Slashdot Mirror
Researchers Outline Targeted Content Poisoning For P2P Data
Diomidis Spinellis writes "Two USC researchers published a paper in the prestigious IEEE Transactions on Computers that describes a technique for p2p content poisoning targeted exclusively at detected copyright violators. Using identity-based signatures and time-stamped tokens they report a 99.9 percent prevention rate in Gnutella, KaZaA, and Freenet and a 85-98 percent prevention rate on eMule, eDonkey, and Morpheus. Poison-resilient networks based on the BitTorrent protocol are not affected. Also the system can't protect small files, like a single-song MP3. Although the authors don't say so explicitly, my understanding is that the scheme is only useful on commercial p2p distribution systems that adopt the proposed protocol."
We need to fight against this kind of tyranny. Make sure to keep ourselves armed with the latest knowledge on how to defeat and subvert these 'poisons'. These corporate moneymongers are sad that they can only buy 3 boats this year instead of two, while we are stuck paying $25 for a CD. The system of money is an ancient and outdated system that needs replaced with a resource based economy anyway, and P2P is a good step in the right direction.
Abstract: Today's peer-to-peer (P2P) networks are grossly abused by Illegal distributions of music, games, video streams, and popular software. These abuses have resulted in heavy financial loss in media and content industry. Collusive piracy is the main source of intellectual property violations within the boundary of P2P networks. This problem is resulted from paid clients (colluders) illegally sharing copyrighted content files with unpaid clients (pirates). Such an on-line piracy has hindered the use of open P2P networks for commercial content delivery. We propose a proactive poisoning scheme to stop colluders and pirates from working together in alleged copyright infringements in P2P file sharing. The basic idea is to detect pirates with identity- based signatures and time-stamped tokens. Then we stop collusive piracy without hurting legitimate P2P clients. We developed a new peer authorization protocol (PAP) to distinguish pirates from legitimate clients. Detected pirates will receive poisoned chunks in repeated attempts. A reputation-based mechanism is developed to detect colluders. The system does not slow down legal download from paid clients. The pirates are severely penalized with no chance to download successfully in finite time. Based on simulation results, we find 99.9% success rate in preventing piracy on file-level hashing networks like Gnutella, KaZaA,Area, LimeWire, etc. Our protection scheme achieved 85-98% prevention rate on part-level hashing networks like eMuel, Shareaz, eDonkey, Morpheus, etc. Our new scheme enables P2P technology for building a new generation of content delivery networks (CDNs). These P2P-based CDNs provide faster delivery speed, higher content availability, and cost-effectiveness than using conventional CDNs built with huge network of surrogate servers.
This isn't unbiased in the least. Sure, arguably it is "research" but calling them researchers from an university makes them seem neutral at best.
Taxation is legalized theft, no more, no less.
Actually, poisoning P2P networks as a commercial venture could be prosecuted as theft-by-deception.
Stealing bandwidth is a crime. Downloading songs isn't, if you aren't profiting form it.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
What's to prevent poisoning legal p2p? There are plenty of examples of copyrights being inappropriately asserted. The technology itself doesn't discriminate.
Humans had discovered methods to speedily and automatically transmit mountainous volumes of data. It was a new frontier, a utopia where information was shared peacefully between the people who wanted to see it. And what was its downfall? Not the anarchists, or the communists, or the Islamic fundamentalists, but the so called leaders of the free world.
"We had to do it," they said, "there is such a thing as too much freedom."
This is a very nice and free security vulnerability analysis!
how nice of them!
I reserve the right to have a physical object so I can sell it later, and recover my money.
Poisoning the well. What an insightful revelation. Surely it's never been done before, maybe they should throw a patent on it.
"In the absence of the ability to establish the attribute of truth they tried to establish the noble attributes."
The bios at the end of the paper clearly state that both the Ph.D. student and the professor are from USC, not UCLA.
Poison-resilient networks based on the BitTorrent protocol are not affected.
