Slashdot Mirror
U of Wyoming Fingerprinting All P2P Traffic
mk2mk2 writes "News.com has an article on how they're preparing to shut down P2P sharing of copyrighted content: 'For months, the digital equivalent of a postal censor has been sorting through virtually all file-swapping traffic on the University of Wyoming's network, quietly noting every trade of an Eminem song or "Friends" episode.'" It's scary until one realizes that most P2P traffic isn't encrypted, like back when everyone still used telnet.
I wonder if these violators will be prosecuted or fined, or even reported to the RIAA.
Why does the fact that it's unencrypted make it non-scary?
Peace and love, y'all
How do they fingerprint these files? Wouldn't it be quite easy to set up some sort of system to scramble the file before posting it on P2P and them descramble it to defeat the fingerprinting scheme?
What about FTPs? Direct file sending over IM clients? Usenet? IRC? Good luck, RIAA...
-insert a witty something-
Someone wasting bandwidth on a 'friends' episode is scary indeed!
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
No, I would say scary after. If it were encrypted, if would be much harder to do.
...
I suppose you could claim "spoofed ip"
SO, i guess they have no problem with ME running a sniffer on all traffic on their network? I mean, since they feel its ok for them to do it, its ok for me to do it.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
Oh, so it's about bandwidth now? Interesting. Yes, the RIAA, champion of bandwith-starved college kids everywhere.
Why's this under privacy? There's no reasonable expectation of privacy using someone else's network. Especially when the stated policy upon arrival almost certainly says "don't do this"
Of course this is a good endeavor to stop piracy, but the question is: Even after they successfully identify each user, can they effectively shut down each of the machine? They can do it for their student, and probably *AA will jump in for the big-brotherism. But can they do it for the rest of the world? I think not.
So, if they do this again -- it's like Napster story once again. New, better P2P softwares will spring up and it's more resilient and equipped with military strength encryption and stuff, which will in turn annul their previous effort.
--
Error 500: Internal sig error
Here in the up side of the world, when we want to shorten "university", we shorten it, dammit. We don't make a measly compromise.
...we rot-13 encode everything. Big deal.
But there is another kind of evil that we must fear most... and that is the indifference of good men.
It will only take a few arrests of young college students in the States to pressure the release of secure sharing over P2P. That's probably one of the reasons the RIAA isn't targeting anyone in the States yet. They are testing the waters in Australia however, but they don't want the P2P networks to go secure until they have cataloged everything they can.
Where the Music Matters
Hey I still use telnet, and I could give two shits if anyone ever sniffed it.
...to ask whether anyone has gotten FreeNet working over Mac OS X. I started the daemon, but localhost's port 8081 (or whatever it is) wouldn't respond.
Has anyone had luck interfacing with the program after starting it?
This new technology will last for about 1 day. That's how long it will be until Kazza, Gnutella, Limewire, et all will switch to an SSL encapsulated protocol. Suddenly all the "fingerprints" will be shot. Each and evey download of the exact same file will have a different, unidentifiable, "fingerprint".
Sounds to me like this company took a copy of Snort, set up a few rules for the "fingerprints" and sold it to the University of Wisconsin. What a waste of money!
You _could_ be running a persistent freenet node.
that I'll be punished for stealing songs, if they release details, my freinds will never let me live down my collection of Ricky Martain MP3s!
This is pretty rotten... who died and made some server admin at U of Wyoming God for $5.00/hour
How are these people qualified to filter out what is legal and fair use?... isn't that what the court system is for? Yes people, I know it may take a while for the courts to work, but if you have a problem with copyrights, and fair-use you have to stay within the law and respect it... not go out like a bunch of cowboys and do whatever you feel is right
There is a system set up in virtually all countries to deal with these types of things, and in the USA it is the court system whether some asshole at U of Wyoming likes it or not.
I RTFA and I'm curious how this works.
It seems to say it rebuilds the songs, and assigns a digital 'fingerprint', which I'm assuming is some sort of a hash based on the resulting wave file?
If this is the case, how much does a file have to be altered to make it undetectable?
And can it have a false positive in the form of a song that sounds similar, but is protected under fair use - ie; a parody?
What about commercial music releases that sample public domain material?
I don't need no instructions to know how to rock!!!!
Wide adoption of THIS project as reviewed on slashdot a while ago.
I'm sure you're not being serious. But if you are, there is an encrypted way to open terminals using ssh. I commonly use terraterm pro with ssh enabled to login to work from home (of course this only works when your server is ssh enabled).
Scarier, How many sheep fsking movies have they fingerd
It seems to me that Student Unions pretty much bitch and protest nearly all administrative decisions at a university. I would really expect them to go all out in this case. If they had any brains at all there would be a huge student rally this weekend to protest this. I'm pretty sure the WHOLE school would show up. NO ONE likes to have their privacy invaded and worst yet, have RIAA and MPAA within striking distance!
----
Go canucks, habs, and sens!
most clients on the gnutella compress their traffic (at least recent versions) so it would not be that easy to listen and check for the swapped content right ?
... and people were complaining that Australians were abbreviating University to Uni
What sucks about giving freedom and liberty to people (or even college students!) - is not knowing ahead of time what they might actually do with it.
...
You know - like invent a decentralized p2p network and trade music files with it
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
Sometimes, my stupidity amazes even me.
Yeah, I remember telnet.
.... hours since I have used telnet.
It's been like
Those were the days.
I don't think so. Everybody who is using the Net should be aware that he/she can be watched. P2P networks do not encrypt data because the idea behind it is to share. If you want to find out who is sharing files you don't have to monitor the traffic. You can just join the party :)
It means that no encryption would help. If you share your copyrighted material you can be watched by the RIAA and their friends.
I don't personally think it's dangerous for the p2p users (there are too many of them out there) but it's good to know
barwil
It's pretty obvious you can't copyright a length 1 bit string, so how many bits do you need before you own it and I don't? 10? 100? 10,000? I know you can't trademark a number, can you coprright one?
Well, I'm sure this will appear in the large ISP's if it's proven to work on the small-scale...
Perhaps with this 'fingerprinting' technology the big boys can just charge us the ($.50/$1/whatever) a song they want from us anyways? Instant delivery system for them that they didn't even have to build!
This whole deal about copyrighted material somehow reminds me of the war-on-drugs... Making criminals of all the users didn't work there... Trying to stop the supplies at the street level didn't work either. The only thing that will work is legalizing the controlled substance... then taxing the hell out of it... hehee
This claim is interesting in a variety of ways.
If the notion of privacy in our communications is going to be utterly discarded, I rather wish the school had elected to eavesdrop on every phone call made on campus to help catch thieves, domestic abusers and other violent criminals, etc.
There are plenty of people who say what goes on the internet shouldn't be private; that there's no expectation of privacy there. I guess we'll get into this issue a bit on this topic. Just please don't forget to have a little imagination. This is all new. We're making the rules as we go along. Sometimes I think if the phone had been invented last year there wouldn't be an expectation of privacy on phone calls either.
