Slashdot Mirror
Software To Stop Song Trading
Shippy writes "Palisade Systems is about to launch new software that can identify and block copyrighted songs as they are being traded online. However, the article fails to mention that it will also stop legal song downloads. The software blocks anything that's copyrighted, whether you already own the song in another format or not. Here's some snippets from the article: 'If installed in a university, for example, it could look inside students' emails, instant messages and peer-to-peer transfers...', and 'Jacobson said the identification process would not work on an encrypted network, such as is used in several newer file-swapping programs. However, the Palisade software could also act to block those applications from using the network altogether.' Great."
I guess it's time to start bridging those WiFi networks around the world. If you can't beat em, fuck em. I start file sharing over WiFi networks. I look forward to the days of local BBSes again. (WiFi BBS?)
Life is not for the lazy.
How does this effect pay-for programs like iTunes?
Also, is this RIAA-only songs being blocked, or other songs? Copyrighted doesn't always mean "undistributable". Someone may hold the copyright to something but may actually let people distribute it-- am I wrong there?
---
Never criticize religion on Slashdot. You will be modded down for "Troll" no matter how factual it is.
If I send my friend an mp3 of me playing some music how can it tell that from me sending a copyrighted work? Is it reading the 'finger print' and then checking byte by byte? Isn't that going to kill traffic... But couldn't it be beaten by adding one extra byte to the file? Sending in another format?
..is a P2P app that can run over an SSL connection, disguised as web traffic. I'd bet that could beat this thing. Does such a thing exist?
From the article:
"seeking audio "fingerprints" that could be compared with information in Audible Magic's database."
We've tried database-oriented filters to stop spam in the form of keyword lists and the like for years, yet spam is more of a problem today than it was 5 years ago. Why won't the same techniques that let spam slip past our filters let content slip past these filters? Add a byte here or there, run a very light encryption routine over a file and bam - one broken filter.
Even if the networks that use encryption in the protocol itself are stopped - encryption on the file level can be used on insecure networks and this software becomes useless.
Josh
How many roads must a man walk down? 42.
And just the other day people were saying it'd never catch on.
The university I attend has explicit privacy rules, available for everyone to read. If I recall correctly this sort of thing would violate those rights awarded by the school and as soon as someone brings it up it'll disappear.
Perhaps that opinion mostly comes from the fact that GPL are mostly violated by people with money to make yet more money without earning it, while copyright infringers (of the most common sort targeted by the music industry) are not looking to make a profit from thier actions.
> They want to take the position of not filtering out all peer-to-peer [traffic], stopping copyrighted works but not the other content."
Here's the problem: how do RIAA and MPAA distinguish, legally, between copyrighted material that is permitted (fair-use), and that which is not? I'm talking about articles, fair-use media vs. illegal-to-distribute-or-possess copyright media. How do these watchdogs inform the public of such differences? The onus is truly on the RIAA/MPAA if you ask me. The story, strangely, is "Copyright © 2004 CNET Networks, Inc. All Rights Reserved," which begs to question... how can a twelve-year-old truly understand this discombobulated law?
That's the problem with the whole thrust of the RIAA argument against P2P (that the illegal trading of this copyrighted material hurts business). What about Internet articles? These articles are copyrighted works, published to the Internet by their respective owners, but quite often articles are mirrored by websites like Slashdot. Sometimes the copyright owners like this mirroring, and other times they do not (they seem to flip flop on it, depending on the source). Therefore, the lack of consistancy *should* make it extremely difficult to win a copyright case, although somehow the owners always win.
IANAL, yet my argument is that two distinct laws ought govern copy protection, because this fork-in-the-road is quite ambiguous. Firstly, how are any of us to know the status of copyrighted materials downloaded? What if we download a song over P2P, expecting the song to be one of the songs that are fair-use, and we pass the song along to a ton of other people? Secondly, how do we distinguish between the legality copyrighted articles that are online and music, and the fair-use music?
