Slashdot Mirror
More on Kazaa and Brilliant Digital Spyware
Vertigo01 writes: "There is an interesting article from CNN.com on the current state of the Kazaa controversy, and Brilliant Digital's plans for the future. Interesting quotes from the article include a statement saying that 'Altnet's seeded software [will be] awakened some time in May' and that 'Brilliant is negotiating with music labels and movie studios to market their material as well. The files will be copy-protected in some way, using Microsoft's digital rights management encryption technology.'"
Imagine the fun the likes of Brilliant Digital could have when the courts force Microsoft to release their full APIs. Whole new ways to sneak their filthy cancerware onto our machines.
"Why did they cancel my favorite Sci-Fi show? I downloaded ALL the episodes!"
Just get Kazaa Lite and stop worrying about all this.
Where to get Kazaa Lite? Well, on Kazaa, of course.. or you could be a weenie and go to their web page.
Am I reading that all wrong, or do they seriously want to piggyback a legal filesharing scheme on the back of Kazaa? I can almost see the argument of saying "Don't trust that file you've just found? Why not fork out for the real version?", but on the other hand, are the RIAA going to come within a nautical mile of something that also does illegal filesharing.
"I Know You Are But What Am I?"
Well, there's nothing to worry about then, is there? Given Microsoft's track record with "copy protection" and "product activation" technologies the patch will be widely available before the official launch date anyway. ;)
UNIX? They're not even circumcised! Savages!
So maybe they did listen to everyone after all? I await to see what "warnings" are given and how easy the opt out is...
Thinking of this - I have a question
How does altnet know what is "unused" in bandwidth terms?
as far as I was aware there was no prioritising in the windows tcp/ip stack where by one application does not get any bandwidth while others wish to use it
That would imply to me that they will just use ANY bandwidth they can - not just "un-used bandwidth"...
... just go ahead, get kazaalite (http://www.kazaalite.com/) and start sharing.
I don't care in which way they will copyright their material.
Let's just enjoy it as long as it lasts, we can move over to gnutella anytime we want. Since kazaa, etc are aware of this fact they will go on like they do now (not suing kazaalite) as long as possible...
To cut a long story short: Don't freak out when someone points out a problem we already have the solution for.
considering the fact that most people use kazaa to illegally download music, which does (!) harm musicians, using your spare CPU-cycles and bandwidth to pay these guys isn't even that ridiculous.
I found this interesting, although not surprising... If companies such as Brilliant and Sharman Networks were to release 'clean' versions of their products, and they were totally upfront in an easy to read EULA (who reads those anyway right?), would you use it? Would you swap bandwidth and disk for the privilege?
Furthermore, would the 'average' person? Spyware, what's that? etc...
Which part stuns you? They have found a potential source of income. People don't care. They'll install anything on their machine. In their privacy statement they clearly state that they collect any information they can, and use much of that information any way they want. In their resource usage page they say that they also can steal 10% of your CPU power.
They have said it all loud and clear, and if you install the software, you practically give them the right to use your computer and information gathered for anything they want. No-one has to install this piece of software, it's your own choice.
Sometime someone said, "think before you type"... you should also "think before you download".
They won't realise that their bandwidth and disk space is eaten away slightly, they wont care when they do cos they're still getting free music. It is far too hard for the average user to install a new sharing program let alone find the name and site of one. "It's all too hard and this program works and im confortable with it."
Anyway if they are using Microsoft's digital rights management encryption technology then I look forward to having a look at what they send.
The best targets for Altnet are those corporate PCs left on overnight to suck in those MP3s etc. On that kind of bandwith you won't notice. They prolly couldn't care less about 56kers, though they are the ones that suffer.
Then again, perhaps it only activates when there are no other applications using the network.
XP has QoS enabled by default, though, right? It can be installed on w2k too.
I'm sorry if I haven't offended anyone
'Altnet's seeded software [will be] awakened some time in May'
:)
Skynet 5 years late?
