Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Music Media

Mission: Infiltrate the P2P Network 629

prostoalex writes "Wired News unveils the secrecy behind Overpeer, the company whose mission is to infiltrate peer-to-peer networks with low-quality audio and video files, or corrupted chunks of data which carry the same name and have the same size as originals. Apparently OverPeer even managed to procure a USPTO patent on (a) producing an advertising digital music file by deteriorating or damaging a sound quality of an original music file of a record of a cooperating record corporation; and (b) distributing the advertising digital music file through the communication network."
This discussion has been archived. No new comments can be posted.

Mission: Infiltrate the P2P Network

Comments Filter:
  • huh? (Score:4, Funny)

    by ak3ldama ( 554026 ) on Friday January 24, 2003 @08:35AM (#5150068) Journal
    don't users of these networks already do this when they share their crappy files
    • Re:huh? (Score:5, Insightful)

      by deepvoid ( 175028 ) on Friday January 24, 2003 @08:48AM (#5150140) Journal
      What the are doing is essentially sabotage, and shooting themselves in the foot besides. Those persons who delivered us anartistic offal on CDs have merely found a way to do the same over P2P networks. The reason the recording industry is doing so poorly has nothing to do with the P2P red herring, but rather, is entirely due to a dismal lack of quality.
      • Re:huh? (Score:3, Insightful)

        by recursiv ( 324497 )
        You think your definition of quality has any kind of significant impact on record sales? I beg to differ. In fact, I do differ. Where are the masses that would come out and buy all these high quality albums? I'm sure some people would, but not a lot. The music barely matters at all in fact. I think most people buy certain music to give themselves a certain image, or associate with a certain subculture, or to be cool. So it's all about how the band is promoted. If your band is promoted to goths (just using the term makes me cringe) as the hot new must-have music, then the goths will buy it.

        This is done other ways than just advertising, though advertising is a huge deal. Certain bands or artists get in the news or involved in controversy. I'm convinced most of these are carefully planned to appeal to the target audience.
  • Seems like they are trying to piss in the pool to drive everyone away.
    • And this would cause people to WANT to visit their overpriced pay per use pool? I haven't bought a CD in many years. I also do not participate in P2P piracy. I find plenty of good FREE quality tunes in legitimate distribution channels. MP3.com, et al. provide me with enough legit free material. I no longer desire to spend $18.00 for a CD of bland uninteresting music the RIAA is spewing.
  • Its amazing.... (Score:3, Interesting)

    by haplo21112 ( 184264 ) <haplo@epithna.cCOFFEEom minus caffeine> on Friday January 24, 2003 @08:38AM (#5150078) Homepage
    How many people and companies that are willing to make money by being scum...worse still that the patent office is willing to grant them a patent on being a scum. P2P is good for the world, why the hell can't people just get over it and let it be.
    • by leonardluen ( 211265 ) on Friday January 24, 2003 @08:42AM (#5150100)
      i have prior art! i was distributing crapy files on p2p long before they ever came around!
    • Re:Its amazing.... (Score:5, Interesting)

      by PhxBlue ( 562201 ) on Friday January 24, 2003 @08:59AM (#5150234) Homepage Journal

      The patent may in itself be a good thing. Do we want other companies to be able to duplicate this scumminess? I think not. . . better to let the scumbags feed off one-another.

    • Re:Its amazing.... (Score:5, Insightful)

      by nanojath ( 265940 ) on Friday January 24, 2003 @10:04AM (#5150721) Homepage Journal
      Explain to me how an organization, transmitting a file under the name of a copyrighted work with the authority of the copyright holder of that work, is scum. The reality is, this only screws up P2P in its use to violate copyrights - and the people who own those copyrights, whether they are nice people or jerks, whether they are honest or "scum," are not only well within their rights, but they display a unique hypocrisy and double standard in the P2P community. You claim the right to share the files you want to - even if it is illegal under US and many international laws to do so? Yet these people are "scum" because they share the files they want to - files which would have no impact on you if you were not specifically searching for information that was illegal to copy and distribute.


      As long as the focus is on how to violate copyrights we will never be able to do the much more complicated and involved work of convincing artists to ditch the hindrance of the publishing industry and take advantage of new technologies to reach a bigger audience for a lower investment (and, given the spectacularly rotten economics the biz offers musicians, make more money to boot). Everybody wins except the recording giants. Ah, that sounds like work. Better get back to pissing and moaning that they're slipping poison pills into your free stuff.

    • Re:Its amazing.... (Score:5, Insightful)

      by JSmooth ( 325583 ) on Friday January 24, 2003 @10:07AM (#5150739)
      Another amazing fact was the mod of this post. You make a very broad statement. 'P2P is good for the world'. Why is that? I know why it is good for you and me. It make it easier for the technology haves to download the music, games, videos they love so much. but why is this good for the world? How does this help society in anyway? Don't get me wrong I think the level of crap produced by the Music industry is at epic levels. However, the movie industry and game industry have been producing some major pieces of work. Yea they may be over priced and poor people may not be able to afford them (but I bet these same people can afford a kick-ass system to run those games on).

      Or maybe you just wanted to try out the full game. Whatever. It don't matter. What makes this P2P good for the world?

      Nothing. Don't try to justify your behavior. You can't. It's like using drugs. You don't use them to make you a better person. You use them because you can and it's fun. So please, don't try to make yourself out as any better than the 'scum' that would try to stop you. There is no honor among thieves.

      The P2P concept is awesome. It is a great way to quickly exchange ideas, papers, shareware/freeware, etc. But when was the last time you downloaded anything other than copyrighted material from a P2P system?

      • by JKConsult ( 598845 ) on Friday January 24, 2003 @10:52AM (#5151079)
        Don't try to justify your behavior. You can't. It's like using drugs. You don't use them to make you a better person. You use them because you can and it's fun. So please, don't try to make yourself out as any better than the 'scum' that would try to stop you. There is no honor among thieves.

