Slashdot Mirror

← Back to Stories (view on slashdot.org)

This is How We Catch You Downloading

Posted by CmdrTaco on from the line-and-worm dept.

marto writes "All over Europe thousands of people are being threatened with court action for allegedly sharing games like Dream Pinball 3D on P2P networks. Now, documents obtained by TorrentFreak show details of the anti-piracy company's techniques for identifying alleged file-sharers on the internet and the gathering of claimed 'forensic quality' evidence for use in court cases."

76 of 308 comments (clear)

  1. Good thing you can't mask your IP address by beavis88 · · Score: 5, Insightful

    Or these guys would be SOL.

    Oh, wait...

  2. Automated lawsuits by ConfusedSelfHating · · Score: 5, Interesting

    They seem to be very sure that an ISP keeps accurate IP address records. Why do I feel that this will result in a semi-technical employee of the ISP pulling up who the IP Address is currently leased to? I feel sorry for all of the people with a wireless network using a SSID of "Linksys". Expect a letter tommorrow.

    Does anyone else feel that it doesn't matter to the RIAA/MPAA if their lawsuits are accurate or not? If you send intimidating letters to people, some of them will settle even if they are innocent. You can then claim X number of settlements and declare victory.

    This is a great scam for someone who wants to commit fraud on a national scale. Send people letters claiming that they breached copyright law and demand a settlement. Offer an opportunity for settlement for $2000. If they get a lawyer, drop any claim. If they ignore it, write it off. If it costs you a dollar per letter and 0.1% of people accept your "offer", a million letters will net you a million dollars. Maybe this is the new business model for big media.

    1. Re:Automated lawsuits by mgv · · Score: 4, Interesting

      This is a great scam for someone who wants to commit fraud on a national scale. Send people letters claiming that they breached copyright law and demand a settlement. Offer an opportunity for settlement for $2000. If they get a lawyer, drop any claim. If they ignore it, write it off. If it costs you a dollar per letter and 0.1% of people accept your "offer", a million letters will net you a million dollars. Maybe this is the new business model for big media.

      I'm not sure what the law says in Australia, although vexatious claim comes to mind. In the USA, people seem to use the term racketeering, although I don't know enough about US law to know if this is correct.

      Michael

      --
      There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
    2. Re:Automated lawsuits by Kjella · · Score: 3, Interesting

      This is a great scam for someone who wants to commit fraud on a national scale. Send people letters claiming that they breached copyright law and demand a settlement. Offer an opportunity for settlement for $2000. If they get a lawyer, drop any claim. If they ignore it, write it off. If it costs you a dollar per letter and 0.1% of people accept your "offer", a million letters will net you a million dollars.

      That would be an illegal business model. However, if you do follow through on the rest and take them to court and win most, then it's perfectly legal. It is illegal to threaten lawsuits without cause. It's not illegal to offer a settlement if you do have cause.

      The statistics aren't really in since the legal system is a slow turning one, but I'd be surprised if most people managed to show a preponderance of evidence against. Sure, you can point to hackers, open wifi, lack of computers/equipment/skill, but they're more doubt than making it *probable*. Is that his excuse? Has he sent in a different, clean hard disk? All of these defenses rely on evidence you bring yourself, there's no official log anywhere to back you up.

      --
      Live today, because you never know what tomorrow brings
    3. Re:Automated lawsuits by ScrewMaster · · Score: 2, Informative

      I think we use the term "barratry" here, although I only think that from having read it on Slashdot, so, you know, grain of salt and all that.

      --
      The higher the technology, the sharper that two-edged sword.
    4. Re:Automated lawsuits by mithras+the+prophet · · Score: 3, Informative

      They seem to be very sure that an ISP keeps accurate IP address records. Why do I feel that this will result in a semi-technical employee of the ISP pulling up who the IP Address is currently leased to?

      I served on a grand jury that saw several fraud cases that involved the use of ISP IP lease records, and the employees that testified were very knowledgeable and diligent. That's not to say that they would be in every case, of course, but what direct experience I do have suggests that your concerns are misplaced.

      --
      four nine eighteen twenty-7 thirty-nine forty-7 fiftyeight sixty-nine seventy-9 eighty-8 one-hundred-and-nine one-twenty
    5. Re:Automated lawsuits by ScrewMaster · · Score: 5, Insightful

      It's not illegal to offer a settlement if you do have cause.

      True, but on the other hand if you're going to be suing people on the scale that the RIAA has been suing people, your evidence had better be pretty solid or you're treading on thin ice. Judges are starting to wake up to what the RIAA is doing, and I hope that trend continues.

      All of these defenses rely on evidence you bring yourself, there's no official log anywhere to back you up.

      Also true, but there's no "official" evidence to back up their claims either, which is the crux of the matter. And no, the information ISPs record hardly qualifies as an official log. Those are typically for provisioning, diagnostic and statistical use, and are not intended to serve as evidence against their own customers. Nor does a screenshot from Kazaa showing a list of IP addresses count as strong evidence.

      The chain of evidence is pretty weak, given that they're depending upon data that was not recorded with the intent of being used in court, isn't particularly reliable anyway, and is subject to human mishandling outside any forensic chain established by the courts, and isn't guaranteed to point to the actual "criminal" in any event! The problem here is the (unfortunate) human tendency to accept information generated by a machine that you don't understand as being valid, when there's a substantial chance that it isn't.

