Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Music Media

Can P2P Filter Copyrighted Content? 373

scubacuda writes "DRMwatch reports that technologists acting on behalf of porn publisher Titan Media reported to Congress that P2P networks could (if they wanted to) use "fingerprinting" (aka "hashing") to detect copyrighted works and then filter them with the "spyware" installed on all nodes in the network."
This discussion has been archived. No new comments can be posted.

Can P2P Filter Copyrighted Content?

Comments Filter:
  • by Fnkmaster ( 89084 ) * on Monday January 19, 2004 @12:23PM (#8021487)
    First they took away the movies. I didn't complain because I never downloaded them anyway.

    Then they came for the music. And I didn't speak up because I was a leecher and never shared my songs.

    Finally, they came for the porn. Nobody touches our porn. And that's when we got REALLY pissed off.

    • It'll never work (Score:5, Insightful)

      by radionotme ( 742163 ) on Monday January 19, 2004 @12:28PM (#8021557)
      For every man hour of time that's put into 'protecting' their work, there's a thousand man-hour's worth of effort that will freely be contributed from the "public" to try and break it. All encryption like this can and will be broken over time, the only way to beat it seems to be for the companies to try and repeatedly adapt and stay one step ahead. Unfortunately that's very expensive and can't be maintained for long. Regardless of your stance on the argument of p2p, this is the way it looks like continuing for the near future.
      • by A55M0NKEY ( 554964 )
        Hes, you could calculate the SHA256 hash and know that a file was *probably* the same as a known copyrighted one, but the P2P service would have to maintain a database of hashes of all copyrighted files and take queries from each node that check on each file in their shared folder. This is alot of bandwidth when you consider all the nodes. There would have to be a way of adding new hashes to the database of unshareables too that was fair. For instance you wouldn't want to have the Church of Scientology
  • Slackware is Copyrighted, and P2P, more specifically Bittorrent, is one of its official distribution channels.
    • Re:They'd Better Not (Score:4, Informative)

      by Short Circuit ( 52384 ) <mikemol@gmail.com> on Monday January 19, 2004 @12:36PM (#8021642) Homepage Journal
      It's a classic example of public assumption. Everybody assumes that if something is copyrighted, it can't be distributed legally. In truth, it depends on the will of the copyright holder. I don't remember how many times I've heard people say "Linux isn't copyrighted" or "BSD isn't copyrighted." They both are, but the copyright holders choose licenses that don't include the phrase "All rights reserved."

      But trying to clarify that is like telling an internet user that a "cracker" broke into their computer, not a "hacker." (However, I'll note that the copyright legality clarification is probably more important than that of the cracker/hacker.)
  • Doomed to fail. (Score:5, Insightful)

    by grub ( 11606 ) <slashdot@grub.net> on Monday January 19, 2004 @12:24PM (#8021494) Homepage Journal

    Did common sense go on holidays?

    Load a fingerprinted file.

    Change one bit.

    It has a new fingerprint.

    The eDonkey/eMule network already identify files by an MD4 hash to ensure you get what you ask for. For instance: if a file has many sources then that means they have the same hash, you can be quite sure that it isn't a bogus loop of a pr0n flick when you really wanted that latest DVD rip.

    If this goes through you'll see a new kazaa-compatible P2P client appear that pops a few random bytes into the ID3 tag of an MP3, the comment section of a JPG or in the headers of a video file. Each one will then have a new hash. Oops.

    Oh, the new KazaaDRM(tm) ignores comments & tags and only looks at the actual data? OK, the new client toggles a bit that won't cause any visual or audio degradation of the file. Oops.

    That all said if 100 people rip an MP3 or DivX file they won't generate the same byte-identical file. This is doomed to fail at the expense of your computer's CPU cycles as it generates these useless hashes.

    • by Rhubarb Crumble ( 581156 ) <r_crumble@hotmail.com> on Monday January 19, 2004 @12:27PM (#8021527) Homepage
      That all said if 100 people rip an MP3 or DivX file they won't generate the same byte-identical file. This is doomed to fail at the expense of your computer's CPU cycles as it generates these useless hashes.

      OK, I have a better idea.

      In order to check whether any of the porn files on kazaa (or wherever) are identical to copyrighted porn, all we need is someone who watches all the porn on kazaa and then compares is with their library of copyrighted porn.

      Can I have the job?

    • by loserbert ( 697119 ) on Monday January 19, 2004 @12:29PM (#8021565) Homepage
      Did common sense go on holidays?

