New Kazaa Lite Protects Identity 668
Denver_80203 writes "Found this story about the new Kazaa K++ 2.4.0 and it's new sister program which claim to protect your identity while sharing files. Any of you folk know how legit this could be? We all knew it wouldn't be long... is this the war or just another battle?"
Great! (Score:5, Interesting)
K++ edition (Score:5, Interesting)
I would think that extending on that principle, they could write protect or just dump gabarge into the memory space where idenities are stored.
Of course, I don't have the K++ source, so how would I know, it's just a theory.
Privacy and Filesharing (Score:3, Interesting)
Also, I don't mind sharing the music on my hard drive (it's all indie and OK'd to be there), but that said, do firewalls protect your IP identity or are they useless for that? Unclear about what tools may be used in conjunction with p2p to cover your identity.
Peace.
All this seems to do... (Score:5, Interesting)
This doesn't seem to be anything revolutionary, or, interesting.
If the services went through some kind of anonymizer, that would be cuter. Of course, the bandwidth demands would be huge.
What may be an alternative is to produce a collaborative download system. I request a download, which is proxied by another random user (provided I return the favor). Even if you had RIAA sniffers, all that could be proven is that MY IP address downloaded something, but not the ultimate destination of the data.
Of course, if I have illegal music on my PC, then I am still screwed. But I leave solving that problem to the reader
How legit? (Score:3, Interesting)
As legit as sharing copyrighted files? ;) IANAL, but I doubt that the Recording Industry Ass. of America can use existing laws to prevent this being done (although I doubt that'll stop them trying).
If the Kazaa guys have done it right they may even be able to wave the good old DMCA under the Recording Industry Ass. of America's nose if they try to crack the system as well (oh the irony!)
But this is just the latest volley in what is going to be a very drawn-out and bloody Information Cold War.
Check out UDPP2P (Score:2, Interesting)
It looks interesting, although I'm not quite sure about breaking standards (by spoofing the packets) in favour of privacy...
And the arms race begins... err .. continues (Score:3, Interesting)
It's just going to go on and on and on.
To bad kazaaa can't patent the communication protocol, and not license it to RIAA... <SARCASM>Maybe we should enact a law to explicitly enforce these patents</SARCASM>
Re:umm (Score:0, Interesting)
Re:get info from ISP? (Score:2, Interesting)
RIAA is not interested in punishing the typical computers nerdies, they try mostly to reduce common user P2P networks because they are too easy and too open compared to XDCC or FTP forms of warez. Now everybody (even if you are not a techie) can download a P2P program and start downloading and sharing the programs that you already have and eveybody knows at least 1 or 2 names of P2P program.
To stop P2P programs they actually attack companies, development groups, warez releasers groups and people who own a P2P hub. And I think that they are not interested in getting your IP as they could not arrest downloaders (for corporate image, money issued ...). They also try to make software pirating look as bad as hacking, while you cannot link these activites.
Re:Just blocks IPs (Score:3, Interesting)
However I'm not sure how a client could tell whether one IP address was 'suspicious' or not, and I can't see it would be feasible to collect all IP addresses that connect to all clients to find those that couldn't possibly be legitimate Kazza clients.
Re:This isn't surprising. . . (Score:5, Interesting)
Re:This isn't surprising. . . (Score:3, Interesting)
Few weeks?? In today's economy, and with the RIAA's budget, I'd put the figure at a few hours!
Re:This isn't surprising. . . (Score:5, Interesting)
Really, I'm not sure why I haven't seen this used yet. Almost all the major sites out there that provide music content will let you play a 10 or 20 second sample of the music for free (and as far as I know, they don't have to license it), so why can't filesharing system users legally do the same?
It just so happens that each user has a different clip... and the software is intelligent enough to piece them back together into one music file instead of me having to do it by hand
doesn't fix the problems, it's a band-aid (Score:3, Interesting)
This is a nice idea, and one way to approach things. I'm just not positive that it's effective.
