Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
News

Gnutella Copyright Enforcement? 290

horos1 writes "Is copyright protection on gnutella enforceable after all? I thought that gnutella users were better off (ie: more anonymous) than napster users in this regard, but this story on zdnet implies otherwise." As I understand it, this app can report user names and IPs of people who download boobie trapped files that the software pretends to serve. Yes, you to can be Lars!
This discussion has been archived. No new comments can be posted.

Gnutella Copyright Enforcement

Comments Filter:
  • >Actually, Freedom.net [freedom.net] (which is owned by Zero Knowledge [zeroknowledge.com]) states very specifically that it can not track who does what directly. They can track a nym and what it does, but they don't know who it is FAQ question [freedom.net]. So the most they could do is shut down a nym and you'd have to purchase a new one. I'm not sure how much it is. The base package comes with certificates/vouchers for 3 nyms.
    Get too many of your nyms shut down, and it'd be cheaper to buy the music CDs themselves.

    "Hey, hey! Ho, ho! 100110!" - Robot rebels in Futurama

  • OK, I demand that you pay me $50 or stop breathing my air. With every breath you take, you inhale air molecules that have been in my lungs, making them my private property.
  • "But that invades my privacy!", you say. That's true, it does invade your privacy. But it is also perfectly legal--the ISP or the company is assisting the government in the investigation of a crime, and failure to do so can yield charges like obstruction of justice and aiding and abetting. If the crime is serious enough, it may also warrant a conspiracy charge. ISPs and companies hate that kind of pressure, and tend to fold under it rapidly, no matter what their stance is on user privacy. After all, a "you are totally anonymous" policy is hard to enforce when jackbooted thugs kick in your door and shut down your hosting operation.

    My understanding is that if someone reports illegal activity to an ISP, the ISP can take action according to their Terms Of Service, but cannot disclose any personal information to the person who reported the offense. So, if the RIAA tells me I have a user who's sharing illegal MP3s, and gives me the user's IP address, I can check to see who the user is, but I can't tell the RIAA. I can take action against the user (by terminating their account, etc.), and I can tell the RIAA that I have done so, but unless the RIAA presents me with a court order, they'er not getting the name of my user. If I do disclose the name of the user to the RIAA, the user can sue me.

    I imagine that some ISPs could simply make exceptions to this, by explicitly stating in their Terms Of Service that they can give out personal information in this kind of situation, but there might actually be laws against it. I'm not sure.

    --

  • I wonder how long it'll take till someone hacks a better anonymous system. Say with rings of trust, and HEAVY crypto.

    Go ahead. Because of explicit trust such a system would be so small that not even the RIAA would conceive of it as a threat. If you open up the trust relationships to the point where you could actually do significant piracy (which is all some people around here seem to want to protect), then it will be open to infiltration and compromise.

  • Plus, think about it.. if everyone on Gnutella got subpoenas on their doorstep towmorrow for downloading copyrighted information, we would have even more popular support for the cause. The more people the RIAA piss off with these bully tactics, the better off we are.

    Not only that, but imagine how the judicial system would react in front of the ensuing onslaught of litigation? After 5000 cases of "Plastika - vs - Joe-Blow-who-downloaded-the-latest-hit", judges will soon tell the RIAA to go screw itself pretty quick.


    --
    Here's my mirror [respublica.fr]

  • If the software did work like that (and I don't think it does based on the article) it would be useless.

    If they offer dummy files with the same name as copyrighted material then downloaders haven't committed any copyright infringment - they've downloaded a couple of megabytes of garbage and have therefore done nothing wrong.

    If they offer the real thing and track who downloads; then doesn't the fact that they allowing free downloads of their copyrighted material affect the status of their copyright? If they're not protecting their material properly then they can't accuse anyone of abusing the copyright.

    Whatever they offer for download they've lost the case.

  • This is really starting to piss me off. Whether you believe music should be free or not, the fact is that that decision should be up to the artist and the owner of the music. If they tell you you can freely copy the music, then you can. If they don't, and you obtain a copy of the music without obtaining a license, you are stealing. You are hurting the artist. You are telling the artist, that, while you think he/she makes good music, he/she is not competant enough to decide what to do with it. Worse, you are telling him/her that you don't think the music is worth anything.
  • I was under the impression that only the part that acutally creates and makes available copies of a copyrighted work does something wrong. In particular, I have a vague recollection of a newspaper article that stated that a person that creates pirated CDs can be sued, but that it is not illegal to accept CDs from him. (This was in Sweden, but copyright legislation should be the same everywhere).

    If that is the case, then lists of people who has downloaded supposedly pirated content would be completely useless. Only a list of people who has served such content would be of interest (like the list that was presented in the Napster case).

  • That doesn't mean that some company can't come up with a court order saying that you must log them for a particular user, somewhat akin to a phone tap...

    --
  • grr, i cant stand it when THE MAN IS TRYING TO HOLD US DOWN. GRRRRRRRRRRRRRRRRRRRRRR, eeeoch okee, well, Im gon C ya

  • Searching for a file name is not a copyright violation. Downloading copyrighted material would be, but the users wouldn't be doing that. they'd be downloading a "boobie trap". Even if that file is copyrighted, it's misrepresenting what it is , so downloading that can hardly be illegal.

    Sounds like he's breaking laws by sneaking unauthorized software onto users' machines. Isn't there an anti-hacking law abotu trojan horses?
  • Well in the case of gnutella, i imagine 'authorities' recieve the 'lawbreakers' request for /metallica/.mp3, then generates a file w/ that name and pushes it to the 'lawbreaker'.

    This is different from a case, say of narc@fbi.gov emailing you a link to metallica.mp3

    The gnutella example is more like:

    <Crackhead> (talking to NARC) Hey man got any Crack?
    <Cop> Sure.
    <Crackhead> ty!
    <Cop> *savage beating/arrest*

    I think it makes it difficult to call this entrapment.
  • Comment removed based on user account deletion
  • so all they're going to be left with is the knowledge that their music is being pirated.

    Well, if its being pirated, then that means people like it... Perhaps they could use it as a barganing chip in record company deals...
  • So is it the case that Media Enforcer can only report searches, and not actual downloads? That doesn't establish copyright infringement any more than you can convict someone of burglary because they were seen walking "suspiciously" around a building at night.

    You might not get convicted, but you could get fucked up pretty badly. In the case of the guy who created DeCSS, arrested by the MPAA's corporate goons. In that guy from New York's case, shot 41 times.

    I remember a story on the news here about a kid who got shot by a cop outside of a store at night. And, oh yeh, the kids parents owned it. The cop didn't even get fired.

    I don't see how you could get convicted by searching for a file, but that doesn't mean you couldn't, say, have all your computer stuff confiscated or something like that...
  • Isn't such software entrapment? Just as police in the United States are not allowed to provide the means to commit a crime, this software seems to do just that.

    I would love to see an eventual litigation of this topic. A "downloader" could say since the questionable files were placed there with the direct intention of having people download them that he was entrapped. That would put an interesting twist on this topic indeed.
    -clump

  • As I understand it, this app can report user names and IPs of people who download boobie trapped files that the software pretends to serve. Yes, you to can be Lars!

    Anyone know what the legal situation is on civilian entrapment?

