Gnutella Copyright Enforcement? 290
horos1 writes "Is copyright protection on gnutella enforceable after all? I thought that gnutella users were better off (ie: more anonymous) than napster users in this regard, but this story on zdnet implies otherwise." As I understand it, this app can report user names and IPs of people who download boobie trapped files that the software pretends to serve. Yes, you to can be Lars!
Re:Anonymity (Score:2)
Get too many of your nyms shut down, and it'd be cheaper to buy the music CDs themselves.
"Hey, hey! Ho, ho! 100110!" - Robot rebels in Futurama
Re:Sancitity of contract (Score:1)
Re:Interesting. (Score:1)
My understanding is that if someone reports illegal activity to an ISP, the ISP can take action according to their Terms Of Service, but cannot disclose any personal information to the person who reported the offense. So, if the RIAA tells me I have a user who's sharing illegal MP3s, and gives me the user's IP address, I can check to see who the user is, but I can't tell the RIAA. I can take action against the user (by terminating their account, etc.), and I can tell the RIAA that I have done so, but unless the RIAA presents me with a court order, they'er not getting the name of my user. If I do disclose the name of the user to the RIAA, the user can sue me.
I imagine that some ISPs could simply make exceptions to this, by explicitly stating in their Terms Of Service that they can give out personal information in this kind of situation, but there might actually be laws against it. I'm not sure.
--
Re:Freenet and Gnutella (Score:1)
Go ahead. Because of explicit trust such a system would be so small that not even the RIAA would conceive of it as a threat. If you open up the trust relationships to the point where you could actually do significant piracy (which is all some people around here seem to want to protect), then it will be open to infiltration and compromise.
Re:Information tracking.... (Score:2)
Not only that, but imagine how the judicial system would react in front of the ensuing onslaught of litigation? After 5000 cases of "Plastika - vs - Joe-Blow-who-downloaded-the-latest-hit", judges will soon tell the RIAA to go screw itself pretty quick.
--
Here's my mirror [respublica.fr]
Re:Entrapment? (Score:1)
If they offer dummy files with the same name as copyrighted material then downloaders haven't committed any copyright infringment - they've downloaded a couple of megabytes of garbage and have therefore done nothing wrong.
If they offer the real thing and track who downloads; then doesn't the fact that they allowing free downloads of their copyrighted material affect the status of their copyright? If they're not protecting their material properly then they can't accuse anyone of abusing the copyright.
Whatever they offer for download they've lost the case.
Sancitity of contract (Score:1)
Is it really illegal to download pirated content? (Score:1)
I was under the impression that only the part that acutally creates and makes available copies of a copyrighted work does something wrong. In particular, I have a vague recollection of a newspaper article that stated that a person that creates pirated CDs can be sued, but that it is not illegal to accept CDs from him. (This was in Sweden, but copyright legislation should be the same everywhere).
If that is the case, then lists of people who has downloaded supposedly pirated content would be completely useless. Only a list of people who has served such content would be of interest (like the list that was presented in the Napster case).
Re:Anyone work for an ISP? (Score:1)
--
notagain (Score:1)
Huh? no copyright violations for searching (Score:1)
Searching for a file name is not a copyright violation. Downloading copyrighted material would be, but the users wouldn't be doing that. they'd be downloading a "boobie trap". Even if that file is copyrighted, it's misrepresenting what it is , so downloading that can hardly be illegal.
Sounds like he's breaking laws by sneaking unauthorized software onto users' machines. Isn't there an anti-hacking law abotu trojan horses?
Re:Entrapment? (Score:1)
This is different from a case, say of narc@fbi.gov emailing you a link to metallica.mp3
The gnutella example is more like:
<Crackhead> (talking to NARC) Hey man got any Crack?
<Cop> Sure.
<Crackhead> ty!
<Cop> *savage beating/arrest*
I think it makes it difficult to call this entrapment.
Re: (Score:2)
Re:An MP3 Vigilante! (Score:1)
Well, if its being pirated, then that means people like it... Perhaps they could use it as a barganing chip in record company deals...
Re:Searches are safe, downloads are not (Score:1)
You might not get convicted, but you could get fucked up pretty badly. In the case of the guy who created DeCSS, arrested by the MPAA's corporate goons. In that guy from New York's case, shot 41 times.
I remember a story on the news here about a kid who got shot by a cop outside of a store at night. And, oh yeh, the kids parents owned it. The cop didn't even get fired.
I don't see how you could get convicted by searching for a file, but that doesn't mean you couldn't, say, have all your computer stuff confiscated or something like that...
Entrapment? (Score:1)
I would love to see an eventual litigation of this topic. A "downloader" could say since the questionable files were placed there with the direct intention of having people download them that he was entrapped. That would put an interesting twist on this topic indeed.
-clump
Entrapment (Score:1)
Anyone know what the legal situation is on civilian entrapment?
Re:Big deal? Who you gonna sue? (Score:1)
I wonder if the RIAA really would file a lien against a college student to recover damages?
Further, you can sue colleges for allowing the students to use Gnutella by not providing blocking software or the like, as it is not a secret that a lot of, if not most, pirates are college students.
No shortage of people to sue! If you use your imagination, you can easily come up with some more.
Re:Sure.. why not? (Score:2)
At least not yet, you can bet the RIAA would love to be able to nail you for just *thinking* a copyrighted tune. I'm humming a metallica song right now, eat that lars!
