How Proxied Torrents Could End ISP Subpoenas

Frequent contributor Bennett Haselton writes "With the announcement of Verizon's "six strikes plan" for movie pirates (which includes reporting users to the RIAA and MPAA), and content companies continuing to sue users en masse for peer-to-peer downloads, I think it's inevitable that we'll see the rise of p2p software that proxifies your downloads through other users. In this model, you would not only download content from other users, but you also use other users' machines as anonymizing proxies for the downloads, which would make it impossible for third parties to identify the source or destination of the file transfer. This would hopefully put an end to the era of movie studios subpoenaing ISPs for the identities of end users and taking those users to court." Read below for the rest of Bennett's thoughts.

Now, I'm not advocating the creation of software that enables piracy. And I don't mean that in a nudge-wink kind of a way, I'm serious: I think people should reward movie studios for making content that they like, if only because that means studios will make more of that type of content. For my last cross-country flight I paid an honest-to-God four dollars to download a movie from Amazon Unbox to watch on the plane, even though I fondly like to think of myself as smart enough that I could have figured out how to find and download the movie for free. (Well, not all that smart; the movie was Lockout.)

However, the idea of users anonymizing each others' downloads is so elementary, that I literally mean it's inevitable that we will see the rise of such software. Whether I'm in favor of it or not, it's going to happen. In fact, under certain assumptions, there's really only one logical direction that it can evolve in.

First, some background. Under the current BitTorrent protocol -- with no built-in support for anonymization -- some server S makes a large file available for download. When the first downloader, say user D1, requests a copy of the file, they have to begin the process of downloading it from S. But when the next downloader, say user D2, requests a copy of the same file while user D1 is still downloading, the BitTorrent server S tells D2 to start downloading the file from D1 instead of from S directly. (D1 is required at this point to share out the file for download, in order to earn enough "credits" to continue downloading from S.) Subsequent downloaders are similarly told to download from other downloaders instead of from the original server S. In this way, the server S avoids incurring massive bandwidth charges (since S only actually served the file one time), and each user on average only has to share out the file once in return for downloading it themselves.

Note that this still means that in order to initiate the download, the server S has to serve out the whole file at least once, to the first downloader -- and if the file is being distributed without the copyright owner's permission, then the operators of server S can be taken to court. This legal pressure was the reason that the Pirate Bay switched from serving BitTorrent files to serving magnet links, which enable users to download content purely from each other, without the Pirate Bay ever actually serving the content themselves. But with both BitTorrent and magnet links, users who are downloading content from other users, can see those other users' IP addresses -- and they know that those other users are serving the content from files stored on their own hard drives. This means that if you're the copyright owner of that content, you can subpoena the identities of the users behind those IP addresses, and taken them to court for unauthorized possession and distribution of copyrighted material.

So what would a protocol look like with built-in support for anonymization? In my first draft of an idea, I thought that each download could take place using one intermediate user as a proxy, so that instead of server S telling D2 to download from D1, the server would tell D2 to use download D3 as a proxy, and tell D3 to proxy the connection from D1. (As with BitTorrent, the downloader D3 would be required to allow their machine to be used as a proxy, in order to earn credits to continue with their own download.) So D1 would not be able to see the IP address of user D2 downloading from them, and D2 would not be able to see the IP address of user D1 that they were downloading from. Both of them would be able to see the IP address of user D3 which is acting as the proxy between them, but as long as it's not against the law to simply proxy a connection for someone else, that would not be grounds to subpoena the user D3's identity. And D3 would be able to see the IP address of D1 and D2, but if the D1 and D2 are communicating using a shared encryption key, then D3 would have no idea what content is flowing between D1 and D2, even as it proxies the connection between them. So even if one of D1, D2 or D3 were an "adversary" (i.e. a copyright holder intent on suing illegal file sharers), none of the three would be able to see the IP address of another user that they knew was either downloading particular content, or serving it out.

Of course you could also argue that if D3 is among the users that server S is making available to others as an anonymizing proxy, then that constitutes proof that D3 must be downloading something else from S (otherwise, D3 wouldn't need to earn credits by acting as an anonymizing proxy), and if either D1 or D2 is an adversary, they can see D3's IP address and reason that D3 must be guilty of some copyright violation. Similarly, if D3 is the adversary, they can see D1 and D2's IP addresses and reason that both of them are probably guilty of some copyright infraction, even if D3 can't actually see what they're trading. Basically, anybody could be considered "guilty by association" simply by virtue of being in the community of users being coordinated by server S. But (1) that accusation could be deflected if some of the files being served by S were in fact legal and being distributed with the copyright holder's permission; and (2) in any case, the Digital Millennium Copyright Act requires you to claim that your specific copyrighted content is being distributed by a user, before you can unmask that user's identity; it's not enough to claim that the user is part of a network that distributes "some" copyrighted content illegally. D3 may be proxying a connection between D1 and D2 in order to earn credits so that D3 can download some content for themselves, but even though D1 and D2 can both see D3's IP address, there's no way for them to know what D3 could be downloading.

Unfortunately, this three-user-chain idea is not secure, because an adversary could still create a large number of users co-ordinated through server S, and sooner or later, a chain would arise where both the proxy and the downloader controlled by the adversary, and at that point, they would know the IP address of the user serving out the copyrighted content. In other words, eventually you'll get a situation where D2 is downloading content from D1 by going through proxy D3 -- but where D2 and D3 are both controlled by the adversary. So D2 knows the content that's being downloaded via D3, and D3 knows the IP address of D1 that's actually serving out the content -- at which point they can subpoena the identity of user D1, and sue them.

So consider this idea instead: When user D1 sends a request to server S to download a file, server S gives them the IP address of another user, D2, from which they can download the file. Now, 40% of the time, user D2 actually does have the file on their hard drive and is serving it to user D1, with no proxying. The other 60% of the time, user D2 is told by S to proxy the connection from D1 and connect to a third user, D3. Now in 40% of these cases, D3 actually does have the file and is serving it out directly; the other 60% of the time, D3 is proxying the connection for yet another user, D4...

So you end up with chains of varying length, with longer chains having a progressively smaller probability of forming:

40% of chains will be of length 1 (one user downloads directly from another)
60% x 40% of chains (24%) will be of length 2
60% x 60% x 40% of chains (14.4%) will be of length 3
60% x 60% x 60% x 40% of chains (8.64%) will be of length 4 etc.

These proportions of course sum to 1, and a little math shows that the length of the average chain is 3.5 nodes. The number of downloads in a chain -- the connections between users -- is one less than the number of nodes in the chain, so this means that to complete one download, the content will have to be transferred an average of 2.5 times -- compared to being transferred only once, when one user downloads from another directly. In order to ensure that users contribute enough to the system as they take from it, that means that in order to download a file, users would be required to provide enough "proxying" to support the equivalent of 2.5 full downloads of that same file.

These chains have a useful property: any time you're downloading content "from" another user, there's only a 40% chance that user is serving content off of their own hard drive, and a 60% chance that they're proxying the connection from somewhere else (another node that may in turn be proxying the connection from yet another node, etc.). So even if the adversary controls three nodes D1, D2, and D3, and D1 is downloading from D2 who is downloading from D3 who is downloading from D4 (and D4 is not controlled by the adversary), from the adversary's point of view there's only a 40% chance that D4 is actually originating the content. This is always true no matter how many nodes in the chain the adversary controls -- in the end, if they want to nail someone for serving out copyrighted content, they have to download the content from some node that they don't control, and there will only be a 40% that user is actually serving the content from their hard drive.

And the 40% number was deliberately chosen in order to weaken the adversary's legal grounds for subpoenaing the identity of the user they're downloading from -- even if they can show that they downloaded content from another user's IP address, it's more likely than not that the other user was not actually hosting the content. (Of course, there might be other details in context that render that probability calculation useless. For example, if the server S only links to one downloadable file, then all users coordinated by that server S are presumably downloading that same file, and anybody that server S connects you to, can be presumed guilty of downloading and sharing that file, 40% figure be damned.)

At this point you might also wonder: Why not just connect over a protocol like Tor, which provides secure anonymity for all transactions, and then use BitTorrent or some other file-sharing system on top of that? The answer is that Tor's connection is likely to be much slower, for at least two reasons. First, Tor servers are a limited resource, and the more people use them (especially for large file trading), the slower they are likely to become. (By contrast, in the peer-to-peer proxying model outlined above, every new downloader can also be made to act as a proxy for other users, so additional users don't slow down the system because they contribute as much as they take out of it.) Second, Tor always routes your connection through multiple servers to guarantee secure anonymity, which means it would be slower on average than the variable-length chains described above, where only about 20% of chains are of length 4 or more.

The key difference is that Tor provides true anonymity whereas the protocol above only provides plausible deniability. In high-risk settings where Tor is often used, it would not be acceptable if there were a 40% chance of your IP address being revealed to your adversary. But for file sharing, the 40% figure might be acceptable if it's just low enough to stave off a subpoena. This trade-off makes it possible to use shorter chains, resulting in faster downloads and less total bandwidth consumption.

You also already have the option today of using a VPN service to download files through an anonymous third-party connection, which renders the rest of these issues moot. But users have to jump through several hoops (and pay some money) to set this up as an option, which means that most users will not be using VPNs any time soon, leaving plenty of naive users for the RIAA and MPAA to go after. The use of peer-proxying links would mean that all users downloading through the system would be protected.

At the moment, the major impediment to a peer-proxying system like this would be that the chained downloads would still consume an average of 2.5 as much bandwidth as direct peer-to-peer downloads. Even with today's high-speed connections, this increase in inconvenience is great enough that some users might just prefer to use plain old BitTorrent to download files directly from peers, and run the (admittedly small) risk of getting in trouble. But as bandwidth speeds continue to grow literally exponentially, eventually the difference in inconvenience will be so small, that users would be foolish not to use proxified downloads if it provided free legal protection.

Note that the viability of this system does depend on the ISP's attitude towards it. In particular, if your ISP only goes after pirates because of legal pressure from content holders, then if the ISP's users are using this peer-proxying protocol instead of a direct download protocol like BitTorrent, then the ISP can quite truthfully claim that they don't have any hard evidence to disconnect any particular users or turn over their identities (because the ISP doesn't know which users are actually storing pirated files and which users are just acting as proxies). On the other hand, if your ISP sincerely wants to stop piracy because your ISP is also a content company (Comcast, for example), then they might also try to squelch the use of any protocol that enables piracy, even if they can't prove that any particular users are using it for anything illegal. Thus Comcast might try to slow the use of the peer-proxy protocol. But in that case they could be forced by Net Neutrality regulations to stop throttling it, in the same way that the FCC ordered Comcast to stop throttling BitTorrent.

As long as those conditions hold true -- content owners continue cracking down on file sharers, but proxying remains legal and bandwidth keeps getting cheaper, and ISPs are restrained from blocking the protocols themselves -- I think that p2p will have to evolve into something like the chained-download system described above, to provide plausible deniability to users, without resorting to the long chains (and subsequently slower downloads) provided by full-anonymity systems like Tor.

But again, I'm just saying it's inevitable, not that it's right. I actually do wish that people would pay the studios' prices for the movies that they watch; part of it is that I think most blockbusters are actually pretty good and deserve to make money. When you refuse to pay for movies, you're casting a vote against fun, big-budget movies that are made for the purpose of getting lots of people to come see them and enjoy them, and instead voting in favor of excruciatingly boring low-budget films that are made primarily so that the director could whine that the cheese-puff-snarfing American public wouldn't know great art if it bit them on their big bloated behind and subsequently didn't even buy enough tickets for the director to pay off the lien he took out on his Honda Civic to get the movie produced. Forget prosecution and civil suits; just make movie pirates sit through The Brown Bunny.

Bring it on!

[rotorbudd]

I'd love to see the studios asses handed to them by something like this.

Re:Bring it on!

If it starts seeing widespread use, they'll probably just buy another piece of legislation in order to let them bring lawsuits against the users anyway.

Re:Bring it on!

[Lumpy]

Actually how the Disney party is bought and paid for by the MPAA, creation of such software will be a TERRORIST act and allow them to do Drone strikes inside the USA against Internet Terrorist suspected locations.

Re:Bring it on!

[jythie]

I doubt they would even need new legislation. They will just argue that all the nodes are participating in sharing copyrighted works and will sue random people they manage to identify. They do not even need a good case since defending yourself is generally cost prohibitive anyway.

This whole idea is a non-solution.... it is kinda like those guides for 'why you do not have to actually pay taxes' or 'you are not technically a citizen of the US and thus the law does not apply'... even if mathmatically the logic might make sense, once it hits actual courtrooms it falls apart.

Re:Bring it on!

[pixelpusher220]

It's two issues.

First - I am the 'responsible party' for my ISP connection. Regardless of whether I'm proxying for other people or doing the torrenting myself, they still come to MY house to ask questions. Just ask any TOR exit node operator.

Second - in the obligatory car analogy, if my car is seen as the getaway car from a bank robbery, they're going to come talk to me about where I was at the time. If I had reported my car stolen or I have a rock solid alibi to my whereabouts I'm not going to be charged.

I'm responsible for the actions of something under my control, be it a car or an internet connection. The key question is am I LIABLE for those same actions.

A license plate like an IP address alone is not enough to identify an individual. The circumstances become very very important. Most specifically the obvious differences between civil crimes like most copyright infringement and criminal ones like the above bank robberies.

Re:Bring it on!

[pixelpusher220]

I don't see how this is any different than TOR. Somebody has to be the exit node and that somebody is going to be hassled quite a bit by the authorities

Re:Bring it on!

[YrWrstNtmr]

I'm responsible for the actions of something under my control, be it a car or an internet connection. The key question is am I LIABLE for those same actions.

You're probably not liable, be it car or bits. But it may take quite a lot of your personal time and money to prove it.
Even though you're "innocent until proven guilty", you still have to show up in court to have your say.

Re:Bring it on!

[Grishnakh]

I honestly don't see how this would even evade the copyright laws and DMCA (however, IANAL, so I may be missing something).
One big problem with this scheme is that it isn't really anonymous. Let's suppose D2 is an MPAA/RIAA agent: he finds a .torrent he wants to download, and server S directs him to D3, which acts as a proxy to download it from D1. Well D1 is probably safe, since D3 is covering for him, and D2 (the agent) can't see D1's IP address. However, D3 is not safe! Sure, he's passing the data in encrypted form so that only D1 and D3 can see what it really is, but does that really matter? He's still aiding and abetting copyright infringement, and he's distributing copyrighted material. I don't see how D3 can get out of that just because he doesn't know exactly what it is.

If someone (who you know has a criminal history) gives you some goods in an envelope, and asks you to go visit someone at a particular place and get $50 from them, and give them the envelope in exchange for the money, and bring the money back to him, I'm pretty sure you're liable for "aiding and abetting" in that crime, even though you didn't open the sealed envelope to see that it had some marijuana in it.

Re:Bring it on!

[Jane+Q.+Public]

It's simple: get a proxy (A) in a different country, or (B) that doesn't keep records of your traffic, or (C) both, and good luck with that subpoena!

I should also note that even Tor exit nodes are not necessarily public. Private traffic goes through them. Monitoring them merely because somebody might be downloading is almost certainly illegal. And issuing a subpoena for a Tor exit node is also pretty useless; if you are hosting a Tor exit node, do you keep records? Almost certainly not. And nobody can make you.

So the only recourse there would be to get a warrant to monitor, because some particular person is using that exit node to download. But wait! Exit nodes are effectively random. So good luck with that, too.

Sooner or later the RIAA and MPAA will lose. There is no question about it. What amazes me is that they have put up such a strong fight, this long.

Re:Bring it on!

[AK+Marc]

People have been convicted of murder for lending their car to someone going to the store. I think your faith in the level of proof required is excessive.

Re:Bring it on!

[pixelpusher220]

Circumstantial evidence has done lots of bad and good in cases.

I think what you're saying is that without 'good' legal representation you can get screwed by the system. And since he said 'it may take quite a lot of your personal time and money to prove it', and good representation ain't cheap, you're both saying the same thing.

Re:Bring it on!

[pixelpusher220]

Exit nodes are not random. They are fixed nodes with assigned and traceable IP addresses. 'Which' node you use as a TOR 'USER' is perhaps random, but the set of exit nodes is certainly not random.

Nobody says they monitor nodes for the fun of it. They find someone with Child Porn, and rightfully get a list of places he's received data from from his ISP. One of those IP addresses just happens to be a TOR exit node. Bingo, warrant issued to monitor that exit node's activity.

Running a TOR exit node out of your own house is a recipe for legal issues. Running it out of a hosted server somewhere is much less problematic, but legally speaking, that's the IP address spewing child porn and that's what's going to attract the attention (once they catch someone routing through that exit node).

Re:Bring it on!

[AK+Marc]

It wasn't circumstantial. It was a confession that the car was lent, and an ironclad alibi for the time of the robbery that got him the murder conviction. Felony inclusion rule. He was liable enough for his car that lending it got him a murder conviction. So yes, liability follows objects in some pretty absurd ways. http://en.wikipedia.org/wiki/Ryan_Holle

Re:Bring it on!

[nullchar]

Sure, he's passing the data in encrypted form so that only D1 and D3 can see what it really is, but does that really matter?

I guess you need to ask your ISP about their routers that are passing data in an encrypted form between an SSL server and a customer. Are they liable?

If the data is encrypted from endpoint to endpoint, does the Common Carrier status even apply? Meaning: do you need to be a common carrier to limit your liability when the payload is encrypted?

Re:Bring it on!

[Grishnakh]

I guess you need to ask your ISP about their routers that are passing data in an encrypted form between an SSL server and a customer. Are they liable?

