Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Communications Government Your Rights Online

Tech Specs Leaked For French Spyware 212

An anonymous reader writes "With the 'three strikes' law now in effect in France, the organization tasked with implementing it, Hadopi, has been working on technology specs for making the process work — and those specs have now leaked. It appears to involve client-side monitoring and controlling software, that would try to watch what you were doing online, and even warn you before you used any P2P protocol (must make Skype phone calls fun). It's hard to believe people will accept this kind of thing being installed on their computers, so I can't wait to see how Hadopi moves forward with it. It also appears to violate EU rules on privacy."
This discussion has been archived. No new comments can be posted.

Tech Specs Leaked For French Spyware

Comments Filter:
  • Not to worry (Score:5, Insightful)

    by elrous0 ( 869638 ) * on Thursday August 05, 2010 @11:11AM (#33151094)
    The government pinky-promised that they won't use this for anything other than enforcing this law. And you have their *word* on that.
    • Re:Not to worry (Score:5, Insightful)

      by mlts ( 1038732 ) * on Thursday August 05, 2010 @11:19AM (#33151180)

      Just wait until the blackhats get ahold of this and change the phone home site from the standard to the blackhat's servers. Voila, instant botnet that is illegal for a French citizen to remove. I'm sure the guys on Elbonia are just drooling over that they can do once they can poison an ISP's DNS to get command/control access to the machines.

      • Re: (Score:3, Insightful)

        by Buddy027 ( 1850014 )
        Why change it? Just add their own URL. It can still phone home so it looks like it still works. Even sending in false data.
        • Re: (Score:3, Interesting)

          by mlts ( 1038732 ) *

          Perfect way to frame someone too... just fake "OMG, this guy is P2P-ing copyrighted stuff" a few times, and now the roomie or whomever owns that computer is banned from any access to the Internet.

          I'm sure someone will make an easy to use app or website to visit on a mark's computer just to trip this software.

    • Re: (Score:3, Insightful)

      by HungryHobo ( 1314109 )

      The internet seems to be going down the shitter now that all the politicians kids are using it and those in power have started thinking internet==facebook.

      So what's the next communication medium that the government has so little understanding of that they don't even think about regulating it?

      Darknets are halfway there but they'll probably be outlawed in a few years.

    • by gandhi_2 ( 1108023 ) on Thursday August 05, 2010 @11:35AM (#33151402) Homepage

      Liberté, égalité, fraternité, and pervasivé monitoré.

    • Re: (Score:3, Interesting)

      by jittles ( 1613415 )
      No of course not! They'll pay a 3rd party to collect all the juicy data and then they'll buy it back from them! Therefore THEY didn't use the data for anything other than enforcing the law.
    • I'll agree to record everything everyone does. As long as it monitors _everything_ that _everyone_ does. Especially corporations and governments.
  • Woot (Score:5, Funny)

    by Anonymous Coward on Thursday August 05, 2010 @11:12AM (#33151110)
    Oh, nice! Can I have the Linux version?
    • Re:Woot (Score:5, Insightful)

      by kipd ( 1593207 ) on Thursday August 05, 2010 @11:19AM (#33151176)
      They came first for the Windows-users, and I didn't speak up because I didn't use Windows...
    • I'm (sadly) sure that they're working on it...

      Not so sure they need to have client-side stuff, tho', deep packet inspection techniques seem to have evolved enough for people to see what you're downloading; torrenting a distro, OK, a film not.
      Wonder if they can automate this (identifying 'illegal' content)? Otherwise would seem to be difficult to massively deploy...

      • > Wonder if they can automate this (identifying 'illegal' content)?

        Of course. Anything not identified by an authorized publisher as legal is illegal.

    • Yes you can : the tech specs say that the software should be open source and work on any OS
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Oh, nice! Can I have the Linux version?

      No, Linux is now illegal because it can't be monitored by this software.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      This is for France... but of course they will insist on using Wine.