Re:Napster, GNUTella, et al all have this hole (Score:2)
I'd hate to be the poor sap on a T1 downloading from a T3 using a machine on a 28.8 modem as a relay.
Re:Please correct me if I'm wrong.. (Score:1)
Note, however, that AFAIK there is no legal requirement that ISPs keep userIDIP address assignment records. So an ISP that doesn't keep that information for long enough for a warrant to be arranged wouldn't allow them to track you down.
Re:Err, correct me if I'm wrong... (Score:1)
It's like if the police clock you at 50 over the limit, but they don't catch you. However, they do get your liscence plate number. They have nothing on YOU because anybody could have been driving the car.
Actually, that's not true. If the car is registered to you, then you are responsible for how it is used (unless in the case of theft, naturally). If your girlfriend was driving your car in the scenario you suggested, you still get the ticket. It might not be your fault, but you'll get "punished" because you entrusted your girlfriend with your car and therefore are responsible in part for the ticket.
More on topic: If RIAA or whoever gets your IP, and then your ISP terminates your account, that's too bad. The "it wasn't actually me logged in" excuse won't cut it. After all, you gave the other person your password (in effect), but the account is still yours. The ISP will come back and say, "OK, so maybe it wasn't you who downloaded MP3s of [insert RIAA band here]. But you let other people use your account to download them, which is a breach of the terms of service and/or EULA, so we're cancelling your account anyway."
Re:Anyone work for an ISP? (Score:1)
Sending court orders to everyone... (Score:1)
-elmo
Isn't it the file provider who's at fault? (Score:1)
But no free lawyers - he's afraid of lawsuits (Score:1)
Given the money that the RIAA and various artists are willing to spend fighting this thing, it seems quite understandable that he would want to say something like that. It's not really an evil ploy, I'm sure, just a method of keeping himself out of the courts.
Re:Sure.. why not? (Score:1)
Please correct me if I'm wrong.. (Score:1)
good! (Score:1)
Possible? (Score:1)
Do we even trust that this company can track Gnutella users? You have to send in a WRITTEN APPLICATION to get a fully operational version of the program. I suspect they are still trying to figure out how to get the correct IP for Gnutella users.
Re: (Score:1)
But what would that username and IP mean? (Score:3)
Freenet (Score:1)
Hate to interject here, but if you are after Anonymous file transfers you need to look at Freenet. Gnutella is a distributed file sharing system not an anonymous system.
Lando
Safety in numbers (Score:1)
Anyway, I'm not worried about this kind of thing. So they have your IP address. Fortunately, they also have about 10K other IP addresses. Who can they complain to? The ISPs? They'd have to complain to hundreds of ISPs, most of which wouldn't care. It's just not feasable.
The whole SNR thing is much more of a problem, if you ask me.
The Wall Of Shame (Score:1)
Ahhhhhh.... (Score:1)
Sure.. why not? (Score:5)
In fact.. as soon as search results are returned, those results contain the IP address of the host holding the data, no?
So... the only thing anonymous about gnutella is that searches are anonymous until you actually download something.
But really.. the whole point of gnutella wasn't that it was 'anonymous', but that it is decentralized. There is simply no easy way to 'stop' people from using gnutella. we can switch ports easily.. it really doeos need randomized ports....
Now.. personally, I would think that putting up material to be downloaded in order to finger people would ammount to entrapment, as you are basically going somewhere where you *KNOW* that people are tempted to download software, and put up software they might want...
Re:Uh... (Score:1)
Functionality (Score:1)
Media Enforcer is just a front end to search the respective sharing utilities for certain bands and/or titles, and lists the IPs and Usernames of anybody sharing a file you're interested in.
AFAI can tell, it doesn't "bobby trap" anybody...
Nitpicking. (Score:1)
In the text of this "story" we see the line "you to can be Lars."
It should read "you too can be Lars." To can be makes no grammatical sense. If you're going to be valued as a media site, please don't contribute to the degradation of the English language by using improper grammar.
--
If there is a God, you are an authorized representative. - Kurt Vonnegut Jr.
Re:Karma-based searching (Score:1)
-
"There is no off position on the genius switch." --Dave Letterman
-
Re:boobietrapped? (Score:1)
I never said I was a security exspert, dumbass. all I said was that I found a
Re:Sure.. why not? (Score:1)
This may be a very technical defense, but I believe it's a pretty solid one. Anyone see a loophole in it?
The loophole is, is that no one is going after anyone for being the recievers of copywritten files. They're (the RIAA, Metalica, Dre) going after people that are making those files available for download. So, as you said, the distributor could get in trouble, and as reality is working so far, it is the distributors who are getting banned from the services, and NOT the recievers.
However, the way that Napster is set up, once you download a file from a "distributor", that file then becomes available to other people, so unless you're quick to move it to another directory, you too become a distributor and can therefore face whatever penalties are being handed out.
Re:People seem to be missing a big point (Score:2)
It just might be time for a civil equivalent to the Bill of Rights.
Re:Anyone work for an ISP? (Score:2)
Hear Hear
It is, alas, a common police/investigative tactic throughout the world to turn up and gain access to premises on the mere threat of a search warrant.
