Slashdot Mirror
RIAA Tracking Songs by MD5 Hashes
aSiTiC writes "Apparently RIAA has obtained some technical experts in their prosecution of file swappers. Currently they are tracking traded mp3 files from the Napster network by matching MD5 hashes. This seems quite interesting but I was under the assumption that identical hashes could be created with identical rips and id3v2 tagging. Now may be the time to update your illegal mp3 file MD5 hash sums."
ya think? and here i thought it was the magical mp3 fairy who put mp3s on my hd...
We will have to create a honeypot that spoofs md5 hashes as well. IANACS, so i don't know how.
As far as I know, you will get indentical hashes from identical files with the same ID3. How can they track files with the help of MD5-hashes?
What if I own the CD but got files off the Internet because I was too lazy to rip them? Would I still be expecting to be sent to the prison camp?
In other news, all songs produced by RIAA artists in the last 10 years all have the same MD5 hash anyway, because they're all the same.
"If you want to improve, be content to be thought foolish and stupid." - Epictetus
you just normalize or edit the begining or the end of the song? Does the MD5 Hashes still works?
The md5 hashing algorithm has been proven to contain flaws allowing two files to produce identical md5 sums.
Could be possible, but I think there will be a big chance of there being a difference in rips made by two different people. Audio rippers aren't always perfect AFAIK.
Go ahead and let them try to track down as many files as they want on the Napster network...
It will keep them occupied while everyone else uses Kazaa.
The only way for two files to have the same MD5 hash is for them to both be encoded with the same encoder, from the same WAV file, with the same bitrate and all advanced options, and to have exactly the same ID3 information, the same filesize, and to be identical to the last bit.
Otherwise, the MD5 will be nothing like the same, for two perfectly identical songs where one has a spelling error in one field of the ID3 tag. I imagine for any one song, there are many many different MD5sums out there, although perhaps one or another good quality version would exists on hundreds of different PCs...
Conversion Rate Optimisation French / English consultant
Now may be the time to update your illegal mp3 file MD5 hash sums.
Should that read: "Now may be the time to stop cheating people and start paying for your music!"
---
Any man who can drive safely while kissing a pretty girl is simply not giving the kiss the attention it deserves. -- AE
I only trade plumber porn pics. Should I be worried?
will they start sending subpeonas to aol/tw customers this time?
Gee ... I would have thought that most people had moved on from Napster to BitTorrent, KAZAA or eDonkey/Overnet
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
I think that it's time for a new WinAMP Plug-in that changes the Hash number to a random value every time it's played.
hmm Isn't that how k-sig, built into Kazaa Lite K++, works, by tracking MD5 hashes so ppl get exactly the file they want.
Changing MD5 hashes on songs to avoid RIAA would also lessen the effectiveness of K-SIG. Trading hashes of know working files was one of the ways ppl on P2p avoided downloading those fake RIAA files.
http://news.bbc.co.uk/1/hi/entertainment/music/318 7695.stm
Just in case anyone is interested.
Now may be the time to update your illegal mp3 file MD5 hash sums.
I sincerely hope this is tongue-in-cheek. For all the self-righteous, pompous sabre-rattling that goes on in here about how good Slashdotters only possess MP3's that are ripped from personal collections, I would certainly hope that we wouldn't stoop so low as to blatantly and openly be trading tips on how to avoid getting caught doing illegal things.
What's next? A HOWTO on setting up an encrypted file system for our child porn?
Like woodworking? Build your own picture frames.
the point is that they tracked an mp3 that was circulating from back when napster was around. ah the power of digital media to survive lawsuits.
Some people have entirely too much time on their hands. sheesh.
So are the hashes the RIAA is tracking bigger than normal MD5 sums? In RIAA numbers I probably have somewhere around 572,947 hashes on my computer. I'm a bad boy.
Hard loop..... huh?
Dynamic Designs
Apparently RIAA has obtained some technical experts in their prosecution of file swappers. Currently they are tracking traded mp3 files from the Napster network by matching MD5 hashes
...
After all, in these dot-bust days, it's still possible to get a nice highly paid job and be called an expert by putting the right spin to strcmp() in your resume
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
It is generally believed amongst file traders that it is legal to download an mp3 for a song, when you own the CD. In other words, you don't need to rip and encode songs from your own CD. However, this may not be true (I am not a lawyer).
The RIAA is using MD5 hashes as a basis for proof that the individual in question downloaded the files they are sharing, instead of ripping them from their own CD collection. This is supposed to show the individual is a willing participant in stealing and distributing music, instead of someone who is just sharing what they already own. But, see above.
I think this is mostly just a FUD tactic. They can talk to the media about how their MD5 hashes prove so-and-so is a big mean pirate hacker. MD5 hash certainly sounds scary, especially when the technology is described by the media as a tool used by hackers.
---
I support spreading santorum
Wow... 1000 songs! That's almost 5gb of music to have sitting around! Who does she think she is... trying to listen to music played in accordence with the pythagorean scale which has been around for centuries! It's a good thing every song put out on cd by an RIAA member sounds so different!
I suspect this case will depend on whether people have a right to download music they already have on CD or if only copying it yourself is legal.
Given that the RIAA keeps implying that I don't "own" the music, just the right to listen to it, then surely once I've bought it in one format, I have the right to possess it in another format. I guess that means I'll never have to buy the White album again...
They are really fighting a losing battle.
Exchanging music is not about piracy, it is about exchanging culture, just like when my grandfather leant me some old Jazz records and said, "here, you might like this".
Today culture moves at the speed of light and the RIAA believes it has the right to tax this movement. It cannot succeed except by destroying the Internet.
I'm starting to believe, watching this debate evolve over many years, that the file traders are right, for the wrong reasons.
Human culture depends on exchange of ideas and information, and music and films are a large part of this in today's world. No album, no movie scene, no written text is a personal creation, they are all taken from the pool of common culture, modified, and redistributed.
Seeking all means to do this faster than ever - and ignoring the barriers, such as "ownership", that stand in the way - is the prerrogative of today's world. We simply can't put the genie back into the bottle and start exchanging pieces of paper and vinyl discs again.
The debate is huge, but the results already seem clear: any laws designed to stop the process from continuing will be further and further ignored until they are seen by a majority of people to be useless vestiges of a material-obsessed past.
Ceci n'est pas une signature
WHY do people post the url without the A tag? Its a pain in the ass to copy and paste AND remove the spaces inserted by slashcode. Learn to use the A tag.
Here is a clickable link!
modprobe loop
/dev/loop0 /dev/hdb1
/dev/loop0
/dev/loop0 /home/kombat/pr0n
modprobe cryptoloop
modprobe aes
losetup -e aes
(input password)
mke2fs -j
mount -t ext3
enjoy!
I am a viral sig. Please help me spread.
Are we sure they're actually using MD5? The article doesn't even contain the string "md5" that I can see. It mentions hashes though, but there's something called Robust Hashing which can be used to identify, or at least, compare content in a "fuzzy" way.
Belief is the currency of delusion.
The only problem is that a lot of file sharing software uses the fact that 2 files (from different sources) have the same hash in order to swarm the download from multiple sources. If everybody goes around intentionally making their mp3s have different hashes, swarming basically won't work anymore.
No, I don't want a free iPod
Ok guys.. let's all give it up. Let's delete all our MP3's and start buying CD's now. The RIAA has clearly won!
Hail to the king!
I want my karma, and I want it now!
I think this sums it up!
Amazing magic tricks
But I always wondered how an MD5 sum can verify files in the first place. Take for example, a linux CD ISO file. This file is ~650MB with an MD5 sum of 65 bytes. So, if you say that this 65 byte file verifies that the 650MB ISO is intact, that also means you should be able to creat the 650MB ISO from the MD5 sum alone. This can hardly be the case, since we still download 650MB ISO and not just the MD5 sum. Therefore I'm lead to believe that it wouldn't be that hard to have the same MD5 sum for multiple files (especially for files of large size).
Am I right on my assumptions? And if not, can someone explain it to me??
The article does not mention MD5 anywhere. So one can not assume this is the technology they are using in their proof. As the technical information in this article has more than likely gone through several iterations of "dumbing down" we can not say what technology is being used. It is quite feasible that they are comparing segments of the encoded information with files that where groked from Napster (pre 2001). Additionally as very few people change all the information contained within the ID3 tags ("meta information" from the article?) it maybe enough to show how unlikely they are to match unless the file is from the same source. For example if I insert the string "whateverbarcodezwashere" into some obscure tag with the ID3 tag of an MP3 and it arrears in an MP3 file on someone elses computer it is likely that they orginated from the same source. For the record it is conjectured that it is astronomically unlikely that two randomly choosen different byte sequences will produce the same MD5 hash.
----
and remove the creditz from your "scene" released MP3s -- Better yet, go out and get your hands on a real, physical CD, and just rip the songs yourself.
-- Charles A. Plater
and what if she was the original ripper and the mp3s were downloaded by nasty nasty men with too many shoes? altho i'm not sure if that puts her in a better or worse light.
and of course, people that download tracks which they own simply because it's easier (especially when vinyl is concerned)
their idea is flawed, sounds like a scare tactic to me.
I suspect the reason they are using MD5's is:
1) MD5s are small, and if you are going to do a file compare, the MD5s are much quicker to compare than the original file.
2) If a song has been ripped, and then shared out - all the *copies* will have the same MD5's (correct me if I'm wrong someone). So the RIAA can now track how many times that song you ripped has been copied. How many of us who have downloaded a song, have made any changes to the ID tags? I would argue a very very large proportion have not, especially the less technically minded people using the 'net.
The damages that the RIAA are seeking are based on the number of times that file has been downloaded. So now they can seize machines, get MD5's of all the songs on that machine, compare it to their list of MD5's they've got already to see where you got those files from.
It's all about evidence gathering.
It's possible (albeit unlikely) that this woman was the person who originally uploaded those songs to Napster, and was the original source for the pirate download sites.
Probably not a very good defence to try though. Claiming to be responsible for a vast conspiracy of glabal music piracy will not look particulalrly good for the defence.
Now, if the RIAA would share this database, I could finally have the dream product I've been wishing for: Something to point at my library of 60k mp3s (all ripped from my own collection of 9k CDs), and bashed on MD5 hash, fix my damn filenames and ID3 tags!!!
Same technique CDDB uses, just with mp3.
Ill just make a program that adds 2 bytes of '0xFUCKYOU' or '0xf0cu' to each mp3 file , then the hashs are different
Stupid lamers!!!
besides im not in usa prix
Liberty freedom are no1, not dicks in suits.
