This is How We Catch You Downloading 308
marto writes "All over Europe thousands of people are being threatened with court action for allegedly sharing games like Dream Pinball 3D on P2P networks. Now, documents obtained by TorrentFreak show details of the anti-piracy company's techniques for identifying alleged file-sharers on the internet and the gathering of claimed 'forensic quality' evidence for use in court cases."
Just a minute, but (Score:2, Informative)
IANAL, but I don't think they'd get far in a Belgian court, with evidence that is not collected by police services or by a judicial expert appointed to collect that evidence.
I think legislation in other European countries doesn't differ much from ours. You just don't step up to a judge saying "here's the IP address of the guy that did this or that last week, please have the cops find out who it is and sentence him, will ya?"
So either the lawsuits are fake (which makes it extorsion), or the whole story is.
Re:Automated lawsuits (Score:3, Informative)
Re:Not that foolproof (Score:4, Informative)
I don't think the safe harbor provisions of the dmca would apply to you. The majority of ISPs' AUPs forbid "re-sharing" or re-selling of a subscriber's internet connection. You are a customer, not an ISP.
If you have an account with an ISP that permits you to re-sell the internet access, then you could claim safe harbor. Indeed, the riaa would be left sending you letters for ip-to-user translations.
Try finding a small local ISP and work with them to get re-sellable internet access. Maybe try the neighborhood wireless angle or free hotspot connectivity.
Re:Just a thought (Score:3, Informative)
2; Since these are civil suits, most likely with a "preponderance of the evidence" standard, your claim won't hold enough water. So what if there was a possibility of an open connection: is there any proof that someone else actually used it? If the sum total of the evidence better supports their story than yours, you lose.
IMHO, if you want to genuinely protect yourself, you'll start logging your wide-open router's MAC address connections, and keep them for as long as you can -- six years if you can manage it. (A lawyer in your state could tell you the precise statute of limitations in your hypothetical case.)
OTOH, if you want to break the law, you should be "browsing anonymously" with a proxy server and a "privacy" enabled P2P system.
Re:Not that foolproof (Score:2, Informative)
Re:Automated lawsuits (Score:4, Informative)
I served on a grand jury that saw several fraud cases that involved the use of ISP IP lease records, and the employees that testified were very knowledgeable and diligent. That's not to say that they would be in every case, of course, but what direct experience I do have suggests that your concerns are misplaced.
Re:Industrial fascism (Score:1, Informative)
Re:Just a thought (Score:2, Informative)
The plural of medium is media.
Grrrr.
Good thing you can't block them (Score:5, Informative)
Re:Juicy bits pulled from server to prevent /.'ing (Score:2, Informative)
Re:Not that foolproof (Score:3, Informative)
While I am not a lawyer, I believe it would hinge on the legal definition of an ISP. If your upstream provider doesn't allow you to re-sell your internet access, it makes it pretty difficult to argue that you are an ISP.
From Comcast's AUP [comcast.net]
ix. resell the Service or otherwise make available to anyone outside the Premises the ability to use the Service (i.e. wi-fi, or other methods of networking), in whole or in part, directly or indirectly, or on a bundled or unbundled basis. The Service is for personal and non-commercial use only and you agree not to use the Service for operation as an Internet service provider or for any business enterprise or purpose, or as an end-point on a non-Comcast local area network or wide area network;
x. connect multiple computers behind the cable modem to set up a LAN (Local Area Network) that in any manner would result in a violation of the terms of this Policy or an applicable Service plan;
Note: that was just the first ISP's AUP I looked at.
Haven't read your ISP's AUP, have you?
Re:How? (Score:4, Informative)
Re:Not that foolproof (Score:3, Informative)
Sure.
But consider this: in Berlin, there's a free as in speech wireless mesh network with more than 200 nodes. They are all more or less connected to each other and happily pass data around. A lot of them offer internet access. There's a map [layereight.de] of the network you can look at. Now, even though this network is publicly known, freely accessible and run in a very large city with a virtually unlimited supply of people who are after doing bad stuff, as far as I know there has never been an incident so far (the network runs since about 3 years).
