Slashdot Mirror
U of Wyoming Fingerprinting All P2P Traffic
mk2mk2 writes "News.com has an article on how they're preparing to shut down P2P sharing of copyrighted content: 'For months, the digital equivalent of a postal censor has been sorting through virtually all file-swapping traffic on the University of Wyoming's network, quietly noting every trade of an Eminem song or "Friends" episode.'" It's scary until one realizes that most P2P traffic isn't encrypted, like back when everyone still used telnet.
I don't think so. Everybody who is using the Net should be aware that he/she can be watched. P2P networks do not encrypt data because the idea behind it is to share. If you want to find out who is sharing files you don't have to monitor the traffic. You can just join the party :)
It means that no encryption would help. If you share your copyrighted material you can be watched by the RIAA and their friends.
I don't personally think it's dangerous for the p2p users (there are too many of them out there) but it's good to know
barwil
From the perspective of college system administrators everywhere, yes. I'm with network support at a small liberal arts college and let me tell you, our connection slowed to a crawl when the students discovered p2p. We don't have enough bandwidth to support that kind of thing, and with the RIAA and MPAA sending out cease-and-desist notices, we really don't have the legal wherewithal either...
No statement is true, not even this one.
If monitoring and blocking tools were widely introduced, new software programs could easily develop ways to encrypt or scramble the data in transmission in order to make it unrecognizable by Audible Magic's tools or other databases.
.jpg of astronomical images, or pass it through a filter that makes it look like bad poetry, or make it a self-inflating-decrypting executable. You simply cannot write a program that will automatically filter all content, without simply denying all communication.
Encryption is just the tip of the iceberg. I can easily compress and encrypt any file, then slap on a header that claims it's a benign
Its a joke, but shit like that actually costs MORE money than the stupid music.
People downloading good quality TV shows and movies are probably using orders of magnitude more bandwidth than people downloading many, many more songs.
To provide more empirical data to the other reply, Rutgers University's policy is to allow 2GB over any 7 day period downloading, and 512MB over any 7 day period uploading. This makes it pretty much impossible to serve anything but small files (they but the dorms into private address space last year as well), but allows enough room to get most things done on the internet, legit or illegal. And no, it doesn't matter if you spent your 2GB downloading Linux ISOs. The policy is meant to save bandwidth, not stop piracy.
If you exceed the limit, you cannot access the internet for a week. University resources may still be accessed, which allows for basic internet access through X or port forwarding, etc.
In the US, it's legal for you to record the conversation, if the person on the other end called you.
And you only own the part of the phone system on your side of the d-mark, which is that little gray box on the outside of your house where the phone company's wires come in.
What's this Submit thingy do?
Generally, the majority of campus internet traffic these days is related to file sharing. Almost every colleges and university in the States has had to employ some method for dealing with this, from governing bandwidth distribution to simply upgrading infrastructure. Curbing the distribution of copyrighted data is not just about folding to the RIAA ... it's a pragmatic solution to a huge problem.
Actually they probably can't do that. At least not without some pretty extreme hardware.
Typically you get to a point where you have to use RAM buffers to save data and then have multiple network listeners which swap so they can save the data to disk. If you have a large amount of traffic you soon get to a point where you can't store all data.
But sure, it's their network, so they can do what they want. Just as long as they don't mind me using encrypted channels.
I can say that this is in fact true. Our university has a very nice direct connect hub. We even deliberately limit our bandwidth usage to stop it clogging up the network. So far it looks like our computer guys are turning a blind eye to it, since they have to pay for external traffic and we're helping to cut it down.
But if P2P usage makes it such that researchers can't get the resources or bandwidth do actually do their work or are significantly impacted
This is the most foolish thing I've heard. There are things called packet shaping algorithms. There is a reason we have diffserv. There is no reason why dorm or other traffic can just be given lower priority than "important" research traffic (which is exactly what is done at my University, btw)
As for the larger question of whether p2p traffic needs encrypting etc, here are some things to consider:
1. The whole idea behind p2p is to tell everyone what you're sharing. So an easier way is to just use the standard kazaa client or a clone to query each user for what they're sharing. Run this in daemon mode and you have a rather up-to-date list of what everyone on campus has / had and at what time.
2. So the only remaining thing is: you're downloading something and you don't want anyone to figure out what you're downloading. In theory, you could use SSL. But it won't do much. If I really wanted to find out what you're downloading, I'd look at your SSL connection, figure out what IP you're hitting, query them over the P2P network to find out list of exported files. I can calculate approximate filesize from the packets that you're receiving and just compare that to get a very good estimate on what you're downloading. Also, by default, files that you download are immediately shared, so I could always just query you and compare filelists.
My point in writing that whole thing was simple: p2p networks are not meant to be private. SSL doesn't give you any protection since anyone would be able to get this simply by querying you over the p2p network.
I'd be more worried when somebody's prof finds of a homemade copy of "Me and my dormroom buddies get it on.mpg" starring one of the students. That or just when the computer admin gets it... not sure who is scarier.
