Slashdot Mirror
New Kazaa Lite Protects Identity
Denver_80203 writes "Found this story about the new Kazaa K++ 2.4.0 and it's new sister program which claim to protect your identity while sharing files. Any of you folk know how legit this could be? We all knew it wouldn't be long... is this the war or just another battle?"
Hurrah! It's about frickin' time that this came out... Now let's just pray the developers didn't make a deal with the RIAA and are sellign our identities to them with this new version. So, what's the verdict on it, fellow geeks?
That's what I needed : something to hide my fake identity
Just in time for the next move in this move-countermove chess game. . .
Begun, this copyright war has.
Who wants to bet that the news won't report that filesharing has jumped back up %15, and then some with the advent of this.
I don't know if Kazaa K++ can hide your identity, but what I do know is this: Kazaa K++ is an excellent program. It is so much better than vanilla Kazaa. No ads, spyware, many cool features make it a great program.
#include "sig.h"
From what I have seen, it just has a list of ips of law enforcement and record industry computers. Not a very fool proof method, but better than a tin foil hat.
"My head hurts, My feet stink, and I dont love Jesus." -Jimmy Buffett
I stopped using Kazaa for a while, or only briefly. Now I can go back to being a file whore and stop using those unreliable BitTorrent sites.
~S
Why not K++0x? ;)
is protection from R*AA, not identity protection.
If you keep throwing chairs, one day you'll break windows....
Well K++ edition bascially contains a wrapper on the Kazaa application so that one can modify the memory accessed by Kazaa easily, and thus those who use K++ edition automatically has the K-Lite Master (1000) ranking on Kazaa. Its simply a matter of manipulating the values at the memory address.
I would think that extending on that principle, they could write protect or just dump gabarge into the memory space where idenities are stored.
Of course, I don't have the K++ source, so how would I know, it's just a theory.
for pushing us to come up with ingenous ways to screw them. When the heck will they wake up and realize whatever they try they can't subdue filesharing. Why not just make it easier and rake in some money (read profit. anything more than 0 is...). sheesh. is the org run by a bunch of retards or what?
Both Kazaa K++ and Kazaa Lite, two very similar modifications to the Kazaa file-sharing system by Sharman Networks, now contain hooks to the PeerGuardian database of IP addresses
Database of IP addresses is going to protect us ?
Cmon now. What prevents RIAA from using anonymous IP blocks that they can purchase legally for use?
Siggy Say, Siggy Do
Is there an alternative I am unaware of?
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
Blocking the IP address or range of addresses that they suspect the RIAA is using. Yeah, that'll stop them. No way they'll be able to scan from a different IP. I feel safer already.
Not letting people see what other files a user has might be a bit more useful, but I don't think either of these measures is going to do much to stop the RIAA from prosecuting people.
I am NOT a man!
I am a free number!
Interesting. Since I know 0 about PeerGuardian, I suppose this may be effective (or not). Does anyone have a documented analysis of how this works instead of some vague news report?
Also, I don't mind sharing the music on my hard drive (it's all indie and OK'd to be there), but that said, do firewalls protect your IP identity or are they useless for that? Unclear about what tools may be used in conjunction with p2p to cover your identity.
Peace.
From the article, all this seems to do is some basic housekeeping to ensure that your search history is not stored, and interact with a database of IP addresses known to be used by the RIAA
:)
This doesn't seem to be anything revolutionary, or, interesting.
If the services went through some kind of anonymizer, that would be cuter. Of course, the bandwidth demands would be huge.
What may be an alternative is to produce a collaborative download system. I request a download, which is proxied by another random user (provided I return the favor). Even if you had RIAA sniffers, all that could be proven is that MY IP address downloaded something, but not the ultimate destination of the data.
Of course, if I have illegal music on my PC, then I am still screwed. But I leave solving that problem to the reader
You mean I can't practice hand-eye coordination with K++? Stink, back to those darn violent games...
"I'm only downloading $GOODIES that I own." or "I'm doing nothing wrong!" ? While I love these new features, it's an overt attempt at blocking the RIAA/MPAA. If the sharers really think they're doing nothing wrong then why use these new mods in the first place?
That said, I'm downloading the new KazaaLite to home.
Trolling is a art,
As legit as sharing copyrighted files? ;) IANAL, but I doubt that the Recording Industry Ass. of America can use existing laws to prevent this being done (although I doubt that'll stop them trying).
If the Kazaa guys have done it right they may even be able to wave the good old DMCA under the Recording Industry Ass. of America's nose if they try to crack the system as well (oh the irony!)