    • Re: (Score:3, Insightful)

      by cpghost ( 719344 )
      Which one do you prefer? qt-hadopi, gtk-hadopi, ... or just that plain old fashioned nvidia/ati binary blob driver for your graphics adapter?
    • Perhaps only in Mandriva?
    • Preferably open sourced.

    • Oh, nice! Can I have the Linux version?

      Who knows, it might run on Wine.

    • I'm sure you meant there won't be a Linux version meaning Linux will be made illegal or Linux will become the most popular OS because you are free. I give it less than 6 months before they are talking DPI instead.

    • by Balinares ( 316703 ) on Thursday August 05, 2010 @01:13PM (#33152638)

      Page 15, under "key objectives": "integration in any environment, including free software".

      I'm curious to see how they intend to make that work out. :P

      • Re: (Score:3, Informative)

        by John Hasler ( 414242 )

        > I'm curious to see how they intend to make that work out.

        By making it not incompatible with Firefox.

  • by Anonymous Coward on Thursday August 05, 2010 @11:13AM (#33151116)

    What are they going to do? Fucking outlaw Mac OS X, Linux and all the other non-Microsoft operating systems?

    Funny fact: in french it's called système d'exploitation. Maybe that's why they want such software. To exploit you and your computer.

    • France is the only country on the planet that has actual SCUBA Police to wander around underwater and make sure you have your "Diving License".

      http://www.scubaboard.com/forums/basic-scuba-discussions/300289-scuba-police.html [scubaboard.com]

      • Re: (Score:3, Informative)

        by Anonymous Coward

        France was also the country where scuba diving took off first in the general public (it used to be strictly military). The patent for the demand regulator was from Cousteau (ze one ;) & Gagnan, the World Underwater Federation (http://www.cmas.org/) has a French acronym because it was founded by the same gang that made scuba diving popular in France.

        And at the time, the equipment was nowhere near as good as today. And the experience was lacking, or limited to very fit young military guys... so not immedi

    • Re: (Score:2, Funny)

      Maybe this is just a clever, french way to kill off Windows usage in France.

    • how many people will pirate windows just to run this?

    • by Hatta ( 162192 )

      What are they going to do? Fucking outlaw Mac OS X, Linux and all the other non-Microsoft operating systems?

      Yes, probably. Why wouldn't they?

    • Re: (Score:3, Interesting)

      by h00manist ( 800926 )

      What are they going to do? Fucking outlaw Mac OS X, Linux and all the other non-Microsoft operating systems?

      They wouldn't outlaw them, just buraucratize it and wash their hands. "You can run Linux, MacOS, any OS you want, you just have to run this software on it. It is win32 software. You are free to choose your own OS but must resolve technical problems arising from these choices. " Polite, diplomatic, bureaucratic way of saying "fuck you".

  • Doesn't Windows have built-in monitoring, or are non-US government entities not allowable parties to contract services for it?
    • From what I've read Windows *may* have backdoors for NSA, etc.That's different from monitoring in the sense here, in that Windows doesn't appear to phone home, it just allows NSA &c to break in when they need to. Assuming that functionality is really present. Given that FBI doesn't seem to have access (you'd think it would turn up in court records and discovery) presumably the backdoor is for very rarefied purposes.

      • ...Windows doesn't appear to phone home, it just allows NSA &c to break in when they need to.

        So how does that set NSA apart from anybody else?

        • NSA has the key to the backdoor and we don't. Or maybe I'm not getting your question.

          • NSA has the key to the backdoor and we don't. Or maybe I'm not getting your question.

            Another less subtle try: So NSA can break into Windows at will. How does this set them apart from everybody else?

            • Ha ha ha. I needed the extra nudge. I guess what I'm saying in that light is that MS isn't going to someday patch that hole.

  • I don't see why they don't just put in some sort of sniffer at ISP switches. Like the Carnivore/Omnivore things.
    • > I don't see why they don't just put in some sort of sniffer at ISP switches.

