Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Patents Media Music The Internet Your Rights Online

Professor and Student Thwart P2P File Sharing 382

Digitus1337 writes "Wired has the story. 'A computer science professor and graduate student have been awarded a patent for a method of thwarting illegal file sharing on peer-to-peer networks by flooding the network with bogus files that look like pirated music.' This raises the question of whether or not companies that are already using such techniques are in violation of the new patent. Good news for subscription services?"
This discussion has been archived. No new comments can be posted.

Professor and Student Thwart P2P File Sharing

Comments Filter:
  • Great! (Score:3, Funny)

    by nuclear305 ( 674185 ) * on Saturday May 08, 2004 @03:43PM (#9095450)
    Now I know who to sue for permanent hearing loss from those annoying shrieks and beeps in those decoy files. Maybe I'll send them a nice Beach Boys CD filled with brown noise...
  • Uh, prior-art? (Score:4, Informative)

    by Anonymous Coward on Saturday May 08, 2004 @03:44PM (#9095454)
    Spammers have been doing this for years, ever since Napster and Gnutella came out. And, people have been filtering it since then. Once a P2P system has some sort of trust system built into it, this becomes far less effective.
    • Re:Uh, prior-art? (Score:5, Insightful)

      by jpu8086 ( 682572 ) on Saturday May 08, 2004 @04:07PM (#9095629) Homepage
      Things that are really, really hard to implement in a true P2P network:
      - Global trust matrix
      - Economy
      - Authentication

      These are hard because the equality of peers can always be exploited by users with malicious intent. They can join in the P2P network as multiple peers (if a network limits one user per IP, an attacker with multiple computers and sufficient resources can compromise). Remember that in a true P2P network everyone is equal - it is nearly impossible to implement schemes that avoid the Sybil attack [acm.org].

      You need a central certificate authority to validate the autheticity of users. And, that is a big no-no in P2P systems.

      So, forget about trust matrix. You can't trust anyone in a true P2P network.
      • Re:Uh, prior-art? (Score:3, Interesting)

        by Anonymous Coward
        "You need a central certificate authority to validate the autheticity of users. And, that is a big no-no in P2P systems"

        You can still be authenticated and remain anonymous. Take slashdot for example. From this you can implement some type of karma (like slashdot) or review (like ebay) system so that users who fuck others fall into the background. Only your key is known to the central sites so that your identity remains anonymous but your habits can be tracked.
        • Re:Uh, prior-art? (Score:2, Insightful)

          by EeeJay ( 778176 )
          Thats real academic merit. They took something that has been going on for years, patented it, and in the proccess pulled the internet deeper into the depths of distrust and garbage traffic.
        • Re:Uh, prior-art? (Score:5, Insightful)

          by jpu8086 ( 682572 ) on Saturday May 08, 2004 @04:42PM (#9095829) Homepage
          "Only your key is known to the central sites so that your identity remains anonymous but your habits can be tracked"

          You contradict myself. You are not anonymous if someone knows who you are. You might get a feeling of anonymity because of the shelter provided by the powers to be. But, that is all at their mercy.

          Don't confuse privacy for anonymity.
        • Re:Uh, prior-art? (Score:3, Insightful)

          by teklob ( 650327 )
          Rather than authenticating 'good' users and 'bad' users with a review system like ebay, wouldn't it just make more sense to have a hash of each file shared, and then only download those files with a high number of users sharing it. Then all the spam files would have 1 or 2 copies each and the real files would have like 50+ copies.
      • by JamieF ( 16832 ) on Saturday May 08, 2004 @04:29PM (#9095754) Homepage
        >You can't trust anyone in a true P2P network.

        Man oh man... what is the world coming to when you can't trust anonymous criminals anymore?

      • Re:Uh, prior-art? (Score:5, Interesting)

        by rfmobile ( 531603 ) on Saturday May 08, 2004 @04:40PM (#9095818) Homepage
        You need a central certificate authority to validate the autheticity of users. And, that is a big no-no in P2P systems.

