IP Addresses Not Enough To ID Users 266
phaedrus5001, with his first accepted story, points out an article at Ars Technica from which he's excerpted a chunk relevant to nearly anyone with an internet connection: "A file-sharing lawyer admitted this week that IP addresses don't by themselves identify someone accused of sharing copyrighted material online. To figure out who actually shared the pornographic movie at the center of the case, lawyer Brett Gibbs of Steele Hansmeier LLC told the judge (PDF) he would need to search every computer in the subscriber's household."
Really? First accepted Story? (Score:5, Insightful)
Does it really matter? Do we need to know every time it's someone's first accepted story? I know I get a good feeling deep down in my heart to know that phaedrus5001 has finally found acceptance...
Re: (Score:2)
Would you prefer the constants whines from people complaining that slashdot was/is in cahoots with the likes of Roland Piquepaille, and the only way to get a story submitted is to be a member of that club?
Because I remember plenty of those posts back when Roland was alive and submitting. Now I see complaints like yours, which seem to be the exact opposite.
Accept that most people aren't going to be happy no matter what, and agree to overlook a few words that cost you a few precious digital bits.
Re: (Score:2)
Re: (Score:2)
I would prefer, "phaedrus5001 writes,..." but if people cared what I preferred, we'd still have a CmdrTaco.
Re: (Score:3)
This, although I don't particularly mind seeing it in the submission. What I do mind, though, is that /.ers whine about it and point it out like a sore thumb. "Bawwww, the article is from a first poster, we must bring attention to this and ridicule him/her!"
Comment removed (Score:5, Interesting)
Re: (Score:3)
And goodluckwiththat if they want to search every computer that has used my IP address; that includes the 10 or so in the house, virtually every relative and friend who has come a-visiting, several business associates and clients, members of assorted local clubs and social committees who rotate to my house for meetings, neighbours and their kids on occasions when their own connection has been down, and every random joe and jill who has benefitted from my FÓN shared bandwidth.
Don't forget th
Re:Really? First accepted Story? (Score:5, Insightful)
and if scum sucking lawyers like in TFA start using that excuse to make fishing expeditions frankly we're all fucked.
There have already been Constitutionality questions raised about many aspects of the RIAA lawsuit mill. In fact, we're already beyond the merely ridiculous, in both the outrageous claims these lawyers make, the "evidence" they present, what courts have been accepting from overpaid Armani suits.
The thing is, there's some precedent for these kinds of fishing expeditions, and it doesn't even take a schlock outfit like the RIAA to start one. The first of which I was aware was the infamous Steve Jackson Games [wikipedia.org] case, where the Secret Service took the word of a phone company (a phone company!) that wrongdoing had been committed, and caused quite a bit of damage. When it got to court they lost, and received a reprimand from the judge for their sloppy investigative practices.
Law enforcement always tends to take the side of large corporate legal departments over individuals: the tragedy there is that the corporation can afford to pay for its mistakes, while the average citizen cannot and can easily be bankrupted.
Open Wifi Hotspot (Score:2)
In the case of an open Wifi hotspot would it also mean all the neighbors in range too?
(I bet they'd probably just stick the owner of the router with the bill)
Re: (Score:2)
I bet they'd probably just stick the owner of the router with the bill
Using a theory of contributory and/or vicarious infringement, I suppose.
Re: (Score:2)
And the car companies, they used those to drive down those roads.
Re: (Score:2)
That's a bad analogy because the city is taking reasonable precautions against drug dealing by employing a police force. If you just leave your Wifi connection open to everyone as an excuse you are not taking reasonable precautions against illegal use of this service you are offering literally everyone off of the street.
Re: (Score:2)
Re: (Score:2)
They probably have a page of legalese you have to sign, or "click to agree" releasing them from all liability.
Re: (Score:2)
There is already something called the social contract [wikipedia.org] and to operate a vehicle you need a drivers' license which is basically just a way of saying you know of and promise to abide by the highway code. When you think about it there already is very little police to control a large population (in the western democracies at least.)