      I'm sure they already have that, but it's reserved for more important uses.

      • > I don't see why they don't just put in some sort of sniffer at ISP switches.

        I'm sure they already have that, but it's reserved for more important uses.

        Could be. The ISP filters remain as a lesser-used, real-crime and spy snooping, while the clientside "snooping" serves mostly as a false-door for criminals to believe they can foil and be anon, also satisfies the anti-p2p industry people.

    • Exactly. It's got to be much less of a PITA to get the ISPs to roll over for them instead of deploying known snoopware client-side.
  • by AnonymousClown ( 1788472 ) on Thursday August 05, 2010 @11:21AM (#33151218)
    All of have to do just install anti-spyware software - no need to even run it - and the French spyware immediately uninstalls itself without me having to do anything.
  • Yes, I'm sure the software magically divines whether or not an arbitrary communication channel is being used for a peer-to-peer or client-server protocol. Maybe it uses an oracle to determine what protocol is being used on the channel and consults Wikipedia automatically to determine whether or not it's peer-to-peer.

    Or just maybe the software detects a collection of known protocols, and Skype calls would only generate a warning if Skype was intentionally targeted by the software. In this case, you're just e

  • ...from my cold, dead fingers.
    • Re: (Score:3, Informative)

      by daveime ( 1253762 )

      Not to worry, once you install anything else, it won't be a pristine Linux install anyway.

      pristine/pristn/Adjective
      1. In its original condition; unspoiled.
      2. Clean and fresh as if new; spotless.

  • by Dyinobal ( 1427207 ) on Thursday August 05, 2010 @11:24AM (#33151258)
    Looking over the spec I can't honestly think that the French are dumb enough to think something like this could work, the scope is to broad, and software solutions are silly easy to bypass.
    • Re: (Score:3, Informative)

      They're pretty naive. For instance, they call ANY USB dongle, be it memory stick, Bluetooth dongle, HASP key, HSDPA/3G modem, a "key" (clé). They're also pretty much in the same shelf in their retail stores (FNAC/Darty). I've been living in France since January so I've had enough time to observe them. Their lack of interest for all things IT is troubling. Sure, they do have an elite, but the overall apetite for technology is surprisingly low. Must be the wine, I guess :)
    • It doesn't matter that it's impossible. Someone got paid to do it. The judge said the gov't must hire someone to do it, so they did, and thus passed the hot potato. Everyone gets to say "I did my job." and kee their pay. Yet the job doesn't get done.
  • by bugs2squash ( 1132591 ) on Thursday August 05, 2010 @11:26AM (#33151300)
    The whole suggestion of enforcing this client-side is so idiotic that I'm inclined to believe that there will be ISP-side enforcement and that in fact the client is only there to warn the user.
  • by Drakkenmensch ( 1255800 ) on Thursday August 05, 2010 @11:32AM (#33151364)
    Except my mom is more open and understanding about the porn.
  • Why did they develop a solution that has to be installed on the part of the infrastructure they have the least control of and that has the biggest diversity?

    How will they roll this out? Forced install? For every OS? Including the OS on my media box with its crappy bittorrent client? And since the software physically runs inside the homes of people, that could open up a ton of legal troubles. What's so hard about making a law that forces ISP's to install monitoring software?

    Somehow I'm happy that this seems

    • > What's so hard about making a law that forces ISP's to install monitoring software?

      I expect that is what they are going to do: make a law that forces ISPs to install monitoring software on their customer's machines.

      • Actually no (Score:4, Informative)

        by Nicolas MONNET ( 4727 ) <nicoaltiva@gmail.c3.14om minus pi> on Thursday August 05, 2010 @03:10PM (#33154182) Journal

        This as yet non-existent, and obviously impossible piece of software will merely be the only way to disculpate oneself from accusations illegal warezing. Since it obviously reverses the burden of proof, it's unlikely to stand up to legal scrutiny whem it reaches a high court.

