Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Overpeer Spewing Bogus Files on P2P Networks 479

nimec writes "Zeropaid.com has posted news of a company called Overpeer which is the source of all the bogus mp3 files that are popping up on the various P2P networks. Zeropaid, in the news article, said: 'If you've encountered the "loop" files, in which a section of the chorus or hook is repeated over and over, you've been tricked by OVERPEER. OVERPEER are doing this with the full knowlege and consent of Interscope and Universal Music, in fact they are under contract to Universal and other major record labels, and will be doing a LOT MORE of this type of "interdiction" in the near future.' Right now this doesn't bother me because these bogus files are few, very spread out and it is easy spot them. I'm just afraid that over time people will keep downloading these bogus mp3s and become too lazy to delete them, like they are when it comes to incomplete songs."
This discussion has been archived. No new comments can be posted.

Overpeer Spewing Bogus Files on P2P Networks

Comments Filter:
  • So? (Score:3, Insightful)

    by Magila ( 138485 ) on Saturday July 06, 2002 @04:32AM (#3831878) Homepage
    This doesn't bother me one bit, it only affects people pirating copyrighted music so in that respect it's certainly better than trying to shut the network down.
    • Re:So? (Score:2, Interesting)

      by ipsuid ( 568665 )
      I entirely agree. I would much rather see technological innovation thrown at the problem by both sides, rather then short sighted legislation. This way, everyone wins. P2P technology created for legitimate uses doesn't face the possibilities of being made illegal. We should see the same approaches used in deep linking cases, and DRM cases. Just to make it clear, I strongly dislike the RIAA, and MPAA. And do not agree with their reasons for existence. However, given a choose of evils, I would prefer these DoS attacks rather then legislation. On the other hand, however, couldn't these DoS attacks be considered illegal, or hacking, or terrorist acts by already too broad US legislation???
      • Re:So? (Score:3, Funny)

        by Magila ( 138485 )
        On the other hand, however, couldn't these DoS attacks be considered illegal, or hacking, or terrorist acts by already too broad US legislation???

        Probably not considering the activity they're DoSing is already illegal, it would be like sueing a jewlry store for not letting the men with the ski masks in.
        • Re:So? (Score:2, Insightful)

          by Jack Hughes ( 5351 )
          Not necessarily. The point that it is OK to DoS the network is only marginally valid if you assume that there are no legal activities going on on the P2P network. If the network is clogged with dubious files to create a DoS attack it will also be affecting the legitimate uses and illegitimate uses to the same extent.

          And that might be an argument that could be used under the DMCA, anti-terrorist or whatever it is legislation.

          • Except that under most(all that I'm aware of) P2P networks this would not significantly affect legal users, at least not enough to qualify as a DoS.
      • Re:So? (Score:4, Insightful)

        by whopis ( 465819 ) on Saturday July 06, 2002 @08:36AM (#3832297)

        couldn't these DoS attacks be considered illegal

        I think the problem with that argument is that this really isn't a DoS attack. They are using a P2P file sharing network to share files. That's the purpose of the network. Just because it is a file that you don't want doesn't mean that it is a DoS attack.

    • I fully agree on this point. Its hard to keep blaiming people for trying to stop illegal activities. The interesting thing with this method is that it can actually work, in contrast to the other stupid attempts like copyprotection and mp3 pay-sites. One of the few things that definitely keeps me going to the store buying a CD is the fact that its hard to get my hands on on the net, and after a few failed downloads its not worth the trouble.
    • Although I'll happily diss the corps, I'd much rather see this than a new law or something. They're fighting technology with technology - fair enough.

      • ---" Although I'll happily diss the corps, I'd much rather see this than a new law or something. They're fighting technology with technology - fair enough."

        That's EXACTLY the same thing I say about spammers. Fight tech with tech. Gub'ment just brings in inefficenty and money-wasting skills. And they have no clue about technology.
    • by twitter ( 104583 ) on Saturday July 06, 2002 @06:36AM (#3832144) Homepage Journal
      Hey, where are all the bandwith trolls when you need them?

      You don't really think that this is going to work do you? People will simply be annoyed and have to share more. Someone is going to have to pay for the increased bandwith usage and it's not Universal Music. So, Universal is stealing from cable opperators. It's like spam, but they don't even hope to make money off it.

      You have not even thought that people might be trying to share files that were intended to be shared and are NOT owned by Unviersal Music. But that's like the big 5 music publishers, "No one but us can record music, right? Drool, Drool."

      twitter, who has never bothered to download silly mass produced comercial music, is annoyed that Universal Music is going to waste his time. Universal, you suck.

