Overpeer Spewing Bogus Files on P2P Networks 479
nimec writes "Zeropaid.com has posted news of a company called Overpeer which is the source of all the bogus mp3 files that are popping up on the various P2P networks. Zeropaid, in the news article, said: 'If you've encountered the "loop" files, in which a section of the chorus or hook is repeated over and over, you've been tricked by OVERPEER. OVERPEER are doing this with the full knowlege and consent of Interscope and Universal Music, in fact they are under contract to Universal and other major record labels, and will be doing a LOT MORE of this type of "interdiction" in the near future.' Right now this doesn't bother me because these bogus files are few, very spread out and it is easy spot them. I'm just afraid that over time people will keep downloading these bogus mp3s and become too lazy to delete them, like they are when it comes to incomplete songs."
So? (Score:3, Insightful)
Re:So? (Score:2, Interesting)
Re:So? (Score:3, Funny)
Probably not considering the activity they're DoSing is already illegal, it would be like sueing a jewlry store for not letting the men with the ski masks in.
Re:So? (Score:2, Insightful)
And that might be an argument that could be used under the DMCA, anti-terrorist or whatever it is legislation.
Re:So? (Score:2)
Re:So? (Score:3, Insightful)
Re:So? (Score:2, Informative)
Re:So? (Score:4, Insightful)
couldn't these DoS attacks be considered illegal
I think the problem with that argument is that this really isn't a DoS attack. They are using a P2P file sharing network to share files. That's the purpose of the network. Just because it is a file that you don't want doesn't mean that it is a DoS attack.
Re:So? (Score:2)
Re:So? (Score:2)
The Roman Empire fell because they stopped having enough orgies.
What really happened is that the Visigoths came down to Rome on a Club 18-30 package tour thinking that they would visit the Colloseum for a spot of combat, spend the afternoon looking at the architecture and round the evening off with a nice orgy. Problem was that the local chapter of the Christian Coalition had got the Emp. to ban the gladiator contests and close down the brothels. Result several thousand very angry Visigoths who trashed the place.
The Roman Empire may be gone, but it lasted twice as long as the US has been in existence. The Empire in the East lasted 1,500 years.
It's time for folks to step back and take a deep breath and think about what's best for society and civilization and stop worrying so much about their own private interests
Quite true, how about starting with asking whether file sharing networks whose almost exclusive purpose is to facilitate copyright theft are a sustainable model?
Re:So? (Score:2)
Although I'll happily diss the corps, I'd much rather see this than a new law or something. They're fighting technology with technology - fair enough.
Re:So? (Score:2)
That's EXACTLY the same thing I say about spammers. Fight tech with tech. Gub'ment just brings in inefficenty and money-wasting skills. And they have no clue about technology.
So, they are wasting my bandwith! (Score:4, Insightful)
You don't really think that this is going to work do you? People will simply be annoyed and have to share more. Someone is going to have to pay for the increased bandwith usage and it's not Universal Music. So, Universal is stealing from cable opperators. It's like spam, but they don't even hope to make money off it.
You have not even thought that people might be trying to share files that were intended to be shared and are NOT owned by Unviersal Music. But that's like the big 5 music publishers, "No one but us can record music, right? Drool, Drool."
twitter, who has never bothered to download silly mass produced comercial music, is annoyed that Universal Music is going to waste his time. Universal, you suck.
Re:So, they are wasting my bandwith! (Score:2, Informative)
Anybody have a link to overpeer's site? (Score:3, Funny)
Actually, if you are downloading files that they are doing this to, just look for someone with a low bandwidth and download from them overnight, unless they have downloaded from overpeer, you'll be fine. Or use the preview feature of your P2P.
This disgusts me. (Score:4, Funny)
Re:This disgusts me. (Score:2, Funny)
Even though I'm not a big fan of copyright.... (Score:5, Interesting)
I was thinking that a moderation system would work, if it's implemented correctly. For instance, once a person has been sharing X GB of files for, say, 2 weeks, they start getting moderation points....they can use these points to flag a file as being a dummy. (or just a shitty rip) If a user gets too many files modded down, he becomes unable to gain moderation points for a certain period. The sharing requirements will make it undesirable for RIAA droids to pollute the moderation system, since they'll have to be sharing material of their own. (and any dummy files they have will hopefully be moderated down...and if they ARE sharing valid material, well, cool, they're contributing to their own demise)
Please, nitpick at this suggestion, I'd like to see if it's feasible or not.
Re:Even though I'm not a big fan of copyright.... (Score:5, Interesting)
How do you know how long someone has been online? What stops the client from simply reporting they've been online since January 1st, 1970? You can't really trust the peers to whom they're directly connected to know either, because in a P2P network people constantly drop on and off.
How do you stop Overpeer and like-minded companies from lying about the moderation points? Why can't they give it +100, CD Quality?
The only solution I have thought of is rather slow and clumsy. Basically everyone gets unlimited moderation points...instead of incrementing the count, you simply say "This file is good" or "This file is bad". When the file is downloaded, the P2P client creates a small hash of the file and stores that hash, along with the filename and moderation of the file. Then during the search process, you do 2 searches. First you search for a filename. Instead of all the clients returning "Yes, I have that file" they return "Yes, I have that file, with a hash of: 34232SFDSFSDSDSD2323DSD". Then a search is done for all the hashcodes returned by the first search asking for everyone's moderation on that hashcode.
Then you give that file a percentage-score (i.e., 95% of users say this file, with this hashcode is bad) or 92% of users say this file, with this hashcode is bad.
But the solution won't really work, because it exponentially increases the amount of bandwidth/cpu time required to do a file search.
Anyone else have any ideas?
Re:Even though I'm not a big fan of copyright.... (Score:3, Interesting)
Problem with that network is that it's full (really full) of leeches... Once something is downloaded, they don't share it anymore. Maybe is it because the files are usually way larger (600Mbs are extremely common). Overall it's still a great file sharing program though.