  • Your point is well taken. However, the RIAA can take the same kinds of actions that the Feds used to take against draft dodgers, particularly selective prosecution and show trials. They simply have to pick a few middle-class suburban kids who have downloaded a particularly large volume of Britney Spears MP3s, and prosecute them in a particularly showy way. Media coverage of crying teens & of college students having liens slapped on them for damages will scare away a large number of users, without the need to prosecute each and every one of them.

    I wonder if the RIAA really would file a lien against a college student to recover damages?

    Further, you can sue colleges for allowing the students to use Gnutella by not providing blocking software or the like, as it is not a secret that a lot of, if not most, pirates are college students.

    No shortage of people to sue! If you use your imagination, you can easily come up with some more.

  • there's no law against searching for infringing material.

    At least not yet, you can bet the RIAA would love to be able to nail you for just *thinking* a copyrighted tune. I'm humming a metallica song right now, eat that lars!

  • The problem with this method is that since every client is a peer, and possibly now a relay, you could end up using someone on a slow connection as the relay.

    I'd hate to be the poor sap on a T1 downloading from a T3 using a machine on a 28.8 modem as a relay.
  • If you have the time and the ip address, you can contact the ISP and ask for the information.

    Note, however, that AFAIK there is no legal requirement that ISPs keep userIDIP address assignment records. So an ISP that doesn't keep that information for long enough for a warrant to be arranged wouldn't allow them to track you down.
  • It's like if the police clock you at 50 over the limit, but they don't catch you. However, they do get your liscence plate number. They have nothing on YOU because anybody could have been driving the car.

    Actually, that's not true. If the car is registered to you, then you are responsible for how it is used (unless in the case of theft, naturally). If your girlfriend was driving your car in the scenario you suggested, you still get the ticket. It might not be your fault, but you'll get "punished" because you entrusted your girlfriend with your car and therefore are responsible in part for the ticket.

    More on topic: If RIAA or whoever gets your IP, and then your ISP terminates your account, that's too bad. The "it wasn't actually me logged in" excuse won't cut it. After all, you gave the other person your password (in effect), but the account is still yours. The ISP will come back and say, "OK, so maybe it wasn't you who downloaded MP3s of [insert RIAA band here]. But you let other people use your account to download them, which is a breach of the terms of service and/or EULA, so we're cancelling your account anyway."

  • I guess that's true, but that would only be effective against a repeat offender. If they wanted to get Joe Shmoe who downloaded a Metallica song from Gnutella last Thursday, and never returned, then there would be nothing the feds can do.
  • Let me see if I understand this correctly, the only reason why this software works for napster is because you HAVE a central server to send this LIST to, so that they could deny users. With GNUTELLA you need to send a court order to EVERY ISP/IP address that this software types up. Which invalidates the point of the software.
    -elmo
  • Fundamentally, it is not my responsibility to make sure that materials I download are legal copyright-wise. If I go to what seems to be the "They Might Be Giants" website and download MP3s that are there, or grab bootlegs the owner says are legal, am I violating copyright if the files weren't legal for distribution? That shouldn't be the case, any more than I should be liable if I buy a copy of the New York Times that has a plagiarized story.
  • More than likely, he's afraid of a lawsuit coming against him from Dr. Dre or Metallica or the next group to sue Napster et. al about pirating music online. Bet you that this is so that he can print out the e-mail, put it somewhere safe, and then claim that all people he gave this to had said that they were using it for the purposes of preventing further copyright violation.

    Given the money that the RIAA and various artists are willing to spend fighting this thing, it seems quite understandable that he would want to say something like that. It's not really an evil ploy, I'm sure, just a method of keeping himself out of the courts.

  • If you look closely at the definition of entrapment you'll notice "in criminal law". I dont think entrapment exists in civil law. Since copyright infringment isnt a crime, then entrapment would certainly not apply here.
  • But doesn't this just seem to log IP's that make requests to your computer? OR does this search out files on other peoples computer and get thier username and IP address? Either way, I really don't think it matters.
  • Survival of the fittest, I always say! -Erik
  • Ooh! An IP Address and a filename! Wow!

    Do we even trust that this company can track Gnutella users? You have to send in a WRITTEN APPLICATION to get a fully operational version of the program. I suspect they are still trying to figure out how to get the correct IP for Gnutella users.
  • Comment removed based on user account deletion
  • by (void*) ( 113680 ) on Thursday June 22, 2000 @05:47AM (#983512)
    It means nothing. Anyone can create any username, and and IP's can be filtered, masqueraded; ports can be forwarded, and tunneled over in many different ways. Routers can be misconfigured even without bring down the traffic. What would that IP/username mean?
  • by Lando ( 9348 )
    Sorry,
    Hate to interject here, but if you are after Anonymous file transfers you need to look at Freenet. Gnutella is a distributed file sharing system not an anonymous system.

    Lando
  • What, exactly, does this program *do*? I can go run gnut [ensor.org] and just search for an mp3. I then get a big list of matches, complete with IP addresses. How else am I supposed to download the file if I dont have the IP?
    Anyway, I'm not worried about this kind of thing. So they have your IP address. Fortunately, they also have about 10K other IP addresses. Who can they complain to? The ISPs? They'd have to complain to hundreds of ISPs, most of which wouldn't care. It's just not feasable.
    The whole SNR thing is much more of a problem, if you ask me.
  • Does anyone else remember a story about the "wall of shame" - a list of people who attempted to download fake kiddie porn? I knew that as de-centralized as Gnutella was, it wasn't totally anonymous. Of course, it brings out the question of entrapment, if they attempt to enforce it thusly.
  • Thanks for the tip...teach me to assume the poster knew what he was talking about....
  • by mindstrm ( 20013 ) on Thursday June 22, 2000 @05:47AM (#983517)
    Makes perfect sense to me.. I mean, when you do a file transfer, it happens peer-peer, so you do know who the other party is (or at least, their IP).
    In fact.. as soon as search results are returned, those results contain the IP address of the host holding the data, no?

    So... the only thing anonymous about gnutella is that searches are anonymous until you actually download something.

    But really.. the whole point of gnutella wasn't that it was 'anonymous', but that it is decentralized. There is simply no easy way to 'stop' people from using gnutella. we can switch ports easily.. it really doeos need randomized ports....

    Now.. personally, I would think that putting up material to be downloaded in order to finger people would ammount to entrapment, as you are basically going somewhere where you *KNOW* that people are tempted to download software, and put up software they might want...
  • Your search is given a unique ID which is used to route the search results back over the gnutella network. They don't come back directly from the server that is replying to the search. So in theory from how i understand it, only the node which sends you the search result would know you had searched for it.
  • Decide if you want to search Napster, Gnutella, or both...
    Media Enforcer is just a front end to search the respective sharing utilities for certain bands and/or titles, and lists the IPs and Usernames of anybody sharing a file you're interested in.
    AFAI can tell, it doesn't "bobby trap" anybody...
  • In the text of this "story" we see the line "you to can be Lars."

    It should read "you too can be Lars." To can be makes no grammatical sense. If you're going to be valued as a media site, please don't contribute to the degradation of the English language by using improper grammar.
    --
    If there is a God, you are an authorized representative. - Kurt Vonnegut Jr.

