Forgot your password?
typodupeerror
Privacy

New Kazaa Lite Protects Identity 668

Posted by CmdrTaco
from the can-you-guess-who-i-am dept.
Denver_80203 writes "Found this story about the new Kazaa K++ 2.4.0 and it's new sister program which claim to protect your identity while sharing files. Any of you folk know how legit this could be? We all knew it wouldn't be long... is this the war or just another battle?"
This discussion has been archived. No new comments can be posted.

New Kazaa Lite Protects Identity

Comments Filter:
  • by Kai_MH (632216) on Tuesday July 15, 2003 @08:37AM (#6441941) Homepage Journal
    Hurrah! It's about frickin' time that this came out... Now let's just pray the developers didn't make a deal with the RIAA and are sellign our identities to them with this new version. So, what's the verdict on it, fellow geeks?
    • Let them sell our identities... I for one hope that we use P2P networks like Kazaa to only grab .torrent files...

      Track my IP all you want, I was simply looking for a torrent file... I didn't download "The Matrix Reloaded.mpg", I downloaded "The Matrix Reloaded.torrent", not to mention the fact that by the time they could get your ass to court, the torrent would be dead, and they would have no evidence, (other than a torrent that has nowhere near enough data to reconstruct the video), and no leg to stand
    • by Deathlizard (115856) on Tuesday July 15, 2003 @11:02AM (#6443426) Homepage Journal
      Pretty much works the same way as Security Through Obscurity if you ask me.

      Although it blocks users from browsing your files and blocks queries from known malicious IP's It would not stop the RIAA from downloading from you from a not yet known malicious IP, Proxy, wierd "Save the Music Industry" Campaingn where they pay you to hunt down P2P Users, ETC.

      Basicially if they do a search for "St. Anger" on Kazaa, Download it, and verify that it is "St. Anger" they have an IP going to somewhere. And that IP now has a big red Bullseye on it whether it's a proxy, a user or whatever else that could obscure your idenity.

      The only way to truthfully be anonymous is to be encrypted, swarmed and stored all over the place by hundreds of users like Freenet does it, and even that gives them an IP to paint a target on with the excuse that even though you dont know what your PC is sending thats no excuse to infringe. Although the courts would have to decide that.
      • by Anonymous Coward on Tuesday July 15, 2003 @12:54PM (#6444452)
        with the excuse that even though you dont know what your PC is sending thats no excuse to infringe. Although the courts would have to decide that.

        Well, some courts have decided that: http://www.ca7.uscourts.gov/op3.fwx?submit1=showop &caseno=02-4125.PDF [uscourts.gov]

        From the decision, in relevant part:
        We also reject Aimster's argument that because the Court said in Sony that mere "constructive knowledge" of infringing uses is not enough for contributory infringement, 464 U.S. at 439, and the encryption feature of Aimster's service prevented Deep from knowing what songs were being copied by the users of his system, he lacked the knowledge of infringing uses that liability for contributory infringement requires. Willful blindness is knowledge, in copyright law (where indeed it may be enough that the defendant should have known of the direct infringement, Casella v. Morris, 820 F.2d 362, 365 (11th Cir. 1987); 2 Goldstein, supra, ? 6.1, p. 6:6), as it is in the law generally. See, e.g., Louis Vuitton S.A. v. Lee, 875 F.2d 584, 590 (7th Cir. 1989) (contributory trademark infringement). One who, knowing or strongly suspecting that he is involved in shady dealings, takes steps to make sure that he does not acquire full or exact knowledge of the nature and extent of those dealings is held to have a criminal intent, United States v. Giovannetti, 919 F.2d 1223, 1228 (7th Cir. 1990), because a deliberate effort to avoid guilty knowledge is all that the law requires to establish a guilty state of mind. United States v. Josefik, 753 F.2d 585, 589 (7th Cir. 1985); AMPAT/Midwest, Inc. v. Illinois Tool Works Inc., 896 F.2d 1035, 1042 (7th Cir. 1990) ("to know, and to want not to know because one suspects, may be, if not the same state of mind, the same degree of fault)." In United States v. Diaz, 864 F.2d 544, 550 (7th Cir. 1988), the defendant, a drug trafficker, sought "to insulate himself from the actual drug transaction so that he could deny knowledge of it," which he did sometimes by absenting himself from the scene of the actual delivery and sometimes by pretending to be fussing under the hood of his car. He did not escape liability by this maneuver; no more can Deep by using encryption software to prevent himself from learning what surely he strongly suspects to be the case: that the users of his service--maybe all the users of his service--are copyright infringers. This is not to say that the provider of an encrypted instant-messaging service or encryption software is ipso factor a contributory infringer should his buyers use the service to infringe copyright, merely because encryption, like secrecy generally, facilitates unlawful transactions. ("Encryption" comes from the Greek word for concealment.) Encryption fosters privacy, and privacy is a social benefit though also a source of social costs. "AOL has begun testing an encrypted version of AIM [AOL Instant Messaging]. Encryption is considered critical for widespread adoption of IM in some industries and federal agencies." Vise, supra.
        Our point is only that a service provider that would otherwise be a contributory infringer does not obtain immunity by using encryption to shield itself from actual knowledge of the unlawful purposes for which the service is being used.
        (emphasis added)

        Small wonder this opinion is by Posner from the 7th Cir., known for being an industry goon. (He's from the Chicago school of 'screw the little guy' economists, as is Scalia, and many other jurists with sway.)

        The point however is that merely encrypting files does not provide a defense. Likely, you'll still get sued, if you infringing use becomes large enough to attract one of the factory robot lawyers the RIAA is about to retain.

