Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Privacy Your Rights Online

Surveillance on Peer-to-Peer Networks 115

Posted by michael from the spy-v.-spy dept.
n7lyg writes "Salon has an article by Janelle Brown that asks (and answers) the question 'Who is spying on your downloads?' It discusses the use of various P2P tracking tools by RIAA and IFPI and others to monitor file trading on both Napster and Gnutella networks. Freenet seems to be more or less immune to this sort of monitoring at the present time, due to the distributing the files throughout the network. More big brother tactics..."
This discussion has been archived. No new comments can be posted.

Surveillance on Peer-to-Peer Networks More

Surveillance on Peer-to-Peer Networks

Comments Filter:

  • Re:Then use an RFC1918 address. (Score:1)

    by Anonymous Coward
    If they cared about facts, they wouldn't be Salon.

  • Hello, I'm a typical Slashdot poster (Score:3)

    by Anonymous Coward on Tuesday March 27, 2001 @12:42PM (#336501)
    Firstly, I'm pro-freedom. But everyone should be using Linux! Secondly, I am pro-American-way, even though I don't understand to whom the constitution applies.. oh, did I mention I support a Leftist system for licensing.. when I'm not making my 100 grand a year writing boilerplate perl for some company.

    I am a nerd. Or at least, I *act* like a nerd. I am great at reading short snippets from some populist website and using them to form a complete and authoritative opinion. I have been known to stick to my guns even when it's clear I fire blanks.

    I dislike commercialism and banner advertising. But I like Slashdot. I believe Slashdot's operation is far more than browsing other news sites and copy-pasting a few notes.

    One day, I'm going to leave my parents' place, or my little student dig, and drive topless cars and spend time with topless chicks (without paying!).

    I abhor hypocrisy, and believe in equality for minorities. But I _am_ better than everyone else!
  • What really surprises me is that if I discover a government agengy spiying me without a warrant, I could sue the hell out of them, however, if a company does the same I can't do anything.

    Only in America...
  • We seem to be getting a new Freenet node every 10 minutes, and that doesn't include transient users who don't run a full-time node.

    --

  • Because, with a court order, the RIAA can get Napster's encryption protocol, and build a packet analyzer that de-encrypts the relevant fields, and automates the whole process for the voyeur.

  • Guerilla sounds sorta like what you were talking about, i managed to get it running but i don't have another ip address to connect to, anyone?

    Yes, guerilla seems to perform downloads in a manner similar to the extensions I'm proposing for the gnutella network. The only problem is that there aren't very many people using it. My proposed extension to gnutella would be usable immediately, even if only a few people adopted it.

  • I've been thinking about this for a while now.. gnutella search results currently contain the IP of the person with a match for the search request. But wouldn't it be great if there was a way to get the file back to the end user without revealing the posessor's IP address?

    If one or more hosts between the file posessor and the requester supported a special extension whereby the search results were rewritten to traverse a HTTP proxy chain created on the fly, privacy would be improved. Furthermore, if those HTTP proxy chains supported caching, performance might be improved too.

    Here's how it works:

    Host X joins the network, connecting to host Y, which is connected to host Z. Host Y supports the new anonymous downloading feature. Host Z does not support the anonymous downloading feature.

    Host A, which may or may not support anonymous downloading, connects to the gnutella network and searches for a document. The search request is broadcast to attached hosts B and C. Host C happens to be connected to host Z, which is connected to Y, and thus Z. Host X sees that it has received a search request for a document it has from host Y, and sends a routed message back through Y to the gnutellanet network. Host Y rewrites the search result to include its own IP address. It also makes an entry in a time-expired table and agrees to proxy the request to host X for anyone that asks. If for some reason Y can not agree to proxy the request (perhaps it is over its bandwidth cap) it will pass the search result unmodified to Z. When a request comes for that document, Y it will fetch it from X. Host Y hands off the rewritten packet to Z, which goes to C, B, and A. From host A's perspective, Y had the file, not Z. At Y's discression, Y will enter the file it got from X in its cache and also answer search requests matching it affirmatively.

    Now the response is passed up the chain, eventually to host A. Host A requests the document from host Y, which proxies it to host X, which has the document. Who did the user get the document from? They think they got it from Y, but did they? No. They got it from X. Even if host Y leaves host X's IP in the response, how can we be sure host Y isn't just forwarding the request for someone else? Even when responding to requests that can be fulfilled locally, servers should insert a random delay. In fact, if such a system is in use, there is no reliable way to prove who you got a document from unless you can monitor the Internet connections between every site involved in the transaction.

    Further complicating the matter might be the use of encryption and connection multiplexing between involved hosts. Hosts X and Y, for example, might communicate all information including proxied requests over a single encrypted channel. They might pass fodder on that channel when no transactions were in progress to reduce the effectiveness of traffic analysis.

    One other great advantage is that caching could be employed to much improve download rates for popular files. Host Y, for example, could agree to keep around a few hundred megs of recently downloaded files. It then could respond to search requests for those files.

  • Somehow you installed this software. It may have been attached to something else you installed, such as a free preview copy of some program.

    But software doesn't just automatically install on Windows desktops. Even with ActiveX controls you have to specifically authorize the download, and even then they are limited in where the files can be installed to. (hint: C:\Program Files is not one such location)

    Steve Gibson at grc.com has warned about this in the past, along with others.
  • Especially with Napster, the whole process of spying on users seems rather simple.

    Napster provides a index mechanism which makes it very easy for some entity to watch what users make available for download.

    On top of that, by making downloads available yourself, you could easily monitor what people actually download.

    I don't see how you can realistically get around this, at least not with Napster. Your either offering stuff for download, or you are downloading information yourself.

    I suppose if you know who the trojan sites are offering Napster content, you can avoid downloading from them... But how could anyone know?

  • I'm an occasional Napster user. I mostly download tracks for old 70's and 80's music for which I own the vinyl records but that I didn't bring with me to the US. I also download current music not available in the US because the recordings are in Russian, French, Spanish, or some other foreign language.

    I realized that tracking the IP address down was probably the next step by recording companies. What I do now (Napster and Gnutella) is simple: I don't share directories for longer than it takes me to download a track or two. I also purge my music directories periodically, moving the downloaded files to a non-public part of the disk. This reduces the risk of someone downloading files from my system, thus my IP address is less exposed.

    Purging the public directories also has a nice side effect: Most of the time you can kill your Napster session without having to worry about "uploads in progress."

    Before you start flaming: I make "music collections" available once per week by sharing additional directories for several hours over a dial-up IP independent of my high-speed connection. That way I can make some of those files available to others.

    Comments?