Remember this is a "private" institution doing this, i.e. not a law enforcement agency. Remember that just because they can write a fancy terms of service that authorizes them to do whatever they want with the network, it doesn't make their actions legitimate, let alone moral.
Finally, most interestingly, remember that Fasttrack (i.e. Kazaa, etc) is encrypted over the wire (see this link). There's nothing saying that the whole thing won't be reverse-engineered and cracked sooner or later, but to my knowledge, that hasn't happened yet... of course, that could just be last I checked.
Want to Know How to Cheat the GPL? Read On!
Can someone explain to me why this isn't illegal? Theres a law from the 1930's that prohibits telephone operators from listening to people's conversations. A few years back it was ruled that ISP's are in the same category as the telephone operators as far as the law is conccerned, and thus can't spy on what their users are doing. Yes I know its a university, but I think they can qualify as an ISP as well.
what constitutes your own network?
Comment removed based on user account deletion
For months, the digital equivalent of a postal censor has been sorting through virtually all file-swapping traffic on the University of Wyoming's network, quietly noting every trade of an Eminem song...
:-)
I'd been *wondering* when someone was going to finally do something about his lousy music! U of W's spearheading a regular cultural revolution!
May we never see th
If monitoring and blocking tools were widely introduced, new software programs could easily develop ways to encrypt or scramble the data in transmission in order to make it unrecognizable by Audible Magic's tools or other databases.
.jpg of astronomical images, or pass it through a filter that makes it look like bad poetry, or make it a self-inflating-decrypting executable. You simply cannot write a program that will automatically filter all content, without simply denying all communication.
Encryption is just the tip of the iceberg. I can easily compress and encrypt any file, then slap on a header that claims it's a benign
All they need is software that emulates kazza or other P2P software and attempts to make connections to user's computers. Unless you do filesharing with people you trust, there is no way you can hide what kind of traffic is being sent. On the client side, the person not sharing files, I guess you could use encryption, but then you know what that will lead to in universities? A ban on high-bandwidth encrypted connections. As long as it's a problem I think the technology to detect P2P will keep up with the P2P software itself.
Besides, if I went to that university, I wouldn't want my research slowed down because some freshmen was trying to download Friends episodes.
Excuse me, even if the file was encrypted, the fingerprint for the same file shared all over would be the same and thus they would know when your sharing the latest Joe Millionar or Daredevil blah blah (who would do such a thing?! OMG).
Point is that fingerprinting probably just runs a md5sum on the file being sent or TCP fingerptints the transmitting bytes, this could not be defated by just encrypting the file !
Maybe something like bittorrent should enable small random bytes to be sent with the file when a file is being transmitted (which would defeat fingerprinting).
So, ok these guys have essentially done what FastTrackMovies has done and hashed each file. Hunky dory. So, people implement this and think "no one can trade my files, cause we know what they look like (and have the hash), so we can block it."
.zips or .tars the music or movie.
.zipped asset from being traded? I know it won't compress the MP3, but it will change the fingerprint.
Now, Joe Pirate simply
Exactly how would they then block the
Methinks WinZip is the Sharpie for this expensive DRM.
"The pie shall be cut in half and each man shall receive.....death. I'll eat the pie."
Why don't those silly P2P programmers get smart and start making their software work off port 80. That oughta stall them sys admins for a few more months.
No trees were killed in the making of this post; however, many trillions of electrons were horribly inconvenienced.
While the future of p2p is encryption, if clients exist that can unencrypt, then they can create their own client to track the files content..
Else it would be pretty worthless...
---- Booth was a patriot ----
Theyre looking to block copyrighted audio content. Sure, that's fine. But you can't "fingerprint" something as complicated as a DVD or somebody's home-ripped pr0n movies because each ripper/encoder works a little differently.
Youre going to wind up filtering everything but *porn*. I can't really see that being what they intended to do.
"But it's getting to be the only way to control our bandwidth."
In one 24-hour period, for example, the most popular file traded using the Gnutella network was an MP3 by rap artist "Big Tymers," which passed the network monitor 188 times.
The students should really set up their own, internal P2P network. This would put less tax on the University's external bandwidth, downloads would be quicker, and, assuming it's restricted to local users, the RIAA couldn't really prove any wrongdoing. (Although their FUD generally scares universities enough.)
Universities are generally big enough to support a network on their own. They should.
While its true that most Student Unions bitch and protest nearly all administrative decisions, I would argue that the administrations rarely listen. It makes sense, though, because if you listened to someone who complained about everything you would never get anything productive done. In fact, the students themselves rarely listen to the Student Unions - only when there is a very serious infraction of their rights. So why don't the students have a huge weekend rally? Because I doubt that many University students care all that much. They all have classes, tests, and homework they have to get done. They might utilize p2p networks, but its not their life and if it gets sniffed they probably won't care a whole lot. There's no incentive for your random, average, run-of-the-mill college student to care about what gets sniffed on the network or not. All they care is that they have internet access to do research for their papers and reports - oh and chat as well.
They really don't care *what* is being shared so much as bandwidth costs. For U of W, this isn't so much a legal question as a policy question to keep their network costs from spiraling out of sight.
And many P2P users simply don't care in the least about their bandwidth usage -- they suck up as much as they can get. No effort to obtain a file from another computer on the local network (granted, most P2P software doesn't even support this). They simply expect mass amounts of bandwidth, and for other students' tutitions to subsidize their downloading.
I'd like to see per-user data transfer per week quotas, where users get capped to 2kBps or so for the rest of the week if they exhaust their quota.
May we never see th
Or we may find ourselves without the ability to enforce the GPL.
The RIAA themselves is guilty of seeding P2P networks with null files that share names with copywritten material. Who's to know if the eminem you downloaded is a song, or whitenoise?
If they had any brains at all there would be a huge student rally this weekend to protest this.
To paraphrase Nietzsche, you are assuming something.
Also, if an unjust war against a defenseless enemy won't get them out in the snow of Laramie, this sure as fuck won't.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
Why don't they just run a bunch of freenet nodes? First off, it's completely encrypted, so the university/RIAA would be completely screwed if they wanted to find out what you were doing. Plus, the files are optimally distributed across several systems, so then when there is a file to be downloaded, it won't be too hard upon the univerity's internet connection (that's assuming that it's a popular file and it's also distributed among several of your piers on the university's network).
Not only that, but if the university wanted to try to filter out all filesharing, then you could just run your freenet node through port 80, and it'll look something like ssl traffic if I'm not mistaken (please correct me if I'm wrong in that bit of info).
It's different if they just want to conserve some bandwidth, but if they are just trying to stop the distribution of copyrighted works, then that sounds like an impossible task. Who owns the copyright on "Redhead Sticking a Cucumber up her Ass" ?
