Researchers Outline Targeted Content Poisoning For P2P Data

Diomidis Spinellis writes "Two USC researchers published a paper in the prestigious IEEE Transactions on Computers that describes a technique for p2p content poisoning targeted exclusively at detected copyright violators. Using identity-based signatures and time-stamped tokens they report a 99.9 percent prevention rate in Gnutella, KaZaA, and Freenet and a 85-98 percent prevention rate on eMule, eDonkey, and Morpheus. Poison-resilient networks based on the BitTorrent protocol are not affected. Also the system can't protect small files, like a single-song MP3. Although the authors don't say so explicitly, my understanding is that the scheme is only useful on commercial p2p distribution systems that adopt the proposed protocol."

This needs to be fought

We need to fight against this kind of tyranny. Make sure to keep ourselves armed with the latest knowledge on how to defeat and subvert these 'poisons'. These corporate moneymongers are sad that they can only buy 3 boats this year instead of two, while we are stuck paying $25 for a CD. The system of money is an ancient and outdated system that needs replaced with a resource based economy anyway, and P2P is a good step in the right direction.

Re:This needs to be fought

[commodore64_love]

My annoyance is that "they" presume my downloading means they are losing money. I've been downloading a lot of recent movies lately, and no surprise, the movies are largely crap piled upon more crap (how they ever scored 7 or higher on imdb.com is a mystery to me). The RIAA/MPAA make the assumption that if I had not downloaded, I would have bought the DVD instead.

They presume wrong.

Out of some 20 movies downloaded there was precisely 1 that I will probably buy on DVD, and that's only because my niece wants to see Hannah Montana in 3D. Otherwise I don't waste my money on Hollyweird's shit unless it's exceptionally good. This past 2008-9 season almost nothing met that criteria. So for them to say, "We lost $400," is completely and totally inaccurate.

They are liars. They lost nothing because I'm not a spender. My money gets invested into the stockmarket, not shiny discs, which probably pisses them off.

Re:This needs to be fought

[Shakrai]

From each according to his ability, to each according to his need is the way of the future

Ok Comrade.

and attempts to deny this simple mechanical law of nature will only result in even more suffering for us.

Simple law of nature? What the heck are you smoking and why aren't you sharing it? The only law of nature is survival of the fittest. I don't think the gazelle being eaten by a lion volunteered to be eaten because the lion needed food.

Re:This needs to be fought

[mcgrew]

I see that they gave percentages for prevention rates, but not for false positives. As someone who uses P2P legitimately (Linux distros, movies like Star Wreck, SHN and FLAC files the musician wants shared, etc) this pisses me off no end.

A false positive here is simply vandalism. If these researchers release this thing to the public and there are any false positives at all, they deserve to be jailed.

Re:This needs to be fought

[jenn_13]

This is a serious question: If it's not worth wasting your money on to buy, then why on earth did you waste your time downloading and watching it? Either a product is worth the asking price or it's not. If it is worth it to you, buy it. If not, do without...

Researcher is the wrong word.

[Darkness404]

I'm not exactly sure "researcher" is the right word here. From the paper

Abstract: Today's peer-to-peer (P2P) networks are grossly abused by Illegal distributions of music, games, video streams, and popular software. These abuses have resulted in heavy financial loss in media and content industry. Collusive piracy is the main source of intellectual property violations within the boundary of P2P networks. This problem is resulted from paid clients (colluders) illegally sharing copyrighted content files with unpaid clients (pirates). Such an on-line piracy has hindered the use of open P2P networks for commercial content delivery. We propose a proactive poisoning scheme to stop colluders and pirates from working together in alleged copyright infringements in P2P file sharing. The basic idea is to detect pirates with identity- based signatures and time-stamped tokens. Then we stop collusive piracy without hurting legitimate P2P clients. We developed a new peer authorization protocol (PAP) to distinguish pirates from legitimate clients. Detected pirates will receive poisoned chunks in repeated attempts. A reputation-based mechanism is developed to detect colluders. The system does not slow down legal download from paid clients. The pirates are severely penalized with no chance to download successfully in finite time. Based on simulation results, we find 99.9% success rate in preventing piracy on file-level hashing networks like Gnutella, KaZaA,Area, LimeWire, etc. Our protection scheme achieved 85-98% prevention rate on part-level hashing networks like eMuel, Shareaz, eDonkey, Morpheus, etc. Our new scheme enables P2P technology for building a new generation of content delivery networks (CDNs). These P2P-based CDNs provide faster delivery speed, higher content availability, and cost-effectiveness than using conventional CDNs built with huge network of surrogate servers.

This isn't unbiased in the least. Sure, arguably it is "research" but calling them researchers from an university makes them seem neutral at best.

Re:Researcher is the wrong word.

[s-whs]

] Researcher is the wrong word.

I was thinking the same thing. But not necessarily based on them being biased, but for this: Why would anyone want to 'research' this? I can understand making a protocol resilient to poisoning (same as making a computer resilient to virus attacks, there will always be a-holes trying to mess things up wether legal or illegal), or making it faster, adding some nifty features perhaps. But poisoning to prevent illegal sharing with the pathetic argument that this hinders commercial distribution? What kind of a researcher is that? A RIAA paid one I'd guess. Possibly as valuable as those 'researchers' for tobacco companies who said there was no health problem with smoking.

