Slashdot Mirror
RIAA Tracking Songs by MD5 Hashes
aSiTiC writes "Apparently RIAA has obtained some technical experts in their prosecution of file swappers. Currently they are tracking traded mp3 files from the Napster network by matching MD5 hashes. This seems quite interesting but I was under the assumption that identical hashes could be created with identical rips and id3v2 tagging. Now may be the time to update your illegal mp3 file MD5 hash sums."
Now may be the time to update your illegal mp3 file MD5 hash sums.
I sincerely hope this is tongue-in-cheek. For all the self-righteous, pompous sabre-rattling that goes on in here about how good Slashdotters only possess MP3's that are ripped from personal collections, I would certainly hope that we wouldn't stoop so low as to blatantly and openly be trading tips on how to avoid getting caught doing illegal things.
What's next? A HOWTO on setting up an encrypted file system for our child porn?
Like woodworking? Build your own picture frames.
I'm not sure what you mean, but they don't track mp3s by generations, they just look at the mp3 hash and compare it to the known hashes of files they found on the internet, so they 'know' you didn't rip the mp3 yourself.
They are really fighting a losing battle.
Exchanging music is not about piracy, it is about exchanging culture, just like when my grandfather leant me some old Jazz records and said, "here, you might like this".
Today culture moves at the speed of light and the RIAA believes it has the right to tax this movement. It cannot succeed except by destroying the Internet.
I'm starting to believe, watching this debate evolve over many years, that the file traders are right, for the wrong reasons.
Human culture depends on exchange of ideas and information, and music and films are a large part of this in today's world. No album, no movie scene, no written text is a personal creation, they are all taken from the pool of common culture, modified, and redistributed.
Seeking all means to do this faster than ever - and ignoring the barriers, such as "ownership", that stand in the way - is the prerrogative of today's world. We simply can't put the genie back into the bottle and start exchanging pieces of paper and vinyl discs again.
The debate is huge, but the results already seem clear: any laws designed to stop the process from continuing will be further and further ignored until they are seen by a majority of people to be useless vestiges of a material-obsessed past.
Ceci n'est pas une signature
The article does not mention MD5 anywhere. So one can not assume this is the technology they are using in their proof. As the technical information in this article has more than likely gone through several iterations of "dumbing down" we can not say what technology is being used. It is quite feasible that they are comparing segments of the encoded information with files that where groked from Napster (pre 2001). Additionally as very few people change all the information contained within the ID3 tags ("meta information" from the article?) it maybe enough to show how unlikely they are to match unless the file is from the same source. For example if I insert the string "whateverbarcodezwashere" into some obscure tag with the ID3 tag of an MP3 and it arrears in an MP3 file on someone elses computer it is likely that they orginated from the same source. For the record it is conjectured that it is astronomically unlikely that two randomly choosen different byte sequences will produce the same MD5 hash.
----
In other words, every lazy user that downloads lame with a frontend or some other encoder without modifying default settings and that leaves the ID3 tag alone (most use CDDB/Gracenote or freeDB to generate an ID3 tag, resulting in identical tags) will end up with the same MD5 hash when compared to someone else who did the same thing with the same CD. The only ways you're going to get a different MD5 checksum from an MP3 file is by: A) using a different encoder B) using a different version of an encoder C) modifying the ID3 tag D) deleting the ID3 tag E) changing the file name F) modifying the file in an audio editing program Don't forget that the RIAA is probably also using CRC checksums to identify specific albums, as many encoders also support inserting CRCs into MP3s by default (and these will be identical for rips coming from the same album regardless of bitrate)
Ummm, I paid for a CD the other day but I want to listen to it on my MP3 player. The CD is copy protected. I run linux. The only way I can listen to it via mp3 is to, yup, download an 'illegal' mp3! Whoever thought that up was a fscking genius.
--
This sig is inoffensive.
It would still be possible for her to have music with an md5 hash the same as a file on the Napster network. If they were ripped with the same encoder/bitrate/id3 tag as the Napster version, it's possible for md5 to be the same.
It is also possible that, as someone else suggested, the magical mp3 fairy left those files behind on her hard drive. In fact, I would propose that the mp3 fairy theory is even more likely.
The only way that the MD5 hashes could be identical is if the two files are absolutely identical in every single bit.
It is not possible (okay, unlikely, but unlikely enough for me to say not possible) to have two different files with the same MD5 hash. And definitely not likely by accident.
If even one single bit of the file is changed, then approximately 50 % of the bits of the MD5 hash will change. What cryptographers call "good diffusion properties". Good enough to trust for digital signatures, secrets, etc. You sign the MD5 hash of a document, because nobody else will have a document with the same hash.
To preempt one of the inevitible replies let me state: yes I know that you could have two different files, in theory that have the same MD5 hash. After all the files are much larger than the MD5 hash of 128 bits. Multiple files hash to the same value.
But the whole point of the design of MD5 is such that you can never create or discover any two such different files that hash to the same value.
If you were to examine 2^127 different files, then you would have a 50% chance of one of them giving you the desired MD5 hash. Do you know how large 2^127 is?
I would say that there is better than a 2^127 chance that the mp3's were left behind by the magical mp3 fairy.
The price of freedom is eternal litigation.
Also, if we did use a non-used ID3v2 tag field, then the RIAA would just go ahead and ignore that field in their hashing technique, since it's located in a specific part of the file
The problem with letting the whole world know about a technique like that, is that the RIAA is part of that world.
