Slashdot Mirror
New Kazaa Lite Protects Identity
Denver_80203 writes "Found this story about the new Kazaa K++ 2.4.0 and it's new sister program which claim to protect your identity while sharing files. Any of you folk know how legit this could be? We all knew it wouldn't be long... is this the war or just another battle?"
Hurrah! It's about frickin' time that this came out... Now let's just pray the developers didn't make a deal with the RIAA and are sellign our identities to them with this new version. So, what's the verdict on it, fellow geeks?
That's what I needed : something to hide my fake identity
Just in time for the next move in this move-countermove chess game. . .
Who wants to bet that the news won't report that filesharing has jumped back up %15, and then some with the advent of this.
I don't know if Kazaa K++ can hide your identity, but what I do know is this: Kazaa K++ is an excellent program. It is so much better than vanilla Kazaa. No ads, spyware, many cool features make it a great program.
#include "sig.h"
From what I have seen, it just has a list of ips of law enforcement and record industry computers. Not a very fool proof method, but better than a tin foil hat.
"My head hurts, My feet stink, and I dont love Jesus." -Jimmy Buffett
I stopped using Kazaa for a while, or only briefly. Now I can go back to being a file whore and stop using those unreliable BitTorrent sites.
~S
Why not K++0x? ;)
Well K++ edition bascially contains a wrapper on the Kazaa application so that one can modify the memory accessed by Kazaa easily, and thus those who use K++ edition automatically has the K-Lite Master (1000) ranking on Kazaa. Its simply a matter of manipulating the values at the memory address.
I would think that extending on that principle, they could write protect or just dump gabarge into the memory space where idenities are stored.
Of course, I don't have the K++ source, so how would I know, it's just a theory.
for pushing us to come up with ingenous ways to screw them. When the heck will they wake up and realize whatever they try they can't subdue filesharing. Why not just make it easier and rake in some money (read profit. anything more than 0 is...). sheesh. is the org run by a bunch of retards or what?
Both Kazaa K++ and Kazaa Lite, two very similar modifications to the Kazaa file-sharing system by Sharman Networks, now contain hooks to the PeerGuardian database of IP addresses
Database of IP addresses is going to protect us ?
Cmon now. What prevents RIAA from using anonymous IP blocks that they can purchase legally for use?
Siggy Say, Siggy Do
From the article, all this seems to do is some basic housekeeping to ensure that your search history is not stored, and interact with a database of IP addresses known to be used by the RIAA
:)
This doesn't seem to be anything revolutionary, or, interesting.
If the services went through some kind of anonymizer, that would be cuter. Of course, the bandwidth demands would be huge.
What may be an alternative is to produce a collaborative download system. I request a download, which is proxied by another random user (provided I return the favor). Even if you had RIAA sniffers, all that could be proven is that MY IP address downloaded something, but not the ultimate destination of the data.
Of course, if I have illegal music on my PC, then I am still screwed. But I leave solving that problem to the reader
I already protected my identity. I am John Doe at 123 Abc St. My email is JohnDoe@kazaa.com. How could they possibly find me?
*knock* *knock*
Umm.. yeah.. I'll finish this post la.. *ouch* Not so tight with the handcuffs.
The new feature that blocks users from seeing ALL files, however, is VERY smart. All 50 million users (pulled that number out of thin air, should be close) now appear to be sharing only the ONE file you searched for. Makes hiding in the sea of users fruitful.*
* Disclaimer: Don't steal music. :)
How can you hide your identify on a Peer2Peer system where other users get your IP when they connect to your machine to download stuff (for backup reason of course)?
:P
I doubt there is a way... netstat kills your privacy
--
One by one the penguins steal my sanity...
mldonkey is pretty good and has Fast Track (meaning Kazaa) support.
Begun, this copyright war has.
Dude, You seriously need to cut down on Star Wars.
(Star Wars, you seriously need to cut down on.)
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Limewire
Runs on anything, has a decent following, so there's a good chance the song/file/app you're looking for is available.
...but the RIAA can easily get around this block of 'known' IP addresses.
To borrow from the other scourge of the internet, They'll just pay people to work from home for $1000s a week!
All they'll do is pay some one who wants money to run their program using their home DSL, Dial up or Cable Modem. Then the blocking of RIAA's 'known' addresses would become as big as every high speed residential network on the planet.
As a rock-in-roll Physicist once said, No matter where you go, there you are.