--sex
Very popular slashdot journal for adul
What will be the effect of this? I'm just wondering as a newbie-programmer, freshman, etc. here in Laramie, WY.
I'm just wondering what everyone out there thinks will happen here.
BTW, yes we have roads, computers, dsl, horses, wal-mart, an interstate, etc. It's a beautiful place to live...don't diss on us!
"...like back when everyone still used telnet..."
simple, p2p using ssh/ssl/etc on port 80
MAnyone know if a P2P that encrypts or SSH's? I know I'd be willing to try it out...
-Valiss
In SOVIET RUSSIA, P2P apps fingerprint you!
Mr. CowboyNeal. Since when was Telnet SECURE? All this talk by others to the effect of "well just use FTP" makes no sense either.
:-( It has legit uses though!
What would be required at the very least is SSH or sFTP.
If p2p networks shifted to using or emulating those protocals then I guess the RIAA would try to ban SSH also.
"The point is, it's THEIR network. It's not the student network"
What planet are you on? I mean, if the student pays for school, he should get to slap his professor upside his head, when he makes an outragious comment, including using the network for how HE SEES FIT!
I as a tax payer have given him permission to wipe the network with a cheesecloth and anything else he wants to use it for!
You think just becuase the "school" claims ownership, that it isn't really the taxpayers and students network?
Go back to school and learn it's the peon students and taxpayers that are going to change this planet, not the school officials and elected officials!
It is possible to get Freenet working on OSX, take a look at the Freenet website here, and email support@freenetproject.org if you need any help.
Generally, the majority of campus internet traffic these days is related to file sharing. Almost every colleges and university in the States has had to employ some method for dealing with this, from governing bandwidth distribution to simply upgrading infrastructure. Curbing the distribution of copyrighted data is not just about folding to the RIAA ... it's a pragmatic solution to a huge problem.
That's why my pirating is so incredibly slow... I had no idea they were throttling me down that horribly. I just expected my roomate was hogging the bandwith with gnutella.. :(
How did you figure that they're going to use SSL when they haven't even started encrypting traffic yet?
People that watch "Friends" know how to use P2P software.
I'm stunned.
Would the university selling tapes of showerrooms be a privacy issue? There is no reasonable expectation of privacy using someone else's showerroom.:)
Is this a sigs-optional kind of place? 'Cause I am totally down with that if you know what I mean.
Wow, just imagine. Someday everyone will have a P2P network of their very own! Er, wait....
So...The protecting IP claims of some music monopoly is good enough reason to begin large scale and detailed monitoring of Americans?
Rights that can be easily removed are no longer rights. No more 4th amendment folks, not in America. Not anymore.
What I don't understand is why all right wing talk shows are so quiet about it. I always assumed conservatives were big time Constitutionalists. The administration is shredding the constitution and Limbaugh,etc, don't seem to be very upset about it. Bush is even a gun grabber(Our Lady of Peace Act). But Limbaugh never mentions that law. He's leaving all his people in the dark. It's kind of sad.
He knows his audience values their 2nd amendment rights but he's not warning them that Bush is coming for their guns! It's fucking pathetic that people still listen to him, and believe.
Rush Limbaugh has sold his soul to someone.
I used to listen to his show when I was younger, back when the conservatives had their "Contract with America". Over the years it was abundantly clear these "New Conservatives" were just as dirty and corrupt as the democracts they replaced. And now they're taking the guns aways and Rush Limbaugh doesn't say one fucking word about it. What a no-good, dirty, motherfucker.
With the dignified and respecful manner they treat their students with, I'm sure they'll be quite popular with the /. crowd. You should have added a link to their admissions page.
--
"God is a comedian playing to an audience too afraid to laugh." -Voltaire
Over here at a certain Central Ohio university (That happens to be National Football champions this year), we have a Direct Connect server sharing 10 TB of files; The transfers go over the local network. And the great thing is, it goes at ~900 k/s, unlike KaZaA which goes 15 k/s if you're lucky. Personally, I think this is the way to go; the university pays no bandwidth cost, and I don't have to wait all day.
1p}{ 1 sp34k |33+ +|-|e|\| p30p13 \/\/il| 8e i/\/\pr3553|)
just burn them bastads to some DVD's and distribute them in the dorm... trade them for beer and blowjobs if you are smart. Geez you people are so lazy, when I was in college this would have been a no-brainer had we the technical toys that you do now
Before some of our fellow slashdotters come up again with "They own the network": Yes, they do. But that does not grant them the right to monitor it continuosly and in detail.
Someone always owns a piece of infrastructure, be it an ISP, a University, the interstate authority or your 'landlord'. But they don't have the right to invade your privacy if you are using rented, leased or subscribed equipment. Imagine the owner of your apartment trying to monitor your living habits, to make sure "nothing fishy is going on in your apartment".
Network and telephone lines can transmit very private and sensitive information, and it is a serious crime to snoop that out. If you thought that was the right way, you're had too much time on corporate americas way of life. They are your customers, your contractors, if you like, but not only that, but living feeling humans that deserve to have a private life, one that's none of your business. You can imagine a thousand situations like this:
- You rented my car, why don't I have the right to monitor where you're driving, who you take with you and what roads you drive on?
- You rented my house. I claim the right to visit you whenever I deem it's necessary. And just to ensure, that my property is taken good care of and you don't hoard drugs there, I will make a full seizure every time I come.
-
I rented you my video camera, you've got to give me a copy of each recorded tape, so that you cannot film underage porn. Think of the children, my god!
-
And finally: I've given you Internet Access. Now that you can browse the web and do spiffy emailing, you must be utterly thankful to me. And since you are a student, you don't have any rights to complain, we will treat you as a slave and you have no private life. Be thankful, you even got a 'net connection and understand, that we have to make sure you don't do illegal things with it. We don't count the bytes, we don't have per-user quotas, we do the nasty GESTAPO stuff piling through all your traffic. If you complain, well, try another University.
Opening some other's letters is the same and I hope finally someone will punish the university for doing this.Let it happen, that on one incident, some very private information about a student is obtained that way and told the public to embarrass him. One lawsuit later, the U has lost 10 Million US$ for a settlement and the bandwitdh savings of 5 years are worth exactly nothing compared to this. Go ahead, wait till someone reacts. I'd do that.
"It's scary until one realizes that most P2P traffic isn't encrypted, like back when everyone still used telnet" P2P traffic may not be encrypted but the "scene" has been encrypting everything for some time. So this may put a stop to p2p but it's not going to stop piracy at universitys.
Yes, I own the switches too. I don't get your point.
What traffic you propagate within the hardware you own is your business. Once it hits a router to another network (DSL/Wireless/T1/Cable) and enters their system it's no longer your traffic. As long as they don't violate their end of your contract, they can do what ever they want to do with your traffic when it's on their networks.
If I try to send traffic on my DSL provider's network that they don't want then they can block, deny or trash it. As long as it's not in the agreement that they have to carry it, then there's nothing I can do.
