Slashdot Mirror
Questionable "Best Effort" Copyright Enforcement
pmdubs writes "Princeton University Professor Michael Freedman, creator of CoralCDN, discusses how he received around 100 pre-settlement letters in one month from various copyright agencies after invalid BitTorrent tracker requests were issued through CoralCDN's proxies. Interestingly, the participating agencies made no effort whatsoever to verify that the Coral nodes were actually running BitTorrent, which they weren't! He questions just how much effort agencies take to reduce false positives when it comes to DMCA notices. Considering the credence that network operators give to such notices (they'll often cut your service upon receipt), it would seem that the answer is 'not enough.'"
I ran a Tor exit node for a semester at Marquette University. I got DMCA takedown notices all the time, for copyrighted Britney Spears music that was apparently being downloaded through my exit node. Each time, they made me sign a letter admitting guilt to get my Internet turned back on. Fortunately, I was able to make a slightly modified letter that looked the same as the one they had sent me, but didn't actually admit anything, and they would still turn it back on.
I was following all the rules with my exit node. It was completely permitted.
Sneaking some bitTorrent traffic onto someone's network is the new, legitimized DDOS?
It would be kinda nice if they where required to get the sign off of a judge before submitting a pre-settlement offer. But thats just not how civil cases work. More's the pity, but often the defendant in a civil case needs to go to court and ask for a dismissal if the person leveling the suite has no actual grounds. Just doing so can cost a fair amount, so it boils down to "pay us or we'll sue you can it'll cost more".
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
You don't even need BitTorrent; you just register their IP address with a tracker and they get legal threats.
Bittorrent allows independent artists/authors/programmers to distribute their works at little to no cost. This is their competition. The more people find independent works (for example, creative commons music, independent video clips, Linux distributions, etc), the more business they lose.
False threats may lead to people thinking "well I better not run Bittorrent at all, to protect myself/my organization."
Not to mention that this lets sleazy lawyers "fish" for people willing to pay them off rather than prove they did nothing wrong.
From what I understand, the notices are not being sent because of traffic, but because of IP logs (which are not the same). Specifically, they look at the IP logs on the torrent tracker to identify which machines have the content. Any machine is able to register itself with the tracker and say it has any content, regardless of whether it does or not, and regardless of whether it's even running BitTorrent. That's how the guy got his printer DMCA'd - he manually registered his printer's IP address with one or more trackers.
Considering the fact that it's possible to do that, I am completely confused as to how it is possible that every single IP address that the RIAA, MPAA, Congress, or Senate uses has not been registered with as many trackers as possible. Sure, it would degrade BitTorrent performance on those trackers, but it would be worth it to have the RIAA flood the house or senate with takedown notices when no illegal activity has taken place. Then we might start to see that "under the penalty of perjury" clause get enforced.
If they aren't actually connecting to those machines and verifying that 1) they are receiving traffic and 2) they are distributing content, then they haven't exactly made a good-faith effort.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
I was thinking more along the lines of registering the MPAA and RIAA and trying to figure out how one would frame the MPAA with downloading music, frame the RIAA with downloading movies, and framing all the politicians who have passed laws allowing those organizations to use their legal tactics with child porn.
It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
Can you really register someone else's IP address? Why not modify the trackers to only allow registration of the IP address that is the source of the request? (Or am I misunderstanding how the nodes communicate with the tracker? If it's UDP I suppose you could forge the headers; why not require a confirmation message with a unique hash code be sent to and echoed back by each registered node?)
I've abandoned my search for truth; now I'm just looking for some useful delusions.
It costs more money to actually do any double-checking than it does to send a DMCA notice to anyone who might possibly perhaps maybe be violating a copyright.
They are effectively shifting the work of verification to the recipient of the letter. If you are guilty, they found their mark. If you haven't done what they accuse you of, and you will probably be indignant enough to go through some effort to correct their "error". Sending out the letters without verification requires almost no work from them, has no risk, and sometimes gets them money. Verification would only add more work with no payback in reduction of risk or increase in monetary return.
I am surprised more people don't see this as a shakedown racket. Also, since the RIAA gets money in return for the cost of a trained monkey running mailmerge in Microsoft Word, I don't see why they haven't purchased an electronic copy of the phone book so they can simply send out letters to everyone in the country.