        Actually, you don't need a central CA - a distributed one will do. In other words, every peer implements their own "buddy list". The buddy list includes positives (confirmed trustworthy) and negatives (confirmed un-trustworthy). Instead of distrusting every peer, you can choose a list of peers from one peer you already trust, and build from there.

        When performing a search, your P2P software might color code the results based on this list. Green for known good peers, red for bad peers/spammers/etc., and yellow for unlisted, unknown peers.

        -rick
        • "buddy lists" (Score:4, Interesting)

          by nutznboltz ( 473437 ) on Saturday May 08, 2004 @06:43PM (#9096548) Homepage Journal
          How do you identify someone to compare them to what's on your black list? IP address? Good luck cause you have to deal with DHCP and NAT. Use a token instead? What's to keep them from using a new token whenever they like?

          Its easy to say, just use a list but it's not easy to do that.

          A white list setup leaves you with a WASTE-like [nullsoft.com] network not an anonymous one.
      • by jetmarc ( 592741 ) on Saturday May 08, 2004 @04:50PM (#9095904)
        > You need a central certificate authority to validate the autheticity of users.

        A way-out is to make it expensive to infiltrate the P2P network at large-scale. For example,
        files could have a quality record attached, that lists what each previous downloader voted
        about the quality ("good" vs "fake" file). Cryptographic algorithms could be used to make it
        excessively expensive to compute a valid quality record. Time for one computation should be
        a decent portion of minimum download time, eg 10-60 minutes for a 700MB file. The P2P system
        could pre-compute the vote record while downloading the file and then let the user make his
        vote. If you were to insert fake votes into the system, you would have to go through the
        expensive algorithms for each and every individual fake vote.

        When searching a file, the P2P system could cryptographically verify the votes, and weed out
        the "cheap" fake files (that didn't go through the expensive computation).

        The cost of cryptographic effort could be configurable. The releaser of a file could judge
        the risk of "his" file being attacked (and with how much effort), and thus choose a cost
        setting that is low enough to be reasonable for the downloaders, but high enough to void
        all attacks.

      • Re:Uh, prior-art? (Score:4, Informative)

        by Gortbusters.org ( 637314 ) on Saturday May 08, 2004 @05:09PM (#9096005) Homepage Journal
        This is true in both P2P networks as well as a challenge for large distributed systems. In fact, global operations are always a difficulty. Searching an entire P2P network is a hit or miss operation since you never know when one of your peers will be online/offline. Sometimes that's solved in the protocol, sometimes you need a global system with the protocol.

        One thing about P2P that I've found interesting is how P2P internet phones never really caught on yet. With something like Linphone and SIP, you can have a phone that looks like AIM/Yahoo/MSN. You just double click on a buddy and make a call. No toll charges, no centralized server keeping records of your phone call, pure communication at its best.
    • Re:Uh, prior-art? (Score:3, Interesting)

      by Feanturi ( 99866 )
      I wonder if it's possible (I really don't know how an MD5 hash works) to download a trusted MP3, leave the ID3 tag intact but scramble the rest of the data and have it generate the same hash? If none of the values changed, just their positions within the file, could that work? It would come out of your MP3 player as total junk but be indistinguishable from a trusted file using current methods of p2p searching, you have to download at least some of it to confirm that it's not the right one. Could that be don
  • First off, many P2P networks are smart enough to easily defeat this attack. Reputation tracking alone, out of several technologies already implimented to prevent this attack, is almost enough. The news here is not about the technology used, it's the patent itself.

    With that said, this is then a barrier to entry for Overpeer, MediaDefender, and like companies- either they convince these folks to license this technology or they'll probably face a lawsuit (depending on whether they're infringing currently, which is probable).

    So yeah, this is good news for P2P filesharing specifically, and P2P networks in general, as being a network disrupter is probably more costly because of this patent.

    The courts, however, might rule that one cannot patent things such as this-- there's little-to-no qualitative difference between folks patenting this and me patenting a method for a DDOS or patenting a method used in a computer virus. Depending on the judge, they may be in for a surprise if their patent goes to court.

