This is How We Catch You Downloading 308
marto writes "All over Europe thousands of people are being threatened with court action for allegedly sharing games like Dream Pinball 3D on P2P networks. Now, documents obtained by TorrentFreak show details of the anti-piracy company's techniques for identifying alleged file-sharers on the internet and the gathering of claimed 'forensic quality' evidence for use in court cases."
Good thing you can't mask your IP address (Score:5, Insightful)
Oh, wait...
Good thing you can't block them (Score:5, Informative)
Re:Good thing you can't block them (Score:4, Informative)
Re: (Score:3, Insightful)
How many did you get before you installed it, or are you saying it had zero impact on your BSA notice quota and is thus an irrelevant data point?
Re:How? (Score:5, Funny)
ifconfig eth0 127.0.0.1
Now they'll never find me ! Hahahaha !
Eh, wait...
Re:How? (Score:5, Funny)
Now they'll never find me ! Hahahaha !
That's what you say! I can see your ssh port open, and I'm already in! Count down to "rm -rf
Re: (Score:2)
Damn... That command asks for the administratior password. Anybody know the root password?
Re:How? (Score:4, Informative)
Re: (Score:3, Funny)
Re: (Score:3, Funny)
Re:How? (Score:5, Informative)
You can easily use a (open) proxy or similar to mask your HTTP traffic. But if you'd like to take it one step further, Relakks [relakks.com] (based out of Sweden - also accepts foreign users) uses VPN to route all packets from your machine out onto the Internets. You can check their legal FAQ to read about their restrictive policy regarding your personal information. It'd take a subpoena from the Swedish gov't to for them to hand out your originating IP address. This is rarely done - and as I understand it copyright violations are not considered "serious" enough.
Works like a charm and the performance drop is insignificant. You could easily saturate even a 100 Mbps link using this service.
Automated lawsuits (Score:5, Interesting)
They seem to be very sure that an ISP keeps accurate IP address records. Why do I feel that this will result in a semi-technical employee of the ISP pulling up who the IP Address is currently leased to? I feel sorry for all of the people with a wireless network using a SSID of "Linksys". Expect a letter tommorrow.
Does anyone else feel that it doesn't matter to the RIAA/MPAA if their lawsuits are accurate or not? If you send intimidating letters to people, some of them will settle even if they are innocent. You can then claim X number of settlements and declare victory.
This is a great scam for someone who wants to commit fraud on a national scale. Send people letters claiming that they breached copyright law and demand a settlement. Offer an opportunity for settlement for $2000. If they get a lawyer, drop any claim. If they ignore it, write it off. If it costs you a dollar per letter and 0.1% of people accept your "offer", a million letters will net you a million dollars. Maybe this is the new business model for big media.
Re:Automated lawsuits (Score:5, Interesting)
I'm not sure what the law says in Australia, although vexatious claim comes to mind. In the USA, people seem to use the term racketeering, although I don't know enough about US law to know if this is correct.
Michael
Re: (Score:3, Informative)
Re:Automated lawsuits (Score:4, Interesting)
That would be an illegal business model. However, if you do follow through on the rest and take them to court and win most, then it's perfectly legal. It is illegal to threaten lawsuits without cause. It's not illegal to offer a settlement if you do have cause.
The statistics aren't really in since the legal system is a slow turning one, but I'd be surprised if most people managed to show a preponderance of evidence against. Sure, you can point to hackers, open wifi, lack of computers/equipment/skill, but they're more doubt than making it *probable*. Is that his excuse? Has he sent in a different, clean hard disk? All of these defenses rely on evidence you bring yourself, there's no official log anywhere to back you up.
Re:Automated lawsuits (Score:5, Insightful)
True, but on the other hand if you're going to be suing people on the scale that the RIAA has been suing people, your evidence had better be pretty solid or you're treading on thin ice. Judges are starting to wake up to what the RIAA is doing, and I hope that trend continues.
All of these defenses rely on evidence you bring yourself, there's no official log anywhere to back you up.
Also true, but there's no "official" evidence to back up their claims either, which is the crux of the matter. And no, the information ISPs record hardly qualifies as an official log. Those are typically for provisioning, diagnostic and statistical use, and are not intended to serve as evidence against their own customers. Nor does a screenshot from Kazaa showing a list of IP addresses count as strong evidence.
The chain of evidence is pretty weak, given that they're depending upon data that was not recorded with the intent of being used in court, isn't particularly reliable anyway, and is subject to human mishandling outside any forensic chain established by the courts, and isn't guaranteed to point to the actual "criminal" in any event! The problem here is the (unfortunate) human tendency to accept information generated by a machine that you don't understand as being valid, when there's a substantial chance that it isn't.