If you're D3, you're not an ISP, you're just some dude using an ISP's connection to share files. Good luck dealing with the legal problems when the MAFIAA file suit. A large ISP like Comcast or Verizon can deal with these legal problems easily; for starters, they have a business dealing in data connections. You don't. You're just some guy trading files on the internet. You're not going to get the same legal protections.

Re:Bring it on!

[AK+Marc]

The ISP is not a common carrier and has no legal shield above D3. DMCA allows D2 to contact D3 and request they stop "hosting" the data from D1 that's infringing. They don't arrest the bus driver when someone gets on the bus with "illegal" MP3s and the bus driver "distributes" them around town.

Re:Bring it on!

[fredklein]

"Holle, who had given the police statements in which he seemed to admit knowing about the burglary, was convicted on August 3, 2004, of first-degree murder under a legal doctrine known as the felony murder rule." - wikipedia

SO, he didn't "lend his car to someone going to the store", he lent his car to someone going to a burglary.

Just a tiny difference.

Re:Bring it on!

[Jane+Q.+Public]

"... but the set of exit nodes is certainly not random."

Of course they're not. But I'm wondering what your point is.

" They find somene with Child Porn, and rightfully get a list of places he's received data from from his ISP. One of those IP addresses just happens to be a TOR exit node. Bingo, warrant issued to monitor that exit node's activity. "

Sure. Of course. But that's pretty clear probable cause. So it's not unreasonable for them to get a warrant in that case. But that is completely different from the kind of thing we're talking about here. Kind of out of context. I don't think anybody could reasonably argue that simple not-for-profit copyright infringement would be justification.

"Running a TOR exit node out of your own house is a recipe for legal issues. Running it out of a hosted server somewhere is much less problematic, but legally speaking, that's the IP address spewing child porn and that's what's going to attract the attention (once they catch someone routing through that exit node)."

I wasn't suggesting anybody host one in their home. I don't fancy unwanted knocks on the door from the authorities. But again your example is something that is considered a rather serious crime today, if done intentionally. The context of the discussion was simple copyright infringement, which is another matter entirely.

Re:Bring it on!

[Grishnakh]

Maybe, but some guy acting as D3 isn't like a bus driver, he's acting more like a private courier service. A private courier that does nothing but distribute drugs isn't going to get off easily, even if he shows that he "didn't know" what was in the sealed envelopes he was delivering for some drug distributor.

Re:Bring it on!

[AK+Marc]

That's the point of this. If you distribute enough legitimate traffic, you are safe, same as FedEx transporting meth. Plenty goes through, but they have enough legitimate traffic that they haven't been shut down. Yet.

Re:Bring it on!

[Grishnakh]

But you're not Fedex, you're just some guy at home with a residential ISP connection. Fedex has tons of money and can afford lots of lawyers. You probably can't. The "legitimate traffic" and "plausable deniability" thing has been tried by the people hosting Tor exit nodes too, and it hasn't kept them safe, has it?

Re:Bring it on!

[pixelpusher220]

"... but the set of exit nodes is certainly not random."

Of course they're not. But I'm wondering what your point is.

You said they were random. Your implication was it would make it hard for authorities to track down. My point is you are wrong.

I don't think anybody could reasonably argue that simple not-for-profit copyright infringement would be justification.

Seriously, did you miss the tragic Aaron Schwartz saga?

I wasn't suggesting anybody host one in their home.

The article was saying exactly that - "users anonymizing each others' downloads.....would be required to allow their machine to be used as a proxy".

My point was how did the proposed solution to this differ from TOR. You suggested it did and so far haven't offered any reasonable claims to that effect. 'What' the crime is seems to matter very little since we are ALREADY seeing courts involved in issuing subpoenas. The TOR reference is simply that somebody has to be publicly visible and that person will be the one being hassled, however that hassle might materialize.

It's exactly the same as TOR.

Re:Bring it on!

[Jane+Q.+Public]

"You said they were random. Your implication was it would make it hard for authorities to track down. My point is you are wrong."

No, you misunderstood completely. Nobody in their right mind would think that any machine at all could be a Tor exit node at random, so of course I meant which exit node, among existing exit nodes, is chosen at random. In any sort of reasonable world I could hardly have meant anything else. I do not agree that there was any ambiguity.

"Seriously, did you miss the tragic Aaron Schwartz saga?"

No, I did not miss it, but it has absolutely nothing to do with the question at hand. Swartz was downloading academic material and such from a University-affiliated service, using the University's own network. He was not downloading some movie or other file via BitTorrent at home. The latter, not the former, is what this whole thread is about.

But my more recent point was this: in the message I first replied to, you stated:

"Somebody has to be the exit node and that somebody is going to be hassled quite a bit by the authorities"

... but no, they're not. For a typical civil downloading scenario, law enforcement will not have sufficient authority to monitor your traffic through an exit node. And if recent court cases are any indication, it is unlikely that the information would be subject to subpoena, either. And good luck either way, because neither Tor or anonymous proxies keep records.

So the main difference -- in THIS context -- between using an anonymous proxy, and Tor, is that the anonymous proxy will usually be faster. Tor can be dog-slow sometimes, depending on traffic and how many nodes you are going through.

Re:Bring it on!

[nuggz]

It isn't even liability and all that legal stuff.

If the allegations are serious enough, they will destroy you LONG before you get your day in court. That's the real problem today.

Re:Bring it on!

[Jason+Levine]

This is true enough, but your "car fleeing a bank robbery" example is a criminal case with police investigating.

Copyright (when it comes to music/movies, at least) tends to be a civil case against the MPAA/RIAA members and the individual who is accused of infringing the copyright. You could be totally innocent of infringement, but the MPAA/RIAA sees you as guilty and is willing to pay the legal fees to make an example of you. You, on the other hand, have limited funds and time. So if you are sued and face a multi-million dollar fine (plus legal fees) after months of courtroom battles, you might just take the offer of a $3,000 settlement and admission of guilt (even if you aren't guilty).

This won't change with the new proposed system. They would identify people running proxied torrents and would sue them. Sure their evidence would be flimsy (as if their current evidence of IP address screenshots is solid), but it already is. If they saw the case going against them, they will drop the suit (to avoid setting a precedent against them), but the defendants would have already spent a lot of legal fees and time/energy defending themselves. The RIAA/MPAA will make running a proxied torrent a legally risky proposition even if you don't have any copyrighted materials passing through your system. (That's not even bringing up them lobbying Congress to declare such systems illegal entirely.)

Just use Retro Share and be done with it

[Megor1]

Retro share: http://retroshare.sourceforge.net/ friend to friend private open source file sharing.

Re:Just use Retro Share and be done with it

[Hatta]

Retroshare is great, but it's limited by the number of friends you have. You only ever connect to people you have an established friend relationship with. If you only have one friend, it doesn't matter how many seeders there are for a file, it will never go faster than your friend's upload speed.

Re:Just use Retro Share and be done with it

[Megor1]

Just make friends with people who have google fiber :)

Re:Just use Retro Share and be done with it

[jamiesan]

Moral Fiber? What kind of bandwidth do you get with that?

Re:Just use Retro Share and be done with it

You are trying to technically fix a broken law, that won't work. In Germany, someone allready got sued (successfully) for "relaying" a file via retroshare....

Re:Just use Retro Share and be done with it

[Kjella]

You are trying to technically fix a broken law, that won't work. In Germany, someone allready got sued (successfully) for "relaying" a file via retroshare....

But mostly due to a PEBCAK problem trying to use a F2F network as a P2P network.

RetroShare derives its security from the fact that all transfers go through "trusted friends" who users themselves add. In this case, the defendant added the anti-piracy monitoring company as a friend, which allowed him to be "caught."

Besides Germany is fairly special in that they've made you liable for what other people are sharing over your WiFi as well. And none of it would matter if you use it as designed, sharing with friends who share with their friends who share with their friends, six degrees of Kevin Bacon and all that. If you're going to connect to random peers, there's already something much better called BitTorrent for that. RetroShare is not TOR or Freenet protecting you from the nodes closest to you, it just hopes to be an impenetrable mass of friends that doesn't talk to any anti-piracy nodes. Quite importantly the only person harmed by adding the anti-piracy company was the fool himself.

Re:Just use Retro Share and be done with it

An Android client would be nice. Without that it's limited to just my computer.

Re:Just use Retro Share and be done with it

[AmiMoJo]

A system like Perfect Dark or Share might be a better option. Combine the community/web aspect of torrents with an anonymous P2P network that doesn't require trust or friends.

The only down side to PD and Share are that they require a large cache, typically 50GB+. The nice thing about BitTorrent is the very low entry requirements, and 50GB HDD space plus a fair chunk of upload bandwidth might limit the user base outside of Japan and Korea where the net is cheap, fast and unlimited.

Re:Just use Retro Share and be done with it

I've had my own set of issues with Retroshare. Namely, getting two clients to connect. I've generated the PGP keys, forwarded the ports,and disabled the Windows firewall. Each one is aware of the other's existence, but I can't get get them to see the other as online. Ironically, I was remoting into the other computer using Teamviewer. As wonderful as a fully decentralized sharing platform is, the inherent reality is that there are exactly two options for generating the connection: either some sort of centralized server for firewall traversal to at least get the users talking to each other, or systems like Retroshare will work between people who know how to configure their routers...which might not be a bad thing, except that limiting the audience to sufficiently technical people does not bode well for the ideals of freedom as a whole. Napster and Kazaa and Limewire did plenty wrong in their respective days, but the one thing they all did was to level the playing field and be accessible to anyone that could run an Installshield Wizard. In its present form, Retroshare will not have this same level of success.

I don't understand

Why you're posting information about breaking the law. Are you not ashamed of yourself? Have you no dignity or self-respect?

How would you like it if people stole all of your stuff and left you destitute, raw, and living in a VAN down by the RIVER!?!?!!!

No - you wouldn't like it. So if you would quit it with the criminal thoughts and play by the rules like any other decent human being would you won't have to resign yourself to that fate.

Re:I don't understand

I remember my first beer.

Re:I don't understand

The RIAA and MPAA have declared war on their customers, despite having several surveys which show that downloaders do NOT affect Movies , that Downloaders buy MORE music. The RIAA and MPAA have been shown in several court cases they DO NOT support artisits, and are only concerned in lining their own pockets.
Copy Right INFRIGMENT IS A CIVIL issue, and yet Kim DotCom of MEga Upload, Several music sites have all been taken down by USA government Agencies with the co-operation of by USA diplomatic pressure.
And yet not a single one of these site take downs has resulted in a single court case. All previous web sites have been given back to the original owner of the web sites except Kim DotCom, who has still not been charged, or given any list of laws he has broken.
As a USA Citizen I am ashamed of my government's corruption and usurption by corporate greed, and now the US courts won't even allow us citizens to use the Freedom of Information Act to determine whether I as a citizen am being watched or not.
So yes I see this as a necessary and good protection from a government I FEAR will prosecute me, as it did Arron Aschwatz, and others like him who are serving sentances in Jail, or being extradited from the UK to the USA.
I can proudly say that I have NOT voted for Barbara Boxer, Dianne Feinstein, or Barak Obama, or any other current incumbent, so as far as I am concerned this is NOTHING BUT GOOD.

Re:I don't understand

Appeals to the rule of law normally seem valid, but at this point I do not think it is possible to steal from a corporation like Sony etc. we are talking about organizations that have no soul, exist only to steal, and strive every day to destroy democracy.

The rule of law is for people and these things are not people.

Re:I don't understand

[cgimusic]

I see the ridiculous attempt at equating piracy with theft has shown its ugly head again. This idea is bad for everyone any only serves to obstruct actual debate about the ethics behind intellectual property. People who post information about breaking the law (it isn't even the law everywhere by the way so don't just assume American laws should be enforced worldwide) are never going to be ashamed because the reason they post the information in the first place is because they disagree with the existence of the law. The law is not the law because it is morally right. The law is the law because of pressure from lobby groups.

Re:I don't understand

A lot of the negative impressions against movie studios and such with these law suits is that the individual person cannot properly defend themselves.
Completely innocent people have paid in thousands of dollars to these companies because they know a court case will cost them more.
The suing company doesn't have to solidly prove that the specific user they're suing did anything, they just need a bare minimum to bring it to court.
Individuals that go to court and lose are forced to pay sums of money they'll never likely pay off because the laws weren't meant to be brought against an individual but mass copying businesses.
There is a lot of abuse of these laws done by these big companies.

Yes, Peer to Peer file sharing of unauthorized files has hurt some little guys [though some have managed to work with it] but big business suing little guys has hurt a lot more of them than the damage done to the big businesses themselves [imo].

Re:I don't understand

[kaizendojo]

How would you like it if people stole all of your stuff and left you destitute, raw, and living in a VAN down by the RIVER!?!?!!!

SNL's lawyers would like a word with you when you're done here....

Re:I don't understand

[pixelpusher220]

Can we get a mod of "Needs more Tinfoil"?

Re:I don't understand

[CohibaVancouver]

The RIAA and MPAA have declared war on their customers

No they haven't. I buy music and movies and no one has to gone to war on me.

Re:I don't understand

ze bubble!

Re:I don't understand

[TemperedAlchemist]

Because the law is corrupt and evil in this case. It works only to further line the pockets of the MPAA/RIAA at the expense of the citizens it purports to protect.

It is our moral duty to oppose it.

Re:I don't understand

[j00r0m4nc3r]

You've been in Double-Secret-War for a couple years now

Re:I don't understand

The RIAA and MPAA have declared war on their customers

No they haven't. I buy music and movies and no one has to gone to war on me.

you keep using that word. i do not think it means what you think it means.

Re:I don't understand

Obvious troll is obvious

Re:I don't understand

Yeah, especially when the MPAA and RIAA get their way. Fair Use will be a thing of the past. Kind of like punch-card operated computers or journalistic integrity.

Re:I don't understand

They have you just don't realize it. When companies start treating you as a criminal by installing unauthorized software on your system as soon as you insert a disc, requiring you to enter a product key, or otherwise putting the burden on you the paying customer then I see that as waging war on consumers.

Re:I don't understand

If "and living in a VAN down by the RIVER!?!?!!!" was too subtle I expect this post will be lost on you but what the hell:

WHOOOSH!

Re:I don't understand

[AK+Marc]

They have, you just haven't noticed. That you haven't noticed doesn't mean it didn't happen. I didn't see the last eclipse, so it didn't happen. Oh, and you "own" nothing.

Re:I don't understand

And that's the sound of the Van landing in the said river

Re:I don't understand

Actually, I could spend all days watching movies for FREE in my RV down by the river... Sounds kinda nice in a way... Wouldn't have to worry about burglars if I didn't own anything of value either. Just have to put the Raspberry PI in my pocket when I leave the trailer. The future's so bright!

Re:I don't understand

Wrong. DRM.

Re:I don't understand

Really.... have you ever
- found your pc infected by drm software hidden in the media disc you buyed?
- unabled to use the media you payed because their licencing servers are off-line
- rebuyed some movie all ready own because your new player, tv, home theater doesnt like your old format or set up?
- found deleted or revoked access to content you all ready payed because the provider changed his mind

If they arent at war, are just a bit to much abusive to forgive

Re:I don't understand

[Kevin108]

This is a post about privacy when using P2P. How you choose to use the technology is up to you.

Re:I don't understand

Your friends won't let you forget?

Re:I don't understand

Who are you directing this outrage to? The corporations, the IMF, the FRB, the 1%, Wall Street, that Banksters?

Wrong

[qbast]

If you are "proxying" connection, then you are downloading from user D1 and uploading to D2. It does not matter if you are not retaining that data, you are still copying stuff illegally. So in the end if content owners are unable to determine identity of actual downloaders, they can go for proxying users and hit them with exactly the same lawsuit.

Re:Wrong

> If you are "proxying" connection, then you are downloading from user D1 and uploading to D2. It does not matter if you are not retaining that data,

You are correct. However, does the data 1101 hold up to a copyright claim in court? No. So it's a matter of what the data is. He's not wrong, just not breaking down the practical aspects of the future conditions (which cannot be known for sure).

Re:Wrong

AHAH! Then clearly the answer to the problem for content owners is to just sue all ISP's! Since, for end users to download copyrighted content, the ISP's infrastructure and many other ISP's infrastructure who merely route between must copy and reupload that data dozens of times for each packet! Why sue the users who requested the files? Since the lawsuits award damages based on the number of copies you make, sue the ISP's since they make dozens of copies for every copy a user tries to obtain!

Re:Wrong

[dgatwood]

U.S.C. Title 17 Section 512(a) would seem to apply:

(a) Transitory Digital Network Communications.— A service provider shall not be liable for monetary relief, or, except as provided in subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of the provider’s transmitting, routing, or providing connections for, material through a system or network controlled or operated by or for the service provider, or by reason of the intermediate and transient storage of that material in the course of such transmitting, routing, or providing connections, if—

(1) the transmission of the material was initiated by or at the direction of a person other than the service provider;

(2) the transmission, routing, provision of connections, or storage is carried out through an automatic technical process without selection of the material by the service provider;

(3) the service provider does not select the recipients of the material except as an automatic response to the request of another person;

(4) no copy of the material made by the service provider in the course of such intermediate or transient storage is maintained on the system or network in a manner ordinarily accessible to anyone other than anticipated recipients, and no such copy is maintained on the system or network in a manner ordinarily accessible to such anticipated recipients for a longer period than is reasonably necessary for the transmission, routing, or provision of connections; and

(5) the material is transmitted through the system or network without modification of its content.

The only question is whether you as an individual can qualify as a "service provider", but if the EFF's interpretation is correct, anyone falling into the above exemption would inherently qualify.