        Note that, not only are the technical specs moronic, but they also are self defeating. For instance they want a FLOSS compatible version. Well, guess what, my Linux kernel license allows me to change it so that it will hide whatever I want from a given process. This is typically done by rootkits that hide their processes/files/modules from the rest of the system, but it should be quite easy to implement for the good guys.

        In any case, as had been pointed out during the debates in parliament, you just need to do your downloading on a separate box, and not tell anyone about it. Sarkonazy's lapdog's response? "people onlh have one computer" - I shit. You. Not.

        I keep a very expensive bottle of Champagne at all times in my fridge, just in case something humiliating and/or painful happens to the diminutive fascist son of a bitch. And if the fucker dies before the next election, I swear I'm ordering 12 case of Dom Pe to give away in the street.

  • Wow. This is just sensational. It seems unworkable and may even result in some interesting legal responses from users and businesses when that software is blamed for system instability and data loss. My guess is that this software won't be required until after the first or second strike... yeah, I can't read the full referenced links... one is slashdotted already and the other is scant on details. Otherwise, I would guess that if they hope for any of this to work, they would make a tiny router/bridge bo

    • Re: (Score:3, Interesting)

      by jimicus ( 737525 )

      You assume it's the copyright industry. For years, any form of encryption was illegal in France and that had much more to do with government paranoia than anything else.

      Heck, at one point my employer had a VPN tunnel to a subsidiary in France and I established beyond any doubt that the encrypted (no I am not losing my mind, I asked a respected colleague) traffic was being eavesdropped as a very select subset of this traffic was not making it across the tunnel - yet made it quite happily across another tun

  • And I sure as hell won't allow them to install any of that stuff here.

    What are they going to do if I refuse? Throw me in jail? Fine me? We'll see how far this "land of the human rights" will take this farce.

    To quote Mass Hysteria "Liberté, égalité, fraternité. Trois mensonges dans une phrase, ça fait quand même un peu pitié."

  • I get a phone from the Netherlands, where there are no problems with downloads. I connect to the internet through this phone, while in France (I assume it costs a lot, but whatever). What laws am I supposed to obey?

    • by jimicus ( 737525 )

      I get a phone from the Netherlands, where there are no problems with downloads. I connect to the internet through this phone, while in France (I assume it costs a lot, but whatever). What laws am I supposed to obey?

      Well, the government could compel the cell provider to block internet connections for roaming clients.

  • Does this count as strike one because the Frogs thought they could get away with it,
    or does it count as strike two because they thought they could get away with it and got caught,
    or does it constitute strike three because they thought they could get away with it, got caught, and were dumb enough to think such a lame idea would work?
  • So, the whole thing depends on forcing everybody to install spyware on their machine which will monitor their activity and report on it?

    From a security stand point,it's obviously going to be doing much of the same stuff as malware; and from getting people to actually install this, I just can't see this working at all, who is going to voluntarily install this crap?

    What happen when someone refuses to install this, or, the operating system they run does support it? Will they outlaw Linux? This is why you can

  • Like in the days of yore, you French had better consider using this against the politicians again before they trap you worse than last time. You did good last time. Time to put the fear of the people back in your leaders, they have apparently forgotten their lesson.

    • Like in the days of yore, you French had better consider using this against the politicians...

      The citizens didn't use it against the politicians. The politicians used it against each other.

  • It's clear this is a SNEP (RIAA equivalent in France) move to "bolster" the music export business (France is a big music/media exporter along with India and USA), and dovetails nicely with the plans of Président Sarkozy (previously Minister of the Interior, in effect head of national security) to make France even more of a nanny and police state.

    So much for liberté... we still have egalité and fraternité (until further notice)

    • Re: (Score:3, Insightful)

      by John Hasler ( 414242 )

      > So much for liberté... we still have egalité and fraternité (until further notice)

      Unless you are Roma.