That effect is very real
It's not as if there's some official Federal standard in place for ISP data monitoring that would be guaranteed to hold up in court so long as the ISP could be shown to be upholding the standard. I can guarantee that ISPs wouldn't want such a standard because it would cost them a fortune.
Re: (Score:2)
but there's no "official" evidence to back up their claims either, which is the crux of the matter.
In the U.S. there are profound differences between civil and criminal law - differences which the geek seems determined to ignore.
The burden of proof is lower. Much, much lower. Decisions are based on the "weight of the evidence," or,
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:3, Informative)
Yes, that's how discovery works in the US. It's not a bad system, actually. You might want to read up on it.
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
Frankly, I'm surprised this hasn't been done already. Huh. For all we know, maybe somebody has.
From a purely technological perspective, services like MediaSentry are workable only until file transfer software reaches a certain level of sophistication
Re: (Score:3, Insightful)
The way things are now, with all this legal stuff flying through the air, you can just shorten the name back to P2P (Paranoid To Paranoid.)
Re:Automated lawsuits (Score:4, Informative)
I served on a grand jury that saw several fraud cases that involved the use of ISP IP lease records, and the employees that testified were very knowledgeable and diligent. That's not to say that they would be in every case, of course, but what direct experience I do have suggests that your concerns are misplaced.
Re: (Score:2)
A. You are downloading intellectual Property that you are not supposed to have.
B. You are running any server based application (i.e. FTP)
C. You are letting anyone in your local area to get free access to your link other than people in your actual residence. At one point they would even threaten if you had a router. Nowadays you would be
Re: (Score:2)
Re: (Score:2)
Where the hell have you been? (Score:2)
This is a great scam for someone who wants to commit fraud on a national scale. Send people letters claiming that they breached copyright law and demand a settlement. Offer an opportunity for settlement for $2000. If they get a lawyer, drop any claim. If they ignore it, write it off. If it costs you a dollar per letter and 0.1% of people accept your "offer", a million letters will net you a million dollars. Maybe this is the new business model for big media.
Um...hello? [riaa.com]
Re: (Score:2, Funny)
Re:Automated lawsuits (Score:5, Funny)
Aren't Linksys and Default free wireless broadband ISPs?
Re: (Score:3, Informative)
They seem to be very sure that an ISP keeps accurate IP address records. Why do I feel that this will result in a semi-technical employee of the ISP pulling up who the IP Address is currently leased to?
We keep meticulous logs for a variety of reasons, both legal and for the security of the network. It's a blessing and a curse--when we need to track down someone for abusing the network, it's easy. But when we need to find someone who is about to be harassed by the MPAA/RIAA, it's also easy.
The people who search the logs are quite competent. The log audit software we have takes a timestamp in any format accepted by strftime, which means that we can give it a timestamp with a timezone w
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
That ISP had like 4000 customers so we're not talking big time. A
Why don't we ... (Score:5, Funny)
Re:Why don't we ... (Score:5, Funny)
Re:Why don't we ... (Score:5, Funny)
No need for email, there's a convenient web interface [turnofftheinternet.com] available.
To quote... (Score:5, Interesting)
'Nuff said. And thanks to Merl Ledford III. (Pardon my edit, by the way.)
I find it so hard to believe that these companies continue in the thought that they can make these cases work.
Not that foolproof (Score:5, Interesting)
1. It doesn't download the whole file from your system. Which means that they can't really show that you have the file, just that you say that you have it. Some anti-piracy systems are known for responding to any search request with a positive result but full of junk or ads.
2. It doesn't really prove it was you, it just logs it to an IP address (even if it was your IP, you are running a wireless network, right?)
3. It currently doesn't do bit torrent, just other P2P systems.
And probably alot of other problems - just did a quick scan of TFA to produce this post.
Michael
Re:Not that foolproof (Score:5, Interesting)
2. It doesn't really prove it was you, it just logs it to an IP address (even if it was your IP, you are running a wireless network, right?)
Exactly. I never illegally downloaded file in my adult life (and likely not before, given that 2400 baud was fast back then), yet I have a wireless (FON) router open to everyone who are near. It's pretty open, you could even print if my printer happens to be turned on. Security doesn't worry me as there is only linux machines on that network, and the internet connection is decently firewalled. But conceivable, someone could drive by, and download the latest Beatles-modern-equivalent file, and I could receive such a letter --- my IP is fixed, so no discussion there. But still, if any ISP is innocent, so am I.
