Slashdot Mirror
Spoofing P2P Networks as Marketing Plot
prostoalex writes "Salon's technology section talks about major music labels spoofing the peer-to-peer networks. The users of AudioGalaxy, Gnutella or KaZaa have probably seen a surge of fake MP3 files when conducting a search on a popular title. The MP3 looks legit, but contains a 20 second clip played over and over. Such promotional tracks were especially popular with newest releases, such as Eminem and No Doubt, as pointed out in the article. Who posted the fake tracks to the p2p networks? Could it be, as Salon suggests, a suburban mom, who does not agree with controversial lyrics, or would it be the label, trying to prevent piracy and promote the new album at the same time?"
I have downloaded files in the past where the content repeated itself. It's interesting though because
I have downloaded files in the past where the content repeated itself. It's interesting though because
To view the rest of this comment for only $4.95, visit http://www.riaa.org
If you make the analogy between file sharing and free speech, I guess this would be the labels taking the "more speech is the best solution to bad speech" tact.
I'd much rather see this than action through the courts.
"It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
It almost seems as if we should start CRC checking the files through the P2P app. Get several, verified versions floating around at common bitrates (and a VBR version)...
That way we don't have to deal with garbage like this, and also have a guaranteed, legit (so to speak), quality copy (at least at the said bitrate) to download.
hey baby, hey baby, hey!
hey baby, hey baby, hey!
- colin
Anybody who uses a fileshare client can quickly figure out that if a file is not multisourced, it might not be legit. These files will not be kept on peoples drives, they will get deleted right away, and then their presence will shrink into oblivion. It's a sneaky idea, though.
I'd find it even more clever if they put subliminal messages in the repeated tracks. Way to use technology against people to do your evil bidding ;-)
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
This is actually really good news. It's a sign that the music labels are going to try to deal with the P2P phenomenon on its own terms, not in the courts.
Fortunately, we will likely see a surge of new features in the more popular P2P clients that permit easy filtering of such "bad" files (e.g., an easy "delete and remember checksum" button). But as long as its a technological battle as opposed to a legal one, than it can be won.
On the other hand, the music labels may be shooting themselves in the foot in some cases. If I was trying to get the hot new "electronica" single, and ended up with "a 20 second clip looped over and over" I might not notice the difference!
Karma: Good (despite my invention of the Karma: sig)
So why not just delete the files when you come across them?
Oh, also too lazy to listen to the music you download? Why didn't you say so?
You must be one of those people who download stuff for your "Collection" because it's the size that matters, not what you do with it!Note, I'm not preaching about how you "shouldn't steal music" (see my rant about what's wrong with DRM). I'm just saying if you get something free, don't bitch that it isn't perfect.
this is getting old and so are you
blog
and i thought they were just boring repetitive songs, you know, like the ones they play on the radio too. i think the RIAA is to blame for those as well.
I want 2D games back.
I think this is a fine idea by the record labels, if they want to do it, go ahead.
I would REALLY love the ability to moderate people though. I've downloaded my share of BAD quality stuff, and sometimes from the same user, so it would be nice to moderate someone out to nothing-ness status, as well as say "Only download from high moderation point users first" etc.
Actually, Salon quotes Eric Garland, CEO of peer-to-peer measuring service BigChampagne:
"What you want to do is excite the consumer and titillate and create demand." He notes, however, that the "danger of try-before-you-buy" is that if a user doesn't like a previewed track, "then the industry and that record would have benefited from [that user's] ignorance."
Hmm. Now isn't that interesting.
So...
RIAA doesn't want Joe Consumer listening to the crap (Top 40 I guess) they release before he buys the album, because then he might realize it's crap and the RIAA is just liberating money from a fool.
OK, so let's go with that for just a moment here...
That means that what the RIAA releases as "today's hottest bands" are really just a bunch of second-rate hacks (not even first rate!) who've been blitz-marketed into every teenager's record collection. So, as Bono (right?) said on that VH1 special (paraphrased), "It's not casette copying that's killing the music industry, it's crap music killing the music industry."
Frankly, I think that has always been true.
What I want to know is... if the band is so unbelievably fantastic, why do they need all the heavy marketing? Sure, some marketing to appeal to the fence-sitters, but you don't preach to the choir.