Re: (Score:2)
I have a dog, the purpose of which is naturally to scare off criminals who might use my wifi. The dog, however, has encountered some difficulty in discriminating between criminals using my wifi for criminal purposes and perfectly honest people who are merely checking their email and the like, in much the same way as the police can't always tell whether the guy who goes into a shop with cash and walks out with a brown paper back is buying drugs or a sandwich, so the dog is not 100% effective.
Unless your poin
Re: (Score:2)
Unless your point is that people should not allow honest members of the public to use their wifi, in which case I will respond that the state should stop allowing honest members of the public to use their streets, since there could be drug dealers etc.
The point here is "reasonable precautions", eg. logging, site whitelisting or even just limiting available bandwidth. Let me turn it into a car analogy: say you lend your car to a guy off of the street, he runs someone over and turns out not to have a license nor insurance. You would probably be liable even though you weren't in the car at the time. If you had checked his license and insurance beforehand you'd maybe still be held liable but have a much better case. Again the city example is crooked because
Re: (Score:2)
The point here is "reasonable precautions", eg. logging, site whitelisting or even just limiting available bandwidth.
How does any of that help? You have a log that says an unknown device you haven't turned over is the one that downloaded the thing; they'll just accuse you of not turning it over. Someone can pirate material just as well with a rate limiter, it just takes longer. And a white list impinges too much on basic functionality unless you add everything in the world to it, but if you do then it isn't doing what you want it to -- it isn't my job to run the censorship board.
Let me turn it into a car analogy
This is just going in circles. If someone c
Internet driver's licenses (Score:2)
they'll just accuse you of not turning it over.
And possibly even win on that accusation, combined with an accusation of failure to log or retain DHCP leases.
And a white list impinges too much on basic functionality unless you add everything in the world to it, but if you do then it isn't doing what you want it to -- it isn't my job to run the censorship board.
Copyright owner trade associations might argue that you've made it your job to run the censorship board by opening your AP to the public.
You don't need a license to use the internet.
Not yet, but see previous stories about Microsoft's strategy VP Craig Mundie [slashdot.org] and U.S. Commerce Secretary Gary Locke [slashdot.org] sincerely floating the idea of "Internet driver's licenses".
Re: (Score:3)
The spin-off technologies are literally mind-boggling!
off to the patent office!
Re: (Score:2)
Better to let 1000 innocent be falsely convicted than 1 guilty be set free.
FTFY to fit the MafIAA mindset a little better.
Re: (Score:2)
Willful blindness (Score:2)
I see that as the underlying issue of prosecuting people who had no knowledge of a crime. How can I choose not to commit one if I am not aware I am making one?
When you leave an AP open despite government-mandated warning labels not to,* you choose to make yourself unaware that you could be facilitating crimes or torts. It's a form of recklessness called willful blindness [wikipedia.org], and a copyright owner suing an AP operator might rely on In re Aimster Copyright Litigation, 334 F.3d 643 (7th Cir. 2003) [wikipedia.org].
* I'm not aware of any such warnings being required yet, but it's likely to happen.
Re: (Score:2)
Or, if they did the offending P2P at a coffee shop, or other business.
Yes, I know - I'm fairly sure that most of those establishments would vigorously fight back against an **AA lawyer trying to shut down every computer in the establishment for a fishing expedition, nor would the **AA want to even try in most cases (esp. if we're talking about a national chain that may have a bigger/better legal department). So, if corporations should be allowed to avoid having all the computers on their site ripped into/co
Bad news bears. (Score:2)
Re:Bad news bears. (Score:5, Interesting)
Or, we can hope, sanity will prevail and it will more or less come down to "you don't have enough information to tell us who to look for, and you can't just go on a fishing expedition to look for computers that might be the one you think it is".
This is mostly about someone using information which the rest of us have always known was insufficient, using that to get far enough to identify someone, and then deciding they need to look at any computer within a 5 mile radius just in case it was them.