Just change the ID3 tag on all the files and that will break any existing MD5 checksums. Even addiing a capital will do it
Rus
Cheap UK and US VPS
They're fighting a losing battle. Corporate America can't keep up the technology - so rather than see profits eaten by file sharing, why not make the technology work for them instead of dragging a buncha people into court?
I'd pay for a high-quality digital copy of an album.
we see things not as as they are, but as we are.
-- anais nin
And what, pray tell, did she steal?
Now heres the quesion: Are US copyright laws, and as such the DMCA applicable to foregin music, or do I get to laugh at the RIAA if they come knocking on my door.
Lets see someone put together an app that flips bits here and there within MP3s to make each one it runs against unique enough to create a new MD5 hash!? (I would, but I can only program in a pseudo-language ;) It could even be as simple as adding in a trailing byte to all of your MP3s, though that could be easily filtered. Hell, if you can hide messages within compressed JPEGs without noticeably affecting their quality, why not do something similar to MP3s just to jack up this sort of tracking!?
"1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!
Sheesh -- what a mind-bender. The theory goes that a person can make an MP3 copy of a work for their own use if they own a properly licensed copy of the work (on CD, for example), but they can't obtain exactly the same copy from another person with exactly the same right. Ow! Ow! Damn you lawyers -- you're giving my brain a cramp!
I wasn't aware that this point was open for discussion, but I guess lawyers are lawyers, and the RIAA's lawyers are paid to make things happen the RIAA's way no matter what kind of specious legal theories need to be invented. I can see that a lot will hinge around whatever legal language grants the right to make "personal" copies in the first place.
The sad thing about this is that it's such an obviously cynical ploy -- not that anyone was expecting any different from the RIAA, but sad in any case. Technology is making it easier and easier for the public to obtain their copies of things any which way they like. The RIAA is using cynical legal theories to quash that convenience any which way they can for as long as they can.
God speed the inevitable demise of the RIAA and others like them.
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
Now may be the time for you to go back to your job as "RIAA's bitch"
Sometimes the only way to get change is through illegal methods. American Revolution? Oh yeah, Americans went ahead and committed acts of blatant violence in the events leading to independence. Why? Because normal methods yielded no success. Happened/happens in other countries as well.
Normal methods will do nothing to the RIAA. Thus file sharing is a way of fighting back against the RIAA. And you know what, it is working. Now things like Apple's online music store are popping up which would never have started without file sharing. And eventually we hope that it will lead to the downfall of the RIAA, which unfortunately is still some time away.
And don't give that file sharing hurts the artists excuse. Did the Boston Tea Party hurt only the British? No it hurt the tea company who owned all that tea as well. Yet those who participated in the tea party are now considered "heroes". The tea company supported the British and were thus were just collateral damage. Same with the RIAA artists.
http://www.eff.org/IP/P2P/Jane_Doe_v_RIAA/RIAA-opp .pdf
Interesting reading. Short summary: Five points as evidence, not just the hash-info
1. She offered more than a 1.000 files for upload
2. She was sent twice a warning message via IM
3. the meta-tages of her mp3's were all filled with lines like (e.g. "Ripped by ATOMIC PLAYBOY 1999!"; "Uploaded by Jerome and
Rudy"; "r!p'd n up'd by Sw0rdz").
4. the hash info
5. She claims to not know about the "unshare" button, yet seems technically savy else
Pretty much no rip is identical.
First step: the *.wav is ripped. Using libcdparanoia, which i personally perfer, i find slight variation in size depending on the machine and cdrom drive i rip them on.
Second step: encoding on different machines, with different encoders, using different algorythms, using different levels of floating point precision, on different architectures etc... produces vastly different files.
Third step: sharing. Oftentimes an mp3 is downloaded 99.8% before the connection is broken. You keep the mp3 becuase mp3 is a sequential file format and you only lose a second or two of music. The rest of the file is intact.
Their md5 searching scheme could be circumvented quite easily by changing a comment in the id3 but they could get around that by cutting out the id3 part of the file when they make their md5sum.
The downside to this is that if you are searching for music on something like gnutella by the ***sum, the content would differ and you would not get as many results. Gnutella would not download from multiple sources becuase the file would not have the same signature.
Whatever the case, it is clear that some form of file obfuscation is now needed for safety online. Or we can wait for freenet to mature.
I hate the RIAA as much as the next person (feel free to read some of my previous postings), but what needs to change here is the law. These people (er, we...) are stealing, according to the law. The RIAA is defending their property.
More time needs be spent talking about redefining the law and less on bashing the (evil, petty, corporate rapists) RIAA.
Can I bum a sig?
Now, if I ripped a song from a CD and you ripped the same song from your CD wouldn't they be the same? It's not like we'd be looking at analog differences in how the recording was set up. Instead we have the same algorithm being performed on the same file on two different computers. Unless there was some date-specific info then what would be different?
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
Sometimes the only way to get change is through illegal methods. American Revolution? Oh yeah, Americans went ahead and committed acts of blatant violence in the events leading to independence. Why? Because normal methods yielded no success. Happened/happens in other countries as well.
Normal methods will do nothing to the RIAA. Thus file sharing is a way of fighting back against the RIAA. And you know what, it is working. Now things like Apple's online music store are popping up which would never have started without file sharing. And eventually we hope that it will lead to the downfall of the RIAA, which unfortunately is still some time away.
And don't give that file sharing hurts the artists excuse. Did the Boston Tea Party hurt only the British? No it hurt the tea company who owned all that tea as well. Yet those who participated in the tea party are now considered "heroes". The tea company supported the British and were thus were just collateral damage. Same with the RIAA artists.
What good evidence destroying/hiding mechanisms are there around? Apart from deleting and overwriting the area several times? How about something that can kill the hard-drive even when the computers off? I see crime scenes on the news all the time with police carrying out computer cases for examination - it always struck me that you could fit tamper protection in your computer - any attempt to move it, open the case or anything with out proper authorisation would cause the hd to torch its-self, this could be as simple as a battery inside with enough power to boot the machine quietly and very quickly destroy the data, the police would have no time to stop it, while all this is probably illigal itself, it could be better than being sued for $50000 per song or whatever their price is?
:)
I hope the next kazaa lite comes with file altering/deleting/anti-riaa utilities
This comment does not represent the views or opinions of the user.
As opposed to, say, an article about all the various types of small-caliber ammunition? :-)
Provided you have a gun permit where necessary , there's nothing illegal about owning a gun in and of itself...but the Kuro5hin article extensively covers armour penetration(including what does/does not penetrate kevlar vests), what bullets do the most damage to living tissue, etc.
Maybe the living-tissue damage stuff applies to hunting, but when was the last time you saw a deer sporting kevlar, mmm?
Please help metamoderate.
From the NAPSTER network??? This is worse than i thought - it appears the RIAA has built a Time Machine! Next they will be going further back than napster andprosecuting free-thinking pilgrims who would share their newspapers.
Yikes.
Another point is that she could have been the original source of all the napster files. Since that was not the complaint here (it is not!) nothing is proven here.
I suppose that (if its possible) you would either want to swamp these guys with false positives, or distribute the hash keys and the files somehow to make it more difficult and protracted to discover who actually owns that file.
I suppose that one viable option in P2P would be a freenet model where downloading involves a number of encrypted hops between peers to search or get the data, and where peers cache popular data and indexes in encrypted form. It would be much, much harder to figure out who shared that file then.
Obviously there is a trade off going this route. You wouldn't want the sluglike performance of Freenet so it would not be as secure, but I'm sure you could reduce the number of hops and other measures and still make life massively more difficult for RIAA and their ilk to track down your activities.
considering that most software that rips CDs points to either CDDB or FreeDB the odds of two people have the same ID3 tags are very high. Now, given the MS has a monopoly on the desktop and given the popularity of a few ripping software packages (MusicMatch, Exact Audio Copy) the likely hood that two people ripping the latest Hit CD with the same software on the same platform is actually pretty high. So wouldn't that mean that the odds of the same MD5 hash are pretty good?
Somebody (not it) ought to create a command line tool to twiddle one insignifigant bit in an MP3 randomly, so you could just point it at your share directory periodically to break the chain that the RIAA seems to be making a lot of hay out of. Granted, this would wreck the ability to pull from multiple sources and verify files, but war is hell.
My suggestion it to not do this in the ID3 part, rather in the content part of the file, in that it would be possible to create a tool that would MD5 the audio content separate of the header.
Where do you get *your* entropy?
how about adding a field (easy if you're an oggvorbis trader) RANDOMIZER that contains a random produced number.... would this be enough to throw off md5sum ?
a thought
SIGERR: laziness exceeds quota
You mean: "Now may be the time to stop cheating a record label that has no problem cheating you, and start paying them for the right to own one copy of music that they own the rights to simply because they control the music industry and artists have no viable alternative."
My beliefs do not require that you agree with them.
http://news.bbc.co.uk/1/hi/entertainment/music/318 7695.stm
:wq
I guess the proper solution is to encrypt each file before it is transferred, so the MD5 hash for each file cannot be reproduced (unless you know the encryption key).
Duh, that should be "your LEGAL mp3 file MD5 hash sums". Or maybe "LEGAL mp3 files" is better English.. (a sum is a mathematical calculation on a physical file, hence you cannot update a calculation) ..anyway WTF?
Why leave yourself open to prosecution by mindless riaa-drones? Do you guys have a death wish or what?
Maybe someone should write an email virus that listens on the Kazza ports and reports back gigs and gigs of shared mp3's to anyone who asks.
Then, when people get busted, they can say "It was a virus".
Of course, this would make the search feature of Kazza useless...
From the article:
Copyright lawyers said it remains unresolved whether consumers can legally download copies of songs on a CD they purchased rather than making digital copies themselves.
So it's still up in the air. But here's where I get confused:
For example, the industry disclosed its use of a library of digital fingerprints, called "hashes," that it said can uniquely identify MP3 music files that had been traded on the Napster service as far back as May 2000.
By comparing the fingerprints of music files on a person's computer against its library, the RIAA believes it can determine in some cases whether someone recorded a song from a legally purchased CD or downloaded it from someone else over the Internet.
Okay, how? Only way I can see is if they have a HUGE-ASS library of mp3s downloaded from Napster that they can check every file against. Seems unlikely that "nycfashiongirl's" copy of "Beat It" would match exactly with one in the RIAA's library.
The recording industry also disclosed that it is examining so-called "metadata" tags, hidden snippets of information embedded within many MP3 music files. In this case, lawyers wrote, they found evidence that others -- including one user who called himself "Atomic Playboy" -- had recorded the music files and that some songs had been downloaded from known pirate Web sites.
Now it's making more sense. I don't think they're using hashes at all. I think they're checking the ID3 tags for stuff like "ripped by 4t0m1c P14b0y - www.atomicplayboy.com."