Re:Even though I'm not a big fan of copyright.... (Score:2)
Re:Even though I'm not a big fan of copyright.... (Score:2)
Re:Moderation solution (Score:2)
You can't trust the peers to be honest - assume that the RIAA will corrupt the client software.
You can't have a central server that controls the network - assume the RIAA will shut that down.
How about a central server for moderation? It can't stop the peering and doesn't know what is being shared or by who. But it gives out secure (ie public key) certificates to any client that logs on, and then any client can then rate another server anonymously.
To stop the RIAA from just setting up 1x10e5 clients and rating themselves as fantastic, each IP address could be limited to one vote for every peer out there, or something similar. That way 1000 votes from the RIAA are nullified by 1 bad vote from someone else.
Would that work? Its got to protect the privacy of the peers and have no influence over them.
Comments anyone?
Michael Veltman
How to attach identity without central servers... (Score:3, Interesting)
Check it out:
http://www-2.cs.cmu.edu/~tom7/papers/peer.pdf
Re:Even though I'm not a big fan of copyright.... (Score:4, Interesting)
Re:Even though I'm not a big fan of copyright.... (Score:2)
So? The RIAA has LOTS of shitty songs that nobody will want to download that they can make into perfect MP3s giving them tons of Mod points to use against the songs they want to target.
Re:Even though I'm not a big fan of copyright.... (Score:3, Insightful)
So only files, that somebody wants are counted... i could share 20gb of shit, so i know, nobody will download them.
But if you count the traffic you get the more important data."
Then the RIAA stooges download shitty MP3s from each other and have mod points to use against targeted songs.
Re:Even though I'm not a big fan of copyright.... (Score:3, Insightful)
Essentually this is a software war. One side will do x the other side will counter x. Kind of how AOL occasionally treats the wonderful Trillan IM client.
Re:Even though I'm not a big fan of copyright.... (Score:5, Interesting)
Yeah there is. You fight back. No holes barred type of fighting too. If you can catch him in the act, do shit , like ping floods. It's effective in cutting bandwidth 1 way.
---"I was thinking that a moderation system would work, if it's implemented correctly."
---"For instance, once a person has been sharing X GB of files for, say, 2 weeks, they start getting moderation points....they can use these points to flag a file as being a dummy. (or just a shitty rip) If a user gets too many files modded down, he becomes unable to gain moderation points for a certain period."
Already incorrect implementation. I'd simply have a writable part of the P2P fs that allows you to GPG sign a file. You sign the MD5 sum to your 'nick'. If it's good, you sign. If bad, you dont. Now if some idiot is signing bad shit, you can assign trustworthiness to 0. You could also apply 'trusted' user signs to other known good MD5 sums (from untrusted users).
This system creates a "Web of Trust" that cannot be spoofed. No moderation point system will ever cut it (since it relies on a server-no reason to)
---"The sharing requirements will make it undesirable for RIAA droids to pollute the moderation system, since they'll have to be sharing material of their own. (and any dummy files they have will hopefully be moderated down...and if they ARE sharing valid material, well, cool, they're contributing to their own demise)"
First, even 1 screech is enough to 'kill' a file. For example, in Cool Edit plugins, they inset a bell after 30 seconds. Very effective. Also, might I remend you that it's legal for the RIAA to warez these files. Who's gonna pick on them?
Please, nitpick at this suggestion, I'd like to see if it's feasible or not.
here's some nitpicking for ya... (Score:2)
--LP
P.S. IANAL but given where the law is these days, I'd be surprised if ping floods were legal, at least in US jurisdictions.
Re:Even though I'm not a big fan of copyright.... (Score:2, Interesting)
The only problem I can see with the moderation system that you're suggesting is that there would have to be a central authority for mod points. In the current political and legal climate, that's a direct weakness. You could, conceivably, combine the two systems. So, I could rate everyone that I've downloaded from based on Quality of Service and that would enter a special file, which could be picked up by each client that has trust in me. The client would then weight the entries based on how much they trust me. For instance, if they only had 50% trust in me, then my ratings could be cut in half. They could then decide on a threshold, below which they won't do business with a client. Someone could be allowed to enter into the network.
This system has a lot of possibilites. It would keep out unwanted parties, but also allow people to come in at a low level of trust and build from that. If you made it a generic fileswapper with searchable metadata (such as gif comments and id3 tags) then also allowed ssl transfers, it would be almost impossible to track.
Sorry if this is all a bit muddled and choppy. I've been up for more than 36 hours. Let me know if this sounds at all reasonable.
Re:Even though I'm not a big fan of copyright.... (Score:2)
1: You host untrusted music(not essentially bad media).
2: People who downloaded it either sign or not.
3: When you download(or see file), you can see signees.
4: All clients have a ratings system.
0- Untested
1-Public Enemy
2-Mostly Corrupt
3-Average
4-good
5-Friend
(maybe a little overdramatic
I could also see how the data is put together....
name_of_media=blablablabla.mdeia
MD5_sum=123h1
quality_of_media=good/bad
Keep this in mind... (Score:2)
If the RIAA (or some other prosecuting agency) can track down your IP #, they'd probably have enough probable cause to supoena your ISP records, eventually visiting you and confiscating your hard drive, and/or easily tying you with your public key to dozens or hundreds of songs you've distributed.
--LP
Re:Keep this in mind... (Score:2)
Thinking about it, and in line with my earlier post of having a central server of moderation points:
Perhaps the central server should not send out a certificate, but just log IP addresses.
Peer at IP address A (which presumably just downloaded something) rates Peer IP-B as a good or bad site. Nothing else is kept, and the Peer at IP-A has to talk to the moderation server (To avoid spoofing its IP address).
What do you have? Something like what Google offers. For each IP address that you search from, you get a vote from all previous encounters.
What don't you do? You dont keep a record of who was at IP-A making the vote. This means that for dialup's and people behind a NAT, there is only one vote per IP. It also means that they can't be identified. Even the RIAA can't buy that many IP addresses, so it helps stop them vote rigging.
