Interesting Way To Protest Napster 462
^Gargoyle^ writes: "Here's an interesting way one Napster user is causing problems for Napster. In a nutshell, he's creating songs that are exactly the same length as a legitimate song, but with an annoying cukoo sound in place of the song. An interesting way to protest copyright infringement." This is the best form of protest I've seen so far... it makes pirating copyrighted music more difficult, without doing something stupid like trying to make peer-to-peer networking illegal or making it illegal to rip your own CDs. Mind you lots of Fingerbang fans are gonna be really annoyed when they waste all that download time!
Re:I should start a list of the artists who... (Score:2)
Oh, this guy is a riot. I saw one of his titles on Napster, was intrigued, downloaded it and then a whole bunch of his other stuff.
That was last night, and so I haven't really listened to much of it yet. While, at first glance, the guy *cannot* sing, he's a hell of a lyricist. (Inability to sing never stopped Bob Dylan, Jimi Hendrix or Dire Straits/Mark Knopfler.)
I think everyone gets the fucking obvious point now. Why must the record companies insist on attempting to keep me from buying their things?Because nice predictable business models make shareholders happy.
How about other bands that have supported MP3 sharing? Limp Bizkit? Motley Crue?
I especially love Offspring's little tactic: selling unlicensed Napster merchandise. Just in case you didn't hear the story, while Offspring was happy to proclaim their support for Napster, they didn't get Napster's approval before selling stuff with the Napster logo.
I'm not sure what that was supposed to mean... I guess just a protest of corporate control of information?
In a fit of self-destructive stupidity, Napster sued Offspring. The two have since reconciled; I understand that Offspring's proceeds from selling Napster gear is going to charity.
MP3 Fingerprints - a fun hack (Score:2)
Re:noise pollution (Score:2)
A system that allowed for Ebay style comments rather than moderation points would be much better.
Trust Model (Score:5)
Stopnapster.com (Score:3)
Stopnapster.com (Score:4)
There website www.stopnapster.com [stopnapster.com] is trying to convice artist and user of napster to post "Napster bombs" and "Trojan Horse MP3s" to protect artists copyrights. The authours themself say they cannot do this, as there website is done on a Mac.
Apparently they think that enough people will do this to stop mp3 swaping on napster.
I dont think it will work very well. Look at the site. Rather poorly done website in my opinion.
Re:Trusting users (Score:2)
Point of this post? Well - peer review is good unless you're dealing with organizations that have gobs of money.
Why MD5 is not going to work at all (Score:2)
Time for the electrical engineers to comment. Unfortunately, MD5 is not going to work. Anyone who thinks it will likely does not understand the issue.
MD5 is a protocol designed to detect even single bit changes in a file. Note that this works on the file level. MD5 does not care what the file contains. In this case, we are proposing to prove that two files contain the same song. So how can we modify one of these files?
There are probably other ways to do this, but I think I've made my point.
MD5 *could* be used to prove that filea.zip and fileb.zip are likely identical (provided they are also the same size). It likely can say file1.mp3 and file2.mp3 were made from track #2 of Some CD when the same encoder and ripper are used, and Some CD's #1 and/or #2 are from the same production run.
MD5 could be used to prove that Bob has the same MP3 file as Alice, although their sources could not be easily proven through this method. But can I say that given this copy of "charttopper#1" that I have an MD5 signature usable to find all copies of "charttopper#1" online? No, you can not.
Now IANAL, nor a PE(yet), and I have not used Napster at all, but I do not think MD5 is the answer here. One could come up with an algorithm that tries to use characteristics of the music itself to look at this issue, but the likelyhood of it working for every possible song in any possible case is nearly zero. It might work for many cases, however. I do not support nor like piracy at all, but this concept of restrict piracy by restricting user rights is also crazy.
I just worry about the person automatically kicked off their ISP due to the fact that some file they downloaded matched the MD5 signature of someone's protected file, even if that file was a completely different one. There are only so many files one can distinguish using any hash algorithm before two come up with the same signature.
but... (Score:2)
not like most of the record labels or artists would really complain... but I do think that IS illegal.
that punk (Score:2)
Re:Simple answer: Karma (Score:2)
just be careful (Score:2)
Re:Not to sound too elistist or anything... (Score:2)
We can. We do. I'd tell you about it but that would be self defeating.
Funny, but..... (Score:4)
Re:Protest violation of copyright by violating it? (Score:2)
Molog
So Linus, what are we doing tonight?
Re:Simple answer: Karma (Score:2)
Not true. The best way to promote Indy bands is to monitor your "uploads" of particular artists. If a person get band "X", send them an instant message and suggest that they might also like band "Y".
True enough as far as it goes, but once you've been Napstering on a fast connection for a few weeks, you probably have most of the commercial stuff you are already interested in. Then you start looking for more obscure stuff. You start searching for artists just to find folks with neat collections and see what else they have.
Maybe that person will be on-line, and you start talking about the tastes you both share, and what you might also like, but haven't been able to hear. I don't know about the rest of you, but for the wife and me, Napster is all about introducing people to new music. And, all the musicians we know and have discussed this with agree with what we are doing. One even suggested that the RIAA should be paying us for our promotional activity. (BTW, the major labels do not send short, crappy sounding snippets of songs to radio stations and magazines. No, they send full CDs, bought and paid for out of the artists share of the royalties. Who is ripping who off?)
Admittedly, lots of people are using Napster to get the same damn songs that they hear on the radio (stations programmed by the same couple of radio networks). But Sturgeon's Law: "...but then 90% of anything is crap!" applies. People who want the Brittny Spears single that they can already hear 200 times a day on the radio deserve to get a recording of barking seals or whatever. But somehow, I doubt that I, or many people, will ever hear a single bark.