In other words, they have to prove not only what IP did it, but what person. How do you do that? This sounds very much like the naughty-phone-bills case. They had to prove that it was a resident above 18(or 16?) that had called, and if they were unable to (as they were in most cases) they were kicked from court.
Re: (Score:2, Insightful)
Re:Not that foolproof (Score:5, Interesting)
It will bother me no more and no less than if they'd used any other connection. What's next? Not borrowing a screwdriver out because it might be used for a break-in? I will not let a few deviants destroy all that is good and beautiful about this world, and neither should you. I share my connection freely within reasonable limits.
Re:Not that foolproof (Score:5, Insightful)
However you could find yourself arrested, your equipment seized, and stories in the newspaper before anyone had time to believe that is wasn't you who did it, if they ever did.
Sharing is a good thing, but unconditional sharing a net connection without checks of any kind is asking for your generosity to be abused.
Re:Not that foolproof (Score:5, Insightful)
However you could find yourself arrested, your equipment seized, and stories in the newspaper before anyone had time to believe that is wasn't you who did it, if they ever did.
Those things could happen no matter what I do. It happens to the people dealing with children occasionally, unfortunately, but fortunately the police are usually adamant about being very sure before they go around arresting people for such crimes until they are reasonable sure. For a mathematician such as I, I find it unlikely. If my IP did show up in a log, the local police might visit me for a chat, I'd show him what I could show (which would be a likely timestamp, maybe) and he would be on his way.
Really? I think you fear your fate too much. In fact, my very open network has only ever been used by one person, and that person is me. What I do is legal, makes the world a bit nicer, harms noone, and the chance of mishaps are small. I'd be a coward for not doing it.
Let me put the risk in perspective for you. The police claims that they monitor several child porn sites. And that lots of lots of people tune in and stays there for more than 1 minute. Yet, charges are rare. Doesn't that tell you something?
Re: (Score:3, Insightful)
:( I know it is bad in many places, but surely, it is only in the movies it works like that in the US?
Re: (Score:3, Insightful)
In severe cases of child pornography? I doubt it. Depends on where in the U.S. you live, and how much child porn we're talking about.
As I've said many times already, and as you can see otherwise, I do not live in the US, for which I am thankful. I lived there for 10 months, and frankly, that place stunk :) (Alright, so it was Minesota, and small towns stink everywhere. But I've never had the desire to visit US again).
Best case is probably detectives coming in with warrants, taking what they want, and likely you as well. Worst case is the guns..
I doubt they would draw on me. It causes them a lot of paperwork, you see. They might take the computers, if they had a warrant, but that costs them a) paperwork and b) money, so I don't think they'd do it for an IP addr
Re: (Score:2, Insightful)
The only way to get there is to start behaving like he is. And since you don't seem even close to ready to do that, it's going to take a while. You can't have a great society if nobody trusts anybody.
Re: (Score:3, Informative)
Sure.
But consider this: in Berlin, there's a free as in speech wireless mesh network with more than 200 nodes. They are all more or less connected to each other and happily pass data around. A lot of them offer internet access. There's a map [layereight.de] of the network you can look at. Now, even though this network is publicly known, freely accessible and run in a very large city wi
Re:Not that foolproof (Score:4, Informative)
I don't think the safe harbor provisions of the dmca would apply to you. The majority of ISPs' AUPs forbid "re-sharing" or re-selling of a subscriber's internet connection. You are a customer, not an ISP.
If you have an account with an ISP that permits you to re-sell the internet access, then you could claim safe harbor. Indeed, the riaa would be left sending you letters for ip-to-user translations.
Try finding a small local ISP and work with them to get re-sellable internet access. Maybe try the neighborhood wireless angle or free hotspot connectivity.
Re: (Score:2, Informative)
Re:Not that foolproof (Score:5, Insightful)
As for forbidding "resharing", how on earth can they ask for that? Can I share with my wife? Kids? Friends? Boarders? Relatives? Guests? That's a ridiculous clause if such things exist.
Re: (Score:3, Informative)
While I am not a lawyer, I believe it would hinge on the legal definition of an ISP. If your upstream provider doesn't allow you to re-sell your internet access, it makes it pretty difficult to argue that you are an ISP.
Re: (Score:3, Insightful)
The very fact that you have to agree not to do so implies that it is technically possible to act as an ISP, so I'd think that would help support a defense that you were acting as an ISP. The violation of your contract with the ISP is a separate issue.
