Slashdot Mirror

← Back to Stories (view on slashdot.org)

Forensic Investigator Outlines BitTorrent Detection Technology

Posted by timothy on from the vee-simply-attach-ziss-collar-to-each-bit dept.

NewYorkCountryLawyer writes "In one of the many BitTorrent download cases brought by pornographic film makers, the plaintiff — faced with a motion to quash brought by a "John Doe" defendant — has filed its opposition papers. Interestingly, these included a declaration by its 'forensic investigator' (PDF), employed by a German company, IPP, Limited, in which he makes claims about what his technology detects, and about how BitTorrent works, and attaches, as an exhibit, a 'functional description' of his IPTracker software (PDF)."

46 of 193 comments (clear)

  1. Track me by Anonymous Coward · · Score: 2, Funny

    Posted from 127.0.0.1

    1. Re:Track me by Lumpy · · Score: 4, Funny

      Only the old farts....

      00:00:00:00:00:00 is where the hip anons lurk.

      --
      Do not look at laser with remaining good eye.
    2. Re:Track me by zoloto · · Score: 3, Funny

      Kids these days don't know about ::1 I take it?

  2. IPTracker Based on Shareaza 2.4.0.0 by Anonymous Coward · · Score: 3, Insightful

    Wouldn't that mean that it is subject to the GPL since it is derived from a GPL based product? So, let's see the source.

    1. Re:IPTracker Based on Shareaza 2.4.0.0 by JoshuaZ · · Score: 5, Informative

      My understanding is that one is only required to give the source if one is distributing the product to other people. As long as the individual keeps the software for themselves, there's no requirement to make the source available.

    2. Re:IPTracker Based on Shareaza 2.4.0.0 by hawks5999 · · Score: 2

      Source code or it didn't happen.

    3. Re:IPTracker Based on Shareaza 2.4.0.0 by Mashiki · · Score: 5, Insightful

      I dunno about that. If something is GPL'd and being used in the courts to prosecute me, hell, even if it's closed source I want to see the source so I can tell whether or not it's tampered with.

      We already do this with other forms of evidence gathering tools, it should be the same with data gathering tools.

      --
      Om, nomnomnom...
    4. Re:IPTracker Based on Shareaza 2.4.0.0 by Anonymous Coward · · Score: 4, Funny

      Coca-Cola made me sick. Let's see the recipe! Come on...

    5. Re:IPTracker Based on Shareaza 2.4.0.0 by Mashiki · · Score: 3, Informative

      Sure but this would be the same whether it was GPL'd or not. I seem to recall a breathalyzer lawsuit awhile back where the closed-source designs to the breathalyzers were subpoenaed by the defendants.

      You're correct. There's some info on that right here. (I'm too lazy to look for another link.) But, something interesting I bumped across while reading one of the lawyer quarterlies. Is increasing amounts of digital evidence is being applied to the "hearsay" rule, because the technical understanding of said evidence is beyond the general scope of the court without an expert witness to explain it. Though to a point, the quarterly was two years old, so how accurate that is today I have no clue. And that was from Canada.

      --
      Om, nomnomnom...
  3. I2P/Freenet by nurb432 · · Score: 5, Insightful

    Try tracking us there.

    Good luck.

    --
    ---- Booth was a patriot ----
    1. Re:I2P/Freenet by girlintraining · · Score: 4, Informative

      Try tracking us there.

      Encrypt all you want. Traffic analysis still screws you every time. The network tries to keep latencies low, so it forwards whatever it receives onto the next hop as soon as it gets it. If you're monitoring the source and the destination, then when it gets decrypted at the destination, you can correlate that with the traversal time through the 'black box' of Tor, Freenet, or whatever... and viola, you know who sent it, when, and what it was.

      This is a known problem. It's discussed at length on EFF's website. If your connections are made in bulk, at regular intervals, instead of interactively, then it's a lot harder to do traffic analysis if all the other nodes exhibit the same behavior. But as long as you're trying to be anonymous by simply using a series of proxies that are set to store-and-forward... you're still screwed.