        I would urge developers to read the 7th circuit opinion carefully. It lays out some tests for what a 'safe' p2p application can show to avoid liability. If others are interested, I'll follow up with a list of suggests for a bittorrent sister app I'm making that carefully follows the rules of the 7th circuit.
      • by wirelessbuzzers (552513) on Tuesday July 15, 2003 @01:07PM (#6444572)
        Actually, the folks at UDPP2P had an interesting idea in this regard. The client negotiates through the search network to find a server, but doesn't gets that server's IP. The server sends the data via forged UDP packets, encrypted, with some extra code to correct for out-of-order and dropped packets.

        I think there was a paper on /. a while ago about a similar method of sending data; you take a big, not quite square matrix M and multiplied the data file by it, getting a bunch of rows; you send these rows along with row IDs; once the receiver has enough of these rows, he can construct (using the row IDs) the inverse of the submatrix of M that spawned them, and derive the original message, even if the rest were dropped or corrupted. VanderMonde matrices work for this, although I imagine there's a sparser solution.

        Of course, your ISP/firewall wouldn't necessarily be happy about sending out all those fake UDPs, and many university networks throttle them. Also, the ..AA can still set up a fake server which logs you, since the server knows the client's IP, unless you proxy, which would cost in bandwidth. Or, you could send it to someone on the receiver's subnet and let them sniff, which wouldn't entirely give away their location.

        Perhaps one should point out that this is practically a new internet protocol, requiring root access and stuff... it might be better for them just to use IPSec with address hiding.
        • by tomtomtom (580791) on Tuesday July 15, 2003 @01:59PM (#6445095)

          This is a really good idea. You can extend it to make it even better though.

          Part of the good thing about the erasure-correcting code approach is that if you use a big enough very low-rate code (although its quite tricky to do that with good CPU and memory efficiency) then you can have downloading from several servers concurrently without having to tell each server which parts of the files you want (just send random parts of the encoded data and theres a low chance of overlap from multiple servers).

          Now, here's the clever part: you use IP Multicast with multiple sources spoofing the same sender address. This means that (a) you save quite a lot on bandwidth since many P2P clients will be downloading the same source file (this is important since a big reason many ISPs and Universities have banned P2P is the bandwidth); and (b) it is MUCH harder (not impossible, but hard enough if you are not an ISP or a router at the very end) to find out who either the source or the destination is.

          I don't know if anyone has thought of this idea and tried to implement it. Someone should; maybe I'll give it a go when I have time.

          PS. There is a sparser and more CPU-efficient solution than VanderMonde matrices, look for Low-Density Parity Check codes.

  • by stud9920 (236753) on Tuesday July 15, 2003 @08:37AM (#6441942)
    That's what I needed : something to hide my fake identity
  • by Salgak1 (20136) <salgak@sLIONpeakeasy.net minus cat> on Tuesday July 15, 2003 @08:39AM (#6441959) Homepage
    . . .and neither will the response be a surprise: the RIAA et al using a different bunch of IPs, defeating this method. Give them a few weeks, enough to get some new lines provisioned, and they'll be back at their old tricks.

    Just in time for the next move in this move-countermove chess game. . .

    • It doesn't use a fixed list of IPs, it links in to a user-created database, so that shouldn't be a problem. Some of the other upgrades sound a bit less convenient. One is the ability to block people from requesting 'show all files from this user' - great for people with a directory full of infringing material, not so great for someone like me who's sharing fan music videos and wants anyone who downloads one to be able to see what else I've got - so if this feature isn't optional, I won't be upgrading.
    • by nahdude812 (88157) on Tuesday July 15, 2003 @08:55AM (#6442146) Homepage
      Or a day to install AOL software, Earthlink software, Juno software, and many other popular ISP packages, then dial up to various cities across the country, foot the long distance charge, and tack it to the next lawsuit filed against some teenager. If they can get subnets for these guys kicked off the network, then they win this battle, and use the networks' attempts to protect themselves as a weapon to cause the network to shut down huge portions of itself.
    • Give them a few weeks ... to get some new lines provisioned,

      Few weeks?? In today's economy, and with the RIAA's budget, I'd put the figure at a few hours!

    • by deman1985 (684265) <(dedwards) (at) (kappastone.com)> on Tuesday July 15, 2003 @08:57AM (#6442161) Homepage
      Next move I see is for a single source to be limited to providing 20 seconds of a particular music file so that we can take advantage of more fair use laws.

      Really, I'm not sure why I haven't seen this used yet. Almost all the major sites out there that provide music content will let you play a 10 or 20 second sample of the music for free (and as far as I know, they don't have to license it), so why can't filesharing system users legally do the same?