The RIAA won against Verizon in court, and can now request IP addys, logs, and user contact info. So, this doesn't really slow them in that sense.
Additionally, what's to stop the RIAA from getting a bunch of DHCP home accounts under a subsidiary's name instead of their own? The possibilities for playing catch up here to add more IP ranges are endless.
This is a neat little effort, but doesn't fix the greater problem of balance in copyright law/infringement/fair-use.
It's the proverbial finger in the hole in the dam.
Lulu.com- publish your stuff! Creative commons compliant. [lulu.com]
Re:umm (Score:1, Interesting)
Nope, but it's better than nothing. I suspect that you don't remove your socks in a snowstorm because they don't work that well.
"What prevents RIAA from using anonymous IP blocks that they can purchase legally for use?"
Nothing, but then I'd love them to buy up sections of the internet. Waste money on hosting. Pay crackers who them turn around and strangely renage on NDAs. Bang their heads against the internet when paranoia turns the whole thing 'dark'.
I'd personally like to see them bleed for what they've turned the music industry into.
OD
How legit can this be??? (Score:1, Interesting)
You're using a peer to peer network...
One of your peers starts downloading a file from you...
They type netstat -na (either on windows or linux)...
Hey presto... they've got the IP address of every connection to their machine.
Can't hide that.
If you want to get really advanced, you could run iptraf or etherape and you can even match up the KB/sec that your p2p clients says it's getting to the right stream...
I've done this in real life to proove to people that they can't hide..
As far as I know.. the only sure way to hide your identity on the internet is to buy a pay-as-you-go mobile phone in a shop with no cameras... Then use an AOL cd with a fake credit card number to get a free trial... Stand in the middle of a field to make sure you can see them coming... That's how proper covert internet ops get done.
Re:How? (Score:4, Interesting)
Quite how you get around the issue of the RIAA et al operating a hub and looking at the traffic though is another matter. Ultimately, something *must* bring the source and destination IPs together to initiate the transfer, and that's the point that the copyright police are going to be working at. I think it's a problem with a solution though - the similar issue of public key exchange had people stumped for an age before it was first solved by James Ellis' team at GCHQ.
In fact, that's another way of looking at the problem - who cares if Eve can see an ISOs worth of data transferred between Alice and Bob if they can't tell whether its the latest distro or the latest Hollywood movie DivX? They can't pursue every P2P downloader on the off chance it's a copyright violation, can they? And encryption is and essential feature of communications software to gain mainstream business acceptance in this paranoia ridden world, right?
Simple idea? (Score:2, Interesting)
I don't have a sig.
So Why Is Everyone Negative Toward Peer Guardian? (Score:3, Interesting)
What I can't understand is why so many people here seem to be down on it. Here is a project that's free as in beer, free as in speech, receiving a great number of contributions from a tech-savvy community, helping to maintain privacy rights, and is making a solid attempt to send a message to the **AAs. This sounds like something the Open Source community would jump on as an example of community action to solve a problem. The fact that K++ is offering it will increase participation among users.
(By the way, the list is not only being constantly updated, a number of times a day, but it's being continually scrutinized for bad or inappropriate ranges. Congrats to eremini, dingdongding, and c00kies2000 for some great work on getting rid of inappropriates and dupes.)
It's not perfect, but it's a good stopgap until a better solution can be found.
The Spie
The RIAA's Not-So-Secret Agenda (Score:4, Interesting)
From this perspective something like a proxy for file transfers is not so important (not to mention fairly impractical). If other users can't see your full library and can't see your IP address in their search results (the latter might enable smart bots to "guess" what your library contains), the only way they can determine that you are sharing massively is to download tons of files and see which IP addresses crop up. This is because they will only see your IP when they actually start downloading.
All this to say that with the latest changes in K++ and Kazaa Lite, even big time file sharers can probably rest easy.
