Professor and Student Thwart P2P File Sharing 382
Digitus1337 writes "Wired has the story. 'A computer science professor and graduate student have been awarded a patent for a method of thwarting illegal file sharing on peer-to-peer networks by flooding the network with bogus files that look like pirated music.' This raises the question of whether or not companies that are already using such techniques are in violation of the new patent. Good news for subscription services?"
Great! (Score:3, Funny)
Re:Great! (Score:3, Insightful)
How are you going to prove that there is no chance of getting cancer and dying from posting to Slashdot?
Until you can, it's just too unsafe for you to continue posting here.
(And before you tell me that there is is no difference between posting online and writing to your local paper -- our bodies have learned to adapt to print media, n
Your sig (Score:3, Funny)
Uh, prior-art? (Score:4, Informative)
Re:Uh, prior-art? (Score:5, Insightful)
- Global trust matrix
- Economy
- Authentication
These are hard because the equality of peers can always be exploited by users with malicious intent. They can join in the P2P network as multiple peers (if a network limits one user per IP, an attacker with multiple computers and sufficient resources can compromise). Remember that in a true P2P network everyone is equal - it is nearly impossible to implement schemes that avoid the Sybil attack [acm.org].
You need a central certificate authority to validate the autheticity of users. And, that is a big no-no in P2P systems.
So, forget about trust matrix. You can't trust anyone in a true P2P network.
Re:Uh, prior-art? (Score:3, Interesting)
You can still be authenticated and remain anonymous. Take slashdot for example. From this you can implement some type of karma (like slashdot) or review (like ebay) system so that users who fuck others fall into the background. Only your key is known to the central sites so that your identity remains anonymous but your habits can be tracked.
Re:Uh, prior-art? (Score:2, Insightful)
Re:Uh, prior-art? (Score:5, Insightful)
You contradict myself. You are not anonymous if someone knows who you are. You might get a feeling of anonymity because of the shelter provided by the powers to be. But, that is all at their mercy.
Don't confuse privacy for anonymity.
Re:Uh, prior-art? (Score:3, Interesting)
Re:Uh, prior-art? (Score:3, Insightful)
Re:Uh, prior-art? (Score:5, Funny)
Man oh man... what is the world coming to when you can't trust anonymous criminals anymore?
Re:Uh, prior-art? (Score:3, Insightful)
Re:Uh, prior-art? (Score:5, Interesting)
Actually, you don't need a central CA - a distributed one will do. In other words, every peer implements their own "buddy list". The buddy list includes positives (confirmed trustworthy) and negatives (confirmed un-trustworthy). Instead of distrusting every peer, you can choose a list of peers from one peer you already trust, and build from there.
When performing a search, your P2P software might color code the results based on this list. Green for known good peers, red for bad peers/spammers/etc., and yellow for unlisted, unknown peers.
-rick"buddy lists" (Score:4, Interesting)
Its easy to say, just use a list but it's not easy to do that.
A white list setup leaves you with a WASTE-like [nullsoft.com] network not an anonymous one.
P2P trust is possible, here is how: (Score:4, Insightful)
A way-out is to make it expensive to infiltrate the P2P network at large-scale. For example,
files could have a quality record attached, that lists what each previous downloader voted
about the quality ("good" vs "fake" file). Cryptographic algorithms could be used to make it
excessively expensive to compute a valid quality record. Time for one computation should be
a decent portion of minimum download time, eg 10-60 minutes for a 700MB file. The P2P system
could pre-compute the vote record while downloading the file and then let the user make his
vote. If you were to insert fake votes into the system, you would have to go through the
expensive algorithms for each and every individual fake vote.
When searching a file, the P2P system could cryptographically verify the votes, and weed out
the "cheap" fake files (that didn't go through the expensive computation).
The cost of cryptographic effort could be configurable. The releaser of a file could judge
the risk of "his" file being attacked (and with how much effort), and thus choose a cost
setting that is low enough to be reasonable for the downloaders, but high enough to void
all attacks.