      It just so happens that each user has a different clip... and the software is intelligent enough to piece them back together into one music file instead of me having to do it by hand ;)
      • Fair use applies to the user not the distributor. Therefore each person sending you the file is still in trouble, even though they only sent you a little bit. You the user are still in trouble, because you have the whole file, and therefore are exceeding fair use (probably.. fair use isn't really well defined)

      • by dmauer (71583) on Tuesday July 15, 2003 @09:36AM (#6442554)
        Really, I'm not sure why I haven't seen this used yet. Almost all the major sites out there that provide music content will let you play a 10 or 20 second sample of the music for free (and as far as I know, they don't have to license it), so why can't filesharing system users legally do the same? It just so happens that each user has a different clip... and the software is intelligent enough to piece them back together into one music file instead of me having to do it by hand ;)
        Well, I have at least one idea: What you're describing is a technology whose sole purpose is to flout copyright laws. You may be right -- technically, using this method might be legal. However, it clearly goes against the point of copyright, and it's clearly just exploiting a loophole... which is something that really doesn't sit well with me, and certainly wouldn't sit well with the uber-rich lobbyists who got the DMCA signed in the first place. Don't think that widespread use of something like this wouldn't, in some way or another, result in more nasty restrictions on Fair Use -- I imagine it wouldn't be long before many of the online music retailers who offer short samples of songs would be forced to stop. The idea here is to get active, get the unfair laws changed, and get our fair use back. NOT to find tricky ways to break the law without really breaking the law. -d
        • by Anonymous Coward

          which is something that really doesn't sit well with me, and certainly wouldn't sit well with the uber-rich lobbyists who got the DMCA signed in the first place.

          Ok, as soon as you figure out how to beat the uber-rich at the lobbying game, you let us know. Yeah yeah... go vote, I know. I already do that. The problem is that there are so damn many laws out there that nobody can understand it all or even form an opinion on most things anymore. Unless you're a lawyer, and even then you have to specialize

    • I think Kazaa needs to take another angle. Start asking doctors to prescribe music. Acquiring the music becomes a medical act. The new HIPAA regulations gives the user extraordinary rights to protect their privacy -- Kazaa and any other provider of medical services would be obligated by law to not turn over information about their users.
  • by paranode (671698) on Tuesday July 15, 2003 @08:40AM (#6441970)
    Begun, this copyright war has.
  • Great! (Score:5, Interesting)

    by indros (211103) on Tuesday July 15, 2003 @08:40AM (#6441974) Homepage
    Who wants to bet that the news won't report that filesharing has jumped back up %15, and then some with the advent of this.
  • by Ice_Balrog (612682) <[ten.orezten] [ta] [gorlab_eci]> on Tuesday July 15, 2003 @08:41AM (#6441979)
    I don't know if Kazaa K++ can hide your identity, but what I do know is this: Kazaa K++ is an excellent program. It is so much better than vanilla Kazaa. No ads, spyware, many cool features make it a great program.
  • by evilned (146392) on Tuesday July 15, 2003 @08:41AM (#6441981) Homepage
    From what I have seen, it just has a list of ips of law enforcement and record industry computers. Not a very fool proof method, but better than a tin foil hat.
    • by in7ane (678796) on Tuesday July 15, 2003 @08:48AM (#6442067)
      Don't trust the parent, it may be an attempt to persuade people to substitute a potentially insecure K++ for the proven security features of tin foil hats.

      Either way, a tin foil hat is still a good security supplement even if this hype is true.
    • Re:Just blocks IPs (Score:3, Interesting)

      by Swamp (19020)
      From what I could gather from the article they were moving towards a system whereby suspicious IP addresses that perform wide scans are automatically recorded and perhaps added to a global 'block' list. A sort of reverse distibuted denial of service.

      However I'm not sure how a client could tell whether one IP address was 'suspicious' or not, and I can't see it would be feasible to collect all IP addresses that connect to all clients to find those that couldn't possibly be legitimate Kazza clients.
    • by sharkey (16670) on Tuesday July 15, 2003 @09:01AM (#6442210)
      but better than a tin foil hat

      What if I make a tin foil cover for my modem?

  • by Soporific (595477) on Tuesday July 15, 2003 @08:41AM (#6441983)
    I stopped using Kazaa for a while, or only briefly. Now I can go back to being a file whore and stop using those unreliable BitTorrent sites.

    ~S
  • K++? (Score:4, Funny)

    by GnuVince (623231) on Tuesday July 15, 2003 @08:41AM (#6441984)
    Why not K++0x? ;)
  • What's needed.. (Score:3, Insightful)

    by jkrise (535370) on Tuesday July 15, 2003 @08:41AM (#6441985) Journal
    is protection from R*AA, not identity protection.
  • K++ edition (Score:5, Interesting)

    by Webtommy88 (515386) on Tuesday July 15, 2003 @08:42AM (#6441991)
    Well K++ edition bascially contains a wrapper on the Kazaa application so that one can modify the memory accessed by Kazaa easily, and thus those who use K++ edition automatically has the K-Lite Master (1000) ranking on Kazaa. Its simply a matter of manipulating the values at the memory address.

    I would think that extending on that principle, they could write protect or just dump gabarge into the memory space where idenities are stored.

    Of course, I don't have the K++ source, so how would I know, it's just a theory.
    • Re:K++ edition (Score:5, Insightful)

      by Karamchand (607798) on Tuesday July 15, 2003 @08:57AM (#6442167)
      • This PL = 1000 thing is actually rather bad for the P2P network as a whole. If noone sees the need to share files fewer people will share files (specially in the light of recent RIAA threats)
      • Actually your's is a rather bad theory. Because the identity is not your Kazaa nickname (which you can change anyway to anything you want) or anything like that - but it is your IP address. Without fundamental changes to the way FastTrack works (think rewrite in Freenet direction) it won't be possible to hide your identity.
      • Re:K++ edition (Score:3, Insightful)

        "This PL = 1000 thing is actually rather bad for the P2P network as a whole. If noone sees the need to share files fewer people will share files (specially in the light of recent RIAA threats)"

        I don't agree with this because even with kazaa lite, you are sharing by default. So everything you download is automatically shared unless you click that 'don't share' box or move it from your shared directory. And considering that most kazaa users are average folks, they won't bother to configure the application

