Slashdot Mirror
Mission: Infiltrate the P2P Network
prostoalex writes "Wired News unveils the secrecy behind Overpeer, the company whose mission is to infiltrate peer-to-peer networks with low-quality audio and video files, or corrupted chunks of data which carry the same name and have the same size as originals. Apparently OverPeer even managed to procure a USPTO patent on (a) producing an advertising digital music file by deteriorating or damaging a sound quality of an original music file of a record of a cooperating record corporation; and (b) distributing the advertising digital music file through the communication network."
don't users of these networks already do this when they share their crappy files
"but money is the God of Algiers & Mahomet their prophet." - Rich. O'Bryen June 8th 1786
Seems like they are trying to piss in the pool to drive everyone away.
How many people and companies that are willing to make money by being scum...worse still that the patent office is willing to grant them a patent on being a scum. P2P is good for the world, why the hell can't people just get over it and let it be.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
or corrupted chunks of data which carry the same name and have the same size as originals.
Isn't there some magical algorithm that produces an unique checksum number for a file, and if it were missing chunks wouldn't that reflect in that magical number? Don't most P2P networks use this magical MD5 checksum algorithm to ensure files aren't screwed up?
Gee, you would think the patent office would realize they just awarded a patent to the same guy that sells server pixie dust.
I know some P2P networks just match file size and name, but I'm pretty sure most of the good P2P networks check a file's MD5 to see if it is the same as another. If the MD5 matches, it's probably the same file, despite having a wildly different name.
Unless Overseer or whatever found a reverse algorithm for MD5, I doubt very much that they could degrade the qualify of a music file in such a way that the MD5 doesn't change.
We can't build a better mouse trap...
So we'll break yours!
(ok...not "break" but render rather inefficient....grumble.)
When in doubt, parenthesize. At the very least it will let some poor schmuck bounce on the % key in vi. (Larry Wall)
On the one hand, this sounds perfectly fair. After all, they are taking steps to prevent folks from stealing intellectual property.
On the other hand, it seems like it's easily bypassed -- some authority should keep a central server with a list of known good files and some sort of hash associated with each file. If the file is distributed in pieces, there could be a hash for each piece.
Finally, isn't the entertainment industry's time is better spent developing a functioning revenue model? People want music online, and they won't pay a lot. Sorry, the genie is out of the bottle -- get a real revenue model -- or someone else will, and they'll kick your butts. All the incredibly crappy and formulaic new "music" isn't helping much, either.
Simply put, how do they know what is or isn't legal?
There are plenty of bands that release some or all of their tracks for free....how are these guys determining WHAT gets fubar'ed and what doesn't......could a new file naming convention by P2P traders make this REAL hard for these guys..? How aer THEY choosing what content gets whacked?
Sehr geehrter Toilettenbenutzer!
From the article:
2) Collect illegally produced digital music file.
3) Edit illegally produced digital music file (damage sound quality).
4) Distribute digital music file on network.
All of these are illegal under the DMCA.
Oh, I get it, it's ok to break the exact same laws you're trying to get the general public to stop breaking. I know, lets run around and rob the thieves and rape the rapists, that'll get them to stop too. Why didn't we think of it before?
<sigh>
Damien
This is a perfectly valid attempt by the record companies to fight for their survival. In fact, I applaud it because, for once, they are not resorting to the courts or the coercive power of the state to crush the "criminals" who share music. Instead, they are playing a technological game in our arena, on our own turf. This is simply a variation of the way a.s.t used to invade newsgroups by flooding the channel with bogus trolls.
And since they are playing our game, we can strike back the same way. We can institute the equivalent of killfiles (if we know the IP of these bogus sharers), or, even better, we can add audio fingerprinting to P2P networks to filter out the bogus files. That sounds like a good open source project.
So long as they try to play this game with us, they can't win.
Aren't they illegally distributing these copyrighted content without permission, which is still criminal regardless if it is of low quality?
Or do they have the copyright owner's permission (i.e. licensed), in which case it is legal to download those recordings?
