Slashdot Mirror
Professor and Student Thwart P2P File Sharing
Digitus1337 writes "Wired has the story. 'A computer science professor and graduate student have been awarded a patent for a method of thwarting illegal file sharing on peer-to-peer networks by flooding the network with bogus files that look like pirated music.' This raises the question of whether or not companies that are already using such techniques are in violation of the new patent. Good news for subscription services?"
First off, many P2P networks are smart enough to easily defeat this attack. Reputation tracking alone, out of several technologies already implimented to prevent this attack, is almost enough. The news here is not about the technology used, it's the patent itself.
With that said, this is then a barrier to entry for Overpeer, MediaDefender, and like companies- either they convince these folks to license this technology or they'll probably face a lawsuit (depending on whether they're infringing currently, which is probable).
So yeah, this is good news for P2P filesharing specifically, and P2P networks in general, as being a network disrupter is probably more costly because of this patent.
The courts, however, might rule that one cannot patent things such as this-- there's little-to-no qualitative difference between folks patenting this and me patenting a method for a DDOS or patenting a method used in a computer virus. Depending on the judge, they may be in for a surprise if their patent goes to court.
RD
Something like this could also be used to confuse the RIAA with their obviously unresearched lawsuits. Hmm...
The Definition says:
First spotted in June 10, 2000, so the patent is a false or fradulant one.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
This is basically a patent on the reality of spam. A bunch of noise that makes email/IM/p2p such a mess that it's hard to find anything that you want.
If only someone held a patent on spam, maybe that'd lower the volume of it somewhat.
One time I threw a brick at a duck.
ofc. it's legal. a heck of a lot more legal than all the *real* britney spears mp3's on the networks anyway. basically what they're doing is sharing non-copyrighted material on a p2p network, which happened to be what the network was for *officially* anyway. just because the filenames are bogus doesn't mean anything, p2p networks hardly come with guarantuees....
People replying to my sig annoy me. That's why I change it all the time.
Sure, like P2P apps haven't had difficulty with this before.
Magnet links send you right to the file without neeeding to search.
You can check for files with lots of sources AND different IPS with a file that ISN'T rated 0 with a FAKE comment attached to it.
IP Bans, file size checks, sample checking, file hashing.
There's too many ways to block fake files.
"You need a central certificate authority to validate the autheticity of users. And, that is a big no-no in P2P systems"
You can still be authenticated and remain anonymous. Take slashdot for example. From this you can implement some type of karma (like slashdot) or review (like ebay) system so that users who fuck others fall into the background. Only your key is known to the central sites so that your identity remains anonymous but your habits can be tracked.
You are forgetting that peers are generating the results and relaying results from other peers. Nothing stops a rogue person from modifying a gnutella client to look for certain searches and then prevent them from going beyond their peer and simply send back garbage results with hundreds/thousands of fake sources for the fake file.
Only the "fittest" files will survive on these networks. As a result, it amuses me to see these guys try and put bogus files out there. They almost instantly die in the wild when people rank them as bogus.
When will they learn?
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
It's easy to write a script that checksums the MP3 data while ignoring the ID3 tags.
No, it's pretty much impossible to do this unless you plan to download all the files first which sort of defeats the purpose of the checksumming.
Fortunately you are wrong, if this is implemented within the clients then the checksums sent across the network will be of the actual mp3 data without the id3 tag. It can even be implemented gradually - if implemented: send both checksums, when comparing use the mp3-only checksum if available, etc.
Actually, you don't need a central CA - a distributed one will do. In other words, every peer implements their own "buddy list". The buddy list includes positives (confirmed trustworthy) and negatives (confirmed un-trustworthy). Instead of distrusting every peer, you can choose a list of peers from one peer you already trust, and build from there.
When performing a search, your P2P software might color code the results based on this list. Green for known good peers, red for bad peers/spammers/etc., and yellow for unlisted, unknown peers.
-rickThis kind of thing has been happening for a long time now. I've seen this on the kazaa networks for the last couple of years, usually with newly released songs.
To be honest, I get a kick out of it...I derive an amount of satisfaction after I find a "good" version of a song that somebody went through the trouble of making and distributing a decoy of, knowing that they FAILED in their attempt to stop me from downloading. Once you've had it happen to you enough times, it isn't all that hard to pick out the good versions of a song and ignore the messed up ones (I started calling them riaa bombs, since I figured they are probably behind it.)