    E
  • It's not like Salon can't afford some professional fact checkers among their editorial staff. --M
  • I found Onflow too, also due to ZoneAlarm. Does anyone know exactly what Onflow does?

  • Here are some screenshots of one of the 'spy' progams. [7amnews.com]


    --
    Why pay for drugs when you can get Linux for free ?

  • So all Napster users who pirate MP3s are deliberately breaking copyright law in order to knock the RIAA down a step, and thereby helping the smaller artists? I doubt it. IMO, it should be up to the artists themselves to come up with an alternative to the RIAA. This argument strikes me as 75% excuse for most people to do something they'd likely do anyway. People have always pirated music; this just makes it quicker, easier. (Not to say that you, dachsund, are personally pirating MP3s using Napster, or to try to claim a higher moral ground by saying I've never in my entire life ever pirated music - because I'd be lying.)

    Shirley there are better ways to show contempt for the RIAA. I can think of one that's been proclaimed: boycott all RIAA artist CDs. Don't buy them new, certainly, but further, don't buy them used either. Why not? Because at one point, those WERE new CDs, resold by somebody who knew that the option of reselling them was there. If people stop buying used RIAA-artist CDs, soon the used CD stores won't have a market for them and will no longer buy them, or (more likely) they'll get overstocked and won't buy any more. Granted, you're hurting the used CD stores this way, but IMO it's one of the few things an individual who isn't directly involved in the music industry can do in order to hurt the RIAA, at least in a morally-correct fashion.
  • No, they're doing it to get free music from the world's largest catalogs of downloadable music.

    OK, just so we're clear on that point. ;)
    I find "I know it's wrong, I'm doing it anyway" much more acceptable than "it isn't wrong! the riaa's ripping them off anyway!"

    Incidentally, if most artists are not members of the RIAA, then how exactly does downloading their music without paying for it hurt the RIAA? It looks to me as if it's hurting the smaller artists more directly.
  • Who needs Best Buy/Tower Records/RIAA?

    I nominate "anybody who doesn't have a computer but likes music anyway".

    Right now, the RIAA is a devil the artists know. They might not LIKE the RIAA, but they know how it works and how to deal with it. Is replacing the RIAA wholesale, which is what you and most other advocates are talking about, really the best thing to do?

    "I went into the business for the money, and the art grew out of it. If people are disillusioned by that remark, I can't help it. It's the truth." - Charlie Chaplin

    Don't forget, musicians would like to make money. I'm sure most of them would perform for free if they could eat and live and have all the other amenities most people want, but that just doesn't happen without money in our society, so they're going to want to get paid. Some of them will want to get paid a lot. Does any musician deserve to get paid a lot? Why not? If people are willing to fork out money such that an individual or a group get paid a lot (see professional sports for another example) then of course they deserve the money.

  • Please, "busts" hardly need to be ineffective (Score:3)

    by FallLine ( 12211 ) on Tuesday March 27, 2001 @04:41PM (#336516)
    Ok, let's imagine for a minute that GNUTella actually works half-decently. If I were RIAA, my method for killing downloads would be simple, pursue the people that provide downloads vigorously (through their IP address), especially those that are on the fastest connections and are most capable of doing so. As it stands today, without any substantial enforcement against individuals, the user has just about zero incentive to provide downloads, but it costs them (not to mention their ISP, school, whatever) bandwidth, CPU time, HD, etc. Tne end result is, today, very few users are willing provide downloads, only a very small percentage actually does. This is the much hyped "tragedy of the commons", but it's very real nonetheless.

    Ok now what happens when you start providing substantial disincentives or risk? Much much less people will be willing to "contribute". For instance, if RIAA simply starts making a few well placed calls to the largest ISPs, causing the user to lose his connection in short order. Even if it's only for a few days, or even an hour or two, most users would find this absolutely unacceptable. Those that are most likely to setup a site like that, also tend to be the most attached to their "fast" connections. When the pirate is presented with a choice between providing goods to hundreds of people he doesn't even know and incurring risk in the process or merely leaching like everyone else, the choice is simple. Add to this mix permanent bans, public embarassement, potential legal action, etc etc, and you have even less reason to take the chance. Remember, they need not bust EVERY pirate that is out there, just enough to provide a credible threat. Also, remember that this approach wouldn't take much in the way of resources or money.

    Now sure, there will still be SOME nuts out there that will persist for whatever reason, but those will be so small in comparison to the downloading public that their effect will be nominal. The point is that greed works against the pirates as much as it does against the industry. I fully believe the industry is capable of doing this and that it would be highly effective. Against just about any known P2P-like system (e.g., Napster, GNUTella, Scour, CuteMX, or whatever.)
    It will be very interesting to see what happens when the contracts of well-known (and lesser well-known) artists come to an end.
    This is a seperate subject, but I think you're completely underestimating the absolute importance in promotion and marketing on the part of the record labels. While marketing and promotion do not necessarily have to come from the industry, a simple website will not suffice. The odds are that the artist(s) will be competing for scarce eyeballs no matter what medium they're on. Scarcity, in turn, means it'll cost lots of moola. Who has lots of capital and is willing to risk it on music investments? The industry. One way or another, capital must be risked to gain a sufficiently large following. The backers will probably be the same industry that we know today, but, even if not, it doesn't really matter. The internet isn't some kind of magical pill to make all these concerns go away.
  • Basically, from what I understand of how this all works, a good IP spoofer would defeat all of these survaillance measures.
  • They aren't monitoring your traffic, that would probably be illegal without a court order, and would require a hugh amount of cooperation from ISPs. All they are doing is watching which songs people make available. By seeing new songs appear in your shared directory, they can guess that you just downloaded that song. I can't really see any legitimate complaints about them monitoring in this way. After all, you are making the songs available to anybody who asks, with no authentication or authorization at all. Can you really complain if the copyright holders stop by to see what you are sharing? It's like claiming that you can setup a sidewalk stand giving pirated cassettes away to the public, but RIAA employees should avert their eyes as they pass.

    Don't get me wrong, I'm not a fan of the RIAA. But all they are doing is looking for people who are illegally making copyrighted works available to the public. If you want to create "junk" info for them, you could share a whole bunch of files with junk contents and suggestive names. But, if you do this, it not only confuses their software but other Napster users, which is a bit like burning the villiage in order to save it. In fact, I'm suprised that the RIAA hasn't hired consultants to start polluting the Napster and Gnutella services with junk files, broken links, and anything else they can think of to make the systems unreliable and hard to use. Anyway, my point is it's foolish to expect that you can offer an illegal service (not Napster in general, but the specific act of distributing copyrighted works without authorization) to an anonymous public and not have the "authorities" check up on you.
  • That was a joke -- hence the smiley...

