Spoofing P2P Networks as Marketing Plot 457
prostoalex writes "Salon's technology section talks about major music labels spoofing the peer-to-peer networks. The users of AudioGalaxy, Gnutella or KaZaa have probably seen a surge of fake MP3 files when conducting a search on a popular title. The MP3 looks legit, but contains a 20 second clip played over and over. Such promotional tracks were especially popular with newest releases, such as Eminem and No Doubt, as pointed out in the article. Who posted the fake tracks to the p2p networks? Could it be, as Salon suggests, a suburban mom, who does not agree with controversial lyrics, or would it be the label, trying to prevent piracy and promote the new album at the same time?"
CRC check? (Score:5, Insightful)
That way we don't have to deal with garbage like this, and also have a guaranteed, legit (so to speak), quality copy (at least at the said bitrate) to download.
Searching... (Score:4, Insightful)
is this bad? (Score:2, Insightful)
Good on them (Score:2, Insightful)
-a
---
The advantage of the GPL is that your customers can continue to maintain your code after you go bankrupt.
the price you pay (Score:5, Insightful)
Note, I'm not preaching about how you "shouldn't steal music" (see my rant [punitiveart.com] about what's wrong with DRM). I'm just saying if you get something free, don't bitch that it isn't perfect.
Salon says... (Score:5, Insightful)
"What you want to do is excite the consumer and titillate and create demand." He notes, however, that the "danger of try-before-you-buy" is that if a user doesn't like a previewed track, "then the industry and that record would have benefited from [that user's] ignorance."
Hmm. Now isn't that interesting.
So...
RIAA doesn't want Joe Consumer listening to the crap (Top 40 I guess) they release before he buys the album, because then he might realize it's crap and the RIAA is just liberating money from a fool.
OK, so let's go with that for just a moment here...
That means that what the RIAA releases as "today's hottest bands" are really just a bunch of second-rate hacks (not even first rate!) who've been blitz-marketed into every teenager's record collection. So, as Bono (right?) said on that VH1 special (paraphrased), "It's not casette copying that's killing the music industry, it's crap music killing the music industry."
Frankly, I think that has always been true.
What I want to know is... if the band is so unbelievably fantastic, why do they need all the heavy marketing? Sure, some marketing to appeal to the fence-sitters, but you don't preach to the choir.
So, the RIAA is spending billions to market Britney Spears to make us believe she's the best thing since sliced bread (or better yet, to make us think it more than we already do it seems), when Britney fans will buy the CDs anyways. And somehow they claim they're losing money here. Hmm.
All the word games, legal lunges, and slight of hand gets old after a while. Is anyone else getting a vision of the RIAA as another Ross Perot jumping in an out of the "race" all the while annoying us with lots of charts and a funny voice?
Good thinking (Score:3, Insightful)
You could take this same approach on other things as well.
I have always felt radar detector should be legal. If the loac PD don't like it, just put up a device that fired a signal at a random interval to trigger the radar detectors. Don't involve the courts in something you can solve yourself.
The music industry finally has the right idea. (Score:5, Insightful)
So, when Joe College Student downloads the latest MTV-hyped band that sounds like metal, grunge, and rap all thrown together in a blender, he gets a 20 second clip and an advertisement. What is Joe going to do? This is kinda/sorta like the highschool kid who spends $60 on a bag of off-the-shelf herbs and spices.
Now, here's the thing that really makes this a Good Thing. If this becomes common practice amongst the music industry, it could very well have the unexpected side effect of thwarting legal attempts to get P2P services shut down. I'm not a lawyer, etc, etc, but I'd think that you would be hard pressed to present a case to shut down a service that you use yourself.
And of course, now that the ante has been upped, I'm sure the P2P community will respond by improving their software to add features to combat the music industry's latest tactics. I'm not sure what form this will take, but perhaps some sort of public key watermark by trusted encoders or preview features or something even better.
In an odd, preverse sort of way, this is almost the first step in making peace between the P2P community and the music industry.
