Forensic Investigator Outlines BitTorrent Detection Technology

NewYorkCountryLawyer writes "In one of the many BitTorrent download cases brought by pornographic film makers, the plaintiff — faced with a motion to quash brought by a "John Doe" defendant — has filed its opposition papers. Interestingly, these included a declaration by its 'forensic investigator' (PDF), employed by a German company, IPP, Limited, in which he makes claims about what his technology detects, and about how BitTorrent works, and attaches, as an exhibit, a 'functional description' of his IPTracker software (PDF)."

Track me

Posted from 127.0.0.1

Re:Track me

aha so you are at home !

Anonymous is really at 0.0.0.0, try looking there

Re:Track me

[Lumpy]

Only the old farts....

00:00:00:00:00:00 is where the hip anons lurk.

Re:Track me

[zoloto]

Kids these days don't know about ::1 I take it?

Re:Track me

I got you, but your ping is 0! MOM! Get off my intrawebs!!!!

Re:Track me

By the prosecutions own admission, doesn't this tracker violate the law too? I mean he "interacted within the same swarm" right?

Re:Track me

[_Shad0w_]

I suspect the argument would be that he had licence to do so from the copyright holder.

IPTracker Based on Shareaza 2.4.0.0

Wouldn't that mean that it is subject to the GPL since it is derived from a GPL based product? So, let's see the source.

Re:IPTracker Based on Shareaza 2.4.0.0

[JoshuaZ]

My understanding is that one is only required to give the source if one is distributing the product to other people. As long as the individual keeps the software for themselves, there's no requirement to make the source available.

Re:IPTracker Based on Shareaza 2.4.0.0

[hawks5999]

Source code or it didn't happen.

Re:IPTracker Based on Shareaza 2.4.0.0

If it's based on Shareaza 2.4.0.0, there's a remotely-exploitable buffer overrun vulnerability.

Fair's fair.

Re:IPTracker Based on Shareaza 2.4.0.0

[Mashiki]

I dunno about that. If something is GPL'd and being used in the courts to prosecute me, hell, even if it's closed source I want to see the source so I can tell whether or not it's tampered with.

We already do this with other forms of evidence gathering tools, it should be the same with data gathering tools.

Re:IPTracker Based on Shareaza 2.4.0.0

Sure but this would be the same whether it was GPL'd or not. I seem to recall a breathalyzer lawsuit awhile back where the closed-source designs to the breathalyzers were subpoenaed by the defendants.

Re:IPTracker Based on Shareaza 2.4.0.0

Coca-Cola made me sick. Let's see the recipe! Come on...

Re:IPTracker Based on Shareaza 2.4.0.0

Agreed. If there is no requirement to see the source the system would be extremely easy to abuse.

I have some state-of-the-art proprietary software which uses a collection of internet based forensic techniques to prove with only a 0.015% possibility of error that you have, at one point, been in possession of indecent images of children. Of course, I will not release the 1kB of source code which does all of this, but I fully expect the output of my program to be taken as evidence against you.

Re:IPTracker Based on Shareaza 2.4.0.0

Carbonated water, sugar, lime juice, vanilla, cinammon, ground cola nuts, food coloring. That's about it, mang.

Re:IPTracker Based on Shareaza 2.4.0.0

[Mashiki]

Sure but this would be the same whether it was GPL'd or not. I seem to recall a breathalyzer lawsuit awhile back where the closed-source designs to the breathalyzers were subpoenaed by the defendants.

You're correct. There's some info on that right here. (I'm too lazy to look for another link.) But, something interesting I bumped across while reading one of the lawyer quarterlies. Is increasing amounts of digital evidence is being applied to the "hearsay" rule, because the technical understanding of said evidence is beyond the general scope of the court without an expert witness to explain it. Though to a point, the quarterly was two years old, so how accurate that is today I have no clue. And that was from Canada.

Re:IPTracker Based on Shareaza 2.4.0.0

And heroin, you forgot the heroin.

mang.

Re:IPTracker Based on Shareaza 2.4.0.0

Coca-Cola made me sick. Let's see the recipe! Come on...

You could actually do that, sort of.

If you sued Coca-Cola, they'd motion that the recipe is a trade secret so can't be divulged in official documents. Instead, they will petition the judge to have you pick a third-party expert evaluator who will sign an NDA to see the recipe. If Coca-Cola agrees with your choice of expert then the expert gets to see the recipe and make a statement to the court on their official opinion of any problem with it.

Getting the formula for yourself so you can make an exact replica isn't about to happen though. You'll need a chemistry lab and do the reverse engineering work yourself.

I2P/Freenet

[nurb432]

Try tracking us there.

Good luck.

Re:I2P/Freenet

[girlintraining]

Try tracking us there.

Encrypt all you want. Traffic analysis still screws you every time. The network tries to keep latencies low, so it forwards whatever it receives onto the next hop as soon as it gets it. If you're monitoring the source and the destination, then when it gets decrypted at the destination, you can correlate that with the traversal time through the 'black box' of Tor, Freenet, or whatever... and viola, you know who sent it, when, and what it was.

This is a known problem. It's discussed at length on EFF's website. If your connections are made in bulk, at regular intervals, instead of interactively, then it's a lot harder to do traffic analysis if all the other nodes exhibit the same behavior. But as long as you're trying to be anonymous by simply using a series of proxies that are set to store-and-forward... you're still screwed.

Re:I2P/Freenet

[nurb432]

Read up on how Freenet works and you will see its not just about data encryption. Due to how it routes, and that data chunks are scattered about It also hides the source and requestors to the point that even if you are on the same LAN and sniffing packets directly you wont know for sure. Sure you can be caught using it which could be a legal problem for you depending on where you live, but they wont know if you are doing the requesting of file parts or you are just passing requests along.

I2P i believe has something similar in place but i'm still learning how their stuff works.

Re:I2P/Freenet

[lister+king+of+smeg]

that is why there is garlic routing. garlic routing is a modification of onion routing used by tor, what it does is bundle packets together so as to make traffic analysis useless. it does have greater latency but should not be a problem unless you are streaming

Re:I2P/Freenet

[girlintraining]

It's still just extra obfusciation. You can't hide the fact that data leaves and arrives at certain times, and each node forwards data as it receives it... if you can monitor the traffic, you can derive from that who's talking to who, whether you know what the traffic is or not. And somewhere, either at the source, or the destination, is a decrypted copy. Since the US government already monitors all traffic that occurs domestically, this kind of analysis is already practical and being used right now.

Don't assume that just because you can't do it, nobody can do it. That's arrogant, and it will come back to haunt you.

Re:I2P/Freenet

[Idbar]

Hey! They have the technology now. They can write a GUI interface using visual basic to track your IPs!

Re:I2P/Freenet

No, really, you should actually look up how it works and see how specifically wrong you are.

By assuming that all network protocols work exactly the same and that any suggestion to the contrary is arrogance on the part of suggester is arrogance on your part.

Re:I2P/Freenet

You are still not understanding how Freenet works. Once a file has been inserted into the network there is no single node that holds it (unless it's very small). There's no way of figuring out "who's talking to who" because there's only one computer that is talking to the rest of the network, where the desired file is spread out.

Re:I2P/Freenet

[AK+Marc]

You aren't understanding how the Internet works. If you had taps on all nodes at the same time and the data was encrypted end to end, then you would still be able to "see" who sent what when. You are assuming that "the network" is a cloud. It isn't. "cloud" doesn't exist. It's a finite number of other (likely) residential users. If one can see all the data from end to end, then, even if encrypted while in "the network", it's still visible.

Re:I2P/Freenet

[PopeRatzo]

Since the US government already monitors all traffic that occurs domestically

I saw someone on Facebook complaining about the government tracking them online.

Re:I2P/Freenet

Assuming zero chaff and completely unique file sizes.

Re:I2P/Freenet

Freenet sends constant same size chunks. There's no way to tell if you're actively downloading something or not because the node's activity is always the same. Same upload/same download. When it's not fetching stuff for you it's fetching stuff for storage, when it's not uploading your stuff it's uploading "random" stuff from storage. At least that's my understanding of it.

Re:I2P/Freenet

[Lumpy]

"You aren't understanding how the Internet works. If you had taps on all nodes at the same time and the data was encrypted end to end, then you would still be able to "see" who sent what when"

so if you do something impossible, you can then do the impossible.

Taps on all the exit nodes... That's the same as counting all the grains of sand on the beach.

Re:I2P/Freenet

[Znork]

Which is why some p2p software, such as WASTE, has modes where it will always load links wether or not there is real traffic.

If the arms race goes on, we'll end up with a constantly saturated internet with only random connections sending apparent random data, leaving any actual signal indistinguishable and drowned out by the massive amounts of random noise.

Re:I2P/Freenet

It doesn't matter what the NSA can deduce if they're not willing to provide the evidence to the plaintiff in a copyright case.

Re:I2P/Freenet

[girlintraining]

You aren't understanding how the Internet works. If you had taps on all nodes at the same time and the data was encrypted end to end, then you would still be able to "see" who sent what when. You are assuming that "the network" is a cloud. It isn't. "cloud" doesn't exist.

Are you retarded? Every router, switch, etc., has port mirroring capability. Most of those pass through telecommunications equipment. That telecommunications equipment has taps built into it. That's what most of the internet is built on. They can tap it. They do tap it. They're building a nationwide infrastructure to capture all the IP header data at each point where it enters a telecommunications network. YES, THEY CAN DO THIS. THEY ALREADY HAVE DONE THIS. THEY DO THIS ALL THE TIME. Am I getting through your neanderthal skullmeats?

Re:I2P/Freenet

[EllisDees]

No, it really, really isn't. You apparently don't know the first thing about freenet, yet feel that you somehow know enough to spout off about it. If I insert a file into freenet, it is split into many parts and distributed randomly to other freenet nodes. When someone requests that content, there is a reasonable chance that they won't get even one chunk of data from my computer. Monitoring all of the traffic between nodes buys you almost exactly nothing.

Re:I2P/Freenet

[AmiMoJo]

Not true. Such analysis is foiled by the fact that each note re-encrypts each packet and bundles bunches of them together. Even if there are no other packets available at the time the node can simply add junk data to pad things out. You see some packets go, each one possibly a bundle of more than one that but there is no way for you to tell, and see a different and uncorrelated load go out.

Tor already does this.

Re:I2P/Freenet

You monitoring scheme relies on an implicit assumption that at a time instant, there is only one user requesting file from those multiple nodes. However, in a more real scenario, there are multiple user to request multiple (and different files, in most cases) from multiple nodes. To achieve the monitoring you mentioned, you have to associate each data receiving to data sending.

