Court Docs Reveal Kazaa Logging User Downloads

Dan Warne writes "The most explosive documents in the ongoing Kazaa court case have emerged today, including logs of discussions between parent company Sharman and the Estonian developer of the Kazaa Media Desktop. They include extraordinary admissions like: "Reporting will make Kazaa look like spyware, as soon as it becomes evident we record downloads and playbacks, users will flee to competitive networks" and then "One can argue that we have knowledge of copyrighted material being downloaded in our network and have to install filters. If we are reporting [gold] files, then technically we could do the same for every file." Finally, "RIAA [could] collect the IP addresses for everyone who has searched for or downloaded that file." Despite the Kazaa developer's concerns over these issues, Kazaa went ahead with the logging." (More below.)

Warne continues "APC Magazine journalist Garth Montgomery, who has covered every day of the trial in the Australian Federal Court, says: "In a nutshell, this has got to rate as the most explosive document revealed. It makes it damn near impossible to maintain the separation theory that Sharman and Altnet rely on in terms of business independence and technical infrastructure. The control they exercise over the system is complete." Montgomery has also scanned in all the documents and made them available in PDF format, including the confidential Kazaa purchase contract and technical specifications for the Kazaa Media Desktop."

open source

[jeif1k]

I think stuff like that shows you why closed source software can't be trusted. I bet bigger companies do similar sorts of things as well, as part of their "software updates" and all the other network traffic they generate.

So...

[calyptos]

So does this mean that they can get the logs and go after people who have illegal downloaded media?

glad i never used kazaa

[dj42]

Creepy stuff. Not that the logs are all the useful -- considering just how many people and IPs will be in them. That's like getting a list of 5 million people... you can't send them all to jail and/or fine them. Or... can they?

well...

[Bolshoy Pimpovich]

It looks like we are going to evolve backwards... everyone will be running back to IRC for their illegal needs.

Re:Once again...

[JimBoBz]

"Piratebay is hardly private, although I think your response is a bit of a troll-if they were doing that...."
Although no-one is likely to listen I can attest that it would indeed seem Piratebay is doing just what the grandparent of this says. Download a few torrents from them and find out the hard way....

Just KMD?

[lachlan76]

Is it just KaZaa Media Desktop that is affected by this, or is it done on the server end, thereby logging downloads by ALL clients, such as giFT-Fastrack?

Re:So...

[PhotoBoy]

If you're not in the USA the RIAA probably won't care.

I'd be surprised if Kazaa kept logs for more than a few months, the size of the data would be vast. They probably overwrote the logs after they'd got what they needed from them. I suspect the logging was only so they could create stats for each file downloaded to see how well files were spreading.

They're just clueless

[Moraelin]

Well, the recording part is the part that's really sad. It's such massive lack of clue, it's... well, come to think of it, probably standard for management.

And wth is with all these companies and collecting data about their users? Everyone must track you, profile you, and make you go through an intrusive registration just to (for example) download a patch to a product you've bought.

Now I _know_ that you're not really anonymous on the Internet, they can collect a ton of data about you, bla, bla, bla, Sure, they _can_. But do they even have a _legitimate_ use for that data? I.e., one that doesn't boil down to "we can sell the list to spammers later."

Most of the collected data nowadays (and again I don't only mean Kazaa) is plain useless for anything even resembling an aggregate statistic.

E.g., in Kazaa's case can they even do an automated aggregate statistic over the filenames? How? There must be hundreds of different ways to write the same filename, so good luck telling whether more people download Britney Spears or Eminem. Or which genre do people download more. And even if (ad absurdum) they could get an aggregate statistic, what would they do with that data?

E.g., in the case of some companies' intrusive registration forms and out-of-hand data collection, wth are they gonna do with such pieces of trivia as my house number or telephone number? _How_ does one use that in an agregate statistic?

I mean, "How many people bought our product in Europe vs USA?" is a statistic. "How many people with an even house number bought our product?" is at most useless trivia. There is _no_ useful information in there.