        There are many ways of justifying actions other than through the morality of those actions. I don't read books to make me a better person, I read them "because I can and it's fun." Perhaps reading makes me a better person (sometimes yes, sometimes no), but that's not why I do it. Does that mean I can't justify reading? And yes, sometimes drugs can make people better, too. Recreational drugs can make people less tense, they can give people new perspective, they can introduce people to whole new worlds of experience. Do they do this for most who use them? Probably not. But there is more "honor among thieves" among recreational drug users than exists between record labels and their consumers.

        It's this puritanical stance that has really started to get me over the last few years. "Just because it's legal, doesn't make it right", true, but just because someone doesn't think it's right, doesn't make it so. Everything doesn't have to make the world a better place to have justification.

        That aside, I do agree with your thesis. "P2P makes the world a better place" is one of the most specious and nebulous statements I've heard in a great while.

      • Re:Its amazing.... (Score:4, Insightful)

        by Disoculated ( 534967 ) <rob&scylla,org> on Friday January 24, 2003 @11:16AM (#5151226) Homepage Journal

        "You use them because you can and it's fun."

        Whoa there buddy, there's a lot of things that humans do because they can and it's fun. Not everything needs to be done to improve one's person.

        For example, unless you're a hardline religious conservative, sex is the first thing that comes to mind. People don't use that exclusively to procreate, and it's exercise value is arguable... in fact it's a great way to spread disease. We still do it of course, because it's fun.

        Of course, moving off to your more reasonable point of "What makes this P2P good for the world?". The value is that people can examine things before purchasing them, which the can't legally do now. If you play a game and it sucks, too bad. Buy a movie and it stinks, so what. Buy a CD and it's full of crappy remixes and vapid lyrics, oh well (don't give me that "but you would have heard it on the radio" stuff, the radio doesn't play what I like to hear in these days of consolidation).

        So, I download music online. If I like it, I buy the album. If it sucks, I don't. Yes, it's illegal. So is speeding. So is oral sex in the southeast US. So is lighting firecrackers in the northeast US. So is breaking curfew for teenagers. So is passing on the right. So is making a loud noise past 10pm. So are a ton of other things that people blow off on a regular day because they are fun, and it's stupid for them to be illegal.

        Oh, and something else that's illegal.. Civil Disobedience, which is really what P2P is. Call it Corporate Disobedience, or Copyright Disobedience, or whatever you like. What it really does is show Corporate America that people hate their methods of media distribution so much they'll do whatever they have to to get around it.

        And, finally, the Artists. Isn't all this P2P shit bad for them? Hell no! I never would have heard of the Cruxshadows, Claire Voyant, Attrition or The Shroud if it wasn't for P2P (you'll never hear them on the radio), but now I bought all their albums AND go see their shows. Since they don't make jack off the albums but they DO make money (the artists, not the record companies)off the shows, I think that makes it good for them too.

  • MD5? (Score:5, Insightful)

    by t0qer ( 230538 ) on Friday January 24, 2003 @08:40AM (#5150089) Homepage Journal
    or corrupted chunks of data which carry the same name and have the same size as originals.

    Isn't there some magical algorithm that produces an unique checksum number for a file, and if it were missing chunks wouldn't that reflect in that magical number? Don't most P2P networks use this magical MD5 checksum algorithm to ensure files aren't screwed up?

    Gee, you would think the patent office would realize they just awarded a patent to the same guy that sells server pixie dust.
    • Re:MD5? (Score:5, Informative)

      by JimDabell ( 42870 ) on Friday January 24, 2003 @08:49AM (#5150144) Homepage
      Isn't there some magical algorithm that produces an unique checksum number for a file, and if it were missing chunks wouldn't that reflect in that magical number? Don't most P2P networks use this magical MD5 checksum algorithm to ensure files aren't screwed up?

      Yes, but the client supplies the checksum. There's nothing to stop a client from sending a phony checksum.

      In any case, the checksum only really protects against things getting screwed up through the transfer - if they are screwed up to begin with, the checksum isn't going to help at all.

      • Re:MD5? (Score:5, Interesting)

        by Anonym0us Cow Herd ( 231084 ) on Friday January 24, 2003 @09:07AM (#5150281)
        but the client supplies the checksum. There's nothing to stop a client from sending a phony checksum.

        What if the content were divided into blocks. Each block has its own hash. As you are downloading the content, each block can be checked. As soon as you encounter a corrupted block, you blacklist that node.

        Really a trust based ratings system is going to have to be established. But in a way that it totally decentralized.

        This can be extended such that you download different blocks of a file from different nodes at the same time, thus getting the file sooner.

        In fact, what would happen if no single node had a complete file? This might not absolve you from copyright infringement though. So suppose that in order to form each block of the file, you actually had to download multiple blocks by their hash number, and XOR them together. Yes, it might take 3 times the bandwidth to download a file, but not necessarily 3 times as long in real time on a broadband connection.

        Now if Joe offers block 0x2857389298371987578392 of bytes that must be XOR'ed with two other blocks in order to produce the first block of the file, is Joe guilty of copyright infringement? But that same block might also be needed to reconstruct The Constitution of the United States, or the Bible or Moby Dick.

        The process of obtaining a file would be to first obtain a trusted list of the block numbers you need to obtain. Then you download those many blocks over the P2P system. The blocks you obtain may come from many different nodes. You just recombine them by mixing and adding water.
      • Re:MD5? (Score:3, Insightful)

        by MegaFur ( 79453 )

        In any case, the checksum only really protects against things getting screwed up through the transfer - if they are screwed up to begin with, the checksum isn't going to help at all.

        But there are ways... In KaZaA land (Yeah, yeah--spyware, but that's what KaZaA Lite is for) they're trying to get "verified files" going. The idea: you go to a web page or something, that you trust. You click a special link there and instead of starting some normal download, it pastes a special unique identifier (like an md5 sum--maybe it actually is an md5 sum, I don't know) into your KaZaA search thingie.