Once we have networks acting independently of the owners of the machines, what's to stop someone putting in a bit of self-preservation and random activity into the distributed processes...???
deus does not exist but if he does
It looks like all the rats are getting together... Only senator Hollings is missing.
When his defense asked, "Which computer has Jon Johansen trespassed upon?" the answer was: "His own."
From what I understand, the altnet stuff comes (will come?) piggybacked on the "b3d projector" advert program that the KaZaA installer automatically installs for you (without prompting if this is ok). You can see it briefly at the end of the installer when it pops up its own installation window in the top left of the screen for about half a second.
KaZaA lite doesn't install this (but it'll still be there if you haven't fully purged an old version of KaZaA from your system. Get adaware for that)
Help me! I'm turning into a grapefruit!
File sharing doens't mandatorially damages the authors nor anyone.
Don't mix correlation with causation please. I'm as most tired of having that kind of "trues" thrown at my ears.
And you can't prove that all downloads from kazaa are illegal (i could download a music of which i own the cd. under the fair use and format shift resolutions, it is legal for me to do it - at least in US - other countries may have legislative environments to the contrary).
I'm perfectly aware that the majority of the kazaa users use it illegally, but there are legal uses of it as well, they aren't just the "mainstream"
On the other hand, a download isn't mandatory to mean a cd that isn't brougt (even if some would like to make that relation).
Most people will use kazaa to download music to preview it before buying it. It more pratical then go to the disco and preview the cd there. There are more offer for preview.
Those that like the music and that can aford it, will eventually start to buy the new found authors music (another falacy is that everyone that downloads music can afford it and thrus represents a forfeit cd sell).
But i digress... Mayhappen some should go to economic universities and study macro-economy... Mayhappen they start to understand what a market is!
Cheers...
P.S.- And... what on the hell has spyware to do with "harm musicians"?
As a generic moderator-on-crack appears to believe wholeheartedly that the juxtaposition of this news article and a previous one is 'Offtopic', I feel it best to explain a potential 'Nightmare Scenario' on the horizon...
.exe itself hasn't changed, just a shared library that the exe uses.
Assumption One: Cancerware authors are amoral miscreants. Given the track record of the likes of Brilliant Digital, we can safely say that this is a given.
Assumption Two: One of the biggest advantages of a modularised Windows OS appears to be the ability to switch out the insecure MSHTML renderer as used in Internet Explorer to replace with Gecko and their ilk. Forcing Microsoft to publish the full API would enable a seamless changeover between rendering engines.
Let's follow this closely. The rendering engine runs as locally executed code, which brings with it additional security issues. I imagine, when push comes to shove, there will be plenty of Microsoft oriented warning messages along the lines of "It may be dangerous to change your rendering engine!" should a user want to make the switch.
However, fully expect the AOL / Netscape hegemony to complain loudly to the courts that this is FUD, and that it is PERFECTLY safe to switch to Gecko without notifying the user short of a generic EULA type click-through. Microsoft, having received a battering from all corners, will be forced to comply and take the warning out.
Which brings us back to Assumption One - Cancerware. Cancerware authors are forever looking for increasingly sneaky and devious ways to install their filthy code onto previously stable computers.
So, take one 'killer app', currently a P2P client, but who knows what the next one will be. Add a clause during installation that some vague 'browser enhancement' software will be installed as a requirement of the killer app. Many people will click through without reading, or just think "Enhancement - Cool!" and let it install.
What does this browser enhancement do? It acts as a fully functional replacement for the MSHTML module. Thanks to the efforts of Microsoft's competitors, it will install seamlessly, running code with local privledges.
What can it do? Anything that cancerware does already. Spying, gathering important data like CC numbers, taking control of your machine, uber DDoS, etc. etc. The possibilities rest purely with the devious malevolence of the author. It will, of course, be auto-updating, so even if it's caught out initially as being just another Purple Ape, it can download enhancements to itself to get past most security problems.
Remember that NO-ONE in the hacking community knew about Brilliant Digital's plans until they made their press releases. Sleeper cancerware, ready to awaken when the stars are right. As MSHTML is part of the Operating System now, for good or ill, it will be loaded on startup, even if the user doesn't open a browser.