All that could be summoned to court would be a list of IP addresses that were voted on, and voters. Now the voter hasn't downloaded something illegal necessarily, and its pure speculation about IP-B that anything was shared.
I can't see that being of much use to a court:
"50,000 sites said you were the best site to share from" "Yep, I keep the best Linux ISO's"
Now certainly that gives the RIAA a list of IP addresses that are sharing stuff. Then again, that's hardly secret stuff if you crack a P2P client anyway. Heck, the current Morpheus displays the IP's in its cache list already.
Ideally, the P2P clients and the moderation server encrypt this data simply to make it illegal to hack into the process - might not stop the RIAA but they couldn't use the info in a court of law because its circumventing an encryption process.
While we are there, this would be the reason for a new generation of P2P clients that also can encode all the useful information that the old fast track network.
My 2c worth again
Michael Veltman
Copyright is Irrelevant, Cartels' Acts are Illegal (Score:3, Interesting)
Copyright is irrelevant. This is a premeditated Denial of Service Attack against a service that may, or may not, be facilitating the sharing of copyrighted material (and is likely providing a conduit for both
What if this attack were against the entire http protocol throughout the internet, taking down web pages everywhere because a few were trading copyrighted material illegally? Would we tolerate it? Absolutely not. Not even if for every legitimate, google or slashdot style website there were ten websites trading Warez and mp3s.
The act of DOSing a service is illegal (at least in some places), regardless of whether it is a copyright cartel dinasaur leading the attack to protect their outdated business model, or script kiddies and l337 h4x0rs defacing or DOSing their least favorite corporate website to express disdain.
Gentoo, Source Mage, Debian, and other GNU/Linux distributions that use the internet to display information may well adopt p2p methods to eliminate bandwidth bottlenecks, particularly during the release of new versions of popular packages like Gnome, KDE, Mozilla, and Open Office. If Microsoft were performing such a DOS attack there would likely be people facing fines and perhaps jailtime.
This is an attack on the Internet itself. FTP, http, scp, all of these can be used to share copyrighted material. Shall we allow cartels a free hand in making those protocols unusable?
There are legal remedies for prosecuting copyright violation. There is absolutely no excuse for this kind of illegal activity in the name of 'protecting copyright', and while there will undoubtably be technical solutions to much of this kind of thing (anonymous GPG signatures and webs of trust, etc.), the bottom line is that you cannot have the majority of civilization constrained by one set of laws that make these sort of attacks illegal, while allowing another segment of society to engage in this sort of activity simply because they argue it protects their business interests.
I agree with the general sense of your post
I don't have any sympathy... (Score:4, Insightful)
People who download songs and movies continuously only make bandwidth more expensive and/or capped for the rest of us.
I think it's kind of funny - we waited overnight to download "TPM" only to discover it was "Pearl Harbor" with the title changed.
Re:I don't have any sympathy... (Score:2)
Supply and demand. Demand went up the first day someone got DSL/Cable. Question is when did the supply?
Worldcomm didn't go out of business because everyone is downloading porn. It did because some companies, like them, are shady.
Actually I think the supply is there - it's just being controlled liked the oil cartel.
Re:I don't have any sympathy... (Score:2)
I also remember that we are charging Africa like 3 times the amount they should be paying for linking up with our wires. (don't know the exact number/figure/percentage so I'm sorry if I'm wrong) There is profit being made.
Simply, if I was selling crack.. and everyone wanted it I would certainly be getting more with some of my profits and not just jacking up the price without trying to fill the gap.
If they aren't going to balance the two, then they are simply gouging. You don't have to spend all of your profit on more cables but please don't just roll in it... bastards in business suits.
Gnucleus needs to add a "self-similarity" check... (Score:2)
Re:Gnucleus needs to add a "self-similarity" check (Score:2)
Another solution would be to only download songs from well known ripping groups such as RNS, and the like.
Damn, I just remember the Gnucleus feature which adds certain hosts to it's block list for sending
GNUTELLA! THE UN-CENTRAL, UN-DESTROYABLE, BEST CONTROLLED NETWORK AROUND! I suspect this will affect more Kazaa/Newbie users.
Re:Gnucleus needs to add a "self-similarity" check (Score:3, Insightful)
Re:Gnucleus needs to add a "self-similarity" check (Score:2)
Wait - maybe its a good thing if those songs are marked as trash by the system. Carry on.
P2P moderators? (Score:2)
YAWS (Score:5, Insightful)
Your p2p application (which supports metadata, hashes etc) will wait to add a downloaded file to the "shared" section until after you view it.
This would cut down on some short divx'd files (which won't play "out of the box") bogus mp3 files (overpeer) and whatever else.
A system which flags files as "ok" could come under attack because overpeer could just flag their files "ok" as well.
The system I suggested above would only of course work with files downloaded, not files you have existing on your computer. Of course through the hash system you could be verified against other people.
Overpeer... create mp3's backwards from one-way hashes! Good luck you bastards!
Considering we already have hash systems in Gnutella apps... they can suck me.
Re:YAWS (Score:2)
Re:YAWS (Score:2)
Same with DIVx's. (Score:2)
In this case, it does not appear to be the work of a concerted group - just trolly kids, I suspect.
Sometimes they rename pornos with titles like 'mulan.avi', etc. Sigh. Lots of wasted bandwidth.
I bet the movie industry will do that soon. They must be soiling themselves over people sharing cam grabs of every popular movie - with in hours of the opening. Download it and spend your savings on a Pizza.
Re:Same with DIVx's. (Score:2)
Yeah! I had to download Mulan 32 times before I got my fix of pr0n!
It is pretty appropriate to put fake P2P files up since P2P is pretty much a fake scene. The bit about it really and trully being to allow people to swap their own self generated content and the copyright theft thing is a tiny, tiny minority is such a crock.