But this is just the latest volley in what is going to be a very drawn-out and bloody Information Cold War.
It looks interesting, although I'm not quite sure about breaking standards (by spoofing the packets) in favour of privacy...
You can't shut us down! The Internet is about the free exchange and sale of other people's ideas!
I already protected my identity. I am John Doe at 123 Abc St. My email is JohnDoe@kazaa.com. How could they possibly find me?
*knock* *knock*
Umm.. yeah.. I'll finish this post la.. *ouch* Not so tight with the handcuffs.
The new feature that blocks users from seeing ALL files, however, is VERY smart. All 50 million users (pulled that number out of thin air, should be close) now appear to be sharing only the ONE file you searched for. Makes hiding in the sea of users fruitful.*
* Disclaimer: Don't steal music. :)
How can you hide your identify on a Peer2Peer system where other users get your IP when they connect to your machine to download stuff (for backup reason of course)?
:P
I doubt there is a way... netstat kills your privacy
--
One by one the penguins steal my sanity...
The new versions contain several features designed to foil scanning attempts. PeerGuardian attempts to catalog a range of IP addresses used by or suspected to be used by labels, the Motion Picture Association of America, the Recording Industry Association of America, and other agencies. The database is built by contributions of individual users, although the methodology used to determine and verify the IP addresses is unclear.
Stop trying to flood my P2P network...
Now we have blacklisting and whitelisting (through Sig2DAT). Though both of these methods together would seem to defeat P2P "spammers", the easiest way for them to get around this might be to spam the whitelist. The next move in the P2P wars remains uncertain.
Webmaster Wanted - Entropic Reactions
First there was napster, which was shut down through the courts, so people made kazaa (ok, I'm skipping a few steps) which is harder to shut down through the court system, so The Man decided to go after individual users... so kazaa made it harder for them to do that...
It's just going to go on and on and on.
To bad kazaaa can't patent the communication protocol, and not license it to RIAA... <SARCASM>Maybe we should enact a law to explicitly enforce these patents</SARCASM>
RIAA is not interested in punishing the typical computers nerdies, they try mostly to reduce common user P2P networks because they are too easy and too open compared to XDCC or FTP forms of warez. Now everybody (even if you are not a techie) can download a P2P program and start downloading and sharing the programs that you already have and eveybody knows at least 1 or 2 names of P2P program.
To stop P2P programs they actually attack companies, development groups, warez releasers groups and people who own a P2P hub. And I think that they are not interested in getting your IP as they could not arrest downloaders (for corporate image, money issued ...). They also try to make software pirating look as bad as hacking, while you cannot link these activites.
Don't you know it is now both immoral and criminal to think beyond the next quarterly report?
"Users of the latest versions of Kazaa Lite and Kazaa++ also have the option of disabling a function that allows remote users to see what other files the user has. "
If everyone did this, wouldn't that kill P2P file sharing? Isn't that what the RIAA wants to happen anyway?
...but the RIAA can easily get around this block of 'known' IP addresses.
To borrow from the other scourge of the internet, They'll just pay people to work from home for $1000s a week!
All they'll do is pay some one who wants money to run their program using their home DSL, Dial up or Cable Modem. Then the blocking of RIAA's 'known' addresses would become as big as every high speed residential network on the planet.
As a rock-in-roll Physicist once said, No matter where you go, there you are.
Is this a new euphemism for "ownz0r3d and h4X0red out of existence, again"?
When I am king, you will be first against the wall.
This is a nice idea, and one way to approach things. I'm just not positive that it's effective.
The RIAA won against Verizon in court, and can now request IP addys, logs, and user contact info. So, this doesn't really slow them in that sense.
Additionally, what's to stop the RIAA from getting a bunch of DHCP home accounts under a subsidiary's name instead of their own? The possibilities for playing catch up here to add more IP ranges are endless.
This is a neat little effort, but doesn't fix the greater problem of balance in copyright law/infringement/fair-use.
It's the proverbial finger in the hole in the dam.
Lulu.com- publish your stuff! Creative commons compliant.
In other P2P networks. Freenet and GNUnet both offer crypto and anonymity. Freenet isn't a P2P app in the pure sense. It's more of an underground www. GNUnet has better anonymity (theoretically - due to it's ability to resist traffic analysis attacks), but it is a younger project.
When it's time to retreat from gnutella, these represent the next stage in the information war.