Because there exists no truly accurate copyright-status repository, I think all the people under suit from a watchdog might have some ammunition.Without a bona fide/impartial database of illegal filenames and md5 checksums to verify your current P2P files, how can you be responsible for these files?
Furthermore, if you downloaded a song from P2P, you should legally be able to upload it back to that P2P, if you truly believed the files to be fair-use, which could truly be any file.
The dangers of knowledge trigger emotional distress in human beings.
If this is based on fingerprinting technology it would be pretty trivial to cutoff the Type 1 and Type 2 tags, reverse the content and stick'em back on. Reverse the process after downloading. Of course you could always UUencode the song and add a zip extension to it or a multitude of other tricks to hide what your doing.
Never underestimate the power of broke, bored, determined college students.
Sig (appended to the end of comments you post, 120 chars)
neither RIAA nor Audible Magic had given them a demonstration of the filtering tools. Industry trade group P2P United says it has repeatedly contacted the company asking to see the filters in action.
Ikezoye said he still has not demonstrated the technology for the peer-to-peer companies.
This brings up a ton of questions:
- What are they looking for in the content of P2P traffic?
- What defines copyrighted or 'controlled' material? Bootlegs won't be in there...
- If it ain't installed in the client, where is it installed?
- Will this work on server based P2P like soulseek?
- What possible gain is to be had by filtering this?
Studies have already shown that CD sales increase where there is a market of 'try before you buy'. (Australia, for example) When is the RIAA going to wake up and realize that the biggest marketing tool in history is at their command and they don't have to do a damn thing to prevent it?
Radio killed the vinyl star? Nope.
Video killed the radio star? Um, nope.
MP3 killed the video star? Maybe, but absolutely to the artists' benefit and not some fat f*ck from Clear Channel.
Filtering is way too invasive to even be considered an option. Sheesh.
"Look, Smithers! I'm Davy Crockett!"
That fails in two ways:
First, my point was more towards the resultant use of the copyrited material. The company stealing GPL code sells that code to make an economic profit. The music trader listens to the music and does not sell it to others. They make no profit.
Secondly, many people still buy CD's, often moreso, after they are exposed to it online. So it seems that the companies do not usually give back to the GPL project if they decide to take something.
and there's more than enough jaywalkers here at my school.
I've already lost all faith in ITS here, so I have no problem yelling at them if they implement something like this and it interferes with the legal stuff I do (say, IRC). Cable back at home's better than the school's network anyways.
Karma: Negative (Mostly affected by dorm trolling)
So - this software will block my VPN to work and not allow me to work from home?
Methinks that this software will die a quick death.
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
Is it just me or does this sound like RIAA bought their own version of Carnivore?
This is a good point. Frankly make them sign a contract or a LOI stating that if they do anything illegal that they have to indemify the university of any illegal actions and take full recourse for the aforementioned.
But if 90% of their traffic is P2P why not make it all internal traffic thus eliminating bandwidth costs? If there is a way to do this for instance block the ports that P2P programs use, hell block all the ports except 80 and then setup a VPN client with all ports open but restrict traffic to being only internal. Then the bandwidth load is reduced by 90% and the traffic (which would probably cut down) might come down by as much as 60-70%.
If new items need to be introduced to the P2P networks on the campus then the students should have to go out and use their own, their parents or some cafes' then they can bring it back into the closed school network.
What do you think of that?
UID 1000000 is just around the corner.
I think the question he was asking is how could the software tell if the communication is encrypted.
I was working for Palisade when they developed the first version of PacketHound.
Actually, I should say when they stole PacketHound, since it was actually created by a coworker in his off hours, outside of Palisade. The CEO at the time fired this guy and sued the developer to gain the rights to PacketHound. Kind of ironic that they stole something that is supposed to prevent stealing!