        The problem: If any host that has a copy of the file makes any changes at all, it may not have the same id anymore. Also, you have to actually have a lot of users participating (not screwing each other over) and updating and mantaining all these sites and things. It takes more effort, therefore it won't work out as well.

    • Re:MD5? (Score:2, Informative)

      by frp001 ( 227227 )
      On the other hand checksumming is not a garanty of uniqueness : If not it would be called compression (Cool a 4 minute song on a MD5 checkum).
    • All hashing algorithms can be defeated if you know the algorithm....given precisely placed bits, it is not impossible to have two files with the same hash.
      No its not PRACTICAL...but maybe they've got some brute force per song?

      MD5 takes the content of a file and forms a number from it in such a way that:
      it is not possible to tell the contents of the original file just by looking at the hash value
      and
      it is not reasonably practicable to generate a file that will give a particular hash.
      as an aside...most people are too lazy to check md5's anyway.....
      • Re:MD5? (Score:3, Informative)

        by jetmarc ( 592741 )
        > No its not PRACTICAL...but maybe they've got some brute force per song?

        They'd need A LOT of brute force. Still today exist no two known files with same MD5 hash. You could claim the big price if you could come up with two such files!
    • Re:MD5? (Score:5, Insightful)

      by Hellkitten ( 574820 ) on Friday January 24, 2003 @08:51AM (#5150174)

      and if it were missing chunks wouldn't that reflect in that magical number?

      You would still have to download the file completely before you could check it, and if they let you get halfway through the download and then cut your bandwith to a crawl you'll have to use a lot of time to rule out all the bad copies and get get a good one

      No doubt there will be p2p clients that you can configure not to display a file if there are too many hosts for it, if it's only shared by a few users it's less likely to be part of this spoofing attack. Expect several even more creative ways to filter out suspect files/hosts to appea.

      Eg: Every time you get a file you check it and mark it as either good or bad, when you later search, you include a search for these known-good and known-bad files. If a hosts shows hits for many of the known-bad files you ignore it. With a little tuning the job of the spoofers can get a lot harder.

    • Re:MD5? (Score:5, Insightful)

      by giminy ( 94188 ) on Friday January 24, 2003 @08:51AM (#5150178) Homepage Journal
      Maybe they could do this, it depends on the file. Obviously the md5sum of my mp3's are going to depend on what bitrate I use, how good the encoder was that made it, whether my cd had some barely detectable scratches on it that cdparanoia smoothed out, etc. So the same song might have many valid checksums.

      I think it would be hard to determine which is a valid file, though. How could a peer to peer network make such a judgement call without some central authority? Like if they left it up to the users to vote (ie a whole bunch of people say this song isn't the right thing, a whole bunch of people say this song is the right thing), someone would just come along and poison the vote. Unless some more organized voting scheme were made. I can't think of anything other than a 'web of trust,' but then that takes away any anonimity that current p2p file sharing gives (which isn't much, but it's better than none).

      And if they had some central user voting what was right and what wasn't...well now they have a central point of failure again, like napster.

      All in all it's a good idea (using md5sums), but the implementation might be tricky (or I might just be paranoid).
    • Re:MD5? (Score:5, Insightful)

      by jomagam ( 512625 ) on Friday January 24, 2003 @08:54AM (#5150192)
      Of course you can calculate the MD5 checksum for every file, but you seem to miss the bigger picture. Taking the Linux kernel as an example:

      1. You check on ftp://ftp.kernel.org/ the MD5 checksum of the kernel you want to download.

      2. Find a mirror and download that kernel.

      3. Calculate MD5 on the downloaded file and compare it to the checksum from ftp://ftp.kernel.org/

      The problem with music files is that even if you start from the same CD so many different wav->mp3 converters can be used that it's impractical.
    • Re:MD5? (Score:3, Informative)

      by teaserX ( 252970 )
      Attn: Mod parent up liberally

      The whole multipoint download thing would be impossible without this. Filesize and name are irrelevent. Doesn't everybody grab all of the versions of the file they want and just delete whatever sucks? I guess you can sell anything to desparate, un-savvy corprate types. Jeez.

    • Re:MD5? (Score:5, Interesting)

      by jetmarc ( 592741 ) on Friday January 24, 2003 @09:08AM (#5150289)
      There are two ways to attack MD5 checksums:

      a) you can upload random garbage and ignore the fact that the other party will find out. MD5 hashing can be done only once the download (of the chunk) is COMPLETE. Until then, you can waste a lot of his (and your) bandwidth. Edonkey2000 for example, has 10 MB chunks. You can upload 9 MB of random data and then stop with an error message. He will not find out until someone else uploads the missing 1 MB to complete the 10 MB chunk for hashing. Or better, let you be the one that uploads the missing last bytes of a chunk, so that you can poison 9 MB of good data with only 1 MB of bad data.

      b) you can create new (bad) files and introduce them into the system, in parallel to existing files. Give them nice filenames, post links to the files on the usual pages, and people will start downloading them. Make sure that the files are very easy to find, and downloads start immediately (not necessarily: complete immediately). MD5 checksums are not your problem, because you're in a position to supply the correct ones (when releasing the file).

      Both options will disappoint downloaders, because they have to start over again and again. With option a), the software will do that automatically, and depending on its strategy it will take very long to complete a file, or it might possibly never happen. With option b) the user itself will have to go out and start another search, look for "non-fake" links to other versions of the album/film/whatever.

      I'd be careful however. P2P developpers might take this as declaration of war, and counter these attacks. Actually, there already exist databases with hashes of fake files (option b) where users can lookup before they start downloading. Option a can be countered by finer granularity of the chunks.

