Mission: Infiltrate the P2P Network 629
prostoalex writes "Wired News unveils the secrecy behind Overpeer, the company whose mission is to infiltrate peer-to-peer networks with low-quality audio and video files, or corrupted chunks of data which carry the same name and have the same size as originals. Apparently OverPeer even managed to procure a USPTO patent on (a) producing an advertising digital music file by deteriorating or damaging a sound quality of an original music file of a record of a cooperating record corporation; and (b) distributing the advertising digital music file through the communication network."
huh? (Score:4, Funny)
Re:huh? (Score:5, Insightful)
Re:huh? (Score:3, Insightful)
This is done other ways than just advertising, though advertising is a huge deal. Certain bands or artists get in the news or involved in controversy. I'm convinced most of these are carefully planned to appeal to the target audience.
Re:huh? (Score:5, Funny)
Re:huh? (Score:5, Funny)
Overpeer Or Overpee-er? (Score:2, Insightful)
Re:Overpeer Or Overpee-er? (Score:2, Informative)
Its amazing.... (Score:3, Interesting)
Re:Its amazing.... (Score:5, Funny)
Re:Its amazing.... (Score:5, Interesting)
The patent may in itself be a good thing. Do we want other companies to be able to duplicate this scumminess? I think not. . . better to let the scumbags feed off one-another.
Re:Its amazing.... (Score:5, Insightful)
As long as the focus is on how to violate copyrights we will never be able to do the much more complicated and involved work of convincing artists to ditch the hindrance of the publishing industry and take advantage of new technologies to reach a bigger audience for a lower investment (and, given the spectacularly rotten economics the biz offers musicians, make more money to boot). Everybody wins except the recording giants. Ah, that sounds like work. Better get back to pissing and moaning that they're slipping poison pills into your free stuff.
Re:Its amazing.... (Score:5, Insightful)
Or maybe you just wanted to try out the full game. Whatever. It don't matter. What makes this P2P good for the world?
Nothing. Don't try to justify your behavior. You can't. It's like using drugs. You don't use them to make you a better person. You use them because you can and it's fun. So please, don't try to make yourself out as any better than the 'scum' that would try to stop you. There is no honor among thieves.
The P2P concept is awesome. It is a great way to quickly exchange ideas, papers, shareware/freeware, etc. But when was the last time you downloaded anything other than copyrighted material from a P2P system?
Who wants to justify like that? (Score:5, Insightful)
There are many ways of justifying actions other than through the morality of those actions. I don't read books to make me a better person, I read them "because I can and it's fun." Perhaps reading makes me a better person (sometimes yes, sometimes no), but that's not why I do it. Does that mean I can't justify reading? And yes, sometimes drugs can make people better, too. Recreational drugs can make people less tense, they can give people new perspective, they can introduce people to whole new worlds of experience. Do they do this for most who use them? Probably not. But there is more "honor among thieves" among recreational drug users than exists between record labels and their consumers.
It's this puritanical stance that has really started to get me over the last few years. "Just because it's legal, doesn't make it right", true, but just because someone doesn't think it's right, doesn't make it so. Everything doesn't have to make the world a better place to have justification.
That aside, I do agree with your thesis. "P2P makes the world a better place" is one of the most specious and nebulous statements I've heard in a great while.
Re:Its amazing.... (Score:4, Insightful)
"You use them because you can and it's fun."
Whoa there buddy, there's a lot of things that humans do because they can and it's fun. Not everything needs to be done to improve one's person.
For example, unless you're a hardline religious conservative, sex is the first thing that comes to mind. People don't use that exclusively to procreate, and it's exercise value is arguable... in fact it's a great way to spread disease. We still do it of course, because it's fun.
Of course, moving off to your more reasonable point of "What makes this P2P good for the world?". The value is that people can examine things before purchasing them, which the can't legally do now. If you play a game and it sucks, too bad. Buy a movie and it stinks, so what. Buy a CD and it's full of crappy remixes and vapid lyrics, oh well (don't give me that "but you would have heard it on the radio" stuff, the radio doesn't play what I like to hear in these days of consolidation).
So, I download music online. If I like it, I buy the album. If it sucks, I don't. Yes, it's illegal. So is speeding. So is oral sex in the southeast US. So is lighting firecrackers in the northeast US. So is breaking curfew for teenagers. So is passing on the right. So is making a loud noise past 10pm. So are a ton of other things that people blow off on a regular day because they are fun, and it's stupid for them to be illegal.
Oh, and something else that's illegal.. Civil Disobedience, which is really what P2P is. Call it Corporate Disobedience, or Copyright Disobedience, or whatever you like. What it really does is show Corporate America that people hate their methods of media distribution so much they'll do whatever they have to to get around it.
