Slashdot Mirror
MPAA College Toolkit Raises Privacy, Security Concerns
An anonymous reader writes "The Motion Picture Association of America last month sent letters to the presidents of 25 major universities (pdf), urging them to download and install a 'university toolkit' to help identify students who were downloading/sharing movie files. The Washington Post's Security Fix blog reports that any university that installs the software could be placing a virtual wiretap on their networks for the MPAA (and the rest of the world) to listen in on all of the school's traffic. From the story: 'The MPAA also claims that using the tool on a university network presents "no privacy issues — the content of traffic is never examined or displayed.' That statement, however, is misleading. Here's why: The toolkit sets up an Apache Web server on the user's machine. It also automatically configures all of the data and graphs gathered about activity on the local network to be displayed on a Web page, complete with ntop-generated graphics showing not only bandwidth usage generated by each user on the network, but also the Internet address of every Web site each user has visited. Unless a school using the tool has firewalls on the borders of its network designed to block unsolicited Internet traffic — and a great many universities do not — that Web server is going to be visible and accessible by anyone with a Web browser."
I don't see the universities listed anywhere in the article. Which ones are they? We need to know so we can write them letters.
This makes no sense. What are they going to accomplish by going after college kids, who really don't have that much disposable income? It seems counter-productive to me. You piss off a bunch of college kids, who can't afford to spend money on movies anyway, and who are going to earn money in the future, and will probably chose not to spend their money on movies, since the MPAA were being dicks. Not to mention the horrible invasion of privacy and security issues.
Any university that installs that has a problem. University networks are constantly "played with" by students, so the IT department has to be on the ball. Any dumb enough to install this probably have had many student hacks already...
Nice. For those of you that didn't read TFA, the toolkit is basically Xubuntu, with some tools like Snort preinstalled.
c++;
Given that the aim of the toolkit is supposedly to
then how do they manage it without examining traffic? If the toolkit monitors BitTorrent (and other) ports then that would tell you who is using P2P, but not who is sharing movies. Maybe all that traffic is from students internally torrenting various Linux distros or their garage bands' MP3s.
Thank goodness I never lived in University halls.
It just amazes me that no other large news organization has a reporter devoted to covering this stuff full time, as Krebs does. Hell, Krebs isn't even part of the paper; he's attached to the Web site. I guess that says it all. Keep up the great work Brian.
I wonder how much of the data collected will be burnt to disks and sent to Britain.
Pacifist paratroopers yell, "Ghandi!" when they jump.
They're about to become corporate serfs. Give them a four year break from corporate dominance, so they have that much more psychological trauma when they exit school, which will make them the perfect mentally broken spiritual voids who need to buy our products.
Thanks,
The NWO
Anti-Globalism
This toolkit in comparison to instead installing a filter system that the MPAA (slashdot lame filter see this as junk characters) would then maintain a database off site from the university ...
But students would find ways around the filter?
vs.
Their toolkit wrongly identifies students as illegal down loaders who actually aren't.
In other words, how is the toolkit going to verify an illegal download or is it just passing all traffic to the Motion Picture spys?
Somehow this sounds more Hitleronian tell on you family, then its supports education.
Just because the entertainment industry has found interest in attacking its customers, should the universities follow suit?
All this will be is another challenge for people to find work-arounds. Has any of this stuff actually ever worked? Has any attempt to stifle people downloading ever resulted in anything other than increased downloading? How many times has the RIAA for example, declared victory and "great strides"? Funny that a week or so after a record executive says the RIAA going after consumers was a mistake, the MPAA shows up to take up the gauntlet. And again, down the RIAA path of going after college students. We'll see how that works out for them.
it's all about control and flexing their legal muscles to intimidate the rest of the public into towing the line. The MPAA is using this to gather more ammo in order to sue the people who are old enough to know what P2P is, who tend to use P2P apps to get music/movies/etc. on a regular basis, and who tend to have limited resources to fight back in court.
Ad astra per aspera (A rough road leads to the stars)
.... That schools that do not install this "tool" will get the lion's share of RIAA lawsuits?
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
... the hacker team MPAA for this great social engineering attack.
Everyone please remember to distribute those IP addresses of the kit downloaders so we can hit these colleges HARD!
install an anti-MAFIAA toolkit!
