Slashdot Mirror
Can P2P Filter Copyrighted Content?
scubacuda writes "DRMwatch reports that technologists acting on behalf of porn publisher Titan Media reported to Congress that P2P networks could (if they wanted to) use "fingerprinting" (aka "hashing") to detect copyrighted works and then filter them with the "spyware" installed on all nodes in the network."
Then they came for the music. And I didn't speak up because I was a leecher and never shared my songs.
Finally, they came for the porn. Nobody touches our porn. And that's when we got REALLY pissed off.
Did common sense go on holidays?
Load a fingerprinted file.
Change one bit.
It has a new fingerprint.
The eDonkey/eMule network already identify files by an MD4 hash to ensure you get what you ask for. For instance: if a file has many sources then that means they have the same hash, you can be quite sure that it isn't a bogus loop of a pr0n flick when you really wanted that latest DVD rip.
If this goes through you'll see a new kazaa-compatible P2P client appear that pops a few random bytes into the ID3 tag of an MP3, the comment section of a JPG or in the headers of a video file. Each one will then have a new hash. Oops.
Oh, the new KazaaDRM(tm) ignores comments & tags and only looks at the actual data? OK, the new client toggles a bit that won't cause any visual or audio degradation of the file. Oops.
That all said if 100 people rip an MP3 or DivX file they won't generate the same byte-identical file. This is doomed to fail at the expense of your computer's CPU cycles as it generates these useless hashes.
Trolling is a art,
The courts decided that it wasn't enough to remove works known to be copyrighted: rather they must know that works were not copyrighted.
However, anyone who has used a P2P network knows that for any given file people are looking for, there are about a dozen variants with very slight differences (encodings, cropping, someone added a few frames of "encoded by..."). Since we don't have digital purchase of data, there is no "authoritative" version of a file to fingerprint in the first place.
I don't know what kind of crack I was on, but I suspect it was decaf.
It is possible only according to the suits in the government. The p2p traffic accounts for ~2/3rds of the internet traffic nowadays, so unless you have an echelon-type system good luck!
(and that is not counting all the anonimity-protecting nets such as freenet, MUTE, and the new i2p (don't remember link, sorry).
Don't go silently into that peaceful night
"Providing creatively-driven, strategically-sound marketing solutions designed to help your business grow."
That ain't all they wanna make grow
The person making the statement that the apps can filter anything doesn't realize the sheer volume of fingerprints, etc. that the app has to keep track of.
Nice try- better than most, actually... But it still doesn't resolve the real problem which is that most of what the labels are selling is crap and grotesquely overpriced at that. People swapping all of that music is more a response to that than anything else.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
just change a random bit or two somewhere in the general data section (ie - where the actual video or audio is stored) and the hash gets defeated easily. (yes - an oversimplification, but it'll do)
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Well, he's wrong. If they used hashing, then people would only have to change a few bytes of the files to get around the filter. In audio and video, this could be done without any notice at all. And it would require people to have a huge hash database on their computer. Tens of Megabytes at least, if not hundreds. It would make performance really slow.
So, watermarking? Well, so far all watermarks that have been tried have been broken, and it would be much easier to figure out how the watermark worked if you had a binary file sitting on your computer that checked it. Just disassemble to find out how it's checked (and once one person does, this everyone will be able to). Plus, you could always just zip+password any file anyway, to prevent watermark checking.
Of course, that doesn't mean they wouldn't try to include this stuff, but why would anyone ever download something so restrictive in the first place?
autopr0n is like, down and stuff.
For every man hour of time that's put into 'protecting' their work, there's a thousand man-hour's worth of effort that will freely be contributed from the "public" to try and break it. All encryption like this can and will be broken over time, the only way to beat it seems to be for the companies to try and repeatedly adapt and stay one step ahead. Unfortunately that's very expensive and can't be maintained for long. Regardless of your stance on the argument of p2p, this is the way it looks like continuing for the near future.