I really don't see how this is a hard concept.
There are a lot of people saying that encryption wouldn't be the answer but I beg to differ a bit.
If each file transfer between two clients was handled encrypted in the following manner:
- When you log on the network your client generates the equivilent of a PGP public/private key set.
- When a file is transfered from person A to person B person A encrypts it with person B's public key.
Now, no man in the middle can figure out what you are sending to anyone or what you are recieving from anyone
Yes they could just create their own client and do a search on the network and see what you have shared on your client but that is possible now.
The method described in the article doesn't do that though. It is a passive system that just monitors the data passing through each router. Encrypting all transfers and query responces would stop this kind of filtering as nothing will ever have the same signature twice.
That probably didn't make any sence but I've beeing diagraming crap for class for the past 12 hours and nothing makes sence any more!
I hope they kill piracy. Even though most music is worthless, kiddiez on kazaa annoy me greatly.
I think this may have been touched upon here, but the college owns the phone lines going in, they can't arbitrarily listen in on that mode of communication, or even arbitrarily start sorting through who calls who.
At my college they had mailboxes set up in the student center. The college owned the property, but that doesn't give them the right to read my mail.
I am a convert. I used to believe even a company should be able to monitor all traffic, emails and files. Then I realized, just because you wrote a note down on a notebook the company gave you, that doesn't give them rights to read through your notes. Just because you take a call at work doesn't give the company the right to listen in. And if all these modes of communications and data storage are protected under privacy and speech rights, then there is no reason that speech rights should be completely ignored simply because you use a different medium to converse or share and store data.
I live in the UW residence halls, and us the connection %100 of the time. I honestly don't feel any invasion of privacy. Anything they can do to help speed up the connection is wonderful. The problem with P2P sharing is that people, epically college kids who don't pay any attention, don't limit the number of outgoing connections they allow. Pretty soon you've got everyone on the network serving up a thousand copies of "Stan" every day. If looking at my traffic is what it takes to fix the connection slowdowns, by all means, go for it.
a parody of an EmmnEmm songthat was about friends, and I called it friends, would I be in trouble?
The Kruger Dunning explains most post on
Comment removed based on user account deletion
I go to a tech school and they have just about every single P2P service blocked, except for sharing directly between users over the network (such as Gnucleus or AOL).
Its amazing that despite my house only having a low bandwidth DSL connection compared to the OC-3 I'm running on at school I still am able to download 10 times as many files just because of the availability of P2P services when I am at home.
I think that the whole copyright infringement thing needs a complete overhaul with taking the internet into account....I mean, I buy more CD's if I can download songs and listen to more of the CD before I buy it, but if I can't listen to songs I probably won't waste my money trying to pick good CD's randomly.
'nuff said
I bet the university wouldn't have much of an issue with it if it didn't require so much bandwidth. I have a friend that just graduated from this U. and believe me they are having serious financial problems. I'm just guessing here, but I wouldn't be surprised at all if they're just trying to cut down on their overall internet usage.
I don't think this is relevant. I haven't looked at any packets going down the wire, but I'm assuming when you request a file from another user, you have to ask for that file. Filename request goes down the wire. Once you know the format of file requests for a given P2P program, you can just scan them to see what kinds of files people are requesting. If not the file requests, what about when the client replies to search requests? What about direct connect complete listing queries?
:) So in an effort to make things better, once the P2P catches on it will be made worse again.
Some users have already brought this up, but the way around this is to encrypt/re-code the traffic. That is, all the requests, all the listings, all the control stuff, and the file transfer itself. This may lead to an increase in bandwidth consumption just to encrypt everything though
Just like after Napster. When Napster was popular, there was a gradual movement to shut down access to it. So other services started popping up, then completely distributed services such as Gnutella. Gnutella is a tremendous bandwidth hog, as opposed to something more centralized.
I respect the universities that just try to limit the bandwidth consumption of the offenders. But just shutting this stuff down cold turkey is only going to lead to P2P more difficult to detect and filter.
Of course, organizations such as the shitty Adelphia cable should not BY DEFAULT have a 15kps upstream. Assholes.
-- Having a Creationist Museum is like having an Atheist place of worship
Make a 1 byte file, call it "U of Wyoming - The modern day 1984.zip", get a friend outside the Uni. to host it, and set your machine inside the Uni. to download it once a minute.
Heh... If a few of you do that, the database could be full of useless info in no time!
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
The college would be in a GREAT position for a man in the middle attack.
[quote]It's scary until one realizes that most P2P traffic isn't encrypted, like back when everyone still used telnet.[/quote]
Uh. Most lUsers still use telnet...
That's not the point. They're not targetting burglars or file pirates, this system invades the privacy of EVERYONE on the network utilizing P2P for a variety of reasons, not necessarily to get a sneak peek at Matrix: Reloaded. That's illegal or at the very least immoral.
-Matt
--- Need web hosting?
I'd be more worried when somebody's prof finds of a homemade copy of "Me and my dormroom buddies get it on.mpg" starring one of the students. That or just when the computer admin gets it... not sure who is scarier.
Someone set up an independent NAT, DHCP, firewall box and don't keep logs. Oh, that's what your roomates cracked w2k box is for? Never mind.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Can you please send a copy of that to me?
I read that as "Girls Gone Wild - Spring Break #19 - The one where the shave the turkey".
Why don't all the filesharing networks, Kazaa, gnutella, etc., encrypt their searches with ROT13 and then slap malintentioned groups snooping traffic with lawsuits citing the DMCA. Since the movie industries pushed this to control their media, this would be quite an ironic usage of the DMCA. hehe
(of course, a way to get around the traffic hit would be to build a smaller, slightly less expensive internet just for the sniffer communications, but the costs for that would be pretty painful)
(Relating points 2 and 3 will mean the only thing the internet will be capable of anymore will be sniffer communication, but I suspect that would suit these guys)
I once heard on an idea that TCPA / Palladium style DRM could be used to create a strongly encrypted P2P network. The DRM tools could be used to verify the identity of each node, ensuring that only trusted individuals use the network.
Could something like this work? Legally, it seems one might be able to get away with this as a person would have to break all kinds of protections (TCPA, encryption, etc) to see what kind of data is being exchanged, and thus be open themselves up for a lawsuit.
That'll just 'em a date with the Prof.
KFG
to live off-campus, get your own DSL or cable connection and tell the universitiy to go f#@k themselves. Just don't use their system.
A VPN would prevent this.
Jamey Kirby
>Who owns the copyright on "Redhead Sticking a Cucumber up her Ass" ?
Your mother.
Encryption isn't a magic bullet.
SafeWeb Vulnerability, Fingerprinting Websites Using Traffic Analysis
Netcamo
Can I trade a copy of your RSCA for "Backdoor Sluts 9"?
http://pcblues.com - Digits and Wood
I did too. I almost fired up Kazaa and then I saw your message. LOL!
