Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Music Media

Interesting Way To Protest Napster 462

^Gargoyle^ writes: "Here's an interesting way one Napster user is causing problems for Napster. In a nutshell, he's creating songs that are exactly the same length as a legitimate song, but with an annoying cukoo sound in place of the song. An interesting way to protest copyright infringement." This is the best form of protest I've seen so far... it makes pirating copyrighted music more difficult, without doing something stupid like trying to make peer-to-peer networking illegal or making it illegal to rip your own CDs. Mind you lots of Fingerbang fans are gonna be really annoyed when they waste all that download time!
This discussion has been archived. No new comments can be posted.

Interesting Way To Protest Napster

Comments Filter:
  • Wesley Willis

    Oh, this guy is a riot. I saw one of his titles on Napster, was intrigued, downloaded it and then a whole bunch of his other stuff.

    That was last night, and so I haven't really listened to much of it yet. While, at first glance, the guy *cannot* sing, he's a hell of a lyricist. (Inability to sing never stopped Bob Dylan, Jimi Hendrix or Dire Straits/Mark Knopfler.)

    I think everyone gets the fucking obvious point now. Why must the record companies insist on attempting to keep me from buying their things?

    Because nice predictable business models make shareholders happy.

    How about other bands that have supported MP3 sharing? Limp Bizkit? Motley Crue?

    I especially love Offspring's little tactic: selling unlicensed Napster merchandise. Just in case you didn't hear the story, while Offspring was happy to proclaim their support for Napster, they didn't get Napster's approval before selling stuff with the Napster logo.

    I'm not sure what that was supposed to mean... I guess just a protest of corporate control of information?

    In a fit of self-destructive stupidity, Napster sued Offspring. The two have since reconciled; I understand that Offspring's proceeds from selling Napster gear is going to charity.

  • This could be a fun hack for someone with a better mind than me. Create software to "fingerprint" any mp3 file. Then you could license it to Napster to include with the client(under pressure from publishers) to upload the fingerprint with the mp3 file. Then they could keep a database of copyrighted fingerprints....the fingerprinting could be fun - combination of time-sequence of fast fourier transforms - to get the frequency distribution of the sounds over time?
  • It would have to be done using digital signature technology since this information would be distributed, not kept on a central server (like the Slashdot database).

    A system that allowed for Ebay style comments rather than moderation points would be much better.
  • by Ex Machina ( 10710 ) <.jonathan.williams. .at. .gmail.com.> on Thursday July 13, 2000 @07:59AM (#936601) Homepage
    Several people have mentioned using a trust model. So here's an example of one http://www.advogato.org/trust-metric.html [advogato.org]
  • by ChrisWong ( 17493 ) on Thursday July 13, 2000 @07:38AM (#936602) Homepage
    See Stopnapster.com [stopnapster.com] for a site started by artists who have something similar in mind. Hey, they need to eat too.
  • by traused ( 200984 ) on Thursday July 13, 2000 @07:38AM (#936604)
    A small band called the Tabloids is trying to promout such attacts on Napster.

    There website www.stopnapster.com [stopnapster.com] is trying to convice artist and user of napster to post "Napster bombs" and "Trojan Horse MP3s" to protect artists copyrights. The authours themself say they cannot do this, as there website is done on a Mac.

    Apparently they think that enough people will do this to stop mp3 swaping on napster.

    I dont think it will work very well. Look at the site. Rather poorly done website in my opinion.

  • The only lasting impression Ebay's popularity/trust model has left in my mind is of the time that, after MS was flamed for shutting down legitimate auctions of Windows, Ebay changed all of Microsoft's negative feedback to "Neutral".

    Point of this post? Well - peer review is good unless you're dealing with organizations that have gobs of money.

  • Time for the electrical engineers to comment. Unfortunately, MD5 is not going to work. Anyone who thinks it will likely does not understand the issue.

    MD5 is a protocol designed to detect even single bit changes in a file. Note that this works on the file level. MD5 does not care what the file contains. In this case, we are proposing to prove that two files contain the same song. So how can we modify one of these files?

    • Change the amount of silence before and/or after the file. It wouldn't have to be much: a millisecond or a few probably would be enough, and no person would be the wiser
    • Change the volume of the recorded music, say, by 0.1%. For best results, one could change the volume the original, uncompressed file. Again, you are not too likely to notice the difference.
    • Convert the digital audio to analog, and then back again. Have the original audio source be a CD so there is no degredation. There is no way to account for what all the combinations of CD players/sound cards would do to this. Turn on/off "bass boost" and related functions for more file changes. Tweak the treble and bass controls, or use an equilizer. A slight loss of quality in this case, but negligable. The music might even sound better :)
    • Vary the encoding program used.
    • Vary the sampling rate used for the raw digital data.
    • Change the ID3 tag inside the file.
    • Pad the MPEG file with frames containing no data or data that serves no useful purpose to most programs.
    • Add white and/or pink noise to the file at very low amplitudes. Simply randomly modify the original digital audio data in the last one or two decimal places, and no one is likely to notice.

    There are probably other ways to do this, but I think I've made my point.

    MD5 *could* be used to prove that filea.zip and fileb.zip are likely identical (provided they are also the same size). It likely can say file1.mp3 and file2.mp3 were made from track #2 of Some CD when the same encoder and ripper are used, and Some CD's #1 and/or #2 are from the same production run.

    MD5 could be used to prove that Bob has the same MP3 file as Alice, although their sources could not be easily proven through this method. But can I say that given this copy of "charttopper#1" that I have an MD5 signature usable to find all copies of "charttopper#1" online? No, you can not.

    Now IANAL, nor a PE(yet), and I have not used Napster at all, but I do not think MD5 is the answer here. One could come up with an algorithm that tries to use characteristics of the music itself to look at this issue, but the likelyhood of it working for every possible song in any possible case is nearly zero. It might work for many cases, however. I do not support nor like piracy at all, but this concept of restrict piracy by restricting user rights is also crazy.

    I just worry about the person automatically kicked off their ISP due to the fact that some file they downloaded matched the MD5 signature of someone's protected file, even if that file was a completely different one. There are only so many files one can distinguish using any hash algorithm before two come up with the same signature.

  • if you keep a title, and change the contents, isn't that plagiarism or copyright infringement because you're stealing the name of a product, but changing its content to suit your own purposes without the expressed written consent of yadda yadda yadda?

    not like most of the record labels or artists would really complain... but I do think that IS illegal.
  • it's probably lars, being the computer whiz he is.
  • There is no way Napster can promote Indy bands. You search for a band because you already know about it, meaning a)the marketing matrix has you, Neo b)word of mouth c)saw a story about the band somewhere d)band is local to your area (modified a && b). If you don't know about the band, you can't search for it.
  • my only comment is that anyone that does this better be DAMN sure they patched all security vunerabilities in their system before doing so. cuzz you definatley will have some very pissed off people that have some scary computer skills after you.
  • "Why can't the geeks of the net keep anything underground anymore?"

    We can. We do. I'd tell you about it but that would be self defeating.

  • by Deeter ( 180318 ) on Thursday July 13, 2000 @07:06AM (#936635)
    The problem with this particular approach is that it will never go beyond the first person who downloads it. If he could come up with something that isn't immediately appearant but becomes increasingly more annoying, it would probably work a lot better.
  • I thought that was trademark infringement, when you pass yourself off as something else. Copyright violation is making an unauthorized replication of the copyrighted work right?

    So Linus, what are we doing tonight?

  • There is no way Napster can promote Indy bands.

    Not true. The best way to promote Indy bands is to monitor your "uploads" of particular artists. If a person get band "X", send them an instant message and suggest that they might also like band "Y".

    You search for a band because you already know about it, meaning a)the marketing matrix has you, Neo b)word of mouth c)saw a story about the band somewhere d)band is local to your area (modified a && b). If you don't know about the band, you can't search for it.

    True enough as far as it goes, but once you've been Napstering on a fast connection for a few weeks, you probably have most of the commercial stuff you are already interested in. Then you start looking for more obscure stuff. You start searching for artists just to find folks with neat collections and see what else they have.