    RD
    • <quote>First off, many P2P networks are smart enough to easily defeat this attack. Reputation tracking alone, out of several technologies already implimented to prevent this attack, is almost enough.</quote>

      Keyword here: almost. I've gotten a number of "Excellent" rated files from kazaa and found them to have the same annoying screech-pop sounds and any other ones. I no longer pay any attention to whether or not a file is rated because it hardly makes a difference.

      How is rating a file going
    • "they convince these folks to license this technology or they'll probably face a lawsuit

      you don't see a third option? they refuse to license the technology, and sue the pants off anyone who uses it? thereby enabling filesharing?

    • The courts, however, might rule that one cannot patent things such as this-- there's little-to-no qualitative difference between folks patenting this and me patenting a method for a DDOS or patenting a method used in a computer virus. Depending on the judge, they may be in for a surprise if their patent goes to court.

      Morality hasn't been a factor in patents for ages, and was inappropriate when it was. You can patent bad things.
    • This raises a very interesting point. If one were to start a service that would be borderline legal, the best way to protect the profitable, questionably legal portions would be to patent every method of attack. As you are the one designing the system, you have a good chance of seeing its weaknesses first.

      In this way, you use the patent system to shield illegal activity. If one could find a way to wrap a DMCA encryption layer into the process, one would have lots of ammunition against those companies th
  • Dual use (Score:2, Interesting)

    by Anonymous Coward
    Something like this could also be used to confuse the RIAA with their obviously unresearched lawsuits. Hmm...
  • Good thing I use (Score:2, Insightful)

    by Anonymous Coward
    IRC. Unless this thing can stop IRC, it's only making it harder for the casual filesharer. Determined individuals will just go elsewhere.
  • by BCoates ( 512464 ) on Saturday May 08, 2004 @03:46PM (#9095474)
    1. Invent product
    2. Deploy into market
    3. Product becomes obsolete
    4. Patent awarded
  • by Anonymous Coward
    "Ladies and gentlemen of the RIAA, we will be happy to allow you to license our patent to continue your technology-based counter-p2p operations.... for ONE BILLION DOLLARS!" [touch pinkie to corner of mouth, for added effect]

    And of course, phase 3: Profit!!!!
  • by Rosco P. Coltrane ( 209368 ) on Saturday May 08, 2004 @03:47PM (#9095482)
    If there are 10000 bogus files, but only a handful that have more than 5 sources, chances are these are the real McCoy and all the others are the decoys.

    And even if there are 10000 files around with a lot of sources for each file, I'm sure people will start trading files containing the RC5 checksums of real files, on IRC or something. Hell, they might even P2P the real-files index :-)

    In short: should the RIAA/MPAA and friends even adopt that technique, it'll give them only a very temporary reprieve. They really should realize the cat's out of the bag and they should start thinking of new business models around digital file sharing, not against it.
    • by Coke in a Can ( 577836 ) on Saturday May 08, 2004 @03:51PM (#9095506)
      It's really hard to checksum MP3s, though. First thing I do after downloading an MP3 is change the ID3 tags to my liking, which changes the file, and generally makes it unique, with only one source, me.
      • True true, but a majority of people don't do what you do. Proof is, there are files with kajillions of sources: those are untouched files, and they're usually what people go for.

        What you do, in effect, is diluting my ability to download the file from other sources than you, because most likely you're the only person to have that version of the file. Which in turns diminishes the overall value of P2P, and also hurts you because nobody downloads from you, therefore you have a lesser rating to download from o
    • Hell, they might even P2P the real-files index :-)

      Actually, there are many sites out that that index P2P files. Sharereactor was a popular edonkey one that was recently taken down.
  • Prior art? (Score:2, Insightful)

    This raises the question of whether or not companies that are already using such techniques are in violation of the new patent.

    Wouldn't that be an example of prior art? If so it wouldn't cause much of a problem for them.

    Either way, I have to wonder how effective this method would actually be. Surely I could get around it by simply downloading the file with the biggest number of sources?

  • I hope everyone sees he good side to this. They can sue the RIAA for patent infringment. Not that abuse of the patent system is a good thing... Hmm, i'm conflicted.
  • They're going to put an end to what the RIAA's doing with Kazaa and other sharing agents now, or that they're going to extend it to other Filesharing networks? And what about having a decentralized file signature service which checks signatures of the songs against known good and bad songs?

