Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Privacy Education The Internet

U of Wyoming Fingerprinting All P2P Traffic 533

mk2mk2 writes "News.com has an article on how they're preparing to shut down P2P sharing of copyrighted content: 'For months, the digital equivalent of a postal censor has been sorting through virtually all file-swapping traffic on the University of Wyoming's network, quietly noting every trade of an Eminem song or "Friends" episode.'" It's scary until one realizes that most P2P traffic isn't encrypted, like back when everyone still used telnet.
This discussion has been archived. No new comments can be posted.

U of Wyoming Fingerprinting All P2P Traffic

Comments Filter:
  • Eh? (Score:4, Funny)

    by whig ( 6869 ) on Thursday February 20, 2003 @07:07PM (#5347987) Homepage Journal
    Why does the fact that it's unencrypted make it non-scary?
    • Re:Eh? (Score:2, Redundant)

      by daeley ( 126313 )
      From the article:

      Finally, innovations among peer-to-peer software developers themselves could limit the use of the monitoring tools. Most file-swapping communications today are unencrypted, or transmitted relatively openly over the Net. If monitoring and blocking tools were widely introduced, new software programs could easily develop ways to encrypt or scramble the data in transmission in order to make it unrecognizable by Audible Magic's tools or other databases.

      "Clearly that's a problem," said Ikezoye, adding that his company still would have markets in this eventuality. "It's always a concern, particularly from private corporations, to have encrypted data flowing out of your network. We definitely see an opportunity in corporations."
    • Re:Eh? (Score:5, Funny)

      by petwalrus ( 645792 ) on Thursday February 20, 2003 @07:11PM (#5348028) Journal
      Sounds not like a case of too few double negatives causing non-clarity to the writer.
  • by EvilSporkMan ( 648878 ) on Thursday February 20, 2003 @07:09PM (#5347999)
    What about FTPs? Direct file sending over IM clients? Usenet? IRC? Good luck, RIAA...
    • That's fine until the RIAA gets so desperate that they get the laws lobbied in and come and break down your door and arrest you if they detect that you trade files. That would be enough of a deterrent for most people.

    • by aridhol ( 112307 ) <ka_lac@hotmail.com> on Thursday February 20, 2003 @07:23PM (#5348154) Homepage Journal
      Not necessarily. What happens if, instead of listening to traffic on a single protocol, they just listen to all traffic, regardless of the headers? Which they, being in control of the routers, are perfectly capable of doing.

      Remember, as long as it's on their network, they can do whatever they want with it. You may not like it, but that's the way it works.

      • by EvilSporkMan ( 648878 ) on Thursday February 20, 2003 @07:30PM (#5348201)
        Well, they still can't stamp out the CD burner and the "analog hole". Sales of CD-Rs should pick up after measures that serious are put into place, and nothing beats the bandwidth of handing your buddy a spindle of CD-Rs. Also, I don't know much about encryption, but couldn't someone and their friends agree on an arbitrarily huge key in person and trade their little hearts out?
      • What happens if, instead of listening to traffic on a single protocol, they just listen to all traffic, regardless of the headers? Which they, being in control of the routers, are perfectly capable of doing.

        Actually they probably can't do that. At least not without some pretty extreme hardware.

        Typically you get to a point where you have to use RAM buffers to save data and then have multiple network listeners which swap so they can save the data to disk. If you have a large amount of traffic you soon get to a point where you can't store all data.

        But sure, it's their network, so they can do what they want. Just as long as they don't mind me using encrypted channels. ;-)
        • You don't have to listen to all the traffic. Just enough to fingerprint it. Or watch the opening of all the traffic - file transfering protocols have to identify the filename somewhere. If it's a suspicious filename, store the traffic on that stream for later analysis.
    • ...or freenet. It's major file trading app (FROST) is busted right now, but the web component works just fine.

      Of course it is kinda hard to find the sites when there isn't a functioning search engine.
  • oh my! (Score:4, Funny)

    by Joe the Lesser ( 533425 ) on Thursday February 20, 2003 @07:09PM (#5348001) Homepage Journal
    Someone wasting bandwidth on a 'friends' episode is scary indeed!
    • For months, the digital equivalent of a postal censor has been sorting through virtually all file-swapping traffic on the University of Wyoming's network, quietly noting every trade of an Eminem song...

      I'd been *wondering* when someone was going to finally do something about his lousy music! U of W's spearheading a regular cultural revolution! :-)
    • Re:oh my! (Score:5, Informative)

      by Anonymous Coward on Thursday February 20, 2003 @07:25PM (#5348168)
      Its a joke, but shit like that actually costs MORE money than the stupid music.

      People downloading good quality TV shows and movies are probably using orders of magnitude more bandwidth than people downloading many, many more songs.

      • Re:oh my! (Score:4, Informative)

        by Nemith ( 114402 ) <bennetb AT onewest DOT net> on Thursday February 20, 2003 @10:30PM (#5349302) Homepage
        Acutally it's not the Music that Brad Thomas and UW is worried about. It's the bandwidth. I belive UW only has one 155mbit ATM link to the net. This link is shared with voice, video, and remote backups. When I was working for brad thomas he was having paying people complain about video being choppy so something had to be done. Now with ports jumping all around the place it is harder to find p2p programs which have a sponge effect on the outpound pipe.