Re:Uh, prior-art? (Score:4, Informative)
One thing about P2P that I've found interesting is how P2P internet phones never really caught on yet. With something like Linphone and SIP, you can have a phone that looks like AIM/Yahoo/MSN. You just double click on a buddy and make a call. No toll charges, no centralized server keeping records of your phone call, pure communication at its best.
Re:Uh, prior-art? (Score:3, Interesting)
Re: (Score:3, Informative)
This can only be good news for fileswappers. Maybe (Score:5, Interesting)
With that said, this is then a barrier to entry for Overpeer, MediaDefender, and like companies- either they convince these folks to license this technology or they'll probably face a lawsuit (depending on whether they're infringing currently, which is probable).
So yeah, this is good news for P2P filesharing specifically, and P2P networks in general, as being a network disrupter is probably more costly because of this patent.
The courts, however, might rule that one cannot patent things such as this-- there's little-to-no qualitative difference between folks patenting this and me patenting a method for a DDOS or patenting a method used in a computer virus. Depending on the judge, they may be in for a surprise if their patent goes to court.
RD
Re:This can only be good news for fileswappers. Ma (Score:3, Insightful)
Keyword here: almost. I've gotten a number of "Excellent" rated files from kazaa and found them to have the same annoying screech-pop sounds and any other ones. I no longer pay any attention to whether or not a file is rated because it hardly makes a difference.
How is rating a file going
either they convince these folks to license this (Score:2)
you don't see a third option? they refuse to license the technology, and sue the pants off anyone who uses it? thereby enabling filesharing?
Re:either they convince these folks to license thi (Score:2)
Re:This can only be good news for fileswappers. Ma (Score:3, Insightful)
Morality hasn't been a factor in patents for ages, and was inappropriate when it was. You can patent bad things.
New method of protecting illegal activities (Score:3, Interesting)
In this way, you use the patent system to shield illegal activity. If one could find a way to wrap a DMCA encryption layer into the process, one would have lots of ammunition against those companies th
Dual use (Score:2, Interesting)
Good thing I use (Score:2, Insightful)
Technology Lifespan (Score:5, Funny)
2. Deploy into market
3. Product becomes obsolete
4. Patent awarded
Not quite (Score:5, Informative)
So it's safe to put 5. Profit :)
Re:Not quite (Score:3, Funny)
4.5. Sue somebody
?
Phase 2 of the plan... (Score:2, Funny)
And of course, phase 3: Profit!!!!
Re:Phase 2 of the plan... (Score:5, Funny)
It's a technology for p2p Haters, therefore we shall call it "Preparation-H"! Because it's good on the whole.
Would it really matter? (Score:5, Insightful)
And even if there are 10000 files around with a lot of sources for each file, I'm sure people will start trading files containing the RC5 checksums of real files, on IRC or something. Hell, they might even P2P the real-files index
In short: should the RIAA/MPAA and friends even adopt that technique, it'll give them only a very temporary reprieve. They really should realize the cat's out of the bag and they should start thinking of new business models around digital file sharing, not against it.
Re:Would it really matter? (Score:5, Insightful)
Re:Would it really matter? (Score:3, Insightful)
What you do, in effect, is diluting my ability to download the file from other sources than you, because most likely you're the only person to have that version of the file. Which in turns diminishes the overall value of P2P, and also hurts you because nobody downloads from you, therefore you have a lesser rating to download from o
Re:Would it really matter? (Score:2)
Re:Would it really matter? (Score:4, Interesting)
Most mainstream songs (i.e. ones on the radio) have a large fake song:real song ratio. The methods of 'fakeness' vary:
Lately, I don't see many valid songs at all. All the fake ones are on servers with tons of bandwith, so they download almost immediately. The good news is that fake songs usually have the standard format: "Artist - Song Name", where real songs have something that someone might have actually done themselves "01-Artist_Song_Name' or '[Rock]-Artist_(Album)-Song-Name'... but not many people share that, and the one guy that does seems to transfer at 3-5kb/s
Re:Would it really matter? (Score:3, Insightful)
Re:Would it really matter? (Score:3, Interesting)
No, it's pretty much impossible to do this unless you plan to download all the files first which sort of defeats the purpose of the checksumming.