- They assume all users are guilty of piracy, and will proceed with that in mind
- Since all users pirate works(see above point), they release copy-protected works that do not work according to standards...other than the infamous "neener-neener, you can't copy this" standard
- Through their extensive lobbying efforts, they're seeking to remove what little legal rights we had to items purchased. (e.g. When I buy a gallon of milk. I have to make sure there's no EULA. Of course, I can't see me taking the time to reverse engineer it)
- Now they're actively trying to poison P2P networks
I would like to know when this is all going to come to a head, or is it going to be continue to continue spiralling until someone/something/group of someones intervenes. Perhaps it will stop when the majority of their user base becomes so alienated that purchasing a copy (licence) of a work is viewed as a faux pas.If they'd work on developing a better digital delivery system (I don't see the current methods being very viable), perhaps that would do something to curb piracy
It won't work well with all P2P networks. A prime example is the eDonkey network which uses a hash of each file as an identifier, not a filename/size identifier. You can rename the file to anything and the hash won't change. eMule Project is another great eDonkey network client and is open source.
This is too little, too late, unless you're stuck on Kazaa.
Trolling is a art,
Tit. Tat.
I might not like it, but this response seems pretty logical to me. The Industry has declared war on P2P as the source of their dwindling profits. (I'm not going to argue the validity, that's irrelevant.) Of course they're going to try to sabotage these networks any way they can.
This puts the ball back in the court of the P2Pers. So what's the next step? Seems to me it won't take long for someone to come up with either a moderation system or IP blocking scheme that will force the Industry into a different line of attack.
When are these people going to learn that if they spend 6 months developing a technology to "protect" their copyrighted info, it will take 6 days (if that) for someone to defeat it?
Dime to donuts someone has a way to beat these bogus files within the week...
-mh
Surely it won't take very long for people to discover the IP addresses that the rogue files come from and block them? A (long) list of rogue IP addresses was posted on Slashdot a couple of weeks ago.
Summation 2
Sorry. The Laziness of the industry to not find a way for you to use the music conveniently trumps your own laziness because they have all the bucks and the lawyers, and they also extract more profit, at least in the short term, by branding your usage piracy.
People will just delete the junk and keep the good copies (think about spam).
The good copies get moved to the "good stuff" directory (available for download) and the bad stuff goes to
...and it's called Google!
Just think about how google works, I look for "slashdot" and what comes up in the first page of results? Now think why, it's because loads of other people have been there before me and they thought that www.slashdot.org was exactly what they were looking for.
now apply this to p2p, someone posts crap, I download it, it's crap, I delete it, problem solved, the file doesn't distribute because I don't share it, if nobody wants a file then it gets disregarded. okay so it won't be so effective against less popular music, but that's not the kind they're likely to try and propagate.
This kind of this has some crossover with the network theory post from today (yesterday?). If you're interested in P2P I'd recommend reading about it.
It's not too hard to avoid low quality/bogus files. All you need is some form of rating and feedback system. ShareReactor fulfills this need for the eDonkey network, providing links to verified versions of files. I imagine it's very possible to decentralise this system significantly, or even to integrate it into the file sharing protocol itself, in order to reduce the possibility of the rating site being shut down.
-- Help Digitise the Public Domain at DP.
"On some level they understand that P2P users are also potential customers -- record buyers, video renters or gamers -- and don't want to alienate them"
Well if you want my business, then maybe you should give me a sample of what you have to offer, and not just waste my time in the first place. But then again, If I can buy a complete movie on DVD for even as low as $5 on sale, or $20 not on sale, why would I want to pay $18 for a CD with maybe 15 tracks if I'm lucky.
Either way, these businesses need to figure out how to attract my attention, rather than ram their practices which are tried and proven to be not working, down my throat. Can't open my wallet that way!
Mine means my own, but how can this be if I owe for it?
They're getting PERMISSION from the copyright holders to do this. They're not collecting anything. Record companies will say "Hey, you have full right to distribute fake Metallica files" and you know what? It'll be LEGAL. Turn! Brain! On!
"For the promotion of USEFUL arts and sciences..."
How does protecting sales even come close to meeting that hurdle?
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
It's the age old Pissing in the well trick.. if you poison the source then people wont use it.