    • Re:oh my! (girls) (Score:5, Insightful)

      by $$$$$exyGal ( 638164 ) on Thursday February 20, 2003 @07:42PM (#5348281) Homepage Journal
      I bet there were a lot more copies of "Girls Gone Wild - Spring Break #19" sent around the campus than "Friends - The one where they shave a turkey". If the University decide to stop Friends from being distributed, then should they also stop the porn? What if the porn doesn't have an easily found copyright? Who's going to verify which porn is copyrighted? ;-)

      It's different if they just want to conserve some bandwidth, but if they are just trying to stop the distribution of copyrighted works, then that sounds like an impossible task. Who owns the copyright on "Redhead Sticking a Cucumber up her Ass" ?

      --sex [slashdot.org]

  • Scary until? (Score:4, Insightful)

    by Halo- ( 175936 ) on Thursday February 20, 2003 @07:09PM (#5348004)
    No, I would say scary after. If it were encrypted, if would be much harder to do.

    I suppose you could claim "spoofed ip" ...
    • Well how long till everything becomes encrypted.? It's gonna take a few guys going to jail. Can't wait till they encrypt computer monitors. U're gonna have to use special decrypting goggles:P
  • SO, i guess they have no problem with ME running a sniffer on all traffic on their network? I mean, since they feel its ok for them to do it, its ok for me to do it.
    • Heh, nowadays everything (wired, at least) is microsegmented -- you won't be able to sniff anyone else's data. Now, insecurely encrypted wireless links which are cropping up in a lot of universities nowadays, is a whole another story.
    • by davmoo ( 63521 ) on Thursday February 20, 2003 @07:15PM (#5348068)
      There is one small point you are overlooking here. They (the University of Wyoming) own the network they are snooping...you don't. That is what makes the difference between it being okay for them to do it and not okay for you to do it.

      • by alienw ( 585907 ) <alienw.slashdot@NOsPAM.gmail.com> on Thursday February 20, 2003 @07:43PM (#5348287)
        If I own a telephone set and an associated line, it would still be illegal for me to record my friend's conversation when he's using it, at least without asking his permission first. A company can't legally record its employees' conversations, either. Your argument does not apply.
        • Uhhh, you didn't read the TOS on your Univeristy Network did you? They should have given you one, they generally include a clause that they have the right to monitor every bit you save on a harddrive they own, and every bit you send over the wires they own.

          Now a public phone company doesn't have that right, because it's not in their TOS, and if they put it in their TOS, somebody would fight it as being an illegal invasion of privacy. The Internet, and a University network at large aren't seen as a common enough utility, that is necessary for living in the current society to warrent those kinds of protections yet. At some point the Internet might get that kind of protection. However, given the proliferation of networks, my guess is that it will be a market driven thing. Phone companies are monopolies, so they have a lot more regulation then a University network ever will, because you can always get network access from a dozen other places if you don't like the terms of service the University has. A University is also a lot like a place of business. My company has the right to monitor everything I do on their equipment. All their wires, all their harddrives are fair game for them to search. It's a term of my employment. They also own all of the things I do on their computers that's in my IP agreement. They also can restrict my free speech because I signed an NDA agreeing that as a term of my employment, I can't talk about certain areas of expertise I have to other companies.

          Technically, you don't need his permission to do record his conversation, you just have to tell him you are doing it (it's subtle, but there's a difference, he doesn't have to concede it's okay, he merely has to hear you say it's the case). If he continues to use the phone, I don't believe there is anything illegal about it.


        • by davmoo ( 63521 ) on Thursday February 20, 2003 @11:50PM (#5349700)
          Some others have already replied to this, but I'm going to reply too anyway, just because it gives me the warm fuzzies to do so.

          And sorry, you're wrong on both counts, but thanks for playing along anyway.

          I won't swear to this for all 50 states, but I know for a fact that in both Indiana (where I currently live) and Kentucky (where I used to live), if you're talking to me on my phone line, I can legally record that call any stinking time I want to, whether you know I'm recording or not. And which one of us originated the call is irrelevant. And if you come over to my house and use my phone to call your Aunt Bertha, I can still legally record it without either of you knowing it.

          And a company can listen in on, and record, any conversation they want, so long as the policy that they are doing so is spelled out to the employees beforehand. They can also monitor what you do on the office computer, etc etc. And there are a number of court decisions affirming the rights of a company to do so.

          I'll bet money that buried somewhere deep in that University of Wyoming Student Handbook there is a clause that says "its our network, we'll snoop it any damned time we want, and we'll block anything we want too", or words to that effect. If you don't like them snooping on you, then the solution is simple...don't use their network.
      • by bleckywelcky ( 518520 ) on Thursday February 20, 2003 @10:01PM (#5349167)

        That's where the power hungry politicians in the University world have it wrong. The students own the network, not the administrators. The students have paid for the network and are paying the administrators to operate the school. I really am quite confused as to who the heck some of these people think they are, implementing measures like this. It would be like hanging from a rope over a gorge and cutting the rope because it's violating copyright law. I have a feeling that once the whole student body catches wind of a P2P crackdown on campus that there will be massive protests and possibly riots. Like the incident at Michigan State University when the University decided to ban alcohol on campus. The whole freaking place went to hell, rioting on campus, cars on fire, etc. I think the reason that we are not hearing more opposition from the people who pay for the networks is probably the same reason that most of the computers that these people use leave port 139 open.

