Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Kazaa Lite Protects Identity

Posted by CmdrTaco on from the can-you-guess-who-i-am dept.

Denver_80203 writes "Found this story about the new Kazaa K++ 2.4.0 and it's new sister program which claim to protect your identity while sharing files. Any of you folk know how legit this could be? We all knew it wouldn't be long... is this the war or just another battle?"

29 of 668 comments (clear)

  1. Score one for us? by Kai_MH · · Score: 5, Funny

    Hurrah! It's about frickin' time that this came out... Now let's just pray the developers didn't make a deal with the RIAA and are sellign our identities to them with this new version. So, what's the verdict on it, fellow geeks?

  2. That's what I needed by stud9920 · · Score: 5, Funny

    That's what I needed : something to hide my fake identity

  3. This isn't surprising. . . by Salgak1 · · Score: 5, Insightful
    . . .and neither will the response be a surprise: the RIAA et al using a different bunch of IPs, defeating this method. Give them a few weeks, enough to get some new lines provisioned, and they'll be back at their old tricks.

    Just in time for the next move in this move-countermove chess game. . .

    1. Re:This isn't surprising. . . by deman1985 · · Score: 5, Interesting

      Next move I see is for a single source to be limited to providing 20 seconds of a particular music file so that we can take advantage of more fair use laws.

      Really, I'm not sure why I haven't seen this used yet. Almost all the major sites out there that provide music content will let you play a 10 or 20 second sample of the music for free (and as far as I know, they don't have to license it), so why can't filesharing system users legally do the same?

      It just so happens that each user has a different clip... and the software is intelligent enough to piece them back together into one music file instead of me having to do it by hand ;)

      --
      KappaStone :: Constant Innovation
    2. Re:This isn't surprising. . . by dmauer · · Score: 5, Insightful
      Really, I'm not sure why I haven't seen this used yet. Almost all the major sites out there that provide music content will let you play a 10 or 20 second sample of the music for free (and as far as I know, they don't have to license it), so why can't filesharing system users legally do the same? It just so happens that each user has a different clip... and the software is intelligent enough to piece them back together into one music file instead of me having to do it by hand ;)
      Well, I have at least one idea: What you're describing is a technology whose sole purpose is to flout copyright laws. You may be right -- technically, using this method might be legal. However, it clearly goes against the point of copyright, and it's clearly just exploiting a loophole... which is something that really doesn't sit well with me, and certainly wouldn't sit well with the uber-rich lobbyists who got the DMCA signed in the first place. Don't think that widespread use of something like this wouldn't, in some way or another, result in more nasty restrictions on Fair Use -- I imagine it wouldn't be long before many of the online music retailers who offer short samples of songs would be forced to stop. The idea here is to get active, get the unfair laws changed, and get our fair use back. NOT to find tricky ways to break the law without really breaking the law. -d
      --
      === "Some people see the glass as half-empty. Others see it as half-full. I see the glass as too big." -G. Carlin.
  4. Great! by indros · · Score: 5, Interesting

    Who wants to bet that the news won't report that filesharing has jumped back up %15, and then some with the advent of this.

  5. Kazaa K++ is an excellent program by Ice_Balrog · · Score: 5, Informative

    I don't know if Kazaa K++ can hide your identity, but what I do know is this: Kazaa K++ is an excellent program. It is so much better than vanilla Kazaa. No ads, spyware, many cool features make it a great program.

    --
    #include "sig.h"
  6. Just blocks IPs by evilned · · Score: 5, Funny

    From what I have seen, it just has a list of ips of law enforcement and record industry computers. Not a very fool proof method, but better than a tin foil hat.

    --

    "My head hurts, My feet stink, and I dont love Jesus." -Jimmy Buffett

    1. Re:Just blocks IPs by in7ane · · Score: 5, Funny

      Don't trust the parent, it may be an attempt to persuade people to substitute a potentially insecure K++ for the proven security features of tin foil hats.

      Either way, a tin foil hat is still a good security supplement even if this hype is true.

  7. K++ edition by Webtommy88 · · Score: 5, Interesting

    Well K++ edition bascially contains a wrapper on the Kazaa application so that one can modify the memory accessed by Kazaa easily, and thus those who use K++ edition automatically has the K-Lite Master (1000) ranking on Kazaa. Its simply a matter of manipulating the values at the memory address.

    I would think that extending on that principle, they could write protect or just dump gabarge into the memory space where idenities are stored.

    Of course, I don't have the K++ source, so how would I know, it's just a theory.