    The signing program would kinda work, but it'd have to be more centralized than most P2P networks for security reasons... more of a reason to move to Secure P2P like WASTE.
  • Mixed feelings! (Score:4, Insightful)

    by sisukapalli1 ( 471175 ) on Saturday May 08, 2004 @03:53PM (#9095518)
    It is like someone patenting the process of "harassing people". I don't know whether to cheer for it because it makes harassing more expensive, or to feel sad about the overall state of affairs at the USPTO.

    I am sure there is plenty of prior art for this. DDOS, bogus uploads to P2P (e.g. people try to become the "supreme being" on kazaa by putting dummy files named after the latest hits). If the only difference is the "intent" and "amount" of the junk sent to P2P networks, granting a patent looks ridiculous.

    However, if it there is a lawsuit between these guys and the MPAA/RIAA, I will cheer for the patent.

    S
  • One could almost argue that it's the equivalent of creating bogus web pages filled with keywords designed to skew rankings of a search engine. More generally: creating noise in a communication channel. Whoa! I'm glad we have patents for these innovations.
  • False patent (Score:5, Interesting)

    by Orion Blastar ( 457579 ) <orionblastar@gm[ ].com ['ail' in gap]> on Saturday May 08, 2004 @03:54PM (#9095529) Homepage Journal
    This is called a Cuckoo's Egg [hand-2-mouth.com] and many people have done it already.


    The Definition [techtarget.com] says:


    A cuckoo egg is an MP3 file that typically contains 30 seconds of the original song with the remainder of the song overwritten with cuckoo clock noises, white noise, and/or voice messages such as, "Congratulations, you must've goofed up somewhere." Ideally, a cuckoo egg should have the same playing length as the music it pretends to be. The purpose of cuckoo eggs is to deter the downloading and sharing of MP3 files using Napster and similar approaches.


    Typically, a Napster user downloads an MP3 file and sometimes share it with others before listening to it. Recognizing this, a cuckoo egg creator creates the cuckoo egg to look exactly like a real MP3 file. The user then unknowingly shares the cuckoo egg with other unsuspecting users spreading the cuckoo egg like a virus. Unlike a virus, cuckoo eggs do not damage computers, but simply annoy and waste the time of those who download the files.


    The Cuckoo Egg Project began with Michael and Stephanie Fix. Stephanie Fix is a musician who is concerned about the illegal availability of copyrighted music through Napster. The concept centers on the idea of how a real cuckoo bird lays its eggs in another bird's nest. To the Fixes, the Napster system is like a huge nest of MP3 files, a perfect environment in which to lay cuckoo eggs


    The first cuckoo egg was laid on June 10, 2000. Since then, Napster users have posted hundreds of angry messages at the Cuckoo Egg Project's Web site. Whether it's deterring them from downloading other songs has not been determined.



    First spotted in June 10, 2000, so the patent is a false or fradulant one.

    • Patent was filed in 2000, so it will have to come down to the month and day it was filed.

      Besides, I didn't know you could get a patent on telling a lie and then inventing lots of extra crap to reinfoce the lie. Thats all this is.

      • the Cuckoo's Egg project released the first egg in June 10, 2000, but the idea for that egg must have been thought of long before that.

        Notice that the article does not tell the month, should it be July 2000, then the patent is false.

        What makes this patent different from all the other false patents? Oh yeah, right, there was one-click ordering before Amazon.com first came online, etc. Apparently liars can file a patent before the originatior of the idea does and then sue them for it.

        Alexander Gram Bell

        • From the first article you link:

          He explained, "Nearly all inventions are developments of existing ideas, taking them just a bit further."

          The idea that an inventor creates in a vacuum is ridiculous. The whole of science, and the principles behind Free Software, demonstrate that things are not invented, they are developed from things that came before.

          It's only the patent system that makes this "theft". Now, I know patents have to have an inventive step which should not be present in prior art; so if Bell
    • You:
      First spotted in June 10, 2000, so the patent is a false or fradulant one.