        Let the police do their job and RIAA push the police to do a harder job. The university administrators should stay the heck out of it unless there would be legal implications for the university. Afterall, the administrators are there to make the university a better place for the students, not for the RIAA.
        • Uh no (Score:3, Informative)

          by NDPTAL85 ( 260093 )
          You are seriously mentally deficient if you think students own ANYTHING that the University owns. Tuitions don't even cover the total costs of getting an education, and haven't for decades. Ever hear of Endowment funds? If anything, the alumni own the universities along with corporate donors, the government, and philanthropic individuals.

          And no there won't be riots. Not as many students think stealing someone else's intellectual property is as important as being able to get your class mate drunk enough to date rape her.
    • by t0qer ( 230538 ) on Thursday February 20, 2003 @07:15PM (#5348073) Homepage Journal
      SO, i guess they have no problem with ME running a sniffer on all traffic on their network? I mean, since they feel its ok for them to do it, its ok for me to do it.

      Dude you are so off base you should be modded a funny. (Mods, please read parent before modding me)

      The point is, it's THEIR network. It's not the student network, it's not the taxpayers network, it's not even the Alumni's network. It belongs to the University plain and simple. University is for research, not d/l pr0n or sharing eminem. Students are given access to the internet in their dorm rooms to assist them with their studies.

      If I caught you running a sniffer on my network, I would yank that patch cord leading up to your room so fast it would make a "whooosh" sound like a whip cracking in the air.
      • by chrysrobyn ( 106763 ) on Thursday February 20, 2003 @08:14PM (#5348477)

        The point is, it's THEIR network. It's not the student network, it's not the taxpayers network, it's not even the Alumni's network. It belongs to the University plain and simple. University is for research, not d/l pr0n or sharing eminem. Students are given access to the internet in their dorm rooms to assist them with their studies.

        That certainly is an interesting point. Please allow me to offer a counter point.

        Universities are there for learning and growth of their students and faculty. They are not all about books and studying and stuff like that. Universities sponsor football -- why? Student unions and governments -- why? Those are extracurricular activities that help the students grow as people, round them out, etc. Ever meet someone in real life who thought university was there for books and no socialization? I've met one, and let me tell you, communicating to get to the immense book-smarts was tough, and he was not prone to creative, reasonably practical ideas.

        The university network is there primarily for learning, but there should be a reasonable amount of respect for personal growth and exploration. I'm not sure I want to argue that pirating friends episodes and pornography are aiding that pursuit, but maybe they are. The university should make a reasonable effort to allow the students to do explore their freedoms and help enforce the law when subpoenaed to do so. I think it can easily be argued that the downloading of friends episodes leads one to think about copyrights and what use they have in the real world. The exploration of pornogrpahy, it can be argued, helps educate the "consumer" what he (or she) thinks about the impact on the models as individuals.

        My education was, believe it or not, furthered by playing with a little known Unix clone named "Linux". It wasn't supported on my campus network, and there were times when I used bandwidth for this side project that did not contribute directly to my studies, but I believe it was worthwhile. I played Doom over Kali, and ended up learning something about network latencies and bandwidths. Completely illegal on the campus network, I even ran a password logger for some time -- this turned out to be a very powerful lesson in cryptography and network security. I did not have the money to set up a legitimate private network to explore these issues, but this was education that helped me become the person that I am.

        I believe that university and college dorms are there, not for the exclusive pursuits of scheduled academia, but for the students to explore their own educations, as they pertain or do not pertain to their class schedules.

    • So, i guess you have no problem with ME running around in your living room wearing my boxer shorts and nothing else? I mean, since you feel its ok for you to do it, its ok for me to do it.
  • Privacy (Score:4, Insightful)

    by Telastyn ( 206146 ) on Thursday February 20, 2003 @07:10PM (#5348022)
    Why's this under privacy? There's no reasonable expectation of privacy using someone else's network. Especially when the stated policy upon arrival almost certainly says "don't do this"
    • by vena ( 318873 )
      what constitutes your own network?

    • Use the same logic when we're talking about an ISP monitoring you, then see how the crowd reacts...

      I, for one, agree with you. Whether it's your university or your ISP, you're using their network, you follow their rules, and they're allowed to enforce it however they want, including sniffing your traffic. Don't like it? Find a new provider or use encryption.

    • Re:Privacy (Score:5, Insightful)

      by theLOUDroom ( 556455 ) on Thursday February 20, 2003 @07:32PM (#5348216)
      There's no reasonable expectation of privacy using someone else's network.

      Yes there is. Just like there is if you're living in someone else's house, aka, an apartment. At my school students have to pay for their internet access. This makes the school an ISP. As a business providing a service and can't just "do whatever they want".

      Do you own your phonelines? Is it okay with you if the phone company records every conversation you make to check for illegal activities? They are their phone lines you know, you have no easonable expectation of privacy using them. Too bad, I guess you should have encrypted all your phone calls.