Re:Problem with.. US law doesn't contain limits (Score:2)
Re:SIMPLE SOLUTION - and they would work! (Score:2)
That's great, but the combination of the relative anonymity of Napster along with the dynamic IP used by most ISPs will mean that it could be *very* tough to actually get a real name out of a Napster username. Without a warrant, I'm sure the ISP won't divulge the name of the user connected at a given IP address at a given time - if they even record logs of that. So, you could track the user to a given ISP, but that's it. I wonder how many IP addresses AOL owns? @home? Bell Atlantic DSL?
#2 LEGAL WAY: Another simple method is napster gets an update that tags each song download. when a user encounters a trouble song they simply click a button to report a problem. The server gets info on the previous user and with a simple program visible only to napster one can determine what users are sending this out by tracking the song's origin of corruption and simply remove their IP address (so they can't reregister) again on the system...Again, most users have dynamic IPs, so that won't help matters. Just log off the 'net, log back in, re-start Napster and you're online again. Banning users a-la-Metallica was done using CLSID keys in your Windows registry. They're easy to remove if you know where they are. The information is readily available on the Internet. If someone is using one of the Open Nap clients - which weren't written or authorized by Napster - things become even more complicated: there's no real way to ban a user.
(Speaking as one of the 300,000 banned by Metallica, I was back on within an hour after they cut me off.)
Further, you really don't want to have a "Kill User" button in Napster. Maybe the guy has a bad rip of a rare song? Depending on how bad the rip, and how rare the song, I might be happy enough with it.
While a recent study shows that most Napster users are in their late 20s - early 30s (!), I'm sure there's still a large number of users in their teenage years, ones who don't see the implications of being able to arbitrarily ban a user because they maybe don't like the list of shared songs. That's not to imply that most teenaged users would do that, but impulsiveness does become less prevalent with age and wisdom. (Speaking from the perspective of the ripe old age of 26. [grin])
A moderation system, similar to Slashdot's, as suggested by some other reply, would be ideal. It's a great idea.
Until then, I'll keep on using my bandwidth-consuming quality-control system: I grab at least two different copies of each MP3, audition them for quality, move the better one to my collection, and delete the poorer one from my "untested" folder.
MP3 collecting has basically become a hobby for me. I have the CDs for most of the 900+ songs in my collection, and I still encourage people to go out and buy CDs if they hear a tune that they like. But it's fun to collect and hear new stuff. People sharing off me will be pleased to note that the MP3 collection I share is all tested, is all recorded at a minimum of 160kbps, and is all correctly labelled. Not to mention, it's usually logged into at least three separate Napster servers simultaneously every night.
Re:Promotional Stunt (Score:2)
I'm not giving her full name here because I think she's had her 15 minutes and I'm not giving her another second of publicity.
I suspect that the Napster users her husband is in essence, lying to in order to get her name and music out will react similarly.
I hope this kills that woman's music career beyond hope of recovery.
Re:Simple solution... (Score:5)
2 - Though that's an issue, it'd be great for Napster to incorporated MD5 into their servers. That way, bands that didn't want to be part of it could present Napster with a list of signatures of files that were theirs and say "Please prevent the transfer of files with these signatures". As they found variances of them, they could present those to Napster as well, though pretty soon Napster would be a legitamate service with 20,000 users trading about 500 songs and no commercial viability.
Re:Napster KILLFILEs (Score:2)
If this was expanded to an even greater scale, and included... say, inserting Metallica song titles into other filenames, it would be very hard indeed to get the same sort of list that Metallica had compiled previously. Of course, would somebody try to make the argument that this is obstruction of "justice" or something?
Re:Protest violation of copyright by violating it? (Score:2)
Re:Trusting users (Score:3)
"First to Jail" model (Score:2)
Hmm, so what would the feedbacks be?
*cool thief!
*steals crummy stuff, don't bother
. . .
:)
hawk
Napster DoS Vulnerability? (Score:2)
Anyone know of any Napster client/protocol vulnerabilities?
While I certainly wouldn't condone such behavior, I think it would be very fitting if someone could help this self-appointed savior of the music industry to undermine his own tactics.
If you download one of these "eggs", delete it at once so that it's not shared to other users. No big deal.
But, if you were the enterprising sort who happened to get one of these by accident, you could easily determine the IP address of the Napster user who was sharing this.
Napster Beta 2 Version 6 has that wonderful instant messaging feature, so you could even let the user know beforehand why it is that he/she will be rebooting Windows within ten seconds.
Not to say that I would do such a thing. Indeed, it's not even in my skillset. But I also know it would be easily possible.
Re:Napster DoS Vulnerability? (Score:2)
I think the discovery of such a vulnerability would kill Napster faster than a flock of cuckoos.
<sigh> Yeah. You're right. </sigh>
Someone else, in one of the replies to this article, suggested a Slashdot-style moderation system based on the quality of one's shared files. I think that's a great idea, certainly far better than DoS attacks or including a "Kill User" button that would arbitrarily ban people.
I think I posted the message to which you're replying more out of frustration at the self-appointed savior of the RIAA, rather than out of any intelligent thought on my part. I apologize.
Post makes no sense... (Score:4)
It seems to me that if Napster acts against what this protester is doing then by all rights they are no longer a service provider but admitting that they are in the business of providing content (in this case copyrighted music that they have no right to distribute). Doing this would invalidate all the arguments about Napster not being in business specifically to violate the copyright of artists and record labels and instead reinforce the greedy VC funded company trying to get rich of other peoples work image.
--
Re:Problem with your "Minor Solution" (Score:2)
Then the illegal songs should fit right in ;)
Go get your free Palm V (25 referrals needed only!)