Re:Researcher is the wrong word.

[Darkness404]

Exactly, I was reading into the article thinking it would be presented as a vulnerability or proof of concept that could be exploited by the RIAA, not that the entire thing seemed to be written especially for the RIAA.

Re:Researcher is the wrong word.

[Kuroji]

Well, here's the thing: by having this information out in the open, people can look at how it's done and look at the protocols they use, and find out whether such vulnerabilities could exist. Sure, it might not help anyone right now if they're vulnerable, but it does mean that the protocols that people use in the future are a lot less likely to have such weaknesses that allow for data corruption.

Copyright or not, when you have the ability to corrupt data on a whim, the network is quickly rendered useless.

Re:Researcher is the wrong word.

[Darkness404]

But it wasn't presented like that though. It would be one thing if it was "Hey, your network can be exploited if you do this, this and this" but instead its "Your network can be exploited by this, this and this, because of this you can do -insert illegal stuff- to get revenge on those evil filesharers". I mean, seriously the stuff you read in 2600 about exploiting things to make a profit seem to have less bias than this. At least a bunch of those articles say "please only use this for information".

Re:Researcher is the wrong word.

[ZosX]

Aren't there laws against DOS attacks? If you jammed the RIAA's network you would surely go to jail if caught. They should leave the law enforcement to the police. Its too bad nobody can seem to get them on racketeering. They extort millions (heh, literally apparently) from the american public and at the same time have not paid millions of dollars owed to the artists that they supposedly represent.

Re:Researcher is the wrong word.

[Darkness404]

Yes, and the RIAA doesn't seem to care. Just look at how they used MediaDefender ( http://en.wikipedia.org/wiki/MediaDefender ).

Re:Researcher is the wrong word.

How much are they charging for the research details? Is the RIAA willing to buy out this information? If its from a university then someone is looking for grant money.

Re:Researcher is the wrong word.

[siloko]

Researchers find a topic that interests them and follow through on some hunch. When they have found out something potentially publishable (the meat and potatoes of a researchers career) they big it up. This abstract reads exactly like that - "we did some work and this is why it's the most important work in the world" - the fact that the spiel coincides with the RIAA party line is probably coincidence.

Re:Researcher is the wrong word.

[Odinlake]

... with no chance to download successfully in finite time.

That is mathematically speaking a pretty silly statement (as there obviously is some non-zero chance of obtaining each piece), moreover so considering the next sentence which says they had a 0.1% failure rate.

Re:Researcher is the wrong word.

[hairyfeet]

So in other words they just want to steal the P2P networks from those that actually built up the things and turn it into an iTunes store, only one where the cheap bastards won't even have to pay for bandwidth. Nice. Just when I thought they couldn't be even more piggish than they already are. It just goes to prove that just when you think they've scrapped the bottom of the barrel and can't actually go any lower, if you lift up the bottom of the barrel and continue digging, you can get even lower. Nice.

Meanwhile they rob from us and our kids by eliminating the public domain thanks to eternal copyrights, and screw you out of first sale with crap like DMCA and DRM, which they pay to have rammed up our butts with treasonous bribes. Very nice. These bunches are the only ones that can make CEOs at tobacco companies and South American drug lords not seem so scummy.

And for all the countries getting USA eternal copyrights forced down their throats? I'd like to say as an American I'm sorry, we didn't actually want that crap either, but we only have a two party system and both sides have sold out because all our politicians are whores to big business. Maybe you'll have better luck dealing with the multinational cartels than we did.

Re:Researcher is the wrong word.

[mcgrew]

These abuses have resulted in heavy financial loss in media and content industry.

Bullshit. It's been shown that music pirates spend more money on music than non-pirates, and the same is probably true of movie pirates and software pirates, too. They've declared war on their best customers.

Re:Actually

[Darkness404]

And so is DDoS attacks, but that sure didn't stop the RIAA from using MediaDefender ( http://en.wikipedia.org/wiki/MediaDefender )

Copyright violators

[wigaloo]

Two UCLA researchers published a paper in the prestigious IEEE Transactions on Computers that describes a technique for p2p content poisoning targeted exclusively at detected copyright violators.

What's to prevent poisoning legal p2p? There are plenty of examples of copyrights being inappropriately asserted. The technology itself doesn't discriminate.

The dawn of a new age

[mewsenews]

Humans had discovered methods to speedily and automatically transmit mountainous volumes of data. It was a new frontier, a utopia where information was shared peacefully between the people who wanted to see it. And what was its downfall? Not the anarchists, or the communists, or the Islamic fundamentalists, but the so called leaders of the free world.

"We had to do it," they said, "there is such a thing as too much freedom."

Re:The dawn of a new age

[basementman]

Get over yourself, the method doesn't do shit to bittorrent, the most popular p2p format so it's basically useless. If anything this will just get idiots off limewire into onto a decent network.

