Slashdot Mirror

← Back to Stories (view on slashdot.org)

Professor and Student Thwart P2P File Sharing

Posted by timothy on from the oh-the-humanity dept.

Digitus1337 writes "Wired has the story. 'A computer science professor and graduate student have been awarded a patent for a method of thwarting illegal file sharing on peer-to-peer networks by flooding the network with bogus files that look like pirated music.' This raises the question of whether or not companies that are already using such techniques are in violation of the new patent. Good news for subscription services?"

17 of 382 comments (clear)

  1. Uh, prior-art? by Anonymous Coward · · Score: 4, Informative

    Spammers have been doing this for years, ever since Napster and Gnutella came out. And, people have been filtering it since then. Once a P2P system has some sort of trust system built into it, this becomes far less effective.

    1. Re:Uh, prior-art? by jpu8086 · · Score: 4, Insightful

      Things that are really, really hard to implement in a true P2P network:
      - Global trust matrix
      - Economy
      - Authentication

      These are hard because the equality of peers can always be exploited by users with malicious intent. They can join in the P2P network as multiple peers (if a network limits one user per IP, an attacker with multiple computers and sufficient resources can compromise). Remember that in a true P2P network everyone is equal - it is nearly impossible to implement schemes that avoid the Sybil attack.

      You need a central certificate authority to validate the autheticity of users. And, that is a big no-no in P2P systems.

      So, forget about trust matrix. You can't trust anyone in a true P2P network.

      --
      now supporting:
      cmdrTaco for president '04
      michael for oval office intern summer '05
    2. Re:Uh, prior-art? by JamieF · · Score: 4, Funny

      >You can't trust anyone in a true P2P network.

      Man oh man... what is the world coming to when you can't trust anonymous criminals anymore?

    3. Re:Uh, prior-art? by rfmobile · · Score: 4, Interesting
      You need a central certificate authority to validate the autheticity of users. And, that is a big no-no in P2P systems.

      Actually, you don't need a central CA - a distributed one will do. In other words, every peer implements their own "buddy list". The buddy list includes positives (confirmed trustworthy) and negatives (confirmed un-trustworthy). Instead of distrusting every peer, you can choose a list of peers from one peer you already trust, and build from there.

      When performing a search, your P2P software might color code the results based on this list. Green for known good peers, red for bad peers/spammers/etc., and yellow for unlisted, unknown peers.

      -rick
    4. Re:Uh, prior-art? by jpu8086 · · Score: 4, Insightful

      "Only your key is known to the central sites so that your identity remains anonymous but your habits can be tracked"

      You contradict myself. You are not anonymous if someone knows who you are. You might get a feeling of anonymity because of the shelter provided by the powers to be. But, that is all at their mercy.

      Don't confuse privacy for anonymity.

      --
      now supporting:
      cmdrTaco for president '04
      michael for oval office intern summer '05
  2. This can only be good news for fileswappers. Maybe by Raindance · · Score: 5, Interesting

    First off, many P2P networks are smart enough to easily defeat this attack. Reputation tracking alone, out of several technologies already implimented to prevent this attack, is almost enough. The news here is not about the technology used, it's the patent itself.

    With that said, this is then a barrier to entry for Overpeer, MediaDefender, and like companies- either they convince these folks to license this technology or they'll probably face a lawsuit (depending on whether they're infringing currently, which is probable).

    So yeah, this is good news for P2P filesharing specifically, and P2P networks in general, as being a network disrupter is probably more costly because of this patent.

    The courts, however, might rule that one cannot patent things such as this-- there's little-to-no qualitative difference between folks patenting this and me patenting a method for a DDOS or patenting a method used in a computer virus. Depending on the judge, they may be in for a surprise if their patent goes to court.

    RD

  3. Technology Lifespan by BCoates · · Score: 5, Funny

    1. Invent product
    2. Deploy into market
    3. Product becomes obsolete
    4. Patent awarded

  4. Would it really matter? by Rosco+P.+Coltrane · · Score: 4, Insightful

    If there are 10000 bogus files, but only a handful that have more than 5 sources, chances are these are the real McCoy and all the others are the decoys.

    And even if there are 10000 files around with a lot of sources for each file, I'm sure people will start trading files containing the RC5 checksums of real files, on IRC or something. Hell, they might even P2P the real-files index :-)

    In short: should the RIAA/MPAA and friends even adopt that technique, it'll give them only a very temporary reprieve. They really should realize the cat's out of the bag and they should start thinking of new business models around digital file sharing, not against it.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:Would it really matter? by Coke+in+a+Can · · Score: 5, Insightful

      It's really hard to checksum MP3s, though. First thing I do after downloading an MP3 is change the ID3 tags to my liking, which changes the file, and generally makes it unique, with only one source, me.

  5. Not quite by vlad_petric · · Score: 4, Informative
    Patents are retroactive - they're effective from the application day, regardless of the time it takes to process them.

    So it's safe to put 5. Profit :)

    --

    The Raven

  6. Re:Phase 2 of the plan... by Rosco+P.+Coltrane · · Score: 4, Funny

    we will be happy to allow you to license our patent to continue your technology-based counter-p2p operations.... for ONE BILLION DOLLARS!" [touch pinkie to corner of mouth, for added effect]

    It's a technology for p2p Haters, therefore we shall call it "Preparation-H"! Because it's good on the whole.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  7. False patent by Orion+Blastar · · Score: 5, Interesting
    This is called a Cuckoo's Egg and many people have done it already.


    The Definition says:


    A cuckoo egg is an MP3 file that typically contains 30 seconds of the original song with the remainder of the song overwritten with cuckoo clock noises, white noise, and/or voice messages such as, "Congratulations, you must've goofed up somewhere." Ideally, a cuckoo egg should have the same playing length as the music it pretends to be. The purpose of cuckoo eggs is to deter the downloading and sharing of MP3 files using Napster and similar approaches.


