Slashdot Mirror
New Tool Promises To Passively ldentify BitTorrent Files
QuietR10t writes "A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers. 'Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,' says Schrader." I wonder if it can specifically identify legal content, too.
So, if for instance, Verizon or AT&T start using this tool, does that mean they lose common carrier status?
Those who believe the Internet is private,
find their privates are on the Internet.
I'm assuming this has no chance of defeating encrypted connections?
Reviewing just the first hour of video games.
For the record, I have a rule in my iptables that specifically turns off the "evil bit" in any of outgoing packets. Thank God for Linux! =)
Till they come up with a good way to figure out whats going across the network encrypted, they will just be wasting their time.
I came, I conquered, I coredumped
According to the article the method is currently too slow to be implemented and fails for encrypted traffic. So not quite the BT killer yet.
And my $200 24 port gigabit switch from Dell will do it. And that's a cheap piece of crap. For the 3 of you who don't already know, You specify one port on the switch to receive a copy of all traffic on the entire switch, a vlan or a specific port. Then you can hook etherial to that port and monitor all of the traffic without modifying the original. OOOOhhhh, magic eh?
Anyway, even after I RTFA, I still didn't see anything that this thing does that my cheap port and a P2 running etherial couldn't do.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
More restrictions on content? More encryption.
Better cracking techniques? Better encryption.
Tyrannical government? Revolution.
Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.
If you make breathing illegal, only criminals with breath.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
From the article:
Then the system looks at the files' hash, a unique identifying code used to coordinate the simultaneous download of hundreds of file fragments by different users. If a hash matches any stored in a database of prohibited hashes, then the system will make a record of the transfer and store the network addresses involved.
I mean, you could easily scrape some torrent sites for hashes, but it seems like this system would be fairly easy to circumvent. All you'd have to do is come of with some system for changing the hash on a peer-specific basis.
So, you're telling me that, given a set of hashes corresponding to "Prohibited content" and access to all the packets moving across a network, you can detect prohibited content? Why, it's a miracle of science!
Seriously, this is news? It has been possible, with the complicity of the router or physical access to the wire, to unobtrusively and undetectably tap a network since forever. That isn't news. And being able to identifiy files whose hashes you have ahead of time? Also not news, especially since bittorrent uses hashes extensively itself, and was never designed for subtlety or concealment.
I realize that Technology Review lost interest in technology years ago, and now spends most of its time fellating venture capitalists; but this is pathetic.
Great. An article about a technology that can't be used not only for legal reasons but because of technological ones as well.
By the time this is fast enough to detect things at the speeds it needs to today, we'll be transferring stuff way faster... will it ever be able to catch up? And that's not even taking into account encryption.
For those of you who are wondering, my guess is Cee Pee is Child Porn.
I read the internet for the articles.
Presumably, Ubuntu CDs wouldn't be one of the hashes in their database of pirated stuff.
There's no -1 for "I don't get it."
So... they invented packet sniffing?
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
They use packet sniffing and maintain a database of hashes of "bad" files. Does this qualify as new technology? So this is where the air force (Air Force Institute of Technology) spends their R&D budget.
I can hardly wait for this software to hit Demoniod!
We're all doomed
Worse yet.
Remember, kids: when you're downloading Free software, you're downloading communism!
factor 966971: 966971
At least, I'm sure that's what the copyright holding associations would argue / propagandize.
For those of you who are wondering, my guess is Cee Pee is Child Porn.
Who knew that 3-CP0 was secretly a child pornographer, we need to outlaw shiny metal droids for the safety of the children!
When information is power, privacy is freedom.
Does it matter? A free and open broadcast medium isn't something most governments will embrace gleefully, so you can pretty well figure business will get whatever it wants.
This is nothing new and it's just meaningless marketing drivel. It's impossible to tell that *any* network is being monitored. It's not like you could buy an electronic device in a spy shop that can detect network monitoring. Throttling and "traffic management" are different since that is changing the network traffic.
There is only one type of network that can prevent a 3rd party from being able to copy the network traffic. Quantum communications provides that type of infrastructure by making it *impossible* to read the traffic without destroying it.
It's not like network monitoring is really a problem anyways. If you want privacy then just use encryption.
Ohhh, you mean it's useless right? Everyone involved knows that a large amount of torrent traffic is infringing on various copyrights. The goal of the ISPs is to protect their profit margins. They sell unlimited but expect limited. They don't care whether traffic is illicit or not, just that it does not interfere with their business models. The MAFIAA is interested in the contents of the traffic and could care less about network congestion and bandwidth issues. Until the ISPs actually start caring about content, the goals of these two groups are not the same.