    Jethro
  • Yep -- snagged it out of /usr/games/fortune -- I just had to use it. 8^)

    Jethro

  • Don't Worry... (Score:5)

    by Jethro73 ( 14686 ) on Tuesday March 27, 2001 @12:04PM (#336521)
    From the article: I know that your IP address is 28.294.22.1, your ISP is Earthlink, and you logged in last at 2:26 a.m

    Whew... Don't worry about their spies... they don't even know the addresses can't go above 255... 8^)

    Jethro
  • Indeed. Recent versions of Netscape load all sorts of crap into Windows systems without allowing the option of disabling them.

    Winamp, for instance. No thanks.

    Hmmm - it sounds like you have never heard of a "custom" install...

    Hint: the "default" install is idiot friendly. If you believe that you are not an idiot never perform a "default" install of any software on the winxx platform.
  • A corporation or other organization looking at data freely available to them from all those gnutella clients is not a violation of your rights.

    They are only finding out what your computer willingly offers them (and every other gnutella client)
  • You must not have finished reading his post. He said he figured out that it was Audio Galaxy that did a stealth install of the program.
  • Perhaps this is why we need security features in peer-to-peer clients.

    Blocks [mspencer.net] was an example of a filesharing client with too much security. It was well-designed and cross-platform, but required too many resources and too much security for...well, anybody except the most advanced users. It would be very difficult to find the IP number of someone sharing certain content on the Blocks network. It's also almost impossible to even find a file on the Blocks network.

    Perhaps what we need is optional security. Some users are going to want to form a mixnet, and only directly communicate with trusted peers. Some people want encrypted disk caches, so if their computers are seized, it'll be impossible to tell exactly what they're sharing. Conversely, some people would like an easy way to tell whether content is copyright-protected and shouldn't be traded, without directly notifying anyone that they've come into contact with the content.

    I've outlined some security concepts in a quick page I've put together: http://mspencer.net/fs [mspencer.net]. It's a work in progress, and is very long (22 KB and growing) with almost no index or table of contents. But if peer-to-peer filesharing is a topic you are enthusiastic and excited about, you'll find the page very interesting. (There are no ad banners at all on that page -- just text, except for my email address. I put my email address in a graphic, to spam-proof it.)

    From the page:
    Does all of this seem seedy? Do you think people will assume that anyone who participates in any of this extra security or identity protection is automatically a criminal? Remember that this is what computers do -- they take complicated things, and take the manual labor out of them. Sure, some of these methods may seem like seedy criminal behavior turned digital -- but this behavior is usually criminal in real life because it's so costly! It takes time and effort to route anonymous messages around -- take a 'layered' envelope out of the mailbox, unwrap only one envelope leaving (an envelope still inside, possibly with more envelopes inside that), and mail it out again. Pass things around by word-of-mouth only. Use aliases. In real life, these things are difficult to do and take time and effort...so it can be concluded that the people doing them probably need the extra security or protection. That is, they're probably doing something illegal, so the extra 'cost' is worth it. But this is digital -- these are computers we're talking about. It's very easy to let the computer stand out on the streetcorner for us. We're not peddling high-value illegal material -- many of us merely don't want certain advertising companies using our personal information to enhance their seedy business. This 'shifty behavior' becomes worthwhile at the half-penny-per-transaction level, because computers do all the work. Were it the real world, this same kind of 'shifty behavior' would only be justified at the tens-of-dollars-per-transaction level.

    Such a system is possible, if enough motivated and excited people get together: adapt and borrow concepts from other projects. The other projects out there (MojoNation, Freenet, Blocks, ELF, and many more) have wonderful concepts and design, and they do a very good job of solving a particular problem with filesharing. But they don't solve all of the problems.

    Perhaps if enough p2p project developers are inspired to bring their concepts together into one system, we'll finally rid our gift culture of these pesky intellectual property lawyers.

    On a related note...I just thought of this really evil way to abuse three existing services (WWW, DNS, and Akamai proxying) to provide a kinda-anonymous web site:

    1) Use an existing DNS zone to point an NS record for a subdomain to a special kind of DNS server. (Perhaps *.anon.mspencer.net)
    2) Create a special DNS server (special software, or just firewalled) that is only allowed to hand out DNS query replies to Akamai servers.
    3) Publish a URL:
    http://a1.g.akamaitech.net/6/6/6/6/lmnop1.anon.m sp encer.net/piratestuff/bigfile.iso

    It would be impossible to get the true location of lmnop1.anon.mspencer.net unless Akamai servers were cooperating with you.

    --Michael Spencer
    (remove the first three letters from the email address above.)
  • You might be interested (or surprised/dismayed) that copyright infringment carries a much stiffer penalty. I remember reading $25,000 fine PER incident, and up to $100,000 fine PER incident. The jail time was 2 years. Those numbers are somewhere in the AHRA and DMCA.

    And even worse, here's something I just read about recently. The NET Act [riaa.com] (No Electronic Theft) :

    "The No Electronic Theft law (the NET Act) is significant because now sound recording infringements (including by digital means) can be criminally prosecuted even where no monetary profit or commercial gain is derived from the infringing activity. Punishment in such instances includes up to 3 years in prison and/or $250,000 fines. The NET Act also extends the criminal statute of limitations for copyright infringement from 3 to 5 years.

    Additionally, the NET Act amended the definition of "commercial advantage or private financial gain" to include the receipt (or expectation of receipt) of anything of value, including receipt of other copyrighted works (as in MP3 trading). Punishment in such instances includes up to 5 years in prison and/or $250,000 fines. Individuals may also be civilly liable, regardless of whether the activity is for profit, for actual damages or lost profits, or for statutory damages up to $150,000 per work infringed."

    Rader

  • Good info to read, but copyright infringement doesn't fall under Theft. I have no idea where that leaves us though. It's probably a good comparison. I'd say it would be a good thing to meter against--except that the RIAA's 400 lawyers would definately max it out against ya.

    Rader

  • I think it started with the Cleveland Freenet.

    Which has been dead as a door nail for over a year now. For crying out loud, if you're going to troll, at least make it factual.


  • Good point.

    A centralized server in a forigen country will get choked but at least you can get around the legalities.
  • That's OK, they'll just add a surcharge to music that they sell and pass on the cost to the consumer. It's easy to be stupid when you don't have to pay.

    Xix.
  • People can always switch ISPs.
  • Putting in account that the RIAA and MPAA aren't able to sue the people that run a decentralized network, would that make them more likely to spy, then sue, on the people that use it?

