Slashdot Mirror
RIAA Tracking Songs by MD5 Hashes
aSiTiC writes "Apparently RIAA has obtained some technical experts in their prosecution of file swappers. Currently they are tracking traded mp3 files from the Napster network by matching MD5 hashes. This seems quite interesting but I was under the assumption that identical hashes could be created with identical rips and id3v2 tagging. Now may be the time to update your illegal mp3 file MD5 hash sums."
Now may be the time to update your illegal mp3 file MD5 hash sums.
Should that read: "Now may be the time to stop cheating people and start paying for your music!"
---
Any man who can drive safely while kissing a pretty girl is simply not giving the kiss the attention it deserves. -- AE
Gee ... I would have thought that most people had moved on from Napster to BitTorrent, KAZAA or eDonkey/Overnet
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
I think that it's time for a new WinAMP Plug-in that changes the Hash number to a random value every time it's played.
Now may be the time to update your illegal mp3 file MD5 hash sums.
I sincerely hope this is tongue-in-cheek. For all the self-righteous, pompous sabre-rattling that goes on in here about how good Slashdotters only possess MP3's that are ripped from personal collections, I would certainly hope that we wouldn't stoop so low as to blatantly and openly be trading tips on how to avoid getting caught doing illegal things.
What's next? A HOWTO on setting up an encrypted file system for our child porn?
Like woodworking? Build your own picture frames.
I'm not sure what you mean, but they don't track mp3s by generations, they just look at the mp3 hash and compare it to the known hashes of files they found on the internet, so they 'know' you didn't rip the mp3 yourself.
They are really fighting a losing battle.
Exchanging music is not about piracy, it is about exchanging culture, just like when my grandfather leant me some old Jazz records and said, "here, you might like this".
Today culture moves at the speed of light and the RIAA believes it has the right to tax this movement. It cannot succeed except by destroying the Internet.
I'm starting to believe, watching this debate evolve over many years, that the file traders are right, for the wrong reasons.
Human culture depends on exchange of ideas and information, and music and films are a large part of this in today's world. No album, no movie scene, no written text is a personal creation, they are all taken from the pool of common culture, modified, and redistributed.
Seeking all means to do this faster than ever - and ignoring the barriers, such as "ownership", that stand in the way - is the prerrogative of today's world. We simply can't put the genie back into the bottle and start exchanging pieces of paper and vinyl discs again.
The debate is huge, but the results already seem clear: any laws designed to stop the process from continuing will be further and further ignored until they are seen by a majority of people to be useless vestiges of a material-obsessed past.
Ceci n'est pas une signature
In all seriousness, just the other day I wanted to rip an old CD of mine, but could not due to media damage. So, I went the net and got myself an mp3 of the track.
Is that illegal? Am I a fellon?
-- A.C.
The article does not mention MD5 anywhere. So one can not assume this is the technology they are using in their proof. As the technical information in this article has more than likely gone through several iterations of "dumbing down" we can not say what technology is being used. It is quite feasible that they are comparing segments of the encoded information with files that where groked from Napster (pre 2001). Additionally as very few people change all the information contained within the ID3 tags ("meta information" from the article?) it maybe enough to show how unlikely they are to match unless the file is from the same source. For example if I insert the string "whateverbarcodezwashere" into some obscure tag with the ID3 tag of an MP3 and it arrears in an MP3 file on someone elses computer it is likely that they orginated from the same source. For the record it is conjectured that it is astronomically unlikely that two randomly choosen different byte sequences will produce the same MD5 hash.
----
Yes.
Just like if I decide to borrow your car to drive home because I'm too lazy to walk to the other side of the carpark.