      From the article:
      Hale and Manes filed their patent in 2000 and it was awarded earlier this week.

      Pretty close actually.

    • Here's what I don't understand. All the pieces of this system are basically already implemented. The P2P clients are available, the spamming system is in place, and using bad data is nothing new. So how can adding these altogether in a single system make a patent? Isn't that like peanut butter, bread, and jelly? It sounds more like a product than any big idea.
    • From claim 1:
      evaluating the effectiveness of said shared decoy media file in inhibiting the identification and retrieval of proprietary media via said automated search engines; and

      interactively modifying process configuration parameters to influence the effectiveness of inhibiting said identification and retrieval of proprietary media via said automated search engines.
      How does your Cuckoo Egg do either of these steps?
    • Even assuming the Cuckoo Egg Project was sufficient subject matter to invalidate the claim, it is not necessarily prior art. June 10, 2000 would not be a bar date for an application filed in August, 2000, provided that the inventor can file an affidavit alleging possession of the invention prior to that date.
  • Just compare the files using a hash. It would be hard to create a file that would produce the same hash, unless you hacked the client.

    Bad files would be less likly to be shared than good ones. If a files has fewer sources, its more likely to be fake.
    • problem: hash injection. write a program that, when ran, virally or not, would replace the hash tables within the client with bad hashes. this instantly stops the client from accepting any files except bad files. even in a system where the hashes arent held by the user, but the user can vote on good or bad hashes, these kinds of p2p viruses can really cause some serious damnage to the network.

      One good think kazaa implemented (and was instantly client hacked for) was that sharers got higher precedence i
  • but... (Score:4, Informative)

    by AnonymousCowheart ( 646429 ) on Saturday May 08, 2004 @03:55PM (#9095538)
    but, as soon as you get a bad download, you erase it, so people dont spread them. If you search for a song using say gtk-gnutella, just download the file that has the most sources. It's highly unlikely that 80+ people will have a bogus song under the file you're looking for. We're in trouble if they start sharing on multiple IP's though...
    • Re:but... (Score:4, Interesting)

      by ticktockticktock ( 772894 ) on Saturday May 08, 2004 @04:19PM (#9095699)
      You are forgetting that peers are generating the results and relaying results from other peers. Nothing stops a rogue person from modifying a gnutella client to look for certain searches and then prevent them from going beyond their peer and simply send back garbage results with hundreds/thousands of fake sources for the fake file.
  • I do not use kazaa because of the RIAA lawsuits. But Usenet seems perfectly useful to me....
  • No, good news for Direct Connect [google.com].

  • P2P spam (Score:5, Funny)

    by whovian ( 107062 ) on Saturday May 08, 2004 @03:56PM (#9095553)
    From the article It's like looking for a needle in a haystack.

    Much like legitimate email in our inboxes.
  • by HolyCoitus ( 658601 ) on Saturday May 08, 2004 @03:56PM (#9095554)
    If you eliminate one technology, another one will pop up in its place. Maybe even just an improved version of the one currently in place! Since this has been done before, you'd hope that they did an improved version of it in some way, and that's how they got the patent? It hasn't worked yet, and it won't work anytime in the future either.

    All this does is damage a network through crap flooding anyhow. It will kill freely distributed content as well as the content they are attacking. On the same note, I think that it's complete crap that you can patent something like that. Patent a means of attacking something? If they can patent this, I really need to patent my method of ridding people of underage drinking, known as firing a pistol at the containers that they are holding.

    I use bittorrent for my content, and have no need for something that someone is trying to keep me from using, hearing, or seeing by eroding my privacy and rights. If they want to put a barrier between me and their product, I won't waste my time or money on it.
  • by cowscows ( 103644 ) on Saturday May 08, 2004 @03:57PM (#9095562) Journal
    This is basically a patent on the reality of spam. A bunch of noise that makes email/IM/p2p such a mess that it's hard to find anything that you want.

    If only someone held a patent on spam, maybe that'd lower the volume of it somewhat.
  • Damn, why didn't I think of that? All those usenet trolls would owe me a fortune...

