Slashdot Mirror

← Back to Stories (view on slashdot.org)

U of Wyoming Fingerprinting All P2P Traffic

Posted by CowboyNeal on from the warning-shots-fired-across-bow dept.

mk2mk2 writes "News.com has an article on how they're preparing to shut down P2P sharing of copyrighted content: 'For months, the digital equivalent of a postal censor has been sorting through virtually all file-swapping traffic on the University of Wyoming's network, quietly noting every trade of an Eminem song or "Friends" episode.'" It's scary until one realizes that most P2P traffic isn't encrypted, like back when everyone still used telnet.

27 of 518 comments (clear)

  1. There's always another way... by EvilSporkMan · · Score: 4, Insightful

    What about FTPs? Direct file sending over IM clients? Usenet? IRC? Good luck, RIAA...

    --
    -insert a witty something-
    1. Re:There's always another way... by KDan · · Score: 2, Insightful

      That's fine until the RIAA gets so desperate that they get the laws lobbied in and come and break down your door and arrest you if they detect that you trade files. That would be enough of a deterrent for most people.

      Daniel

      --
      Carpe Diem
    2. Re:There's always another way... by aridhol · · Score: 4, Insightful
      Not necessarily. What happens if, instead of listening to traffic on a single protocol, they just listen to all traffic, regardless of the headers? Which they, being in control of the routers, are perfectly capable of doing.

      Remember, as long as it's on their network, they can do whatever they want with it. You may not like it, but that's the way it works.

      --
      I can't say that I don't give a fuck. I've just run out of fuck to give.
    3. Re:There's always another way... by EvilSporkMan · · Score: 5, Insightful

      Well, they still can't stamp out the CD burner and the "analog hole". Sales of CD-Rs should pick up after measures that serious are put into place, and nothing beats the bandwidth of handing your buddy a spindle of CD-Rs. Also, I don't know much about encryption, but couldn't someone and their friends agree on an arbitrarily huge key in person and trade their little hearts out?

      --
      -insert a witty something-
    4. Re:There's always another way... by paganizer · · Score: 2, Insightful

      ...or freenet. It's major file trading app (FROST) is busted right now, but the web component works just fine.

      Of course it is kinda hard to find the sites when there isn't a functioning search engine.

      --
      Why, yes, I AM a Pagan Libertarian.
    5. Re:There's always another way... by SatanicPuppy · · Score: 2, Insightful

      The same argument can be made of the relative insecurity of packet data on a WIFI network. Even encrypted, the network is insecure because packet headers are all so similar that the encryption scheme has to be ludicrous to even slow down a determined snoop.

      Solution: Virtual Private networking. If the whole transport layer is encrypted then the packets (or pr0n) slide by without anyone being the wiser.

      Unless they start running some kind of statistical analysis and stepping on everyone who seems like he is PROBABLY running a file sharing client, their control of the network won't really matter.

      --
      ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    6. Re:There's always another way... by Anonymous Coward · · Score: 2, Insightful

      I'm so sick of people bringing up these alternatives to P2P and saying the RIAA is stupid because people can get around it with FTP, etc. What you don't get is that yes it's possible. It's also possible that I will win a million dollars tomorrow. So the fuck what?

      You need to understand that if they can stop the ease at which P2P's currently allow you to share files, you severely cripple file sharing, copyrighted or not. Would I have as much porn and MST3K episodes if it weren't for KaZaA? Hell no. I've been downloading copyrighted works since I was a punk in 6th grade, and it was so much of a pain in the ass back then. Today, it takes a few keystrokes and I'm downloading from 5 sources at once.

      Before Napster, downloading music online was limited to a small fraction of people online. Nowadays, everyone here at my college does it. Broadband and improved general computer knowledge have also been factors, but hardly the driving force. Sending us back to 1997 before the "P2P revolution" would diminish file trading so much as to make it insignificant. Yeh, you can share music with your friends. How many of them are going to have all the music you want, and the obscure titles they've never heard of? How many are going to go through the trouble of sharing their music with everyone else? How many are going to even know how? That's a lot more work then downloading and running 1 program called KaZaa.

      The point is, no there is no technical way to stop all file trading. But it's not really a solution they have to look for. Stopping the majority of it is all they have to accomplish to turn in into a pain in the ass procedure like it was before It's like integrals. Just because you can't find an exact mathematical solution to them all, doesn't mean a numerical appromixation isn't more than useful for your intents and purposes in solving a particular problem.

      Gloss over the point and mod this as a troll. Whatever. It's just typical slashdot who thinks they're so intelligent and above everyone else but haven't a clue as to the real world.

    7. Re:There's always another way... by EvilSporkMan · · Score: 2, Insightful

      Well, you do have a valid point. However, the difference "post-KaZaA" would be that people are aware of the bulk of material out there and are used to having it, so they'd be more willing to jump through the hoops to keep the stuff coming. We might even see teenage girls mustering the brainpower to log onto IRC instead of AIM...the horror!