Re:Better Analogy (Score:2)
It just so happens to be that this is carried through via the act of subverting names of songs.
---
seumas.com
Yeah, nice idea (Score:2)
Yet next step will be solution of bank robbery problem by stuffing every bank with lots of fake money.
Re:Not a bad idea but... (Score:2)
OK. I'll bite. What constitutes a bogus file - one that is intentionally mis-named? Once Napster starts adding in editorial control such as mandatory filename standards, they're starting down the road towards assuming responsibility for what is served or facilitated by their system.
Also, if you make the file naming standards mandatory, then it's now a simple matter for an artist to request that all MP3s allegedly produced by them not be traded, as they have not provided any publically redistributable files. And I suspect that artists would win this one in court if Napster refused to comply.
As long as the files being put up are valid MP3 files which do not violate copyright law, Napster has no reason to ban those users.
---
Re:Protest violation of copyright by violating it? (Score:2)
Heh, tell that to Negativland (the group that named one of their albums "U2" and got sued out the wazoo over it)
Re:I've been doing this for the other side for mon (Score:2)
Re:Simple solution... (Score:2)
On your second point, I don't really see how any entity could say, "I own the rights to a stream of data with this md5 checksum; stop distributing it." That's only one step better than saying, "If the filename start with 'Metallica -' then it must be pirated music!"
Simple answer: Karma (Score:4)
Paul.
It's Pure Anarchy. I Love It. (Score:3)
Wild, Wild West. Unbridled information warfare. Thank-you Napster, musicians, and counter-napsters for duking it out.
Napster thumbs nose at copyright, artist thumbs nose at Napster. Eventually, I'm sure there will be some kind of sane equilibrium, just as the Wild West was eventually tamed. The nice thing is that these gunfights are bloodless.
I was thinking of doing that... (Score:2)
Minor Solution (Score:5)
Not really. You can listen to partially downloaded MP3's off of Napster so you can check after a minute if you are really downloading what you think you are.
It still is annoying, but not as bad as you might think.
Being with you, it's just one epiphany after another
Re:It is only a matter of time now.... (Score:2)
"Free music" is a misnomer. It's more like "Warez music".
I will continue to rip and trade my music with other people who are as passionate about this as me.
The only "passion" here I see from the napster-crowd is passionate selfishness. Basically, they want something for nothing, and to hell with everyone else. The crocodile tears about the "RIAA ripping off the artists" are as silly as the RIAA expressing sympathy for the artists. Neither side cares about the artists, the RIAA just care about their money, and the napsterites just want to freeload.
Not a bad idea but... (Score:5)
Not to sound too elistist or anything... (Score:2)
Why can't the geeks of the net keep anything underground anymore? Last year at school, people with the intelligence level of mousepads would come up to me and ask me to help them "fix their napster." I think as far as something like this goes, if you don't understand it, don't use use it.
ps i switched to gnutella months ago. It's a little better than napster.
-Superb0wl
Re:Ease of Lawsuit (Score:2)
I've been doing this for the other side for months (Score:5)
I've been encoding /dev/urandom (don't wanna waste that entropy!) into MP3s with names in the format:
Fuck $group - This Is Not "$song".mp3
for a long time now. I think I'm being perfectly legal; I am 1) obviously voicing an opinion, and 2) explicitly not providing copyrighted works. However, anyone searching for $group or $song is going to get a hit from my collection, and any automated "ban bot" is going to add me (unfairly and incorrectly) to its wrongdoers list. I assure you that I'm perfectly comfortable meeting any would-be persecutors head on.
Isn't Trusted Model Dangerous For Users? (Score:2)
So insted of pestering Napster to stop their operations, artists who want to enforce their copyrights can go out and look for who is has the highest rating for distributing their songs and bust them.
Sounds like a good deal for everyone but users. I guess it doesn't matter since stealing copyrighted stuff isn't kosher in the first place.
What's obvious to me is.. (Score:2)
Firstly, I do think this is a bit of a ploy to publicize his girlfriend (was it Cracker that sang "What the world needs now, is another...folk singer, like a I need a hole in my head"...but I digress...).
Secondly, and most importantly is musicians need to realize that Napster is not their enemy, rather it's the music business cartel that controls them. A rather well publicized quote from a Sony executive early in the 1990's when Sony was consolodating recording artists (i.e. putting labels out of business that didn't sell enough records) characterizes "artists" as merely software that is sold as a commodity.
Many misguided musicians think that Napster destroys the "living" they make when in reality it's the labels that cause Poor Mr./Mrs. Folk Singer to not make money. These labels ain't stupid, ya know. They know that mainstream Amerika wants Brittany and the Boyz, and not another folk singer. Sad as that may be.
Musicians such as these are not artists; I don't think any musician worth his or her salt would care what kind of money they made, just as an ancient bard probably wasn't in it for the material things either. Music is an art. Music for money is just...software. Let these people play their silly games, I know the musicians I want to listen to don't care if people download their MP3's for free or not..
Re:Funny, but..... (Score:3)
Re:Funny, but..... (Score:2)
Re:Simple solution... (Score:2)
The next Mega-Virus (Score:2)
You send out an Outlook VBS attachment that scans all the mp3's on the user's hard drive and replaces the audio (no ID tag or file name changes) with some other audio file and then replicates itself to other Outlook users.
I guess you could have a long-winded mp3 speech about copyright infringment, but I think it would be worse to replace everything with copies of Michael Jackson's "Bad".
Watch those attachments people...