I know this does not invalidate your point in any way, because an incident could occur at any time. And a lot of people don't want to share their connection for the precise reasons you stated. But isn't it amazing still?
Re:Automated lawsuits (Score:3, Informative)
Yes, that's how discovery works in the US. It's not a bad system, actually. You might want to read up on it.
Re:How? (Score:5, Informative)
You can easily use a (open) proxy or similar to mask your HTTP traffic. But if you'd like to take it one step further, Relakks [relakks.com] (based out of Sweden - also accepts foreign users) uses VPN to route all packets from your machine out onto the Internets. You can check their legal FAQ to read about their restrictive policy regarding your personal information. It'd take a subpoena from the Swedish gov't to for them to hand out your originating IP address. This is rarely done - and as I understand it copyright violations are not considered "serious" enough.
Works like a charm and the performance drop is insignificant. You could easily saturate even a 100 Mbps link using this service.
Re:Automated lawsuits (Score:3, Informative)
The people who search the logs are quite competent. The log audit software we have takes a timestamp in any format accepted by strftime, which means that we can give it a timestamp with a timezone which is not ours (99% of the complaints) and it will automatically convert it to UTC, search the logs, then return the information in UTC, our TZ, and the TZ from the complaint (so that spot-checking is easy). If the complaint is recent enough, we also check current leases as a secondary check (most of the time, the complaints come in within a couple of days of the alleged infringement, and the owner hasn't changed). If it is the same, we check to see if the IP appeared anywhere else on the network (it could happen, due to a glitch or malicious behavior).
It's honestly pretty foolproof, from our end. Smart people wrote the software, smart people use the software, and the software itself is absurdly simple. We are confident in the answers we give, and in the people who give them. Whether or not they were legitimately asked for is not in our hands. You can thank the cartels and the DMCA for that.
Re:Good thing you can't block them (Score:4, Informative)
Re:Automated lawsuits (Score:3, Informative)
That ISP had like 4000 customers so we're not talking big time. As I left, we were rolling out aDSL service.
I know some of you think hacking a Linux box is impossible, but consider an id10t who uses BIND 4 for DNS well after BIND 8 had been out, old versions of apache, Microsoft FrontPage extensions for Linux, and a slew of other misconfigured, old software. Almost everything ran as nobody or root. If you hacked one service, everything else was probably running as the same user anyway.
Our logs were deleted several times. I wore many hats, but one of them was Windows sys admin. I was not allowed to fix/patch the billing database server. At the time, my servers were never hacked and the linux machines were often hacked. It was like being in the mirror universe.
Re:OMG, they track people by IP address? (Score:3, Informative)
The IP address is easily traceable to an ISP. The ISP knows who is doing this to you, but will not tell you because that information is "private". You can suggest that you send the logs to the ISP and would they contact their private, anonymous user and tell them to stop, but no ISP that I have ever encountered will do anything to help you.
Basically, you are screwed. Hope you change passwords often because brute force attacks will succeed
It is illegal to break into computers, but no local law enforcement agency will ever go after someone without "real" damages, probably thousands of dollars. The FBI will go after people, but only after $25,000 in provable damages. It is highly unlikely someone brute-forcing your password file is going to cause you $25,000 in damages. The FBI has a lot more manpower than local agencies for computer crimes, so you can pretty much figure that you have to account for $25,000 in damages before anything is going to happen.
Most ISPs are going to ignore crap like this from an infringed copyright holder because there is no way they can cause the ISP any trouble and sifting through logs costs time and money. The ones that do something are pretty much going to just send their customer a letter about a letter they got and that is the end of it.
You can be intimidated by this if you want, but the truth is you are pretty much anonymous with your privacy secured by your ISP. If your ISP gives you up, you are the account holder and it would seem this doesn't mean much - the account holder does not seem to be responsible for actions on the account. This means you can just say "wasn't me" and there isn't much they can do about it. If they want your computer for analysis, just have your lawyer say "no" before they take it. They really don't have any grounds for action because there is no evidence that you personally committed any of the deeds they are trying to sue over.
Re:Why isn't this a DMCA Violation? (Score:2, Informative)
http://www.shareaza.com/ [shareaza.com]