    Though couldn't hipcrime be considered prior art?

  • I hope that "student" gets a punch from each of his fellow students. A student attempting to stop filesharing? What is the world coming to.
  • When someone uses P2P on Fastrack or other popular networks, generally the more mainstream a song the more bogus files there are. I can guarantee you that 90% of peers out there serving a popular song will have a bad (Beeps, static, sounds, etc. purposefully scattered through the song) copy.

    Back a year or two ago, I remember encountering an mp3 file being served by over 1500 sources on FastTrack, and it was screwed up beyond belief.
  • file sharing (Score:4, Insightful)

    by ajs318 ( 655362 ) <sd_resp2@earthsh ... minus herbivore> on Saturday May 08, 2004 @04:07PM (#9095628)
    I use Apache for all my file sharing needs. Anyone wanting to download anything from me needs either my domain name or IP address -- and has my word that the files are genuine.

    Ultimately, the Internet will recognise the uploading of "poisoned" files as damage and route around it accordingly.
  • Enough said.
    Now the patent is over-priced rectum cleaning material.
    What the hell is the point of paying for a patent when the circumvetion techniques outdate the technology itself?
  • Right (Score:3, Interesting)

    by M3wThr33 ( 310489 ) on Saturday May 08, 2004 @04:07PM (#9095633) Homepage
    Sure, like P2P apps haven't had difficulty with this before.

    Magnet links send you right to the file without neeeding to search.

    You can check for files with lots of sources AND different IPS with a file that ISN'T rated 0 with a FAKE comment attached to it.

    IP Bans, file size checks, sample checking, file hashing.

    There's too many ways to block fake files.
  • and again... (Score:2, Insightful)

    My faith in the patent system decreses yet again.

    I patented making MP3s full of shit noise and then naming them after known works of music? Couldn't the artists sue them for slander against their music? If I took a chior of mentally handicaped people, recorded some of their music, and distributed it as "Backstreet Boys - Every body now" (or whatever they name their stuff)... someone could take offense to that and probably take it to court.
  • So, I note that a lot of the time, recently, when downloading music files, some of the hosts have the correct version and others the decoy.

    This is dangerous, though, because it exposes the possibility of distribution of other types of file (eg application binaries) with shady bits from crackers inserted.

    Peer-to-peer networks should look at this as a significant security risk and devise ways around it.. I think bittorrent could be made the most resistant, as there's generally a progenitor host that chunk

  • ... from, say, simply increasing the noise level on some system to such a high level that the likelihood of getting useful information from that system approaches zero.

    Correct me if I'm wrong, but isn't that pretty much the same as what's involved in jamming radar or radio signals?

    I'd say that there's prior art on this one.

  • They invent... (Score:3, Insightful)

    by Kjella ( 173770 ) on Saturday May 08, 2004 @04:14PM (#9095671) Homepage
    ...and others invent counter-measures. Previews? MD5 sums? Digital signatures? Web of trust? I predict that in 5 years, they will have lost the copyright battle. By then we will have an anonymous, well-organized (like newsgroups tree) network with trust metrics, integrity checking, digital signatures, floodprotection (hashcash rate limiting?), the works.

    All it takes is someone to put it all together, most of the bits and pieces are already there. And that, is only a matter of time. Unfortunately, I suspect there will be some collateral damage:
    • Slander
    • Fraud
    • Pump & dump stock scams
    • Hate speech
    • Threats
    • Private information forever public if leaked
    • Illegal pornography (yes, you know what kind)
    ...and a whole host of other things that we would like to control. This is like antibiotics. You know why they're careful in issuing them, and want you to take the dosage out? So the diseases don't get resistance, and finally even immunity against them.

    They're now trying to cure what I would call light sniffles with heavy antibiotics when it comes to information control. One day, not so many years from now someone will point at the copyright holders and say: "You see the movie of this 4yo eating cum, that'll download if I double-click? We can't stop it, and it's all YOUR FAULT"

    Kjella
  • I've always preferred social discovery in peer networks [google.com] because it avoids the weaknesses that automated systems and spammers in general can exploit to subvert search results.