      One of these days, an ISP or school will get sued for pulling this shit. Network traffic can contain some very personal information. AFAIK I have never signed anything that would let my isp monitor ALL my traffic continuously. Most service contracts suggest that the may be some montioring to ensure network performance, but it would be pretty damn easy to prove that this was not what they we doing if they were continuously monitoring my traffic for an extended period of time.

      Of course, the real solution is to encrypt your traffic. Then you get to have your ISP prosecued for a serious crime (at least much more serious than copyright violation) if they do manage to break the encryption.
      • Re:Privacy (Score:4, Interesting)

        by Tackhead ( 54550 ) on Thursday February 20, 2003 @08:17PM (#5348501)
        > Network traffic can contain some very personal information. AFAIK I have never signed anything that would let my isp monitor ALL my traffic continuously. Most service contracts suggest that the may be some montioring to ensure network performance, but it would be pretty damn easy to prove that this was not what they we doing if they were continuously monitoring my traffic for an extended period of time.

        Funny, ensuring network performance is kinda what university monitoring of traffic is about, isn't it? How do you think QoS or packet-shaping works?

        The interesting question was when someone pointed out that it's not your network unless you laid the fiber yourself. I think there'll be some very interesting cases in the next few years with regards to setting up wireless access points. A wireless mesh network, in which 100, 1000, or 10,000 users allow their boxen to be used as access points, is indeed one in which the users "own the pipe".

        At 100 users, odds are that "someone else" owns the pipe where stuff eventually goes through. (Like your University owning the pipes through which much of your dorm's P2P traffic eventually goes.)

        At 10,000 users, that's not necessarily so. A mesh network composed of 10,000 Freenet nodes scattered throughout a city might be able to cache Titney Spears' "OopsYouGotFuckedbyRIAAAgain.mp3" within itself -- and thus the "pipes" through which the MP3z flow are indeed owned by the users doing the flowing.

        Both cases are clearly copyright infringement - but the latter case would be much more interesting from a legal perspective - RIAA has the right to ask the University to sniff its traffic, but do they have the right to sniff your traffic?

        (The Feds, of course, suffer from no such restriction, but that's because we've given them the authority to enforce the law and laid down rules that govern when/what/who they can sniff. But unlike the Feds, RIAA has no more authority to sniff than you or I do. Fuck 'em :-)

    • Except that when you use the Internet, you're always using someone else's network.
  • Of course this is a good endeavor to stop piracy, but the question is: Even after they successfully identify each user, can they effectively shut down each of the machine? They can do it for their student, and probably *AA will jump in for the big-brotherism. But can they do it for the rest of the world? I think not.

    So, if they do this again -- it's like Napster story once again. New, better P2P softwares will spring up and it's more resilient and equipped with military strength encryption and stuff, which will in turn annul their previous effort.

  • ...we rot-13 encode everything. Big deal.
  • by aSiTiC ( 519647 ) on Thursday February 20, 2003 @07:12PM (#5348035) Homepage
    It will only take a few arrests of young college students in the States to pressure the release of secure sharing over P2P. That's probably one of the reasons the RIAA isn't targeting anyone in the States yet. They are testing the waters in Australia however, but they don't want the P2P networks to go secure until they have cataloged everything they can.
  • Won't work! (Score:5, Interesting)

    by FreeLinux ( 555387 ) on Thursday February 20, 2003 @07:12PM (#5348043)
    This new technology will last for about 1 day. That's how long it will be until Kazza, Gnutella, Limewire, et all will switch to an SSL encapsulated protocol. Suddenly all the "fingerprints" will be shot. Each and evey download of the exact same file will have a different, unidentifiable, "fingerprint".

    Sounds to me like this company took a copy of Snort, set up a few rules for the "fingerprints" and sold it to the University of Wisconsin. What a waste of money!
    • Sometimes, my stupidity amazes even me.
    • by Doppler00 ( 534739 ) on Thursday February 20, 2003 @07:25PM (#5348159) Homepage Journal
      All they need is software that emulates kazza or other P2P software and attempts to make connections to user's computers. Unless you do filesharing with people you trust, there is no way you can hide what kind of traffic is being sent. On the client side, the person not sharing files, I guess you could use encryption, but then you know what that will lead to in universities? A ban on high-bandwidth encrypted connections. As long as it's a problem I think the technology to detect P2P will keep up with the P2P software itself.

      Besides, if I went to that university, I wouldn't want my research slowed down because some freshmen was trying to download Friends episodes.
    • Re:Won't work! (Score:5, Insightful)

      by ColdForged ( 453024 ) on Thursday February 20, 2003 @07:25PM (#5348170) Homepage
      That's how long it will be until Kazza, Gnutella, Limewire, et all will switch to an SSL encapsulated protocol
      I've said it before [slashdot.org] and I'll say it again, and I'll bold face it for good measure:

      If administrators can't distinguish "good" traffic from "bad" traffic, they will have no choice but to simply remove any access at all to the Internet from the problem subnets, namely dorms.