Re: (Score:3, Interesting)
Wishful thinking at best. Acting as an ISP and being recognized as an ISP under the law are two different beasts. One will grant you safe harbor protections and the other not so much.
I can act like a cop, does that mean I can be afford all of the protections
Re: (Score:3, Insightful)
"Outside the Premises" is the operative phrase. Premises referrs to the whole property. If you live in an apartment, the whole complex is the premises. If you are a home owner, your property lines define the premises.
A common principle in law is that you are not liable for mis-appropriations of your property for criminal purposes so long as you used ordinary care. Given that the vast majority of all people never change the default allow everything configs on their AP (and don't even know how to change it)
Re: (Score:2)
But still, if any ISP is innocent, so am I.
I don't think the safe harbor provisions of the dmca would apply to you. The majority of ISPs' AUPs forbid "re-sharing" or re-selling of a subscriber's internet connection. You are a customer, not an ISP.
If you have an account with an ISP that permits you to re-sell the internet access, then you could claim safe harbor. Indeed, the riaa would be left sending you letters for ip-to-user translations.
Try finding a small local ISP and work with them to get re-sellable internet access. Maybe try the neighborhood wireless angle or free hotspot connectivity.
What are you going on about? This is about the civilized world, not US :p
My ISP lets me do anything that is legal and non-commercial, and I sincerely doubt that the non-commercial will really hold up in court. Not that it matters, since I have no intentions to. Providing free wireless is well within those parameters.
Re: (Score:2)
Re: (Score:2)
Well, if you get such a letter, you better have a log file to show them it wasn't you. Of course, such log files can also be faked, but I guess you are in a much worse position if you can't show at least some evidence that it wasn't you.
No. It is not my job to show I am innocent. Heck, some guy in this country was let off intensive sharing of child-pornography on the defense that his computer was riddled with virus.. Or some such. I'll just say "I didn't do it. Since I have an open wireless, it could be anyone in the neighbourhood". Then it would be my word against theirs, and the case would drop. Of course, they might bother me, even ransack my harddisks (which are clean). If they actually took my computer, I would be awarded damages if
Re: (Score:2, Insightful)
This is always the crux of the argument I haven't seen fleshed out. If a bank robbery is committed and my license plate is seen on the get away car, I can be quite sure I'm going to be bothered by the police until I tell them who I had let use my car at that particular time (assuming of course *I* wasn't driving a the time!).
I suppose if I could prove I routinely left my car on the street, unlocked, with the keys in it then
Re: (Score:2)
As long as you abide by uW/m^2 required for that band and keep your harmonics down below a certain threshold, operating is perfectly legal.
Radio is not comparable to your physical analogies, as they just dont work.
As far as anybody knows, access to your system is forbidden and considered trespass.
Re: (Score:2)
As far as anybody knows, access to your system is forbidden and considered trespass.
Hence the big banner that says "Welcome! You are welcome to use this connection, the password is user and the password is password :D (Well, that is the 2nd part. The first part is the same, but in Danish.
I'm not actually sure if it would be counted as tresspass here. In general, you have to show a clear border... I just don't know. I suppose the courts will have to decide that, should anyone actually press charges. If that happens, I think the accusers would be hard pressed to tell why they didn't at l
Re: (Score:2)
Re: (Score:2)
Hehe. Point taken, but I meant equivalent in popularity.
Re: (Score:2)
I suppose one could argue that you are responsible for what you do *AND* let other people do with your connection. It's either that, or any person who wants to trade child porn or any illegal material only has to leave his wireless network open to be able to claim that it wasn't him but a random person using Wifi. In this particular case, it is unreasonable to ask the state or the plaintiff to show that it was you who downloaded/uploaded illegal things, since there is absolutely no way they could make such a case. At the very least, you should have to produce reliable logs showing that a third-party was logged on your network at the time the infringing material was downloaded. If someone claims it's not him despite convincing evidence (i.e. that his connection was used), *he* has to prove it.
You are wrong. Really, you are innocent until it is reasonable proven that you are guilty. Above, you list why child porno addicts are almost never convicted for downloading (in this country). It is too hard to prove it was really them. Creditcard transactions and possesion are the normal means.
However, since child pornography spreading is considered a major crime, conceivable the police could obtain a permit to install a camera or such to get some hard proof. But I have never heard of a case where that
Re: (Score:2)
2 - That is true, though your ISP might cut you off for violating the AUP in the process. ( but better that then fined/jailed )
4 - Dont forget the plethora of viruses/trojans out there.