In fact, in most jurisdictions, at least some form of prior judicial scrutiny is required before agents of the state can violate privacy in search of evidence. (And if they claim they don't, ask for full details of the enactment/statute under which they derive their power and take a careful note of what is said, in writing and at the time.)
When faced with police pressure, you should always insist on seeing a warrant/court order before permitting any intrusion - don't back down unless and until they threaten physical harm. It makes life so much more fun for the nice officer when he has to explain himself to the judge later.
Of course, your mileage may vary as to how effective judicial scrutiny of police action ever is...
Both side at fault. No one cares what you download (Score:2)
Yes, but the law doesn't care. Ever notice how hookers get busted, but the Johns do not? Ever notice how the pirate video stores get raided but no one follows up their customer list? Ever notice how they went after napster but not after its users (they nuked some nicks but never bothered real people). Ever notice how the FBI goes after bank robbers, but not after those who accepted the stolen money for various goods and services. It's all about stopping the supply, not the demand.
Re:An MP3 Vigilante! (Score:2)
On the other hand, commercial ISPs have a financial interest in people using their service - the longer you are online trading files by Napster and the larger the bill you run up. So it would be a bad idea (financially speaking) for ISPs to crack down on Napster use. Have you noticed how hard it is to get most ISPs to do anything about spam which originates from their service? This would be a similar situation. The ISP would be unlikely to investigate the pirated MP3s or ban the user until they were forced to by a court order. Which brings us back to the situation that less successful artists are unlikely to have the financial means to drag this sort of thing through the courts.
Re:Sure.. why not? (Score:2)
Re:Napster, GNUTella, et al all have this hole (Score:2)
What you suggest simply puts a server in between which you will have to trust. So basically you are back to Napster with some sort of encryption.
The point of gnutella is to make all transfers peer to peer, not really anonymous. Of course you could always relay the packets from a central server on either end, but the goal should be to retain the "end-to-end" nature of the internet and you can never effectively encrypt routing information.
Re:Napster, GNUTella, et al all have this hole (Score:2)
Two questions: IRC, and fake files (Score:2)
1. Very little mention has been made of mp3 (or any file for that matter) distribution over IRC. It certainly is easy enough to locate your favorite music on various channels. So is it trackable? If it is (it would have to be because of the peer-to-peer nature of DCC), why has IRC slipped through without being part of Lar's wrath?
2. What if I put up a file called 'Metallica - They've sold out, man.mp3' that consist of me ranting into a microphone about how Metallica has sucked since the 'Black' album. My name/IP could be snatched up by this software, right? So I get taken down by Napster, or hauled to court... what kind of recourse would I have? Heck, for even more fun, I take my rantings, but call it 'Metallica - Unforgiven.mp3'. How would that affect my legal standing?
"I shoulda never sent a penguin out to do a daemon's work."
Re:Sure.. why not? (Score:2)
Good post. One question:
Can't the user simply claim "fair use"? I know fair use is somewhat limited, but how could the copyright holder prove that it was not fair use?
Might it at least drag things out long enough to make the case too expensive for the copyright holder? I know the big intellectual propery clearing-houses have deep pockets compared to most individuals, but compared to millions of individuals is another story.
Most piracy cases AFAIK have targetted large distributers. Going after the end-user is a much more hairy proposition I think.
(Somebody has to fix these damn "invalid form key" slashdot errors.)
Re:And what would the ".mp3" extension mean? (Score:2)
It might just be my latest dumped core that I automatically rename to Metallica-DownloadThis.mp3 because the band pissed me off or I think it is funny. In that context, having a file called Metallica-DownloadThis.mp3 and sharing it though Napster or Gnutella is perfectly legal
It may not be illegal, but having a file names that is enough suspicion to investigate further. If I have a baggie that looks like it has crack in it, and I show it to a cop, he's going to arrest me. If you have something that looks exactly like a pirated file, they have enough grounds to pursue it. You may be found innocent in court, but that doesn't mean they aren't going to try and prove it was a pirated file.
Media enforcer email (Score:2)
Not that I think anyone should actually do this, of course; that would be wrong.
--
Re:Pissing in the Stream (Score:2)
Napster, GNUTella, et al all have this hole (Score:5)
Any distributed file-sharing protocol that is non-encrypted is insecure in this fashion. The reason is simple: Your computer requests the serving computer for the file in question. The other computer obviously knows your IP, then, and a modified client can serve up that info. That's why the Freenet project is so essential.
Here's a simple precaution that can be taken when desiging such a protocol: One computer never directly requests to another. Instead, it gets a piece of information from the serving computer through the network (x, n, and x^y mod n for some x, y, n) and creates a key (x^y^z mod n for some z) and sends another piece of information indirectly (x^z mod n), so that the server can get this number (x^y^z mod n) itself. Then you can establish a two-way encrypted link securly while having your packets be passed through other clients (so that the server never knows your IP). (BTW the encryption is a diffie-hellman key exchange and is one of the neatest things in modern crypto).
Re:Sure.. why not? (Score:2)
> Can't the user simply claim "fair use"? [
In short, you're suggesting that people sued make frivolous claims that their infringement falls under fair use in order to effect a DDoS on the RIAA's lawyers.
Sounds like Elron Blubbard and the Co$ doctrine that "The purpose of a lawsuit is not to win, but to harass".