Re:You're an idiot (Score:2)
You're half-right. While Napster itself doesn't hold songs, it does host a directory of who has what. When you run Napster for the first time, it scans the directories that you're sharing and sends a list of files to the server. Searches are sent to and received back from the server, and only _then_ can a user download directly from you.
Contrast this with Gnutella, where every search hits every user individually. While this eliminates the central server (and as such can't be shut down from any one point) there are people messing with the network. Already, script kiddies run programs generating porn-redirect HTML files based on every search that bounces their way.
I do believe that the news organizations drop the ball on this regularly -- I cringe when I hear Napster referred to as a "web site" implying that the file transfers take place over the web.
This is just as illegal... (Score:2)
Here's a brief overview of how to lay your own Cuckoo's Eggs in the Napster nest.
1. Download and install Napster
2. Download or rip songs for use as eggs.
3. Edit the songs adding noise, sounds, and other info
4. Copy your MP3 file into the Napster directories.
5. Connect to Napster and start laying eggs
Step 1 is pretty easy... in fact you probably already have Napster installed. The laying of eggs will work best if you can install Napster on multiple machines so you have the best chance of letting many users connect.
Step 2 is pretty easy. You can either use Napster to download popular songs, or rip some from a CD using Musicmatch or CoolEdit. Pick really popular songs for maximum demand... remixes or duets are very popular downloads, as are live recordings.
It doesn't matter if you are stealing to help someone or stealing to hurt em. It's still just as illegal.
Hypocrites.
The right way to do this (Score:2)
I may start doing this soon :)
Re:Protest violation of copyright by violating it? (Score:2)
>are not trying to pass someone else's work off as
>their own. They are just choosing an amusing
>naming scheme for files. I don't think that
>anyone's likely to believe that their cuckoo
>noises are really black sabbath recordings, so to
>claim that they're violating anything is a
>stretch.
They are passing _their_ work off as someone else's! They say so on their page. And you can choose whatever crazy naming format you like for you files, as long as you're the only one looking at it.
The problem here, though, is that they are _publishing_ these files via Napster, making them visible to the rest of the net. In order to determine that the files are _actually_ cuckoo noises and not the _copyrighted music that they are claimed to be_, you would have to download the file. At which point, according to the RIAA's attorneys, you've comitted piracy via Napster, because you've downloaded a file that matches the name of one of their songs.
So, since you couldn't have known beforehand that the files contained something other than what they were labelled to contain, why were you downloading it in the first place? To listen to what you thought was a Black Sabbath, or Kid Rock, or some other piece of music.
If these people did this out of the back of their car with selling cds instead of trading mp3s, they'd be guilty of more numerous law offenses than I'm qualified to list. Fraud, Trademark and Copyright infringement, and false advertising come to mind. Being that it's on Napster and being freely shared makes it less of a crime (though how much less is best left up to the lawyer-types), but does not remove copyright and/or trademark infringement problems, because those are violations regardless of whether profit is being made by the violator.
Copyright Infringement (Score:5)
Me, I live and let live, what he wants to do with his computer and time... Is his business...
Trusting users (Score:5)
One thing the Net has taught us: peer review and "egoboo" are powerful forces. (Yes, I read about egoboo in Wired, so sue me.)
nojw
Re:Simple answer: Karma (Score:3)
Anyway, if you added moderation to Napster it'd be good to do it in a way where indie songs would actually be promoted (like Napster like to pretend they somehow do already), and not just some way where you see the most popular songs. After all, isn't the lame top40 system why everyone is turning to Napster to begin with? (or at least that's what cheap thieves like myself like to tell people)
Re:Not to sound too elistist or anything... (Score:2)
But not AOL. Never. Nor Compuserve or Prodigy either.
Actually, cool was the time on one of my first jobs, back in the late 70s, when I had to check up on a weekend-long job running back at the office while I was away on a dive trip. Using a TI Silent 700 terminal (hardcopy thermal paper terminal, about the size of a portable typewriter, with built-in acoustic coupler 300 (or was it 110?) baud modem). The hotel we were in didn't have room phones, so I used the payphone in the hotel lobby...
Actually I take that back, it wasn't cool, just a pain in the butt.
Re:Simple solution... (Score:2)
Oh puhleeze. (Score:2)
Money I've spent buying CD's that I wouldn't have if I hadn't grabbed the MP3's first: $350, easy. Lots of imports, blah.
Ahhh, (Score:5)
Rocked By Rape (Score:2)
Simple solution... (Score:2)
Waitasecond - I'm farily positive that the DMCA makes md5summing a file and sharing that illegal! Somebody needs to spend their time protesting the DMCA, not Napster...
Re:Simple answer: Karma (Score:2)
That's your argument? Just for the record: NO! Moderation has not worked well for Slashdot. This a world where "informative" means "misinformed, but over-confident, and the moderators are even more misinformed", where "insightful" means "redundant", where "interesting" means "copying verbatim from the article", where "troll" means "funny", where "funny" means "anti-Microsoft drivel". Personally I hope the idea of moderation never makes it out of Slashdot.
Idiot (Score:5)
He uses the above statement to explain that this is not a stunt to get attention for his wife and her "music", yet he just explained that they decided to use Kid Rock, Black Sabbath and other popular band names to get people to listen to it, because they probably would not listen to it otherwise.
So which is it -- a stunt to gain attention for her or not? He says he's not doing it for that reason, and then goes on to say exactly that, but in other words!
Another thing to bear in mind in regards to Stefanie and this being her gravy train - when we started the project we didn't want to steal other peoples music to use for the eggs and we didn't want to just use noise, so we used the music close at hand with the approval of the artist. All of the bands and or musician friends we approached said, great idea - we support you. This was generally followed by their saying they didn't want to participate for fear of the backlash. Others got bogged down in band meetings about differences of opinion about what to do and never gave the ok.