      --
      #fuckbeta #iamslashdot #dicemustdie
    2. Re:I2P/Freenet by nurb432 · · Score: 5, Informative

      Read up on how Freenet works and you will see its not just about data encryption. Due to how it routes, and that data chunks are scattered about It also hides the source and requestors to the point that even if you are on the same LAN and sniffing packets directly you wont know for sure. Sure you can be caught using it which could be a legal problem for you depending on where you live, but they wont know if you are doing the requesting of file parts or you are just passing requests along.

      I2P i believe has something similar in place but i'm still learning how their stuff works.

      --
      ---- Booth was a patriot ----
    3. Re:I2P/Freenet by lister+king+of+smeg · · Score: 5, Informative

      that is why there is garlic routing. garlic routing is a modification of onion routing used by tor, what it does is bundle packets together so as to make traffic analysis useless. it does have greater latency but should not be a problem unless you are streaming

      --
      ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
    4. Re:I2P/Freenet by girlintraining · · Score: 3, Insightful

      It's still just extra obfusciation. You can't hide the fact that data leaves and arrives at certain times, and each node forwards data as it receives it... if you can monitor the traffic, you can derive from that who's talking to who, whether you know what the traffic is or not. And somewhere, either at the source, or the destination, is a decrypted copy. Since the US government already monitors all traffic that occurs domestically, this kind of analysis is already practical and being used right now.

      Don't assume that just because you can't do it, nobody can do it. That's arrogant, and it will come back to haunt you.

      --
      #fuckbeta #iamslashdot #dicemustdie
    5. Re:I2P/Freenet by Idbar · · Score: 4, Funny

      Hey! They have the technology now. They can write a GUI interface using visual basic to track your IPs!

    6. Re:I2P/Freenet by PopeRatzo · · Score: 4, Funny

      Since the US government already monitors all traffic that occurs domestically

      I saw someone on Facebook complaining about the government tracking them online.

      --
      You are welcome on my lawn.
    7. Re:I2P/Freenet by Anonymous Coward · · Score: 3, Informative

      Freenet sends constant same size chunks. There's no way to tell if you're actively downloading something or not because the node's activity is always the same. Same upload/same download. When it's not fetching stuff for you it's fetching stuff for storage, when it's not uploading your stuff it's uploading "random" stuff from storage. At least that's my understanding of it.

    8. Re:I2P/Freenet by Lumpy · · Score: 2

      "You aren't understanding how the Internet works. If you had taps on all nodes at the same time and the data was encrypted end to end, then you would still be able to "see" who sent what when"

      so if you do something impossible, you can then do the impossible.

      Taps on all the exit nodes... That's the same as counting all the grains of sand on the beach.

      --
      Do not look at laser with remaining good eye.
    9. Re:I2P/Freenet by Znork · · Score: 5, Interesting

      Which is why some p2p software, such as WASTE, has modes where it will always load links wether or not there is real traffic.

      If the arms race goes on, we'll end up with a constantly saturated internet with only random connections sending apparent random data, leaving any actual signal indistinguishable and drowned out by the massive amounts of random noise.

    10. Re:I2P/Freenet by EllisDees · · Score: 4, Interesting

      No, it really, really isn't. You apparently don't know the first thing about freenet, yet feel that you somehow know enough to spout off about it. If I insert a file into freenet, it is split into many parts and distributed randomly to other freenet nodes. When someone requests that content, there is a reasonable chance that they won't get even one chunk of data from my computer. Monitoring all of the traffic between nodes buys you almost exactly nothing.

      --
      -- Give me ambiguity or give me something else!
    11. Re:I2P/Freenet by Jane+Q.+Public · · Score: 2

      You're overstating your case, in at least a couple of different ways.

      First, being able to capture packets doesn't equate to being able to capture realtime statistics on those packets at any given moment. It takes a large amount of hardware and coordination to do that for even a relatively small bitstream... trying to do it to everybody and everything would require more resources than the human race currently possess.