Their "evidence" gets weaker every time they try to say "we need to look at more because the last one wasn't enough". They're also at the discovery phase, which basically means they don't have enough evidence to know if they should be proceeding.
And, unless someone makes it illegal to have an open wifi, you can't go around saying that there is any contributory negligence or anything like that.
Re:Or, we can hope, sanity will prevail (Score:3)
The **AA reality distortion field is apparently even stronger than Apple's.
Hollywood can't bear to have someone copy Revenge of the Nerds 3. So they get as far as "We got this IP Address down to one household - but we don't know who in the household did it."
The solution is of course - "confiscate all equipment in the household!"
Or, we can hope, sanity will prevail...
The Unholy Trinity of Prophetic Manuals is becoming 1984, Animal Farm, and Brave New World. Bonus Reading Fahrenheit 451.
Re: (Score:2)
Revenge of the nerds 3 ? ewwwww. At least it was better than Revenge of the nerds IV! *shudders*
Re: (Score:2)
So what you're saying is that anybody should be able to get away with anything so long as they commit it with a computer, and you present that as sanity? After all, how are the circumstances different if we're talking about copyright infringement instead of hacking websites, stealing credit cards and committing credit card fraud, planning a murder, etc? The evidence is an IP address. Just don't live alone and you're golden. Investigators won't have enough evidence to bring a case and "sanity" dictates t
Re: (Score:2)
and more draconian identifying methods by ISPs.
Maybe this is what will finally get us to IPv6.
Not running out of IPv4 space.. not logic.. but the ability to identify traffic as coming from a specific computer vice "it came from that network". (yes I know there is IPv6 NAT.. but we are talking about the masses).
Re: (Score:3)
Re: (Score:2)
Already possible. IPv6 Privacy extension. http://tools.ietf.org/html/rfc4941 [ietf.org]
Re: (Score:2)
Because of the incompatibility of the addresses, it seems that the IPv6 transition will be delayed forever [in-other-news.com].
Re: (Score:3)
Not running out of IPv4 space.. not logic.. but the ability to identify traffic as coming from a specific computer vice "it came from that network". (yes I know there is IPv6 NAT.. but we are talking about the masses).
I suspect you're going to be disappointed there, because an IPv6 address doesn't actually identify anything either. The only reason that you can even connect an IPv4 address to an account holder is that the ISP keeps records and people have been willing to assume that those records are accurate. With IPv6, the ISP will allocate a block of address to each account holder and the account holder will use them for their devices. The ISP won't have any idea which address allocated to the account holder was used f
Re: (Score:3)
Then they will have to make IPv6 NATs illegal, too.
ISPs charge extra for more than one IP so anybody who has more than one device (PC, Tablet, TV, Smartphone, etc) will enable a NAT in their crappy router.
This whole "gotta do anything to get all possible profit for media" is getting out of hand.
But since people are OK with the TSA hand literally up their asses they won't mind having different hand on their wallets, too.
Re: (Score:2)
Who needs NAT? Autoconfiguration is just a standard way to pick a non-conflicting address, but since ARP is still part of the spec, you can choose any other as well so long as all other machines on that subnet agree to respect the same standard.
Alternative standards exist already, including choosing a random address and sending out probe ARPs to see if it conflicts.
So while only one machine at a time can have a particular IPv6 address, any computer on the subnet could have been that one if you so choose.
Tak
Re: (Score:2)
Time to start intentionally P2P'ing movies and music at every Starbucks, Airport, McDonalds, Bookstore, and damned near every other business you can think of (with preference towards national chains, of course).
Let's see 'em try to shut one of those sites down...
Re: (Score:2)
I've been doing all my P2P'ing in those places already. No point in having it traced back to my network.
Re: (Score:2)
I think it wouldn't get that far, because the RIAA model doesn't want to go to court - they want quick and easy settlements. A corporation will likely just sic the in-house lawyers on this, so I would expect the RIAA to quietly ignore any IPs that lead to corp-owned points.
