Is Napster Too Invasive?

Kyle Thomson asks: "I just left a Q&A with Hank Barry, C.E.O. of Napster (at University of Michigan). At the end, in a personal Q&A, he said that the banning of people was up to the artists, and that Napster fully complied with all requests. I then questioned him on the quick and easy ability to rejoin Napster. He said that 'the new version of Napster sprinkles bits around the hard drive. The only way to get back on is to buy a new computer.' So that leads me to the question of how invasive is Napster if it is leaving information everywhere on a hard drive?" What exactly does "sprinkling bits around the hard drive" really entail. I can see how this could mean "sprinkling random keys in your registry" but I admit to being a bit concerned by the actual description. Can anyone shed some light on this mechanism? Is it really as invasive as it sounds?

What about clones?

[CMiYC]

So what effect does this have on clones? If your Windows client stops working (I don't know how it works...I've never used it myself) can't you just use a clone to logon? What difference does it make if you are banned...can't you just create a new account?

That's something I never understood... or is that what he's referring to...making it impossible to create yourself a new user? If that's the case... I go back to my question...what about the effect on clones?

What worries me is that Napster will move towards not allowing clones to connect anymore...which would suck.

---

Gtk-Napster

[fliplap]

Actually, they do have a way of prohibiting clones. When new versions come up napster attempts to send an update, in the case of gtk-napster, this attempted send prohibits the clients from signing on. Same goes for older versions of gnapster and gnome-napster. I really did like gtk-napster the best. I am now using Gnapster because the gtk-napster author is in school and doesn't have time to fix the problem. I really wish napster would stop this "no clones" non-sense, it would make it easier for everyone.

Sprinkles bits?

[Magus311X]

Interesting, but I doubt a new computer would be necessary.

At worst I'd hope the most you'd have to do is clean out the MBR and low-level format the drive. Though IMHO, if it requires more than needing to reformat the filesystem, it may be going a bit too far.

Just my thoughts.
-----

Intel's in-chip ID

[The_H0und]

This sounds like it places an id unique to you all over your hard drive. Sounds like it will have the same effect that Intel's built-in unique ID could have had. Except, this time it's likely to make it to market.

- Josh

Lots Of Programs Do This

[CritterNYC]

There are tons of windows shareware programs that do the 'sprinkle bits around' thing. How do you think they keep track of that 30 day trial period and not allow you to just reinstall to get another 30 days? I've seen bits end up stuffed in the registry, WIN.INI, SYSTEM.INI and in random text files. I wouldn't be too worried. When Napster's new client has this ability, use NT and do a system snapshot, install Napster, then do a compare to the snapshot and see what was changed that shouldn't have been. You could even install and then uninstall between snapshots to see just what is left behind.

Re:Sprinkles bits?

[toast0]

if correctly setup, NT would make it possible to setup a user with access to very little on the system, and you could run napster as that user (win2k lets you shift+rightclick on something and run as a different user for most things, shortcuts to programs included)

that wouldn't be the same thing, but aweful close

toast0

File monitoring utilities

[Prolog-X]

SysInternals's File Monitor [sysinternals.com], Registry Monitor [sysinternals.com], VXD Monitor [sysinternals.com], and TDI Monitor [sysinternals.com] could be useful for detecting and removing Napster's invasive tags.

Re:Sprinkles bits?

[Prolog-X]

you could run any untrusted app in a chroot jail.

If you're running FreeBSD 4.0 or 4.1, the jail [freebsd.org](2) (Slashdot story [slashdot.org]) system call is available. jail(2) is much more powerful than chroot(2). The author of jail(2), Poul-Henning Kamp, described [nluug.nl] jail as:

UNIX has always been designed around two levels of users: root and everybody else. While this is a simple and strong security model, it has disadvantages when it comes to delegating administrative tasks to more or less trusted persons. The FreeBSD ``Jail'' facility provides a way to compartmentalize a server in such a way that the root-privilege for one compartment can be handed over to non-trusted persons without compromising the security of the entire machine. Creating

"virtual machines" this way has many uses.

Re:Sprinkles bits?

[LoonXTall]

Preferably one where you could run any untrusted app in a chroot jail. Is that even possible under Win32?

Under Windows 9x, the closest you could come is a separate partition. (Got Partition Magic?) But if it's "sprinkling bits", it would have to know where to look for them (Registry entries), and they'd probably show up as files anyway (otherwise Defrag would kill your Napster.) The best way to hide a file would be as a .dll in \windows\system...

-- LoonXTall

Re:Gtk-Napster

[BigBlockMopar]

I really wish napster would stop this "no clones" non-sense, it would make it easier for everyone.

So do I. But you have to look at it from the business perspective. After all, all Napster's legal counsel, server farm and staff are paid for by investors that one day expect to reap some money out of this thing.

I was on Napster in August of 1999, with a V1.0 beta client. It had a little banner at the top, "Would you like to advertise here?"