      Youre talking about the mass media industry. Common sense retired about 25 years ago.
    • Well, yeah, using MD4/MD5 hashing, if you change one bit you've got a brand spankin' new fingerprint. That's the hole point of MD[45]. That doesn't mean that *all* hashing schemes are guaranteed to change half their bits when one bit of the original source is changed.
    • Hmm.. (Score:4, Informative)

      by ParadoxicalPostulate ( 729766 ) <saapad AT gmail DOT com> on Monday January 19, 2004 @12:32PM (#8021601) Journal
      Yes, I agree with you for the most part - that was the first thought that came to my mind as well.

      However, for the average Kazaa user, it just might work. Most of them seem to think that if you uninstall kazaa your music is gone...or that you can't play the Kazaa music outside of the Kazaa client.

      Keeping this in mind, then, we can give a little bit of credit to these guys in that they may succeed in fooling the idiots who use Kazaa.

      Of course, people like that usually aren't the ones to come up with "original" content anyway.

      Its actually amusing to think of the cat and mouse game this could develop into :)
      • Re:Hmm.. (Score:5, Insightful)

        by TwistedGreen ( 80055 ) <twistedgreen&gmail,com> on Monday January 19, 2004 @12:57PM (#8021838)
        "could develop into"? The cat and mouse have been going back and forth for years!

        Kazaa is just the current filesharing stepping stone. If you look back you'll see a great deal more stones sunk behind you. And if you look ahead there are a great deal more being built.

        Nothing can stop these new stones from bubbling to the surface. They cam destroy old stones, but We will build new ones. And the 'idiots' will just follow the path, as always.
    • Re:Doomed to fail. (Score:3, Insightful)

      by turnstyle ( 588788 )
      "Did common sense go on holidays?

      Load a fingerprinted file.

      Change one bit.

      It has a new fingerprint."

      Actually, no. Changing one bit should affect a uniqueness hash, but not necessarily so a fingerprint.

      As a simple example, think of the little logo that you sometimes see down in the corner of a video as a fingerprint -- changing one bit of that doesn't remove the fingerprint.

      Again, you'll change the hash but not necessarily the fingerprint...

    • Really? MD4? Anyone tell them that algorithm is fundamentally flawled and should not be used?

    • Re:Doomed to fail. (Score:5, Informative)

      by pla ( 258480 ) on Monday January 19, 2004 @12:58PM (#8021862) Journal
      OK, the new client toggles a bit that won't cause any visual or audio degradation of the file. Oops.

      You've looked at this too naively... Take around a hundred MD5s of nonoverlapping chunks of the file. If 90% of these match, you have near certainty that the files match except for exactly such tampering as you suggest.

      For some files, you could get away with that. For others, particularly the highly compressed audio and video files that dominate P2P, breaking such a detection algorithm would, over time, introduce intolerable errors in the file (by the third or fourth copy, I'd say), since such changes would need to occur randomly or risk filtering by the detection algorithm V2.

      Not to say we couldn't still get around such attempts to prevent downloading - Until they ban them, simply putting everything in a password-protected zip file (with the password included in a non-passworded file) would suffice for generating effectively random files (to a hash checker, anyway).

      My point? Overall, this will just turn into yet another war of escalating circumventions and countermeasures, benefitting neither the content producers nor consumers.
      • Re:Doomed to fail. (Score:4, Informative)

        by nahdude812 ( 88157 ) on Monday January 19, 2004 @02:00PM (#8022545) Homepage
        Slightly changing the low bit of the amplitude of various sound waves snippets in the file, or low bit on pixels within a video will have negligible effects on the overall quality of the file, but significantly impact on any electronic fingerprinting you can do on the piece. It'd look like a Photoshop file with a low durability watermark on it. Eg, a little bit of noise, but if it's noticable at all, it'd require very hi-fi speakers, or a lot of scrutinous comparison against the original.

        Of course, you could choose to ignore the low bits, and fingerprint the upper bits, but this requires the software that trades files to be able to decode any type of file going over the network. This isn't feasible because it wouldn't be hard for someone to write a strongly encrypted proprietary wrapper on existing codecs which "garbages" the data, and distribute a free package which ungarbages it. Even if it was simple for Kazaa or other services to break this and include it in the software, it would not be legal for them to distribute the decryption with their software. If somehow it became legal, it would be simple for someone else to release a new one next week. And another new one the week after that.