Unfortunately there are at least 90-100 more talented programmers and solution finders to every employee they have out there that will find a way to detect or reject their junk. This company has nothing of value to sell to any interested party, just like macrovision is 100% worthless (both 1 and 2 are easily removed without effort and only $5.00 worth of electronic parts, or a simple $10.00 box that can be purchased most anywhere called a "video stabilizer")
Let them do their worst, let the companies waste their money on this snake-oil salesmen. i dont care, it will never affect me, and by the time the first 2-3 of their supposed files get in the wild there will be patches to kazaa-lite , open nap servers, and gnutella clients that simply will not list these files.
Do not look at laser with remaining good eye.
Regardless of the debatable benefits to the recording companies, doesn't this approach do the most damage to the artist by reducing the public's perception of that artist's overall quality?
Most corporations would never allow low-quality reproduction of their branding, even for legitimate business use. To do so would undermine the value of the brand because of the association with lower quality.
An artist's professional reputation is based on the public's perception of their quality. Seeding the market with poor quality content only causes the public to associate that artist with poor quality.
Ultimately, this will drive consumers toward artists that fight to protect the quality of their on-line body of work.
Personally, I feel that the recording industry can keep people buying their product if they enhance the music with liner notes, album art, and other forms of content that are harder to distribute in its original format.
Don't through out the artist with the bathwater.
trichard
I don't know about other P2P programs, but LimeWire has told me on many occasions that it has detected file corruption and asks if I'd like to continue to download. I don't know the process it uses, but it is probably some MD5-type checking. For audio files, it indicates the bitrate so I only download files that specifically indicate they have at least a 128 bitrate.
"Sic Semper Tyrannosaurus Rex."
I'm going to patent creating potholes with the cooperation of tyre manufacturers; and distribute them thru the road system.
Kazaa has that, they call it an integrity rating. Files are rated Excelent, average or poor.
"Sic Semper Tyrannosaurus Rex."
They have created a device/algorithm/system whose sole purpose is to circumnavigate security devices, therefore violating the DMCA. There device has no other application than to put phony files on a P2P network, they overcame the P2P's security by modifying the files but still retaining the same file size (and checksum?). They get a patent on something that is illegal, while others go to trial for it.. Gotta love america
UNLESS OF COURSE,THEY HAVE A WAY THEY CAN TELL WHAT FILES THEY'VE TOUCHED ALREADY....hmmmm
Sehr geehrter Toilettenbenutzer!
Thats the point I think patents should be useful to the general public this patent clearly is not....
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
Here is a company whose goal is, simply, to sabotage an existing system/service. All talks of legality aside, there's something amazingly pathetic about this. Forget trying to make something people want, just hire someone to wreck the competition.
.
Of course someone will find a way around this. And it won't stop fileswapping on P2P networks or other methods.
Hmmmm. Maybe this guy has the ultimate scam. As file traders find new ways around what he does, he can sell new methods to his clients . .
"The Sage treasures Unity and measures all things by it" - Lao Tzu
all this discussion of checksums and the like is totally irrelevant. quite ignoring the fact that its the host that supplies the checksum (if its too be of any use in selecting potential downloads), its very unlikely that any two renditions of the same audio file would be identical. CD-based digital audio is not a bit-for-bit perfect transfer medium (hence error correcting h/w and s/w in the drives). Rip a CD on two different drives and the chances that some bits will be different in the resulting files are really pretty good.
Checksumming only works if the assumption can be made that there is a single unique version of the file. That isn't true in the most common cases.
Bandwidth's expensive. If we could at least come up with a system for users to have to actively opt to share each file after they have played them and can verify its quality -- instead of downloading bad files, not deleting, and thus sharing them -- that would slow the spreading of these files. Opting-in would, of course, slow down the general proliferation of good and bad files and would make it more difficult to find any files as fewer would share users, but I think it's a good trade-off.
That would leave the record industry cops with a lot more uploading to do. 700+MB is a lot of bits to move, and they have to do it every single time a user initiates a transfer. Are the odds that that user (assuming he only shares it if it's good and does not spread bad files) would go out and buy the movie/CD instead of either continuing to try to find a valid file, or simply giving up altogether? I highly doubt it.
The measure may be as simple as letting one listen to the song as it is downloaded, and having the users "moderate" it, à la Slashdot.
What we have is a huge cluon deficit on the part of the record companies.
Download it here. Note that it has no search feature. You'll need to link it from 'freesites'. Visit the site for more details.
I think you guys are pretty confused about MD5s.