And, finally, the Artists. Isn't all this P2P shit bad for them? Hell no! I never would have heard of the Cruxshadows, Claire Voyant, Attrition or The Shroud if it wasn't for P2P (you'll never hear them on the radio), but now I bought all their albums AND go see their shows. Since they don't make jack off the albums but they DO make money (the artists, not the record companies)off the shows, I think that makes it good for them too.
Re:Is there "utility"? (Score:3, Insightful)
MD5? (Score:5, Insightful)
Isn't there some magical algorithm that produces an unique checksum number for a file, and if it were missing chunks wouldn't that reflect in that magical number? Don't most P2P networks use this magical MD5 checksum algorithm to ensure files aren't screwed up?
Gee, you would think the patent office would realize they just awarded a patent to the same guy that sells server pixie dust.
Re:MD5? (Score:5, Informative)
Yes, but the client supplies the checksum. There's nothing to stop a client from sending a phony checksum.
In any case, the checksum only really protects against things getting screwed up through the transfer - if they are screwed up to begin with, the checksum isn't going to help at all.
Re:MD5? (Score:5, Interesting)
What if the content were divided into blocks. Each block has its own hash. As you are downloading the content, each block can be checked. As soon as you encounter a corrupted block, you blacklist that node.
Really a trust based ratings system is going to have to be established. But in a way that it totally decentralized.
This can be extended such that you download different blocks of a file from different nodes at the same time, thus getting the file sooner.
In fact, what would happen if no single node had a complete file? This might not absolve you from copyright infringement though. So suppose that in order to form each block of the file, you actually had to download multiple blocks by their hash number, and XOR them together. Yes, it might take 3 times the bandwidth to download a file, but not necessarily 3 times as long in real time on a broadband connection.
Now if Joe offers block 0x2857389298371987578392 of bytes that must be XOR'ed with two other blocks in order to produce the first block of the file, is Joe guilty of copyright infringement? But that same block might also be needed to reconstruct The Constitution of the United States, or the Bible or Moby Dick.
The process of obtaining a file would be to first obtain a trusted list of the block numbers you need to obtain. Then you download those many blocks over the P2P system. The blocks you obtain may come from many different nodes. You just recombine them by mixing and adding water.
Re:MD5? (Score:3, Insightful)
The problem now shifts to do you trust the list of blocks needed to make up the file? So I want to download "CRAP BAND -- 03 -- I Can't Sing Worth A Crap". I get back a list of block numbers. Can I trust it? This is equal to the original problem of can I trust the mp3 file. But since the list of blocks is much smaller, it is quick to download, and then MD5 it against something trusted, or against the advertised MD5 for that file from other nodes that you have learned to trust based on past experience. Once you can trust the list of block numbers to reconstruct the file, you can proceed to start requesting those blocks and building the file.
Maybe get the list of blocks required to reconstruct a file. I decide, let's check the integrity of a random block, let's say the 5th block of the file. So I look at my list, and I need block numbers
0x82987537289273859
0x90583729873785998
and
0x85873278929387578
to construct the 5th block of the file. So I request those blocks. Each block's hash is the block number. So when I get a block, if its MD5 hash doesn't match the block number I requested in the system, I just throw away that block, and deduct a brownie point from the node that sent it to me. Once a node looses enough brownie points, I don't request blocks from that node ever again. I send out a P2P search for the first block number, get back a list of nodes offering that block. Just pick a node not blacklisted. To get that block from.
Re:Confusion about:MD5 (it's no panacea) (Score:4, Insightful)
Billions of crap files have exactly the same MD5 as your favorite Brittney MP3. This is because (duh) the MD5 is much shorter than the file itself.
True.
Where I think you are confused is about the nature of MD5.
MD5 is not just another hash function. It is cryptographically secure. This means that you will never ever, in the life of the universe, be able to find nor contrive / construct a file with an identical hash. That is the whole point of MD5. Otherwise digital signatures and certificates would be meaningless.
Wrong. (Score:3, Informative)
Firstly, MD5 is just a one way hash. That hash can be and is often signed to prove that the hash was generated by some trusted party. However, if the hash itself is broken, then validating with it any signature, regardless of how secure it is, is by definition meaningless. See MD4 and others.
Secondly, we only presume MD5 to be a good one way hash--there is no absolute proof that it is. There might be some novel approach that we just don't know about yet.