Re: (Score:2)
Re: (Score:2)
yeah, and then they'll learn about hacking wireless, and extend it to all computers in the neighborhood.
Then you'll have your computer taken because little Timmy down the street was streaming the Brittany's latest trash-pop hit "skankin it down", or some other media that should probably require legal action against the producer...
Search them all (Score:5, Insightful)
A computer can be used remotely. (Score:5, Insightful)
Just because the computer in question shared a file doesn't mean anyone in the house did it or was even aware of it. For that matter, there are trojans and viruses more than capable of establishing a personal computer as a file-sharing node without the knowledge of the owner / operator. The person at fault is the person that intentionally caused the content to be shared, not the computer owner or operator(s).
Re: (Score:2)
You are right of course, BUT
Are you suggesting you want a MAFIAA representative knocking on your door every month for a mandatory home network security audit, paid for using your tax dollars? Because that is the next logical step for these bastards if the courts take your approach.
Re: (Score:2)
I'd absolutely love to see them try! They might finally run across the well deserved Winchester Constitutional defense.
Re: (Score:2)
They are welcome to knock on the door and request a mandatory security audit. However you need a court order to get in my house if I haven't invited you or you will face my friend Ann Ruger and her associates from L. Ead and Co.
You would have every right to turn away the representative, but the consequence would be that your internet connectivity license would be immediately revoked. If the MAFIAA needs to be able to prove that you have control over your network in order to successfully sue you in court for piracy, then you having access to the internet must be contingent on the MAFIAA being able to prove that you have control of your network. We can't have people downloading pirated material and then have no way to prosecute them
Re: (Score:2)
Claiming that a trojan unwillingly downloaded copyrighted content on your hard disk and seeded it via bit torrent is a weak defense.
If you want to claim that such a trojan exists, you better prove that it was on the system.
Re: (Score:2)
And if spybot, avg, malwarebytes, or windows defender got rid of it?
Re: (Score:2)
Well you can look at the log records to see.
Claiming that a trojan is responsible for such an activity is highly implausible, so you would need evidence to support your argument.
If you are accused of sending spam or getting porn pop ups, then it would be a plausible explanation because that is what trojans normally do.
Re: (Score:2)
Hidden (Score:2)
Is it that difficult to hide a netbook connected to a USB HDD under a fake panel in your cupborad or something?
Set up password protected access, download on that netbook and stream to watch
Re: (Score:2)
OH NO!
You just told the MAFIIA where to find it.
Re: (Score:2)
Now we know where to find the good stuff in your home
Re: (Score:2)
Fortunately my country has much bigger problems to deal with than people downloading movies
Re: (Score:2)
Unfortunately surely?
It'd be great if that was the biggest problem a country faced after all.
Re: (Score:3)
Most of the issues are really unresolvable.. esp. with us being a "representative democracy"
Add to that the fact that internet penetration is terrible and terribly expensive, those with internet connections can do whatever they want.. noone cares
Re: (Score:2)
Oh please. We all know you have the NAS built into the AC duct so it is hidden and cool at the same time.
Re: (Score:2)
Ventilation might be an issue.. also you'd have to tailor your desktop such that it doesn't leave any logs/history of the connection (assuming they would go that far).
Re: (Score:2)
Specially with something like one of those plug computers..
I dont know how they work, but if possible, plug computer+128GB SSD -> expensive but should resolve all heat issues
replace the SSD with a 1TB laptop HDD if ventilation is available
Should be small enough to hide behind a switch plate
Re: (Score:2)
The best place to hide it is simply off-site.
Every computer in the house, plus... (Score:2)
He'd have to search:
Re: (Score:2)
And the "cloud", don't forget the "cloud". He'd have to search there. Hopefully without a parachute.
Re: (Score:2)
How is he supposed to determine which neighbor it belongs to? Sniff their packets until they enter personal information into an insecure webpage or something? Isn't that basically what Google got in trouble for doing accidentally?
do computers identify people? (Score:2)
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re:do computers identify people? (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
You might not be the one who used the computer. But your signature is on the contract with the clause saying that you are responsible for the connection usage. At least that's usually what ISP claims.