In other P2P networks. Freenet and GNUnet both offer crypto and anonymity. Freenet isn't a P2P app in the pure sense. It's more of an underground www. GNUnet has better anonymity (theoretically - due to it's ability to resist traffic analysis attacks), but it is a younger project.
When it's time to retreat from gnutella, these represent the next stage in the information war.
Please forgive me if I'm wrong, but UDPP2P does not seem to be "promising".
I've checked the web site. It basically says "we broadcast all the queries and if someone has the file we meet each other by using secret codes hidden in those queries".
A peer-to-peer network that does queries in terms of network-wide broadcast is always doomed to fail. Gnutalla failed (and was redesigned) the same way. Even Novell NetWare was unable to scale because of SAP (service advertising protocol).
Nevertheless, the web site says "peers will somehow know each other". This is also a big problem in P2P networks. -- No design only big words.
Anyways, if I were you, I'd use freenet. It's anonymous, and it works much better than the scheme explained on the web site.
May I point you to giFT-FastTrack?
Here's a question that popped into my head while reading this story:
/is/ in that legal grey area and isn't clearly illegal, isn't it a really stupid move regardless? It seems like by hiding the people pirating the distribution-prohibited music, it helps give the RIAA /more/ reason to jack up CD prices and impose arm-bending DRM practices.
/cause/ that they can wave around like a flag in the newspapers and on TV news programs that don't do the proper amount of research into the issue.
:-/
Is this legal? If so, should we really advocate it?
If people are stealing music, and a company attempts to block the people from whom the music is being stolen, with the intent of protecting the identity of the pirates, isn't there some line that's being crossed somewhere?
And even if it
No, I don't think music piracy is the big reason why CD sales are falling. It's a larger issue than just p2p apps, but it gives the RIAA
I digress.
This is really stupid of KaZaA to do, bottom line, I'd say.
Mikey-San
Karma: +Eleventy billion (mostly affected by watching Celebrity Jeopardy)
Let me get this straight: the author of the article says he installed software that blocks communication with RIAA servers, then claims that the site couldn't be reached.
Umm...
No one has ever fired for blaming Microsoft.
From this perspective something like a proxy for file transfers is not so important (not to mention fairly impractical). If other users can't see your full library and can't see your IP address in their search results (the latter might enable smart bots to "guess" what your library contains), the only way they can determine that you are sharing massively is to download tons of files and see which IP addresses crop up. This is because they will only see your IP when they actually start downloading.
All this to say that with the latest changes in K++ and Kazaa Lite, even big time file sharers can probably rest easy.
Peer Pressure
Matters not what this message says, be modded +5 funny it will.
Sanity check, anyone?
Life is like surrealism: if you have to have it explained to you, you can't afford it.
It aint gonna work. The reason is simple : The rules have changed. Distribution of music is now much easier and cheaper than before and a large chunk of the old distribution network is *no longer necessary*. This is totally irrelavent as to weather or not this new distribution model is legal or not. It is happening. It probably cant be stopped(I mean the software industry tried and failed thru the 80s/early 90s)
So now the RIAA have several choice.
1. Try to roll back the technolgy that enables this new distribution channel. This is possible but not very likey.
2. Use more draconian law enforment techniques. Posibble but I mean whata ya gonna do... start sending colleage kids to prison ? For what stealing a Brittney track ? Is this what we want ?
3. Try to adapt to the new medium. Be creative and come up with new profit channels that take advantage of the medium.
Personally I dont think 3 is very likely either... I think RIAA is going to have to be dragged kicking and screaming into the 21st century.
Actually the thought just came to me that an interesting way to fight back would be having filesharing software somehow totally blacklist access to suspicious networks at the PC level (meaning not only filesharing - everything).
...
The blacklisting should be done at a higher level than machines only - the whole network of the ISP providing RIAA with access should be blacklisted if one or more machines in the network are being used by RIAA (or related entities) to scan for filesharing.
Also, the user of the filesharing program should be given a choice - "Do you want to block access to and from networks where RIAA is scanning filesharers (Yes/No)?"
My basic idea goes down to a bit of social engineering - please follow me on this one:
- RIAA contracts with an ISP to provide it with network connectivity to the Internet.
- RIAA then uses machine(s) over that network connection to scan filesharing networks.
- Said activity is detected (exactly how i don't know)
- The whole network for that ISP (or at least a significant portion of it) is blacklisted in millions of machines (all those running the filesharing app). This can be scalled up to bigger sub-networks (the ISP of the ISP) if needed.