      Second, it *is* possible to use secure protocols that make this technique useless. Take the OneSwarm program, for instance. With it, you can set up a P2P network, and not only is it not even theoretically possible to determine where files reside on the network (they are kept in discrete encrypted chunks that reside on random servers at any given time, and which changes over time). But also, when you request a file, it is again not even theoretically possible to determine which computer on the network sent which pieces of which file.

      When I say "not even theoretically", I mean unless you actually have monitoring equipment between EVERY computer in the network, and monitor the traffic in realtime. The effort would be enormous for even a very small P2P network... and perhaps even then not entirely possible.

    12. Re:I2P/Freenet by Registered+Coward+v2 · · Score: 4, Funny

      Which is why some p2p software, such as WASTE, has modes where it will always load links wether or not there is real traffic.

      If the arms race goes on, we'll end up with a constantly saturated internet with only random connections sending apparent random data, leaving any actual signal indistinguishable and drowned out by the massive amounts of random noise.

      It's called /.

      --
      I'm a consultant - I convert gibberish into cash-flow.
    13. Re:I2P/Freenet by semi-extrinsic · · Score: 2

      o_O Already exists in Europe: It's called the Data Retention Directive. This exists now. Today.

      Do you have any references on a contry that has actually succesfully implemented the DRD? I know Germany has declared it unconstitutional, and here in Norway the "launch date" has been pushed back to infinity (it seems), as politicians and ISPs can't agree about who's going to pay the bill (and how large the bill is going to be).

      Also, from my understanding of the Norwegian implementation, the DRD only requires logging cellphone and ordinary phone traffic, when you connect/disconnect to 3G or DSL/cable, and emails you send through an email provider in Norway. They're not mandating logging of e.g. Gmail, so no deep traffic inspection etc., it's the email providers themselves that have to log traffic. All in all, that's a long, far way short of logging all tcp and udp traffic, and they still can't agree about who's paying the bill.

      --
      for i in `facebook friends "=bday" 2>/dev/null | cut -d " " -f 3-`; do facebook wallpost $i "Happy birthday!"; done
  4. GUID by Anonymous Coward · · Score: 3, Interesting

    It is not possible that an allocated GUID is allocated to another user again.

    I would look into this. As it is written it sounds, at least, misleading. Even if it is true this GUID thing for all P2P protocols (which I sincerely doubt), I would say that it should be spoofable directly or indirectly (compromising the machine if public key cryptography is used).

    1. Re:GUID by Jahava · · Score: 4, Informative

      It is not possible that an allocated GUID is allocated to another user again.

      I would look into this. As it is written it sounds, at least, misleading. Even if it is true this GUID thing for all P2P protocols (which I sincerely doubt), I would say that it should be spoofable directly or indirectly (compromising the machine if public key cryptography is used).

      He is technically correct, assuming that the act of "GUID allocation" involves the correct use of a valid GUID generation algorithm by the software in question. That said, as you noted, it's remarkably easy to spoof such a GUID (in this case). His statement implies that a GUID positively identifies a user, which it does not, and is thus a misleading statement.

  5. Read their software specs by Anonymous Coward · · Score: 5, Interesting

    I've read their software specs. Seems they have some typo,

    The data can only be decoded and used by the responsible lawyer, only his software contains the deciphering method and this one one in this case also secret (called "public") key.

    Seems at least that one typo. At least I *hope* that's a typo.

    ... it is not possible that an allocated GUID is allocated to another user again.

    Same could be said about MACs, and cell phone ID numbers. No one ever clones those!!!

    So it seems, by their reasoning, if you go on a P2P network and clone someone else's GUID, well, then I guess the other party must be guilty, no?

    Seems that even if you use Bittorrent or similar to only download Linux distros or even WoW patches, someone can just clone that and use it and then they will just send the innocent the bill?

  6. Re:Hmm. Claims to get a screenshot. How? by girlintraining · · Score: 3, Insightful

    How? I can't imagine that any of these P2P applications include such functionality.

    They don't. This guy might be a programmer, but he's got bricks for brains when it comes to proper terminology.