    Maybe that person will be on-line, and you start talking about the tastes you both share, and what you might also like, but haven't been able to hear. I don't know about the rest of you, but for the wife and me, Napster is all about introducing people to new music. And, all the musicians we know and have discussed this with agree with what we are doing. One even suggested that the RIAA should be paying us for our promotional activity. (BTW, the major labels do not send short, crappy sounding snippets of songs to radio stations and magazines. No, they send full CDs, bought and paid for out of the artists share of the royalties. Who is ripping who off?)

    Admittedly, lots of people are using Napster to get the same damn songs that they hear on the radio (stations programmed by the same couple of radio networks). But Sturgeon's Law: "...but then 90% of anything is crap!" applies. People who want the Brittny Spears single that they can already hear 200 times a day on the radio deserve to get a recording of barking seals or whatever. But somehow, I doubt that I, or many people, will ever hear a single bark.

  • US law does not contain specific limits on how much of a copyrighted work can be reproduced. From the copyright office FAQ [loc.gov] (emphasis added):
    47.How much of someone else's work can I use without getting permission? Under the fair use doctrine of the U.S. copyright statute, it is permissible to use limited portions of a work including quotes, for purposes such as commentary, criticism, news reporting, and scholarly reports.
    There are no legal rules permitting the use of a specific number of words, a certain number of musical notes, or percentages of a work. Whether a particular use qualifies as fair use depends on all the circumstances. See Circular 21 and FL 102.
  • Find out who did it and in place of the napster file you download have a voice that says: that person's full name, credit card number, home phone number, work number, and social security.

    That's great, but the combination of the relative anonymity of Napster along with the dynamic IP used by most ISPs will mean that it could be *very* tough to actually get a real name out of a Napster username. Without a warrant, I'm sure the ISP won't divulge the name of the user connected at a given IP address at a given time - if they even record logs of that. So, you could track the user to a given ISP, but that's it. I wonder how many IP addresses AOL owns? @home? Bell Atlantic DSL?

    #2 LEGAL WAY: Another simple method is napster gets an update that tags each song download. when a user encounters a trouble song they simply click a button to report a problem. The server gets info on the previous user and with a simple program visible only to napster one can determine what users are sending this out by tracking the song's origin of corruption and simply remove their IP address (so they can't reregister) again on the system...

    Again, most users have dynamic IPs, so that won't help matters. Just log off the 'net, log back in, re-start Napster and you're online again. Banning users a-la-Metallica was done using CLSID keys in your Windows registry. They're easy to remove if you know where they are. The information is readily available on the Internet. If someone is using one of the Open Nap clients - which weren't written or authorized by Napster - things become even more complicated: there's no real way to ban a user.

    (Speaking as one of the 300,000 banned by Metallica, I was back on within an hour after they cut me off.)

    Further, you really don't want to have a "Kill User" button in Napster. Maybe the guy has a bad rip of a rare song? Depending on how bad the rip, and how rare the song, I might be happy enough with it.

    While a recent study shows that most Napster users are in their late 20s - early 30s (!), I'm sure there's still a large number of users in their teenage years, ones who don't see the implications of being able to arbitrarily ban a user because they maybe don't like the list of shared songs. That's not to imply that most teenaged users would do that, but impulsiveness does become less prevalent with age and wisdom. (Speaking from the perspective of the ripe old age of 26. [grin])

    A moderation system, similar to Slashdot's, as suggested by some other reply, would be ideal. It's a great idea.

    Until then, I'll keep on using my bandwidth-consuming quality-control system: I grab at least two different copies of each MP3, audition them for quality, move the better one to my collection, and delete the poorer one from my "untested" folder.

    MP3 collecting has basically become a hobby for me. I have the CDs for most of the 900+ songs in my collection, and I still encourage people to go out and buy CDs if they hear a tune that they like. But it's fun to collect and hear new stuff. People sharing off me will be pleased to note that the MP3 collection I share is all tested, is all recorded at a minimum of 160kbps, and is all correctly labelled. Not to mention, it's usually logged into at least three separate Napster servers simultaneously every night.

  • I'm not a Napster user. I consider this promotional stunt sufficiently offensive (I don't like false advertising) that I won't EVER be buying Ms. Fix's music, going to her concerts, and I'll actively discourage my friends form doing this as well.

    I'm not giving her full name here because I think she's had her 15 minutes and I'm not giving her another second of publicity.

    I suspect that the Napster users her husband is in essence, lying to in order to get her name and music out will react similarly.

    I hope this kills that woman's music career beyond hope of recovery.

  • by um... Lucas ( 13147 ) on Thursday July 13, 2000 @08:05AM (#936661) Journal
    1 - There's no guarentee that all songs will have the same signature, unless people only distribute files from the same exact source - 1 person posts it and everyone else replicates it. Different CD drives, different sound cards, etc, will make small differences.

    2 - Though that's an issue, it'd be great for Napster to incorporated MD5 into their servers. That way, bands that didn't want to be part of it could present Napster with a list of signatures of files that were theirs and say "Please prevent the transfer of files with these signatures". As they found variances of them, they could present those to Napster as well, though pretty soon Napster would be a legitamate service with 20,000 users trading about 500 songs and no commercial viability.
  • I saw what I thought was another interesting approach to foiling the "mercenary bot". Some user, I can't remember his napster username, had inserted "METALLICA SUCKS" and "SCREW METALLICA" into most of his mp3 filenames, even though a lot of the songs weren't even metallica songs. I couldn't help but chuckle at the time.

    If this was expanded to an even greater scale, and included... say, inserting Metallica song titles into other filenames, it would be very hard indeed to get the same sort of list that Metallica had compiled previously. Of course, would somebody try to make the argument that this is obstruction of "justice" or something?
  • No, it's not copyright infringement, because they are not trying to pass someone else's work off as their own. They are just choosing an amusing naming scheme for files. I don't think that anyone's likely to believe that their cuckoo noises are really black sabbath recordings, so to claim that they're violating anything is a stretch.
  • by briancarnell ( 94247 ) on Thursday July 13, 2000 @08:09AM (#936671) Homepage
    True, but that still accomplishes the purpose of stopping copyright violations because it makes it easier to identify individuals who are most active in distributing illegally copied files (since they will likely bubble to the top as the most trusted).
  • Which really does the copyright owners' work for them--sort by score . . .

    Hmm, so what would the feedbacks be?
    *cool thief!
    *steals crummy stuff, don't bother
    . . .


  • Anyone know of any Napster client/protocol vulnerabilities?

    While I certainly wouldn't condone such behavior, I think it would be very fitting if someone could help this self-appointed savior of the music industry to undermine his own tactics.

    If you download one of these "eggs", delete it at once so that it's not shared to other users. No big deal.

    But, if you were the enterprising sort who happened to get one of these by accident, you could easily determine the IP address of the Napster user who was sharing this.

    Napster Beta 2 Version 6 has that wonderful instant messaging feature, so you could even let the user know beforehand why it is that he/she will be rebooting Windows within ten seconds.

    Not to say that I would do such a thing. Indeed, it's not even in my skillset. But I also know it would be easily possible.

  • Now who would get hurt the most if you discovered a Napster DoS vulnerability? In fact, what would the effect be of posting a note saying "My machines were rebooted through my Napster connection?"
    I think the discovery of such a vulnerability would kill Napster faster than a flock of cuckoos.

    <sigh> Yeah. You're right. </sigh>

    Someone else, in one of the replies to this article, suggested a Slashdot-style moderation system based on the quality of one's shared files. I think that's a great idea, certainly far better than DoS attacks or including a "Kill User" button that would arbitrarily ban people.

    I think I posted the message to which you're replying more out of frustration at the self-appointed savior of the RIAA, rather than out of any intelligent thought on my part. I apologize.

  • by Carnage4Life ( 106069 ) on Thursday July 13, 2000 @07:46AM (#936692) Homepage Journal
    How is posting bogus files harmful to Napster's interests unless Napster's purpose is to violate copyrighted materials.

    It seems to me that if Napster acts against what this protester is doing then by all rights they are no longer a service provider but admitting that they are in the business of providing content (in this case copyrighted music that they have no right to distribute). Doing this would invalidate all the arguments about Napster not being in business specifically to violate the copyright of artists and record labels and instead reinforce the greedy VC funded company trying to get rich of other peoples work image.
  • It is illegal to have any portion of the "egg" song contain the copyrighted work. If those making eggs used the real song they could be banned and are just as guilty of breaking the law as any other user.