That said, I would not want to be the person who was being sued over using such a service. You'd presumably have to convince a judge that your purpose for using the software in the first place was something other than engaging in or facilitating copyright infringement.... Good luck with that.

Re:Wrong

[fredprado]

If you have no control over the data being transported through you as often is the case with these darknet programs you are probably protected by the same DCMA provisions that protect the ISPs. That is, until they change the law. But then again you can make it in a way that never a complete file passes through you, and data never stays within your system.

Re:Wrong

[apcullen]

I'm reasonably sure that transient copies such as you describe are not considered to be infringing.

Re:Wrong

[dbet]

Not necessarily. Keep in mind they never go after "doanloaders", only uploaders. It's just that with torrents, they've made the argument that everyone in the swarm is an uploader.

Also, if 2 people share a file, there are several nodes between them that also share that file, but no one is ever sued except the end user. With a place like Torrent tracker sites, they've made the argument that they of course know they're trading illegal files, that they have received take-down requests and ignored them. Even places like Youtube are expected to ban things on request.

Now enter proxy torrenting. Who do they send a take-down request to? Even if they can pin an upload to a specific address, they need to show that you knew you were trading "The Avengers" which you almost certainly didn't.

It's a legal mountain.

Re:Wrong

[TubeSteak]

It is not sane to assume that everyone is running a packet analyzer and inspecting all the traffic across their system.
And without knowledge, you cannot complete the necessary elements to convict.

Throw in some encryption for the proxied contents and the case against the proxy owner will never reach a jury.

Re:Wrong

[spikenerd]

It does not matter if you are not retaining that data, you are still copying stuff illegally.

By that logic, the owner of every router through which the data passed is responsible for the activities of the end users. I am not a lawyer, but I suspect intent may actually be relevant sometimes.

Re:Wrong

[qbast]

Bittorrent already splits data into small chunks and it is no protection from being sued. If you are proxying, they will probably just add charges of conspiracy on top of breaking copyright.

Re:Wrong

[Derekloffin]

Intent plays into that. If I engage in an act (that in itself is not illegal) that I unknowingly facilitate an illegal act, I'm generally going to get off. However, if I engage in that same act and I know it will facilitate an illegal act, then I'm now generally accountable as well.

Re:Wrong

[eap]

If you are "proxying" connection, then you are downloading from user D1 and uploading to D2. It does not matter if you are not retaining that data, you are still copying stuff illegally. So in the end if content owners are unable to determine identity of actual downloaders, they can go for proxying users and hit them with exactly the same lawsuit.

The FA says the traffic sent over the proxy is encrypted, so there would be no evidence it was copyrighted material.

Re:Wrong

[toejam13]

That's what I wonder. If proxy services are not classified as service providers, the government could in theory come after you for conspiracy or possibly RICO statutes.

If proxy services are classified as service providers, expect that laws regarding logging and auditing be ramped up. Every TCP connection you make will be saved and stored for a long time. Even if you bounce across seven proxies, the logs will eventually point back to the client. They could easily require little more than an administrative subpoena to get those logs, too.

My worry is that in their effort to trace pirates using back channel methods, the government is going to obtain very powerful methods to track you. And we're going to pay for it out of our own pockets.

Re:Wrong

[bytestorm]

Safe harbor provisions were exactly what I wanted to mention, and also as you mentioned, you have to be acting in good faith which may be hard to prove. What business or technical need is satisfied for legitimate users of the technology by proxying through peers? Proxying is only more useful for obfuscation as it is less efficient for actual data transfer (limited now by relay speed as well, increased complexity with a need for intelligent proxy selection). Maybe for NAT bypass, but that's about it, and it only needs 1 extra hop. For everything else, IP already does routing perfectly. Because of this, I don't see the necessary legitimate "cover traffic" arising, only infringing users will have this feature running.

Re:Wrong

[icebike]

The gist of the story (quoted from the original post is this:...

but as long as it's not against the law to simply proxy a connection for someone else, that would not be grounds to subpoena the user D3's identity.

You ask "The only question is whether you as an individual can qualify as a "service provider".

But I don't think its necessary to reach that conclusion in order to go after the proxy provider any more than it is necessary to equate a drug mule to a licensed Bus Line like Greyhound.

The very act of proxy-ing could be found to be "aiding and abetting" which would probably be sufficient to get a warrant to search a proxy's server, even if there was no ultimately no arrest for the act of providing that proxy.

Further, to the extent it became common it would be explicit outlawed as it is in China today. There is a reason that Microsoft's first act when acquiring Skype was to kill off the entire concept of Skype Super-Nodes, and run all skype conversations through its own servers, and that reason had nothing to do with performance.

Trying to read a law set up to provide safe harbor to ISPs as applying to Joe Sixpack seems unlikely to be successful in the long run.

Re:Wrong

[SuricouRaven]

No conviction needed. These cases are civil actions, not criminal. There is no need to show the 'beyond reasonable doubt' level of proof.

Re:Wrong

[qbast]

Traffic could be already encrypted between endpoints without inserting proxy in the middle, so it does not change anything.. Honestly, idea of adding a proxy is just weak attempt at finding legal loophole by splitting responsibility. Piratebay guys and Grokster (see MGM Studios, Inc. v. Grokster, Ltd.) got convicted for providing file sharing tools that happened to be used also for copyright infringement. Do you seriously expect that "I don't know and I don't care what I was proxying" defense will work? Judges can actually use common sense and anybody can see that this is just a technicality.

Re:Wrong

[Lumpy]

Then CISCO is the largest Copyright infringement company on the planet and should be Stormed by the BATF right away.

Re:Wrong

>If you are "proxying" connection, then you are downloading from user D1 and uploading to D2

actually, you are retransmitting traffic one packet at a time. At no point do you "download"; you are just playing hot potato IMHO

Re:Wrong

> Bittorrent already splits data into small chunks and it is no protection from being sued

Citation? Every case has been one of monitoring a full set OR majority of data representing a torrent. Not tiny fragments. FUD is rotting your brain.

Re:Wrong

[Talderas]

Aiding and abetting.

Re:Wrong

[Hatta]

That said, I would not want to be the person who was being sued over using such a service. You'd presumably have to convince a judge that your purpose for using the software in the first place was something other than engaging in or facilitating copyright infringement.... Good luck with that.

Retroshare, in addition to being a darknet file sharing app has encrypted equivalents of email, IM, IRC, web forums, status feeds, VOIP, and probably more that I'm forgetting.

Re:Wrong

[euxneks]

You'd presumably have to convince a judge that your purpose for using the software in the first place was something other than engaging in or facilitating copyright infringement.... Good luck with that.

I would argue that unless they can prove what I've been sharing or downloading on the service was copyright infringement, I think they haven't got a case - it doesn't matter if the majority of users are downloading copyrighted items, what should matter is whether there is reasonable doubt that I was downloading copyrighted material. Essentially, "innocent until proven guilty".

Re:Wrong

[pixelpusher220]

But I don't think its necessary to reach that conclusion in order to go after the proxy provider any more than it is necessary to equate a drug mule to a licensed Bus Line like Greyhound.

The difference is more like people borrowing each others cars which just happened to contain some pot that belonged to someone else "I'm just transporting it for them, I didn't know what was in the box".

Greyhound is a common carrier, your car is simply not.

Re:Wrong

[pixelpusher220]

you are probably protected by the same DCMA provisions that protect the ISPs

No you aren't. The DMCA defines common carriers and end users aren't part of that definition.

Re:Wrong

[maxwell+demon]

Indeed, with the original BitTorrent protocol, effectively the clients are also proxying the data stream from the server.

Re:Wrong

[TheCRAIGGERS]

If you are "proxying" connection, then you are downloading from user D1 and uploading to D2. It does not matter if you are not retaining that data, you are still copying stuff illegally. So in the end if content owners are unable to determine identity of actual downloaders, they can go for proxying users and hit them with exactly the same lawsuit.

Copying data from storage into RAM
ISPs (all along the pipe from your house to the server) copying data into buffers for routing
Defragging your hard drive, copying data from one sector to another

All of these examples are just as silly as what you claim is infringement.

Re:Wrong

[houghi]

Let me simplify the law for you:
If you are not a media company, you are guilty of piracy.
If you are a large American company, you can just pay off and charge your customers more.
In all other cases, you are screwed.

Re:Wrong

[TheCRAIGGERS]

Especially when it's far cheaper to pay the "protection fee" than fighting it in court. Most people, even if innocent, don't have the resources to fight the RIAA/MPAA in court; they can drag it out a loooooooooong time.

Re:Wrong

[number11]

If you are "proxying" connection, then you are downloading from user D1 and uploading to D2.

No, you are not, and probably have no idea that "My Pet Sheep" is being transferred. Your computer is doing those things, certainly, but you didn't specifically tell it to. So let them sue your computer. If corporations can be treated as people, why not computers?

And this would prompt more development of AI, so that your computer could find an AI lawyer to defend it. It could pay in bitcoin. Of course, your computer's reputation would suffer, no other computers would want to have anything to do with a computer that wants to do it with a sheep. But hey, you can't break an omelette without making sheep.

Re:Wrong

[dgatwood]

Depends. If it were used, for example, in the next version of the BitTorrent protocol (with no way to turn it off other than to not upgrade to newer versions of the apps in question), lots of folks would end up using it for legitimate purposes. If it were incorporated in a separate app or as a switchable feature of BitTorrent, not so much.

Re:Wrong

My concern would be that the MAFIAA would subvert this proxy network by running their own proxies and using them to de-anonimize it. Especially if the argument can be made that proxies aren't responsible what what they upload/download, then you wouldn't be able to argue they were implicitly giving you permission to download.

Re:Wrong

[fredprado]

The DCMA uses "common carrier" in its definition, it does not by any means define in itself what is a "common carrier". By its legal definition "common carrier" can arguably apply to anyone who offers the service to carry anything for all in opposition to "contract carriers" which offer the service to transport only for specific clients.

Re:Wrong

[cdrudge]

The DMCA doesn't define common carriers. It defines service providers as:

`(1) SERVICE PROVIDER- (A) As used in subsection (a), the term `service provider' means an entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user's choosing, without modification to the content of the material as sent or received.

                `(B) As used in this section, other than subsection (a), the term `service provider' means a provider of online services or network access, or the operator of facilities therefor, and includes an entity described in subparagraph (A).

Whoever is providing the proxy is not an end user presuming they aren't a proxy for themselves. If you read Sec. 512(A) of the DMCA, a proxy could qualify as a service provider with respects to limitations of liability. I personally wouldn't be willing to stake my legal and financial well being on such an argument, but I think it's plausible argument/defense.

Everyone operating as a proxy for everyone else will just complicate the issue of tracking down the real infringes. However real ISPs aren't going to be happy with their users running essentially open proxies for potential infringement. Most TOS/AUP already vaguely or explicitly prohibit running such a service. If it ever became more popular, I'd bet you see more providers actively enforcing their policies even with draconian measures. Also caps and pay-by-the-byte would also likely nip it in the bud. Why would people pay for other people to pirate?

Re:Wrong

[icebike]

You'd presumably have to convince a judge that your purpose for using the software in the first place was something other than engaging in or facilitating copyright infringement.... Good luck with that.

I would argue that unless they can prove what I've been sharing or downloading on the service was copyright infringement, I think they haven't got a case -

You are probably correct in this, up to the point that someone implements the proposed proxying scheme.
Once you turn that on, you, in a sense, take the risk of being accused of participating in a illegal enterprise.

My bit-torrent client is used to fetch Linux Distros and nothing more. And, being a good torrent user, I reseed those and leave the client running.

Fast forward to the inclusion of proxying in some bit-torrent client, and I am on less firm ground.

Because by simply using such a client, and leaving it run to be a good netizen, I've knowingly opened a hole that might be used for illegitimate purposes. At least that will be the reasoning the prosecutors will use. They will view me as kind of like the guy who is not a thief or a murderer, but props open the security door of an apartment building on a hot day to improve ventilation, only to have other apartments robbed.

Unless or until the proxy feature became not only common but mandatory, it would offer little protection, and puts each user at risk of having to defend themselves in court.

Re:Wrong

[Zmobie]

This is true but using a simple encryption algorithm as was suggested would negate this problem. At that point the intermediary is just moving along encrypted data that he has no idea if it is copyrighted material or a bunch of cat videos that are tagged as public domain. Since deep packet inspection and breaking the encryption algorithm is illegal and constitutes a "cybercrime" (or what ever the hell they are calling it now) it would be a VERY hard sell to even get that into a court.

Now, it isn't impossible because it is kind of the argument that parcel couriers have to deal with daily. Technically if someone ships a package through their system it could be completely "anonymous" and some might argue that it should be, but all of them reserve the right to inspect the packages simply because if they ship someone a bomb their ass is potentially on the line for that (That said how many extremely dangerous items go through the USPS every day).

The main difference is two fold. For the courier their is a concerted effort to move said package between points A and B or (D1 and D2 in your scenario), and a large coordinated effort on several people's part. In the case of the user proxy it is one person "moving" the "closed package" with little to no effort on their part. Sheer logistics in this case dictates that it would be unreasonable for that person to inspect every package (which is a small piece of the actual infringement that on it's own can't actually be used for crap unless the source and other things are identified) especially considering with some mediocre encryption and usage of a few diffie-helman exchanges you will never piece it all together (or hell it could be routed through 3 or 4 different users). This is akin to basically shipping the parts to a bomb or some such through the couriers and then assembling it on the other end.

At that point it is no longer a burden on the proxy user, as they are merely using the technology for what could be legitimate purposes. Hell, most torrent trackers have started using some weak encryption to help obfusticate traffic from ISPs already, so this isn't very clean cut in my opinion.

Re:Wrong

[icebike]

If one props open the security door of an apartment building so that friends can come over to his pool party, can he escape all culpability for the robbery or rape that occurs in some apartment upstairs by miscreants who saw the security door wide open?

Re:Wrong

[fatphil]

Don't (4) and possibly (1) fail?
If it grabs stuff that it wants, and is them prepared to serve it then (1) is definitely blown - it has already performed a transmission to itself of its own volition.
Even if if only grabs the chunk on the first request from outside, then presumably one the proxy has a chunk, then it will keep a copy of it so that another client can grab it. And then (4) is blown out of the water.

The original known-for-such-great-insights-as-"solve the problem with batteries going flat by having spare charged batteries" poster did say "Now, 40% of the time, user D2 actually does have the file on their hard drive", which I think makes my assumptions fair. And his conclusions as bollocks as any other of his recent rubbish.

Re:Wrong

[Mister+Whirly]

Judges can actually use common sense

No, the law doesn't work like that.

Re:Wrong

[Z34107]

Have you never used a BitTorrent client? Do you not know how to use Google or Wikipedia? GP is correct that the BitTorrent protocol splits files into "chunks," with peers sharing those chunks amongst themselves.

Unless you have citations otherwise, the copyright suits thus far have worked by identifying all the IP addresses in a swarm, subpoenaing their ISPs, and then sending settlement letters or suing. There's nothing magical about downloading 50.1% of a movie, or whatever the heck "majority of data representing a torrent" means.

Re:Wrong

[countach]

You seem to assume that users are intimately familiar with what their software does at the network packet level. If I use a piece of software that allows me to download, say a Linux distro, and behind the scenes it does some other crap, like exchange chunks of unknown files, is a sane judge going to convict copyright infringment? I don't think so, but then we are in uncharted territory. Anyway, the situation is basically like Freenet which makes your machine a node for all sorts of stuff you don't know about, like child porn. Didn't hear about a conviction for that yet, but I guess we have to wait till real MPAA money gets behind attacking it.

Re:Wrong

Interesting complete lack of understanding of the legal infrastructure for regulating network systems...
Try again next time pls.

Re:Wrong

[countach]

Except that if every man and his dog used such software, and you can legitimately use it to download Linux distros, then you have real deniability. This is different to Pirate Bay who FOR SURE know that piracy happens on their site. But merely using software X, that lots of people use to download stuff, doesn't prove anything, not even close.

Re:Wrong

[JWW]

And if we could pull that off the ISPs would go running to the FCC asking for common carrier protection so fast your head would spin.

Re:Wrong

[ganjadude]

simple "for helping people in oppressive regimes"

Re:Wrong

[amorsen]

However, does the data 1101 hold up to a copyright claim in court?

Of course it does. If it is a part of a copyrighted file, it absolutely holds up. See What colour are your bits?.

You can try to get away with calling it fair use. Good luck.

(Yes, it's absolutely ridiculous that bits have colour. I am not saying that the law is moral or even sane.)

Re:Wrong

[thoromyr]

you might want to look at the provisions of the DMCA and what Safe Harbor is and means and how it does not apply to proxying connections for other copyright infringers to contribute to your own copyright infringing activity.

Re:Wrong

[thoromyr]

an online service provider is allowed "Safe Harbor" but for that you must:

1) respond to all DMCA complaints in a timely fashion

2) prevent distribution of material on receipt of the complaint

and you can lose safe harbor status e.g., for continuing to provide service to a repeat offender, failing to take action on complaints, etc.

being a provider is no perfect shield, especially when you don't have the money for on-staff legal counsel

Re:Wrong

[DRJlaw]

That said, I would not want to be the person who was being sued over using such a service. You'd presumably have to convince a judge that your purpose for using the software in the first place was something other than engaging in or facilitating copyright infringement.... Good luck with that.

It probably wouldn't be fun to have to make the argument as a defendant, but it's the same argument that anyone operating a TOR node must be prepared to make -- substanitally non-infringing use for sake of privacy.