  • by McTickles ( 1812316 ) on Thursday August 05, 2010 @11:44AM (#33151520)
    In France your ISP (well 99% of them) provide you with a preconfigured modem/routeur that they call a "box". This box handles IPTV and VoIP too. IPTV and VoIP depends on specs often known only to the ISP and therefore it is hard to find a compatible modem/routeur of your own, forcing you to use the ISP's if you want to use VoIP and IPTV (which is actually forced upon you as part of most ISP's basic package, it is difficult to get a truly IP-only connection here for a reasonable price, IP+VoIP+IPTV is actually cheaper than just IP) The long term plan is for all ISPs to agree on some basic standards for their "box" and the filtering software/spyware would be implemented on the "box" thus making it "unavoidable". Most people won't notice (don't get me started on how completely technically illiterate people are even allowed to connect to the network) the firmware update (they already don't as it is and most rely on basic out of the box settings) and blacklist updates and so on. Thank you ISPs who catter to technical morons and thanks to the french government for basically planning to introduce a mandatory in-your-home wiretap for everyone, guilty or not.
  • Forgive my ignorance (hey, I'm not French), but can someone explain how this works? If it's client-side monitoring software then it means users have to install it themselves, the government cannot force people to use this. Is it just a utility program that companies can deploy on to their own computers as a means of auditing their own computers? If so, that's perfectly fine and no different to software from the BSA and others that audits product keys. We need more information.
    • As far as I remember, having the software installed was supposed to exonerate you from charges in case you were accused of piracy. Apparently someone since told them about 'kill -9' because last I heard they'd given up on the client-side software as proof of innocence idea. I have no idea were those specs come from, if they discreetly revived the project or if that's an old set of specs that has since been abandoned.

  • Does this count as strike one because the French (I fart in your general direction) thought they could get away with it,
    or does this count as strike two because they thought they could get away with it and got caught,
    or does it count as strike three because they thought they could nget away with it, got caught, and were lame enough to think that it would work?
  • Just mail Andrew
  • Looks like Green Dam found another source of funding!

  • by riskeetee ( 1039912 ) on Thursday August 05, 2010 @11:58AM (#33151630)
    It surrenders itself immediately!
  • Will this run on an iPhone or will they have to jailbreak it for me to run it?

  • You know, with all of this filtering and monitoring and restricting going on that those in charge seem to want, I've got a better idea: Just outlaw and unplug the entire freaking Internet. That's the way things seem to be going anyway.

    [Ploinks cable from the wall]

    NO CARRIER

  • Until someone finds GPL code in it?

    Hadopi (which, we should remind you, was caught infringing itself in using a font it did not license for its logo)

    Joking aside, why not just make a federal sysadmin to block users from doing anything useful with their computers?

  • Spoof this thing so that it only reports what you want it to report, and you'll have deniability in case they ever come after you for something. If it goes to court the prosecution will look like clueless idiots as they try to reconcile mismatched data.

  • We Joke, but... (Score:4, Insightful)

    by carp3_noct3m ( 1185697 ) <slashdot&warriors-shade,net> on Thursday August 05, 2010 @12:28PM (#33152004)

    You know we around /. like to joke about things like encryption and the year of the linux desktop, but the more intrusive governments get, the more I see the internet as a whole routing around this damage and increasing both the use of *nix based systems and encryption. Imagine facebook levels of popularity but with encryption, privacy, and control as primary factors of computing for the masses. Because, in the end, its either that or we might as well just start walking around naked because we have "nothing to hide".

    • Re: (Score:3, Interesting)

      by LambdaWolf ( 1561517 )

      Imagine facebook levels of popularity but with encryption, privacy, and control as primary factors of computing for the masses.

      As I understand it, this is essentially what the Diaspora project [joindiaspora.com] is trying to do. Hopefully they'll succeed. (And maybe smooth out some of those concerns that the name is inappropriate.)