This issue underscores one of the problems with p2p networks...if you want to get your music this way you have to remember its a crapshoot. You might get an intentionally messed up song like this, you might get an mp3 that was encoded by an idiot (full of pops and scratches, dropouts, terrible sound, joint stereo, low bitrate, came from the radio or analog tape, etc) who either doesn't bother or care to check his work; or you might get a nice well made music file.
It also seems like a lot of people download bad versions of songs like this, and never bother to check them...so their spread is helped. In fact this can help you spot bad files on kazaa, when 50 sources show up for one file there's a good chance its one of these.
It would still be a stupid patent, even if they filed for it in 1990. The idea is not novel, the idea is to increase the noise to the point that the signal is hard to find. The government did this a long time ago with radio/radar jamming. Its not a new or novel idea, just a new implementation. And it is really easy to get around, the P2P network (users) just adapts and finds a way to identify the real thing.
Additionally, the bogus files will not survive because people will just delete them once they realize they are bogus, thus they will not propagate as fast as real files, and will eventually die off. You'd think these acedamians would realize that.
I don't use P2P myself, but I don't think the RIAA would have as much to worry about if they put out some music worth paying for. I'm happy to pay to support artists I like, and iTunes is pretty damn good, but c'mon, the only way I'd buy anything by Brittany Spears is for 30 minutes alone with her to do my bidding.
"None of us are as dumb as all of us." - meeting mantra
Most mainstream songs (i.e. ones on the radio) have a large fake song:real song ratio. The methods of 'fakeness' vary:
Lately, I don't see many valid songs at all. All the fake ones are on servers with tons of bandwith, so they download almost immediately. The good news is that fake songs usually have the standard format: "Artist - Song Name", where real songs have something that someone might have actually done themselves "01-Artist_Song_Name' or '[Rock]-Artist_(Album)-Song-Name'... but not many people share that, and the one guy that does seems to transfer at 3-5kb/s
--------
Free your mind.
I wonder if it's possible (I really don't know how an MD5 hash works) to download a trusted MP3, leave the ID3 tag intact but scramble the rest of the data and have it generate the same hash? If none of the values changed, just their positions within the file, could that work? It would come out of your MP3 player as total junk but be indistinguishable from a trusted file using current methods of p2p searching, you have to download at least some of it to confirm that it's not the right one. Could that be done? Pardon me if I don't understand how file signatures operate.
How about pseudonymity? Like the old Freedom network from ZeroKnowledge, you have an identity on the network that can authenticate and gain a reputation, but there is no way to connect an identity on the network with an identity in meat-space (including an IP address).
It is a pseudonym, which has a continuous identity, personality, etc. but whose reference is unknown in terms of real name, etc.
This is all that is needed, not true anonymity.
How do you identify someone to compare them to what's on your black list? IP address? Good luck cause you have to deal with DHCP and NAT. Use a token instead? What's to keep them from using a new token whenever they like?
Its easy to say, just use a list but it's not easy to do that.
A white list setup leaves you with a WASTE-like network not an anonymous one.
Are you saying it's bad to combat P2P piracy? Slashdotters shouldn't care, right--after all, they don't illegally pirate. Right?
I've been buying from the iTunes store since it came out. There is no valid reason whatsoever to pirate an artists' works on Kazaa and eMule. Slashdotters have yet to legally or morally justify ripping off an artist's stuff.
This raises a very interesting point. If one were to start a service that would be borderline legal, the best way to protect the profitable, questionably legal portions would be to patent every method of attack. As you are the one designing the system, you have a good chance of seeing its weaknesses first.
In this way, you use the patent system to shield illegal activity. If one could find a way to wrap a DMCA encryption layer into the process, one would have lots of ammunition against those companies that are attempting to vigilante your semi-illicit activities.
The ______ Agenda
And what happened to the old Freedom network? It was conveniently shut down due to "lack of a market" right after 9/11. Can't have Joe Average with strong anonymity!
Call (206) 338-5780 COLLECT for information about a genuine BA, BS, MA, MS, MBA, or Ph.D.