No, instead, you decided that it would just be better to steal their names. Copyrighted names of bands and songs, mind you! So you're not only riding on the coat-tails of bands that actually produce something people want to hear, but you're infringing on their product! This is like selling Tab in a Pepsi or Coke can!
I don't suppose these people have considered the fact that a lot of artists DO want their music to be available via Napster and don't mind that it is traded around. But I guess these cocky SOBs wouldn't have thought about that possibility, because they're too busy rigging publicity stunts.
---
seumas.com
I've been expecting this (Score:2)
I suspect that a voting system quickly is going to become mandatory to avoid a proliferation of bogus/damaged/spoof material.
Re:Not a bad idea but... (Score:2)
It's been done, and better (Score:3)
These are actually quite a bit more clever, as the downloader won't know that the song is bogus until they've spent the time downloading and listening to the first 45 seconds.
Re:Cuckoo MP3's and They Might Be Giants (Score:3)
TMBG has gone out of their way to make their MP3 hugging fans happy. They created Dial-A-Song, which plays their music (as goofy as it is, check it out, Flash required): Dial-A-Song [dialasong.com]
They even went so far as to produce an album completely on-line that can be purchased for like $7/$8 called Long Tall Weekend [emusic.com]
I think credit should be given where credit is due. Instead of crying like a large majority of their musical counterparts, they actually went out and did something that both sides could agree to, which earned them my admiration and respect as musicians and as human being.
Re:Signal to Noise Ratio (Score:2)
Anyway, some people try to do the same type of thing to warez, mainly by infecting it with a virus. It doesn't work well though, for the same reason this and other things that degrade the music(like ads) won't work well: for warez or MP3s to spread, you need more than one person distributing them. That means that the person who recieves the file usually tries it out(uses the program or plays the song), sees if it works/is high quality, and then sends it to other people.
For that reason, this isn't going to work.
Re:Minor Solution (Score:2)
You may feel free to read 'rarely' as 'never'.
This is *NOT* right.. (Score:2)
If anything, this teqnique is simply going to hit the users who would ordinarily be *GOOD* users, and *NOT* the users that are using it to basically horde large amounts of songs they don;t even OWN on CD..
Re:Trust Model (Score:2)
towards digital interactive radio (suggestion) (Score:2)
This is legitimate for somebody to protest against whatever he feels contestable.
This way is not the most efficient ever as it would not be systematical, according to the number of songs that are currently available via Napster which "recipients" will just attempt to download another copy of the concerned song, hoping this would not be spoiled.
No, let's try being constructive:
Anyway if people argue that they use Napster like an intelligent radio (which allow them to chose whichever song and which, as a radio, let them record these - digitally onto their computer in this case) then a good issue would be to ask Napster to embed (on the fly) small ads at the beginning of the downloaded songs so that the perceived ad fee would just go to whoever claims he desserves it.
I'd personally accept this kind of counterpart if I could anyway listen to the music I like.
As a musician, I'd also consider it a better proof of my interest in my listeners than just intending to demonstrate them I don't need them.
--
My response (Score:2)
This is why I feel I have the right to formally ask these people to stay the hell away from MY music with their 'cuckoo' act, and to ask Orrin Hatch to safeguard my ability to give away and share my music freely as mp3s- it's my choice, it's my music not anybody else's, quit fscking trying to 'protect' me when I don't want to be protected! It's very much like taking a street performer happily plunking away on their guitar, and forcibly locking them and their open guitar case in a steel safe with a coinslot. There! We've protected the artist! Um, did anyone remember to put in airholes? *gasp* :P
Of glasshouses and stones... (Score:2)
Give hime some credit!
J.
Re:Isn't Trusted Model Dangerous For Users? (Score:2)
Not gonna work (Score:2)
I can download an MP3 in 10 seconds; as the availability of broadband increases, how will this hurt general Napster users? Unless it's the only user providing a particular song (in which case it's a get-your-hopes-up annoyance), the user will just delete the song and get it elsewhere. Trojans aren't going to "spread" unless the user has some incentive to keep it around.
As usual, I suggest an (anonymous) authentication scheme where good users can gain trust, and bad users can be filtered out. Napster is a little bit too technologically immature, but this would make a world of difference on gnutella.
There's an old saying (Score:3)
Protest violation of copyright by violating it? (Score:2)
If take my homegrown CD, label it up like, oh, the latest Kid Rock album, and sell to some poor guy looking for a Kid Rock album, haven't I just infringement on the copyright? (and committed fraud in the process?)
This isn't exactly a great way to protest piracy on Napster. Yes, it's amusing. Yes, you'll be able to fool some pirates using this. But this is a much more powerful stride _for_ Napster than against. Napster Co. now has a perfect example for 'false' positives on its tests. Anybody getting their account pulled from here on out has a _publicized_ excuse for their actions, saying "Oh yeah, my friend told me it was one of those cuckoo tricks, so I downloaded 'em to see if it was real".
I also find it amusing they chose to use existing music for this project. Why not just use dead air? It's just as easy, if not moreso, to produce X amount of dead air than it is to produce X amount of your wife's music and X amount of dead air to pad it out to the proper length. And using dead air would cause all sorts of consternation when people play the files, wondering if they had a problem in their sound system somewhere...
All in all, this is a great publicity stunt, but it's not going to accomplish the goals that they want, and is sinking to the same level of the pirates to do it.
No karma, just moderation (Score:2)
If a track had established a download track-record, a false-positive "distorted" moderation wouldn't be trusted.
New tracks might be vulnerable to abusive moderators, but if the system forced moderators to first download the complete file, it would prevent abusers from mass-negative-moderation.