      That effect is very real ... in my years as a software contractor I saw it all the time. I would imagine that judges are just as subject to it as anyone else. I had to tell my customers repeatedly that they can't trust the software until they've done end-to-end on it and know that the results are valid. Mistakes get made, people (even me!) screw up on occasion. As far as I'm concerned, log files spit out by a router or DSLAM shouldn't be admissible in court, certainly not as the primary evidence against someone. I wouldn't want my future dependent upon a few magnetic domains on a hard disk somewhere. Let the RIAA collect some actual evidence (say, a picture of me at my computer doing something illegal) and take me to court. ISP logs are a joke at best, or would be a joke if their use weren't unfairly injuring lot of people.

      It's not as if there's some official Federal standard in place for ISP data monitoring that would be guaranteed to hold up in court so long as the ISP could be shown to be upholding the standard. I can guarantee that ISPs wouldn't want such a standard because it would cost them a fortune.

      --
      The higher the technology, the sharper that two-edged sword.
    6. Re:Automated lawsuits by Shabbs · · Score: 2, Funny

      If it costs you a dollar per letter and 0.1% of people accept your "offer", a million letters will net you a million dollars. Maybe this is the new business model for big media. And no profit!
      --
      Mark
    7. Re:Automated lawsuits by Deorus · · Score: 5, Funny

      > I feel sorry for all of the people with a wireless network using a SSID of "Linksys".

      Aren't Linksys and Default free wireless broadband ISPs?

    8. Re:Automated lawsuits by ScrewMaster · · Score: 2, Insightful

      Everyone but the lawyers involved, apparently.

      --
      The higher the technology, the sharper that two-edged sword.
    9. Re:Automated lawsuits by cpt+kangarooski · · Score: 2, Interesting

      It seems to have more to do with wanting to avoid juries. Juries are likely to be sympathetic to defendants in these cases, meaning that while RIAA's evidence could support their case, if a jury disagrees, then it didn't matter that it could have worked. RIAA probably prefers bench trials to jury trials, and settlements to any trial at all.

      --
      -- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    10. Re:Automated lawsuits by cpt+kangarooski · · Score: 2, Informative

      and then demand that you provide us with whatever evidence we need

      Yes, that's how discovery works in the US. It's not a bad system, actually. You might want to read up on it.

      --
      -- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    11. Re:Automated lawsuits by Sancho · · Score: 2, Informative
      I work for an ISP.

      They seem to be very sure that an ISP keeps accurate IP address records. Why do I feel that this will result in a semi-technical employee of the ISP pulling up who the IP Address is currently leased to? We keep meticulous logs for a variety of reasons, both legal and for the security of the network. It's a blessing and a curse--when we need to track down someone for abusing the network, it's easy. But when we need to find someone who is about to be harassed by the MPAA/RIAA, it's also easy.

      The people who search the logs are quite competent. The log audit software we have takes a timestamp in any format accepted by strftime, which means that we can give it a timestamp with a timezone which is not ours (99% of the complaints) and it will automatically convert it to UTC, search the logs, then return the information in UTC, our TZ, and the TZ from the complaint (so that spot-checking is easy). If the complaint is recent enough, we also check current leases as a secondary check (most of the time, the complaints come in within a couple of days of the alleged infringement, and the owner hasn't changed). If it is the same, we check to see if the IP appeared anywhere else on the network (it could happen, due to a glitch or malicious behavior).

      It's honestly pretty foolproof, from our end. Smart people wrote the software, smart people use the software, and the software itself is absurdly simple. We are confident in the answers we give, and in the people who give them. Whether or not they were legitimately asked for is not in our hands. You can thank the cartels and the DMCA for that.
    12. Re:Automated lawsuits by laffer1 · · Score: 2, Informative

      As someone who worked at an ISP for close to three years, I can tell you that ISP logs are not reliable. Our logs were stored in an unpatched Microsoft SQL Server running on a Windows NT 4 SP4 server (after SP6a was out). The radius server logs were imported periodically into SQL Server. Considering our Linux boxes were hacked due to poor setup and outdated software, anyone could have altered the logs before the import or after the import.

      That ISP had like 4000 customers so we're not talking big time. As I left, we were rolling out aDSL service.

      I know some of you think hacking a Linux box is impossible, but consider an id10t who uses BIND 4 for DNS well after BIND 8 had been out, old versions of apache, Microsoft FrontPage extensions for Linux, and a slew of other misconfigured, old software. Almost everything ran as nobody or root. If you hacked one service, everything else was probably running as the same user anyway.

      Our logs were deleted several times. I wore many hats, but one of them was Windows sys admin. I was not allowed to fix/patch the billing database server. At the time, my servers were never hacked and the linux machines were often hacked. It was like being in the mirror universe.

      --
      MidnightBSD: The BSD for Everyone
    13. Re:Automated lawsuits by ScrewMaster · · Score: 2, Insightful

      You're evil, you know that? I like the idea though.

      Frankly, I'm surprised this hasn't been done already. Huh. For all we know, maybe somebody has.