    That kind of makes me scared to get stuff off a decentralized network.

  • Re:Love this quote (Score:3)

    by abszero ( 58089 ) on Tuesday March 27, 2001 @12:40PM (#336533) Homepage

    Yes, the internet has made it easier for folks to get their music. Does this really help artists? I see how it could be a lot easier for an unknown band to get noticed, but how does it help them make money?

    Here [projekt.com] is an excellent essay/letter form sam Rosenthal, the owner of Projekt records (an independent label) on how napster helps unknown bands.

  • GPG or PGP

    //rdj
  • They are using a modified version of the standard client so any grief you cause them with traffic increases you will cause your own users as well.

    I guess the only defense would be lots of metallica.mp3 files that are not mp3 files... but again you will be confusing normal gnutella users too.

    Freenet is probably the best defense.

    -pos

    The truth is more important than the facts.
  • If "the man" wants to waltz in and poke around my stuff, fine, as long as I'm allowed to do the same thing, otherwise they can sod off!

    -----

  • I know that WinACE also installs WebHancer, actually it won't run until you install WebHancer. Although after it's installed you can remove it via Add/Remove.... as far as I know it doesn't leave bits behind to still spy.
  • The RIAA better catch people with thousands of MP3's on their system, because the first person they put away for stealing 1 or 2 of Metallica's songs will cause them a PR nightmare. They are faced right now with having to do the near unthinkable (but they have few options left) and that it to put their customer in jail. The outcry from the public will be huge. Why? Because the penalty will far outweigh the crime and because of the outrageous markup on CD's these days. C'mon if I can buy a burnable CD for a dollar pressing out thousands of CD is costing cents (if that) per CD.

    If the penalty for the first few examples the RIAA chooses to go after (stealing bits) exceeds the penalty that a first time drunk driver (putting other peoples lives in jeopardy) gets, then the message will come across to the public loud and clear, and they'll be mad as hell.
  • They cannot stop us from sharing the files we have on our computers.

    I'll be the first ski mask wearing coder right on the front lines if file sharing is outlawed baby!

    It's ridiculous to think they can even try. The nature of the net is to route around broken links, like napster. Bearshare, http://www.bearshare.com has over a million registered users now. Fuck the riaa, who needs em. We should all download the music we want and then mail a dollar to the artists whose albums you've downloaded. That's more $ than they would get from their record companies anyway.

    http://www.hyperpoem.net
  • Can we now have a serious discussion about the privacy invasion and unauthorized search and seizure of my IP packets without a warrant by the RIAA? Who do these guys think they are the NSA?! I am sick and tired of the RIAA doing unauthorized search and seizures of my IP packets on private peer-to-peer networks. Who authorized them to run monitoring software on a privately owned peer-to-peer network?

    According to written U.S. law all evidence obtained through an illegal search and seizure is in admissible in a court of law, which would make all evidence in the past trials null and void. In theory this should allow all rulings to be over turned all evidence uncovered without a valid warrant should never be allowed to see the light of a court room again. Also, both Napster and Gneutella can sue the RIAA for the invasion of privacy, hacking, intercepting communications, & trespassing on virtual private property.

    Think this over and get back to me!
  • A wasteland of porn sounds good to me...

    one mans junk
  • Unauthorized use of a computer system.

    Snooping your system = cracking your system.

    It should be illegal for the RIAA, et. al., to snoop into your computer system because they are attempting to access a computer system that is not theirs. Any "evidence" gathered in an illegal way would be inadmissable in court, just as if a police officer gathered evidence without a warrant*. Of course, as soon as someone brings this up as a defence to their flood of lawsuits, you know that they'll be whinning to Congress to get an exception to that too.

    * IANAL (but I did take some law classes) but I believe that only the police can conduct a search without a warrant on the basis of probable cause. An private individual or organization would be guilty of breaking and entering.
  • I think the RIAA would use the same argument they used against Napster - you may not be directly violating the law, but you're deliberately trying to help people break it. And we all know how successful Napster was at defending itself.

  • Alternative usage of Freenet & others (Score:3)

    by mOdQuArK! ( 87332 ) on Tuesday March 27, 2001 @10:16PM (#336544)
    Actually, with all the talk about the relative advantages & disadvantages of Freenet & the other P2P services, how 'bout a combo?

    The way I understand Freenet, you can request files based on some calculated key values (hopefully unique for a given file's contents) and it will be sent to you through the Freenet network in some fashion which makes it anonymous to all of the nodes inbetween.

    The current main difficulty with Freenet was associating search requests with those key values.

    So how about a combo solution? Use normal P2P techniques (and normal search engines for that matter) to return key values based on search criteria. Then use the key value to download the file from Freenet.

    By decoupling the searching mechanism from the download mechanism, then you can have all kinds of ways of searching without compromising the robustness & security of the download network.

    Here's another idea for distributing search/key value pairs w/o compromising the identity of the people making those associations - use USENET (or a similar mass-distribution channel) with the anonymous mail-to-news gateways to distribute batches of search condition/key value pairs at a time.
  • Hotline and Carracho are two systems that would probably be most similar to Freenet.

    I'm wondering - how much surveillance takes place on these networks? I would expect more takes place on Hotline than Carracho as it's mac-only.

    Several admins put "spider traps" on sites to foil scans of the directory structure. Not sure how effective that strategy is, as they're usually just recursive folder loops.

    -carl
  • As another post pointed out, the RIAA is not monitoring which files are flowing through the various networks. The RIAA is simply monitoring what is being offered by the users of the networks. A user that shares a thousand songs but downloads few will get caught by this new scanning technology, while a user that downloads many songs but shares none will not be punished.

    It's ironic that the "good Samaritans" of the P2P world are the ones who get punished, while those who only leach will remain unmolested.
  • I recently submitted an article about how I found a piece of spyware that is installed by a number of music sharing systems including AudioGalaxy [audiogalaxy.com] and iMesh [imesh.com] on my machine. Of course, Slashdot rejected it. Since it is ontopic for this discussion here it is:

    The SpyWare Invasion

    While writing a proxy server for a class [gatech.edu] I noticed that for each URL I clicked, a number of POST requests were being sent to d2.webhancer.com and d3.webhancer.com. Wondering what was up I decided to go to the Web Hancer [webhancer.com] website where I found out that WebHancer is a company that claims to have an installed base of millions of WebHancer agents that report web browsing statistics to their corporate headquarters.

