Surveillance on Peer-to-Peer Networks 115
n7lyg writes "Salon has an article by Janelle Brown that asks (and answers) the question 'Who is spying on your downloads?' It discusses the use of various P2P tracking tools by RIAA and IFPI and others to monitor file trading on both Napster and Gnutella networks. Freenet seems to be more or less immune to this sort of monitoring at the present time, due to the distributing the files throughout the network. More big brother tactics..."
Re:Then use an RFC1918 address. (Score:1)
Hello, I'm a typical Slashdot poster (Score:3)
I am a nerd. Or at least, I *act* like a nerd. I am great at reading short snippets from some populist website and using them to form a complete and authoritative opinion. I have been known to stick to my guns even when it's clear I fire blanks.
I dislike commercialism and banner advertising. But I like Slashdot. I believe Slashdot's operation is far more than browsing other news sites and copy-pasting a few notes.
One day, I'm going to leave my parents' place, or my little student dig, and drive topless cars and spend time with topless chicks (without paying!).
I abhor hypocrisy, and believe in equality for minorities. But I _am_ better than everyone else!
Strange (Score:2)
Only in America...
more popular than you think... (Score:2)
--
Re:Two things (Score:2)
Re:Guerilla? (Score:1)
Yes, guerilla seems to perform downloads in a manner similar to the extensions I'm proposing for the gnutella network. The only problem is that there aren't very many people using it. My proposed extension to gnutella would be usable immediately, even if only a few people adopted it.
File Transfer Privacy Enhancement for Gnutellanet (Score:3)
I've been thinking about this for a while now.. gnutella search results currently contain the IP of the person with a match for the search request. But wouldn't it be great if there was a way to get the file back to the end user without revealing the posessor's IP address?
If one or more hosts between the file posessor and the requester supported a special extension whereby the search results were rewritten to traverse a HTTP proxy chain created on the fly, privacy would be improved. Furthermore, if those HTTP proxy chains supported caching, performance might be improved too.
Here's how it works:
Host X joins the network, connecting to host Y, which is connected to host Z. Host Y supports the new anonymous downloading feature. Host Z does not support the anonymous downloading feature.
Host A, which may or may not support anonymous downloading, connects to the gnutella network and searches for a document. The search request is broadcast to attached hosts B and C. Host C happens to be connected to host Z, which is connected to Y, and thus Z. Host X sees that it has received a search request for a document it has from host Y, and sends a routed message back through Y to the gnutellanet network. Host Y rewrites the search result to include its own IP address. It also makes an entry in a time-expired table and agrees to proxy the request to host X for anyone that asks. If for some reason Y can not agree to proxy the request (perhaps it is over its bandwidth cap) it will pass the search result unmodified to Z. When a request comes for that document, Y it will fetch it from X. Host Y hands off the rewritten packet to Z, which goes to C, B, and A. From host A's perspective, Y had the file, not Z. At Y's discression, Y will enter the file it got from X in its cache and also answer search requests matching it affirmatively.
Now the response is passed up the chain, eventually to host A. Host A requests the document from host Y, which proxies it to host X, which has the document. Who did the user get the document from? They think they got it from Y, but did they? No. They got it from X. Even if host Y leaves host X's IP in the response, how can we be sure host Y isn't just forwarding the request for someone else? Even when responding to requests that can be fulfilled locally, servers should insert a random delay. In fact, if such a system is in use, there is no reliable way to prove who you got a document from unless you can monitor the Internet connections between every site involved in the transaction.
Further complicating the matter might be the use of encryption and connection multiplexing between involved hosts. Hosts X and Y, for example, might communicate all information including proxied requests over a single encrypted channel. They might pass fodder on that channel when no transactions were in progress to reduce the effectiveness of traffic analysis.
One other great advantage is that caching could be employed to much improve download rates for popular files. Host Y, for example, could agree to keep around a few hundred megs of recently downloaded files. It then could respond to search requests for those files.
You installed it... (Score:2)
But software doesn't just automatically install on Windows desktops. Even with ActiveX controls you have to specifically authorize the download, and even then they are limited in where the files can be installed to. (hint: C:\Program Files is not one such location)
Steve Gibson at grc.com has warned about this in the past, along with others.
Seems rather simple... (Score:2)
Napster provides a index mechanism which makes it very easy for some entity to watch what users make available for download.
On top of that, by making downloads available yourself, you could easily monitor what people actually download.
I don't see how you can realistically get around this, at least not with Napster. Your either offering stuff for download, or you are downloading information yourself.
I suppose if you know who the trojan sites are offering Napster content, you can avoid downloading from them... But how could anyone know?
Frist line of defense (Score:1)
I'm an occasional Napster user. I mostly download tracks for old 70's and 80's music for which I own the vinyl records but that I didn't bring with me to the US. I also download current music not available in the US because the recordings are in Russian, French, Spanish, or some other foreign language.