Assume there is only one user to request one file from ten different nodes, then it is very easy to monitor the whole file transfer process (assuming the latency from user to each node is constant).

However, assume now there are two users requesting 2 different files simultaneously, and each file is located in 10 different nodes. Now it is very hard (or even impossible) to monitor the file transferring. To achieve the type of monitoring you mentioned, you have to distinguish follow types of hypotheses:
(1) user 1 is receiving file 1 from node 1-10, user 2 is receiving file 2 from node 11-20;
(2) user 1 is receiving file 1 from node 11-20, user 2 is receiving file 2 from node 1-10;
(3) user 1 is receiving file 1 from node 1,3-11, user 2 is receiving file 2 from node 2,12-20;
The total number of hypotheses increase exponentially with respect to number of user and nodes that working simultaneously.

Furthermore, you have to consider the fact that the latency between user 1 and node 1 is not constant. For example, in tor you can always click "use new identity" button.

Re:I2P/Freenet

[AK+Marc]

The "activity" isn't the same because your traffic is bursty, and the sum of the constant-size chunks is correlated with the activity (even if compressed/padded to hide the true exact same amount as original, I know of none that send large amounts of "random" data large enough to cover any peaks of real data, allowing information to be learned about the peaks, if nothing else.

Re:I2P/Freenet

Your comment is wrong but might be "interesting" if this weren't directly covered in the FreeNET FAQs where it clearly states that an opponent who has control over a large proportion of the network can potentially (in other words; the almost certainly are) track traffic. The reason for this is simple. If traffic comes out of a node when no other traffic has come in, then you know that node originated a request. If a request at one node always corresponds with unencrypted traffic at another node and no other node reliably corresponds (or always corresponds later) then you know that that node is originating the traffic.

Anon in order not to draw attention to your wrong post.

Re:I2P/Freenet

I'd be tempted to give you credence, only you can't distinguish between an 13th century musical instrument (viola) and a french-language exclamation (voilÃ)...

Re:I2P/Freenet

[Jane+Q.+Public]

You're overstating your case, in at least a couple of different ways.

First, being able to capture packets doesn't equate to being able to capture realtime statistics on those packets at any given moment. It takes a large amount of hardware and coordination to do that for even a relatively small bitstream... trying to do it to everybody and everything would require more resources than the human race currently possess.

Second, it *is* possible to use secure protocols that make this technique useless. Take the OneSwarm program, for instance. With it, you can set up a P2P network, and not only is it not even theoretically possible to determine where files reside on the network (they are kept in discrete encrypted chunks that reside on random servers at any given time, and which changes over time). But also, when you request a file, it is again not even theoretically possible to determine which computer on the network sent which pieces of which file.

When I say "not even theoretically", I mean unless you actually have monitoring equipment between EVERY computer in the network, and monitor the traffic in realtime. The effort would be enormous for even a very small P2P network... and perhaps even then not entirely possible.

Re:I2P/Freenet

[murdocj]

What's even worse is the government is tracking sales of tin foil so they know who has their hats ready.

Re:I2P/Freenet

If a request at one node always corresponds with unencrypted traffic at another node

Last I checked (oh, 1999 or so...), freenet has no "unencrypted traffic". Everything you request exists inside freenet as encrypted blocks. You request blocks from the network, the network delivers them, and along the way if the block looks popular, nodes will cache it so that the next request for the block can be answered faster.

So yes, if someone tapped every computer everywhere, they might see that you're putting a lot of data into freenet. They might see that someone somewhere else is getting a lot of data out of freenet. Unless they actually subvert every node though, they'd have a hard time figuring out how much stuff you're putting in is going into cache and how much stuff they're taking out is coming from cache.

Even then, I'm fairly certain (short of subverting the PCs on each end themselves) they can't figure out what's actually in the block without having the key.

Re:I2P/Freenet

did you guys know it costs $10 a month for an unlimited internet connection in Estonia. All we need to do is start sponsoring an Estonian internet connection each and send them an old laptop all setup with remote control. America doesn't have any jurisdiction there, Estonia doesn't track, and an encrypted data link between two computers tells the fuz jack all.

Re:I2P/Freenet

Just because the US government can do it doesn't mean anyone can do it. As long as the NSA isn't providing evidence to plaintiffs in copyright cases, then NSA monitoring is not a concern for your average pirate.

Even if you are a terrorist with a credible plan to nuke a major city, the NSA isn't going to be in court reveling details about how their traffic analysis identified you. My guess is the NSA will either bring you to the attention of more traditional law enforcement and they will gather evidence using unclassified techniques. Or, you'll get disappeared.

Hopefully, we'll never get to the point where people are disappeared for piracy. But, if the RIAA has there way...

Re:I2P/Freenet

[girlintrainingpants]

They can tap it. They do tap it. They're building a nationwide infrastructure to capture all the IP header data at each point where it enters a telecommunications network. YES, THEY CAN DO THIS. THEY ALREADY HAVE DONE THIS. THEY DO THIS ALL THE TIME.

[citation needed]

Re:I2P/Freenet

[Registered+Coward+v2]

Which is why some p2p software, such as WASTE, has modes where it will always load links wether or not there is real traffic.

If the arms race goes on, we'll end up with a constantly saturated internet with only random connections sending apparent random data, leaving any actual signal indistinguishable and drowned out by the massive amounts of random noise.

It's called /.

Re:I2P/Freenet

It's still just extra obfusciation. You can't hide the fact that data leaves and arrives at certain times, and each node forwards data as it receives it...

Yes, you can. You just fill the channels always; with encrypted traffic if there's traffic, with random data if there isn't. Filling the channel is known as masking; a network of filled channels was called a "pipe network" when I originally encountered this stuff in the mid 90s, but that term seems to have fallen out of use.

If the masking is not end to end, it is still possible to do a 'traffic correlation' attack - if somebody can monitor both the entry and exit point of a network pipe network (outside the actual masked network), they can correlate that traffic.

Re:I2P/Freenet

[Genda]

Waitor!!! What have you this evening in the way of skullmeats??? Why Monsieur, we have a lovely Pate cerveau de porc! Ummm, sounds yummy. Would you have anything primate perhaps... er Neanderthal? Sorry Monsieur, we are all out of Neanderthal, perhaps you could come by tomorrow evening as the chef might be willing to whip you up some nice Australopithecine?

Re:I2P/Freenet

[Fnord666]

I know of none that send large amounts of "random" data large enough to cover any peaks of real data, allowing information to be learned about the peaks, if nothing else.

That sounds like a new project. Bury the signal in noise.

Re:I2P/Freenet

[ColdWetDog]

They can tap it. They do tap it. They're building a nationwide infrastructure to capture all the IP header data at each point where it enters a telecommunications network. YES, THEY CAN DO THIS. THEY ALREADY HAVE DONE THIS. THEY DO THIS ALL THE TIME.

[citation needed]

See, we found it. Not hard.

**---__ FBI __---**

Re:I2P/Freenet

Monitoring both endpoints isn't within the powers of industry trade groups. This sort of traffic analysis can only realistically be done by actual law enforcement.

Re:I2P/Freenet

This is getting way less attention than it deserves. /chuckling

Re:I2P/Freenet

[BronsCon]

FBI agents are ttrained not ot have a sense of humor, and impoeronating one is a violation of US Federal Law. Have fun with that!

Re:I2P/Freenet

I always find it funny when I see the scary scary FBI warning at the beggining of DVDs here in Canada, but then again, I'm not behind 7 proxies so I shouldn't act too smug.

Re:I2P/Freenet

[girlintraining]

It takes a large amount of hardware and coordination to do that for even a relatively small bitstream... trying to do it to everybody and everything would require more resources than the human race currently possess.

o_O Already exists in Europe: It's called the Data Retention Directive. This exists now. Today. And it requires very much less than "all the resources of the human race". In fact, it merely requires an extra 1U unit here and there at the border routers for major ISPs, and sometimes an extra fiber link to duplicate traffic.

Second, it *is* possible to use secure protocols that make this technique useless.

The protocols aren't the problem. Latency is the problem; To defeat traffic analysis, you need to continually send the same amount of traffic regardless of how much data you actually need to transmit... and at the same interval. And every participant in the network needs to do the same.

When I say "not even theoretically", I mean unless you actually have monitoring equipment between EVERY computer in the network, and monitor the traffic in realtime.

You seem to have very little grounding in network engineering. You don't have to monitor all the computers. You just have to monitor the border routers. And you don't have to story all the traffic, you just need to store the 40 byte IP headers... and if you bother to write a sniffer that stores and compresses that data intelligently... it'll actually be quite a bit less since most of the data is redundant. You only have to record the content of the packets once; Either at the first hop, or the last. Everything in between you just need the headers... and you can reconstruct the datastream bit by bit, step by step.

Re:I2P/Freenet

Freenet does appear to have some defense against this. However both Freenet and I2P appear vulnerable to anyone being able to collect a list of all IP address in use on their networks, and there are only a limited number of connections on these networks which narrows things down.

Re:I2P/Freenet

Assume 5 nodes with traffic.

name them a-b-c-d-e.

There is constant traffic from all of them, but if you have a large enough number of tapped isps you can still figure out the entrance and exit points.

If you see 102kb packet enter at A, and the 15 ms later a 102kb packet leaves at d, you can guess that they were linked.
If this happens 100 thousand times over the course of a few hours (thanks to tcp), you can correlate the entrance and exit.

if you are the point of origination (you're the one browsing), there will be times when your incoming stream and outgoing stream are sized differently.
if you recieved 100kb, and sent 170kb, and the exit node B sends 100kb and exit node d sends 70kb, than you can correlate you incoming traffic with b's exit and it's safe to assume that you created the extra 70k that exited at d.

Just because the traffic is obfuscated doesn't mean that it doesn't show patterns when enough data is collected.

Also, theres only so much padding that freenet can do before it overloads itself via forged packets.
if every node sent its data in 100kb bursts to every single other node at a fixed interval it would help prevent most of the data leaking, but then ever node would have a constant stream of data packets, and the network would be degraded.

Re:I2P/Freenet

[hairyfeet]

The problem with freenet is it has yet to be tested in the courts and the way i had it explained to me you could possibly be looking at SERIOUS TIME depending on what state you are in and how fucked up their laws are.