:D
1) Install a firewall that sniffs traffic
2) See if it's not bittorrent or bittorrent sites
3) if it is, BLOCK IT
4) Put the MPAA toolkit in a machine behind the firewall! Ta-da!
Thats true, I Spent the majority of my first week at college figuring out how the firewall worked and bypassing to so me and the other guys in my class can play Quake 3 and stuff :D :P Lots of fun.
Then I reconfigured the network boot process to not load up the (local) firewall so we can download new games to play, it also booted up a hell of a sight faster. I told the IT guys id messed with it, left it to them to fix it
College kids may be portrayed as dorky and drunken, but they're smart. And chances are CS students will find a way around this.
What's the value of information that you don't know?
Dear MPAA and RIAA:
You've noticed that the number of students who think downloading movies and music via the internet is OK. Well, here's some news for you:
Vox populi, vox Dei.
The MPAA got the same people to write this "tool" as they get to write those super-realistic computer scenes in the movies!
ccalam - acoustic versions of new songs.
mpaaBuddy is an on-screen "intelligent software agent" created by the MPAA, and based upon Microsoft Agent technology. The goal of the program is to help users enrich their online movie experience as they discover digital movies together with the included "mpaaBuddy," which is an animated, purple Tom Cruise. Users can interact with Tom by asking him questions, get recommendations on new movies released by MPAA members, as well as be politely informed when unapproved websites are loaded.
Other features include, an integrated download tracker, movie-related themes, desktops, screen savers, and cute, animated emoticons, bearing a resemblance to top-selling actors. Also included is a desktop search utility that indexes a hard drive's contents in order to allow the user to easily perform searches.
While initial response to the program has been positive, a few early users complain that the program is buggy. "The program keeps changing my home page to a crappy MPAA home page," said one teenager who wished to remain anonymous out of fear of a MPAA-sponsored lawsuit. There have also been complaints of an increase in pop-up advertising.
Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
This is why they don't sue anyone at Harvard, they know in the long run that would create lawyers who dislike them.
but it is ok comrade.
thank God the internet isn't a human right.
If university said ok, but MPAA must bond them against financial losses from lawsuits etc, would MPAA do it?
Will they distribute the source code with it? Will they allow people to freely copy and modify that toolkit? I say, download it, get the tech department to modify it to their liking, and install it! That's what the open source spirit is all about, fixing broken software. I suggest they get fixing that privacy issue first...
Give Kashyyyk back to the Wookies
Also, the software developer is breaking the law. They haven't shipped the modified code they've made (eg ntop).
Does this tool put a lot of load on the network like what port scan and other Brute force hacking tools do?
Does it try to suck up network bandwidth?
You wonder why no large media companies (fixed it for you) have a report devoted to this, or even report on it much or do anything but rehash the RIAA/MPAA press statements and never ever examine it.
Follow the money. You might as well ask, why do popular entertainment shows like Futurama show a dislike for things like napster and filesharing in general? Because they are the ones whose files are being shared!
Geez, name a news company that isn't part of some huge media giant. You might start to realize that those who should report on the RIAA/MPAA are in fact its members. Geez, you might as well expect Dell to launch a survey, computers, do we really need them.
What next, do you expect the tabaco industry to report on the dangers of smoking?
Follow the money, who is the person you expect to report on something paid for. There was an issue a few years ago around Oprah when she said something bad about meat. That was just the advertisers complaining. Reporting on the RIAA/MPAA tactics, that will get you a letter direct from the head office "STOP IT".
What next, Ruport Murdoch writing a story "Why it is a bad idea for one guy to own a lot of media"?
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Anyone want to download the kit at universitytoolkit.com and make sure all the source is being distributed as well? If they are not making the source available for their little Linux distribution someone should get the GNU to sic their lawyers on them.
Does anyone have a .torrent for the iso?
This sig is intentionally left blank
1. Since the kit is a derivative of the default Xbuntu install, is the MPAA still allowed to ship the kit with Canonical's trademark (Xbuntu) prominently displayed as boot splash?
2. Since the MPAA is distributing GPL'd software aren't they obligated to provide source code for the kit upon request?
3. Is there any MPAA written programs included in the kit? Is it based on GPL software and thus required under the licensing terms to have its source code available upon request?