So, the RIAA is spending billions to market Britney Spears to make us believe she's the best thing since sliced bread (or better yet, to make us think it more than we already do it seems), when Britney fans will buy the CDs anyways. And somehow they claim they're losing money here. Hmm.
All the word games, legal lunges, and slight of hand gets old after a while. Is anyone else getting a vision of the RIAA as another Ross Perot jumping in an out of the "race" all the while annoying us with lots of charts and a funny voice?
This is how They should try to stop copyright infringement. Putting aside the copyright debate for a moment, this is away to make it inconvienant for people downloading material, without engaging the courts.
You could take this same approach on other things as well.
I have always felt radar detector should be legal. If the loac PD don't like it, just put up a device that fired a signal at a random interval to trigger the radar detectors. Don't involve the courts in something you can solve yourself.
The Kruger Dunning explains most post on
I think this is a really good tactic for the music industry to use in their struggle against P2P piracy. Yes, piracy. I mean, regardless of whether or not you personally are downloading music or other files in a legal fashion, there are tons of other people (likely the majority) of people who are using this to do something which is considered illegal by law. Is it a good law? Doesn't matter. It is the law.
So, when Joe College Student downloads the latest MTV-hyped band that sounds like metal, grunge, and rap all thrown together in a blender, he gets a 20 second clip and an advertisement. What is Joe going to do? This is kinda/sorta like the highschool kid who spends $60 on a bag of off-the-shelf herbs and spices.
Now, here's the thing that really makes this a Good Thing. If this becomes common practice amongst the music industry, it could very well have the unexpected side effect of thwarting legal attempts to get P2P services shut down. I'm not a lawyer, etc, etc, but I'd think that you would be hard pressed to present a case to shut down a service that you use yourself.
And of course, now that the ante has been upped, I'm sure the P2P community will respond by improving their software to add features to combat the music industry's latest tactics. I'm not sure what form this will take, but perhaps some sort of public key watermark by trusted encoders or preview features or something even better.
In an odd, preverse sort of way, this is almost the first step in making peace between the P2P community and the music industry.
We have been thinking about this problem for some time. Our solution is a mechanism called "subspaces", where users can effectively vouch for the authenticity of data, even though that data might be anonymously inserted into the network. Even those vouching for data can remain anonymous, they will be motivated to stay honest to maintain the reputation of their anonymous identity. You can learn more about subspaces here.
Just a note about Top 40 Napsterizers in my area:
..
Most Eminem-bots around here wont even complain that their Eminem CD wont play on their PC, and they STILL bought it. Of course they downloaded the mp3s, but they buy the CD too (its called franchise penetance, and I'd be more sympathetic to the RIAA if wasting money on brands, regardless of quality of product, wasnt America's favorite passtime, anyhow. Do they really honestly think people are downloading top40 bands because the quality is top notch? Nope. The big bands are Brands, and nobody likes to own a brand without owning some officially licensed 'gear', which is the CD in this case.)
The RIAA's archtypal top 40 uber-pirate downloader does not exist! Instead, those downloaders have ALSO been rushing to their local store, repeating, "I know I'm a sucker, but hes so cuuuuute, I have to buy his CD!" for the last 5 years
So, I'd say, they are targeting an audience that is buying CDs from them anyhow. I certainly dont know too many NON-top40 downloaders who are buying CDs nearly as religiously as the brand whores who need their latest Eminem or No Doubt (tho thier last single is pretty catchy, I have to admit they've grown) or big label divas.
How does this impact this story? I think if it is the RIAA or labels that are doing this, they are wasting their time, and the bandwidth of the last slice of their realiable, heavy user consumer base. It might work tho, which is fine with me as it would leave the people actually using file sharing networks to increase their exposure to new music alone to pursue such a noble quest.
"Old man yells at systemd"
For example: there could spring up various independent directories of MD5 checksums for songs known to be either good or bad. Various individuals could maintain these by hand, or P2P clients could allow the users to collaborate on such a shared directory by allowing users to simply click a button to associate a "trusted" or "untrusted" score for an individual file. File scores could then end up being aggregated into a reputation for a given person. Someone impugned a lot would get a bad reputation for sharing bad files, but allowing meta-level moderation (not unlike that in slashdot) could make this work both ways: someone who repeatedly impugns someone who actually deserves a good reputation would themselves lose reputation points.
An example of a trust metric can be found here.
- First they ignore you, then they laugh at you, then ???, then profit.