- Other entities hosted on the same ISP are also in practice cut-off from some of their (potential) customers. Mostly their websites are ineccessible from millions of machines. This is especially bad for online shops and ASPs.
- They complain to the ISP.
- The ISP, faced with the choice between keeping RIAA as a customer and loosing several other customers or simply dumping RIAA will find that the choice that makes more business sense is dumping RIAA.
- Eventually, RIAA and it's associates will become persona non grata to most ISPs (as in, they choose to not take RIAA's business).
The nice thing about it is that it's all absolutelly legit:
- Each individual user chooses to accept an autometed cut of contact with those networks that provide access to filesharing scanning. Everyone is in their right to do so.
- ISPs choose to not sell their services to RIAA. It is their right to do so.
Now, this whole theory has some holes in it, and a couple of weak points (not to mention no solutions for the technical problem) - still, a distributed, voluntary system that makes it bad business for ISPs to provide access for companies that do filesharing scanning would leverage the power of those "hundreds of millions of users" of the filesharing apps.
Comments please
The thing is, the RIAA has subsisted all along on being the middleman. They don't really DO anything. Sure they promote new albums.......oh wait, no they don't, they have ad agencies and their ilk to do it. I know, they press cds......oh wait, no they don't, they outsource it to record pressing companies.
The RIAA(meaning the record companies) only exists because the artists and the consumers haven't really questioned their existence. Artists stand to make a lot of money without the RIAA in place. Why not make all music free? If you want to brave the p2p networks for different quality mp3s and such help yourself. OR, you can pay $5 directly to the artist to download the cd from their website.
Artists can make MORE than enough money from licensing their music(think movie scores, and commercial soundtracks), and live performances. Without having to pay large portions of their income to the record companies, artists stand to make a LOT more money, once the RIAA is gone.
The artists you see fighting p2p etc, are the ones that NEED the RIAA to survive. I'm talking about the sell-out corporately manufactured groups that wouldn't last if the RIAA wasn't there to spam their name all over the radio and mtv every 10 minutes. Those are the only artists that NEED the RIAA, and if we lose them, frankly, here is one slashdot poster that could care less.
It's not that I mind paying for music, but isn't it about time for a paradigm shift? Natural selection has provided an easier and better way to get new music and the record companies are a dying breed.
I have a couple thousand mp3's on my hard drive that I didn't pay for, but I also have heard a lot of new artists that I will jump at the chance to see live, or buy merchandise from.
I'm a bit of an aspiring dj, and I buy records from artists that I've heard and liked through p2p. If it wasn't for p2p those artists wouldn't have had my purchase.
The problem doesn't lie with the consumer.
I would expect such blatant racism on Fark, but on Slashdot? Mods please ban this asshole.
I installed the new version of Kazaa-lite and it apparently turned filesharing on even though I had disabled it previously. (Note: I say "apparently" because I did not check the setting immediately prior to the installation and it is theoretically possible that some other process had turned it on.) This was done despite the claim on the website that "You can just install this on top of a current Kazaa Lite installation. That way all your settings will be remembered."
While people can debate the ethics of not sharing, how it affects the viability of P2P networks, and so forth, it should still be an individual choice.
Turning on filesharing without the explicit permission of the user could put the user in violation of the policy at their ISP or their work. It could put them in violation of federal, state, and local laws. It could open up a big security hole, causing the user to share files that they never intended to share. This is not something that should be done without the user's knowledge and permission.
Judge Richard Posner, a highly regarded Seventh Circuit Judge recently wrote an opinion upholding the Aimster injunction that tends to suggest that identity protection for file sharing is more likely to support a claim for contributory infringement of the vendor than not. The opinion, while troublesome in many respects, is probably the most intelligently written articulation of the 9th Circuit Napster reasoning we are likely to see, and will likely be deemed a persuasive authority by most District Court Judges. That is, until and unless the Supreme Court speaks clearly on whether they meant what they said when they wrote in the Sony Betamax case, that regardless of evidence of wrongdoing there can be no contributory liability for distribution of technology that is capable of a substantial noninfringing use.
My problem with the Napster, and now Aimster, opinions is simply this: the 9th Circuit adopted a broader view of the liability of a technology manufacturer in the Sony Betamax case, essentially a "substantial infringing uses occur means infringement by vendor" test, which was discredited and reversed in Sony, which adopted the "substantial noninfringing use possible means no infringement by vendor," almost the very opposite result. It is hard for me to understand why, when the 9th Circuit essentially brought back the same analysis in its Napster opinion that got "sent home" in Sony, that Judge Posner would so freely adopt it here. To be fair, he explains his reasoning very, very well -- I just don't find it persuasive in view of the law and its underlying policies -- contribution isn't about expanding copyright to permit technology regulation.