Re: (Score:3, Insightful)
I haven't seen the OA, because part of it is slashdotted. But, presuming they have the SHA1 (and perhaps TTH) hashes from the victim, and a bit-identical sample (compared to the whole file they downloaded from somewhere else), that may be close enough. (I don't know if they restrict themselves to victims who have files with matching hashes, or even make any check for file bogosity, though.
Re: (Score:2)
Industrial fascism (Score:4, Insightful)
Once these tactics are accepted and legalized, eventually governments should begin experimenting with the use of webcams and computer microphones to monitor people for other illegal behaviors.
Re: (Score:2, Funny)
We already do that...why do you think there's a free microphone in every laptop?
Sincerely,
NSA
Re:Industrial fascism (Score:4, Funny)
How about an impersonal, all-seeing eye on top of a pyramid of money and lawyers, watching everything you do on the computer?
"foolproof"? (Score:5, Insightful)
Wow. That sounds like a challenge. Seems like somebody ignored the saying "It's hard to make a program foolproof because fools are so ingenious."
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2, Funny)
Use an alternate P2P (Score:5, Insightful)
Dream Pinball 3D huh? (Score:5, Insightful)
Why minimize the initial act? Thousands of people are not being threatened over "dream pinball 3d".
Re:Dream Pinball 3D huh? (Score:4, Interesting)
Re: (Score:2)
Just a thought (Score:3, Interesting)
Re: (Score:3, Informative)
how would it stand in court if you had a wireless access point that was open. Just claim that someone else used your network without authorisation to download the offending files (assume that the authorities did not find evidence on your storage mediums).
1: IANAL. This is semi-layman's conjecture. If you want a real answer, spend the $100 and ask a real lawyer.
2; Since these are civil suits, most likely with a "preponderance of the evidence" standard, your claim won't hold enough water. So what if there was a possibility of an open connection: is there any proof that someone else actually used it? If the sum total of the evidence better supports their story than yours, you lose.
IMHO, if you want to genuinely protect yourself, you'll start logging your
Re: (Score:2, Informative)
The plural of medium is media.
Grrrr.
Re: (Score:2)
Just a minute, but (Score:2, Informative)
IANAL, but I don't think they'd get far in a Belgian court, with evidence that is not collected by police services or by a judicial expert appointed to collect that evidence.
I think legislation in other European countries doesn't differ much from ours. You just don't step up to a judge saying "here's the IP address of the guy that did this or that last week, please have the cops find out who it is and sentence him, will ya?"
So either the lawsuits are fake (which makes it
Juicy bits pulled from server to prevent /.'ing (Score:5, Funny)
What, no
Re: (Score:2, Informative)
Responsible party? (Score:2)
Techniques (Score:4, Funny)
So (Score:2)
Next week: Jail
Yay
Shareza should sue them... (Score:2)
Why isn't this a DMCA Violation? (Score:4, Interesting)
Easy way to avoid being sued (Score:2, Interesting)
Re: (Score:3, Insightful)
Are the RIAA/MPIAA proper litigants? (Score:2)
Re: (Score:3, Insightful)
If each P2P app was also a proxy... (Score:3, Interesting)
Re: (Score:2)
Re: (Score:3, Interesting)
Pirates be damned !! (Score:3, Interesting)
I used to pirate as well - I then got a real engineering job and became aware of the true number of people it takes to crank out a product - from middle managers - engineers - techs - secretaries - all the way down to the guys / gals in shipping. Every product that you subvert by pirating is money that does not go to the company coffers to cover wages / healthcare of these average folks. That was the end of my pirate days (but I still like to talk like a pirate).
Technology and market pressures will force the RIAA to change eventually as well as software companies forced to price their products more realistically.
Some could argue that pirating adds pressure to make companies change - but thats just another arguement to mask the fact that you are sticking it to average folks. Besides there's enough pirating going on in Asia / China to perform that function - I don't need to get my hands dirty.
Go ahead and flame on - I've got a firewall
All about time Re:The greatest anti-piracy .... (Score:2)
what do you spend your time doing?
And more Important: Why?
There is plenty to do, be entertained by, etc. without pirating.
It didn't use to be like that however. Things change and just as old hardware gets tossed as new and better comes out, software piracy and piracy of other digital data is going to wear out and be replaced by that which isn't so considered piratable.
And where will that put those who support the media of interest to pirates today?
Obsolete
Re: (Score:3, Informative)
The IP address is easily traceable to an ISP. The ISP knows who is doing this to you, but will not tell you because that information is "private". You can suggest that you send the logs to the ISP and would they contact their private, anonymous user and tell them to stop, but no ISP that I have ever encountered will do anything to help you.
Basically,