    Then the illegal songs should fit right in ;)

    Go get your free Palm V (25 referrals needed only!)

  • It's not necessarily about the literal song name -- it's the misguiding assertion that they are another band. They are making money off of the name of the popular bands, which are copyrighted.

    It just so happens to be that this is carried through via the act of subverting names of songs.

  • The next step will be US government selling sugar on streets in packs labeled "best crack in NY", "ecstasy","pure 100% heroine", etc. Narcobusiness will die horrible death, addicts will instantly be cured.

    Yet next step will be solution of bank robbery problem by stuffing every bank with lots of fake money.
  • ...such as people that post bogus files for that reason.

    OK. I'll bite. What constitutes a bogus file - one that is intentionally mis-named? Once Napster starts adding in editorial control such as mandatory filename standards, they're starting down the road towards assuming responsibility for what is served or facilitated by their system.

    Also, if you make the file naming standards mandatory, then it's now a simple matter for an artist to request that all MP3s allegedly produced by them not be traded, as they have not provided any publically redistributable files. And I suspect that artists would win this one in court if Napster refused to comply.

    As long as the files being put up are valid MP3 files which do not violate copyright law, Napster has no reason to ban those users.

  • No, it's not copyright infringement, because they are not trying to pass someone else's work off as their own. They are just choosing an amusing naming scheme for files.

    Heh, tell that to Negativland (the group that named one of their albums "U2" and got sued out the wazoo over it)
    1. They've been downloaded, albeit not frequently.
    2. They're encoded white noise; they sound like static
    3. I haven't had any comments on them.
  • "Different CD drives, different sound cards, etc, will make small differences."
    This is not true. Unless you're capturing the analog output of your CD-ROM through your sound card (go shoot yourself in the head), you're using digital audio extraction to read the bytes from the audio CD-ROM and encode those. What will change the signature of the audio file is the codec used (Fraunhoffer, Radium, etc.) along with the bitrate (128k, 160k, etc.) and sampling rate (44khz, 22khz, etc.). But, given that tons of Napster-folk use Fraunhoffer at 44khz/128k, it's safe to say that the vast majority of the duplicate tracks out there are going to have the same checksum. So, it's still pretty useful, but your point is taken with regard to it not being quite as simple as the originator of the idea had thought it was.

    On your second point, I don't really see how any entity could say, "I own the rights to a stream of data with this md5 checksum; stop distributing it." That's only one step better than saying, "If the filename start with 'Metallica -' then it must be pirated music!"

  • by longword ( 2293 ) on Thursday July 13, 2000 @07:08AM (#936743)
    Moderation has worked well for slashdot. I see a bright future for it in the Napster network.

  • by istartedi ( 132515 ) on Thursday July 13, 2000 @08:53AM (#936745) Journal

    Wild, Wild West. Unbridled information warfare. Thank-you Napster, musicians, and counter-napsters for duking it out.

    Napster thumbs nose at copyright, artist thumbs nose at Napster. Eventually, I'm sure there will be some kind of sane equilibrium, just as the Wild West was eventually tamed. The nice thing is that these gunfights are bloodless.

  • but not as a form of protest. My wife has a terrible voice. For a joke, we were going to have her sing some popular songs, and then post them on Napster and watch people download them.
  • by jyuter ( 48936 ) <`jyuter' `at' `gmail.com'> on Thursday July 13, 2000 @07:08AM (#936751) Homepage Journal
    Mind you lots of Fingerbang fans are gonna be really annoyed when they waste all that download time

    Not really. You can listen to partially downloaded MP3's off of Napster so you can check after a minute if you are really downloading what you think you are.

    It still is annoying, but not as bad as you might think.

    Being with you, it's just one epiphany after another
  • If you don't like free music - don't download it!

    "Free music" is a misnomer. It's more like "Warez music".

    I will continue to rip and trade my music with other people who are as passionate about this as me.

    The only "passion" here I see from the napster-crowd is passionate selfishness. Basically, they want something for nothing, and to hell with everyone else. The crocodile tears about the "RIAA ripping off the artists" are as silly as the RIAA expressing sympathy for the artists. Neither side cares about the artists, the RIAA just care about their money, and the napsterites just want to freeload.

  • by Animol ( 120579 ) <(moc.liamg) (ta) (sitraj)> on Thursday July 13, 2000 @07:08AM (#936754) Journal
    In addition, Napster reserves the right to terminate the account of a user and to block use of the Napster service permanently upon any single infringement of the rights of others in conjunction with use of the Napster service, or if Napster believes that user conduct is harmful to the interests of Napster.

    ...such as people that post bogus files for that reason. Understood that yes, they too would be violating copyright laws and the terms of use, but this guy is interfering with the service that they're attempting to provide. If they're identified, they should be banned. (After all, it does infringe upon other's use of the service!)
  • but i hate it when this happens. You get 20 million people on napster and it gets in the public eye and it starts to sucks. Anyone else here remember when (pardon the blashpemy) aol was cool? back in 1992? before it even offered web access? 20 million users later it sucks. balls.

    Why can't the geeks of the net keep anything underground anymore? Last year at school, people with the intelligence level of mousepads would come up to me and ask me to help them "fix their napster." I think as far as something like this goes, if you don't understand it, don't use use it.

    ps i switched to gnutella months ago. It's a little better than napster.


  • I would suggest that there be an upper limit of trust/popularity, such that almost everyone on the Napster network gets the highest trust. The only reason trust would go down is if something screwy was going on. That way the record companies and lawyers can't concentrate their fire any more than they do now. Of course there will always be the problem of l4m3rs who have a grudge. But what's the worst that can happen? People stop downloading from you and your internet connection speeds up. Oh no.
  • I've been encoding /dev/urandom (don't wanna waste that entropy!) into MP3s with names in the format:

    Fuck $group - This Is Not "$song".mp3

    for a long time now. I think I'm being perfectly legal; I am 1) obviously voicing an opinion, and 2) explicitly not providing copyrighted works. However, anyone searching for $group or $song is going to get a hit from my collection, and any automated "ban bot" is going to add me (unfairly and incorrectly) to its wrongdoers list. I assure you that I'm perfectly comfortable meeting any would-be persecutors head on.

  • Napster may dodge the bullet about distributing MP3s(ie. they provide a utility to distribute MP3...whether it is illegal to do so is not up to Napster to decide) but making a giantic resource/list of "trusted" individuals will make it easier for any artist to track down who is distributing their song if they chose to do so.

    So insted of pestering Napster to stop their operations, artists who want to enforce their copyrights can go out and look for who is has the highest rating for distributing their songs and bust them.

    Sounds like a good deal for everyone but users. I guess it doesn't matter since stealing copyrighted stuff isn't kosher in the first place.
  • ...this guy is just a lackey of the music biz. It's really sad that the business model which the music industry is trying to perpetuate is so pervasive, so much so in fact, that it influences people to think like this.

    Firstly, I do think this is a bit of a ploy to publicize his girlfriend (was it Cracker that sang "What the world needs now, is another...folk singer, like a I need a hole in my head"...but I digress...).

    Secondly, and most importantly is musicians need to realize that Napster is not their enemy, rather it's the music business cartel that controls them. A rather well publicized quote from a Sony executive early in the 1990's when Sony was consolodating recording artists (i.e. putting labels out of business that didn't sell enough records) characterizes "artists" as merely software that is sold as a commodity.

    Many misguided musicians think that Napster destroys the "living" they make when in reality it's the labels that cause Poor Mr./Mrs. Folk Singer to not make money. These labels ain't stupid, ya know. They know that mainstream Amerika wants Brittany and the Boyz, and not another folk singer. Sad as that may be.

