Professor and Student Thwart P2P File Sharing

Digitus1337 writes "Wired has the story. 'A computer science professor and graduate student have been awarded a patent for a method of thwarting illegal file sharing on peer-to-peer networks by flooding the network with bogus files that look like pirated music.' This raises the question of whether or not companies that are already using such techniques are in violation of the new patent. Good news for subscription services?"

This can only be good news for fileswappers. Maybe

[Raindance]

First off, many P2P networks are smart enough to easily defeat this attack. Reputation tracking alone, out of several technologies already implimented to prevent this attack, is almost enough. The news here is not about the technology used, it's the patent itself.

With that said, this is then a barrier to entry for Overpeer, MediaDefender, and like companies- either they convince these folks to license this technology or they'll probably face a lawsuit (depending on whether they're infringing currently, which is probable).

So yeah, this is good news for P2P filesharing specifically, and P2P networks in general, as being a network disrupter is probably more costly because of this patent.

The courts, however, might rule that one cannot patent things such as this-- there's little-to-no qualitative difference between folks patenting this and me patenting a method for a DDOS or patenting a method used in a computer virus. Depending on the judge, they may be in for a surprise if their patent goes to court.

RD

False patent

[Orion+Blastar]

This is called a Cuckoo's Egg and many people have done it already.

The Definition says:

A cuckoo egg is an MP3 file that typically contains 30 seconds of the original song with the remainder of the song overwritten with cuckoo clock noises, white noise, and/or voice messages such as, "Congratulations, you must've goofed up somewhere." Ideally, a cuckoo egg should have the same playing length as the music it pretends to be. The purpose of cuckoo eggs is to deter the downloading and sharing of MP3 files using Napster and similar approaches.

Typically, a Napster user downloads an MP3 file and sometimes share it with others before listening to it. Recognizing this, a cuckoo egg creator creates the cuckoo egg to look exactly like a real MP3 file. The user then unknowingly shares the cuckoo egg with other unsuspecting users spreading the cuckoo egg like a virus. Unlike a virus, cuckoo eggs do not damage computers, but simply annoy and waste the time of those who download the files.

The Cuckoo Egg Project began with Michael and Stephanie Fix. Stephanie Fix is a musician who is concerned about the illegal availability of copyrighted music through Napster. The concept centers on the idea of how a real cuckoo bird lays its eggs in another bird's nest. To the Fixes, the Napster system is like a huge nest of MP3 files, a perfect environment in which to lay cuckoo eggs

The first cuckoo egg was laid on June 10, 2000. Since then, Napster users have posted hundreds of angry messages at the Cuckoo Egg Project's Web site. Whether it's deterring them from downloading other songs has not been determined.

First spotted in June 10, 2000, so the patent is a false or fradulant one.

Re:False patent

[John3]

Found the patent online and they filed it in August 2000. That's after we got plenty of press including a Slashdot article that brought our server to it's knees and attracted a fair number of DDOS attacks. :-)

So basically they patented spam?

[cowscows]

This is basically a patent on the reality of spam. A bunch of noise that makes email/IM/p2p such a mess that it's hard to find anything that you want.

If only someone held a patent on spam, maybe that'd lower the volume of it somewhat.

Re:Uh, prior-art?

"You need a central certificate authority to validate the autheticity of users. And, that is a big no-no in P2P systems"

You can still be authenticated and remain anonymous. Take slashdot for example. From this you can implement some type of karma (like slashdot) or review (like ebay) system so that users who fuck others fall into the background. Only your key is known to the central sites so that your identity remains anonymous but your habits can be tracked.

Re:but...

[ticktockticktock]

You are forgetting that peers are generating the results and relaying results from other peers. Nothing stops a rogue person from modifying a gnutella client to look for certain searches and then prevent them from going beyond their peer and simply send back garbage results with hundreds/thousands of fake sources for the fake file.

Re:Uh, prior-art?

[rfmobile]

You need a central certificate authority to validate the autheticity of users. And, that is a big no-no in P2P systems.

Actually, you don't need a central CA - a distributed one will do. In other words, every peer implements their own "buddy list". The buddy list includes positives (confirmed trustworthy) and negatives (confirmed un-trustworthy). Instead of distrusting every peer, you can choose a list of peers from one peer you already trust, and build from there.

When performing a search, your P2P software might color code the results based on this list. Green for known good peers, red for bad peers/spammers/etc., and yellow for unlisted, unknown peers.

-rick

Re:Would it really matter?

[Gortbusters.org]

Sounds like you need to get your act together and pirate more songs haha!

Most mainstream songs (i.e. ones on the radio) have a large fake song:real song ratio. The methods of 'fakeness' vary:

• Beeps - nothing like some high volume beeps to destroy your speakers/headphones/ear drum
• Intro, then silence - Looks like a valid song, sounds like a valid song, but after 15-30 seconds it goes silent
• Varied Silence/feedback play: I don't know how they do it, but seems like some of the fake songs will play no matter where you start playing them from, but after a few seconds they will either give the feedback sound or go to silence
• Repeat the Chorus: This one is sometimes a hidden treasure. Most songs have a chorus that's normally sung/played over and over in the song. BUt the fake mp3 just repeats the chorus for the entire song! The good news is that if you like the song for its chorus, you may be lucky enough to find a pure chorus version of it, WOOHOO!
• Mysterious WMA files: try and play these on windows and it just sends you to an MSDN site. I never play an mp3 file with a valid proxy setting though, just incase they check those logs...

Lately, I don't see many valid songs at all. All the fake ones are on servers with tons of bandwith, so they download almost immediately. The good news is that fake songs usually have the standard format: "Artist - Song Name", where real songs have something that someone might have actually done themselves "01-Artist_Song_Name' or '[Rock]-Artist_(Album)-Song-Name'... but not many people share that, and the one guy that does seems to transfer at 3-5kb/s :(

"buddy lists"

[nutznboltz]

How do you identify someone to compare them to what's on your black list? IP address? Good luck cause you have to deal with DHCP and NAT. Use a token instead? What's to keep them from using a new token whenever they like?

Its easy to say, just use a list but it's not easy to do that.

A white list setup leaves you with a WASTE-like network not an anonymous one.

Uh

[bonch]

Are you saying it's bad to combat P2P piracy? Slashdotters shouldn't care, right--after all, they don't illegally pirate. Right?

I've been buying from the iTunes store since it came out. There is no valid reason whatsoever to pirate an artists' works on Kazaa and eMule. Slashdotters have yet to legally or morally justify ripping off an artist's stuff.

Re:Uh, prior-art?

[vegetablespork]

And what happened to the old Freedom network? It was conveniently shut down due to "lack of a market" right after 9/11. Can't have Joe Average with strong anonymity!