Billions of crap files have exactly the same MD5 as your favorite Brittney MP3. This is because (duh) the MD5 is much shorter than the file itself.
True.
Where I think you are confused is about the nature of MD5.
MD5 is not just another hash function. It is cryptographically secure. This means that you will never ever, in the life of the universe, be able to find nor contrive / construct a file with an identical hash. That is the whole point of MD5. Otherwise digital signatures and certificates would be meaningless.
The price of freedom is eternal litigation.
I thought in ourder to get a patent somethign ahs to be *useful* and *new*. I donno which dumbass was asleep at the wheel at the USTPO, but the intentional damage of something seems neither useful nor new to me.
(patent for)...producing a digital music file by deteriorating or damaging the sound quality of an original music file
I'm sorry but MusicMatch Jukebox has been doing this to music files for years with its ripper.
Mordor...a magical, mythical land where women are more rare than dragons--but where every man would rather find a dragon
"I never buy britany CDs - they're all static."
"No, the ones you buy don't have the static."
"She's still singing isn't she?"
Sure you (or the recording industry) can put as many locks on as you like, but if i *really* want into your house badly enough, I'll find a way in.. even if i have to drive a car through the front door. This is why the industry is fighting a losing battle. It was over before they even started fighting. They don't have the talent/resources to stay ahead of the masses. Sure, they can make a particular P2P service more inconvenient, but there will always be plenty of public and/or trusted private sources from which to dowload. And if/when the signal to noise ratio gets bad enough, people will simply invent or find another way to do it... then what? How many times will they go through this before reality begins to sink in?
If their idea is patentable, can I get a patent on producing counterfeit currency?
After the secret service nails someone for counterfeiting, I take advantage of
them tracking them down and then sweep in and nail 'em for violating my patent.
Hmmm..
There are many ways of justifying actions other than through the morality of those actions. I don't read books to make me a better person, I read them "because I can and it's fun." Perhaps reading makes me a better person (sometimes yes, sometimes no), but that's not why I do it. Does that mean I can't justify reading? And yes, sometimes drugs can make people better, too. Recreational drugs can make people less tense, they can give people new perspective, they can introduce people to whole new worlds of experience. Do they do this for most who use them? Probably not. But there is more "honor among thieves" among recreational drug users than exists between record labels and their consumers.
It's this puritanical stance that has really started to get me over the last few years. "Just because it's legal, doesn't make it right", true, but just because someone doesn't think it's right, doesn't make it so. Everything doesn't have to make the world a better place to have justification.
That aside, I do agree with your thesis. "P2P makes the world a better place" is one of the most specious and nebulous statements I've heard in a great while.
Then again, there are believed to be some weaknesses in MD5, making this a little bit easier.
TANSTAAFI: There Ain't No Such Thing As A Free iPod.
First of all, it pays our bandwidth and the infrastructure. I'm all for that, obviously.
Second of all, it destroys the validity of their statistics about how many files are downloaded. Their statistics on how much cash they lose through this already are bogus, but now they can't even give good numbers on how many files are transferred, because 3/4 of the downloads may be wasted through broken fake files.
Third of all, this will lead to more cool research in cryptography. There will be papers about how to make this kind of attack more difficult and how to build trust metrics between anonymous peers (and that are very interesting problems, you should consider doing research in the area!).
In the short run, this pays for bandwidth with the profits of the record companies. More bandwidth will be used to do more file sharing. One day, RIAA will understand that they are financing the infrastructure of the enemy and shut overpeer down.
In the long run, RIAA will raise the price for CDs even more, to pay for overpeer and the infrastructure of the P2P people. That will cause even more people to not buy their music but download it instead, hastening RIAA's run towards obsolescence.
I think you will find the P2P companies will never actually defend filesharing of copyrighted works.
Thier very survival relies on the fact that thier software has significant non infringing uses, and that is the basis of the defence derived from the Sony VHS judgements.
Overpeer would not be degrading the quality of service because there is no service with P2P software - the P2P companies provide the software - Napster provided a service (the master index) and they got nailed for it.
Surely if someone attempts to carry out your property from your home you would expect the court to be sympathetic to any reasonable attempts you took to prevent it?