Re:the price you pay (who whom? my ISP?) (Score:3, Insightful)
Most Eminem-bots around here wont even complain that their Eminem CD wont play on their PC, and they STILL bought it. Of course they downloaded the mp3s, but they buy the CD too (its called franchise penetance, and I'd be more sympathetic to the RIAA if wasting money on brands, regardless of quality of product, wasnt America's favorite passtime, anyhow. Do they really honestly think people are downloading top40 bands because the quality is top notch? Nope. The big bands are Brands, and nobody likes to own a brand without owning some officially licensed 'gear', which is the CD in this case.)
The RIAA's archtypal top 40 uber-pirate downloader does not exist! Instead, those downloaders have ALSO been rushing to their local store, repeating, "I know I'm a sucker, but hes so cuuuuute, I have to buy his CD!" for the last 5 years
So, I'd say, they are targeting an audience that is buying CDs from them anyhow. I certainly dont know too many NON-top40 downloaders who are buying CDs nearly as religiously as the brand whores who need their latest Eminem or No Doubt (tho thier last single is pretty catchy, I have to admit they've grown) or big label divas.
How does this impact this story? I think if it is the RIAA or labels that are doing this, they are wasting their time, and the bandwidth of the last slice of their realiable, heavy user consumer base. It might work tho, which is fine with me as it would leave the people actually using file sharing networks to increase their exposure to new music alone to pursue such a noble quest.
Trusted networks (Score:3, Insightful)
For example: there could spring up various independent directories of MD5 checksums for songs known to be either good or bad. Various individuals could maintain these by hand, or P2P clients could allow the users to collaborate on such a shared directory by allowing users to simply click a button to associate a "trusted" or "untrusted" score for an individual file. File scores could then end up being aggregated into a reputation for a given person. Someone impugned a lot would get a bad reputation for sharing bad files, but allowing meta-level moderation (not unlike that in slashdot) could make this work both ways: someone who repeatedly impugns someone who actually deserves a good reputation would themselves lose reputation points.
An example of a trust metric can be found here [advogato.org].
Re:The real question is... (Score:3, Insightful)
Surprised this hasn't been taken to the next level (Score:5, Insightful)
I'm really surprised the record companies haven't taken advantage of this to advertise their pay services. Why play just a looping 10-second piece of the song when you can play a clip and then say, "To get the whole song legally for just $1.95, visit Pressplay.com" or something to that effect? I know that eMusic and some other services used to advertise their presence in the ID3 comment tag of the MP3, but this would seem to be wholeheartedly more effective.
The real question is, do the music companies really want these for-pay services to succeed, or do they want them to fail so they can frame Internet users as thieves? I'd say that both viewpoints exist in the RIAA. That's why these services aren't even advertised, especially not in a means such as the above, which IMHO would be quite effective.
I worry sometimes that all this "music revolution" will give us is uncopyable CDs. This would be a huge disappointment to those of us who don't want to gyp the artists -- we just want music in a more flexible format than a CD can offer. I, for one, am hoping that the potential of mass music distribution via the Internet can become a reality. If the record companies only squash the P2P networks without providing an alternative, this will only serve to alienate customers. On the other hand, if the record companies work with us to provide a low-cost way to distribute music legally (with rights to copy it to other devices), both the record companies and artists have a chance to become much more profitable while continuing to make their customers happy. I sincerely hope the latter will occur.
Movies, too? (Score:2, Insightful)
And then there's the matter of file sizes. Look at this:
03/02/2002 07:35a 746,689,484 movie - CENTROPY release -No subs CD 1of3.mpg
03/07/2002 04:36a 721,932,332 movie - CENTROPY release -No subs CD 2of3.mpg
03/02/2002 11:58a 425,062,892 movie - CENTROPY release -No subs CD 3of3.mpg
3 File(s) 1,893,684,708 bytes
You can fit roughly 650 MB on a 74 minute CD-R, or 700 MB on an 80 minute. There's no way that the first two parts of this movie will fit without violating the spec! And there's no reason for it, because the total, divided by 3, will easily fit on either size CD-R: 631,228,236!