  • you need a place to store records on each user's karma. this would mean a centralized server. which might not be a good idea since it probably means that every user's IP would at some point go across it, and thus, be loggable. and once u can match IP to username, you get the same bit as napster and the RIAA, meaning you can be ordered to deliver user records and so on.

    -
    "There is no off position on the genius switch." --Dave Letterman
    -
  • And this affects people running the gnutella clones on linux,bsd or mac in what way? God how I wish you so-called "Security Experts" who are only familar with windows,msdos batch files and windows viruses would just shut up.

    I never said I was a security exspert, dumbass. all I said was that I found a .vbs file that everyone seemed to have. The virus was obviously spreading, do a search for 'vbs' and see how many instances you find. I don't give a damn if your vulnerable or not. I said it was a Gnutella worm, not a Gnutella clone virus. Not like it couldn't be rewriten to target Linux/mac users. (as a bash or applescript file)
  • The distributor may be in trouble if he is pinned down, but certainly not the downloader.

    This may be a very technical defense, but I believe it's a pretty solid one. Anyone see a loophole in it?

    The loophole is, is that no one is going after anyone for being the recievers of copywritten files. They're (the RIAA, Metalica, Dre) going after people that are making those files available for download. So, as you said, the distributor could get in trouble, and as reality is working so far, it is the distributors who are getting banned from the services, and NOT the recievers.

    However, the way that Napster is set up, once you download a file from a "distributor", that file then becomes available to other people, so unless you're quick to move it to another directory, you too become a distributor and can therefore face whatever penalties are being handed out.
  • Blockquoth the poster:
    Corporations are not the government.
    Of course they're not -- they have real power.

    It just might be time for a civil equivalent to the Bill of Rights.

  • Hear Hear

    It is, alas, a common police/investigative tactic throughout the world to turn up and gain access to premises on the mere threat of a search warrant.

    In fact, in most jurisdictions, at least some form of prior judicial scrutiny is required before agents of the state can violate privacy in search of evidence. (And if they claim they don't, ask for full details of the enactment/statute under which they derive their power and take a careful note of what is said, in writing and at the time.)

    When faced with police pressure, you should always insist on seeing a warrant/court order before permitting any intrusion - don't back down unless and until they threaten physical harm. It makes life so much more fun for the nice officer when he has to explain himself to the judge later.

    Of course, your mileage may vary as to how effective judicial scrutiny of police action ever is...

  • Isn't it the file provider who's at fault?

    Yes, but the law doesn't care. Ever notice how hookers get busted, but the Johns do not? Ever notice how the pirate video stores get raided but no one follows up their customer list? Ever notice how they went after napster but not after its users (they nuked some nicks but never bothered real people). Ever notice how the FBI goes after bank robbers, but not after those who accepted the stolen money for various goods and services. It's all about stopping the supply, not the demand.

  • This approach may work for some institutions, such as the Universities who have banned Napster, but I cannot see it working for the commercial ISPs. As you mention, the main reason Universities have banned Napster is because it is a bandwidth hog - it would be bad publicity if the University was found to be indirectly aiding the distribution of copyrighted material, but their main motive for banning Napster is because it uses bandwidth and the University does not gain any (financial) value from this use of bandwidth.

    On the other hand, commercial ISPs have a financial interest in people using their service - the longer you are online trading files by Napster and the larger the bill you run up. So it would be a bad idea (financially speaking) for ISPs to crack down on Napster use. Have you noticed how hard it is to get most ISPs to do anything about spam which originates from their service? This would be a similar situation. The ISP would be unlikely to investigate the pirated MP3s or ban the user until they were forced to by a court order. Which brings us back to the situation that less successful artists are unlikely to have the financial means to drag this sort of thing through the courts.

  • Wouldn't anonymity be easily afforded by just routing downloads through the list of servers through which the search was performed? Sure, you might take a little hit in download speed, but I would think that would be pretty anonymous and pretty trivial to implement. Each server would be a proxy so you never *really* know where a request is going. The GnutellaNet would just be a large black box with search requests going in and data coming out.
  • Any Peer to peer networking (ie TCP/IP as it was meant to work) will expose the sender's address to the reciever and vice versa. Otherwise there can be no meaningful communication.

    What you suggest simply puts a server in between which you will have to trust. So basically you are back to Napster with some sort of encryption.

    The point of gnutella is to make all transfers peer to peer, not really anonymous. Of course you could always relay the packets from a central server on either end, but the goal should be to retain the "end-to-end" nature of the internet and you can never effectively encrypt routing information.
  • Wow, you've described a great DDoS! 8)
  • I have do different questions relating to the who 'Music-Cops-On-The-Net' thing.

    1. Very little mention has been made of mp3 (or any file for that matter) distribution over IRC. It certainly is easy enough to locate your favorite music on various channels. So is it trackable? If it is (it would have to be because of the peer-to-peer nature of DCC), why has IRC slipped through without being part of Lar's wrath?

    2. What if I put up a file called 'Metallica - They've sold out, man.mp3' that consist of me ranting into a microphone about how Metallica has sucked since the 'Black' album. My name/IP could be snatched up by this software, right? So I get taken down by Napster, or hauled to court... what kind of recourse would I have? Heck, for even more fun, I take my rantings, but call it 'Metallica - Unforgiven.mp3'. How would that affect my legal standing?


    "I shoulda never sent a penguin out to do a daemon's work."
  • Gnutella users have plenty of opportunity, once they see that Metallica track on honeypot.riaa.com, to Just Say No. If they walk away from the bait, they're not guilty -- even if they searched for "Metallica" to find the bait in the first place -- because there's no law against searching for infringing material. Only when they elect (of their own free will) to download what they reasonably believe to be infringing material, have they committed a crime.

    Good post. One question:

    Can't the user simply claim "fair use"? I know fair use is somewhat limited, but how could the copyright holder prove that it was not fair use?

    Might it at least drag things out long enough to make the case too expensive for the copyright holder? I know the big intellectual propery clearing-houses have deep pockets compared to most individuals, but compared to millions of individuals is another story.

    Most piracy cases AFAIK have targetted large distributers. Going after the end-user is a much more hairy proposition I think.

    (Somebody has to fix these damn "invalid form key" slashdot errors.)

  • Moreover let's say someone is succesfully using the username and IP to identify me. And let's further assume he wants to sue me because I am sharing a file called "Metallica-DownloadThis.mp3". My question is: How does he know there is indeed a copyrighted song in this file?
    It might just be my latest dumped core that I automatically rename to Metallica-DownloadThis.mp3 because the band pissed me off or I think it is funny. In that context, having a file called Metallica-DownloadThis.mp3 and sharing it though Napster or Gnutella is perfectly legal


    It may not be illegal, but having a file names that is enough suspicion to investigate further. If I have a baggie that looks like it has crack in it, and I show it to a cop, he's going to arrest me. If you have something that looks exactly like a pirated file, they have enough grounds to pursue it. You may be found innocent in court, but that doesn't mean they aren't going to try and prove it was a pirated file.

  • I wonder what would happen if several thousand people subscribed mediaenforcer@hotmail.com to it's own "when this page is updated email me" service [tripod.com].

    Not that I think anyone should actually do this, of course; that would be wrong.