Today, with all films/pictures copyrighted by default, and the copyright period lasting since long before color movies were invented, law-enforcers and administrators can very safely assume that everything is copyrighted. Until proven otherwise.
They can make the task possible by shutting down every form of one-to-many peer file exchange.
And unless it changed from about two years since I last used it there is the speed issue.
I tried using it to just view webpages it found it to be slow as molasses. If all you wanted was text it was ok.
I agree about the searching part, I can understand security wise why there isn't one. The problem is that there isn't much reason to use freenet if you can't find any thing.
From $$exgal's journal:
;-)
Just for fun, I compared my number of fans vs. some other Slashdot folks:
1117) CleverNickName (+27)
1095) CmdrTaco (+36)
707) Bruce Perens (+3)
690) $$$$$exyGal (+110)
434) FortKnox (+2)
351) hemos (+4)
258) SlashChick (+0)
Thanks for being my fan
--gal
Fascinating.
Someone spreading around a movie or image of them imitating goastse.
If you use session encryption then the key is different (and thus the ciphertext is different) for each download.
They've been doing this for awhile in some way or another as far as I can tell. I went to undergrad at U. of Wyoming, and I remember in my Junior year Operating Systems class (so, three years ago) my prof telling us about a list IT had that detailed the top traded songs on the network. At the time, I wondered how they actually knew which songs were traded. Now I see this turn up on Slashdot, and I guess I know. But they've been monitoring for three year (at least) I guess and seemingly haven't taken any action (though I do know they restricted the bandwidth coming from the dorm network segments at one point.)
"What sucks about giving freedom and liberty to people (or even college students!) - is not knowing ahead of time what they might actually do with it.
..."
You know - like invent a decentralized p2p network and trade music files with it
You know what also sucks about freedom? It comes with consequences.
All schools I've been to have some sort of "Computer use" or "Technology" fees. And of it's a public school, the rest are funded by the tax payers.
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
our Internet access is completely shut off if we exceed 300,000,000 uploaded or downloaded bytes in one seven-day period.
This just pisses students off, can penalize people who accidentally use too much bandwidth, and just plain isn't a good idea. Much better to throttle the connection of the user's been using excessive bandwidth.
May we never see th
Who owns the copyright on "Redhead Sticking a Cucumber up her Ass"
I don't know about copyright, but I'll bet Unisys has it patented.
I suppose you would also have me believe that P2P networks themselves are illegal as well, not just sharing copyrighted works?
All they need is software that emulates kazza or other P2P software and attempts to make connections to user's computers. thats where DMCA comes in. They have to use only Kazaa to reach out to a file sharer using kazaa, unless explicitly authorized by kazaa themselves, else its illegal. So it becomes a real problem to automate this detection of users within the university's network without colluding with Kazaa. Ironic, isnt it?
Exactly.
Want to Know How to Cheat the GPL? Read On!
I am in charge of the network/server department at our college.
.au files when I was in college thinking how cool it was that my box could play the james bond theme.
We have a limited connection to the internet, which is usually being eaten up by P2P traffic. Today, over an hour period, we had three students that used a total of 4G of traffic in an hour.
I don't care what the traffic is, but when legit work can't get done, such as our payroll system which uses SQL*Net across the WAN (bad idea to begin with, but that's a state bueracracy for you.) and their processes just aren't working, shit is gonna have to happen.
We blocked port 1214 (kaaza) and a week later the port switching version came out.
Right now we are facing the choice of either doing some severe draconian network policies or buyin a packeteer.
And how long will that work before the next fileswapping act runs with ssl over 443?
I feel for the students - it's something fun to do...hell, I remember downloading
Makes my life a pain in the ass - how to be nice and let legit stuff go on, allow some fun and experimenting to go on, at the same time "protect" the network and make sure it is available when need be.
we know because we monitored the connection and all information passed between your client and the server.
:)
have a lovely day!
is free! There is no extra charge when you live in the dorms or a on campus fraternaty or sorority. This gives the students even less say on what the bandwidth can be used for.
:). Kinda wish I was still there
I used to work directly under Brad Thomas and actually setup cricket to monitor the bandwidth on campus and as far as I know this is still working. The Packeteer software was added while I was working there while this new finger printing was added later. I know that the bandwidth from the dorms (as high as 50MB when unlimited) was killing voice and video trasmissions for remote schooling. Something definatly had to be done, they are not just evil.
Also I remember a couple of times where abuse@uwyo.edu would be hit by Sony records asking us to shutdown someones computer sharing illegal music on the net. Few switch commands later, *BAM*, the kid was disconnected until he removed the material. Kinda a fun job
That it won't take proper advantage of a local network. There is no good reason that any song should be transferred 181 times over the main upstream router. I presume that implies downloads. Once it has been downloaded, it's now present on a computer on the local network, which should have at least an order of magnitude more bandwidth available. The advantage for the user is that the file will transfer a lot faster. The advantage for the owner of the network is that local resources will be utilized (cheap) instead of the internet resources (expensive). Certainly, it's possible that someone downloads, listens once, and deletes a file before anyone else grabs it, but as soon as it has any significant saturation, it will be very difficult to remove ALL local copies for quite some time. I would bet between 95-99% of files downloaded by someone in a large network environment, such as a school or a large corporation, are already in existance somewhere on the same network.
Yes, the school is searching for illegally transferred content. However, while they might want to promote only legal use of their network, curtailing the internet bandwidth is most likely a higher priority, and if 95% of the data that flows over your network is illegal, that's a nice target to aim for. However, if the hit on their bandwidth was negligible, they probably wouldn't even pay attention.
This might at first glance seem to only help the downstream, but if the same P2P software is used elsewhere, then the upstream requirements would diminish as well. Even for those on cable networks, it would be better to only grab from someone on the same network, rather than hit a backbone provider. The less an ISP has to spend on internet traffic, the more money they'll have, and the less it will cost you, or at least the ISP's won't all go backrupt.
-Restil
Play with my webcams and lights here
"Come on, it's Wyoming. We zip in, we download some mp3s, we zip right out again. We're not going to Illinois. It's Wyoming, it's like going into Wisconsin."
Encrypted IRC or FTP is all i use anyway and u can bet encrypted Kazaa (O i hate it) DC, Gnutella will be in the works
So what f*@# u gonna do UW crack my encryption?
We don't call the university U of Wyoming or UW(you double-you). It's U Dub (you dub) :P
Proud freshman flunkout!
I though the bandwidth would go down after I moved out of the dorms. Since I kept trying to /. it in my posts (succeded once too).
Like here Or here. Or even here.
Guess my old drinking buddies filled the bandwidth gap I left when I dropped out.
Unless some super compression comes out, they are still going to tell that you are a p2p user.
You can encrypt the hell out of it all you like, but you still forget that you will be passing and using up lots of bandwidth with is a big flag.
If I was an admin on said network and noticed that kind of traffic I would either investigate it, and if they refuse to stop or give a legimit reason I would punish them, or kick them off.