      • Unless you try to download one of their songs, how are they going to waste your time? They are distributing files labeled as popular songs which ar bogus. If you're not trying to get those songs it doesn't effect you.
  • We could /. them and use up all their bandwith so they can't cause trouble. :-)

    Actually, if you are downloading files that they are doing this to, just look for someone with a low bandwidth and download from them overnight, unless they have downloaded from overpeer, you'll be fine. Or use the preview feature of your P2P.

  • by Warmth Is Life ( 569686 ) on Saturday July 06, 2002 @04:33AM (#3831883)
    There's nothing more annoying than finding a brand new album in a high quality bitrate and then finding out it's nothing but a loop of two seconds. There's nothing more annoying than finding a brand new album in a high quality bitrate and then finding out it's nothing but a loop of two seconds. There's nothing more annoying than finding a brand new album in a high quality bitrate and then finding out it's nothing but a loop of two seconds.
  • by forkboy ( 8644 ) on Saturday July 06, 2002 @04:37AM (#3831895) Homepage
    That's the problem with running a service that's (for the most part) black market...when someone starts fucking it all up with counter-attacks, there's really not a lot of recourse.

    I was thinking that a moderation system would work, if it's implemented correctly. For instance, once a person has been sharing X GB of files for, say, 2 weeks, they start getting moderation points....they can use these points to flag a file as being a dummy. (or just a shitty rip) If a user gets too many files modded down, he becomes unable to gain moderation points for a certain period. The sharing requirements will make it undesirable for RIAA droids to pollute the moderation system, since they'll have to be sharing material of their own. (and any dummy files they have will hopefully be moderated down...and if they ARE sharing valid material, well, cool, they're contributing to their own demise)

    Please, nitpick at this suggestion, I'd like to see if it's feasible or not.
    • by gengee ( 124713 ) <gengis@hawaii.rr.com> on Saturday July 06, 2002 @05:07AM (#3831985)
      It's actually a bit of a complicated problem though. For instance:

      How do you know how long someone has been online? What stops the client from simply reporting they've been online since January 1st, 1970? You can't really trust the peers to whom they're directly connected to know either, because in a P2P network people constantly drop on and off.

      How do you stop Overpeer and like-minded companies from lying about the moderation points? Why can't they give it +100, CD Quality?

      The only solution I have thought of is rather slow and clumsy. Basically everyone gets unlimited moderation points...instead of incrementing the count, you simply say "This file is good" or "This file is bad". When the file is downloaded, the P2P client creates a small hash of the file and stores that hash, along with the filename and moderation of the file. Then during the search process, you do 2 searches. First you search for a filename. Instead of all the clients returning "Yes, I have that file" they return "Yes, I have that file, with a hash of: 34232SFDSFSDSDSD2323DSD". Then a search is done for all the hashcodes returned by the first search asking for everyone's moderation on that hashcode.

      Then you give that file a percentage-score (i.e., 95% of users say this file, with this hashcode is bad) or 92% of users say this file, with this hashcode is bad.

      But the solution won't really work, because it exponentially increases the amount of bandwidth/cpu time required to do a file search.

      Anyone else have any ideas?
      • eDonkey2000 [edonkey2000.com] already has the hashing part, last I checked, there are only a handful of mislabelled pieces (software/movies) around, if you don't count porn labelled as full version being actually ads for porn sites...

        Problem with that network is that it's full (really full) of leeches... Once something is downloaded, they don't share it anymore. Maybe is it because the files are usually way larger (600Mbs are extremely common). Overall it's still a great file sharing program though.

      • How do you stop Overpeer and like-minded companies from lying about the moderation points? Why can't they give it +100, CD Quality?
        The only solution I have thought of is rather slow and clumsy. Basically everyone gets unlimited moderation points...instead of incrementing the count, you simply say "This file is good" or "This file is bad".
        Why bother with clumsy, crackable moderation? If files are looped, definitely the downloading software could spot the loop by analyzing the data and sounding an alarm as soon as the data repeats...
      • How do you stop Overpeer and like-minded companies from lying about the moderation points? Why can't they give it +100, CD Quality?

        You can't trust the peers to be honest - assume that the RIAA will corrupt the client software.

        You can't have a central server that controls the network - assume the RIAA will shut that down.

        How about a central server for moderation? It can't stop the peering and doesn't know what is being shared or by who. But it gives out secure (ie public key) certificates to any client that logs on, and then any client can then rate another server anonymously.

        To stop the RIAA from just setting up 1x10e5 clients and rating themselves as fantastic, each IP address could be limited to one vote for every peer out there, or something similar. That way 1000 votes from the RIAA are nullified by 1 bad vote from someone else.