    --
  • And I was just watching the last JavaOne keynote webcast today and was pleasantly surprised when Tim O'Reilly brought up Gnutella and its role as facilitating sharing and communication. In a totally positive light. I'm sure for many in the audience this was the first time a Big Name had talked about Open Source. So I'm glad the FUD didn't get to them first.
  • by gavinhall ( 33 ) on Thursday June 22, 2000 @05:47AM (#983589)
    Posted by 11223:

    Any distributed file-sharing protocol that is non-encrypted is insecure in this fashion. The reason is simple: Your computer requests the serving computer for the file in question. The other computer obviously knows your IP, then, and a modified client can serve up that info. That's why the Freenet project is so essential.

    Here's a simple precaution that can be taken when desiging such a protocol: One computer never directly requests to another. Instead, it gets a piece of information from the serving computer through the network (x, n, and x^y mod n for some x, y, n) and creates a key (x^y^z mod n for some z) and sends another piece of information indirectly (x^z mod n), so that the server can get this number (x^y^z mod n) itself. Then you can establish a two-way encrypted link securly while having your packets be passed through other clients (so that the server never knows your IP). (BTW the encryption is a diffie-hellman key exchange and is one of the neatest things in modern crypto).

  • Admiral Burrito writes:
    > Can't the user simply claim "fair use"? [ ... ] Might it at least drag things out long enough to make the case too expensive for the copyright holder?

    In short, you're suggesting that people sued make frivolous claims that their infringement falls under fair use in order to effect a DDoS on the RIAA's lawyers.

    Sounds like Elron Blubbard and the Co$ doctrine that "The purpose of a lawsuit is not to win, but to harass".

    Sadly, this tactic only works if you've got a lot of money behind you, material to blackmail judges, (or a timely drowning of the offending judge's dog in order to force him to recuse himself :) or otherwise rig the legal system in your favor.

    The goal of the RIAA here isn't to prosecute everyone who dips into the honey pot, merely to ensure that enough people get sued, and that honey pots are prevalent enough, to create a "chilling effect" that encourages compliance.

    To dig up an old comment I made about spammers - it's like putting a few heads on pikes to encourage the others to comply.

    Whether this would be effective in the context of a distributed system such as Gnutella or not is open to debate. It's rather like the War On Some Drugs. Posession is illegal, but only a tiny minority of "downloaders" get nailed to the wall.

    What's interesting is that for USE^H^H^Hat least one distribution system out there whose scrutiny appears to have escaped RIAA thus far, nailing downloaders is nearly impossible, but nailing the top uploader by volume on a monthly basis would be trivial. This would create one hell of a chilling effect.

    But as for a Gnutella, I'm skeptical, unless RIAA agents set up a network of dozens (or hundreds) of honeypots. If they go that route, the honeypots would have to be geographically distributed (in meatspace - in order to be distributed throughout the providers' IP-spaces), and it would be nontrivial to set up such a network of honeypots without the cooperation of the ISPs themselves.

    The future will be "interesting" to say the least.

  • "Just put up a bunch of bogus content, but interestingly named files. When someone tries to download it from you, you get the sucker's IP address."

    And then what? The person hasn't done anything illegal, since the content was bogus. The person hasn't actually infringed on anything. If you buy a bag of oregano from an undercover cop who tells you it's pot, you can't be arrested for anything. You actually have to commit the crime you intended to commit to be held liable for anything.

    This raises an interesting point. To actually convict someone of pirating mp3s, it strikes me that you would have to have direct evidence that the file you put up for download was, in fact, an illegitimate file. You would also have to strongly link the IP address to the actual person. It would be exceedingly difficult, if not impossible, to take any legal action against anyone using evidence such as a list of user names, IP addresses, and alledged song files they made available for downloading. It would take a serious investigation involving searches, stakeouts, time, and money to really get the necessary evidence to make a piracy charge stand up in court. The only people the police would go after to that extent would be real "pirates" who actively distribute illegal copies en masse, and who charge for it. I don't think there is any reason to believe that the government would or could go after individuals trading files for fun.

  • Makes it perfect tool for DDOS attack. Just tell 20 of your Guntella neighbours "that guy overseas really wanted that 10G movie clip, so please help me delivering it" and your victim is roasted and served with fries.

    Humorous, but I think you missed the idea.

    The scatter network code is part of every client. You can't initiate the transfer for someone, it's the other way around.

    • Client: Wants to grab that Metallica box set MP3
    • Client: Analyze network and send request to server along with network picks
    • Server: Takes the MP3, splits it into x chunks and distributes to 1st-tier scatter network
    • 1st-tier: Each scatter server breaks up their "block" into x blocks and sends them to 2nd-tier network
    • 2nd-tier: Same idea as first tier
    • nth-tier: ...

    In discussing the idea with my brother earlier today, you would have to devise a way to split the initial transfer up into x "tamper proof" packets. Packets which could be split up but not be altered otherwise. That would prevent subverted clients from mucking with the data.

    How would the fragmented mess eventually get to the original requestor? I would imagine it would be done with some kind of session ID. A "virtual circuits" (to steal a Frame/ATM term) kind of thing, but where you would start advertising you are connection x and the server would start broadcasting that it is the producer of information for that session. Hmmm... I wonder if a DeviceNet style of data producer/data consumer would work in this case. A routed system which learns which sessions are where... sounds bandwidth intensive.

    I didn't say I had a working solution, merely an idea. :-)

  • Moreover let's say someone is succesfully using the username and IP to identify me. And let's further assume he wants to sue me because I am sharing a file called "Metallica-DownloadThis.mp3". My question is: How does he know there is indeed a copyrighted song in this file?
    It might just be my latest dumped core that I automatically rename to Metallica-DownloadThis.mp3 because the band pissed me off or I think it is funny. In that context, having a file called Metallica-DownloadThis.mp3 and sharing it though Napster or Gnutella is perfectly legal.

    ... Unless someone wants to copyright the content of my core file. Of course.

  • by tzanger ( 1575 ) on Thursday June 22, 2000 @07:01AM (#983615) Homepage

    No, I mean requests flowing across the network (and encryption to make it secure). If what I described were implemented:

    • Servers would have no clue which requests came from which IP's, because the request was forwarded across a network.
    • The forwarding computers (who know your IP) would have no idea which requests you put out because the request is encrypted.

    Actually you can take it a step further... with all the gnutella clients out there, each one can serve bits and pieces of the file to the requestor once it is determined that they want file 'x' from server 'y'. You could do a bit of network analysis to find, say, your closest 10 neighbours and your most reliable (and distant) 10, and then spread the transfer through those 20 clients. (use more for less bandwidth impact on the scatterers but at the cost of more complexity). At the receiver's end, just reassemble the packets from all the scatterers.

    Make it better by having several layers of this scattering. server --> scatter network --> scatter network 2 (now scatter impact is squared for the same size network) --> scatter network 3 (cubed impact now). Let's say you've got a scatter network of only 10 computers. That's now 1000 computers sending bits and pieces of what you want, at no (significant) bandwidth cost to themselves. Of course you'll have to set up levels of how many scatter networks you want to take part in.

    Think of it as spread-spectrum TCP/IP networking. :-)

  • by Eccles ( 932 ) on Thursday June 22, 2000 @05:49AM (#983622) Journal
    Whoop, I think CmdrTaco misread the story (and I misfollowed); this software doesn't fake files, it hunts for real ones on the net and IDs the provider.
  • You could make Gnutella support email attachments as a transfer protocol, so that paranoid people could have their files sent to a hotmail account.