So, the most effective method of P2P is the one that's immune. Really, Edonkey? who uses that? Find yourself a good private BT tracker and be done with it. There are many to choose from. Not only are they immune to content filtering, but due to ratio requirements and the possibility of getting banned if you misidentify content you upload, they're immune to content poisoning as well as data poisoning and have pretty much guaranteed high speed across the board.
I work for the Department of Redundancy Department.
They sound more like wannabe whores to me. How is this blatant soul-selling behavior legal and prostitution is not?
I was curious as to how they were poisoning Freenet, which should be robust against this with its Forward Error Correcting.
According to the paper, Freenet falls under the category of the "Gnutella family" (p.2). The Freenet Project that I know is in no way related to Gnutella.
Are they referring to a different file sharing program by the name of Freenet, or is this statement of theirs just plain inaccurate?
The paper won't download here, so I'm asking without RTFA, but how can this work against Freenet? Do they discuss Freenet in the paper at all? Freenet does chunk-level hashing, and the network enforces that the data matches the hash at all steps. Nodes returning invalid data will rapidly get dropped by their peers. Attacks like this are something that Freenet is explicitly designed to prevent. Also, the anonymity guarantees that Freenet makes would make it hard (potentially very hard) for them to identify a single user, let alone "collusion".
I'm forced to wonder whether the researchers mention Freenet at all, or if the poster is simply lumping Freenet in with other p2p apps that it has very little in common with. (Bittorrent and Freenet should be similar in some ways to their resistance against this attack, but Freenet's strong anonymity guarantees should make it more resistant. The fact that a node engaged in widespread poisoning will have trouble even staying connected makes Freenet even more resistant.)
Not only are [private BitTorrent trackers] immune to content filtering, but due to ratio requirements and the possibility of getting banned if you misidentify content you upload, they're immune to content poisoning as well as data poisoning and have pretty much guaranteed high speed across the board.
But the sum of share ratios can never exceed 100%. Say I download a file and then leave my client seeding for a week, but almost nobody downloads the file from me because the torrent has a total of three downloaders getting pieces from about 100 other seeds. How do I get to even 90%? Or how strictly does a typical private tracker enforce ratios for older, overseeded torrents?
the network enforces that the data matches the hash at all steps.
But what enforces that the hash matches the title, as opposed to a cuckoo egg?
Today UCLA researchers enrolled in the RIAA's Junior Achievers program proved that p2p networks Gnutella, KaZaA, Freenet, eMule, eDonkey, and Morpheus are, in fact, still in use. Researchers proceeded to take great joy and pride in kicking a dead horse. Unfortunately they were unable to have any effect on modern incarnations of artificial scarcity reduction technology.
Somebody's poisoned the water hole!
Anything can be found funny, from a certain point of view.
Plenty of people already do it - heck even the musicians are starting to turn away from RIAA-backing labels. The RIAA however has found another way to keep their businesses alive: government bailouts. Just like GM, Ford, Chrysler and a host of other companies that couldn't cut it in the new world, they are now being funded by the government which just creates a law about who should pay for these old businesses. Who's paying for it now: the radio stations. The government has decided that the radio stations should pay the RIAA for songs they play. Over the years, the labels have paid DJ's to promote their music (payola), gotten free airtime etc. etc. and now they expect the radio stations to pay it all back. They already pushed the internet radio stations to pay more for the right to play any song, now they are pushing the am/fm radio stations to pay for the rights to play any song.
The RIAA has effectively become through lobbying a government agency. They are being allowed to tax anybody who plays or makes public any type of music in any type of way even if the musician or label is not signed with them.
Custom electronics and digital signage for your business: www.evcircuits.com
These guys are from USC, not UCLA. As a UCLA graduate, I am extremely upset that anyone would make this mistake. USC students and professors are smelly, unclean, spoiled children who work for the RIAA. UCLA students and professors are the opposite.
Never, EVER, confuse us again.
Alternately, someone in the Freenet IRC channel was able to download it and insert it for me:
CHK@XJ75hZcrMrQyfhFQrwwWflZkatrK-ZDBzvmkoHdon2U,2UW5ISsU0Qafd3gCOvsB7lstjGrx5RGqPEU1vQm4Dfg,AAIC--8/IEEE-TC2007-09-0492R2-finalized-April8-2008.pdf
...given the absolute rot most people are downloading on the networks. I mean honestly. What could be more poisonous than a Britney Spears song? I'd say let the downloaders have the content. Can't think of anything more poisonous.