    • Re:K++ edition (Score:4, Informative)

      by ncc74656 (45571) <scott@alfter.us> on Tuesday July 15, 2003 @10:45AM (#6443234) Homepage Journal
      The article said K++ and K-Lite are integrated with the PeerGuardian database. That's a list of IPs from which to refuse traffic. You can get the plaintext list here [simplyclick.org] and run it through a converter here [bluetack.co.uk] that converts the list into a script full of iptables commands to cut off the ??AA at your firewall, so they won't even get through to whatever filesharing software you're running.
  • by bugsmalli (638337) on Tuesday July 15, 2003 @08:42AM (#6441992)
    for pushing us to come up with ingenous ways to screw them. When the heck will they wake up and realize whatever they try they can't subdue filesharing. Why not just make it easier and rake in some money (read profit. anything more than 0 is...). sheesh. is the org run by a bunch of retards or what?
  • umm (Score:5, Insightful)

    by ramzak2k (596734) * on Tuesday July 15, 2003 @08:42AM (#6441994)
    Both Kazaa K++ and Kazaa Lite, two very similar modifications to the Kazaa file-sharing system by Sharman Networks, now contain hooks to the PeerGuardian database of IP addresses

    Database of IP addresses is going to protect us ?
    Cmon now. What prevents RIAA from using anonymous IP blocks that they can purchase legally for use?
    • Re:umm (Score:5, Funny)

      by EinarH (583836) on Tuesday July 15, 2003 @09:02AM (#6442221) Journal
      Cmon now. What prevents RIAA from using anonymous IP blocks that they can purchase legally for use?

      Stupidity?

      • Re:umm (Score:3, Funny)

        by poot_rootbeer (188613)
        Cmon now. What prevents RIAA from using anonymous IP blocks that they can purchase legally for use?

        Stupidity?

        Lack of operating funds? No, wait.

  • by TrollBridge (550878) on Tuesday July 15, 2003 @08:42AM (#6441996) Homepage Journal
    I've been gradually putting together a good functional Linux setup on my laptop, and was surprised to learn that there wasn't a Linux version of Kazaa or Kazaa Lite out there.

    Is there an alternative I am unaware of?

  • by anon*127.0.0.1 (637224) <slashdot&baudkarma,com> on Tuesday July 15, 2003 @08:43AM (#6441998) Journal
    Blocking the IP address or range of addresses that they suspect the RIAA is using. Yeah, that'll stop them. No way they'll be able to scan from a different IP. I feel safer already.

    Not letting people see what other files a user has might be a bit more useful, but I don't think either of these measures is going to do much to stop the RIAA from prosecuting people.

  • by anonicon (215837) on Tuesday July 15, 2003 @08:43AM (#6442004)
    Interesting. Since I know 0 about PeerGuardian, I suppose this may be effective (or not). Does anyone have a documented analysis of how this works instead of some vague news report?

    Also, I don't mind sharing the music on my hard drive (it's all indie and OK'd to be there), but that said, do firewalls protect your IP identity or are they useless for that? Unclear about what tools may be used in conjunction with p2p to cover your identity.

    Peace.
  • by Stinky Glen20 (689507) on Tuesday July 15, 2003 @08:44AM (#6442013)
    From the article, all this seems to do is some basic housekeeping to ensure that your search history is not stored, and interact with a database of IP addresses known to be used by the RIAA

    This doesn't seem to be anything revolutionary, or, interesting.

    If the services went through some kind of anonymizer, that would be cuter. Of course, the bandwidth demands would be huge.

    What may be an alternative is to produce a collaborative download system. I request a download, which is proxied by another random user (provided I return the favor). Even if you had RIAA sniffers, all that could be proven is that MY IP address downloaded something, but not the ultimate destination of the data.

    Of course, if I have illegal music on my PC, then I am still screwed. But I leave solving that problem to the reader :)
  • How legit? (Score:3, Interesting)

    by AllUsernamesAreGone (688381) on Tuesday July 15, 2003 @08:46AM (#6442035)
    "know how legit this could be?"

    As legit as sharing copyrighted files? ;) IANAL, but I doubt that the Recording Industry Ass. of America can use existing laws to prevent this being done (although I doubt that'll stop them trying).

    If the Kazaa guys have done it right they may even be able to wave the good old DMCA under the Recording Industry Ass. of America's nose if they try to crack the system as well (oh the irony!)

    But this is just the latest volley in what is going to be a very drawn-out and bloody Information Cold War.

  • I'm Safe (Score:5, Funny)

    by dlosey (688472) on Tuesday July 15, 2003 @08:46AM (#6442040)
    I already protected my identity. I am John Doe at 123 Abc St. My email is JohnDoe@kazaa.com. How could they possibly find me?

    *knock* *knock*

    Umm.. yeah.. I'll finish this post la.. *ouch* Not so tight with the handcuffs.
  • Not true. (Score:5, Insightful)

    by Eric_Cartman_South_P (594330) on Tuesday July 15, 2003 @08:46AM (#6442041)
    Well, it IS true in the fact that it blocks a known range of RIAA and other "bad" IP's. However, do you really think they wouldn't use random, seperate IP's to do their dirty work? I don't think the "music-searchin-lawsuit-makin" box is sitting next to their Exchange Server. They do have the cash to get some techies who know how to read ZeroPaid and Slashdot and I'm sure the "music-searchin-lawsuit-makin" box is on a completely different class C ip, or even random cable/dsl modems accross the country. Why not? THat's what I would do (uhg, feels dirty to even think like them for a second). That said, the new Kazaalite features are an ok, simple start to something good I guess.