But won't this be noticed by firewall software? Well, assuming consumer-grade firewalls work like Zonealarm, then no. Zonealarm checks for EXE files attempting to access parts of the net that they shouldn't be. But of course, Internet Explorer, being the most common Internet application, will be allowed through. The
And of course, the only way to uninstall this version of MSHTML would be to delete it, thus breaking anything that wants to use it. Like, err, everything!
Regardless of any non-Microsoft eliteness, the fact remains that Windows is the most popular PC Operating System for now, and shall be for a long time. This scenario outlined above is one of many potential fallabilities. I can assure you that minds far more devious than my own are concocting their own plans.
Cancerware is nothing more than barely-legitimized cracking. It seems that replacing "3133t hax0r sp33k" with the terse pseudo-legalese wording of EULAs makes this all acceptable. It isn't. And the sooner more people realise this, the better.
Of course, any company releasing something like this shall eventually become a target for the authorities. But the arrest of the author of the Melissa Virus didn't magically undo all the damage it caused, right?
"Why did they cancel my favorite Sci-Fi show? I downloaded ALL the episodes!"
You need to download refupdate which will download the latest adaware datafiles for you. It's good practice to run this at least once a week to keep the datafiles up to date (and run adaware straight after, of course)
Help me! I'm turning into a grapefruit!
Have an encrypted file that you need decrypted? Not a problem at all... hack into altnet and have 10 million unsuspecting users brute force the password for you! woo hoo! :-)
Have a website that you just abhor? Again, not a problem... piggypack a little DDOS app into altnet and watch the fun. And you thought the slashdot effect was bad!!
I seriously distrust the security for altnet. They claim its 100% secure, but I'm not buying it. Hell, microsoft says their products are secure!
If you haven't already checked out giFT check it out. It is an open source fast track network implmentation. It is no longer able to connect to the Kazaa network because they changed their protocol to come encrypted stuff, but it still rocks.
Yes it is still under heavy development, and last I checked you still had to grab the code out of CVS.
Their network needs a lot of users to test the software etc... go head and grab that source!
Using The Fish I was able to find two separate translations:
one: "All your base are belong to us!"
two: "Resistance is futile!"
This means something, I just know it.
The only thing, and by only, I don't mean it is not a biggie. In fact it is huge! But the only thing they did wrong in my opinion is not be up front with people. Spy-ware, ad-ware, and whatever you want to call this (bandwith-ware?) are all resonable ways for free software to make money IFF they are completely and clearly up front about how, what, why, and when they are doing. Not just at the beginning, but for as long as they are doing it. I have no problem with that.
[news for me, stuff that doesn't matter]
remember when you thought the idea of *them* being able to track your every purchase was some Orwellian nightmare that should never see the light of day? Skip forward to 2002, and you will see the majority of society blithely going about their day to day business, blissfully unaware of the implications of cash and credit cards being the tools that map -you- onto any given barcode. Permanent records of your habits and tastes are steadily being built up. Perhaps the spyware people ought to take a look at how history has made the formerly horrific into a tranquil reality.
I don't understand this at all. When a university student launches a program out into the net, and that program sneaks onto your machine and mucks with your registry and steals your CPU cycles, it's a "virus." The kid is labeled a hacker and is arrested. And now, thanks to 9/11, the kid has the additional dubious classification of a "terrorist."
However, if this EXACT SAME THING is done by a corporation, in the name of profit, it is viewed completely differently! Why? What's the difference? It's a VIRUS! Software forces itself onto your machine and changes things without your permission. That's a virus. That's illegal. Why are we tolerating it???
Like woodworking? Build your own picture frames.
If you're the adventurous type you can get it to run under wine, but I've only gotten it to work when I had a full windows install on another partition and kazaalite installed there. And it was still quite a bit of work.
do not read this line twice.