      Marc
    • No, not really. (Score:3, Insightful)

      by FallLine ( 12211 )
      I think you have a false impression of what they're trying to do. They're not going to intercept "legitimate" mp3 files, modify them, and re-distribute them back as those files per se. They don't need to; they're going to originate the files that match the file names, id3 tags, approx. size, and possibly other characteristics of the valid files that users are searching for. While many of these networks implement some kind of checksumming algorithm for swarming and what not, the fact is that the downloaders rarely would know what checksum to expect, even if the checksum of the file on the remote server is visible to the user. Unless, say, some mp3 (in the "warez" sense) group rips a set of high quality mp3s, distributes them (directly or indirectly) to these networks, and publishes the checksums in a manner that all downloaders can easily get and cross-reference, it's unlikely to work either. Remember that different mp3 encoders will all result in at least slightly different mp3 files, which makes the checksum worthless. In any event, all most users are looking for is the file name and, perhaps with the slightly more sophisticated users, the file size and bitrate. If this group can force users to make an extra step, to go to numerous l33t "trusted" warez/mp3/hax0r websites to get checksum lists and what not, then they'll have at least partially succeeded in their mission.
    • web of trust (Score:5, Interesting)

      by seanadams.com ( 463190 ) on Friday January 24, 2003 @09:17AM (#5150370) Homepage
      The "web of trust" is the solution. Think of how google's pagerank works: pages with higher ratings have a stronger influence in deciding (through their links) which pages are "important".

      This is the next step in p2p. Each file is checksummed, producing a unique ID that is practicallty impossible to forge. Then the peers "rate" the file. The weight of any peer's rating is determind by his agreement with other peers. Thus you have a system which is nearly impossible to sabotage. This all sounds great in theory, but the implemenation in an untrusted p2p environment is very difficult. It's MUCH easier when you have central control of all the rating info.
      • Not so simple (Score:3, Interesting)

        by pclminion ( 145572 )
        Each file is checksummed, producing a unique ID that is practicallty impossible to forge.

        How is that? You're trusting the word of the other peer as to what the file's checksum is. The other peer can lie. You can verify the checksum yourself, but only after downloading the entire file first. So, this system can let you know if you have a "genuine" file, but it won't save you the time you wasted downloading something just to find out it's corrupted.

        You can't solve this problem even by SIGNING the hash! To validate the hash you have to first have the entire file, hash it, and compare the result against the decrypted signed hash. You STILL end up wasting your time downloading a file that's corrupted!

        However, signed hashes would be nice in order to catch malicious files that SOUND right, but actually contain some kind of buffer overflow or something similar. We'd have to set up a central authority for the purpose of validating that files aren't trojaned, and then signing them. But now, this is starting to look more like "organized crime" in the eyes of the RIAA... "Look, they're setting up central authorities to facilitate illegal file sharing!"

    • Re:MD5? (Score:3, Interesting)

      by Ed Avis ( 5917 )
      Surely you could download several different damaged versions of a song and reconstruct the original (or something approximating the original) from them?
  • by m.o ( 121338 ) on Friday January 24, 2003 @08:40AM (#5150090) Homepage
    That plan actually makes sense. Independent artists who want their work to be available through Kazaa obviously won't do that, so you'll still be able to download their songs. On the other hand, owners of copyrighted materials will make life harder for those who steal. There is nothing wrong with putting more locks on your house. (How viable this technology is, and how long it takes Kazaa or someone else to find ways to overcome this problem, is a different matter altogether).
    • The only problem is its NOT stealing...P2P is not doing anything that I haven't been able to do with my tape recorder or VCR my entire life. Sorry but any arguement to the contrary just doesn't wash. The ability to listen to music I otherwise would never have considered purchasing has very much influenced my purchasing habits over the last couple of years. I actually buy more music not less. The problem is to the music companies it probably looks like less because I buy less of what they want me to buy, and more of the less promoted music that I got a chance to listen to, whithout dropping $15.00 first on a crappy album. Waht these companies are doing is the illegal activity, they are degrading the original source...in a way we could call it defamation, or slander....
  • by Maeryk ( 87865 ) on Friday January 24, 2003 @08:40AM (#5150091) Journal
    Someone who has a band setup and knows how to secure rights to perform/distribute a cover song.
    Get the rights, sing the song, distribute over P2P willingly and freely, then sue these sumbitches when they destroy the persons original work. I dont see any reason this wouldnt work.. find someone who can do a killer Iron Maiden or something, and go nuts!

    Unfortunately, I dont have the skill or the contacts, but fighting fire with fire in this fashion may be a way to make corporations think twice about messing with file content.

    Maeryk
    • They claim they're only doing it with consent of the record labels whose music they defile. If they started destroying everyone's files without permission they'd be hosed.

    • Someone who has a band setup and knows how to secure rights to perform/distribute a cover song.
      Get the rights, sing the song, distribute over P2P willingly and freely, then sue these sumbitches when they destroy the persons original work.


      That won't work. Like the article says, these guys only destroy their clients' songs / files. They don't destroy all songs / files they come across on P2P networks.
    • find someone who can do a killer Iron Maiden

      First Problem: It has to be something people will want to download or your plan won't work.

      fighting fire with fire

      The recording industry already is fighting fire with fire. P2P screwed up their revenues, rightly or wrongly, and now they're screwing with the P2P networks in a perfectly legal and hilarious way.

      Get some perspective: You're getting music for free. For. Free. Or, if you've already purchased the CD, you're getting a free encode. I'm not gonna call you a pirate, but you ain't the friggin' Archangel Gabriel, either. Put up with the minor inconveniences and keep your sense of humor about it.