Yeah, I'm not sure about the technical details of the BitTorrent spec, but I do know that one fellow was able to register his printer's IP as a proof-of-concept. It could be that he assigned the IP to a computer temporarily, but I think that would defeat the purpose. He ended up receiving 9 takedown notices on his printer though.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
I like the way you think! Maybe we should wait for the 3 strikes laws so we can take the government and every major corporation of the net for good.
Might I suggest the IRS as the first govt IP addresses to get added
Divide a cake by zero. Is it still a cake?
guilt is assumed, it's up to to to prove your innocence.
That is why the DMCA and current copyright enforcement laws are a complete slap in the face to our most important rights.
The Kruger Dunning explains most post on
register FCC, NSA, and FBI, and various senators (sponsors of the DMCA in particular) IP addresses and see how fast the DMCA is repealed. :)
Yes, you can: the UDP tracker protocol.
Can't recipients of false DMCA claims charge the sender to be fined, or to collect a fee from them?
This is directed at both the parent and the GP: Did you guys even RTFA? Of course not, this is Slashdot.
As TFA says, most trackers DO ignore the IP, and do actually use the one that is the source of the request. So, when you make the request through a proxy, the tracker records the proxy's IP. The proxy isn't running BitTorrent. The proxy gets a wrongful take-down notice, because nobody ever checked to see if the IP in question was actually running BitTorrent and serving illegal content.
I know you're specifically mentioning the printer here (which would still be easy to do... unplug the printer, use it's IP to register with the tracker, plug printer back in), but jesus fucking christ... how hard would it be to just check the article to see if what you're asking was covered, before running your mouth off and sounding like a retard?
I recall that one of the things built into the DMCA to get it to pass is some fairly harsh penalties for sending out false notices. There have been many documented false notices now, but has anyone actually been hit with a penalty for issuing a false law?
It's not a just law. It's an extortion racket. Those using it are not sticking to it themselves when the use it as a blunt instrument. It will get worse until companies get fined and people get fired for these instances of "demanding money with menaces" which would put private citizens in jail.
Exactly ! We have the right to enjoy correct grammar and vocabulary.
I think the answer is absolutely no effort at all. Here is a notorious example where a busybody associated with a professional writes' association sent out a slew of automated DMCA notices, including some totally erroneous ones that caused authors' work to be taken down after they had intentionally put it up. Actually, they appeared to the service providers to be DMCA notices, but the guy who sent them out now claims that they weren't; this is because a real DMCA notice is supposed to be sent under penalty of perjury.
I experienced one of these myself recently. I've written some books that are under CC licenses, and various people have (totally legally) posted copies of them on Scribd. I got an email from Scribd saying that they got a DMCA takedown notice from a publisher for one of my books. Turns out that some contracted in SF hired by the publisher issued the notice without checking carefully. Apparently the title was similar to one of their books. They didn't bother checking the name of the author. So they're going after me for violating the copyright on my own book. Great. I called the contractor in SF, and they said, "Oops, never mind." So theoretically they've exposed themselves to prosecution for perjury. If I called the DA in San Francisco or in my own jurisdiction and asked them to prosecute, what do you think the chances are that they'd do it? Zero, I'd guess.
I wonder if anything the EFF can do about this in the courts. It really sucks.
Find free books.
I'm actually trying to understand the point that you're attempting to make, but it seems your head exploded and what appears to be your brain is... Everywhere!
I hate printers.
I tried to read the fine article, and got the following: Your organization's Internet use policy restricts access to this web page at this time. Reason: The Websense category "Proxy Avoidance" is filtered. URL: http://www.freedom-to-tinker.com.nyud.net/blog/mfreed
How hard would it be to check you facts before insulting people, running off your mouth, and sounding like a retard?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
From what I understand, the notices are not being sent because of traffic, but because of IP logs (which are not the same). Specifically, they look at the IP logs on the torrent tracker to identify which machines have the content. Any machine is able to register itself with the tracker and say it has any content, regardless of whether it does or not, and regardless of whether it's even running BitTorrent. That's how the guy got his printer DMCA'd - he manually registered his printer's IP address with one or more trackers.
Well, my office has some high-end canon printers. The print rendering engine is a custom linux computer with some dedicated hardware and a full range of software that runs on it. I'm sure with a little work I could get it to run BitTorrent!