    Musicians such as these are not artists; I don't think any musician worth his or her salt would care what kind of money they made, just as an ancient bard probably wasn't in it for the material things either. Music is an art. Music for money is just...software. Let these people play their silly games, I know the musicians I want to listen to don't care if people download their MP3's for free or not..
  • by happystink ( 204158 ) on Thursday July 13, 2000 @07:11AM (#936785)
    Most people download a ton of songs at once though, and then listen to them later. If you have some fake song on your hard drive for a few hours someone else will still grab it, and if this happens enough times, and enough people just take it out of their playlists without deleting it (which everyone does, just witness all the songs on napster that are fakes under the wrong names, or onily 50% as long as they should be) it can spread pretty fast!
  • Yes, this is one of the biggest fear about Freenet. Since all the data self-replicating, a "rogue node" could cause a lot of grief for some people. AFAIK, there's really no good way to deal with a "rogue node" other than route around it.
  • Unfortunately different copies of the same CD may be different, esp. if there was a large interval between when the two were produced. This also screws up CDDB databases - with two copies of the same cd, name the tracks of one in your CD player and then stick in the other - it might not recognise the second disc!
  • I was talking with some co-workers about the next Outlook megavirus...

    You send out an Outlook VBS attachment that scans all the mp3's on the user's hard drive and replaces the audio (no ID tag or file name changes) with some other audio file and then replicates itself to other Outlook users.

    I guess you could have a long-winded mp3 speech about copyright infringment, but I think it would be worse to replace everything with copies of Michael Jackson's "Bad".

    Watch those attachments people...
  • Napster does NOT store songs or a song database on their servers.

    You're half-right. While Napster itself doesn't hold songs, it does host a directory of who has what. When you run Napster for the first time, it scans the directories that you're sharing and sends a list of files to the server. Searches are sent to and received back from the server, and only _then_ can a user download directly from you.

    Contrast this with Gnutella, where every search hits every user individually. While this eliminates the central server (and as such can't be shut down from any one point) there are people messing with the network. Already, script kiddies run programs generating porn-redirect HTML files based on every search that bounces their way.

    I do believe that the news organizations drop the ball on this regularly -- I cringe when I hear Napster referred to as a "web site" implying that the file transfers take place over the web.
  • What these dipshits are doing is just as illegal as what they are protesting. Sheesh. In their "How to Create & Lay an MP3 Egg" they teach you how to fight online piracy as well! From the site:
    Here's a brief overview of how to lay your own Cuckoo's Eggs in the Napster nest.
    1. Download and install Napster
    2. Download or rip songs for use as eggs.
    3. Edit the songs adding noise, sounds, and other info
    4. Copy your MP3 file into the Napster directories.
    5. Connect to Napster and start laying eggs

    Step 1 is pretty easy... in fact you probably already have Napster installed. The laying of eggs will work best if you can install Napster on multiple machines so you have the best chance of letting many users connect.

    Step 2 is pretty easy. You can either use Napster to download popular songs, or rip some from a CD using Musicmatch or CoolEdit. Pick really popular songs for maximum demand... remixes or duets are very popular downloads, as are live recordings.

    It doesn't matter if you are stealing to help someone or stealing to hurt em. It's still just as illegal.
  • The right way to do this is to keep the whole song, but at several random points add a highly annoying sound effect - this would keep people from being able to "check" the file easily. This is similar to the way that DJ's have been keeping radio songs annoying for years.

    I may start doing this soon :)

  • >No, it's not copyright infringement, because they
    >are not trying to pass someone else's work off as
    >their own. They are just choosing an amusing
    >naming scheme for files. I don't think that
    >anyone's likely to believe that their cuckoo
    >noises are really black sabbath recordings, so to
    >claim that they're violating anything is a

    They are passing _their_ work off as someone else's! They say so on their page. And you can choose whatever crazy naming format you like for you files, as long as you're the only one looking at it.

    The problem here, though, is that they are _publishing_ these files via Napster, making them visible to the rest of the net. In order to determine that the files are _actually_ cuckoo noises and not the _copyrighted music that they are claimed to be_, you would have to download the file. At which point, according to the RIAA's attorneys, you've comitted piracy via Napster, because you've downloaded a file that matches the name of one of their songs.

    So, since you couldn't have known beforehand that the files contained something other than what they were labelled to contain, why were you downloading it in the first place? To listen to what you thought was a Black Sabbath, or Kid Rock, or some other piece of music.

    If these people did this out of the back of their car with selling cds instead of trading mp3s, they'd be guilty of more numerous law offenses than I'm qualified to list. Fraud, Trademark and Copyright infringement, and false advertising come to mind. Being that it's on Napster and being freely shared makes it less of a crime (though how much less is best left up to the lawyer-types), but does not remove copyright and/or trademark infringement problems, because those are violations regardless of whether profit is being made by the violator.
  • by Dungeon Dweller ( 134014 ) on Thursday July 13, 2000 @07:13AM (#936809)
    What about the copyright on the cukoo sound? Isn't somebody going to sue him for stealing their soundbyte?

    Me, I live and let live, what he wants to do with his computer and time... Is his business...
  • by YoJ ( 20860 ) on Thursday July 13, 2000 @07:13AM (#936811) Journal
    If things like this proliferate, I predict that the Napster community will move to a "popularity/trust" model. Sort of like Ebay, where you leave positive and negative feedback. So if someone downloads a song they have been looking for, and it turns out to be the wrong song or a low-quality encoding, they can leave negative feedback on the person who served the song. All Napster has to do is publish each person's rating next to the songs they provide, and this tactic will die a quick death. Low quality encodings, and encodings with ads (if they ever appear) would also fall by the wayside.

    One thing the Net has taught us: peer review and "egoboo" are powerful forces. (Yes, I read about egoboo in Wired, so sue me.)


  • by happystink ( 204158 ) on Thursday July 13, 2000 @07:14AM (#936814)
    Man, when someone says something good about moderation on slashdot, it's super hard to tell if their irony is intentional or not.

    Anyway, if you added moderation to Napster it'd be good to do it in a way where indie songs would actually be promoted (like Napster like to pretend they somehow do already), and not just some way where you see the most popular songs. After all, isn't the lame top40 system why everyone is turning to Napster to begin with? (or at least that's what cheap thieves like myself like to tell people)

  • No, the previous poster was right. AOL was never cool. Back when I was running a C-64 with a 300 baud modem (and a VIC-20 before that...) BIX was cool, or the university computer and Usenet.

    But not AOL. Never. Nor Compuserve or Prodigy either.

    Actually, cool was the time on one of my first jobs, back in the late 70s, when I had to check up on a weekend-long job running back at the office while I was away on a dive trip. Using a TI Silent 700 terminal (hardcopy thermal paper terminal, about the size of a portable typewriter, with built-in acoustic coupler 300 (or was it 110?) baud modem). The hotel we were in didn't have room phones, so I used the payphone in the hotel lobby...

    Actually I take that back, it wasn't cool, just a pain in the butt.
  • Well, I highly doubt they'd implement an MD5 checksum. Why? Because it would give them an easy way to stop the trading of music by specific artists. They don't want that level of control, since it will hurt them in court. Right now, they are holding on to the tenuous claim that they have no such control over their network, and that it has legitimate uses. Since we all know that, regardless of what they say, their "business" model is highly dependent on the trade of MP3s without the artist's consent, they would never take an action that would make it easier for the artist to demand that they stop. Something like plausible deniability I think.
  • Looks to me, judging from the tone of the site, that this is a big publicity stunt for his girlfriend. And that someone seriously needs a life.

    Money I've spent buying CD's that I wouldn't have if I hadn't grabbed the MP3's first: $350, easy. Lots of imports, blah.
  • by MoOsEb0y ( 2177 ) on Thursday July 13, 2000 @07:15AM (#936830)
    but they don't know about opennap. Even windoze users can participate using napigator [napigator.com]. Problem solved. And if they do get smart enough to use that, there's always the ignore feature.
  • An Beck or Current 93 fans accidently download Dan Rathers talking about varfious horrors when searching for the aftermentioned bands? Actually alot of songs that include RARE in the title are actually this song. Funny song. AC/DC beats, supposidly by the Evolution Control Comittie, a rap group. Happy Mento Eaters by Beck is always this song.
  • Anybody ever heard of md5sum? Napster really needs to provide an md5sum utility on their servers and clients so they can tell which ones are legit (by sharing the correct md5sum value)...