Re:umm (Score:3, Interesting)
If ROT-13 is an encryption scheme under the DMCA (see Adobe Vs. Elcomsoft), it could be argued that TCP is an encryption scheme under the same rules.
Anyway is this just a RIAA scare tactic? It seems like the stragety is to go after a few dozen people to scare away the rest of them instead of going after every file sharer? I mean, if there are already tens of thousands of people sharing "their" files, and it costs tens of thousands per lawsuit -- then the RIAA will be paying out tens of thousands of tens of thousands in legal fees (err...hundreds of millions). I'm not sure which planet that's economical on.
Submitted for your approval: (Score:5, Interesting)
Sanity check, anyone?
Blacklisting RIAA's (and friends) networks (Score:5, Interesting)
The blacklisting should be done at a higher level than machines only - the whole network of the ISP providing RIAA with access should be blacklisted if one or more machines in the network are being used by RIAA (or related entities) to scan for filesharing.
Also, the user of the filesharing program should be given a choice - "Do you want to block access to and from networks where RIAA is scanning filesharers (Yes/No)?"
My basic idea goes down to a bit of social engineering - please follow me on this one:
- RIAA contracts with an ISP to provide it with network connectivity to the Internet.
- RIAA then uses machine(s) over that network connection to scan filesharing networks.
- Said activity is detected (exactly how i don't know)
- The whole network for that ISP (or at least a significant portion of it) is blacklisted in millions of machines (all those running the filesharing app). This can be scalled up to bigger sub-networks (the ISP of the ISP) if needed.
- Other entities hosted on the same ISP are also in practice cut-off from some of their (potential) customers. Mostly their websites are ineccessible from millions of machines. This is especially bad for online shops and ASPs.
- They complain to the ISP.
- The ISP, faced with the choice between keeping RIAA as a customer and loosing several other customers or simply dumping RIAA will find that the choice that makes more business sense is dumping RIAA.
- Eventually, RIAA and it's associates will become persona non grata to most ISPs (as in, they choose to not take RIAA's business).
The nice thing about it is that it's all absolutelly legit:
- Each individual user chooses to accept an autometed cut of contact with those networks that provide access to filesharing scanning. Everyone is in their right to do so.
- ISPs choose to not sell their services to RIAA. It is their right to do so.
Now, this whole theory has some holes in it, and a couple of weak points (not to mention no solutions for the technical problem) - still, a distributed, voluntary system that makes it bad business for ISPs to provide access for companies that do filesharing scanning would leverage the power of those "hundreds of millions of users" of the filesharing apps.
Comments please
Re:This isn't surprising. . . (Score:1, Interesting)
If they change the law on that as well, no new music can be written, as you'd be violating copyright by playing even one note.
A Plan for RIAA (Score:3, Interesting)
What Kazaa Lite has now is equivalent to blacklists of spammers and spammers domains. We have already determined this strategy alone won't solve the problem.
The next logical step is to combine the lists with a distributed statistical filter capable of identifying RIAA hosts by search pattern and IP pattern. Since it is happening in a connected network, each peer filter can then broadcast its guesses and receive other peers guesses. Locally you can build a trust list based upon the likehood of search comming from a RIAA host.
Obviously this have problems.
One problem is the lack of significant search samples to make decisions. We would have to see an implementation to discover if it is mathematically feasible.
RIAA can also start trying to close down sharers by broadcasting their IP as "riaa-like" from a great number of peers. The way to avoid this is having all peers checking "the evidence". If the sharing IP and its searches do not match RIAA pattern, the call is probably bogus and those IPs broadcasting it are probably RIAA's. Backfire on them...
Another danger is RIAA using a range of IPs large enough to endanger the network connectivity. This is probably too expensive, but RIAA is probably too rich too.
Anyway, my point is that since the data is there (RIAA is searching the networks for the sharers), one can always analyse this data and try to extract as much information as possible from it.