      The Recording Industry is filled with greedy and technically inept sumbitches. The P2P networks are filled with spoiled whiney children. I'll miss the sheer entertainment of this Texas Cage Match once the labels finally get their act together and provide an efficient and reasonably priced means to pay for the downloading of songs (after which, the feds will be all over content traffic via P2P like white on snow).
  • by kakos ( 610660 ) on Friday January 24, 2003 @08:41AM (#5150093)
    ...since the advent of the P2P network. This would explain all the files I get that sound like someone decided to take a microphone to the bathroom after a day at All You Can Eat Mexican.
  • Legalities (Score:4, Interesting)

    by dfcox530 ( 593836 ) <dfcox530@@@gmail...com> on Friday January 24, 2003 @08:43AM (#5150108) Homepage
    If I were a musician (I'm not but bear with me) and I posted my own original works to Kazaa and then things like this corrupt my works and prevent others from downloading it what recourse would I have against anyone?
    • Re:Legalities (Score:5, Insightful)

      by Sheeple Police ( 247465 ) on Friday January 24, 2003 @08:57AM (#5150219)
      As you saw from the article, this is about Overpeer working in conjunction with the copyright owner in order to try to discourage the amount of file-sharing occuring of copyrighted material held by the holder. If you were a musician, and you posted your works to Kazaa by means of sharing them, and they were dissimated, Overpeer wouldn't be doing anything. You don't have a contract with them, they're not trying to defend your copyright. However, if you were an "artist" (used as loosely as she is) such as Britney Spears, and you wanted to dissuade users from sharing your songs, you could contact Overpeer and have them flood the network with advertising files/horrible audio/any other means to discourage the downloading of your songs.

      However, an interesting question comes from this that you weren't necessarily intending - what would prevent your competitors from contacting an Overpeer-like company and having them smear the audio on your files and distribute them such that the crappy audio becomes the majority of the results, thus preventing people from being able to truly enjoy music that you have willingly released. Depending on how you maintained and defended your copyright, and considering you had posted your works to Kazaa to begin with, they just might be able to get with that, leaving you in a bit of a bind.
    • I'd venture: none, since you weren't given any guarantees about the quality of the service in the first place.

  • Won't Work (Score:5, Insightful)

    by kakos ( 610660 ) on Friday January 24, 2003 @08:44AM (#5150111)
    I know some P2P networks just match file size and name, but I'm pretty sure most of the good P2P networks check a file's MD5 to see if it is the same as another. If the MD5 matches, it's probably the same file, despite having a wildly different name.

    Unless Overseer or whatever found a reverse algorithm for MD5, I doubt very much that they could degrade the qualify of a music file in such a way that the MD5 doesn't change.
    • Re:Won't Work (Score:5, Informative)

      by olethrosdc ( 584207 ) on Friday January 24, 2003 @08:50AM (#5150165) Homepage Journal
      So suppose you do a search for 'Band XYZ'
      and you get results
      BAND XYZ - I can't write a song (md5=12345)
      BAND XYZ - I cant write a song (md5=91283)

      One of them is the real and the other is the decoy. Which one is which?

      Or if they are ripped from analogue sources, they would be different.

      The md5 thing only works if all files are exactly the same.
  • by Gropo ( 445879 )
    All the more reason to use Server-to-Client [haxial.com] networks instead.
  • by Vengie ( 533896 ) on Friday January 24, 2003 @08:46AM (#5150122)
    We can't build a better mouse trap...
    So we'll break yours!

    (ok...not "break" but render rather inefficient....grumble.)
  • Fair, But Stupid (Score:3, Interesting)

    by occamboy ( 583175 ) on Friday January 24, 2003 @08:46AM (#5150124)
    On the one hand, this sounds perfectly fair. After all, they are taking steps to prevent folks from stealing intellectual property.

    On the other hand, it seems like it's easily bypassed -- some authority should keep a central server with a list of known good files and some sort of hash associated with each file. If the file is distributed in pieces, there could be a hash for each piece.

    Finally, isn't the entertainment industry's time is better spent developing a functioning revenue model? People want music online, and they won't pay a lot. Sorry, the genie is out of the bottle -- get a real revenue model -- or someone else will, and they'll kick your butts. All the incredibly crappy and formulaic new "music" isn't helping much, either.
    • >>Finally, isn't the entertainment industry's time is better spent developing a functioning revenue model?
      YES!
      I nominate you head of whatever record company you like! Couldn't have said it better myself! I seems that rather than do what you suggest, they'd rather run the chance to piss off a LARGE percentage of their customers...
  • Before we start going off on the PTO, remember this is a published patent application, not an issued patent.
  • by curtisk ( 191737 ) on Friday January 24, 2003 @08:47AM (#5150130) Homepage Journal
    Simply put, how do they know what is or isn't legal?
    There are plenty of bands that release some or all of their tracks for free....how are these guys determining WHAT gets fubar'ed and what doesn't......could a new file naming convention by P2P traders make this REAL hard for these guys..? How aer THEY choosing what content gets whacked?
  • From the article:

    2) Collect illegally produced digital music file.

    3) Edit illegally produced digital music file (damage sound quality).

    4) Distribute digital music file on network.

    All of these are illegal under the DMCA.

    Oh, I get it, it's ok to break the exact same laws you're trying to get the general public to stop breaking. I know, lets run around and rob the thieves and rape the rapists, that'll get them to stop too. Why didn't we think of it before?

    <sigh>

    Damien
  • Perfectly Valid (Score:2, Interesting)

    by czarneki ( 622927 )

    This is a perfectly valid attempt by the record companies to fight for their survival. In fact, I applaud it because, for once, they are not resorting to the courts or the coercive power of the state to crush the "criminals" who share music. Instead, they are playing a technological game in our arena, on our own turf. This is simply a variation of the way a.s.t used to invade newsgroups by flooding the channel with bogus trolls.

    And since they are playing our game, we can strike back the same way. We can institute the equivalent of killfiles (if we know the IP of these bogus sharers), or, even better, we can add audio fingerprinting [internet.com] to P2P networks to filter out the bogus files. That sounds like a good open source project.

    So long as they try to play this game with us, they can't win.

