U of Wyoming Fingerprinting All P2P Traffic

mk2mk2 writes "News.com has an article on how they're preparing to shut down P2P sharing of copyrighted content: 'For months, the digital equivalent of a postal censor has been sorting through virtually all file-swapping traffic on the University of Wyoming's network, quietly noting every trade of an Eminem song or "Friends" episode.'" It's scary until one realizes that most P2P traffic isn't encrypted, like back when everyone still used telnet.

There's always another way...

[EvilSporkMan]

What about FTPs? Direct file sending over IM clients? Usenet? IRC? Good luck, RIAA...

Re:There's always another way...

[aridhol]

Not necessarily. What happens if, instead of listening to traffic on a single protocol, they just listen to all traffic, regardless of the headers? Which they, being in control of the routers, are perfectly capable of doing.

Remember, as long as it's on their network, they can do whatever they want with it. You may not like it, but that's the way it works.

Re:There's always another way...

[EvilSporkMan]

Well, they still can't stamp out the CD burner and the "analog hole". Sales of CD-Rs should pick up after measures that serious are put into place, and nothing beats the bandwidth of handing your buddy a spindle of CD-Rs. Also, I don't know much about encryption, but couldn't someone and their friends agree on an arbitrarily huge key in person and trade their little hearts out?

Privacy

[Telastyn]

Why's this under privacy? There's no reasonable expectation of privacy using someone else's network. Especially when the stated policy upon arrival almost certainly says "don't do this"

Re:Privacy

[theLOUDroom]

There's no reasonable expectation of privacy using someone else's network.

Yes there is. Just like there is if you're living in someone else's house, aka, an apartment. At my school students have to pay for their internet access. This makes the school an ISP. As a business providing a service and can't just "do whatever they want".

Do you own your phonelines? Is it okay with you if the phone company records every conversation you make to check for illegal activities? They are their phone lines you know, you have no easonable expectation of privacy using them. Too bad, I guess you should have encrypted all your phone calls.

One of these days, an ISP or school will get sued for pulling this shit. Network traffic can contain some very personal information. AFAIK I have never signed anything that would let my isp monitor ALL my traffic continuously. Most service contracts suggest that the may be some montioring to ensure network performance, but it would be pretty damn easy to prove that this was not what they we doing if they were continuously monitoring my traffic for an extended period of time.

Of course, the real solution is to encrypt your traffic. Then you get to have your ISP prosecued for a serious crime (at least much more serious than copyright violation) if they do manage to break the encryption.

Re:Quoth

[IshanCaspian]

If it's about bandwith, why don't they throttle the p2p ports like any self-respecting, upright university.

Re:Well, heres the new testbed for freenet.

[davmoo]

There is one small point you are overlooking here. They (the University of Wyoming) own the network they are snooping...you don't. That is what makes the difference between it being okay for them to do it and not okay for you to do it.

Re:Well, heres the new testbed for freenet.

[t0qer]

SO, i guess they have no problem with ME running a sniffer on all traffic on their network? I mean, since they feel its ok for them to do it, its ok for me to do it.

Dude you are so off base you should be modded a funny. (Mods, please read parent before modding me)

The point is, it's THEIR network. It's not the student network, it's not the taxpayers network, it's not even the Alumni's network. It belongs to the University plain and simple. University is for research, not d/l pr0n or sharing eminem. Students are given access to the internet in their dorm rooms to assist them with their studies.

If I caught you running a sniffer on my network, I would yank that patch cord leading up to your room so fast it would make a "whooosh" sound like a whip cracking in the air.

That won't work either

[Doppler00]

All they need is software that emulates kazza or other P2P software and attempts to make connections to user's computers. Unless you do filesharing with people you trust, there is no way you can hide what kind of traffic is being sent. On the client side, the person not sharing files, I guess you could use encryption, but then you know what that will lead to in universities? A ban on high-bandwidth encrypted connections. As long as it's a problem I think the technology to detect P2P will keep up with the P2P software itself.

Besides, if I went to that university, I wouldn't want my research slowed down because some freshmen was trying to download Friends episodes.

Re:Won't work!

[ColdForged]

That's how long it will be until Kazza, Gnutella, Limewire, et all will switch to an SSL encapsulated protocol

I've said it before and I'll say it again, and I'll bold face it for good measure:

If administrators can't distinguish "good" traffic from "bad" traffic, they will have no choice but to simply remove any access at all to the Internet from the problem subnets, namely dorms.

So, encrypt the traffic. Make it so that nobody can tell what's inside the stream. That's dandy. But if P2P usage makes it such that researchers can't get the resources or bandwidth do actually do their work or are significantly impacted (the argument of whether researchers are doing anything more than reading Slashdot or Dilbert is for a separate post), even if the traffic isn't recognized as P2P per se, you can bet that this will be the next step.

Read the article!

[0x0d0a]

They really don't care *what* is being shared so much as bandwidth costs. For U of W, this isn't so much a legal question as a policy question to keep their network costs from spiraling out of sight.

And many P2P users simply don't care in the least about their bandwidth usage -- they suck up as much as they can get. No effort to obtain a file from another computer on the local network (granted, most P2P software doesn't even support this). They simply expect mass amounts of bandwidth, and for other students' tutitions to subsidize their downloading.

I'd like to see per-user data transfer per week quotas, where users get capped to 2kBps or so for the rest of the week if they exhaust their quota.

Re:oh my! (girls)

[$$$$$exyGal]

I bet there were a lot more copies of "Girls Gone Wild - Spring Break #19" sent around the campus than "Friends - The one where they shave a turkey". If the University decide to stop Friends from being distributed, then should they also stop the porn? What if the porn doesn't have an easily found copyright? Who's going to verify which porn is copyrighted? ;-)

It's different if they just want to conserve some bandwidth, but if they are just trying to stop the distribution of copyrighted works, then that sounds like an impossible task. Who owns the copyright on "Redhead Sticking a Cucumber up her Ass" ?

--sex