Let me explain: if i hand you a wall safe and tell you to deliver it for me and the cops stop you and they find dope and kiddie porn in it from what i was told it doesn't matter if you didn't have the combination because they can STILL get you for delivery. By that same token if they are hunting for CP and download a piece of the file from your system likewise, again depending on how fucked up the laws are there, every state is different, they can just show the logs and you are guilty distributing CP, again it doesn't matter if you yourself could access it, only that a piece of CP (or even the whole file in the case of pics) came from your system.

so until their encrypted store and plausible deniability has been tested in court i'd be seriously fricking leery of using it, after all how would YOU like to be the test case if the court rules against you? Most states a single CP pic can get you over a decade now, and that is if they don't pile on the charges, I don't know about you but I don't think I'd be willing to take a chance at life in PMITA prison with the label of child molestor just in the hope that the courts would show common fricking sense.

Re:I2P/Freenet

[hairyfeet]

The problem with this is damned near every ISP is going to caps which i'm sure will only get nastier, at least in the USA because by God charging assraping prices while not spending shit on infrastructure is in the constitution! And if its not citizens united will get around to it next week.

So either you 1.-pay assraping per Gb charges thanks to your pipes being loaded even when you aren't downloading or 2.-you can't download shit, either way they win.

Re:I2P/Freenet

[semi-extrinsic]

o_O Already exists in Europe: It's called the Data Retention Directive. This exists now. Today.

Do you have any references on a contry that has actually succesfully implemented the DRD? I know Germany has declared it unconstitutional, and here in Norway the "launch date" has been pushed back to infinity (it seems), as politicians and ISPs can't agree about who's going to pay the bill (and how large the bill is going to be).

Also, from my understanding of the Norwegian implementation, the DRD only requires logging cellphone and ordinary phone traffic, when you connect/disconnect to 3G or DSL/cable, and emails you send through an email provider in Norway. They're not mandating logging of e.g. Gmail, so no deep traffic inspection etc., it's the email providers themselves that have to log traffic. All in all, that's a long, far way short of logging all tcp and udp traffic, and they still can't agree about who's paying the bill.

Re:I2P/Freenet

[Cederic]

I think that same issue could apply in the UK, with added nastiness: Not only could you be prosecuted for having on your system, and/or producing/disseminating it, but you could also be thrown in prison for failing to decrypt any parts of it that are encrypted.

Oddly that latter part is the more serious concern, as it's quite hard to prove that an encrypted blob is of whatever form, so it would be tough for the prosecution to demonstrate that you did indeed have nastiness on your system.

Anyway, wouldn't there be a 'common carrier' type defence available?

Re:I2P/Freenet

Random noise is still random noise and not a behavior pattern that a human user exhibits. If you find the right criteria (which seems almost always possible in practice) you can distinguish between auto-generated noise and the actually interesting traffic. It may take more effort to do, but it does not become impossible.

Re:I2P/Freenet

[f3rret]

Try tracking us there.

Encrypt all you want. Traffic analysis still screws you every time. The network tries to keep latencies low, so it forwards whatever it receives onto the next hop as soon as it gets it. If you're monitoring the source and the destination, then when it gets decrypted at the destination, you can correlate that with the traversal time through the 'black box' of Tor, Freenet, or whatever... and viola, you know who sent it, when, and what it was.

This is a known problem. It's discussed at length on EFF's website. If your connections are made in bulk, at regular intervals, instead of interactively, then it's a lot harder to do traffic analysis if all the other nodes exhibit the same behavior. But as long as you're trying to be anonymous by simply using a series of proxies that are set to store-and-forward... you're still screwed.

TOR (and the rest of the darknets, I guess, I haven't tried them) really isn't intended for secure communication, it is intended for anonymous communication. In your example both destination and source of the messages are known which means that any hope of anonymity was lost from the start.

If you want secure communication then you need a extra encryption like a public key based algorithm or something like that.

Re:I2P/Freenet

[f3rret]

You aren't understanding how the Internet works. If you had taps on all nodes at the same time and the data was encrypted end to end, then you would still be able to "see" who sent what when. You are assuming that "the network" is a cloud. It isn't. "cloud" doesn't exist.

Are you retarded? Every router, switch, etc., has port mirroring capability. Most of those pass through telecommunications equipment. That telecommunications equipment has taps built into it. That's what most of the internet is built on. They can tap it. They do tap it. They're building a nationwide infrastructure to capture all the IP header data at each point where it enters a telecommunications network. YES, THEY CAN DO THIS. THEY ALREADY HAVE DONE THIS. THEY DO THIS ALL THE TIME. Am I getting through your neanderthal skullmeats?

In this example, 'they' is the NSA, NSA has zero interest in Tor/l2p/Freenet. The amount of data taken in by the NSA is already massive as it is and they can barely process all of it, this is a known problem for them and has been somewhat widely publicized.
Right now, the NSA being an intelligence outfit focuses mostly on gathering intelligence related to foreign relationships (they have a long and proud history of eavesdropping on embassies and diplomats) and the hunting of terrorists. So yes, assuming they had reason to believe that a terrorist was using TOR/Freenet/l2p then yeah they would start looking at those, but ultimately they would still have to first isolate the darknet packages from all the other packages they grab and then do their correlation study, so any data gathered would be after-the-fact at which point anyone with any sort of skill would have moved on and be using a different entry point next time.

The NSA is scary, yes, but they are just terrible at getting real-time data out of network traffic like this. Telecommunications on the other hand, that's a different story, that they're quite good at.

Also probably spying on China, I am assuming they've gotten decent at that too.

Re:I2P/Freenet

[f3rret]

o_O Already exists in Europe: It's called the Data Retention Directive. This exists now. Today. And it requires very much less than "all the resources of the human race". In fact, it merely requires an extra 1U unit here and there at the border routers for major ISPs, and sometimes an extra fiber link to duplicate traffic.

 

I am European, not sure you are.

Anyway as I understand it the DRD does not require ISPs to store the actual data, just the header information, so it only stores information about who is talking to who and not what they are talking about.
At least that is my understanding.
They do the same for cellphones, call-logs have to be stored for a long time, same for SMS.

Re:I2P/Freenet

[TFAFalcon]

So are ISPs responsible for the packets they deliver? Is gmail responsible for the contents of the mail they store? Is Fedex responsible for the contents of their deliveries?

Re:I2P/Freenet

[rev0lt]

So are ISPs responsible for the packets they deliver?

To an extent, yes. I fully expect that my ISP won't send packets "in my name"(by using my allocated IP address to send spurious traffic) when I'm online. That basic principle is what allow the identification of persons using IP addresses and lease timestamps. If your ISP cannot guarantee that your data hasn't been tampered with in their infrastructure, then they cannot prove they are only a bystander if an online crime occurs. That's why they go to great lengths to log everything they can that can be useful in those situations, and to wrap the service in a binding contract where you agree preemptively in taking responsability for everything that can go wrong, even if it is vaguely their fault.

Is gmail responsible for the contents of the mail they store?

Yes they are. That's why, when you sign up, you agree to a series of legally binding terms and conditions - so they minimize their legal responsability. And they will happily deliver the contents of your mail box to the authorities if requested (and probably with a detailed log of what you send and received).

Is Fedex responsible for the contents of their deliveries?

I guess you never read their fineprint either. You usually have to describe the contents of the package, and you agree not to submit a series of stuff (explosives, propellants, some types of glass, dangerous chemicals, etc) using their courier service, and they do the minimum effort to identify you (the address when they pick it up, the CCTV recording when you go to the station, etc).

Now, compare this to a hypotetical charge because of freenode stuff:
Who sent you this? I don't know.
Do you keep records of it? I don't know.
To whom did you sent it? I don't know.
You get the idea...

Re:I2P/Freenet

[TFAFalcon]

So what you're saying is the freenet needs a EULA where members declare they are not going to send anything illegal. Once that is done, everyone is free from responsibility?

Re:I2P/Freenet

[Jane+Q.+Public]

"o_O Already exists in Europe: It's called the Data Retention Directive. This exists now. Today. And it requires very much less than "all the resources of the human race". In fact, it merely requires an extra 1U unit here and there at the border routers for major ISPs, and sometimes an extra fiber link to duplicate traffic."

Then it cannot do what you implied. Elementary-level information theory says that it cannot effectively track the kind of information (packet hashes in realtime) between ANY two given network nodes, unless its resources are specifically pointed at them. Anything else would take more hardware than currently exists to support the Internet.

This is very basic, low-grade application of math and physics. You can claim otherwise all you like; that does not make it so.

Re:I2P/Freenet

[Jane+Q.+Public]

To clarify: I did not mean that it could not track any two nodes without being huge. What I meant was that it could not be big enough to store all the data such that any two nodes could be picked out at any given time. Such a beast cannot exist.

Re:I2P/Freenet

[Jane+Q.+Public]

"You seem to have very little grounding in network engineering. You don't have to monitor all the computers. You just have to monitor the border routers. And you don't have to story all the traffic, you just need to store the 40 byte IP headers."

YOU seem to have little grounding in the field. You are incorrect.

First, if the traffic is inside the "borders", monitoring the border routers is 100% ineffective.

Second, simply storing the IP headers does NOT give you the information you were implying: realtime packet hash data.

Your thesis appears to be that it is possible to trace traffic based on the timing of the packets. And that is true, as far as it goes. But you didn't think it through.

The resources needed to do that for a specific case of suspected data transfer are such that it generally must be configured for the traffic between those two specific nodes. You could simply not monitor the whole internet that way.

Re:I2P/Freenet

[Jane+Q.+Public]

Sigh. Fumble-fingering links and such on a foggy-headed Sunday morning.

Apologies. I'll try to put this all together coherently:

You can capture IP headers and timing data. This is certainly possible, no question.

However, that information alone is generally not useful, after the fact, for determining what content was sent in those packets. And the ENTIRE issue here is content.

In order to store content information, you could not simply monitor the entire internet, or even the "border routers". The amount of data is just too vast.

This is the essential problem faced by the copyright trolls: while it is possible to say that THIS party sent packets to THAT party at a given time, we only have the copyright troll's word on what the content of those packets actually is. They do not obtain rigorous proof, at all; rather, they rely on circumstantial evidence and assumptions. But even if that were rock-solid, their evidence is still weak because an IP address does not identify individuals.

Re:I2P/Freenet

[Jane+Q.+Public]

Pardon me. Bad day. The above may appear to be gibberish, or at least out of context. Please see my other reply, in which I have tried to be a little more intelligible.

Re:I2P/Freenet

[MrManny]

Austria has made it mandatory by law for all ISPs that have at least a handful of costumers since April 1st. But from that I can tell, it's just headers.