Sadly, this tactic only works if you've got a lot of money behind you, material to blackmail judges, (or a timely drowning of the offending judge's dog in order to force him to recuse himself :) or otherwise rig the legal system in your favor.
The goal of the RIAA here isn't to prosecute everyone who dips into the honey pot, merely to ensure that enough people get sued, and that honey pots are prevalent enough, to create a "chilling effect" that encourages compliance.
To dig up an old comment I made about spammers - it's like putting a few heads on pikes to encourage the others to comply.
Whether this would be effective in the context of a distributed system such as Gnutella or not is open to debate. It's rather like the War On Some Drugs. Posession is illegal, but only a tiny minority of "downloaders" get nailed to the wall.
What's interesting is that for USE^H^H^Hat least one distribution system out there whose scrutiny appears to have escaped RIAA thus far, nailing downloaders is nearly impossible, but nailing the top uploader by volume on a monthly basis would be trivial. This would create one hell of a chilling effect.
But as for a Gnutella, I'm skeptical, unless RIAA agents set up a network of dozens (or hundreds) of honeypots. If they go that route, the honeypots would have to be geographically distributed (in meatspace - in order to be distributed throughout the providers' IP-spaces), and it would be nontrivial to set up such a network of honeypots without the cooperation of the ISPs themselves.
The future will be "interesting" to say the least.
Re:Of COURSE you can snag IP addresses... (Score:2)
And then what? The person hasn't done anything illegal, since the content was bogus. The person hasn't actually infringed on anything. If you buy a bag of oregano from an undercover cop who tells you it's pot, you can't be arrested for anything. You actually have to commit the crime you intended to commit to be held liable for anything.
This raises an interesting point. To actually convict someone of pirating mp3s, it strikes me that you would have to have direct evidence that the file you put up for download was, in fact, an illegitimate file. You would also have to strongly link the IP address to the actual person. It would be exceedingly difficult, if not impossible, to take any legal action against anyone using evidence such as a list of user names, IP addresses, and alledged song files they made available for downloading. It would take a serious investigation involving searches, stakeouts, time, and money to really get the necessary evidence to make a piracy charge stand up in court. The only people the police would go after to that extent would be real "pirates" who actively distribute illegal copies en masse, and who charge for it. I don't think there is any reason to believe that the government would or could go after individuals trading files for fun.
Re:DDOS? (Score:2)
Makes it perfect tool for DDOS attack. Just tell 20 of your Guntella neighbours "that guy overseas really wanted that 10G movie clip, so please help me delivering it" and your victim is roasted and served with fries.
Humorous, but I think you missed the idea.
The scatter network code is part of every client. You can't initiate the transfer for someone, it's the other way around.
In discussing the idea with my brother earlier today, you would have to devise a way to split the initial transfer up into x "tamper proof" packets. Packets which could be split up but not be altered otherwise. That would prevent subverted clients from mucking with the data.
How would the fragmented mess eventually get to the original requestor? I would imagine it would be done with some kind of session ID. A "virtual circuits" (to steal a Frame/ATM term) kind of thing, but where you would start advertising you are connection x and the server would start broadcasting that it is the producer of information for that session. Hmmm... I wonder if a DeviceNet style of data producer/data consumer would work in this case. A routed system which learns which sessions are where... sounds bandwidth intensive.
I didn't say I had a working solution, merely an idea. :-)
And what would the ".mp3" extension mean? (Score:2)
It might just be my latest dumped core that I automatically rename to Metallica-DownloadThis.mp3 because the band pissed me off or I think it is funny. In that context, having a file called Metallica-DownloadThis.mp3 and sharing it though Napster or Gnutella is perfectly legal.
Re:Napster, GNUTella, et al all have this hole (Score:4)
No, I mean requests flowing across the network (and encryption to make it secure). If what I described were implemented:
Actually you can take it a step further... with all the gnutella clients out there, each one can serve bits and pieces of the file to the requestor once it is determined that they want file 'x' from server 'y'. You could do a bit of network analysis to find, say, your closest 10 neighbours and your most reliable (and distant) 10, and then spread the transfer through those 20 clients. (use more for less bandwidth impact on the scatterers but at the cost of more complexity). At the receiver's end, just reassemble the packets from all the scatterers.
Make it better by having several layers of this scattering. server --> scatter network --> scatter network 2 (now scatter impact is squared for the same size network) --> scatter network 3 (cubed impact now). Let's say you've got a scatter network of only 10 computers. That's now 1000 computers sending bits and pieces of what you want, at no (significant) bandwidth cost to themselves. Of course you'll have to set up levels of how many scatter networks you want to take part in.
Think of it as spread-spectrum TCP/IP networking. :-)
Re:Isn't it the file provider who's at fault? (Score:3)
Hotmai1 1imitations (Score:2)
You could make Gnutella support email attachments as a transfer protocol, so that paranoid people could have their files sent to a hotmail account.
MSN Hotmai1 [hotmail.com] supports attachments on1y up to 1,000 KB in size; any good sized *.mp* file is out.
Re:Sure.. why not? (Score:2)
Not harassment at all, because the people who would make the "frivolous claims" (which may or may not actually be frivolous) would not be the ones filing the lawsuit.
It's more like MS' claim that the web browser belongs in operating system. It's subject to interpretation.