To me, the question isn't whether the technology is being used poorly -- even by most users -- if it is capable of a substantial noninfringing use -- in which case there should be NO liability for contribution. (To get a sense how far the Supreme Court went, there was survey evidence before the District Court showing that 50% of the Betamax users were doing some infringement.) The question should be whether the technology vendor was affirmatively and actively inducing others to engage in infringement, as was the case in Napster and, arguably, Aimster.
Time will tell. But until the Supreme Court gets to this, it looks like the Posner account of Napster will be the final word on this question of law. Note, however, that his remarks on identity protection as indicia of wrongdoing are very troubling -- one of these days, perhaps in a few more years, perhaps, if we don't have any more tall buildings hit by planes, we really need to affirmatively try to get the courts and the Congress focused on privacy again.
Why don't we put a EULA in the new Kazaa programs, which say something like this:
I don't belong to any organization related to RIAA.... I won't use any information obtained from the use of this program, or the study of the way this programs works, to sue others users of this or related program... I don't suck
And then require, from some point in the near future, that everyuser of kazaa has accepted this EULA
IANAL, and I don't know how an EULA like this would stand in a court, but should work for a time at least.
In the worst case, if the EULA doesn't stand in a court, it would provide a good case against crazy EULA's
It's a win-win!!
Pretty much works the same way as Security Through Obscurity if you ask me.
Although it blocks users from browsing your files and blocks queries from known malicious IP's It would not stop the RIAA from downloading from you from a not yet known malicious IP, Proxy, wierd "Save the Music Industry" Campaingn where they pay you to hunt down P2P Users, ETC.
Basicially if they do a search for "St. Anger" on Kazaa, Download it, and verify that it is "St. Anger" they have an IP going to somewhere. And that IP now has a big red Bullseye on it whether it's a proxy, a user or whatever else that could obscure your idenity.
The only way to truthfully be anonymous is to be encrypted, swarmed and stored all over the place by hundreds of users like Freenet does it, and even that gives them an IP to paint a target on with the excuse that even though you dont know what your PC is sending thats no excuse to infringe. Although the courts would have to decide that.
In Soviet Russia, Trojan exploits YOU!
I believe the next major advance in P2P technology will be the inclusion of reputation management / trust relationship technologies.
How do you know which IP's to blacklist? How do you know that the file you're downloading isn't a trojan?
I don't think the answer is in a centralized database of 'evil-doers'. That's an arms race that can eventually get everybody censored. Especially with dynamic IPs.
What needs to happen is you have to earn a reputation before you end up in those search results. You do this by people vouching for the quality of your files and not being a mole. Trust is gained by WHO vouches for that person and their metric of trustworthyness.
There should also be an option to restrict access to a given file to those within your web of trust so when the death squads in your country are looking to kill people serving up books about democracy, they can't just do a search real quick.
After we achieve a trust framework. I believe the next step will be dealing with traffic analysis. However, I'll rant about that when the time comes.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
Actually, the folks at UDPP2P had an interesting idea in this regard. The client negotiates through the search network to find a server, but doesn't gets that server's IP. The server sends the data via forged UDP packets, encrypted, with some extra code to correct for out-of-order and dropped packets.
/. a while ago about a similar method of sending data; you take a big, not quite square matrix M and multiplied the data file by it, getting a bunch of rows; you send these rows along with row IDs; once the receiver has enough of these rows, he can construct (using the row IDs) the inverse of the submatrix of M that spawned them, and derive the original message, even if the rest were dropped or corrupted. VanderMonde matrices work for this, although I imagine there's a sparser solution.
..AA can still set up a fake server which logs you, since the server knows the client's IP, unless you proxy, which would cost in bandwidth. Or, you could send it to someone on the receiver's subnet and let them sniff, which wouldn't entirely give away their location.
I think there was a paper on
Of course, your ISP/firewall wouldn't necessarily be happy about sending out all those fake UDPs, and many university networks throttle them. Also, the
Perhaps one should point out that this is practically a new internet protocol, requiring root access and stuff... it might be better for them just to use IPSec with address hiding.
I hereby place the above post in the public domain.