Like Palisade's original product, called ScreenDoor, PacketHound is just a packet sniffer that sends out TCP RST packets to disrupt connections. Palisade (and Iowa State University) actually have a patent on this, even though there have been firewalls and other programs (like Snort) which do the same thing, and predate the patent.
Palisade itself is a tiny company that is milking this one patent/idea for most of its products. But they are somehow good at getting press...
Simple. Ever heard of a man-in-the-middle? You make an SSH connection to a computer on the other side of this software. It detects you are using SSH, and steps in during the key negotiation protocol. Your client complains that the host key has changed. You either refuse the new host key and you're SOL, or you accept it and the software can still look for copyrighted material. You complain about security, but they claim your connection is still "secure" as it is reencrypted on both sides by this software.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
maybe we just need to rename songs as .doc or .jpg. If that crap can still catch them, cram the song into real images or insert them into real office documents.
One may insert them into icmp packets (ping still allowed??). What if i encrypt all my email, will encryption be outlawed? The war on file sharing is turning into a war on drugs, we all know how effective it is.
I think anyone can still get packets and or out a given network can download and upload songs or anything. those big 5 labels are causing real damage trying to police the internet and deserves to die real fast
Alright, let me get one thing straight here. I've been in several bands over the last 10-20 years and frankly, I would fucking love it if our material was being actively traded over P2P networks, because at least then someone is listening to and enjoying what I've done. I don't care if I see a dime from P2P, cuz I didn't see a dime from the record company either. I'm still in debt, supposedly paying for the privilege of being in their 'roster' of stars. Well, fuck them. Maybe I made a bad business decision, but I feel zero obligation to think that many other 'artists' haven't also been given similar treatment. Believe me, the sooner we expose the RIAA for what it is (i.e. - a corporate protection agency) and for what it is not (artists' protection), the clearer this ludicrous debate will become.
"Look, Smithers! I'm Davy Crockett!"
The wargame company that makes Combat Mission does this to their save game files. The files are encoded not encrypted and the data read in/out into the file is true plain text, but unreadable. You cannot tell this is an encoded file by any means I am aware, but the file loads up smoothly and quickly.
Seems to me iffin you wanted to defeat this new drive to invade privacy, making a software module that will allow you to store and transport music (and many other kinds of files as well ) files as plain text would be a tremendous blow to those efforts.
Dawn of the Dead
Please direct all fan mail to the head of Palisade, Doug Jacobson. dougj@iastate.edu
Check out his senate testimony(Google Cache). This guy makes a living spooking the spooks.
bash-2.04$
bash-2.04$yes "Don't you hate dialup connections?"| write USERNAME
I would LOVE to see a university try to block that. A small private one might (and I emphize might) be able to get away with it but a big one? Forget about it.
Hell, our university REQUIRES SSH for many things. You can't telnet to the e-mail cluster any more, it's SSH only. Likewise the webmail is SSL only. You just don't have a choice, you'll use the encryption or you'll not use the system. My department is working on going to that. Going to be no telnet, no FTP, no unencrypted IMAP or pop. Everything will be SSH, SFTP (which is also SSH), or SSL. Unencrypted communications will be in-building only, or for things like the main website. You want to access any systems, you'll do it with an encrypted protocol, or use an encrypted VPN tunnel to get a local address.
So either SSL or SSH would work well. They are just too useful and used for too many things. Try and shut that down and you'll find backlash like you can't believe.
Not every college says their computing resources are for academic use only. Honestly, such a policy is kind of ridiculous - with such an agreement, you've suddenly said your students aren't allowed to do a whole host of things, such as use their campus network connection (or campus e-mail account) to keep in touch with family and friends. You've also said your students can't use the campus network to download games and all sorts of other stuff that you really shouln't be disallowing people who live on campus from doing.