So really it should read something like "Using a surprisingly astute technical procedure, the RIAA examined song files with an advanced file analysis application, iTunes, and found evidence of references to Atomic Playboy." The article of course, doesn't mention whether it was possible for them to plant the evidence, which it would've been if they were simply allowed to possess her hard drive and weren't required to make any backup copies for the judge.
Of course, if, in her defense, she counters with "well yeah, not all of them were ripped from the physical CDs, lots of times I'd want to listen to one of my CDs, and I couldn't find it, so I'd just download it -- but here is my CD collection for evidence, your honor," then there's going to be an interesting precedent set -- is it okay to download songs that you already own on CD?
Also, she's in court not so much for downloading, but for uploading, which is much more of a crime (have they even sued anyone for just downloading yet?), and it really doesn't matter where she got the songs, just that she was sharing them.
c-hack.com |
That the RIAA are going to be able to demonstrate that the balance of probability (the criteria in a civil case) is heavily on their side? They don't have to prove beyond any reasonable doubt, they just have to show that it's more likely that nycfashiongirl is using and sharing someone else's copy.
What's especially damning is that even nycfashiongirl's lawyer seems to get that. You'd think that if she was telling the truth about these being rips made by her from CDs that she owns, they'd demonstrate that they could re-create them. But no, now that's irrelevent, it's all about the contitution. If the facts are against you, argue the law, eh?
Hmm, didn't we used to be in favor of the RIAA taking careful aim at individual sharers rather than blasting away at P2P in general? Seems to me like they're pretty confident that they've got the right target in their sights this time.
So, what's our reason to object now?
If you were blocking sigs, you wouldn't have to read this.
I just used two different PC's using the latest version of Windows Media Player on default (which a lot of home users would use I presume) to rip the exact same song of the exact same cd (Chateau on the second cd of the Matrix Reloaded soundtrack).
the size of both of these files is exactly the same 3,248,949 bytes. How would I go about checking to see if the MD5 hash matches (in Windows) for the two files?
If someone else knows how to do it I can send them the files. Provide you're not some RIAA moron.
So, the RIAA suggests they have a way to PROVE you downloaded the songs, should the MD5 tag be unique..
Ok... good for them. Now all they need is permission to access my harddrive and check.
Let me think about it...
No.
0110100100100000011000010110110100100000011000100
Why not steal your music the old fashioned way, IRC baby, YEAH!!!
My mother never saw the irony in calling me a son-of-a-bitch.
This is just the beginning of this type of thing, more legislation, litigation and saber rattling are on tap for the near (and probably) long term future. The patenting and profiting from/of intellecutal property in the wildly broad terms accepted today, combined with a culture of litigation and the broad language of the DMCA opens doors for this kind of thing to just perpetuate itself. A serious reform of patent law and clearer definitions of what intellecutal property and fair use entails should become top priorities. Please note I am not espousing some kind of socialist utopia of/for information, I have no problem with people protecting their work and making a fair profit.
Bill Gates admitted in a couple interviews that with if the "culture of patents" that MS lives by existed when MS started, they wouldn't be here today. While I think Lessig gets a little too far out there with this stuff, him and his brood make many good points. Not just our economy but the future of our culture is at risk.
If I use KaZaa to access indie artists who are
sharing their songs - as is their right - AND I
also rip my entire 1000+ CD/LP/8track collection
to the same computer AND I intellegently store
all the files in the same heirarchy.
Have any laws been broken?
KaZaa is configured to share everything in my
heirarchy so that the indie songs can continue to
be shared.
Have any laws been broken?
I go in for Jury Duty, meanwhile Another Kazaa
user downloads the indie shared files.
Have any laws been broken?
Another Kazaa user downloads the rips from my
personal collection because their 8track player
is on the fritz.
Have any laws been broken?
Another Kazaa user downloads the rips from my
personal collection because their LPs were
destroyed in a flood.
Have any laws been broken?
Another Kazaa user downloads the rips from my
collection because they want to see what the
latest Madonna single sounds like before going
out and buying the CD.
Have any laws been broken?
If any laws were broken here - who broke them?
Just because I leave the front door open does not
mean that anyone can enter and take what they
want from my house. Same as my computer.
The action of downloading is at question not
making the article available.
YMMV. Consult a lawyer.
comment directly in my journal
From the article:
...
Copyright lawyers said it remains unresolved whether consumers can legally download copies of songs on a CD they purchased rather than making digital copies themselves.
By comparing the fingerprints of music files on a person's computer against its library, the RIAA believes it can determine in some cases whether someone recorded a song from a legally purchased CD or downloaded it from someone else over the Internet.
So, the RIAA has been downloading illegal copies of music for years, in fact probably has a huge library of music. Simultaneously, in their broad sword efforts to completely end p2p, they're arguing that it's illegal to download songs you've already bought. So, even if the RIAA has gone through all the hoops with this library, obtaining licenses for each song they swiped off of file traders in their investigations-- which I doubt; recall Microsoft's slip ups-- they're arguing that the methods they've been using to track down illegal file traders are actually illegal themselves! In fact, the RIAA might have the largest collection of illegal music of anyone, even larger than mine! Of course, this should come as no surprise, after all of the attempts to make it legal for them to attack suspected infringers PC's, it's pretty clear that the RIAA's privilege and property makes them above the law.
echo a random number of nulls onto the end of the file, and the MD5's will never match again. Likewise if the id3 tag editor does not strip extra spaces, add those to the end of random tags.
-rusty
You never know...
How long is it until a P2P client is created which appends a half second of noise to the end of everything you download, thus modifying the checksum?
I can see it now... "And in recent news, according to the RIAA there are over 10 billion songs being traded. The organization is quoted as saying 'We intend to sue individual users for having more songs than we've created...'"
Where did the submitter pull the MD5 reference? Using MD5 to compare for similarity of two data streams is a bad idea, since very small changes will severely change the hash. It's about as useful at looking at the file size to see if the two MP3's match.
Since an id3-tag (v1.1 mind you) only affects the last 128 bytes it would be pretty easy to only md5 the part that has actually been ripped.Then a slight difference or spelling errors in the id3 tag wouldn matter if it was to be compared against other mp3-files.
Revealed: How RIAA tracks downloaders
(Music industry discloses some methods used)
Revealed: How RIAA tracks downloaders
(Music industry discloses some methods used)
Article has just very basic info for techies...
As long as you 'own' the cd, you can have the mp3s, right?
Does it matter where you buy them from? I can go to a garage sale a buy a cd and it becomes mine.
Are you only allowed to have the MP3s while you own the CD?
It'd be cool to have a place where they had bunches of cds, and when the RIAA tries to go after someone for MP3s, they could give the CDs to that person just to prove ownership of some kind. Even if the cds were bought for $.01, they'd be theirs. After the RIAA leaves that person alone, they send the cds back and it all starts over.
any good?
There is an interesting pattern here:
- Some one comments that the IP laws have not kept up with technolgical and social change, and that they are now impeding the cultural goals they origonally served. They may have made sense when we were limited to exchaging physical objects, but they don't make sense now.
And the responses are allong the lines of:The respondents are completely missing the point. To see this, imagine what the discussion might have looked like if it had happened way back when:
- The rule about not eating X hasn't kept up with the times. It made sense when we didn't know about the parasites, but now that we know how to clean and cook them it doesn't makes sense.
I suspect the responses would have been along the lines of:Every time I see this played out, my response is, "Gee, IP law really is dying, isn't it?", with the same sort of awe I had watching little bits of sand wash downstream at the bottom of the grand canyon.
-- MarkusQ
What exactly are those, anyway? The linked article doesn't explaing them.
The ripping stage can also produce slightly different checksums, depending on the condition of the CD - Audiograbber actually reports "potential speed errors". Unlike data CDs, some level of read error is considered acceptable on music CDs; you don't want the player to keep re-trying a bad sector if it detects a big problem - it would ruin your listening pleasure!
When I am king, you will be first against the wall.
The same story is posted on CNN.com. Accompanying this article is one by Marci A. Hamilton, a chairman at Benjamin N. Cardozo School of Law, Yeshiva University. She states that going after students who illegally download media is not only OK, but is RIGHT. I wouldn't have a problem with this were it not for the reasons she supports it with. She says that a world without copyright laws would cater only to the rich and the government. When was the last time you heard of a government worker writing a song on the top 10 list? When was the last time a millionaire, (not a musician) created a song that made it to the hall of fame? My point is, without free music/media, many of the people who come up with the latest and greatest entertainment would never see any of the media that's out there. Marci claims to be looking out for the poor country music singers in her article. If they're as poor as she says, how are they ever going to be able to afford a CD at $15 a piece???
s .hamilton.music/index.html
Musicians and music labels alike need to come to grips with the fact that their moneymaker, (CD sales) will need to take a back seat to actual performances by the artist. We need to take it back to the old days when music artists actually sang and performed and didn't just sit in a dark room behind some curtain tooling away on their synthesizer.
http://www.cnn.com/2003/LAW/08/07/findlaw.analysi
Interesting, since I don't actually download much myself. I have a large and rich CD collection I bought in the late 1990s, all encoded on my computers, and this is enough for me.
Nor do I download movies, since I find the cinema to be great fun.
So you may want to read my comment, not attack me for something I've not done.
Perhaps you have no culture. But I doubt that. You most certainly do, and ask yourself how you got it. Was it bought? Was it given? Was it stolen? Most likely you found it, like the air you breath, to be all around you, free and taken for granted.
Artists create, but their creations are 99% built on existing work. How can I state this?
Because since 1992 I've written free software. I've always felt the distribution of my work to be part of a distribution of culture, and it has never felt like robbery when someone took something I made, for no cost, and used it. Perhaps I'm just stupid. But I make a very good living doing other things.
You should stop insulting people (although "hippie" is a strange and contorted insult, the only hippies I know are my parents' generation, all in their 60's now), and you should think for a few minutes.
Ceci n'est pas une signature
With all this hash talk going on, I thought I'd mention that Musicbrainz uses some sort of similarity hash in identifying songs. It compares the hashes of the files you have to an existing user submitted database. If the match is good, then you can use the database tag info, which is pretty handy.
I've compared albums I've ripped myself to the database and gotten "100%" matches (along with some matches of a much lower percentage) That leads me to think that if the RIAA kept its own database like that, they could do a whole lot of comparison with similarity or quasi-unique (ala MD5) hashes. I'd also venture that, with enough work at the comparison system, they could make court-valid assertions. They can hire plenty of geeks to handle the statistics necessary to call something 'beyond a reasonable doubt.' (for criminal proof)
adjust its length until its checksum matches that of "Oops, I did it again".
The people brute-forcing RC5 haven't even solved a 72-bit key yet; how do you expect anybody to solve a 128-bit MD5 hash?