Thirdly, by definition, no one-way hash can rule out the possiblity of brute forcing the hash by throwing enough stuff at it with the hope that something else will generate the same hash. In other words, we KNOW there exist other inputs that will generate the exact same hash result because the hash cannot possibly describe a unique input given that it is much much shorter. We only believe that it would be very hard to generate some other (reasonable) input to match a specific target hash. For instance, for some known hash I probably cannot generate an input that will match it and I especially cannot hope to generate one that is apt to resemble what I intend to pass my package off as. However, given enough computer time, I can certainly generate SOME file (even if it is ugly) that will match your MD5 hash (and pass your signature with flying colors). In 50 years even there is every reason to think that this would be a trivial task.
Re:Wrong. (Score:5, Informative)
True indeed.
Just like we might find a way to easily find the prime factors of huge composite numbers. Which would render public key cryptography useless. But mathematicians smarter than us seem to think this is not likely. So your suggestion that it might happen doesn't mean much. After all, we might find a way to travel faster than light.
I can certainly generate SOME file (even if it is ugly) that will match your MD5 hash (and pass your signature with flying colors).
All you have to do to proove that a program could be written that could break MD5 is to post two tiny blocks of data which have the same MD5 hash. Basically the same simple test I would offer to anyone claiming a perpetual motion machine. Simply demonstrate it. If you break MD5 you could be famous.
Thirdly, by definition, no one-way hash can rule out the possiblity of brute forcing the hash by throwing enough stuff at it with the hope that something else will generate the same hash.
It is a given that something else will generate the same hash. I agreed with this point in your earlier post. It is just finding it that is the problem. If the RIAA wants to spend hundreds of millions of dollars to build a machine that might possibly find a block of data that hashes to the same hash as one mp3 file, then I would be right there cheering them on.
Throw enough horsepower at any problem, and you can solve it by brute force. Heck, in theory, you could exhaustively search the keyspace for a 2048-bit key. Extra credit: How many machines were working for how many years on the RC-64 challenge?
In 50 years even there is every reason to think that this would be a trivial task.
It's premature to say this. Only time will tell.
A key principal of cryptography is that you pick key lengths and algorithms that remain unbroken not just based on today's technology, but based on tomorrow's technology and how long the secrecy of the data remains important.
For instance, each bit of additional length added to a key doubles the keyspace that must be searched. Moore's law, if it continues to hold true, says that computer power doubles every 18 months. Now you figure out how many extra bits you need to add in order to prevent a successful attack within a 50-billion year timeframe. A 2048-bit key, for instance, is probably adequate over a 64-bit key.
As to your hypothesis that MD5 can be broken, you may be right. Maybe it will be. But I wouldn't hold my breath.
Re:Confusion about:MD5 (it's no panacea) (Score:3, Informative)
I'm not sure, but I think that you can get different rips of the same cd track. I seem to remember that cdparanoia's docs had some detail on this. Something called "digital jitter" or somesuch. Just recalling from memory.
I'm certianly not an expert on all the levels of what goes on in ripping.
Re:Confusion about:MD5 (it's no panacea) (Score:5, Interesting)
Then again, there are believed to be some weaknesses in MD5, making this a little bit easier.
Re:Already been done (Score:3, Interesting)
It cannot do what I am suggesting then.
I am not familiar with eDonkey.
What I suggest is that your own node keep track of how much you trust other nodes. If there is a centralized directory of "good" hashes, then it can still be polluted by spam or by the Over-pee-er. Only your own scoreboard of how much you trust other nodes can prevent this, gradually. If you trust another node, then perhaps you also trust that node's recommendations of other nodes. The thresholds of how much trust another node must have before you also trust its recommendations could be set by you.
How do you identify other nodes and make sure they really are the nodes you've come to trust? In fact, each node should generate a private / public key pair. The public key is how you identify a node. Not by it's IP address. You can pass a small token to a node to be signed, and verify that the public key decodes it.
Re:MD5? (Score:3, Insightful)
But there are ways... In KaZaA land (Yeah, yeah--spyware, but that's what KaZaA Lite is for) they're trying to get "verified files" going. The idea: you go to a web page or something, that you trust. You click a special link there and instead of starting some normal download, it pastes a special unique identifier (like an md5 sum--maybe it actually is an md5 sum, I don't know) into your KaZaA search thingie.
The problem: If any host that has a copy of the file makes any changes at all, it may not have the same id anymore. Also, you have to actually have a lot of users participating (not screwing each other over) and updating and mantaining all these sites and things. It takes more effort, therefore it won't work out as well.
Re:MD5? (Score:2, Informative)
Re:MD5? (Score:2)
No its not PRACTICAL...but maybe they've got some brute force per song?
as an aside...most people are too lazy to check md5's anyway.....
Re:MD5? (Score:3, Informative)
They'd need A LOT of brute force. Still today exist no two known files with same MD5 hash. You could claim the big price if you could come up with two such files!
