Slashdot Mirror
U of Wyoming Fingerprinting All P2P Traffic
mk2mk2 writes "News.com has an article on how they're preparing to shut down P2P sharing of copyrighted content: 'For months, the digital equivalent of a postal censor has been sorting through virtually all file-swapping traffic on the University of Wyoming's network, quietly noting every trade of an Eminem song or "Friends" episode.'" It's scary until one realizes that most P2P traffic isn't encrypted, like back when everyone still used telnet.
Why does the fact that it's unencrypted make it non-scary?
Peace and love, y'all
What about FTPs? Direct file sending over IM clients? Usenet? IRC? Good luck, RIAA...
-insert a witty something-
Someone wasting bandwidth on a 'friends' episode is scary indeed!
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
No, I would say scary after. If it were encrypted, if would be much harder to do.
...
I suppose you could claim "spoofed ip"
SO, i guess they have no problem with ME running a sniffer on all traffic on their network? I mean, since they feel its ok for them to do it, its ok for me to do it.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
Why's this under privacy? There's no reasonable expectation of privacy using someone else's network. Especially when the stated policy upon arrival almost certainly says "don't do this"
It will only take a few arrests of young college students in the States to pressure the release of secure sharing over P2P. That's probably one of the reasons the RIAA isn't targeting anyone in the States yet. They are testing the waters in Australia however, but they don't want the P2P networks to go secure until they have cataloged everything they can.
Where the Music Matters
This new technology will last for about 1 day. That's how long it will be until Kazza, Gnutella, Limewire, et all will switch to an SSL encapsulated protocol. Suddenly all the "fingerprints" will be shot. Each and evey download of the exact same file will have a different, unidentifiable, "fingerprint".
Sounds to me like this company took a copy of Snort, set up a few rules for the "fingerprints" and sold it to the University of Wisconsin. What a waste of money!
that I'll be punished for stealing songs, if they release details, my freinds will never let me live down my collection of Ricky Martain MP3s!
If it's about bandwith, why don't they throttle the p2p ports like any self-respecting, upright university.
But there is another kind of evil that we must fear most... and that is the indifference of good men.
If it's about bandwith, why don't they throttle the p2p ports like any self-respecting, upright university.
You misspelled "uptight".
What sucks about giving freedom and liberty to people (or even college students!) - is not knowing ahead of time what they might actually do with it.
...
You know - like invent a decentralized p2p network and trade music files with it
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
Sometimes, my stupidity amazes even me.
Yeah, I remember telnet.
.... hours since I have used telnet.
It's been like
Those were the days.
I don't think so. Everybody who is using the Net should be aware that he/she can be watched. P2P networks do not encrypt data because the idea behind it is to share. If you want to find out who is sharing files you don't have to monitor the traffic. You can just join the party :)
It means that no encryption would help. If you share your copyrighted material you can be watched by the RIAA and their friends.
I don't personally think it's dangerous for the p2p users (there are too many of them out there) but it's good to know
barwil
From the perspective of college system administrators everywhere, yes. I'm with network support at a small liberal arts college and let me tell you, our connection slowed to a crawl when the students discovered p2p. We don't have enough bandwidth to support that kind of thing, and with the RIAA and MPAA sending out cease-and-desist notices, we really don't have the legal wherewithal either...
No statement is true, not even this one.
It's pretty obvious you can't copyright a length 1 bit string, so how many bits do you need before you own it and I don't? 10? 100? 10,000? I know you can't trademark a number, can you coprright one?
Well, I'm sure this will appear in the large ISP's if it's proven to work on the small-scale...
Perhaps with this 'fingerprinting' technology the big boys can just charge us the ($.50/$1/whatever) a song they want from us anyways? Instant delivery system for them that they didn't even have to build!
This whole deal about copyrighted material somehow reminds me of the war-on-drugs... Making criminals of all the users didn't work there... Trying to stop the supplies at the street level didn't work either. The only thing that will work is legalizing the controlled substance... then taxing the hell out of it... hehee
This claim is interesting in a variety of ways.
If the notion of privacy in our communications is going to be utterly discarded, I rather wish the school had elected to eavesdrop on every phone call made on campus to help catch thieves, domestic abusers and other violent criminals, etc.
There are plenty of people who say what goes on the internet shouldn't be private; that there's no expectation of privacy there. I guess we'll get into this issue a bit on this topic. Just please don't forget to have a little imagination. This is all new. We're making the rules as we go along. Sometimes I think if the phone had been invented last year there wouldn't be an expectation of privacy on phone calls either.