    --
    #fuckbeta #iamslashdot #dicemustdie
  7. From the description: by justdiver · · Score: 2

    "3.1 Protection of data privacy and data security: The rack-servers are stored in a room which is locked and protected with most current security mechanisms." But it doesn't go into what those"current security mechanisms" are. My guess is that it's in a locked closet in someone's apartment with a chihuahua sitting in front of the door.

  8. Hash Collisions by nuckfuts · · Score: 2

    TFA states that BitTorrent uses "the so-called BiTH" hash alogorithm. Basically, his software doesn't look at filenames, it compares hash values to determine if a downloaded file is infringing.

    Perhaps a defence would be to argue that a hash collision had occurred.

    1. Re:Hash Collisions by Anonymous Coward · · Score: 2, Insightful

      Doubtful. It doesn't fly in normal court and it won't fly here.

  9. Re:Nothing new by Grumbleduke · · Score: 3, Informative

    It cant prove who, but it can prove who's ISP account was used, and you can possibly claim that they are responsible as either they allowed it to happen, or didn't secure their systems properly.

    Possibly, possibly not. Being a legal thing, this will vary hugely by jurisdiction, but in general I'm not aware of any contested case where an individual has been found liable, either jointly/vicariously, or through negligence, for the mere actions of another using their Internet connection.

    A while back TorrentFreak looked into this, getting a couple of US lawyers to argue for and against this sort of liability. Unfortunately the "for" one only discusses negligence, and the "against" only looks into indirect and vicarious liability, so both could be perfectly correct...

    Sort of like if you left your rifle on the front seat of your car, with the doors unlocked, and then it was stolen and used in a crime. You would be partially responsible too.

    This is where the tests for "negligence" come in (ignoring any statute law on the handling of firearms; obviously, where I'm from, possessing a rifle would probably be illegal in the first place). In common law negligence generally requires that there be some duty of care owed by the defendant to the claimant/plaintiff, that the defendant fell below the appropriate standard of care, which caused damage to the claimant that wasn't too remote.

    Wrt allowing someone to use your Internet (or not securing it), it seems possible that there may not even be a duty in place (due to a lack of proximity, unless children are involved), and it would be easy to argue that the standard wasn't breached by simply having an unsecured or weakly secured network, or letting someone use a computer unsupervised (that would be far too onerous).

    It would be an interesting, if pointlessly expensive, case to argue, and afaik, that hasn't been argued either in the US or the UK (the first article references a case, but I have a strong feeling that may be a summary judgment).

  10. Re:private trackers solved this long ago by nurb432 · · Score: 5, Insightful

    Only takes one person to sell out an entire private tracker.

    --
    ---- Booth was a patriot ----
  11. Does The IPP Company Exist? by andersh · · Score: 4, Interesting

    Does this so-called "IPP" company in fact exist at all? I've had a cursory glance on Google, but didn't find much of interest.

    German companies are not called Limited or Ltd. if they are indeed "governed by German law", as claimed in the court declaration. Under German law it should be called "IPP GmbH". I would normally assume a "Ltd." company was based in the UK, on one of their islands or somewhere far away from Europe in general.

    IPP seems to be a fairly common name in the German business register (Unternehmensregister), but none of them seem to be the company in question? Does anyone out there have further information?

    1. Re:Does The IPP Company Exist? by eruza · · Score: 3, Informative

      Found their website for you: IPP International Unternehmensgesellschaft

  12. Re:Well by j00r0m4nc3r · · Score: 5, Insightful

    the private copyright cops have no reason to lie or cheat

    Sure they do. Since this is really just an elaborate extortion racket, the more IPs they deliver to their clients, the more they get paid. Their clients just file a bunch of John Doe lawsuits and hope for settlements. The more IPs they have, the more possible settlements -- false positives be damned.