    WebHancer currently charges businesses $12,000 a month [internet.com] to access these usage statistics. I found the webHancer agent on my Windows machine (after a quick 'ps -W | grep gent')in "C:\Program Files\webHancer\Programs\whAgent.exe" and deleted it. What I am wondering is how the Web Hancer agent got on my machine since I don't recall being asked whether I wanted to install any spyware. Also exactly how many of their millions of anonymous usage statistics are being generated by unsuspecting users?

    Which program did I install that decided to place this Trojan on my machine and is there a blacklist of such programs? AudioGalaxy

    Finally, while searching for info on Web Hancer I found Ad-Aware [zdnet.com] which claims to locate and uninstall such spyware.

  • I think you're right. It looks like they're searching for files people have shared for others to upload.
  • ...when you think about it, the RIAA is now burning their profit money on monitoring the same tool that they claim has already lowered their profits. At what point do they say, "we're losing more money fighting this thing than it's worth" ?

    Of course the other issue here is that in a way the RIAA has come to our stadium to play our way. They're trying to use technology to win, which on the surface may seem like a good idea, but one imprtant thing results that the article does not mention. Speed of innovation. I agree with the statement that the people will always be ahead of the censors. I've said that for years whenever a new media fiasco resulted from some form of "pirating" (note not my term at all) or another. So when the RIAA throws it's hat into the technology ring, instead of preventing P2P they will drive talented developers to create better and greater and more secure methods for file sharing. And every time the RIAA catches up developer speed increases. So the benefit to everyone is new, improved technology for trading files at a faster rate than if the RIAA hadn't tried to monitor us.

    To belabor the obvious, this whole media thing with P2P and the RIAA is surely driving more users and potential developers to share files anyway.

  • ...technically it's a computer crime to use a computers resources to which you do not have legitimate access. Even if the door is wide open and there is no security of any kind, you are (legally) in the wrong, even more so if the only security is a warning or disclaimer. Crackers have bee prosecuted on these grounds before. Now surely as things stand the RIAA has every right to monitor P2P networks, if they have the resources and desire, they can look at public files like anyone else. But what if it wasn't strictly public, what if there was a disclaimer barring anyone associated with the RIAA or whomever from viewing these files? Would that work? Probably not, although I believe that it would be legally correct, Johnny Law would never allow the same rules that apply to a 15 year old cracker be turned around and used on a corporation. I'm sure there's a special section in the DMCA for just that circumstance. Anyway something to think about. Kind of hypocritical I think.
  • Yes, as others have pointed out this is a fairly alarmist article, but nevertheless, Freenet [sourceforge.net] is the one system designed for true security. Let's make sure this thing gets stable before the RIAA starts hunting down Gnutella IPs.
  • Freenet is probably the best defense.

    On a slightly offtopic note, I was just wondering how many people find Freenet usable. It's hard to find useful information and it seems to be degenerating to a wasteland of p0rn. And the lack of search tools makes it difficul to find material.

  • It's well past time for our generally worthless politicians to get off their collective asses and pass laws against this kind of electronic stalking. I don't listen to music, it's so much white noise to me, but I am going to begin downloading songs because the RIAA pisses me off.
  • He's not monitoring anything by reloading the Napster web page every 10 seconds.
    That's not how you do it Lars
    --
  • Well thank you very much Mr. history major. That was not the point of my comments and you know it. Thanks for pointing that out, though. While I was aware of TJ's business in France, I was simply using his name because most people know that he is a big writer from those days, and most people believe that the Constitution was written and signed in 1776. Sad, right? Sorry... I just wanted a name, and I didn't think people would remember John Adams as well.
  • That's your opinion, and mine was mine. So based on your opinion of freedom of speech, then, what is so wrong about my comments? I merely stated what I felt, and all of you are saying that I am wrong? Freedom of speech, man. And thank you... but don't assume what I know or don't know about the Constitution. And you're right, there is no limit to what we can say, but there is a limit to the situations in which some things should be said. And somethings, regardless of our freedom to do so, should simply never be said.
  • those with less spare time and with some extra moneys on their hands. it is quicker to purchase CD from some on-line store than spending hours searching for some song, then download it in a highly-questionable quality mp3 format (and probably burning onto CD-ROM as well).

  • They hid it in "Program Files"? Bastards.

  • I've seen articles about advertisers spying on downloads in order to send "targeted ads", usually in the form of instant messages, to users about other products/songs/whatever they may be intrerested in. These protocols are totally open, so basically anyone can see waht you trade.

  • Two things (Score:3)

    by HerrGlock ( 141750 ) on Tuesday March 27, 2001 @12:11PM (#336560) Homepage
    With a couple thousand hits an hours security through obscurity DOES work for minor things like this unless RIAA has enlisted the help of the NSA for number crunching for who downloaded what.

    The other thing I wonder is why don't sites like napster et al use basic encryption techniques to keep WHAT is seen secret? It's not like there is a derth of encryption enabled software out there, much the opposite, recent browsers all can deal with port 443 and https. Start using it. Sniffers can only tell that a connection was made, they cannot tell what the contents of that connection did or is doing.

    Come on people, time to stop whining and start using what is available to us to keep big brother from tracking everything.

    DanH
    Cav Pilot's Reference Page [cavalrypilot.com]

  • ...up to 5 years in prison and/or $250,000 fines.

    Those are the statutory limits on a Class A federal felony. Yes, it is possible for a judge to impose that sentence, but if he did it would almost certainly be overturned.

    Federal felonies are sentenced according to some fairly strict guidelines [ussc.gov]. There's a tidy little table [ussc.gov] with the offense level vs. the criminal history. You get the offense level from another table (dollar amount of the theft) here [ussc.gov]. There's also a table [ussc.gov] for fines. It's almost like playing a role-playing game, isn't it?

    For a $40,000 to $70,000 theft, you get a base offense level of 11, which is 8-14 months and a $2,000 to $20,000 fine. If you take the usual plea deal, you drop two offense levels (4-10 months, $1,000-$10,000 fine) and should get the low end of the range. That's 4 months with probably no fine. You'd also pay restitution to the victim for the full amount of the theft. So you could be paying Metallica full price for every MP3 someone downloaded from you. People better hope Napster doesn't keep usage records.

  • Read infoAnarchy [infoanarchy.org] to stay informed on the latest spyware and tracking tools. I have submitted this story [infoanarchy.org] to /. last Friday (before publishing it myself), but it was rejected. Unsurprisingly, /. prefers stories that have already been verified by large sites like Salon and CNET (not exactly a good way to encourage alternative media).

    --

  • "Is the RIAA and its friends doing some kind of technology surveillance? Yes. Is it going to work? No. It's really dumb. It's another serious mistake by an industry going out of business in the stupidest way, bumping its head on the steps on the way down, because the record industry was always a bunch of thugs and that's what they still are."