      From a purely technological perspective, services like MediaSentry are workable only until file transfer software reaches a certain level of sophistication ... at that point they will become useless. The only hope the RIAA-types will have is if they can convince/coerce ISPs into monitoring P2P activity at the source. That would probably an easy task if you're dealing with the likes of AT&T, SBC or Comcast. They haven't exhibited the slightest backbone regarding customer privacy, and at some point they'll start piping user activity info right to the lawyers. That would be a dream come true for those people: automated "justice" at its finest.

      At one point I kinda thought the RIAA's lawsuits were targeted solely at suppressing P2P usage, and I suppose initially that was true. Now I'm not so sure, since it does look like they're making a significant amount of money from their campaign, I mean, now there's a profit motive directly attached. They aren't just the paid legal arm of the studios any longer, now they're actually making money from their lawsuit machine. Does anyone know where those funds go? Is the "take" from all these settlements only enough to fund the law firms involved, are they losing money, or are they stashing some away for a rainy day? What are they doing with it?

      If they are profiting by this, what it means to me is that the RIAA wouldn't be happy even if they managed to stop all file-sharing tomorrow: they'd lose a significant source of revenue.

      --
      The higher the technology, the sharper that two-edged sword.
    14. Re:Automated lawsuits by Durandal64 · · Score: 2, Insightful

      It's fool-proof for identifying which IP address an infringing file was sent to, but that's like saying, "I saw your car at the crime scene". You have to actually show that the person you're suing is the person who was using the computer at that time, in criminal court, at least. And that's where these cases should be if the RIAA wants criminal penalties such as jail time for violating their copyrights. (Which, if memory serves, is what they've lobbied for.)

    15. Re:Automated lawsuits by ScrewMaster · · Score: 2, Insightful

      Just wait until someone makes "Paranoid P2P"

      The way things are now, with all this legal stuff flying through the air, you can just shorten the name back to P2P (Paranoid To Paranoid.)

      --
      The higher the technology, the sharper that two-edged sword.
  3. Why don't we ... by Sod75 · · Score: 5, Funny

    put the entire internet behind a NAT router ? :)

    1. Re:Why don't we ... by maxwell+demon · · Score: 5, Funny

      Because a 15 year old might decide to shutdown the internet with a single email?

      No need for email, there's a convenient web interface available.
      --
      The Tao of math: The numbers you can count are not the real numbers.
    2. Re:Why don't we ... by digitalhermit · · Score: 5, Funny

      OK, I just reconfigured my Linksys by switching the LAN and WAN ports. Please use 192.168.0.1 as your gateway and it should work.

    3. Re:Why don't we ... by awarlaw · · Score: 2, Funny

      Hey, that's my gateway. Go get your own!

      --
      TIME is the Aether...
  4. To quote... by galenoftheshadows · · Score: 5, Interesting

    In an age of Wintel-virus created bot-farms, spoofs, and easily cracked WEP encrypted wireless home networks (among other easy hacks), the only tech-savvy response to such . . . an accusation . . . is, "You've got to be kidding."

    'Nuff said. And thanks to Merl Ledford III. (Pardon my edit, by the way.)

    I find it so hard to believe that these companies continue in the thought that they can make these cases work.

    --
    Galen
    In your face, and always right!
  5. Not that foolproof by mgv · · Score: 5, Interesting

    Couple of problems with their system:

    1. It doesn't download the whole file from your system. Which means that they can't really show that you have the file, just that you say that you have it. Some anti-piracy systems are known for responding to any search request with a positive result but full of junk or ads.

    2. It doesn't really prove it was you, it just logs it to an IP address (even if it was your IP, you are running a wireless network, right?)

    3. It currently doesn't do bit torrent, just other P2P systems.

    And probably alot of other problems - just did a quick scan of TFA to produce this post.

    Michael

    --
    There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
    1. Re:Not that foolproof by EsbenMoseHansen · · Score: 5, Interesting

      Couple of problems with their system:
      2. It doesn't really prove it was you, it just logs it to an IP address (even if it was your IP, you are running a wireless network, right?)

      Exactly. I never illegally downloaded file in my adult life (and likely not before, given that 2400 baud was fast back then), yet I have a wireless (FON) router open to everyone who are near. It's pretty open, you could even print if my printer happens to be turned on. Security doesn't worry me as there is only linux machines on that network, and the internet connection is decently firewalled. But conceivable, someone could drive by, and download the latest Beatles-modern-equivalent file, and I could receive such a letter --- my IP is fixed, so no discussion there. But still, if any ISP is innocent, so am I.

      In other words, they have to prove not only what IP did it, but what person. How do you do that? This sounds very much like the naughty-phone-bills case. They had to prove that it was a resident above 18(or 16?) that had called, and if they were unable to (as they were in most cases) they were kicked from court.

      --
      Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
    2. Re:Not that foolproof by rucs_hack · · Score: 2, Insightful

      very Utopian of you. I'm sure you'd be just fine if someone used your open connection to download child porn.

    3. Re:Not that foolproof by EsbenMoseHansen · · Score: 5, Interesting

      very Utopian of you. I'm sure you'd be just fine if someone used your open connection to download child porn.

      It will bother me no more and no less than if they'd used any other connection. What's next? Not borrowing a screwdriver out because it might be used for a break-in? I will not let a few deviants destroy all that is good and beautiful about this world, and neither should you. I share my connection freely within reasonable limits.