Re:do computers identify people? (Score:5, Insightful)
and that means that within the contractual arrangement with the ISP, they are able to hold me responsible for things that happen on my connection. They can ask me to pay when there are costs as a result. They can disconnect the connection at my expense if nefarious things happen over it.
But that contract has nothing to do with my legal liability with a 3rd party. If the 3rd party sues the ISP, and the ISP, through my contractual relationship, holds me responsible, that's one thing. But that's not what they are doing. If they're going to try to prove that I'm legally liable for what they think went on, for damages they think I did to them, they're going to have to show enough proof of that.
Re: (Score:2)
I would mod you up "Insightful", but I need to write a reply. Sorry.
It could be argued that you are a bit responsible for what your computer does. If it's a shared computer, you must control who can use it and for what. Is a weak argument, of course, but it applies to other stuff, like a car.
Re:do computers identify people? (Score:5, Insightful)
It could be argued that you are a bit responsible for what your computer does
Except that computers connected to the Internet are sometimes taken over by malware that causes the computers to do things outside of the control of their owners. There was a case a while back where a guy was accused of downloading child pornography, and it was discovered that it was actually malware that did the downloading. Is it really that far-fetched to think that some hacker who wants to download music without getting sued would use a botnet to hide his activities?
Re: (Score:2)
Keep in mind that ISPs cannot identify which computer did anything, just what external IP address did. Since pretty much everyone on broadband runs NAT and WiFi, anyone in or near the house can be behind your IP address. Is the person who pays for a broadband connection responsible for the actions of (for example) a neighbor who freeloads on their WiFi? (Keeping in mind that wireless security is far from perfect, and your neighbor has plenty of time to crack your security).
Re: (Score:2)
I thought about malware attacks. That's why I said it was a weak point. I was thinking of the common shared machine scenario.
Is it really that far-fetched to think that some hacker who wants to download music without getting sued would use a botnet to hide his activities?
I interact with a lot of people, from all walks of life, and not a single one of them got their music libraries from botnets. They either bought them or got dirty using Napster, then eMule, then BitTorrent, and finally Megaupload. So, unless it gets as highly criminalized as CP, I rather say yeah, it is far-fetched.
Re: (Score:2)
that's why the basic approach by "them" (riaa, "cyber" police etc) is to get you to confess - it's much easier for them if they don't even know what you did than to try to prove things. that's what the justice systems work with, confessions.
if you're in a police questioning - READ VERY CAREFULLY what they put on the slip of paper that's representing what was admitted and what was not in the questioning, the courts will use that and ignore you in court. especially if they don't even know what they're questi
Can lead to (Score:2)
Can lead to mandatory software required for internet access, with logging of all communication
I can solve this problem (Score:2, Insightful)
Before you can surf the web, you have to log in with your social insurance number and an ISP password. Once that's done, your ISP will allow your traffic. Time to authenticate individual users.
Don't want to do this? NO INTERNET FOR YOU!
Sent from EXXON-Mobil MGM Coca-Cola iPad
Re: (Score:2)
Right, because identity theft is completely impossible and no one has ever done it before. Especially not a criminal who knows they're going to commit a criminal act and wants to hide their identity.
Dont touch my fridge beotch (Score:2)
Considering a large % of people on slashdot, me included, have stuffed computers into everything except the pancake mix, and I could be wrong about that, those pricks better have a lot of time on their hands.
Re: (Score:2)
IP address proves nothing (Score:5, Interesting)
Although this is won't work with DSL because of PPOE login, with a cable modem your IP address is not proof of anything.
Why? DHCP is not the only game in town. On many networks, you can take a DHCP-assigned address and determine the appropriate subnet mask, default route, and DNS server. But nothing really stops you from manually overriding the IP address, as long as you choose one in the same subnet that happens to be unused at the moment. The ISP can make this a little more difficult by remembering the MAC address associated with each address, but there are workarounds for that too.