      So, encrypt the traffic. Make it so that nobody can tell what's inside the stream. That's dandy. But if P2P usage makes it such that researchers can't get the resources or bandwidth do actually do their work or are significantly impacted (the argument of whether researchers are doing anything more than reading Slashdot or Dilbert is for a separate post), even if the traffic isn't recognized as P2P per se, you can bet that this will be the next step.
  • that I'll be punished for stealing songs, if they release details, my freinds will never let me live down my collection of Ricky Martain MP3s!
  • Wide adoption of THIS [locut.us] project as reviewed on slashdot a while ago.
  • by bizitch ( 546406 ) on Thursday February 20, 2003 @07:17PM (#5348085) Homepage
    What sucks about giving freedom and liberty to people (or even college students!) - is not knowing ahead of time what they might actually do with it.

    You know - like invent a decentralized p2p network and trade music files with it ...
  • Telnet (Score:5, Funny)

    by DJ FirBee ( 611681 ) on Thursday February 20, 2003 @07:17PM (#5348089) Journal
    Yeah, I remember telnet.

    It's been like .... hours since I have used telnet.

    Those were the days.
  • Is it scarry ? (Score:3, Informative)

    by barwil ( 647219 ) on Thursday February 20, 2003 @07:17PM (#5348091)
    I don't think so. Everybody who is using the Net should be aware that he/she can be watched. P2P networks do not encrypt data because the idea behind it is to share. If you want to find out who is sharing files you don't have to monitor the traffic. You can just join the party :) It means that no encryption would help. If you share your copyrighted material you can be watched by the RIAA and their friends. I don't personally think it's dangerous for the p2p users (there are too many of them out there) but it's good to know barwil
  • by taniwha ( 70410 ) on Thursday February 20, 2003 @07:17PM (#5348094) Homepage Journal
    Presumeably they are searching for strings of bits that are the same as some copyrighted work once it has been mp3 encoded some particular way .... what happens if my object happens to contain the same string of bits at some random location in it?

    It's pretty obvious you can't copyright a length 1 bit string, so how many bits do you need before you own it and I don't? 10? 100? 10,000? I know you can't trademark a number, can you coprright one?

  • by reezle ( 239894 ) on Thursday February 20, 2003 @07:17PM (#5348095) Homepage
    Well, I'm sure this will appear in the large ISP's if it's proven to work on the small-scale...

    Perhaps with this 'fingerprinting' technology the big boys can just charge us the ($.50/$1/whatever) a song they want from us anyways? Instant delivery system for them that they didn't even have to build!

    This whole deal about copyrighted material somehow reminds me of the war-on-drugs... Making criminals of all the users didn't work there... Trying to stop the supplies at the street level didn't work either. The only thing that will work is legalizing the controlled substance... then taxing the hell out of it... hehee
  • by Featureless ( 599963 ) on Thursday February 20, 2003 @07:18PM (#5348101) Journal
    This claim is interesting in a variety of ways.

    If the notion of privacy in our communications is going to be utterly discarded, I rather wish the school had elected to eavesdrop on every phone call made on campus to help catch thieves, domestic abusers and other violent criminals, etc.

    There are plenty of people who say what goes on the internet shouldn't be private; that there's no expectation of privacy there. I guess we'll get into this issue a bit on this topic. Just please don't forget to have a little imagination. This is all new. We're making the rules as we go along. Sometimes I think if the phone had been invented last year there wouldn't be an expectation of privacy on phone calls either.

    Remember this is a "private" institution doing this, i.e. not a law enforcement agency. Remember that just because they can write a fancy terms of service that authorizes them to do whatever they want with the network, it doesn't make their actions legitimate, let alone moral.

    Finally, most interestingly, remember that Fasttrack (i.e. Kazaa, etc) is encrypted over the wire (see this link [levillage.org]). There's nothing saying that the whole thing won't be reverse-engineered and cracked sooner or later, but to my knowledge, that hasn't happened yet... of course, that could just be last I checked.
    • A big difference between the internet and the phone is that it's very difficult for a normal person to encrypt his phone calls. I don't know of any commercially-available phone scrambling boxes, much less a cheap, unbreakable one.

      But on the internet, it's very easy to make sure that only you and the guy on the other end can actually read what you send over the wire. Even if your network is totally insecure, and has the local police, the FBI, the Secret Service, and the NSA (although maybe not the NSA...) all watching over it, you can still use heavy-duty, free crypto and they can't get a thing. The fact that a lot of big internet applications don't use it by default it a big failing that we should make a big deal about. But still, you can use SSH instead of telnet, PGP your e-mail, use https when the other end supports it and use a secure proxy when it doesn't.

      Do I do these things? Not always. But I also don't expect any of the traffic I send or recieve without them to be really private.
  • Can someone explain to me why this isn't illegal? Theres a law from the 1930's that prohibits telephone operators from listening to people's conversations. A few years back it was ruled that ISP's are in the same category as the telephone operators as far as the law is conccerned, and thus can't spy on what their users are doing. Yes I know its a university, but I think they can qualify as an ISP as well.
    • by The Ape With No Name ( 213531 ) on Thursday February 20, 2003 @07:32PM (#5348214) Homepage
      At our university you promise to not engage in criminal conduct on the University network. Sharing movies illegally (now that is unequivocally illegal) breaks the AUP and you have no expectation to privacy while committing a crime, do you? Does a burglar have the right to privacy when he discovers that he was caught with a surveillance camera in your house?
      • Uh... no (Score:3, Insightful)

        by Wrexs0ul ( 515885 )
        That's not the point. They're not targetting burglars or file pirates, this system invades the privacy of EVERYONE on the network utilizing P2P for a variety of reasons, not necessarily to get a sneak peek at Matrix: Reloaded. That's illegal or at the very least immoral.