Fortunately you are wrong, if this is implemented within the clients then the checksums sent across the network will be of the actual mp3 data without the id3 tag. It can even be implemented gradually - if implemented: send both checksums, when comparing use the mp3-only che
Re: (Score:2)
Re:Would it really matter? (Score:2)
Actually, there are many sites out that that index P2P files. Sharereactor was a popular edonkey one that was recently taken down.
Prior art? (Score:2, Insightful)
Wouldn't that be an example of prior art? If so it wouldn't cause much of a problem for them.
Either way, I have to wonder how effective this method would actually be. Surely I could get around it by simply downloading the file with the biggest number of sources?
Uh... (Score:2)
Does this mean (Score:2)
The signing program would kinda work, but it'd have to be more centralized than most P2P networks for security reasons... more of a reason to move to Secure P2P like WASTE.
Mixed feelings! (Score:4, Insightful)
I am sure there is plenty of prior art for this. DDOS, bogus uploads to P2P (e.g. people try to become the "supreme being" on kazaa by putting dummy files named after the latest hits). If the only difference is the "intent" and "amount" of the junk sent to P2P networks, granting a patent looks ridiculous.
However, if it there is a lawsuit between these guys and the MPAA/RIAA, I will cheer for the patent.
S
Prior art? (Score:2)
False patent (Score:5, Interesting)
The Definition [techtarget.com] says:
First spotted in June 10, 2000, so the patent is a false or fradulant one.
Re:False patent (Score:2)
Besides, I didn't know you could get a patent on telling a lie and then inventing lots of extra crap to reinfoce the lie. Thats all this is.
It does come down to month (Score:2)
Notice that the article does not tell the month, should it be July 2000, then the patent is false.
What makes this patent different from all the other false patents? Oh yeah, right, there was one-click ordering before Amazon.com first came online, etc. Apparently liars can file a patent before the originatior of the idea does and then sue them for it.
Alexander Gram Bell
Re:It does come down to month (Score:2)
He explained, "Nearly all inventions are developments of existing ideas, taking them just a bit further."
The idea that an inventor creates in a vacuum is ridiculous. The whole of science, and the principles behind Free Software, demonstrate that things are not invented, they are developed from things that came before.
It's only the patent system that makes this "theft". Now, I know patents have to have an inventive step which should not be present in prior art; so if Bell
Re:False patent (Score:2)
First spotted in June 10, 2000, so the patent is a false or fradulant one.
From the article:
Hale and Manes filed their patent in 2000 and it was awarded earlier this week.
Pretty close actually.
Re:False patent (Score:3, Interesting)
Re:False patent (Score:4, Interesting)
Re:False patent (Score:2)
Re:False patent (Score:2)
Not the law (Score:2)
Re:False patent (Score:3, Insightful)
Hashing (Score:2)
Bad files would be less likly to be shared than good ones. If a files has fewer sources, its more likely to be fake.
Re:Hashing (Score:2)
One good think kazaa implemented (and was instantly client hacked for) was that sharers got higher precedence i
but... (Score:4, Informative)
Re:but... (Score:4, Interesting)
Usenet newdgroups, anyone? (Score:2)
Good news for subscription services? (Score:2, Informative)
P2P spam (Score:5, Funny)
Much like legitimate email in our inboxes.
When will they get it? (Score:3, Insightful)
All this does is damage a network through crap flooding anyhow. It will kill freely distributed content as well as the content they are attacking. On the same note, I think that it's complete crap that you can patent something like that. Patent a means of attacking something? If they can patent this, I really need to patent my method of ridding people of underage drinking, known as firing a pistol at the containers that they are holding.
I use bittorrent for my content, and have no need for something that someone is trying to keep me from using, hearing, or seeing by eroding my privacy and rights. If they want to put a barrier between me and their product, I won't waste my time or money on it.
Re:When will they get it? (Score:2)
Just because
So basically they patented spam? (Score:5, Interesting)
If only someone held a patent on spam, maybe that'd lower the volume of it somewhat.