At the college I went to, the computer center understood that the campus network and internet connection weren't just an academic tool. They were also a student entertainment service and a way to attract kids. A college with a TOS that doesn't allow this or has a generally crappy low-bandwidth internet connection in the dorms stands to lose a lot of good applicants to well-wired schools. Which isn't to say that the network was totally unrestricted - there were bandwidth caps on traffic going through all the popular filesharing ports, for example, and all non-port-80 traffic in the dorms was restricted during peak hours.
I have seen such policies on computer labs (with the understanding that e-mail is okay), and that does make sense.
Yes, McCrapDeluze: what you describe is the blowback, the reaction against the controllers.
Technology tries to liberate. Technology was once thought of as the essence of freedom's revolution itself. Recall Apple/1984... recall www-idealism. Then technology turns against itself and tries to control. Porn regulation, satillite cameras, fingerprints, RIAA server-side 'intellectual property' monitoring. Liberation vs. control. Hacktivists and regulators engaging in battle royal.
Sure there are always loopholes and entropy... but I fear the capability of technology to regulate and control will become so strong and so automated that only the most astute hacktivists or fleeting script kiddies will find sanctuary, leaving the rest of the populace to graze like sheep on genetic grass.
The Custom Mary
For starters, I'll be damned if your fscking spybot will ever acess my hard drive. Block all ports by default, opening as needed.
How, exactly, does a remote program ruffle through my files without my permission, anyway? Mandated backdoors? Screw them.
If it looks for an audio "fingerprint," how will it react if some 10-year-old wrote a 5K program to insert a random byte every N bytes of the MP3 (or any file)? If I do something as idiotic as flipping all the bits? The ways to foil things that search based on fingerprints are too many to name.
Who the hell gave you permission to look at my private e-mails? Oh, yeah... I DIDN'T!
Amendment IV: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
How exactly will it react to a file named "Britney-Spears.mp3" that contains nothing but static? Did I mention the violation of privacy?
They've already admitted that it's completely impotent against encrypted traffic, and there are already encrypted p2p clients.
For the love of God, don't these control freaks realize when they're beaten?
OK, I think I've got most of the obvious replies out of the way. It's obvious that the current control freaks "up there" see the Internet, and realize quite well what it can and will do them if they can't nip it in it's budding stages. Kid yourself not: They will wage an all-out war against privacy on the Internet. And as always, all that is needed for evil to win is for good to do nothing.
Contact your congressperson. Have all your friends do the same. Snail-mail them. E-Mail them. Donate money to their campaigns. Get the word out!
You see, every college that installs this will just piss off the students in the college. It will eventually prompt someone to write an application (if one isn't already written) to bypass this.
Look how Napster started... at college.
I'm f#$king magic!
Network security devices do this with SSL by proxying the connection so you think you're connecting to the remote site by SSL, but in fact it's only as far as your perimeter, where it's managed (scanned, audited, etc) and sent over a new SSL connection.
There are lots of ways a P2P app could prevent that from happening of course. But then it might be easier to detect and block outright. Cat and mouse, as always.
This software can not hinder swapping:
We can reverse the media.
We can swap blocks in the media.
We can divide the media into parts.
We can distribute the media in small enough segments (e.g. 0.5-5 seconds) such that it will be computationally infeasible for them to maintain a block list - a single whole of media would be distributed in hundreds or thousands of parts with no one system sharing more than 5 seconds of any single whole media - i.e. "splitting" files, as in usenet.
We can setup adhoc wifi networks.
We can distribute content parts embedded in MS Office documents, in PDF documents.
We can use the mail system.
Don't you see, there is no way short of exhaustive whitelisting and mandatory palladium that they can stop this, or even significantly hinder it.
It simply can't be done.
Mark my words: We will have whitelist-only ISPs and policy making non-palladium computing devices illegal in 10 years unless we take a stand now and reverse course - by mandate, by policy, by the power of the people.
This is a legitimate rebellion. It is not "consumer" rebellion. "Consumer" is a term of the fascist jack-booted thugs who are trying to crush the rebellion. It is a rebellion of the people.
Downtrodden and oppressed peoples of the world unite!