Here's a question that popped into my head while reading this story:
/is/ in that legal grey area and isn't clearly illegal, isn't it a really stupid move regardless? It seems like by hiding the people pirating the distribution-prohibited music, it helps give the RIAA /more/ reason to jack up CD prices and impose arm-bending DRM practices.
/cause/ that they can wave around like a flag in the newspapers and on TV news programs that don't do the proper amount of research into the issue.
:-/
Is this legal? If so, should we really advocate it?
If people are stealing music, and a company attempts to block the people from whom the music is being stolen, with the intent of protecting the identity of the pirates, isn't there some line that's being crossed somewhere?
And even if it
No, I don't think music piracy is the big reason why CD sales are falling. It's a larger issue than just p2p apps, but it gives the RIAA
I digress.
This is really stupid of KaZaA to do, bottom line, I'd say.
Mikey-San
Karma: +Eleventy billion (mostly affected by watching Celebrity Jeopardy)
I understand your reasonable concern about k++ not concealing your identity. However, if everyone quits sharing files to avoid possible trouble with the RIAA then they have won.
I'm far from tech-savvy... and this may have already been mentioned... but couldn't the p2p software programmers just do some sort of IP masking in the software? To hide the IP addresses from the users? Yes... there has to be a way to decode it to transfer files within the program, but if the **AA reverse engineers the encoding to get the actual IP's; Could the software owners slap a DMCA'ish lawsuit on em?
I don't have a sig.
My favorite is mldonkey, which hits a whole bunch of different networks, including FastTrack (which Kazaa uses). The gui is separate from the p2p application, so you can turn off your workstation but leave your downloads running on your server in the basement.
I'm utterly impressed with it. Very easy to use, and I really like being able to hit all the differnt networks at once. It's also pretty cool having native guis available for linux AND windows.
I run PeerGuardian's list on my system (either with its standalone program or through using its list with Sygate Personal Firewall). I've contributed IP blocks to it as well. So, unlike the sanctimonious among /., I know what I'm talking about here.
What I can't understand is why so many people here seem to be down on it. Here is a project that's free as in beer, free as in speech, receiving a great number of contributions from a tech-savvy community, helping to maintain privacy rights, and is making a solid attempt to send a message to the **AAs. This sounds like something the Open Source community would jump on as an example of community action to solve a problem. The fact that K++ is offering it will increase participation among users.
(By the way, the list is not only being constantly updated, a number of times a day, but it's being continually scrutinized for bad or inappropriate ranges. Congrats to eremini, dingdongding, and c00kies2000 for some great work on getting rid of inappropriates and dupes.)
It's not perfect, but it's a good stopgap until a better solution can be found.
The Spie
If using Linux is about choice, how come people complain when I choose to use Windows?
From this perspective something like a proxy for file transfers is not so important (not to mention fairly impractical). If other users can't see your full library and can't see your IP address in their search results (the latter might enable smart bots to "guess" what your library contains), the only way they can determine that you are sharing massively is to download tons of files and see which IP addresses crop up. This is because they will only see your IP when they actually start downloading.
All this to say that with the latest changes in K++ and Kazaa Lite, even big time file sharers can probably rest easy.
Peer Pressure
The recent versions of K++ (not sure about the basic KazaaLite) will let you jump supernodes, and keep hitting 'search more' until you run out of local supernodes. I'm finding it much easier to get matches on obscure stuff with these options.
Bittorrent trackers do fail quite often. I am sure you haven't used the program enough for that to happen yet. This is a problem especially for larger .torrents. Think of one 800Kb file being downloaded 10 million times, like when the Matrix reloaded was released. 800 x 10000000 = 8000000000 or 8 billion Kb or 8000 GB of bandwidth. Now, can your fileserver sustain 8000 GB of bandwidth in tracker files, not to mention the initial few seeds? We are talking serious server-rot.
We're only gonna die from our own arrogance, that's why we might as well take our time...
Are the RIAA limited to legal methods for gathering evidence of filesharing? If so, why not encrypt the packets sent by the programs with something very simple (heck, rot13 might do) and claim that everything transmitted is your own IP? To prove that you are illegally sharing files, they'd have to defeat the encryption and thereby violate the DMCA. Wouldn't that make all incriminating data inadmissible in court? IANAL, could someone clarify?
-- Language is a virus from outer space.
Sanity check, anyone?
Life is like surrealism: if you have to have it explained to you, you can't afford it.