  • Illegal or legal? (Score:3, Interesting)

    by plcurechax ( 247883 ) on Friday January 24, 2003 @08:49AM (#5150148) Homepage
    Aren't they illegally distributing these copyrighted content without permission, which is still criminal regardless if it is of low quality?

    Or do they have the copyright owner's permission (i.e. licensed), in which case it is legal to download those recordings?
  • by PMuse ( 320639 )
    . . . that FSF didn't apply for this patent. And then sue the *IAA for infringement. Irony.
  • I'm just trying to get my hands around this concept. Why is the RIAA/MPAA hegemony doing everything in their power to alienate their users?
    • They assume all users are guilty of piracy, and will proceed with that in mind
    • Since all users pirate works(see above point), they release copy-protected works that do not work according to standards...other than the infamous "neener-neener, you can't copy this" standard
    • Through their extensive lobbying efforts, they're seeking to remove what little legal rights we had to items purchased. (e.g. When I buy a gallon of milk. I have to make sure there's no EULA. Of course, I can't see me taking the time to reverse engineer it)
    • Now they're actively trying to poison P2P networks
    I would like to know when this is all going to come to a head, or is it going to be continue to continue spiralling until someone/something/group of someones intervenes. Perhaps it will stop when the majority of their user base becomes so alienated that purchasing a copy (licence) of a work is viewed as a faux pas.

    If they'd work on developing a better digital delivery system (I don't see the current methods being very viable), perhaps that would do something to curb piracy
  • Stupid. (Score:5, Informative)

    by grub ( 11606 ) <slashdot@grub.net> on Friday January 24, 2003 @08:49AM (#5150154) Homepage Journal

    It won't work well with all P2P networks. A prime example is the eDonkey network [edonkey2000.com] which uses a hash of each file as an identifier, not a filename/size identifier. You can rename the file to anything and the hash won't change. eMule Project [emule-project.net] is another great eDonkey network client and is open source.

    This is too little, too late, unless you're stuck on Kazaa.
    • Re:Stupid. (Score:3, Interesting)

      by Tolchz ( 19162 )
      And this hash is provided by who ?
      If the client provides then a fake hash has to be returned, and then send the bad file.

      You can never trust the client. That seems to be one of the problems with P2P. The client is also the server. If you can't trust the client then you can't trust the server.

      You'll need to have some type of cryptographic signature so that certain keys can be signed and trusted. Of course then you lose anonymity because even though you can't determine who has a key easily you can determine which files have been signed by the same key.
      Then once you find the person who owns that key, you have a long list of copyrighed material that that person has signed.
  • The grunge band I was in in high school was distributing low quality audio long before these guys showed up! I wish I'd realized there was money to be made from it...

  • I did not know that you could patent sabotage?!?
  • by br00tus ( 528477 ) on Friday January 24, 2003 @08:50AM (#5150170)
    ...because it is going to improve p2p technology. Face it, we're always going to be one step ahead of these people. I have been working on a Gnutella [sf.net] client, and am familiar with what it has implemented, and plans to implement. The idea of file CRC's was thought of almost immediately after Gnutella hit the net, but it has been implemented in a preliminary form a few months ago in Gnutella, and tigertree hashes will improve on this when they are soon implemented. Plus we have web sites like Bitzi [bitzi.com] (which have an open database) so that one can verify files with their hashes. Of course, they can keep coming on and spewing junk out, trying to fake out Bitzi and whatnot, but I'm confident we'll always keep one step ahead of them. And I think this kind of dialectic back-and-forth will eventually result in a p2p network very resistant to authority, and very dependent upon free association, which I think will be most awesome.
  • by Modern Hamlet ( 311094 ) on Friday January 24, 2003 @08:51AM (#5150171) Homepage
    Tit. Tat.

    I might not like it, but this response seems pretty logical to me. The Industry has declared war on P2P as the source of their dwindling profits. (I'm not going to argue the validity, that's irrelevant.) Of course they're going to try to sabotage these networks any way they can.

    This puts the ball back in the court of the P2Pers. So what's the next step? Seems to me it won't take long for someone to come up with either a moderation system or IP blocking scheme that will force the Industry into a different line of attack.

    When are these people going to learn that if they spend 6 months developing a technology to "protect" their copyrighted info, it will take 6 days (if that) for someone to defeat it?

    Dime to donuts someone has a way to beat these bogus files within the week...

    -mh
  • Blacklist the IP? (Score:3, Insightful)

    by Rik Sweeney ( 471717 ) on Friday January 24, 2003 @08:53AM (#5150182) Homepage
    Surely it won't take very long for people to discover the IP addresses that the rogue files come from and block them? A (long) list of rogue IP addresses was posted on Slashdot a couple of weeks ago.
  • They better get LOTS AND LOTS of IP addies, because word will get around about which users distribute corrupt file and folks are going to publish web pages listing the user IDs and IP address blocks disseminating corrupt files. Also, it's not that difficult to listen to the first 30s of a partial download--if it's junk, download cancelled, user banned, nice try.
  • I often seed public databases with junk data, effectively rendering them useless. Sometimes I mis-reshelve books at the library (you should see the card catalog). I create bogus auctions on ebay under fake names. I distribute pdf's of gutenburg "ebooks" that actually contain hardcore pornography. It makes me smile whenever someone downloads Grimm's Fairy Tales. Oh, they're 'Fairy' tales all right. I always worked anonymously, because I thought this was illegal and I'd get in trouble if I were caught. Now I know that I'm a hero, and this account can finally be told.
  • but, uh, if i run into a low quality download, i'll just delete it and not share it anymore...
  • Won't Work (Score:5, Insightful)

    by cyber_rigger ( 527103 ) on Friday January 24, 2003 @09:03AM (#5150257) Homepage Journal

    People will just delete the junk and keep the good copies (think about spam).
    The good copies get moved to the "good stuff" directory (available for download) and the bad stuff goes to /dev/null.
  • by slummerx86 ( 642287 ) on Friday January 24, 2003 @09:03AM (#5150258)
    ...and it's called Google!