These posts express my own personal views, not those of my employer
I read the summary as them finding a way to create a p2p network of 'customers' (clients who pay to be in your p2p network where you deliver paid content) and protecting yourself from the 'customers' who 'collude' (e.g. hacked client s/w?) with non paying client s/w to allow non paying customers to get the content. I don't think it's about subverting an existing network, it's about protecting a network from subversion. If so then the techniques could presumably be used for other purposes, poisoning surveillance perhaps.
>dude you reek of yourself.
I'm sorry, did I touch a nerve? Or are you one of those who rail against the *IAAs while rushing like a good little sheep to consume their products?*
*buying OR downloading
Light a fire for a man and he'll be warm for a day. Light a man on fire and he'll be warm for the rest of his life.
People use Kazaa for large files? I thought Kazaa was for small files and bittorrent was for large ones. Now I'm confused.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
It's entirely possible that the authors do fundamentally believe in the rights of the copyright industry, but that doesn't mean they might not be frightfully ignorant of any number of closely related technologies.
In fact my experience has shown me that fundamentalists tend to be the most narrowly focused people I meet (whatever their beliefs).
Quack, quack.
As a comp sci grad student, here's what I got from a quick reading of this paper:
Imagine that you're a content provider, with paying users. You've decided to distribute content to your users by running a Gnutella-style network. How do we make sure that only paying users can get our content? After all, it's an open network.
We start by sending some sort of magic timestamp-thing to all of the paying users. I didn't read this part in much detail. Anyway, the paying users can all identify each other somehow. They mention that it maintains privacy.
Some of your paying users (the "Clients") are good, virtuous folk, and they're running the Happy Authorized Gnutella software you gave them. Others (the "Colluders") are running Evil Hacked software. No matter what you do, the Colluders are going to send chunks of your precious data to the "Pirates" (anyone who hasn't paid you).
Normally, we'd expect our Clients to ignore requests from our Pirates. This paper instead suggests: let's obligate the Clients to send poison data to the Pirates! The Pirates won't know which chunks are bad; they'll only find out that the file is corrupt once it's finished downloading. The Pirates won't be able to get a good copy, and they'll give up and go away.
And there's one other great thing: we can set up *fake* Pirates, and check which users aren't giving out the poison they're supposed to! So we've served data to all of the Clients; we've identified all of the Colluders; and we've defeated all of the Pirates.
(Bittorrent has data integrity checks for every chunk, instead of every file; that's why it's not vulnerable to this attack...I mean business model).
In summary: This paper describes a way that a company can charge for distributing their own content on a peer-to-peer network. It only works if they control a centralized "transaction server" thThat's why no one has ever at organizes the entire network, and if they control the software of all the "honest" people. They can't destroy our existing networks with it, and it doesn't prevent anyone from turning around and posting the file to BitTorrent once it's downloaded.
The tone of the paper is definitely not as neutral as I feel it should be. What they're trying to say is "there's no obvious way to charge people for running a Gnutella server, because pirates will eat your lunch. But we think we have a way." But it definitely feels like they're putting moral force behind what's really a network algorithms result.
They already tried this about five years ago with poisoned servers. What happened? The Kad search mechanism was adopted and the servers were useless.
The same thing will happen here, the protocol will change, the poisoners will have wasted a lot of money and achieved nothing.
No sig today...
Lets me see if we substitute "not approved by the fearless leader" for "unlawful copyright violator" how does that change the what they are doing?
IMHO this is yet another attempt at FUDD to scare off people who would spread ideas that those in power do not like.
The enormous success of these approaches can easily be seen by a quick check of Emule/Bittorent which shows over 6 million users right now.
I once accidently did a minor DoS attack, when I was starting to write my own P2P client for the Kad network used by eMule, etc. it kept returning the same IP in response to every directory lookup.