      --
      -insert a witty something-
  2. Scary until? by Halo- · · Score: 3, Insightful

    No, I would say scary after. If it were encrypted, if would be much harder to do.

    I suppose you could claim "spoofed ip" ...

  3. Privacy by Telastyn · · Score: 4, Insightful

    Why's this under privacy? There's no reasonable expectation of privacy using someone else's network. Especially when the stated policy upon arrival almost certainly says "don't do this"

    1. Re:Privacy by theLOUDroom · · Score: 5, Insightful

      There's no reasonable expectation of privacy using someone else's network.

      Yes there is. Just like there is if you're living in someone else's house, aka, an apartment. At my school students have to pay for their internet access. This makes the school an ISP. As a business providing a service and can't just "do whatever they want".

      Do you own your phonelines? Is it okay with you if the phone company records every conversation you make to check for illegal activities? They are their phone lines you know, you have no easonable expectation of privacy using them. Too bad, I guess you should have encrypted all your phone calls.

      One of these days, an ISP or school will get sued for pulling this shit. Network traffic can contain some very personal information. AFAIK I have never signed anything that would let my isp monitor ALL my traffic continuously. Most service contracts suggest that the may be some montioring to ensure network performance, but it would be pretty damn easy to prove that this was not what they we doing if they were continuously monitoring my traffic for an extended period of time.

      Of course, the real solution is to encrypt your traffic. Then you get to have your ISP prosecued for a serious crime (at least much more serious than copyright violation) if they do manage to break the encryption.

      --
      Life is too short to proofread.
  4. a few arrests in the States... by aSiTiC · · Score: 3, Insightful

    It will only take a few arrests of young college students in the States to pressure the release of secure sharing over P2P. That's probably one of the reasons the RIAA isn't targeting anyone in the States yet. They are testing the waters in Australia however, but they don't want the P2P networks to go secure until they have cataloged everything they can.

    --

    Where the Music Matters

  5. Re:Quoth by IshanCaspian · · Score: 4, Insightful

    If it's about bandwith, why don't they throttle the p2p ports like any self-respecting, upright university.

    --

    But there is another kind of evil that we must fear most... and that is the indifference of good men.
  6. Re:Well, heres the new testbed for freenet. by davmoo · · Score: 5, Insightful

    There is one small point you are overlooking here. They (the University of Wyoming) own the network they are snooping...you don't. That is what makes the difference between it being okay for them to do it and not okay for you to do it.

    --
    I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
  7. Re:Well, heres the new testbed for freenet. by t0qer · · Score: 4, Insightful

    SO, i guess they have no problem with ME running a sniffer on all traffic on their network? I mean, since they feel its ok for them to do it, its ok for me to do it.

    Dude you are so off base you should be modded a funny. (Mods, please read parent before modding me)

    The point is, it's THEIR network. It's not the student network, it's not the taxpayers network, it's not even the Alumni's network. It belongs to the University plain and simple. University is for research, not d/l pr0n or sharing eminem. Students are given access to the internet in their dorm rooms to assist them with their studies.

    If I caught you running a sniffer on my network, I would yank that patch cord leading up to your room so fast it would make a "whooosh" sound like a whip cracking in the air.

  8. Its that goddamned freedom and liberty again .... by bizitch · · Score: 3, Insightful

    What sucks about giving freedom and liberty to people (or even college students!) - is not knowing ahead of time what they might actually do with it.

    You know - like invent a decentralized p2p network and trade music files with it ...

    --
    ---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
  9. Wyoming Not Wisconsin. by FreeLinux · · Score: 2, Insightful

    Sometimes, my stupidity amazes even me.

  10. That won't work either by Doppler00 · · Score: 5, Insightful

    All they need is software that emulates kazza or other P2P software and attempts to make connections to user's computers. Unless you do filesharing with people you trust, there is no way you can hide what kind of traffic is being sent. On the client side, the person not sharing files, I guess you could use encryption, but then you know what that will lead to in universities? A ban on high-bandwidth encrypted connections. As long as it's a problem I think the technology to detect P2P will keep up with the P2P software itself.

    Besides, if I went to that university, I wouldn't want my research slowed down because some freshmen was trying to download Friends episodes.

  11. Re:Won't work! by ColdForged · · Score: 5, Insightful
    That's how long it will be until Kazza, Gnutella, Limewire, et all will switch to an SSL encapsulated protocol
    I've said it before and I'll say it again, and I'll bold face it for good measure:

    If administrators can't distinguish "good" traffic from "bad" traffic, they will have no choice but to simply remove any access at all to the Internet from the problem subnets, namely dorms.