AFAICS it's common for people to claim every possible defense they can come up with. I think they call it "due process". :)
Bah. The drugwar hasn't stopped people from using drugs, and the government has nearly bottomless pockets to spend on that vietnam. Copyright holders are not in that situation- they have to make money.
Agreed.
Entrapment? (Score:2)
Re:Searches are safe, downloads are not (Score:2)
Nope, search responses have ip addresses in them, they also have a unique identifier to allow the network to pass push requests around when you can't directly connect to the end router. fake ip's and working push stuff makes the whole thing a little more anon.
Information tracking.... (Score:2)
Plus, think about it.. if everyone on Gnutella got subpoenas on their doorstep towmorrow for downloading copyrighted information, we would have even more popular support for the cause. The more people the RIAA piss off with these bully tactics, the better off we are.
//Phizzy
Pissing in the Stream (Score:4)
The best solution I've come across (in the oh so many hours I've thought about it...
Unfortunately, the protocol [wego.com] as it currently stands, does not have much room for carrying this kind of information, and implementing it in any kind of non-trivial-to-circumvent way would require a fair bit of work. I mean, you can have clients digitally sign their hits, and the hits of people for whom they vouch, but ugh - think about the kind of traffic that goes across one of these clients, and the overhead that would come from signing or otherwise authenticating each one.
Maybe something more akin to the spam blacklists would be more appropriate: have a hook in the client that allows it to grab the current blacklist and filter those people out of the hits. Unfortunately, since a gnutella request doesn't pick and choose it's recipients, you'd have all sorts of traffic moving around that was just being dropped by the recipient, but at least this contamination would be harder to pull off.
Any thoughts on these, or other ways to keep the S:N on something like this up? I think client-side implementation is important, since it allows the protocol to remain unscathed, and choice is of course, essential, just like browsing
Johnath.
Enforcement? (Score:2)
When Metallica wanted to stop Napster users it got Napster to ban them (not that this was terribly effective, as two minutes in the registry got a user back in with a new account name). But if Metallica wanted to enforce its rights under Gnutella, there is no central company to put pressure on. They have to go after the individuals. They've said they don't want to do that, and I can't imagine there are many that would, because there's nothing in it for them.
Anonymity (Score:3)
If you want real anonymity, you have three options:
The first one can be had by anyone who will let you use their SOCKS5 server. With some servers, you may also be able to tunnel through an http proxy to obtain non-http service, however YMMV. Services exist online like Anonymizer.com or Freedom which will, for a small fee, happily remove all traces of your IP address from the request using one of their servers. Caveat emptor, however, as they likely need to keep logs as well to prevent absue.
Option #2, illegal proxying - crackers have known about this for a long time. Basically, grab yourself a copy of nmap and start scanning on ports 1080, 80, and 8080 and see how many proxies you can find. Scan for winproxies [winproxy.com] as well as they are often poorly configured.
Once you have your net of proxies up, or have compromised a bunch of computers and done the same, use those to relay your messages. Or just go down to a public terminal and install some proxy software.
Option 3, there is only one option here - MBone. It is basically an IP multicast network setup on top of IPv4 which allows one server to broadcast data to all other computers on the network.
I'd like to, at some point, start a project to create a self-healing mirroring network with crypto support do accomplish the same things GNUella does, but have it rely on multiple protocols and require no special software (ie, web servers, ftp servers, etc) for the clients to use to get information off the servers.
But I digress... in short, you have no privacy. Either do something illegal to get it back, or give up and accept it. No solutions exist at present to give you 100% anonymity. But.. there are projects in the works that aren't internet based that may be appearing in the not too distant future...
Re:Isn't it the file provider who's at fault? (Score:2)
False. In some cases, trafficking in stolen goods is just as bad as the actual theft, even if you can prove you had no knowledge that the goods were stolen. I imagine that something similar might apply here.
Of COURSE you can snag IP addresses... (Score:2)
All of these protocols involve direct peer to peer file transfering, without going through some sort of trusted intermediary or anonymous network. Thus, if you find someone has the item you are interested in, it is trivial to get the information: Just start the transfer, see the sucker's IP, and disconnect before you waste any more of your bandwidth. From there, you can go through whatever routines are necessary to associate an IP address with an individual.
Similarly, there is no means of authenticating files before downloading, so it is easy to make a tarbaby server: Just put up a bunch of bogus content, but interestingly named files. When someone tries to download it from you, you get the sucker's IP address.
Finally, under copyright law, the copyright holders do need to be rather active in defending their rites. Although I believe that Lars Ulrich and company are being rather ham-handed about how they go about it, they really have no choice but to at least make reasonable attempts. Otherwise, a copyright lapses if undefended, and someone could start manufacturing CDs of Metallica and the band could do nothing.
Is Napster really different from a company who's business model is "We want to make money by software piracy?"
Nicholas C Weaver
nweaver@cs.berkeley.edu
Re:Isn't it the file provider who's at fault? (Score:2)
It is the copying that matters, which is why buying a copy of the New York Times isn't parallel--you're not making a copy.
Only the copyright owner can give you permission to make a copy (unless the copy is Fair Use, in which case you don't need permission). To use your example, the guy behind the counter at the newsstand can't give you permission to make a copy of an article in the paper. In fact, the newspaper itself might not be able to give you permission--unless they had secured those rights from the author.
Obvously this can be a bit complicated to figure out in advance. That's why contracts to use copyrighted material have the author warrant that he or she owns the copyright and agree to make the publisher whole if that turns out not to be true.