Probably void the warranty though...
register FCC, NSA, and FBI, and various senators (sponsors of the DMCA in particular) IP addresses and see how fast the DMCA is repealed. :)
This is actually a very good idea IMHO. You might want to add a few Federal judges and maybe even a few Supreme Court judges. The LEO's and TLA's...maybe not such a good idea. They don't have a very developed sense of humor. Besides, I would think that they'd be more likely to try to keep it quiet, and public outrage by VIP's...preferably with some power to change things...was the point, no?
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
The incentives for sending the takedown notice are multiple, and there are no consequences when you're wrong. At least, none that anyone pursues.
Hate me for the comparison, but this is exactly what happened to Gov. Palin during and after the 2008 presidential race. A handful of people filed baseless ethics complaints based on an Alaska law she helped pass to bring sunlight to government corruption. They filed complaints, and filed more of them. Sometimes for really stupid stuff (read the book). I mean, why not? There are no consequences and no costs (other than your own time) for doing so, even if you're just making shit up. The result was that the Alaska state government was virtually brought to a halt by the paperwork. Yes, "good" whatever. That isn't the point.
The point is that if filing DMCA take-down notices, ethics complaints, or lawsuits without merit or basis have no consequences then our legal system is a joke. If you're an asshole, trying to use the legal system to bully someone either negligently or maliciously, then you should face your own medicine. If you file a patently ridiculous lawsuit and lose, you pay damages. No more of this BS of tying up individuals and businesses for years in legal wrangling until the "defendant" cries uncle. This also includes the extortion "settlement" letters by RIAA, MPAA, and the BSA. If you don't make your case, you pay. If you've filed a claim you know to be false, then you pay double. Simple.
There is very little future in being right when your boss is wrong.
http://torrentfreak.com/automated-legal-threats-turn-piracy-into-profit-090628/
The company that sent those notices is very gray at best, quite illegal at worst.
It seems to me it ought to be defamation to accuse someone of a crime without making an effort to check that it's true, and run around telling his access provider.
These posts express my own personal views, not those of my employer
register FCC, NSA, and FBI, and various senators (sponsors of the DMCA in particular) IP addresses and see how the law doesn't apply to them, only to citizens like you. :)
FTFY. We all know the law is their weapon to wield as they wish, and it won't be turned against them.
Do what thou wilt shall be the whole of the Law
Most people might say something like "I couldn't read TFA, but..." ... so how would anyone be expected to know that your organization is too lame to let you read it, when pretty much everyone else can? Because the very reasonable and most common assumption would be that you could read the article, and that you were just being a typical user and not reading the article.
Since you were blocked from the article, I do sincerely apologize for getting at you for not reading the article when you weren't actually able to. Peace?
As the article points out, these practices are identical to the lax enforcement practices described last year on slashdot and elsewhere.
The use of indirect evidence as "proof" of downloads is known, the interesting bit here is that in spite of pushback from ISPs and users, industry practices have not changed.
Perhaps this (and the widespread lack of privacy in cloud-based services generally) will drive more users to privacy-preserving data sharing options, such as OneSwarm.
I tried to read the fine article, and got the following: Your organization's Internet use policy restricts access to this web page at this time.
Reason:
The Websense category "Proxy Avoidance" is filtered.
URL:
http://www.freedom-to-tinker.com.nyud.net/blog/mfreed
How hard would it be to check you facts before insulting people, running off your mouth, and sounding like a retard?
That's because the article actually links to a Coralized URL.
The original URL is at: http://www.freedom-to-tinker.com/blog/mfreed
No problem. Sometimes people just need to check their assumptions.
I still think this is a flaw in the tracker protocol; if I registered through a proxy and it used the proxy's IP address, then the proxy wouldn't know how to forward incoming requests to me. Does this mean you get zero torrent uploads just be going through a proxy? Also, if no one can actually download the content the tracker is advertising you as having, then no one is really guilty of "making available" copyrighted content, and there should be no case. I agree with others that they should actually attempt a download before filing court papers. Is it a violation of copyright law to advertise copyrighted content for free when you are never actually providing it? Sounds like simple fraud to me, but since nothing of value has actually changed hands, again it doesn't appear actionable.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Thanks.