    1. Re:K++ edition by Karamchand · · Score: 5, Insightful
      • This PL = 1000 thing is actually rather bad for the P2P network as a whole. If noone sees the need to share files fewer people will share files (specially in the light of recent RIAA threats)
      • Actually your's is a rather bad theory. Because the identity is not your Kazaa nickname (which you can change anyway to anything you want) or anything like that - but it is your IP address. Without fundamental changes to the way FastTrack works (think rewrite in Freenet direction) it won't be possible to hide your identity.
  8. RIAA Should be commended by bugsmalli · · Score: 5, Insightful

    for pushing us to come up with ingenous ways to screw them. When the heck will they wake up and realize whatever they try they can't subdue filesharing. Why not just make it easier and rake in some money (read profit. anything more than 0 is...). sheesh. is the org run by a bunch of retards or what?

  9. umm by ramzak2k · · Score: 5, Insightful

    Both Kazaa K++ and Kazaa Lite, two very similar modifications to the Kazaa file-sharing system by Sharman Networks, now contain hooks to the PeerGuardian database of IP addresses

    Database of IP addresses is going to protect us ?
    Cmon now. What prevents RIAA from using anonymous IP blocks that they can purchase legally for use?

    --

    Siggy Say, Siggy Do
    1. Re:umm by DoorFrame · · Score: 5, Informative

      Only law enforcement agencies can be accused of entrapment. There's no such thing for a non police corporation. They can entrap all they want. Remember, you're going to be going to civil, not criminal court.

      --

      --
      RumorsDaily
  10. All this seems to do... by Stinky+Glen20 · · Score: 5, Interesting

    From the article, all this seems to do is some basic housekeeping to ensure that your search history is not stored, and interact with a database of IP addresses known to be used by the RIAA

    This doesn't seem to be anything revolutionary, or, interesting.

    If the services went through some kind of anonymizer, that would be cuter. Of course, the bandwidth demands would be huge.

    What may be an alternative is to produce a collaborative download system. I request a download, which is proxied by another random user (provided I return the favor). Even if you had RIAA sniffers, all that could be proven is that MY IP address downloaded something, but not the ultimate destination of the data.

    Of course, if I have illegal music on my PC, then I am still screwed. But I leave solving that problem to the reader :)

  11. I'm Safe by dlosey · · Score: 5, Funny

    I already protected my identity. I am John Doe at 123 Abc St. My email is JohnDoe@kazaa.com. How could they possibly find me?

    *knock* *knock*

    Umm.. yeah.. I'll finish this post la.. *ouch* Not so tight with the handcuffs.

  12. Not true. by Eric_Cartman_South_P · · Score: 5, Insightful
    Well, it IS true in the fact that it blocks a known range of RIAA and other "bad" IP's. However, do you really think they wouldn't use random, seperate IP's to do their dirty work? I don't think the "music-searchin-lawsuit-makin" box is sitting next to their Exchange Server. They do have the cash to get some techies who know how to read ZeroPaid and Slashdot and I'm sure the "music-searchin-lawsuit-makin" box is on a completely different class C ip, or even random cable/dsl modems accross the country. Why not? THat's what I would do (uhg, feels dirty to even think like them for a second). That said, the new Kazaalite features are an ok, simple start to something good I guess.

    The new feature that blocks users from seeing ALL files, however, is VERY smart. All 50 million users (pulled that number out of thin air, should be close) now appear to be sharing only the ONE file you searched for. Makes hiding in the sea of users fruitful.*

    * Disclaimer: Don't steal music. :)

  13. Re:Still isn't available for Linux though... by SugoiMonkey · · Score: 5, Informative

    mldonkey is pretty good and has Fast Track (meaning Kazaa) support.

  14. Re:Afraid, are you? by Eudial · · Score: 5, Funny

    Begun, this copyright war has.

    Dude, You seriously need to cut down on Star Wars.

    (Star Wars, you seriously need to cut down on.)

    --
    GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
  15. Re:Check out UDPP2P by stikves · · Score: 5, Informative

    Please forgive me if I'm wrong, but UDPP2P does not seem to be "promising".

    I've checked the web site. It basically says "we broadcast all the queries and if someone has the file we meet each other by using secret codes hidden in those queries".

    A peer-to-peer network that does queries in terms of network-wide broadcast is always doomed to fail. Gnutalla failed (and was redesigned) the same way. Even Novell NetWare was unable to scale because of SAP (service advertising protocol).

    Nevertheless, the web site says "peers will somehow know each other". This is also a big problem in P2P networks. -- No design only big words.

    Anyways, if I were you, I'd use freenet. It's anonymous, and it works much better than the scheme explained on the web site.

  16. Re:Still isn't available for Linux though... by Dave2+Wickham · · Score: 5, Informative

    May I point you to giFT-FastTrack?