(of course, a way to get around the traffic hit would be to build a smaller, slightly less expensive internet just for the sniffer communications, but the costs for that would be pretty painful)
(Relating points 2 and 3 will mean the only thing the internet will be capable of anymore will be sniffer communication, but I suspect that would suit these guys)
Also, in general, universities strive to protect the intelecual freedom and privacy of their students and faculty (although U Wyoming seems to be an exception). For example the univeristy I attend (UMD) includes the following language in their AUP (which can be found in it's entierty at http://www.inform.umd.edu/aug/:
"To the extent possible in the electronic environment and in a public setting, a user's privacy will be preserved. Nevertheless, that privacy is subject to the Maryland Access to Public Records Act, other applicable state and federal laws, and the needs of the University to meet its administrative, business, and legal obligations."
While this language is admitadly quite weak it is better than nothing and would prevent monitoring of this kind unless it is determined that ISPs are liable for copyright infringment commeted by their users.
Let's take an example of a new program... Unless it's in the public domain, then it's copyrighted.
When you release a copyrighted work, you get to set the terms of how it is to be used. This we call a license.
All licenses are extensions of copyright, including the GPL. The GPL builds upon the basic copyright laws, and further sets restrictions on what you can do with the program/sources.
Here's the catch...
If copyright ceases to have an enforcable meaning, then all licenses also cease to have enforcable meanings.
Everything reverts to public domain, where anyone can do whatever they want with the program/source.
So, when we dilute copyright by pirating movies, music, games, and so on, we work towards the day of public domain.
Is this a good thing? Depends on your point of view...but it would destroy the GPL's "must share" power.
-- Tino Didriksen / ProjectJJ.dk
They only get royalties off of those CD's marked "Music CDR". Of course most dummies I talk to think those are "better for recording music", but the techie people know the difference and will buy regular, cheap CDR's, which don't give a dime to the RIAA.
is free! There is no extra charge when you live in the dorms or a on campus fraternaty or sorority. This gives the students even less say on what the bandwidth can be used for.
:). Kinda wish I was still there
I used to work directly under Brad Thomas and actually setup cricket to monitor the bandwidth on campus and as far as I know this is still working. The Packeteer software was added while I was working there while this new finger printing was added later. I know that the bandwidth from the dorms (as high as 50MB when unlimited) was killing voice and video trasmissions for remote schooling. Something definatly had to be done, they are not just evil.
Also I remember a couple of times where abuse@uwyo.edu would be hit by Sony records asking us to shutdown someones computer sharing illegal music on the net. Few switch commands later, *BAM*, the kid was disconnected until he removed the material. Kinda a fun job
Get a Packeteer. Start shutting down ports and banning MAC addresses. Carve the link into a student only side and a staff only side. Get the Student Judiciary involved and your General Counsel as well. They will start behaving properly. You hold all the cards. The network is a privilege not a right.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
Read the article buddy. They did do that, that what the Packeteer program was for. But the problem was that the programs and the students themselved were finding ways around it.
Kazza started hopping ports, very had to throttle the ports then. Also the students found ways to get around this, like httptunnels. Or the one I used at UW. I had a work machine that was unthrottled, so I setup a Socks server on my machine at work(I worked for the Network team at UW) and tunneled all my traffic though that. Worked great, expecially since all the other traffic was slow
I know now that they are having such a problem with bandwidth that internet access in the dorms is slow for anyone and anything you just can block a couple of ports and call it good.
Acutally it's not the Music that Brad Thomas and UW is worried about. It's the bandwidth. I belive UW only has one 155mbit ATM link to the net. This link is shared with voice, video, and remote backups. When I was working for brad thomas he was having paying people complain about video being choppy so something had to be done. Now with ports jumping all around the place it is harder to find p2p programs which have a sponge effect on the outpound pipe.
And downloading ISOs from an unknown source can be hazardous--which is why you always check the MD5 checksum against the one posted on the official site. So you grab 600MB ISOs from multiple people who are (ideally) closer to you on the network than the official site, and grab a 1KB file of MD5 sums from the official site, and all is well.
Some others have already replied to this, but I'm going to reply too anyway, just because it gives me the warm fuzzies to do so.
And sorry, you're wrong on both counts, but thanks for playing along anyway.
I won't swear to this for all 50 states, but I know for a fact that in both Indiana (where I currently live) and Kentucky (where I used to live), if you're talking to me on my phone line, I can legally record that call any stinking time I want to, whether you know I'm recording or not. And which one of us originated the call is irrelevant. And if you come over to my house and use my phone to call your Aunt Bertha, I can still legally record it without either of you knowing it.
And a company can listen in on, and record, any conversation they want, so long as the policy that they are doing so is spelled out to the employees beforehand. They can also monitor what you do on the office computer, etc etc. And there are a number of court decisions affirming the rights of a company to do so.
I'll bet money that buried somewhere deep in that University of Wyoming Student Handbook there is a clause that says "its our network, we'll snoop it any damned time we want, and we'll block anything we want too", or words to that effect. If you don't like them snooping on you, then the solution is simple...don't use their network.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
You are seriously mentally deficient if you think students own ANYTHING that the University owns. Tuitions don't even cover the total costs of getting an education, and haven't for decades. Ever hear of Endowment funds? If anything, the alumni own the universities along with corporate donors, the government, and philanthropic individuals.
And no there won't be riots. Not as many students think stealing someone else's intellectual property is as important as being able to get your class mate drunk enough to date rape her.
Mac OS X and Windows XP working side by side to fight back the night.