Tell me just how encryption will protect the fact that you are using up lots of bandwidth?
If I was a admin and noticed a lot of unexplained traffic, guess what I am going to assume is the cause of that traffic?
Sure it can hide what you are traiding, but those who run the network are going to catch on and will do something about it.
Depends on what you mean by "didn't work". If you're talking about civil liberties being preserved while reducing the flow of illegal substances... sure.
I think the War On (some) Drugs worked wonderfully for its real intents and real beneficiaries.
I suppose you could find similar intent in the case of RIAA/MPAA, s/Drugs/Media/ etc...
Make sure everyone's vote counts: Verified Voting
Who owns the copyright on "Redhead Sticking a Cucumber up her Ass"? I guess that would depend on who owned the cucumber.
It shouldn't be too difficult to backwards engineer there protocols. I'm sure that's how they were able to detect filesharing in the first place. If you can understand the data in the packets kazaa clients send, you can emulate it.
I bet those smart enough to look for unsecured wireless connections will be safe from the prying eyes. I guess the owner of the AP will learn about wireless security the hard way.
Wow.. UW on the Slashdot front page... Amazing. Unfortunately the article hardly says anything, so as a former IT employee and currently part of the staff that deals with all things related to student networking in the dorms, I'd like to try and fill in the details: Unfortunately, Laramie is NOT a large town (26k counting students) and the bandwidth coming in is very limited. The University only has a 30 Mbit upload capacity coming through Cheyenne, which (limitedly) comes from the huge hub in Denver, CO and (so we've been told) "there isn't enough capacity going into Cheyenne for us to purchase more". Up until a year and a half ago there weren't any problems here with bandwidth. Then all of a sudden everyone is using P2P in the dorms and leaving outside sharing on. It wasn't a problem of people downloading with P2P, it was the rest of the world downloading from us. There was so much traffic going out of the dorms that the entire university network was slowed to a crawl. Their solution at first was to just limit the dorm traffic to 10Mb which fixed the problem for the rest of the university but made it impossible for me to even read slashdot from my room. Naturally that was still a problem, as even legit HTTP traffic couldn't get through. They've been messing with packeteer for a long time but can't come up with a good solution. Right now HTTP packets have highest priority, followed by FTP (which wasn't allowed any priority at first until a lot of students complained) and just about anything else is like squeezing the entire population of China through a single revolving door. Speaking of telnet.. I can't telnet to anything off campus from my room unless I want to WATCH the packets arrive every 10 seconds or so. P2P traffic is about 20 times slower than a modem (but everyone still uses it.. as I sit here writing on my ex's computer next to her latest list of mp3s to download). So how do the geeks here survive? A lot of people are running local FTP servers, which is all I use any more. We can't play networked games off campus, so we have set up our own servers. But even that didn't work- Games like counterstrike which needed outside authentication would time out after 60 seconds. We managed to fix that problem with http tunnel. Almost anything can still be tunneled out and is unaffected by the packet shapers, provided you can find a good, reliable proxy on the outside. As far as getting busted for file sharing, we have shut off quite a few ports because of letters from the RIAA/MPAA, but for the first offense the students are only required to give us verbal confirmation that all of the illegal material has been removed before we enable their ports again. After that the ports to their rooms are shut off for the rest of the semester. Oh, and as far as an agreement? I sure don't remember signing anything related to the network usage. Personally, I don't see anything wrong with them snooping the files going through to help increase the legit bandwidth, as long as they aren't trying to crack through encryption and they don't snoop local traffic. I also think they should look into local file servers... you'd be amazed at what you CAN'T find on a 320 Gb ftp server filled by students... I never have to get anything from off campus anymore, unless its the latest source code for my Gentoo box (wget through HTTP works beautifully). At least the article picked the right person to interview as Brad is one of the few people over in the IT department with a clue. Sorry, couldn't let the article make our IT department look like they really know what they are doing. Really they are just being guinea pigs for this new software that the article is hyping up. IT is, however, doing a good job of walking the fine line on illegal P2P sharing. As Brad stated, they have a somewhat "don't know, don't care" policy while at the same time acting as MPAA/RIAA whores upon request (which I think is what this software is really for). Anyway, hope I could clear up a few things for you from someone who has been quite involved with all of this. Post questions, I'll be happy to answer. --An Anonymous Coward, even though most people from UW already know who I am now-- And uh.. mod this up/link it to the article
You are seriously mentally deficient if you think students own ANYTHING that the University owns. Tuitions don't even cover the total costs of getting an education, and haven't for decades. Ever hear of Endowment funds? If anything, the alumni own the universities along with corporate donors, the government, and philanthropic individuals.
And no there won't be riots. Not as many students think stealing someone else's intellectual property is as important as being able to get your class mate drunk enough to date rape her.
Mac OS X and Windows XP working side by side to fight back the night.
btw, do you have that video? I'd be interested in maybe a trade.................
"Without any copyright, the GPL is not needed."
What is copyright for? Well let's look at the things expressed ideas, and physical objects have in common. They both have intrinsic, and extrinsic worth. Both require effort and time to convert into a usable form. Society benefits from the presence of both, and suffers from the lack of either, in keeping with their interdependent relationship. Both are recyclable. The reward-effort cycle, which at it's heart, has human wants and needs driving it. So were does copyright fit into all this? Well the physical side has a long established mechanism for handling the "scarce" nature of it's side of the cycle. What's acceptable, what's not. The limits along it's journey to its end, etc. As well as how the end will be handled. So were's the analogy for the idea side? Copyright is the answer,fulfilling a similiar role. So were does the whole "you have the original,I have a copy", as well as the "I'm not hurting anyone" fit in? Think of all the above as a wheel moving forward. As the wheel gets more out of round, it's more difficult to move forward, and if not corrected will soon stop. A monkey wrench into the machinery if you will. Untill the physical side achieves parity with the idea side, or the interdependent relationship is broken, we will have to live with the what we have. Imperfect though it may be.
So let me get this right. A school that would otherwise have no legal responsibility to clean up pirated network traffic, at great expense, has opened themselves to huge litigation?
Using the ISP provisions of the DMCA, a school would seem to have no responsibility to remove pirated files until they are informed about them. Unless of course they have an application like this, then they know about them all the time.
So with the ability to see the pirated files, they inherit the responsibility to remove all of them, all the time, and probably at great expense. If they stop doing it, they could get in trouble, if they don't do a good job they can get in trouble. Not to mention the fact that the student body will likely mention this to prospective students. There are a lot of schools out there, I think I'd keep looking if I found a school with this level of mistrust of it's student body.
If I were the school's attorney, I'd have them shutter this little "test run" as soon as possible. Another instance of some idiot putting technology over common sense and opening an organization to massive liability.
Well, there's only two possibilities, it's either the Redhead or the cucumber, right?
-- Dane Jasper Sonic.net, Inc.