You wouldn't for instance expect a legal challenge from Joe Burglar against Chubb because a recent change in the design of your front door lock is reducing the quality of service hes getting from his lock pick supplier?
At the end of the day this idea threatens no one who is genuinely using P2P networks as so many people claim they are.
If you trade in copyrighted works then this will make your life a little harder.
Deal with it.
Our community started the war when they wrote Napster, now someone is bringing it out of the courts and onto our turf.
As the SAS say "Big Boys Games - Big Boys Rules"
Firstly, MD5 is just a one way hash. That hash can be and is often signed to prove that the hash was generated by some trusted party. However, if the hash itself is broken, then validating with it any signature, regardless of how secure it is, is by definition meaningless. See MD4 and others.
Secondly, we only presume MD5 to be a good one way hash--there is no absolute proof that it is. There might be some novel approach that we just don't know about yet.
Thirdly, by definition, no one-way hash can rule out the possiblity of brute forcing the hash by throwing enough stuff at it with the hope that something else will generate the same hash. In other words, we KNOW there exist other inputs that will generate the exact same hash result because the hash cannot possibly describe a unique input given that it is much much shorter. We only believe that it would be very hard to generate some other (reasonable) input to match a specific target hash. For instance, for some known hash I probably cannot generate an input that will match it and I especially cannot hope to generate one that is apt to resemble what I intend to pass my package off as. However, given enough computer time, I can certainly generate SOME file (even if it is ugly) that will match your MD5 hash (and pass your signature with flying colors). In 50 years even there is every reason to think that this would be a trivial task.
OverPeer even managed to procure a USPTO patent on (a) producing an advertising digital music file by deteriorating or damaging a sound quality of an original music file of a record of a cooperating record corporation; and (b) distributing the advertising digital music file through the communication network."
... this is a good thing! now they can prevent other people from doing this, and the aggregate amount of this activity will be lower, which is just fine by me.
hey
-- p
The only solution for idiotic patents, greedy corporations, and lame ass IP laws are to ignore them totally.
What I think is needed is something along the lines of a 'non-extradition' country an Amsterdam, a Vegas, or what have you, where servers can be located (asylum granted).Where no questions are asked, everything anonymous and idiotic laws will not be enforced. Like a swiss bank account.
France wants to censor your site?
Fuck you, and you don't know my name.
The puppet US corporate gov't wants to arrest you for breaking shitty encryption?
Fuck you, and you don't know my name.
Want to use hyperlinks, one-click shopping, or use a programming technique people have been using for years, but recently awarded a patent?
Fuck you, you don't know my name.
Want to share source code that enables you to watch something you purchased legally, but you can't in the US or Europe?
Fuck you, and you don't know my name.
Want to host a blog site (term sucks, i know) without being worried that someone will post a comment that offends a corporation, and your getting sued?
Fuck you, and you don't know my name.
Point is we need just one *country* (sorry HavenCo doesn't apply IMHO) where they respect citizens rights. The ISPs have sole rights to decide what types of sites they want to host. Lawyers, suits and foreign govt scum are refused entry and information.
If you're getting enough random errors to conclude that no two rips will have the same MD5 sum, then you must have one heck of a crappy CD-drive.
I'm not sure, but I think that you can get different rips of the same cd track. I seem to remember that cdparanoia's docs had some detail on this. Something called "digital jitter" or somesuch. Just recalling from memory.
I'm certianly not an expert on all the levels of what goes on in ripping.
The price of freedom is eternal litigation.
They appear to be running Win2K/IIS, just like RIAA. Not that I'm saying this is bad, or anything like that
Be on the lookout for any of the following people:
Then you can get all the benefits and protection of the law!!!
No DCMA issues, and you can charge script kiddies for using your methods!!!
And the best use of a patent, M$ would have to buy fixes from us!!!!
I thought the DMCA specifically disallows the distribution of programs that are designed to hinder or sabotage the functioning of another program?
Since there is no way to tell that by downloading bonjovi-livingonaprayer.mp3 I'm not actually getting a crappy recording of my grandpa in the shower in the first place, specifically writing software to categorically sabotage specific filenames is essentially illegal isn't it? Or is this another case of "my lawyer is bigger than your lawyer" where the larger companies can afford to recklessly abuse the laws that they bought without the book being thrown at them?
