U of Wyoming Fingerprinting All P2P Traffic 533
mk2mk2 writes "News.com has an article on how they're preparing to shut down P2P sharing of copyrighted content: 'For months, the digital equivalent of a postal censor has been sorting through virtually all file-swapping traffic on the University of Wyoming's network, quietly noting every trade of an Eminem song or "Friends" episode.'" It's scary until one realizes that most P2P traffic isn't encrypted, like back when everyone still used telnet.
Is it scarry ? (Score:3, Informative)
Re:Quoth (Score:3, Informative)
KDX (Score:5, Informative)
One of it's advantages is that all the traffic is strongly wencrypted. Homepage is at http://www.haxial.com/main.html
Disadvantage being that the people responsible for it wouldn't know a user-interface if it bit them in the ass. It is customisable, but it doesn't match the host OS's GUI.
impossibility (Score:3, Informative)
Encryption is just the tip of the iceberg. I can easily compress and encrypt any file, then slap on a header that claims it's a benign
Re:oh my! (Score:5, Informative)
People downloading good quality TV shows and movies are probably using orders of magnitude more bandwidth than people downloading many, many more songs.
Re:Quoth (Score:3, Informative)
If you exceed the limit, you cannot access the internet for a week. University resources may still be accessed, which allows for basic internet access through X or port forwarding, etc.
Re:Well, heres the new testbed for freenet. (Score:2, Informative)
And you only own the part of the phone system on your side of the d-mark, which is that little gray box on the outside of your house where the phone company's wires come in.
Not just about copyrights (Score:3, Informative)
Re:There's always another way... (Score:3, Informative)
Actually they probably can't do that. At least not without some pretty extreme hardware.
Typically you get to a point where you have to use RAM buffers to save data and then have multiple network listeners which swap so they can save the data to disk. If you have a large amount of traffic you soon get to a point where you can't store all data.
But sure, it's their network, so they can do what they want. Just as long as they don't mind me using encrypted channels.
Re:Better solutions! (Score:2, Informative)
Re:Won't work! (Score:2, Informative)
This is the most foolish thing I've heard. There are things called packet shaping algorithms. There is a reason we have diffserv. There is no reason why dorm or other traffic can just be given lower priority than "important" research traffic (which is exactly what is done at my University, btw)
As for the larger question of whether p2p traffic needs encrypting etc, here are some things to consider:
1. The whole idea behind p2p is to tell everyone what you're sharing. So an easier way is to just use the standard kazaa client or a clone to query each user for what they're sharing. Run this in daemon mode and you have a rather up-to-date list of what everyone on campus has / had and at what time.
2. So the only remaining thing is: you're downloading something and you don't want anyone to figure out what you're downloading. In theory, you could use SSL. But it won't do much. If I really wanted to find out what you're downloading, I'd look at your SSL connection, figure out what IP you're hitting, query them over the P2P network to find out list of exported files. I can calculate approximate filesize from the packets that you're receiving and just compare that to get a very good estimate on what you're downloading. Also, by default, files that you download are immediately shared, so I could always just query you and compare filelists.
My point in writing that whole thing was simple: p2p networks are not meant to be private. SSL doesn't give you any protection since anyone would be able to get this simply by querying you over the p2p network.
Re:oh my! (girls) (Score:3, Informative)
Reasons why this won't work (Score:3, Informative)
(of course, a way to get around the traffic hit would be to build a smaller, slightly less expensive internet just for the sniffer communications, but the costs for that would be pretty painful)
(Relating points 2 and 3 will mean the only thing the internet will be capable of anymore will be sniffer communication, but I suspect that would suit these guys)
Re:There's always another way... (Score:2, Informative)
Also, in general, universities strive to protect the intelecual freedom and privacy of their students and faculty (although U Wyoming seems to be an exception). For example the univeristy I attend (UMD) includes the following language in their AUP (which can be found in it's entierty at http://www.inform.umd.edu/aug/ [umd.edu]:
"To the extent possible in the electronic environment and in a public setting, a user's privacy will be preserved. Nevertheless, that privacy is subject to the Maryland Access to Public Records Act, other applicable state and federal laws, and the needs of the University to meet its administrative, business, and legal obligations."