        The point is that this would start a tit-for-tat war. I guarantee any fingerprinting technique someone can think of, someone else can can defeat it with ease, and the concept of wrapping files in another program will put the highest volume copyright traders a few steps ahead of content filtering, ad nauseum.
      • You've looked at this too naively... Take around a hundred MD5s of nonoverlapping chunks of the file. If 90% of these match, you have near certainty that the files match except for exactly such tampering as you suggest.

        So the "content" industry would want operators of P2P software to store 100 MD5 hashes of EVERY PIECE OF COPYRIGHTED WORK IN DIGITAL FORM, and compare EVERY SET OF THEM against EVERY FILE TRANSFERRED.

        That is just wacko.

        For starters you'd requre every peer machine to have a copy of all tho
    • Re:Doomed to fail. (Score:2, Informative)

      by mrinal ( 179865 )
      Did common sense go on holidays?

      No, it didn't. There are "hashing techniques" specially made for audio - "audio fingerprinting" so to speak, like Relatable [relatable.com]'s TRM [relatable.com] and Gracenote [gracenote.com]'s MusicID [gracenote.com] which do a great job of it. They identify the file correctly no matter what the source is - lossless audio CD, or even 128kbps MP3, you get the same fingerprint.

      I've tried TRM personally through MusicBrainz [musicbrainz.org], and ran it on around 1000 of my MP3s, some of them really horrible quality, and it managed to identify 99% of them

    • Do you know what does the fingerprint from a straight ISO file and the one from the same file zipped, gzipped or split for more convenient pirating? or with a frame inserted at the beginnig reading "brought to you by yetAnotherScriptKiddo"?

      Yep you're right. Nothing.

      Will this people get a clue some day?
  • by MarsBar ( 6605 ) <geoff.geoff@dj> on Monday January 19, 2004 @12:24PM (#8021500) Homepage
    The courts decided that it wasn't enough to remove works known to be copyrighted: rather they must know that works were not copyrighted.
    • [...]they must know that works were not copyrighted.

      This seems to open a possibility. Note I'm not saying this is a good idea, just that it seems like it might be a more workable system than most proposals:

      Set up a public/private key infrastructure. If the content producers are losing as much as they claim they should be more than willing to pay. Anyone can have a key if they verify who they are to a reasonable level (eg by supplying a credit card number).

      Now, we can have a rule that a client must o

  • by diamondsw ( 685967 ) on Monday January 19, 2004 @12:26PM (#8021517)
    However, anyone who has used a P2P network knows that for any given file people are looking for, there are about a dozen variants with very slight differences (encodings, cropping, someone added a few frames of "encoded by..."). Since we don't have digital purchase of data, there is no "authoritative" version of a file to fingerprint in the first place.
    • There most certainly are "authoritative" versions in most networks, although I assume it depends on user sophistication to get the ones which are. Typically, the authoritative releases are those inherited from the original warez scene - which makes sense considering you also get high quality assurance alongside. Network specific "release hubs" such as Sharereactor for the eMule and suprnova/IRC for the bittorrent networks further boost concentration on single files.

      And in fact, those two P2P networks - whi
  • Doubt it. (Score:4, Interesting)

    by BassZlat ( 17788 ) on Monday January 19, 2004 @12:26PM (#8021520) Journal

    It is possible only according to the suits in the government. The p2p traffic accounts for ~2/3rds of the internet traffic nowadays, so unless you have an echelon-type system good luck!

    (and that is not counting all the anonimity-protecting nets such as freenet [freenetproject.org], MUTE [sf.net], and the new i2p (don't remember link, sorry).

    • I think you mean IIP, it's on sourceforge somewhere. Check out this one [].

      Currently, I'm looking for about half a dozen network savvy BSD or linux people outside the USA (who would be free to invite other users or router admins after a probationary period). I also have a few slots open for users (any OS) who would like to build some kind of content (ranging from opening an IRC channel, to websites, or even help writing custom software). Domain names are free, static IPs, no restrictions of any kind.
  • "hashing" - it's a good Buzzword Bingo!

    P2P, hashing, DRM, fingerprinting and spyware, diagonally from top right! Yay! What do I win?

    - Oh yeah, more crap on my PC

  • by y2imm ( 700704 ) on Monday January 19, 2004 @12:26PM (#8021524)
    "Providing creatively-driven, strategically-sound marketing solutions designed to help your business grow."

    That ain't all they wanna make grow
  • Couldn't it NOT be shut down?