They'll get you everytime
" The U.S. Copyright Office Electronic Registration Recordation and Deposit System is the Copyright Office's system for registering claims over the Internet. Through the Internet, copyrighted works become available throughout the world instantaneously. As copying these digital works becomes easier, copyright protection is imperative."
Actually this could be cool, however following it to a illogical conclusion there are loopholes for massive abuse. A media file would have a locatable Digital signature that a filtering router could read. Check against a database for known bootlegs and you got your filter. (hmmm, run it on a linux box and finally get some RIAA/Evil use out of those longhaired geeks)
If no Digital sig is found then implant one and forward the file and new sig so the RIAA can add it to the registry for later review. Cause it could be a new burn of the latest N'Sync song or that one about Fred Durst telling Britney Spears to drop dead. you could plot the movement of files from user/site to user/site and show who gave what to who and when. You end up with a nifty tracking scheme.
This is a classic 'Man in the Middle' attack, one of those things the RIAA/MPAA wanted to do not so long ago.
Opps, You would have a way to hit them back. Say your ISP, the UofWhereEver goes and alters a music file with a fingerprint then they are subverting your property. If the file is legally obtained say self-produced then the original artist (you) will have a very clear case for copyright infringement. They will have created and distributed a reproduction of your recording for 'Commercial Gain' (acting as an agent for a speculative RIAA lawsuit), which is 99.94%, exactly the same as your copyrighted material.
So they have just violated Federal Copyright law by clandestinely adding a digital fingerprint. You can extract this new tag by doing a diff of the file against the orginal. Even a certain lackwitted judge in say Pennsylvania would be able to understand it then.
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
Since no one has come forward to sacrefice themself, I will look at the porn tapes to verify the copyright, just enclose some cleanex with it ok?
Even if it was encrypted, encryption just allows for either party to make sure no one else is listening. All they would have to do to listen would be pretend to be a peer. And, let me ask you this, what good would encrypting search queries be?
So, the best they can really do is "scramble" with the only strength being that the cypher wasn't know by others. We all know how strong this would be...
This, like any other reasonable audio fingerprinting scheme, relies on perceptual features, meaning that in order to render a song unidentifiable by its fingerprint, the song must be changed in a very audible way. Usually, this sort of fingerprinting works insofar as the format can be converted into PCM audio. So, the only way to get around it is to encrypt the files being sent over the network. Simply changing the bitrate of the codec, or adding noise under the masking threshold, or even removing samples from the beginning or end will not hinder the identification of the audio.
As stated in the article, it is too easy to encrypt the information as it traverses the network. An alternative to this would be to directly look at people and their content instead of looking at information between nodes, and ban then from the network based it. This seems even more practical, using much less computer power because once a person is banned, at least for a given time, they no longer consume bandwidth. I am sure that this will be circumvented by crafty people eventually, but this type of banning from the networks will be the next step after this filtering that happens. It seems that this filtering will die out before it even starts.
If you encrypt the files and rename / store them then how do users find the files? Whatever system u use to name/identify the files will have to be distributed. Maybe an alternative is to keep unencrypted files and do on the fly encryption. Another option is for the P2P software to keep a file with the checksums of the unencrypted/unzipped files which are then stored in zip/encrypted format. Should be technically feasible and u can limit access to these searches by using access licences preventing RIAA/ affiliates and their employees from viewing the search results. Another question is ... is it possible to create a license for a virtual network as formed by a P2P community? This license can prevent all law enforcement/riaa etc etc from using it for any purpose whatsoever.
look forward to your comments
1. "one way functions" ARE the basis of public-key (i.e. asymmetric) cryptography. Asymmetric crypto relies on the fact that these "one way functions" are extremely difficult to reverse (i.e. to find the x from f(x)).
2. No asymmetric cipher is provably secure. The only cipher that is information-theoretically (i.e. provably) secure is the one-time pad, and even that is assuming you have a source of uniformly random bits. Current encryption algorithms are "secure enough" in that there is no [publicly] known way of decrypting many of them in a reasonable amount of time (age of the universe, etc.). But they all have weaknesses. All it takes is someone to figure out a really efficient way to generate lists of prime numbers and a large portion of the more popular public-key crypto algorithms are fucked.
3. If you are a fan of Bruce Schneier's newsletter / books, then you should know that a system is only as secure as its weakest link, and that's usually human in nature. The most secure encryption algorithm in the world is worth precisely diddly-squat (and might actually have a negative worth if it fosters a false sense of security) if your machine has been compromised by a trojan included in that last attachment you opened.
1) So I go to the AudibleMagic website and look at some sample reports from a "medium sized university" (http://www.audiblemagic.com/documents/p2p/P2P_Fil eTopDownloaders.pdf). Now they've masked the first part of the ip address out e.g. XXX.YY.83.9 (bear with me, it gets more interesting!)
2) Now the University of Wyoming is http://www.uwyo.edu (or 129.72.60.21).
So I wonder what happens if we combine 1 and 2.
Q Is 129.72.83.9 a valid University of Wyoming ip address?
A Indeed it is! (dsl8.uwyo.edu)
Q What about the others in that sample report?
A The vast majority are valid UWYO addresses
Q Coincidence?
A Don't ask me!
"Not as many students think stealing someone else's intellectual property "
Most people over the age of 10 realize you can't *steal* intellectual property; you can only "use" it in ways not agreed to by its creator.
I'll bet you're in your 3rd or 4th choice college. The spelling part was probably hard for you.
Moron.
"University is for research"
Hardly.
The University of Wyoming's major job is to educate undergrads so they can get a decent job.
The students are the customer of the University.
Of course, I'm not sure what you expect from a 2-bit backwoods 13th grade like this, but that's kinda besides the point.
The school ought to be kissing these kids asses, because they're the ones paying the bills.
Wisconsin actually has a history (small though it may be) of some computer innovation.
Wyoming is famous for its rodeos.
I mean, think it through next time...
"But if P2P usage makes it such that researchers can't get the resources or bandwidth do actually do their work "
That's stupid... researchers needing the internet to do their work.
Do you realize how stupid and pompous you sound when say this?
You completely misunderstand what happens at a University.
You're either a liar or a moron. Take your pick.
I'm guessing both.
"Who owns the copyright on "Redhead Sticking a Cucumber up her Ass?"
Er... that would be me, and I tell you what, it's been more fucking trouble than it's worth.
Not only do I have to contend with rip-off artists like the makers of "Brunette Sticks a Cucumber Up Her Ass," and "Blonde Shoves a Cucumber up Her Ass" (and all the sequels... fifteen at last count,) but I sue the maker of "Redhead Shoves Cucumber up Arse 7" only to find out that it was a large courgette and not a cucumber, and some dipshit had re-named the file.
$10,000 in legal fees down the toilet.
IP is a minefield, I tell ya.