If that's not good enough, then a two-tiered moderation system could be implemented, where bad tracks are identified by the first moderator, and then verified by a second.
Re:Post makes no sense... (Score:2)
If anything, this teqnique is simply going to hit the users who would ordinarily be *GOOD* users, and *NOT* the users that are using it to basically horde large amounts of songs they don't even OWN on CD..
Note that they are basically saying 'Use phrases like 'Live Rercording' and 'Outtakes from studio''. THESE ARE NOT ILLEGAL, and are generally encouraged. While you cannot take this and then use it commercially, you can, and many due, use it for personal enjoyment.
Re:Stopnapster.com (Score:2)
Re:Post makes no sense... (Score:2)
Re:Signal to Noise Ratio (Score:2)
In regard to the RIAA's manpower needs in order to affect it, I agree. For an entity to set out to ruin Napster would require a lot of effort. Enough effort to not be cost effective. But I suspect that enough people will fail to try to contribute (by running Napster behind a firewall, by not attempting to share any songs but still taking up a spot on Napster's clogged network) that it will eventually spoil Napster as a resource unless Napster plans for it.
- StaticLimit
Re:Post makes no sense... (Score:2)
Think of it this way... The telephone company doesn't care what you say to other people on the phone, as long as the police aren't involved, but if you started calling up people you thought were lawbreakers and playing loud annoying sounds, they'd turn off your service. They don't care how you're disrupting legitimate users, just that you are. They also don't care that some legitimate users are breaking the law, that's a matter for the police.
In any legal climate before stupid laws like the DMCA etc. passed, and without a multi-billion dollar industry buying up judges, the law would obviously be on their side, especially as they do crack down on users who are demonstrably pirating.
Just goes to show, the OJ method of legal dispute resolution works. Buy some high-priced lawyers, toss a few million in bribe money around, get a new law written, and you have total legal immunity.
Re:Minor Solution (Score:3)
Go get your free Palm V (25 referrals needed only!)
Re:Simple solution... (Score:3)
While this idea has merit logistically speaking, legally speaking copyright law is not an opt-in system. Copyrights should be enforced without the copyright holder being required to request it or do anything more than create their original art. That's why there is no copyright registration office, opt-in is not the point of copyright.
Copyrights are not like Trademarks where you must protect them or lose them, copyrights are *rights* inherent to any original work(s) as soon as they are created and are protected by law from that point forward.
In a perfect world, artists and distribution points would be working together and such a solution would be a "win-win" situation, but right now it's all about litigation and the law is on the side of the copyright holder so there is slim chance that they will agree to such an opt-in system where they must dedicate resources, time, and money to gathering MD5 signatures to give to Napster just to make sure their legal rights are protected.
In a perfect world, the kids who created Napster would have thought of this from the get-go and approached the RIAA before their first beta hit the net. But if you know the real roots of Napster and it's creators, you'll realize that being "legal" was never part of any long or short term plans.
"Wow, I'm having a hard time finding illegal MP3's these days, I should write a program that utilizes an IRC type network to share files, like those 'reet DCC-bots in #MP3
Re:Stopnapster.com (Score:2)
The right way to end this (Score:3)
Simply run a web site that indexes files (of any sort) by size and MD5 checksum (perhaps of the first 1K and then of the whole file). Then, you modify an gnutella client so that it can interact with the web browser (via plugin) and retrieve the name, MD5 and length of the file you want and then download it. The wonderful part is that now you have a reliable way to index, so you can begin REVIEWING.
Reviewed content really is the way to go. Let's say, for example, that what I really want is cat pictures. I come across a file called "pussy5.jpg". Do I download it? Even if it's not junk, it's probably not what I was looking for. Instead, what you do is search through a Web site that indexes by content type and find the best-reviewed files. Thus, I safely discover that pussy5.jpg is in fact EXACTLY what I want, but that cat-stretch.gif is most certainly NOT.
The even better tactic is to replace plain files with "gnutella-format", which would be a predefined sequence of mime encapsulations. The payload is in the last enclosure, but previous enclosures could contain all sorts of useful info including description, author, distributor, copyright info, etc. Also, it would be nice if gnutella clients that are SERVING a file allow for searches based on MD5 checksum (which would require pre-computing the checksums on start-up, but if you do it in a lazy fashion, that's not too bad).
Someone wanna start the world's most popular Web site? You could even act on behalf of the recording industry by marking which files are known copyright violations so that offending clients could semi-automatically scan for them in their caches and delete them. If clients choose not to do this, then it's clearly on the head of the recording industry to go chase them down and prosecute, but you've done your duty for kink and country.
An indexed, colated, reviewed gnutella is definitely the way of the future.
Hopefully he won't have to soon... (Score:3)
... since it looks like this issue will be decided one way or the other in the near future thanks to some sterling work by the RIAA to have Napster stamped out. Whilst this is a pretty sad way of protesting against the fact that Napster is an accessory to theft, at least he's showing that not everybody online has given into to the temptation to defraud musicians, who, even if they do make loads of money, still don't deserve to be stolen from.
Sure we need to have a model for online music, it's a given that at some point the net will become the dominant medium for distributing music, but Napster won't ever be it thanks to it's free for all attitude to copyrights and artists rights. A fairer system will require a central body such as the RIAA to ensure that violations are taken care of - online or offline, this is going to be a constant.
So, the need for a body such as the RIAA isn't going to change, but the need for Napster is as fleeting as any other fad. Expect it to die shortly after the court rules against it.
---
Jon E. Erikson
His idea can be defeated, but it won't be easy. (Score:2)
---BEGIN GnutellaDev post---
I agree that this is a serious problem, and I have a solution in mind. Unfortunately, it's probably a solution best implemented by GnutellaNG. I'll discuss it here though.