4. IIRC, Canonical products ship with some proprietary drivers. Since the MPAA kit is a derivative of Xbuntu, does it have permission to distribute the same drivers, or did Canonical get special permission which the MPAA does not have?
5. If the MPAA does not supply any source code that the may be legally obligated to do under GPLv2 license, then can individual copyright holders of the multitude of programs included with Xbuntu, give notice that they are revoking the MPAA's right to distribute their software under the provision of Section 4? Section 4 states:
Note that Fyodor terminated SCO's right to distribute Nmap in any of their products under that section, which SCO complied with.
When some research organization loses a federal grant because their institution forced them to violate disclosure rules, the door will open for a much more powerful voice than the MPAA to enter the debate.
-fb Everything not expressly forbidden is now mandatory.
Even if there is a firewall at the perimeter of the school network, all of the students are inside of it!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Stop oppressing me with words you commie nazi fascist!
This looks certain to hit the wrong targets, as is wont for the RIAA. All this would identify (if the truth is being told here) are heavy Internet users. That's even worse than their current method of sending questionable IP addresses and times. College should be teaching how the Internet will be a valuable part of your whole life because you can speak to to the entire World through it, but now it would seem you'll be in danger if you ever use it much at all.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
You know what they say... If it looks like a rootkit and smells like a rootkit, it's a rootkit.
09F911029D74E35BD84156C5635688C0
+2 Troll is Slashdot's way of saying groupthink is confused
This is ridiculous. I went to universitytookit.com and there's an iso there, but is this a toolkit that is windows only? If universities required this would students not be allowed to use *nix derivatives? If so I think that could be a monopolization situation... But thats just a small arguement vs the invasion of privacy. Socialism at its best right? Oh wait, this is communism! I can't seem to find the list of universities either..
Support the source, Open Source! An entire site developed with OSS
http://universitytoolkit.com/ (mentioned in the pdf) seems to have some hidden content. The page displays a link to: http://universitytoolkit.com/MPAA_University_Toolkit_Admin_Guide.pdf. If you look at the source, you can notice a link at the bottom which isn't displayed: MPAA_University_Toolkit_Administrators_Guide.pdf (it's a relative link in the source).
This version is slightly longer, with what looks like a section detailing development goals. Can anyone see anything incriminating there?
Most of academia (at least MIT and CMU, where I've been as an intern and a student, respectively) seems to hand out public IP's with almost everything open to the world. The only thing that's not open is usually Windows networking ports, because of the major problems it would cause if anyone had open shares. But port 80 is definitely accessible from anywhere.
ttuttle is a rankmaniac
They are distributing software designed to gather evidence of copyright infringement in violation of copyright! The verve! The audacity! We know they know about copyrights. We know they know the penalties.
.iso. Add one to the number of copies.
I hope every contributor to the GPL'd software that they are distributing without a valid license sues them for the maximum legal statutory amount of $150,000 for each of these willful violations. Since the Linux core contains at least 6,000+ files, which would be 6,000+ violations for one copy, I'm sure being hit with a possible judgment of $900,000,000+ per copy would wake them up.
P.S. I downloaded the
I've read the article but it's a little thin on details. All I can see is that it has something to do with Xubuntu and installs an Apache webserver on your machine
However, if it installs Apache, what's to stop me just trashing the config file, setting up VirtualHosts that screw with it etc? Or creating some kind of loopback so that when it tries to phone home, it goes nowhere etc etc. Are these things taken into account?
Too bad its tied back to the industry, as a free and easy to setup network monitoring tool like that would be nice.
---- Booth was a patriot ----
I just went out to http://universitytoolkit.com/ and grabbed my own copy for evaluation purposes...... looking forward to playing with this 'toolkit'
Unix, an obscure operating system developed by bored researchers in an attempt to get a better game playing experience.
I used to buy music online...DRM Free and legally. But the RIAA lobbyed the US President to make him ask the Russian President to close allofmp3 or else... I suppose Putin was kinda of relief. Can you imagine? He's planning to rebuild and strengthen all the nuclear arsenal and Bush instead of questioning on that matter goes on and ask to close a small internet store! FUNNY to the brim of ridicolous!
Since then I stopped buying Mp3s legally online, note that they were on piracy before and after the above mentioned events. And of course later on the charges against allofmp3 were dropped because they were inconsistent http://www.allofmp3.ru/press.shtml
The RIAA has closed a market opportunity with lobbying (at least one lost a consumer) Those in charge there are really IDIOTS. They just are donkey heads that can't do the math.