Re:I2P/Freenet

[nurb432]

Right, being discovered as a freenet user is the biggest threat that i can think of currently. ( going darknet helps, but only takes one to sell everyone out ) But, right now its not illegal in most countries to be a node, so that alone wouldn't be grounds to search your computer.

But if they do come knocking, it is running on a internally encrypted VM on a encrypted host OS, right? Perhaps even with a panic switch of some sort that quietly removes the VM in the case of unauthorized or coursed access to the host.

Re:I2P/Freenet

[gottabeme]

If a request at one node always corresponds with unencrypted traffic at another node and no other node reliably corresponds (or always corresponds later) then you know that that node is originating the traffic.

Sounds like you're confusing Freenet with Tor.

Re:I2P/Freenet

[gottabeme]

Coerced?

Re:I2P/Freenet

[nurb432]

Sorry, spell check+lack of proofreading.

Re:I2P/Freenet

[hairyfeet]

Which is why I'd be seriously leery of going anywhere near freenet until its been tested in a court of law, because as we have seen many times courts and common sense? rarely go together. Look up what happened to that guy in Florida that got a bug where the malware guys were using his connection to transfer CP, he ended up spending 3 years and over $100,000 just to clear his name. In the meanwhile he lost his job, his home, most of his friends, tell me do YOU have a $100,000+ and the ability to survive 3 years with no job if that happened to YOU friend?

The simple fact is CP has become the new 'red scare" and most prosecutors just have to say the words CP and most juries WILL turn on you so it is YOUR JOB and the job of your lawyer to clear you, but how would you argue with Freenet? For all you know you DID share CP, and a common carrier defense won't work because not only has Freenet not been ruled a common carrier by the courts (as the ISPs and search engines have) but nothing in their EULA is designed to meet the common carrier requirements, such as cooperating with law enforcement which Google and the ISPs WILL DO if given a warrant.

so I don't know about you but I'd be scared shitless to risk it. the last guy busted for CP around here got 63 years for 14 pictures, which considering he is in his 40s and has the label of child molestor in general pop might as well be a death sentence. hell of a big risk to test the courts on, don't ya think?

Re:I2P/Freenet

[hairyfeet]

Not if you are trying for the safe harbor or common carrier protections as BOTH have provisions for cooperating with law enforcement which naturally Freenet simply can't support. Your ISP, your search engine, they will be happy to hand over anything and everything to a LE official with a warrant and Freenet simply can't do that.

So again until its really tested in a court all should know they risk decades in PMITA prison and being labeled a sex offender if they don't have the money to fight it all the way through the courts and even then one bad ruling and you are fucked. kinda a lot to risk on the hope the courts will act rationally around a hot button topic like CP huh?

Re:I2P/Freenet

[girlintraining]

There's no need to decipher content. The time it was sent and the total size of the content is likely sufficient to identify the downloaded data when the host is forensically analyzed. The point here isn't to crack the network; The point is to say that "it is more probable than not that if the source had a 8.6GB file... and it was transferred to the destination, then if you find an 8.6GB file with a last modified timestamp corresponding to the last packet sent between the two, that this content is what was passed between the two."

You don't have to crack the encryption; it's enough if you can just say that a certain amount of data was exchanged between two nodes. The timing of each piece of data as it moves through the network would allow you to reconstruct this. Although Freenet does provide strong protection against certain types of traffic analysis -- you can't decrypt the content exchanged between the nodes, but you can identify which communications belong with which 'color' for lack of a better term. And if you forensically analyze the nodes, or compromise a certain percentage of them, then you can identify who is requesting what. It's not like bittorrent, you are correct -- there's no hashes and such being passed in plaintext. But complex differential analysis of the IP headers and forensic analysis of a subset of the nodes can be sufficient to say 'it's more likely than not that this content was what is actually being requested by the suspect node'.

You don't have to be certain to get a search warrant. You just need to say it's more likely than not.

Nothing new

Fairly straight forward explanation of how any one would create such an application to function. Still doesn't mention or highlight the fact they can't prove who the actual person behind the IP was.

Anyone can show what IP you're connected to as well as the few further steps to show that the content you downloaded off that person was infringing but that's never been the problem.

Re:Nothing new

[nurb432]

It cant prove who, but it can prove who's ISP account was used, and you can possibly claim that they are responsible as either they allowed it to happen, or didn't secure their systems properly.

Sort of like if you left your rifle on the front seat of your car, with the doors unlocked, and then it was stolen and used in a crime. You would be partially responsible too.

IP matching could also serve as enough 'suspicion' to be granted a warrant ( part of why they want this stuff moved to criminal court and not civil court ) for a fishing expedition. And who among us would make it thru one of those completely unscathed?

Re:Nothing new

[Grumbleduke]

It cant prove who, but it can prove who's ISP account was used, and you can possibly claim that they are responsible as either they allowed it to happen, or didn't secure their systems properly.

Possibly, possibly not. Being a legal thing, this will vary hugely by jurisdiction, but in general I'm not aware of any contested case where an individual has been found liable, either jointly/vicariously, or through negligence, for the mere actions of another using their Internet connection.

A while back TorrentFreak looked into this, getting a couple of US lawyers to argue for and against this sort of liability. Unfortunately the "for" one only discusses negligence, and the "against" only looks into indirect and vicarious liability, so both could be perfectly correct...

Sort of like if you left your rifle on the front seat of your car, with the doors unlocked, and then it was stolen and used in a crime. You would be partially responsible too.

This is where the tests for "negligence" come in (ignoring any statute law on the handling of firearms; obviously, where I'm from, possessing a rifle would probably be illegal in the first place). In common law negligence generally requires that there be some duty of care owed by the defendant to the claimant/plaintiff, that the defendant fell below the appropriate standard of care, which caused damage to the claimant that wasn't too remote.

Wrt allowing someone to use your Internet (or not securing it), it seems possible that there may not even be a duty in place (due to a lack of proximity, unless children are involved), and it would be easy to argue that the standard wasn't breached by simply having an unsecured or weakly secured network, or letting someone use a computer unsupervised (that would be far too onerous).

It would be an interesting, if pointlessly expensive, case to argue, and afaik, that hasn't been argued either in the US or the UK (the first article references a case, but I have a strong feeling that may be a summary judgment).

Re:Nothing new

[lister+king+of+smeg]

not really that would mean my collage, library, and local starbucks responsible for my torrenting which they are not.

Re:Nothing new

[nurb432]

Until its tested we don't really know. They may well be liable for what transverses across their networks.

Eventually that case will be heard.

I can say that a company can be held liable for what their employees do online.. so its impossible.

Re:Nothing new

[swalve]

"transverses across"? Ugh.

Re:Nothing new

[nurb432]

Hey, i dont proofread. its slashdot after all.

Re:Nothing new

[lister+king+of+smeg]

if they are liable then would it not fallow logically that the isp and everyone who owns a cable between my and my fellow pirates are responsible? i mean DMCA safe harbor protect them so would not the same apply to anyone allowing unfettered Internet access to others? but they don't want that because then they would have to prove you actually did copy the content they would have trace it two your MAC address but then i could simply be spoofing my MAC address. also if you have encrypted wifi then they would try to uses that as proof you did it but i can crack that with aircrack-ng. really unless they have a unencrypted access to the contents of your hard drive they cant prove you did copy anything and shouldn't be able to sue you.

Re:Nothing new

[KingMotley]

Perhaps, but having your electronics taken by the FBI for further analysis is usually enough of a pain in the ass that it might as well have been a punishment. And that of course assumes that you have nothing on anything electronic that would point to your guilt. As the linked PDFs claim, the vast majority of these cases when identified by IP address, and then served with a search warrant do indeed provide incriminating evidence.

You don't need beyond a reasonable doubt to get a search warrant, just just need probable cause. And as long a there are stupid people out there, there will always be a high probability that the guy/girl that owns is the registered subscriber with the ISP is either guilty, or someone living with them is guilty.

Re:Nothing new

[Jane+Q.+Public]

"Until its tested we don't really know. They may well be liable for what transverses across their networks."

Yes, we do know, because it's a matter of statute.

I'm trying to remember the exact name of the statute. But the "electronic something something act" a few years back, passed by Congress and signed into law, specifically says that someone who provides internet access to others cannot be held liable for the actions of those others.

Most importantly, it very definitely does NOT say that it applies only to ISPs or ISP-like companies. It applies to anybody who supplies "access". And an open router is definitely "supplying access" to other people.

Re:Nothing new

[Jane+Q.+Public]

I should add that also, according to one of the "safe harbor" provisions of the DMCA, a "provider" cannot be held liable for infringement committed by others, as long as (A) it has a policy for removal of infringing material once notified of its existence, or (B) it only passed through their network without being stored on it.

Re:Nothing new

[Grumbleduke]

In English law it is "reasonable grounds" but it is pretty much the same. But yes, there is a strong risk of the IP address being given to law enforcement, who raid the place, carry off all computer equipment and assume that they can sort through things later (there's a case referenced in the document below, at paragraph 82). Obviously this can take months or years, with the computer equipment ending up with the copyright enforcement groups.

For a more detailed look at identifying people online in criminal or civil investigations, Richard Clayton's witness statement to the DEA judicial review is worth a read, particularly paragraphs 49 to 90.

Uh-oh!

Obligatory: http://www.youtube.com/watch?v=hkDD03yeLnU

Re:Uh-oh!

Obligatory: http://www.youtube.com/watch?v=hkDD03yeLnU

It's got the first sane understanding of fair use under it I've ever seen on youtube! Amazing!

GUID

It is not possible that an allocated GUID is allocated to another user again.

I would look into this. As it is written it sounds, at least, misleading. Even if it is true this GUID thing for all P2P protocols (which I sincerely doubt), I would say that it should be spoofable directly or indirectly (compromising the machine if public key cryptography is used).

Re:GUID

[Jahava]

It is not possible that an allocated GUID is allocated to another user again.

I would look into this. As it is written it sounds, at least, misleading. Even if it is true this GUID thing for all P2P protocols (which I sincerely doubt), I would say that it should be spoofable directly or indirectly (compromising the machine if public key cryptography is used).

He is technically correct, assuming that the act of "GUID allocation" involves the correct use of a valid GUID generation algorithm by the software in question. That said, as you noted, it's remarkably easy to spoof such a GUID (in this case). His statement implies that a GUID positively identifies a user, which it does not, and is thus a misleading statement.