Besides, this whole MD5 checking & database the RIAA may be assembling doesn't really amount to much. It's just an added extra. They can still (and will) go after people who are distributing files. MD5 doesn't matter here.
Why are there only 19 people folding@home for slashdot?
There is an interesting pattern here:
- Some one comments that the IP laws have not kept up with technolgical and social change, and that they are now impeding the cultural goals they origonally served. They may have made sense when we were limited to exchaging physical objects, but they don't make sense now.
And the responses are allong the lines of:The respondents are completely missing the point. To see this, imagine what the discussion might have looked like if it had happened way back when:
- The rule about not eating X hasn't kept up with the times. It made sense when we didn't know about the parasites, but now that we know how to clean and cook them it doesn't makes sense.
I suspect the responses would have been along the lines of:Every time I see this played out, my response is, "Gee, IP law really is dying, isn't it?", with the same sort of awe I had watching little bits of sand wash downstream at the bottom of the grand canyon.
-- MarkusQ
Nonsense.
To use your analogy, if you leave the front door of your house open (while you're away), you should expect that someone will come in, and if you're lucky, take something.
Your situation gets significantly worse if you have, say, a handgun under your pillow, and some random neighborhood kid comes in, finds it, and shoots himself (or someone else).
The issue here is that you've knowingly left your front door open, making you at least partially liable for the harm that occurs as a result (indirect or otherwise). Same thing if you leave the keys in your car and someone takes it and mows down a bunch of pedestrians with it. In either case, you cannot claim innocence simply because you didn't do the deed. You've made a substantial contribution in the commission of a crime, and you would be expected to pay for that crime.
Where the value of X-Mailer: is the true measure of a man...
The same story is posted on CNN.com. Accompanying this article is one by Marci A. Hamilton, a chairman at Benjamin N. Cardozo School of Law, Yeshiva University. She states that going after students who illegally download media is not only OK, but is RIGHT. I wouldn't have a problem with this were it not for the reasons she supports it with. She says that a world without copyright laws would cater only to the rich and the government. When was the last time you heard of a government worker writing a song on the top 10 list? When was the last time a millionaire, (not a musician) created a song that made it to the hall of fame? My point is, without free music/media, many of the people who come up with the latest and greatest entertainment would never see any of the media that's out there. Marci claims to be looking out for the poor country music singers in her article. If they're as poor as she says, how are they ever going to be able to afford a CD at $15 a piece???
s .hamilton.music/index.html
Musicians and music labels alike need to come to grips with the fact that their moneymaker, (CD sales) will need to take a back seat to actual performances by the artist. We need to take it back to the old days when music artists actually sang and performed and didn't just sit in a dark room behind some curtain tooling away on their synthesizer.
http://www.cnn.com/2003/LAW/08/07/findlaw.analysi
I thought I remembered seeing something about how you have to have a certain $$ amount before getting a felony. $2000? ANyway, they then said each song was worth about $200. I think it was something like $20 per song, times 10 people. 10 people being the gestimate of people you magically distributed it to, because obviously more than one person can download a song from you. Anyway, 10 songs and you're a felon.
Anyway, these numbers don't add up. The RIAA likes to paint a screen of terror by saying that your one song you shared, can then be shared exponentially after that. Sure, it's true. You share it to 2 people. They share it to 2. By the end of the day, 1,000,000 people have it. But why would you be responsible for the 2nd thru 20th level of distribution? You only gave it to 2 people. And if it's "worth" $1 on iTunes, why isn't the damage $1 per song per download?
It's this magic number system the RIAA counts by that causes them to sue 4 students for 47 billion dollars. It would have taken the RIAA 5 years of GROSS profits to hit 47 billion dollars. How can a search engine running for a couple months on a campus amount to 5 years of GROSS profits?? It doesn't...make...sense.. you must acquit.
Why are there only 19 people folding@home for slashdot?
The MD5 thing isn't for tracking the same song ripped by different people. The thread on this, so far, has left me scratching my head as to why folks feel the need to restate that encoding an mp3 with different settings/software will result in a different md5. Right, this is slashdot and we all know this already.
The reason for md5 matching is so they can nail someone as the 'origin' of the ripped song, then hold them liable for all the copies of a matching md5 on P2P networks. It would be more a demonstration of "look how much damage one copy did to us!".
Just out of curiosity...Did you have insurance? Did they write you a check for the CDs you lost in the fire? I doubt it, but if it had happened, would still feel you had already "paid for" the CDs, and simply thumb your nose at the RIAA and Big Insurance and download the files, as you'd already "paid for" them?
I promise, I'm not begging to be flamebait. I'm really curious.
Where does the line get drawn between physical property and intellectual property, and what rights do you have if you HAD purchased it, but it's gone now? I mean, I can't go to the lot and get another car because mine is destroyed in a fire. Of course, I could go take a picture of it...but I could do that anyway.
I'm curious.
Any sufficiently well-organized Government is indistinguishable from bullshit.
Fair Use is about the right to quote portions of one work within another, as a means of making commentary, criticism, or parody. See Standford's explanation or Title 17, Chapter 1, Section 107 of the Copyright law.
You might argue that it's 'reasonable' to download an MP3 file that corresponds to a track from a CD that you own, but it's simply not 'Fair Use'.
Here's what I do: Bitty Browser & Andromeda