If material is not illicit in some fashion there is no reason to use P2P instead of a Web server. There are only two types of legitimate material that P2P would be necessary for - samizdat political tracts and Pr0n. Despite the best efforts of John Ashcroft it is still possible to publish material critical of Govenor Bush as the reports of his insider trading and Enronesque accounting methods demonstrate.
As for Pr0n, while there is no doubt an amateur Pr0n scene somewhere on the Web I have never heard that it is a big part of the P2P scene. Which if the propaganda was true one would expect it to be, after all you don't need much to DIY Pr0n, no acting ability required, just a razor, plenty of lubricants, condoms, a camera and a girlfriend... ohhh dear well that could be tricky.
Work around (Score:2)
The reason that the songs are blocked and return no results is because Overpeer is blocking all searches that include the word eminem on Fasttrack. They are only allowed to block the songs that contain 100% definately copyrighted material. If they blocked the name of the track then all kinds of non-eminem files would be blocked as well and therefore it would be an illegal DOS AFAIK.
1. Google search for CD track list
2. Enter titles only NOT artist in your P2P search
3. Burn, Burn, Burn RIAA.
Its simple to bypass this crap... (Score:3, Interesting)
1: If I get a good turnout on search, I look at most of files, bitrates, and times. I download what seems to be the mode of the similar type of files.
2: I tend to stick with files that many users have (eg: 7 people have file with size 4,032,112 and 1 person with size 4,129,326). I can resume easier with "popular one". I do the same thing with movies (anime mostly)
3: While I download, I play it with Winamp/Xmms. If there are errors/not what I expected/fake files , I can easily cancel the download and blacklist the user.
4: If I get corrupt movies, I use virtualdub to determine where in the file is the error. Then I use a snip tool and "cut" the file into N parts. I can then use resume on the P2P services and possibly fix the file. However, some files, like Serial Experiments Lain (AVI sub), 1 episode has a "divx freeze frame". That error'ed file has propigated on WInMX, Kazaa, Gnutella, and Nap-clones.
5: Even with my modem, I download "weird" files in hopes of getting unreleased/changed song. You occaisionally see stuff like this when you search for a popular song. Then you see a "somewhat changed name" but usually longer. I usually get them. If they're bad, I can find out in the first minute(remember, I play as I download).
I figure that this wont be as much helpful... It's just my skills I use in getting the "goods".
An idea to solve this... (Score:2)
I propose P2P programs should as a feature, for every MP3 file shared, create the musical equivalent of a thumbnail pic: a very low bit-rate, down-sampled "preview" version of a MP3 file that could be nearly instanteously downloaded and listened to, to determine its authenticity, before a user actually takes the time to download the real version. This downsampling would be automatic and transparent.
Prudent users would always "preview" before they download, and bogus files would be quickly identified thusly.
Re:An idea to solve this... (Score:2)
Re:An idea to solve this... (Score:2)
Re:An idea to solve this... (Score:2)
I'm not worried... (Score:2)
Hell, I encourage them to continue doing this with Eminem, Britney Spears, and other modern music (stretching the meaning of the work "music"). Maybe it'll drive these kids to start listening to more talented acts.
Every Eminem/Britney fan we prevent now is 1 less brain dead consumer that will take what the corporate establishment spoon feeds them. Oh crap, I'm starting to sound like a hippie!
Derivative works (Score:2)
#1. Many music companies hold the (sometimes exclusive) rights to distribute a musician's work ... but not the Copyright itself.
#2. I believe a strong case can be made for one of these bogus or loop MP3s being a derivative work.
If #1 and #2 hold, then the music companies are illegally creating and distributing derivative works, which puts musicians in a position to claim Copyright infringement and possibly damages.
Ah, the BBS days... (Score:2, Informative)
Don
Re:Ah, the BBS days... (Score:3, Funny)
Would a moderation system slow them down? (Score:4, Interesting)
What is needed to stop this is a moderating system which ranks the various traded products, as identified by their MD5 checksum signatures, according to some "measure of quality". By rank ordering, it cannot be used to entirely shutdown a trading network since everything would still be available. Products at 50 out of 100 would have received a ratio of good vs. bad moderations better than 50% of other products, and worse than the other 50% of products. It would not necessarily be a 50/50 good/bad moderation. Thus flooding of bad moderations across the board would have no effect, though it could be used to drive very specific classes of products down the list. But eventually, people would see the abuse and mod them back up. It would be sort of like moderation on slashdot, but everyone gets to play.
Now would it be possible to have selective moderation like slashdot has? Only a central authority could do that the way slashdot does. The big question would be judging who gets moderation points. As far as I know, on slashdot, it's almost entirely automated. With product trading, it would be harder to measure the quality by automation, so someone has to manually make the judgement calls and that brings some risks as well.
If individuals could be identified uniquely in some way, without the risk of exposing real identity, then meta moderation might work. One way to do that would be a slow rate of generating some kind of signed digital certificate that allows only so many to be generated at a time per network that receives it (and no personal identifying info included, and no records kept). Moderations and meta moderations would be signed by these anonymous certificates. You wouldn't know who moderated, but what you would know is that a group of moderations by the same certificate are probably from the same person and can be judged accordingly, good or bad. Excessive levels of moderation would also weaken your merit and derate your contributions.
Silly Tactic (Score:2)
It's as silly as a criminal wandering around a bank and informing the staff that he's casing the joint for the heist next week.
Simple Solution (Score:2, Interesting)
It's not that much of a sacrifice because MP3 sharing systems are only ever used for fair use (where you know the origin, as it's just your home/work PC that you're fairly using from) or they're to promote unsigned bands for whom P2P is an important system.
Right?
In next week's Ask Slashdot: "Dear Slashdot, I like fast cars but they're so expensive. Recently more and more of them are getting lowjacked. Isn't this a disturbing trend? What technical means are open to defeating this system? I only steal from big company showrooms so it's effectively victimless."
Before you mod this down as a troll, think about what I'm actually saying. When did we lose the cool technology, the valid fair use claims and the arguments that these systems are useful promotional tools for those who want them... and reach the point where we're bitching about only being stopped from the unfair uses?