    Just like with Napster, there's a core that they can shutdown and be done with it. Are any of the popular P2P networks truly independent?
    • by petabyte ( 238821 ) on Monday January 19, 2004 @12:51PM (#8021801)
      Peer to Peer networks have to go from Peer to another Peer. For almost everybody this means going across the routers, switches and wires of ISPs, backbones, and other telecommunications providers. Laws can mandate that these companies be held responsible for things going across their wires and forcing them to filter content.

      I do that very same thing here. The internet connection comes in, goes through a firewall and then to snort both of which squeeze off peer to peer connections. This is to reduce bandwidth consumption and to make the boys over in legal happy.

      The software might be independent but the pipes it travels across are not. Lessig's book goes into this in great detail.
      • by lurker412 ( 706164 ) on Monday January 19, 2004 @01:24PM (#8022170)
        The recent decision in a Washington DC federal court in the RIAA vs. SBC case said that ISPs are not responsible for copyright infringement if they are merely conduits, meaning that they do not host the stuff that is going across their wires.

        Your company is free to establish whatever policies it chooses on your internal network. But I think it is very dangerous to suggest that we create laws that require the providers of public networks to filter content. Have you really considered the implications for free speech and privacy? Who controls the list of banned materials? Who controls the controllers?

      • The argument makes sense, except there are legal and business considerations. The "common carrier" protection of traditional information movers like the phone companies will likely prevail eventually for data providers as well. The "safe harbour" clause of the DMCA was an attempt to head that off. However it probably won't work. There are a lot of big corporations that like being common carriers in fact if not in name. The phone companies, the backbone providers, Fedex. None want a serious precident t
    • Gnutella is p2p. there is no central server to shutdown in order to shutdown the network.
      It's entirely possible to shutdown a gnutella network of thousands while many tens of thousands operate. well, that's my understanding any how.
  • As it is Kazza is doing a decent job poisoning the town well with all those mp3 that have a horrible screech in them.

    I think the hash will simply suffer the same fate of being broken up and reassembled in the wrong way, rendering it useless.

  • won't work (Score:2, Interesting)

    by Dreadlord ( 671979 )
    filtering files based on hashing values won't work, especially for audio and movie files, you can always modify the file a bit, add a black frame to the beginning of the movie for example, so the hash value changes, and the file passes the filter.
  • by Svartalf ( 2997 ) on Monday January 19, 2004 @12:28PM (#8021542) Homepage
    The person making the statement that the apps can filter anything doesn't realize the sheer volume of fingerprints, etc. that the app has to keep track of.

    Nice try- better than most, actually... But it still doesn't resolve the real problem which is that most of what the labels are selling is crap and grotesquely overpriced at that. People swapping all of that music is more a response to that than anything else.
    • Well, it could be possible for the client to generate a fingerprint before uploading a file, and bang out a request to a central repository to check it to make sure it wasn't registered. That still runs into the extra/missing frame/byte/overlay problem - the fingerprint wouldn't match if the data were subtly altered.
    • People "swapping" all of that music is a response to it being crap? That is the most illogical thing I have ever heard. Demand is through the roof so it must be crap? High demand would seem to hint otherwise, unless you are in the camp that being popular makes it crap, I guess. Now, I agree being popular doesn't make it quality, but likewise it doesn't make it crap either. I gotta say, if this is the new math, that high demand means something is crap, I'll take my good old math please.
    • most of what the labels are selling is crap and grotesquely overpriced at that. People swapping all of that music is more a response to that than anything else.

      If the stuff is crap why are people swapping it? Clearly the labels are doing a good job at creating what lots of people want. And if it is over priced, it would be being undercut - the technologies which make swapping easy also make legitimate distribution easy.

      IIRC, there was a 7% increase in album sales in the UK last year. Maybe the RIAA are

      • Not necessarily true.

        I don't like half the crap I download, I merely download it to see what it is, then leave i there for others to download, should they desire.

        The majority of the music on my hard drive that I actually listen to is from times gone by. the recent stuff is all cover versions of that anyhow.
  • too easy to defeat (Score:5, Insightful)

    by jeffy124 ( 453342 ) on Monday January 19, 2004 @12:28PM (#8021545) Homepage Journal
    just change a random bit or two somewhere in the general data section (ie - where the actual video or audio is stored) and the hash gets defeated easily. (yes - an oversimplification, but it'll do)
  • by autopr0n ( 534291 ) on Monday January 19, 2004 @12:28PM (#8021546) Homepage Journal
    Well, he's wrong. If they used hashing, then people would only have to change a few bytes of the files to get around the filter. In audio and video, this could be done without any notice at all. And it would require people to have a huge hash database on their computer. Tens of Megabytes at least, if not hundreds. It would make performance really slow.