I realized that tracking the IP address down was probably the next step by recording companies. What I do now (Napster and Gnutella) is simple: I don't share directories for longer than it takes me to download a track or two. I also purge my music directories periodically, moving the downloaded files to a non-public part of the disk. This reduces the risk of someone downloading files from my system, thus my IP address is less exposed.
Purging the public directories also has a nice side effect: Most of the time you can kill your Napster session without having to worry about "uploads in progress."
Before you start flaming: I make "music collections" available once per week by sharing additional directories for several hours over a dial-up IP independent of my high-speed connection. That way I can make some of those files available to others.
Comments?
EThen use an RFC1918 address. (Score:1)
Re:File Sharing Services and the WebHancer Connect (Score:1)
Screenshots ... (Score:2)
Here are some screenshots of one of the 'spy' progams. [7amnews.com]
--
Why pay for drugs when you can get Linux for free ?
Re:Good luck (Score:1)
Shirley there are better ways to show contempt for the RIAA. I can think of one that's been proclaimed: boycott all RIAA artist CDs. Don't buy them new, certainly, but further, don't buy them used either. Why not? Because at one point, those WERE new CDs, resold by somebody who knew that the option of reselling them was there. If people stop buying used RIAA-artist CDs, soon the used CD stores won't have a market for them and will no longer buy them, or (more likely) they'll get overstocked and won't buy any more. Granted, you're hurting the used CD stores this way, but IMO it's one of the few things an individual who isn't directly involved in the music industry can do in order to hurt the RIAA, at least in a morally-correct fashion.
Re:Good luck (Score:1)
OK, just so we're clear on that point.
I find "I know it's wrong, I'm doing it anyway" much more acceptable than "it isn't wrong! the riaa's ripping them off anyway!"
Incidentally, if most artists are not members of the RIAA, then how exactly does downloading their music without paying for it hurt the RIAA? It looks to me as if it's hurting the smaller artists more directly.
Re:Good luck (Score:2)
I nominate "anybody who doesn't have a computer but likes music anyway".
Right now, the RIAA is a devil the artists know. They might not LIKE the RIAA, but they know how it works and how to deal with it. Is replacing the RIAA wholesale, which is what you and most other advocates are talking about, really the best thing to do?
"I went into the business for the money, and the art grew out of it. If people are disillusioned by that remark, I can't help it. It's the truth." - Charlie Chaplin
Don't forget, musicians would like to make money. I'm sure most of them would perform for free if they could eat and live and have all the other amenities most people want, but that just doesn't happen without money in our society, so they're going to want to get paid. Some of them will want to get paid a lot. Does any musician deserve to get paid a lot? Why not? If people are willing to fork out money such that an individual or a group get paid a lot (see professional sports for another example) then of course they deserve the money.
Please, "busts" hardly need to be ineffective (Score:3)
Ok now what happens when you start providing substantial disincentives or risk? Much much less people will be willing to "contribute". For instance, if RIAA simply starts making a few well placed calls to the largest ISPs, causing the user to lose his connection in short order. Even if it's only for a few days, or even an hour or two, most users would find this absolutely unacceptable. Those that are most likely to setup a site like that, also tend to be the most attached to their "fast" connections. When the pirate is presented with a choice between providing goods to hundreds of people he doesn't even know and incurring risk in the process or merely leaching like everyone else, the choice is simple. Add to this mix permanent bans, public embarassement, potential legal action, etc etc, and you have even less reason to take the chance. Remember, they need not bust EVERY pirate that is out there, just enough to provide a credible threat. Also, remember that this approach wouldn't take much in the way of resources or money.
Now sure, there will still be SOME nuts out there that will persist for whatever reason, but those will be so small in comparison to the downloading public that their effect will be nominal. The point is that greed works against the pirates as much as it does against the industry. I fully believe the industry is capable of doing this and that it would be highly effective. Against just about any known P2P-like system (e.g., Napster, GNUTella, Scour, CuteMX, or whatever.)
This is a seperate subject, but I think you're completely underestimating the absolute importance in promotion and marketing on the part of the record labels. While marketing and promotion do not necessarily have to come from the industry, a simple website will not suffice. The odds are that the artist(s) will be competing for scarce eyeballs no matter what medium they're on. Scarcity, in turn, means it'll cost lots of moola. Who has lots of capital and is willing to risk it on music investments? The industry. One way or another, capital must be risked to gain a sufficiently large following. The backers will probably be the same industry that we know today, but, even if not, it doesn't really matter. The internet isn't some kind of magical pill to make all these concerns go away.