Re:MD5? (Score:5, Insightful)
and if it were missing chunks wouldn't that reflect in that magical number?
You would still have to download the file completely before you could check it, and if they let you get halfway through the download and then cut your bandwith to a crawl you'll have to use a lot of time to rule out all the bad copies and get get a good one
No doubt there will be p2p clients that you can configure not to display a file if there are too many hosts for it, if it's only shared by a few users it's less likely to be part of this spoofing attack. Expect several even more creative ways to filter out suspect files/hosts to appea.
Eg: Every time you get a file you check it and mark it as either good or bad, when you later search, you include a search for these known-good and known-bad files. If a hosts shows hits for many of the known-bad files you ignore it. With a little tuning the job of the spoofers can get a lot harder.
Re:MD5? (Score:5, Insightful)
I think it would be hard to determine which is a valid file, though. How could a peer to peer network make such a judgement call without some central authority? Like if they left it up to the users to vote (ie a whole bunch of people say this song isn't the right thing, a whole bunch of people say this song is the right thing), someone would just come along and poison the vote. Unless some more organized voting scheme were made. I can't think of anything other than a 'web of trust,' but then that takes away any anonimity that current p2p file sharing gives (which isn't much, but it's better than none).
And if they had some central user voting what was right and what wasn't...well now they have a central point of failure again, like napster.
All in all it's a good idea (using md5sums), but the implementation might be tricky (or I might just be paranoid).
Re:MD5? (Score:5, Insightful)
1. You check on ftp://ftp.kernel.org/ the MD5 checksum of the kernel you want to download.
2. Find a mirror and download that kernel.
3. Calculate MD5 on the downloaded file and compare it to the checksum from ftp://ftp.kernel.org/
The problem with music files is that even if you start from the same CD so many different wav->mp3 converters can be used that it's impractical.
Re:MD5? (Score:3, Informative)
The whole multipoint download thing would be impossible without this. Filesize and name are irrelevent. Doesn't everybody grab all of the versions of the file they want and just delete whatever sucks? I guess you can sell anything to desparate, un-savvy corprate types. Jeez.
Re:MD5? (Score:5, Interesting)
a) you can upload random garbage and ignore the fact that the other party will find out. MD5 hashing can be done only once the download (of the chunk) is COMPLETE. Until then, you can waste a lot of his (and your) bandwidth. Edonkey2000 for example, has 10 MB chunks. You can upload 9 MB of random data and then stop with an error message. He will not find out until someone else uploads the missing 1 MB to complete the 10 MB chunk for hashing. Or better, let you be the one that uploads the missing last bytes of a chunk, so that you can poison 9 MB of good data with only 1 MB of bad data.
b) you can create new (bad) files and introduce them into the system, in parallel to existing files. Give them nice filenames, post links to the files on the usual pages, and people will start downloading them. Make sure that the files are very easy to find, and downloads start immediately (not necessarily: complete immediately). MD5 checksums are not your problem, because you're in a position to supply the correct ones (when releasing the file).
Both options will disappoint downloaders, because they have to start over again and again. With option a), the software will do that automatically, and depending on its strategy it will take very long to complete a file, or it might possibly never happen. With option b) the user itself will have to go out and start another search, look for "non-fake" links to other versions of the album/film/whatever.
I'd be careful however. P2P developpers might take this as declaration of war, and counter these attacks. Actually, there already exist databases with hashes of fake files (option b) where users can lookup before they start downloading. Option a can be countered by finer granularity of the chunks.
Marc
No, not really. (Score:3, Insightful)
web of trust (Score:5, Interesting)
This is the next step in p2p. Each file is checksummed, producing a unique ID that is practicallty impossible to forge. Then the peers "rate" the file. The weight of any peer's rating is determind by his agreement with other peers. Thus you have a system which is nearly impossible to sabotage. This all sounds great in theory, but the implemenation in an untrusted p2p environment is very difficult. It's MUCH easier when you have central control of all the rating info.
Not so simple (Score:3, Interesting)
How is that? You're trusting the word of the other peer as to what the file's checksum is. The other peer can lie. You can verify the checksum yourself, but only after downloading the entire file first. So, this system can let you know if you have a "genuine" file, but it won't save you the time you wasted downloading something just to find out it's corrupted.
You can't solve this problem even by SIGNING the hash! To validate the hash you have to first have the entire file, hash it, and compare the result against the decrypted signed hash. You STILL end up wasting your time downloading a file that's corrupted!