I became aware of this when my cable modem stopped working and the support technician discovered that my IP address was in use from someplace other than my house. In those days, all addressing was static. Some other customer had inadvertently (or deliberately) assumed my IP address. The tech gave me a new address assignment and everything worked. So whoever hijacked my IP address left the audit trail pointing to ME. The hijacker was (from an IP address perspective) invisible.
Re: (Score:2)
And if I put a wireless router on my LAN behind the PPPoE login?
Back to square 1.
About time... (Score:2)
About time that someone has some common sense in the judicial system. I have very rarely heard judges having this much common sense when it comes to computer technology. I am glad now that we can at least make a small step forward in judicial cyber hearings.
MAC Logs (Score:2)
We need to keep logs of our DHCP servers for 6 months (which is about twice as long as it takes for a DMCA notice to find its way to us).
So, so silly to think IP=person (Score:2)
1) Go into an apple store and download porn using their free wi-fi. You don’t need to keep you laptop open, or anything. You can use the hour or so it takes for your genius bar appointment.
2) Use the free wi-fi at a Starbucks; might be a bit slow.
3) Use the free wi-fi from any hotel parking lot. You might have to ask the clerk for the password, or maybe a housekeeper.
4) Use the unprotected wi-fi in your neighborhood. There are usually several. I recommend checking out senior housing. Sometimes a resid
Yay for NAT... (Score:2)
As ipv4 increasingly runs out, and more people find themselves natted behind a single address shared with hundreds of others, the harder it becomes to track down individuals...
Every computer in household? (Score:2)
Even the wifi tablets? the netbooks? the laptops? the wifi cell phones?
What if they are encrypted?
What if they use removable storage (SDHC)?
What if the device ain't home?
The legal system is out of touch with reality.
But it does ID the account holder (Score:2)
And you are responsible for all activities on your account.
Wholesale search card? (Score:2)
Sounds like they are trying to get a wholesale warrant to search anything they want, just to due suspicion reported by almost anyone.
Even if they had to have 'evidence', that is easy since so many people have WIFI now.
Re: (Score:2)
So... what If I'm a nice guy, let them search, and they find nothing?
They get the geek squad guys to plant something.
Re:nothing found (Score:4, Insightful)
They always find something. It only takes six lines written by the most honest man to find something on which to hang him.
Re: (Score:2)
That quote is not based on the content of those six lines, but on the fact that, with six lines of handwritten text, you could find someone able to forge an incriminating document in that handwriting.
These days I think it takes substantially less. You don't need any text from someone to plant a few ounces of cocaine or (even worse) an RIAA song.
Re: (Score:2)
Citation needed. I have never heard your interpretation of that quote. The original quote clearly indicates that something in those six lines can be used to hang him, and I don't believe that meant the handwriting.
Re: (Score:2)
Re: (Score:2)
And if they find nothing you might not receive your computers back until they are old and obsolete. Or not at all.
Re: (Score:2)
They can still sue you, and just claim you must have destroyed the evidence. But if they do find something, you're royally fucked.
It's like talking to cops. You can't talk yourself out of being arrested. You can talk yourself into deeper trouble. Take advantage of your rights, because no one else is going to have your interests at heart as much as you do.
Re: (Score:2, Informative)
As your attorney, I advise you to tell him to go fuck himself. Hard.
As his attorney, it's your legal obligation to refer the accuser to the response given in Arkell v. Pressdram.
Re: (Score:2)
Exactly, buy why stop at state lines? Roadblocks should be added at all on-ramps and city limits--complete with the body scanners and invasive pat-downs. Homes should also have bars on the windows and officers can check each night at lights-out to make sure the family is safely locked inside to keep BadPeople (tm) from getting them.
We need protection from these long haired, pot-smoking, towelhead, bomb-carrying, terrorist-pirate-molesters. Think of the children.
Re: (Score:2)