So (Score:1)
Re:could we.. (Score:2)
Don't get me wrong, I'm not a fan of the RIAA. But all they are doing is looking for people who are illegally making copyrighted works available to the public. If you want to create "junk" info for them, you could share a whole bunch of files with junk contents and suggestive names. But, if you do this, it not only confuses their software but other Napster users, which is a bit like burning the villiage in order to save it. In fact, I'm suprised that the RIAA hasn't hired consultants to start polluting the Napster and Gnutella services with junk files, broken links, and anything else they can think of to make the systems unreliable and hard to use. Anyway, my point is it's foolish to expect that you can offer an illegal service (not Napster in general, but the specific act of distributing copyrighted works without authorization) to an anonymous public and not have the "authorities" check up on you.
Re:Don't Worry... (Score:1)
Jethro
Re:Don't Worry... (Score:1)
Jethro
Don't Worry... (Score:5)
Whew... Don't worry about their spies... they don't even know the addresses can't go above 255... 8^)
Jethro
Re:You installed it... (Score:1)
Winamp, for instance. No thanks.
Hmmm - it sounds like you have never heard of a "custom" install...
Hint: the "default" install is idiot friendly. If you believe that you are not an idiot never perform a "default" install of any software on the winxx platform.
I'm sorry. (Score:2)
They are only finding out what your computer willingly offers them (and every other gnutella client)
Re:You installed it... (Score:1)
Optional security features in p2p clients (Score:4)
Blocks [mspencer.net] was an example of a filesharing client with too much security. It was well-designed and cross-platform, but required too many resources and too much security for...well, anybody except the most advanced users. It would be very difficult to find the IP number of someone sharing certain content on the Blocks network. It's also almost impossible to even find a file on the Blocks network.
Perhaps what we need is optional security. Some users are going to want to form a mixnet, and only directly communicate with trusted peers. Some people want encrypted disk caches, so if their computers are seized, it'll be impossible to tell exactly what they're sharing. Conversely, some people would like an easy way to tell whether content is copyright-protected and shouldn't be traded, without directly notifying anyone that they've come into contact with the content.
I've outlined some security concepts in a quick page I've put together: http://mspencer.net/fs [mspencer.net]. It's a work in progress, and is very long (22 KB and growing) with almost no index or table of contents. But if peer-to-peer filesharing is a topic you are enthusiastic and excited about, you'll find the page very interesting. (There are no ad banners at all on that page -- just text, except for my email address. I put my email address in a graphic, to spam-proof it.)
From the page:
Does all of this seem seedy? Do you think people will assume that anyone who participates in any of this extra security or identity protection is automatically a criminal? Remember that this is what computers do -- they take complicated things, and take the manual labor out of them. Sure, some of these methods may seem like seedy criminal behavior turned digital -- but this behavior is usually criminal in real life because it's so costly! It takes time and effort to route anonymous messages around -- take a 'layered' envelope out of the mailbox, unwrap only one envelope leaving (an envelope still inside, possibly with more envelopes inside that), and mail it out again. Pass things around by word-of-mouth only. Use aliases. In real life, these things are difficult to do and take time and effort...so it can be concluded that the people doing them probably need the extra security or protection. That is, they're probably doing something illegal, so the extra 'cost' is worth it. But this is digital -- these are computers we're talking about. It's very easy to let the computer stand out on the streetcorner for us. We're not peddling high-value illegal material -- many of us merely don't want certain advertising companies using our personal information to enhance their seedy business. This 'shifty behavior' becomes worthwhile at the half-penny-per-transaction level, because computers do all the work. Were it the real world, this same kind of 'shifty behavior' would only be justified at the tens-of-dollars-per-transaction level.
Such a system is possible, if enough motivated and excited people get together: adapt and borrow concepts from other projects. The other projects out there (MojoNation, Freenet, Blocks, ELF, and many more) have wonderful concepts and design, and they do a very good job of solving a particular problem with filesharing. But they don't solve all of the problems.
Perhaps if enough p2p project developers are inspired to bring their concepts together into one system, we'll finally rid our gift culture of these pesky intellectual property lawyers.
On a related note...I just thought of this really evil way to abuse three existing services (WWW, DNS, and Akamai proxying) to provide a kinda-anonymous web site:
1) Use an existing DNS zone to point an NS record for a subdomain to a special kind of DNS server. (Perhaps *.anon.mspencer.net)
2) Create a special DNS server (special software, or just firewalled) that is only allowed to hand out DNS query replies to Akamai servers.
3) Publish a URL:
http://a1.g.akamaitech.net/6/6/6/6/lmnop1.anon.
It would be impossible to get the true location of lmnop1.anon.mspencer.net unless Akamai servers were cooperating with you.
--Michael Spencer
(remove the first three letters from the email address above.)