    Waitasecond - I'm farily positive that the DMCA makes md5summing a file and sharing that illegal! Somebody needs to spend their time protesting the DMCA, not Napster...

  • Moderation has worked well for slashdot.

    That's your argument? Just for the record: NO! Moderation has not worked well for Slashdot. This a world where "informative" means "misinformed, but over-confident, and the moderators are even more misinformed", where "insightful" means "redundant", where "interesting" means "copying verbatim from the article", where "troll" means "funny", where "funny" means "anti-Microsoft drivel". Personally I hope the idea of moderation never makes it out of Slashdot.

  • by Seumas ( 6865 ) on Thursday July 13, 2000 @07:16AM (#936839)
    While Stefanie has gotten a bunch more people to hear her music and had a few more hits on her website, she has also taken more heat than you can imagine... Remember, most of the folks who heard her music didn't want to hear her music and were probably expecting something completely different. We didn't just label it as music that sounded like hers, and thereby reach out to her udience. Instead we labeled it as everything! Not a lot of Kid Rock or Black Sabbath fans that can appreciate a good old folk/pop tune, eh?

    He uses the above statement to explain that this is not a stunt to get attention for his wife and her "music", yet he just explained that they decided to use Kid Rock, Black Sabbath and other popular band names to get people to listen to it, because they probably would not listen to it otherwise.

    So which is it -- a stunt to gain attention for her or not? He says he's not doing it for that reason, and then goes on to say exactly that, but in other words!

    Another thing to bear in mind in regards to Stefanie and this being her gravy train - when we started the project we didn't want to steal other peoples music to use for the eggs and we didn't want to just use noise, so we used the music close at hand with the approval of the artist. All of the bands and or musician friends we approached said, great idea - we support you. This was generally followed by their saying they didn't want to participate for fear of the backlash. Others got bogged down in band meetings about differences of opinion about what to do and never gave the ok.

    No, instead, you decided that it would just be better to steal their names. Copyrighted names of bands and songs, mind you! So you're not only riding on the coat-tails of bands that actually produce something people want to hear, but you're infringing on their product! This is like selling Tab in a Pepsi or Coke can!

    I don't suppose these people have considered the fact that a lot of artists DO want their music to be available via Napster and don't mind that it is traded around. But I guess these cocky SOBs wouldn't have thought about that possibility, because they're too busy rigging publicity stunts.

  • I've been expecting this, since enemies of Napster, Gnutella, et al have explicitly announced their intentions to engage in these tactics. In fact, Gnutella has some users who have programmed clients to respond to search queries with a flood of "SPAM GNUTELLA"s, with html pages that autoforward to porn sites, with ads ("go to www.buymycrap.com"), as well those who make spoofs of genuine material. Freenet [sourceforge.net] has said that they'll have a system in which users can give negative points to files that they deem not useful (Freenet hasn't said how it's going to prevent pseudo 'users' from illicitly downgrading genuine material, however. Ah well, the war goes on). I'm watching all this as an interesting experiment in whether Gresham's law (bad money drives out the good) will manifest itself.

    I suspect that a voting system quickly is going to become mandatory to avoid a proliferation of bogus/damaged/spoof material.
  • it says rights of others. And I can't really see them kicking someone off for infringing on someone's right to get a copyrighted song (which are what the 'eggs' are replacing). Can you IMAGINE the press they'd get from that? :) If you really think Napster will do anything about this you're nuts, it'd be about as hard as them stopping people from trading pirated mp3s.
  • by RingTailedLemur ( 184300 ) on Thursday July 13, 2000 @07:16AM (#936845)
    This is actually an old idea. There are pages up on making Napster "bombs" where you record the first half of the song, then put white noise or a message like "Stealing music is wrong!" recorded over and over for the remainder of the time.

    These are actually quite a bit more clever, as the downloader won't know that the song is bogus until they've spent the time downloading and listening to the first 45 seconds.
  • by The Rock1699 ( 207739 ) on Thursday July 13, 2000 @08:32AM (#936846) Homepage
    Whether or like you enjoy They Might Be Giants (of which I am a HUGE fan, old and new) and their sometimes novel music is irrelevant. The fact is that They Might Be Giants have been one of the best bands in terms of dealing with the issues facing musicians today.

    TMBG has gone out of their way to make their MP3 hugging fans happy. They created Dial-A-Song, which plays their music (as goofy as it is, check it out, Flash required): Dial-A-Song [dialasong.com]

    They even went so far as to produce an album completely on-line that can be purchased for like $7/$8 called Long Tall Weekend [emusic.com]

    I think credit should be given where credit is due. Instead of crying like a large majority of their musical counterparts, they actually went out and did something that both sides could agree to, which earned them my admiration and respect as musicians and as human being.

  • Well you don't go trying to find it on the web. No one puts warez there. IRC, some newsgroups, Hotline, and Carracho(for Mac) all have lots of warez freely and publicly distributed, sometimes with no strings attached(i.e. they don't make you do anything - click a banner, upload first, etc - to get it).

    Anyway, some people try to do the same type of thing to warez, mainly by infecting it with a virus. It doesn't work well though, for the same reason this and other things that degrade the music(like ads) won't work well: for warez or MP3s to spread, you need more than one person distributing them. That means that the person who recieves the file usually tries it out(uses the program or plays the song), sees if it works/is high quality, and then sends it to other people.

    For that reason, this isn't going to work.
  • Rarely is 1/3rd of a work, presented in a large piece, without any explanatory context, considered fair use.

    You may feel free to read 'rarely' as 'never'.
  • One of the primary reasons that I USE NAPSTER is *FOR* the live recordings, and studio outtakes, etc... Stuff you *CANNOT BUY* in the store. This is also, by chance, one of the only *LEGITAMATE* uses of Napster.

    If anything, this teqnique is simply going to hit the users who would ordinarily be *GOOD* users, and *NOT* the users that are using it to basically horde large amounts of songs they don;t even OWN on CD..
  • I think I am a confused node now...
  • I call this "terrorism" not because this is *that* frightening.
    This is legitimate for somebody to protest against whatever he feels contestable.
    This way is not the most efficient ever as it would not be systematical, according to the number of songs that are currently available via Napster which "recipients" will just attempt to download another copy of the concerned song, hoping this would not be spoiled.
    No, let's try being constructive:
    Anyway if people argue that they use Napster like an intelligent radio (which allow them to chose whichever song and which, as a radio, let them record these - digitally onto their computer in this case) then a good issue would be to ask Napster to embed (on the fly) small ads at the beginning of the downloaded songs so that the perceived ad fee would just go to whoever claims he desserves it.
    I'd personally accept this kind of counterpart if I could anyway listen to the music I like.
    As a musician, I'd also consider it a better proof of my interest in my listeners than just intending to demonstrate them I don't need them.
  • Please don't 'cuckoo' my music :)
    "I've asked a number of times for people to put my music on Napster. (It's at www.mp3.com/ChrisJ if you're interested, free for the downloading- you might like it, you might not :) ) Please do not do this 'cuckoo's egg' thing with any of my music- anyone trading it on Napster is doing so with my full permission and consent, and in fact I asked them to. I'd like my stuff to get out there and be heard- it's not costing me anything to have it distributed this way. I feel it's my privilege to decide how my music gets distributed, and I really don't want any listener of mine hassled by 'cuckoo' versions of the music which I'm specifically letting people trade freely. I don't know how much of my stuff is on Napster- probably not much
    I think that is a more sensible response than all the vindictiveness. If you would like to be able to make such responses, start making music and get serious about letting people redistribute it freely. As a music consumer, there is only so much rights you have with other people's music- you _do_ have the right to make copies and exchange them for no cost, but you don't have the right to sell 'em or claim you wrote 'em or whatever. As a music _creator_ you become the High Muckitymuck and no matter what other people do with _their_ music you have the right to specify how _yours_ is treated.