      --
      Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
    4. Re:Not that foolproof by grimwell · · Score: 3, Informative

      But still, if any ISP is innocent, so am I.

      I don't think the safe harbor provisions of the dmca would apply to you. The majority of ISPs' AUPs forbid "re-sharing" or re-selling of a subscriber's internet connection. You are a customer, not an ISP.

      If you have an account with an ISP that permits you to re-sell the internet access, then you could claim safe harbor. Indeed, the riaa would be left sending you letters for ip-to-user translations.

      Try finding a small local ISP and work with them to get re-sellable internet access. Maybe try the neighborhood wireless angle or free hotspot connectivity.

      --
      If the govt becomes a lawbreaker, it breeds contempt for law, it invites man to become his own law, it invites anarchy
    5. Re:Not that foolproof by Anonymous Coward · · Score: 2, Informative

      An ISP's TOS is a contract between you and the ISP stating the terms of continued service, not a legal qualifier that determines whether you are letting others use your network or not.

    6. Re:Not that foolproof by countach · · Score: 4, Insightful

      I don't see why the private contractual arrangments between you and your ISP would affect whether you are an ISP according to the DMCA. A few problems with your persoanl contractual arrangments wouldn't usually affect something like that. (Someone who's read the DMCA prove me wrong).

      As for forbidding "resharing", how on earth can they ask for that? Can I share with my wife? Kids? Friends? Boarders? Relatives? Guests? That's a ridiculous clause if such things exist.

    7. Re:Not that foolproof by pixelpusher220 · · Score: 2, Insightful

      In other words, they have to prove not only what IP did it, but what person.

      This is always the crux of the argument I haven't seen fleshed out. If a bank robbery is committed and my license plate is seen on the get away car, I can be quite sure I'm going to be bothered by the police until I tell them who I had let use my car at that particular time (assuming of course *I* wasn't driving a the time!).

      I suppose if I could prove I routinely left my car on the street, unlocked, with the keys in it then there might be reason for not charging me, but then I'd have to report the car as stolen (since them putting the car back would be quite unlikely me thinks.

      So I don't mean this as a rant, but given the ISP customer signed an agreement, aren't they responsible for all use of that service? If they can prove it wasn't them, but they are on the hook to cough up who *was* using it aren't they?

      It's the same thing as the recent RIAA case against the granny who claimed she didn't know what the kids in the house were doing. Given that she's the adult, she's responsible for anything the kids did under her watch isn't she?

      If I leave a loaded gun outside for anyone to use, aren't I responsible for anything done with that gun?

      I fully appreciate leaving open access for all to use, I just worry about the consequences that's all :)


      --
      People in cars cause accidents....accidents in cars cause people :-D
    8. Re:Not that foolproof by rucs_hack · · Score: 5, Insightful

      Oh I wish we did live in such a world, really, I'm not kidding, it would be great.

      However you could find yourself arrested, your equipment seized, and stories in the newspaper before anyone had time to believe that is wasn't you who did it, if they ever did.

      Sharing is a good thing, but unconditional sharing a net connection without checks of any kind is asking for your generosity to be abused.

    9. Re:Not that foolproof by number11 · · Score: 2, Insightful

      1. It doesn't download the whole file from your system. Which means that they can't really show that you have the file

      I haven't seen the OA, because part of it is slashdotted. But, presuming they have the SHA1 (and perhaps TTH) hashes from the victim, and a bit-identical sample (compared to the whole file they downloaded from somewhere else), that may be close enough. (I don't know if they restrict themselves to victims who have files with matching hashes, or even make any check for file bogosity, though. Given that they're on record as threatening to sue people who simply had an offending character string in the filename, they may not.)

      2. It doesn't really prove it was you, it just logs it to an IP address

      This would seem to be the weakest of their points.

      3. It currently doesn't do bit torrent, just other P2P systems

      Gnutella/G2 and eD2K specifically. Maybe. But what makes you think this is their only tool? We do know they've sued Kazaa and bit torrent users as well. And Shareaza (the OSS source their program is apparently based on) does do bit torrent, so it doesn't seem like a big step, except maybe for the fact that bit torrent doesn't provide an automatic search mechanism.

      Their system is not airtight. But for a lawsuit they don't need to meet the standard of proof that a criminal trial needs.

    10. Re:Not that foolproof by grimwell · · Score: 2, Informative

      I don't see why the private contractual arrangments between you and your ISP would affect whether you are an ISP according to the DMCA. A few problems with your persoanl contractual arrangments wouldn't usually affect something like that.

      While I am not a lawyer, I believe it would hinge on the legal definition of an ISP. If your upstream provider doesn't allow you to re-sell your internet access, it makes it pretty difficult to argue that you are an ISP.

      As for forbidding "resharing", how on earth can they ask for that? Can I share with my wife? Kids? Friends? Boarders? Relatives? Guests?

