Slashdot Mirror
MPAA Developing Digital Fingerprinting Technology
Danathar writes "The MPAA is looking to use digital fingerprinting technologies that in conjunction with legislation will enable and force ISPs to look for network traffic that matches the signatures. " From the article: " Once completed, Philips' technology--along with related tools from other companies--could be a powerful weapon in Hollywood's increasingly aggressive attempts to choke off the flood of films being traded online."
that some of the scariest 1984ish stuff would be coming out of the fricking entertainment industry fer chrissakes.
Is it fascism yet?
aaaactually, mr wizard taught me that it's just the water's skin that's really wet--that is, it's self-adhesive properties...
pour a shitload of babypowder on a cup of water, and stick your finger down to the bottom. it'll be baby-fresh instead of wet.
Personally, I don't trade mp3's. But considering the extremist and blatantly arrogant posture that the **AA has adopted leaves me feeling no pity for any losses (real or imagined) that they may have suffered. With this in mind, I refuse to purchase any music or videos anymore... not that anything that gets released is worth a shit (let alone $20) anyway.
If they want to assume an anti-consumer posture, then they can just all go out of business. Screw em.
When all else fails, run.
this to me is the least offensive method of combatting piracy
Yes, until you get your new bill from your ISP, which includes an extra $50.00 per month so that they can afford to comply with the law.
See, I'm pretty sure that the MPAA won't be paying the ISP to implement this technology, to purchase the additional equipment to use it, and to maintain it.
The ISPs will be legally required to do man in the middle attacks. When you start up an SSL connection they will accept it as if they were the destination and then make a request to the destination for a connection. They will then pipe all info between the two connections through their fingerprinting program, and then pipe the approved data to you and to them. None of this will ever happen.
--
WHO ATE MY BREAKFAST PANTS?
This is nothing more than an automated private-sector wiretap. Bad thing. I don't want the FBI monitoring private communications without proper authorization and judicial oversight, and I sure as hell don't want the likes of the RIAA, MPAA or any other AA looking at my personal communications and deciding whether or not to sue me for whatever they think they've found. The RIAA is not a law enforcement arm of the government, neither is my ISP ... and I don't want either of them to become such.
It's generally considered wrong when private individuals or organizations take the law into their own hands (see: vigilante justice.) It's even more dangerous when the organization in question is as heavily-bankrolled and as morally bankrupt as our two favorite "entertainment industry trade groups". No thanks. They can keep their grubby little lawyer fingers out of my data stream.
The higher the technology, the sharper that two-edged sword.
Yes, they can.
The DMCA makes a whole lot of statements about copyright circumvention. But not much of anything about encryption. This is why CSS, with its laughably weak encryption, can be used, and anyone who pokes at the gaping goatse vulnerability-hole is then liable for horrible, horrible damages.
If you're not using encryption to protect your copyright---and if you're not selling all those "vacation" JPEGs and school papers, it's damn hard to show copyright damages---the DMCA is mute on this issue.
It is designed to protect copyright holders, not to protect anyone who uses encryption.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
I would think a way to go would be to use some low-grade form of encryption using random keys that aren't known to the end-user. Something that would be trivial to break on a user's home system, but would be impractical for the ISP to process on a large-scale.
Is this feasable, or would it just turn into an arms-race of "who has the bigger processor"?
for an ISP to deal with the pressure behind the situation: "If we can't read it, we won't pass it across our portion of the Internet."
All too do-able in the hyper-paranoid post 9/11 US of A...
Afraid yet?
Take the 90-Day Challenge! http://rwmurker.bodybyvi.com/
"All you need to do is a slight file format transforamtion (just uuencode and then zip) will mask the watermarks."
You are quite correct that this will defeat the watermarking.
There would be significant side affect though. You could say goodbye to downloading a single file from multiple sources because if we were to use your proposed solution then every copy of "The Matrix" on the P2P network would be unique, therefore you would not have the advantage of pulling in all the "parts" from disparate sources.
"You can't fight in here, this is the war room!"
If they do read slashdot for a free technical review, they can hardly ignore the same points raised over and over again:
1. Technically infeasable and economically ruinous for ISPS to scan all network traffic (unless you want to pay them for their trouble, MPAA? you could indemify us all for the resultant Internet slowdown perhaps?). You've been told so many times, you can't be that stupid.
2. Copy-protection can always be broken. It's like King Canute live action when I go to see a movie and be insulted by MPAA movie-theft ads.
3. If you drive the people to encryption, a lot more than your precious assets will go byebye, it will bring down the gravy train for everyone else, and won't they thank you for it.
Using Occam's Razor I ask which is more likely: that they either don't read slashdot or do so in such a way as only read it for the pictures.
insecurity asks the wrong question irritation gives the wrong answer
Watermarking is overrated. To remove -any- watermark (defeat -any- watermarking scheme), you just have to re-watermark the media. That's it. In pretty much all cases, that will make the original watermark unretrievable (at least not in any statistical sense).
There is a very strict balance between signal power and watermark power---if you increase watermark power (make it harder to remove), you're degrading the media. There is a balance that exists between the two---and to destroy the balance, you just have to re-watermark the image the 2nd time (yes, losing some quality), and all of a sudden, the original watermark is gone.
Pretty much all papers that claim to embed their watermarks several times have either tweaked media or tweaked watermarks that specifically embed the data into different things---but if you re-apply any spread spectrum watermark to the media, all of the separate tweaked parts are gone.
The trick is `quality loss'... but then again, most of the time it's not -that- bad.
"If anything can go wrong, it will." - Murphy
A protocol doesn't have to be invulnerable, it just has to be strong enough that stopping it would cripple the economy.
As an example of a circumvention technique, consider if BitTorrent were to be extended to allow trackers to use encrypted connections to the clients, and to mediate keys between the various clients. Torrent files could be extended to contain the public key of the tracker. Then, regular SSL connections to the torrent websites would work.
I can think of a few other things off the top of my head... The client-to-client connections could be made to look like SSH connections. Can't stop those without crippling the economy and people actually pay attention to the keys there so you can't proxy it either. Or, you could start putting keys in the DNS records like Yahoo! domainkeys. UDP messages would be a pretty big PITA to classify and firewall.
The people behind most of the p2p protocols are way smarter than me and I could do any of those.
I rarely criticize things I don't care about.