Dunno, reminds me of dogs chasing a car. They have no idea what they'd do with it if they caught one, but they just must do it anyway.

Sad.

Can Skype be trusted?

[matthew.thompson]

IF this sort of action was taken at KaZaa what decisions of a similar nature are being taken at Skype?

I know that I use it for personal calls with no inherrent value but there are compaanies who are starting to use it to cut inter-office and employee communications bills - they could very easily be concerned about this.

Re:WOW

[Cryogenes]

It looks like bye-bye kazaa. It will soon join Napster (The real one, not roxio)

Both of them, let's hope.

Re:They had it coming

[ceeam]

Oh, brother, if only we could have a law passed that every "license agreement" is void and null if it exceeds, say, 500 characters of text, wouldn't world be a slightly better place?

I read this in a recent Billboard magazine...

[matthewcraig]

Billboard Jan 8, 2005 - Regarding the federal Syndney court battle over Sherman's Kazaa technology and major labels attempt to "recover compensation for past illegal downloads":

[The labels' lead barrister] Bannon also asked [Sherman chief technologist] Morle to sign on to Kazaa using a "special command line." This lead to those in attendance witnessing a connection to an alleged central server in Denmark, which Morle said he thought had been "phased out." The labels claim there is a "bank of some 20 computers in Denmark" contolling Kazaa.
During the 13-day trial, the parties submitted "hundreds of pages" of documents and sworn affidavids of expert witnesses as evidence. Only a portion of these winesses provided live testimony.
Attempting to establish the operators' ability to control the network, other industry experts said user statistics have been collected by Sharman, users' activities could be monitored, and logs could be maintained to trace users' locations.

Re:Skype

[Chazmosis]

I may be mistaken here, but wasn't Skype created by the people who sold Kazaa to Sharman Networks? Sharman's the ones pulling the crap here.. I don't recall (Though I never used Kazaa back then) Kazaa being loaded with Spyware to begin with?

Log files

[Anonymous Coward]

Ok, they have IP address and whatever was downloaded. No the question is how long is the retention policy of your local ISP with respect to the IP address you had durning that download period.

Expect a call?

Re:Stop the Bullshit Now

[Anonymous Coward]

The endgame is either a Kazaa concession to log all activity

Which would bankrupt them in half a year. This is where someone should have realized the slashdot headline was misleading, and 99,9% succesfull at that, looking at the many paranoid posts.

Ask yourself this simple question, how does one pay for the huge pipes needed for collecting data about all fasttrack usage? Remember we are talking about companies that have a couple of former soviet state coders and a webserver, thats it! They can make millions in spyware, I am sure, but whats the point if you have to spend most of it on monitoring/policing users or end up in court again for failing to comply with court orders?

Just think about it, a central statistics hub for every fasttrack peer? That needs insane amounts of bandwith! It might actually eat the most part of whatever fiber is going toward australia ;-) (Is that still a one telco, one under sea cable situation, or did the forced peering work out?)

Ofcourse once these download reports (5/client/hour?), and maybe search queries (15/client/hour?) come in from *millions of clients* they have to be processed (ebay size server cluster?) and stored (terrabytes?) on systems that are carfully maintained (8 engineers/coders full time?). All of this would serve *no business purpose whatsoever*.

subject goes here

[Heem]

Bottom line, if you want to download stuff illegaly, do it carefully and non-mainstream. One of these days there will be a sensable way to purchase music that you can burn to cd or otherwise do what you like for a fair price. Until that day comes, don't be a moron about it.

Well, don't be a moron then either.

kazaalite has no "topsearch.dll" file to do this

[Anonymous Coward]

I believe Topsearch.dll is the file that does this. I think that kazaalite does not create this file, and certainly not the hacked versions of kazaalite.

Correct?

Re:WOW

[badasscat]

It looks like bye-bye kazaa.

And really, good riddance. If they're logging all their users' downloads, installing all kinds of adware, spyware, and other crapware on your systems (which they also admitted in court documents), and just generally acting not only as a bad corporate citizen but also an evil software developer in terms of their own users' interests, then this is most definitely not a company we need in existence in the world.