Spam flooding is patentable? (Score:2)
Though couldn't hipcrime be considered prior art?
How can they call themselves a student?! (Score:2, Funny)
This is already a problem.. (Score:2, Insightful)
Back a year or two ago, I remember encountering an mp3 file being served by over 1500 sources on FastTrack, and it was screwed up beyond belief.
file sharing (Score:4, Insightful)
Ultimately, the Internet will recognise the uploading of "poisoned" files as damage and route around it accordingly.
MD5 (Score:2)
Now the patent is over-priced rectum cleaning material.
What the hell is the point of paying for a patent when the circumvetion techniques outdate the technology itself?
Right (Score:3, Interesting)
Magnet links send you right to the file without neeeding to search.
You can check for files with lots of sources AND different IPS with a file that ISN'T rated 0 with a FAKE comment attached to it.
IP Bans, file size checks, sample checking, file hashing.
There's too many ways to block fake files.
and again... (Score:2, Insightful)
I patented making MP3s full of shit noise and then naming them after known works of music? Couldn't the artists sue them for slander against their music? If I took a chior of mentally handicaped people, recorded some of their music, and distributed it as "Backstreet Boys - Every body now" (or whatever they name their stuff)... someone could take offense to that and probably take it to court.
Re:and again... (Score:2)
Dangerous... (Score:2)
So, I note that a lot of the time, recently, when downloading music files, some of the hosts have the correct version and others the decoy.
This is dangerous, though, because it exposes the possibility of distribution of other types of file (eg application binaries) with shady bits from crackers inserted.
Peer-to-peer networks should look at this as a significant security risk and devise ways around it.. I think bittorrent could be made the most resistant, as there's generally a progenitor host that chunk
How is this fundamentall different from... (Score:2)
Correct me if I'm wrong, but isn't that pretty much the same as what's involved in jamming radar or radio signals?
I'd say that there's prior art on this one.
They invent... (Score:3, Insightful)
All it takes is someone to put it all together, most of the bits and pieces are already there. And that, is only a matter of time. Unfortunately, I suspect there will be some collateral damage:
They're now trying to cure what I would call light sniffles with heavy antibiotics when it comes to information control. One day, not so many years from now someone will point at the copyright holders and say: "You see the movie of this 4yo eating cum, that'll download if I double-click? We can't stop it, and it's all YOUR FAULT"
Kjella
social discovery (Score:2)
Social discovery, reputation and trust metrics, and feedback to close the loop will all become bigger and bigger concerns in partially or fully decentralized peer networks as a natural consequence of attacks and exploits like these.
The incentives for groups and individuals (even government) to try and subvert these systems is growing
Ponder this quote.... (Score:2)
I think this quote reveals alot. It is one of the inescapable facts about the Internet.
There will always be something that fills a gap left by something else. Using technology that is described above only has a limited life-span.
Someone somewhere will devise a better system.
It will eventually equalize down to the lowest common denominator of this simple fact, from this point forward digital entertainment will have to be
You Don't (Score:2)
You don't.
Survival of the fittest... (Score:3, Interesting)
When will they learn?
Re:Survival of the fittest... (Score:3, Informative)
Why this will have little or no effect (Score:2)
The next generation of file sharing software is already here. For movies, apps, and games, BitTorrent and eDonkey provide a realiable means to transfer the file. Unless they've found a way to get through MD5
...how is this different from spam? (Score:2)
That's bullshit hypocrisy right there. Because you don't like something, that gives you every right to destroy/break it?
Yeah, smart thinking there. Ruin P2P because it's a medium used to share copyrighted material. While you're at it, crapflood IRC, Newsgroups, Instant Messaging protcols, and email because they could be used to send others copyrighted material.
These dickheads nee
Re:...how is this different from spam? (Score:3, Insightful)
No use. (Score:2, Insightful)
not just illegal files (Score:3, Insightful)
This threat isnt going to keep me awake at night if it's confined to music, but as the article says,
Hale said the technology could be applied to protect all sorts of sensitive or confidential material.