    • Don't be naive. If encryption approached "Facebook levels of popularity", governments who want to monitor your traffic will simply make encryption illegal. Look at what's happening right now with Blackberry in the U.A.E.
      • Re: (Score:2, Insightful)

        by John Hasler ( 414242 )

        If encryption approached "Facebook levels of popularity", governments who want to monitor your traffic will simply make encryption illegal.

        If encryption approached "Facebook levels of popularity" it would be far too late for most governments to outlaw it.

      • Re: (Score:3, Informative)

        by Raenex ( 947668 )

        If encryption approached "Facebook levels of popularity", governments who want to monitor your traffic will simply make encryption illegal.

        At one point, encryption used to be illegal in France: http://www.theregister.co.uk/1999/01/15/france_to_end_severe_encryption/ [theregister.co.uk]

    • by Hatta ( 162192 )

      If the government forces you to install a rootkit as a requirement for internet access all the encryption in the world won't help you.

    • Because, in the end, its either that or we might as well just start walking around naked because we have "nothing to hide".

      Oh gosh, why do you always have to give me the hard choices?

  • Wouldn't they have better luck getting the french ISPs to roll over for them instead of deploying known snoopware client-side?
  • To point out the obvious flaw here:

    If it's client side how are they going to get it installed? Keep it installed?

    Even if they mandate that all computers sold must have it preinstalled it won't matter. It's trivial to remove.; just reinstall the OS. What about people who build their own? People who buy in other countries? People who run other operating systems?

    This is just nonsensical. It can't possibly work. I can't believe no one pointed out that the emperor has no clothes.

  • There are two outcomes (long term) that I see for the internet and computing for the masses. Those are, wither we basically give up all control, and walk around figuratively naked, or we, the geeks, must actively start promoting things such as encryption and OSS (*nix) as a standard for even non geeks. Imagine facebook level popularity of encryption, privacy, and control of computing systems. The catch is that as the geeks started the internet, politicians like to think they own it (or their portions of it)

  • Uh, I thought they'd given up on that idea when it turned out to be absurdly impractical? (Their idea was that you could opt to install some magic software, whose purpose would be to 'prove' your innocence if wrongly accused of piracy. How that was supposed to work out was never clarified.)

    Did they change their minds again? Just how old are the specs in question? Anyone?

  • Should work REAL well with LiveCD OSes.

  • The major issue is that the politics have no idea what this is about, what they're talking about and have no will to figure it out.

    The people behind the 3 strikes law stated publicly that they don't know what P2P is and that they don't care, they can "still do their work properly without knowing".

    They also said that "when you have openoffice, you have a firewall" and a few other things of the same level.

    The problem is that they push such stuff blindly trusting the lobbies and a few powerful people (who know

    • In the first elections after the damn law was passed (regionales), they got disastrous results for the below 30 demo. Sarkonazy met with UMP MPs to discuss the bad results, and according to insiders they were freaked out and complained that his pet project had cost them the young vote for good. In an unpublished poll they found out that they had lost something close to half the young voters. Now those are not the most reliable voters, but Naboléon's core demographics of Alzheimer patients, racist deranged grannies and Vichy nostalgists has one redeeming quality: they're more likely to be rotting in hell than to be getting a hard on at the fucker's newest racist gimmick while dropping their bulletin in the ballot box.

      For reference, in the 2007 election, the son of a bitch got 53% of the votes; but his opponent got 53% of the below 65 demo, he just got 65% of the geriatrics! Thankfully, many of those scumbags will have expired next time.

  • We all know how well that went... this doesn't sound too different. Basically same purpose, client-side, government initiated. Just the exact focus is different. What a waste of money and effort.
  • How hard would it be to create software that acts like it's the government spyware but "translates" all traffic reports into something innocent. For instance; you download the latest movie, the fake spyware reports you downloaded yet another Linux distro.

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.

Working...