    Typically, a Napster user downloads an MP3 file and sometimes share it with others before listening to it. Recognizing this, a cuckoo egg creator creates the cuckoo egg to look exactly like a real MP3 file. The user then unknowingly shares the cuckoo egg with other unsuspecting users spreading the cuckoo egg like a virus. Unlike a virus, cuckoo eggs do not damage computers, but simply annoy and waste the time of those who download the files.


    The Cuckoo Egg Project began with Michael and Stephanie Fix. Stephanie Fix is a musician who is concerned about the illegal availability of copyrighted music through Napster. The concept centers on the idea of how a real cuckoo bird lays its eggs in another bird's nest. To the Fixes, the Napster system is like a huge nest of MP3 files, a perfect environment in which to lay cuckoo eggs


    The first cuckoo egg was laid on June 10, 2000. Since then, Napster users have posted hundreds of angry messages at the Cuckoo Egg Project's Web site. Whether it's deterring them from downloading other songs has not been determined.



    First spotted in June 10, 2000, so the patent is a false or fradulant one.

    --
    Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
  8. P2P spam by whovian · · Score: 4, Funny

    From the article It's like looking for a needle in a haystack.

    Much like legitimate email in our inboxes.

    --
    To-do List: Receive telemarketing call during a tornado warning. Check.
  9. So basically they patented spam? by cowscows · · Score: 4, Interesting

    This is basically a patent on the reality of spam. A bunch of noise that makes email/IM/p2p such a mess that it's hard to find anything that you want.

    If only someone held a patent on spam, maybe that'd lower the volume of it somewhat.

    --

    One time I threw a brick at a duck.

  10. Re:When will this end? by JasonEngel · · Score: 4, Insightful
    You think this is a bad thing? Now that this pair has a patent on the concept, maybe the patent can be used AGAINST those people who flood P2P networks with false files. In order to do so now, they have to license the concept from this Prof/Student duo or face litigation.

    Maybe - just maybe - this is a good thing. The question is, did it happen at a useful point in time, or is it now irrelevant?

  11. Why? by 0x0d0a · · Score: 4, Insightful

    Why would you email these people and complain? Applying social pressure isn't going to stop the march of progress any more than the RIAA sending nastygrams is going to stop me from adding code to P2P clients and working on approaches to counter attacks on P2P networks.

    Spamming is a known attack on most P2P networks, because such networks treat everyone with a certain level of (possibly undeserved) trust. It's not rocket science, and if people designing networks failed to take it into account and allowed it to be an effective attack, it's *their* problem (just as the RIAA devising a business system with expensive music and infeasible protection has copy protection as *their* problem).

    This does nothing to solve the thing long-term.

    Here is what will happen.

    Initially, P2P networks took a "trust anyone" appraoch. (Napster, etc). This rapidly was shown to be infeasible, and systems allowing black/whitelisting users, allowing trusted endorsement of files (Sharereactor and similar), and allowing community rating (Bitcollider) popped.

    Hale and Manes just took the obvious next technological step, which is to make it easier to attack the network -- have a system that learns what people are suckers for most, and to exploit it (well, and just about every other claim they could think of to throw in, but that's the meat of the patent). I think that it's absurd to make this patentable, frankly. These ideas are not only obvious, but have been floating around on P2P system development forums. Furthermore, the academic and business systems that we have rewards people like Hale and Manes for creating bullshit patents -- that's still not their fault. It's that of the people who have control over the patent process, which is ultimately all of us.

    It's quite possible to counter whatever Hale and Manes are claiming is new and revolutionary. There are current systems like WASTE with simple trust systems -- users can be in or out, and anonymous users aren't trusted. It may take a trust network with non-binary trust (this person is *really* trusted to provide good files, this one not as much) and transitive trust. The schemes coming from Hale and Manes are quite beatable, though -- it's a losing position to be holding.

    Anyway, after someone comes out with a trust system, people like Hale and Manes will then come out with patents on processes that demonstrate attacks on whatever statistical methods are used to assess trust in such networks.

    The algorithms will be tweaked by P2P folks, and eventually a pretty-good-to-the-point-that-P2P-network-attacker s-can't-effectively-beat-it network will be reached. The RIAA/MPAA/people protecting content are guaranteed to lose. Even harsh legislation against copyright infringment just promotes increasingly more anonymized systems like Freenet.

    Content providers will be forced to move more towards service-oriented systems (you buy a music "service" with access to a vast music library, and then content creators and marketers are recompensed based on how much their content is used). It's not the end of the world for anyone, and the same cycle of upheaval and technological improvement has happened time and time again in many areas. In the end, we generally have a more effective system for all involved.

    I personally *like* it when people run out and attack P2P networks. It drives people to do systems right, rather than just hack things up without a thought for security (and unlike a cracker breaking into a computer, someone attacking Gnutella doesn't prevent anyone from getting work done or expose personal data). I think that producing "properly built" networks that don't have such weaknesses is an absolute blast, a fun research topic, the side that gets all the love from people who are trying to toss data around, etc.

    Heck, it might even be neat to work under Hale and try to thwart the latest in anti-sharing strategies that one of his other students has come up with. :-)

    --
    May we never see th
  12. Re:but... by ticktockticktock · · Score: 4, Interesting

    You are forgetting that peers are generating the results and relaying results from other peers. Nothing stops a rogue person from modifying a gnutella client to look for certain searches and then prevent them from going beyond their peer and simply send back garbage results with hundreds/thousands of fake sources for the fake file.