Remember this is a "private" institution doing this, i.e. not a law enforcement agency. Remember that just because they can write a fancy terms of service that authorizes them to do whatever they want with the network, it doesn't make their actions legitimate, let alone moral.
Finally, most interestingly, remember that Fasttrack (i.e. Kazaa, etc) is encrypted over the wire (see this link). There's nothing saying that the whole thing won't be reverse-engineered and cracked sooner or later, but to my knowledge, that hasn't happened yet... of course, that could just be last I checked.
Want to Know How to Cheat the GPL? Read On!
Can someone explain to me why this isn't illegal? Theres a law from the 1930's that prohibits telephone operators from listening to people's conversations. A few years back it was ruled that ISP's are in the same category as the telephone operators as far as the law is conccerned, and thus can't spy on what their users are doing. Yes I know its a university, but I think they can qualify as an ISP as well.
For months, the digital equivalent of a postal censor has been sorting through virtually all file-swapping traffic on the University of Wyoming's network, quietly noting every trade of an Eminem song...
:-)
I'd been *wondering* when someone was going to finally do something about his lousy music! U of W's spearheading a regular cultural revolution!
May we never see th
If monitoring and blocking tools were widely introduced, new software programs could easily develop ways to encrypt or scramble the data in transmission in order to make it unrecognizable by Audible Magic's tools or other databases.
.jpg of astronomical images, or pass it through a filter that makes it look like bad poetry, or make it a self-inflating-decrypting executable. You simply cannot write a program that will automatically filter all content, without simply denying all communication.
Encryption is just the tip of the iceberg. I can easily compress and encrypt any file, then slap on a header that claims it's a benign
I prefer ROT26, as its so much faster to encrypt stuff with, and with my spelling, is undecypherable anyways!
All they need is software that emulates kazza or other P2P software and attempts to make connections to user's computers. Unless you do filesharing with people you trust, there is no way you can hide what kind of traffic is being sent. On the client side, the person not sharing files, I guess you could use encryption, but then you know what that will lead to in universities? A ban on high-bandwidth encrypted connections. As long as it's a problem I think the technology to detect P2P will keep up with the P2P software itself.
Besides, if I went to that university, I wouldn't want my research slowed down because some freshmen was trying to download Friends episodes.
So, ok these guys have essentially done what FastTrackMovies has done and hashed each file. Hunky dory. So, people implement this and think "no one can trade my files, cause we know what they look like (and have the hash), so we can block it."
.zips or .tars the music or movie.
.zipped asset from being traded? I know it won't compress the MP3, but it will change the fingerprint.
Now, Joe Pirate simply
Exactly how would they then block the
Methinks WinZip is the Sharpie for this expensive DRM.
"The pie shall be cut in half and each man shall receive.....death. I'll eat the pie."
Why don't those silly P2P programmers get smart and start making their software work off port 80. That oughta stall them sys admins for a few more months.
No trees were killed in the making of this post; however, many trillions of electrons were horribly inconvenienced.
Theyre looking to block copyrighted audio content. Sure, that's fine. But you can't "fingerprint" something as complicated as a DVD or somebody's home-ripped pr0n movies because each ripper/encoder works a little differently.
Youre going to wind up filtering everything but *porn*. I can't really see that being what they intended to do.
"But it's getting to be the only way to control our bandwidth."
In one 24-hour period, for example, the most popular file traded using the Gnutella network was an MP3 by rap artist "Big Tymers," which passed the network monitor 188 times.
The students should really set up their own, internal P2P network. This would put less tax on the University's external bandwidth, downloads would be quicker, and, assuming it's restricted to local users, the RIAA couldn't really prove any wrongdoing. (Although their FUD generally scares universities enough.)
Universities are generally big enough to support a network on their own. They should.
They really don't care *what* is being shared so much as bandwidth costs. For U of W, this isn't so much a legal question as a policy question to keep their network costs from spiraling out of sight.
And many P2P users simply don't care in the least about their bandwidth usage -- they suck up as much as they can get. No effort to obtain a file from another computer on the local network (granted, most P2P software doesn't even support this). They simply expect mass amounts of bandwidth, and for other students' tutitions to subsidize their downloading.
I'd like to see per-user data transfer per week quotas, where users get capped to 2kBps or so for the rest of the week if they exhaust their quota.
May we never see th
Or we may find ourselves without the ability to enforce the GPL.
To provide more empirical data to the other reply, Rutgers University's policy is to allow 2GB over any 7 day period downloading, and 512MB over any 7 day period uploading. This makes it pretty much impossible to serve anything but small files (they but the dorms into private address space last year as well), but allows enough room to get most things done on the internet, legit or illegal. And no, it doesn't matter if you spent your 2GB downloading Linux ISOs. The policy is meant to save bandwidth, not stop piracy.