Will I retire or break 10K?
Since DNA "mis"-matches are theoretically possible, they should not hold up in court either, right? The odds of a DNA match being wrong might even be better than the odds of a MD5 checksum match being wrong.
From the article-
"U.S. copyright laws allow for damages of $750 to $150,000 for each song offered illegally on a person's computer, but the RIAA has said it would be open to settlement proposals from defendants."
Let's correct that. What the RIAA really meant to say was:
"U.S. copyright laws allow for damages of $750 to $150,000 for each song offered illegally on a person's computer, but the RIAA has said it would be open laughing wickedly at settlement proposals from defendants."
ooh.
Of course there's also post processing, pop elimination, noise reduction, normalizing, etc will all modify the resulting hash.
"Pop elimination" eh? Does that delete all your Britney Spears and *NSUCK MP3s? Would "noise reduction" get rid of bad techno?
Will I retire or break 10K?
How can they get the MD5 Sum? I mean they have to transfer the mp3 first right? what if this MP3 they just transfered is copyrighted, would't that be a infrigement?
I know they probably imune to infrigement on stuff copyrighted in USA, but what about some MP3 from a other country?
Is't it time to sue RIAA for copyright infrigement? Who is volunteer to set the trap?
What is this? I wake up to see factorials on slashdot. Bless my cold, mathematical heart.
The only way I can listen to it via mp3 is to, yup, download an 'illegal' mp3!
Or do what I do: reproduce it over analog. The noise added by .ogg encoding overwhelms the ADC noise floor. The RIAA will never succeed in copy-protecting audio.
Will I retire or break 10K?
My mother's dying. I'm dealing with it, thanks.
She's got a truly impresive collection of primo vinyl (we're talking hard-to-find old jazz, blues, opera and lots, lots more,) and an old stereo system I'd put together for her back in nineteen-.
I don't need/want a multi-tentacled audio monster that can rattle the windows to my condo so its going to go into the land-fill soon after mother does the same.
I'm going to buy a Firewire A2DConverter I've already got software for my Linux box and I'm going to rip the whole collection to Ogg or AAC and put it on a 160 gigger (hope its big enough,) dedicated to serving ME MY tunes (I'll still have ALL the sources,) to MY boxen ANYWHERE in the world I can get a fast enough connection.
If the RIAA has a problem with that, they can KMMFA.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I use MP3 tag tools to work on my ID3 tags of every song I own. (about 11,000) There's an option for remove all non-id3 tags that I apply to every file, and sometimes it removes some bytes. Anyone know what this is?
Maybe you should try out this ripper. It works perfectly and also managed to rip all my copy-protec^H^H^H^H^H^H^H^H^H^Hbroken CDs...
Now may be the time to update your illegal mp3 file MD5 hash sums
Is it just me or does this make no sense at all?
- Alex
RIAA sued 'em, and it went to court.
Mp3.com lost. Sending the MP3 files to someone they knew already had the CD, was ruled to be copyright infringement.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
The MD5 thing isn't for tracking the same song ripped by different people. The thread on this, so far, has left me scratching my head as to why folks feel the need to restate that encoding an mp3 with different settings/software will result in a different md5. Right, this is slashdot and we all know this already.
The reason for md5 matching is so they can nail someone as the 'origin' of the ripped song, then hold them liable for all the copies of a matching md5 on P2P networks. It would be more a demonstration of "look how much damage one copy did to us!".
> It is also possible that, as someone else suggested, the magical
> mp3 fairy left those files behind on her hard drive.
Your honor, I bought that hard drive second hand on ebay. I think I made a good purchase. I expected just a drive, but received all that wonderful music!
So how are you enjoying your 100 free hours of AOL
Why are there only 19 people folding@home for slashdot?
you are absolutely right. but your issue is not the point.
the point is, that the file will be the same bit by bit when using the same mp3 encoder and id3 tag filling scheme. and that is not unlikely.
not even the ripper has to be the same since the wave data should come 1:1 from disc.
now imagine a thousand people using musicmatch or some other common mp3 encoder. now imagine 10% of them have the same mp3 encoder / id3 settings (probably default) and -bang- they'll have the very same mp3 file produced with all the same md5 sum.
Exchanging music is not about piracy, it is about exchanging culture
In particular I like trading Britney Spear's "culture." It really enhances my life.
Today culture moves at the speed of light
Isn't this a line from that WorldCom commercial from a few years ago, the one with all the dudes in the office riding around on scooters?
It cannot succeed except by destroying the Internet.
The Wachowski brothers just called to inform you they are suing you for stealing the plot to their next movie.
Seeking all means to do this faster than ever - and ignoring the barriers, such as "ownership", that stand in the way - is the prerrogative of today's world.
Yeah ignore those barriers, they are soooo 1990's.
We simply can't put the genie back into the bottle
Oops, I guess you've been sharing Christina Aguilera culture...
useless vestiges of a material-obsessed past.
Yeah capitalism is so over-rated. Who needs private property? Um, in Soviet Russia the culture flowed freely?
I have decided to move to the not so popular .ogg format. Will this throw off the RIAA? I'm curious just how tech savvy these chumps are.
First, if the files are different in any way at all, wouldn't it give a completely different hash? Let alone a different format. What about encoding at a different bit rate?
Second, does the RIAA know about the ogg format? If everyone moves over, how long will it take before they notice?
Third, wouldn't it be better to use an audio fingerprinting scheme like musicbrainz uses to tag your files? It's similar to hashing but uses the actual audio qualities in the file.
Seems the RIAA is not only about 20 years behind in their business model, but they are about 20 years behind in technology.
My issue with the RIAA is, why can't they just say to the courts "This guy is downloading music confiscate his computer." There are no watchdog groups to make sure these guys are actually verifying that someone has the copyrighted information.
Can you imagine the bandwith costs the RIAA have just to download the number of files they do. Just so they can check the hashes on each file? Verifying the legality of files must be extraordinarily costly. Wouldn't it be great to start flooding their network with their own fake files just to WASTE (link pun intended) the RIAA's bandwith and time downloading the junk they disseminate?
Sorry, the sig field is temporarily out of order, you will have to read whatever I write here.
There are a number of tagging-utilities out there. Helium2 does a good job. Open up all mp3 files into program of choice, mass re-tag all the comment fields with this comment:
"Ripped by from the cd I bought at the store for $18.99"
Click the re-tag button. New MD5 hashes...
If you wrote something, be it music or software or whatever, and sold it for retail, and then found out it's been traded all over the Internet, would you be excited with glee at the "exchange of culture," or realize that the way you make your living is being cheated from you because there are people out there who are so used to the convenience of downloading whatever they please that they have justified it to themselves to get rid of their guilt?
You wouldn't object (or at least have any leagal right to object) if I published a portrait that i took of you around the world. Nor if I published a home video that featured you walking in a town (where I just happened to observe you).
Some artists consider the way they walk through a town to be important conceptual art. As society, we do not see fit to allow them to control the distribution of a record of their movement.
Similarly - we do not see fit to consider allowing people to control the distribution of their images (newspapers would struggle with crowd scenes)
With music - the question of how much control the artist should have is not trivial. Should they be allowed to control access to their private concerts? Should they be allowed to control who listens to them if they sing in the street? Should they be allowed to control the distribution of a recording of either of those?
As a society - we grant control to artists because we want to encourage them financially. There is an inherent tradeoff though - the control we grant them limits the access of the society.
One could argue that it would be good for society if we allowed free distribution of any recording and therefore 'forced' musicians to make their money by playing live / selling autographed CDs / being sponsored by Pepsi. This would probably mean fewer mega-rich superbands and more public performance. Probably less investment by large corporations - perhaps more investment by bands that felt they had a chance to get a piece of the pie.
Certainly cultures have existed where there was no protection of artistic creations such as songs. Rich oral traditions have evolved. Singers have gained kudos - but probably not become mega-rich!
I'm not advocating a position here - just trying to argue that the issue is less clear then it appears from within our current system!
VLC Remote for iPhone and Android
What matters is that you:
A: Have them
B: Know what files they came from
C: Know the correct filesize
Step 2: Then you create files (a bunch of zeroes if you like)
with the right size, the right name, and the right checksum.
Step 3: Share your ".mp3" files
Step 4: Profit???
I think a good idea for this type of honeypot would be to invert the function of PeerGuardian. In other words, whitelist IPs from the RIAA, large companies, Senators etc. And it'd also be smart to set yourself up as a supernode.
I don't understand why those ding-dongs used MD5. The value of MD5 is that it's hard to make a file with the same MD5 hash but different contents. If all you want to do is identify the file, CRC is much faster and just as good.
The obvious way for P2P users to circumvent this is to use a tool to modify at least one bit on all of their mp3 files randomly (thus changing the hash), so the RIAA can't see what they're trading. It's much more valuable to appear not to be doing something illegal than it is to flood their sniffers by always appearing to be doing something illegal. Not to mention, it's conceivable that it would be considered a violation of the DMCA to circumvent their detection system by reproducing the hashes they're looking for.
No matter what hash the RIAA uses, changing bits in the file will almost certainly change the hash. They need real watermarks to do what they want, and they will be too expensive to calculate on a broad basis until computers get much faster.
If you make sure every time a file is traded its hash changes, you have effectively foiled the attack.
If your insurance policy reimbursed you for this loss, then it most certainly is NOT fair use - even if you disagree with the depreciation amount (didn't you carry replacement coverage?).
Most of the copyright restrictions talk about commercial copying/distribution. Under the Fair Use extensions of the Audio Home Recording Act it is actually legal to give a copy of a CD that you own to a friend. It is also legal to create compilation tapes for these people. The first line that you can't cross is charging for it. The second line is the one that was never really defined - who qualifies as a "friend".
Now Fair Use is actually a set of affirmative defenses rather than absolute rights so they would have to be adjudged, but so far things like course books (copying sections of other text books and creating a compilation) have cleared that hurdle. Additionally, in those cases the copying company was able to charge for the expenses related to making the copies.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
So, how long will it take for a utility (WinAmp plug-in) to emerge, that adds or removes a sub-second long moment of silence to/from the beginning/end of every mp3 given to it as a parameter?
RIAA: "Only hackers."
Trinity: "Hash *this*!"
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
I believe what they are referring to is a system that takes a sample of a song (let's say 30 seconds) and generates a 'hash' based on that... The thing about this system is that it is a loose hash, meaning that changing one bit does NOT necessarily change the hash. It is a sonic fingerprint (Not in the digital watermark sense), so that in theory if you had a direct CD-ripped wave, and an analog rip from a cassette as a wave (for instance), you could match the two files, even though they are FAR from bit-for-bit exact.