Why this could be good... (Score:4, Interesting)
Re:Why this could be good... (Score:2)
I'm encouraged by the evidence of the posts in this thread that many slashdotters are taking the anti-piracy position on this matter. Communities such as this one are fighting the RIAA et al tooth-and-nail not because we are pirates, but because their efforts to combat pirates are extremely hostile to law-abiding consumers. For this reason, we're very suspicious of their protestations that all they're doing is trying to fight piracy.
Re:Why this could be good... (Score:2)
Actually, doesn't using real songs also work against them? If they are putting the title of a copyrighted song, and a small portion of that into the public domain on a P2P network, wouldn't that make enforcment of copyright on that 2 seconds void. If a portion of this body of work (song) and title are launched out by the owner of the work, they are starting down a dubious trail.
that's fair (Score:2)
What would be a problem is if they started doing this for content they don't own. For example, if there was an artist that put his work on P2P networks, started competing with them, and then they tried to sabotage his popularity by putting out junk under his name. That, however, is probably already prohibited by current trademark laws.
Perhaps good for us? (Score:2)
1. With file sharing networks flooded with fake songs from RIAA brand name artists, it will become annoyingly difficult to pirate RIAA music. While illegal data becomes very difficult to find, notice that this does not detract from our ability to trade LEGITIMATE data. Legitimate independent labels can still be easily searchable.
2. If no technological means can be found to curb rampant piracy, they will resort to dumb laws (DMCA, CBDTPA) and Microsoft Palladium to stop it. This would be a terrible hit to the American economy as well as cause serious trouble for Open Source Software.
Predators are good for an ecosystem (Score:5, Interesting)
It is possible to design a filesharing service that defends itself against bogus files.
It is possible to define a protocol that hides the file lists of individual users.
It is possible to build CDRs that play, copy and rip copy-preventing CDs.
The pressure exerted by RIAA will turn these possibilities into realities - simple Darwinian evolution.
Re:Predators are good for an ecosystem (Score:4, Informative)
And this is an interesting software engineering problem. It is the first internet protocol that has to be designed from the ground up for anonymity and resilience. And that will grow in a hostile enviroment.
The TCP/IP stack was designed for resiliency and they did a good job, but this has to be even better, and we don't have the goverment on our side!
There are a couple of attempts at this. One is www.freenetproject.org (that seems to be stalled) and the other one is gnunet [freshmeat.net].
GNUnet is a decentralized network with confidential and authenticated communication. A first service implemented on top of the networking layer allows anonymous distribution and retrieval of content. GNUnet supports accounting to provide contributing nodes with better service.
Re:Predators are good for an ecosystem (Score:2)
face it: if there isn't an alternative in their production model, that is: societies which produce, manage and distribute artists and respect those new ways to share music or movies, they will win. Because they have the money and therefore the political support. And also because, as you said, the p2p wave is making them stronger and giving them ideas of new ways to control their customers and milk them.
Easy Solution (Score:2)
Keep lists of good cheksums. Set up checksum servers. Add moderation. Stir.
There is already a system that can prevent this (Score:2, Informative)
Its a great system, Share Reactor cant get sued, edonkey2000 doesnt have centralized servers, and I get much greater speeds than in any other P2P program. Sure would be great to see other people take advantage of the great possibilities that edonkey2000 (and other P2P programs) can offer like Share Reactor does.
Needless to say, I highly recommend it.
Foolish Overpeer Investors READ THIS (Score:2)
"By penetrating P2P networks such as Gnutella, Open Napster, and FastTrack, our solution can use the power of P2P against abusers, instead turning software pirates into customers"
Huh?
P2P Networks turn "pirates" into customers. Obstructing the network simply ensures that network users will never become customers of authors who have hired the obstructors.
All well-documented cases (think Baen Books for example) show that freely available works increase demand and improve artist-audience relations.
I don't see how these guys can possibly succeed. They will have to continually develop technology to beat the bleeding edge of the P2P arms race, but unlike antivirus companies which enjoy a huge market and a growing pool of evangelists, Overpeer's only cashflow will come from the RIAA and anybody who has not yet learned about the positive commercial power of P2P networks.
Yesterday I went to Networld+Interop in Tokyo. Best in 5 years easily. Wireless, Broadband, Streaming Video, it was all so huge they even rented the next building. The past President now statesman of NTT DoCoMo (most successful Japanese company, and partnered with AT&T) stood up in front of a thousand people and gave an extremely lucid presentation on the future of all this. Get this, they are DEPENDING on P2P!!
This I mention as I noticed today an interesting little socket with tape over it attached to the cash register of my local convenience store (think 7/11). The tape said, DoCoMo service starts July 16. There is already a bank machine and maybe a loan machine (the mafia got wise) in most every convenience store and now the loop is finally being closed. All we need now (maybe available next week, if not I'll sure work on it) is paying for cryptgraphic passwords at the register. Now that networks carry so much data it is hard to tell when an mp3 or divx is coming over the wire, it is just going to be very difficult to stop.
But I'm not talking about pirating. Overpeer (an oxymoron like "Big Brother" in case nobody noticed) is going to fail financially because the big boys need these P2P networks to work. Not a lot of people are making waves if it is just kiddiez and bored techies downloading a few mp3z. But P2P and open group-based data sharing is becoming important for business cooperation (think Groove), B2B (Enron was doing $1 billion/day of e-commerce transactions before they tanked), and distribution of large files and streams (think Akamai, the Perl CPAN, and FTTH - now a reality for Tokyo residents this year).
When these networks start getting used for serious data as well, Overpeer is going to be messing with the value of a network resource that real companies have a stake in.
Consider that if I already own an Eminem CD (not likely) I am completely within my fair use rights to use a digital copy of that. If I was paying for a P2P network to supply my fair-use needs, Overpeer might end up on the other end of the stick (in court).
What's needed to put the RIAA in its place (bankruptcy court) and promote music and P2P?