These days 'everyone' seems to be intent upon vacuuming up and at least semi-permanently retaining every piece of behavioral information that they can. Whether it's 'research' concerning the near- mythological circulation of linux ISOs or merely RIAA and MPAA copyright enforcers throwing DMCA notices if a filename so much as resembles a property that they're interested in (yes, this has been documented to happen), there is a pro-social benefit to having and providing anonymity in circumstances where what is being exchanged is permitted by express or implied licence or *gasp* the public domain.

The argument becomes very not fun when some huge fraction of the material is infringing (a la Napster), but there you have it.

Re:Wrong

[Kjella]

If proxy services are classified as service providers, expect that laws regarding logging and auditing be ramped up. Every TCP connection you make will be saved and stored for a long time

With some fairly basic mixmaster techniques that will be useless as you can't tell which data belongs to which encrypted stream. Your node has 100 connections in, 100 connections out and they all look just the same. You will have to outlaw it, you can not prevent it even with massive ISP level logging.

Re:Wrong

[dgatwood]

I was assuming no caching. With caching, then 512(b) would presumably apply instead of 512(a). But then each user would presumably have to accept DMCA takedown requests. Better if no caching occurs.

It isn't clear whether (1) would fail. I would assume that any ISP (and indeed, very nearly any device) that can pass on traffic can also generate traffic. So presumably that same issue applies pretty broadly to anything resembling an ISP. I would assume that the burden would fall on the prosecution to sort out whether the request was made while acting as a proxy for a remote user or while acting on behalf of the local user, and that the presumption, in absence of proof to the contrary, would have to be that the request was merely being passed on.

I'd be more concerned about whether you could legitimately say that you were running such an app in good faith.

Re:Wrong

[dgatwood]

Actually, the section that I was talking about (which also requires that you not perform any caching of proxied requests) doesn't require you to do any of those things, because you aren't actually storing the data. It's the section that covers pure IAPs (Internet Access Providers) rather than full-blown ISPs.

If you introduce caching, then yes, you have to handle take-down requests and lots of other pain.

But you do make a good point that this probably isn't something any sane person should want to do without on-staff legal counsel. :-D

Re:Wrong

[pixelpusher220]

provider of online services or network access

I suspect you're right that the DMCA doesn't really adequately define these things. However, I'm fairly confident that legal precedent has said that end users are end users, even if they share their bandwidth with others by default.

Re:Wrong

[pixelpusher220]

Maybe so, but I would strongly assume that current legal precedent has said that an end user isn't a 'provider' of services and thus not eligible for the DMCA safe harbor protections.

Specifically your user agreement with your ISP almost certainly bans you running 'servers'; granted many in the tech industry may pay for upgraded service to do such things legally, but you're fighting an uphill battle me thinks.

Re:Wrong

[toejam13]

If proxy services are classified as service providers, expect that laws regarding logging and auditing be ramped up

With some fairly basic mixmaster techniques that will be useless as you can't tell which data belongs to which encrypted stream.

That has more to do with avoiding detection in the case of private proxy mesh networks.

If you were running a proxy service open to the public, such techniques would turn up during an audit and would result in revocation of your service provider status. The government could then hold you liable for the content passing across your mesh. They could then test the quality of your whitelists/blacklists by attempting to use your public proxy to access illegal content and then fine/charge you as they deem fit.

Even in the case of private proxy meshes, all the government would need to do is discover a leaf. They could then hit all nodes talking to that leaf, especially if they discover the leaf in the middle of an illegal transaction or are able to replicate the transaction. They might not be able to get the destination, but they can pick off the internodals in an attempt to discouraging others from doing the same.

You will have to outlaw it

You don't need to ban it completely, which would probably be unconstitutional in a number of countries anyway. Instead, give them the choice of instituting a clear chain of client+destination or require strict monitoring of illegal content, which generally does not enjoy constitutional protections.

Re:Wrong

[fredprado]

Maybe, IANAL and can`t go further than this in my arguments, but still the more fronts are opened the harder it gets for the AAs to keep going. Add that to the fact that to end points of the Darknet can be offshored and you create still another front.

Re:Wrong

The biggest problem is that in order to do this, you're going to need to still climb a legal mountain- you've got to pin the act at least partially on them. It's not enough of a perponderance of evidence to show that they might be infringing- you've got to show that they were infringing YOUR stuff for it to count. In a Civil case, even though you can show a perponderance of evidence and win, you STILL have to prove that you've got standing to be able to sue. And, you can get stuck with a bill and possible countersuit damages if the sued can prove you did it with knowledge that you didn't have it. Not having proof thereof at the moment you filed is, as often as not, sufficient for the counterstroke in these cases- it's just that most of the Lawyers on the defense side have either not been the sharpest tools in the shed or playing it just a bit too soft.

Re:Wrong

[AK+Marc]

Any store and forward switch or O-E-O regenerator is also "proxying" the data, making one or more copies of it in the middle, and nobody would think of going after them for infringement.

Re:Wrong

[shentino]

You see, there's this thing called selective prosecution.

Re:Wrong

Fat chance in hell it'll work out for the government/corporations. The US is not the world and there merely need to be a percentage of jurisdictions that don't mandate logging for anonymity to be effective. However the more jurisdiction where logging in mandated does mean it costs more to download because there are fewer users/intermediaries to hide behind.

Re:Wrong

which generally does not enjoy constitutional protections.

Indeed. The government is evil and hates speech it disagrees with, so things like that don't enjoy constitutional protections even though they clearly should.

Re:Wrong

[pixelpusher220]

Since they are getting closer and closer to actual governmental power, their resources may be larger than you might think.

Re:Wrong

[fredprado]

Fortunately they are not the only economical power and their interests are not universal among those that grab for political power. At the moment they are the strongest lobby, but as they grab for more power the tendency is that they start to piss off the wrong people, as happened on SOPA, for example.

Re:Wrong

[Jason+Levine]

They don't even need that. They just need "we'll completely financially ruin you after tying you up in court for months unless you take this settlement." Then the proxy users will be forced to choose between settling (small fine, no court battle, and never running a proxy again) or fighting (potentially huge fine, long court battle even if you win, and never run a proxy again if you lose). In other words, business as usual for the RIAA/MPAA.

Re:Wrong

[sverdlichenko]

Why the same logic do not apply for every router on the way?

Re:Wrong

AHAH! Then clearly the answer to the problem for content owners is to just sue all ISP's!

No, no, no. The answer is for large cartels of content owners to threaten to sue ISPs, then make the ISPs do their dirty work and help them catch end users.

Oh wait, they did that. And it will keep on going. The strategy for prosecuting any form of organized (or in this case, distributed) crime is essentially the same, whether its guns, drugs, human tracking, or Michael Bay movies:
1) Get the little guy who has his neck out but has done very little,
2) Threaten him with obscene penalties and loss of time and money until he turns on the bigger guy,
3) Go up the the chain like so until you encounter a non-human barrier to the next tier, then make that barrier a crime in and of itself.
4) Repeat.

This is not justice. This is not policy. This is not even law. It's enforcement. And that is a brutishly simple affair. There is no escaping it with clever logic, because it doesn't care about logic. It does even care about result. It certainly doesn't care about what's right. It just cares about running the mill until it runs out of grist.

Re:Wrong

Of course, if they push their files to my system, then I'm not downloading, am I? They are just doing a backup. And being a good friend, I'll need to verify their backup by playing some of them. Perhaps I can be even more helpful and tell them which files to backup.

I'm not so sure.

[Derekloffin]

Didn't they already try to sue the proxy user for something like this. You aren't off the hook legally just because you disguise who you are dealing with. All I see this doing is having them shifting from suing the download'er to the proxy'er.

Re:I'm not so sure.

[Unknown1337]

There are technicalities on both sides, but the idea of using proxies does imply a certain amount of expected of privacy (similar to using a vpn) which can be enough in some countries to have these lawsuits dropped or thrown out.

Re:I'm not so sure.

[icebike]

Didn't they already try to sue the proxy user for something like this. You aren't off the hook legally just because you disguise who you are dealing with. All I see this doing is having them shifting from suing the download'er to the proxy'er.

Plausible deniability. Probably not the best defense, because its still going to cost you lots of money to defend yourself.

However if ALL Bittorrent clients had proxying built in and turned on by default, and if none of them provided any logging, then plausible deniability could probably be used as a defense. But only if the provider of the proxy was clueless as to the proxy's existence on his machine. If you have to go out of your way to install a proxy your intent becomes pretty clear.

Anyone serving as a proxy would never want to retain any of the proxied material, and the proxies should be nominated by the server to specifically not use as a proxy any bittorrent client having any of the files that the server is trying to serve, and provide very little information as to the addresses or files flowing thru the wires.

Unless proxies were double or triple hopped, there is nothing to prevent honeypot proxies from being set up with deliciously fat pipes to trap all IP addresses and requests. Hmmm, now who would want to set up something like that. Let me think about that for a couple milliseconds.

Re:I'm not so sure.

[Grishnakh]

I'm fairly sure the reason using a VPN works is not because of any privacy laws; it's because your VPN makes your BitTorrent traffic go through a different country, usually a country where the MAFIAA has little or no legal power. When the MAFIAA agents find someone with a Russian IP address sharing copyrighted information, what are they going to do? Request the Russian ISP tell them who it is? And then go to the VPN company and demand they cough up logs showing which user in the USA was sharing that data at that time? (And this may not work either, if the VPN company doesn't keep any logs, and many users are aggregated though a small number of IP addresses in Russia.)

Re:I'm not so sure.

Unless proxies were double or triple hopped, there is nothing to prevent honeypot proxies from being set up with deliciously fat pipes to trap all IP addresses and requests.

Actually, his scheme explicitly addresses that issue.

Re:I'm not so sure.

The solution is in the configuration. Let the users blacklist proxies they don't trust. What honey pots?

Re:I'm not so sure.

The solution is in the configuration. Allow users to blacklist proxies. What honey pot?

Re:I'm not so sure.

[stretchplus]

Allow users to blacklist proxies.

Re:I'm not so sure.

[icebike]

How would you know a proxy was a honeypot?
You would have exactly zero clue about who owns that ip. If you did know, that would defeat the whole point of proxies since one arrested person could be forced into giving up the entire chain.

Swarm...

Use this set of 10,000 users to proxy and reproxy and re re re proxy the 0's.... And this set of 10,000 users to proxy and reproxy and re re re proxy the 1's...

Prove i assembled them into some sort of file.

1's and 0's are not special. I don't care what pattern they eventually make. It's not aginst the law to move them around.
Or it shouldn't be... BECAUSE THAT IS FUCKING STUPID!

Re:Swarm...

[qbast]

Here is even more radical idea: all zeros and all ones are the same anyway. So let proxy users send you just one 0 and 1, then you can duplicated them as needed and assemble (or not) into some file. Think about bandwidth savings - not matter how long is the file, it can be sent in just two bits!

Re:Swarm...

[farble1670]

the 1's and 0's aren't anonymous, only the ultimate source of the 1's and 0's. every one or zero sent to you through a torrent must still have the information describing in which part of which file it it belongs.

Re:Swarm...

the 1's and 0's aren't anonymous, only the ultimate source of the 1's and 0's.

That's an inherent contradiction. Ultimate source has no meaning in this context. The message (the 1's and 0's) is not anonymous, except for where it came from? *facepalm*

every one or zero sent to you through a torrent must still have the information describing in which part of which file it it belongs.

Not true. Any encryption applied, obscures the message (every one and zero). Talking about the current common case of torrents is easy, but really just navel gazing. Only the lack of any legal action is preventing better security practices. That will be corrected in time.

Re:Swarm...

[farble1670]

Prove i assembled them into some sort of file.

so basically, your argument is that the law has to prove that you have assembled the ones and zeros into the illegal copy for it to be a crime? that's not what matters. when you SENT me bit N, you told me that it's bit N of The Latest, Greatest Movie. whatever you send must have included that meta data, or the one or zero is useless to me. you didn't assemble the file, you just transmitted the description of how to assemble the file.

by that logic, why don't you just encrypt the file and send with it the encryption key. no problem right? what you transmitted was just scrambled bits, not an illegal copy of a movie. never mind you transmitted the key to descramble the bits. good luck with that.

Not true. Any encryption applied, obscures the message (every one and zero).

encryption has nothing to do with it. obviously it's only encrypted in transit. it has to be decrypted at every client otherwise it's garbage. you now how torrent pirates get caught? the MPAA (or their agents) connect to well known torrents of their movies. they record the IPs that send them data. the only thing encryption might do is make it harder for say an ISP to bust you by watching the packets go through their network.

The nuclear option

[benjfowler]

I have a feeling this is a nuclear option.

If this is implemented, then pro-copyright extremists will argue that running or using a proxy is prima facae evidence of criminality and then lobby hard to make it illegal. Result? Anybody with a legitimate (or illegal but ethically necessary) reason to use a proxy will lose out.

The OPs' hope that the pro-copyright extremists won't fight back hard, with legislation to ban proxies, or force China-style "real ID" laws on Internet users, is naive at best, and ultimately, dangerous.

Re:The nuclear option

[Derekloffin]

While they may indeed lobby for such, it actually already is illegal. If you copy the data, you are infringing copyright, even if you don't keep the copy. Only reason the ISPs don't get hit with this as is is the DMCA protects them.

Re:The nuclear option

[fredprado]

But that is the idea. The only way that has any chance of wining the fight is by forcing them to take more and more extreme measures until enough people are pissed with them.

Re:The nuclear option

Unless the protocol were designed such that you can't read what you relay.

Re:The nuclear option

[icebike]

If you copy the data, you are infringing copyright, even if you don't keep the copy. Only reason the ISPs don't get hit with this as is is the DMCA protects them.

But is merely accepting a packet and sending it on actually a copy? It you retain nothing that was sent thru your proxy, how can there be a "copy". Like unknowingly passing a counterfeit dollar bill, its arguably not a crime.
No one claims that Viewing a Movie that you purchased on a DVD constitutes copying even though we know the data is copied thru disk buffers, cached in ram, sent on to video buffers and displayed on the screen.

Proxies would / should be chosen explicitly to exclude those already seeding any of the files being sent through them.

But unless these were triple hopped, with the selection of each hop not under control of the proxy, it would be easy for big-media to set up honeypot proxies to gather IP addresses and build a map of all proxies. Sooner or later over time they would find both the sources and the sinks.

If you allow each proxy to choose the next proxy, a honeypot could capture the entire traffic flow in no time.
If you allow only the Server to specify the proxy, a honeypot proxy would gather all servers in short order.

Re:The nuclear option

[nabsltd]

As other people have posted, it's not infringing to "copy" the data as part of the network transmission, and the part of copyright law that says it's not infringing wasn't part of the changes that are commonly referred to as the "DMCA".

So, although TFS has some horrible errors when describing the current bittorrent protocol, there could be changes made to it where every node becomes a proxy for torrents that the node isn't actually uploading/downloading. This means that a honeypot set up by the MPAA would get the IP address of a machine that was proxying the data to it, not the actual machine that did the uploading. If the proxy program is separated from the bittorrent client, then you get true deniability, as anybody could run the proxy program to pass torrent data, even without ever running a bittorrent client. I would suspect that like VPS seedboxes today, you'd have VPS proxy boxes with high bandwidth that don't run any torrent software.

Re:The nuclear option

[Grishnakh]

Sorry, I don't think that's going to help you. If you transport and/or sell drugs, you can't put it in sealed envelopes and claim that you didn't know what you were selling or transporting. Even if you really didn't know, and you were just acting as a courier for someone else, you're going to prison for transporting contraband.

Re:The nuclear option

[Grishnakh]

From what I've seen of the law, courts do make allowances for the "you should have known" factor, or what they call "reasonableness". If someone gives you a sealed envelope full of cocaine and tells you to deliver it to some person, and you get caught by the cops, guess who's going to jail? This is called "aiding and abetting"; you might get less time if you were someone else's henchman, but you don't get off scot-free just because you didn't open the package to see what it was. You're not like Fedex, which delivers millions of packages a day and can't be reasonably expected to check every one of them for contraband; you're a single person, delivering a single package, and the whole thing is suspicious: why isn't that person just sending the package by Fedex instead of asking you to hand-deliver it?

Re:The nuclear option

[snadrus]

Read about Onion routing

Re:The nuclear option

[orgelspieler]

The only way that has any chance of wining the fight is by forcing them to take more and more extreme measures until enough people are pissed with them.

ha ha ha ha ha! I can't even get my wife riled up over not being able to fast forward through the previews on purchased DVDs. Probably 95% of people just don't give a shit about this stuff. The only reason people learned about SOPA was because of the blackout.

TSA, warrant-less wiretapping, extraordinary renditions, seizing domain names, convicting weev, DUI checkpoints, etc. There is no such thing measures extreme enough for people to be pissed. And even when we do get pissed, we get a month long OWS movement that accomplishes absolutely nothing. As long as we get our reality TV and 99c value menus*, the vast majority of us just don't care. And it's not just America. Look at Australia or Italy for some equally bizarre and draconian measures that sneak by under the public's noses.

* - We will see if the NY proposed ban on big soft drinks will run afoul of the 99c value menu rule, or if even that will be ignored by our chubby populace.

Re:The nuclear option

That's the point. Criminalization hurts legitimate use. It should. Overcriminalization is a problem.

If they ban proxies they can no longer get work done. At least not by any competent or qualified tech in certain domains.

I'm a backend web dev, I fire up a proxy a couple dozen times a day.... legitimately. At any given time I almost always have at least one plain old socks5 going through two SSH reverse tunnels as a way to simulate a laggy connection in a browser. It tends to catch a lot of crappy frontend or design problems quickly -- things like one-second timeouts on AJAX.