      From Comcast's AUP
      ix. resell the Service or otherwise make available to anyone outside the Premises the ability to use the Service (i.e. wi-fi, or other methods of networking), in whole or in part, directly or indirectly, or on a bundled or unbundled basis. The Service is for personal and non-commercial use only and you agree not to use the Service for operation as an Internet service provider or for any business enterprise or purpose, or as an end-point on a non-Comcast local area network or wide area network;

      x. connect multiple computers behind the cable modem to set up a LAN (Local Area Network) that in any manner would result in a violation of the terms of this Policy or an applicable Service plan;

      Note: that was just the first ISP's AUP I looked at.

      That's a ridiculous clause if such things exist.

      Haven't read your ISP's AUP, have you?
      --
      If the govt becomes a lawbreaker, it breeds contempt for law, it invites man to become his own law, it invites anarchy
    11. Re:Not that foolproof by EsbenMoseHansen · · Score: 4, Insightful

      Oh I wish we did live in such a world, really, I'm not kidding, it would be great.

      However you could find yourself arrested, your equipment seized, and stories in the newspaper before anyone had time to believe that is wasn't you who did it, if they ever did.

      Those things could happen no matter what I do. It happens to the people dealing with children occasionally, unfortunately, but fortunately the police are usually adamant about being very sure before they go around arresting people for such crimes until they are reasonable sure. For a mathematician such as I, I find it unlikely. If my IP did show up in a log, the local police might visit me for a chat, I'd show him what I could show (which would be a likely timestamp, maybe) and he would be on his way.

      Sharing is a good thing, but unconditional sharing a net connection without checks of any kind is asking for your generosity to be abused.

      Really? I think you fear your fate too much. In fact, my very open network has only ever been used by one person, and that person is me. What I do is legal, makes the world a bit nicer, harms noone, and the chance of mishaps are small. I'd be a coward for not doing it.

      Let me put the risk in perspective for you. The police claims that they monitor several child porn sites. And that lots of lots of people tune in and stays there for more than 1 minute. Yet, charges are rare. Doesn't that tell you something?

      --
      Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
    12. Re:Not that foolproof by Paradise+Pete · · Score: 2, Insightful
      Oh I wish we did live in such a world, really, I'm not kidding, it would be great.

      The only way to get there is to start behaving like he is. And since you don't seem even close to ready to do that, it's going to take a while. You can't have a great society if nobody trusts anybody.

    13. Re:Not that foolproof by stsp · · Score: 2, Informative

      Sharing is a good thing, but unconditional sharing a net connection without checks of any kind is asking for your generosity to be abused.

      Sure.

      But consider this: in Berlin, there's a free as in speech wireless mesh network with more than 200 nodes. They are all more or less connected to each other and happily pass data around. A lot of them offer internet access. There's a map of the network you can look at. Now, even though this network is publicly known, freely accessible and run in a very large city with a virtually unlimited supply of people who are after doing bad stuff, as far as I know there has never been an incident so far (the network runs since about 3 years).

      I know this does not invalidate your point in any way, because an incident could occur at any time. And a lot of people don't want to share their connection for the precise reasons you stated. But isn't it amazing still?

    14. Re:Not that foolproof by Paradise+Pete · · Score: 2, Insightful

      Many languages don't have separate words for the two sides of the transaction. If you would take the time to learn a second language you'll find that your tolerance for imperfect use goes way up. And you'll certainly stop thinking of people as "tools" for improperly using a word. Your use of the word tool, for instance, would have been considered laughably improper not very long ago. But now it gets the message across, and that's the real purpose of language.

    15. Re:Not that foolproof by Paradise+Pete · · Score: 3, Insightful
      you agree not to use the Service for operation as an Internet service provider

      The very fact that you have to agree not to do so implies that it is technically possible to act as an ISP, so I'd think that would help support a defense that you were acting as an ISP. The violation of your contract with the ISP is a separate issue.

    16. Re:Not that foolproof by sjames · · Score: 2, Insightful

      "Outside the Premises" is the operative phrase. Premises referrs to the whole property. If you live in an apartment, the whole complex is the premises. If you are a home owner, your property lines define the premises.

      A common principle in law is that you are not liable for mis-appropriations of your property for criminal purposes so long as you used ordinary care. Given that the vast majority of all people never change the default allow everything configs on their AP (and don't even know how to change it), that IS ordinary care.

      Ask questions in court about how sure the average person is that their AP is secure and that their kids haven't installed on they don't even know about and watch the jury start thinking (because they won't be so sure THEIR ISP connection can't be "borrowed"). In short, they will find it an entirely believable scenerio.

      For many (perhaps most) people, leaving an AP open makes plenty of sense. In exchange for a minimal risk, they get no hassles at all for themselves and their guests. Permitting the RIAA to draft the whole population as defenders of their copyrights is not reasonable.

    17. Re:Not that foolproof by grimwell · · Score: 2, Interesting

      The very fact that you have to agree not to do so implies that it is technically possible to act as an ISP, so I'd think that would help support a defense that you were acting as an ISP. The violation of your contract with the ISP is a separate issue.


      Wishful thinking at best. Acting as an ISP and being recognized as an ISP under the law are two different beasts. One will grant you safe harbor protections and the other not so much.

      I can act like a cop, does that mean I can be afford all of the protections&privileges of a cop?
      --
      If the govt becomes a lawbreaker, it breeds contempt for law, it invites man to become his own law, it invites anarchy
    18. Re:Not that foolproof by EsbenMoseHansen · · Score: 2, Insightful

      The people who are disagreeing with you live in much more of a police state than you. As in: The police doesn't come in for a chat, they come in with weapons, armor, and shouting, and your accusations will be forwarded to he media as 'facts', and they will happily comply and publish them as such...