Wow, so now all the Divx rippers will have to chop a few frames off of each divx they rip so each hash is different. Companies should really stop worrying about what their customers do with the materials they have purchased and figure out a way to actually encourage them to purchase said materials in the first place. And no, I'm not just talking about pr0n, but CD's and DVD's in general. If it's a quality movie or CD I'll buy it because I know I'll want to watch it over and over and add to my 'collection.' I've spent more on Peter Jackson's works in the past two years than I have on any other media combined. (at least that I own... not counting all the Blockbuster rentals)
I mean seriously, how much money is Blockbuster making right now renting movies (some of which get ripped by the Divx kiddies 'cause they have way too much time on their hands) while the music industry bemoans their inability to sell records like they did in the late 90's?
... at least in the music genre.
I used to work for a small company called Relatable (http://relatable.com/), which was working with Napster back in the day to identify the music being traded over the network.
Relatable's technology recognizes music by the acoustic properties of the audio itself regardless of how it was recorded, encoded, etc.
Obviously there are still ways around this, but it is a fairly solid solution.
It is important to recognize that "fingerprinting" does not equal "hashing". We all know that hashing will *not* work. But there are other techniques, at least for audio, that can work.
Josh
Yes, I agree with you for the most part - that was the first thought that came to my mind as well.
:)
However, for the average Kazaa user, it just might work. Most of them seem to think that if you uninstall kazaa your music is gone...or that you can't play the Kazaa music outside of the Kazaa client.
Keeping this in mind, then, we can give a little bit of credit to these guys in that they may succeed in fooling the idiots who use Kazaa.
Of course, people like that usually aren't the ones to come up with "original" content anyway.
Its actually amusing to think of the cat and mouse game this could develop into
It's also predicated on the idea that the hashes exist. Taking the first example of encoding at different bit rates and using different formats. Who's responsible for providing a reasonably exhaustive and authoritative list of the hashes? If Sharman et al. implement these schemes do they get bullet-proof immunity from criminal and civil liabilities?
Also, who says users will continue to use these "spyware" enabled P2P products once it becomes widely known that blocking has been enabled?
There are just too many excpetions to this idea to be really workable.
There are two fallacies with the proposal:
Spyware on the nodes? Even if you could somehow ensure that all compatible clients comply with the spying requirements, how long will those clients be left unmolested? Any P2P "server" is really just a client of many other "servers."
This depends on a mathematical hash performed on a given rendering of a copyrighted sample. Resample and the hash is broken. Hell, even a second-rate email spammer knows how to avoid hash detection: just tweak an unused ID3 field.
[
..will be roughly as effective as shutting down napster.
That is to say, not effective at all.
~To choose doubt as a philosophy of life is akin to choosing immobility as a means of transportation. -Yann Martel
It's a classic example of public assumption. Everybody assumes that if something is copyrighted, it can't be distributed legally. In truth, it depends on the will of the copyright holder. I don't remember how many times I've heard people say "Linux isn't copyrighted" or "BSD isn't copyrighted." They both are, but the copyright holders choose licenses that don't include the phrase "All rights reserved."
But trying to clarify that is like telling an internet user that a "cracker" broke into their computer, not a "hacker." (However, I'll note that the copyright legality clarification is probably more important than that of the cracker/hacker.)
tasks(723) drafts(105) languages(484) examples(29106)
But I can change my ID3 tags all day. Can they match me (hypothetically, of course ;)) md5sum to ID3? I highly doubt it.
This would end up working about as well Kazaa's user rating (or whatever it was called) thing. It had been out for how many days before people started showing up with their points maxed out? And it is worth noting that the second and third most common file sharing tools, dc++ and emule are both open source, so that anybody who feels like removing the controls can do so, and recompile.
Peer to peer networks that control what people communicate are possible. As are ones that control who talks to whoom, that people really allow the uploads they purport to, etc etc. As is any software that acts against, rather than for, the person that is running it. We just need to get Palladium in place first. What are you waiting for Microsoft!!!