It aint gonna work. The reason is simple : The rules have changed. Distribution of music is now much easier and cheaper than before and a large chunk of the old distribution network is *no longer necessary*. This is totally irrelavent as to weather or not this new distribution model is legal or not. It is happening. It probably cant be stopped(I mean the software industry tried and failed thru the 80s/early 90s)
So now the RIAA have several choice.
1. Try to roll back the technolgy that enables this new distribution channel. This is possible but not very likey.
2. Use more draconian law enforment techniques. Posibble but I mean whata ya gonna do... start sending colleage kids to prison ? For what stealing a Brittney track ? Is this what we want ?
3. Try to adapt to the new medium. Be creative and come up with new profit channels that take advantage of the medium.
Personally I dont think 3 is very likely either... I think RIAA is going to have to be dragged kicking and screaming into the 21st century.
Actually the thought just came to me that an interesting way to fight back would be having filesharing software somehow totally blacklist access to suspicious networks at the PC level (meaning not only filesharing - everything).
...
The blacklisting should be done at a higher level than machines only - the whole network of the ISP providing RIAA with access should be blacklisted if one or more machines in the network are being used by RIAA (or related entities) to scan for filesharing.
Also, the user of the filesharing program should be given a choice - "Do you want to block access to and from networks where RIAA is scanning filesharers (Yes/No)?"
My basic idea goes down to a bit of social engineering - please follow me on this one:
- RIAA contracts with an ISP to provide it with network connectivity to the Internet.
- RIAA then uses machine(s) over that network connection to scan filesharing networks.
- Said activity is detected (exactly how i don't know)
- The whole network for that ISP (or at least a significant portion of it) is blacklisted in millions of machines (all those running the filesharing app). This can be scalled up to bigger sub-networks (the ISP of the ISP) if needed.
- Other entities hosted on the same ISP are also in practice cut-off from some of their (potential) customers. Mostly their websites are ineccessible from millions of machines. This is especially bad for online shops and ASPs.
- They complain to the ISP.
- The ISP, faced with the choice between keeping RIAA as a customer and loosing several other customers or simply dumping RIAA will find that the choice that makes more business sense is dumping RIAA.
- Eventually, RIAA and it's associates will become persona non grata to most ISPs (as in, they choose to not take RIAA's business).
The nice thing about it is that it's all absolutelly legit:
- Each individual user chooses to accept an autometed cut of contact with those networks that provide access to filesharing scanning. Everyone is in their right to do so.
- ISPs choose to not sell their services to RIAA. It is their right to do so.
Now, this whole theory has some holes in it, and a couple of weak points (not to mention no solutions for the technical problem) - still, a distributed, voluntary system that makes it bad business for ISPs to provide access for companies that do filesharing scanning would leverage the power of those "hundreds of millions of users" of the filesharing apps.
Comments please
(With many apologies to Paul Graham)
What Kazaa Lite has now is equivalent to blacklists of spammers and spammers domains. We have already determined this strategy alone won't solve the problem.
The next logical step is to combine the lists with a distributed statistical filter capable of identifying RIAA hosts by search pattern and IP pattern. Since it is happening in a connected network, each peer filter can then broadcast its guesses and receive other peers guesses. Locally you can build a trust list based upon the likehood of search comming from a RIAA host.
Obviously this have problems.
One problem is the lack of significant search samples to make decisions. We would have to see an implementation to discover if it is mathematically feasible.
RIAA can also start trying to close down sharers by broadcasting their IP as "riaa-like" from a great number of peers. The way to avoid this is having all peers checking "the evidence". If the sharing IP and its searches do not match RIAA pattern, the call is probably bogus and those IPs broadcasting it are probably RIAA's. Backfire on them...
Another danger is RIAA using a range of IPs large enough to endanger the network connectivity. This is probably too expensive, but RIAA is probably too rich too.
Anyway, my point is that since the data is there (RIAA is searching the networks for the sharers), one can always analyse this data and try to extract as much information as possible from it.
Let's see... is freenet a good, safe alternative to current P2P apps? Let's consult the Freenet FAQ:
Is Freenet searchable?
No search mechanism has yet been implemented.
Bzzzzzt! Sorry, you lose. Try again!
The thing is, the RIAA has subsisted all along on being the middleman. They don't really DO anything. Sure they promote new albums.......oh wait, no they don't, they have ad agencies and their ilk to do it. I know, they press cds......oh wait, no they don't, they outsource it to record pressing companies.
The RIAA(meaning the record companies) only exists because the artists and the consumers haven't really questioned their existence. Artists stand to make a lot of money without the RIAA in place. Why not make all music free? If you want to brave the p2p networks for different quality mp3s and such help yourself. OR, you can pay $5 directly to the artist to download the cd from their website.