    MSN Hotmai1 [hotmail.com] supports attachments on1y up to 1,000 KB in size; any good sized *.mp* file is out.

  • In short, you're suggesting that people sued make frivolous claims that their infringement falls under fair use in order to effect a DDoS on the RIAA's lawyers. Sounds like Elron Blubbard and the Co$ doctrine that "The purpose of a lawsuit is not to win, but to harass".

    Not harassment at all, because the people who would make the "frivolous claims" (which may or may not actually be frivolous) would not be the ones filing the lawsuit.

    It's more like MS' claim that the web browser belongs in operating system. It's subject to interpretation.

    AFAICS it's common for people to claim every possible defense they can come up with. I think they call it "due process". :)

    To dig up an old comment I made about spammers - it's like putting a few heads on pikes to encourage the others to comply. Whether this would be effective in the context of a distributed system such as Gnutella or not is open to debate. It's rather like the War On Some Drugs. Posession is illegal, but only a tiny minority of "downloaders" get nailed to the wall.

    Bah. The drugwar hasn't stopped people from using drugs, and the government has nearly bottomless pockets to spend on that vietnam. Copyright holders are not in that situation- they have to make money.

    The future will be "interesting" to say the least.

    Agreed.

  • Wouldn't setting up 'boobie-trapped' files be a form of entrapment? Is this legal in the States?

  • Nope, search responses have ip addresses in them, they also have a unique identifier to allow the network to pass push requests around when you can't directly connect to the end router. fake ip's and working push stuff makes the whole thing a little more anon.
  • ... is just as much a part of information theory as information distribution. Information wants to be free, whether it is m374lic4_5uXx0r5.mp3 or the log entry show the time, date and IP of the person who downloaded it. This program provides tracking for napster and gnutella. Ok.. big deal. It doesn't comprimise Gnutella in any way other than to provide accounting for file downloads, which isn't such a hard thing to do, since gnutella is a multi-access broadcast media anyways.. all information transmitted on it is pretty much viewable by everyone. This program does nothing to stop people from downloading soungs, files, etc.

    Plus, think about it.. if everyone on Gnutella got subpoenas on their doorstep towmorrow for downloading copyrighted information, we would have even more popular support for the cause. The more people the RIAA piss off with these bully tactics, the better off we are.

    //Phizzy
  • by Johnath ( 85825 ) on Thursday June 22, 2000 @05:53AM (#983645) Homepage
    This, and the related problem of hacked clients giving back hits for any search that just link back to banner sites, has been a real impediment for me in using gnutella over something more centralized like napster. The problem with anything de-centralized like this is that while you have all the benefits of abandoning centralized control, you have all the headaches of abandoning centralized control too.

    The best solution I've come across (in the oh so many hours I've thought about it... :) is to implement, either at the protocol level or the client level, a moderation-style system, or actually, more appropriate still: a web-of-trust setup.

    Unfortunately, the protocol [wego.com] as it currently stands, does not have much room for carrying this kind of information, and implementing it in any kind of non-trivial-to-circumvent way would require a fair bit of work. I mean, you can have clients digitally sign their hits, and the hits of people for whom they vouch, but ugh - think about the kind of traffic that goes across one of these clients, and the overhead that would come from signing or otherwise authenticating each one.

    Maybe something more akin to the spam blacklists would be more appropriate: have a hook in the client that allows it to grab the current blacklist and filter those people out of the hits. Unfortunately, since a gnutella request doesn't pick and choose it's recipients, you'd have all sorts of traffic moving around that was just being dropped by the recipient, but at least this contamination would be harder to pull off.

    Any thoughts on these, or other ways to keep the S:N on something like this up? I think client-side implementation is important, since it allows the protocol to remain unscathed, and choice is of course, essential, just like browsing /. at -1. But if nothing gets implemented, we end up with a great distributed file sharing mechanism that is, much to the pleasure of Lars and his ilk, too contaminated to bother with.

    Johnath.
  • The decentralization of Gnutella is a big problem for copyright enforcers, because it's a heck of a lot easier to put all the pressure on a big company. Plus, there's potential money there. The little guys using these programs aren't deep pockets.

    When Metallica wanted to stop Napster users it got Napster to ban them (not that this was terribly effective, as two minutes in the registry got a user back in with a new account name). But if Metallica wanted to enforce its rights under Gnutella, there is no central company to put pressure on. They have to go after the individuals. They've said they don't want to do that, and I can't imagine there are many that would, because there's nothing in it for them.

  • by Signal 11 ( 7608 ) on Thursday June 22, 2000 @05:54AM (#983649)
    The problem with anonymity is that on a peer-to-peer network, it is impossible. ISPs have more or less been forced to log who signs on when, if not simply for billing purposes. Given that you can easily get the IP address of the person requesting the file(s) off your server, GNUella offers no more anonymity than a webserver.

    If you want real anonymity, you have three options:

    • Proxy service
    • Illegal proxy service
    • broadcast network (ala MBone)

    The first one can be had by anyone who will let you use their SOCKS5 server. With some servers, you may also be able to tunnel through an http proxy to obtain non-http service, however YMMV. Services exist online like Anonymizer.com or Freedom which will, for a small fee, happily remove all traces of your IP address from the request using one of their servers. Caveat emptor, however, as they likely need to keep logs as well to prevent absue.

    Option #2, illegal proxying - crackers have known about this for a long time. Basically, grab yourself a copy of nmap and start scanning on ports 1080, 80, and 8080 and see how many proxies you can find. Scan for winproxies [winproxy.com] as well as they are often poorly configured.

    Once you have your net of proxies up, or have compromised a bunch of computers and done the same, use those to relay your messages. Or just go down to a public terminal and install some proxy software.

    Option 3, there is only one option here - MBone. It is basically an IP multicast network setup on top of IPv4 which allows one server to broadcast data to all other computers on the network.

    I'd like to, at some point, start a project to create a self-healing mirroring network with crypto support do accomplish the same things GNUella does, but have it rely on multiple protocols and require no special software (ie, web servers, ftp servers, etc) for the clients to use to get information off the servers.

    But I digress... in short, you have no privacy. Either do something illegal to get it back, or give up and accept it. No solutions exist at present to give you 100% anonymity. But.. there are projects in the works that aren't internet based that may be appearing in the not too distant future...

  • So long as I don't know the degree of "copyrightedness" of the file, it's not my fault.

    False. In some cases, trafficking in stolen goods is just as bad as the actual theft, even if you can prove you had no knowledge that the goods were stolen. I imagine that something similar might apply here.

  • All of these protocols involve direct peer to peer file transfering, without going through some sort of trusted intermediary or anonymous network. Thus, if you find someone has the item you are interested in, it is trivial to get the information: Just start the transfer, see the sucker's IP, and disconnect before you waste any more of your bandwidth. From there, you can go through whatever routines are necessary to associate an IP address with an individual.

    Similarly, there is no means of authenticating files before downloading, so it is easy to make a tarbaby server: Just put up a bunch of bogus content, but interestingly named files. When someone tries to download it from you, you get the sucker's IP address.