    This is why I feel I have the right to formally ask these people to stay the hell away from MY music with their 'cuckoo' act, and to ask Orrin Hatch to safeguard my ability to give away and share my music freely as mp3s- it's my choice, it's my music not anybody else's, quit fscking trying to 'protect' me when I don't want to be protected! It's very much like taking a street performer happily plunking away on their guitar, and forcibly locking them and their open guitar case in a steel safe with a coinslot. There! We've protected the artist! Um, did anyone remember to put in airholes? *gasp* :P

  • Well, I think it's pretty clever (and humourius) to fool the Napster lemmings that way. After all, who is going to monitor what I name my files. If I put b_spears_make_my_boobies_one_more_size.mp3 in my napster folder but it contains my recipie for hot grits pudding, padded with spaces (the file, not the pudding), I'm free to do it. At least he's using a bit more clever way of protesting the leeching than Metallica...
    Give hime some credit!

  • I can download an MP3 in 10 seconds; as the availability of broadband increases, how will this hurt general Napster users? Unless it's the only user providing a particular song (in which case it's a get-your-hopes-up annoyance), the user will just delete the song and get it elsewhere. Trojans aren't going to "spread" unless the user has some incentive to keep it around.

    As usual, I suggest an (anonymous) authentication scheme where good users can gain trust, and bad users can be filtered out. Napster is a little bit too technologically immature, but this would make a world of difference on gnutella.
  • by Jim Tyre ( 100017 ) on Thursday July 13, 2000 @07:17AM (#936869) Homepage
    "The Internet treats a cuckoo sound as damage and routes around it."
  • An interesting project, but wouldn't labelling your work as if it were actually someone else's be considered copyright infringement as well?

    If take my homegrown CD, label it up like, oh, the latest Kid Rock album, and sell to some poor guy looking for a Kid Rock album, haven't I just infringement on the copyright? (and committed fraud in the process?)

    This isn't exactly a great way to protest piracy on Napster. Yes, it's amusing. Yes, you'll be able to fool some pirates using this. But this is a much more powerful stride _for_ Napster than against. Napster Co. now has a perfect example for 'false' positives on its tests. Anybody getting their account pulled from here on out has a _publicized_ excuse for their actions, saying "Oh yeah, my friend told me it was one of those cuckoo tricks, so I downloaded 'em to see if it was real".

    I also find it amusing they chose to use existing music for this project. Why not just use dead air? It's just as easy, if not moreso, to produce X amount of dead air than it is to produce X amount of your wife's music and X amount of dead air to pad it out to the proper length. And using dead air would cause all sorts of consternation when people play the files, wondering if they had a problem in their sound system somewhere...

    All in all, this is a great publicity stunt, but it's not going to accomplish the goals that they want, and is sinking to the same level of the pirates to do it.
  • Moderation on Napster wouldn't have to be like Slashdot's complex moderation system. Without karma points, there would be no karma whoring. If the moderation system was simply "clean" vs. "distorted", and if download statistics were shown (I'm not a Napster user so I don't know if there are stats or not), moderation could work.

    If a track had established a download track-record, a false-positive "distorted" moderation wouldn't be trusted.

    New tracks might be vulnerable to abusive moderators, but if the system forced moderators to first download the complete file, it would prevent abusers from mass-negative-moderation.

    If that's not good enough, then a two-tiered moderation system could be implemented, where bad tracks are identified by the first moderator, and then verified by a second.

  • One of the primary reasons that I USE NAPSTER is *FOR* the live recordings, and studio outtakes, etc... Stuff you *CANNOT BUY* in the store. This is also, by chance, one of the only *LEGITAMATE* uses of Napster.

    If anything, this teqnique is simply going to hit the users who would ordinarily be *GOOD* users, and *NOT* the users that are using it to basically horde large amounts of songs they don't even OWN on CD..

    Note that they are basically saying 'Use phrases like 'Live Rercording' and 'Outtakes from studio''. THESE ARE NOT ILLEGAL, and are generally encouraged. While you cannot take this and then use it commercially, you can, and many due, use it for personal enjoyment.
  • Don't believe the tabloids.
  • How about we meet in the middle. How about someone advertising in the yellow pages to offer a service, amidst real businesses, then when someone calls, they scream into the phone. If nothing else, they'd get removed from the yellow page listing. At worst, they'd get their service pulled if it appeared they intended to give a bad reputation to the class of business they were listed as.

  • I admit that I'm playing fast and loose with the definition, but scarcity should apply because I'm not talking about availability of pirated music, I'm refering to the Napster community specifically. Of course there's always Gnutella, not to mention FTP servers. And even though the resource (Napster) isn't likely to run out of MP3s, I'm arguing that it can be spoiled by people who don't appreciate it, or serve enough crap, or disconnect quickly enough (dumping people trying to download) to increase the signal to noise ratio significantly.

    In regard to the RIAA's manpower needs in order to affect it, I agree. For an entity to set out to ruin Napster would require a lot of effort. Enough effort to not be cost effective. But I suspect that enough people will fail to try to contribute (by running Napster behind a firewall, by not attempting to share any songs but still taking up a spot on Napster's clogged network) that it will eventually spoil Napster as a resource unless Napster plans for it. ;)

    - StaticLimit
  • Napster is in the business of letting people find a file and download it. If you rename a crap file and send it out as a different file, you're disrupting the service. Napster doesn't care about the copyright (or more accurately, the license) status of the works it delivers. It believes, rightly, that those issues are the business of the person offering the file and the person accepting the file.

    Think of it this way... The telephone company doesn't care what you say to other people on the phone, as long as the police aren't involved, but if you started calling up people you thought were lawbreakers and playing loud annoying sounds, they'd turn off your service. They don't care how you're disrupting legitimate users, just that you are. They also don't care that some legitimate users are breaking the law, that's a matter for the police.

    In any legal climate before stupid laws like the DMCA etc. passed, and without a multi-billion dollar industry buying up judges, the law would obviously be on their side, especially as they do crack down on users who are demonstrably pirating.

    Just goes to show, the OJ method of legal dispute resolution works. Buy some high-priced lawyers, toss a few million in bribe money around, get a new law written, and you have total legal immunity.
  • by Frac ( 27516 ) on Thursday July 13, 2000 @07:18AM (#936894)
    solution - tag on one minute of the real song, and put white noise in the rest of it.

    Go get your free Palm V (25 referrals needed only!)
  • by |DaBuzz| ( 33869 ) on Thursday July 13, 2000 @09:15AM (#936897)
    Though that's an issue, it'd be great for Napster to incorporated MD5 into their servers. That way, bands that didn't want to be part of it could present Napster with a list of signatures of files that were theirs and say "Please prevent the transfer of files with these signatures". As they found variances of them, they could present those to Napster as well, though pretty soon Napster would be a legitamate service with 20,000 users trading about 500 songs and no commercial viability.

    While this idea has merit logistically speaking, legally speaking copyright law is not an opt-in system. Copyrights should be enforced without the copyright holder being required to request it or do anything more than create their original art. That's why there is no copyright registration office, opt-in is not the point of copyright.

    Copyrights are not like Trademarks where you must protect them or lose them, copyrights are *rights* inherent to any original work(s) as soon as they are created and are protected by law from that point forward.

    In a perfect world, artists and distribution points would be working together and such a solution would be a "win-win" situation, but right now it's all about litigation and the law is on the side of the copyright holder so there is slim chance that they will agree to such an opt-in system where they must dedicate resources, time, and money to gathering MD5 signatures to give to Napster just to make sure their legal rights are protected.

    In a perfect world, the kids who created Napster would have thought of this from the get-go and approached the RIAA before their first beta hit the net. But if you know the real roots of Napster and it's creators, you'll realize that being "legal" was never part of any long or short term plans.

    "Wow, I'm having a hard time finding illegal MP3's these days, I should write a program that utilizes an IRC type network to share files, like those 'reet DCC-bots in #MP3 ... and I'll name it after myself, whoo!!"
  • The audio file sharing software appears to be the digital equivalent of unsafe sex: a disaster waiting to happen. To log onto the system is to risk your hard drive on the assumption that the person on the other end is in fact the oxymoron he or she claims to be: an honest felon.

    Oh please, this is just laughable. I really don't think anything malicious (other than depriving artists of compensation) can be done through Napster.

    It may only be a matter of time before someone's system is attacked. Computer security experts warn that brilliant hackers regularly attempt to gain unathorized access to computers around the world despite complex security systems. Mark Rasch, a former federal prosecutor and security consultant, told the Washington Post that 30 to 50 Web sites are hacked each week.