Re:GUID

[Local+ID10T]

A GUID is not necessarily unique. There is no central registry enforcing uniqueness. The likelihood of randomly generating the same GUID twice is extremely slim:

128-bits is big enough and the generation algorithm is unique enough that if 1,000,000,000 GUIDs per second were generated for 1 year the probability of a duplicate would be only 50%

V1 GUIDs are generated by an algorithm using the system time as a seed and ending with the MAC address. The third group of numbers in the sequence will always begin with a 1.
V4 GUIDs are generated using one of several different algorithms, and are identifiable by a 4 instead of a 1 in the third number group.

Various applications use GUIDs as unique keys, requiring only that the GUID is internally unique -although patterns can be seen in the GUIDs several applications allowing predictability of the generated GUIDs (Oracle's SYS_GUID, Microsoft SQL Server 2005, Windows Registry, GUID Partition Table (aka GPT), etc).

Re:GUID

It's worse than misleading, it is utterly wrong because guid allocation is completely handled by the client in Mainline DHT. I can write a trivial program to connect to a swarm as any guid I want, and report back to any other client that I have all, any or no portion of the file being shared.

It is impossible for anyone in the swarm to know I didn't do this, because there's no strict obligation on any client in a swarm to be truthful--the file metadata that every client swarms around defines a signature for chunks of the file. All I can do is, ask the swarm who has what pieces; and if they actually send me that piece, did it match the signature. If they report to the swarm that they have that piece, but never actually send that piece to me, I can never know if they are lying; or have banned me from connecting to them (they can do this for various legitimate reasons); or are already at capacity servicing other nodes.

All these assholes do is, write a program to search sites for torrents of a particular file name; attach to a swarm for that file; scrape the guids and associated IP's; query the swarm for who the swarm has what file portions; AND THEN SIMPLY TRUST EVERYTHING THAT IS TOLD TO THEM, BECAUSE IT'S THE SIMPLEST PATH TO WHAT THEIR CUSTOMER WANTS TO HEAR. The fact that the bittorrent protocol starts completely distrusting everything a client sends to it is irrelevant to them.

Re:GUID

[julesh]

He is technically correct, assuming that the act of "GUID allocation" involves the correct use of a valid GUID generation algorithm by the software in question.

The 'random' method is a valid GUID generation algorithm, defined by the relevant RFCs. It basically consists of picking random bits, and packing them with an indicator that the GUID was generated randomly. It is entirely possible (although extremely unlikely in absence of failures in the random number generation algorithm) for two identical GUIDs to be produced.

Re:GUID

Didn't the PDF state that they downloaded the entire file in question (i.e. the movie), or was the file he was reffering to simply the swarm information? I they acctually download the entire torrent from each user they wish to encriminate then it sounds legitimate (except that IP doesn't = person). If they're just scraping the torrent info then the program is bunk.

The word is snoops

Re:GUID

A GUID is not necessarily unique. There is no central registry enforcing uniqueness. The likelihood of randomly generating the same GUID twice is extremely slim:

128-bits is big enough and the generation algorithm is unique enough that if 1,000,000,000 GUIDs per second were generated for 1 year the probability of a duplicate would be only 50%

 
According to the PDF, the GUID is only 32 bits. So instead of a possible 2^128 = 3.4 x 10^38 possible GUIDS there are only 2^32 = 4.3 x 10^9. When you take the birthday paradox into account you need only generate GUIDs for one second before the odds of a duplicate exceed 50%. With the number of people on the network there are probably duplicates already.

Read their software specs

I've read their software specs. Seems they have some typo,

The data can only be decoded and used by the responsible lawyer, only his software contains the deciphering method and this one one in this case also secret (called "public") key.

Seems at least that one typo. At least I *hope* that's a typo.

... it is not possible that an allocated GUID is allocated to another user again.

Same could be said about MACs, and cell phone ID numbers. No one ever clones those!!!

So it seems, by their reasoning, if you go on a P2P network and clone someone else's GUID, well, then I guess the other party must be guilty, no?

Seems that even if you use Bittorrent or similar to only download Linux distros or even WoW patches, someone can just clone that and use it and then they will just send the innocent the bill?

Re:Read their software specs

[KingMotley]

My GUID seems to be faulty, an I borrow yours for a bit?

Re:Read their software specs

[julesh]

No, I don't think it is a typo. The author doesn't understand public key cryptography, which is startling as the system appears to rely on it as its guarantee of the validity of the evidence chain.

The document contains a number of dubious claims of the effects of its cryptography, including the notion that a key embedded in the software and used for signing the evidence as it is discovered is a secret key, and that the process of signing cannot be replicated without using the software because only the software has the secret key. This is, of course, utter bollocks. Any key that the software has access to can be accessed by the operator of the software by examining the software's executable files or using a debugger.

"Only the IPTRACKER program is able to create valid data"

Let me sit down with that computer unobserved for a few hours, and I'll create some valid data for you.

The author also doesn't understand the P2P networks the program connects to. To quote some stuff that stands out to me as wrong:

"Gnutella 2 works mostly like the original Gnutella network with a similar connection system"

Not really. The architectures are utterly different (G2 connects the user to 2-3 supernodes with thousands of connections each, whereas Gnutella connects to a much larger number of smaller nodes; G2 searches by examining only clients immediately connected to the supernodes queried, so the client directly queries all supernodes, whereas Gnutella broadcasts queries across the network and relays search results back to the originator).

"A Partial File Sharing function was implemented which divides files into parts. It's possible to download these parts from different knots instead of downloading the whole file from one knot."

Original Gnutella supported this. The feature called "Partial File Sharing" in G2 allows downloading of files that have not yet been completely downloaded by the source.

Hmm. Claims to get a screenshot. How?

[jimicus]

Reading the description, his application claims to get a screenshot of the "offending" computer.

How? I can't imagine that any of these P2P applications include such functionality.

Re:Hmm. Claims to get a screenshot. How?

[girlintraining]

How? I can't imagine that any of these P2P applications include such functionality.

They don't. This guy might be a programmer, but he's got bricks for brains when it comes to proper terminology.

Re:Hmm. Claims to get a screenshot. How?

[justdiver]

I read this differently. Instead of getting a screenshot of the offending computer, he's screenshotting the offending computers IP as listed on the screen. Why on earth there would be need for this mechanism, I can't imagine.

Re:Hmm. Claims to get a screenshot. How?

Of course they don't.

Optionally the screen can be capture automatically to backup another evidence

In other words, "Sometimes we hit the "print screen" key as we're using Shareaza to download copyrighted material."

Re:Hmm. Claims to get a screenshot. How?

[jimicus]

That was the only way I could see it made sense.

But the image on page 5 seems to directly contradict this view - it strongly suggests that the screenshot comes from the client.

Re:Hmm. Claims to get a screenshot. How?

Not really, if you read the "visualisation" image like that, it also implies that the client writes his own IP and signature into their database. Obviously not what's happening.

I think the image is using "//"'s to indicate that their software has taken over the information. So really the lines should go from the client to the server then be marked as screenshot, and also added to the database.

As another commenter said, the science behind this isn't hard. But holy crap they're screwing up the explanation with terrible graphics, bad grammar, typos, and poor wording.

Re:Hmm. Claims to get a screenshot. How?

The image also shows that the database is not stored on the fileserver (in fact they don't even interact with each other), WTF? There's your out, the database is stored in thin air, obviously MySQL cannot run on thin air so the whole thing is a sham!

Re:Hmm. Claims to get a screenshot. How?

[SuricouRaven]

I get the impression english isn't his first language, so some errors of terminology are forgivable.

Re:Hmm. Claims to get a screenshot. How?

[Jane+Q.+Public]

"They don't. This guy might be a programmer, but he's got bricks for brains when it comes to proper terminology."

That's not what the description said. They capture a screenshot of the MONITORING computer, which is displaying data that is presumably evidence.

That's why it goes on to say that data that is not relevant to a particular infringement is blocked from the screenshot.

Re:Hmm. Claims to get a screenshot. How?

[Jane+Q.+Public]

"Why on earth there would be need for this mechanism, I can't imagine."

There isn't. These people have historically inept at trying to produce what amounts to actual "evidence" in court. Apparently they are still struggling with the concept.

Now that court after court has ruled that an IP address does not identify an individual, they're still trying to use IP addresses to do that very thing.

Re:Hmm. Claims to get a screenshot. How?

They assume most users are using either {window XP-home-basic, Vista-home-basic-professional, Win7-home-basic-premium}, and they have not disabled the default "allow computer to be controlled by others".If you're going to insist on using microsoft-windows at least buy a version which allow you to configure it. {hint:Ultimate}

From the description:

[justdiver]

"3.1 Protection of data privacy and data security: The rack-servers are stored in a room which is locked and protected with most current security mechanisms." But it doesn't go into what those"current security mechanisms" are. My guess is that it's in a locked closet in someone's apartment with a chihuahua sitting in front of the door.

Re:From the description:

[MacGyver2210]

They also have an RSA key, which is super secure at 4096-bit...except they include the raw key in a compiled library with the software. Gee, let's see how long it takes me to find this key with my trusty decompiler and a good CS education.

private trackers solved this long ago

its why so few get nailed .....and using ssl transport protocol everythign you said is a lie.

ME - encrypted - internet - decrytped - YOU
back n forth

the best you can do is see where the traffic went
or came from and last i checked that does not get you any evidence to do shit....

aka everyone needs to force ssl on websites and force ssl on clients
then the only way is if they have a warrant ( how to get one when you cant get legal evidence ) and then seed a complete copy to people and have them all share it.

entrapment aside....tons a issues to come sideways...
all one does need do for you lil private site is make an client that WONT show any ips and ban the rest.
admins only so you can prevent ddos and other crap like that russian stuff.

Re:private trackers solved this long ago

[nurb432]

Only takes one person to sell out an entire private tracker.

Hash Collisions

[nuckfuts]

TFA states that BitTorrent uses "the so-called BiTH" hash alogorithm. Basically, his software doesn't look at filenames, it compares hash values to determine if a downloaded file is infringing.

Perhaps a defence would be to argue that a hash collision had occurred.

Re:Hash Collisions

Doubtful. It doesn't fly in normal court and it won't fly here.

Re:Hash Collisions

The defense shouldn't be 'a hash collision occured' -- the defense should be "the plaintiff needs to prove beyond a reasonable doofus that a hash collision did NOT occur." The burden of proof needs to be on the those asshats.

Re:Hash Collisions

[ThatsMyNick]

Defense has tried for a long time with DNA evidence too. It has failed more often than not.

Re:Hash Collisions

He also compares the downloaded file bit-by-bit to the downloaded and verified copy. So no, I don't think that would work.

Re:Hash Collisions

Considering there is no single publicly known SHA-1 collision, this shouldn't be hard.