    Just think about how google works, I look for "slashdot" and what comes up in the first page of results? Now think why, it's because loads of other people have been there before me and they thought that www.slashdot.org was exactly what they were looking for.

    now apply this to p2p, someone posts crap, I download it, it's crap, I delete it, problem solved, the file doesn't distribute because I don't share it, if nobody wants a file then it gets disregarded. okay so it won't be so effective against less popular music, but that's not the kind they're likely to try and propagate.

    This kind of this has some crossover with the network theory post from today (yesterday?). If you're interested in P2P I'd recommend reading about it.
  • by jonathan_ingram ( 30440 ) on Friday January 24, 2003 @09:07AM (#5150278) Homepage
    It's not too hard to avoid low quality/bogus files. All you need is some form of rating and feedback system. ShareReactor [sharereactor.com] fulfills this need for the eDonkey network, providing links to verified versions of files. I imagine it's very possible to decentralise this system significantly, or even to integrate it into the file sharing protocol itself, in order to reduce the possibility of the rating site being shut down.
  • by simi-lost ( 639853 ) on Friday January 24, 2003 @09:09AM (#5150302)
    "...And, in certain cases, we also may help them build relationships with potential customers who happen to be on the P2P site"

    "On some level they understand that P2P users are also potential customers -- record buyers, video renters or gamers -- and don't want to alienate them"

    Well if you want my business, then maybe you should give me a sample of what you have to offer, and not just waste my time in the first place. But then again, If I can buy a complete movie on DVD for even as low as $5 on sale, or $20 not on sale, why would I want to pay $18 for a CD with maybe 15 tracks if I'm lucky.

    Either way, these businesses need to figure out how to attract my attention, rather than ram their practices which are tried and proven to be not working, down my throat. Can't open my wallet that way!

  • by Lumpy ( 12016 ) on Friday January 24, 2003 @09:14AM (#5150331) Homepage
    It's the age old Pissing in the well trick.. if you poison the source then people wont use it.

    Unfortunately there are at least 90-100 more talented programmers and solution finders to every employee they have out there that will find a way to detect or reject their junk. This company has nothing of value to sell to any interested party, just like macrovision is 100% worthless (both 1 and 2 are easily removed without effort and only $5.00 worth of electronic parts, or a simple $10.00 box that can be purchased most anywhere called a "video stabilizer")

    Let them do their worst, let the companies waste their money on this snake-oil salesmen. i dont care, it will never affect me, and by the time the first 2-3 of their supposed files get in the wild there will be patches to kazaa-lite , open nap servers, and gnutella clients that simply will not list these files.

  • by Cyno01 ( 573917 ) <Cyno01@hotmail.com> on Friday January 24, 2003 @09:16AM (#5150347) Homepage
    an original music file of a record of a cooperating record corporation
    Since when does the record corporation own a music file that I PAID FOR? Its my stuff, it was when i payed for it and left the store. Its not like the record lables i buy stuff from care or would participae in something like this, but it scares me when i hear about stuff like this. The whole RIAA worm scare and all that. I have over 200 cds worth of legally purchaced music ripped onto my jukebox. I have nightmares about the day i hook it up and whatever latent thing on my box destroys my whole collection. Just because i have copyrighted files on my computer doesn't mean i stole them.
  • Great idea (Score:5, Funny)

    by Kanasta ( 70274 ) on Friday January 24, 2003 @09:17AM (#5150369)
    I'm going to patent creating potholes with the cooperation of tyre manufacturers; and distribute them thru the road system.

  • by curtisk ( 191737 ) on Friday January 24, 2003 @09:27AM (#5150438) Homepage Journal
    Just thinking, do these guys get paid piecework, so to speak...per song? Or per thwarted piracy? Whats stopping them from screwing up a batch of songs........a month passes by, re-downloading the songs they screwed up, and charging the RIAA double?!

    UNLESS OF COURSE,THEY HAVE A WAY THEY CAN TELL WHAT FILES THEY'VE TOUCHED ALREADY....hmmmm

  • by Badgerman ( 19207 ) on Friday January 24, 2003 @09:45AM (#5150578)
    Here is a company whose goal is, simply, to sabotage an existing system/service. All talks of legality aside, there's something amazingly pathetic about this. Forget trying to make something people want, just hire someone to wreck the competition.

    Of course someone will find a way around this. And it won't stop fileswapping on P2P networks or other methods.

    Hmmmm. Maybe this guy has the ultimate scam. As file traders find new ways around what he does, he can sell new methods to his clients . . .

    • >>Hmmmm. Maybe this guy has the ultimate scam. As file traders find new ways around what he does, he can sell new methods to his clients . . .
      A similar business model works great for antivirus software companies.....! Oops! Did I say that outloud?
  • by paulbd ( 118132 ) on Friday January 24, 2003 @09:50AM (#5150619) Homepage

    all this discussion of checksums and the like is totally irrelevant. quite ignoring the fact that its the host that supplies the checksum (if its too be of any use in selecting potential downloads), its very unlikely that any two renditions of the same audio file would be identical. CD-based digital audio is not a bit-for-bit perfect transfer medium (hence error correcting h/w and s/w in the drives). Rip a CD on two different drives and the chances that some bits will be different in the resulting files are really pretty good.

    Checksumming only works if the assumption can be made that there is a single unique version of the file. That isn't true in the most common cases.

  • Economics? (Score:4, Interesting)

    by Douglas Simmons ( 628988 ) on Friday January 24, 2003 @09:51AM (#5150630) Homepage


    Bandwidth's expensive. If we could at least come up with a system for users to have to actively opt to share each file after they have played them and can verify its quality -- instead of downloading bad files, not deleting, and thus sharing them -- that would slow the spreading of these files. Opting-in would, of course, slow down the general proliferation of good and bad files and would make it more difficult to find any files as fewer would share users, but I think it's a good trade-off.