Artists can make MORE than enough money from licensing their music(think movie scores, and commercial soundtracks), and live performances. Without having to pay large portions of their income to the record companies, artists stand to make a LOT more money, once the RIAA is gone.
The artists you see fighting p2p etc, are the ones that NEED the RIAA to survive. I'm talking about the sell-out corporately manufactured groups that wouldn't last if the RIAA wasn't there to spam their name all over the radio and mtv every 10 minutes. Those are the only artists that NEED the RIAA, and if we lose them, frankly, here is one slashdot poster that could care less.
It's not that I mind paying for music, but isn't it about time for a paradigm shift? Natural selection has provided an easier and better way to get new music and the record companies are a dying breed.
I have a couple thousand mp3's on my hard drive that I didn't pay for, but I also have heard a lot of new artists that I will jump at the chance to see live, or buy merchandise from.
I'm a bit of an aspiring dj, and I buy records from artists that I've heard and liked through p2p. If it wasn't for p2p those artists wouldn't have had my purchase.
The problem doesn't lie with the consumer.
I would expect such blatant racism on Fark, but on Slashdot? Mods please ban this asshole.
Recently, the file trading networks have been having some limited success by using the argument: "If there are significant other legitimate uses, a technology cannot be shut down because of its possible uses for piracy."
K++ is touting as a major feature being able to block law enforcement's (you think the RIAA won't play it as their lawyers attempting to do the work of the police?) attempts to crack down on its illegitimate (yes, yes, I know everyone thinks it's legitimate but the law doesn't) uses.
Surely they've just handed the RIAA a victory? They've said, "We've been sneaking in by claiming we have legitimate uses, trading all types of file - and now we've proved that our real purpose was piracy all along."
Yay. In one step, you've got 15% of users back for the couple of months before the policy offers the RIAA all the justification they need to shut you down entirely.
I installed the new version of Kazaa-lite and it apparently turned filesharing on even though I had disabled it previously. (Note: I say "apparently" because I did not check the setting immediately prior to the installation and it is theoretically possible that some other process had turned it on.) This was done despite the claim on the website that "You can just install this on top of a current Kazaa Lite installation. That way all your settings will be remembered."
While people can debate the ethics of not sharing, how it affects the viability of P2P networks, and so forth, it should still be an individual choice.
Turning on filesharing without the explicit permission of the user could put the user in violation of the policy at their ISP or their work. It could put them in violation of federal, state, and local laws. It could open up a big security hole, causing the user to share files that they never intended to share. This is not something that should be done without the user's knowledge and permission.
Hello, and welcome to The FreeNet Project. Enjoy your stay in our 100% anonymous file-sharing/storage p2p network.
The point is that you cant share ANY of the file under fair use. Its USING the file that is fair, not sharing it.
And in the end, you have the whole file on your computer, which is clearly in violation.
This is a dead end. Fight the battle in trying to establish real fair use laws, not in trying to find wierd loopholes that will just be easily closed
If 20 second clips are allowed why not just make you whole downlodable collection of mp3's 20 second clips. For example Metallica - Shit Song cut up into say 9 20 second demos. Then use a file spliter to put them together.
Metallica - Shit Song Demo 1 20sec.mp3
Metallica - Shit Song Demo 2 20sec.mp3
Metallica - Shit Song Demo 3 20sec.mp3
Metallica - Shit Song Demo 4 20sec.mp3
Metallica - Shit Song Demo 5 20sec.mp3
Metallica - Shit Song Demo 6 20sec.mp3
Metallica - Shit Song Demo 7 20sec.mp3
Metallica - Shit Song Demo 8 20sec.mp3
Metallica - Shit Song Demo 9 20sec.mp3
http://wwww.futureassassin.com
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Judge Richard Posner, a highly regarded Seventh Circuit Judge recently wrote an opinion upholding the Aimster injunction that tends to suggest that identity protection for file sharing is more likely to support a claim for contributory infringement of the vendor than not. The opinion, while troublesome in many respects, is probably the most intelligently written articulation of the 9th Circuit Napster reasoning we are likely to see, and will likely be deemed a persuasive authority by most District Court Judges. That is, until and unless the Supreme Court speaks clearly on whether they meant what they said when they wrote in the Sony Betamax case, that regardless of evidence of wrongdoing there can be no contributory liability for distribution of technology that is capable of a substantial noninfringing use.