If you exceed the limit, you cannot access the internet for a week. University resources may still be accessed, which allows for basic internet access through X or port forwarding, etc.
It's different if they just want to conserve some bandwidth, but if they are just trying to stop the distribution of copyrighted works, then that sounds like an impossible task. Who owns the copyright on "Redhead Sticking a Cucumber up her Ass" ?
--sex
Very popular slashdot journal for adul
It seems to me any easy way to bypass (or at least extend) quotas at the University level is good old sneakernet -- much like we got our music when I was in School back in the '80s. One would make friends and get to know who liked what -- you want Dead Kennedys talk to Cosmic John, need Billy Joel, talk to someone else. We would build our collections a cassette at a time.
Since CD burners are so common now, why not do the same thing? Pass around CD-Rs with .OGGs or .MP3s around the Dorm (or between classmates) -- instant portable 600MB of "bandwidth" per CD-R. Great way to build up a collection without worrying about sniffers or using up the bandwidth.
Beware of Sleestak
Generally, the majority of campus internet traffic these days is related to file sharing. Almost every colleges and university in the States has had to employ some method for dealing with this, from governing bandwidth distribution to simply upgrading infrastructure. Curbing the distribution of copyrighted data is not just about folding to the RIAA ... it's a pragmatic solution to a huge problem.
People that watch "Friends" know how to use P2P software.
I'm stunned.
Before some of our fellow slashdotters come up again with "They own the network": Yes, they do. But that does not grant them the right to monitor it continuosly and in detail.
Someone always owns a piece of infrastructure, be it an ISP, a University, the interstate authority or your 'landlord'. But they don't have the right to invade your privacy if you are using rented, leased or subscribed equipment. Imagine the owner of your apartment trying to monitor your living habits, to make sure "nothing fishy is going on in your apartment".
Network and telephone lines can transmit very private and sensitive information, and it is a serious crime to snoop that out. If you thought that was the right way, you're had too much time on corporate americas way of life. They are your customers, your contractors, if you like, but not only that, but living feeling humans that deserve to have a private life, one that's none of your business. You can imagine a thousand situations like this:
- You rented my car, why don't I have the right to monitor where you're driving, who you take with you and what roads you drive on?
- You rented my house. I claim the right to visit you whenever I deem it's necessary. And just to ensure, that my property is taken good care of and you don't hoard drugs there, I will make a full seizure every time I come.
-
I rented you my video camera, you've got to give me a copy of each recorded tape, so that you cannot film underage porn. Think of the children, my god!
-
And finally: I've given you Internet Access. Now that you can browse the web and do spiffy emailing, you must be utterly thankful to me. And since you are a student, you don't have any rights to complain, we will treat you as a slave and you have no private life. Be thankful, you even got a 'net connection and understand, that we have to make sure you don't do illegal things with it. We don't count the bytes, we don't have per-user quotas, we do the nasty GESTAPO stuff piling through all your traffic. If you complain, well, try another University.
Opening some other's letters is the same and I hope finally someone will punish the university for doing this.Let it happen, that on one incident, some very private information about a student is obtained that way and told the public to embarrass him. One lawsuit later, the U has lost 10 Million US$ for a settlement and the bandwitdh savings of 5 years are worth exactly nothing compared to this. Go ahead, wait till someone reacts. I'd do that.
I don't think this is relevant. I haven't looked at any packets going down the wire, but I'm assuming when you request a file from another user, you have to ask for that file. Filename request goes down the wire. Once you know the format of file requests for a given P2P program, you can just scan them to see what kinds of files people are requesting. If not the file requests, what about when the client replies to search requests? What about direct connect complete listing queries?
:) So in an effort to make things better, once the P2P catches on it will be made worse again.
Some users have already brought this up, but the way around this is to encrypt/re-code the traffic. That is, all the requests, all the listings, all the control stuff, and the file transfer itself. This may lead to an increase in bandwidth consumption just to encrypt everything though
Just like after Napster. When Napster was popular, there was a gradual movement to shut down access to it. So other services started popping up, then completely distributed services such as Gnutella. Gnutella is a tremendous bandwidth hog, as opposed to something more centralized.
I respect the universities that just try to limit the bandwidth consumption of the offenders. But just shutting this stuff down cold turkey is only going to lead to P2P more difficult to detect and filter.
Of course, organizations such as the shitty Adelphia cable should not BY DEFAULT have a 15kps upstream. Assholes.
-- Having a Creationist Museum is like having an Atheist place of worship
Make a 1 byte file, call it "U of Wyoming - The modern day 1984.zip", get a friend outside the Uni. to host it, and set your machine inside the Uni. to download it once a minute.