    I really love this quote...It's a great analogy as to how the recording industry is acting. However, I have to ask myself, "Is the recording industry ever really going to go out of business?" Yes, the internet has made it easier for folks to get their music. Does this really help artists? I see how it could be a lot easier for an unknown band to get noticed, but how does it help them make money?

    I would love to see the recording industry split its head open on these "stairs", but is this really what we need?

    --
  • Does Lars know that Napster even _HAS_ a website?

    Does Lars know what a website _IS_?
    --
  • I've considered an encrypted P2P using SSL and using Public Key to authenticate users to limit who can browse your files.

    With the system I envisioned you would have a list of public keys of people that were allowed to browse your files to keep nasty spy bots out and would use encryption on the connection to make it very difficult to figure out what was being tranferred ... no telling if it was the latest pop single or my kids latest picture. I would build such a system on top of ICQ or AIM to locate your buddies.

    Up sides:
    It would be fairly untraceable, likely cause less attention because of the difficulty of mass infringment like Napster, and would have no central control athority.

    Down sides:
    If you are trying to get a copy of the latest pop single there are less people you could aquire it from.

    Frankly that's my "perfect" P2P ... I only want to share stuff with certain people anyways and I don't want people mooching off of me. I also don't want somebody else to snoop at what is being transferred.

    - subsolar

  • That's odd, I submitted a related article, one pointing to a good website: www.spychecker.com. My article also got rejected.

  • could we.. (Score:3)

    by slashdoter ( 151641 ) on Tuesday March 27, 2001 @12:06PM (#336567) Homepage
    Could we spoof them with a shit load of traffic? Sort of like the sig that people where adding to their e-mail to get Echelon? Someone could make a .vbs file that created a lot of junk traffic to and from a windows GnuTella client. I see them gathering a lot of harmful info on us, but they not only have to get the info, but they have to use it, and do it in a way that is profitable for them . we probably can't stop them from getting it, but we could make it hard to use any of it.


    ________

  • This is from the article referenced above:

    And if you get in trouble for having those Limp Bizkit tunes in your public directory, well, that's your own problem too. You are allowing the general public to pirate copyrighted tunes off your hard drive -- no matter if your own MP3 copies are perfectly legal.

    Could someone please explain to me why the hell it's illeagal to make something available to someone else? Isn't the crime in actually taking it?

    If I were to leave the door to my house unlocked, and someone came in and recorded all of the videos in my VHS collection, and left without harming a single thing in my house, have I committed a crime? What if I told this person that the door would be unlocked? What if I gave the person a list of the movies in my collection and gave them a key to my house?

    If that's not enough to make someone think twice about this file sharing thing, what about the case where I own or have developed or whatever, the technology to rip a couple of mp3's from my CD collection - all of which were obtained legally... Then, I send these mp3's to my best friend, who has also purchased the same CDs, but doesn't have a working CD drive in his machine (ok, this is highly unlikely, but still possible)... Was a crime committed?

    As for the "monitoring software"...

    If I were to post a sign on my door saying that it was unlocked and anyone who wanted to come in and copy my VHS collection should do so, I'd be a complete moron if I thought that there wouldn't be people there just to see what I had.

    Personally, I really don't care if someone wants to monitor my downloads et.al.- anyone who wants to badly enough is going to get their way. Next time you're browsing in the local bookstore, are you going to be looking around frantically for someone watching to see what you're looking at?

    Everyone seems to be overreacting to this "on-line privacy" thing - if you want privacy, you're going to have to work for it... Use a library computer, a co-worker's, your neighbor's - whatever. If you want privacy, the oness is on YOU and YOU ALONE. Don't start whining about how you're the powerless victim - TAKE YOUR BOX OFF THE WEB if you can't come up with a better way...

    If you don't understand how to use PGP, stop whining about Carnivore, or whatever other "radical" privacy invasion tools the government is comming up with. The only way you're going to be able to keep your stuff private is if you do just as much work as the people interested in your private stuff.

    Cordless phones allowed for the possibility of someone monitoring your phone conversations - now we've got 9 GHz phones - impossible to monitor? Probably not in the long run, but you'll just have to buy a better phone when it becomes possible...

    Alternativly , you could just stop talking... Likewise, just stop using P2P systems if you're hung up on the fact that someone somewhere may be able to find out what you're essentially broadcasting to the entire f***ing planet...

    -bs

  • "It might be stored on that node after you requested it, but it would be silly to blame someone for having some data on their computer that you put there. That would be akin to planting drugs on someone before arresting them."

    And we all know that never happens...
  • Since this enforcement software seems to run as a modified client for Gnutella, Napster, etc., why not encrypt the traffic between the clients, servers, etc. using some form of public key encryption (similar to SSL)? Then just place some boilerplate legaleze in the EULA to disallow any reverse engineering of the encryption, under the DCMA...

  • Freenet? (Score:4)

    by EvlPenguin ( 168738 ) on Tuesday March 27, 2001 @12:51PM (#336571) Homepage
    Freenet seems to be more or less immune to this sort of monitoring at the present time, due to the distributing the files throughout the network.

    Good, so now the ten people who use Freenet can sleep easy.
    --
  • More big brother tactics..."

    Big brother? I'm more worried about Icarus and Daedalus.... and how all are info gets routed through Area51, and how everything we do is monitored by something greater than our governments.... its all because of The Illuminati!!!

    Sorry... had a five hour session of "Deus Ex" last night...
  • The copyright infringer in Napster use is person downloading music they do not have the right to download. So while the RIAA surveillance sounds threatening, they're really counting on no-one calling their bluff. Consider:

    They must either show that I downloaded music (more difficult), and then show that I did not have the right to do this (more difficult again - especially if I own the CD, and for all their snooping, they don't know what music I own).

    Merely showing that I have files available is not enough, but unlike Napster (the company), showing that I benefited from someone downloading a file from machine (and thus allowing me to be caught as a contributory infringer) will be quite difficult.

    If I own the CD, do I have the right to download the music (space shift)? (I'm guessing the MP3 case suggests otherwise). If the case can be made that I do have the right, (perhaps via the betamax decision, which should still apply to individuals), can we launch a class-action against the RIAA for unjustified (or perjerous) complaints to our ISPs and intimidation tactics?

    Napster users may be walking a fine line, but so is the RIAA - their threats are based on some very contentious and unresolved interpretations of the law, and I don't think the law gives them the green light to do these things.
  • I think the RIAA would use the same argument they used against Napster - you may not be directly violating the law, but you're deliberately trying to help people break it. And we all know how successful Napster was at defending itself.