My problem with the Napster, and now Aimster, opinions is simply this: the 9th Circuit adopted a broader view of the liability of a technology manufacturer in the Sony Betamax case, essentially a "substantial infringing uses occur means infringement by vendor" test, which was discredited and reversed in Sony, which adopted the "substantial noninfringing use possible means no infringement by vendor," almost the very opposite result. It is hard for me to understand why, when the 9th Circuit essentially brought back the same analysis in its Napster opinion that got "sent home" in Sony, that Judge Posner would so freely adopt it here. To be fair, he explains his reasoning very, very well -- I just don't find it persuasive in view of the law and its underlying policies -- contribution isn't about expanding copyright to permit technology regulation.
To me, the question isn't whether the technology is being used poorly -- even by most users -- if it is capable of a substantial noninfringing use -- in which case there should be NO liability for contribution. (To get a sense how far the Supreme Court went, there was survey evidence before the District Court showing that 50% of the Betamax users were doing some infringement.) The question should be whether the technology vendor was affirmatively and actively inducing others to engage in infringement, as was the case in Napster and, arguably, Aimster.
Time will tell. But until the Supreme Court gets to this, it looks like the Posner account of Napster will be the final word on this question of law. Note, however, that his remarks on identity protection as indicia of wrongdoing are very troubling -- one of these days, perhaps in a few more years, perhaps, if we don't have any more tall buildings hit by planes, we really need to affirmatively try to get the courts and the Congress focused on privacy again.
Why don't we put a EULA in the new Kazaa programs, which say something like this:
I don't belong to any organization related to RIAA.... I won't use any information obtained from the use of this program, or the study of the way this programs works, to sue others users of this or related program... I don't suck
And then require, from some point in the near future, that everyuser of kazaa has accepted this EULA
IANAL, and I don't know how an EULA like this would stand in a court, but should work for a time at least.
In the worst case, if the EULA doesn't stand in a court, it would provide a good case against crazy EULA's
It's a win-win!!
I think I've mentioned this a long time ago but I didn't really hear many responses.
What about a system where you sign in and the server assigns you a buddy. You submit a search which goes to your buddy who then executes the search and sends you the results. If you download something it actually goes through your buddy first and then to you. If your buddy gets a search request, he actually queries your files and sends a response. If you don't get a response from a budyy in a reasonable amount of time, you send a message out requesting a new buddy.
I know it would be less efficient but wouldn't it make it much more difficult to trace an individual user?
Darcy
Pretty much works the same way as Security Through Obscurity if you ask me.
Although it blocks users from browsing your files and blocks queries from known malicious IP's It would not stop the RIAA from downloading from you from a not yet known malicious IP, Proxy, wierd "Save the Music Industry" Campaingn where they pay you to hunt down P2P Users, ETC.
Basicially if they do a search for "St. Anger" on Kazaa, Download it, and verify that it is "St. Anger" they have an IP going to somewhere. And that IP now has a big red Bullseye on it whether it's a proxy, a user or whatever else that could obscure your idenity.
The only way to truthfully be anonymous is to be encrypted, swarmed and stored all over the place by hundreds of users like Freenet does it, and even that gives them an IP to paint a target on with the excuse that even though you dont know what your PC is sending thats no excuse to infringe. Although the courts would have to decide that.
In Soviet Russia, Trojan exploits YOU!
the RIAA exists because traditionally it has been very expensive to break into the music business.
now that the wall is being torn down, the RIAA is going out of its way to try to ensure its relevancy. (payola, tighter distribution contracts with artists, destroying the credibility of digital distribution, etc) it sucks - but it's all legal.
all that aside this is about theft. downloading mp3s for material you haven't paid for -is- theft. whether it -should-be- or not is debatable. but under the law, it is. bummer.
so this little arms race may be between the good intentioned hackers vs the big bad corporation - but legally it's just pirates against copyright holders.
the fault -doesnt- lie with the consumer, it lies with the pirate. if you've noticed, not even the RIAA is saying 'p2p is bad' anymore. the specific practice of illegal distribution of music is what they're fighting now.
they logistically can't (and don't even try to) sue -you- for downloading. it's not obvious from the information available within a p2p app whether or not you are downloading a song you have fair use rights to (if i own nevermind, i can legally download the mp3s for that album) - and it would be financially prohibitive to even try to figure that out.