Visa's not cold and hard, it's warm and comforting. It's the *bill* that's cold and hard. At least that's how it works with my mastercard. Oh yeah, and the Spiderman score by Danny Elfman is friggin' amazing, but hey, so's everything else of his.
How many times have we heard that same sentiment, that people would readily pay 25-50 cents (or more) per track for music they liked, so long as they didn't get stuck with a disc full of absolute garbage? Why is it then the suits only half listen, and give us shitty swapping services (pressplay, the new napster, and so on) with "high quality" 128 kbit fucking encoded trash? Of *course* your service will fail when you only offer top 40 at low bitrates. Either these people are really really stupid, or they're really really smart - I just can't figure out which.
do not read this line twice.
The RIAAs claim that people are stealing music...
OR
Another company making a profit off of this supposed theft?
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
Most worrisome part of the article: Nikki Hemming, chief executive of Sharman Networks, advocates a copyright tax on all ISPs. So all ISP users will be forced to pay the RIAA!
And on the copying and fair use front, Hemming is lobbying Congress for an Intellectual Property Use Fee to settle the quandary of responsibility for distributing copyrighted material. The proposal calls for charging ISPs a fee to compensate copyright holders.
The IPUF would be a "universal levy that would be applied to everyone in the value chain that benefited from the content available" on the KaZaA network, Hemming says.
In an open letter to Congress, Sharman Networks writes:
"We suggest that it is time for Congress to step in and halt the 'whack-a-mole' litigation excesses of the music and movie industries through new legislative initiatives that compel content availability, while establishing a compensation scheme that requires a contribution from all the many industry sectors beyond P2P [peer-to-peer] software that benefit from content availability."
Actually, what is says is when you are acting a super node, up to 10% of your CPU may be used by virtue of the fact that you are acting as a search engine type host for many of the nodes connected to you...
It does not imply that they can take 10% of your CPU and then use it to crack encryption codes or whatever...
At first, Altnet will market video and audio clips. Brilliant is negotiating with music labels and movie studios to market their material as well. The files will be copy-protected in some way, using Microsoft's digital rights management encryption technology. Restrictions could vary with the type of file or its source; a record label may let you copy a file once (onto a portable player, for example), or play it only a certain number of times.
It's good to see that record labels have finally come to their senses and are starting to use the Internet as a marketting tool. An example of this is how silverchair released their single 'The Greatest View' as a digital download to great success. However it is a pity that such downloads usually have some form of DRM like they stop playing after a certain date, but I guess some record labels aren't prepared to hand out freebies even if it means potentially increasing sales through exposure. On the otherhand other labels, usually the smaller/independent labels are quite happy to hand out free tracks with no constraints at sites like Epitonic
Speaking of Microsoft's digital rights management encryption technology, I wonder if Microsoft have released a patch for it since it was cracked last October
aus.music.scrapbook
How many times have we seen this happen? This tactic is so old it's pathetic-- Provide your service for free then try and sell it for a buck when you think you have enough users. And as old as it, they never seem to realize that it never fails to alinate their user base to no end. And I may have missed something, but since when was Kazaa's service up to the quality of something you'd pay for?
You need a FREE iPod Nano
I'm sure the point system will go over quite well in dot.com land *cough*flooz*cough*...
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
This wouldn't happen to be the DRM that has already been broken?
It's 10 PM. Do you know if you're un-American?
Has anyone figured out the TCP/IP specifics of the spyware? I'd like to figure out if I can block the spyware and not Kazaa from my campus network.
I've been dedicating my cycles voluntarily to UD for many months now. It's a great cause and they seem like a good and upstanding group. If they end up partnering with these bozos and allowing their research to be turned into an involuntary virus, I'll certainly pull my machines from the pool. It's important work that they do, but there are others to choose from.
Josh Woodward
Too bad they keep trying to sell the stuff that is incompatible with my hardware. If it won't work with my in-dash MP3 player, my RIO and my CD burner, then you can't sell it to me.
The truth shall set you free!
I have been waiting for Linux to come out with a Kazaa client, but as usual they are well behind the cutting edge in the Windows world.