    That's I was talking about when I said contributory infringement - Napster very obviously made millions of $$$ from the infringement, thus the court found it to be a contributory infringer. But a Napster user on the other hand, makes little or nothing, and it is not obvious that they are doing anything that Betamax wouldn't allow, so the RIAA would have a much tougher case ahead of them, if they could make one at all.

    Damn, there are so many consumer rights issues and questions that need to be resolved by the courts, and having them resolved by cases run by a team of MPAA and RIAA lawyers isn't a pretty thing to watch :-(
  • The only 'evidence' excluded because it was obtained illicitly is 'evidence' obtained by the government or an agent thereof. This "exclusionary principle" does not apply when the obtainer is a private entity (person or company). Thus, even though a crime or misdemeanor may have been committed by such a private entity in obtaining information or property used as evidence, it is NOT excluded for this reason. (Indeed, if it were, then stolen property itself would be excluded as evidence of theft. D'oh!)
  • What I want to know is where they came up with the values for the fine? Same with the huge statutory damages. If a cd costs $15, and has 7 songs, each song is about $2.50.

    How does one infringment cost $150,000 in damages? Supposing I distribute 1000 copies of it, that's still only $2,500 in damages, and the odds of distributing that many copies are slim.

    This is after a $250,000 criminal fine? 5 years in prison? If someone were to get drunk and hit someone while driving, they'd be punished less severely. This is total BS.
  • That's some nice math there on my part. 15/7 = 2.5??

    so scale all the numbers down a bit.. makes my point even more ..
  • Seems to me that a simple closed-source client/server system using medium crypto could prevent the spying.

    It can't be R/Eed without violating the DCMA, so no one can write an agent for spying.

  • This doesn't bother me nearly as much as AudioGalaxy putting Webhancer on my hard disk. After reading the comments here I downloaded and ran AdAware and found it (thanks /.)

    To think I actually trusted someone. BTW, AdAware is excellent.

  • It may be that they publish a bogus IP address on purpose .

    Sort of like saying, "I know what you did and to whom, and that your telephone number is 555-1212."
  • I remember noticing an invalid IP (above 300 IIRC) in "The Net" (Sandra Bullock). Haven't seen Antitrust.
  • It would probably be enough to have your mobile code use an API (force them to use it, actually) which allows the code to migrate but prevents it from spreading lika a virus.
    Combine that with a way to account the originating user's / computer's network usage, and you can start having fun.
    I like your ideas about paying the cycle providers, though. Although I think that cycle usage (and ofcourse also network usage) should be free.
  • Don't you just love it when some wannabe Constitutional scholar tells you how the founding fathers thought?

    I think the conversation probably went something more like this (and so does the ACLU!):

    Madison to Jefferson- "Hey Tom, don't you think that wording is a little vague?"

    Jefferson- "Yea, Jim you know it is. But it's that way because I don't have a time machine so I can't predict the future and what the people will want to do 250 years from now."

    Madison- "Good point Tom, that's what the Supreme Court is for."

    And by the way, yes you do seem biased which does cast doubt on your arguement in the first place. But, by definition, you can't prove a negative.

  • Yes, Freenet is a sea of porn. But it is not degenerating. It is becoming more and more useful as more people use it for other things. And searching is one of the main issues that are being worked on. Now my offtopic note:

    We have centralized peer-to-peer networks (Napster) and completely decentralized p2p networks (Gnutella, Freenet). Would not a dynamically-centralizing network be better? It would be something like a Napster system where every client also has OpenNap code in it. So it is basically a two-part p2p system. Clients on the lower part (dialup) pass up searches to the upper part (some of the fastest cable, dsl, etc users), who then perform the search like any OpenNap server. The only completely decentralized part would be the passing of search server lists. When each client gets a server list, it will update its own internal list. It then pings each server on the list. If at least one is below a certain ping time, the client just passes on the server list. But if no servers get a fast enough ping, the client turns itself into a server, and adds itself to the list. When a client does a search, it will send the search to the closest (ping-wise) server, and those servers will contact the other servers, and so on. The system will limit the number of servers to a small percentage of the client population, and high-bandwith machines will be favored as servers. Servers could choose to only remain a server for a few minutes, and then give up their server status. This would make it almost impossible to bust those people who are running the servers. Does anyone know of a project that works like this?

    ---

  • I think it would be difficult to monitor downloads. Uploads, or rather, making files available on a P2P network, on the other hand, would be far more easy to moonitor, I'd think.

    --
  • And there they are in the article, talking about how great Freenet would be as a Napster successor.

    AAAAAAAAAAAARRRRRGH!!

    Why can't people leave this ALONE until the RIAA finishes destroying itself? It's still quite powerful enough to do away with Freenet, be certain of that. You're all going to snidely remind me of Freenet's intricate security features... Folks, that doesn't mean a damn if the physical machinery used to constitute it is put a stop to. The RIAA can and *will* destroy Freenet if it becomes the "new Napster".

    Jeezus Christ!!

    Salon.com pisses me off frequently, but Today Is Special. No amount of beautiful and inspiring speeches from Messrs. Boucher and Moglen can save us if something isn't done. The only thing I see at the moment that is do-able within the time frame we're talking about, is sitting back and pirating on GNUtella and letting the RIAA finish bringing about its own doom.

    Instead, we have the whole jolly Napter crew giving a big hearty "nyuck nyuck" and charging off to Freenet. The RIAA's lawyer-guns merely require a slight adjustment in aim and declination, and the bombardment recommences. =/

    -Kasreyn
  • Sorry, I see it the same program.
  • I just don't understand why the RIAA doesn't realize the absolute gold mine they're sitting on. They have the potential to reach millions of listeners, and what do they do? They try to shut it down.

    The recording industry's business model is woefully outdated. They're playing the traditional head in the sand role. If they'd wake up and realize what they had here, they'd drop this whole mess! But of course, this is corporate America we're talking about. They've had this case of cranial-rectal inversion for quite some time.
  • I've said this same thing over and over again... As soon as FreeNET gets search capability (downloads a list of all available files from connected hosts and updates the list every few minutes) it will kill Gnutella because your bandwidth matters little, popular files are automatically mirrored so you don't end up being the only person making something available, and people are anonymous...

  • Good luck (Score:5)

    by Safety Cap ( 253500 ) on Tuesday March 27, 2001 @12:07PM (#336590) Homepage Journal
    As technology advances, we leave the would-be-surveillance folks in the dust. The only thing they can do is a few high-profile busts.