Obviously, the only reason for doing this is to keep people from burning the movie onto CD-R's, which prevents archival storage and means that you have to decide to either keep it on your hard drive, or eventually delete it and hope that you won't want to watch it again.
Re:CRC check? (Score:5, Insightful)
The RIAA starts using these checksums to flag what is pirated and quickly shuts down everything.
You create some massive database (CDDB) created by the public, for the public, and then after a few years have some greedy bastards (GraceNote) close it up and charge money for access to it?
Awesome (Score:3, Insightful)
Not only does it not involve lawyers in any way (a deal maker right there) but it also creates a robust meta-game within the service- can you find the real mp3? Can you develop a reliable way to repeat that process?
As long as no one goes to court or Congress when they start to lose, this is the way things ought to be.
So true... (Score:1, Insightful)
Talk about quality/fan base...
Re:the price you pay (Score:3, Insightful)
I suspect that the next stage of music and video distribution are just around the corner, but they have some mindset hurdles to overcome (MTV was the most brilliant thing the music industry could have done to delay the phenomenon of digital distribution). Certainly there's a lot of money to be made and there's also an altruistic goal: if the mindshare lock can be broken, real music can once again penetrate the masses. Imagine the change; music as poetry taking root again. Music as protest. Music as expression. Wow, wouldn't that be something!
But for now, all the teenies who are swapping mp3s can see to do is trade copyrighted Metallica and No Doubt. That will change, and sooner than you think.
Good, let the P2P networks evolve. (Score:2, Insightful)
People are making joking comments about putting in a slashdot like moderation system or CRC checks on the files, but both of those are good options. A CRC check on the file to determine exact duplicates will prevent anyone from downloading the same spoofed file twice (imagine you check an option that marks the file as 'bad' and all the files of the same size and CRC are removed from your view). A moderation system would work even better, but in that lay a whole new realm of problems (how do you prevent spoofed moderation?).
Still, I think from this sort of thing will emerge a solution and the next generation of P2P networking. Well, I hope.
Re:How foolish (Score:1, Insightful)
Price has nothing to do with this (Score:4, Insightful)
It's wrong for someone to write a program that exploits obvious problems with Microsoft outlook, but exploiting p2p or iMac firmware issues on CD players is a perfectly acceptable way to "get back at" those darned copyright infringers?
News flash: Most of the interstate highway system is free. Does that give me the right to blow up a highway? Hardly.
If you can't beat 'em join 'em... (Score:2, Insightful)
On the flip side (Score:2, Insightful)
1. Professionally ripped (no skips or other imperfections)
2. At a high bitrate
3. Downloadable from a high-bandwidth server.
Polluting the P2P networks helps them make their business case for their own music services, and isn't any less nice than what the P2P networks are doing to them.
I don't intend this to be a flame or a troll, but seriously, we shouldn't hold the RIAA to a higher standard than we hold ourselves. I'd much rather see them fighting back through technology than through draconian legislation.
if i were the record companies (Score:2, Insightful)
THEN, you could make your collect song name information (so that it'd have a nice big list of songs to fake, to trap more people) by running searches on some number of requests come through the network.
you could probably fake CRC's too, by having your client just report whatever the other clients are reporting.
hell, if you were the RIAA, you could offer free music in return for people running this spoofing client on their computers based on how much bandwidth you've contributed. i think that people would trade idle computer time for free legit music downloads.
i'm not saying that i'm against p2p networks, or even piracy for that matter. i just think it'd be interesting to see somebody go this far.