    What the hell do web sites have to do with anything?

    In fact, a pro-Napster computer hacker vandalized the D.C. Metro's Web site for several hours in late May, lashing out at Metallica for filing suit against the file sharing company in an effort to halt illegal song trading.

    And what does that say about the validity of the argument? Nothing.

    This is really just pathetic and laughable. It is really unfortunate that there are some trying to confuse artists even *more*. Napster needs to start behaving and be a bit more responsible and accountable to artists. Artist need to find any way they can to get out of the death clutches of big exploitive record labels. If Napster is exploiting artists it is a temporary misuse of technology. This technology can actually give artists their freedom back. Sure, Napster may be "bad" in some people's eyes...but that doesn't mean all services like it have to be.

  • by ajs ( 35943 ) <ajs AT ajs DOT com> on Thursday July 13, 2000 @01:33PM (#936905) Homepage Journal
    Here's something that I proposed earlier, but it got lost in the noise.

    Simply run a web site that indexes files (of any sort) by size and MD5 checksum (perhaps of the first 1K and then of the whole file). Then, you modify an gnutella client so that it can interact with the web browser (via plugin) and retrieve the name, MD5 and length of the file you want and then download it. The wonderful part is that now you have a reliable way to index, so you can begin REVIEWING.

    Reviewed content really is the way to go. Let's say, for example, that what I really want is cat pictures. I come across a file called "pussy5.jpg". Do I download it? Even if it's not junk, it's probably not what I was looking for. Instead, what you do is search through a Web site that indexes by content type and find the best-reviewed files. Thus, I safely discover that pussy5.jpg is in fact EXACTLY what I want, but that cat-stretch.gif is most certainly NOT.

    The even better tactic is to replace plain files with "gnutella-format", which would be a predefined sequence of mime encapsulations. The payload is in the last enclosure, but previous enclosures could contain all sorts of useful info including description, author, distributor, copyright info, etc. Also, it would be nice if gnutella clients that are SERVING a file allow for searches based on MD5 checksum (which would require pre-computing the checksums on start-up, but if you do it in a lazy fashion, that's not too bad).

    Someone wanna start the world's most popular Web site? You could even act on behalf of the recording industry by marking which files are known copyright violations so that offending clients could semi-automatically scan for them in their caches and delete them. If clients choose not to do this, then it's clearly on the head of the recording industry to go chase them down and prosecute, but you've done your duty for kink and country.

    An indexed, colated, reviewed gnutella is definitely the way of the future.
  • by Jon Erikson ( 198204 ) on Thursday July 13, 2000 @07:19AM (#936920)

    ... since it looks like this issue will be decided one way or the other in the near future thanks to some sterling work by the RIAA to have Napster stamped out. Whilst this is a pretty sad way of protesting against the fact that Napster is an accessory to theft, at least he's showing that not everybody online has given into to the temptation to defraud musicians, who, even if they do make loads of money, still don't deserve to be stolen from.

    Sure we need to have a model for online music, it's a given that at some point the net will become the dominant medium for distributing music, but Napster won't ever be it thanks to it's free for all attitude to copyrights and artists rights. A fairer system will require a central body such as the RIAA to ensure that violations are taken care of - online or offline, this is going to be a constant.

    So, the need for a body such as the RIAA isn't going to change, but the need for Napster is as fleeting as any other fad. Expect it to die shortly after the court rules against it.

    Jon E. Erikson
  • I posted this a few days ago on the message board at http://gnutelladev.wego.com.

    ---BEGIN GnutellaDev post---

    I agree that this is a serious problem, and I have a solution in mind. Unfortunately, it's probably a solution best implemented by GnutellaNG. I'll discuss it here though.

    I believe what's needed is a distributed content- and host-verification system based on public-key cryptography signatures and a web-of-trust. (GPG sources could be used for the PK crypto) I don't really have a good response for the privacy concerns about plastering persistent identities all over the content out there...but that's just one of many things that need to be discussed.

    For those unfamiliar with the distributed web-of-trust implemented in the original PGP release: the idea is that using public-key crypto (where the encryption key has two halves, a public- and a private- half, which are linked in a very special mathematical way...what you 'do' with one half requires the other half to 'undo') you can place signatures on things -- include a hash of the content, create a message using your private key which can be verified by your public key.

    In the PGP world this is used to create a web-of-trust: if you have a key owned by a person you trust (say, your very technical neighbor John) you might trust two things about his key: you might or might not trust that his key will remained owned by him (trusting the identity of the key) and you might or might not trust the integrity of the owner in certifying other keys (trusting the integrity of signatures made by the key). So you could trust the key of a complete sociopath, merely saying that you know the key belongs to him personally...but you don't exactly trust his signatures on other peoples' keys. Or you could trust both the key and the signatures of your neighbor John -- not only do you believe his key belongs to him personally, but you believe that when he puts a signature on some third-party key out there, then that third-party key probably really belongs to that person.

    In Gnutella, this could be used to maintain a distributed database of trusted individuals and servers (anonymity will be discussed later) and trusted content. The effect will be that, for a given user, once he's taken the time to tell Gnutella how accurate the songs he downloads are...these songs weren't what their filename claimed they were, while these other songs were accurate and of X quality...he can publish signatures affirming to other users that files with X length and Y CRC really do contain Q content. Another user who trusts his signature can then trust files signed by him.

    In the simplest case, this system would consist of a separate database of content signatures. When you get a search result from the servlet you're interested in (which contains a filename, size, and CRC) you do another search (perhaps in another network altogether) to find signatures for that file and public keys to verify the signatures with. Each key represents an individual, and each signature represents a public certification made by that individual about that content. Without a web of trust, all I really get from this is a cryptographically strong way of tying identities to content certifications. I have no idea how trustworthy the identities are.

    This simplest case can be easilly attacked -- I'll build onto it soon. Obviously, just as quickly as I can create signatures that certify good content as good and bad content as bad, the 'AIAA' (attacking Industry Artists Association) can create identities and signatures that certify good content as bad and bad content as good. So I've only gained ground if an arbitrary user can learn, either from a web page or IRC or whatever...that signatures made from my key are accurate and signatures made from other keys are always inaccurate. The target audience isn't going to want to find and add their own content certification keys.

    A more realistic example would implement a web-of-trust. We now have key signatures as well as content signatures: in the keyring management section of my client, I can investigate the keys I know about, by searching for key signatures for the key in question. My which-keys-can-I-trust problem is still there, but easier to overcome now: if we have a few definitely-trusted keys (like the original authors of Gnutella, or known information freedom advocates), those keys can delegate trust to people by signing their keys. Big deviation from the PGP web of trust model here: in PGP you're merely certifying the ownership of the key when you issue a signature. How much you trust an individual is never published by PGP. In the system being discussed here, you are interested in trust more than identity, so you publish trust information. Trust is published by issuing a key signature certificate out into the network, and it's revoked by issuing a key signature revocation certificate.

    A client can verify a given key's trustworthiness by the signature path from the known-and-trusted keys. If a key is signed directly by a known-and-trusted key, it's also pretty well trusted. If a key is signed by someone who is signed by someone who is...eventually signed by a trusted key, trust will be established, but with lower confidence. Most likely, the given key will have many many signatures with a fault-tolerant signature path leading back to the trusted keys. If we suppose that one of the original trusted keys' "trusted lieutenants" (keys signed directly by one of the original trusted keys) were to go bad and start signing AIAA keys and start certifying bad content, the original trusted key owner would revoke the trust granted to that individual. All keys signed by that individual would no-longer benefit from that individual's trust. That doesn't mean they become untrusted...but we should hope they have some trust-granting signatures other than derived from the bad individual...because the bad individual's signature is no-longer meaningful.

    This model is more likely to survive attacks. Keys that create bad content signatures simply never get marked as trusted. Keys that were once trusted, but have now began creating bad content signatures and signing other bad keys, have their signatures revoked and are no-longer trusted.