  17. Re:Quote from article by youBastrd · · Score: 5, Funny

    Let me get this straight: the author of the article says he installed software that blocks communication with RIAA servers, then claims that the site couldn't be reached.

    Umm...

    --
    No one has ever fired for blaming Microsoft.
  18. Re:Afraid, are you? by AntiOrganic · · Score: 5, Funny

    Matters not what this message says, be modded +5 funny it will.

  19. RIAA Should be commended by ShineyNewSlashdotAcc · · Score: 5, Informative

    It aint gonna work. The reason is simple : The rules have changed. Distribution of music is now much easier and cheaper than before and a large chunk of the old distribution network is *no longer necessary*. This is totally irrelavent as to weather or not this new distribution model is legal or not. It is happening. It probably cant be stopped(I mean the software industry tried and failed thru the 80s/early 90s)

    So now the RIAA have several choice.

    1. Try to roll back the technolgy that enables this new distribution channel. This is possible but not very likey.

    2. Use more draconian law enforment techniques. Posibble but I mean whata ya gonna do... start sending colleage kids to prison ? For what stealing a Brittney track ? Is this what we want ?

    3. Try to adapt to the new medium. Be creative and come up with new profit channels that take advantage of the medium.

    Personally I dont think 3 is very likely either... I think RIAA is going to have to be dragged kicking and screaming into the 21st century.

  20. If only... by revmoo · · Score: 5, Insightful

    The thing is, the RIAA has subsisted all along on being the middleman. They don't really DO anything. Sure they promote new albums.......oh wait, no they don't, they have ad agencies and their ilk to do it. I know, they press cds......oh wait, no they don't, they outsource it to record pressing companies.

    The RIAA(meaning the record companies) only exists because the artists and the consumers haven't really questioned their existence. Artists stand to make a lot of money without the RIAA in place. Why not make all music free? If you want to brave the p2p networks for different quality mp3s and such help yourself. OR, you can pay $5 directly to the artist to download the cd from their website.

    Artists can make MORE than enough money from licensing their music(think movie scores, and commercial soundtracks), and live performances. Without having to pay large portions of their income to the record companies, artists stand to make a LOT more money, once the RIAA is gone.

    The artists you see fighting p2p etc, are the ones that NEED the RIAA to survive. I'm talking about the sell-out corporately manufactured groups that wouldn't last if the RIAA wasn't there to spam their name all over the radio and mtv every 10 minutes. Those are the only artists that NEED the RIAA, and if we lose them, frankly, here is one slashdot poster that could care less.

    It's not that I mind paying for music, but isn't it about time for a paradigm shift? Natural selection has provided an easier and better way to get new music and the record companies are a dying breed.

    I have a couple thousand mp3's on my hard drive that I didn't pay for, but I also have heard a lot of new artists that I will jump at the chance to see live, or buy merchandise from.

    I'm a bit of an aspiring dj, and I buy records from artists that I've heard and liked through p2p. If it wasn't for p2p those artists wouldn't have had my purchase.

    The problem doesn't lie with the consumer.

    --
    I would expect such blatant racism on Fark, but on Slashdot? Mods please ban this asshole.
  21. Do the EULA by Zangief · · Score: 5, Interesting

    Why don't we put a EULA in the new Kazaa programs, which say something like this:

    I don't belong to any organization related to RIAA.... I won't use any information obtained from the use of this program, or the study of the way this programs works, to sue others users of this or related program... I don't suck

    And then require, from some point in the near future, that everyuser of kazaa has accepted this EULA

    IANAL, and I don't know how an EULA like this would stand in a court, but should work for a time at least.

    In the worst case, if the EULA doesn't stand in a court, it would provide a good case against crazy EULA's

    It's a win-win!!

  22. Security Through Obscurity by Deathlizard · · Score: 5, Insightful

    Pretty much works the same way as Security Through Obscurity if you ask me.

    Although it blocks users from browsing your files and blocks queries from known malicious IP's It would not stop the RIAA from downloading from you from a not yet known malicious IP, Proxy, wierd "Save the Music Industry" Campaingn where they pay you to hunt down P2P Users, ETC.

    Basicially if they do a search for "St. Anger" on Kazaa, Download it, and verify that it is "St. Anger" they have an IP going to somewhere. And that IP now has a big red Bullseye on it whether it's a proxy, a user or whatever else that could obscure your idenity.

    The only way to truthfully be anonymous is to be encrypted, swarmed and stored all over the place by hundreds of users like Freenet does it, and even that gives them an IP to paint a target on with the excuse that even though you dont know what your PC is sending thats no excuse to infringe. Although the courts would have to decide that.