  13. Plausible Deniability... by Jahava · · Score: 4, Interesting

    So in all of these cases, as a technical person, I can't help but wonder how they're connecting an IP address to positive evidence of a specific person's deliberate action. There are countless plausible scenarios where a person can own a number (IP address) involved in a crime and yet not themselves be aware of or involved in said crime. Some examples are:

    • The defendant has (or had) an open WiFi access point at the time. The crime was committed by someone who used that connection.
    • The defendant has (or had) a secure WiFi access point with bad credentials at the time. The crime was committed by someone who guessed those credentials.
    • The defendant has (or had) a secure WiFi access point with secure credentials. The crime was committed by someone who obtained those credentials (overheard them, password reuse, friend-of-a-friend, etc.).
    • One of the defendant's computers is (or was) infected by malware at the time, and the malware performed the crime on behalf of someone else.
    • The defendant's IP address was spoofed by an employee at the defendant's ISP who was the actual party committing the crime.
    • The defendant was tricked into executing commands resulting in the crime on their system without knowing what those commands were doing (jerk tech-support guy, etc.).
    • The defendant's system performed the crime without the defendant's knowledge during routine execution of third-party content (Flash, Javascript) laced with malicious code.
    • A friend or associate of the defendant performed the crime using the defendant's systems without the defendant's knowledge or permission.

    In all of these scenarios, the crime could have been committed without any knowledge of the defendant. In some of these scenarios, the defendant has little-to-no chance to detect or thwart the crime. How does any lawyer convince any judge or jury that the person on trial committed a crime in light of this?

    From a defensive point of view, what is the minimum number of compromises that one should run in their own network to provide themselves with sufficient plausible deniability from this type of thing?

    • Can you prove I didn't have an open WiFi enabled at the time, or that my password was bad? What if I reset my router's logs daily?
    • Can you prove I didn't have malware? What if I sold a computer recently - it must have been infected, since all of the ones you confiscated aren't - and wiped the disk prior?
    • Can you prove someone didn't use my computer without my permission? What if I didn't have a password on it and frequently left it lying around work?

    Furthermore, from an activist's point of view, imagine someone built a malware variant that monitored browser usage (Google, Facebook, etc.) for movie names and automatically downloads movie titles that were mentioned to a secret directory? I've now got a piece of malware that automatically, without any user knowledge or intervention, downloads illegal files that that user is interested in. What if the malware downloads new movie releases instead by monitoring public release knowledge bases for titles? Is being infected by such a malware enough for innocence? If enough people are thusly infected would the entire concept of using IP subpoenas for prosecution fall apart?

    Just food for thought. I'd really like to know how someone can be held criminally-liable unless the prosecution caught them using the illegal file or captured an attributable confession.

    1. Re:Plausible Deniability... by cdrguru · · Score: 2

      So far my understanding of the sequence of events is:

      1. Find an IP address that is associated with uploading materials that are not public domain. Log this as an "event" with the date and time.
      2. File a lawsuit and use discovery for the lawsuit to get the owner of the IP address to disclose the account holder using the IP address at that date and time.
      3. Again using a discovery motion, have the account holder's computer(s) examined for pirated materials.
      4. If such pirated materials are found, lawsuit moves forward - if nothing is found on the computer(s) then maybe it was something else...

      The problem is that in a predominance of cases so far upon reaching item 3 the defendant is screaming about their rights and begging for a cheap way out. The lawsuit never moves forward. In the few cases where settlement hasn't been reached - and it has been a very,very small number - it turns out that it is obvious to everyone that looks at the computer(s) in question that uploading of pirated materials was clearly going on to an unknown extent.

      Sure, it could be that it is someone else and if all that was required was "we found your IP address, pay up!" it would be clearly unfair. But there is a lot more behind what is going on than that in spite of what some people would like to believe. So far there have been some mistakes but it is unclear how those mistakes were made. Carelessness on the part of the monitoring/capture of IP addresses, such as just writing down the wrong address? I don't know and I don't think the specific problems have ever been described. I do know that the people that have tried to use the "open WiFi" defense have been found with pirated materials on their computer and other supporting evidence that it had been being uploaded.