This is what they mean when they say hash. NOT md5. Obviously MD5 could not track an mp3, since changing even one character in the ID3 tag would change the whole hash.
So they probably have an automated downloader that then generates a fingerprint from the downloaded file and compares it to a db of fingerprints to determine if the song is copyrighted. I'd bet that's all.
Just out of curiosity...Did you have insurance? Did they write you a check for the CDs you lost in the fire? I doubt it, but if it had happened, would still feel you had already "paid for" the CDs, and simply thumb your nose at the RIAA and Big Insurance and download the files, as you'd already "paid for" them?
I promise, I'm not begging to be flamebait. I'm really curious.
Where does the line get drawn between physical property and intellectual property, and what rights do you have if you HAD purchased it, but it's gone now? I mean, I can't go to the lot and get another car because mine is destroyed in a fire. Of course, I could go take a picture of it...but I could do that anyway.
I'm curious.
Any sufficiently well-organized Government is indistinguishable from bullshit.
An excellent example.
The statue sits there, the result of laborious work by its creator (made possible thanks to a decade of training at the hands of other masters, but that's another story).
Now the statue is in the hands of a private collector who charges people to view it. He claims he owns it, but the state decides that the statue is far too important. They buy it, and put it on public display. Now everyone can see it, be inspired by it, make rough imitations, photos, even tiny or full-scaled replicas.
Which is preferrable? Which results in a better and richer culture?
Clearly no theft occurs by looking at the statue, except that the original owner cannot claim his viewing rights any longer.
This is the best metaphor for digital culture. totally intangible, yet very important. The discussion of "rights" and "theft" and "ownership" is meaningful only insofar as the direct artist is concerned. All other parties are unavoidably biased, and finally it is the common interest that must prevail.
It is clearly impossible to restrict all creations to "pey per view". Impossible and stupid, for people will simply turn elsewhere and make their own, or steal to view. Culture does want to be free, as you know very well because you are here on Slashdot, proving that point exactly.
Comparing Kazaa users with suicide bombers, burglars, and corporate thieves is fanciful slander, and you know it.
Ceci n'est pas une signature
You know, as I understand it there is nothing that is fair use according to these bastards. So your admission to having taken money from the mouths of starving record executives can be used against you in a court of law (as soon as they finish rewriting the constitution). The only thing you can now do is to embrace your evil criminality. So go ahead, go into your bedroom and find those "Do not remove under penalty of law" tags on your mattress and just rip them off! Then just go into the living room and wait for the FBI to come bash in your door. They are on the way anyways. (you evil downloader of mp3's for CD's you already own guy you)
Enjoy your Karma, after all you earned it. Feel your Karma Joe, feel it burn.
A video clip of "Goatse.cx guy and tubgirl together at last" may indeed be very, very rotten, but in Denmark, it's legal. So keep your aesthetic judgments to yourself. Puritan! ;)
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
A cd ripper called "Exact Audio Copy", allows you to set your cd-rom/writer's read offset or read/write offset. Would this offset have any effect on the md5sum created? Say someone rips with the offset set at 0 and then again with the corrected offsets. The mp3 was encoded with the same encoder, settings, id3 information, volume adjustment, etc. Would the md5sum match?
I was under the impression that MP3 (MPEG-1, Layer 3) was a lossy algorithm. Even with the same ripper settings working off the same stored raw CD audio file, will it actually produce identical output? Can the MP3 encoder drop different bits as irrelevant on different passes in time on the same data with the same settings? If this is indeed the case (I don't know, I am not familiar with the detail of the algortithm), then MD5 sums become a virtually foolproof way to identify a file since an identical sum can only be produced from the exact source MP3, not one that is close. Just a thought on that matter. And a second point, more of an idea really... Has anyone thought of trapping RIAA? Here is my proposal... 1) Go and buy 50-100 CDs from your local music stores (I know, this is abhorrent since you are lining the pockets of the people you want to fight but it is a means to an end). SAVE ALL THE RECEIPTS! You will need these. 2) Download a popular P2P program and sign on. 3) Go download crazy and download an MP3 for EVERY SINGLE SONG on the pack of CDs you just purchased. Be obviously, be a bandwidth pig, get somone's attention. 4) Take screenshots and printouts of the directories containing your "booty". This will establish the timestamps of when they were downloaded. Sign and date the screenshots, preferably with witnesses who sign them as well. 5) Wait for a supoena from RIAA. 6) Join RIAA in court and argue "fair use" by throwing up your stack of legally purchased CDs and the receipts for them clearly indicating that they were purchased PRIOR to the supposed infringement and you were simply wanting MP3s of CDs you own but lacked the knowledge/skill/time/tools to rip them. Is such a case copyright infringement? It's a dangerous game to play because the fair use doctrine has been supported, it is not a matter of law. The outcome could be undesired because it could cause a rethinking of what constitutes fair use. The fun part of such rethinking could be the broadening of what is considered infringement into areas where it was not infringement and ignite an absolute firestorm.
Can I share files for my self? I'm at work... I have a large CD (and MP3) collection at home. I have a hight speed internet connection. Can I share the files to my self for use at work? (Ok, put the thinking caps on for a minute....)
1 - Set up a server and fill it with legal content (free images, documentation, etc.).
...
2 - Collect hashes of well known artists tracks from p2p networks.
3 - Since many files can generate the same hash, alter slightly your legal content until the files remain useable but their hashes match with the mp3 tracks.
4 - Wait for the RIAA to knock your door.
5 - Call your lawyer and burn them to death.
Ok, let's add it.
6 - Profit!
It would be a pretty simple matter to simply add a bogus data at the beginning of the MP3 file, which would get skipped by the player and have no effect at all on how the file sounds. In fact, this is how ID3 version 2 tags work. The ID3V2 tag is added to the beginning of the MP3 file, and since it doesn't have an audio sync signal, the player will skip until it finds it. This would more than invalidate RIAA's library of MD5 hashes.
Of course, if two people change the same file differently, file sharing programs won't be able to match them either...
Do MP3 files have less than important metadata in their headers? Putting a single random integer into the file header and designing MP3 players and recorders to randomize that integer with each use of the file...
Healthcare article at Kuro5hin
Fair Use is about the right to quote portions of one work within another, as a means of making commentary, criticism, or parody. See Standford's explanation or Title 17, Chapter 1, Section 107 of the Copyright law.
You might argue that it's 'reasonable' to download an MP3 file that corresponds to a track from a CD that you own, but it's simply not 'Fair Use'.
Here's what I do: Bitty Browser & Andromeda
Don't we already pay a small tax to the recording industry every time we buy blank audio CDs (but not data CDs)? I'd like to see some lawyer fight a case claiming that a P2P user has already paid the RIAA and is therefore exempt from their lawsuits when downloading the music and burning it to an audio CD. That would be an interesting lawsuit.
That is shouldn't be (and isn't) illegal to download/copy your legit CD's, but sharing out the Mp3 files to those that don't have legit files is. RIAA nastygrams hit mostly people who share out, although I'm sure they're targetting some heavy downloaders too.
For myself, I've got a few CD's with skip-scratches, and one that fell between the seat and got scratched up quite badly. The original CD's were also a bit difficult to rip (which is one of the bigger problems are far as backup). So sometime when I'm not busy, I'll download the tracks all off Kazaa, and re-burn the discs that are fubared, probably into an Mp3-disk collection too. My originals have long since moved from my car to a safe place anyhow. Now, this could put me on the RIAA radar, but not so much as if I went and shared out said files to the masses. Of course, if nobody shared then P2P would die anyhow... which is why we have a real problem.
There is no way for P2P to identify legit owners of CD's, so we just share indescriminately. There is also no way for the RIAA to identify non-legit owners, so they just sue/nastygram indescriminately. Neither is right, though I smack the RIAA for being wayyyy too lawsuit friendly (esp in cases when the material is not infringing but their filters misidentify it), unfortunately there's no happy solution for either of us. I'm not going to buy a new CD because the damn things scratch too bloody easily, RIAA is not going to let people continue to trade off Brittney and BSB without paying for them...
As an expriment I just tried:
[sputnik57:~/Desktop] jim% md5sum Norwegian\ Wood.mp3
16b64198efdd1c183b97020ca9c69396 Norwegian Wood.mp3
[sputnik57:~/Desktop] jim% echo 0>>Norwegian\ Wood.mp3
[sputnik57:~/Desktop] jim% md5sum Norwegian\ Wood.mp3
5c8d12d1d83338b8a4c39c9401f683ac Norwegian Wood.mp3
The song plays perfectly afterwards, of course.
Of course, I could write a little perl script and inject "Ripped by Jim from his own CD" and not only mess up the MD5, but also convince a jury that I ripped it myself. If this is the best that the RIAA can come up with, they'll merely embarass themselves further. Future P2P apps will merely have a checkbox that says "Inject Random Bit?"
The other day, I asked a similar question on my site - If I buy a copy-protected CD that won't play on my Mac, can I download the songs in good conscience?
Cheers,
Jim
-- My Weblog.
Now may be the time to update your illegal mp3 file MD5 hash sums.
Done.
Everyone seems to be thinking that it is very difficult to generate the same MD5 from a mp3, I don't agree.
FileDonkey allows you to search for files that have traversed their network by name, and displays the MD5 hash so that you can specifically search for THAT file.
Anyway, if you use their interface to search for "Oops I did it again" or any other drivel by britney spears, you'll get about 100 different files. Again, these are files that have traversed the relativley large file donkey network at some point, not files that are currently available for download. It seems to me that way more than 100 people have ripped that song and shared it.
Anyway, there aren't that many different MD5 sums for just about any song, yeah there are more than a few, but they are FAR from unique.
"Anyway, long story short... is a phrase whose origins are complicated and rambling...." - Abraham Simpson
No mod points, but it's at least a +3, Insightful, Informative and Funny :).
The truth of the matter is that it is that easy - to a geek. The problem has never been the access to cryptography - I remember encrypted containers existing even before PGPdisk, and even that is many years in the past. The reason it wasn't really a "problem" is that the general public was unaware of its existance.
You saw the same with mp3s. There were lots and lots on irc and newsgroups before too, but few people. It was when the general public and Napster got started it all took off. I expect them to try to cripple crypto - not the algorithms but the implementations, including extra backdoor decryption keys and similar. I don't expect the people in government to allow each individual to have their own, impenetrable digital "vault". Not without a fight anyway.
Kjella
Live today, because you never know what tomorrow brings
I rip my own CD collection with Ogg Vorbis. .ogg format is unemcumbered by patents (unlike MP3 -- is *your* ripper legal?).
Except for some genre music (Celtic, Jazz, etc) from unsigned artists I've obtained (legally) from the old MP3.COM site (before it was vilified), I have *no* MP3's for the RIAA to find, even if they manage to bust in through my firewall (or my front door, with or without a search warrant).