Curious

Does the investigator host the files on the network that the "infringing client" is downloading?

Re:Curious

[Grumbleduke]

In some cases, I believe so. However, this would still not necessarily provide immunity from a copyright infringement claim wrt downloading from the investigator (depending on jurisdiction). You probably wouldn't be able to get away with an implied licence, as it could be argued that it is common knowledge much of this stuff is unlicensed. The point might, however, go some way to limiting the damages awarded (and any equitable remedies) if it can be shown that the only person at the other end of the connection was working with the copyright owner; i.e. there'd be no damage caused by uploading it to the investigator. Unless you're in the US, with you're lovely statutory damages...

Re:Curious

[nurb432]

It wouldn't matter, he would have permission from the copyright holder.

And if you are thinking 'entrapment', you had to go to him to ask for the file parts..

Re:Curious

He has permission from ONE copyright holder.

One. Out of billions.

And yet one... Gives him free pass to download and upload anything he wants without oversight.
Well fuck. I own one copyright. So i'm safe too!

Re:Curious

[Prof.Phreak]

Hmm... what if every bittorrent transfer also included user-generated copyrighted material going the other direction... (say a doodle that the user created during program installation, or something). Then anyone downloading it should have explicit permission of the user, no? (e.g. them: ``you're downloading thiscoolmovie.avi''... you: ``wait, you're telling me you've illegally downloaded my copyrighted doodle without permission?'')

Does The IPP Company Exist?

[andersh]

Does this so-called "IPP" company in fact exist at all? I've had a cursory glance on Google, but didn't find much of interest.

German companies are not called Limited or Ltd. if they are indeed "governed by German law", as claimed in the court declaration. Under German law it should be called "IPP GmbH". I would normally assume a "Ltd." company was based in the UK, on one of their islands or somewhere far away from Europe in general.

IPP seems to be a fairly common name in the German business register (Unternehmensregister), but none of them seem to be the company in question? Does anyone out there have further information?

Re:Does The IPP Company Exist?

[eruza]

Found their website for you: IPP International Unternehmensgesellschaft

Re:Does The IPP Company Exist?

I think they meant this company, which clearly is not German: http://www.ippltd.us/contact.html

screenshot or it didn't happen!

They haz learned that on the interwebs.

Well

[ShooterNeo]

Truth be told, the private copyright cops have no reason to lie or cheat. What they are doing is quite easy and straightforward. All they have to do is hit a major torrent site like TPB, click a tracker with their hacked version of an open source bittorrent client, and save all the IP addresses in the swarm. The rest is just meaningless fluff that costs stupendous sums of money. The IP addresses they record are by PREPONDERANCE OF EVIDENCE (meaning at least a 51% chance) guilty of infringement. 51% chance is a pretty darn low threshold to reach, and we know that millions of people occasionally pirate, so legally it's an open and shut case.

If the U.S. legal system were in any way remotely efficient or speedy, it would dispose of all these cases in a week. And if the legislature were also not so corrupt, the fines for these infringements would be in some way based on reality.

Re:Well

[j00r0m4nc3r]

the private copyright cops have no reason to lie or cheat

Sure they do. Since this is really just an elaborate extortion racket, the more IPs they deliver to their clients, the more they get paid. Their clients just file a bunch of John Doe lawsuits and hope for settlements. The more IPs they have, the more possible settlements -- false positives be damned.

Re:Well

[Grumbleduke]

Indeed. My understanding of the situation (having followed some of these cases etc., including attending court hearings) is that the tech companies get paid by the IP. Most other parties involved (the copyright owner, the legal team, the holding company that brings the case) get either a percentage of net profit, or a fixed fee. As such, it's in the tech. groups interests to provide as many IPs as they can, as cheaply as possible.

This is why they have been known to cut corners (such as just scraping a list of IPs from a tracker, rather than checking that any given IP is actually sharing the file at the particular time), or spend too much time actually looking into the technology. Interestingly, an "expert witness" in a recent English case noted that he"did not have [the software he was testifying with regard to] installed on his computer, and did not concern himself with how it worked").

In the ACSLaw leaked emails, one thing that was noted was that around 1 in 4 IP addresses that had been identified as infringing weren't even assigned by the ISP at the time when the alleged infringement occurred. That statistic, to me, suggests that something is pretty screwed up is going on with data gathering.

Re:Well

[pdabbadabba]

This assumes that false positives are costless. They aren't. Think: attorney's fees.

Re:Well

[Jane+Q.+Public]

"The IP addresses they record are by PREPONDERANCE OF EVIDENCE (meaning at least a 51% chance) guilty of infringement. 51% chance is a pretty darn low threshold to reach, and we know that millions of people occasionally pirate, so legally it's an open and shut case."

Not true. Since the courts have ruled that an IP address does not identify an individual -- and in some cases not even a household -- then your 51% gets cut down to more like 25% or possibly even less.

Re:Well

[KingMotley]

This assumes that false positives are costless. They aren't. Think: attorney's fees.

Then obviously the only solution to this problem is to make all attorney's free of charge. We have a large population of convicts that instead of stamping license plates, we can force them to be free attorney's to pay for their crimes, and they already have experience in the courtroom!

Re:Well

[pdabbadabba]

Do you have a newsletter?

Re:Well

[julesh]

Suggests ACS were just scraping IPs from the tracker without validating they actually had the data. Trackers often have large proportions of stale addresses.

Re:Well

[sjames]

The one in 4 unassigned addresses couldn't even have been in contact with the tracker. It sounds like ACS was outright fudging the data as well as not properly validating anything.

Re:Well

[julesh]

Misbehaving clients can report incorrect addresses to trackers. Some trackers don't validate the data supplied to them.

Are you on drugs?

The "private copyright cops" are operating behind closed doors, in a foreign country, with no oversight at all.

It's completely absurd that such weak "evidence", with NO proof whatsoever, is accepted in a US court.

I can claim that 2,000,000 German people are pirating my movie! Look here, I have exactly as much proof! None at all!

Oh REALLY....

[MacGyver2210]

To guarantee the immutability of the data, IP, date and time is signed with a private 4096 bit RSA key. The RSA key is included internally in the IPTRACKER program using a precompiled library and cannot be read or used elsewhere.

Challenge accepted. Now where do I pirate IPTRACKER from?

Re:Oh REALLY....

[julesh]

From their truecrypt-encrypted hard disk on a single machine in a secure location. Internet-connected, of course, but one presumes it's firewalled. Still, you may get lucky trying to exploit bugs in their network handling code when they randomly connect to your machine to see if it has data they're looking for. They don't sound competent from their description of how the system works.

Technical errors in Exhibit A

[Mathinker]

On page 7, RSA public key encryption is described, but it claims that it has "a public key with which decoding or signature checks are made possible". The typical way asymmetric encryption is described is that the public key is used for encoding and the private key for decoding. And even if somehow the broken English has inverted the two keys, the paragraph claims that both keys are used for decoding, which is silly, at least one of them has to be used for encoding. Possibly too minor an error to make a big deal over, since the algorithm seems to actually be used in this software for digital signatures, not encryptions.

A blaring error is on page 13, where (based on my understanding of the bad English) the data-block hashing algorithm of BitTorrent is claimed to be "BITH" (which I have never heard of, as far as I know BT uses SHA-1), and the hashing algorithm of Gnutella is claimed to be "SHA1" when a Tiger tree hash is used. Kind of hard to rely on a program designed to monitor P2P transfers when the description of the P2P technologies contain such errors.

Ah, he may have meant "btih" --- but my understanding is that that's used by BitTorrent to identify the whole file or fileset, not the individual chunks.

Re:Technical errors in Exhibit A

[julesh]

Gnutella uses SHA1 to identify files in search results, and only uses TTH to verify downloaded chunks during downloading. SHA1 is usually used for the final file verification, hence the fact that you can occasionally end up with a file that looks good while it's downloading but is rejected after it finishes: you got given the wrong TTH when you requested it after connecting to a client and requesting a file by SHA1.

Re:Technical errors in Exhibit A

[Mathinker]

Thanks for the info, but this only confirms that the explanation is making a salad of the two different kinds of hashes used in the protocols: the hash function used for the data chunks and the hash function used to produce unique fileset IDs.

My guess is that the software is OK and the explanation is garbled; however, in a court document, that is not going to (or rather, should not) fly very well.

Plausible Deniability...

[Jahava]

So in all of these cases, as a technical person, I can't help but wonder how they're connecting an IP address to positive evidence of a specific person's deliberate action. There are countless plausible scenarios where a person can own a number (IP address) involved in a crime and yet not themselves be aware of or involved in said crime. Some examples are:

• The defendant has (or had) an open WiFi access point at the time. The crime was committed by someone who used that connection.
• The defendant has (or had) a secure WiFi access point with bad credentials at the time. The crime was committed by someone who guessed those credentials.
• The defendant has (or had) a secure WiFi access point with secure credentials. The crime was committed by someone who obtained those credentials (overheard them, password reuse, friend-of-a-friend, etc.).
• One of the defendant's computers is (or was) infected by malware at the time, and the malware performed the crime on behalf of someone else.
• The defendant's IP address was spoofed by an employee at the defendant's ISP who was the actual party committing the crime.
• The defendant was tricked into executing commands resulting in the crime on their system without knowing what those commands were doing (jerk tech-support guy, etc.).
• The defendant's system performed the crime without the defendant's knowledge during routine execution of third-party content (Flash, Javascript) laced with malicious code.
• A friend or associate of the defendant performed the crime using the defendant's systems without the defendant's knowledge or permission.

In all of these scenarios, the crime could have been committed without any knowledge of the defendant. In some of these scenarios, the defendant has little-to-no chance to detect or thwart the crime. How does any lawyer convince any judge or jury that the person on trial committed a crime in light of this?

From a defensive point of view, what is the minimum number of compromises that one should run in their own network to provide themselves with sufficient plausible deniability from this type of thing?

• Can you prove I didn't have an open WiFi enabled at the time, or that my password was bad? What if I reset my router's logs daily?
• Can you prove I didn't have malware? What if I sold a computer recently - it must have been infected, since all of the ones you confiscated aren't - and wiped the disk prior?
• Can you prove someone didn't use my computer without my permission? What if I didn't have a password on it and frequently left it lying around work?

Furthermore, from an activist's point of view, imagine someone built a malware variant that monitored browser usage (Google, Facebook, etc.) for movie names and automatically downloads movie titles that were mentioned to a secret directory? I've now got a piece of malware that automatically, without any user knowledge or intervention, downloads illegal files that that user is interested in. What if the malware downloads new movie releases instead by monitoring public release knowledge bases for titles? Is being infected by such a malware enough for innocence? If enough people are thusly infected would the entire concept of using IP subpoenas for prosecution fall apart?