      :( I know it is bad in many places, but surely, it is only in the movies it works like that in the US?

      --
      Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
    19. Re:Not that foolproof by EsbenMoseHansen · · Score: 2, Insightful

      In severe cases of child pornography? I doubt it. Depends on where in the U.S. you live, and how much child porn we're talking about.

      As I've said many times already, and as you can see otherwise, I do not live in the US, for which I am thankful. I lived there for 10 months, and frankly, that place stunk :) (Alright, so it was Minesota, and small towns stink everywhere. But I've never had the desire to visit US again).

      Best case is probably detectives coming in with warrants, taking what they want, and likely you as well. Worst case is the guns..

      I doubt they would draw on me. It causes them a lot of paperwork, you see. They might take the computers, if they had a warrant, but that costs them a) paperwork and b) money, so I don't think they'd do it for an IP address.

      Remember to idiots an IP address is like a street address. They only understand that 64.233.167.99 is YOU and therefore YOU must have done it. If it happened over your router YOU MUST have known about it, and assisted. You fucking pervert!

      Around here, there are special units handling these cases. Odds are, they even know what a MAC address is.

      I like your idea, and I love your style, but if you were in the US, and someone was hosting a bunch of child porn on a comp connected to your router (they go after people who host it far more frequently than people who just download, although both happens..) a 'friendly chat' is very unlikely.

      Hosting it would be a bit hard. It's just an ordinary wireless, they'd have to park the car around the corner or so. In a small suburb, that would cause a few comments :) Besides, it's behind a NAT firewall (2 actually), so that makes it a bit harder still.

      Oh, and what he said about the media is true. If your job in any way interacts with kids. Or if you have any. You'll be fired, harassed, and have your kids taken away even if they haven't convicted you of anything. Good luck getting a job as anything but a janitor with the accusations out there.. Innocent until proven guilty is for the criminal court system, not the court of public opinion.

      I think you fear your fate too much. At least here, I'd be cleared eventually, and the mark removed. At worst, I'd have to move town. Quite likely, my name would be protected from publishing until the case had concluded (that is standard procedure in these cased). Of course, some wacko might still pin my picture to every available wall, but what's to prevent that from happening in any case?

      --
      Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
  6. Industrial fascism by aurispector · · Score: 3, Insightful

    When are these guys going to adopt a really cool logo, like a cross with bent arms or a bundle of sticks wrapped around an axe?

    Once these tactics are accepted and legalized, eventually governments should begin experimenting with the use of webcams and computer microphones to monitor people for other illegal behaviors.

    --
    I have mod points. The reign of terror begins now.
    1. Re:Industrial fascism by Anonymous Coward · · Score: 2, Funny

      governments should begin experimenting with the use of webcams and computer microphones to monitor people for other illegal behaviors.

      We already do that...why do you think there's a free microphone in every laptop?

      Sincerely,
      NSA

    2. Re:Industrial fascism by lawpoop · · Score: 3, Funny

      "When are these guys going to adopt a really cool logo, like a cross with bent arms or a bundle of sticks wrapped around an axe?"

      How about an impersonal, all-seeing eye on top of a pyramid of money and lawyers, watching everything you do on the computer?

      --
      Computers are useless. They can only give you answers.
      -- Pablo Picasso
  7. "foolproof"? by mqj · · Score: 5, Insightful

    The claim is that the "File Sharing Monitor" is totally foolproof


    Wow. That sounds like a challenge. Seems like somebody ignored the saying "It's hard to make a program foolproof because fools are so ingenious."
    1. Re:"foolproof"? by Ticklemonster · · Score: 3, Interesting

      Sounds to me like quite a few people need to create some word documents of the exact same size as the files searched for, name them accordingly, then orchestrate a file sharing orgy amongst themselves to create a rather large target for this fool proof system. Flood'em with bullshit, then see how credible they are...

      --
      Karma: Bad is the liberal way of saying this guy won't drink the kool aid here on slash dot. I wear my Karma with pride
    2. Re:"foolproof"? by avelldiroll · · Score: 2, Funny

      i like that one too: "If you make something idiot-proof, the universe creates a better idiot."

      --
      *nix is userfriendly ... It's just selective about who is friends are ...
  8. Use an alternate P2P by hjf · · Score: 5, Insightful

    www.freenetproject.org

  9. Dream Pinball 3D huh? by stratjakt · · Score: 5, Insightful

    I thought they were sharing stuff like Final Fantasy XII, Quake 4, and other top tier titles.

    Why minimize the initial act? Thousands of people are not being threatened over "dream pinball 3d".

    --
    I don't need no instructions to know how to rock!!!!
    1. Re:Dream Pinball 3D huh? by j00r0m4nc3r · · Score: 3, Interesting

      10:1 the agency responsible for that news article is also a client of whoever makes Dream Pinball 3D

  10. Just a thought by pytheron · · Score: 2, Interesting

    how would it stand in court if you had a wireless access point that was open. Just claim that someone else used your network without authorisation to download the offending files (assume that the authorities did not find evidence on your storage mediums).