    So, encrypt the traffic. Make it so that nobody can tell what's inside the stream. That's dandy. But if P2P usage makes it such that researchers can't get the resources or bandwidth do actually do their work or are significantly impacted (the argument of whether researchers are doing anything more than reading Slashdot or Dilbert is for a separate post), even if the traffic isn't recognized as P2P per se, you can bet that this will be the next step.
    --

    -"I seem to be having tremendous difficulty with my lifestyle." - Arthur Dent

  12. Just an idea... by Adeptus_Luminati · · Score: 2, Insightful

    Why don't those silly P2P programmers get smart and start making their software work off port 80. That oughta stall them sys admins for a few more months.

    --
    No trees were killed in the making of this post; however, many trillions of electrons were horribly inconvenienced.
  13. Read the article! by 0x0d0a · · Score: 4, Insightful

    They really don't care *what* is being shared so much as bandwidth costs. For U of W, this isn't so much a legal question as a policy question to keep their network costs from spiraling out of sight.

    And many P2P users simply don't care in the least about their bandwidth usage -- they suck up as much as they can get. No effort to obtain a file from another computer on the local network (granted, most P2P software doesn't even support this). They simply expect mass amounts of bandwidth, and for other students' tutitions to subsidize their downloading.

    I'd like to see per-user data transfer per week quotas, where users get capped to 2kBps or so for the rest of the week if they exhaust their quota.

    --
    May we never see th
  14. Re:Won't compression defeat this? by swb · · Score: 2, Insightful

    Forget compression, what about transcoding of the files between various formats or bitrates? Forget about the aural impact of transcoding for a second, but the datastream impact. My rusty ol' ears won't hear anything different, but the data stream will have a completely different signature.

    If its watermarking, would transcoding it destroy the watermark?

  15. Re:oh my! (girls) by $$$$$exyGal · · Score: 5, Insightful
    I bet there were a lot more copies of "Girls Gone Wild - Spring Break #19" sent around the campus than "Friends - The one where they shave a turkey". If the University decide to stop Friends from being distributed, then should they also stop the porn? What if the porn doesn't have an easily found copyright? Who's going to verify which porn is copyrighted? ;-)

    It's different if they just want to conserve some bandwidth, but if they are just trying to stop the distribution of copyrighted works, then that sounds like an impossible task. Who owns the copyright on "Redhead Sticking a Cucumber up her Ass" ?

    --sex

    --
    Very popular slashdot journal for adul
  16. Re:Eh? by Hast · · Score: 2, Insightful

    What the AC was probably trying to say (but in a, shall we say, crude way) is that there is no key to extract.

    Any encryption protocol worth it's salt (ie generally not those propriatary/secret protocols) is protected against this. Eg SSL or SSH which you can snoop all you want, but there's never a key sent in clear text across the channel. Neither is there any key to find in the source. Instead a key is agreed upon by the clients as they connect, but using "one way functions" which are hard and/or practically impossible to crack. You can also use public key encryption with it to add even more security and authentication to the system.

    That's why he suggested that you should read about SSL. A cheap way is to just look at the relevant RFC, although it may be a bit complex if you don't have any experience in number theory. Another hint could be look at crypto sites such as Bruce Schneier's crypto-gram (counterpane.com).

    In any case, if you use a well tested protocol and implement it correctly (not always trivial) then the system will be secure.

  17. Uh... no by Wrexs0ul · · Score: 2, Insightful

    That's not the point. They're not targetting burglars or file pirates, this system invades the privacy of EVERYONE on the network utilizing P2P for a variety of reasons, not necessarily to get a sneak peek at Matrix: Reloaded. That's illegal or at the very least immoral.

    -Matt

    --
    --- Need web hosting?
  18. ROT13 + P2P = DMCA fun by shellac · · Score: 2, Insightful

    Why don't all the filesharing networks, Kazaa, gnutella, etc., encrypt their searches with ROT13 and then slap malintentioned groups snooping traffic with lawsuits citing the DMCA. Since the movie industries pushed this to control their media, this would be quite an ironic usage of the DMCA. hehe

  19. Re:Well, heres the new testbed for freenet. by bleckywelcky · · Score: 3, Insightful


    That's where the power hungry politicians in the University world have it wrong. The students own the network, not the administrators. The students have paid for the network and are paying the administrators to operate the school. I really am quite confused as to who the heck some of these people think they are, implementing measures like this. It would be like hanging from a rope over a gorge and cutting the rope because it's violating copyright law. I have a feeling that once the whole student body catches wind of a P2P crackdown on campus that there will be massive protests and possibly riots. Like the incident at Michigan State University when the University decided to ban alcohol on campus. The whole freaking place went to hell, rioting on campus, cars on fire, etc. I think the reason that we are not hearing more opposition from the people who pay for the networks is probably the same reason that most of the computers that these people use leave port 139 open.

    Let the police do their job and RIAA push the police to do a harder job. The university administrators should stay the heck out of it unless there would be legal implications for the university. Afterall, the administrators are there to make the university a better place for the students, not for the RIAA.