However, signed hashes would be nice in order to catch malicious files that SOUND right, but actually contain some kind of buffer overflow or something similar. We'd have to set up a central authority for the purpose of validating that files aren't trojaned, and then signing them. But now, this is starting to look more like "organized crime" in the eyes of the RIAA... "Look, they're setting up central authorities to facilitate illegal file sharing!"
Re:web of trust (Score:5, Interesting)
P2P Clients issue Public/Private key pairs tied to a pseudonym. The files you are sharing are uploaded after being clear signed by your private key. Your public key is distributed with the UL. Searches are signed by the private key, with the public key sent along for the ride. When you download a good file from someone, you keep a copy of the public key in a "good" pile. When you download a garbage file a copy of that public key is kept and filed under "Trash", as you download more things you develop a sense of who is uploading good files and who isn't. Since the search results themselves are signed, you can ignore search results from people on your bad list, or alternatively, limit it to people in the good list.
In order for the RIAA and their cronies to spoof, they will either have to keep the ratio of good/garbage fairly high, in which case they aren't really a problem, or they will have to keep generating new keys. After a time, you can limit your search/downloads to just those uploaders whose signature matches public keys in the "good" list.
Rating system tied to user/installation, NOT to anything that could identify the individual. PKI is harder to spoof than MD5 checksums, searches as well as downloads signed, so you can tell who's sharing garbage, without having to download it first.
There are of course implementation issues, like adding a random seed to search results to keep RIAA folks from running a replay attack with the results from a good uploader, etc., but I think you get the idea.
Re:MD5? (Score:3, Interesting)
That actually makes sense (Score:5, Insightful)
Re:That actually makes sense (Score:2)
Re:That actually makes sense (Score:3, Insightful)
Okay.. what we need is.. (Score:5, Interesting)
Get the rights, sing the song, distribute over P2P willingly and freely, then sue these sumbitches when they destroy the persons original work. I dont see any reason this wouldnt work.. find someone who can do a killer Iron Maiden or something, and go nuts!
Unfortunately, I dont have the skill or the contacts, but fighting fire with fire in this fashion may be a way to make corporations think twice about messing with file content.
Maeryk
Re:Okay.. what we need is.. (Score:2)
Re:Okay.. what we need is.. (Score:2, Informative)
Get the rights, sing the song, distribute over P2P willingly and freely, then sue these sumbitches when they destroy the persons original work.
That won't work. Like the article says, these guys only destroy their clients' songs / files. They don't destroy all songs / files they come across on P2P networks.
Re:Okay.. what we need is.. (Score:3, Insightful)
First Problem: It has to be something people will want to download or your plan won't work.
fighting fire with fire
The recording industry already is fighting fire with fire. P2P screwed up their revenues, rightly or wrongly, and now they're screwing with the P2P networks in a perfectly legal and hilarious way.
Get some perspective: You're getting music for free. For. Free. Or, if you've already purchased the CD, you're getting a free encode. I'm not gonna call you a pirate, but you ain't the friggin' Archangel Gabriel, either. Put up with the minor inconveniences and keep your sense of humor about it.
The Recording Industry is filled with greedy and technically inept sumbitches. The P2P networks are filled with spoiled whiney children. I'll miss the sheer entertainment of this Texas Cage Match once the labels finally get their act together and provide an efficient and reasonably priced means to pay for the downloading of songs (after which, the feds will be all over content traffic via P2P like white on snow).
These guys must have been around... (Score:3, Funny)
Legalities (Score:4, Interesting)
Re:Legalities (Score:5, Insightful)
However, an interesting question comes from this that you weren't necessarily intending - what would prevent your competitors from contacting an Overpeer-like company and having them smear the audio on your files and distribute them such that the crappy audio becomes the majority of the results, thus preventing people from being able to truly enjoy music that you have willingly released. Depending on how you maintained and defended your copyright, and considering you had posted your works to Kazaa to begin with, they just might be able to get with that, leaving you in a bit of a bind.
Re:Legalities (Score:2)
I'd venture: none, since you weren't given any guarantees about the quality of the service in the first place.
Won't Work (Score:5, Insightful)
Unless Overseer or whatever found a reverse algorithm for MD5, I doubt very much that they could degrade the qualify of a music file in such a way that the MD5 doesn't change.
Re:Won't Work (Score:5, Informative)
and you get results
BAND XYZ - I can't write a song (md5=12345)
BAND XYZ - I cant write a song (md5=91283)
One of them is the real and the other is the decoy. Which one is which?
Or if they are ripped from analogue sources, they would be different.
The md5 thing only works if all files are exactly the same.
yep (Score:2)
Mousetraps... (Score:4, Funny)
So we'll break yours!
(ok...not "break" but render rather inefficient....grumble.)