    The new feature that blocks users from seeing ALL files, however, is VERY smart. All 50 million users (pulled that number out of thin air, should be close) now appear to be sharing only the ONE file you searched for. Makes hiding in the sea of users fruitful.*

    * Disclaimer: Don't steal music. :)

  • How? (Score:5, Informative)

    by bazik (672335) <[gro.ootneg] [ta] [kizab]> on Tuesday July 15, 2003 @08:46AM (#6442042) Homepage Journal
    How can you hide your identify on a Peer2Peer system where other users get your IP when they connect to your machine to download stuff (for backup reason of course)?

    I doubt there is a way... netstat kills your privacy :P
    • Re:How? (Score:4, Interesting)

      by Zocalo (252965) on Tuesday July 15, 2003 @09:17AM (#6442356) Homepage
      The object, for those in a dubious copyright position, would primarily be to hide the identity of the uploader sharing the files, not the downloader retrieving them - that's just a bonus. Most P2P networks use some kind of hub system to collate requests and assign them to servers, at least initially. So, at a very basic level:
      1. Client contacts hub and requests a file
      2. Hub contacts available servers with details
      3. Server(s) sends data blocks to client
      4. Client receives data blocks and ticks off the file bitmap, making additional requests of the hub until all sections are retrieved.
      Therefore, if the servers fake their originating IPs and all data verification is done by the client only the hub needs to know the IPs of the servers. Apparently there is already a UDP based P2P client in development that does something like this - it's mentioned in this very thread in fact.

      Quite how you get around the issue of the RIAA et al operating a hub and looking at the traffic though is another matter. Ultimately, something *must* bring the source and destination IPs together to initiate the transfer, and that's the point that the copyright police are going to be working at. I think it's a problem with a solution though - the similar issue of public key exchange had people stumped for an age before it was first solved by James Ellis' team at GCHQ.

      In fact, that's another way of looking at the problem - who cares if Eve can see an ISOs worth of data transferred between Alice and Bob if they can't tell whether its the latest distro or the latest Hollywood movie DivX? They can't pursue every P2P downloader on the off chance it's a copyright violation, can they? And encryption is and essential feature of communications software to gain mainstream business acceptance in this paranoia ridden world, right?

  • by Entropy248 (588290) on Tuesday July 15, 2003 @08:46AM (#6442044) Journal
    The new versions contain several features designed to foil scanning attempts. PeerGuardian attempts to catalog a range of IP addresses used by or suspected to be used by labels, the Motion Picture Association of America, the Recording Industry Association of America, and other agencies. The database is built by contributions of individual users, although the methodology used to determine and verify the IP addresses is unclear.

    Stop trying to flood my P2P network...
    Now we have blacklisting and whitelisting (through Sig2DAT). Though both of these methods together would seem to defeat P2P "spammers", the easiest way for them to get around this might be to spam the whitelist. The next move in the P2P wars remains uncertain.
  • by WPIDalamar (122110) on Tuesday July 15, 2003 @08:46AM (#6442045) Homepage
    First there was napster, which was shut down through the courts, so people made kazaa (ok, I'm skipping a few steps) which is harder to shut down through the court system, so The Man decided to go after individual users... so kazaa made it harder for them to do that...

    It's just going to go on and on and on.

    To bad kazaaa can't patent the communication protocol, and not license it to RIAA... <SARCASM>Maybe we should enact a law to explicitly enforce these patents</SARCASM>
  • by Sky-217 (44374) <marter+slashdot@@@gmail...com> on Tuesday July 15, 2003 @08:55AM (#6442141)
    "Users of the latest versions of Kazaa Lite and Kazaa++ also have the option of disabling a function that allows remote users to see what other files the user has. "

    If everyone did this, wouldn't that kill P2P file sharing? Isn't that what the RIAA wants to happen anyway?
  • by OS24Ever (245667) * <trekkie@nomorestars.com> on Tuesday July 15, 2003 @08:57AM (#6442165) Homepage Journal
    ...but the RIAA can easily get around this block of 'known' IP addresses.

    To borrow from the other scourge of the internet, They'll just pay people to work from home for $1000s a week!

    All they'll do is pay some one who wants money to run their program using their home DSL, Dial up or Cable Modem. Then the blocking of RIAA's 'known' addresses would become as big as every high speed residential network on the planet.
  • by Zog The Undeniable (632031) on Tuesday July 15, 2003 @08:57AM (#6442166)
    At post time, the RIAA.org site was not responding

    Is this a new euphemism for "ownz0r3d and h4X0red out of existence, again"?

  • by firewort (180062) on Tuesday July 15, 2003 @08:59AM (#6442178)
    This doesn't really fix the problems here, it's a band-aid on a gaping wound.

    This is a nice idea, and one way to approach things. I'm just not positive that it's effective.

    The RIAA won against Verizon in court, and can now request IP addys, logs, and user contact info. So, this doesn't really slow them in that sense.

    Additionally, what's to stop the RIAA from getting a bunch of DHCP home accounts under a subsidiary's name instead of their own? The possibilities for playing catch up here to add more IP ranges are endless.

    This is a neat little effort, but doesn't fix the greater problem of balance in copyright law/infringement/fair-use.

    It's the proverbial finger in the hole in the dam.