Heh... If a few of you do that, the database could be full of useless info in no time!
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
That's not the point. They're not targetting burglars or file pirates, this system invades the privacy of EVERYONE on the network utilizing P2P for a variety of reasons, not necessarily to get a sneak peek at Matrix: Reloaded. That's illegal or at the very least immoral.
-Matt
--- Need web hosting?
I'd be more worried when somebody's prof finds of a homemade copy of "Me and my dormroom buddies get it on.mpg" starring one of the students. That or just when the computer admin gets it... not sure who is scarier.
I read that as "Girls Gone Wild - Spring Break #19 - The one where the shave the turkey".
Why don't all the filesharing networks, Kazaa, gnutella, etc., encrypt their searches with ROT13 and then slap malintentioned groups snooping traffic with lawsuits citing the DMCA. Since the movie industries pushed this to control their media, this would be quite an ironic usage of the DMCA. hehe
(of course, a way to get around the traffic hit would be to build a smaller, slightly less expensive internet just for the sniffer communications, but the costs for that would be pretty painful)
(Relating points 2 and 3 will mean the only thing the internet will be capable of anymore will be sniffer communication, but I suspect that would suit these guys)
I am in charge of the network/server department at our college.
.au files when I was in college thinking how cool it was that my box could play the james bond theme.
We have a limited connection to the internet, which is usually being eaten up by P2P traffic. Today, over an hour period, we had three students that used a total of 4G of traffic in an hour.
I don't care what the traffic is, but when legit work can't get done, such as our payroll system which uses SQL*Net across the WAN (bad idea to begin with, but that's a state bueracracy for you.) and their processes just aren't working, shit is gonna have to happen.
We blocked port 1214 (kaaza) and a week later the port switching version came out.
Right now we are facing the choice of either doing some severe draconian network policies or buyin a packeteer.
And how long will that work before the next fileswapping act runs with ssl over 443?
I feel for the students - it's something fun to do...hell, I remember downloading
Makes my life a pain in the ass - how to be nice and let legit stuff go on, allow some fun and experimenting to go on, at the same time "protect" the network and make sure it is available when need be.
is free! There is no extra charge when you live in the dorms or a on campus fraternaty or sorority. This gives the students even less say on what the bandwidth can be used for.
:). Kinda wish I was still there
I used to work directly under Brad Thomas and actually setup cricket to monitor the bandwidth on campus and as far as I know this is still working. The Packeteer software was added while I was working there while this new finger printing was added later. I know that the bandwidth from the dorms (as high as 50MB when unlimited) was killing voice and video trasmissions for remote schooling. Something definatly had to be done, they are not just evil.
Also I remember a couple of times where abuse@uwyo.edu would be hit by Sony records asking us to shutdown someones computer sharing illegal music on the net. Few switch commands later, *BAM*, the kid was disconnected until he removed the material. Kinda a fun job
Read the article buddy. They did do that, that what the Packeteer program was for. But the problem was that the programs and the students themselved were finding ways around it.
Kazza started hopping ports, very had to throttle the ports then. Also the students found ways to get around this, like httptunnels. Or the one I used at UW. I had a work machine that was unthrottled, so I setup a Socks server on my machine at work(I worked for the Network team at UW) and tunneled all my traffic though that. Worked great, expecially since all the other traffic was slow
I know now that they are having such a problem with bandwidth that internet access in the dorms is slow for anyone and anything you just can block a couple of ports and call it good.
We don't call the university U of Wyoming or UW(you double-you). It's U Dub (you dub) :P
Proud freshman flunkout!
I though the bandwidth would go down after I moved out of the dorms. Since I kept trying to /. it in my posts (succeded once too).
Like here Or here. Or even here.
Guess my old drinking buddies filled the bandwidth gap I left when I dropped out.
And downloading ISOs from an unknown source can be hazardous--which is why you always check the MD5 checksum against the one posted on the official site. So you grab 600MB ISOs from multiple people who are (ideally) closer to you on the network than the official site, and grab a 1KB file of MD5 sums from the official site, and all is well.
Maybe I misunderstood, please correct me if I'm wrong, but your post seems to imply that you think that anytime someone/some company does something that has the effect of furthering someone else's goals, then they are really doing what they're doing in order to help the other person/company. That's pretty flawed logic.
Suppose that I am married and my wife doesn't like guns. Further assume that in my house, what I say goes (I know, I know...but it's a hypothetical situation!), and I don't want the guns in the house because, though I like guns, I think they're too dangerous to have since we have children. By your logic, what I am really doing is conceeding to my wife, rather than making a decision based on my own beliefs, simply because it furthered her goals. That would be a wrong conclusion.