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
They should better secure their network than watching their students ;)
http://math.uwyo.edu/
The key to dealing with filesharing on campuses is traffic limiting/shaping. While it's true that current generation P2P apps can dynamically assign ports (thereby bypassing firewalls, and port limiting efforts), network administrators CAN limit the amount of outgoing traffic coming from student residence halls. That way, students can still pull down files, but cannot share nearly as many out. Which frees up some bandwidth for legitimate use. Adding SSL will only increase the bandwidth use and the time it takes to download files because of the encrypted payload. Each packet will have to be decrypted by the receiving host, which will take more overhead in distributing the files.
Comment removed based on user account deletion
The admins wouldn't do any more to alleviate the congestion because they didn't want to "infringe" on the rights of the students to do what they want with their connections. I found it most annoying that the rights of others, though, basically took away my ability to do anything on the network that required a low latency connection.
Some people whine and moan whenever bandwidth caps are mentioned, but I think it's the best way to deal with a situation like this... I'd rather have a good connection with bandwidth capped ( I've little chance of exceeding a cap anyway) than the freedom to do whatever I want with a clogged network in perpetual rush hour.
It seems to me, that if the P2P programs put in remedial encryption, that it would be against the DMCA for the university to attempt to breach said encryption. Could be something basic, as I'm pretty sure the DMCA doesn't say anything about what _level_ of encryption. And if they can't see what it is.....
Just in case there is a memory hole.
P2P is used primarily for sharing copyrighted content without the consent of the owner. It is illegal. There isn't an Internet provider on the planet that doesn't have a policy against illegal activity.
It is no different than saying I break the law because everyone else does. It doesn't keep you from getting a speeding ticket. Even though you were the slowest guy on the road, you were still doing 80 in a 55.
Get a life! The laws are there for a reason. If you don't like it, change the law.
Even worse, what if you name a file "Plant potter on sorcerer stone.jpg", and one of the idiots running the fingerprinting system decide to mark it as an infringing copy because the name is similar to "Harry Potter and the Sorcerer's Stone"? The potential for unintentional (or intentional) using this system censorship is huge.
It has already been shown by the ACLU report that the big media companies aren't careful about which files they claim are infringing, not to mention web censorship software. This is the main reason DRM systems concern me so much. They can restrict who is allowed to publish.
You are slightly wrong. You can steal "intellectual property".
Everytime someone takes another's invention and patents it, they steal from that person. Everytime someone takes a very basic obvious idea (or one with tonnes of prior art) and patents it, they steal from the general public. Everytime someone takes another's work and copyrights it, they steal. Everytime someone makes a DMCA compaint for a work that isn't theirs or isn't copyrightable (such as price lists), they steal. Everytime someone trademarks a common word, name, or phrase, they steal. Everytime a lobby group / lawyer / representative / judge expands copyright, patent, or trademark law beyond what those laws were intended to protect, they steal.
Many shady companies and people have been doing this for years.
Don't you as a network admin want to know what kind of traffic is happening on your network? Even if you don't block traffic (like UCB), you want to shape it. These F*ing kids think peer to peer is a right and will fill up your OC3 with p2p traffic in a second. I have seen many T1s reduced to 56k modems by too many people running p2p clients on a corporate network. Just imagine thousands of students all hungry for the latest music, pron, and vcd/divx releases. .edu networks for distribution purposes. I have seen hundreds if not thousands of xdcc bots on irc originating at .edu's. People also use their dorm room computers for this purpose.
Not only that, but courier and release groups highly covet cracked computers on
I would be worried about any university not closely monitoring all traffic. This isn't really a privacy issue.
(of course i never download anything or infringe on anyone's copyright. merely observations.)
music lover since 1969
I would rather be concerned by unencrypted data exported from my network. I expect all corporate data transfers to be properly encrypted, to their designated recipients. You can't just start to block all encrypted traffic flowing out of a corporate network without seriously disrupting operations -- unless your system is smart enough to somehow recognize the particular kind of traffic you want to block.
Now let's hope that whoever implements the next generation of P2P software will be smart enough to use standard methods (e.g. SSH or SSL) to ensure that the encrypted P2P traffic can't easily be distinguished from "legitimate" uses of the network ;-)
Trying to filter P2P traffic may be a nice goal, but is technically hard to achieve. Once you've given someone access to an IP network, you can't really control what they are transmitting -- unless you control one of the endpoints. Else, anything can be tunnelled over anything (sometimes ASMOP). If bandwidth usage is your concern, graph user bandwidth usage and ask them to justify it in terms of job-related items. Don't try to consider a simple bandwidth abuse problem like it is another kind of problem just because it's P2P. KISS. If you're worried about sensitive corporate data that an employee may be transmitting out of your network, perhaps you should be worried about that USB keychain in his pocket too.
"Words have meaning, and names have power." -- Lorien
I curious why they don't exist. OpenSSH is available to all, and I'm certain that scp could be adapted to the methods they're using now. With encypted traffic the playing field would suddenly change as it would make most of the network sniffing useless. Plus using SSH would give at least some marginal compression to the data stream, potentially speeding transfers.
So is this already implemented in one of the P2P networks or is someone working on it?
Mind you this doesn't solve the universities problems, though I would think that bandwidth throttling to each of the student dorms would be useful. By limiting the download speeds to the student to something like 15k/s it would still allow for a reasonably fast browsing experience, but would slow P2P. Combine that with Squid and you could make limit most of the bandwidth requirements.
Wired Article
Download
I agree that a stable robust and widely used Freenet is what the RIAA fears most (other than a worldwide boycott of their products), and they won't do anything to encourage it.
The Branding Iron needs to stand up and start a protest to get awarness of this bullsh!t this is the start of the end of our privacy.
One good response to this would be to turn copyright against this effort. A temporary injunction should be applied for by someone using ftp to copy their own work over the network. If as the article sais they are making a copy of the file as it transitions the network then they would be violating copyright and a TRO could be applied for.
Peerbuddy for Kazaa, Emule, etc, A P2P Firewall/Quality Filter Beta block list now at 2,200,000 IP's blocked.
The block list has been updated and now currently blocks over 2,200,000 IP addresses. New additions to the list are being found daily. Beta users will get an email with an update link. New beta users are encouraged to join at http://www.isopleth.com/peerbuddy.htm. No Ad-ware, Spy-ware or viruses.
PeerBuddy is a mini firewall for P2P (Kazaa, EMule, etc). The program filters out the IP addresses of people who share blank, or faked files and it prevents you from wasting your time downloading those bad files. This will help with your downloads since a number of organizations and individuals are sharing bad and blank files out there. It is also going to be blocking known email miners, stalkers, spammers and surveillance companies.
There is a theory which states that if ever anyone discovers exactly what
the Universe is for and why it is here, it will instantly disappear and be
replaced by something even more bizarre and inexplicable. There is another
theory which states that this has already happened.
-- Douglas Adams, "The Hitchhiker's Guide to the Galaxy"
- this post brought to you by the Automated Last Post Generator...