    So, watermarking? Well, so far all watermarks that have been tried have been broken, and it would be much easier to figure out how the watermark worked if you had a binary file sitting on your computer that checked it. Just disassemble to find out how it's checked (and once one person does, this everyone will be able to). Plus, you could always just zip+password any file anyway, to prevent watermark checking.

    Of course, that doesn't mean they wouldn't try to include this stuff, but why would anyone ever download something so restrictive in the first place?
    • A hash doesn't identify a unique work, an unlimited number of files could share the same hash value.

      I can't imagine the amount of fun when people start harrassing companies by generating files with the same hashes.
    • I was pretty much thinking like you until I started thinking about it. Let me outline the scenario as I see it.

      1. New porn film is released, studio converts it to the most commonly shared formats with the most commonly used encoders and gets those fingerprints blocked.
      2. Someone rips the film so that they get a different fingerprint.
      3. The studio monitors the network for their files and when they find one they get it's fingerprint blocked also.
      4. Someone alters the rip or creates a new rip with another new finge
  • by cavemanf16 ( 303184 ) on Monday January 19, 2004 @12:30PM (#8021577) Homepage Journal
    Wow, so now all the Divx rippers will have to chop a few frames off of each divx they rip so each hash is different. Companies should really stop worrying about what their customers do with the materials they have purchased and figure out a way to actually encourage them to purchase said materials in the first place. And no, I'm not just talking about pr0n, but CD's and DVD's in general. If it's a quality movie or CD I'll buy it because I know I'll want to watch it over and over and add to my 'collection.' I've spent more on Peter Jackson's works in the past two years than I have on any other media combined. (at least that I own... not counting all the Blockbuster rentals)

    I mean seriously, how much money is Blockbuster making right now renting movies (some of which get ripped by the Divx kiddies 'cause they have way too much time on their hands) while the music industry bemoans their inability to sell records like they did in the late 90's?
    • Wow, so now all the Divx rippers will have to chop a few frames off of each divx they rip so each hash is different.

      Well since every ripper uses a different bitrate, different cropping, different codec and other differences, (almost) each rip is different in the first place.

      The pure amount of "forbidden" hashes that have to be stored would be prohibitive and it also is impossible to automate the process (somebody has to watch each file and tell the program which are illegal and which are legal. There is

  • Yay. (Score:3, Interesting)

    by elmegil ( 12001 ) on Monday January 19, 2004 @12:30PM (#8021579) Homepage Journal
    Glad to hear Congress is listening to and believing sleazeballs from the porn industry blowing sunshine up their collective legislative butts. It's a shame we can't make congresscritters refer to an unbiased (hahahahahaha) technical agency who can tell them when these kinds of things are full of it.
  • by Anonymous Coward on Monday January 19, 2004 @12:31PM (#8021590)
    ... at least in the music genre.

    I used to work for a small company called Relatable (http://relatable.com/), which was working with Napster back in the day to identify the music being traded over the network.

    Relatable's technology recognizes music by the acoustic properties of the audio itself regardless of how it was recorded, encoded, etc.

    Obviously there are still ways around this, but it is a fairly solid solution.

    It is important to recognize that "fingerprinting" does not equal "hashing". We all know that hashing will *not* work. But there are other techniques, at least for audio, that can work.

    • well granted the software could scan the music files for know markers, but the thing is it would take lots o resources to do that, and we already saw what happened when Adobe tried this [slashdot.org].
    • First, of course, your algorithm has to recognize that it's music. That leads to numerous obvious ways of avoiding such filters, in order of sophistication:

      1) Rename the file from .mp3 to .txt, etc.
      2) Put the file in an archive of some kind (.zip, etc)
      3) Encrypt the file.

      So the more sophisticated your scanner might be (e.g. checking file type is trivial, extracting files from an archive is easy, breaking encryption is hard), the more sophisticated the workaround becomes. Eventually the only way to break t
    • I don't buy this.