Whether you're for or against P2P in general (I'm for it), the world will be better off with Kazaa completely out of the picture.

Re:WOW

[Deathlizard]

If these prove to be legit, and Kazaa has to cough up logs, then the fun is over.

Frankly, Good for them. I never trusted Kazaa one second. There was something about it that I didn't like but could never really pinpoint on what it was outside of spyware infestation. Personally I was a ED2K fan until leeching made the devs put Anti-leeching programming into ED2K. Now all the ED2K clients are so stingy it takes days to get a file started.

I wonder how far back the logs go. With data like that the RIAA/MPAA could have a field day suing users.

Re:They're just clueless

[hrieke]

Just to point out that in the business world, there are no completely useless stats. I keep a DB at work called LDLS - Lies, Damn Lies, and Statistics - which is used by every program that I write to track down all the little odds and ends that management wants to track. (They told me to create a metrics DB, I selected the name.)

On spelling, you can use a soundex function to reduce all to simular sounding groupings.

Collection of personal information like house number or telephone number- these can be mapped back to a phycial real-world location and then shown with other statitical information.

Try this out- to go Google and enter in your home phone number ( (xxx)-xxx-xxxx format ) and watch Google return your home address, and then be able to map near by businesses.

And since you can break things down by areas, and know what is being viewed / downloaded where, that information has value to others trying to sell stuff to you- Sherman networks knows that you liked SNL with Ashly Simpson- so in theory they could sell your name / address to companies that sell SNL videos and to record companies that produce crappy singers. Plus I'm sure Ms. Simpson would love to know that she's even more famous for just being famous.

Go read up on data mining sometime.

Re:glad i never used kazaa

[tweek]

". In a democracy, laws (should) reflect what everyone wants,"

And this is why democracies are always doomed to failure.

A few quotes:

"A democracy is nothing more than mob rule, where fifty-one percent of the people may take away the rights of the other forty-nine."
Thomas Jefferson

"Democracies have been found incompatible with personal security or the rights of property;
and have in general been as short in their lives as they have been violent in their death."
James Madison

"A government of the masses. Authority derived through mass meeting or any form of direct expression. Results in mobocracy. Attitude toward property is communistic, negating property rights. Attitude toward law is that the will of the majority shall regulate, whether it be based upon deliberation or governed by passion, prejudice, and impulse, without restraint or regard to consequences. Results in demagogism, license, agitation, discontent, anarchy."
Democracy, 1927, The U. S. Army Training Manual

"Remember, Democracy never lasts long. It soon wastes, exhausts and murders itself! There never was a democracy that did not commit suicide."
Samuel Adams

"If you establish a democracy, you must in due time reap the fruits of a democracy. You will in due season have great impatience of public burdens, combined in due season with great increase of public expenditures You will in due season have wars entered into from passion and not from reason; and you will in due season submit to peace ignominiously sought and ignominiously obtained, which will diminish your authority and perhaps endanger your independence. You will in due season find your property is less valuable, and your freedom less complete."
1850, Benjamin Disraeli

Now according to the CIA World factbook here:
http://www.cia.gov/cia/publications/factboo k/geos/ as.html#Govt

Australia is:
democratic, federal-state system recognizing the British monarch as sovereign

So your argument would actually work in Australia but not in the U.S. which is "Constitution-based federal repulbic" where the rule of law governs the land and not the majority.

Look at it this way, if the majority wants you dead and your belongings scattered to the wind, they can do that in a democracy as long as 51% of the people agree.

You missed one...

[ari_j]

You forgot to refute the part of his logic that assumes that one disreputable user makes the entire service disreputable. Some people use Slashdot to post "Gaynigger" trolls - does that make Slashdot a disreputable, homophobic, racist website? How about people who use Linux to develop Internet worms - does that make Linux a disreputable kernel?

For a group of people supposedly at least remotely qualified to perform scientific analysis, there is a whole hell of a lot of disregard for any sense of logic here at Slashdot.