In other words, every lazy user that downloads lame with a frontend or some other encoder without modifying default settings and that leaves the ID3 tag alone (most use CDDB/Gracenote or freeDB to generate an ID3 tag, resulting in identical tags) will end up with the same MD5 hash when compared to someone else who did the same thing with the same CD. The only ways you're going to get a different MD5 checksum from an MP3 file is by: A) using a different encoder B) using a different version of an encoder C) modifying the ID3 tag D) deleting the ID3 tag E) changing the file name F) modifying the file in an audio editing program Don't forget that the RIAA is probably also using CRC checksums to identify specific albums, as many encoders also support inserting CRCs into MP3s by default (and these will be identical for rips coming from the same album regardless of bitrate)
Just change the ID3 tag on all the files and that will break any existing MD5 checksums. Even addiing a capital will do it
Rus
Cheap UK and US VPS
And what, pray tell, did she steal?
you'd have to show that your rip was in fact perfect
No no no, THEY would have to prove it
From the article:
Copyright lawyers said it remains unresolved whether consumers can legally download copies of songs on a CD they purchased rather than making digital copies themselves.
So it's still up in the air. But here's where I get confused:
For example, the industry disclosed its use of a library of digital fingerprints, called "hashes," that it said can uniquely identify MP3 music files that had been traded on the Napster service as far back as May 2000.
By comparing the fingerprints of music files on a person's computer against its library, the RIAA believes it can determine in some cases whether someone recorded a song from a legally purchased CD or downloaded it from someone else over the Internet.
Okay, how? Only way I can see is if they have a HUGE-ASS library of mp3s downloaded from Napster that they can check every file against. Seems unlikely that "nycfashiongirl's" copy of "Beat It" would match exactly with one in the RIAA's library.
The recording industry also disclosed that it is examining so-called "metadata" tags, hidden snippets of information embedded within many MP3 music files. In this case, lawyers wrote, they found evidence that others -- including one user who called himself "Atomic Playboy" -- had recorded the music files and that some songs had been downloaded from known pirate Web sites.
Now it's making more sense. I don't think they're using hashes at all. I think they're checking the ID3 tags for stuff like "ripped by 4t0m1c P14b0y - www.atomicplayboy.com."
So really it should read something like "Using a surprisingly astute technical procedure, the RIAA examined song files with an advanced file analysis application, iTunes, and found evidence of references to Atomic Playboy." The article of course, doesn't mention whether it was possible for them to plant the evidence, which it would've been if they were simply allowed to possess her hard drive and weren't required to make any backup copies for the judge.
Of course, if, in her defense, she counters with "well yeah, not all of them were ripped from the physical CDs, lots of times I'd want to listen to one of my CDs, and I couldn't find it, so I'd just download it -- but here is my CD collection for evidence, your honor," then there's going to be an interesting precedent set -- is it okay to download songs that you already own on CD?
Also, she's in court not so much for downloading, but for uploading, which is much more of a crime (have they even sued anyone for just downloading yet?), and it really doesn't matter where she got the songs, just that she was sharing them.
c-hack.com |
Imagine two people using same ripper with default settings, and getting tags and stuff from same online database.
Above is not very far fetched, now is it? And result should be identical files.
It would still be possible for her to have music with an md5 hash the same as a file on the Napster network. If they were ripped with the same encoder/bitrate/id3 tag as the Napster version, it's possible for md5 to be the same.
It is also possible that, as someone else suggested, the magical mp3 fairy left those files behind on her hard drive. In fact, I would propose that the mp3 fairy theory is even more likely.
The only way that the MD5 hashes could be identical is if the two files are absolutely identical in every single bit.
It is not possible (okay, unlikely, but unlikely enough for me to say not possible) to have two different files with the same MD5 hash. And definitely not likely by accident.
If even one single bit of the file is changed, then approximately 50 % of the bits of the MD5 hash will change. What cryptographers call "good diffusion properties". Good enough to trust for digital signatures, secrets, etc. You sign the MD5 hash of a document, because nobody else will have a document with the same hash.
To preempt one of the inevitible replies let me state: yes I know that you could have two different files, in theory that have the same MD5 hash. After all the files are much larger than the MD5 hash of 128 bits. Multiple files hash to the same value.
But the whole point of the design of MD5 is such that you can never create or discover any two such different files that hash to the same value.