    --
    "I am not bound to please thee with my answers" [William Shakespeare]
    1. Re:Just a thought by Planesdragon · · Score: 2, Informative

      how would it stand in court if you had a wireless access point that was open. Just claim that someone else used your network without authorisation to download the offending files (assume that the authorities did not find evidence on your storage mediums). 1: IANAL. This is semi-layman's conjecture. If you want a real answer, spend the $100 and ask a real lawyer.

      2; Since these are civil suits, most likely with a "preponderance of the evidence" standard, your claim won't hold enough water. So what if there was a possibility of an open connection: is there any proof that someone else actually used it? If the sum total of the evidence better supports their story than yours, you lose.

      IMHO, if you want to genuinely protect yourself, you'll start logging your wide-open router's MAC address connections, and keep them for as long as you can -- six years if you can manage it. (A lawyer in your state could tell you the precise statute of limitations in your hypothetical case.)

      OTOH, if you want to break the law, you should be "browsing anonymously" with a proxy server and a "privacy" enabled P2P system.
    2. Re:Just a thought by Anonymous Coward · · Score: 2, Informative

      Hello:

      The plural of medium is media.

      Grrrr.

  11. Just a minute, but by Anonymous Coward · · Score: 2, Informative

    Is this Europe we're talking about?

    IANAL, but I don't think they'd get far in a Belgian court, with evidence that is not collected by police services or by a judicial expert appointed to collect that evidence.

    I think legislation in other European countries doesn't differ much from ours. You just don't step up to a judge saying "here's the IP address of the guy that did this or that last week, please have the cops find out who it is and sentence him, will ya?"

    So either the lawsuits are fake (which makes it extorsion), or the whole story is.

  12. Juicy bits pulled from server to prevent /.'ing by carpe_noctem · · Score: 4, Funny

    -Link to PDF temporarily removed, will return later-

    What, no .torrent file?!

    --
    "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
    1. Re:Juicy bits pulled from server to prevent /.'ing by mathd · · Score: 2, Informative

      http://www.bundybovines.com/20070414093506062-1.pd f

  13. Re:How? by Fred_A · · Score: 5, Funny

    Simple :
    ifconfig eth0 127.0.0.1

    Now they'll never find me ! Hahahaha !

    Eh, wait...

    --

    May contain traces of nut.
    Made from the freshest electrons.
  14. Techniques by noz · · Score: 3, Funny

    details of the anti-piracy company's techniques for identifying alleged file-sharers on the internet
    People who visit the linked article?
  15. Re:How? by Anonymous Coward · · Score: 5, Funny
    ifconfig eth0 127.0.0.1

    Now they'll never find me ! Hahahaha !


    That's what you say! I can see your ssh port open, and I'm already in! Count down to "rm -rf /": five, four, three, two...

  16. Easy way to avoid being sued by JackMeyhoff · · Score: 2, Interesting

    If you get a letter, if you dont have a copy of the item in question then go out and buy a "license" for it. When it comes to court, wave your "license" and what can they sue you for? End of court case. Everybody should do this.

    --
    http://www.rense.com/general79/wdx1.htm
    1. Re:Easy way to avoid being sued by walt-sjc · · Score: 2, Insightful

      p2p means sharing, not just downloading. If anything, you will get yourself in MORE hot water - "I bought this item and shared it with the world!!!"

  17. Good thing you can't block them by TheSpoom · · Score: 4, Informative

    Oh wait...

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
    1. Re:Good thing you can't block them by TheSpoom · · Score: 3, Informative

      Good for you! You can bash a technology without researching it at all! Cause clearly the PeerGuardian lists are only using the published RIAA / MPAA IP blocks and haven't thought of this already. But hey, do what you want. I haven't received any BSA notices since installing SafePeer (not that I'm necessarily saying I downloaded anything ;^) but if you want to be targeted instead, go right ahead.

      --
      It's better to vote for what you want and not get it than to vote for what you don't want and get it.
      - E. Debs
    2. Re:Good thing you can't block them by irc.goatse.cx+troll · · Score: 2, Insightful

      I haven't received any BSA notices since installing SafePeer (not that I'm necessarily saying I downloaded anything ;^) but if you want to be targeted instead, go right ahead.


      How many did you get before you installed it, or are you saying it had zero impact on your BSA notice quota and is thus an irrelevant data point?
      --
      Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
  18. Why isn't this a DMCA Violation? by pacalis · · Score: 4, Interesting

    Section 1201 makes it illegal to (1) "circumvent a technological measure that effectively controls access to a work" Seriously, couldn't a modification of Shareza effectively be construded as a DMCA violation? In this case, they are associating additional information with the work, which is an effective change in access to the work.

    1. Re:Why isn't this a DMCA Violation? by vliktor · · Score: 2, Informative

      If in case you didn't know, Shareaza is licensed under the GPL, so no DMCA violation.

      http://www.shareaza.com/

  19. If each P2P app was also a proxy... by dave420 · · Score: 2, Interesting

    ... then there could be no claim to the owner of the IP actually being the one downloading, regardless of whether the P2P app was actually proxying at the time or not. If all client->proxy communication was encrypted, then even the ISP couldn't sniff it and know what's going on, should they be subpoenaed for such information. Then the only thing the user would be guilty of is running an open proxy on the ISP's network, as opposed to being sued for millions. And if the ISP doesn't give a rat's ass, then there is no problem. Just a formal "tut tut" letter from the ISP. Or am I being naive?