  • This is a great thing, it will spur the development of encrypted p2p networks.

    giFT comes to mind for me for being the easiest to impliment this in, as it uses HTTP for all of its comms. Wrap it up in SSL, BAAAM, now it uses HTTPS.
  • KDX (Score:5, Informative)

    by Large Green Mallard ( 31462 ) <lgm@theducks.org> on Thursday February 20, 2003 @07:19PM (#5348113) Homepage
    KDX is a new file sharing program... it isn't P2P, more of a server analogy like Hotline.

    One of it's advantages is that all the traffic is strongly wencrypted. Homepage is at http://www.haxial.com/main.html

    Disadvantage being that the people responsible for it wouldn't know a user-interface if it bit them in the ass. It is customisable, but it doesn't match the host OS's GUI.
  • by Kirby-meister ( 574952 ) on Thursday February 20, 2003 @07:20PM (#5348121)
    ...everything you do is logged (as normal), but the logs are never checked for any p2p distribution of copyrighted materials.

    Instead, there is an upload bandwith limit. Upload more than a CD's worth of data and you get put on the equivalent of a DSL line that you share with all the other big sharers. Manage to beat all your friends still and you get put on the equivalent of a 56k with the high distributors. Note that your download speed isn't affected, just uploading speed.

    I think it's a much fairer system than being monitored...

    • Sounds like VT has some more competent admins than most colleges.
    • You write:

      Instead, there is an upload bandwith limit. Upload more than a CD's worth of data and you get put on the equivalent of a DSL line that you share with all the other big sharers. Manage to beat all your friends still and you get put on the equivalent of a 56k with the high distributors. Note that your download speed isn't affected, just uploading speed.

      I think it's a much fairer system than being monitored...

      Yeah! God knows we would not want anyone at a University to SHARE INFORMATION. That would make them pirates or teachers or sumthin. We also know that you can't incriment such a cap without monitoring and rembering network transactions. Good stuff you have there, almost as good as having no network at all.

  • impossibility (Score:3, Informative)

    by antiprime ( 121253 ) on Thursday February 20, 2003 @07:22PM (#5348144) Journal
    If monitoring and blocking tools were widely introduced, new software programs could easily develop ways to encrypt or scramble the data in transmission in order to make it unrecognizable by Audible Magic's tools or other databases.

    Encryption is just the tip of the iceberg. I can easily compress and encrypt any file, then slap on a header that claims it's a benign .jpg of astronomical images, or pass it through a filter that makes it look like bad poetry, or make it a self-inflating-decrypting executable. You simply cannot write a program that will automatically filter all content, without simply denying all communication.

  • by droopus ( 33472 ) on Thursday February 20, 2003 @07:26PM (#5348173)
    So, ok these guys have essentially done what FastTrackMovies [fasttrackmovies.com] has done and hashed each file. Hunky dory. So, people implement this and think "no one can trade my files, cause we know what they look like (and have the hash), so we can block it."

    Now, Joe Pirate simply .zips or .tars the music or movie.

    Exactly how would they then block the .zipped asset from being traded? I know it won't compress the MP3, but it will change the fingerprint.

    Methinks WinZip is the Sharpie for this expensive DRM.
    • Forget compression, what about transcoding of the files between various formats or bitrates? Forget about the aural impact of transcoding for a second, but the datastream impact. My rusty ol' ears won't hear anything different, but the data stream will have a completely different signature.

      If its watermarking, would transcoding it destroy the watermark?
  • Why don't those silly P2P programmers get smart and start making their software work off port 80. That oughta stall them sys admins for a few more months.
  • While the future of p2p is encryption, if clients exist that can unencrypt, then they can create their own client to track the files content..

    Else it would be pretty worthless...
  • This is just silly. (Score:3, Interesting)

    by Anonymous Coward on Thursday February 20, 2003 @07:27PM (#5348181)
    Theyre looking to block copyrighted audio content. Sure, that's fine. But you can't "fingerprint" something as complicated as a DVD or somebody's home-ripped pr0n movies because each ripper/encoder works a little differently.

    Youre going to wind up filtering everything but *porn*. I can't really see that being what they intended to do.
  • Better solutions! (Score:5, Interesting)

    by duncf ( 628065 ) on Thursday February 20, 2003 @07:28PM (#5348186)
    "But it's getting to be the only way to control our bandwidth."

    In one 24-hour period, for example, the most popular file traded using the Gnutella network was an MP3 by rap artist "Big Tymers," which passed the network monitor 188 times.

    The students should really set up their own, internal P2P network. This would put less tax on the University's external bandwidth, downloads would be quicker, and, assuming it's restricted to local users, the RIAA couldn't really prove any wrongdoing. (Although their FUD generally scares universities enough.)