If you were to examine 2^127 different files, then you would have a 50% chance of one of them giving you the desired MD5 hash. Do you know how large 2^127 is?
I would say that there is better than a 2^127 chance that the mp3's were left behind by the magical mp3 fairy.
The price of freedom is eternal litigation.
Also, if we did use a non-used ID3v2 tag field, then the RIAA would just go ahead and ignore that field in their hashing technique, since it's located in a specific part of the file
The problem with letting the whole world know about a technique like that, is that the RIAA is part of that world.
Besides, this whole MD5 checking & database the RIAA may be assembling doesn't really amount to much. It's just an added extra. They can still (and will) go after people who are distributing files. MD5 doesn't matter here.
Why are there only 19 people folding@home for slashdot?
There is an interesting pattern here:
- Some one comments that the IP laws have not kept up with technolgical and social change, and that they are now impeding the cultural goals they origonally served. They may have made sense when we were limited to exchaging physical objects, but they don't make sense now.
And the responses are allong the lines of:The respondents are completely missing the point. To see this, imagine what the discussion might have looked like if it had happened way back when:
- The rule about not eating X hasn't kept up with the times. It made sense when we didn't know about the parasites, but now that we know how to clean and cook them it doesn't makes sense.
I suspect the responses would have been along the lines of:Every time I see this played out, my response is, "Gee, IP law really is dying, isn't it?", with the same sort of awe I had watching little bits of sand wash downstream at the bottom of the grand canyon.
-- MarkusQ
Nonsense.
To use your analogy, if you leave the front door of your house open (while you're away), you should expect that someone will come in, and if you're lucky, take something.
Your situation gets significantly worse if you have, say, a handgun under your pillow, and some random neighborhood kid comes in, finds it, and shoots himself (or someone else).
The issue here is that you've knowingly left your front door open, making you at least partially liable for the harm that occurs as a result (indirect or otherwise). Same thing if you leave the keys in your car and someone takes it and mows down a bunch of pedestrians with it. In either case, you cannot claim innocence simply because you didn't do the deed. You've made a substantial contribution in the commission of a crime, and you would be expected to pay for that crime.
Where the value of X-Mailer: is the true measure of a man...
they're only likely to match if they're from the same place. hence illegal copies.
"if i'd known it was harmless, i'd have killed it myself"
The same story is posted on CNN.com. Accompanying this article is one by Marci A. Hamilton, a chairman at Benjamin N. Cardozo School of Law, Yeshiva University. She states that going after students who illegally download media is not only OK, but is RIGHT. I wouldn't have a problem with this were it not for the reasons she supports it with. She says that a world without copyright laws would cater only to the rich and the government. When was the last time you heard of a government worker writing a song on the top 10 list? When was the last time a millionaire, (not a musician) created a song that made it to the hall of fame? My point is, without free music/media, many of the people who come up with the latest and greatest entertainment would never see any of the media that's out there. Marci claims to be looking out for the poor country music singers in her article. If they're as poor as she says, how are they ever going to be able to afford a CD at $15 a piece???
s .hamilton.music/index.html
Musicians and music labels alike need to come to grips with the fact that their moneymaker, (CD sales) will need to take a back seat to actual performances by the artist. We need to take it back to the old days when music artists actually sang and performed and didn't just sit in a dark room behind some curtain tooling away on their synthesizer.
http://www.cnn.com/2003/LAW/08/07/findlaw.analysi
Lets say that you buy a book.
You then make a photocopy of the entire book.
You take that photocopy around with you to read leaving the original at home.
Now lets say that someone breaks into your house while you are home and steals your photocopy leaving you your original (it was locked up in a safe for example).
The crime in this instance is two-fold. Breaking and entering, and copyright infringement. Who is responsible for the copyright infringement? You are.
Now lets remove the breaking and entering....
You put a table out in your front yard by the sidewalk with a box of paper that happens to be photocopies of books with a sign that says "Free to a good home".
Now the crime is just copyright infringement.
If the author of the book had given you permission to copy their work, then there is no infringement.
Joe H.
42 - So long and thanks for all the fish.