Usually it's to (about in this order)
  1) Demonstrate to an inept dev how crappy their performance will be off site (usually over IRC)
  2) Debug an HTTPS session
  3) Listen to pandora (OK, not the most legit)

  4) Install a local caching proxy behind select portions of a webapp as a quick 'hotfix' to speed things up when there's a fire and it can't be rewritten correctly
  5) as a sort of 'local log analysis' tool to get me a quick overview of remote traffic and what files are a good candidate for CDN hosting or fixing e-tags on.

If they outlaw proxies, only criminals will have proxies!

And in all seriousness, only fairly skilled webdesigners or people with a nice budget will have fast sites.

Re:The nuclear option

[fredprado]

The best way to guarantee that things will go down the drain is to admit defeat even before starting fighting. People like you would go willingly to the abattoir because you'd think it is useless to fight for your life.

There are times when things do go right, and is all but impossible to predict how things will go until they actually do. Giving up without even trying is defeatism and it is the only assured way to fail.

Truth is SOPA block worked, because, regardless of the motives people got pissed enough, and it will happen again. As the few who want to absolutely control content press for Internet control, not only end users start to get pissed, but other powerful interests, whom a lot of people follow, like Wikipedia and Google in the blackout, for example.

Not all economic interests always converge. That is why we do not have slavery anymore, that is why we use cars and not wagons, etc. In their fight for control the MAFIAAs will alienate more and more a lot of powerful people, and soon enough they will become so troublesome that they will be more trouble than they are worth it, and their heads will end cut.

Re:The nuclear option

Pro-copyright people won't fight back hard; that would be suicide. Big moves that piss off too many people will cause backlash and people will be quick to drop DDOSing and combine "Anonymous", "Bitcoin", and "Crowd-funding" to put an assassinations platform together. Instead, pro-copyright people are slowly eroding freedom/rights online. History teaches us that these salami tactics are a great way of molding societies.

Re:The nuclear option

[c0lo]

then pro-copyright extremists will argue that running or using a proxy is prima faece evidence of criminality and then lobby hard to make it illegal.

FTFY (true, the correct fix would have been prima facie, but I still feel the chosen alternative better describes the quality of such an argumentation).

Re:The nuclear option

[santiagoanders]

Wow, the US postal service has a lot of shit to answer for.

Did you not read the part where the courier did not know the ALREADY sealed envelope had drugs?

Re:The nuclear option

[Grishnakh]

The USPS handles millions of packages a day. The drug-carrying courier handles a few, most with contraband. Law enforcement is not going to give him much of a break because he supposedly "didn't know" what was in the sealed envelopes.

Go ahead and try it for yourself: set up a new courier business delivering drugs from a dealer to customers, and then just make up some legalese that you don't examine the packages, and getting the dealer to "agree" that none of the packages contain anything illegal (wink, wink). Then see what happens when you get busted for transporting controlled substances. Hint: you are not the USPS or Fedex, and you won't be treated the way they are.

Re:The nuclear option

[santiagoanders]

And if millions of people use this proxy service, who are they going to bust for piracy?

Re:The nuclear option

Except drugs are criminal, copyright is civil.

Re:The nuclear option

[Grishnakh]

Millions of people aren't going to use it. How many people use BitTorrent now inside the USA? A bunch, sure, but not millions. And what's happening to them? The MAFIAA is happily suing them en masse, and making a bunch of money getting them to agree to $3k settlements.

This proxy service isn't going to change anything. Instead of a bunch of people getting sued because they were seeding copyrighted material, you'll have two groups of people getting sued: people relaying copyrighted material, and people seeding copyrighted material (because, after all, the MAFIAA is going to set up operations to act as both downloader and proxy).

The only way to be really safe is to use a VPN service that routes all your BT traffic through a country where the MAFIAA is totally unable to legally force the VPN provider to reveal your identity.

Re:The nuclear option

[Grishnakh]

Not exactly, not any more, thanks to the DMCA.

Also, civil is worse in some ways: the bar is much, much lower. They don't have to prove "beyond a reasonable doubt" that you're guilty, all they have to show is "a preponderance of the evidence". Basically, if it looks like you're guilty, that's good enough. And remember, in most cases they're not looking to go to trial (they just want to threaten you with that, and only do it to a few people like Jammie Thomas to use to scare everyone else into submisison); their real motivation is to get lots of people to cough up $3K to settle the case. Defending yourself in court generally isn't free, so most people just pay the $3K. Do you want to be the test case to see how well it really holds up in court? Jammie tried that, and look what happened to her.

Re:The nuclear option

[orgelspieler]

First of all I'm not admitting defeat. Second of all, "abattoir"? Really? We're talking about ISPs and video games, not extraordinary rendition and waterboarding (although even those things really don't stir up the populace either).

Third, you seem to be confusing the message and the messenger. I donate to EFF and ACLU just like a lot of people I know. So people like me are anything but willing cattle. My point is that you cannot afford to turn a blind eye to reality. And the reality is a paralyzing complacency has a pretty tight grip on most people. You have to understand, most Americans see us anti-RIAA/TSA types the same way Jon Stewart sees Alex Jones.

anomos?

[Dr.+Evil]

This sounds like anomos: http://anomos.info/

I was researching this weekend, I can't seem to find out if the project is still alive. It looked well designed in 2010, and I'm not sure if it's using the Tor network (bad), or just the Tor protocol for its own network( good).

Re:anomos?

[WuphonsReach]

Sounds a lot more like "Freenet". And you'll run into the many of the same issues with Freenet as you'll run into with this new proxied torrent system.

Re:anomos?

[mvlmvl]

This sounds like anomos: http://anomos.info/

I was researching this weekend, I can't seem to find out if the project is still alive. It looked well designed in 2010, and I'm not sure if it's using the Tor network (bad), or just the Tor protocol for its own network( good).

It's different enough from both. How do i know? I wrote a thesis on this in 2004 including a prototype implementation from which this is an executive summary (if not a full on plagiarism)

Re:anomos?

It was using onion routing, but not the Tor network. As for whether it is still alive, I'm not sure. Always liked the idea, but it never got off the ground.

Seedboxes...

[ccguy]

Seedboxes have been around for years, they solve this problem too.

Re:Seedboxes...

Only to a point: one can sue the seedbox provider for the necessary data (or enforce takedown in a similar way).

Re:Seedboxes...

Solution: Use a seedbox provider that doesn't keep logs. They get taken down, you're safe.
Or use a vpn for downloading that, again, doesn't keep logs.

Doubt that'll happen

[Todd+Knarr]

What'll happen is the studios will continue to sue and subpoena the information for the machines that they see connecting to the torrent. They'll argue that it's the owners of those machines responsible for any use of their machines by others. They'll continue to use these tactics as long as the courts make it cheap for them to file and lose. That won't end until the courts start ruling that the studios know they don't have grounds for these suits and start dismissing them with prejudice and sanctioning the plaintiffs without a defendant having to do anything. Maybe the courts starting to refuse to let the plaintiffs withdraw their claims after a defendant's responded, forcing the plaintiffs to face an adverse judgement and sanctions, might stop them too, but my money's on the studios in that case betting that too few defendants will have the resources to gamble on winning that show-down.

Re:Doubt that'll happen

The question that will be addressed by the courts will be "does this technology have a valid use independent of piracy?" (c.f the legality of the VCR, and the associated legal battle). If the answer is yes, then the courts will almost certainly allow it. However, if we cannot muster some explanation for why files should be transmitted at essentially 2.5x their original size that is not simply to evade legal obstacles to pirating, the courts will look very disfavorably at this, probably calling it something like "willfully assisting mass distribution of copyright infringing material". Fundamentally, the author is trying to solve a [x] Legal problem by technical means.

Re:Doubt that'll happen

[buswolley]

Anonymous freedom of speech fliers.

And I have a...

And I have a gun in an unlocked box, loaded of course, in my front yard with proper signage if I ever need to use it. No one would ever touch someone else's gun with ill-intent would they?

Re:And I have a...

[ub3r+n3u7r4l1st]

Good. That tells criminals where to get free guns.

I don't see how you get to "plausible deniability"

[SirGarlon]

All the studios need to do to quash this idea is to successfully argue in court that volunteering to act as a proxy host is comparable to hosting the file yourself. That does not seem like a hard argument to make. Don't the copyrighted bits have to pass through the proxy host's machine? That sounds like "distribution" to me.

Yet another half-baked idea from frequent contributed Bennett Hasselton.

Re:Please think of the children.

Pedos are already using Tor and Freenet to exchange their filth online. I suppose they might take advantage of it, but I don't think it's nearly as safe as Tor or Freenet are for staying anonymous.

What I would worry about is having my IP associated with child pornography, terrorism, or whatever due to proxied content being chained through my home connection. People have been raided for hosting Tor exit nodes before.

Too long, did NOT read

Torrenting is good for the net though

3.5 times more people sued

This just seems like a great way to have 3.5 times more people sued for being 'accessories to copyright infringement'.

Let's just assume the 6 strike is very real threat

Maybe someone creates a malicious software targeted @ Verizon customers.
It would download RIAA monitored torrents at very low bandwidth in order to be unnoticeable to the average user.
It could download at least 6 torrents in 1 month which would result in disconnection of service.
Lets say the attackers have a database of Verizon customer e-mails and a good method for exploitation of Windows O.S.
Seems like one could put Verizon out of business if they are so keen on upholding their 'Six Strikes' plan.

Idiots

[viperidaenz]

The only thing that's going to do is make the industry sue internet users for simply running p2p software, regardless of what they download with it.

That, or they'll have an internet tax created, so every ISP needs to pay the media industry protection money for each user.

And by "solve the problem"...

[TheSpoom]

You mean make everyone responsible for everyone's downloading. You wouldn't be eliminating the lawsuits, you'd just enable them to sue everyone who was in the proxy pool, for much higher amounts than they can even now.

They don't care if you actually watch the movie

[nedlohs]

or play the game or listen to the music you downloaded. It's the making and distribution of copies that is the "problem".

So they'll just go after the proxy runner who has both downloaded and uploaded the copyrighted content.

Congrats on dumbest idea for the day though!

"but as long as it's not against the law to proxy"

Then it will be against the law soon enough.

What am I missing?

[mcmonkey]

This sounds too much like, "it's OK to rob a bank, because you're just taking the bank's money. You're not stealing from any people."

the ISP can quite truthfully claim that they don't have any hard evidence to disconnect any particular users or turn over their identities

Does it work that way? I mean, my ISP can tell I'm sharing something that under current law I do not have a right to share. Is my 'get out of jail' card really as simple as, yes, but I don't know who I'm sharing it with?

On the other end, my ISP can tell I'm downloading something that under current law I do not have a right to download, but it's all good, because no one can say for sure who I'm downloading from?

To go back to the bank robbing analogy--and I don't mean to equate copyright infringement with stealing,but--let's say I bust my way in to a bank, crack open the safe, and the next day money is missing. Would I feel comfortable going to court with the defense, "yes, I got in to the bank, and in to the safe, and the money is missing, but you can't prove I took the money?" I don't think I like that defense.

So in this case, "yes, I uploaded your movie, but you can't prove who I uploaded it to." I don't think so. I also don't think not being able to prove who received the bits I sent is the same as not being able to prove that someone received those bits.

Re:What am I missing?

[cdrguru]

There was no effort to identify who Jammie Thomas uploaded files to, only that she made the files available from her computer for others to download. I don't see that changing anytime soon, so identifying who the downloader might be is unimportant, only that there are files being offered for download.

I also tend to agree that No Good Can Possibly Come From Piracy. I have seen plenty of justifications like the studios are making plenty of money as it is even with rampant piracy and the Star Trek justification - if we get rid of revenue everything will be free. Unfortunately what we are seeing is the "early adopter stage" still with piracy. It is somewhat more mainstream than it was five years ago but overall Internet speeds are increasing worldwide and that makes piracy faster and easier. We are educating children that there is no need to pay for anything on the Internet and I think the lessons are taking hold. This means we will see piracy being more and more mainstream. So when do studios decide there is no longer enough revenue to even bother with digital distribution? As a bulk of the material on The Pirate Bay is digitally recorded OTA and satellite broadcasts, what happens when it is decided there just isn't any point in putting this stuff out for the pirates to grab? I think the point comes when broadcast ad revenues drop to the point where it is clear that "popular" does not result in revenue - just pirate viewers.

Is the answer to this that the Internet comes with a fee for getting access to all that content from studios? I don't think so - because the Netflix model doesn't begin to compensate studios as is easily seen by the Netflix content selection. Nobody is giving Netflix anything that could have any other revenue stream associated with it - Stars pulled out because even as a cable channel they were getting more than Netflix could cough up. No, a subscription fee isn't going to cut it. And comparing it to the media tariff is pointless because none of that has ever been distributed to anyone.

Re:What am I missing?

[ultrasawblade]

(I'm not sure I entirely agree with this statement yet but I'm just putting it out there)

What happens is that media production stops becoming a viable industry and a vehicle of corporate cultural oppression tanks with it. The entire notion of manufactured popular culture and its method of control over people dissipates. Movies, music, stop becoming things for mass consumption, a relic notion of an industrial-revolution-scarcity mindset and become personal, meaningful again. People really want something in music or movie form, they make it, or pay someone to make it directly. Less people consider musicianship or movie production as valid careers. So music and movies don't disappear, but become things people want to do because they want to do, or commissioned.

Re:What am I missing?

[Americium]

Except there's actually no money missing at all. Copying something digitally is completely different that stealing something of scarcity, it's absurd to compare the two.

Stealing your food means you can't eat, copying a digital picture you have doesn't affect you at all.

Re:What am I missing?

[Americium]

Itunes and google music and Amazon music exist because of Napster. Sure they were almost a decade late, and it's completely their own fault for not having competition to Napster, but now more people use them for music. It's still cheaper to go rent a physical DVD from a Redbox than to rent one online, that's absurdity. Without piracy the monopolies will continue to abuse the customer, and with piracy, they might abuse them somewhat less.

Re:What am I missing?

[thunderclap]

If that happens then it will simply disappear. People are inherently lazy and miserly. However, its to eazy to control people with entertainment so this will never happen. What needs to happen is the concept of acceptable losses. Those that refuse to pay, would have done so to begin with, Those who do so allow it to continue.

Re:What am I missing?

Lets say for arguments sake that the movie/music industries have already decided that it is no longer viable to create works as they instantly become available free on the internet. Lets also say that the agreement to no longer create starts tomorrow. Can you honestly tell me that there isn't already enough content to keep you entertained for the rest of your life?

At the moment there already is too much content to consume as it is. The tv/movie/music industries have an insatiable need (greed) to push more and more content down the throats of people, it is impossible to keep up with even 10% of the content (unless you are unemployed/retired). The point is when is enough content enough? I wonder for example in the future you'll decide to forgo film/tv/music entirely and start enjoying the splendors of the "great outdoors" instead only to be informed that you are not contributing to the great and honorable film/tv/music industry, cease and desist your current endeavors and get with the program or else.

Re:What am I missing?

[stretchplus]

The movie industry is currently making its most revenues at any given time. 'Piracy' is at an all time high. I just 'FUDged' my pants

Re:I don't see how you get to "plausible deniabili

> All the studios need to do to quash this idea is to successfully argue in court that volunteering to act as a proxy host is comparable to hosting the file yourself.

Proving a message is part of a larger coordinated effort is not a solved cryptographic problem. Intent to proxy simply hasn't been attacked in court to show how futile that effort is. The problem space is wide, so don't worry your little head about it.

Math fail

a little math shows that the length of the average chain is 3.5 nodes

The average length of such a chain is 2.5, not 3.5

(defun p (n)
    (let ((p 0.4)
                (l 1)
                (tot 0))
        (dotimes (ii n)
            (setf tot (+ tot (* p l)))
            (setf p (* 0.6 p))
            (setf l (+ 1 l)))
        tot))
(p 100)

Re:Math fail

s/setf/setq/g to run in emacs.

Hush Bennett!

[briancox2]

This is the kind of talk that will spur DMCA2. Where only authorized computers with sufficient limitations, forced ISP activity reporting and government backdoors will be allowed to connect to the internet.

Because the current markets and business models developed around our old IP laws are more sacred than the natural development of technological innovation.

Re:Hush Bennett!

[Mike+Frett]

You already have Government backdoors in ahem...a certain OS I will not mention. Some ISPs have logging software that they give to the Government and they search for keywords etc. We are already being monitored, now it's time to figure out how to weasel out of it.

I do agree with you, if for some reason the RIAA and MPAA were locked out of our activities, they have the power to lobby and succeed in getting new legislation passed. That's the problem with some countries, we have allowed big corporations to take over absolutely everything and dictate what we can and can't do.

Re:Hush Bennett!

[BLKMGK]

oh bullshit. Citation? Anywhere? FUD...

Casting a vote against fun?

[CCarrot]

When you refuse to pay for movies, you're casting a vote against fun, big-budget movies that are made for the purpose of getting lots of people to come see them and enjoy them, and instead voting in favor of excruciatingly boring low-budget films that are made primarily so that the director could whine that the cheese-puff-snarfing American public wouldn't know great art if it bit them on their big bloated behind and subsequently didn't even buy enough tickets for the director to pay off the lien he took out on his Honda Civic to get the movie produced.

Firstly, this.

Secondly, I'm casting a vote against not being able to use the media I purchased in the manner I want, on whatever device I want for as long as I want.

I buy DVDs (okay, usually on sale) and rip them, because all of the legal digital versions available suck lame sauce in terms of DRM crap. If I'm feeling too lazy to rip it myself, I have no compunctions about grabbing a torrent.

In conclusion, I would like to refer you to this handy illustrated guide.

Oh, and this one too.

Re:Casting a vote against fun?