Karma: Good (despite my invention of the Karma: sig)
What is to stop Kazaa and Brilliant Digital from using their software to scan the music & movie files on your hard drive, develop a signature and transfer that back to the RIAA and MPAA? Could Kazaa be a trojan horse company set up by music companies to spy on the p2p habits of music lovers? If they now claim that using the bathroom during a commercial break is a technical violation of the copyright laws, this doesn't seem to far fetched.
Strange women lying in ponds distributing swords is no basis for a system of government.
Since GNUcleus is the standard P2P tool I chose for my home network, my sister has to use it instead of anything she ever heard of. (Bearshare, Morpheus, Kazaa and whatever she wanted...don't recall) She is into alternative music, and I though she might be disappointed. Well, she is *not*. She is very happy with what she can get. She never complains. So the more peope participate in Gnutella, the better! Promote it! :-))
And I'm *not* a communist linux type...
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Don't give me that. Files are available when you make them available. You don't need to start whining until you're making your own files accessable on it.
funny munging
kazaa has a good amount of files and reasonable performance, gnutella lacks both
Never having used Kazaa, I have regularly seen over 2TB available on Gnutella using Phex. Is that really "lacking" compared to Kazaa? Amazing.
I can agree that the Gnutella network performance is severely lacking. Even on cable, its annoyingly slow. I often wonder if smaller networks using alternate network names would improve performance. It also seems that a GetRight feature stapled on top of Gnutella might improve gets. Phex is halfway there, identifying identical hits on multiple servers.
And finally, if Linux update tools were modified to optionally search gnutella for updates (available only if GPG is installed for verification) that would save tons of work on the standard, albeit short list of mirrors and bring an enormous amount of legitimacy to the network.
Intelligent Life on Earth
Matt Oppenheim, RIAA senior vice president of business and legal affairs.
"If I rob a bank, the fact that I haven't been arrested yet doesn't mean I haven't done something wrong," Oppenheim says. "Sharman Networks should take no comfort in the fact they haven't been sued yet."
Perhaps a better analogy would be...
Person A works in a bank. Person B is a friend of person A and says "Can you give me some of the money from your bank". Person A says "sure, come on over". So person B drives to the bank and person A gives him some cash from the vault.
The FBI decides that a theft has taken place and imprisons the Ford motor company for making the vehicle used by person B to drive to the bank.
You can't win Darth. If you mod me down, I shall become more powerful than you could possibly imagine
Yes, but the RIAA clearly stated in the article they were against this tax, becuase they realize that one you tax the ISPs for the p2p content, you've lost your claim that it is illegal to share content.
Whenever you buy blank media you are already paying exactly this type of tax. The argument that you are then free to copy -- since you've already paid -- hasn't worked yet.
Nope, no sig
Yes, it is. When the Linux Kazaa client worked, I would quite frequently be able to find multiple sources for even the most obscure file. In contrast, I frequently fail to find any results on gnutella for even files which should be common. I won't go into details, and I'm aware that this is anecdotal, but that is my impression.
Perhaps it is due to problems in the gnutella protocol? I recall there being issues with scaling, and it could just be an effect of inferior search handling.
I might look into Phex, though I have been as happy with gtk-gnutella as can be expected.
Karma: Good (despite my invention of the Karma: sig)
Pointing people there could save hours of explanation...
but by the same token I should then be able to go get an OS browser and be sure of being safe, err as safe as can be on an M$ OS....
errr....umm...*whooosh* *whoosh* Is this thing on ?
Rather like the new MS licenses, isn't it. I'm a bit surprised that someone beat MS to the draw on this one, but not that it happened. There have been too many signs pointing in this direction. I expect the next few years to be quite "exciting". I really doubt that MS and Brilliant are the only ones with this kind of intent and talent, and even after being explicitly warned about dangers the "wise decision makers" go ahead and install anything they want. They just won't believe that the EULAs mean what they say.
That I do was the impetus behind my original switch to Linux. And it's one of the reasons that it is impossible, literally, for MS software to be good enough to be acceptable. They could have DWIM software, and it still wouldn't be good enough. Not with those licenses.