      Napster only ran the search servers. Files were still transferred peer2peer. So how could this technology "recognizes music by the acoustic properties of the audio itself regardless of how it was recorded, encoded" when the actual music is never seen by the servers, only the filenames? (Which was exactly how napster actually filtered.. by filename, the only information they actually had on the file, other then size).
  • Checking (Score:2, Insightful)

    by Beer_Smurf ( 700116 )
    Realistically, how much storage space are we talking about for fingerprints for all know copyrighted works and how much processing power to check against them for every file you up and or download?
  • P2P (Score:2, Funny)

    by savagedome ( 742194 )
    So, P2P no longer means Porn 2 People. Sigh
  • Easily Defeated (Score:3, Insightful)

    by akpoff ( 683177 ) * on Monday January 19, 2004 @12:33PM (#8021603) Homepage
    This sounds all well and good but there are so many ways to defeat this: encoding using different formats or different bit rates, segmenting files, flipping random bits, truncating silent sections from the front and back of the track, adding "throw-away" garbage to the end of the track and I'm sure numerous others.

    It's also predicated on the idea that the hashes exist. Taking the first example of encoding at different bit rates and using different formats. Who's responsible for providing a reasonably exhaustive and authoritative list of the hashes? If Sharman et al. implement these schemes do they get bullet-proof immunity from criminal and civil liabilities?

    Also, who says users will continue to use these "spyware" enabled P2P products once it becomes widely known that blocking has been enabled?

    There are just too many excpetions to this idea to be really workable.

    • find some DRM piece. check.
    • make sure DRM is associated with porn. but not the good side of it, but rather with those evil sleazeball pornographers. check.
    • make sure that DRM is associated with spyware. check.
    • and then, in the comments section...
      • insist that P2P, as it is currently implemented, has multiple legitimate uses that are realistically not better handled by other means (like web pages)
      • insist that government should keep their hands out of technology but at the same time complaining that the
  • by Speare ( 84249 ) on Monday January 19, 2004 @12:33PM (#8021612) Homepage Journal

    There are two fallacies with the proposal:

    • Never trust the client.
      Spyware on the nodes? Even if you could somehow ensure that all compatible clients comply with the spying requirements, how long will those clients be left unmolested? Any P2P "server" is really just a client of many other "servers."
    • Math cannot define a human concept
      This depends on a mathematical hash performed on a given rendering of a copyrighted sample. Resample and the hash is broken. Hell, even a second-rate email spammer knows how to avoid hash detection: just tweak an unused ID3 field.
  • This... (Score:4, Insightful)

    by xankar ( 710025 ) on Monday January 19, 2004 @12:34PM (#8021623) Journal
    ..will be roughly as effective as shutting down napster.

    That is to say, not effective at all.
    • Re:This... (Score:3, Insightful)

      by R.Caley ( 126968 )
      ..will be roughly as effective as shutting down napster.

      Shutting down napster was very effective. It was effctive in turning in a hard to control problem into an uncontrolable one...

  • by YinYang69 ( 560918 ) on Monday January 19, 2004 @12:36PM (#8021648)
    If they use md5sum hashing, which the RIAA has already admitted to, all I have to do is change the comment entry in the ID3 tag of an Mp3 and I have a brand-new hash that they'll not be able to identify. That is unless they download it, test it for copyright (listening to it), and then add that hash to their md5sum DB.

    But I can change my ID3 tags all day. Can they match me (hypothetically, of course ;)) md5sum to ID3? I highly doubt it.

  • by hanssprudel ( 323035 ) on Monday January 19, 2004 @12:37PM (#8021650)
    This would end up working about as well Kazaa's user rating (or whatever it was called) thing. It had been out for how many days before people started showing up with their points maxed out? And it is worth noting that the second and third most common file sharing tools, dc++ [sourceforge.net] and emule [emule-project.net] are both open source, so that anybody who feels like removing the controls can do so, and recompile.

    Peer to peer networks that control what people communicate are possible. As are ones that control who talks to whoom, that people really allow the uploads they purport to, etc etc. As is any software that acts against, rather than for, the person that is running it. We just need to get Palladium in place first. What are you waiting for Microsoft!!!
  • This won't work (Score:2, Interesting)

    by Omnifarious ( 11933 ) *

    There are systems by which the network cannot possibly detect whether material travelling over it is under copyright or not. Freenet is an example. Everything that goes over the network is encrypted. Nodes may not necessarily have decryption keys. There is then no way for a node to recognize a particular work.

  • I'd be very surprised if the various P2P clients couldn't filter out files listed on some master list. The problem is, though, what do you filter on? Some mystical hash of the contents? Changing one byte would change the hash without seriously damaging the content...