First counterstrike, from the economic perspective (Score:2)
IMHO, the key to making this Overpeer crap go away is to make it economically counterproductive. "Anti-crap" technical countermeasures are necessary also. The RIAA folks aren't the brights bulbs in the box; it may take them a while to realize how dumb Overpeer really is.
Re:First counterstrike, from the economic perspect (Score:2)
Good idea! only I think you will find that boycotting the files is exactly what the RIAA wants. They want you to boycott the files and buy the smegging CD
Only the P2P people are already boycotting the CD because they are a bunch of theives who steal it via P2P rather than buy it
web of trust (Score:4, Insightful)
Eventually this evolves such that sites which post bogus music, low-quality rips and the like will not get used, because no one will trust them. And a good web of trust allows you to see the trust path that led you to a server, so that if you get something bad you explicitly can mark as untrusted the nearest site to that (since they didn't do a good screening job) even though they would otherwise implicitly be trusted.
Re:web of trust (Score:2)
All it takes for to spoil is the scheme is for the RIAA to set up two servers. One legitimate one, which you trust, and another spoof one, which the legitimate one trusts. Good luck fighting this unwinnable war.
so, only MP3s are currently being bogofied? (Score:2)
So, only MP3s are currently being bogofied? (And, I would assume, primarily the Windows-only networks?) That's good, actually. Those of us who prefer to share and download Ogg Vorbis files on predominantly [sourceforge.net] Unix-based [apache.org] networks [faqs.org] will remain largely unaffected.
Systems Already in Place (Score:2, Interesting)
Helpful users have been finding out the IP address blocks owned by the "bad guys" and submitting them to create a "ban list" for search results.
The new version of Gnucleus [gnucleus.net] has a feature that allows users to simply click and filter hosts that they suspect to be sharing bogus files (and spam etc.).
There are plans [zero-g.net] to expand the distributed web-based host cache system in use in Gnucleus and a few other clients to also serve blacklists. Possibly there will even be a "vote" system that would allow users to dynamically change these ban lists to propagate information on "bad" hosts automatically.
I think that using hash information is pretty useless, it's easy to stick the right hash on the wrong file. What you'd need is a PGP-like public-key encryption system with signatures and trust structures and the like, but that'd be going to the extreme.
Game Over (Score:2, Insightful)
The problem has two aspects:
1) If the systems has strong identities, then you have a confession from every uploader - as long as you can find them.
2) If you don't have strong identities, then those who would interfere with your system can hijack the identity system.
In the strong identity case, those few people who have uploaded most of the songs that are floating around suddenly find themselves targets. A well-funded attacker, especially one with the Law on their side, could use traffic analysis to track down the high-use users. Recall, they don't need enough info from the traffic analysis to get a conviction, just enough to get a warrant. Frankly, I don't believe claims that "my system is immune to traffic analysis." If the Law can tap into UUNet's big NOCs, they can watch the majority of US internet traffic. MP3's are pretty big, and a small population of users uploads most of the songs. It doesn't matter if your data is encrypted/chunked/whatever, the Law just looks for lots of traffic and tracks the big dataflows to their source. Once they find you, they find your secret key, and you're in jail. Secondly, a digital signature is forever. If you share a bunch of files in college, but then clean up your act and lead a respectable life (in the eyes of the RIAA), your digital signature stays behind. A gun that smokes until the statute of limitations runs out is a little scary.
In the weak identity case, you're no better off than in the no-identity case. The people who want to stomp on your little piracy garden are better funded and less constrained in their action than you. Everyone has infinite moderation points? What's to stop the bad guys (good guys?) from modding everything totally randomly?Much faster than carefully listening to each song and clicking a button. Legitimate rankings get lost in the noise. Use hashes or song fingerprints? What's to stop someone from transmitting the hashes/fingerprints from non-bogus media?
No, I'm afraid that the solution is the same as the solution to the wAr3z distribution problem. Small groups can share with full impunity (this is actually legal [hrrc.org] to do with music). But sharing music with perfect strangers is not just illegal, it means that the Man can play, too -- and do everything in his power to stop you.
Media companies and technical counter-measures (Score:5, Informative)
So as I said, I do see this as one of the problems to be solved, although I feel it's of lesser importance. There are many ways of doing this. One of them is previewing - when downloading an audio or video file, when you're about 100k into it (100-200k if it's video), do a preview and see what you're getting. With this looping stuff you have to go farther than 100k however - preview one fourth to one third of the way into the audio files. Many Gnutella clients have a preview feature, as does Fasttrack (Kazaa).
Another method is to ban IP's and IP ranges spreading this. This is already being done - it's only a minor fix because they will always get around it, but it will help somewhat, they won't be able to have big servers spewing this stuff 24/7
The real way to fix this however is hashes. Which are already ubiquitous - they already exist and are known on Gnutella (Shareaza, Gnucleus, Morpheus, Bearshare, Limewire), Fasttrack (Kazaa) and Edonkey2000. On Gnutella (Shareaza) and Edonkey2000, you can click through or cut and paste these URI's (URLs) to files from web sites (or Usenet, IRC, e-mail, instant messengers, whatever) and start searching and downloading the files - for FastTrack (Kazaa), it is a little bit more time-consuming and complex, but worth it if you're going to be downloading a large file. The hash technology is already there, the key now is finding a trusted source for hashes which are both good and whose data is findable and downloadable on p2p networks, and for those sources to survive. I guess I'll detail how this is currently working with the various p2p networks, why not?
There are four major p2p networks - Gnutella, Fasttrack, Edonkey and Freenet. Freenet is a publishing network, the others are all file sharing networks, which is what we're concerned with. Gnutella and Fasttrack are the two largest networks. Edonkey2000 specializes somewhat in large files however, so if it's 100MB+ files you're after, Edonkey2000 is on par, and perhaps better in some ways currently, than Gnutella and FastTrack. Edonkey2000 and FastTrack are closed networks - closed source server/clients and closed protocol networks. Gnutella is open, the protocol is open, and robust open source server/clients like Gnutizen exist for it. This gives Gnutella advantages, such as a choice of multiple clients for virtually every platform, as well as other advantages. Of all the file sharing p2p networks, Gnutella is my favorite and I believe Gnutella is the future of p2p. I think competition amongst p2p networks is healthy however as every can steal everyone elses best features and innovations.