    That would leave the record industry cops with a lot more uploading to do. 700+MB is a lot of bits to move, and they have to do it every single time a user initiates a transfer. Are the odds that that user (assuming he only shares it if it's good and does not spread bad files) would go out and buy the movie/CD instead of either continuing to try to find a valid file, or simply giving up altogether? I highly doubt it.
  • So what? (Score:5, Insightful)

    by Pig Hogger ( 10379 ) <pig@hogger.gmail@com> on Friday January 24, 2003 @09:52AM (#5150633) Journal
    The next generation of P2P will have built-in quality-control, and the parasites will simply shut-out of the network.

    The measure may be as simple as letting one listen to the song as it is downloaded, and having the users "moderate" it, à la Slashdot.

    What we have is a huge cluon deficit on the part of the record companies.

  • Patents (Score:3, Interesting)

    by MrLint ( 519792 ) on Friday January 24, 2003 @10:15AM (#5150803) Journal
    I thought in ourder to get a patent somethign ahs to be *useful* and *new*. I donno which dumbass was asleep at the wheel at the USTPO, but the intentional damage of something seems neither useful nor new to me.
  • by Kaz Riprock ( 590115 ) on Friday January 24, 2003 @10:37AM (#5150979)

    (patent for)...producing a digital music file by deteriorating or damaging the sound quality of an original music file

    I'm sorry but MusicMatch Jukebox has been doing this to music files for years with its ripper.
  • by presearch ( 214913 ) on Friday January 24, 2003 @10:43AM (#5151031)
    If their idea is patentable, can I get a patent on producing counterfeit currency?

    After the secret service nails someone for counterfeiting, I take advantage of
    them tracking them down and then sweep in and nail 'em for violating my patent.
    Hmmm..
  • by Fefe ( 6964 ) on Friday January 24, 2003 @11:32AM (#5151329) Homepage
    First of all, it pays our bandwidth and the infrastructure. I'm all for that, obviously.

    Second of all, it destroys the validity of their statistics about how many files are downloaded. Their statistics on how much cash they lose through this already are bogus, but now they can't even give good numbers on how many files are transferred, because 3/4 of the downloads may be wasted through broken fake files.

    Third of all, this will lead to more cool research in cryptography. There will be papers about how to make this kind of attack more difficult and how to build trust metrics between anonymous peers (and that are very interesting problems, you should consider doing research in the area!).

    In the short run, this pays for bandwidth with the profits of the record companies. More bandwidth will be used to do more file sharing. One day, RIAA will understand that they are financing the infrastructure of the enemy and shut overpeer down.

    In the long run, RIAA will raise the price for CDs even more, to pay for overpeer and the infrastructure of the P2P people. That will cause even more people to not buy their music but download it instead, hastening RIAA's run towards obsolescence.
  • by pmineiro ( 556272 ) <paul@minDEBIANeiro.com minus distro> on Friday January 24, 2003 @12:11PM (#5151604) Homepage
    OverPeer even managed to procure a USPTO patent on (a) producing an advertising digital music file by deteriorating or damaging a sound quality of an original music file of a record of a cooperating record corporation; and (b) distributing the advertising digital music file through the communication network."

    hey ... this is a good thing! now they can prevent other people from doing this, and the aggregate amount of this activity will be lower, which is just fine by me.

    -- p
  • by PrimeNumber ( 136578 ) <PrimeNumber@@@excite...com> on Friday January 24, 2003 @12:25PM (#5151721) Homepage
    The only solution for idiotic patents, greedy corporations, and lame ass IP laws are to ignore them totally.

    What I think is needed is something along the lines of a 'non-extradition' country an Amsterdam, a Vegas, or what have you, where servers can be located (asylum granted).Where no questions are asked, everything anonymous and idiotic laws will not be enforced. Like a swiss bank account.

    France wants to censor your site?
    Fuck you, and you don't know my name.

    The puppet US corporate gov't wants to arrest you for breaking shitty encryption?
    Fuck you, and you don't know my name.

    Want to use hyperlinks, one-click shopping, or use a programming technique people have been using for years, but recently awarded a patent?
    Fuck you, you don't know my name.

    Want to share source code that enables you to watch something you purchased legally, but you can't in the US or Europe?
    Fuck you, and you don't know my name.

    Want to host a blog site (term sucks, i know) without being worried that someone will post a comment that offends a corporation, and your getting sued?
    Fuck you, and you don't know my name.

    Point is we need just one *country* (sorry HavenCo doesn't apply IMHO) where they respect citizens rights. The ISPs have sole rights to decide what types of sites they want to host. Lawyers, suits and foreign govt scum are refused entry and information.
  • Know your enemy (Score:4, Informative)

    by dcavanaugh ( 248349 ) on Friday January 24, 2003 @01:03PM (#5152092) Homepage
    It looks like Overpeer is owned by some kind of Korean conglomerate www.sk.com [sk.com]. Hardly any consumer products, but it would be worth a look to see if they have anything that can be effectively boycotted or tarrifed to death.

    They appear to be running Win2K/IIS, just like RIAA. Not that I'm saying this is bad, or anything like that :-)

    Be on the lookout for any of the following people:
    • Marc Morgenstern, CEO of Overpeer, Inc.
    • Val Thomas (C.I.O.)
    • Eric Bingham (C.O.O.)
    • SunHong Min (Director of Board, SK Corporation)
    • CheolWoong Lee (C.S.O., co-founder)
    • Changyoung Lee (C.T.O., co-founder)
    • Junghyoung Lee (System Engineer)
    • Don Kim (Director of Board, SK Corporation)

Order and simplification are the first steps toward mastery of a subject -- the actual enemy is the unknown. -- Thomas Mann

Working...