Enter Net Neutrality. Only when it is in the financial interests of ISPs to care about content will they start to listen to the MAFIAA. Obviously they could not reach an agreement since the MAFIAA is going to the whores in various legislatures to trade our freedoms for the protection of a few group's business models.
Note, that I don't support piracy on principle. However, I will not give up my rights to privacy and anonymity to protect someone else's copyrights either.
That sounds really easy doesn't? Of course there are only a few dozen really popular public trackers out there they can scrape the thousands and thousands of new torrents each day to update their tables. Don't forget about all the private trackers either that add a file or two that changes the hash to be different from the public torrents containing some of the same files.
Yep. This should be really easy. I can't possibly see how this task could not be reasonably accomplished with just a few salaried personnel on daily basis.
I laughed so hard I almost peed myself at this point. Legal viewpoints change more frequently than the weather. If there is enough pressure from private interests in the U.S and abroad I don't think a little thing like privacy will stop them.
I just knew there was a p
Who says I steal anything? I'm a law-abiding citizen who happens to be outraged at the prospect of having my private communications searched through without a court order.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
This doesn't identify someone downloading a file via bittorrent, it identifies someone downloading a *.bittorrent file (presumably via http).
This is a non-issue. If anyone actually starts using this, trackers will just start using shttp for their torrent files. They're small and (relatively) low traffic, so it would be a negligible performance issue.
The only notable thing about this article is that it points out how clueless tech journalists really are.
All you'd have to do is come of with some system for changing the hash on a peer-specific basis.
The hash is how data is verified. You can't just change the hashing mechanism on a peer-specific basis because you're sharing the same data with thousands of different peers. That would require every single peer to host a specific hash for each other peer, or worse, convert between hashes on the fly.
The flaw in this method is the hashes themselves; the only way to detect the so-called illicit content is by knowing the specific encoding. This stops camcorder films and screener rips because they are encoded by well-seeded individuals. This does NOT stop your standard DVD or TV rip. For example: Joe and Bob go and buy a DVD, splitting the cost. Each of them have the exact same model of computer and even the same versions of all their software. Joe encodes the DVD to a nice 700mb h264 MP4 file, then gives it to Bob. Bob encodes the DVD in the exact same manner before giving it to somebody else. Despite this, Joe and Bob's resulting files have different hashes. They're damn close to the same data (bit for bit!), but there is an ever-so-slight difference which makes the hash differ. You can't tell they're similar (by the hashes) at all.
The only way to automate such policing would be to combine this simple method with a more complex one, such as participating in the p2p, downloading the media, and comparing it to a massive archive. This sort of thing is already available; check out Shazam, a free iPhone (et al) audio fingerprinting service, for example. Note it would need a longer sample time to account for fair use, and it would need some video equivalent to effectively detect movies (which is almost certainly being developed for YouTube). In fact, it's this use of that concept that scares me so much of it ... it's only a matter of time.
(also: why is every post I reply to these days titled "Yawn" ? can't we be more creative?)
Use my userscript to add story images to Slashdot. There's no going back.
There's a well-known technique for dealing with dictionaries of hashes - add some meaningless bits to the content before computing the hash, so that the number of possible hashes increases. This is cheap for everyone except a person trying to keep a dictionary of all possible hashes.
"Another drawback is that the system cannot cope with encrypted files."
Even the article mentions that anyone doing something they want to hide is more likely to check the "encrypted only" checkbox. I work on NetSpective WebFilter, which has been passively identifying encrypted protocols that try to hide themselves like encrypted BitTorrent (both standard and Azureus), Skype, and UltraSurf for years. It also lets you choose to block any of these protocols you don't want on your network.
"If a hash matches any stored in a database of prohibited hashes, then the system will make a record of the transfer and store the network addresses involved."
Maintaining a list of hashes is not a new idea, as they seem to claim. It was abandoned because the list is insanely painful to manage, and it is insanely easy to get around. These guys aren't even trying to provide a list, which might be worth something (until the hackers put in the time to work around it). They're just sniffing/logging the hashes, which is child's play and worth almost nothing.
I like the way the summary tries to equate torrent with illicit. Interesting, on a site full of linux people who have probably torrented more than one distro in their lives.
Anyway - good luck with that.