I believe what's needed is a distributed content- and host-verification system based on public-key cryptography signatures and a web-of-trust. (GPG sources could be used for the PK crypto) I don't really have a good response for the privacy concerns about plastering persistent identities all over the content out there...but that's just one of many things that need to be discussed.
For those unfamiliar with the distributed web-of-trust implemented in the original PGP release: the idea is that using public-key crypto (where the encryption key has two halves, a public- and a private- half, which are linked in a very special mathematical way...what you 'do' with one half requires the other half to 'undo') you can place signatures on things -- include a hash of the content, create a message using your private key which can be verified by your public key.
In the PGP world this is used to create a web-of-trust: if you have a key owned by a person you trust (say, your very technical neighbor John) you might trust two things about his key: you might or might not trust that his key will remained owned by him (trusting the identity of the key) and you might or might not trust the integrity of the owner in certifying other keys (trusting the integrity of signatures made by the key). So you could trust the key of a complete sociopath, merely saying that you know the key belongs to him personally...but you don't exactly trust his signatures on other peoples' keys. Or you could trust both the key and the signatures of your neighbor John -- not only do you believe his key belongs to him personally, but you believe that when he puts a signature on some third-party key out there, then that third-party key probably really belongs to that person.
In Gnutella, this could be used to maintain a distributed database of trusted individuals and servers (anonymity will be discussed later) and trusted content. The effect will be that, for a given user, once he's taken the time to tell Gnutella how accurate the songs he downloads are...these songs weren't what their filename claimed they were, while these other songs were accurate and of X quality...he can publish signatures affirming to other users that files with X length and Y CRC really do contain Q content. Another user who trusts his signature can then trust files signed by him.
In the simplest case, this system would consist of a separate database of content signatures. When you get a search result from the servlet you're interested in (which contains a filename, size, and CRC) you do another search (perhaps in another network altogether) to find signatures for that file and public keys to verify the signatures with. Each key represents an individual, and each signature represents a public certification made by that individual about that content. Without a web of trust, all I really get from this is a cryptographically strong way of tying identities to content certifications. I have no idea how trustworthy the identities are.
This simplest case can be easilly attacked -- I'll build onto it soon. Obviously, just as quickly as I can create signatures that certify good content as good and bad content as bad, the 'AIAA' (attacking Industry Artists Association) can create identities and signatures that certify good content as bad and bad content as good. So I've only gained ground if an arbitrary user can learn, either from a web page or IRC or whatever...that signatures made from my key are accurate and signatures made from other keys are always inaccurate. The target audience isn't going to want to find and add their own content certification keys.
A more realistic example would implement a web-of-trust. We now have key signatures as well as content signatures: in the keyring management section of my client, I can investigate the keys I know about, by searching for key signatures for the key in question. My which-keys-can-I-trust problem is still there, but easier to overcome now: if we have a few definitely-trusted keys (like the original authors of Gnutella, or known information freedom advocates), those keys can delegate trust to people by signing their keys. Big deviation from the PGP web of trust model here: in PGP you're merely certifying the ownership of the key when you issue a signature. How much you trust an individual is never published by PGP. In the system being discussed here, you are interested in trust more than identity, so you publish trust information. Trust is published by issuing a key signature certificate out into the network, and it's revoked by issuing a key signature revocation certificate.
A client can verify a given key's trustworthiness by the signature path from the known-and-trusted keys. If a key is signed directly by a known-and-trusted key, it's also pretty well trusted. If a key is signed by someone who is signed by someone who is...eventually signed by a trusted key, trust will be established, but with lower confidence. Most likely, the given key will have many many signatures with a fault-tolerant signature path leading back to the trusted keys. If we suppose that one of the original trusted keys' "trusted lieutenants" (keys signed directly by one of the original trusted keys) were to go bad and start signing AIAA keys and start certifying bad content, the original trusted key owner would revoke the trust granted to that individual. All keys signed by that individual would no-longer benefit from that individual's trust. That doesn't mean they become untrusted...but we should hope they have some trust-granting signatures other than derived from the bad individual...because the bad individual's signature is no-longer meaningful.
This model is more likely to survive attacks. Keys that create bad content signatures simply never get marked as trusted. Keys that were once trusted, but have now began creating bad content signatures and signing other bad keys, have their signatures revoked and are no-longer trusted.
This trust network can be self-starting, also. The client software should be able to catalog all of the content and key signatures made by a key. If a particular client can directly measure the 'decisions' made by a key -- checked that its files really are the way it claims they are, and checked that the other keys signed by this key seem to be trustworthy (ugh, recursion) that client can decide to trust that key (partially or completely), thus making another 'root' of the trust tree. To put it another way, the client could also compare the decisions 'influenced' by a key -- which content signatures would become trusted if that key was trusted -- and compare those content signatures to the overlapping content signatures made by the existing trusted network...the client could measure how trustworthy the key might be.
In practice, it seems silly to require processing several public-key crypto operations and finding and downloading many key certificates and files, to tell whether a given content file is worth downloading or not. However...we don't have to use Gnutella to transfer keys and signatures: I imagine Freenet might be more appropriate for this kind of content. (So yes, besides adding the GPG source to Gnutella, I'm proposing merging Gnutella with Freenet someday, using Freenet for key distribution.) Also, each client will need to keep a keyring, retaining the keys and signatures that pertain to the content it's downloaded and the keys it uses frequently.
Assuming a trust network that fans out quickly, with each influential key signing dozens of other keys instead of two or three, it may only require three or four dips into the distributed keyserver to verify content. The client could verify content in the background...coloring a search result's icon from red to yellow to green as it gets more of the key and certificate material it needs.