Re:Kazaa K++ is an excellent program (Score:2, Interesting)
This is not the problem : I was just telling I can't rely on Ad Aware regarding the spywares detection/eradication ; if it can't detect what caused the install, then it obviously only works on a punctual basis and not as a permanent protection.
Now, what if K++ is a sleeping-spyware ?
Re:This isn't surprising. . . (Score:2, Interesting)
I'd argue that P2P file-sharing changes this, as downloaders may be just as involved as suppliers and the distinction between supplier and downloader is blurred anyway.
I also see the downloader as "deserving" to be more liable than the supplier in a p2p piracy situation. The clear, deliberate role of supplier as pirate (although generally still real) isn't what it used to be. (For example, your traditional boot-legger produced copies, often at considerable expense of effort. Your p2p supplier just puts the file where someone else can make a copy.)
Keep in mind that your local library makes copyrighted works (often including digital recordings of music on CD) available such that anyone could copy them. They ask patrons not to violate copyright law, but the don't prevent it. It's not exactly the same thing, but it's a better comparison than traditional bootlegging.
Cutting off your nose... (Score:3, Interesting)
K++ is touting as a major feature being able to block law enforcement's (you think the RIAA won't play it as their lawyers attempting to do the work of the police?) attempts to crack down on its illegitimate (yes, yes, I know everyone thinks it's legitimate but the law doesn't) uses.
Surely they've just handed the RIAA a victory? They've said, "We've been sneaking in by claiming we have legitimate uses, trading all types of file - and now we've proved that our real purpose was piracy all along."
Yay. In one step, you've got 15% of users back for the couple of months before the policy offers the RIAA all the justification they need to shut you down entirely.
Re:K++ edition (Score:5, Interesting)
What this article says is not entirely true. While the leechers do not harm or take anything away from me, they do take bandwidth away from the people who are not leeching. And I do not have infinite bandwidth, because even if I left my computer on 24/7, more people will que up and try to upload than I ever could upload to.
Since I cannot upload to everybody, it is in my best interests to upload to the people who share. Because the people who share are the only one who will actually make the network grow. Also, when they share a file they uploaded from me, it also makes that file more available on the network and takes a little bit of the load off myself.
So there are practical reasons to kick freeloaders , besides just the moral ones. If I truly had infinite bandwidth (I interpet that as enough bandwidth to send my files to everyone who wants them, regardless of them sharing or not), then maybe I wouldn't care about freeloaders. But since I don't, I will continue to block leechers from uploading from me.
Re:Still isn't available for Linux though... (Score:2, Interesting)
Re:Freenet: far from ready! (Score:3, Interesting)
Freenet [freenetproject.org] is pretty much as searchable as the Internet; if you know the address of Freesites, you can rig a search engine to index them, in fact there are already several such.
However, most people on Freenet use FROST [sourceforge.net], which bears a strong resemblance to Usenet, to share files, and it is searchable, and provides multiple discussion forums as well.
There is one other distinction; The more people interested in a file on freenet, the more it propagates; the more it propagates, the faster it will download. A fairly popular file will download at your bandwidth limit.
If you haven't used freenet for a while, like maybe since build 0.3 or early 0.4, you should really try it now, very, very stable.
Do the EULA (Score:5, Interesting)
I don't belong to any organization related to RIAA.... I won't use any information obtained from the use of this program, or the study of the way this programs works, to sue others users of this or related program... I don't suck
And then require, from some point in the near future, that everyuser of kazaa has accepted this EULA
IANAL, and I don't know how an EULA like this would stand in a court, but should work for a time at least.
In the worst case, if the EULA doesn't stand in a court, it would provide a good case against crazy EULA's
It's a win-win!!
buddy system (Score:2, Interesting)
What about a system where you sign in and the server assigns you a buddy. You submit a search which goes to your buddy who then executes the search and sends you the results. If you download something it actually goes through your buddy first and then to you. If your buddy gets a search request, he actually queries your files and sends a response. If you don't get a response from a budyy in a reasonable amount of time, you send a message out requesting a new buddy.