    Universities are generally big enough to support a network on their own. They should.
  • by GnoMoreGnuPuns ( 649356 ) on Thursday February 20, 2003 @07:55PM (#5348361) Journal
    Generally, the majority of campus internet traffic these days is related to file sharing. Almost every colleges and university in the States has had to employ some method for dealing with this, from governing bandwidth distribution to simply upgrading infrastructure. Curbing the distribution of copyrighted data is not just about folding to the RIAA ... it's a pragmatic solution to a huge problem.
  • by Anonymous Coward on Thursday February 20, 2003 @08:08PM (#5348433)
    Only criminals have something to hide in their private life. ...
    Before some of our fellow slashdotters come up again with "They own the network": Yes, they do. But that does not grant them the right to monitor it continuosly and in detail.

    Someone always owns a piece of infrastructure, be it an ISP, a University, the interstate authority or your 'landlord'. But they don't have the right to invade your privacy if you are using rented, leased or subscribed equipment. Imagine the owner of your apartment trying to monitor your living habits, to make sure "nothing fishy is going on in your apartment".

    Network and telephone lines can transmit very private and sensitive information, and it is a serious crime to snoop that out. If you thought that was the right way, you're had too much time on corporate americas way of life. They are your customers, your contractors, if you like, but not only that, but living feeling humans that deserve to have a private life, one that's none of your business. You can imagine a thousand situations like this:

    • You rented my car, why don't I have the right to monitor where you're driving, who you take with you and what roads you drive on?
    • You rented my house. I claim the right to visit you whenever I deem it's necessary. And just to ensure, that my property is taken good care of and you don't hoard drugs there, I will make a full seizure every time I come.
    • I rented you my video camera, you've got to give me a copy of each recorded tape, so that you cannot film underage porn. Think of the children, my god!
    • And finally: I've given you Internet Access. Now that you can browse the web and do spiffy emailing, you must be utterly thankful to me. And since you are a student, you don't have any rights to complain, we will treat you as a slave and you have no private life. Be thankful, you even got a 'net connection and understand, that we have to make sure you don't do illegal things with it. We don't count the bytes, we don't have per-user quotas, we do the nasty GESTAPO stuff piling through all your traffic. If you complain, well, try another University.
    Opening some other's letters is the same and I hope finally someone will punish the university for doing this.

    Let it happen, that on one incident, some very private information about a student is obtained that way and told the public to embarrass him. One lawsuit later, the U has lost 10 Million US$ for a settlement and the bandwitdh savings of 5 years are worth exactly nothing compared to this. Go ahead, wait till someone reacts. I'd do that.
  • by shepd ( 155729 ) <slashdot.org@gma ... com minus distro> on Thursday February 20, 2003 @08:24PM (#5348547) Homepage Journal
    Make a 1 byte file, call it "U of Wyoming - The modern day 1984.zip", get a friend outside the Uni. to host it, and set your machine inside the Uni. to download it once a minute.

    Heh... If a few of you do that, the database could be full of useless info in no time!
  • by shut_up_man ( 450725 ) on Thursday February 20, 2003 @08:44PM (#5348662) Homepage
    Oh they're so cheerful and earnest about their technology, I feel like a bit of a cad...
    • The net is not a college network. Traffic can pass through millions of different routes, which means they'll need sniffers at millions of different points in the net, in every country, at every ISP, in every town, on every backbone, etc. It's unlikely that everyone in the world would suddenly agree on something, particularly to do with monitoring.

    • For the system to be effective, all these sniffers need to communicate constantly, exchanging user data, song info and fingerprint information. The traffic hit on the wider internet would be severe.

      (of course, a way to get around the traffic hit would be to build a smaller, slightly less expensive internet just for the sniffer communications, but the costs for that would be pretty painful)

    • The local storage and processing power of these internet sniffers would have to be several orders of magnitude over their college sniffer. "...it creates a copy of all the traffic flowing past" which at major backbones would be just stupidly, massive, incredibly huge.

      (Relating points 2 and 3 will mean the only thing the internet will be capable of anymore will be sniffer communication, but I suspect that would suit these guys)

    • The money cost of putting these huge sniffer machines all over the world would be astronomical. As in, about the cost of the internet so far. No-one is going to pay it, least of all ISPs, users or record companies. Maybe the Queen, but I doubt it.

    • Their library of 3.5 million songs is simply puny when put up against the weird tastes of all the black t-shirt-wearing music freaks in every dark corner of the world. Plus... new songs would have to be uploaded as they are released to every sniffer point, making the net explode once again.

    • Their fingerprinting technology sounds dodgy, just like every other fingerprinting technology ever invented. Does it match 256kbit and 128kbit versions of songs? LAME and Xing? How about VBR? How about mp3s and oggs? How about wmvs? With or without ID3 tags? Not to mention trimmed versions, album versions, live versions, covers, remixes, etc.

    • Modern P2P networks like Kazaa download files from multiple sources, which would render the sniffer useless. 30% from this IP, 25% from that, 45% from another, are they all part of the same file, or separate pieces? Which way do they go together? Do you get 30% of the thumbprint from one piece? It's all broken.