    Finally, under copyright law, the copyright holders do need to be rather active in defending their rites. Although I believe that Lars Ulrich and company are being rather ham-handed about how they go about it, they really have no choice but to at least make reasonable attempts. Otherwise, a copyright lapses if undefended, and someone could start manufacturing CDs of Metallica and the band could do nothing.

    Is Napster really different from a company who's business model is "We want to make money by software piracy?"


    Nicholas C Weaver
    nweaver@cs.berkeley.edu

  • If I download MP3s or bootlegs the owner says are legal, am I violating copyright if the files weren't legal for distribution? That shouldn't be the case, any more than I should be liable if I buy a copy of the New York Times that has a plagiarized story.

    It is the copying that matters, which is why buying a copy of the New York Times isn't parallel--you're not making a copy.

    Only the copyright owner can give you permission to make a copy (unless the copy is Fair Use, in which case you don't need permission). To use your example, the guy behind the counter at the newsstand can't give you permission to make a copy of an article in the paper. In fact, the newspaper itself might not be able to give you permission--unless they had secured those rights from the author.

    Obvously this can be a bit complicated to figure out in advance. That's why contracts to use copyrighted material have the author warrant that he or she owns the copyright and agree to make the publisher whole if that turns out not to be true.

  • OK first off, do not compare physical property to intellectual property. The analogy never works, and in this case, it falls down immediately.

    The argument of 'what if I didn't know it was being distributed illegally' is a valid one. Assume that you're doing some research on caramel corn. You go to your trusty friend google.com and start looking for pages relating to "caramel corn". You find an article that looks very promising, so you follow the link. Once you've loaded the entire page, you find that, sadly, the article is copyrighted by Caramel Media Inc., but John Francis, who is a caramel corn fanatic, copied the article on to his page without permission from Caramel Media.

    In my mind, this would be analogous to what the OP described. You were looking for some poetry (do people distribute poetry on Gnutella?), found one that sounded interesting, and, after downloading it, found at that it was being distributed illegally.

    In the first example, it would be ludicruous to phone up the ISP of *every* page you were about to view and say ("yes, I was thinking of reading an article you have saved on your website at ~users/bill/caramel.html, but I was hoping if you could check to see if has been illegally distributed first"). Likewise, it would be ludicruous to track down the ISP of the Gnutella user every time you wanted to download something, just so you could phone him up and say "yes, I want to download roses_are_red.txt from you, but I need to know if you are distributing it illegally or not first").
  • I constantly argue with myself as to whether we have more or less democracy than before. Everytime I read another report on copyright extension, monopolies, etc, I worry that we are becoming more and more controlled by the megacorp cartels.

    Then I compare to what we had 100 years ago. 100 years ago unions were practically illegal, or perhaps just coming out from that status. Standard Oil, the railroads, etc -- huge monopolies. ATT started its monopolistic practices in the early 1900s. The National Guard was called out to break up strikes in the 1930s. General MacArthur used the standing army to break up a demonstration by WW I veterans around 1930.

    Any period I look at, the abuses were worse. I start to come out of my funk, and look at the LA police and Rodney King, Ruby Ridge, Waco, and realize that a lot more abuses are known publicly now, and widely distributed. This publicity is not what the powers want -- they want darkness and invisibility. This openness can only get better.

    In just 5 or 10 years, home computers will have a standard web site package included, people will wear micro cams at all times as a matter of course, broadcasting back to the home computer constantly, available for the world to see or review, and public crime will drop drastically.

    I come to the conclusion that the megacorps are fighting for (and winning) the rights to the corpses of obsolete prizes. They are waging death matches for nothing that matters tomorrow. The new life is proceeding without them, they don't know how to react, so they lash out in their old style methods, and will win precisely nothing useful.

    --
  • Ok, if I am downloading "download this" from that sell out band. (Like that would happen) They could see what my "user name" and IP was. Great, what the hell are they going to do with that ??? The user name they are going to see is jengo, which is my Linux login name. Then my IP which is from earthlink. Then you would say my email address/login id for earthlink is jengo@earthlink.net WRONG! If I gave you a list of 2,000 IPs, times and dates, and "user names". How long would it take to research every single one. Think how long it would take on 5 differant ISPs, let alone 1,000. Maybe its easy on AOL, but, not the rest of the world. Who on my side of the firewall did that download go to ? Me, my girlfriend, or the other 10 people that could have been connected. What about the company LAN ? My point is that all of that information MIGHT help get a couple of people. But, not everyone. Just my $0.02
  • What gives you the right to the software he wrote? And where do you get that anyone's privacy is being violated? I hope that you don't illegally download musicians' copyrighted works, because I don't think that I could handle so much irony this early in the morning.

    Cheers,
    ZicoKnows@hotmail.com

  • by Shagg ( 99693 ) on Thursday June 22, 2000 @05:58AM (#983671)
    Once again, it seems that somebody is writing a search enging for Napster/Gnutella that makes the same mistaken assumption that the Name of the file will tell you everything about the contents. NetPD did the same thing in the Metallica search. Sure, they found 300K+ people who had a filename on their drives containing the word "metallica" or a close match to words in their song titles, but there's nothing illegal about naming a file "Sandman".

    Yeah, I agree that pirating software via Napster/Gnutella sucks, but these search engines are just as stupid. It'd be similar for going to google.com and running a search on a common word. Sure, you turn up 3 million URLs, but how many of them really have the CONTENT you're looking for, rather than just contain the word out of context somewhere... how do you tell the difference?

    Until somebody comes up with a way of knowing that the file you found contains an actual song, rather than just a filename that appears to describe a song (this may even be impossible), what use are these searches?

    It seems that alot of music savy people are looking towards these searches to protect themselves, but they are definitely not computer savy enough to realise that these searches are meaningless. The problem is that the lawyers and courts aren't computer savy either (Ask the 300K people kicked off Napster because of a filename).

  • I'm not sure that "honey pots" aren't entrapment. The police aren't just setting up files that can be downloaded. They are actively putting them on a file-sharing system. That seems more similar to an undercover police officer posing as a drug dealer who advertises that he has cocaine available.
  • by deusx ( 8442 ) on Thursday June 22, 2000 @06:07AM (#983705) Homepage
    This article in the new Fortune issue [fortune.com] is kinda illuminating. Asking for what possibly legitimate uses there could be for Gnutella? Here they are. Fortune seems to have published an article whose author gets it.

    And as for the signal-to-noise problem... Dr. Lincoln Stein, of Perl CGI.pm fame and also a genetic researcher, is quoted in the above mentioned article [fortune.com] about how Gnutella-style distributed sharing and searching could help him in his genetic research, and he suggests tagging the files with various criteria... such as, in his example, tagging the information as from and for genetic scientists to limit search range.

    Seems like first generation Napster started the noise, second generation Gnutella gave it immortality (in theory)... and the third generation will probably bring metadata tagging facilities, more powerful searching and search path optimization. A lot of good stuff in that Fortune article [fortune.com].

    So, how about we start working on Son of Gnutella with an XML-based protocol, meta-data rich, with optional anonymized distributed UDP-based transfers (anyone remember FSP?), and monster searching.