    Lulu.com- publish your stuff! Creative commons compliant. [lulu.com]

  • by stinky wizzleteats (552063) on Tuesday July 15, 2003 @08:59AM (#6442181) Homepage Journal

    In other P2P networks. Freenet [sourceforge.net] and GNUnet [ovmj.org] both offer crypto and anonymity. Freenet isn't a P2P app in the pure sense. It's more of an underground www. GNUnet has better anonymity (theoretically - due to it's ability to resist traffic analysis attacks), but it is a younger project.

    When it's time to retreat from gnutella, these represent the next stage in the information war.

  • Fanning the flames (Score:5, Insightful)

    by Mikey-San (582838) on Tuesday July 15, 2003 @09:11AM (#6442298) Homepage Journal
    Here's a question that popped into my head while reading this story:

    Is this legal? If so, should we really advocate it?

    If people are stealing music, and a company attempts to block the people from whom the music is being stolen, with the intent of protecting the identity of the pirates, isn't there some line that's being crossed somewhere?

    And even if it /is/ in that legal grey area and isn't clearly illegal, isn't it a really stupid move regardless? It seems like by hiding the people pirating the distribution-prohibited music, it helps give the RIAA /more/ reason to jack up CD prices and impose arm-bending DRM practices.

    No, I don't think music piracy is the big reason why CD sales are falling. It's a larger issue than just p2p apps, but it gives the RIAA /cause/ that they can wave around like a flag in the newspapers and on TV news programs that don't do the proper amount of research into the issue.

    I digress.

    This is really stupid of KaZaA to do, bottom line, I'd say. :-/
  • by The Spie (206914) on Tuesday July 15, 2003 @09:29AM (#6442475) Homepage
    I run PeerGuardian's list on my system (either with its standalone program or through using its list with Sygate Personal Firewall). I've contributed IP blocks to it as well. So, unlike the sanctimonious among /., I know what I'm talking about here.

    What I can't understand is why so many people here seem to be down on it. Here is a project that's free as in beer, free as in speech, receiving a great number of contributions from a tech-savvy community, helping to maintain privacy rights, and is making a solid attempt to send a message to the **AAs. This sounds like something the Open Source community would jump on as an example of community action to solve a problem. The fact that K++ is offering it will increase participation among users.

    (By the way, the list is not only being constantly updated, a number of times a day, but it's being continually scrutinized for bad or inappropriate ranges. Congrats to eremini, dingdongding, and c00kies2000 for some great work on getting rid of inappropriates and dupes.)

    It's not perfect, but it's a good stopgap until a better solution can be found.

    The Spie
  • by plasticmillion (649623) <matthew@allpeers.com> on Tuesday July 15, 2003 @09:29AM (#6442483) Homepage
    Actually the RIAA has been quite upfront regarding their plans to sue the pants off offenders. They have stated repeatedly that they plan to go after users who are sharing tons of files, not the zillions of normal users, which makes sense since supposedly a small minority of big sharers supplies the vast majority of files on the networks.

    From this perspective something like a proxy for file transfers is not so important (not to mention fairly impractical). If other users can't see your full library and can't see your IP address in their search results (the latter might enable smart bots to "guess" what your library contains), the only way they can determine that you are sharing massively is to download tons of files and see which IP addresses crop up. This is because they will only see your IP when they actually start downloading.

    All this to say that with the latest changes in K++ and Kazaa Lite, even big time file sharers can probably rest easy.

  • by DuckDuckBOOM! (535473) * on Tuesday July 15, 2003 @09:42AM (#6442621)
    In a future release of [your favorite P2P app], an option which presents to peers requesting downloads or file lists one of those pseudo-word-containing images you see on eBay and Ticketmaster to block bots. The requestor has to type in the character string he/she/whatever sees to get the file or list. This wouldn't stop RIAA scans, but would sure as hell slow them to a crawl by de-automating the scan process, without substantially impacting a normal user. The only serious downside I see is that this method probably busts a patent somewhere. Is there a way to avoid that?

    Sanity check, anyone?

    • Damn, that's the best idea I've read yet! Somehow, though, it would have to be enforced for searches across all the users (e.g. searching for Red Hat ISOs). For that, I'd envision a protocol that negotiated some kind of image whose pseudo-word would be good for that one search.

      Of course, eliminating the ability of the *AA to trawl the networks with bots would yield an escalation, two of which I'll guess:

      • *AA outsources trawling to China or India, where it can be done by prisoner or cheap hired labor respect
  • by Aceticon (140883) on Tuesday July 15, 2003 @09:52AM (#6442720)
    Actually the thought just came to me that an interesting way to fight back would be having filesharing software somehow totally blacklist access to suspicious networks at the PC level (meaning not only filesharing - everything).

    The blacklisting should be done at a higher level than machines only - the whole network of the ISP providing RIAA with access should be blacklisted if one or more machines in the network are being used by RIAA (or related entities) to scan for filesharing.

    Also, the user of the filesharing program should be given a choice - "Do you want to block access to and from networks where RIAA is scanning filesharers (Yes/No)?"

    My basic idea goes down to a bit of social engineering - please follow me on this one:
    - RIAA contracts with an ISP to provide it with network connectivity to the Internet.
    - RIAA then uses machine(s) over that network connection to scan filesharing networks.
    - Said activity is detected (exactly how i don't know)
    - The whole network for that ISP (or at least a significant portion of it) is blacklisted in millions of machines (all those running the filesharing app). This can be scalled up to bigger sub-networks (the ISP of the ISP) if needed.
    - Other entities hosted on the same ISP are also in practice cut-off from some of their (potential) customers. Mostly their websites are ineccessible from millions of machines. This is especially bad for online shops and ASPs.
    - They complain to the ISP.
    - The ISP, faced with the choice between keeping RIAA as a customer and loosing several other customers or simply dumping RIAA will find that the choice that makes more business sense is dumping RIAA.
    - Eventually, RIAA and it's associates will become persona non grata to most ISPs (as in, they choose to not take RIAA's business).