Just food for thought. I'd really like to know how someone can be held criminally-liable unless the prosecution caught them using the illegal file or captured an attributable confession.

Re:Plausible Deniability...

[Jahava]

As a quick follow-on regarding "preponderance of evidence" (and legal burdens of proof in general) mentioned in another post: If I'm infected with a downloader malware, or if I have an open WiFi point, I could argue that this points to the likely scenario being that I didn't download anything illegally.

In the case of downloader malware, if someone finds stolen art in my basement, and, upon further investigation, discovers that someone else has built a hidden tunnel into my basement and used that area to store tons of stolen art, no person in their right mind would say that I likely stole that one specific piece of artwork.

In the case of an open WiFi access point, if a car used in a hit-and-run was found parked in a parking garage amidst several other random cars, no person in their right mind would say (by that fact alone) that it's likely the parking garage owner committed the hit-and-run.

I suppose all pirates should self-infect with some malware and run open access points just for plausible deniability. Sandboxed, of course...

Re:Plausible Deniability...

[cdrguru]

So far my understanding of the sequence of events is:

1. Find an IP address that is associated with uploading materials that are not public domain. Log this as an "event" with the date and time.
2. File a lawsuit and use discovery for the lawsuit to get the owner of the IP address to disclose the account holder using the IP address at that date and time.
3. Again using a discovery motion, have the account holder's computer(s) examined for pirated materials.
4. If such pirated materials are found, lawsuit moves forward - if nothing is found on the computer(s) then maybe it was something else...

The problem is that in a predominance of cases so far upon reaching item 3 the defendant is screaming about their rights and begging for a cheap way out. The lawsuit never moves forward. In the few cases where settlement hasn't been reached - and it has been a very,very small number - it turns out that it is obvious to everyone that looks at the computer(s) in question that uploading of pirated materials was clearly going on to an unknown extent.

Sure, it could be that it is someone else and if all that was required was "we found your IP address, pay up!" it would be clearly unfair. But there is a lot more behind what is going on than that in spite of what some people would like to believe. So far there have been some mistakes but it is unclear how those mistakes were made. Carelessness on the part of the monitoring/capture of IP addresses, such as just writing down the wrong address? I don't know and I don't think the specific problems have ever been described. I do know that the people that have tried to use the "open WiFi" defense have been found with pirated materials on their computer and other supporting evidence that it had been being uploaded.

The fundamental issue we have to come to terms with is either this is going to be a non-crime and copyright is meaningless or not. If we choose to go the route of copyright being meaningless and unlimited redistribution is allowed then there has to be some pretty significant realignment in how things work in most of the Western world. I, for one, would be out of a job and my employees would be on the street. So would a lot of other people. And while we would have ego-driven productions (think Yentel and such) where the people doing it want to and don't care if it ever makes any money the idea of investor-supported media would be out the window.

The thing that most people don't understand today is just how much of the economy is related to promotion of coopyright-protected works. Lose the monopoly edge that is copyright and you lose the promotion. What is Amazon at its core? A vehicle for promoting the sale of copyrighted works in different media forms. Think about that for a while and consider what happens if we lose all promotion of such works. We are probably talking about something that would affect 30% of the workforce in US and EU. No, not all of them are involved in copyright works production but they are affected by the promotion industry, which is huge.

Re:Plausible Deniability...

Heh, I wrote your hypothetical "malware" for myself as a useful piece of software. Checks the Rotten Tomatoes new on DVD RSS feed, discards anything with a rotten score, uses Torrentz search API to search for a variety of strings, prioritizes blu-ray rip over DVD rip, more seeds over less seeds, user "verified" torrents over non-verified torrents, tries to weed out common strings that denote non-English languages "ITA", uses release year to resolve ambiguities, and then feeds the magnet link into uTorrent via Web UI.

I get a bunch of great new movies every week, including stuff I haven't even heard of. Accuracy rate is >=90% and when it does backfire, it generally just downloads another movie.

And then another script I wrote is triggered when the torrent is done downloading, unzips if necessary, and moves the movie files to the appropriate directory.

Re:Plausible Deniability...

[AmiMoJo]

From a defensive point of view, what is the minimum number of compromises that one should run in their own network to provide themselves with sufficient plausible deniability from this type of thing?

Some ISPs provide this for the customers by giving them all secondary semi-open wifi networks. For example BT Broadband customers have their own private wifi network but the router also broadcasts a second BT OpenZone SSID that allows other BT subscribers to get internet access after logging in. Fon offers something similar. The deal is you provide free wifi to other subscribers in exchange of having use of the same service when you are out and about.

Can you prove I didn't have malware? What if I sold a computer recently - it must have been infected, since all of the ones you confiscated aren't - and wiped the disk prior?

Can they confiscate your computers? In the UK they can't because copyright infringement is a civil matter. They can ask to examine it and you can tell them to fuck off because the burden of proof is on them and you are not required to aid them in any way, other than sharing evidence you yourself intend to rely on.

Re:Plausible Deniability...

Copyright is not worthless. Copyright in its current form is completely meaningless and justifiably being ignored by a large percentage (dare I say a majority) of the populace.

Copyright was originally recognized as 14 years, ONLY if explicitly registered, and it could be extended once (only if explicitly requested). That was barely in the days of the printing press, and yet less than three decades MAX was considered completely reasonable.

Compare to modern-day's lifetime+70 years, and the fact that most corporations (which don't die, isn't that cool!) are the actual copyright holders, which in this case last for 120 years of date of creation. Except now within days of publication, millions of sanctioned works are sold worldwide (see: Harry Potter).

Do you think we need MORE than the original 14 years? No way in hell. I think a HARD maximum these days would be 5 years, bring back explicit registration of works for protection, and allow renewal for an additional 5. Beyond that it's all public domain.

Now, here's where it gets interesting. If copyright were returned to anything resembling a moral framework like the one I just described, do you think people would be pirating everything like they are right now? I think not. There would be a moral framework not to, which currently does not exist. Large corporations sitting on libraries of works would cease to exist (Disney, all the MAFIAA) and contrary to your Armageddon-like predictions, their roles would be replaced by a smaller, nimbler, less profitable but more artist-focused ecosystem.

I hope we see that future. Until then, mass civil disobedience will rule the day.

Re:Plausible Deniability...

[the+eric+conspiracy]

> If copyright were returned to anything resembling a moral framework like the one I just described, do you think people would be pirating everything like they are right now?

Yup. The vast bulk of what is pirated today is less than 10 years from original release.

Re:Plausible Deniability...

[RobbieThe1st]

I don't even think Disney would disappear - it might get smaller, and they might have to come up with more, higher-quality works(and lower profit margins), but I doubt it'd really affect them. It could hurt the Home DVD market(Because lots of people don't have broadband or internet at all... and BluRays are too expensive media-wise) as more companies make compilations and sell them dirt cheaply, but hey, that's good for the consumer.

Re:Plausible Deniability...

[Jane+Q.+Public]

You forgot one:

The defendant has (or had) a secure WiFi access point with secure credentials, but the password was cracked by someone using commonly available, easy to use open source security tools.

In one case it took me 20 minutes to crack somebody's WPA2. And no, the passphrase was not a common dictionary word.

Re:Plausible Deniability...

[Jane+Q.+Public]

You are simply muddying the waters here, by getting the procedure wrong, and conflating several things that are actually quite separate.

(A) First, the procedure. You have items (1) and (2) right, but it has almost never gotten to (3), and that will probably happen even less in the future. Why? Because the courts have finally realized (and so ruled) that an IP address does not identify an individual. You can't prosecute a neighborhood or a house or even a family. You can only prosecute individuals.

(B) Good luck identifying that individual. You may have an IP address, but few judges these days will allow a search or issue a subpoena on an IP address alone. And even if they find a computer with many downloads, that STILL doesn't identify the guilty party. It could have been the husband, it could have been the wife, it could have been one of the kids, or a friend who visits often.

(C) The reason it has almost never gotten to (3), is that the "copyright trolls" are not interested in prosecution at all. They merely intimidate the people they identify into voluntarily paying an outrageously large settlement, so they don't have to go to court. It is nothing more than coercion, in a moral and also (in my opinion) legal sense.

"The fundamental issue we have to come to terms with is either this is going to be a non-crime and copyright is meaningless or not."

Nonsense. It already isn't a "crime" in the United States, and never was. What is a crime is "piracy", which is actually a legal term. Essentially, piracy involves making unauthorized copies of copyrighted works, and distributing them for profit. P2P filesharing is almost never genuinely "piracy". So it is NOT a crime. It is a civil infraction.

But more to the point: even if it were a crime, the punishment should fit the crime. In the case of a downloaded movie, the copyright holder would be hard-pressed to show damages (in the form of lost profits) of more than maybe about $1. A CD that was downloaded rather than purchased might have brought the copyright holder $0.50 in royalty payments.

So, the issue we REALLY have to come to terms with is: should we allow corporate Mafias to punish people to the tune of hundreds of thousands of dollars, over lost profits of a couple of bucks AT MOST???

"The thing that most people don't understand today is just how much of the economy is related to promotion of coopyright-protected works."

This is not a valid argument for getting rid of copyrights. At best, it is an argument against the abuse of copyrights that is perpetrated every day by the entertainment industry.

Re:Plausible Deniability...

[Jahava]

From a defensive point of view, what is the minimum number of compromises that one should run in their own network to provide themselves with sufficient plausible deniability from this type of thing?

Some ISPs provide this for the customers by giving them all secondary semi-open wifi networks. For example BT Broadband customers have their own private wifi network but the router also broadcasts a second BT OpenZone SSID that allows other BT subscribers to get internet access after logging in. Fon offers something similar. The deal is you provide free wifi to other subscribers in exchange of having use of the same service when you are out and about.

Can you prove I didn't have malware? What if I sold a computer recently - it must have been infected, since all of the ones you confiscated aren't - and wiped the disk prior?

Can they confiscate your computers? In the UK they can't because copyright infringement is a civil matter. They can ask to examine it and you can tell them to fuck off because the burden of proof is on them and you are not required to aid them in any way, other than sharing evidence you yourself intend to rely on.

Well here's the thing - assuming that they can, through some judicial voodoo, examine all of your computers and other systems, how could they ever hope to prove that you didn't have malware on your system at the time the alleged crime occurred that has since been removed (by itself or by you)? The burden of solid proof just seems impossible to meet.