All of my ripping is for migrating from one media to another, and is protected by fair use.
The RIAA can go suck an egg, for all I care.
Here's some programs I found to change a bunch of ID3 tags in a hurry: http://www.maazl.de/project/mp3/mp3tag.html http://id3master.mute.cz/what.htm
stop trying to justify your mp3 stealing habit with stupid schemes like this.
it's really very simple, you search for your songs, and look for the ones that come up with 300+ people and have their "bandwidth" set at 1566
.. not usually my style of music but my brother has the cd and I liked the song while listening to it in his car) and a few seconds in you will hear it fuck up and yet 300 people still have that copy and all have stupid usernamers as well.. also you will notice that the speed on these mp3's is extremely high (in the 200 Kb/s range)
then you sort the list by bandwidth so that all the 1566's are at the top and avoid them
they are easy to spot because if you start to download the song and actually listen to it (and I can give a specific example, try 50 Cent's "Backdown"
hope this helps you out.
Hashing and compression aren't really my thing so maybe someone could clarify my understanding.
I was under the impression that hashes are not reversible like compression algorithm's are, but that they try to add as much chaos between slightly different variations of the original. (The same way the telephone company racks up money by having area codes be very distant from each other; a typo in the area code probably means big bucks for a wrong number)
My spreadsheet of 1997 budget information could produce the same hash as a RIP of Meeco's Star Wars disco theme remix, but it would be unlikely to produce a hash similar to my 1996 budget information (which is practically the same other than 1996 being 1997). None of these would ever compress to the same result using a loss-less compression scheme (or they might be in for a surprise when they uncompressed their Mecco track).
Producing a unique result for each file is what a compression algorithm does. If a hash were truly unique and reversible then you'd have a compression algorithm, right?
Now to make this relevant to this case...
Could someone make a MP3 from MD5 generator? It'd create an MP3 with the goal of having exactly the same MD5 hash as the original song. Admittedly it'd probably sound like a confusion of radio static and Husker Du. Not anyone's cup of tea to listen to probably, but it might wind up being just the sort of edge case to make MD5 hashes insufficient evidence in court (especially if the defendent had a nose ring). If this isn't possible, then perhaps it could make a JPG from MD5 generator? Visual noise is much more appealing to many than auible noise and probably easier to create.
for buying Celine....sincerely...why must you support her audio abuse?
Clearly any new P2P clients should use a homebrew and/or keyed hash, and be distributed with one of those "no reverse-engineering allowed"-click-throughs and DMCA threats. Add some token "copy prevention mechanism" into the program (encrypt parts of it). Make sure that there is no comfortable way to use a normal client for this kind of large scale "hash searching/cataloging" the RIAA would want to employ, such that they must rev-eng in order to get the data or build the code that they need.
If files identified using such an algorithm end up in court, we could probably force the RIAA into having to argue that such click-throughs carry no legal weight and that reverse-engineering such "protections" is legal -- which would be very good indeed.
Not to mention, hilarious.
Belief is the currency of delusion.
I wouldn't put too much stock in that Kuro5hin article... full of typos and inaccuracies.
Some of their data on the 5.56 NATO, particularly regarding wound ballistics, was incorrect.
Some of their statements about armor-piercing ammunition were bogus.
I used to regularly give wound ballistics lectures to my students and residents, and I'd have to say that there are far better sources out there than that article. Getting gun info off the internet is always a dicey affair. I'd recommend sticking to military and medical/surgical publications if you really want to know what a bullet does to the human body.
For further reference, I'd recommend the International Wound Ballistics Association. I'd also recommend doing a search for articles by one of its members, Dr. Martin Fackler... his writings are fairly illuminating.
Fair warning before you go internet-researching: some of the material is gruesome. I have to know about this stuff professionally... it's part of my job, but it's not for everyone. If, however, you really want to know what happens when bullet meets flesh, I'd start there.
Just my $.02
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
A birthday attack allows you to produce two files with the same hash in about the square-root of the normal expected time, if you have a lot (order of exabytes at least in the case of MD5) of memory.
However, they are comparing the sig to a *specific* rip on KaZaA. Even if she were trying to make a rip that matched something's MD5, this could only increase her speed by order of (#files on KaZaA), which brings it down to maybe 2^100 effort. In fact, she is presumably not trying, so her odds against with ~1000 files of even having one match are ~2^90:1.
Making another file with the same sig is easy, we did it as an assignment at school with text files instead of mp3s, but the point holds.
I very much doubt that you could do this if "sig" means "md5sum". If you mean a CRC (or other non-cryptographic checksum), or CBC-residue (where you know the key), yes, this is easy. If you mean a CRYPT residue (like UNIX uses), this is doable if you have a couple CPU-months to spare.
In fact, David Wagner (at Princeton) reports thatBut I defy you, or anyone else, to show two different strings with the same MD5sum. While progress has been made in cryptanalyzing MD5, it is not yet broken (ie, nobody has been able to reduce the time required to break it from brute-force).
It was estimated in 1994 that a $10M machine could find a collision in MD5 in 24 days. Today this would probably be less than a million... but the only people likely to have this are not about to jump up and admit it.
I hereby place the above post in the public domain.
If they just create a public database of RIAA-owned tracks, we can all stay away from any RIAA music and maybe even have the clients shield us from it automatically.
Everyone is missing the point here with the MD5 hashes.
OK, if you use the defaults in your MP3 encoder, and the ID3 tags from CDDB the *encoding* would be the same, but not the end file. Know why?
The rippring process differs greatly - you've got things like scratches on discs that some CD-ROMs will pick up as errors and some won't, you've got pauses due to slow processor/HD on different computers etc.
The only way I'd say to get an identical file would be to rip it using the same computer, encoder and CDDB - in which case "Jane Doe" must have been the original producer of the Napster file if the KazaA one matches it (or she copied it from someone else).
She's guilty as Hell, but personally I support her as the RIAA/MPAA are scum.
#include <sig.h>
How would this technology do with iTunes-compressed AAC files? One would assume that they wouldn't match up to their MP3 counterparts in the least, but I wonder if the RIAA even scans for these files (since they're used by a minority anyway).
"Reality is merely an illusion, albeit a very persistent one " -Albert Einstein
If you were to examine 2^127 different files, then you would have a 50% chance of one of them giving you the desired MD5 hash. Do you know how large 2^127 is?
Sorry, but your math is way off. Do you need 183 people for a 50% chance of a shared birthday? You only need, hmm, twenty-odd people for that.
Maybe they're speculating that the jury will immediately succumb to the magic word 'hash'.
But otherwiese, frankly, i don't see what this could be good for. Hashes (whether MD5 or SHA or some other algorithm) don't prove a thing.
Identity: The identity of the hashes of two MP3s only provey that the MP3s were encoded with identical settings from an identical CD source. If two people, one in NY the other in LA buy the latest Red Hot Chili Peppers album and rip and encode it both on Windows machines using identical versions of RealOne (or any encoder) then the resulting MP3s will have identical hashes. Whether the probability of two different files accidentally having the same hash ist 1 in 2 or 1 in 2^127 is absolutely irrelevant here. The chances of two people using the same software with the same CDDB information to rip the same track from a CD that sold a million copies is a lot higher. Everybody with a half episode of Matlock legal expertise will tear the RIAAs position apart on this ground.
Trackability: Hashes cannot be used to reliably track the path of copies across P2P networks either. Since the hash is more sensitive to minor changes than the ear doing random changes to the ID3 tags or randomly changing a bit or two somewhere in the MP3 will wipe the tracks.
So two files having the same hash doesn't prove they come from a single origin. Two files having different hashes doesn't prove they don't come from a single origin.
Hashes don't prove a thing
Chong: Say, man. They're coming after us with hash, man.
Cheech: Far out, man.
Forget changing the tags, just download them on the 28.8 you gave to your sister!
:>
Given the right phone line, (i.e. qwest), it will automaticly throw lots of random data into the downloaded file and wa-la! different MD5 and a very differnt file than what everyone else has.
Nobody has a song that sounds just like mine once I download it... (also works great when your trying to get a new remix going)
One of the interesting aspects of MD5 hashes was that they were an improvement over CRC hashes. This was due to the fact that you could actually generate a file which had the same CRC hash, but had completely different content.
Wonder if there is a utility for generating files with random content, but with the same hashes as another file?
Perhaps a reverse md5 hash generator which takes a hash and generates a file.
Winged Power Photography
Remember that the MD5 hashes are the values used by popular P2P software to enable synchronized multi-source downloading of a file. If everybody "sharing" modifies files to affect MD5 hash values, then the P2P networks essentially fall apart into single source FTP-like downloading.
Great-grandparent: Just because I leave the front door open does not mean that anyone can enter and take what they want from my house. Same as my computer. The action of downloading is at question not making the article available.
Grandparent: To use your analogy, if you leave the front door of your house open (while you're away), you should expect that someone will come in, and if you're lucky, take something.
Parent: There are few people I know that lock up every door and window before they leave the house (I live in a small town). I've been to rural areas where people leave their keys in their cars. In both cases, there is no expectation of B&E or theft.
What the Grandparent is saying is that the original post used the wrong analogy in saying that 'just because his door is open doesn't mean people can come in and take what they like.' The reply to that was (in very simple terms) that by using Kazaa, the proper analogy would be to say 'I'm leaving my front door open while I leave town. Anyone who wants to come in and take stuff is welcome' (we'll ignore the fact that in Kazaa world, files are not taken, but copied (I hate that tired argument on semantics))
So to sum up, grandparent didn't say people who leave their door open EXPECT people to come in and take stuff, but if they're comparing it to such an activity as using Kazaa, then the analogy needs to be reworked. All caught up now? Good.
Welcome our new RIAA Overlords.
...as an aside. I almost forgot. The idiot who broke into my truck left the software CD case on my neighbor's car when he broke into THAT one. Got some more sunglasses and two music CDs.
Apparently, not everyone's aware of the value of software. Or maybe they were, and afraid to get tracked with it. I dunno. Either way, the software was returned to me within a week of the theft and the claim got cancelled. The cops found me by finding a backup of my resume on one of the CDs.
Any sufficiently well-organized Government is indistinguishable from bullshit.
In this article
it states
"Compare this with SHA-1 & RIPEMD with which no such forethought is necessary (because no B can be found that hashes to the same M with these two alternative algorithms)."
I would have thought that any hash algorith would *theoretically* have collisions. Can somebody smarter than me explain this.
Thanks.
please, dear moderators.
It's the funniest thing that I've read here all week!
...speaking of MD5 hashes and MP3 files, have any of you heard of a tool that matches "fingerprints" of sound files without ID3 tags and downloads these from the Internet and tag the ID3-less files?