Re:So everyone should just use BitTorrent.

[v1]

Poison-resilient networks based on the BitTorrent protocol are not affected.

So, the most effective method of P2P is the one that's immune. Really, Edonkey? who uses that? Find yourself a good private BT tracker and be done with it. There are many to choose from. Not only are they immune to content filtering, but due to ratio requirements and the possibility of getting banned if you misidentify content you upload, they're immune to content poisoning as well as data poisoning and have pretty much guaranteed high speed across the board.

Re:Freenet

They lump Freenet into the category of "Gnutella-like networks", and say that their attack against gnutella should also work against Freenet since it is Gnutella-like (p.2 and p.12).

In other words, it is as you said, they are lumping it together with other networks.

It makes me question the quality of their research if they think that Freenet is so similar to Gnutella that the same class of attacks would work against both.

Re:Who cares?

[guruevi]

Plenty of people already do it - heck even the musicians are starting to turn away from RIAA-backing labels. The RIAA however has found another way to keep their businesses alive: government bailouts. Just like GM, Ford, Chrysler and a host of other companies that couldn't cut it in the new world, they are now being funded by the government which just creates a law about who should pay for these old businesses. Who's paying for it now: the radio stations. The government has decided that the radio stations should pay the RIAA for songs they play. Over the years, the labels have paid DJ's to promote their music (payola), gotten free airtime etc. etc. and now they expect the radio stations to pay it all back. They already pushed the internet radio stations to pay more for the right to play any song, now they are pushing the am/fm radio stations to pay for the rights to play any song.

The RIAA has effectively become through lobbying a government agency. They are being allowed to tax anybody who plays or makes public any type of music in any type of way even if the musician or label is not signed with them.

wrong end of the stick...

[bukuman]

I read the summary as them finding a way to create a p2p network of 'customers' (clients who pay to be in your p2p network where you deliver paid content) and protecting yourself from the 'customers' who 'collude' (e.g. hacked client s/w?) with non paying client s/w to allow non paying customers to get the content. I don't think it's about subverting an existing network, it's about protecting a network from subversion. If so then the techniques could presumably be used for other purposes, poisoning surveillance perhaps.

Never confuse ignorance with determination

[msimm]

It's entirely possible that the authors do fundamentally believe in the rights of the copyright industry, but that doesn't mean they might not be frightfully ignorant of any number of closely related technologies.

In fact my experience has shown me that fundamentalists tend to be the most narrowly focused people I meet (whatever their beliefs).

Re:Freenet

[MikShapi]

Freenet is a hard target. Arguably, the hardest of them all today. It's also the least popular.

The studios are playing a money game. Bang for buck. They want maximal deterrence for minimal spend.

Much like virus-writers aim viruses at the highest targets on the "adoption-by-the-masses"/"soft-bellyness" index, RIAA go-getem's do the same thing.

FastTrack - high adoption, soft belly.
Torrent - high adoption, not-so-soft... and segregated into lots of independent share-specific networks.
Freenet - low adoption, practically impossible to break.

It's a no-brainer. They've got no reason to go for the last. They may be greedy scum, but they're not that stupid with their money. Freenet would need to be adopted by the masses and get a ridiculous amount of media exposure to even pop up on their radar. Their goal is not to technically "stop filesharing" altogether, they realize that's a waste of money and effort. Their goal is to mitigate it by taking pot-shots at just the targets that are easy to break, and leave the harder ones alone (for now).

Being an informed geek, that actually makes me really happy. In a nutshell, It means we won.

Re:Actually

[1u3hr]

And secondly, how exactly would one make a profit from downloading a song?
Resale of something you got free, ie. radio-copied mixtapes, bootleg cd/dvds, hosting files on a private pay access ftp, etc.

Yeah, there are HUGE profits from selling radio copied mix tapes. (Especially if you use the new 8-track format.)

Really, these are things you literally couldn't give away. Anyone who wants these and isn't fussed about copyright has no problem downloading it himself, or swapping with a friend.

Re:Adopting the proposed protocol?

[Joce640k]

They already tried this about five years ago with poisoned servers. What happened? The Kad search mechanism was adopted and the servers were useless.

The same thing will happen here, the protocol will change, the poisoners will have wasted a lot of money and achieved nothing.
 

Re:SLASHDOT SUMMARY IS WRONG

[Alsee]

I'm not sure if I missed the last line of the summary in my haste to read to the PDF file, or if the summary was updated, but the last line of the summary is correct and it pretty well refutes the rest of the summary-as-written. The earlier statements in the summary about success rates in blocking particular existing networks are wrong. Those blocking percentages are modeled results *if* those sorts of networks were to become paid access networks implemented this deliberate poisoning capability into their design.

-

Re:Adopting the proposed protocol?

[Inda]

That's the empression I got too but that still creates a massive "WHY?" in my head.

Why the need for a 'private' P2P network that's not really private at all? If 'pirates' can get into your network, the problem isn't solved by poisoning.

Even if the content providers used a public network, there must be a better way, such as encryption and key exchanges.

And... And this is the killer: it only takes one person to move content from a 'private' network to a public network and they're fucked.