There is a mountain of evidence that clearly shows that peer-to-peer downloaders BUY MORE MUSIC AND MOVIES than non-downloaders. This whole 'you stole it' stuff is bunk. Sure, I may download a current show or movie if I am not sure if I'll like it, or if this week/month/quarter/year I can't afford to buy a copy. But, and this is a big but, for movies and music that I like and want to have around I buy the stuff! I also have a Netflix subscription for both disc and streaming and here's a for instance: I watched Ip Man on streaming. I liked it so I rented the discs to get the extra features and I liked those too, so I bought Blu-ray copies of Ip Man and Ip Man 2. I have a collection of ripped movies and TV shows, but I won't hang onto them for very long or I'll actually buy the ones I like. To blanket everyone who downloads movies, music or TV shows as a pirate is more than a bit disingenuous. Reaching back to what others have said repeatedly, if there was a legal means for me to watch the shows I want to watch when I want to watch them, I'd do it. But TV shows are often delayed to the Internet. Movies take forever or never to get into Netflix streaming or a month after street date for rental discs (WTF?!?!). So, the more roadblocks the establishment puts between me and the content I want to see and hear then the more I am going to do what I can to circumvent it and enjoy myself when I want the way I want with the content I want. Why have they still not gotten this through their thick, pointy heads? It's been more than a decade since file sharing started and they are still trying futilely to stop it instead of trying to find out why it's happening and fix their processes to match the market demands. It's just plain idiocy!

Re:Casting a vote against fun?

[CCarrot]

There is a mountain of evidence that clearly shows that peer-to-peer downloaders BUY MORE MUSIC AND MOVIES than non-downloaders.

Indeed.

Case in point: I recently discovered a great TV show called Leverage, got hooked, and wound up downloading every episode I could find and watching them in (almost) a non-stop marathon. And guess what? I also bought and gave away thirteen seasons on DVD to friends and family this Christmas (some only got Season 1 or Season 1 and 2, while others got all four available seasons). Community and Modern Family season sets were also popular Christmas gifts this year :)

I also received many of the titles on my Christmas wish list (thanks guys!), even though I pretty much had all of them pre-downloaded (and pre-watched :) well before Christmas out of sheer impatience. Now I'm ripping and replacing the torrented copies, and if the extras are any good (some of them are excellent!, some of them are *meh*), then I'll rip those too. And I will watch them on any of my devices that can play video, not just what and when and where the content industry would prefer I watch them...and so will any guest of ours while they are in our home.

On the other hand, my parents don't download, but probably 95% of their media is stuff my siblings and I purchased for them...after checking it out (usually at their request) and figuring out if it's worth the time and money for them. We usually get it right :)

Re:Casting a vote against fun?

[CCarrot]

There is a mountain of evidence that clearly shows that peer-to-peer downloaders BUY MORE MUSIC AND MOVIES than non-downloaders.

Indeed.

Case in point: I recently discovered a great new (to me) show called Leverage. I got hooked, downloaded every episode I could find, and watched them in (almost) a non-stop marathon. But then...I went and gave away thirteen seasons for Christmas to friends and family (some only got Season 1, while some got all 4 available seasons). Seasons of Community and Modern Family were also popular Christmas gifts this year :)

Many of the titles on my own wish list were under the tree for me again this year (thanks guys!), even though I had pre-downloaded (and pre-watched :) most of them well before Christmas. I am currently ripping them and replacing the torrented copies, and if the extras are good, I'm ripping those too. I will watch them on any device I own that will play video, instead of only where and when and how the content providers would prefer me to watch it, and so will any guests while they are staying in our home.

OTOH, my parents don't download, but about 95% of their media is stuff my siblings and I bought for them, once we've had a chance to check it out and see if it's worth the time and money. Or if they've had a chance to see a sample of something at one of our houses, and liked it :)

Re:Casting a vote against fun?

I Agree completely and will add:

I've been perfectly willing to pay for a stream or buy a DVD many times before, only to get hit with the "It's only available on DVD in Bangladesh" bullshit. If these assholes don't want their stuff "pirated" then perhaps the first fix is to make it available to everyone. How do I give them their money when they refuse to even sell me the damn thing because of the games they play between different markets? That crap is their fault not mine. I just wanted the &^%$# movie or TV show.

Availability and reasonable cost are the key items and the studios and music producers don't seem to give a crap about either. They are still stuck in their brick-and-mortar store, radio station distribution and TV franchise mentality. This is the era of the Internet. Put your crap out there for everybody and charge a reasonable fee for it and watch your sales numbers soar.

Idiots.

Re:Casting a vote against fun?

When you refuse to pay for movies, you're casting a vote against fun, big-budget movies that are made for the purpose of getting lots of people to come see them and enjoy them, and instead voting in favor of excruciatingly boring low-budget films that are made primarily so that the director could whine that the cheese-puff-snarfing American public wouldn't know great art if it bit them on their big bloated behind and subsequently didn't even buy enough tickets for the director to pay off the lien he took out on his Honda Civic to get the movie produced.

Firstly, this.

Secondly, I'm casting a vote against not being able to use the media I purchased in the manner I want, on whatever device I want for as long as I want.

I buy DVDs (okay, usually on sale) and rip them, because all of the legal digital versions available suck lame sauce in terms of DRM crap. If I'm feeling too lazy to rip it myself, I have no compunctions about grabbing a torrent.

In conclusion, I would like to refer you to this handy illustrated guide.

Oh, and this one too.

Why do you feel entitled to other people's stuff because they wont license it to you on your terms? Why not refuse to pay AND refuse to watch it, that's a crazy idea right?

To me this sounds a lot like a land owner offering to let you hunt on his land with an exception - only if you do not drive motorized vehicles over it - and then your response being to plow through it with ATVs doing whatever the hell you want without compensation because "he didn't let me do what I want", "it's not stealing", or "it doesn't cost him anything so it should be free".

Re:Casting a vote against fun?

Why do you feel entitled to other people's stuff because they wont license it to you on your terms?

Why do you feel entitled to a government-enforced monopoly? Why do you feel entitled to the ability to control what other people do with their own property that they bought? Why do you feel entitled to say that people don't truly own what they buy and instead say that they just bought a license? Why do you feel entitled to the ability to have information censored? Why do you feel entitled to be able to create restrictive legally binding 'terms' (which no one with common sense can say are like real contracts)?

My, my! Such a sense of entitlement you have!

That said, entitlement isn't "X is on ThePiratebay, so I'll download it." Entitlement is more like, "You should compose music for me for free!" Advocates of copyright and patents are one of the most entitled groups I've ever seen. They'll gladly hurt innocent people to get at supposed infringers (DRM, rootkits), gladly make everyone pay a tax on blank media, and gladly propose draconian laws. Even when they're not doing that, they feel entitled to monopolies and control over other people's real property.

Re:Casting a vote against fun?

[CCarrot]

Why do you feel entitled to other people's stuff because they wont license it to you on your terms? Why not refuse to pay AND refuse to watch it, that's a crazy idea right?

To me this sounds a lot like a land owner offering to let you hunt on his land with an exception - only if you do not drive motorized vehicles over it - and then your response being to plow through it with ATVs doing whatever the hell you want without compensation because "he didn't let me do what I want", "it's not stealing", or "it doesn't cost him anything so it should be free".

I simply require the right to use and manipulate my property how I see fit...just like I can with my purchased music and non-DRM eBooks (thanks to Baen and Tor).

Where is your outrage over people ripping their own music to mp3 (or flac or whatever) instead of shelling out again for a studio-created digital version? And paying yet again each time they wanted to move their music to a different device or convert the music to a different format? The studios certainly did not want to allow people to do that, but we just stopped buying their lame, crippled digital copies and went ahead and ripped our own from disc anyway. Yet the movie industry is fighting tooth and nail to prevent people from doing the same with their video...??

The difference between the music and the movie industry is that the music industry actually wised up (mostly) and read the writing on the wall. People wanted digital copies and weren't going to put up with their DRM bullshit, so they finally started offering their own uncrippled digital versions for sale...and made a killing. Yes, physical copy sales dropped, but the convenience, affordability and availability of mp3's more than made up the sales. Some brick and mortar stores may close...but there also used to be a lot more vinyl shops around. When technology moves forward, some get left behind.

I can't think of a single logical reason why the movie industry couldn't adopt the same model. Combat piracy by making your legal version more convenient to acquire (like iTunes for music) and at least relatively inexpensive. Okay, you can't really compete with 'free', but if it's priced at around the cost of a coffee at Starbucks for an SD version, people will go for it. Charge a bit more for the HD version...but allow people who sprung for the HD version to then create their own SD version, if they want (like you can recompress flac to mp3). Above all, don't try to restrict where and on what devices people can view the content!

To the movie industry: Host the digital files, give people around the world a chance to pay for and download them with ease and reliability...profit? I honestly can't see anything negative about this proposition. Your 'competition' on the torrent sites isn't going away any time soon, so why not try to benefit by directly offering people what they so obviously want? It is utterly baffling to me why they can't see this.

Re:Casting a vote against fun?

[CCarrot]

Sorry for the duplicate post, /. or my browser glitched on me and it looked like I had lost the first one.

Re:Casting a vote against fun?

What outrage?

Do whatever you want buddy, I can't stop you. Just don't take the moral high ground when not paying for something AT ALL, but using it anyway. Beyond that, such as _buying_ a CD and ripping it for personal use... well you paid for it, good for you.

Re:I don't see how you get to "plausible deniabili

This is useless because the big guys have at their disposal a nearly 100% effective method for converting even the purest forms of "plausible deniability" into "overwhelmingly costly deniability"

Doesn't work legally

Look, it's illegal to distribute copyright material. The ISPs can get away without liability as they have some kind of common carrier status, but USERS DO NOT. If users have copyright material flowing through their machine as part of a new Pirate Bay, they will be held liable for distributing it.

not a fix

[frovingslosh]

First let me say that I legitimately use Bit torrent and similar programs to download (and reshare) perfectly legal things like Knoppix and other open sores software. I have had to limit my use, being a victim of the AT&T monopoly I'm subject to the data caps even for my DSL land line, so no more leaving the torrent up for a month to help share new software after it is released.

I sure don't want my IP address associated in any way with crap like copies of the latest jar-jar movie from the hack who lied to us about Lost (illegal or legal copies). And I don't want my traffic to skyrocket to move that junk even when I didn't download it myself, just so some warez freaks can try to hide from the entertainment mafia. And if I chose to run software that knowingly routed such traffic through my computer, then I completely expect that the courts owned by the entertainment mafia would decide that I acted in collusion with the people who uploaded and downloaded the questionable files and that I was an accomplice.

Re:not a fix

[nabsltd]

First let me say that I legitimately use Bit torrent and similar programs to download (and reshare) perfectly legal things like Knoppix and other open sores software.

You should really see a doctor about that.

Re:not a fix

[frovingslosh]

You're picking on me for my (deliberate) choice of words amounts to a hate crime. After all, I'm a senile citizen.

Re:not a fix

[nabsltd]

I assumed it was an auto-correct gone wrong. It's not the funniest ever, but it was worth a chuckle.

Naive

[gtirloni]

would make it impossible for third parties to identify the source or destination of the file transfer.

Not even Tor can guarantee that unless other dozens of requirements are met. So, no.

would hopefully put an end to the era of movie studios subpoenaing ISPs

Erm.. no.

Verbify

[grumpy_old_grandpa]

Before we go ahead with any of this, could we please not "verbify" all the nouns? In other words, feel free to implement a proxy based p2p protocol or network, as long as you don't "proxify" it.

Re:I don't see how you get to "plausible deniabili

This is useless because the big guys have at their disposal a nearly 100% effective method for converting even the purest forms of "plausible deniability" into "overwhelmingly costly deniability"

Near-100% sure does stop those physical copies, amirite?

The Pirate Bay never served content files

[capedgirardeau]

Note that this still means that in order to initiate the download, the server S has to serve out the whole file at least once, to the first downloader -- and if the file is being distributed without the copyright owner's permission, then the operators of server S can be taken to court. This legal pressure was the reason that the Pirate Bay switched from serving BitTorrent files to serving magnet links, which enable users to download content purely from each other, without the Pirate Bay ever actually serving the content themselves.

This shows a basic misunderstanding of how BitTorrent works.

TPB never had any copyrighted content files on their servers ever. They served up .torrent files which were files that pointed to trackers for the content files being shared.

Now they use magnet files, which allows users to get .torrent files from other users instead of from TPB.

Re:The Pirate Bay never served content files

Slightly incorrect on 2 counts,

A) Now they use magnet -links-, not magnet files. The actual hyperlink contains all the info that your torrent client needs, somewhat like mailto: links.

B) To my knowledge TPB did used to run their own tracker in addition to the website.

Re:The Pirate Bay never served content files

And that is the reason why so much FUD is spread an blattant lies shamelessly lobbied.

TPB did not share anything illegal ever but lets make people believe they did.

It works even among "avanced users", think what is the effect among the average Joe.

And they say that I'm an idealist

[bill_mcgonigle]

You're going to deploy a technology that will threaten the profits of the corporations that can can get statutes enacted definining "securing for limited Times to Authors and Inventors" as "the entire life of the author plus 75 frikkin' years to an estate" - and you expect the government they own won't come down on you like a ton of bricks? You expect technical merit and plausible deniability to even be a factor here?

Please donate to the guy who's being prosecuted for kiddie porn for running a Tor exit node while you think about it.

Re:And they say that I'm an idealist

[Sigg3.net]

That last link of yours made me think about the Planka-org in Norway who are against paying for public transportation that is already paid by taxes and makes a profit.

Anyway. The members of this organization all pay a token subscription that funds anyone's "fine" from the corp, just get a receipt.

Analogously, imagine a log less VPN service whose proceeds all went to paying lawyers to protect said company.

Not a solution but a temp workaround, perhaps?

If you're stressing anonymity

[Sheetrock]

Then you want everything in the same encrypted network and the lion's share of the usage of that network to be legitimate. Although BitTorrent over TOR is currently abusive of the TOR network, it would be better to find a means of making BitTorrent tolerable to TOR (or vice-versa) than to create a separate encrypted filesharing network.

When this all gets tested in a courtroom, it is far better for an encrypted network to appear to be protecting privacy than to enable lawbreaking. The difference between the two is just how closely the type of data over the encrypted network matches the type of data sent over the unencrypted Internet. Better to encourage the use of TOR to everybody than to have one encrypted network for privacy advocates and another made 99% of pirates -- the latter service lowers the bar for legal decisions and laws to be made that can then ruin all encrypted networks in general.

This idea is a copy of my theses from 2004

This idea, all down to the length of chain and statistical calculation is described in my Master Thesis from 2004.

(sorry, the thesis is in russian)
https://docs.google.com/document/edit?id=1wRgj1VChUsbcdkQJcrEweW6ZsYtZJZVLelhejBhEL9Y#

--
Moshe Vainer
And here is the listing of the thesis in the university's site http://mocnit.miet.ru/do/2004.html

Error in TFA

[TubeSteak]

This legal pressure was the reason that the Pirate Bay switched from serving BitTorrent files to serving magnet links, which enable users to download content purely from each other, without the Pirate Bay ever actually serving the content themselves.

The Pirate Bay still serves torrents.

For a file with few seeders, the torrent is linked on the website.
Once the # of seeders reaches a certain threshold, the torrent link is removed.
BUT, the torrent is still on the server and can still be accessed if you take 30 seconds to figure out the formatting of the torrent names.

The top 200 torrents on TPB: https://thepiratebay.se/top/all
Here's the the TPB .torrent for the most popular file. It has 15,093 seeders and 22,038 leechers.
https://torrents.thepiratebay.se/8074715/WWE_Royal_Rumble_2013_PPV_HDTV_x264-FreaK.8074715.TPB.torrent

Seems like lazy coding on TPB's part.

Re:Error in TFA

[capedgirardeau]

It is worse than just the mistake about still serving up torrent files. He seems to think TPB actually served up the copyrighted content files..

Reminds me of a saying...

[MMC+Monster]

...A little knowledge is a dangerous thing.

I think someone just reinvented Tor.

Re:Please think of the children.

[SuricouRaven]

Freenet is safe from that: It's got no connectivity outside the network, so anyone able to connect to your node has to be familiar enough with the network not to make such an easy mistake. Tor exit nodes are the really risky things to run.

My thoughts on this.

[kurt555gs]

May I be the first to say, fuck the RIAA, MPAA, and BSA. And, the ISP's they rode in on.

Use math

[gmuslera]

Is rational to penalize people for sharing some of the digits of an irrational number? It could even be a known one, like e or pi.

Not how BitTorrent works

[blueg3]

Note that this still means that in order to initiate the download, the server S has to serve out the whole file at least once, to the first downloader -- and if the file is being distributed without the copyright owner's permission, then the operators of server S can be taken to court. This legal pressure was the reason that the Pirate Bay switched from serving BitTorrent files to serving magnet links, which enable users to download content purely from each other, without the Pirate Bay ever actually serving the content themselves.

Not at all. The person you're labeling as "server S" here would be more appropriately called the "initial seeder". Every individual that is participating in a swarm but has the entire torrent being shared is a seeder. The initial seeder is, generally, the person first making the file available. BitTorrent doesn't treat them any differently from any other seeder, though.

There are two kinds of servers in a BitTorrent network: a tracker and an index. The trackers are actually part of the BitTorrent protocol. They maintain a list of connected peers for each torrent. That is all. The indexes are not strictly part of the BitTorrent protocol. They are websites that are sources for metainfo files (".torrent files") and/or magnet links. Confusingly, The Pirate Bay runs both. The Pirate Bay website is an index. They also run trackers. However, neither indexes nor trackers ever possess or share any part of the actual data being shared. They store and transmit only metadata.