Re:Good luck (Score:2)
And even worse, here's something I just read about recently. The NET Act [riaa.com] (No Electronic Theft) :
"The No Electronic Theft law (the NET Act) is significant because now sound recording infringements (including by digital means) can be criminally prosecuted even where no monetary profit or commercial gain is derived from the infringing activity. Punishment in such instances includes up to 3 years in prison and/or $250,000 fines. The NET Act also extends the criminal statute of limitations for copyright infringement from 3 to 5 years.
Additionally, the NET Act amended the definition of "commercial advantage or private financial gain" to include the receipt (or expectation of receipt) of anything of value, including receipt of other copyrighted works (as in MP3 trading). Punishment in such instances includes up to 5 years in prison and/or $250,000 fines. Individuals may also be civilly liable, regardless of whether the activity is for profit, for actual damages or lost profits, or for statutory damages up to $150,000 per work infringed."
Rader
Re:Good luck (Score:2)
Rader
Re:Freenet? (Score:1)
Which has been dead as a door nail for over a year now. For crying out loud, if you're going to troll, at least make it factual.
Re:centeralized vs. Non-centreralized networks (Score:1)
Good point.
A centralized server in a forigen country will get choked but at least you can get around the legalities.
Because they're not going to pay (Score:1)
Xix.
Re:The record industry *IS* targeting ISPs! (Score:1)
centeralized vs. Non-centreralized networks (Score:2)
That kind of makes me scared to get stuff off a decentralized network.
Re:Love this quote (Score:3)
Yes, the internet has made it easier for folks to get their music. Does this really help artists? I see how it could be a lot easier for an unknown band to get noticed, but how does it help them make money?
Here [projekt.com] is an excellent essay/letter form sam Rosenthal, the owner of Projekt records (an independent label) on how napster helps unknown bands.
Re:Spying on e-mail (Score:2)
//rdj
Re:could we.. (Score:2)
I guess the only defense would be lots of metallica.mp3 files that are not mp3 files... but again you will be confusing normal gnutella users too.
Freenet is probably the best defense.
-pos
The truth is more important than the facts.
Big Brother? Big Deal! (Score:1)
-----
Re:File Sharing Services and the WebHancer Connect (Score:2)
Re:Good luck (Score:1)
If the penalty for the first few examples the RIAA chooses to go after (stealing bits) exceeds the penalty that a first time drunk driver (putting other peoples lives in jeopardy) gets, then the message will come across to the public loud and clear, and they'll be mad as hell.
fuck yeah (Score:1)
I'll be the first ski mask wearing coder right on the front lines if file sharing is outlawed baby!
It's ridiculous to think they can even try. The nature of the net is to route around broken links, like napster. Bearshare, http://www.bearshare.com has over a million registered users now. Fuck the riaa, who needs em. We should all download the music we want and then mail a dollar to the artists whose albums you've downloaded. That's more $ than they would get from their record companies anyway.
http://www.hyperpoem.net
Unauthorized Search and Seizure of My IP Packets (Score:1)
According to written U.S. law all evidence obtained through an illegal search and seizure is in admissible in a court of law, which would make all evidence in the past trials null and void. In theory this should allow all rulings to be over turned all evidence uncovered without a valid warrant should never be allowed to see the light of a court room again. Also, both Napster and Gneutella can sue the RIAA for the invasion of privacy, hacking, intercepting communications, & trespassing on virtual private property.
Think this over and get back to me!
Re:could we.. (Score:2)
one mans junk
Possible Legal Solution? (Score:1)
Snooping your system = cracking your system.
It should be illegal for the RIAA, et. al., to snoop into your computer system because they are attempting to access a computer system that is not theirs. Any "evidence" gathered in an illegal way would be inadmissable in court, just as if a police officer gathered evidence without a warrant*. Of course, as soon as someone brings this up as a defence to their flood of lawsuits, you know that they'll be whinning to Congress to get an exception to that too.
* IANAL (but I did take some law classes) but I believe that only the police can conduct a search without a warrant on the basis of probable cause. An private individual or organization would be guilty of breaking and entering.
Re:But uploads are legal. Does the RIAA deny this? (Score:2)
Alternative usage of Freenet & others (Score:3)
The way I understand Freenet, you can request files based on some calculated key values (hopefully unique for a given file's contents) and it will be sent to you through the Freenet network in some fashion which makes it anonymous to all of the nodes inbetween.
The current main difficulty with Freenet was associating search requests with those key values.
So how about a combo solution? Use normal P2P techniques (and normal search engines for that matter) to return key values based on search criteria. Then use the key value to download the file from Freenet.
By decoupling the searching mechanism from the download mechanism, then you can have all kinds of ways of searching without compromising the robustness & security of the download network.
Here's another idea for distributing search/key value pairs w/o compromising the identity of the people making those associations - use USENET (or a similar mass-distribution channel) with the anonymous mail-to-news gateways to distribute batches of search condition/key value pairs at a time.
