Anti-piracy Vigilantes Tracking P2P Users
brevard writes "From SecurityFocus comes news that a pair of coders with a deep hatred of software pirates have gone public with a months-old experiment to trick file sharers into running custom spyware they wrote that scolds users and phones home to a server. They circulated the program disguised as sought-after downloads like Unreal Tournament 2004 and Microsoft source code, and they have a website that updates in real time whever someone executes it. They've logged IP addresses for over 12,000 'pirates' since January. The EFF says the vigilantes may be committing a crime."
That's what they are essentially spreading. There's asses should land in jail as soon as possible.
Indefinitely Detained US Citizen
They say they are tracking software pirates.
But realy pirates don't use p2p apps for warez.
That's kiddie crap.
More like they are tracking 14 year old's with a cable modem.
try IRC, now if they could track that, it'd probably blow their minds.
I believe most of us feel angry when reading about these vigilantes. I know I do. However, I would encourage all of us to remember that if these vigilantes were, say... tracking down spammers... then we would be extatic.
Yes, I'm aware that there's a difference between pirates and spammers. But keep in mind that the RIAA probably sees P2P users the same way that we see spammers. Annoying, a growing threat, and obsessed with large penises.
I don't much care one way or another about the issue of going after software pirates, as there are some major assholes on both sides of the issue. But the problem with this approach is that if there are bugs in the antipiracy software it could end up screwing up a lot of people's systems and causing major expense and loss of time and effort. Moreover, it looks like people could convert this into intentional malware by renaming it, so that someone looking to download freeware documents on, say, the history of microprocessors, could end up with this crap on his machine. So I object strongly to the means, though I am ambivalent about the intent.
For those of you attempting to probe the moral questions of this project.
What if my software, downloaded with no warranty from Gnutella, displayed the weather conditions in Kenya?
I'd have their IP, and I could even safely retrieve the ID with legitimate pretenses.
However, since my software rebukes the downloader for downloading a file that appeared to be a crack, it is a Trojan and a danger to the peoples of the free world.
Just a thought.
clifgriffin > blog
It is a Trojan - it doesn't have to do anything malicious, just something that is blatently NOT what its description (filename in this case) suggests. And you're capturing data from the users that run it, so it could be argued that it is in fact malicious.
You've missed the point of the argument. The argument is that intentionally distributing trojan code for installation on machines you don't own or control is a crime; in the UK it would fall under the Computer Misuse Act. That's bad, and you can be charged by the state and put in jail for commiting that crime.
Whether or not the end-user is doing something legally / morally wrong by downloading what they believe to be material under copyright to which they have no permission to use is a completely independent discussion.
Can you spot the shoot-self-in-foot-notes?
..what, outlook? Got it! Thanks for clearing that up!
1. No data is collected by our software that isn't already collected when our software is downloaded. The only personally identifiable information that we have would be the executer's IP address. However this information is freely available at time of download and is completly public information.
Uhm, wait, but collecting IP addys is data. And you also collect what file they were trying to download, and where/who they got it from? I'd say building a track list of a 'social' network of where a file goes and by how/whom is plenty of data.
I'm sorry,but thats a load. Get a better legal advisor, next!
3. We dissagree with the notion that this is a "Trojan".
A trojan horse gains access to a system through deviant methods. Not through user initiated downloads on a P2P network. Secondly, a trojan horse by definition has a payload or attempts to give the author access by working from the inside. Our program is aboslutely dormant unless specifically and purposefully executed by the downloader. And the program is riddled with cues to what the contents might be. For instance, the company name is "C.R.A.P. Citizens Raging Against Pirates". Not what you'd expect from a "legitimate" crack or keygen.
Okay, lets see, its not a trojan, yet its a trojan. It's not a trojan because it comes from a p2p network, and not
Okay, great idea, really, very funny! But WTF are these guys going to do with all this when, say, MS steps in with a great big legal order of doom saying 'we want to know everybody who thought they were downloading the windows source code'? Are these people even thinking that far ahead?
And I love the broad thinking that anybody downloading a keygen is a pirate, What, these guys never lost a Cd key before? Yesh. Get a grip kids.
Points for some very crative programing, but they lost points for not finding something better to do and not thinking ahead a few more feet of them.
My new top secret key -> C>N|KB