Fair, But Stupid (Score:3, Interesting)
On the other hand, it seems like it's easily bypassed -- some authority should keep a central server with a list of known good files and some sort of hash associated with each file. If the file is distributed in pieces, there could be a hash for each piece.
Finally, isn't the entertainment industry's time is better spent developing a functioning revenue model? People want music online, and they won't pay a lot. Sorry, the genie is out of the bottle -- get a real revenue model -- or someone else will, and they'll kick your butts. All the incredibly crappy and formulaic new "music" isn't helping much, either.
Re:Fair, But Stupid (Score:2)
YES!
I nominate you head of whatever record company you like! Couldn't have said it better myself! I seems that rather than do what you suggest, they'd rather run the chance to piss off a LARGE percentage of their customers...
Application (Score:2)
Interesting, but flawed (Score:3, Insightful)
There are plenty of bands that release some or all of their tracks for free....how are these guys determining WHAT gets fubar'ed and what doesn't......could a new file naming convention by P2P traders make this REAL hard for these guys..? How aer THEY choosing what content gets whacked?
Breaking the law to stop others breaking the law (Score:4, Insightful)
2) Collect illegally produced digital music file.
3) Edit illegally produced digital music file (damage sound quality).
4) Distribute digital music file on network.
All of these are illegal under the DMCA.
Oh, I get it, it's ok to break the exact same laws you're trying to get the general public to stop breaking. I know, lets run around and rob the thieves and rape the rapists, that'll get them to stop too. Why didn't we think of it before?
<sigh>
Damien
Re:Breaking the law to stop others breaking the la (Score:2)
Are you this ignorant? (Score:5, Insightful)
Perfectly Valid (Score:2, Interesting)
This is a perfectly valid attempt by the record companies to fight for their survival. In fact, I applaud it because, for once, they are not resorting to the courts or the coercive power of the state to crush the "criminals" who share music. Instead, they are playing a technological game in our arena, on our own turf. This is simply a variation of the way a.s.t used to invade newsgroups by flooding the channel with bogus trolls.
And since they are playing our game, we can strike back the same way. We can institute the equivalent of killfiles (if we know the IP of these bogus sharers), or, even better, we can add audio fingerprinting [internet.com] to P2P networks to filter out the bogus files. That sounds like a good open source project.
So long as they try to play this game with us, they can't win.
Illegal or legal? (Score:3, Interesting)
Or do they have the copyright owner's permission (i.e. licensed), in which case it is legal to download those recordings?
Too bad . . . (Score:2, Funny)
It just doesn't make sense. (Score:2, Interesting)
- They assume all users are guilty of piracy, and will proceed with that in mind
- Since all users pirate works(see above point), they release copy-protected works that do not work according to standards...other than the infamous "neener-neener, you can't copy this" standard
- Through their extensive lobbying efforts, they're seeking to remove what little legal rights we had to items purchased. (e.g. When I buy a gallon of milk. I have to make sure there's no EULA. Of course, I can't see me taking the time to reverse engineer it)
- Now they're actively trying to poison P2P networks
I would like to know when this is all going to come to a head, or is it going to be continue to continue spiralling until someone/something/group of someones intervenes. Perhaps it will stop when the majority of their user base becomes so alienated that purchasing a copy (licence) of a work is viewed as a faux pas.If they'd work on developing a better digital delivery system (I don't see the current methods being very viable), perhaps that would do something to curb piracy
Stupid. (Score:5, Informative)
It won't work well with all P2P networks. A prime example is the eDonkey network [edonkey2000.com] which uses a hash of each file as an identifier, not a filename/size identifier. You can rename the file to anything and the hash won't change. eMule Project [emule-project.net] is another great eDonkey network client and is open source.
This is too little, too late, unless you're stuck on Kazaa.
Re:Stupid. (Score:3, Interesting)
If the client provides then a fake hash has to be returned, and then send the bad file.
You can never trust the client. That seems to be one of the problems with P2P. The client is also the server. If you can't trust the client then you can't trust the server.
You'll need to have some type of cryptographic signature so that certain keys can be signed and trusted. Of course then you lose anonymity because even though you can't determine who has a key easily you can determine which files have been signed by the same key.
Then once you find the person who owns that key, you have a long list of copyrighed material that that person has signed.
Prior Art! (Score:2)
What? (Score:2)
This is great news... (Score:5, Insightful)
Cold War escalation... (Score:5, Insightful)
I might not like it, but this response seems pretty logical to me. The Industry has declared war on P2P as the source of their dwindling profits. (I'm not going to argue the validity, that's irrelevant.) Of course they're going to try to sabotage these networks any way they can.