I assume this is more than a worthless md5 sum: certainly in terms of the images that this guy is talking about it should be possible to steganographically hide a watermark in the image. If the p2p bots checked for this there might be a chance his scheme could work: some watermark techniques are apparently quite robust to re-encoding of the image, etc. Where all this falls down is that it'll be 5 seconds before some w4r3Z d00d releases a p2p client that just lies about having checked for the watermark and allows distribution regardless. That's the thing about the p2p model: there is no central server where the running code can be verified - to implement any kind of workable security model you have to assume that everyone on the network is going to be trying to defeat it and design it so that it's core to the whole application - unless the security validates, and other machines can prove to themselves that it validates on your machine, no transfer should work. I suspect something along those lines is possible albeit very difficult, but the fact that that kind of application isn't what p2p users want would still render the entire thing useless. Nobody would use such an app.
"'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
- JRR Tolkien.
detect copyrighted works and then filter them with the "spyware" installed
So under the DMCA AD-Aware and all other spyware removal tools will be illegal as they could be used to circumvent DRM.
Sounds like a ploy by the pr0n industry to install more crapware on our pc's.
Come to think of it *nix will be illegal too as their spyware will only run under wind0ze.
Peer to Peer networks have to go from Peer to another Peer. For almost everybody this means going across the routers, switches and wires of ISPs, backbones, and other telecommunications providers. Laws can mandate that these companies be held responsible for things going across their wires and forcing them to filter content.
I do that very same thing here. The internet connection comes in, goes through a firewall and then to snort both of which squeeze off peer to peer connections. This is to reduce bandwidth consumption and to make the boys over in legal happy.
The software might be independent but the pipes it travels across are not. Lessig's book goes into this in great detail.
This might sound a bit familiar for anyone that's had to repair a spyware infected computer.
Personally, I've done 4 in 2 days. And I can tell you I'm so sick of it it's not even funny.
One was so screwed up the HOSTS file was infected with encrypted javascript. Took me 3 hours just to knock that bastard down to the point I could get explorer open in under 10 minutes.
Special thanks to everyone that fights it by writing those removers... god they are a lifesaver.
when they pry the delete key out of my cold, dead finger.
Not that I watch porn of course. Not me, nope, not one bit. None.
---- Take the Space Quiz!
I didn't have time to read your entire post, but from what I could tell, it had something to do with porn. Right on brother! I love porn, too!
"We shall party like the Greeks of old! You know the ones I mean." - HedonismBot
Guys like this make me jealous! If I look at porn, it's just me and a picture--big deal--it's forgotten in a moment.
But Xsters--wow. It's me, a picture, satan and and a crowd of slathering demons, and god hisself, heavenly nostrils flared in anger, while a chorus fiery-sword-wielding seraphs chorus 'for shame, for shame.'
I just don't get that kind of mileage out of it.
IANAL, but taking off the tech hat, and trying to think from a legal standpoint...What would it mean if they can prove to the judge that there is a P2P scenario in which nearly foolproof copyrighted file identification exists ?
Would that then ruin the argument that "P2P should not be shut down because there are plenty of legitimate uses" by countering with "there is an equally efficient P2P architecture that brings all the same functionality to legitimate uses without hurting copyright law" ?
By doing that, wouldn't they change the issue of whether or not to allow P2P into one of which P2P can be allowed ? (or what is required of a legal P2P ?).
Just wondering...
Quem a paca cara compra, paca cara pagará.
Your company is free to establish whatever policies it chooses on your internal network. But I think it is very dangerous to suggest that we create laws that require the providers of public networks to filter content. Have you really considered the implications for free speech and privacy? Who controls the list of banned materials? Who controls the controllers?
Your Rectum Online?
If they took all the porn off the internet, there would only be one website left, and that would be bringbacktheporn.com.
-"Scrubs"
I have misplaced my pants.
I don't think he's trolling here, the human mind has a failing in that it likes to form habits. You can see that with non physically addicting things like chronic or in this case p0rn. Sure you might live a healthy life with it.
but if you're addicted you'd probably be better off without. It's such a marketting gimic to disregard the posibilities of addiction. Then there's the fact that he posts anonymously, how hard is it to sign up.
** back on topic ** There's no way the porn industry could do anything about "copyrighted" material being distributed cause all it takes is a slight change in the archive to change the hash and blow the system away. The only way it would work is if the porn industry started setting up tons of high traffic nodes distributing all sorts of stuff just to block some porn on some searchs, but they'd just get blocked anyways.