I think we've pushed this "anyone can grow up to be president" thing too far.
Not true, actually. Programs such as ZoneAlarm (and , IIRC, BlackIce Defender) can check against unauthorized components as well as unauthorized programs. You just have to tell it to, at the moment, but that may change if the default behavior of programs gets more evil...
This flies in the face of science.
If you find this on a corporate system, sue Brilliant Digital under the Computer Fraud and Abuse Act, for "exceeding authorized access". If they claim their access is "authorized", demand to see a document signed by an officer of the company. Some random employee clicking on a dialog box isn't enough. Only someone with authority to bind the company can authorize access. It's a straight "hacking" case.
Look, many users (myself included) were pretty upset to find that Kazaa was installing a 3rd party software that would use my computers resources for their own purposes. But no one should be surprised that their computer (inclduing up to 10% of CPU power) will be used for the software's express purpose.
And if you don't want your machine to function as a super-node, they say:
HiThere wrote:
.Net) in 1996:
9 /0 3-01mill.asp
.Net; there won't be any for other schemes to gobble up. They will have to swim in Microsoft's sea.
.Net requires always on, affordable broadband internet access for everyone everywhere. Do you really see that happening anytime soon?
;)
> Rather like the new MS licenses, isn't it. I'm a bit surprised that
> someone beat MS to the draw on this one, but not that it happened.
Believe me, Microsoft beat them to it long ago. They started their Millenium research project (now marketed as
http://www.microsoft.com/presspass/features/199
It made an appearance (in evil alien / giant monster form) in Toho's "Godzilla 2000 Millenium". The americanized version "Godzilla 2000" was made by people who thought the Millenium reference was to the year 2000 or to the Y2K bug, and chopped it off as old news. A shame really, considering how spooky the scene was when all the computers hacked into by the alien began displaying the words "Millenium", "Kingdom", etc. Fortunately they left in the cool scene where the alien attempts to literally embrace and extend Godzilla. The Mac loving, Microsoft hating Monster King charges down his throat and lets loose with one heck of a thermonuclear explosion that finishes Millenium for good.
> I really doubt that MS and Brilliant are the only ones with this kind of
> intent and talent,
Once Microsoft gathers up all the Windows computers in the world into its
> and even after being explicitly warned about dangers the "wise
> decision makers" go ahead and install anything they want. They just
> won't believe that the EULAs mean what they say.
I believe Microsoft's EULAs for XP have a clause that allows Microsoft to upgrade whatever they want. That's enough for them to put Millenium on someone's computer without the owner's sayso.
Mind you, I don't think Microsoft will win. Their Millenium (thousand year rule) can be stopped:
1)
2) X-box was supposed to be the home Millenium terminal. How is it supposed to do that when it can't even grab a monopoly in the video game industry?
3) There are two camps that can act to stop Millenium: one is Godzilla's beloved Macs, the other is the group of open source OSes lead by Linux. Of course, they would have to avoid catching Mono, which leads to a terminal case of Millenium.
4) When have you known Microsoft not to bungle something someway or another?
"It'll soak up every last bit of data." Miasaka, Godzilla 2000 Millenium
Mothra's 40th anniversary in America is in two days.
She has graciously allowed Godzilla to share sig space because she believes this is important.
You believe you have fair use on an audio stream?
We're not talking CD ripping here, I'm talking about the morons that use stream savers to soak up bandwidth by pulling streams down byte by byte to the local hard drive. I've seen it done on work servers, and ASFRecorder and that ilk are badly written. 40Gbs worth of transfer to get a 2Mb audio stream. Now image that multiplied by 100, and image the quality of the streams "normal" users are going to see. The fun thing, for me, was the stream itself was DRMed and the DRM attributes went with the ripper.
Now, if a record label puts up a concert on the web, at their expense, as a stream not a download (their choice), so people who couldn't make it to the event can watch it, do you still believe you have a fair use to copy that and bypass protection?