Re:Probably not entrapment... (Score:2)
The argument of 'what if I didn't know it was being distributed illegally' is a valid one. Assume that you're doing some research on caramel corn. You go to your trusty friend google.com and start looking for pages relating to "caramel corn". You find an article that looks very promising, so you follow the link. Once you've loaded the entire page, you find that, sadly, the article is copyrighted by Caramel Media Inc., but John Francis, who is a caramel corn fanatic, copied the article on to his page without permission from Caramel Media.
In my mind, this would be analogous to what the OP described. You were looking for some poetry (do people distribute poetry on Gnutella?), found one that sounded interesting, and, after downloading it, found at that it was being distributed illegally.
In the first example, it would be ludicruous to phone up the ISP of *every* page you were about to view and say ("yes, I was thinking of reading an article you have saved on your website at ~users/bill/caramel.html, but I was hoping if you could check to see if has been illegally distributed first"). Likewise, it would be ludicruous to track down the ISP of the Gnutella user every time you wanted to download something, just so you could phone him up and say "yes, I want to download roses_are_red.txt from you, but I need to know if you are distributing it illegally or not first").
Democracy is actually increasing, methinks (Score:2)
Then I compare to what we had 100 years ago. 100 years ago unions were practically illegal, or perhaps just coming out from that status. Standard Oil, the railroads, etc -- huge monopolies. ATT started its monopolistic practices in the early 1900s. The National Guard was called out to break up strikes in the 1930s. General MacArthur used the standing army to break up a demonstration by WW I veterans around 1930.
Any period I look at, the abuses were worse. I start to come out of my funk, and look at the LA police and Rodney King, Ruby Ridge, Waco, and realize that a lot more abuses are known publicly now, and widely distributed. This publicity is not what the powers want -- they want darkness and invisibility. This openness can only get better.
In just 5 or 10 years, home computers will have a standard web site package included, people will wear micro cams at all times as a matter of course, broadcasting back to the home computer constantly, available for the world to see or review, and public crime will drop drastically.
I come to the conclusion that the megacorps are fighting for (and winning) the rights to the corpses of obsolete prizes. They are waging death matches for nothing that matters tomorrow. The new life is proceeding without them, they don't know how to react, so they lash out in their old style methods, and will win precisely nothing useful.
--
People seem to be missing a big point (Score:2)
Go write your own (Score:2)
What gives you the right to the software he wrote? And where do you get that anyone's privacy is being violated? I hope that you don't illegally download musicians' copyrighted works, because I don't think that I could handle so much irony this early in the morning.
Cheers,
ZicoKnows@hotmail.com
Filename = content? (Score:3)
Yeah, I agree that pirating software via Napster/Gnutella sucks, but these search engines are just as stupid. It'd be similar for going to google.com and running a search on a common word. Sure, you turn up 3 million URLs, but how many of them really have the CONTENT you're looking for, rather than just contain the word out of context somewhere... how do you tell the difference?
Until somebody comes up with a way of knowing that the file you found contains an actual song, rather than just a filename that appears to describe a song (this may even be impossible), what use are these searches?
It seems that alot of music savy people are looking towards these searches to protect themselves, but they are definitely not computer savy enough to realise that these searches are meaningless. The problem is that the lawyers and courts aren't computer savy either (Ask the 300K people kicked off Napster because of a filename).
Re:Sure.. why not? (Score:2)
Re:Pissing in the Stream (Score:4)
And as for the signal-to-noise problem... Dr. Lincoln Stein, of Perl CGI.pm fame and also a genetic researcher, is quoted in the above mentioned article [fortune.com] about how Gnutella-style distributed sharing and searching could help him in his genetic research, and he suggests tagging the files with various criteria... such as, in his example, tagging the information as from and for genetic scientists to limit search range.
Seems like first generation Napster started the noise, second generation Gnutella gave it immortality (in theory)... and the third generation will probably bring metadata tagging facilities, more powerful searching and search path optimization. A lot of good stuff in that Fortune article [fortune.com].
So, how about we start working on Son of Gnutella with an XML-based protocol, meta-data rich, with optional anonymized distributed UDP-based transfers (anyone remember FSP?), and monster searching.
:)
An MP3 Vigilante! (Score:4)
I can see how this software may be useful for successful artists with enough money to attempt to prosecute people they suspect of distributing pirate MP3s. But I get the feeling that the author is hoping it will be used by smaller, less successful artists to protect their copyright. This leads to the question, what are these musicians going to do once they've got a list of IP adresses which are hawking their music? Smaller artists are unlikely to have the money to attempt to prosecute the pirates, so all they're going to be left with is the knowledge that their music is being pirated. Big deal. This software is of use only to the rich musicians and record companies - the people who are so rich that they are the people least financially affected by piracy. If the author of this software is unconnected with the RIAA, I wonder if he realises that the people his software is protecting are the same people who have been fucking him over for years with artificially inflated prices for recorded music.
Why not do this... (Score:2)
Uh... (Score:2)
Re:Isn't it the file provider who's at fault? (Score:2)
haha good one... no they'd take your entire computer... in case you were storing some illegal MP3s in your printer cable *G*... Anyone have a link to a similar story, I'm sure there have been plenty of them (where an entire computer was seized, when only the hard drive was needed...)