-however-, sharing the files is absolutely illegal. the RIAA -owns- the distribution rights for signed artists, and you are infringing on their copyrights by pirating that right.
sure, maybe some day the artists will wise up - but until then, you -are- breaking the law. get used to it, get an ipod, or uninstall kazaa. check your justifications at the door.
and whether or not p2p affects CD sales is irrelevant. discussing that is like trying to justify theft from a profitable business because they're still profitable despite the theft. sure - it's a neat little communistic self-delusion - but it's still theft under our laws.
// "Can't clowns and pirates just -try- to get along?"
Why father purchased records when he was younger, I like to listen to them. He has given them to me.
I no longer have a record player and even if I did I would prefer to listen to them on my computer. I download "The Great Pretender" off Kazaa.
I purchased a cd, my daughter then played ruined it(my fault shouldn't have left it out). I then downloaded the cd of Kazaa, created a new cd.
I believe in the above two examples I have broken the law. The RIAA would like to see me hang i guess.
Do most people steal on kazaa? oh yes, but in the above cases what other good options do I have?
The RIAA says that I should take better care of my cd. I say I already paid the royalties for the cd, why should I have to pay them again?
They leave no alternative other than buying a new cd. Ain't gonna happen.
btw, I do have a JOB, a wife and two kids. I have lways had a JOB, since high school and during college and now.
The RIAA lumps people like me(doing the above) with people who download and then burn cd after cd without ever paying for them.
How touching. Someone is concerned about Kaza-lite "put[ting] the user in violation of the policy at their ISP" and "[...]in violation of federal, state, and local laws." I'm so glad someone's concerned about trying to obey the laws and legally binding contracts!
I'm sure you're just using it to put up scans of your art work you've put in the public domain, get the latest linux, and share open source PHP scripts.
Right?
You're not trading music, warez, and other stuff you don't have legal rights to.
Right?
Kazaa's next version will be K++0x.
They could just send 'cease and desist' to each single user.. and request letter to the corresponding ISP to shut the user down.
:(
One file is just as 'illegal' as one thousand..
Only costs them a few pennies to send it out. Then prosecute for big bucks the people that don't obey the order.
Not much different then the old days of mass mailing US-mail Spam.. I bet they would eve get a bulk rate
---- Booth was a patriot ----
I believe the next major advance in P2P technology will be the inclusion of reputation management / trust relationship technologies.
How do you know which IP's to blacklist? How do you know that the file you're downloading isn't a trojan?
I don't think the answer is in a centralized database of 'evil-doers'. That's an arms race that can eventually get everybody censored. Especially with dynamic IPs.
What needs to happen is you have to earn a reputation before you end up in those search results. You do this by people vouching for the quality of your files and not being a mole. Trust is gained by WHO vouches for that person and their metric of trustworthyness.
There should also be an option to restrict access to a given file to those within your web of trust so when the death squads in your country are looking to kill people serving up books about democracy, they can't just do a search real quick.
After we achieve a trust framework. I believe the next step will be dealing with traffic analysis. However, I'll rant about that when the time comes.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
So you installed a P2P file sharing app, and it turned ON file sharing?!
Those BASTARDS! This is a conspiracy of machiavellian proportions!
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
The threat of being accosted by the RIAA is reduced significantly when one has a dynamic IP. Even moreso, when one has a dynamic IP that changes on an hourly basis, and is not tracked by the ISP providing IP services. One feasible way to foil the RIAA's plans to track down users based on IP, are for ISPs to band together and establish a new "anonymous" internet access standard. ISPs which don't keep logs of which IP belonged to which user at which time, and then forcing a new IP on every user on an hourly (or hourly + random number of minutes) basis.
.. the proxy network needs to be depolyed as an anonymous internet access service, it needs to be marketed like that, and if need be it needs to be defended in court like that.
Then when the RIAA with their lawyers and their hounds and their warrants show up on the doorstep at SomeISP.com, SomeISP.com can shrug and say "Sorry, we don't know who was using those IPs at those times; we don't log that information. Oh and those IPs that you're curious about aren't unique to a single user from one hour to the next, either."
Although such an extravagant system is hardly required if ISPs will just...not keep logs of who has which IPs at what times. That right there is really all that's necessary in order to put a stop to the threat of the RIAA. If they've got no way to "lookup" your IP and "resolve" it to your name and address, they're up the creek without a paddle. heh. Unfortunately I think that this kind of tracking is required by law. =\
An intermediate proxy layer is probably required to protect peoples' identities while maintaining responsibility to the law. If no data were transferred directly from peer to peer, but all data passed through an anonymizing proxy service, then there would be no way to track individual IPs to individual users. The proxy service would have a range of IPs that it would block from using the service; mostly overseas numbers and government agencies. But the proxy service would have to be generically available for any level and type of data transfer on the internet, so nobody can say "That proxy network that soandso developed is just there to make piracy easier!"