    More to the point - a ripped file probably wouldn't match the officially distributed checksum anyway, and if you use some kind of "more or less matches" algorithm in the file deletion robot/spyware, someone will eventually lose something vita

  • Hmm (Score:4, Insightful)

    by adrianbaugh ( 696007 ) on Monday January 19, 2004 @12:43PM (#8021708) Homepage Journal
    I assume this is more than a worthless md5 sum: certainly in terms of the images that this guy is talking about it should be possible to steganographically hide a watermark in the image. If the p2p bots checked for this there might be a chance his scheme could work: some watermark techniques are apparently quite robust to re-encoding of the image, etc. Where all this falls down is that it'll be 5 seconds before some w4r3Z d00d releases a p2p client that just lies about having checked for the watermark and allows distribution regardless. That's the thing about the p2p model: there is no central server where the running code can be verified - to implement any kind of workable security model you have to assume that everyone on the network is going to be trying to defeat it and design it so that it's core to the whole application - unless the security validates, and other machines can prove to themselves that it validates on your machine, no transfer should work. I suspect something along those lines is possible albeit very difficult, but the fact that that kind of application isn't what p2p users want would still render the entire thing useless. Nobody would use such an app.
  • Change it (e.g. add 1), and the whole checksum is completely different.

    Sure, you might lose a couple of frames (at worst), but who cares ?

    • Change it (e.g. add 1), and the whole checksum is completely different.

      Sure, you might lose a couple of frames (at worst), but who cares ?

      This sounds like the start of a great idea, but I'd say we should add more than one byte - 1024 bytes should be effective enough, and if my math is correct, we'd have 1.1e2466 different possible checksums for that file. It will be tough to filter out a file that has that many permutations, each one being invisible to the human eye.

  • by Ilex ( 261136 ) on Monday January 19, 2004 @12:44PM (#8021719)
    detect copyrighted works and then filter them with the "spyware" installed

    So under the DMCA AD-Aware and all other spyware removal tools will be illegal as they could be used to circumvent DRM.

    Sounds like a ploy by the pr0n industry to install more crapware on our pc's.

    Come to think of it *nix will be illegal too as their spyware will only run under wind0ze.
  • The only problem with hashing is that it is not unique. You and I could rip the same song, on the same platform, with the same settings, and get the same hash.
  • Think about it, these people sell mostly digital content, as opposed to cds or dvds. So what do they do? First they separate two issue: one is the swapping of their original content (the original .avi). This can be obtained as such:
    - Make a master list of hashes
    - Before downloading or sharing, a p2p app has to check against this list (send the hash, get back response).
    All p2p apps should be required by law (in their view) to include this check code. At this point, p2p distribution of 1:1 copies of their wor
  • Spyware (Score:5, Informative)

    by purduephotog ( 218304 ) <hirsch&inorbit,com> on Monday January 19, 2004 @12:52PM (#8021807) Homepage Journal
    This might sound a bit familiar for anyone that's had to repair a spyware infected computer.
    Personally, I've done 4 in 2 days. And I can tell you I'm so sick of it it's not even funny.
    One was so screwed up the HOSTS file was infected with encrypted javascript. Took me 3 hours just to knock that bastard down to the point I could get explorer open in under 10 minutes.
    Special thanks to everyone that fights it by writing those removers... god they are a lifesaver.
  • by Walkiry ( 698192 ) on Monday January 19, 2004 @12:56PM (#8021836) Homepage
    when they pry the delete key out of my cold, dead finger.

    Not that I watch porn of course. Not me, nope, not one bit. None.
  • Dumb idea (Score:2, Informative)

    by 77Punker ( 673758 )
    Totally different files can end up with the same hashes. There goes the whole system.
  • Ah, using hashes to identify files, isn't that patented [slashdot.org] by that great P2P innovator, Altnet?
  • by rcastro0 ( 241450 ) on Monday January 19, 2004 @01:13PM (#8022032) Homepage
    IANAL, but taking off the tech hat, and trying to think from a legal standpoint...What would it mean if they can prove to the judge that there is a P2P scenario in which nearly foolproof copyrighted file identification exists ?

    Would that then ruin the argument that "P2P should not be shut down because there are plenty of legitimate uses" by countering with "there is an equally efficient P2P architecture that brings all the same functionality to legitimate uses without hurting copyright law" ?

    By doing that, wouldn't they change the issue of whether or not to allow P2P into one of which P2P can be allowed ? (or what is required of a legal P2P ?).