While this language is admitadly quite weak it is better than nothing and would prevent monitoring of this kind unless it is determined that ISPs are liable for copyright infringment commeted by their users.
Re:We need to respect and uphold copyright laws (Score:2, Informative)
When you release a copyrighted work, you get to set the terms of how it is to be used. This we call a license.
All licenses are extensions of copyright, including the GPL. The GPL builds upon the basic copyright laws, and further sets restrictions on what you can do with the program/sources.
Here's the catch...
If copyright ceases to have an enforcable meaning, then all licenses also cease to have enforcable meanings.
Everything reverts to public domain, where anyone can do whatever they want with the program/source.
So, when we dilute copyright by pirating movies, music, games, and so on, we work towards the day of public domain.
Is this a good thing? Depends on your point of view...but it would destroy the GPL's "must share" power.
-- Tino Didriksen / ProjectJJ.dk
Re:There's always another way... (Score:1, Informative)
UW's resnet.. (Score:2, Informative)
I used to work directly under Brad Thomas and actually setup cricket [sf.net] to monitor the bandwidth on campus and as far as I know this is still working. The Packeteer software was added while I was working there while this new finger printing was added later. I know that the bandwidth from the dorms (as high as 50MB when unlimited) was killing voice and video trasmissions for remote schooling. Something definatly had to be done, they are not just evil.
Also I remember a couple of times where abuse@uwyo.edu would be hit by Sony records asking us to shutdown someones computer sharing illegal music on the net. Few switch commands later, *BAM*, the kid was disconnected until he removed the material. Kinda a fun job
Re:Makes me hate my job at a University (Score:3, Informative)
Re:Quoth (Score:3, Informative)
Kazza started hopping ports, very had to throttle the ports then. Also the students found ways to get around this, like httptunnels. Or the one I used at UW. I had a work machine that was unthrottled, so I setup a Socks server on my machine at work(I worked for the Network team at UW) and tunneled all my traffic though that. Worked great, expecially since all the other traffic was slow
I know now that they are having such a problem with bandwidth that internet access in the dorms is slow for anyone and anything you just can block a couple of ports and call it good.
Re:oh my! (Score:4, Informative)
Re:Great! keep up the good work. (Score:4, Informative)
Re:Quoth (Score:2, Informative)
And downloading ISOs from an unknown source can be hazardous--which is why you always check the MD5 checksum against the one posted on the official site. So you grab 600MB ISOs from multiple people who are (ideally) closer to you on the network than the official site, and grab a 1KB file of MD5 sums from the official site, and all is well.
Re:Well, heres the new testbed for freenet. (Score:4, Informative)
And sorry, you're wrong on both counts, but thanks for playing along anyway.
I won't swear to this for all 50 states, but I know for a fact that in both Indiana (where I currently live) and Kentucky (where I used to live), if you're talking to me on my phone line, I can legally record that call any stinking time I want to, whether you know I'm recording or not. And which one of us originated the call is irrelevant. And if you come over to my house and use my phone to call your Aunt Bertha, I can still legally record it without either of you knowing it.
And a company can listen in on, and record, any conversation they want, so long as the policy that they are doing so is spelled out to the employees beforehand. They can also monitor what you do on the office computer, etc etc. And there are a number of court decisions affirming the rights of a company to do so.
I'll bet money that buried somewhere deep in that University of Wyoming Student Handbook there is a clause that says "its our network, we'll snoop it any damned time we want, and we'll block anything we want too", or words to that effect. If you don't like them snooping on you, then the solution is simple...don't use their network.
Uh no (Score:3, Informative)
And no there won't be riots. Not as many students think stealing someone else's intellectual property is as important as being able to get your class mate drunk enough to date rape her.