--
Big deal? Who you gonna sue? (Score:5)
a) trace down everyone serving those copyrighted files, using nothing but their IP.
b) sue each and every one of them.
Good luck, and more power to them. You can't sue Gnutella like you sue Napster, since there is no such entity as Gnutella. Decentralization is the key. Gnutella is essentially nothing more than bunches and bunches of people acting independently to share files.
---
Yeh, but it isn't theft (Score:2)
And anyway, the people who download copyrighted material are never at fault legally, only those that distribute.
Re:Of COURSE you can snag IP addresses... (Score:2)
There's a common misconception in that post, which I'll correct here.
It's trademarks that have to be aggressively defended to maintain their value.
Copyright subsists in a creative work - of the appropriate kind, but let's not get into that level of detail here - from the moment it's created until the appropriate time limit (life plus term for human authors, straight term for corporate authors, term length varies according to jurisdiction you're in) expires: end of story. (The US has an additional wrinkle in that you need to register your copyright in order to claim a particular variety of enhanced damages for breach, but this doesn't affect the copyright itself.).
A copyright holder can choose to sue or not sue over breaches of copyright as he pleases without affecting the underlying validity of the copyright.
What difference this makes to your opinion of l'affaire Metallica is your own concern, however. Personally I think they're wasting a great deal of time and money on a futile exercise, whatever the rights and wrongs of Napster. But hey, us lawyers have to eat too...
Da Pimp be back... (Score:2)
...and you be a ho.
My Slash-Caddy be out of impound and I be ready t'do some Pimp slappin'! Ya'll be cold, towin' da Pimp's Caddy like dat. Ain't like I was parked in a "no-troll" zone or somethin'.
I remembers it cleary: I was cruisin' da ghetto, checkin' on my ho's. Dey all be doin' some good work, and da crack-head mod's be throwin' dat karma all ovah da place like it be a Hindu festival or somethin'. Bitches be all singing, "Mod-ey Krishna, Karma Krishna, Whoring Karma, Moderate Us". It be worse than the bus station, so I whack a few o' dem bitches wit da Pimp Stick.
Anyhow, I be scopin' da streets, lookin' fo some fool leavin' time on the meter, y'know? All a sudden I see dis sign all sayin' "Taco's Parking Lot - Censorship Free!", and I be thinkin', "Damn! Dat's just what my ass needs! A Taco!".
So I eases da Pimp-Mobile into a space, and as I leavin' dis pasty-lookin' geek shout out, "We support free speech! Speak your mind without fear!" I dunno what da cracker fool be jabberin' about, so I just go about my bidness straightenin' out da ho's. And lookin' fo' dat taco, 'cause da Pimp be gettin' hungry, you know what I'm sayin'?
I slaps a few ho's who be gettin' out a line, and gives a few others some o' dat good Pimp Lovin' dat dey always beggin' fo (but not Siggy. She be gettin' old and skanky an' I hear she just been playin' wit herself an' takin' karma outta da bank to make it look like she workin'). I never did find me a taco, so I Pimp Strut's my ass over to da Soul Food Diner fo' a bowl o' grits.
Then I be headin' back to da Caddy and damn if I don't get rolled in da alley by dem moderatin' sons-a-bitches! Dey all actin' like I be bad fo' da neighborhood, like I da one encouragin' da ho's! Mofo's took 8 o' my karma in under 30 minutes!
After dat I tell da pasty geek I want's to cruise a little in my Caddy, 'cause I be lookin' fo' dem mod thieves who jacked my shit, y'know? And then white boy tells me I can't get my wheels 'cause I lost too much karma! Tells me it be impounded, and if I gots a problem wit dat I needs to take it up wit some brother named "Pater".
Now I figure Pater be da muscles of da operation, and I already got jacked once already so I gonna play it cool, you dig? So I says to the pasty geek, I says, "Yo, sign be talkin' 'bout 'Censorship Free'. What up wit dat?" Whitey look at me and say, "That's right. You were censored and it didn't cost you a dime."
Take me 48 hours to get da Caddy out of da impound yard, and meanwhile all da ho's and crack-heads be runnin' around wit out a care in da world. Shit ain't right.
Then I checks out da car and it be all banged up and shit! Speedometer be stuck on 0, and I can't even pass an AC wit out a push from da mod's! It just be me and the FP jallopies pokin' along in da "Low Threshold" lane, like we ain't important.
'Course we still be blowin' by dat fool drivin' da NP-19. Homeboy ain't even got an engine and he still be tryin' t'cruise in style.
You wanna be a karma whore?
Fine, but don't forget...
Probably not entrapment... (Score:2)
Re:Anyone work for an ISP? (Score:3)
Sure.. why it's not entrapment. (Score:2)
IANAL, but entrapment would be if NetPD actively contacted individuals and offered them bootlegs unsolicited (imagine the concept -- poison pill spam). Simply posting fake files and waiting for people to find and download them doesn't count. Compare to police officers posing as prostitutes or drug dealers. If they come up to you and initiate the deal, it's entrapment. If you go to them first, it's an arrest.
But I do agree that Media Enforcer isn't going to get very far against Gnutella. Perhaps they could try and get individual servers booted off their ISPs, but that's like fighting fire with a teaspoon.
