signal?
I don't think that would be legal. Certainately it wouldn't be ethical.
For the record, IANAL (that should be obvious), but I really wonder about this.
I may be wrong, but I'm never uncertain.
Of course someone probably will - there are just too many copyright holders for all of them to be smart enough to resist the temptation to "spank" some "evil pirate" with a tire iron (of the legalistic, not mundane variety).
Just for grins, since the DMCA requires that those demands to ISPs be accurate upon pain of perjury, just who has been hurt and how much by perjury in any such case so far?
or since corporate entities make such poor cellmates, how the heck can they make any such demands under the DMCA
You either believe in rational thought or you don't
Get serious. Freedom of speech is freedom of speech, not freedom of speech subject to some definition of hatred, stupidity or indecency. Read the friggin' Constitution instead of telling us what you think about the ACLU. "The problem with freedom of speech is that it is disruptive. The problem with limiting free speech is that there is no limit. I'll take the disruption."
Cogito Tute (desiderata nostra eriximus, vestra nunc erigite)
Bearshare is a program that installs Onflow on your computer. Use Gnotella or Limewire instead.
__________________
Just a guy with an opinion
Let me get this right: someone breaks into a home and steals lots of personal property. Then they give it to a fence who tries to get rid of it by selling it, but has a hard time because the police, knowing the fence deals in stolen property, keep tabs on the store and bust the fence when they catch him selling stolen property. So, the thief decides to go about it his own way, and holds a yard sale of the stolen goods, selling what he can and giving away a lot of it. Then he finds that there's lots of other thieves doing the same thing, so they decide to get together in one location and just trade all the property they've stolen between themselves. "Oh, I need a leather recliner. I'll trade you three car stereos (slightly damaged) and this gold jewelry for that couch." The police, when hearing about this twisted swap meet, show upand begin looking around, confiscating what stolen property they can identify.
Says the thieves: "Wah! Our rights are being infinged! Swap meets are PERFECTLY legal! We're being persecuted! We should display the shit we ripped off for everyone to see, but the cops shouldn't be able to look, too! What is this, friggin' Communist Russia?!"
The moral is, don't confuse stolen property with rightful property, and don't be surprised when the rightful owners look when you display all your thieving to the world.
My best,
Jasper
Face it: Eventually the RIAA will lock down MP3 file trading. There's simply too much money riding on this for them to let up until victory has been achieved. Yes, big bad evil corporate America will pervail. But I believe there's a silver lining to this cloud: The basic problem set that they're trying to solve (and everyone else is) is how to tie a digital chunk of data without question to an owner so as to reserve intellectual property rights. Once this is solved, much like CDDB, there will be a uniform technology for linking most MP3's (lets just talk about MP3s here.. but this will be pervasive) to an artist and the label. Put a business model behind this like along the lines of ASCAP and hopefully the end results will be that if Joe Smith downloads stupid_song.mp3 from whereever, some sort of micropayment will occur to the label much like what happens when a song is played on the radio. But see, whats great is that the who rationale that the labels are using to argue their case breaks apart at this point and truly their whole reason for existance comes into serious question. If an artist can publish his or her music out on the 'Net and be guaranteed an income from the listeners, why sell out to a label where if you're lucky you get 1% of royalties, locked into contracts, and all the other bullshit that pisses off musicians royally (I come from Austin.. I know this story well). Really, after the RIAA succeeds, they've only just really lit the fuse to their own demise. What fascinating times we live in!
--
$ chown -R us:us yourbase
[Insert the usual disclaimer here]
[Insert the usual disclaimer here]
The claims made in the 7amNews story referred to in the Salon article seems to have been verified by this story currently running on CNet. It looks like the recording industry is saving itself time and money by forcing ISPs to block file-swappers that the Media Tracker system has identified. There's also some extra stuff on the 7amNews.com site that answers more questions that are being asked.
Guys, guys...
You're going about this all wrong. Its obvious that fighting this in court because whomever has the most money wins, so let the MPAA/RIAA/Whoever win for now. Let them make illegal to reverse engineer any and all encryption/encoding technology. Then all we need to do is write a simple crypto algorythem using a ceaser shift (read: a=b, b=c, c=d, etc.) and include this in the agreement:
"Free for individual, personal use. All other entities and individuals using this software for any other reason other than personal entertainment MUST subscribe to this software that will entitle unlimited use for a small fee of one billion dollars per week. Cash or certified banks checks only please..."
Ta da, now they either REALLY REALLY want to access it, or they use it illegally and you sue them for damages.
"Of course I speak multiple languages, I know C++ AND Perl." "Spanish?!? Spanish? I don't need no stinking Spanish."
Another one to look out for is Onflow. It comes with an 'uninstall' program that I think downloads and reinstalls the latest version.
I only found it because of ZoneAlarm.
This
Some online advertising agency. A quick search on Google showed that it allows you to 'view broadcast quality media at tiny file sizes.'
Which would be wonderful if:
2. it was used for something besides popup ads.
3. if I thought it was something other than spyware.
This
Oh no! That means they must know about all the bestiality pr0n I've been downloading off Gnutella.
There are 2 kinds of people in this world: Those who write in decimal and those who don't