To make an analogy, creating this proxy service is much like becoming a gun manufacturer. People will show up on your doorstep (the RIAA, their hounds, their lawyers) and proclaim loudly that you are irresponsible and you make only tools of destruction (destruction of their capitalistic heirarchy which dictates that they get boatloads of cash and the music creators themselves get jack). But when you refute their claims you need to make sure that you do so from a platform of freedom and independence, a platform of neutrality that doesn't advocate breaking the law, but one that does acknowledge that it may be possible for the law to be broken through the use of its products. Care must be taken to portray the proxy service as a simple anonymizing service without advocating any one single use or purpose. Smith & Wesson don't say that their guns are only good for killing people; but they do say that they make damn fine guns. It's all in the marketing and the picture you paint for people to see.
Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
Actually, the folks at UDPP2P had an interesting idea in this regard. The client negotiates through the search network to find a server, but doesn't gets that server's IP. The server sends the data via forged UDP packets, encrypted, with some extra code to correct for out-of-order and dropped packets.
/. a while ago about a similar method of sending data; you take a big, not quite square matrix M and multiplied the data file by it, getting a bunch of rows; you send these rows along with row IDs; once the receiver has enough of these rows, he can construct (using the row IDs) the inverse of the submatrix of M that spawned them, and derive the original message, even if the rest were dropped or corrupted. VanderMonde matrices work for this, although I imagine there's a sparser solution.
..AA can still set up a fake server which logs you, since the server knows the client's IP, unless you proxy, which would cost in bandwidth. Or, you could send it to someone on the receiver's subnet and let them sniff, which wouldn't entirely give away their location.
I think there was a paper on
Of course, your ISP/firewall wouldn't necessarily be happy about sending out all those fake UDPs, and many university networks throttle them. Also, the
Perhaps one should point out that this is practically a new internet protocol, requiring root access and stuff... it might be better for them just to use IPSec with address hiding.
I hereby place the above post in the public domain.
Jury nullification is very rare. It is certainly not something you can count on to say with 100% certainty that "the RIAA will *LOOSE*. And they know it."
With all due respect, I think you are engaging in wishful thinking.
This also isn't realistic. If they lose one at the trial court level, it isn't a binding precedent. (Particularly if the loss is due to jury nullification.) It isn't like they can't afford to file more suits. All they have to do is keep trying until they find a jury that actually follows the law (which shouldn't be that hard to do) and then ruin somebody. Then they will have their headlines and their head on a pike.
Anyone who thought they were safe after a single case of "jury nullification" would be an utter fool.
Only Women Bleed (Sex, Sharia remix)
I don't care if you two keep arguing, just quit spelling LOSE wrong...
(1) All users must register their filesharing client.
(2) The first thing the client does is upload a VERY SMALL "guilt file" to which kazaa, napster, or whoever wrote the client, has EXCLUSIVE rights. The user is now in cahoots before he ever downloaded anything. Before a client downloads any single file, he first uploads 2 "guilt files" to the sharing user. This verifies that the requester has implicated himself. So he is guilty but not to be punished.
(3) User must click "I Agree to Terms of Use."
(4) Term of use 1:
"I recognized that I have already violated a copyright just to launch this application. I understand that I will be sued, if and only if I decide to press charges against anyone on this network who violates my own copyrights on this network. I agree that the terms of settlement will be as follows: any spoils I achieve by copyright lawsuit, or by settlement, using this network, I agree to pay in double to kazaa, napster (whoever wrote the client). 75% of that will be returned to the original victim of the lawsuit." So it actually PAYS to get sued.
"I understand that for each file I have downloaded, I have, myself, illegally shared TWO files. I understand that I am pardoned of my offenses, so long as I pardon everyone who has offended me." ("Forgive us our debts, as we forgive our debtors.")
(5) Term of use 2: "I am not using this software as a third party agent." i.e. I am not a private investigator, lawyer, snoop, cop, stool pidgeon, etc., I'm just a joe using this client for his own purposes.) This term reduces the risk that RIAA hires a little kid to do the download and then films it as evidence.
Neat huh? I want to see it! Those laws (that the RIAA has democratically bribed our politicians for) would work against them SOOOO harshly here.
SWEET!
-The REAL Sam
"Forgive us our trespasses, as we forgive those who trespass against us." -Jesus Christ The Lord's Prayer