        Would that work? Its got to protect the privacy of the peers and have no influence over them.

        Comments anyone?

        Michael Veltman
      • I thought a bit about these issues (in a different context) and wrote a paper on a method for assigning identities to network participants in a fully peer-to-peer way using cryptographic techniques. The basic idea is to make identity generation computationally expensive and independently verifiable, so that you know without having to trust any third party that the user in question spent a significant amount of resources to create their identity. Though these identities are pseudonymous (they won't say "RIAA", unfortunately), they are associated with the user's behavior through message signing, so it becomes easy to build a blacklist of users that you don't like. In certain situations, you can even share unforgeable evidence of misdeed with others. With this as a start, I don't believe it's infeasible to do things like you describe...

        Check it out:

    • "I was thinking that a moderation system would work, if it's implemented correctly. For instance, once a person has been sharing X GB of files for, say, 2 weeks, they start getting moderation points....they can use these points to flag a file as being a dummy. (or just a shitty rip) If a user gets too many files modded down, he becomes unable to gain moderation points for a certain period. The sharing requirements will make it undesirable for RIAA droids to pollute the moderation system, since they'll have to be sharing material of their own. (and any dummy files they have will hopefully be moderated down...and if they ARE sharing valid material, well, cool, they're contributing to their own demise)"

      So? The RIAA has LOTS of shitty songs that nobody will want to download that they can make into perfect MP3s giving them tons of Mod points to use against the songs they want to target.
    • Sure there's recourse. It would be in the interests of the P2P software companies like kazaa to weed these dummy files with their next update. It shouldn't be that hard to detect a loop or whatever new trick they have up their sleeves. No real need for human intervention other than deleting the dummy files if the software fails to detect them.

      Essentually this is a software war. One side will do x the other side will counter x. Kind of how AOL occasionally treats the wonderful Trillan IM client.
    • by josh crawley ( 537561 ) on Saturday July 06, 2002 @05:47AM (#3832072)
      ---"That's the problem with running a service that's (for the most part) black market...when someone starts fucking it all up with counter-attacks, there's really not a lot of recourse."

      Yeah there is. You fight back. No holes barred type of fighting too. If you can catch him in the act, do shit , like ping floods. It's effective in cutting bandwidth 1 way.

      ---"I was thinking that a moderation system would work, if it's implemented correctly."

      ---"For instance, once a person has been sharing X GB of files for, say, 2 weeks, they start getting moderation points....they can use these points to flag a file as being a dummy. (or just a shitty rip) If a user gets too many files modded down, he becomes unable to gain moderation points for a certain period."

      Already incorrect implementation. I'd simply have a writable part of the P2P fs that allows you to GPG sign a file. You sign the MD5 sum to your 'nick'. If it's good, you sign. If bad, you dont. Now if some idiot is signing bad shit, you can assign trustworthiness to 0. You could also apply 'trusted' user signs to other known good MD5 sums (from untrusted users).

      This system creates a "Web of Trust" that cannot be spoofed. No moderation point system will ever cut it (since it relies on a server-no reason to)

      ---"The sharing requirements will make it undesirable for RIAA droids to pollute the moderation system, since they'll have to be sharing material of their own. (and any dummy files they have will hopefully be moderated down...and if they ARE sharing valid material, well, cool, they're contributing to their own demise)"

      First, even 1 screech is enough to 'kill' a file. For example, in Cool Edit plugins, they inset a bell after 30 seconds. Very effective. Also, might I remend you that it's legal for the RIAA to warez these files. Who's gonna pick on them?

      Please, nitpick at this suggestion, I'd like to see if it's feasible or not.
      • Your solution is pretty good. But there is one major problem. It creates a nick that can be tracked back to the original distributor with a much higher degree of confidence than previously possible. Nicks known for high-quality/quantity uploads will become low-hanging fruit targets for RIAA prosecution.


        P.S. IANAL but given where the law is these days, I'd be surprised if ping floods were legal, at least in US jurisdictions.
    • Over the past couple of months, I've been thinking that the solution might be a web-of-trust system similar to pgp key signings. It doesn't seem like such a thing would be too hard to impliment with actual key signings, perhaps even with gpg and the gnutella codebase. This would certainly reduce the size of the network of p2p clients, but I think most people tend to listen to music that's owned by someone within three or four degrees of seperation from themselves. Personally, I only use p2p for finding bands that have have been reccomended by friends, so it would almost certainly be within a couple of hops of trust from myself.