D1 is required at this point to share out the file for download, in order to earn enough "credits" to continue downloading from S.D1 is required at this point to share out the file for download, in order to earn enough "credits" to continue downloading from S.

This is often how it's described, but it's not true. BitTorrent's decision-making is local-only. A particular peer P1 will tend to deprioritize another peer P2 if does not receive pieces from that peer. (This is a "tit-for-tat" priority approach.) Peers don't communicate with each other about who's been sharing what. They don't communicate with the tracker about who's been sharing what. They receive no explicit instructions from other peers or from the tracker.

As for your overall idea, it seems like you're trying to out-clever the legal system. That's a dangerous path. It's more effective to have a system where the protects you want are guaranteed by the design of the system.

In other words, all P2P systems are doomed to reinvent Freenet, badly.

Re:Not how BitTorrent works

[goldsaturn]

You're more correct than the OP, in pointing out that The Pirate Bay only transfers metadata. However, The Pirate Bay hasn't run a tracker since 2009: http://torrentfreak.com/the-pirate-bay-tracker-shuts-down-for-good-091117/

Re:Not how BitTorrent works

[nabsltd]

The Pirate Bay website is an index. They also run trackers.

The Pirate Bay hasn't run a tracker in over a year (maybe longer).

At this point, TPB is nothing more than a very specialized version of Slashdot, where instead of getting submissions that contain links to other websites, the user submissions are links to interesting files that aren't hosted via HTTP.

Re:Too long, didn't read.

[mrops]

In theory this works, in practice, with average home user being lucky to have 5-10mbps down 1-5mbps up, this won't be worth it. I do see people talking about fiber to home, once we have and 100mbps internet connections, they we can possible revisit this solution.

Add to this crappy monthly bandwidth restrictions and you will be able to download one movie a month as rest of the bandwidth will go for proxying torrents for others.

One time Pads

When you are downloading multiple torrent files, you can simply say how a packet of file is computationally related to other. :-) like, i'm sending you XOR(Torrent X , Torrent Y). It's entirely possible that Torrent Y is an Ubuntu ISO torrent. :-) This is an excellent way to couple the proxy idea, and it works nicely as an Onion layer as well.

Coordinated adversaries and statistical deviation

We can safely assume that our adversary will control a number of servers, as such, a regression analysis based on the frequency with which a peer is reached will make the system vulnerable to legal attack.

If D1 (adversary) sees D0 (us) as a peer, D1 can only prove 40% chance that D0 is hosting the file. This is good, as it falls below the balance of probabilities needed in civil law.

If D1 through D20 (coordinated adversaries) see D0 significantly frequently than C1 through C20 do (adversary control systems not downloading the file), the adversary can probably reach the level of legal proof (hosting the file on balance of probabilities) from the statistical improbability of having a non-hosting D0 appear that frequently. This is bad.

Fortunately, as the number of users hosting the file and using the system increases, the number of adversary controlled machines needed increases. (I haven't done statistics in a very long time, but I suspect the rate of increase is logarithmic and related to the 40% number.)

Unfortunately, the adversary has nearly unlimited resources. A 40% direct transfer rate is a good starting number, but I'm not convinced it's low enough; but I think we can all agree that software like this is coming. Careful analysis will be needed to maximize 'legal anonymity' while retaining download performance.

Re:Please think of the children.

[v1]

you lose a lot of your ability to catch certain elements of "crime" when you introduce any form of anonymity. Anonymity will be used by people that want privacy, people that are paranoid, people that want to whistleblow, harass, defraud, threaten, etc. You will get the good with the bad.

Unfortunately, we seem to be headed in the direction that NO bad is allowed, so we are supposed to be OK with giving up all the good.

As a basic example, you can't punish or prevent all slander while allowing whistleblowing. The concept of allowing truly anonymous good behavior while preventing anonymous bad behavior is an impossible goal.

Normally one would expect "innocent until proven guilty" to take precedence and allow anonymous behavior while tolerating difficulty in catching criminals, but there are currently just too many well-funded groups with a stake that push the legislation in the other direction.

why do you keep calling it piracy...

...when you mean fair usage? most people i know just watch series and movies that have been already aired on TV, which makes it fair usage and the equivalent of having a friend record something for you on an old VHS recorder. i understand the movie industry gets pissed when people share movies recorded at the theater but seriously how many people watch screeners nowadays? we have to stop calling it piracy when what we really mean is fair usage, which btw is legal in most countries

Re:Please think of the children.

I think you're right about this. You *might* manage to defend yourself in court *if* you can convince a judge or jury both that the software was proxying someone else's connection, and that you're not a monster for enabling pedos in this way.

Even if you win, you will have already lost your career and all of your friends based on being accused of being a pedophile.

If you act as a proxy, you enable people who are doing terrible things to present themselves as you.

Pirates have other countermeasures too.

[SuricouRaven]

Anyone else noticed that movies are getting smaller? From 4.4GB for all 720p movies, 3GB-ish files are now increasingly common. Games too are abandoning the relic of the pile-o-rars in favor of more space-efficient schemes. It's the pressure of bandwidth quotas and the need to get back underground: Pirates are investing more time in compression.

Re:Pirates have other countermeasures too.

[ifrag]

The interesting thing about that is the quality has not really dropped by much, not enough to really complain about. I suppose it's due to more use of VBR and multi-pass encoding. I tried to set that stuff up once, it's a pain and (at the time) had a lot more bugs. I suppose it's finally getting a bit more usable.

Re:Pirates have other countermeasures too.

[SuricouRaven]

Multi-pass encoding actually went out of fashion in favor of quality-based encoding - crf on x264. It's as good as multipass (I know, I've tested it) with the one downside of not actually knowing how big your file will be until it's done.

I've been working for a long time on an extensive guide to getting the absolute best out of x264. It's a long way from done yet. In particular I've yet to run extensive experimental encodes on the subq parameter - common wisdom says higher is better, but I want to know more than that about it.

Re:Pirates have other countermeasures too.

Broadband speeds increase over years, and file trafficking therefore gets easier, faster and cheaper (for the masses). See the situation with mp3's, it was a pain with dialup but now it downloads in a second. Plus there are plenty of cheap terabytes to keep everything around. Anonymizers are popping up, foreign proxies and similar stuff (or sites like ex-megaupload/rapidshare where for a few bucks you can take as much as you can). File sharing will be on the rise again, certainly.

Think larger

Think larger guys... There's two aspects at play:

a) minimizing expensive links (eg JPAU, JPUS, USEU), where having one or more of the intermediate anonymous nodes being closer to the file requester would result in less data having to go over the expensive and slower international pipes
b) killing off "region locking", which is hobbling the "web"

Summary doesn't appear to understand BitTorrent...

[BLKMGK]

TPB never served up content, not ever, when it was serving up torrent links and has been pointed out they DO still serve LINKS. The "S" in his summary is typified incorrectly. In his example "S" is characterized as TPB, it's not. Instead "S" is the first USER who has submitted a torrent link to the TRACKER. The tracker never, not ever, not even once, passes any of the actual content information thru it. The Tracker simply tells the first person that asks for it how to contact the USER who has offered up the content - that's "S". This is a critical misunderstanding on the part of the person who wrote this IMO. What's weird is that the writer almost seems to understand it later in his writing but stating the TPB served up content pretty much screwed the pooch concerning his understanding torrents I think.

In addition, if I were a movie studio and a connection were proxied through a user's machine in the manner that he appears to be advocating rather than directly to a consuming user I'd still sue the proxy. My argument would be that the proxy did indeed download the content - and I'd be right. Never mind that the data was "just" passed along, I think an argument could be made that the proxy requested and received content and that no matter what was done afterwards I'd prosecute the proxy for having downloaded content. I might also attempt to find out who the originating user was who requested the content but I'd be happy prosecuting proxies because sure as hell after a few of them were coughing up tons of cash no one would be allowing their machines to knowingly proxy. It's for this reason that I won't become a TOR exit node or allow my WiFi to run wide open. Perhaps in those cases I could claim innocence, just as I might running this proxy idea, but the end result would be the same - financial ruin which is the example that the MAFIAA wishes to make in order to chill uses of this kind of technology. I happen to not be willing to take that risk with my current place in life. A very large part of his scheme rests upon the idea that a proxy isn't responsible for the data that passes through it, is that really solid legal ground? I'd argue not and proving yourself a proxy without declaring it openly, which would likely violate ISP TOS for most home connections, could be financially painful in any case. Does anyone REALLY want the Govt. kicking in a door and rooting through everything they own searching for this? Perhaps you're completely legal but I'd hazard to guess not everything they look at could be declared so once placed under a microscope, I'd prefer they stay out of home just in case.

That said, let's imagine a place where this was actually created. ISP already scream that Torrents take up a hugely disproportionate amount of bandwidth. What is proposed is a doubling or trebling (++) of that usage as the SAME bits get shuffled place to place in a bit of a shell game. Does this benefit the 'net?

IMO, there has to be a better way and I don't think that this is it. I wish I had a solution but from where I sit this sure doesn't look like a good one...

There's I2P and Freenet

Tor allows users to act as clients only which is good for them but not the network. There's other network models out there like I2P and Freenet. I2P (like Tor) allows for access to the hidden web and also allows for anonymous servers. However, I2P is better designed for services. There's also Freenet which is 100% decentralized and offers private networks and public networks at the same time. It's also has redundancy built in to allow the user to upload a file once and drop off. However, it is very slow and practically unusable for file sharing due to speed. However, it's designed around anonymity first.

Re:There's I2P and Freenet

[ultrasawblade]

I am surprised no one mentioned I2P earlier as it does things very similarly to how the writer describes.

Ultimately though, the solution is to stop giving people money who will turn around and use that money to enslave you, threaten you, or coerce you. A dollar not spent on the movie or music industry is a dollar spent for freedom.

Re:There's I2P and Freenet

You don't know what you're talking about. I2P, Tor and Phantom are able to be client and server. For that matter you even get an internal IP address if you know how to set it up. It all just works.
Freenet and Gnunet are just lossy file storage nets, not universal network transports where people work to keep things online.
All of the mentioned protocols work just fine without ever needing to interact with traditional clearnet services or hosts.
And you can donate your bandwidth as an internal node with no fear of being associated with any specific 'bad stuff'.
Because it's all encrypted and you cannot see it.

Re:There's I2P and Freenet

While these are valid ways around the problem ( and i have been pushing FN for a long time now ), as bandwidth caps come down it will squeeze these out of the picture.

stupid

All of Hasselton's "ideas" have been around for years prior to BitTorrent and they were explicty rejected when BT was created. Not just because Bram Cohen couldn't give two shits about pirating stuff but because untraceability kills performance and BitTorrent is all about performance.

Re:stupid

and that is exactly what all you fools insist on doing in the name of speed,
giving up your security in trade for a DL RIGHT FUCKING NOW. Lol :)
Think about it, do you REALLY need to see that movie right now?
Or can you queue it up on Monday and sit back and relax watching it
on Saturday, knowing all the while that THE MAN will never be knocking
at your door?

Oh yeah, right, I forgot, you're a bunch of impatient kids who must have it all right now!!!

Oh well, you get what you ask for then.

WHAT THE FUCK IS THIS?

This isn't news. There is no article linked to nor is there one summarized. This is some guy (Bennett Haselton) writing from the cuff... just writing whatever comes out of his head as it comes out... every little bit of it apparently... just typing away and posting it... here ... to slashdot... which he must have mistaken for his personal blog.

Anonymous torrenting already done

For those of you who obviously don't know and don't have a clue... this has already been done.
And I don't mean some weak *share app of the day either.
I mean cryptographically strong data networks.
It's called I2P, Tor, and Phantom. No, not Freenet, it's not a transport network.
With these nets, which can all speak to each other btw if you know what you're doing,
you simply load up all your torrents, connect to whatever tracker or index you want
and share away. No fear, no pain, pure freedom.
Yes, they are slower than clearnet, but with that comes the best security against
being tracked. And you cannot connect to the regular net. But when you look at all the
lawsuits and penalties and everything else, and then see that everything you want
is already internal to the secret nets, that is a very good tradeoff to make.
And finally, yes, you must give free bandwidth back to the network for it all to work
by running a internal node, no exit risk required.

I laugh at all of you impatient morons who, because you feel you have to have
some stupid file RIGHT NOW, continue to use clearnet and get busted instead
of waiting a little bit to be safe.

This will not stop anything

[Missing.Matter]

If you think this will stop anything, you haven't been paying attention to the litigation. Copyright trolls don't care if you did the downloading or not. Already, wihtout proxies they cannot identify who it was who did the downloading, as it could have been a friend, spouse, child, neighbor, or hacker... anyone who had access to the Internet connection accused of doing the downloading.

This proxy business changes nothing. The subpoenas and settlement letters are worded such that they scare you into settling. They say "Illegal downloads have been traced to YOU, the account holder" even when they have no evidence. And they say "We will name YOU, the account holder, in a lawsuit if you don't pay $X thousand dollars by next week." Nothing about finding the true perpetrator and executing justice. It's all about making a quick and easy settlement. Does it matter that there's at least a 30% (admitted by trolls) error rate with the current methodology? No. They accuse 100% of account holders anyway.

The bottom line is with the way clueless judges are granting out ex parte discovery requests from copyright trolls, if you pay the bills, and your name is on record by your ISP, if your IP shows up in a tracker that some troll is watching (or seeded himself), your name and address will be subpoenaed, proxies or not.

Anonymous OpenTracker on I2P

Hi. There is an OpenTracker on I2P. You are all welcome to join us there. Download and run I2P, read some docs and things, get your node running and set up to donate bandwidth to I2P. Then add the tracker to all your torrents and share away in perpetuity :-)

Re:Summary doesn't appear to understand BitTorrent

[nabsltd]

In addition, if I were a movie studio and a connection were proxied through a user's machine in the manner that he appears to be advocating rather than directly to a consuming user I'd still sue the proxy. My argument would be that the proxy did indeed download the content - and I'd be right. Never mind that the data was "just" passed along,

That "never mind" doesn't apply, as copyright law says that if you are just a transit, you aren't infringing. Otherwise, the MPAA could just sue everyone who has any sort of router, switch, firewall, or other network equipment. There is nothing special about being an "ISP" that prevents them from being sued for this...it's the fact that the transient nature of the data (even if temporarily cached) makes it by definition not infringing.

And, if this scheme was applied, you would see programs that do the proxy part without being a true torrent client, and they would be installed on virtual private servers all over the world. The only difference between this and a "real" proxy is that the exact proxy IP address isn't determined until you run the software and it queries the distributed database of available proxies.

.

Re:I don't see how you get to "plausible deniabili

All the studios need to do to quash this idea is to successfully argue in court that volunteering to act as a proxy host is comparable to hosting the file yourself.

Part of the whole point of the notice/counternotice aspect of DMCA, was to eliminate that very argument. ISPs didn't want for passing-the-packets to be legally equivalent to being the origin of the packets, so they lobbied for this and got it.

If the argument that you propose were to work, then nobody could ever safely host for others. e.g. no more geocities. ;-) Or Youtube. Or Amazon Cloud Services...

doesn't understand BT reinvents Tor

[0111+1110]

As has already been pointed out, the submitter doesn't seem to understand the bittorrent protocol. Three minutes with google would have sufficed for such understanding.

The scheme is not fundamentally different from Tor or I2p or ANts P2P in concept. The reason Tor/I2p/ANtsP2P BT swarms have not caught on and become dominant already is not because no one has bothered to write such an application or because they do not provide sufficient plausible deniability, but because all such schemes are inherently slow. Generally orders of magnitude slower.

For me and probably for many others the herd itself is sufficient defense against the copyright cartels. Those unlucky few at the edge of the herd will be taken, but the vast majority of the herd will go on torrenting. Since herd protection seems adequate for most people, any anonymizing swarm system will have to be sufficiently fast as to be able to at least compete with the swarms relying only on herd protection.

In order for that to have any chance of happening you would want to be able to match the upload and download bandwidth of every peer in a given chain as much as possible. All it takes is one dialup or badly asymmetric DSL peer to essentially sever the chain. Perhaps a small test file could be downloaded from each peer in the chain before assembling it. These speed tests would obviously introduce even more overhead, but I see them as a necessary first step in creating a usable anonymizing network. Another useful idea might be to be certain that at least one peer in every chain is outside the borders of the US before sending any data along it. Of course the best protection is an offshore VPN.

Re:doesn't understand BT reinvents Tor

[countach]

I suspect the system could be made fast by using the fact that not all connections must be a chain. The existence of chains provides plausible deniability, but SOME of your connections could be direct, just like current BitTorrent. So maybe there doesn't have to be any slowdown. Most of your download will come from direct and fast connections, just like now, but you also have some chained download packets too, for deniability. Maybe I didn't think this through enough, but there may be some solution.

This solves nothing.

This solves nothing.

A judge can dismiss all of these carefully-constructed technological workarounds with a quick wave of the hand. Judges care about intent, not about the technology in your tools.

People have been found legally liable when running a Tor exit node. This idea is nothing more than trying to make BT more like Tor. It might make BT a bit more resilient against liability in the short term, but it certainly isn't a final solution.

Anonymity is impossible in IP communications, by design. All you can do is try to obfuscate. In the best case, you might achieve an infrastructure where legal liability is statistically unlikely.

The problem is not technology

The problem is laziness not the particulars of technology. If everything is too global and too easy to find for those looking then it must also follow the same is ususally true of those looking to punish seeker/distributors or said warez.

If you want to avoid getting cought get a small set of friends and share your favorite stuff amoungst yourselves *directly* on this wonderful network of peers we call the Internet or god forbid hang out in "RL" and sneakernet.