It's definitely a flaw in the protocol. The article's author mentioned that he couldn't understand such an oversight. Torrents basically don't work if you're using a proxy.
You definitely bring up some good points about advertising content while not providing it. I could post a link to "The Dark Knight" and post a picture of my own creation, or even just a 404 error. I doubt they'd send me a notice for that... so you would *think* they shouldn't with a torrent either... good question. I don't think I'll be the one to test it in court, though. I'm just not interested in bringing down a bunch of legal bullshit, even if I'd win, just to prove a point :)
...requests to BitTorrent trackers can also use CoralCDN, as these are simply HTTP GETs with a client's relevant information encoded in the tracker URL's query string, e.g., http://denis.stalker.h3q.com.6969.nyud.net/announce?info_hash=(hash)&peer_id=(name)&port=52864&uploaded=231374848&downloaded=2227372596&left=0&corrupt=0&key=E0591124&numwant=200&compact=1&no_peer_id=1. Notice that the HTTP request includes a peer's unique name (a long random string) and a port number, but notably does not include an IP address for that client. It's an optional parameter in the specification that many BitTorrent clients don't include. (In fact, even if the request includes this IP parameter, some trackers ignore it.) Instead, the tracker records the network-level IP address from where the HTTP request originated (the other end of the TCP connection), together with the supplied port, as the peer's network address.
In this case CoralCDN was effectively acting as a proxy - the IP address wasn't being falsified. Although these guys did appear to have some luck with falsified IP addresses: Why My Printer Received a DMCA Takedown Notice.
The RIAA is too stupid to remember that when dealing with IPs.
$ make available
how hard would it be to just check the article to see if what you're asking was covered, before running your mouth off and sounding like a retard?
Oddly enough, almost all of the information I got (aside from the printer story) came from what I understood from the article.
Sigh.. I'll try again tomorrow I suppose.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
If you could get your printer DMCA'd for distributing Office Space, I would consider that poetry.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
s/printer/fax machine :-)
Better yet, let's create a web site where anyone can submit an IP address for this service. Then, let's post a link to it here on Slashdot.
You misunderstand.
1) RIAA sends letter to NSA.
2) NSA ignores letter.
3) ??? 4) Profit!
And how would congress react to that? Outlaw the use of software that isn't internet approved! Increased penalties for forging IP numbers!
You can get torrents to work with a proxy. You just appear to be behind a firewall, so only connection your client initiate will work.
He questions just how much effort agencies take to reduce false positives when it comes to DMCA notices.
Hasn’t he got the memo? Doesn’t he get anything at all?
I didn’t think that there still are people out there, who are so incredibly naive, to believe, that the point of those DMCA notices is, to stop you from copying the music!
No. Everybody realized for a looong time, that the whole point is solely, to make money!
I mean, if you realized it, it’s so obvious! The whole point of a business is to make money. Since when does it matter, how and by which means? At the end of the day, the most successful strategy of making money, is what will be done. That’s natural selection... kinda.
How can he call himself an expert, and not know that?? Seriously! It boggles the mind!
I’ve seen it twice: Even if you started to pay money, but stop right in the middle... you’ll never hear something from them again. It already was profitable. Now the effort would be bigger than the profit. So they won’t take any further actions.
From practical experience, I know that the best experience is, to simply tell them to get lost, that you are an expert in the area, *know* that they got shit, and will kick their ass to hell and back if they ever contact you again.
Sometimes, they will not stop at a letter from a lawyer, but try some pseudo-scary shit. Like a letter from court and such. Just send a letter back that you completely disagree with all claims. Because then they have to come up with some proof. Which they can’t. 99% of the time, that’s it. In rare cases, they come up with fake “proof”. Only in these cases, hope that your judge is not a total backwards retard.
But I don’t have to tell you that it’s better to live in a country with competent courts, do I? ^^
Any sufficiently advanced intelligence is indistinguishable from stupidity.
I predict some politicians with huge loads of torrented child porn (with sound tracks out of commercial music) on their PCs. ^^
The best way to get to their computers, is to become the technician, and make it a time capsule which goes off some random time when you’ve left and are forgotten. Don’t try any office computer shit. Their *private* computers are where you should do it. The security there is basically zero.
Get yourself and a friend invited there. The friend distracts them, you stick in the USB stick, run autostart, pull it out, and done.