    I can imagine what would happen if/when I get busted. I may pay a fine. Heck, I could see a few days in jail (doubt it for a non-violent crime, but this is the RIAA we're talking about here). More importantly, I would never, ever, ever buy another CD from that organization again. If it was the RIAA that was behind the persecution, then I'd boycott their member companies. What do they get? One less customer.

    How long can record companies last that piss off and alienate their customers? It will be very interesting to see what happens when the contracts of well-known (and lesser well-known) artists come to an end.

    That will leave them free to get with a good web host, a couple of programmers and voila - downloadable songs at a reasonable price. Who needs Best Buy/Tower Records/RIAA?

    They can run, but they'll only die tired.

  • Imagine the amount of cash RIAA will have to sink into both manpower and hardware to do this snooping effectively. Janelle Brown (the Salon writer) is correct; the music industry's efforts would be much better spent on innovation rather than trying to defend an out-dated business model. Little more needs to be said.
  • I believe that the RIAA and Napster were made for each other. I have no time for the whiny complaints of a multimillion dollar VC startup (now controlled by Bertelsman) whose business plan is to make money distributing other people's copyright.

    If folk must trade Warez then they could at least save the rest of us the holier than thou "we are doing the artists the biggest favor" line.

    Napster is no longer the threat to the RIAA, and not just because the filter means that it is no longer any use. With Napster the unit of exchange is the track. With an MP3 player built round a large hard drive the unit of exchange is suddenly the CD collection.

    I have one of the Acrchos devices and have so far ripped about 40 CDs for my own use. However there is nothing to stop me from copying my CD collection onto the Jukebox and then going round to a neighbor and copying them onto his hard drive.

    What is more this mode of exchange is probably 'fair use' since it is genuinely peer to peer and does not involve Napster corporation acting as middleman contributing to the infringement.

    Jukebox copying does not have the same geographic reach as Napster. But the number of tracks exchanged at a time is dramatically higher.

  • I'm wondering how legal it is for a company to collect this kind of information. Are there any lawyers out there who can give an opinion? I know the argument about how the internet is all public, but there is such a thing as "expectation of privacy". That's what prevents companies from putting cameras in the employee locker rooms and bathrooms. Wouldn't that apply to the internet, at least as far as p2p goes?
    Does any corporation have a right to gather information on individuals? Maybe they can for advertising purposes (and maybe not) but for law enforcement?
    I think of it this way, if the RIAA suspected me of running a bootleg CD business out of my home, would it be legal for them to park across the street and take pictures with a telescopic camera? To use a high-powered microphone to listen to what I do in the house? To tap my phone line, or try to intercept my cel phone signal?
    I don't think that would be legal. Certainately it wouldn't be ethical.

    For the record, IANAL (that should be obvious), but I really wonder about this.

  • Side question : has anyone tried a defamation suit against the RIAA, or is a takedown notice protected by some special exemption in US law (yet again) ? I mean, it seems that all the elements are present : (1) publication (2) to a third party (3) of a fact that cannot be proven to be true.
  • So all Napster users who pirate MP3s are deliberately breaking copyright law in order to knock the RIAA down a step

    No, they're doing it to get free music from the world's largest catalogs of downloadable music.

    and thereby helping the smaller artists?

    As a side effect, yes.

    If it will give you some perspective on the issue, I spent a couple of years working for a large company that was trying to achieve exactly what the record companies would ostensibly like to see. A secure music delivery system that protects both the rights of the artists and the rights of the recording companies. The intent was to let the record companies do the intelligent thing and create a legal channel for distribution. In the back of our heads, we thought-- hey, this would be a good thing. Maybe this will help smaller labels and independent artists too.

    Of course it didn't work out, not that we didn't spend a huge amount of money in the process. Along the way we spoke to a lot of artists, many of whom expressed intense frustration with their labels-- but they were bound by their contracts. Attempts to market unknown bands met even less success. Unfortunately, a few millions of dollars later, we were no nearer a solution, and we gave up. Knowing how difficult it is for a company with a significant budget to change things, I wish it were possible for the artists to rectify the situation on their own, but such a possibility is wishful thinking when the RIAA studios control the radio stations, distribution and vast amounts of promotion.

    Napster and its ilk are certainly not legal or even ethical, but they do light a fire under the recording industry, and give artists new means of distribution. As it's unlikely that the record companies are actually going to start offering competitive prices, or allowing artists to shop around for the best deal, this is unfortunately the best chance there is for the situation to change.

  • Re:could we.. (Score:3)

    by dachshund ( 300733 ) on Tuesday March 27, 2001 @12:58PM (#336597)
    In fact, I'm suprised that the RIAA hasn't hired consultants to start polluting the Napster and Gnutella services with junk files, broken links, and anything else they can think of to make the systems unreliable and hard to use

    Why bother? Gnutella has all of these features built in.

  • Re:Good luck (Score:3)

    by dachshund ( 300733 ) on Tuesday March 27, 2001 @01:17PM (#336598)
    Don't forget, musicians would like to make money.

    The vast majority of artists don't get signed by the cartel that comprises the RIAA. Those fortunate enough to get the labels' contracts (they are binding and non-negotiable) often find themselves a few years down the road owing money to the label. Courtney Love wrote a surprisingly coherent article [salon.com] on the subject a while back. There are even more detailed accounts if you look around a little bit.

    You'll note that the artists agitating against Napster and 'piracy' are mostly at the top, members of the very exclusive club of recording-industry success stories. The truth is, the vast majority of artists would be better off if there were an alternative to the record labels. Maybe knocking the RIAA on its ass will open the industry up a little bit, even if it does mean that artists' ways of making money will have to change.

  • Get serious. Freedom of speech is freedom of speech, not freedom of speech subject to some definition of hatred, stupidity or indecency. Read the friggin' Constitution instead of telling us what you think about the ACLU. "The problem with freedom of speech is that it is disruptive. The problem with limiting free speech is that there is no limit. I'll take the disruption."
  • I think its a question of the files not made available that scares me. I was banned from napster because of an apocalyptica *cover* of a metallica song that was _not-in-a-directory-shared-via-napster_. It was the only thing even resembling metallica in my home at the time it was "detected" and got me banned. This tells me that some one made a quantitative judgement about the legalities of my filesharing activities on the web based on the _name and file format_ of a file that was in a directory that they _allegedly_ did not have the ability to see. This is fully documented with napster. I haven't used gnutella or napster since. What if some of the more obvious commercial concerns were to use P2P networks as a means of looking for installed directories of certain proprietary apps and then back tracing the source to see if they were legitimately purchased or pirated?

    Maybe this is a case of paranoia=awareness?

Slashdot Top Deals

A morsel of genuine history is a thing so rare as to be always valuable. -- Thomas Jefferson

Close