    • If the sniffers were implemented, they would be the biggest target for cracking since the RIAA's website. They'd be DOSed off the net, rewritten as warez ftp points, porn image servers, IRC chat servers and Shoutcast servers every third day.

    • Changing protocols, creating new protocols, garbling data, encrypting data - all these would break the sniffers and are easy to implement, but I doubt they'll ever be needed, as there are too many other barriers in the way.
  • by Sabalon ( 1684 ) on Thursday February 20, 2003 @10:16PM (#5349232)
    I am in charge of the network/server department at our college.

    We have a limited connection to the internet, which is usually being eaten up by P2P traffic. Today, over an hour period, we had three students that used a total of 4G of traffic in an hour.

    I don't care what the traffic is, but when legit work can't get done, such as our payroll system which uses SQL*Net across the WAN (bad idea to begin with, but that's a state bueracracy for you.) and their processes just aren't working, shit is gonna have to happen.

    We blocked port 1214 (kaaza) and a week later the port switching version came out.

    Right now we are facing the choice of either doing some severe draconian network policies or buyin a packeteer.

    And how long will that work before the next fileswapping act runs with ssl over 443?

    I feel for the students - it's something fun to do...hell, I remember downloading .au files when I was in college thinking how cool it was that my box could play the james bond theme.

    Makes my life a pain in the ass - how to be nice and let legit stuff go on, allow some fun and experimenting to go on, at the same time "protect" the network and make sure it is available when need be.

    • Get a Packeteer. Start shutting down ports and banning MAC addresses. Carve the link into a student only side and a staff only side. Get the Student Judiciary involved and your General Counsel as well. They will start behaving properly. You hold all the cards. The network is a privilege not a right.
  • by Gaerne ( 652299 ) on Friday February 21, 2003 @12:34AM (#5349954)
    Wow.. UW on the Slashdot front page... Amazing. Unfortunately the article hardly says anything, so as a former IT employee and currently part of the staff that deals with all things related to student networking in the dorms, I'd like to try and fill in the details: Unfortunately, Laramie is NOT a large town (26k counting students) and the bandwidth coming in is very limited. The University only has a 30 Mbit upload capacity coming through Cheyenne, which (limitedly) comes from the huge hub in Denver, CO and (so we've been told) "there isn't enough capacity going into Cheyenne for us to purchase more". Up until a year and a half ago there weren't any problems here with bandwidth. Then all of a sudden everyone is using P2P in the dorms and leaving outside sharing on. It wasn't a problem of people downloading with P2P, it was the rest of the world downloading from us. There was so much traffic going out of the dorms that the entire university network was slowed to a crawl. Their solution at first was to just limit the dorm traffic to 10Mb which fixed the problem for the rest of the university but made it impossible for me to even read slashdot from my room. Naturally that was still a problem, as even legit HTTP traffic couldn't get through. They've been messing with packeteer for a long time but can't come up with a good solution. Right now HTTP packets have highest priority, followed by FTP (which wasn't allowed any priority at first until a lot of students complained) and just about anything else is like squeezing the entire population of China through a single revolving door. Speaking of telnet.. I can't telnet to anything off campus from my room unless I want to WATCH the packets arrive every 10 seconds or so. P2P traffic is about 20 times slower than a modem (but everyone still uses it.. as I sit here writing on my ex's computer next to her latest list of mp3s to download). So how do the geeks here survive? A lot of people are running local FTP servers, which is all I use any more. We can't play networked games off campus, so we have set up our own servers. But even that didn't work- Games like counterstrike which needed outside authentication would time out after 60 seconds. We managed to fix that problem with http tunnel. Almost anything can still be tunneled out and is unaffected by the packet shapers, provided you can find a good, reliable proxy on the outside. As far as getting busted for file sharing, we have shut off quite a few ports because of letters from the RIAA/MPAA, but for the first offense the students are only required to give us verbal confirmation that all of the illegal material has been removed before we enable their ports again. After that the ports to their rooms are shut off for the rest of the semester. Oh, and as far as an agreement? I sure don't remember signing anything related to the network usage. Personally, I don't see anything wrong with them snooping the files going through to help increase the legit bandwidth, as long as they aren't trying to crack through encryption and they don't snoop local traffic. I also think they should look into local file servers... you'd be amazed at what you CAN'T find on a 320 Gb ftp server filled by students... I never have to get anything from off campus anymore, unless its the latest source code for my Gentoo box (wget through HTTP works beautifully). At least the article picked the right person to interview as Brad is one of the few people over in the IT department with a clue. Sorry, couldn't let the article make our IT department look like they really know what they are doing. Really they are just being guinea pigs for this new software that the article is hyping up. IT is, however, doing a good job of walking the fine line on illegal P2P sharing. As Brad stated, they have a somewhat "don't know, don't care" policy while at the same time acting as MPAA/RIAA whores upon request (which I think is what this software is really for). Anyway, hope I could clear up a few things for you from someone who has been quite involved with all of this. Post questions, I'll be happy to answer. --An Anonymous Coward, even though most people from UW already know who I am now-- And uh.. mod this up/link it to the article

User hostile.