Re:Plausible Deniability...

[KingMotley]

14 years, with a 14 year extension if explicitly requested is reasonable.

Re:Plausible Deniability...

[gmhowell]

Enough people will be found guilty/infringing/whatever to scare many others into compliance. This is worse than contempt of cop or contempt of court. This is contempt of big business. You have meddled with the primal forces of nature. And you will atone.

What is written on silly old pieces of parchment and civics texts matters not a whit.

Re:Plausible Deniability...

[wrook]

Just want to chip in a bit with respect to "it is not a crime". A lot of people think that because it is illegal it is a crime. But there is an important distinction. In a crime, the *state* charges you, takes you to court, etc. Also you can go to jail. Civil infractions like copyright infringement are pursued by the party that was damaged, not the state. Your punishment, should you lose the court case, is financial -- You won't go to jail and you won't have a criminal record. This is also why it is not "stealing" (which is a crime).

The wording is important. Many special interest groups would like to make copyright infringement a crime. That way the state would pay for following it up. There could be jail time involved. People could get a criminal record for it. These special interest groups would like it to be "stealing", which is why they are purposely using that term now. If they can get the general public to accept that copyright infringement is "stealing" and hence a crime, it will be much easier to change the law.

Personally, I don't like the way many copyright laws are written, but I support copyright. I think there are a lot of places where we can improve copyright law, but I believe that making it a crime is not a good idea. As civil law, if I break the law but the copyright holder doesn't suffer any damages as a result, there is little point in suing me. For example, in countries without fair use, I might want to rip a DVD and put it on my file server. It would be illegal, but it doesn't result in any damages, so nobody will sue me. That is a reasonable balance, IMHO. But if it were a crime, I may be charged even if what I'm doing isn't damaging anyone. Even worse, because the state pursues it, the copyright hold has no say in the matter and can't stop proceedings if the state decides to go ahead.

Re:Plausible Deniability...

[Jane+Q.+Public]

We are largely in agreement on this.

But even if the statute allows "punitive damages", we still have the principle that the punishment should fit the crime.

So... if the "damages" are $1, maybe a "reasonable" punitive measure would be to charge 10 times that: $10.

Nowhere else in law are punitive damages set to such an outrageous multiplier of the actual damages. THAT is a crime.

Re:Plausible Deniability...

> If copyright were returned to anything resembling a moral framework like the one I just described, do you think people would be pirating everything like they are right now?

Yup. The vast bulk of what is pirated today is less than 10 years from original release.

Yup. And Vinyl sales are continuing to trend up year over year. Those are samples we're downloading you jackass.

Re:Plausible Deniability...

Pastebin it please!

Re:Plausible Deniability...

[AmiMoJo]

The burden of solid proof just seems impossible to meet.

If it is a civil matter than they don't need solid proof, only "balance of probabilities" which is much easier to prove. Still way beyond what they can show though.

What if some of the IP's are other forensic apps

So if the forensic app logs ip addresses, and a ip address that is logged happens to be another forensic app, do we have dueling apps accusing each other of torrenting? How do we verify logged ip addresses are downloading and not just observing the swarm?

courts are not governed by GPLs

>there's no requirement to make the source available

Court are not governed by GPL. Court abide by rules and discovery rules are irrespective of licencing.
There were cases of source code examinations of breathalyzers in DWI cases.

Declaration issues

I'm a developer by trade, but not an expert in the bittorrent protocol. Here are my thoughts on the declaration:

#6 and other places. IP address identify computers, not people, and in many cases, not even that due to NAT.

#15. Why is it necessary to state that the tracking software was installed in the US?

#18. This statement seems backwards. Peers connect to other peers to ask for files, not to say "Hey, I have this file, you want it?" There is something very strange with this statement. I suspect they are attempting to hide the fact that they were a full participant in the swarm.

#20. A false statement. There is no way he can know what other members of the swarm were doing with each other. The only way I can see to prove what other members of the swarm were sharing data is to poison the data and see if you receive any corrupt pieces back.
I believe most bittorrent clients have protections against this attack.

#21. an implicit admission that he did not receive a complete file from any one user. Not sure if this means anything.

Re:Declaration issues

[GameboyRMH]

#6 - you're absolutely right, but the legal system stil doesn't get it

#15 - hell if I know

#16 - you're right again

#20. Right again, BT clients will block any peer that transmits too many corrupt pieces

#21 - receiving a complete file from any one user is extremely unusual in Bittorrent. The only way that will happen is if only one user has a full copy of the file (happens sometimes with old/rare torrents). Usually many users contribute different pieces of the file, this is faster for everyone.

Lesser Form

[andersh]

Thanks, after looking it up in the business register I see it's formally "IPP Int UG" (i.e. haftungsbeschränkt or almost the equiv. of Ltd/LLC).

In other words this is the "light version" or less serious company form, founded with €1 in capital, i.e. not a very serious business [in my and the bank's opinion].

Re:Lesser Form

There is nothing "light" or "less serious" about any of the forms of forms of business entities you cite, although I'm curious why you felt the need to make an ad hominem attack against a type of business entity and its initial capitalization.

How to not be sued for copyright infringement

[Sparticus789]

So all the user would need to do is introduce a commented-out line within the code of any downloaded file, in order to change the hash value, and essentially tell RIAA/MPAA to shove it.

Re:How to not be sued for copyright infringement

[GameboyRMH]

That would completely break the torrent though. In practice if you do that, the torrent client will see that a portion of the modified file doesn't match the hash for that portion specified in the .torrent file and "repair" the file by re-downloading the "damaged" piece.

Re:How to not be sued for copyright infringement

That is a really idiotic idea.
And wouldnt work

Re:How to not be sued for copyright infringement

But not from you. This reading the appendix, it seemed to say that they only say they got you if they downloaded the entire thing from you. Therefore, if you never give them the complete thing because the last piece is always bad or you use the "lazy bit field" option, you will be fine. Also, you can just leech to your heart's content and never upload anything because they can never prove you had anything, let alone shared it with others.

Filesearch

I was always curious about a certain point in this process of attributing specific shared files to copyright holders, in which certain files were deemed infringing. Under 2.1.1 in the provided "functional description" (Exhibit A) PDF, as I suspected, anyone doing this type of work needs to download the full file (or at least enough to be considered copyright infringement) first to verify that file is an infringement and that users sharing the file too are infringing.

So my question is, what happens when these groups download copyrighted files from organizations/copyright holders they've not been given permission from that are simply mislabeled or similarly labeled to works they're looking for? This might seem trivial but if I were on a jury, I'd find it quite interesting that evidence obtained to prove copyright infringement committed copyright infringement in the process. This mistake seems inevitable by any group, no matter how careful they may be.

What if a small media file was created, copyrighted, then attached to virtually all P2P files in a fashion so the only way to separate the two files required downloading the full media set. As such, even if one of the two files were legally obtained by a private group given express permission by one of the copyright holders, the second copyright holder happened to be a fan of the a free and open internet. Interestingly enough, the second copyright holder and fan of free information only sought infringement damages from private groups trying to take P2P networks down. It wouldn't even be difficult to track since large John Doe court cases would essentially admit to copyright infringement at the starting gate, if they planned to have any evidence in their case using the described method in Exhibit A.

One obvious problem is that the second copyright holder would have to be always trusted by everyone and never sell the rights to his/her IP, otherwise that could be quite a mess.

Just a thought, I'm sure there are holes I'm unaware of.

According to Fieser's declaration ...

there are at least 266 days in March 2012 (page 4). Sees a little odd to me. I do hope he isn't lying under oath.

Re:What if some of the IP's are other forensic app

[GameboyRMH]

You can see the completion status of the torrent for other members in the swarm, you could confirm downloading by monitoring it over time. Swarm trackers could indeed flag each other as pirates - to get the longest and greatest number of connections to downloaders, they have to complete the torrent themselves first.

GUID collisies

FTA, page 12: "not possible that an already allocated GUID is allocated to another user again."

Thats bullshit and an utter lie.

Re:GUID collisies

[Skapare]

BTDT. So I agree, complete lie and utter fabrication.

Easy

All you have to do is write a GUI in Visual Basic to track their IP address. Cripes...EVERYONE knows that!

German here...

In Germany, previous judges have struck down the claim that there would be a connection between the IP and the actual person.
So no, in Germany, having an IP address, even with a time stamp and packets captured, is meaningless.

(Also, who says the packets aren't just fabricated in the first place?)

Less Creditworthy, Less Serious

[andersh]

I find it strange that you feel the need to defend this corporation? Especially its quick and dirty establishment.

I'm afraid you misunderstand if you think I attacked the British/American "Ltd"/"LLC" or the German "GmbH". It is specifically the "UG" form banks and other serious organizations regard as lesser.

German banks certainly don't award credit as easily. I don't blame them as the company has little or no capital to begin with! It is not simply my opinion, by German law there are limits on such companies that the GmbH-form does not have. As long as the capital is under €25,000 they have to keep 1/4 of the profits in the company, a severe limit for any successful venture.

GUID is not unique

If there are 4,294,967,297 nodes on the network there is guaranteed to be a duplicate GUID as you can only create 4,294,967,296 unique IDs with a 32-bit number. When you take the birthday paradox into account you need generate only ~66,000 GUIDs before the odds of a duplicate exceed 50%.

That all assumes the GUIDs are created with a perfectly random distribution. In reality the system is not perfectly random so the odds of a duplicate will probably be higher.

Everyone switch to anonymizers!

http://en.wikipedia.org/wiki/Anonymous_P2P

'nuff said.

Re:What if some of the IP's are other forensic app

[PetiePooo]

You can see the completion status of the torrent for other members in the swarm, you could confirm downloading by monitoring it over time. Swarm trackers could indeed flag each other as pirates - to get the longest and greatest number of connections to downloaders, they have to complete the torrent themselves first.

Section 2..3, paragraph 2:

The function of the upload in addition was reduced to a minimum (handshaking). The IPP international IPTRACKER merely stores the data of the hosts connected with, if the package verification succeeds.

Parsing that broken English, it appears their modified client downloads, but does not upload. Presumably, other forensic and research clients don't actually upload either, meaning they wouldn't report on each other because they're not actually "making available."

A client that actually does upload valid data would likely not stand in court. That's like saying, "In order to catch this guy killing someone, I had to kill someone myself."

Re:What if some of the IP's are other forensic app

[GameboyRMH]

But this is like saying "This guy totally killed someone because he asked if I could do it." I'm surprised they can flag others as downloaders just by receiving a request. Maybe they could charge them with solicitation to download or something.