Gnutella files are hashed for HUGE with an implementation called sha1. You can read about the technical aspects here [yahoo.com] if you wish to. These hashes are useful for finding additional sources for found files so that one can resume downloads or download from multiple sources with integrity. Actually there's one caveat to that - if you are downloading from an honest client, it will tell you a truthful hash of it's data. A client could give a fake hash and then send other data - but you would have to directly download from the rogue. How clients deal with this is even more complex - Gnucleus downloads overlapping chunks - it downloads 1-2000 from one source and 1950-3950 from another - if 1950-2000 do not match from both sources, it marks both chunks as possibly bad. You can read more details about this in Gnutella documentation and discussion groups.
Aside from this usage, these hashes can be used externally as well. Currently, Shareaza [shareaza.com], which is a pretty good servent (server/client), is the only one from which URI's (URL's) can be cut, paste, and clicked through to from the web/IRC/e-mail etc. I'm sure clients like Gnucleus will have this ability in the future. If you had Shareaza installed, you could click on a link like this - which is an, I believe uncopyrighted, Chomsky speech [gnutella], Shareaza would launch (if you don't have it already) and would ask you if you want to download the file or cancel. If you select download it would connect to GnutellaNet, search for the file, and if it found a host which has the file and which has upload slots open, would start downloading it. Actually, the Slashdot "allowed HTML" filters are pulling some necessary characters out of the above link, so you can't click through on /., although you can on a normal HTML web page. I can't post an URL that you can cut and paste either since /. forces a line break after 40 characters or so, if /. didn't do this and the below was in one line, you could have cut and paste it into Shareaza, I'll show it here for an example, imagine this was all on one line for you to cut and paste, or better was just a link to cut. You can do this on any HTML page, it's just the Slashdot HTML parsing messing it up -
gnutella://sha1:HXHSJ6ATN3LQCCIOBGUEWV5FFCKP2KBL/N oam%20Chomsky%20-%20Audio%20Book%20-%20Noam%20Chom sky%20-%20At%20Johns%20Hopkins%20University.mp3/
I would give the above link a rank of "7", because the last time I searched for it, 7 people replied they had it. I have several hashes with a score of 80-90, meaning you're more likely to find or download them, but the above is the only one I have that I have enough confidence in that the data is uncopyrighted.
So now you have one link to a hash - where can you find trusted sources which tell you what hashes are ubiquitous, making it more likely you will find and be able to download them, are rated in terms of quality by multiple sources and so forth? Well for Gnutella, one source is Bitzi [bitzi.com]. You can search for data there, see what is the most reported, what things are ranked, see comments, see bit rates, file sizes, artists, titles and so forth. It is very cool. Most interaction is from Bitzi into Shareaza (the only Gnutella client that does this currently), but from within Shareaza if you find a file you can type "find Bitzi ticket" and see if the hash has been reported on already. One thing which I'm sure will soon be remedied is that Bitzi does not have direct clickthrough to Shareaza, I have to copy hashes to my clipboard, edit them to Shareaza format and paste them into Shareaza. I'm sure soon Shareaza and Bitzi will agree on a standard and remove this step so I can just click through. And soon Gnutella clients other than Shareaza will have this ability as well. Bitzi's data base is open to the public, you can read their open data policy on their web site, anyone is free to use the data as long as Bitzi is credited. Bitzi.com is the only large, good source of Gnutella hashes I know of. Edonkey2000 has had hashes for a while, and has several good, large sources for hashes such as Filenexus.com and Sharereactor.com. Since Gnutella is a larger network and it just implemented this ability, I'm sure it will have even more and larger sources in addition to Bitzi. And since Bitzi's database is open to all, if Bitzi goes down someone else can open the database up again somewhere else. I'm sure in the future, even the trusted rating system will become distributed.
Gnutella uses the sha1 hash, Edonkey2000 uses another, and Kazaa uses another. Web sites exist that centralize the hashes for these. I'm sure soon web sites will exist that coalesces and translates all of this. Gordon Mohr, who runs Bitzi, wants to see a universal p2p tag, magnet, which is agnostic about which p2p backend it is using. Why not? We can have a tag that we (more or less) trust, and can retrieve the data from Gnutella, FastTrack, Edonkey2000 or Freenet. It's a great idea.
I am less interested in other p2p networks than Gnutella but I'll discuss their hash and meta-data web sites a little. The most interesting one is Edonkey2000 [edonkey2000.com], which as I said, has come to specialize in large (100MB+) files, and which I have to admit is a pretty good way to download large files with some guarantee of integrity. There are two major meta data sites for Edonkey - Filenexus [filenexus.com] and Sharereactor [sharereactor.com]. There are other sites as well. If you're looking for large files, they do a pretty good job currently.
Fasttrack (Kazaa) uses hashing, but the Kazaa client is not that friendly to this kind of thing. So Fasttrack/Kazaa is more of a pain in this respect than any of the others. Nonetheless, you can download a program called Sig2dat [geocities.com] that helps you copy and paste FastTrack's UUhashes. The you can go to web sites [fasttrackmovies.com] that give meta data, rankings and so forth to these hashes. Kazaa/FastTrack is unfriendly to all of this so it is much more of a pain - you have to install files that help you do this (sig2dat), you have to restart Kazaa for every file you want to download in this fashion and so forth. With Kazaa, all of this is a hassle, it's much easier to do in Gnutella (Shareaza), Edonkey2000 and Freenet.