How about Hotline and Carracho? (Score:2)
I'm wondering - how much surveillance takes place on these networks? I would expect more takes place on Hotline than Carracho as it's mac-only.
Several admins put "spider traps" on sites to foil scans of the directory structure. Not sure how effective that strategy is, as they're usually just recursive folder loops.
-carl
Re:Two things (Score:2)
It's ironic that the "good Samaritans" of the P2P world are the ones who get punished, while those who only leach will remain unmolested.
File Sharing Services and the WebHancer Connection (Score:5)
The SpyWare Invasion
While writing a proxy server for a class [gatech.edu] I noticed that for each URL I clicked, a number of POST requests were being sent to d2.webhancer.com and d3.webhancer.com. Wondering what was up I decided to go to the Web Hancer [webhancer.com] website where I found out that WebHancer is a company that claims to have an installed base of millions of WebHancer agents that report web browsing statistics to their corporate headquarters.
WebHancer currently charges businesses $12,000 a month [internet.com] to access these usage statistics. I found the webHancer agent on my Windows machine (after a quick 'ps -W | grep gent')in "C:\Program Files\webHancer\Programs\whAgent.exe" and deleted it. What I am wondering is how the Web Hancer agent got on my machine since I don't recall being asked whether I wanted to install any spyware. Also exactly how many of their millions of anonymous usage statistics are being generated by unsuspecting users?
Which program did I install that decided to place this Trojan on my machine and is there a blacklist of such programs? AudioGalaxy
Finally, while searching for info on Web Hancer I found Ad-Aware [zdnet.com] which claims to locate and uninstall such spyware.
Re:Downloads vs. uploads (Score:1)
This is amusing in a way... (Score:1)
Of course the other issue here is that in a way the RIAA has come to our stadium to play our way. They're trying to use technology to win, which on the surface may seem like a good idea, but one imprtant thing results that the article does not mention. Speed of innovation. I agree with the statement that the people will always be ahead of the censors. I've said that for years whenever a new media fiasco resulted from some form of "pirating" (note not my term at all) or another. So when the RIAA throws it's hat into the technology ring, instead of preventing P2P they will drive talented developers to create better and greater and more secure methods for file sharing. And every time the RIAA catches up developer speed increases. So the benefit to everyone is new, improved technology for trading files at a faster rate than if the RIAA hadn't tried to monitor us.
To belabor the obvious, this whole media thing with P2P and the RIAA is surely driving more users and potential developers to share files anyway.
Now here's a question.... (Score:1)
Support Freenet! (Score:2)
Re:could we.. (Score:1)
On a slightly offtopic note, I was just wondering how many people find Freenet usable. It's hard to find useful information and it seems to be degenerating to a wasteland of p0rn. And the lack of search tools makes it difficul to find material.
electronic stalking (Score:1)
Someone should tell Lars to go to sleep. (Score:3)
That's not how you do it Lars
--
Re:Let's rewrite the First Amendment! (Score:1)
Re:Let's rewrite the First Amendment! (Score:1)
who needs Best Buy/Tower Records ... (Score:1)
Re:File Sharing Services and the WebHancer Connect (Score:3)
They hid it in "Program Files"? Bastards.
Advertisers do this to.. (Score:2)
I've seen articles about advertisers spying on downloads in order to send "targeted ads", usually in the form of instant messages, to users about other products/songs/whatever they may be intrerested in. These protocols are totally open, so basically anyone can see waht you trade.
Two things (Score:3)
The other thing I wonder is why don't sites like napster et al use basic encryption techniques to keep WHAT is seen secret? It's not like there is a derth of encryption enabled software out there, much the opposite, recent browsers all can deal with port 443 and https. Start using it. Sniffers can only tell that a connection was made, they cannot tell what the contents of that connection did or is doing.
Come on people, time to stop whining and start using what is available to us to keep big brother from tracking everything.
DanH
Cav Pilot's Reference Page [cavalrypilot.com]
Re:Good luck (Score:2)
Those are the statutory limits on a Class A federal felony. Yes, it is possible for a judge to impose that sentence, but if he did it would almost certainly be overturned.
Federal felonies are sentenced according to some fairly strict guidelines [ussc.gov]. There's a tidy little table [ussc.gov] with the offense level vs. the criminal history. You get the offense level from another table (dollar amount of the theft) here [ussc.gov]. There's also a table [ussc.gov] for fines. It's almost like playing a role-playing game, isn't it?
For a $40,000 to $70,000 theft, you get a base offense level of 11, which is 8-14 months and a $2,000 to $20,000 fine. If you take the usual plea deal, you drop two offense levels (4-10 months, $1,000-$10,000 fine) and should get the low end of the range. That's 4 months with probably no fine. You'd also pay restitution to the victim for the full amount of the theft. So you could be paying Metallica full price for every MP3 someone downloaded from you. People better hope Napster doesn't keep usage records.