I mean I once read about something like that here on Slashdot.
It should be doable: The latest Linux Magazine had an article by Randall Schwarz, describing how to break down large images into small 16x16 normalized version, and how these could be used to determine which images on his hard drive were identical or near-identical.
The RIAA is trying to confuse the issue in many ways. Part of it is that they're treating CD's and music as 2 different things.
.25 cent piece of plastic.
When you buy the CD you're not buying rights to the music at all. Fair use for them covers little more than the right to play your own CD, just not in a really big crowd. If the media is destroyed, you no longer have any rights to the content, because the content isn't what you paid for.
In this sense, whatever happens to your CD's your rights are gone. If you can't play them for any reason, that's your tough luck.
The thing is, you're not really buying a physical thing. What you're buying is content. Not to say that you have unlimited rights to it, but it is clear that you DO have rights to the content, otherwise there would be no possible justification for charging 18.00 for a
That being the case, it is crystal clear that you have a right to backups, seeing as you paid for the content. But what is unique about your CD? Nothing. Someday they may try and watermark every single CD, but not today. So what distinguishes your backup from someone elses? A few random numbers of a hash algorythim? Doesn't seem like enough to deny you your right to the content that you've paid for.
Just my opinion.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
This must eat quite a few CPU cycles. Any idea what kind of machines/software the RIAA is using to perform these operations?
TallGreen CMS hosting
If you don't like the RIAA's jackboot tactics, there is a simple solution. Don't become a consumer of their products. Buy independent music.
Analog only. Fair use doesn't cover digital as far as I can tell.
Notice that it wasn't called the Analog Audio Home Recording Act. You can also look at the huge battle that they had over DAT's and the Serial Copying functionality that they put in it. (You were allowed to only make copies from the original.) That would suggest that the act covered digital as well.
The NET Act is a complete travesty. First, it incorrectly tries to shove the word THEFT back into the debate. Second, it completely redefines the criminal laws. (The fact that the NET Act was lobbied for also would go towards showing that the AHRA covers digital since they needed this additional law and language.)
There's no real length for excerpting things. This is why Fair Use is an affirmative defense that is interpreted by the courts. It may be necessary to excerpt almost all of a song as part of a critical review of it while you may only need to point to the quick lick that a rapper lifted for another review.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
ExactAudioCopy is ripping software that will allow you to make exactly the same rips using differents computers with different CD-ROM drives.
If two people start with the same source, it is entirely possible they will encode with the same options and produce the exact same file.
Available online here.
I share files. I share a lot of files. Video and audio; no porn or anything gross, but if you want an episode of the simpsons or south park, I'm yer guy. I share music too, and a good bit of it I own on CD.
Here's the thing. I never rip anything. I've got a nice fast cable connection, and it's not worth it to me to go dig through my car looking for something when I can just grab it online. So everything that I share is content provided by some hypothetical individual way up the chain.
So who is to blame for this? Say I grab a file from some guy running on 56k, then I distribute that to 3 million people. According to the RIAA I would be liable for 3 million downloads, which is fair, but so would the orginal guy, which is clearly not, even though he was the original violator, and the only person in the situation who definitely owned the media. The reality of the situation would be different still; I'd probably upload it to a couple dozen people (my upload pipe is pretty skinny), and they'd all upload it to 12 people, etc. And ALL of us would be liable for the 3 million downloads, which is completely absurd.
Part of the problem is, there isn't any real way to tell, aside from having my ISP provide an exact record of the stuff that came and went from my computer, which I know for a FACT they're not doing (since I work for them). So there is no way to know how many times the file has been shared. I sure as hell don't know.
Since it is impossible to determine how many times the file was shared, it is impossible to know what the damages ought to be. The RIAA is going off on this hypothetical crap, "Millions of times! Billions of dollars!" but there is no way they're going to be able to hold that up in court, especially not with so many defendants. If nothing else, their inability to prove damages is going to hurt their case. I can see a jury levying a multi-million dollar judgement on a huge corporation for the benefit of some everyday joe, but I really can't see them doing the reverse.
Just my opinion.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Should be "DEGG" in the first group. He hits that G twice.
-T
umm.. didn't anyone tell these guys that "The Napster network" is dead?
What's the point in tracking mp3 files from a "network" that dosen't exist anymore?
Maybe I'm missing something, but that just seems pointless to me!
A suggestion - there exist steganography tools that will embed jpeg images into audio files, usually by tweaking the lower order bit of some of the 16-bit samples in the wave file. If you embedded a jpeg of something appropriate (a big poster that read "Fsck the RIAA" somehow seems right) then it would totally confuse any fingerprinting of a wave file.
Note that the RIAA's fingerprint generation may not operate on the whole CD track but rather on certain parts of it, so you would really want something that would affect most of the song. A well-designed stegano picture-camouflager would probably not affect the sound quality of the final result even to most golden audiofile ears. I believe something similar could be used for MP3 files.
RIAA Adopts High-Tech Gumshoe Tactics
Sending the MP3 files to someone they knew already had the CD, was ruled to be copyright infringement.
When done for a for-profit purpose. I don't think a court would rule the same way if it was the downloader on trial. That would seem to fall under fair use.
Remember that thing a few months ago about a fake Madonna clip? A P2P system can have a known-bad list that can prevent something from even showing up in the offerings/search. Known-good MD5's would help finding the real thing, ignoring low-quality encodings, partial-file encodings, etc. See caezarschallenge.org results from DEFCON 9.
If you accepted insurance money for the CDs, then, while the license to listen to the music still exists, you have transferred it to the insurance company who paid you.
If you total a car, the insurance company will give you X dollars and TAKE AWAY YOUR CAR.
When you buy insurance, you are buying a guarantee that, in the event of loss/damage, that the insurance company will buy your stuff at a "fair" price.
1000 songs and 1 movie, that is about 90 CDs and 1 DVD, she easily could have bought all of these, if she has all of them in her collection she not only has a stronger case, but she was obviously a good customer. Are there any open-record labels or bands that distribute music via MP3 and encourage that the music be shared P2P? What are your favorites?
Digital and Direct is the Future
Onward to the Aether Sphere!
Right, this is a poor analogy because you need the physical car to receive any benefit from it.
A much better analogy would be a highly ornate copy of your university degree in an expensive frame. Cost you $250, if it burns up, insurance company gives you $250 and gets to keep your burnt up frame and degree, but YOU still have right to use the benefit of what the degree you EARNED bestowed upon you, your title. The insurance company may have "bought your stuff at a fair price", but they didn't buy the rights and privileges bestowed upon you by your original purchase of your education.
Your argument suggests that if the degree burns up, you're no longer an Enginering M.S. and you have to go to school again because the insurance company reimbursed you for the physical object. Not the way it works.....
Regarding the comment about identical hashes from identical rips in the original post...
The assumption made by aSiTiC is that they are tracking arbitrary files ripped and tagged by an unknown individual. Given this context, it does seem like it would be hard to tell a legitimately ripped MP3 versus one "obtained" via file swapping.
However, it would be a far easier task to track MP3 files which have been purposely "altered" to produce a distinctive hash that is different from the hash produced with an MP3 ripped from the original CD.
Done this way, it becomes far easier for the RIAA to prove that the MP3s you have were obtained improperly, since they are different from proper rips and, further, are identical to "known" illegal copies.
Anyway, for what it's worth, this is my guess as to what the RIAA is actually tracking.
So, I just tested this out. Since ogg uses variable bit rates: ./noartist/unknown_disc/23-track_23.wav -o 23.1.ogg ../noartist/unknown_disc/23-track_23.wav -o 23.1.ogg ../noartist/unknown_disc/23-track_23.wav -o 23.2.ogg ../noartist/unknown_disc/23-track_23.wav 23.1.mp3 ../noartist/unknown_disc/23-track_23.wav 23.2.mp3 ./* ./23.1.mp3 ./23.1.ogg ./23.2.mp3 ./23.2.ogg
oggenc
oggenc
oggenc
lame
lame
md5sum
811d4be6827f70fb0ce810e742eaa50c
5481dfa57a190bb559aa99a0cc578984
811d4be6827f70fb0ce810e742eaa50c
5c4f2df9ef3fcb88d964101b09450f61
Yeah, I download my mp3's from the fasttrack network. And yeah, my hashes probably match many of those on other people's systems. But you know what? I own the cd's for them anyways.
You know why I didn't just encode them myself?
Because its *FASTER*. I can download the mp3 in literally seconds as opposed to the minutes it takes to encode them. Does the RIAA really think they can make a legal distinction between encoding songs off of cd's I own, and downloading songs off the internet that are from cd's that I own?
If that's not fair use, I'll eat my hat. . . My tasty, delicious hat. . .
I will be happy to provide you with the md5 of all the mp3 files that I posess (legally, duh). You can post files with identical checksums, then.
Then again, how the heck are you gonna make them have identical md5>:? Do you have access to that linux supercomputer from yesterdays article?
I always used to get in arguments with people over this:
I had 250 CDs stolen 2 years ago at a hotel.
According to Washington State laws, the hotels are not responsible in a case like this.
My insurance wouldn't cover it.
So what do I do?
I *paid* for the content... should I be able to download the albums I was missing?
I'm sure the RIAA would say no, but that's bull. The problem is they don't want ANYONE downloading, regardless of their reasonsing, and that's part of the problem.
"PC Load Letter? What the $@#% does that mean?!"
Since any change to the file will change its MD5 sum, you can play with the ID3 tags, or add "a moment of silence" at the end of the track, neither of which would further degrade the content.
If they are using an automated process based on checksums to find stolen songs (as opposed to actually listening to the songs), then it should be possible to completely shutdown their ability to find matches by sprinkling a few random bit changes throughout the files.
If every user did this on every download, all files would be different and the automated methods of investigation would be ruined. Interestingly, digital audio (and video) can suffer a great deal corruption and not suffer and perceivable difference...
Actually, due to the birthday paradox, the odds of finding two files with the same 128-bit MD5 hash increase to 50% at somewhere closer to 2^64 files examined. Or at least, so argues Bruce Schneier in Practical Cryptography. And the argument seems to have some good sound mathematical basis.
Of course, 2^64 is still pretty darn big. In the general case where there isn't a potential common source for the two files, certainly still big enough to prove the link between the two files beyond a reasonable doubt.