      The only problem I can see with the moderation system that you're suggesting is that there would have to be a central authority for mod points. In the current political and legal climate, that's a direct weakness. You could, conceivably, combine the two systems. So, I could rate everyone that I've downloaded from based on Quality of Service and that would enter a special file, which could be picked up by each client that has trust in me. The client would then weight the entries based on how much they trust me. For instance, if they only had 50% trust in me, then my ratings could be cut in half. They could then decide on a threshold, below which they won't do business with a client. Someone could be allowed to enter into the network.

      This system has a lot of possibilites. It would keep out unwanted parties, but also allow people to come in at a low level of trust and build from that. If you made it a generic fileswapper with searchable metadata (such as gif comments and id3 tags) then also allowed ssl transfers, it would be almost impossible to track.

      Sorry if this is all a bit muddled and choppy. I've been up for more than 36 hours. Let me know if this sounds at all reasonable.
      • Kinda funnu that we end up with the same ideas.... There's only 2 minutes between our posts, and we have similar thoughts.

        1: You host untrusted music(not essentially bad media).
        2: People who downloaded it either sign or not.
        3: When you download(or see file), you can see signees.
        4: All clients have a ratings system.

        0- Untested
        1-Public Enemy
        2-Mostly Corrupt

        (maybe a little overdramatic ;-)

        I could also see how the data is put together....

        MD5_sum=123h11 22c174928....

    • That's the problem with running a service that's (for the most part) black market...when someone starts fucking it all up with counter-attacks, there's really not a lot of recourse.

      Copyright is irrelevant. This is a premeditated Denial of Service Attack against a service that may, or may not, be facilitating the sharing of copyrighted material (and is likely providing a conduit for both ... not all artists trying to get exposure have signed recording contracts with the RIAA, or with anyone for that matter, and some use p2p networks to get their material heard by as many people as they can in the hopes of building name and brand recognition).

      What if this attack were against the entire http protocol throughout the internet, taking down web pages everywhere because a few were trading copyrighted material illegally? Would we tolerate it? Absolutely not. Not even if for every legitimate, google or slashdot style website there were ten websites trading Warez and mp3s.

      The act of DOSing a service is illegal (at least in some places), regardless of whether it is a copyright cartel dinasaur leading the attack to protect their outdated business model, or script kiddies and l337 h4x0rs defacing or DOSing their least favorite corporate website to express disdain.

      Gentoo, Source Mage, Debian, and other GNU/Linux distributions that use the internet to display information may well adopt p2p methods to eliminate bandwidth bottlenecks, particularly during the release of new versions of popular packages like Gnome, KDE, Mozilla, and Open Office. If Microsoft were performing such a DOS attack there would likely be people facing fines and perhaps jailtime.

      This is an attack on the Internet itself. FTP, http, scp, all of these can be used to share copyrighted material. Shall we allow cartels a free hand in making those protocols unusable?

      There are legal remedies for prosecuting copyright violation. There is absolutely no excuse for this kind of illegal activity in the name of 'protecting copyright', and while there will undoubtably be technical solutions to much of this kind of thing (anonymous GPG signatures and webs of trust, etc.), the bottom line is that you cannot have the majority of civilization constrained by one set of laws that make these sort of attacks illegal, while allowing another segment of society to engage in this sort of activity simply because they argue it protects their business interests.

      I agree with the general sense of your post ... the RIAA (and MPAA, who are the ones involved in the dummy DivX nonsense) will find themselves contributing to their own demise in any number of ways as they conduct attacks against basic internet protocols, be they p2p or client-server.
  • by kinko ( 82040 ) on Saturday July 06, 2002 @04:38AM (#3831898)
    ... for people who download these thinking they are downloading the "real deal". At least the studios are using technical means and not legal means to attack those who break copyright (no I won't use the "p" word).
    People who download songs and movies continuously only make bandwidth more expensive and/or capped for the rest of us.

    I think it's kind of funny - we waited overnight to download "TPM" only to discover it was "Pearl Harbor" with the title changed.

  • I've never looked into the details of the .MP3 format, but I believe it's essentially a series of spectrums for the recorded sound... if that's true then it should be easy for programs like Gnucleus to check after it's downloaded 10 or 20 seconds of an MP3 to do a self-similarity check and abort if it's greater than a configurable threshold.
    • Well, Gnucleus (like limewire) uses the SHA1 hash system and that should _help_ cut down on the bogus files or at least all the bogus files will become swarmed together.

      Another solution would be to only download songs from well known ripping groups such as RNS, and the like.

      Damn, I just remember the Gnucleus feature which adds certain hosts to it's block list for sending .vbs and so forth.

      <evil laugh>
      I suspect this will affect more Kazaa/Newbie users.