This puts the ball back in the court of the P2Pers. So what's the next step? Seems to me it won't take long for someone to come up with either a moderation system or IP blocking scheme that will force the Industry into a different line of attack.
When are these people going to learn that if they spend 6 months developing a technology to "protect" their copyrighted info, it will take 6 days (if that) for someone to defeat it?
Dime to donuts someone has a way to beat these bogus files within the week...
-mh
Blacklist the IP? (Score:3, Insightful)
Welcome to the killfile (Score:2)
My hobby! (Score:2)
excellent! (Score:2)
Won't Work (Score:5, Insightful)
People will just delete the junk and keep the good copies (think about spam).
The good copies get moved to the "good stuff" directory (available for download) and the bad stuff goes to
The answer to this already exists.... (Score:3, Interesting)
Just think about how google works, I look for "slashdot" and what comes up in the first page of results? Now think why, it's because loads of other people have been there before me and they thought that www.slashdot.org was exactly what they were looking for.
now apply this to p2p, someone posts crap, I download it, it's crap, I delete it, problem solved, the file doesn't distribute because I don't share it, if nobody wants a file then it gets disregarded. okay so it won't be so effective against less popular music, but that's not the kind they're likely to try and propagate.
This kind of this has some crossover with the network theory post from today (yesterday?). If you're interested in P2P I'd recommend reading about it.
Community review/link sites. (Score:3, Informative)
Build Relationships?!?!?! (Score:5, Insightful)
"On some level they understand that P2P users are also potential customers -- record buyers, video renters or gamers -- and don't want to alienate them"
Well if you want my business, then maybe you should give me a sample of what you have to offer, and not just waste my time in the first place. But then again, If I can buy a complete movie on DVD for even as low as $5 on sale, or $20 not on sale, why would I want to pay $18 for a CD with maybe 15 tracks if I'm lucky.
Either way, these businesses need to figure out how to attract my attention, rather than ram their practices which are tried and proven to be not working, down my throat. Can't open my wallet that way!
So they Wizz in the well... (Score:5, Insightful)
Unfortunately there are at least 90-100 more talented programmers and solution finders to every employee they have out there that will find a way to detect or reject their junk. This company has nothing of value to sell to any interested party, just like macrovision is 100% worthless (both 1 and 2 are easily removed without effort and only $5.00 worth of electronic parts, or a simple $10.00 box that can be purchased most anywhere called a "video stabilizer")
Let them do their worst, let the companies waste their money on this snake-oil salesmen. i dont care, it will never affect me, and by the time the first 2-3 of their supposed files get in the wild there will be patches to kazaa-lite , open nap servers, and gnutella clients that simply will not list these files.
Uhh, hold on a minute... (Score:3, Interesting)
Great idea (Score:5, Funny)
They could cash in $$!!!!!! (Score:3, Interesting)
UNLESS OF COURSE,THEY HAVE A WAY THEY CAN TELL WHAT FILES THEY'VE TOUCHED ALREADY....hmmmm
It's honestly sad . . . (Score:4, Insightful)
Of course someone will find a way around this. And it won't stop fileswapping on P2P networks or other methods.
Hmmmm. Maybe this guy has the ultimate scam. As file traders find new ways around what he does, he can sell new methods to his clients . .
Re:It's honestly sad . . . (Score:3, Interesting)
A similar business model works great for antivirus software companies.....! Oops! Did I say that outloud?
audio files are rarely identical (Score:5, Insightful)
all this discussion of checksums and the like is totally irrelevant. quite ignoring the fact that its the host that supplies the checksum (if its too be of any use in selecting potential downloads), its very unlikely that any two renditions of the same audio file would be identical. CD-based digital audio is not a bit-for-bit perfect transfer medium (hence error correcting h/w and s/w in the drives). Rip a CD on two different drives and the chances that some bits will be different in the resulting files are really pretty good.
Checksumming only works if the assumption can be made that there is a single unique version of the file. That isn't true in the most common cases.
Economics? (Score:4, Interesting)
Bandwidth's expensive. If we could at least come up with a system for users to have to actively opt to share each file after they have played them and can verify its quality -- instead of downloading bad files, not deleting, and thus sharing them -- that would slow the spreading of these files. Opting-in would, of course, slow down the general proliferation of good and bad files and would make it more difficult to find any files as fewer would share users, but I think it's a good trade-off.
That would leave the record industry cops with a lot more uploading to do. 700+MB is a lot of bits to move, and they have to do it every single time a user initiates a transfer. Are the odds that that user (assuming he only shares it if it's good and does not spread bad files) would go out and buy the movie/CD instead of either continuing to try to find a valid file, or simply giving up altogether? I highly doubt it.