But I'm still going to counter your argument in this case -- if two people buy the same CD, and each rips that CD cleanly, then the inputs to their respective MP3 encoders are identical. There are but a small number of MP3 encoders out there (what, a dozen, maybe three dozen? certainly no more than a dozen that are in common use by average people). Most people don't change their encoder options from the defaults, and most rip at 128kb. Most of those who don't rip at 128kb rip at 192kb. Encoders are deterministic. Same inputs and same settings mean same outputs. Now all that's left is the id3 tags. We've got CDDB / FreeDB homogenizing them. So I actually find it significantly likely that two people could each rip a song from their own store-bought copy of the same CD, and end up with identical MP3 files. In this case, the MD5 hash match means nothing -- sure it proves that the files are identical, but with such a high probability of arriving at legitimately identical files independently, it does nothing to prove that one file was copied from the other.
-----Chaz
RIAA_MD5_CONFUZZLE
I find it shocking that we naturaly assume that cd to HD copy involves *ripping*. Somewhere around here I have an old toshiba 2x drive which doesn't offer that new fangled protected track protection. It will copy tracks as files without *ripping* without bit errors.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Why not just change a few bits in the file after it's downloaded? Use an open-source P2P client and have it modify the file after it's been downloaded. Much like Kazaa lets you change a file's description yet it still associates that file with the other otherwise identical files on the network, change a custom field in the file description which alters the MD5 sum. I'm sure it would be trackable, but if everyone did it for themselves in a non-standard way, the RIAA would have a hard time keeping up with all the methods people make for altering MD5 sums.
obligatory text
Why not just set one obscure key of the ID3 tag ('comment', 'year', 'genre', et cetera) filled with a random string? If people learn to leave good random data in the comment feild, all (~) md5 hashes would be unique. I just wrote a shell script to crawl /media and randomize my ID3 data; I'll publish it if you'd like.
The RIAA *can* blank the ID3 data before comparing files, but that's a lot more hassle for them, and no loss whatsoever on our end. Or someone could just write a utility that adds 0.000002 seconds of whitespace at the beginning or end of a song. (With my 6.1 Bose setup, I resent the thought of my MP3s becoming glitchy; At present, they sound like CDs)
You aren't the one producing the music.
What if the artist wants the RIAA lifestyle? What if the artist wants big money to produce a music video and use high-end studio equipment?
If that's what the artist wants, I say go ahead. I have not, do not, and will not purchase their music of course, and while I do not infringe copyrights, I will encourage others to share these artists' music at will, but by all means, if what you want is to have an album put out by an RIAA member studio, it certainly seems that it is within your rights to do so.
I suspect that most artists, as much as they may whine about the RIAA and member studios, will not give up the lifestyle afforded them by being on a big label, even after or when their contracts allow them to.
.sig Realistic fines for copyright in
Perhaps if the insurance company had reimbursed you for the entire cost of your education, your argument would apply.
However, the CD is a tangible object and does not grant you any such rights as infinite copies forever, no matter how much you'd like to read into the fair use doctrine. If you can replace it so easily for free, you should not have been paid dime one by the insurance company since by your argument, the physical CD has no value. I will allow they could give you a blank CDR.
...circumvent this by burning all of your mp3's to audio CD's then ripping them back? I know it would be time consuming, but it would make it look like you ripped them all, no?
I belong to the ______ generation.
I was actually surprised my insurance company paid for CDs lost in my house fire. Thankfully, mine were undamaged downstairs and all that were damaged were my daughter's NSync, etc.
Insurance paid for audio CDs and software minus depreciation (full value for what I actually replaced - not the NSync!)
it seems to me that with the RIAA downloading all of a user's files to inspect them they are risking copyright infringment themsleves. If you so happen to have a song on your computer that they do not possess the copyrights for you could counter sue the RIAA for illegal downloading. my question is how is it a crime to allow people to download? the riaa only knows that they downloaded the song from you, not that anyone else has done so. leading to the conclusion that there would only have been a crime committed if they didnt have the copyright of what they downloaded. if the riaa had record of you downloading a song from someone else then they could investigate you, otherwise it seems they have no record or proof or true suspicion of a crime. an analogy of their current investigation model is peering in windows of peoples homes and getting warrants to investigate the houses of people who own many extravagant items for thievery.
Not supporting child porn in anyway but...
Some laws are actually outdated... The selling and consumption of liquor for example was outlawed at one point in american history.
It was considered to be an idea that no one liked nor something that could be enforced.
Technically I would say that trading mp3s is less damaging to society and less lethal (take drunk driving and public disorder for example) than such digital activities.
....so the RIAA is downloading unlicensed files from P2P networks, right? THAT ILLEGAL! Arrest them!!!!
Every day I hear another new quip about the RIAA it reminds me of the author of Tetris... Which invention sold millions but all the profits went to the state. Russia and China... Mother bed to all that is piracy.
Then again... Perhaps there should be gulags for corporate lawyers with demonstrators in the street holding pictures of matyred students arrested for sharing software.
But seriously... I think there needs to be a revolution... CEO's should be shacked with limitations of $300,000 a year and no stock options. MTV productions should be exiled or sent to Alaska to work hard labor.
And the goverment should spend all it's resources to a 5 year plan of bringing fiber optic cables to each residential place in america. Outlaw outsourcing to other nations in technlogy field. Outlaw copyrights and patents all together, unless you make under $50,000 a year.
Sure that would bother allot of people, but current situation is no longer acceptable.
Or all the technocrats should pool a fund and purchase a nation and we could move to it thumbing noses to the great imperialist RIAA.
Of course I think it would be Animal Farm all over again...
I remember a case where a man and woman in a car were charged with a crime on the basis of the color of the clothes they were wearing and the color of the car. The eyewitness couldnot ID them personally, so the prosecution got a statistician to say that the chance of the another man and woman in a car fitting that exact description was so low that it was extremely likely (something like 99+%) that it must be them. But the judge struck this argument. Surely the RIAA counting on MD5 hashes is a variant of the same argument. Even if you want to argue its 99.99999...% likely, it comes down to the random number generator and we all know those are far from random
The idea that AOLTW customers are not receiving RIAA subpoenas is a myth. Look around EFF's site for the area where they've scanned PDF copies of all subpoenas... The one issued for "Munkeyspanker21@KaZaA" was sent to RoadRunner, which is operated by AOLTW.
How long is it until someone makes a quick patch to LAME (or other popular open-source MP3 encoder) to slightly randomize the VBR bitrate decisions?
In a typical VBR song, the bitrate changes so fast that changing the bitrate of a few blocks would be unnoticeable. It would have practically no effect on the sound quality. Oftentimes, a block will be right on the edge, say between 112 and 128 kbps, and the encoder will have to make a decision on which one to use. Currently, the encoder just follows the same strategy each time, rounding off to the nearest bitrate. A patch could make it random, instead of deterministic. Nobody would know the difference, and then each and every MP3 generated by the encoder would have a completely different MD5 hash, even when using the same source material!
Come to think of it, this technique could also be used for tracking of purchased MP3 music. Every time a customer downloads a purchased track from an online music store (like iTunes), the MP3 could be generated on the fly, and slight variations could be introduced in the VBR bitrates. This could be used to embed a "serial number" into each MP3 track. Then, when the track shows up on Kazaa or whatever, it could instantly be traced and the person who leaked it would be known! That would strongly discourage people from leaking purchased music.
I'd be very surprised if this isn't already being done... surely I can't be the first person who has thought of this....
Dr. Demento On The 'Net!
I have ripped about 200 albums from my collection of CD's. The tracks are all at 320kps, which, although it takes a huge amount of space to store, means they are unlikely to be confused with the 64kps crap that tends to prevail for file-sharing. Also, ripping, instead of directly copying, allows a person to have the contents of more than one album on a single CD. The main reason I chose to rip my albums, however, is that if my in-car music is stolen or damaged, I've lost approximately fifteen cents per disk.
Goddamned kids! Get off my lawn!
Should that read: "Now may be the time to stop cheating people and start paying for your music!"
I dunno... I have mixed feelings on the whole record industry thing. While I try to respect people's copyrights and don't use filesharing software, I don't like a lot of the record industry's practices, and so I don't have a whole lot of sympathy for them when they complain about people stealing music - especially when said people wind up purchasing that music if they like it.
That said, $19 is an outrageous price for a CD (that's generally what I saw at the Virgin Megastore the other day), and when I buy a CD, I want to be able to rip it onto my computer for easy access, or make Mix CD's or whatever. Copy protection is unfair, and at any rate looks like it's easily broken.
The solution to this isn't to steal the music; it's to start supporting the little guys who don't gouge you like the big labels do. After downloading a bunch of free songs by the Jazz-Electronica group Subthunk, I had good reason to buy their $11 CD from their website. MP3.com has some good, free music and cheap CD's if you're willing to do some looking, not to mention Ampcast and a bunch of other, similar download sites and independent labels.
I don't support posting copyrighted material on the Internet, but I do think that the RIAA should loosen up. The best way to get them to do that is to help the little guys give them a run for their money. It's been said before, but I'll say it again - vote with your wallet!
I produce electronic music and write little games. Have a look.
Please doon't laugh, but I thought a part of copy _right_ was the right
of the consumer to make a copy of the work obstensibly for archivie purposes -- like playing the copy and saving the original as a master to make more
copies of CD or works thare are destroyed or lost. Perhaps (and easily),
I'm incorrect, but wouldn't copy prevention violate my right to make a
usable copy "? I don't know, but I don't think it is required that the
format of the backup be of the same format as the original (i.e. - copying
from a CD to tape or disk should also be permitted.
The best piece of contextual bullshit I saw recently was on some artwork, The Blue Fairy that claimed
to be copy protected. Of course it scanned in just fine into my computert
and makes for a nice computer background --- which was the primary reason
I bould it, though you couldn't read their shrink wrap license until
you opened the padciage. Specifically they said you couldn't use it as
a private screen background or in a craft project (i.e. -- cut the picture
into pieces and make a collage). Near as I can tell, they have no legal
backing for their 'fluff' and to my knowledge copy protected isn't a
legal term and I'm not sure the pidture is actually copyrighted -- maybe
just copy protected!
---shrink wrap pictures that you can read until you open the picture.
Next thing, you'llh ave a shrink wrap on a book that says you are not allowed
to store the contects in your memory or related a synopsis of a book to
another person or to write a book reifview;. Can you say joke? It will
only get worse when people have electronic eyes that transmit images to
memory stored in their brain (cybog tech). What if the person is
genetically enhanced with a photographic memory? Will they be barred
from museams and such?
Its like all the bogus patent on technology that has been developed independantly by more than one person at the same time, implemented, then one of the implmentors shows that they had filed the first patent -- The purpose
of the patent was to reward inventors for bringing something useful to
society -- but if it was so obvious that 400 or 1000 people did it at
the same time, can it, or should it be patentable?
Baloney is getting deeper all the time
-l
If you are comparing blatant theft to the American Revolution, you have no idea how to draw parallels, or even how to reason logically.
evil adrian