    --
    In Soviet Russia, Trojan exploits YOU!
    1. Re:Security Through Obscurity by Anonymous Coward · · Score: 5, Insightful
      with the excuse that even though you dont know what your PC is sending thats no excuse to infringe. Although the courts would have to decide that.

      Well, some courts have decided that: http://www.ca7.uscourts.gov/op3.fwx?submit1=showop &caseno=02-4125.PDF

      From the decision, in relevant part:
      We also reject Aimster's argument that because the Court said in Sony that mere "constructive knowledge" of infringing uses is not enough for contributory infringement, 464 U.S. at 439, and the encryption feature of Aimster's service prevented Deep from knowing what songs were being copied by the users of his system, he lacked the knowledge of infringing uses that liability for contributory infringement requires. Willful blindness is knowledge, in copyright law (where indeed it may be enough that the defendant should have known of the direct infringement, Casella v. Morris, 820 F.2d 362, 365 (11th Cir. 1987); 2 Goldstein, supra, ? 6.1, p. 6:6), as it is in the law generally. See, e.g., Louis Vuitton S.A. v. Lee, 875 F.2d 584, 590 (7th Cir. 1989) (contributory trademark infringement). One who, knowing or strongly suspecting that he is involved in shady dealings, takes steps to make sure that he does not acquire full or exact knowledge of the nature and extent of those dealings is held to have a criminal intent, United States v. Giovannetti, 919 F.2d 1223, 1228 (7th Cir. 1990), because a deliberate effort to avoid guilty knowledge is all that the law requires to establish a guilty state of mind. United States v. Josefik, 753 F.2d 585, 589 (7th Cir. 1985); AMPAT/Midwest, Inc. v. Illinois Tool Works Inc., 896 F.2d 1035, 1042 (7th Cir. 1990) ("to know, and to want not to know because one suspects, may be, if not the same state of mind, the same degree of fault)." In United States v. Diaz, 864 F.2d 544, 550 (7th Cir. 1988), the defendant, a drug trafficker, sought "to insulate himself from the actual drug transaction so that he could deny knowledge of it," which he did sometimes by absenting himself from the scene of the actual delivery and sometimes by pretending to be fussing under the hood of his car. He did not escape liability by this maneuver; no more can Deep by using encryption software to prevent himself from learning what surely he strongly suspects to be the case: that the users of his service--maybe all the users of his service--are copyright infringers. This is not to say that the provider of an encrypted instant-messaging service or encryption software is ipso factor a contributory infringer should his buyers use the service to infringe copyright, merely because encryption, like secrecy generally, facilitates unlawful transactions. ("Encryption" comes from the Greek word for concealment.) Encryption fosters privacy, and privacy is a social benefit though also a source of social costs. "AOL has begun testing an encrypted version of AIM [AOL Instant Messaging]. Encryption is considered critical for widespread adoption of IM in some industries and federal agencies." Vise, supra. Our point is only that a service provider that would otherwise be a contributory infringer does not obtain immunity by using encryption to shield itself from actual knowledge of the unlawful purposes for which the service is being used.
      (emphasis added)

      Small wonder this opinion is by Posner from the 7th Cir., known for being an industry goon. (He's from the Chicago school of 'screw the little guy' economists, as is Scalia, and many other jurists with sway.)

      The point however is that merely encrypting files does not provide a defense. Likely, you'll still get sued, if you infringing use becomes large enough to attract one of the factory robot lawyers the RIAA is about to retain.

      I would urge developers to read the 7th circuit opinion carefully. It lays out some tests for what a 'safe' p2p application can show to avoid liability. If others are interested, I'll follow up with a list of suggests for a bittorrent sister app I'm making that carefully follows the rules of the 7th circuit.
  23. Re:You don't have to give them an IP... by tomtomtom · · Score: 5, Informative

    This is a really good idea. You can extend it to make it even better though.

    Part of the good thing about the erasure-correcting code approach is that if you use a big enough very low-rate code (although its quite tricky to do that with good CPU and memory efficiency) then you can have downloading from several servers concurrently without having to tell each server which parts of the files you want (just send random parts of the encoded data and theres a low chance of overlap from multiple servers).

    Now, here's the clever part: you use IP Multicast with multiple sources spoofing the same sender address. This means that (a) you save quite a lot on bandwidth since many P2P clients will be downloading the same source file (this is important since a big reason many ISPs and Universities have banned P2P is the bandwidth); and (b) it is MUCH harder (not impossible, but hard enough if you are not an ISP or a router at the very end) to find out who either the source or the destination is.

    I don't know if anyone has thought of this idea and tried to implement it. Someone should; maybe I'll give it a go when I have time.

    PS. There is a sparser and more CPU-efficient solution than VanderMonde matrices, look for Low-Density Parity Check codes.