Sorry to whoever had 127.0.0.1 back then, if your connection went down it was my fault.
(I don't remember the actual IP)
Note: This attack does not work on open networks as described. The abstract is in error.
They're actually describing the design of a large number of authorised, trusted (paid?) clients, and collusive content providers, indexed for some reason in an open network, but trying to poisoning that open network if it asks for the same.
Riddle me this - why the fuck would such a model not just form a closed network and "solve" the problem that way? (Of course, true Judas nodes are undetectable, leaking a highly-colluded file or master file immediately afterwards, rather than concurrently.)
GossipTrust has various flaws I'm not going to talk about here; let us simply say, gossip is unreliable, and susceptible to as many attacks as it is in real life. :)
Further, it's possible for the rest of the network to collude in the exact same way to detect the fake nodes and drop them off the face of the network, using the same thing. Which they do, because a few nodes tried this attack about five years ago. So, the colluders will be partitioned out into a separate network anyway.
Receive a single poisoned chunk, which is in fact detectable with a single TTH leaf (they have completely forgotten that Gnutella as it was originally defined no longer operates, and in fact TTH is widely pervasive and, due to the smaller block size, many times quicker at spotting corrupted chunks than torrent's often 512KB/1MB SHA-1 list is, although torrent also has a TTH extension now), and all modern P2P network designs will "shitlist" you, which will spread as fast as your chunks do.
How'd this piece of shit research ever get published in the IEEE journal? It's worthless, its conclusions are questionable, you'd be laughed off the stage talking about this at any security conference. Turn it around and talk about detection, but don't pretend this is practical at all.
I'm part way through the research paper, the article summary is just plain wrong.
There is no vulnerability here. They CANNOT poison Gnutella, KaZaA, and Freenet, eMule, eDonkey, Morpheus, or any other existing network with this technique. To quote the paper: Presently none of these P2P networks has built with satisfactory support for copyright protection.
The "problem" they want to "solve" is that existing networks to not possess adequate support for poisoning attacks. This paper proposes creating a NEW additional P2P network. They propose deliberately building in special support to ENABLE poisoning attacks.
While I'm sure the RIAA will eagerly read it over while dreaming of world conquest by releasing their own deliberately crippled "legal P2P network" where they get paid for each authorized client-to-client transfer. As far as most readers here are concerned, this is a completely non-newsworthy story, the contents of this paper are completely irrelevant and harmless. There is absolutely nothing new or surprising about the fact that you can deliberately make your software insecure and you can deliberately leave it vulnerable to poisoning. Yes, a P2P new network could be built Defective By Design.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
There is no need for existing protocols to change. This paper cannot be used to attack them. This paper proposes a new paid-P2P network, one deliberately designed to give a central authority (the RIAA) the power to poison the system.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
That's the empression I got too but that still creates a massive "WHY?" in my head.
Why the need for a 'private' P2P network that's not really private at all? If 'pirates' can get into your network, the problem isn't solved by poisoning.
Even if the content providers used a public network, there must be a better way, such as encryption and key exchanges.
And... And this is the killer: it only takes one person to move content from a 'private' network to a public network and they're fucked.
This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
People use bittorrent for small files all of the time.
*knock on Pirate Bay's office door*
"What the hell is that?"
*Hannigan the traveling salesman enters*
"Good evening, little girl, is your mommy home?"
"Dude, this is the pirate bay office."
"No worries precious, I'm sure your birthday party can wait a few moments longer until the dreadful pointlessness of existance crushes your youthful hopes and dreams like mine have been two decades ago, leaving me a hollow broken shell of a man seeking solace in cheap whores and nickel whiskey shots on hungarian hobos."
"Who the hell are you?"
"Hannigan's the name, and I'm here to offer you a great product - it's Peer to Peer Protocol Poison, or 'Pee Pee Pee Pee', from Doc Poison's computer destroyers. When there's traffic that needs destroying, it's Doc Poison or arson!"
I only use the eDonkey network for small files (music, images, books), and BitTorrent for the big ones, so that thing won't even affect that.