So what? (Score:5, Insightful)
The measure may be as simple as letting one listen to the song as it is downloaded, and having the users "moderate" it, à la Slashdot.
What we have is a huge cluon deficit on the part of the record companies.
Patents (Score:3, Interesting)
Prior work!!! (Score:3, Funny)
(patent for)...producing a digital music file by deteriorating or damaging the sound quality of an original music file
I'm sorry but MusicMatch Jukebox has been doing this to music files for years with its ripper.
patents for profit (Score:3, Funny)
After the secret service nails someone for counterfeiting, I take advantage of
them tracking them down and then sweep in and nail 'em for violating my patent.
Hmmm..
This is actually good for us. (Score:5, Insightful)
Second of all, it destroys the validity of their statistics about how many files are downloaded. Their statistics on how much cash they lose through this already are bogus, but now they can't even give good numbers on how many files are transferred, because 3/4 of the downloads may be wasted through broken fake files.
Third of all, this will lead to more cool research in cryptography. There will be papers about how to make this kind of attack more difficult and how to build trust metrics between anonymous peers (and that are very interesting problems, you should consider doing research in the area!).
In the short run, this pays for bandwidth with the profits of the record companies. More bandwidth will be used to do more file sharing. One day, RIAA will understand that they are financing the infrastructure of the enemy and shut overpeer down.
In the long run, RIAA will raise the price for CDs even more, to pay for overpeer and the infrastructure of the P2P people. That will cause even more people to not buy their music but download it instead, hastening RIAA's run towards obsolescence.
good thing they got a patent (Score:3, Insightful)
hey
-- p
A new solution required. (Score:3, Insightful)
What I think is needed is something along the lines of a 'non-extradition' country an Amsterdam, a Vegas, or what have you, where servers can be located (asylum granted).Where no questions are asked, everything anonymous and idiotic laws will not be enforced. Like a swiss bank account.
France wants to censor your site?
Fuck you, and you don't know my name.
The puppet US corporate gov't wants to arrest you for breaking shitty encryption?
Fuck you, and you don't know my name.
Want to use hyperlinks, one-click shopping, or use a programming technique people have been using for years, but recently awarded a patent?
Fuck you, you don't know my name.
Want to share source code that enables you to watch something you purchased legally, but you can't in the US or Europe?
Fuck you, and you don't know my name.
Want to host a blog site (term sucks, i know) without being worried that someone will post a comment that offends a corporation, and your getting sued?
Fuck you, and you don't know my name.
Point is we need just one *country* (sorry HavenCo doesn't apply IMHO) where they respect citizens rights. The ISPs have sole rights to decide what types of sites they want to host. Lawyers, suits and foreign govt scum are refused entry and information.
Know your enemy (Score:4, Informative)
They appear to be running Win2K/IIS, just like RIAA. Not that I'm saying this is bad, or anything like that
Be on the lookout for any of the following people:
Re:Fair Use Download (Score:2, Interesting)
Sorry. The Laziness of the industry to not find a way for you to use the music conveniently trumps your own laziness because they have all the bucks and the lawyers, and they also extract more profit, at least in the short term, by branding your usage piracy.
Re:Fair Use Download (Score:2)
That's an example of at least a few hundred pieces of music that falls in the grey area of "I know -I- bought it but nobody else does for sure" that I've gradually built up part of as a collection of MP3s.
Re:I did this a lot a few years ago (Score:2)
Do you take a black marker and paint faces on oranges so you can do orange puppet shows while hiding under your bed? I bet that would be funny too. Or how about sticking M&M's in your ears and screaming into your pillow for a couple hours. Ho ho just think of all the funny things a funny man like you could do.
Re:Simple solution (Score:4, Insightful)
Re:Legal avenues for P2P co.'s? (Score:3, Insightful)
Thier very survival relies on the fact that thier software has significant non infringing uses, and that is the basis of the defence derived from the Sony VHS judgements.
Overpeer would not be degrading the quality of service because there is no service with P2P software - the P2P companies provide the software - Napster provided a service (the master index) and they got nailed for it.
Surely if someone attempts to carry out your property from your home you would expect the court to be sympathetic to any reasonable attempts you took to prevent it?
You wouldn't for instance expect a legal challenge from Joe Burglar against Chubb because a recent change in the design of your front door lock is reducing the quality of service hes getting from his lock pick supplier?
At the end of the day this idea threatens no one who is genuinely using P2P networks as so many people claim they are.
If you trade in copyrighted works then this will make your life a little harder.
Deal with it.
Our community started the war when they wrote Napster, now someone is bringing it out of the courts and onto our turf.
As the SAS say "Big Boys Games - Big Boys Rules"