    1. Re:If each P2P app was also a proxy... by dave420 · · Score: 2, Interesting

      Yeah, I know about freenet, but I was suggesting applying it to downloading large binaries on current P2P networks. If this concept of allowing someone to proxy through your box was applied to an eDonkey or BitTorrent client, then we could try to stem the flow of litigation we're currently seeing. Using freenet is no alternative, even if the software makes it a great distribution platform. The technology should follow the releases for a quick-fix, as the other way round would take ages to happen, even if these benefits were possible. In short: people ain't going to swap BitTorrent or eDonkey for freenet :)

  20. Re:How? by numbski · · Score: 3, Informative

    Just type sudo first, then use the one you used to get in via ssh. Odds are pretty good that it has admin rights. :)

    --

    Karma: Chameleon (mostly due to the fact that you come and go).

  21. Re:How? by didde · · Score: 4, Informative


    You can easily use a (open) proxy or similar to mask your HTTP traffic. But if you'd like to take it one step further, Relakks (based out of Sweden - also accepts foreign users) uses VPN to route all packets from your machine out onto the Internets. You can check their legal FAQ to read about their restrictive policy regarding your personal information. It'd take a subpoena from the Swedish gov't to for them to hand out your originating IP address. This is rarely done - and as I understand it copyright violations are not considered "serious" enough.

    Works like a charm and the performance drop is insignificant. You could easily saturate even a 100 Mbps link using this service.

  22. Pirates be damned !! by HW_Hack · · Score: 3, Interesting

    While I don't approve of these methods (nor do I support current DRM methods/programs) pirating of software or music/videos is WRONG. In the end you are not ripping off the wealthy CEO or rich mega-band - you're ripping off all the average Joe's who work at company xyz and whose comensation and jobs are impacted by loss of sales of products. But go ahead and keep telling yourself you're sticking it to the "big man".

    I used to pirate as well - I then got a real engineering job and became aware of the true number of people it takes to crank out a product - from middle managers - engineers - techs - secretaries - all the way down to the guys / gals in shipping. Every product that you subvert by pirating is money that does not go to the company coffers to cover wages / healthcare of these average folks. That was the end of my pirate days (but I still like to talk like a pirate).

    Technology and market pressures will force the RIAA to change eventually as well as software companies forced to price their products more realistically.

    Some could argue that pirating adds pressure to make companies change - but thats just another arguement to mask the fact that you are sticking it to average folks. Besides there's enough pirating going on in Asia / China to perform that function - I don't need to get my hands dirty.

    Go ahead and flame on - I've got a firewall

    --
    Its not the years, its the mileage .....
  23. Re:How? by cerberusss · · Score: 2, Funny

    Now they'll never find me ! Hahahaha !
    . . . says "Fred @ N48 53'06 E02 19'15" . . .
    --
    8 of 13 people found this answer helpful. Did you?
  24. Re:OMG, they track people by IP address? by cdrguru · · Score: 2, Informative

    How about being able to take an IP address from your logs where someone is trying a brute-force password attack? You'd like them to stop, right? Fat chance!

    The IP address is easily traceable to an ISP. The ISP knows who is doing this to you, but will not tell you because that information is "private". You can suggest that you send the logs to the ISP and would they contact their private, anonymous user and tell them to stop, but no ISP that I have ever encountered will do anything to help you.

    Basically, you are screwed. Hope you change passwords often because brute force attacks will succeed ... eventually.

    It is illegal to break into computers, but no local law enforcement agency will ever go after someone without "real" damages, probably thousands of dollars. The FBI will go after people, but only after $25,000 in provable damages. It is highly unlikely someone brute-forcing your password file is going to cause you $25,000 in damages. The FBI has a lot more manpower than local agencies for computer crimes, so you can pretty much figure that you have to account for $25,000 in damages before anything is going to happen.

    Most ISPs are going to ignore crap like this from an infringed copyright holder because there is no way they can cause the ISP any trouble and sifting through logs costs time and money. The ones that do something are pretty much going to just send their customer a letter about a letter they got and that is the end of it.

    You can be intimidated by this if you want, but the truth is you are pretty much anonymous with your privacy secured by your ISP. If your ISP gives you up, you are the account holder and it would seem this doesn't mean much - the account holder does not seem to be responsible for actions on the account. This means you can just say "wasn't me" and there isn't much they can do about it. If they want your computer for analysis, just have your lawyer say "no" before they take it. They really don't have any grounds for action because there is no evidence that you personally committed any of the deeds they are trying to sue over.

  25. Re:Are the RIAA/MPIAA proper litigants? by dbIII · · Score: 2, Insightful

    I seem to recall an article where they sent a guy a take down notice for his own work. They are obnoxious incompetants.

  26. Re:Yeah how do you change that? by numbski · · Score: 2, Funny

    rm /etc/passwd and /etc/shadow (or /etc/master.passwd if you're on FreeBSD). That ought to fix it right up.

    --

    Karma: Chameleon (mostly due to the fact that you come and go).