    This trust network can be self-starting, also. The client software should be able to catalog all of the content and key signatures made by a key. If a particular client can directly measure the 'decisions' made by a key -- checked that its files really are the way it claims they are, and checked that the other keys signed by this key seem to be trustworthy (ugh, recursion) that client can decide to trust that key (partially or completely), thus making another 'root' of the trust tree. To put it another way, the client could also compare the decisions 'influenced' by a key -- which content signatures would become trusted if that key was trusted -- and compare those content signatures to the overlapping content signatures made by the existing trusted network...the client could measure how trustworthy the key might be.

    In practice, it seems silly to require processing several public-key crypto operations and finding and downloading many key certificates and files, to tell whether a given content file is worth downloading or not. However...we don't have to use Gnutella to transfer keys and signatures: I imagine Freenet might be more appropriate for this kind of content. (So yes, besides adding the GPG source to Gnutella, I'm proposing merging Gnutella with Freenet someday, using Freenet for key distribution.) Also, each client will need to keep a keyring, retaining the keys and signatures that pertain to the content it's downloaded and the keys it uses frequently.

    Assuming a trust network that fans out quickly, with each influential key signing dozens of other keys instead of two or three, it may only require three or four dips into the distributed keyserver to verify content. The client could verify content in the background...coloring a search result's icon from red to yellow to green as it gets more of the key and certificate material it needs.

    The only major concern left is privacy and anonymity. These keys are personal identities: for a key to be effective it must be maintained by one person. However, the key and the identity might not be obviously-related: the network won't expose where a key's signatures are entering the network from, and keyring files must be seized or stolen to confirm that any given identity belongs to a specific computer. In addition to that, these keys can be detached from their identities if the owner destroys his private key. The existing signatures made by that orphaned key still stand and are still meaningful, but nobody can tell what individual once owned that key.

    It is probably not illegal to help maintain a web of trust. It's probably illegal to host the content directly, and it might be somewhat illegal to directly publish signatures that confirm that someone else's content is what it claims to be (affirming to the world that you personally downloaded the content and confirmed that it was good). However, it's probably not illegal to sign someone else's key, attributing trust to them. All you're really saying is that you trust them to sign only good content -- and you have no idea whether that content is legal or not.

    In the Gnutella interface, this web-of-trust system would probably be seen as a key-management screen, a content-rating screen, and as trust levels displayed next to each search result. In the content-rating screen you could look at the content you have downloaded and rated (good/bad, or several more-specific ratings), and who has signed the content. In the key-management screen you could look at the keys you know about, what content the keys affect, and how your ratings compare with trusted or untrusted keys' ratings. When you get search results, a summary content rating can be displayed next to each search result. The system can calculate ratings either on-demand (right-click -> Investigate) or automatically (i.e. search results returned 50), and can explain and graph those ratings for you (I trusted this file because these people certified the file.)

    This file represents a vision for the kinda-distant future...but it will be realized only if people get excited about it and work to implement it. If you personally don't understand part of the discussion presented here, or if I forgot to explain something, or if something doesn't make sense, please post here in the forum and/or email me at gnet-comments@mspencer.net.

    Thanks for reading. This idea is *yours* now -- please do your part to help it become reality.
  • They let copyright infringers (99.9% of their users) stay online, but if somebody tries posting bogus files, they're gone!

    Pretty much. Basically because the copyright infringers, thieves, and people "who want to force the industry to change" are going to keep silent about other people breaking the law. Many of them will scream bloody murder at someone who is making fun of them though.

    "I just spent x minutes downloading this junk because Y has a bunch of fake songs and is umm... COPYRIGHT INFRINGING!!!! Take the bastard off!!!" Maybe I'm cynical, but I suspect that a majority of heavy Napster users would react this way. More power to the Cukoo eggs.

    B. Elgin

  • It's an amusing attempt, but it won't fix the real issue.

    There are easily half a dozen ways for downloaders to counter this, from ignoring the user/machine (a.k.a. the way spam is countered), having a private list of trusted trader parties, or just modifying napster so you can listen as the song is being downloaded. Distrupting third party is extremely difficult and never works over an extended time through spoofing.

    What is really needed is a consensus... a moral one first, then later perhaps backed up by laws, over what is the permissable under fair use. So long as you have the the RIAA saying people can't loan CDs to their friends to listen to in cars, and some Napster-kiddies saying artists really should provide music as some sort of charity, we'll just keep arguing this over and over and over (which IMHO is much more annoying than any cookoo cookoo cookoo).

    Here's my stab at a centerist moral position: Napster-Rips should be treated like songs on the radio or you hear in music kiosks at CD stores. If you find yourself playing the song for any other purpose than evaluation - go out and buy the rights.

    I know there isn't a good technological fix for enforcing this behavior (without getting into some big-brother type thing on the internet), but there doesn't have to be. So long as enough people adopt this kind of behavior (and extremists begin to realize they have), all the other issues will sort themselves out.

  • offtopic, but egoboo is in ESR's hacker dictionary, and it was borrowed (since the communities are very much overlapping) from science fiction fandom, which was fond of making those kinds of abreviations.

    SEE ALSO: for instance this link [fanac.org]
  • Ummm... the phrase BOOTLEG comes to mind. Recordings made at live venues are generally illegal, or at least a violation of the agreement not to bring recording devices into the venue. How is this legitimate?
  • I dunno...Boies's new fair-use/antitrust use-of-copyright defense is a very gutsy move, and one which does have a real (albeit small) chance of succeeding judging from the remarks of Senator Hatch the other day. Boies has raised the stakes from the invulnerable RIAA trying to kill off that pesky Napster to Napster vs. a suddenly-vulnerable RIAA in a hands-grasping-each-other's-throats life-and-death grapple as they roll toward the cliff over the Reichenbach Falls...

    Though IANAL, I feel that Boies's argument is based on a logical reading of prior legal precedents--perhaps a slightly out-in-left-field interpretation, but one that can be logically supported. And if it succeeds in depriving the RIAA of its right to enforce its copyrights for having used them in anticompetitive ways (which is looking more and more possible given that the government has been making "antitrust investigatory" noises toward the recording industry lately), the RIAA could lose all its teeth.

    We live in interesting times...

  • A lot of people have suggested md5 or sha-1 hashes
    to identify duplicate songs, and maintain a
    cddb-style database. There seem to be a lot of
    problems with this approach, although I think it's
    better than nothing.

    Rather than a cryptographic hash function, have
    people considered using an optimized-for-audio
    (or optimized for mp3) hash function? Maybe you'd
    take a spectral analysis of the music which
    eliminated differences due to beginning/ending
    whitespace, or minor variations in the recording,
    but which could clearly differentiate one song
    from another.

    This serves not only to deter the "napster
    terrorists" who mislabel songs, but also
    simplify finding quality music despite incompetent
    labeling/id3 tags.

    I'm sure there are a lot of signal processing
    geniuses, like the guy who wrote cdparanoia/ogg/vorbis, who could come up with
    a good "musical hash function".
  • by Anonymous Coward on Thursday July 13, 2000 @07:28AM (#936963)
    That may not work - there are dozens of slightly different yet still legit copies of the same song floating around on the napster network - no two mp3 encoders work alike, and other factors like ID3 tags render checksumming useless.
  • by StaticLimit ( 26017 ) on Thursday July 13, 2000 @07:23AM (#936987) Homepage
    Ever try to download warez?

    Since it's illegal, of course I never have... but hypothetically, if I had, I would have found that there are so many useless links and sites with infinite loops of pop-up porn ads, that the whole thing is pretty much a pointless waste of time. In fact, I wonder if it's designed that way? Some of the sites were so devoid of content, buried under endless popup windows, that I began to suspect conspiracy by the software industry.

    Flooding Napster with static, or setting up sites that disconnect users halfway through any download, or doing anything else that substantially lowers the average quality of Napster would drive away a number of quality users and perpetuate the cycle.

    In fact, I suspect that over a short time, this will happen naturally anyway!

    - StaticLimit
  • by sethg ( 15187 ) on Thursday July 13, 2000 @07:54AM (#937025) Homepage
    If this catches on, Napster will need to implement some sort of moderation scheme.
    Then the RIAA can just compile a list of all Napster users, sort them by karma, and go after the high-karma users who are making copyrighted material available without permission.

Prototype designs always work. -- Don Vonada