-c
Hmmm... (Score:2, Insightful)
It only suprises me it took them this long to figure it out. Massive media companies have massive money, which means massive hardware and bandwidth. They can flood the networks with garbage at an incredible rate. Hell, they could just ask their employees to allow the company to use their (the employees) home machines as ersatz servers, meaning, the fake files would come from tens of thousands of sources. Give everyone who signs up for this 'Share the Trash' program a shot at a free dinner or an extra day off, and most of the workers will be happy to go for it. Don't even bother trying to keep it secret -- making people believe there's nothing valuable on the P2P networks will be part of the strategy.
Re:The music industry finally has the right idea. (Score:1, Insightful)
So if they passed a law that said all employees in the computer industry had to have their genetalia removed so they couldn't breed, you would be the first one in line?
Re:Price has nothing to do with this (Score:2, Insightful)
"Peer-to-peer": zero branding = zero quality (Score:3, Insightful)
FastTrack (Grokster, Kazaa, iMesh) relies on trusting it's users to provide authentic content. Anyone can share anything they want, mislabelled as they wish. Multi-sourcing exists on FastTrack, but only with up to around 10 users at most due to it's centralized structure.
Audiogalaxy, on the other hand, is centralized and can multisource from thousands of users, and group them together based on sharing of identical files (determined by a modified MD5 hash). Britney Sphere's latest single I'm A Slave For You [audiogalaxy.com], 128kbps, 3:36 is currently shared by 2627 users. That's way more than you'll get on any FastTrack or WinMX network. And since Audiogalaxy downloads the most popular version, it is very difficult to inject bogus crap -- in fact, you'll need to have more users sharing the fake files than legit. As a whole, users often remove fake files leaving the legit shining brightly through.
Regardless, it's all irrelevant once one enters the real MP3 scene on IRC and FTPs. Not just anyone can share files on most channels, only approved xdcc bots [iroffer.org] can. In addition, they only share specific "releases". Groups base their reputation solely on the quality of their releases. New groups on the scene often put out re-encodes and other junk which is nuked on a global scale. No site worth it's salt carries it. Well-established teams, on the other hand, are respected and sites carry their content, where sites are either +m IRC channels or ratioed FTP sites.
In conclusion, there is no need for peer-to-peer. Multisource downloads are a fad. We have enough bandwidth already. The protocols to distribute and disseminate content has been here for years: FTP and IRC. And they both work better and resist spoofing more effectively than whatever new protocol an inspirating programmer puts out this decade.
Web of Trust - (Score:3, Insightful)
You could do a web-of-trust type verification. Logically, divide the files into medium-sized chunks (say 32KB). Allow people to sign the chunks (w/private key), thereby endorsing the content as "valid". You can download a chunk, and see if it's been verified (preferably by someone you trust, or someone who's been signed by someone you trust). If it has, download the next, see if that's been verified, etc. (Again, if you only sign the whole file, you have to d/l the whole file to verify the sig, which is pointless).
Now, of course ppl. could falsely sign something. So, you 1) allow more than one signing of a file. 2) distribute keys with a PGP-style trust web.
So, suppose I put up a P2P host. I allow ppl. to download my public key, along with signed files. Someone will be willing to try out my files. They find it valid, so they sign my stuff, and send the signiture back to me. They also sign my key, perhaps indicating a level of trust in the signing.
As time passes, I can build a reputation in the long list of people who have signed my key and my files. You can trust the stuff I have up to be good because the stuff I've had up before was good, and this long list of people are willing to vouch. Probably, you trust at least some of these people directly (they've shared good stuff with you), so their sig. means something.
Now, an attacker can take advantage by gaining trust, and then spewing abunch of crap. BUT, they have to deliver good shit first. If they abuse it later, well, have the signatures be dated, or provide for revocation certificates.
Or we could go back to the old-fashioned way of doing it. I trust the stuff I download because I've shaken the hand of the people I'm downloading it from. Or because I've taken a risk in the past with them, and they paid off, so now I trust them enough to let them get my stuff, and they trust me enough to let me d/l theirs. Much more personable and friendly that way.
Re:Price has nothing to do with this (Score:3, Insightful)