Read it first .. (Score:2)
--
Love this quote (Score:1)
I really love this quote...It's a great analogy as to how the recording industry is acting. However, I have to ask myself, "Is the recording industry ever really going to go out of business?" Yes, the internet has made it easier for folks to get their music. Does this really help artists? I see how it could be a lot easier for an unknown band to get noticed, but how does it help them make money?
I would love to see the recording industry split its head open on these "stairs", but is this really what we need?
--
Re:Someone should tell Lars to go to sleep. (Score:1)
Does Lars know what a website _IS_?
--
Re:Two things (Score:2)
With the system I envisioned you would have a list of public keys of people that were allowed to browse your files to keep nasty spy bots out and would use encryption on the connection to make it very difficult to figure out what was being tranferred ... no telling if it was the latest pop single or my kids latest picture. I would build such a system on top of ICQ or AIM to locate your buddies.
Up sides:
It would be fairly untraceable, likely cause less attention because of the difficulty of mass infringment like Napster, and would have no central control athority.
Down sides:
If you are trying to get a copy of the latest pop single there are less people you could aquire it from.
Frankly that's my "perfect" P2P ... I only want to share stuff with certain people anyways and I don't want people mooching off of me. I also don't want somebody else to snoop at what is being transferred.
- subsolar
Re:File Sharing Services and the WebHancer Connect (Score:1)
could we.. (Score:3)
________
tell me something... (Score:2)
And if you get in trouble for having those Limp Bizkit tunes in your public directory, well, that's your own problem too. You are allowing the general public to pirate copyrighted tunes off your hard drive -- no matter if your own MP3 copies are perfectly legal.
Could someone please explain to me why the hell it's illeagal to make something available to someone else? Isn't the crime in actually taking it?
If I were to leave the door to my house unlocked, and someone came in and recorded all of the videos in my VHS collection, and left without harming a single thing in my house, have I committed a crime? What if I told this person that the door would be unlocked? What if I gave the person a list of the movies in my collection and gave them a key to my house?
If that's not enough to make someone think twice about this file sharing thing, what about the case where I own or have developed or whatever, the technology to rip a couple of mp3's from my CD collection - all of which were obtained legally... Then, I send these mp3's to my best friend, who has also purchased the same CDs, but doesn't have a working CD drive in his machine (ok, this is highly unlikely, but still possible)... Was a crime committed?
As for the "monitoring software"...
If I were to post a sign on my door saying that it was unlocked and anyone who wanted to come in and copy my VHS collection should do so, I'd be a complete moron if I thought that there wouldn't be people there just to see what I had.
Personally, I really don't care if someone wants to monitor my downloads et.al.- anyone who wants to badly enough is going to get their way. Next time you're browsing in the local bookstore, are you going to be looking around frantically for someone watching to see what you're looking at?
Everyone seems to be overreacting to this "on-line privacy" thing - if you want privacy, you're going to have to work for it... Use a library computer, a co-worker's, your neighbor's - whatever. If you want privacy, the oness is on YOU and YOU ALONE. Don't start whining about how you're the powerless victim - TAKE YOUR BOX OFF THE WEB if you can't come up with a better way...
If you don't understand how to use PGP, stop whining about Carnivore, or whatever other "radical" privacy invasion tools the government is comming up with. The only way you're going to be able to keep your stuff private is if you do just as much work as the people interested in your private stuff.
Cordless phones allowed for the possibility of someone monitoring your phone conversations - now we've got 9 GHz phones - impossible to monitor? Probably not in the long run, but you'll just have to buy a better phone when it becomes possible...
Alternativly , you could just stop talking... Likewise, just stop using P2P systems if you're hung up on the fact that someone somewhere may be able to find out what you're essentially broadcasting to the entire f***ing planet...
-bs
music busts (Score:2)
And we all know that never happens...
The obvious solution (Score:1)
Freenet? (Score:4)
Good, so now the ten people who use Freenet can sleep easy.
--
Big Brother? HA! (Score:1)
Big brother? I'm more worried about Icarus and Daedalus.... and how all are info gets routed through Area51, and how everything we do is monitored by something greater than our governments.... its all because of The Illuminati!!!
Sorry... had a five hour session of "Deus Ex" last night...
But uploads are legal. Does the RIAA deny this? (Score:2)
They must either show that I downloaded music (more difficult), and then show that I did not have the right to do this (more difficult again - especially if I own the CD, and for all their snooping, they don't know what music I own).
Merely showing that I have files available is not enough, but unlike Napster (the company), showing that I benefited from someone downloading a file from machine (and thus allowing me to be caught as a contributory infringer) will be quite difficult.