    Social discovery, reputation and trust metrics, and feedback to close the loop will all become bigger and bigger concerns in partially or fully decentralized peer networks as a natural consequence of attacks and exploits like these.

    The incentives for groups and individuals (even government) to try and subvert these systems is growing
  • "The Net interprets censorship as damage and routes around it." John Gilmore (EFF).

    I think this quote reveals alot. It is one of the inescapable facts about the Internet.

    There will always be something that fills a gap left by something else. Using technology that is described above only has a limited life-span.

    Someone somewhere will devise a better system.

    It will eventually equalize down to the lowest common denominator of this simple fact, from this point forward digital entertainment will have to be
  • "If you have a secret that gets out there, how do you get the genie back in the bottle?" Hale said.

    You don't.
  • by bergeron76 ( 176351 ) * on Saturday May 08, 2004 @04:29PM (#9095755) Homepage
    Only the "fittest" files will survive on these networks. As a result, it amuses me to see these guys try and put bogus files out there. They almost instantly die in the wild when people rank them as bogus.

    When will they learn?

  • Flooding a network with bogus files is nothing new, if anyone remembers Madonna's attempt to distribute a fake single. Fasttrack (the network Kazaa uses) is loaded with fake files and viruses already, and it's decline is already evident in its dropping from the number 1 most downladed software on cnet.

    The next generation of file sharing software is already here. For movies, apps, and games, BitTorrent and eDonkey provide a realiable means to transfer the file. Unless they've found a way to get through MD5
  • Because we're talking about P2P, it's okay to crapflood the networks with this shit? Who the hell do these guys think they are?

    That's bullshit hypocrisy right there. Because you don't like something, that gives you every right to destroy/break it?

    Yeah, smart thinking there. Ruin P2P because it's a medium used to share copyrighted material. While you're at it, crapflood IRC, Newsgroups, Instant Messaging protcols, and email because they could be used to send others copyrighted material.

    These dickheads nee
  • No use. (Score:2, Insightful)

    by flaXen_5 ( 683081 )
    What... It took a professor and a student to concieve of this? It's childs play, and issuing a patent for this sort of thing seems useless, but who cares. This technique won't work on all P2P networks. DirectConnect (DC++ anyway) shows a hash code along with the search results. Simply ignore the files that have the same size and different hashes. If you download the wrong file to begin with, then download the other heh. Plus, the DC hub daemons seem to only allow 4 search results per person searched, so at
  • by townmouse ( 78660 ) on Saturday May 08, 2004 @04:49PM (#9095897)
    The article says that this technique can be used to thwart illegal file sharing, but it will work equally against legally shared files. The technology could be used to suppress a rival's freely-distributed music (a subtler trick would be to flood the network with plausible-sounding but inferior copies).

    This threat isnt going to keep me awake at night if it's confined to music, but as the article says,
    Hale said the technology could be applied to protect all sorts of sensitive or confidential material.

    This means we won't be able to trust the current generation of P2P networks for authentic news, commentary from reputable sources, free (as in either) software, accurate documentation for same, or any data that some powerful organisation doesn't want us to share. In many cases such forgeries would be illegal under copyright, trademark, defamation or competition laws, but proving which cuckoo laid the egg could be very difficult.

  • One word: SHA1 (Score:3, Insightful)

    by teutonic_leech ( 596265 ) on Saturday May 08, 2004 @04:57PM (#9095942)
    Problem solved - peer network users will quickly be able to excreed bogus files by declaring them as 'suspicous'. Quality content will flow to the top and will be shared more effectively. In fact, while this might throw a monkey wrench into existing clients and frameworks, it might actually lead to higher quality downloads.
  • by yoshi_mon ( 172895 ) on Saturday May 08, 2004 @06:00PM (#9096306)
    Does this kid have *any* friends at all?
  • So... (Score:3, Funny)

    by Lord Kano ( 13027 ) on Sunday May 09, 2004 @12:12AM (#9098154) Homepage Journal
    Can I get a patent for my method of weeding out bogus files so that people can pirate the right files?

    LK

Beware the new TTY code!

Working...