    The nice thing about it is that it's all absolutelly legit:
    - Each individual user chooses to accept an autometed cut of contact with those networks that provide access to filesharing scanning. Everyone is in their right to do so.
    - ISPs choose to not sell their services to RIAA. It is their right to do so.

    Now, this whole theory has some holes in it, and a couple of weak points (not to mention no solutions for the technical problem) - still, a distributed, voluntary system that makes it bad business for ISPs to provide access for companies that do filesharing scanning would leverage the power of those "hundreds of millions of users" of the filesharing apps.

    Comments please ...
  • A Plan for RIAA (Score:3, Interesting)

    by Pac (9516) <paulo...candido@@@gmail...com> on Tuesday July 15, 2003 @09:58AM (#6442775)
    (With many apologies to Paul Graham [paulgraham.com])

    What Kazaa Lite has now is equivalent to blacklists of spammers and spammers domains. We have already determined this strategy alone won't solve the problem.

    The next logical step is to combine the lists with a distributed statistical filter capable of identifying RIAA hosts by search pattern and IP pattern. Since it is happening in a connected network, each peer filter can then broadcast its guesses and receive other peers guesses. Locally you can build a trust list based upon the likehood of search comming from a RIAA host.

    Obviously this have problems.

    One problem is the lack of significant search samples to make decisions. We would have to see an implementation to discover if it is mathematically feasible.

    RIAA can also start trying to close down sharers by broadcasting their IP as "riaa-like" from a great number of peers. The way to avoid this is having all peers checking "the evidence". If the sharing IP and its searches do not match RIAA pattern, the call is probably bogus and those IPs broadcasting it are probably RIAA's. Backfire on them...

    Another danger is RIAA using a range of IPs large enough to endanger the network connectivity. This is probably too expensive, but RIAA is probably too rich too.

    Anyway, my point is that since the data is there (RIAA is searching the networks for the sharers), one can always analyse this data and try to extract as much information as possible from it.
  • If only... (Score:5, Insightful)

    by revmoo (652952) <slashdot AT meep DOT ws> on Tuesday July 15, 2003 @10:04AM (#6442821) Homepage Journal
    The thing is, the RIAA has subsisted all along on being the middleman. They don't really DO anything. Sure they promote new albums.......oh wait, no they don't, they have ad agencies and their ilk to do it. I know, they press cds......oh wait, no they don't, they outsource it to record pressing companies.

    The RIAA(meaning the record companies) only exists because the artists and the consumers haven't really questioned their existence. Artists stand to make a lot of money without the RIAA in place. Why not make all music free? If you want to brave the p2p networks for different quality mp3s and such help yourself. OR, you can pay $5 directly to the artist to download the cd from their website.

    Artists can make MORE than enough money from licensing their music(think movie scores, and commercial soundtracks), and live performances. Without having to pay large portions of their income to the record companies, artists stand to make a LOT more money, once the RIAA is gone.

    The artists you see fighting p2p etc, are the ones that NEED the RIAA to survive. I'm talking about the sell-out corporately manufactured groups that wouldn't last if the RIAA wasn't there to spam their name all over the radio and mtv every 10 minutes. Those are the only artists that NEED the RIAA, and if we lose them, frankly, here is one slashdot poster that could care less.

    It's not that I mind paying for music, but isn't it about time for a paradigm shift? Natural selection has provided an easier and better way to get new music and the record companies are a dying breed.

    I have a couple thousand mp3's on my hard drive that I didn't pay for, but I also have heard a lot of new artists that I will jump at the chance to see live, or buy merchandise from.

    I'm a bit of an aspiring dj, and I buy records from artists that I've heard and liked through p2p. If it wasn't for p2p those artists wouldn't have had my purchase.

    The problem doesn't lie with the consumer.
    • by *weasel (174362) on Tuesday July 15, 2003 @11:06AM (#6443458)
      the RIAA exists because traditionally it has been very expensive to break into the music business.
      now that the wall is being torn down, the RIAA is going out of its way to try to ensure its relevancy. (payola, tighter distribution contracts with artists, destroying the credibility of digital distribution, etc) it sucks - but it's all legal.

      all that aside this is about theft. downloading mp3s for material you haven't paid for -is- theft. whether it -should-be- or not is debatable. but under the law, it is. bummer.

      so this little arms race may be between the good intentioned hackers vs the big bad corporation - but legally it's just pirates against copyright holders.

      the fault -doesnt- lie with the consumer, it lies with the pirate. if you've noticed, not even the RIAA is saying 'p2p is bad' anymore. the specific practice of illegal distribution of music is what they're fighting now.

      they logistically can't (and don't even try to) sue -you- for downloading. it's not obvious from the information available within a p2p app whether or not you are downloading a song you have fair use rights to (if i own nevermind, i can legally download the mp3s for that album) - and it would be financially prohibitive to even try to figure that out.

      -however-, sharing the files is absolutely illegal. the RIAA -owns- the distribution rights for signed artists, and you are infringing on their copyrights by pirating that right.

      sure, maybe some day the artists will wise up - but until then, you -are- breaking the law. get used to it, get an ipod, or uninstall kazaa. check your justifications at the door.

      and whether or not p2p affects CD sales is irrelevant. discussing that is like trying to justify theft from a profitable business because they're still profitable despite the theft. sure - it's a neat little communistic self-delusion - but it's still theft under our laws.