This still strikes me as a good model to support their service. But even if Napster becomes a subscription-based service, the same thing applies:

Do you want clone clients available that maybe give the advertising you've sold a lesser prominance than the advertisers are expecting?

Do you want clone clients that might not be able to me managed from a subscription basis?

It's a pain in the ass, but I can fully understand their position on this matter.

What I *don't* understand is why the later clients (V2.0 Beta 6 and 7) weed out Wrapster files. Admittedly, they facilitate piracy of things other than music, but the Wrapster user is just exchanging MP3s, after all...

Can't you just see CD-burner manufacturers chasing after each other just to be able to advertise on Napster? <grin> The RIAA would pop them faster than a frog on a hotplate.

How did this get modded up?

[b0r1s]

That's something I never understood... or is that what he's referring to...making it impossible to create yourself a new user? If that's the case... I go back to my question...what about the effect on clones?

The reason most people believe you can't make a new user and log on again is because napster got clever. In their newer versions, they started adding registry keys. Since the ban, all new installs check the registry keys for the old napster ID tags, and if a banned ID is present, the install/new login name fails. I got around this by writing my own napster.ini file, deleting the old registry keys, and starting clean again. This has absolutely no effect on clones. A clone with a new ID will be allowed access to the server, regardless of who the person is behind the ID.

Re:Sprinkles bits?

[Frater 219]

At worst I'd hope the most you'd have to do is clean out the MBR and low-level format the drive. Though IMHO, if it requires more than needing to reformat the filesystem, it may be going a bit too far.

Take off and nuke the drive from orbit. It's the only way to be sure.

(But seriously -- installing a proper OS should be enough to prevent any crazed apps "sprinkling bits" all over your filesystem. Preferably one where you could run any untrusted app in a chroot jail. Is that even possible under Win32? [No flame intended -- I'd actually like to know if it is.])

Re:Intel's in-chip ID

[ogre2112]

Hmm... Somehow, I just don't think so.

These "sprinklings" are easy to thwart.

[alcohollins]

Using a program like InCtrl, you can easily track any changes made to your system by the installation program. Since you can track what changes are made to your system, you can COMPLETELY uninstall it when you need to.

PaintShop Pro does the same "sprinking" that Napster does. You can use InCtrl for all these types of programs.

InCtrl is made by Ziff Davis, and it's free. Get it from ZDNet [zdnet.com].

Re:Is Napster too invasive?

[puck71]

I am also not upgrading. For a while I stayed at 2.0 beta 3 because it had a better resume feature than the newer betas, and because then newer ones were more invasive. Then, all of a sudden while signing on with beta 3 it went into an auto-update, which I obviously did not want, so I had to go back to original version 2.0, which has worked fine. (well, except the college I'm at blocked napster so I'm using scour now, but that's another matter)

Re:Technique for anywho who cares to try it

[Wonko the Sane]

Maybe it's just me, but I reformat my windows partition about every month and reinstall everything anyway. I find this method much more reliable than uninstall programs. As far as any programs I have know, it is the first time they have ever been installed.

This already happened

[Skylance]

When the Metallica (sp? I don't care) bannings when't down they sprinkeled bits also. Took people like two days to remove what they did.

Re:Is Napster too invasive?

[puck71]

There wasn't, but I made one just now. I have 2.0, 2.0b3, 2.0b5, 2.0b6, and 2.06b7 install files posted at http://www.cord.edu/homepages/jc and ers/napster/ [cord.edu]

Re:Is Napster too invasive?

[dirtyboot]

This brings up a question: Is there an archive somewhere of older version of Napster? I recall there being something similar w/ Netscape.. I installed 2.0 beta on one machine, but didn't keep the archive file and now I want to install it on a different machine...

Re:Is Napster too invasive?

[dirtyboot]

Thanks! .dirtyboot

Napster Code...

[whatnotever]

...

byte[] hd = readHardDriveContents();
// Guys, this call is taking a long time...
// Is there any way can we speed it up somehow???

if ( (hd[10312] & 0x10 == 1) && (hd[4129342] & 0x04 == 1) ) {
NapsterWuzHere = true;
}

...

Technique for anywho who cares to try it

[John Jorsett]

Since I don't really care, I'm not going to do this myself, but one way to find out what Napster puts on the drive is to do the install with GoBack [wildfile.com] active. GoBack keeps a log of what files are changed/created on the drive and you could look at that to see what it does. You can also use GoBack to make a pseudo drive that contains the exact state of the hard disk files prior to installation, so you can do a comparison of the changed files to see exactly what was done to them. This seems like a lot of trouble to go to when you can just get one of the many Napster clones out there and install it.

"The only way to get back on is to buy a new computer." Oh, puhleeze. Even if one were a total idiot, the worst that would be necessary would be to format the disk and reinstall the OS. Any other comments from this guy should be considered in the light of his uttering this silliness.

sprinkle? buy a new computer?

[NiceSocks]

The fact that he said "you'd have to buy a new computer" should be a good reason to take anything else he says with a grain of salt. This "sprinkle" crap is nothing like what he's making it out to be, and besides, everyone does it.