And lastly there is Freenet [sourceforge.net]. Freenet has been using hashes since the beginning. Freenet is a publishing network, not a file sharing network. That is nomenclature - file can be and are shared on Freenet - from html pages to gifs and jpgs, to mp3's, to avi's, although Freenet is the last place you want to look for large files, Freenet's bailiwick is small files. Even a 4 meg mp3 on Freenet is harder to find and slower to download than any of the other 3 networks. Small files are the domain of Freenet - HTML pages and images. The Freenet protocol is more rich than the other protocols in many ways, thus you have more than just audio and video files going over it, you have third-party applications utilizing it, thus you have things like Fproxy (A world-wide web equivalent which runs over Freenet) and Frost and Freenet message board (Usenet equivalents - both for text and binaries). One benefit of Freenet is it's hard to crack down on people for publishing information - because no one knows who data is coming from or going to. This is not absolute, but it is much safer than the file sharing p2p networks in this respect. Also, people publish data, so that what you put out is stored somewhere other than your computer, and if your web site or shared file or whatnot is popular, it will be out there all the time without your node needing to be connected. Freenet also used a lot of signatures, encryption and so forth, so you already have a pretty solid trust mechanism and data integrity. It depends on what hash is used - KSK hashes are insecure, but SSK are signed. So with Freenet there are large upsides and downsides - the downsides are downloading is much slower, since you're downloading via intermediaries, not directly, and the larger the file, the slower the download and the harder it is to find a complete file. The upshot of Freenet is that there is less of a legal risk with regards to sharing/publishing data, data is signed by the publisher which greatly helps integrity, and also Freenet's protocol allows extensions other than file sharing with it's own internal network - web and Usenet like applications, and I'm sure there will be more in the future.
Re:Media companies and technical counter-measures (Score:3, Informative)
I'm a gnutella user (Score:2)
It would seem to me that if an originator of such bogus files can be absolutely identified, that a peer black-list should be created to block these jokers out.
I know there are some obvious pitfalls to the idea but I am sure the notion can be refined with some careful thought. The list can specifiy the degree of the offense, (spam-bot, looped files and video files that are actually just music, etc) and the client can have a quality filter setting.
Now I know it can just be worked around in some way, but the hard-core hosts of bad files will eventually get blocked to the point that their effort is useless. And while we're at it, we can block out all know MPAA/RIAA IPs too.
Maybe it's a dumb idea... I can't be the first to think of it.
Hashing can eliminate this nusense... (Score:2)
Comment removed (Score:4, Informative)
lock and load (Score:2)
audio fingerprinting (Score:2)
Boycott the recording industry (Score:3, Insightful)
Code is law...for us too (Score:3, Informative)
But code is also law for us.
We are the one's who write the code for P2P services like Phex, LimeWire, BearShear, etc. Thus, we are the one's who create the "law" for those services.
We have the ability to code away this problem, and any other problems presented to our P2P utopia.
So how do you deal with bogus files? Well, one way to do it is by detection. Write protocols into P2P programs to detect bogus music files. How do you do that? By reverse engineering their technology. Lets say that their "bogus" files appear the same size as normal files, but about 1/4 of the way through have a hitch in them w/c causes your player to play over the part over and over again. So you write code to detect that.
Another way to deal with it is the same way we deal with spammers: block unreliable sources. If a domain-name for e-mails often gives you spam, you block that domain name. Same thing w/ P2P networks with a little bit of ingenuity.
The only thing to worry about is the red queen effect; namely, we take counter-measures to their measures, and they take counter-counter measures to our counter-measures, and so on and so forth. This results in a lot of wasted time for us, and also will eventually make our code bloated.
Another alternative is the legal route. Contrary to what some say, there is a legal option. Their actions garble up the P2P network, which will negatively affect many who are sharing non-copyrighted files. Hence, a basis for a legal restraint.
The other possibility is a counter-attack. They've screwing up our networks, so we screw up theirs and their systems. The best defense is a good offense. This would be DoS attacks on their servers, or virus'/worms aimed specifically at their computers.
Another possibility is very simple. Rather than trying to weed out untrustworthy sources, try to find trustworthy ones. This is much easier as you'll get cooperation. Real netizens of the P2P community may put tags on their files, as identification, which would securely identify them; then, those files would be rated on two categories -- quality and completeness.
Repetition isn't necessarily a bug... (Score:3, Funny)
So... the artists can't ever play the same sequence of music more than two or three times before it gets flagged as bogus?
That check would instantly trigger on pretty much every soft-pop-dance track that I currently spend most of my radio-listening time trying to avoid. Cool. :-)
Re:Repetition isn't necessarily a bug... (Score:2)
Poor Moby [slashdot.org] is really going to be pissed at P2P now!
Re:Repetition isn't necessarily a bug... (Score:2)
He'll just sign them up to his fan club. Moby gets his own back on hate emailers [ananova.com]
Re:Idea to counter this (Score:5, Informative)
Re:Idea to counter this (Score:2)
You don't get it (Score:3, Insightful)
And where did you get the idea that Overpeer is only going to make bogus MP3s of artists belonging to the labels that contracted with them?
It would make more logical sense to continue the RIAA tradition of attacks on P2P networks by making bogus tracks of everything they can find so as to make the networks as a whole unusuable.
I don't see this as a method of protecting label artists, I see this as a way for them to attempt to shut down networks on which non-label artists can be distributed and an extension of what they did to Internet and LPFM radio.
Re:You don't get it (Score:3, Insightful)
Because the artists and labels could sue them for doing so.
Re:Article lacks credibility (Score:2)
Say that to the RIAA.
Re:Tit For Tat - just another blip (Score:2)
Re:Why complain? This is a sensibe solution. (Score:2)
Re:Why complain? This is a sensibe solution. (Score:2)
Re:Simple solution (Score:2)
The problem with this is that Clear Channel and the RIAA don't want you to listen to anything that isn't Top10 material. They want you to listen to Britney, N*Shit, etc. If you can handle listening to oldies stations (which I can), then fine, but don't expect to hear much if any high-quality contemporary stuff on the radio.