      The fundamental issue we have to come to terms with is either this is going to be a non-crime and copyright is meaningless or not. If we choose to go the route of copyright being meaningless and unlimited redistribution is allowed then there has to be some pretty significant realignment in how things work in most of the Western world. I, for one, would be out of a job and my employees would be on the street. So would a lot of other people. And while we would have ego-driven productions (think Yentel and such) where the people doing it want to and don't care if it ever makes any money the idea of investor-supported media would be out the window.

      The thing that most people don't understand today is just how much of the economy is related to promotion of coopyright-protected works. Lose the monopoly edge that is copyright and you lose the promotion. What is Amazon at its core? A vehicle for promoting the sale of copyrighted works in different media forms. Think about that for a while and consider what happens if we lose all promotion of such works. We are probably talking about something that would affect 30% of the workforce in US and EU. No, not all of them are involved in copyright works production but they are affected by the promotion industry, which is huge.

    2. Re:Plausible Deniability... by Anonymous Coward · · Score: 2, Interesting

      Heh, I wrote your hypothetical "malware" for myself as a useful piece of software. Checks the Rotten Tomatoes new on DVD RSS feed, discards anything with a rotten score, uses Torrentz search API to search for a variety of strings, prioritizes blu-ray rip over DVD rip, more seeds over less seeds, user "verified" torrents over non-verified torrents, tries to weed out common strings that denote non-English languages "ITA", uses release year to resolve ambiguities, and then feeds the magnet link into uTorrent via Web UI.

      I get a bunch of great new movies every week, including stuff I haven't even heard of. Accuracy rate is >=90% and when it does backfire, it generally just downloads another movie.

      And then another script I wrote is triggered when the torrent is done downloading, unzips if necessary, and moves the movie files to the appropriate directory.

    3. Re:Plausible Deniability... by Jane+Q.+Public · · Score: 2
      You are simply muddying the waters here, by getting the procedure wrong, and conflating several things that are actually quite separate.

      (A) First, the procedure. You have items (1) and (2) right, but it has almost never gotten to (3), and that will probably happen even less in the future. Why? Because the courts have finally realized (and so ruled) that an IP address does not identify an individual. You can't prosecute a neighborhood or a house or even a family. You can only prosecute individuals.

      (B) Good luck identifying that individual. You may have an IP address, but few judges these days will allow a search or issue a subpoena on an IP address alone. And even if they find a computer with many downloads, that STILL doesn't identify the guilty party. It could have been the husband, it could have been the wife, it could have been one of the kids, or a friend who visits often.

      (C) The reason it has almost never gotten to (3), is that the "copyright trolls" are not interested in prosecution at all. They merely intimidate the people they identify into voluntarily paying an outrageously large settlement, so they don't have to go to court. It is nothing more than coercion, in a moral and also (in my opinion) legal sense.

      "The fundamental issue we have to come to terms with is either this is going to be a non-crime and copyright is meaningless or not."

      Nonsense. It already isn't a "crime" in the United States, and never was. What is a crime is "piracy", which is actually a legal term. Essentially, piracy involves making unauthorized copies of copyrighted works, and distributing them for profit. P2P filesharing is almost never genuinely "piracy". So it is NOT a crime. It is a civil infraction.

      But more to the point: even if it were a crime, the punishment should fit the crime. In the case of a downloaded movie, the copyright holder would be hard-pressed to show damages (in the form of lost profits) of more than maybe about $1. A CD that was downloaded rather than purchased might have brought the copyright holder $0.50 in royalty payments.

      So, the issue we REALLY have to come to terms with is: should we allow corporate Mafias to punish people to the tune of hundreds of thousands of dollars, over lost profits of a couple of bucks AT MOST???

      "The thing that most people don't understand today is just how much of the economy is related to promotion of coopyright-protected works."

      This is not a valid argument for getting rid of copyrights. At best, it is an argument against the abuse of copyrights that is perpetrated every day by the entertainment industry.

    4. Re:Plausible Deniability... by wrook · · Score: 2

      Just want to chip in a bit with respect to "it is not a crime". A lot of people think that because it is illegal it is a crime. But there is an important distinction. In a crime, the *state* charges you, takes you to court, etc. Also you can go to jail. Civil infractions like copyright infringement are pursued by the party that was damaged, not the state. Your punishment, should you lose the court case, is financial -- You won't go to jail and you won't have a criminal record. This is also why it is not "stealing" (which is a crime).