The only bad thing is, that now rare bigger files (like lossless music, very specific software, etc) will be hard to get.
But I really do wonder. Because as far as I know, no network out there works without checksums. So poisoning will be detected, and then circumvented (e.g, manually).
Any sufficiently advanced intelligence is indistinguishable from stupidity.
One problem with bittorrent is that it has a centralized tracker. You see what is happening to The Pirate Bay.
This may be of interest.
For those who can't be arsed to follow the link:
Reply to That ||
The paper has tons of English grammar mistakes and typos. I also noticed several semantic mistakes, like calling p2p clients "networks", and using the word "swamp" when they obviously meant "swarm". They also repeated the "this won't work against FTP/email/DVD-in-mail" paragraph at least 3 times in the first two pages.
Doesn't IEEE have some quality standard for their publications?
Anyways, I got bored of reading this thing after the first few pages (maybe that was their intent?). In short, they propose a custom p2p content distribution system, or augmentation of existing p2p software. The main servers would do the management, and users would do the decentralized distribution part.
Their system adds some sort of authorization mechanism: after purchasing something you get a receipt, and you use that to connect to the network via a (company-controlled) bootstrap node. You have to continuously refresh your auth token against this node. And somehow this token lets anyone recognize a legal/illegal download request. And the poisoning part is there to stop clients that skip the authentication process (both producers and consumers). Does anyone feel like examining their method in detail?
Insightful comment, but maybe by first installing a 'private' (or 'commercial') P2P network these conglomerates feel entitled to push for stronger restrictions on public P2P networks since there should be no need anymore for them (since all legal free download will still be available, but controlled).
Their logic may go like this
1) getting scr**ed by public P2P
2) establish several private P2P
3) go to congress with argument that there is no more need for public P2P
4) public (uncontrolled) P2P becomes illegal
5) profit !!!
There is no need for the ????
is that you don't know who your peers are. They might not even be "peers" in the everyday commonly-understood sense.
Solution: remove anonymity, or at least replace it with pseudo-anonymity. I don't know who the guy that signs his chunks with keyid 0xDEADBEEF is, but I know he's never sent me garbage in the past. The owner of keyid 0xF00C1000 sends me chunks that don't match up with the rest of the content. My computer has a hard disk. It can remember things like this.
Gnutella blacklists mediasentry IPs. IPs are ephemeral. What they ought to do is use a signed protocol, and blacklist bad signing keys. Or better yet, greylist everyone by default and whitelist the ones who show a history of integrity. No wait, program the client to do all that, and don't distribute any lists at all.
"Believe me!" -- Donald Trump
The Gnutella community began discussing the use of Tiger Tree Hashes over eight years ago, and I can't think of a major Gnutella "servant" that does not have tiger tree hashing - Limewire has it, Bearshare has it, Shareaza has it, Gnucleus has it, and GTK-Gnutella has some support for it.
While this paper says it was revised in April 2008, it seems to have been completed in September 2007. In their references, only one paper referenced is from 2007, while they have several references to papers, articles and events in 2006. Thus, it is likely a lot of this work was done in 2006 or before (three years ago), with a little brushing up before it was submitted, accepted and published in a journal.
I am not much interested in the legal aspects of someone sharing a Jonas Brothers or Britney Spears mp3, although of course I think it is absurd that p2p developers are being sued by the RIAA/MPAA mafiaa, because among other things, if they're law-breakers, then people who develop ftp servers, or web servers or IRC clients with DCC file sending could be charged as criminals as well. I have spent a lot of time looking at RIAA/MPAA organizations, and am fully convinced they are not after just pirates, but anyone that threatens their profits, including independent labels and artists who might circumvent their monopoly on the commissar-like monopoly of the marketplace of ideas and art. The excellent documentary "This Film is Not Yet Rated" shows how the MPAA not only imposes de facto censorship, but how it uses its power to shut out players outside of the major studios. We don't even know what a network of free citizens using peer to peer to share files, videos, music, web pages and the like would be like, since developers are all legally threatened and stopped before the technology can even get off the ground.