The only major concern left is privacy and anonymity. These keys are personal identities: for a key to be effective it must be maintained by one person. However, the key and the identity might not be obviously-related: the network won't expose where a key's signatures are entering the network from, and keyring files must be seized or stolen to confirm that any given identity belongs to a specific computer. In addition to that, these keys can be detached from their identities if the owner destroys his private key. The existing signatures made by that orphaned key still stand and are still meaningful, but nobody can tell what individual once owned that key.
It is probably not illegal to help maintain a web of trust. It's probably illegal to host the content directly, and it might be somewhat illegal to directly publish signatures that confirm that someone else's content is what it claims to be (affirming to the world that you personally downloaded the content and confirmed that it was good). However, it's probably not illegal to sign someone else's key, attributing trust to them. All you're really saying is that you trust them to sign only good content -- and you have no idea whether that content is legal or not.
In the Gnutella interface, this web-of-trust system would probably be seen as a key-management screen, a content-rating screen, and as trust levels displayed next to each search result. In the content-rating screen you could look at the content you have downloaded and rated (good/bad, or several more-specific ratings), and who has signed the content. In the key-management screen you could look at the keys you know about, what content the keys affect, and how your ratings compare with trusted or untrusted keys' ratings. When you get search results, a summary content rating can be displayed next to each search result. The system can calculate ratings either on-demand (right-click -> Investigate) or automatically (i.e. search results returned 50), and can explain and graph those ratings for you (I trusted this file because these people certified the file.)
This file represents a vision for the kinda-distant future...but it will be realized only if people get excited about it and work to implement it. If you personally don't understand part of the discussion presented here, or if I forgot to explain something, or if something doesn't make sense, please post here in the forum and/or email me at gnet-comments@mspencer.net.
Thanks for reading. This idea is *yours* now -- please do your part to help it become reality.
Re:Not a bad idea but... (Score:2)
Pretty much. Basically because the copyright infringers, thieves, and people "who want to force the industry to change" are going to keep silent about other people breaking the law. Many of them will scream bloody murder at someone who is making fun of them though.
"I just spent x minutes downloading this junk because Y has a bunch of fake songs and is umm... COPYRIGHT INFRINGING!!!! Take the bastard off!!!" Maybe I'm cynical, but I suspect that a majority of heavy Napster users would react this way. More power to the Cukoo eggs.
B. Elgin
Technology can't fix a legal/moral problem... (Score:2)
It's an amusing attempt, but it won't fix the real issue.
There are easily half a dozen ways for downloaders to counter this, from ignoring the user/machine (a.k.a. the way spam is countered), having a private list of trusted trader parties, or just modifying napster so you can listen as the song is being downloaded. Distrupting third party is extremely difficult and never works over an extended time through spoofing.
What is really needed is a consensus... a moral one first, then later perhaps backed up by laws, over what is the permissable under fair use. So long as you have the the RIAA saying people can't loan CDs to their friends to listen to in cars, and some Napster-kiddies saying artists really should provide music as some sort of charity, we'll just keep arguing this over and over and over (which IMHO is much more annoying than any cookoo cookoo cookoo).
Here's my stab at a centerist moral position: Napster-Rips should be treated like songs on the radio or you hear in music kiosks at CD stores. If you find yourself playing the song for any other purpose than evaluation - go out and buy the rights.
I know there isn't a good technological fix for enforcing this behavior (without getting into some big-brother type thing on the internet), but there doesn't have to be. So long as enough people adopt this kind of behavior (and extremists begin to realize they have), all the other issues will sort themselves out.
egoboo (Score:2)
SEE ALSO: for instance this link [fanac.org]
Re:Post makes no sense... (Score:2)
But then again... (Score:2)
Though IANAL, I feel that Boies's argument is based on a logical reading of prior legal precedents--perhaps a slightly out-in-left-field interpretation, but one that can be logically supported. And if it succeeds in depriving the RIAA of its right to enforce its copyrights for having used them in anticompetitive ways (which is looking more and more possible given that the government has been making "antitrust investigatory" noises toward the recording industry lately), the RIAA could lose all its teeth.
We live in interesting times...
--
Audio-specific hash function? (Score:2)
to identify duplicate songs, and maintain a
cddb-style database. There seem to be a lot of
problems with this approach, although I think it's
better than nothing.
Rather than a cryptographic hash function, have
people considered using an optimized-for-audio
(or optimized for mp3) hash function? Maybe you'd
take a spectral analysis of the music which
eliminated differences due to beginning/ending
whitespace, or minor variations in the recording,
but which could clearly differentiate one song
from another.
This serves not only to deter the "napster
terrorists" who mislabel songs, but also
simplify finding quality music despite incompetent
labeling/id3 tags.
I'm sure there are a lot of signal processing
geniuses, like the guy who wrote cdparanoia/ogg/vorbis, who could come up with
a good "musical hash function".
Re:Simple solution... (Score:5)
Signal to Noise Ratio (Score:5)
Since it's illegal, of course I never have... but hypothetically, if I had, I would have found that there are so many useless links and sites with infinite loops of pop-up porn ads, that the whole thing is pretty much a pointless waste of time. In fact, I wonder if it's designed that way? Some of the sites were so devoid of content, buried under endless popup windows, that I began to suspect conspiracy by the software industry.
Flooding Napster with static, or setting up sites that disconnect users halfway through any download, or doing anything else that substantially lowers the average quality of Napster would drive away a number of quality users and perpetuate the cycle.
In fact, I suspect that over a short time, this will happen naturally anyway!
- StaticLimit
Re:noise pollution (Score:3)
--