If each of you have your own small list of friends the good stuff will percolate down to you and media companies will have no visibility into your actions. Contrasted with now where they and various TLAs and LEAs have pretty much 100% visibility into ALL torrent activity globally.

This is creating huge negative legislative pressures with Internet itself becoming collateral damage.

Non DRM music is available dirt cheap from amazon and other outfits, Netflixs and others are cheap or free and have everything.. it is increasingly easier to just go and buy what you want so I have less sympathy.

Accomplice.

This proposal will just get you sued as an accomplice of other people's thefts. There's no way I'm going to run a proxy for other people's misbehavior. If you're interested in doing that, I suggest that you run an open http proxy first. The principle is about the same. Have fun! Please update your post with which prison you ended up in.

Re:Summary doesn't appear to understand BitTorrent

[BLKMGK]

Seems simple to me - did the computer (aka exit node in TOR speak) request the file? Yes? Sue them into the ground. "Proxy" you say? Well, we'll sue you until broke anyway. This isn't the same as a router or switch, proxies are not infrastructure in the mechanical sense but are programs which in this case could be argued were being used to skirt the law. That is how a lawyer would likely attack this and truthfully they wouldn't be far off the mark. You want to risk your home, savings, and future income on a bunch of "peers" understanding your very thin point on this? That they wouldn't also pile on a metric crapton of other charges based on additional files on your computer "discovered" while looking for this content? That the warrant would be wide enough to snare that and more? Goforit dude! I'll watch from the sidelines on this one.

From the standpoint of the node they lay out there to snare others it will look like your computer, despite acting as a "proxy" requested the files and for that reason they will attack you just as they attack users now. From their standpoint you're guilty and in reality you will have asked for the file even if it was for someone else. Kind of like holding drugs for someone else, how well does that work out these days? When the smoke clears, even if found "innocent" somehow, I'm betting you won't be willing to cheer the victory too much. Been there, done that, got the T-shirt I'm sad to say...

Re:I don't see how you get to "plausible deniabili

[Farmer+Pete]

For this to work, systems would have to be proxies to files they don't own. Therefore, the 40/60% thing wouldn't work. How could there be a 40% chance that I'd be a proxy for a file that isn't on my computer? If I only had one file hosted, I could easily summarize that all computers connecting to me were in fact downloading that single file, even if they didn't get it from me.

Re:Too long, didn't read.

[fredklein]

I came up with this basic idea, like, 5-6 years ago. A little different with the details:

Each user makes available one or more 'proxy connections' of a given speed (1Mb/sec, for instance). Then, when they want to DL a file, their software connects both to a 'file tracker', AND a 'proxy tracker' (Which might be the same or different machines). The file tracker works like it does now, and the proxy tracker offers to the client as many proxies as the client offers it- the more you offer, the more you get, just like DL'ing- if you throttle your UPload, your DOWNload suffers for it.

Bennett's protocol is called OneSwarm

The protocol you describe is very similar to OneSwarm which is a peer-to-peer protocol based on BitTorrent in which you only ever connect to friends (with an option to grab a list of semi-trusted users from a server for worse privacy but so it will work without needing to know people who use the protocol). Their research covers most of the questions you discuss in your post.

Re:I don't see how you get to "plausible deniabili

Wouldn't that put pretty much any hosting company out of business?

Been done

[Cytotoxic]

The peering network proposed in this article was created more than a decade ago by Slashdot user Meridun. Built at a time of slow home internet connections and ISP interference with networks like napster and gnutella, his ELF (extreme low frequency) peering software was designed to be anonymous and untraceable by encryption and proxying of the entire peering infrastructure - including file indexes. The ELF reference was due to intentional throttling of each connection to avoid swamping the user's connection or the ISP. Since each user was proxying several connections while downloading from several other connections, overall performance was slow compared to Bittorrent when it arrived on the scene - but it was much better at preserving anonymity. And you could set your bandwidth usage to as high or low as you desired, so it wasn't really obligate low frequency.

It was an exceptionally cool idea. It didn't take off though. As far as I know it was only frequented by fans of obscure Anime that wasn't available outside Japan at the time. Not being a fan of obscure Anime that wasn't available outside of Japan at the time, I never used it myself.

Wow, the author really does a great job of remaini

Boring low budget movies? Really? If I hadn't been dead drunk when I saw the 2nd Underworld movie, I would have been out - either passed out, or walked out.

If piracy makes studios stop making Waterworld's battleship and the furious movies, I'll buy a parrot and an eyepatch.

Subject awareness

I don't suppose the author has read any of the articles or studies purporting pirates to be the largest [i]purchasers[/i] of content. Whether that is actually causal or just an unrelated correlation is irrelevant. Pirates do indeed buy more crap than the rest of us.

Only way this will work is

[Sertis]

If someone developed a botnet of proxying servers. As long as users voluntarily install tools that provide proxying services, the responsibility for its use falls on that user. However, if the proxying were the result of an infection by a recognized virus, then there's an argument that the user had no intention or idea that they were proxying material. Not that I'm advocating such an idea, but I believe that if proxied torrents become standard, someone will make such a virus.

Soooo

Fun ideas, but knowing how obstinate the adversaries have been regarding this type of thing, how long do you think it will be before they start accusing anyone connected to a particular server of conspiracy and racketeering thus incriminating and subpoenaing anyone that volunteers to act as proxy ALONG with the primary suspect. Sure the optimists will argue that guilty by association is not a fair measure of innocence, but can't it be argued that no-one (or at least a very small sample) would enable such a feature without the intent for mischief? And given that you only need to be guilty of a single charge to be bundled in with the acts of someone you have facilitated, wam bam RICO ma'am, everyone with the proxy feature enabled is an object of the court's scrutiny not only for downloading 1 infringing file but willfully enabling, participating, or facilitating the distribution of hundreds of files thousands of times by the entire swarm.

Meh...

I have not downloaded a movie in over 3 years. I watch EVERYTHING via streaming content. And this time of year is great with all of the DVD screeners coming out! HA HA!

DO IT FAGGOT!!!!

Stop pissing about what might be, just write the damn software. Shit or get off the pot.

Re:Please think of the children.

Also, you could slightly decrease that risk by only allowing HTTPS traffic through your exit node.

Re:Please think of the children.

[ohnocitizen]

This is a wonderful argument: With the crackdown on piracy, what other activities will society make harder to detect, punish, or prevent?

Re:I don't see how you get to "plausible deniabili

Sounds like TOR to me.

attack of the statistics

We can safely assume that our adversary will control a number of servers, as such, a regression analysis based on the frequency with which a peer is reached will make the system vulnerable to legal attack.

If D1 (adversary) sees D0 (us) as a peer, D1 can only prove 40% chance that D0 is hosting the file. This is good, as it falls below the balance of probabilities needed in civil law.

If D1 through D20 (coordinated adversaries) see D0 significantly frequently than C1 through C20 do (adversary control systems not downloading the file), the adversary can probably reach the level of legal proof (hosting the file on balance of probabilities) from the statistical improbability of having a non-hosting D0 appear that frequently. This bad.

Fortunately, as the number of users hosting the file and using the system increases, the number of adversary controlled machines needed increases. (I haven't done statistics in a very long time, but I suspect the rate of increase is logarithmic and related to the 40% number.)

Unfortunately, the adversary has nearly unlimited resources. A 40% direct transfer rate is a good starting number, but I'm not convinced it's low enough; but I think we can all agree that software like this is coming. Careful analysis will be needed to maximize 'legal anonymity' while retaining download performance.

Encryption

[loufoque]

Isn't encryption enough?
Why do you need to go through a proxy too?

Retroshare user liable for content

[witherstaff]

/. discussed this back in Nov. http://yro.slashdot.org/story/12/11/23/2312205/anonymous-file-sharing-darknet-ruled-illegal-by-german-court "A court in Hamburg, Germany, has granted an injunction against a user of the anonymous and encrypted file-sharing network RetroShare. RetroShare users exchange data through encrypted transfers and the network setup ensures that the true sender of the file is always obfuscated. The court, however, has now ruled that RetroShare users who act as an exit node are liable for the encrypted traffic that's sent by others."

Spartacus

[jellybear]

It just occurred to me that if you make sure each proxy only downloads/uploads a tiny portion of the file, then it'll be harder to sue any individual proxy for the whole amount of damages, and they'll have to pursue a large number of defendents for a small amount each. This could help unite people against unreasonable RIAA actions.

Proxy as a violation of TOS

Then it wont matter where its going/coming from. You are a member, you violated ( "aided" ). Bye bye Internet for you, and hello suit.

A Long Way Off From That

[Dangerous_Minds]

An interesting rebuttal to TFA.

One Swarm

Can't believe nobody mentioned it. http://www.oneswarm.org/

Tor onion routing bittorrent extension

[The1stImmortal]

Simple solution - extend the Tor protocol to allow directly addressing and reporting Tor Onion addresses, then include a TOR router set to relay with the main windows-based torrent apps (obviously linux based ones people can configure their own for), particularly uTorrent.

Then everyone wins - we reduce the load on exit points by torrenters, and we increase the number of internal relay servers, and all tor access gets auto-magically anonymized.

Was done by me in 2004

[mvlmvl]

After years of lurking on Slashdot, I finally was compelled to make a log in. Dear Mr Bennett, what you describe has been done before, by me, in my master thesis, and i even implemented such network as part of the master. I am stopping short of accusing you of plagiarism, but the similarities are striking, all the way down to the different length of chains occurring at different statistical probabilities. I unfortunately only have the thesis in Russian (in which it was written), but here is the link for those with Google translate skills: https://docs.google.com/document/edit?id=1wRgj1VChUsbcdkQJcrEweW6ZsYtZJZVLelhejBhEL9Y# I probably still have the prototype implementation laying around somewhere. I posted this comment as anonymous, but i guess being at 0 with a link to a non english page doesn't help get people's notice. The similarities of this idea to my thesis are so striking, that it sounds more like an executive summary.

Re:Was done by me in 2004

[Dr.+Evil]

In 9 years, you didn't expect somebody to come up with the same idea?

Re:Was done by me in 2004

[mvlmvl]

Yes, it's possible, which is why i am not necessarily saying it's copied from me. However, I freely discussed the idea with many of my colleagues, including when i worked in MS where Mr. Bennet works (same city and we share many connections on LinkedIn) and so I won't be surprised if the word spread enough in 9 years to affect his thinking even if he did not copy it directly. Beyond that, to get to that detail (chain link length, analysis of average link length etc) you would need to spend a bit more thinking than writing a page long summary in slashdot post, and yet there is nothing more, not a blog post, not a sourceforge project, nothing from the author of this slashdot blurb that shows he has been developing such system. I spent almost a year developing and refining this system, analyzing attack vectors and how to address them, and it sounds extremely unlikely to me that someone would follow exactly the same route, come to exactly same detailed conclusions without either spending much more effort than a slashdot one-pager or being influenced by other work.

how about...

how about people just stop illegally downloading shit? no?

Re:I don't see how you get to "plausible deniabili

The server could host multiple files and only it would know which one you were downloading. So the swarm could have 9 movies and 1 linux distro. Only the server would know who is downloading the movies and who is downloading Ubuntu. The users would also have no idea what content they are a proxy for. The copyright holders would not be able to tell that a given user was actually downloading or uploading their content. The can guess that they were uploading/downloading someones copyrighted content but that is not good enough to sue and win.

End ISP subpoenas? I doubt it...

[bwcbwc]

What's the non-infringing use of such an architecture? Without a "legitimate" use, this method could be argued as prima facie evidence of conspiracy to commit copyright infringement, and considerably raises the risk of criminal charges and government investigations. Not a good trade-off, especially for the owners of the proxy gateways.

Not really

[voss]

According to Holle he was drunk and thought his friends were joking and apparently had lent his car
to them dozens of times. The felony murder rule never really made sense. Murder under common law "the taking of a human life with malice aforethought.
Even a drunk driver has some reckless intent. Its such a convoluted logic that most other common law jurisdictions have repealed the felony murder rule.
Canada and the UK no longer have that rule and the model penal code doesnt have it.

Re:Not really

Canada and the UK no longer have that rule

Which part of the UK? You obviously don't know what you're talking about because Scotland is different.

In any case, if you lent him the car and you knew (or ought to have known) what he intended to do with it you'd be an accessory at the very least.

Freenet...anybody?

[Anon8---)]

The Freenet Project has been around long enough and provides anonymity in masses and secure data transfer. Maybe it's time to switch?

German law

has a concept called "Störerhaftung" which essentially says if you operate something which poses a legal risk, you are responsible for ensuring that the risk doesn't manifest itself. This is used widely to go after people running open Wifi networks, they're not liable for someone else's downloads, they are however rrsponsible for ensuring it doesn't happen again, meaning they have to sign a cease and desist contract (!) or an order by the court will be issued and they have to pay the copyright owner's legal fees (which is where, by illegal sharing models, how money is made with copyright violations in germany).

Except for the glaring fact

that they will just attack any proxy providing users who happen to be on their networks until they don't see them anymore.

Asynchronous!!! DSL

[sirlark]

(By contrast, in the peer-to-peer proxying model outlined above, every new downloader can also be made to act as a proxy for other users, so additional users don't slow down the system because they contribute as much as they take out of it.)

I know we're about 10 years beind the times here (South Africa) but most people here are on ADSL (max 20mbit, mode 2Mbit). While the speeds may be higher elsewhere in the world, it seems from other similar discussions that ADSL or Async cable is still the primary method of connection. So the quote above isn't true, every downloader is contributing only as much upload bandwidth as they have, which is a lot less than their download bandwidth, unless the protocol allows a difference in proportion, e.g. 1kb up gives you credit for 10kb down; either that, or its one-for-one, but that means your download speed is effectively limited to your upload speed.

Re:Please think of the children.

[jasen666]

The method being presented here would only have you proxying the actual files you are downloading yourself, not just any random thing.

Re:Too long, didn't read.

Is thread posting not working or do people just hit reply and type whatever is on their mind without looking at the post they are responding to?

I know that has always happened so that people can get to post closer to the top, but it seems to be much more frequent and less down modded.

Home Taping is Killing Music

That's what it comes down to, really. None of the downloaded files have the same value as the originals. They're like taped albums.

Antigua set to sell hollywood movies

[syleishere]

USA prevented Antigua from selling gambling, so they are going to sell movies/music online in effort to recoup their costs. Again, using VPN prob best way to go for downloading, RIAA and movie industry cannot fight every citizen on planet doing it and every other government. Its always been and always will be if people do not want to pay for something, they won't, concentrate on people that will pay. Been like this since software piracy days. For someone to issue a legal lawsuit against someone for downloading movie out of their house , someone invaded that person's privacy rights in order to do that in first place, the real lawsuit should be file against ISP that released that customer's information to a third party, a complete breach of trust.

Re:Antigua set to sell hollywood movies

[DirtyLiar]

The RIAA / MPAA (and the Right) will argue there IS no right to privacy, since it is not mentioned in the constitution.

The DMCA already made it legal for companies searching for copyright violations to break and enter your computer, while holding them harmless for any damage or data loss on your end, foreseeable or not.

Their's lots of ways to "not pay for something". Including not using it.

There is no assumption of trust, in the law, owed by a company to a human being, excepting medical information. Only the other way around.

pay the $2

[romons]

you don't own the contents of a DVD. You own the right to play it for yourself. The physical media is your license.

This obsession with piracy is stupid. The cost of most content is so low these days that you could not possibly watch what you can afford. So, STFU and pay the $2

It's already been done

This idea has been implemented several times over the years. The earliest and most successful anonymous network that I'm aware of is Ian Clarke's Freenet (freenet.org), which has been around since at least 2001. It implements an "uncensorable" distributed datastore, with all content encrypted and all node-node connections encrypted as well. All of the encrypted data traffic is proxied through a number of nodes. No individual node can decrypt the actual data that is being proxied, which is what provides node operators with plausible deniability. I don't know what the current state of that network is, but it used to be quite popular.

How the RIAA MPAA think.

[DirtyLiar]

1) Anonymizing torrent clients are not inevitable, and they will be treated just as share requirements were by users and programmers. They will write programs that LIE about what they are/have shared/sharing and who they've shared it with. And the MPAA/RIAA will continue to provide bad seeds and false packets, all of which will be harder to filter out because the sharers are anonymous.

2) If you think that creating a system that anonymously shares downloads creates plausible deniability for the downloaders, you haven't been paying attention. Creating anonymizing torrent networks will, in fact, create a whole new huge (and lucrative) group of co-conspirators for the RIAA and MPAA to sue for not just enabling the pirates to hide out in the crowd, but also actively participating in piracy regardless of what they've personally downloaded, simply because they've passed on packets of copyrighted materials. This isn't just raising your hand as a group when asked, "Who is Guy Fawkes?" This is helping to carry the dynamite to Parliament.

And the RIAA and MPAA will see this as simply another (though potentially much larger) revenue stream and tap it. Suing THOUSANDS of people for each file shared, since they were ALL involved in a 'razzel-dazzel', now you see it, now you don't, conspiracy to hide piracy.

Of course, the way the lawmakers have kowtowed to the RIAA/MPAA in the past, I don't see why they wouldn't be happy to assume that receipt of a single packet of copyrighted material as proof of membership in a "conspiracy to pirate / enable piracy". I also foresee the claim that simply having an anonymizing download client installed, or even simply in your possession, as proof of membership in a conspiracy to pirate. Remember, in the DMCA they made it illegal to CREATE tools that were simply capable of being used to circumvent DRM and / or copy-protection. Which brings up another, smaller, group of people to prosecute, developers.

Far from the piracy panacea the author sees, anonymizing clients will create more convicted criminals, and increase MPAA / RIAA revenues.