You do pay for songs on the radio.
You listen to the radio. The radio station plays songs and advertisements. Advertisers pay money to the radio station for that. The radio station pays money to the RIAA/Labels according to how big their listener base is.
You've just paid for the song. Unless you turn your radio off every time a commercial comes on, at which point you're a "pirate", listening to something you didn't pay for.
You pay with taking a few seconds off the length of your life as you listen to (or probably as likely - ignore) the advert they're playing.
... "I read part of it all the way through." -- Movie Mogul Sam Goldwyn (and some slashdot readers)
I thought I remembered seeing something about how you have to have a certain $$ amount before getting a felony. $2000? ANyway, they then said each song was worth about $200. I think it was something like $20 per song, times 10 people. 10 people being the gestimate of people you magically distributed it to, because obviously more than one person can download a song from you. Anyway, 10 songs and you're a felon.
Anyway, these numbers don't add up. The RIAA likes to paint a screen of terror by saying that your one song you shared, can then be shared exponentially after that. Sure, it's true. You share it to 2 people. They share it to 2. By the end of the day, 1,000,000 people have it. But why would you be responsible for the 2nd thru 20th level of distribution? You only gave it to 2 people. And if it's "worth" $1 on iTunes, why isn't the damage $1 per song per download?
It's this magic number system the RIAA counts by that causes them to sue 4 students for 47 billion dollars. It would have taken the RIAA 5 years of GROSS profits to hit 47 billion dollars. How can a search engine running for a couple months on a campus amount to 5 years of GROSS profits?? It doesn't...make...sense.. you must acquit.
Why are there only 19 people folding@home for slashdot?
The MD5 thing isn't for tracking the same song ripped by different people. The thread on this, so far, has left me scratching my head as to why folks feel the need to restate that encoding an mp3 with different settings/software will result in a different md5. Right, this is slashdot and we all know this already.
The reason for md5 matching is so they can nail someone as the 'origin' of the ripped song, then hold them liable for all the copies of a matching md5 on P2P networks. It would be more a demonstration of "look how much damage one copy did to us!".
Just out of curiosity...Did you have insurance? Did they write you a check for the CDs you lost in the fire? I doubt it, but if it had happened, would still feel you had already "paid for" the CDs, and simply thumb your nose at the RIAA and Big Insurance and download the files, as you'd already "paid for" them?
I promise, I'm not begging to be flamebait. I'm really curious.
Where does the line get drawn between physical property and intellectual property, and what rights do you have if you HAD purchased it, but it's gone now? I mean, I can't go to the lot and get another car because mine is destroyed in a fire. Of course, I could go take a picture of it...but I could do that anyway.
I'm curious.
Any sufficiently well-organized Government is indistinguishable from bullshit.
Fair Use is about the right to quote portions of one work within another, as a means of making commentary, criticism, or parody. See Standford's explanation or Title 17, Chapter 1, Section 107 of the Copyright law.
You might argue that it's 'reasonable' to download an MP3 file that corresponds to a track from a CD that you own, but it's simply not 'Fair Use'.
Here's what I do: Bitty Browser & Andromeda
What are you on?
There are few people I know that lock up every door and window before they leave the house (I live in a small town). I've been to rural areas where people leave their keys in their cars. In both cases, there is no expectation of B&E or theft.
If a kid enters my house, finds a gun (that's even hidden in your example), and shoots themselves I am not liable. If someone steals my car I am not liable. Negligence is leaving a loaded gun on the front lawn. You cannot be negligent just because you didn't lock down everything you own with multiple locks, razor wire, bio-hazard signs, and 6 dozen pitbulls.
It's nothing but crumpled porno and Ayn Rand.
If you accepted insurance money for the CDs, then, while the license to listen to the music still exists, you have transferred it to the insurance company who paid you.
If you total a car, the insurance company will give you X dollars and TAKE AWAY YOUR CAR.
When you buy insurance, you are buying a guarantee that, in the event of loss/damage, that the insurance company will buy your stuff at a "fair" price.