There's a lot of young stupid kids using this software and they're about as computer savvy as my dead grandmother. They may realize that the song is screwed up, but they don't even know they're sharing it and probably don't even know how to delete it.
From the article: "MetaFilter's Haughey says 'record companies would love it if people were frightened of file-sharing networks and never touched them again.'"
I'm really surprised the record companies haven't taken advantage of this to advertise their pay services. Why play just a looping 10-second piece of the song when you can play a clip and then say, "To get the whole song legally for just $1.95, visit Pressplay.com" or something to that effect? I know that eMusic and some other services used to advertise their presence in the ID3 comment tag of the MP3, but this would seem to be wholeheartedly more effective.
The real question is, do the music companies really want these for-pay services to succeed, or do they want them to fail so they can frame Internet users as thieves? I'd say that both viewpoints exist in the RIAA. That's why these services aren't even advertised, especially not in a means such as the above, which IMHO would be quite effective.
I worry sometimes that all this "music revolution" will give us is uncopyable CDs. This would be a huge disappointment to those of us who don't want to gyp the artists -- we just want music in a more flexible format than a CD can offer. I, for one, am hoping that the potential of mass music distribution via the Internet can become a reality. If the record companies only squash the P2P networks without providing an alternative, this will only serve to alienate customers. On the other hand, if the record companies work with us to provide a low-cost way to distribute music legally (with rights to copy it to other devices), both the record companies and artists have a chance to become much more profitable while continuing to make their customers happy. I sincerely hope the latter will occur.
Simpli - Your source for San Jose dedicated servers and colocation!
Well, if you think about it, all the record company has to do is put P2Pster on a computer somewhere and load up the spoofs. Alternate the usernames (if required) once in a while, maybe add some new content periodically.
They show up in the search just like some college student in Peoria.
You know, I think I've just hit on a money-making business: Hosting spoof songs for the record company. For, say, $500 a month plus bandwidth, I will host any and all spoofs the record companies want!
Whaddaya think?
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
So this explains why 'Who let the dogs out' sucked so bad when i downloaded it, surprisingly after months of trying, I still cant seem to find a legitimate, nonrepeating copy. The RIAA must be pretty serious about all this
"The United States has no right, no desire, and no intention to impose our form of government on anyone else." - Bush 05
I love to see cool, random stuff like this happening on these sorts of networks... this sort of nearly prankish interaction is the proper spirit for the duel between recording companies and P2P services.
Not only does it not involve lawyers in any way (a deal maker right there) but it also creates a robust meta-game within the service- can you find the real mp3? Can you develop a reliable way to repeat that process?
As long as no one goes to court or Congress when they start to lose, this is the way things ought to be.
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
I've been spoofing a real Slashdot poster for the last two years - as long as the checks come in, I recommend Windows XP - with .NET technology!
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
actually, the reason for these file sizes is that they're meant to be burnt as VCD -- video CD -- (or sometimes SVCD (the S is for super)).. said movie is most likely a VCD-compliant (happens to fit the bitrate and resolution requirements) MPEG-1. (S)VCDs are in mode II, which allows for about 740 meg on a 74-minute CD, and 800 meg on an 80 minute one. This is all spec-happy, and just about any recent burning software will be happy to burn said mpegs to VCD (I know Roxio EasyCD creator does (starting with version 5) and Nero, of course). The added space comes from less error-correction in the data tracks, so it's slightly less robust.. but it allows for more data to be burned.
:) ), and I won't discount the possibility that the studios play games with bad released from time to time.
as a side note: almost all regular DVD players (you know, the ones for your TV) will play VCDs, some will play SVCDs (which are VCDs but with MPEG2 instead of MPEG1, and a bit more advanced menus possible). Some will play them off of CDRs, some not so much. visit http://www.vcdhelp.com for more information on players and how to make VCDs.
And for the record, centropy tends to release pretty damn fine quality screeners. It's true that many suck, and they do make me want to wait for theater (or just until the DVD comes out, and then get a DVD rip
That is all, thank you for your time.
It's wrong for someone to write a program that exploits obvious problems with Microsoft outlook, but exploiting p2p or iMac firmware issues on CD players is a perfectly acceptable way to "get back at" those darned copyright infringers?
News flash: Most of the interstate highway system is free. Does that give me the right to blow up a highway? Hardly.