    Just wondering...
  • The best way to look for copyrighted information, and check whether it's being shared, is to see if it's available. If it is then it's copyrighted. Everything ever created is copyrighted, we're looking for things that are copyrighted without the copyright holder's permission.
  • How about they create a "service" that indexes the names of a pr0n item's creator, as well the names of the prominent "actors/actresses."

    When I find something I like, I could find more items with the same "actress" and perhaps make a purchase. Hell, I already know some places that put their logo on small clips for distribution... I'm guess the reason that pr0n isn't so bashed by industry as movies/music is that they probably do noticed they are pulling in some profit from it (site subscriptions, etc).
  • by OmniGeek ( 72743 ) on Monday January 19, 2004 @01:29PM (#8022207)
    "...all nodes on the network."
    Haven't we seen a plethora of P2P protocols developed precisely because someone we don't trust controls the older protocol? The reality check on this clearly bounces. Even if Microsoft, er, someone did manage to grab a monopoly on the US network's P2P population, which is VERY unlikely, the REST of the world would definitely not play along with those American imperialists. Scheme fails, game over.
  • ... will their 'copyright filter' detect that I have a VHS copy of a movie and simply want a digital copy to watch on my laptop during a business trip?
  • by jmlyle ( 512574 ) on Monday January 19, 2004 @01:36PM (#8022290) Homepage
    If they took all the porn off the internet, there would only be one website left, and that would be bringbacktheporn.com.

  • Filter Away! (Score:3, Insightful)

    by Xesdeeni ( 308293 ) on Monday January 19, 2004 @01:38PM (#8022313)
    What a bunch of morons. Sure, maybe with enough computing power you can detect a copyrighted work...maybe. But so what? Who's going to download P2P software, or use a network with this type of filtering in place? Only people who wouldn't have stolen stuff in the first place.

    Besides, P2P users will just scramble the content in some ridiculously simple way that will invalidate the filters and they'll have to go back to square one. Ig-pay atin-lay anyone?

  • I've seen tons of post suggesting that a few bytes changed in the file will get around the hashing.

    First of all, I don't think this is necessarly true. They never say how they will hash the file... for all we know the hash could be based on every 100th byte in the file.

    Secondly, how many KaZzA users know how to change bytes in a file using a hexeditor? How many KaZzA users know what a hexeditor is?

    I think that packing is the best way of getting around hashing. Zip, Rar, Ace etc etc ... just use a p
  • by TheSHAD0W ( 258774 ) on Monday January 19, 2004 @02:03PM (#8022573) Homepage
    "The internet treats censorship as damage, and routes around it."

    Lots of MP3s were shared via FTP in the past, until the RIAA began a campaign to root out and shut down pirate MP3 servers. Then people jumped to Napster, but were eventually frustrated first by the forced filtering of some searches and then the service's discontinuation. Now supernode-based P2P networks like Kazaa are being used, and the central company can't be sued Napster-style because they never see any search data. When they are forced to change their code to allow searches and data to be filtered, users will jump to another service designed to avoid the law.

    I've said it before and I'll say it again. Short of locking down every computer in the world, there is no way of preventing the digital trading of copies of information. Entities like the RIAA, MPAA and MPA know this. They may try having everything locked down via Palladium or something similar, but knowing they may not succeed, they are trying to fight a holding action, to keep the cash flowing in as long as is possible.

    The music and movie industries didn't exist a hundred years ago; I sincerely doubt they'll exist a hundred years from now, no matter how hard they try.
  • by StormyMonday ( 163372 ) on Monday January 19, 2004 @02:18PM (#8022743) Homepage
    Just have the pR0n suppliers encode a serial number in each copy of each video they sell. Then, if a copy got illegally distributed on the Net, they'd know who to go after.

    A big job? Yes. But so is the "fingerprint database".

    And this way, they'd be responsible for their own content, instead of requiring Big Daddy Government do it all for them.

    Since they claim to be losing billions of dollars to "piracy", it should certainly be worth their while to charge a few bucks more for each video in order to increase their sales by (according to some numbers I've seen) an order of magnitude.
  • by Sloppy ( 14984 ) * on Monday January 19, 2004 @02:38PM (#8022916) Homepage Journal
    P2P networks could (if they wanted to) use "fingerprinting" (aka "hashing") to detect copyrighted works and then filter them with the "spyware" installed on all nodes in the network."
    Regardless of whether this is feasible or not, there's a much more basic question to ask first. Are users asking for this feature? If they aren't, then the very idea is ridiculous and doomed to fail in any marketplace.

If you suspect a man, don't employ him.