      The wording is important. Many special interest groups would like to make copyright infringement a crime. That way the state would pay for following it up. There could be jail time involved. People could get a criminal record for it. These special interest groups would like it to be "stealing", which is why they are purposely using that term now. If they can get the general public to accept that copyright infringement is "stealing" and hence a crime, it will be much easier to change the law.

      Personally, I don't like the way many copyright laws are written, but I support copyright. I think there are a lot of places where we can improve copyright law, but I believe that making it a crime is not a good idea. As civil law, if I break the law but the copyright holder doesn't suffer any damages as a result, there is little point in suing me. For example, in countries without fair use, I might want to rip a DVD and put it on my file server. It would be illegal, but it doesn't result in any damages, so nobody will sue me. That is a reasonable balance, IMHO. But if it were a crime, I may be charged even if what I'm doing isn't damaging anyone. Even worse, because the state pursues it, the copyright hold has no say in the matter and can't stop proceedings if the state decides to go ahead.

  14. Re:Well by Grumbleduke · · Score: 4, Informative

    Indeed. My understanding of the situation (having followed some of these cases etc., including attending court hearings) is that the tech companies get paid by the IP. Most other parties involved (the copyright owner, the legal team, the holding company that brings the case) get either a percentage of net profit, or a fixed fee. As such, it's in the tech. groups interests to provide as many IPs as they can, as cheaply as possible.

    This is why they have been known to cut corners (such as just scraping a list of IPs from a tracker, rather than checking that any given IP is actually sharing the file at the particular time), or spend too much time actually looking into the technology. Interestingly, an "expert witness" in a recent English case noted that he"did not have [the software he was testifying with regard to] installed on his computer, and did not concern himself with how it worked").

    In the ACSLaw leaked emails, one thing that was noted was that around 1 in 4 IP addresses that had been identified as infringing weren't even assigned by the ISP at the time when the alleged infringement occurred. That statistic, to me, suggests that something is pretty screwed up is going on with data gathering.

  15. Lesser Form by andersh · · Score: 2

    Thanks, after looking it up in the business register I see it's formally "IPP Int UG" (i.e. haftungsbeschränkt or almost the equiv. of Ltd/LLC).

    In other words this is the "light version" or less serious company form, founded with €1 in capital, i.e. not a very serious business [in my and the bank's opinion].

  16. How to not be sued for copyright infringement by Sparticus789 · · Score: 2

    So all the user would need to do is introduce a commented-out line within the code of any downloaded file, in order to change the hash value, and essentially tell RIAA/MPAA to shove it.

    --
    sudo make me a sandwich
  17. Re:Well by Jane+Q.+Public · · Score: 2

    "The IP addresses they record are by PREPONDERANCE OF EVIDENCE (meaning at least a 51% chance) guilty of infringement. 51% chance is a pretty darn low threshold to reach, and we know that millions of people occasionally pirate, so legally it's an open and shut case."

    Not true. Since the courts have ruled that an IP address does not identify an individual -- and in some cases not even a household -- then your 51% gets cut down to more like 25% or possibly even less.

  18. Re:Nothing new by KingMotley · · Score: 2

    Perhaps, but having your electronics taken by the FBI for further analysis is usually enough of a pain in the ass that it might as well have been a punishment. And that of course assumes that you have nothing on anything electronic that would point to your guilt. As the linked PDFs claim, the vast majority of these cases when identified by IP address, and then served with a search warrant do indeed provide incriminating evidence.

    You don't need beyond a reasonable doubt to get a search warrant, just just need probable cause. And as long a there are stupid people out there, there will always be a high probability that the guy/girl that owns is the registered subscriber with the ISP is either guilty, or someone living with them is guilty.

  19. Re:Well by julesh · · Score: 2

    Suggests ACS were just scraping IPs from the tracker without validating they actually had the data. Trackers often have large proportions of stale addresses.