    :)

  • by Lita Juarez ( 201217 ) on Thursday June 22, 2000 @06:08AM (#983708)
    I've had a look at the Media Enforcer website and the licensing of the software is interesting. The software is free (as in beer), but the freely downloadable version does nothing of use - it returns incorrect IP adresses. To get a working version, you have to convince the author that your reasons for having a copy are pure and honourable. This suggests that the author is setting himself up as some sort of vigilante, ready to defend musicians against the evils of piracy. (Of course, he wrote the software, it's up to him how he distributes it)

    I can see how this software may be useful for successful artists with enough money to attempt to prosecute people they suspect of distributing pirate MP3s. But I get the feeling that the author is hoping it will be used by smaller, less successful artists to protect their copyright. This leads to the question, what are these musicians going to do once they've got a list of IP adresses which are hawking their music? Smaller artists are unlikely to have the money to attempt to prosecute the pirates, so all they're going to be left with is the knowledge that their music is being pirated. Big deal. This software is of use only to the rich musicians and record companies - the people who are so rich that they are the people least financially affected by piracy. If the author of this software is unconnected with the RIAA, I wonder if he realises that the people his software is protecting are the same people who have been fucking him over for years with artificially inflated prices for recorded music.

  • Every gnutilla client/server should be capable of acting as a proxy for another, and requests should bounce at random through the network. Why doesn't it already work like this? Peer to peer transfers are so easily compromised...
  • If your search is done anonymously, and cannot be traced back to you, than how do you expect to receive results???
  • in this case they'd just keep your hard disk.

    haha good one... no they'd take your entire computer... in case you were storing some illegal MP3s in your printer cable *G*... Anyone have a link to a similar story, I'm sure there have been plenty of them (where an entire computer was seized, when only the hard drive was needed...)

    --

  • by Otto ( 17870 ) on Thursday June 22, 2000 @06:21AM (#983718) Homepage Journal
    So they can get an IP address. That's all fine and happy. But who you gonna sue? They'd have to:

    a) trace down everyone serving those copyrighted files, using nothing but their IP.
    b) sue each and every one of them.

    Good luck, and more power to them. You can't sue Gnutella like you sue Napster, since there is no such entity as Gnutella. Decentralization is the key. Gnutella is essentially nothing more than bunches and bunches of people acting independently to share files.


    ---
  • Not in the eyes of the law anyway, its copyright infringement. It isn't trafficking in stolen goods, it's trafficking in pirated goods. And there is a pretty big difference.

    And anyway, the people who download copyrighted material are never at fault legally, only those that distribute.
  • There's a common misconception in that post, which I'll correct here.

    It's trademarks that have to be aggressively defended to maintain their value.

    Copyright subsists in a creative work - of the appropriate kind, but let's not get into that level of detail here - from the moment it's created until the appropriate time limit (life plus term for human authors, straight term for corporate authors, term length varies according to jurisdiction you're in) expires: end of story. (The US has an additional wrinkle in that you need to register your copyright in order to claim a particular variety of enhanced damages for breach, but this doesn't affect the copyright itself.).

    A copyright holder can choose to sue or not sue over breaches of copyright as he pleases without affecting the underlying validity of the copyright.

    What difference this makes to your opinion of l'affaire Metallica is your own concern, however. Personally I think they're wasting a great deal of time and money on a futile exercise, whatever the rights and wrongs of Napster. But hey, us lawyers have to eat too...

  • ...and you be a ho.

    My Slash-Caddy be out of impound and I be ready t'do some Pimp slappin'! Ya'll be cold, towin' da Pimp's Caddy like dat. Ain't like I was parked in a "no-troll" zone or somethin'.

    I remembers it cleary: I was cruisin' da ghetto, checkin' on my ho's. Dey all be doin' some good work, and da crack-head mod's be throwin' dat karma all ovah da place like it be a Hindu festival or somethin'. Bitches be all singing, "Mod-ey Krishna, Karma Krishna, Whoring Karma, Moderate Us". It be worse than the bus station, so I whack a few o' dem bitches wit da Pimp Stick.

    Anyhow, I be scopin' da streets, lookin' fo some fool leavin' time on the meter, y'know? All a sudden I see dis sign all sayin' "Taco's Parking Lot - Censorship Free!", and I be thinkin', "Damn! Dat's just what my ass needs! A Taco!".

    So I eases da Pimp-Mobile into a space, and as I leavin' dis pasty-lookin' geek shout out, "We support free speech! Speak your mind without fear!" I dunno what da cracker fool be jabberin' about, so I just go about my bidness straightenin' out da ho's. And lookin' fo' dat taco, 'cause da Pimp be gettin' hungry, you know what I'm sayin'?

    I slaps a few ho's who be gettin' out a line, and gives a few others some o' dat good Pimp Lovin' dat dey always beggin' fo (but not Siggy. She be gettin' old and skanky an' I hear she just been playin' wit herself an' takin' karma outta da bank to make it look like she workin'). I never did find me a taco, so I Pimp Strut's my ass over to da Soul Food Diner fo' a bowl o' grits.

    Then I be headin' back to da Caddy and damn if I don't get rolled in da alley by dem moderatin' sons-a-bitches! Dey all actin' like I be bad fo' da neighborhood, like I da one encouragin' da ho's! Mofo's took 8 o' my karma in under 30 minutes!

    After dat I tell da pasty geek I want's to cruise a little in my Caddy, 'cause I be lookin' fo' dem mod thieves who jacked my shit, y'know? And then white boy tells me I can't get my wheels 'cause I lost too much karma! Tells me it be impounded, and if I gots a problem wit dat I needs to take it up wit some brother named "Pater".

    Now I figure Pater be da muscles of da operation, and I already got jacked once already so I gonna play it cool, you dig? So I says to the pasty geek, I says, "Yo, sign be talkin' 'bout 'Censorship Free'. What up wit dat?" Whitey look at me and say, "That's right. You were censored and it didn't cost you a dime."

    Take me 48 hours to get da Caddy out of da impound yard, and meanwhile all da ho's and crack-heads be runnin' around wit out a care in da world. Shit ain't right.

    Then I checks out da car and it be all banged up and shit! Speedometer be stuck on 0, and I can't even pass an AC wit out a push from da mod's! It just be me and the FP jallopies pokin' along in da "Low Threshold" lane, like we ain't important.

    'Course we still be blowin' by dat fool drivin' da NP-19. Homeboy ain't even got an engine and he still be tryin' t'cruise in style.


    You wanna be a karma whore?
    Fine, but don't forget...
  • Just running Gnutella on a PC and having copyrighted material available wouldn't amount to entrapment. I believe the standard involves coercion or enticement in order to make the suspect commit whatever act you're trying to target. Just like the cops can dress a female officer up and walk her down the avenue, waiting for a John to offer $20 for a quick "date"...
  • by mindstrm ( 20013 ) on Thursday June 22, 2000 @06:15AM (#983738)
    At every ISP I have worked at (chief sysadmin), the only way we would release a username was a) Police investigation (not necessarily a court order) b) When we had enough facts surrounding the case that we felt comfortable giving the information to the asking party. This is extremely *extremely* rare. Usually, it involved someone we actually knew, or someone running a neighboring ISP, and we were both trying to track down an abuser or something. In this case, we would share information. If joe Musician called up and asked us for this information, we would simply tell him that he needs a court order in order to do this.
  • putting up material to be downloaded in order to finger people would ammount to entrapment

    IANAL, but entrapment would be if NetPD actively contacted individuals and offered them bootlegs unsolicited (imagine the concept -- poison pill spam). Simply posting fake files and waiting for people to find and download them doesn't count. Compare to police officers posing as prostitutes or drug dealers. If they come up to you and initiate the deal, it's entrapment. If you go to them first, it's an arrest.