Gnutella was never designed to be anonymous. (Score:2)
What Gnutella *does* provide is a decentralized structure. So if you find 300,000 people pirating your music, you can't sue Gnutella's creators to stop them -- they're not serving the data, they have nothing to do with it, and putting them out of business won't affect the user transfers. To enforce your copyright on Gnutella users you will be forced to sue them all individually. *That* is what scares the RIAA.
And although others may have mentioned it, Freenet is the next step beyond Gnutella. Not only is Freenet decentralized, but users on it *are* anonymized.
Napster sabotage (Score:2)
Re:People seem to be missing a big point (Score:2)
Let's sing along,
THE US CONSTITUTION DOES NOT SAY WHAT A CORPORATION CAN OR CANNOT DO, IN OR OUT OF COURT.
The US Constitution ensures that a criminal infraction (action against state or federal law) won't be prosecuted twice under the same charge and same evidence.
The US Constitution ensures that the government won't forcibly compel testimony from someone.
The US Constitution ensures that the government won't consider any tangible expression to be a violation of state or federal law, with few exceptions.
The US Constitution does not apply to civil judgements, because the plaintiff is not the government. That's how O J Simpson was found guilty on essentially the same charge in a second trial: it was a civil trial raised by victims' families. Corporations are not the government.
THE US CONSTITUTION DOES NOT SAY WHAT A CORPORATION CAN OR CANNOT DO, IN OR OUT OF COURT.
Problems... And solutions... (Score:2)
It doesn't seem that the editors are reading the stories they link to. Reading the ZDnet article myself, it doesn't look like a "poison pill" file to me. It looks more like just another search engine that uses the gnutella protocol to log IPs of the people OFFERING files. It does NOT appear to be a way to entrap people DOWNLOADING files. Indeed, that's entirely unnecessary, as peer-to-peer file transfers, by their very nature, return the IP address of the downloader.
2)
Speaking of entrapment... If this WAS a "poison pill" file, a) it's not a copyrighted MP3 anyway, and b) isn't entrapment illegal as hell anyway?
3)
In the IQ war between computer geeks and dirty metalhead types... I'll wager on the geeks every time. How long before a countermove is made by the geek community to nullify this problem? The obvious first move is forged IP headers emailing the file request to an anonymous hotmail-type account, or posting to a specified usenet group. That could be an option EASILY added to gnutella... or napster for that matter.
4)
There is STILL no "single point of failure" in gnutella. That is, no master servers to shut down. Metallica would have to sue ALL 300,000 individuals, were they using gnutella instead of Napster. Just prosecuting a few to set up as "examples" could enable a "selective enforcement" defence... not to mention a VERY bad PR incident.
5)
Just HOW MANY ways are there to make sure a visible IP address does not actually lead back to you? Perhaps I could set up my own anon proxy, and announce it to alt.cubans.who.hate.castro... and it would just HAPPEN to be noticed by someone who hates the RIAA and crossposted to alt.metallica/RIAA.die.die.die.
6)
Freenet.... 'nuf said.
john
Resistance is NOT futile!!!
Haiku:
I am not a drone.
Remove the collective if
Re: (Score:2)
Re:Pissing in the Stream (Score:2)
Ignorance of the Law is not a Defense. (Score:2)
In the US Legal system, not knowing the law is not a defense against your committing the infraction.
"Officer, I didn't know it was a 25MPH zone, I didn't see the sign because I was looking in the rear-view mirror at your blinking lights."
Re:Sure.. why not? (Score:5)
Not really.
As I understand entrapment, it's only entrapment if you actively encourage the crim^H^H^H^Hvictim to commit the crime.
Gnutella users have plenty of opportunity, once they see that Metallica track on honeypot.riaa.com, to Just Say No.
If they walk away from the bait, they're not guilty -- even if they searched for "Metallica" to find the bait in the first place -- because there's no law against searching for infringing material.
Only when they elect (of their own free will) to download what they reasonably believe to be infringing material, have they committed a crime.
Unless there's a RIAA rep saying "hey man, download that Metallica song from my server, fuck the system man! Be an MP3 r3b3l d00d!" in some chatroom at the same time as the poor bugger finds his way to the honeypot, it's not entrapment.
From law.com:
While it's true that the potential criminal in the case of Gnutella has neither expressed nor not-expressed a desire not to go ahead with the crime, it's pretty clear that searching for "Metallica" and downloading "Metallica.mp3" on Gnutella are almost always things that originated with the soon-to-be-criminal, and not the cops, the RIAA, or NetPD.
I have no love for the RIAA and frankly think that this is a pretty disgusting tactic. But as repugnant as it is, it's probably not entrapment.
The moral of the story is that you need a distributed and chained network of anonymizing proxies, as well as strong crypto between each link, to make a truly bulletproof system. Any system where there's direct client-to-client contact renders you visible to the world.
Don't think that this is only a concern for cablemodem users and those with static IPs. If you're on dialup IP, remember that most of those dialup ports resolve to a geographical identifier. If there are 500 Metallica downloads and 400 Frank Sinata downloads from the class C block ipXYZ.yourcity.yourisp.com, odds are good that there are only two violators, and it's a simple process for your ISP, once subpoenaed, to prove it and nail them both.
Not for piracy (Score:3)
I mentioned this the last time
Oh, and we'll probably have to change some laws...or quit funding the folks who would rather sue and ignore new tech than compete.
--