Seven puppies were harmed during the making of this post.
i was thinking that the definition of a hash pretty much guarantees that a false positive is possible. but, then again, if you receive a hundred hashes that all match packets from the same file, then you're pretty well screwed ...
Yeah, what gives me the right to use BitTorrent to steal Ubuntu discs
So the US military wants all our ISP's to install a chip to monitor all network traffic and then store all those connection locations so it can later analyze this data. All under the guise of protecting our beloved copyrighted content.
Anyone see the possibility of other uses/motivations here?
I believe that this US agency may be attempting to disprove their working theory that file sharing correlates to terrorism. ... Na... even they cant stomach that sort of crap anymore.
FYI: Yes I DID READ the article.
I wonder if it can specifically identify legal content, too.
Ask any government official or *IAA lawyer... NONE of it is legal. EVAR.
I am thoroughly amused by articles like this that essential start out as:
"Hey, look we got! Yackkity, yakkity, yak, yak..." ...And end with something along the lines of...
"...Well, its pretty damn useless considering xxxxx and xxxx are already in use and defeat it completely."
Why do people even bother printing such useless information, much less invest millions of dollars into such a product?
I wonder if it can specifically identify legal content, too.
So why would the likes of the RIAA and MPAA want to do that?
They're interested in finding criminals, not showing that people are innocent.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
isn't it a packet sniffer? Isn't that illegal tech for these purposes?
They're using their grammar skills there.
Here's a novel idea, DONT FUCKING STEAL SHIT
Then you won't have any problems whatsoever!!
Answers sure do come easy to those who don't know what the fuck they're talking about.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
Someone mentioned be before that the technology hasn't been tested for false positives. I would like to indicate that their system will inherently generate false positives. A hash is derived from an irreversible function performed on the file that is being transfered. This is often used to test the integrity of transfered data. This would protect against corruption that occurs in the data stream. The major issue with hashing is that the hash is not a continuous function. Continuous means that for every input there is one output. This means that there could easily be a false positive when a duplicate hash occurs. The fact the team developing this technology mentions it means they understand there might be false positives means that they understand this limitation and this technology is only a proof of concept.
Can someone please explain to me how they plan to view the files of encrypted traffic without it being illegal?
...or, you know, just be plain illegal due to attempting to access people's personal files.
One would think that if they happen to decrypt anything with copyright protection that it would then violate the DCMA, as per various ridiculous recent rulings of the sort.
DNA -- National Dyslexic Association
Newsflash: revolutionary new tech allows a network probe.... to classify traffic by matching TCP/IP profile and protocol inspection
How is this different to, er, any sniffer or monitoring tool out there. Or any Cisco router with NBAR turned on. Solarwinds, statseeker, ntop, you name it (network monitoring suite) and they ALL have features that allow probes (or use netflow or both) to gather traffic info including by protocol.
Slashdot's standards are slipping greatly, esp. anything NOT to do with servers, dev and/or coding, apparently all the real network techs have gone on holidays or something
Actually you will because Comtastic people abound in this world and they will make your life suck because people around you are breaking the law even if you don't.
Music is free for the taking and there is nothing that can stop that. If you don't understand that, you are missing one of the essential points of the 21st Century.
Movies are just about as free. Nobody is going to pay unless they believe the wrapper in the DVD case is work $20. Or they are worried about missing out on all those ads for previously upcoming movies. Download as much as you want, there is no way the tap can be turned off now.
Software? Well, count how many pirated copies of Photoshop and Office there are and then come back and tell mw how it is viable to build a new consumer-oriented software product today. If there are not specific platform prohibitions against "sharing", it is going to be "shared". In the 1980s it was assumed that an Apple product would sell two copies, one on the East coast and one on the West coast. We are pretty much there today except for a relatively few niche products. Some companies try to avoid the avalanche of pirated software and a few get burned by the BSA. But at home sales are pretty low and usage pretty high.
Block BitTorrent? Sure. It will take a week to have a completely new protocol that will sweep across the planet which will once again make everything freely downloadable.
It is a matter of ethics, responsibility and morality. We have taught an entire generation that on the Internet there is no need for quaint concepts like these and we are seeing the results. Things like teenage girls being tricked into assisting with their own rape. Things like lossing in the millions due to scams and cons. Sorry, but this is indeed the result. Actions on the Internet do not have consequences. That is taught to people online every day - I think it is working.