    But I do agree that Media Enforcer isn't going to get very far against Gnutella. Perhaps they could try and get individual servers booted off their ISPs, but that's like fighting fire with a teaspoon.

  • Gnutella wasn't designed so that downloads were anonymous. It's as easy to find a user there as on Napster.

    What Gnutella *does* provide is a decentralized structure. So if you find 300,000 people pirating your music, you can't sue Gnutella's creators to stop them -- they're not serving the data, they have nothing to do with it, and putting them out of business won't affect the user transfers. To enforce your copyright on Gnutella users you will be forced to sue them all individually. *That* is what scares the RIAA.

    And although others may have mentioned it, Freenet is the next step beyond Gnutella. Not only is Freenet decentralized, but users on it *are* anonymized.
  • by Anonymous Coward
    Slightly off topic, but there is a website, http://www.stopnapster.com that is advocating sabotaging napster. article on zdnn: http://www.zdnet.com/zdnn/stories/news/0,4586,2592 245,00.html
  • Let's sing along,

    THE US CONSTITUTION DOES NOT SAY WHAT A CORPORATION CAN OR CANNOT DO, IN OR OUT OF COURT.

    The US Constitution ensures that a criminal infraction (action against state or federal law) won't be prosecuted twice under the same charge and same evidence.

    The US Constitution ensures that the government won't forcibly compel testimony from someone.

    The US Constitution ensures that the government won't consider any tangible expression to be a violation of state or federal law, with few exceptions.

    The US Constitution does not apply to civil judgements, because the plaintiff is not the government. That's how O J Simpson was found guilty on essentially the same charge in a second trial: it was a civil trial raised by victims' families. Corporations are not the government.

    THE US CONSTITUTION DOES NOT SAY WHAT A CORPORATION CAN OR CANNOT DO, IN OR OUT OF COURT.

  • 1)
    It doesn't seem that the editors are reading the stories they link to. Reading the ZDnet article myself, it doesn't look like a "poison pill" file to me. It looks more like just another search engine that uses the gnutella protocol to log IPs of the people OFFERING files. It does NOT appear to be a way to entrap people DOWNLOADING files. Indeed, that's entirely unnecessary, as peer-to-peer file transfers, by their very nature, return the IP address of the downloader.

    2)
    Speaking of entrapment... If this WAS a "poison pill" file, a) it's not a copyrighted MP3 anyway, and b) isn't entrapment illegal as hell anyway?

    3)
    In the IQ war between computer geeks and dirty metalhead types... I'll wager on the geeks every time. How long before a countermove is made by the geek community to nullify this problem? The obvious first move is forged IP headers emailing the file request to an anonymous hotmail-type account, or posting to a specified usenet group. That could be an option EASILY added to gnutella... or napster for that matter.

    4)
    There is STILL no "single point of failure" in gnutella. That is, no master servers to shut down. Metallica would have to sue ALL 300,000 individuals, were they using gnutella instead of Napster. Just prosecuting a few to set up as "examples" could enable a "selective enforcement" defence... not to mention a VERY bad PR incident.

    5)
    Just HOW MANY ways are there to make sure a visible IP address does not actually lead back to you? Perhaps I could set up my own anon proxy, and announce it to alt.cubans.who.hate.castro... and it would just HAPPEN to be noticed by someone who hates the RIAA and crossposted to alt.metallica/RIAA.die.die.die.

    6)
    Freenet.... 'nuf said.

    john
    Resistance is NOT futile!!!

    Haiku:
    I am not a drone.
    Remove the collective if

  • Comment removed based on user account deletion
  • That's what we have Freenet [sourceforge.net] for.
  • In the US Legal system, not knowing the law is not a defense against your committing the infraction.

    "Officer, I didn't know it was a 25MPH zone, I didn't see the sign because I was looking in the rear-view mirror at your blinking lights."

  • by Tackhead ( 54550 ) on Thursday June 22, 2000 @06:31AM (#983766)
    > I would think that putting up material to be downloaded in order to finger people would ammount to entrapment,

    Not really.

    As I understand entrapment, it's only entrapment if you actively encourage the crim^H^H^H^Hvictim to commit the crime.

    Gnutella users have plenty of opportunity, once they see that Metallica track on honeypot.riaa.com, to Just Say No.

    If they walk away from the bait, they're not guilty -- even if they searched for "Metallica" to find the bait in the first place -- because there's no law against searching for infringing material.

    Only when they elect (of their own free will) to download what they reasonably believe to be infringing material, have they committed a crime.

    Unless there's a RIAA rep saying "hey man, download that Metallica song from my server, fuck the system man! Be an MP3 r3b3l d00d!" in some chatroom at the same time as the poor bugger finds his way to the honeypot, it's not entrapment.

    From law.com:

    entrapment, N.: in criminal law, the act of law enforcement officers or government agents inducing or encouraging a person to commit a crime when the potential criminal expresses a desire not to go ahead. The key to entrapment is whether the idea for the commission or encouragement of the criminal act originated with the police or government agents instead of with the "Criminal." Entrapment, if proved, is a defense to a criminal prosecution. The accused often claims entrapment in so-called "stings" in which undercover agents buy or sell narcotics, prostitutes' services or arrange to purchase believed to be stolen. The factual question is: "Would Johnny Begood have purchased the drugs if not pressed by the Narc."

    While it's true that the potential criminal in the case of Gnutella has neither expressed nor not-expressed a desire not to go ahead with the crime, it's pretty clear that searching for "Metallica" and downloading "Metallica.mp3" on Gnutella are almost always things that originated with the soon-to-be-criminal, and not the cops, the RIAA, or NetPD.

    I have no love for the RIAA and frankly think that this is a pretty disgusting tactic. But as repugnant as it is, it's probably not entrapment.

    The moral of the story is that you need a distributed and chained network of anonymizing proxies, as well as strong crypto between each link, to make a truly bulletproof system. Any system where there's direct client-to-client contact renders you visible to the world.

    Don't think that this is only a concern for cablemodem users and those with static IPs. If you're on dialup IP, remember that most of those dialup ports resolve to a geographical identifier. If there are 500 Metallica downloads and 400 Frank Sinata downloads from the class C block ipXYZ.yourcity.yourisp.com, odds are good that there are only two violators, and it's a simple process for your ISP, once subpoenaed, to prove it and nail them both.

  • by Wah ( 30840 ) on Thursday June 22, 2000 @06:31AM (#983768) Homepage Journal
    'cause piracy is the record industy buzzword as far as MP3 goes.

    I mentioned this the last time /. posted a link about this software. Its usefulness, IMHO, won't be tracking down those evil bastards who like music, but finding out what exactly all those evil bastards are listening to. Ratings. Tracking. The same thing will be needed when the bandwidth to share moving pictures becomes commonplace. In a distributed media environment the loss of control scares a whole bunch of people, what they don't realize is that control is the expensive and difficult part of their jobs.

    Oh, and we'll probably have to change some laws...or quit funding the folks who would rather sue and ignore new tech than compete.
    --

A Fortran compiler is the hobgoblin of little minis.

Working...