Putting that aside, I do not think these poisoning attempts are all bad because they allow for a more robust p2p (and Gnutella) protocol. People are poisoning file chunks? Gnutella puts in full file SHA hashing, and later partial chunk tiger tree hashing. People are using misleading file names so that people will download junk instead of what they want? Gnutella servants implement file ratings, allow junk files and junk serving hosts to be marked as sources of junk and so forth. Everything the p2p well poisoners have come up with has resulted in a counter-foil which strengthens Gnutella and p2p. The structure is already in these programs to foil all of this, if it is not up to the 99% or so level its just because the poisoning has not been at a level to up it to that much robustness, the structure and classes are already there in the programs, and the methodology is already within the protocol, so if the mafiaa goes all out on this path, it can be countered. But of course, it is necessary to the RIAA/MPAA mafiaa on the legal/political front as well, that they can go after p2p developers is ridiculous - if we're liable, who is next? It's one step from legal mandates for DRM in all devices so some corporation is the one who controls your machine, not you, and all of that garbage.
Companies like Overpeer developed effective P2P poisoning over 7 years ago. Which means they didn't do much research for section 2.2.
(note: I'm posting this as A/C because I not only worked for Overpeer, I actually designed and developed the system used for P2P poisoning which is unpopular on Slashdot. Though people are often under the misconception that we would protect anything and everything, as opposed to just protecting copyrighted material we were paid to protect).
Overpeer's software was VERY effective, and supported many different protocols. While they are correct with some basic points (eg. the hashing and chunking of various networks), their approach could never be financially viable or sustainable.
First, they disregard the fact that making it harder to FIND a pirate file is much more economical than poisoning the ones that are out there. If there are 1000 results out there, and you can manage to be 985 of them, each with a high number of 'sharers', then you never need to send a single byte of the file, just have all your clients be 'busy' and put the client on queue. Most people will think they'll get the download soon enough, and eventually will give up and possibly search again, with the same chances of finding our systems again. note: for some P2P schemes, like BitTorrent, where the search is not part of the network infrastructure, poisoning is the only thing possible.
Second, Poisoning pirate files, as they state, is possible. But it is usually used as something of last resort, or something you want to have happen as little as possible. That is because it is very bandwidth intensive. The biggest cost at Overpeer was bandwidth, and although we implemented file transfer throttling and system-level throttling in our custom software, once you get into this game, especially with things like swarming downloads, you're in for a LOT of file transfers, whether you like it or not.
Third, the second biggest challenge at Overpeer was IP blocklists. IP addresses used for P2P blocking of this type have a limited shelf life, and although usually only the more savvy P2P users will implement blocklists, and they're usually not who you're trying to protect against, once your IP addresses start showing up on blocklists, you usually have to request a new block of IP's from your service provider and return the ones you have, and reassign those IP addresses to the various machines (or routers if using NAT like they do). Which means you had better have programmed for it.
Fourth, they really don't touch on some of the network self protection measures aside from the hashing and chunk hashes involved. It's all well and good to say 'we can protect anything you want on these networks', but at some point you really need to have distributed computing and emulate multiple clients from a single host. Why? Because certain networks implement certain restrictions on purpose to stop people sharing millions of files on a single client connection. For example, most eDonkey servers will limit the number of files you can share with a soft limit (anything above this is not indexed) and a hard limit (trying to share more than this will get you disconnected). So scalability becomes an issue unless you design your software to split your content into 'bite sized chunks' so to speak. Not to mention that on things like eDonkey, you get a lower priority (and often no connction) if you are NAT'd, so their methodology of using NAT without some kind of specialized software also makes no sense.
Fifth, their approach talks about modifying file indexes to have a certain signature. Doing this makes you easily detectable. And they seem to think people on P2P networks aren't good enough to figure this out. They are. You want to look as much like a regular 'pirate' as you can in this game. Any small thing, like a detectable signature will get client writers, blacklist writers and even in some cases network writers writing code that detects your signature and automatically blocks your IP from the
I think he might have been suggesting that you upload your own torrents.