Re:WOW

[ricka0]

Besides it was a major virus/etc security risk to people using it really... check out the last paragraph here [blanu.net].

Re:IPX time baby!

[IthnkImParanoid]

Would that be someone who pretends to be a genius but is really just an intermediary?

Are MPAA/RIAA etc modding posts on this thread?

[Anonymous Coward]

Go through this thread and note the posts that explain how only the Kazaa Media Desktop has the potential to do this, and NOT kazaalite. Now notice how those posts are modded down.

THen go back and see the posts that say that the server will log all kazaa downloads. See how those are modded up.

Is it possible that the public relations arm of MPAA/RIAA is action right here on this thread?

Re:Oh, Lordy, here we go again

[bonch]

If you want to say that copyright infringment is immoral behavior, you have to make that argument. Not declare the case closed by calling it "stealing" and ridiculing anyone who objects to the metaphor.

Nobody defines it becuause it's brain-dead obvious. The fact you've clouded your own mindset to the point you feel it's not obvious is telling. For instance, taking Doom 3 without paying for it is immoral. A lot of people spent years working on that game to make a living, and you're taking it while not paying for it--that makes it immoral.

It's brain-dead obvious.

These are basic concepts of right and wrong taught when we're three years old. This moral relativism, pro-piracy spiel I sometimes see on Slashdot where "I'm so used to the convenience of downloading that I've justified it in my mind so that I'm not doing anything wrong" is pretty childish. Funny how this attitude disappears when Slashdot posts articles about companies using GPL source code. Not only is it referred to as "stolen" code, but the companies are dumped on for violating the GPL copyright! By your reasoning, why should anybody follow the GPL? What's wrong with breaking it?

This generation of computer users seems to be all about "Gimme that, it's mine! Gimme that, it's mine!" The sense of entitlement is amusing and creates these sorts of hypocritical situations.

Re:Once again...

[fyngyrz]

Actually, electrons transit very slowly down a wire, and as AC service is generally 50 or 60 hz, and there is generally considerable distance between where your wiring begins and your electrical power demands begin, I'm afraid we're all using the electrons already present in the wiring -- not those "sent" by a power company. At least if we own our homes, we own our electrons, too. I know I paid for all my wiring. :-)

Think of electrons in a wire as a pipe full of ping-pong balls glued to each other. The electric company is just pushing and pulling on ping pong balls they have, so that the ping pong balls you have will move.

Re:Once again...

[antic]

I read Mark Cuban's take on this yesterday, where he suggests that the majority of P2P music trading is legal. He suggested that if you graphed file downloaded vs download count, and imagine the results as something of a bell curve, you'd see significant volume (obviously) in the most popular music. However, he suggested (and I think there could be some merit to it) that the sheer number of legal tracks would extend the tail of the curve. i.e., there might be a million downloads of a Britney Spears song. But there might be a single download each of a million other garage bands enthusiastically trying to get their name out there.

I'd say he's pushing it with the "majority" remark, but it makes me wonder if the 99% claim often made is close to the mark.

Re:Just KMD?

[generationxyu]

Well, it's an interesting question. I gather (and this is just my understanding, correct me if you know more about FT) that FastTrack (the network Kazaa runs on) works generally in the same way that Gnutella works. Each node keeps information about other nodes it knows about. So I launch a Fasttrack client for the first time, and it comes with a list, hopefully a long one, of IPs and possibly ports to try. Some of these may be dead, some may be alive. One way that I understand FT varies from Gnutella is supernodes. A single node keeps track of one layer's worth of nodes, whereas a supernode keeps a whole tree, and can be queried. These are what hold the network together, and why OpenFT is failing. If you can connect to one supernode, you're essentially golden. KMD/Sharman/whatever has a bunch of supernodes that they run. In this way, it's their network. So theoretically, if you connect to their supernodes, they can log your searches/downloads. But if you're not, well, then, you're an island. It'd be nice to get Julian Ashton, one of the guys who works on giFT-fasttrack, on this discussion to see what he has to say.