If I own the CD, do I have the right to download the music (space shift)? (I'm guessing the MP3 case suggests otherwise). If the case can be made that I do have the right, (perhaps via the betamax decision, which should still apply to individuals), can we launch a class-action against the RIAA for unjustified (or perjerous) complaints to our ISPs and intimidation tactics?
Napster users may be walking a fine line, but so is the RIAA - their threats are based on some very contentious and unresolved interpretations of the law, and I don't think the law gives them the green light to do these things.
Re:But uploads are legal. Does the RIAA deny this? (Score:2)
That's I was talking about when I said contributory infringement - Napster very obviously made millions of $$$ from the infringement, thus the court found it to be a contributory infringer. But a Napster user on the other hand, makes little or nothing, and it is not obvious that they are doing anything that Betamax wouldn't allow, so the RIAA would have a much tougher case ahead of them, if they could make one at all.
Damn, there are so many consumer rights issues and questions that need to be resolved by the courts, and having them resolved by cases run by a team of MPAA and RIAA lawyers isn't a pretty thing to watch
Re:Possible Legal Solution? (Score:2)
Re:Good luck (Score:1)
How does one infringment cost $150,000 in damages? Supposing I distribute 1000 copies of it, that's still only $2,500 in damages, and the odds of distributing that many copies are slim.
This is after a $250,000 criminal fine? 5 years in prison? If someone were to get drunk and hit someone while driving, they'd be punished less severely. This is total BS.
Re:Good luck (Score:1)
so scale all the numbers down a bit.. makes my point even more
Spy Prevention via the DCMA (Score:1)
It can't be R/Eed without violating the DCMA, so no one can write an agent for spying.
Webhancer (Score:2)
To think I actually trusted someone. BTW, AdAware is excellent.
Re:Don't Worry... (Score:2)
Sort of like saying, "I know what you did and to whom, and that your telephone number is 555-1212."
Re:Don't Worry... (Score:1)
Re:Downloads vs. uploads (Score:1)
Combine that with a way to account the originating user's / computer's network usage, and you can start having fun.
I like your ideas about paying the cycle providers, though. Although I think that cycle usage (and ofcourse also network usage) should be free.
Re:Let's rewrite the First Amendment!- NOT! (Score:1)
I think the conversation probably went something more like this (and so does the ACLU!):
Madison to Jefferson- "Hey Tom, don't you think that wording is a little vague?"
Jefferson- "Yea, Jim you know it is. But it's that way because I don't have a time machine so I can't predict the future and what the people will want to do 250 years from now."
Madison- "Good point Tom, that's what the Supreme Court is for."
And by the way, yes you do seem biased which does cast doubt on your arguement in the first place. But, by definition, you can't prove a negative.
Re:could we.. (Score:1)
We have centralized peer-to-peer networks (Napster) and completely decentralized p2p networks (Gnutella, Freenet). Would not a dynamically-centralizing network be better? It would be something like a Napster system where every client also has OpenNap code in it. So it is basically a two-part p2p system. Clients on the lower part (dialup) pass up searches to the upper part (some of the fastest cable, dsl, etc users), who then perform the search like any OpenNap server. The only completely decentralized part would be the passing of search server lists. When each client gets a server list, it will update its own internal list. It then pings each server on the list. If at least one is below a certain ping time, the client just passes on the server list. But if no servers get a fast enough ping, the client turns itself into a server, and adds itself to the list. When a client does a search, it will send the search to the closest (ping-wise) server, and those servers will contact the other servers, and so on. The system will limit the number of servers to a small percentage of the client population, and high-bandwith machines will be favored as servers. Servers could choose to only remain a server for a few minutes, and then give up their server status. This would make it almost impossible to bust those people who are running the servers. Does anyone know of a project that works like this?
---
Downloads vs. uploads (Score:2)
--
Sonofabitch! (Score:2)
AAAAAAAAAAAARRRRRGH!!
Why can't people leave this ALONE until the RIAA finishes destroying itself? It's still quite powerful enough to do away with Freenet, be certain of that. You're all going to snidely remind me of Freenet's intricate security features... Folks, that doesn't mean a damn if the physical machinery used to constitute it is put a stop to. The RIAA can and *will* destroy Freenet if it becomes the "new Napster".
Jeezus Christ!!
Salon.com pisses me off frequently, but Today Is Special. No amount of beautiful and inspiring speeches from Messrs. Boucher and Moglen can save us if something isn't done. The only thing I see at the moment that is do-able within the time frame we're talking about, is sitting back and pirating on GNUtella and letting the RIAA finish bringing about its own doom.