Here is the math:
I spend 15$ online get 8 albums = 50% profits estimated (And I suppose they go to Russia, anyway RIAA is known not to be fairer to the artists, see the article below)
I spend 0$ anywhere because of high prices = profits?
Here is the math of Courtney Love online since 2000: http://archive.salon.com/tech/feature/2000/06/14/love/index.html
Have a good read
http://www.universitytoolkit.org/peerwatch-1.2-RC5.iso
;)
dun-dun-dun... If you dare!
"The fight for freedom has only just begun." - Geert Wilders
We all understand the legal jujitsu that allofmp3 used to find a loophole in the law. The fact that soemthing is legal doesn't make it ethical. It's no more ethical for allofmp3 to bypass copyright law than for the RIAA to abuse it. If you want to be consistent, you should approve of both or neither.
The same goes for the schools (one Ivy, one big Tech) I've attended. And I wouldn't have it any other way! The Ivy was especially nice; I loved the fact that, anywhere in the world, I could ping "machine.residentialnetwork.schoolname.edu." Knowing I could ssh into my box from anywhere was really great, as was knowing that I could run an ftp server whenever I wanted to share some large files. Really, it's how the Internet (e.g., pre-NAT) was supposed to work.
I think you may have got this completely wrong.
University Toolkit is server software, presumably to be run between the LAN and the WAN to log and analyse packets, much like a firewall. It wouldn't need to be installed on the client machines.
You feel sleepy. Close your eyes. The opinions stated above are yours. You cannot imagine why you ever felt otherwise.
How about releasing the movies in a timely manner on a product we want to buy?
Surfs up hit torrent sites at least a month ago, just about to appear in Danish cinemas, that means at least another 4-5 months before we can buy it on DVD.
Yeah they want to get as much money from us as they can by forcing us to go to the cinemas, I did just that tonight to watch beowulf - my first trip to a cinema for 3-4 months and I got reminded why I hate it there - the stink of popcorn, the constant yabbering and 25 minuttes of commercials before a movie I have paid premium to watch!
Want us to buy your product? Sell one we want to buy!
(P.s. I don't copy music, I don't copy movies - I do however read books and buy music from indie records (see other thread from yesterday) - I will buy movies when they sell a product that gives me value for my money).
Some interesting facts.
http://taosecurity.blogspot.com/2007/11/examining-mpaa-university-toolkit.html
They are using an old version of snort that has vulnerabilities. I didn't realize the version of snort they are running is from over two years ago!
I sure hope this version they are running isn't vulnerable to this. http://www.kb.cert.org/vuls/id/175500 If so, someone could totally own the box and sniff whatever traffic they want to. All of it including the content.
How could anyone believe for a second this wouldn't be a privacy issue? How the fuck do they intend to discover and then report information that would identify someone sharing files illegally WITHOUT violating those people's privacy?
But then, how many switches/routers do you see running Windows? For that matter, how many universities do you think will be happy to buy more hardware to appease their corporate overlords?
I just read Slashdot for the articles.
Dear Stewart D. Mclaurin,
What our students do on the campus network is really none of your fucking business. Comparing physical theft to COPY RIGHT INFRINGEMENT is utter nonsense and holds no basis in reality. I find it amusing that you are trying to impose your limited view on us. I pity anyone who fights the tide of a new understanding. An understanding that if you do provide what people want the way they want it at a low cost with minimal hassle you will find yourself out of a job as others that are not limited by your constraints will take over for you. The very reason this situation has reached the point of insanity is because your belief system is drenched in a deep sense of greed. Your organization and affiliates have lost all touch with the very people you are trying to serve.
Your actions show that you are unable to understand and accept a long standing unexpected shift in the ideas and values of our society. Its time to either alter your perception of the situation or pass the decision making on to the next generation.
Sincerely yours, Presidents from all collages and universities across the country.
Interestingly, this would probably be illegal in the UK under Part II of the "big brother" RIPA (Regulation of Investigatory Powers Act). Usually we hear about it as an egregious violation of privacy, but on the one occasion I've had to deal with it, I was able to tell a US business partner that there was no way I was going to add in a monitor that they wanted, and give them chapter and verse.