I don't see how I could create a work and upload it to these trackers in order to gain credits. The first time I looked into the private tracker scene, I found some boilerplate language across a bunch of trackers running ByteMonsoon software: "If it's not on NFOrce then forget it!" or "If it's not on NFOrce or grokMusiQ then forget it!" In fact, there are still a bunch of sites using this exact notice. And as I understand it, NFOrce and their ilk track only illicit releases of major-label works from recognized release groups in the warez scene.
Ah. Well i'm not big on the private tracker scene, but at least *some* aren't so picky. Some certainly are, but that's the same for all kinds of communities i think.
I dont know any tracker that enforces ratio on a "per torrent" basis. All I've ever seen enforce a global user ratio.
If you are still seeding your first torrent, then your global user ratio must necessarily equal the ratio on the only torrent you've downloaded.
That's the empression I got too but that still creates a massive "WHY?" in my head.
I think there's two different ways to answer that. First 'll give their rationalization for it, the reason they think they are working on it, second I'll give what I think is the real reason.
The rationalization is that P2P reduces distribution costs. They hear how the technology is revolutionizing content delivery with zero cost publication, and how they are supposed to embrace the new technology and how it's supposed to save the them money because they don't have to pay for bandwidth and servers to deliver the downloads, blah blah blah.
The economics of that rationalization don't really fly. The bandwidth costs and server costs to directly deliver downloads are already a negligible fraction of a cent for non-P2P. The servers and bandwidth they'd need to play "gatekeeper" managing their new P2P network would cost a fair percentage of what they'd have to spend just to send the download themselves. But the big killer is that they'd need to keep their old direct-download system anyway for people who cannot or won't-want-to run P2P to buy stuff. They'll need to run a P2P pay system side by side with direct download pay system, and run duplicate payment systems and duplicate marketing and duplicate management and duplicating other overhead costs. The "publishing revolution" of P2P is that it's supposed to completely eliminate those things, not cause them to duplicate. The magic of P2P is that there is no gatekeeper, that you can step into any random home and borrow a computer to host a file on P2P for a half hour, then you can just turn the computer off and go home, literally zero cost and zero effort once the file gets copied onto the P2P.
I think the real reason is that the content industries are beginning to recognize that their efforts to kill P2P are never going to succeed, they are recognizing that P2P is extremely popular with their target customer base and they are envious of that popularity, and message "they need to embrace new technology and update their business models" is seeping into their brains by sheer endless repetition, so they are desperately grabbing at any snake oil hope of taming the monster. The fantasy is that if they release their own "legal" version of P2P then maybe people who like using P2P will switch over to their network and maybe the "bad P2P" monster will shrink or maybe even die away.
They still don't understand P2P and the rest of this interwebby stuff(*), but I dunno, I guess maybe it's progress. Some dim touch of reality has reached their brains and they are at least making some confused attempt to deal with it. It's a step up from their living in complete denial and having nothing more than a "Hulk Smash!" reflex.
(*) I'm sure most executives have enough IQ points to reach a basic grasp of P2P and of the internet, but unfortunately people tend to be quite skilled in failing to understand things they don't want to understand. That goes double when people have a financial stake in not-understanding something.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I'm replying a second time because I just thought of a funny alternate explanation for "why".
We still need creators, but the need for a mass publication industry is largely obsolete. Who needs publishers when the public is eager preform that job for free? Internet technology, and particularly P2P, is essentially a terminal illness for the publishing industry.
The five stages of greif:
1. Denial
2. Anger
3. Bargaining
4. Depression
5. Acceptance
They spend several years in Denial, ignoring all the technology and ignoring the internet and refusing to permit music to be sold online or on computers at all. Then they entered the Anger stage with the Hulk-Smash-Everything routine. And now they seem to have entered Stage Three, the Bargaining phase, with "Will you come back and pay us if we promise to play nice and we do your P2P thing with you?" Chuckle. I guess in a couple more years they'll hit Depression.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
This protocol will never even put a dent in illegal filesharing. When are folks gonna wake up: music and films have been free for the past 10 years and we don't ever get any closer to figuring out how to stop folks from sharing files. We win!!! Die RIAA and the motion picture industry!!