-- Ken Kinder ken@_nospam_kenkinder.com http://kenkinder.com/
That's how PGP's Web of Trust works. It is fully applicable here. A hierarchy of trusted signers would vouch for the authenticity; each signer can be anonymous, and signer's trust can be added or revoked. All you need to add is the ability to download the signature separately (or before) the song.
FastTrack (Grokster, Kazaa, iMesh) relies on trusting it's users to provide authentic content. Anyone can share anything they want, mislabelled as they wish. Multi-sourcing exists on FastTrack, but only with up to around 10 users at most due to it's centralized structure.
Audiogalaxy, on the other hand, is centralized and can multisource from thousands of users, and group them together based on sharing of identical files (determined by a modified MD5 hash). Britney Sphere's latest single I'm A Slave For You, 128kbps, 3:36 is currently shared by 2627 users. That's way more than you'll get on any FastTrack or WinMX network. And since Audiogalaxy downloads the most popular version, it is very difficult to inject bogus crap -- in fact, you'll need to have more users sharing the fake files than legit. As a whole, users often remove fake files leaving the legit shining brightly through.
Regardless, it's all irrelevant once one enters the real MP3 scene on IRC and FTPs. Not just anyone can share files on most channels, only approved xdcc bots can. In addition, they only share specific "releases". Groups base their reputation solely on the quality of their releases. New groups on the scene often put out re-encodes and other junk which is nuked on a global scale. No site worth it's salt carries it. Well-established teams, on the other hand, are respected and sites carry their content, where sites are either +m IRC channels or ratioed FTP sites.
In conclusion, there is no need for peer-to-peer. Multisource downloads are a fad. We have enough bandwidth already. The protocols to distribute and disseminate content has been here for years: FTP and IRC. And they both work better and resist spoofing more effectively than whatever new protocol an inspirating programmer puts out this decade.
"The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare
Straight CRC checks won't work, btw. You'd have to download the whole file to do the checksum. Better to sign the file in chunks. Or, use a fancier scheme:
You could do a web-of-trust type verification. Logically, divide the files into medium-sized chunks (say 32KB). Allow people to sign the chunks (w/private key), thereby endorsing the content as "valid". You can download a chunk, and see if it's been verified (preferably by someone you trust, or someone who's been signed by someone you trust). If it has, download the next, see if that's been verified, etc. (Again, if you only sign the whole file, you have to d/l the whole file to verify the sig, which is pointless).
Now, of course ppl. could falsely sign something. So, you 1) allow more than one signing of a file. 2) distribute keys with a PGP-style trust web.
So, suppose I put up a P2P host. I allow ppl. to download my public key, along with signed files. Someone will be willing to try out my files. They find it valid, so they sign my stuff, and send the signiture back to me. They also sign my key, perhaps indicating a level of trust in the signing.
As time passes, I can build a reputation in the long list of people who have signed my key and my files. You can trust the stuff I have up to be good because the stuff I've had up before was good, and this long list of people are willing to vouch. Probably, you trust at least some of these people directly (they've shared good stuff with you), so their sig. means something.
Now, an attacker can take advantage by gaining trust, and then spewing abunch of crap. BUT, they have to deliver good shit first. If they abuse it later, well, have the signatures be dated, or provide for revocation certificates.
Or we could go back to the old-fashioned way of doing it. I trust the stuff I download because I've shaken the hand of the people I'm downloading it from. Or because I've taken a risk in the past with them, and they paid off, so now I trust them enough to let them get my stuff, and they trust me enough to let me d/l theirs. Much more personable and friendly that way.
Just think, the cost incurred by the RIAA in hosting all that crap music. The number of systems needed to saturate the P2P systems, the storage of the files, the bandwidth needed to make their nodes get hit more often than ones with 'valid' content, the cost of making the files, the administration of the project..
All of that costs money. And what does that result in?
RIAA: "Due to the cost of combating digital piracy, profits are down again, Mr. Senator. Frankly, we'd rather that money went to a more worthy cause. *wink* *wink* Won't you help us out?"
-- What you do today will cost you a day of your life.
If they were really smart they would generate files with the same name and of exactly the same size as those on the network. Then, as a result of the kazaa multiple download system peopel woudl end up with pieces of garbage interspersed with their movie. The next person who downloads ends up with garbage in different places and so on... the whole system is screwed. How easy would it be to make a piece of software to look for titles, generate random bit streams with those titles and then post them on the p2p network?