Instead, we have the whole jolly Napter crew giving a big hearty "nyuck nyuck" and charging off to Freenet. The RIAA's lawyer-guns merely require a slight adjustment in aim and declination, and the bombardment recommences. =/
-Kasreyn
Re:File Sharing Services and the WebHancer Connect (Score:1)
I still don't get it. (Score:1)
The recording industry's business model is woefully outdated. They're playing the traditional head in the sand role. If they'd wake up and realize what they had here, they'd drop this whole mess! But of course, this is corporate America we're talking about. They've had this case of cranial-rectal inversion for quite some time.
How many times have I said this? (Score:1)
Good luck (Score:5)
I can imagine what would happen if/when I get busted. I may pay a fine. Heck, I could see a few days in jail (doubt it for a non-violent crime, but this is the RIAA we're talking about here). More importantly, I would never, ever, ever buy another CD from that organization again. If it was the RIAA that was behind the persecution, then I'd boycott their member companies. What do they get? One less customer.
How long can record companies last that piss off and alienate their customers? It will be very interesting to see what happens when the contracts of well-known (and lesser well-known) artists come to an end.
That will leave them free to get with a good web host, a couple of programmers and voila - downloadable songs at a reasonable price. Who needs Best Buy/Tower Records/RIAA?
They can run, but they'll only die tired.
Silly Recording Industry... (Score:2)
Napster no longer the threat (Score:1)
If folk must trade Warez then they could at least save the rest of us the holier than thou "we are doing the artists the biggest favor" line.
Napster is no longer the threat to the RIAA, and not just because the filter means that it is no longer any use. With Napster the unit of exchange is the track. With an MP3 player built round a large hard drive the unit of exchange is suddenly the CD collection.
I have one of the Acrchos devices and have so far ripped about 40 CDs for my own use. However there is nothing to stop me from copying my CD collection onto the Jukebox and then going round to a neighbor and copying them onto his hard drive.
What is more this mode of exchange is probably 'fair use' since it is genuinely peer to peer and does not involve Napster corporation acting as middleman contributing to the infringement.
Jukebox copying does not have the same geographic reach as Napster. But the number of tracks exchanged at a time is dramatically higher.
Legalities? (Score:1)
Does any corporation have a right to gather information on individuals? Maybe they can for advertising purposes (and maybe not) but for law enforcement?
I think of it this way, if the RIAA suspected me of running a bootleg CD business out of my home, would it be legal for them to park across the street and take pictures with a telescopic camera? To use a high-powered microphone to listen to what I do in the house? To tap my phone line, or try to intercept my cel phone signal?
I don't think that would be legal. Certainately it wouldn't be ethical.
For the record, IANAL (that should be obvious), but I really wonder about this.
Re:Please, "busts" hardly need to be ineffective (Score:1)
Re:Good luck (Score:2)
No, they're doing it to get free music from the world's largest catalogs of downloadable music.
and thereby helping the smaller artists?
As a side effect, yes.
If it will give you some perspective on the issue, I spent a couple of years working for a large company that was trying to achieve exactly what the record companies would ostensibly like to see. A secure music delivery system that protects both the rights of the artists and the rights of the recording companies. The intent was to let the record companies do the intelligent thing and create a legal channel for distribution. In the back of our heads, we thought-- hey, this would be a good thing. Maybe this will help smaller labels and independent artists too.
Of course it didn't work out, not that we didn't spend a huge amount of money in the process. Along the way we spoke to a lot of artists, many of whom expressed intense frustration with their labels-- but they were bound by their contracts. Attempts to market unknown bands met even less success. Unfortunately, a few millions of dollars later, we were no nearer a solution, and we gave up. Knowing how difficult it is for a company with a significant budget to change things, I wish it were possible for the artists to rectify the situation on their own, but such a possibility is wishful thinking when the RIAA studios control the radio stations, distribution and vast amounts of promotion.
Napster and its ilk are certainly not legal or even ethical, but they do light a fire under the recording industry, and give artists new means of distribution. As it's unlikely that the record companies are actually going to start offering competitive prices, or allowing artists to shop around for the best deal, this is unfortunately the best chance there is for the situation to change.
Re:could we.. (Score:3)
Why bother? Gnutella has all of these features built in.
Re:Good luck (Score:3)
The vast majority of artists don't get signed by the cartel that comprises the RIAA. Those fortunate enough to get the labels' contracts (they are binding and non-negotiable) often find themselves a few years down the road owing money to the label. Courtney Love wrote a surprisingly coherent article [salon.com] on the subject a while back. There are even more detailed accounts if you look around a little bit.
You'll note that the artists agitating against Napster and 'piracy' are mostly at the top, members of the very exclusive club of recording-industry success stories. The truth is, the vast majority of artists would be better off if there were an alternative to the record labels. Maybe knocking the RIAA on its ass will open the industry up a little bit, even if it does mean that artists' ways of making money will have to change.
Re:Let's rewrite the First Amendment! (Score:2)
Re:Downloads vs. uploads (Score:2)
Maybe this is a case of paranoia=awareness?