Now, back to the bandwidth thing. I am a network engineer at a large financial institution. We just upgraded our Internet pipes to 22 meg, because we need the bandwidth. Though we have plenty of money to pay for it, it may not be a cost effective move if we could have elminiated, say, 25% of the traffic (5.5 meg) through any valid (meaning, more cost effective) means. For a university (yes, I am very familiar with university networks and funding issues) this is even more critical, as their funding is much lower than where I work. And, in fact, even we limit bandwidth used by using a web proxy and by restricting sites that employees can go to (which, admittedly, does serve another purpose as well).
My point is, that this type of activity is very common, especially in well structured networking departments, primarily because a dollar that is spent on a recurring charge is a dollar that may be better spent elsewhere. The recurring charges are the budget killers, though some are necessary.
Just my $0.02...
Wow.. UW on the Slashdot front page... Amazing. Unfortunately the article hardly says anything, so as a former IT employee and currently part of the staff that deals with all things related to student networking in the dorms, I'd like to try and fill in the details: Unfortunately, Laramie is NOT a large town (26k counting students) and the bandwidth coming in is very limited. The University only has a 30 Mbit upload capacity coming through Cheyenne, which (limitedly) comes from the huge hub in Denver, CO and (so we've been told) "there isn't enough capacity going into Cheyenne for us to purchase more". Up until a year and a half ago there weren't any problems here with bandwidth. Then all of a sudden everyone is using P2P in the dorms and leaving outside sharing on. It wasn't a problem of people downloading with P2P, it was the rest of the world downloading from us. There was so much traffic going out of the dorms that the entire university network was slowed to a crawl. Their solution at first was to just limit the dorm traffic to 10Mb which fixed the problem for the rest of the university but made it impossible for me to even read slashdot from my room. Naturally that was still a problem, as even legit HTTP traffic couldn't get through. They've been messing with packeteer for a long time but can't come up with a good solution. Right now HTTP packets have highest priority, followed by FTP (which wasn't allowed any priority at first until a lot of students complained) and just about anything else is like squeezing the entire population of China through a single revolving door. Speaking of telnet.. I can't telnet to anything off campus from my room unless I want to WATCH the packets arrive every 10 seconds or so. P2P traffic is about 20 times slower than a modem (but everyone still uses it.. as I sit here writing on my ex's computer next to her latest list of mp3s to download). So how do the geeks here survive? A lot of people are running local FTP servers, which is all I use any more. We can't play networked games off campus, so we have set up our own servers. But even that didn't work- Games like counterstrike which needed outside authentication would time out after 60 seconds. We managed to fix that problem with http tunnel. Almost anything can still be tunneled out and is unaffected by the packet shapers, provided you can find a good, reliable proxy on the outside. As far as getting busted for file sharing, we have shut off quite a few ports because of letters from the RIAA/MPAA, but for the first offense the students are only required to give us verbal confirmation that all of the illegal material has been removed before we enable their ports again. After that the ports to their rooms are shut off for the rest of the semester. Oh, and as far as an agreement? I sure don't remember signing anything related to the network usage. Personally, I don't see anything wrong with them snooping the files going through to help increase the legit bandwidth, as long as they aren't trying to crack through encryption and they don't snoop local traffic. I also think they should look into local file servers... you'd be amazed at what you CAN'T find on a 320 Gb ftp server filled by students... I never have to get anything from off campus anymore, unless its the latest source code for my Gentoo box (wget through HTTP works beautifully). At least the article picked the right person to interview as Brad is one of the few people over in the IT department with a clue. Sorry, couldn't let the article make our IT department look like they really know what they are doing. Really they are just being guinea pigs for this new software that the article is hyping up. IT is, however, doing a good job of walking the fine line on illegal P2P sharing. As Brad stated, they have a somewhat "don't know, don't care" policy while at the same time acting as MPAA/RIAA whores upon request (which I think is what this software is really for). Anyway, hope I could clear up a few things for you from someone who has been quite involved with all of this. Post questions, I'll be happy to answer. --An Anonymous Coward, even though most people from UW already know who I am now-- And uh.. mod this up/link it to the article
You are seriously mentally deficient if you think students own ANYTHING that the University owns. Tuitions don't even cover the total costs of getting an education, and haven't for decades. Ever hear of Endowment funds? If anything, the alumni own the universities along with corporate donors, the government, and philanthropic individuals.
And no there won't be riots. Not as many students think stealing someone else's intellectual property is as important as being able to get your class mate drunk enough to date rape her.
Mac OS X and Windows XP working side by side to fight back the night.