I know it would be less efficient but wouldn't it make it much more difficult to trace an individual user?
Darcy
Re:!!!WARNING!!! New Kazaa-Lite turns file sharing (Score:4, Interesting)
I'm sure you're just using it to put up scans of your art work you've put in the public domain, get the latest linux, and share open source PHP scripts.
Right?
You're not trading music, warez, and other stuff you don't have legal rights to.
Right?
trust and reputation management (Score:5, Interesting)
How do you know which IP's to blacklist? How do you know that the file you're downloading isn't a trojan?
I don't think the answer is in a centralized database of 'evil-doers'. That's an arms race that can eventually get everybody censored. Especially with dynamic IPs.
What needs to happen is you have to earn a reputation before you end up in those search results. You do this by people vouching for the quality of your files and not being a mole. Trust is gained by WHO vouches for that person and their metric of trustworthyness.
There should also be an option to restrict access to a given file to those within your web of trust so when the death squads in your country are looking to kill people serving up books about democracy, they can't just do a search real quick.
After we achieve a trust framework. I believe the next step will be dealing with traffic analysis. However, I'll rant about that when the time comes.
Filetopia has had IP-stealthing for a while (Score:1, Interesting)
Re:This isn't surprising. . . (Score:3, Interesting)
The thing is, a sampled piece of music is governed my completely different laws. There was a band called "The Verve" who put together a song which sampled a symphonic recording of an old Stones tune. They lost 100% of the song's profits in the ensuing lawsuit. Nothing to do with attribution.
The music business has been about trying to own everything about the music for a long time. This whole mess is to nail down whether or not they will succeed.
Re:This isn't surprising. . . (Score:3, Interesting)
But if they got permission to do something, and you did not, they should be permitted to do it and you should not (so long as it is not a right of yours).
An analogy would be saying, "If the FBI lets their 'big guy agents' in to the heart of FBI headquarters, then I should be permitted in there too." In the world, there are many who hold rights to many things, and they possess the authority to grant permission for certain accesses or uses to these things. Simply because permission has been given to another person doesn't mean that permission should also be given to you, and even if that were fair, that doesn't make it required or "right."
" In the real world, legal has nothing to do with what is fundamentally 'right' and 'wrong'."
I'm not sure what your basis of right and wrong are in this regard (which I assume for you is either ethics or morality), but traditionally these are defined in one of several ways: what society deems as "right and wrong," what the law deems as "right and wrong," and what religion deems as "right and wrong."
Society's view of this is usually based quite strongly on the law unless there is a moral conflict (born out of religion) with the law (and thus society's view is also strongly based on religion). The law is what it is (which has been based mostly on society, which in turn has been based strongly on religion). And religion is finally based on a "higher authority," and has little basis from society or the law (at least in modern times, particularly as a divide between religion and societal definitions of these terms opens up).
Most religions I'm familiar with say that short of a moral conflict with the law, the law lays down guidelines within religion (eg, the Bible doesn't ever say to not speed, yet it's still morally wrong to do so because of the law to this effect, in this case because the Bible commands you to respect those who are placed in authority positions over you, and do what they say so long as it doesn't conflict with the Bible).
Because I'm unaware of any religions with built in views on Copyright, I have to say that as far as Copyright is concerned, "right and wrong" are defined by the law, and nothing else. Thus if the law says you cannot break copyright, then breaking copyright is "wrong." And also thus, in the real world, "legal" has an awful lot to do with what is fundamentally "right and wrong." At least when it comes to Copyright.
Re:You don't have to give them an IP... (Score:3, Interesting)
Wouldn't that be entrapment or something? If the copyright holder is essentially giving away their own material on a P2P network, could they sue you for accessing it?
And would that be more like (a) putting your possessions out on the street and then trying to press burglary charges, or (b) leaving your front door open and sniping people when they come in to take your stuff?
Re:umm (Score:3, Interesting)