  • by nick_davison (217681) on Tuesday July 15, 2003 @10:08AM (#6442854)
    Recently, the file trading networks have been having some limited success by using the argument: "If there are significant other legitimate uses, a technology cannot be shut down because of its possible uses for piracy."

    K++ is touting as a major feature being able to block law enforcement's (you think the RIAA won't play it as their lawyers attempting to do the work of the police?) attempts to crack down on its illegitimate (yes, yes, I know everyone thinks it's legitimate but the law doesn't) uses.

    Surely they've just handed the RIAA a victory? They've said, "We've been sneaking in by claiming we have legitimate uses, trading all types of file - and now we've proved that our real purpose was piracy all along."

    Yay. In one step, you've got 15% of users back for the couple of months before the policy offers the RIAA all the justification they need to shut you down entirely.
  • by fmaxwell (249001) on Tuesday July 15, 2003 @10:10AM (#6442873) Homepage Journal
    I installed the new version of Kazaa-lite and it apparently turned filesharing on even though I had disabled it previously. (Note: I say "apparently" because I did not check the setting immediately prior to the installation and it is theoretically possible that some other process had turned it on.) This was done despite the claim on the website that "You can just install this on top of a current Kazaa Lite installation. That way all your settings will be remembered."

    While people can debate the ethics of not sharing, how it affects the viability of P2P networks, and so forth, it should still be an individual choice.

    Turning on filesharing without the explicit permission of the user could put the user in violation of the policy at their ISP or their work. It could put them in violation of federal, state, and local laws. It could open up a big security hole, causing the user to share files that they never intended to share. This is not something that should be done without the user's knowledge and permission.
  • by werdna (39029) on Tuesday July 15, 2003 @10:39AM (#6443163) Journal
    Judge Richard Posner, a highly regarded Seventh Circuit Judge recently wrote an opinion upholding the Aimster injunction [uscourts.gov] that tends to suggest that identity protection for file sharing is more likely to support a claim for contributory infringement of the vendor than not. The opinion, while troublesome in many respects, is probably the most intelligently written articulation of the 9th Circuit Napster reasoning we are likely to see, and will likely be deemed a persuasive authority by most District Court Judges. That is, until and unless the Supreme Court speaks clearly on whether they meant what they said when they wrote in the Sony Betamax case, that regardless of evidence of wrongdoing there can be no contributory liability for distribution of technology that is capable of a substantial noninfringing use.

    My problem with the Napster, and now Aimster, opinions is simply this: the 9th Circuit adopted a broader view of the liability of a technology manufacturer in the Sony Betamax case, essentially a "substantial infringing uses occur means infringement by vendor" test, which was discredited and reversed in Sony, which adopted the "substantial noninfringing use possible means no infringement by vendor," almost the very opposite result. It is hard for me to understand why, when the 9th Circuit essentially brought back the same analysis in its Napster opinion that got "sent home" in Sony, that Judge Posner would so freely adopt it here. To be fair, he explains his reasoning very, very well -- I just don't find it persuasive in view of the law and its underlying policies -- contribution isn't about expanding copyright to permit technology regulation.

    To me, the question isn't whether the technology is being used poorly -- even by most users -- if it is capable of a substantial noninfringing use -- in which case there should be NO liability for contribution. (To get a sense how far the Supreme Court went, there was survey evidence before the District Court showing that 50% of the Betamax users were doing some infringement.) The question should be whether the technology vendor was affirmatively and actively inducing others to engage in infringement, as was the case in Napster and, arguably, Aimster.

    Time will tell. But until the Supreme Court gets to this, it looks like the Posner account of Napster will be the final word on this question of law. Note, however, that his remarks on identity protection as indicia of wrongdoing are very troubling -- one of these days, perhaps in a few more years, perhaps, if we don't have any more tall buildings hit by planes, we really need to affirmatively try to get the courts and the Congress focused on privacy again.
  • Do the EULA (Score:5, Interesting)

    by Zangief (461457) on Tuesday July 15, 2003 @10:58AM (#6443367) Homepage Journal
    Why don't we put a EULA in the new Kazaa programs, which say something like this:

    I don't belong to any organization related to RIAA.... I won't use any information obtained from the use of this program, or the study of the way this programs works, to sue others users of this or related program... I don't suck

    And then require, from some point in the near future, that everyuser of kazaa has accepted this EULA

    IANAL, and I don't know how an EULA like this would stand in a court, but should work for a time at least.

    In the worst case, if the EULA doesn't stand in a court, it would provide a good case against crazy EULA's

    It's a win-win!!
  • by mr_burns (13129) on Tuesday July 15, 2003 @11:43AM (#6443825)
    I believe the next major advance in P2P technology will be the inclusion of reputation management / trust relationship technologies.

    How do you know which IP's to blacklist? How do you know that the file you're downloading isn't a trojan?

    I don't think the answer is in a centralized database of 'evil-doers'. That's an arms race that can eventually get everybody censored. Especially with dynamic IPs.

    What needs to happen is you have to earn a reputation before you end up in those search results. You do this by people vouching for the quality of your files and not being a mole. Trust is gained by WHO vouches for that person and their metric of trustworthyness.

    There should also be an option to restrict access to a given file to those within your web of trust so when the death squads in your country are looking to kill people serving up books about democracy, they can't just do a search real quick.

    After we achieve a trust framework. I believe the next step will be dealing with traffic analysis. However, I'll rant about that when the time comes.

Chairman of the Bored.

Working...