I had a hard time understanding how they thought this would be admissible in court as well. Picking out the first 32 bits from a frame header and trying to identify a file's hash out of it, does in no way necessitate that the user is downloading the entire file. Wouldn't you have to download the entire movie/game/program in order for it to be considered piracy? AFAIK you can't download 1/2 a movie/game/application and have it still work... and in most cases just missing a few bits can make all the other bits useless.
So is it illegal to begin a download of pirated bits?
You're nothing; like me.
If you read the article, you know the answer to these questions.
They plan to sniff for the hash, of course, and compare it to a list of hashes for "forbidden files".
It's not new technology - the same approach is used in China (according to the article).
And no, I don't think this is legal in the EU (not yet at least), and certainly not in the U.S., as it requires sniffing through everybody's stuff, regardless of what they're downloading.
If that is the biggest concern in your life, you really don't have shit to bitch about, do you?
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
or ... they just hash the original.
<FBI Employee> Hmmm, download the torrent and get the hashs for this Windows 7 iso or should I just generate the hashes from the original iso that MS gave us? Its so hard for me to figure it out, I'm sure someone on slashdot will have a brilliant idea!
Is that you kdawson?
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
encrypt... Absolutely... EVERYTHING!
...makes me glad I live in a technologically backward country.
Azureus (and many other bit torrent clients), have this magical tool called "view peers"
Oh my god! I just identified dozens of people to sue, and if I put a logger into the client, which is open source, i can identify practically everyone!
In other news, there are millions of torrent files and a couple p2p snitch firms. I guess its time to take a paddle and start trying to beat back the ocean.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
More encryption? Better cracking techniques!
Better encryption? Tyranny!
Revolution? Martial law!
Ahh, the gubbiment, always one step ahead, except when it comes to economic crises.
disclaimer: I do not believe the gubbiment is organised enough to blow a gay hooker in a bathroom safely, let alone run a conspiracy
There is nothing new about this to anyone with any familiarity with the BitTorrent protocol. The hash is available whenever peers negotiate connections for a torrent. Snort rules have existed for this forever. Encryption is only a problem if you don't know the encrypted hash...which SURPRISE is available as long as the torrent is still being served from the tracker. Peers use the same encrypted hash to communicate.
Using packet sampling and Snort you can do this on over 150 1gig links TODAY. What do these people think a copysense appliance does with a 100Mbit mirror port? 1Gbit isn't even that difficult with today's commodity hardware.
Nothing pisses me off more then a bogus "new development". Should expect it from Slashdot I guess.
--"It's Bradford Company, slash your last name, dot your first name"
From TFA
Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.
/ducks for reading TFA
I encrypt everything I can as a matter of course, weather I "need" to or not. Largely because I can, but also because it's good policy in general to preemptively defeat stupid crap like this.
Kicking off the start to the more widespread use of encryption also has to begin someplace, so I figure I may as well encrypt everything I can. All current Bittorent clients support encryption, and in most (like uTorrent and Deluge) it's simply a matter of checking a single checkbox to make it happen.
Ain't nobody's business what comes and goes from my computer or yours, regardless of its legality.
What would they do? force us to decrypt it? that's a violation of human rights.
Actually, the RIAA would be better off using this than what they currently do.
The status quo is slipshod blitzkriegs against dozens of does based on shared folders.
This could help them weed out innocent people. They shouldn't have a problem with it, since it would be worth their while to get evidence damning enough to not settle for relative chump change. Then they could, maybe, leave the innocent ppl alone?
At least if they stick with evidence of transfer, rather than merely "making available", their lawsuits would trade in quantity for quality, and they'd be netting a much lower false positive rate.
Personally, I'd like to see the REAL pirates get nailed red handed than be able to hide among the innocent "shared folder" folks and try to stink up the place by faking defenses that real innocents legitimately use. Real pirates are no less scum than the RIAA in my book, since they have no scruples about ripping people off.
The RIAA has a valid business mission to stop piracy. It's only because of their devil-may-care attitude when they mistarget innocent people that they have such a bad rap with me. Were the RIAA to have perfect aim and only nail guilty offenders, then I'd have no problem with them.
And yes, I'm serious. The RIAA needs to stop being an incompetent reckless lawsuit factory and start using hard evidence like this to nail the RIGHT people.
If a good bigger chunk of the RIAA's defendants were actually guilty, and smoking guns were plentiful, I'm sure their public image would get at least a bit of repair.
Of course, my faith in the RIAA not exploiting the "protection racket" gravy train they get by making it prohibitively expensive for even an obviously innocent defendant to not settle...don't make me laugh.