Because of the incubation delay, you’re out of the question.
Now all you need is social engineering to get him to invite you. ^^
Think about what he wants. Learn to understand him. Fulfill his greed. Has he prostitutes coming over? Does he buy drugs? Those are sure shots. But really, any weird thing that he really wants, will make him open up. Easy peasy.
No, I am not a special agent, and I have better things to do than such stuff. :)
I recommend reading some leaked CIA manuals though, so they can’t pull this shit on you. ^^
Any sufficiently advanced intelligence is indistinguishable from stupidity.
If you remove the .nyud.net suffix on the hostname, you will no longer be using a proxy, and your work's Websense configuration might allow you to read the article.
or thieves like you could stop leeching music from everyone else who pays for it.
I'll only leach from people who haven't paid for it then. Fair?
What's a correct vocabulary ?
If it is an extortion racket, should the perpetrators not be charged under RICO?
I meant 'you will no longer be using a mirror (for "proxy avoidance")', not 'you will no longer be using a proxy'...
People keep bringing up the idea of using Senator's IP addresses and so forth to get them caught, but the reason this doesn't happen is simple, even if you did, big media would let a Senator get away with it for exactly the reason they want to keep abusing these laws.
When they ask the ISP for the IP address and are given "Senator Joe Bloggs, 1 Senator Street, Senatorville" they will just discard it and allow the Senator's kids to keep infringing.
The laws doesn't treat everyone equally unfortunately, and in civil cases like copyright infringement it's down to the accuser to decide how and to who the law should be applied. Even in criminal cases this is the case- why do you think pop stars can consistently get away with taking hard drugs like cocaine in front the cameras without so much as a slap on the wrist, whilst the guy on the street gets busted for a few grams of weed?
The fact is, the law barely even applies to the rich and famous.
If you want to make an impact, the real key is to get someone to put up content you have produced and put the IPs of music industry execs and so forth on that, so that you are in control of who does and doesn't get punished. In this scenario you'll probably still lose because of the afformentioned problem that the law is never applied fairly, but at least you've created a precedent that a case based on such data is not proof of any actual infringement.
Meaning downloads would work, but not uploads,,, which violates the basic principles upon which bittorrent is based.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Two people behind firewalls (or proxies) will not be able to connect to each other, but beyond that, everybody can still connect to everybody. It still works, and doesn't violate any basic principles upon which bittorrent was based.
People are doing this. Log in to your favorite tracker and find peers that "have the content" but will send it to you.
As for the filtering, yes there is an obvious "dont send hatemail to D.C." rule which is manually instituted.
-- I was raised on the command line, bitch
A friend of my a lawyer specializing in representing clients attacked with legal letters (Germany) says that the practice is so wide spread that not only courts are overloaded but lawyers representing the blood suckers have work for years so lets look at the bright side: at last we found an activity that is not going to be off shored to China that soon.
It looks to me that copyright enforcement is going quite well.
In this case CoralCDN was effectively acting as a proxy - the IP address wasn't being falsified. Although these guys did appear to have some luck with falsified IP addresses: Why My Printer Received a DMCA Takedown Notice
Well, he was wrong about one thing...
...he surmised that these "content providers" (the RIAA/MPAA) would actually change and upgrade their "investigation" methods.
That's proven to be untrue... ah well. All the more cannon fodder against them.
StarTrekPhase2 - The Five Year Mission Continues!
does downloading/uploading files chunks (not having the whole file) hold as copyright infringement ??? or in other words the copyright is on the a file as a whole (??)
Participating in a torrent swarm that prohibits getting 100% of any file from one unique source, if one reasons in 1:1 nodes relations. that gives exchanging random bits of data not belonging to any one that IF assembled correctly may give you a file u can use. would the exchange of those random bits/bytes constitute a copyright infringement.
Well sure, the MAFIAA might get the smack down from law makers eventually. But all they'll need to do is add something to their code that attempts to the suspected client and see if they really are running a torrent client and seeding files. That would quickly shut down whatever ruckus you would like to cause.
You know that's what I was wondering too.
The guy who wrote the article seems to have about as clear a case as one could imagine that the copyright owners are perjuring themselves - AND and interest in the rule of law AND (maybe) a university to foot his legal bills. Can an individual pursue perjury charges, or do they have to be brought by the state?