This means we won't be able to trust the current generation of P2P networks for authentic news, commentary from reputable sources, free (as in either) software, accurate documentation for same, or any data that some powerful organisation doesn't want us to share. In many cases such forgeries would be illegal under copyright, trademark, defamation or competition laws, but proving which cuckoo laid the egg could be very difficult.
One word: SHA1 (Score:3, Insightful)
This raises the question.. (Score:3, Funny)
So... (Score:3, Funny)
LK
Re:When will this end? (Score:2, Insightful)
Re:When will this end? (Score:2)
In either case, the answer is no.
Re:When will this end? (Score:4, Insightful)
Maybe - just maybe - this is a good thing. The question is, did it happen at a useful point in time, or is it now irrelevant?
Uh (Score:4, Interesting)
I've been buying from the iTunes store since it came out. There is no valid reason whatsoever to pirate an artists' works on Kazaa and eMule. Slashdotters have yet to legally or morally justify ripping off an artist's stuff.
Re:This technique won't work (Score:2)
I know plenty of people that will queue up many things at a time and check in on them in a day or two, during that time most if not all of the files would be completed and the good ones along with the bad would be available to the system.
The only way to 'beat' this system would be to check each of your files before they get shared.
Re:This technique won't work (Score:2)
Re:Safe File Share (Score:2)
Trust systems could be added to Kazaa or any other network real
Re:Is this legal? (Score:2, Interesting)
Why? (Score:5, Insightful)
Spamming is a known attack on most P2P networks, because such networks treat everyone with a certain level of (possibly undeserved) trust. It's not rocket science, and if people designing networks failed to take it into account and allowed it to be an effective attack, it's *their* problem (just as the RIAA devising a business system with expensive music and infeasible protection has copy protection as *their* problem).
This does nothing to solve the thing long-term.
Here is what will happen.
Initially, P2P networks took a "trust anyone" appraoch. (Napster, etc). This rapidly was shown to be infeasible, and systems allowing black/whitelisting users, allowing trusted endorsement of files (Sharereactor and similar), and allowing community rating (Bitcollider) popped.
Hale and Manes just took the obvious next technological step, which is to make it easier to attack the network -- have a system that learns what people are suckers for most, and to exploit it (well, and just about every other claim they could think of to throw in, but that's the meat of the patent). I think that it's absurd to make this patentable, frankly. These ideas are not only obvious, but have been floating around on P2P system development forums. Furthermore, the academic and business systems that we have rewards people like Hale and Manes for creating bullshit patents -- that's still not their fault. It's that of the people who have control over the patent process, which is ultimately all of us.
It's quite possible to counter whatever Hale and Manes are claiming is new and revolutionary. There are current systems like WASTE with simple trust systems -- users can be in or out, and anonymous users aren't trusted. It may take a trust network with non-binary trust (this person is *really* trusted to provide good files, this one not as much) and transitive trust. The schemes coming from Hale and Manes are quite beatable, though -- it's a losing position to be holding.
Anyway, after someone comes out with a trust system, people like Hale and Manes will then come out with patents on processes that demonstrate attacks on whatever statistical methods are used to assess trust in such networks.
The algorithms will be tweaked by P2P folks, and eventually a pretty-good-to-the-point-that-P2P-network-attacke
Content providers will be forced to move more towards service-oriented systems (you buy a music "service" with access to a vast music library, and then content creators and marketers are recompensed based on how much their content is used). It's not the end of the world for anyone, and the same cycle of upheaval and technological improvement has happened time and time again in many areas. In the end, we generally have a more effective system for all involved.
I personally *like* it when people run out and attack P2P networks. It drives people to do systems right, rather than just hack things up without a thought for security (and unlike a cracker breaking into a computer, someone attacking Gnutella doesn't prevent anyone from getting work done or expose personal data). I think that producing "properly built" networks that don't have such weaknesses is an absolute blast, a fun research topic, the side that gets all the love from people who are trying to toss data around, etc.
Heck, it might even be neat to work under Hale and try to thwart the latest in anti-sharing strategies that one of his other students has come up with.
Re:Good for people sued by the RIAA (Score:2)