All in all, I think that if this is the case it would be a delicious irony.
Bitzi does exactly what you describe. Several Gnutella clients have built-in support for it.
This is kind of like an author hiring people to go to every library and vandalize their books.
Why does the recording industry hate its consumers so bad?
"The large print giveth, and the small print taketh away" -- "Step Right Up", Tom Waits
You don't need a program. There's usually an easy way to tell. Look at what else the user is sharing. If they have multiple copies of the same song with just different formatting/spelling of the title...odds are they are gunna be fakes. After all most people don't keep 5 copys of songs with different titles on the HDDs. Just use about 2 min of checking and a bit of common sense you can reduce the chances of getting a bad song.
I propose a new type of peer 2 peer network based on distributed computing such as seti@home merged with a quality of service metric similar to slashdot's. Basically everyone who connects to this network will reserve a chunch of hard disk (say 100mb) for the use of the network, a slice of memory (say 16mb), and a portion of their bandwith (say 10%). These reserved objects can be used to keep a protected hash database running live 24 hours a day, 7 days a week.
Redundancy should be build into the network so that as people log on and off, a large percent of the hashes are still available such as 90%. These hashes could use md5 or some other secure network and the moderation would handle filtering the good from the bad. Initially it would have a lot of duplicates. This is not a bad thing. It would cause greater numbers of people to listen to duplicate songs until the best quality ones are modded up and the lower quality ones are modded down.
If the reserved space is encrypted we should be able to isolate source ip's and make it look as if the traffic is coming from everyone. So instead of a song coming from 3 sources, it looks like it comes from 1000 sources because the protected share is part of every client. Similar to the Borg.
We could still give preference to faster pipes such as T3/T1/OC whatever. In addition with a node/supernode algorithm, we could figure out more efficient routes for transmitting the songs based on the users already connected to the network. For example, choosing to get a song from a user at your "isp" vs "the nearest supernode".
The protected share should handle the md5 checksum and thus the client's distributed client program would devote cpu cycles to checking the validity of the content in the protected share. I like the idea of hashed based searching but I wonder, even if we store the hashes in a protected share, does this open the door to any form of legal liability?
I realize that the record cartel could come in and do an initial flood of crap and then maintain a network of computers to saturate it with bad data. A solution would be to have the client upload a valid file and then have the network (protected share) validate the file. The network could then keep running times of valid source ip's. The source IP does not have to be sharing data (it can if it wants, and most clients probably would) it just is needed to prevent the record cartel and their minions from setting up hordes of dhcp machines spitting out bad data because they would have to revalidate everytime an ip is changed. This may effect others who are on dhcp but their moderated accounts would be able to act as a form of credit at time of validation. People with good history who switch ip's but don't disconnect would not have to be revalidated because a trust would be established. Whild someone who disconnects and changes IP is no longer trusted. By having a protected share, high quality data could go into replication quicker.
If we know it is trusted and we see a concentration of requests coming from a particular area/isp, we can broadcast data to other clients near area/isp for the purpose of retransmission during peak times. Maybe we could build in requirements such as if a song is downloaded, it must be kept on the machine for 24 hours, so people don't just download and delete. This way retransmission could be quicker during peak times. People who download and delete or log off would be modded down as potential sources while others would continue to keep good credit. Thus, in addition to having metrics for quality of service, we could also have metrics for the quality of the source.
The reason why the recording industry is on such shaky ground is that they really have no reason to exist. They don't produce the music, they don't even pay for the CD's themselves. The artist does this and only gets a three percent cut of the profit. The job of the recording industry is to find/exploit the talent and to shove the product down the consumers throat through promotional gimickry. Their secondary job is to eat up all the profit and lobby for laws to protect their reign since in a free market they can't exist for long. In the digital age even the record companies image of usefullness has disappeared since we don't see their name on the product anymore.. we just downloaded it on gnutella. People wonder why we want to give a record company $14, the record store $5, and the artist $.60. I say, if you want to be moral, pirate the CD and send the artist $2.. that's more than they'll get from the record company. As far as thwarting spoofing there are options. How hard would it be to get a list of MD5's of good files going on a web site? We still have free speach don't we? Also, the spoofers will be using the same hosts to do the spoofing...just finding the bad files and posting where they came from would help.
My Blog