    • Won't work because the spoofed files can be damaged in more than one way. For example, pieces of other songs from the same album can be embedded. This won't be detected automatically, but clearly will make the file unusable.
    • But some real songs (naming no names) actually consist of the repeated drum samples and people going, ''uh-huh'', ''yeah'', over and over.

      Wait - maybe its a good thing if those songs are marked as trash by the system. Carry on.
  • They need Slashdot-style moderation. Then the fakes can get modded as Troll, and Britney, NSync, and company can get modded as Overrated.
  • YAWS (Score:5, Insightful)

    by ImaLamer ( 260199 ) <john.lamarNO@SPAMgmail.com> on Saturday July 06, 2002 @05:12AM (#3831998) Homepage Journal
    I've got yet another work around suggestion.

    Your p2p application (which supports metadata, hashes etc) will wait to add a downloaded file to the "shared" section until after you view it.

    This would cut down on some short divx'd files (which won't play "out of the box") bogus mp3 files (overpeer) and whatever else.

    A system which flags files as "ok" could come under attack because overpeer could just flag their files "ok" as well.

    The system I suggested above would only of course work with files downloaded, not files you have existing on your computer. Of course through the hash system you could be verified against other people.

    Overpeer... create mp3's backwards from one-way hashes! Good luck you bastards!

    Considering we already have hash systems in Gnutella apps... they can suck me.
    • The problem with this is you have to trust overpeer to return correct hashes(trusted client problem). If you could find a way to require the client to return correct hashses you could do some cool stuff with a frequency analysis to find the same song at different bitrats and stuff. But you have to get the client to return a valid hash.
  • To some extent, the same thing is happening with DIVX's. In this case, someone will rename a given movie and upload it. People grab it and share it before they verify that it is what it says it is.

    In this case, it does not appear to be the work of a concerted group - just trolly kids, I suspect.

    Sometimes they rename pornos with titles like 'mulan.avi', etc. Sigh. Lots of wasted bandwidth.

    I bet the movie industry will do that soon. They must be soiling themselves over people sharing cam grabs of every popular movie - with in hours of the opening. Download it and spend your savings on a Pizza.

    • Sometimes they rename pornos with titles like 'mulan.avi', etc. Sigh. Lots of wasted bandwidth.

      Yeah! I had to download Mulan 32 times before I got my fix of pr0n!

      It is pretty appropriate to put fake P2P files up since P2P is pretty much a fake scene. The bit about it really and trully being to allow people to swap their own self generated content and the copyright theft thing is a tiny, tiny minority is such a crock.

      If material is not illicit in some fashion there is no reason to use P2P instead of a Web server. There are only two types of legitimate material that P2P would be necessary for - samizdat political tracts and Pr0n. Despite the best efforts of John Ashcroft it is still possible to publish material critical of Govenor Bush as the reports of his insider trading and Enronesque accounting methods demonstrate.

      As for Pr0n, while there is no doubt an amateur Pr0n scene somewhere on the Web I have never heard that it is a big part of the P2P scene. Which if the propaganda was true one would expect it to be, after all you don't need much to DIY Pr0n, no acting ability required, just a razor, plenty of lubricants, condoms, a camera and a girlfriend... ohhh dear well that could be tricky.

  • This doesnt solve the problem of the repeated hook files but does explain why your eminem search results come back with no genuine results. Getting around these fake files is easy, just use the track names in your KazzaLite search.

    The reason that the songs are blocked and return no results is because Overpeer is blocking all searches that include the word eminem on Fasttrack. They are only allowed to block the songs that contain 100% definately copyrighted material. If they blocked the name of the track then all kinds of non-eminem files would be blocked as well and therefore it would be an illegal DOS AFAIK.

    1. Google search for CD track list
    2. Enter titles only NOT artist in your P2P search
    3. Burn, Burn, Burn RIAA.

  • by josh crawley ( 537561 ) on Saturday July 06, 2002 @05:26AM (#3832025)
    In spite of this article, there's already a bunch of good files (I didnt say good music....) carried by legit people. I just follow my own rules when I download stuff from P2P networks. Be aware that I search for j-(group) type music, so mine's much harder to find files...

    1: If I get a good turnout on search, I look at most of files, bitrates, and times. I download what seems to be the mode of the similar type of files.
    2: I tend to stick with files that many users have (eg: 7 people have file with size 4,032,112 and 1 person with size 4,129,326). I can resume easier with "popular one". I do the same thing with movies (anime mostly)
    3: While I download, I play it with Winamp/Xmms. If there are errors/not what I expected/fake files , I can easily cancel the download and blacklist the user.
    4: If I get corrupt movies, I use virtualdub to determine where in the file is the error. Then I use a snip tool and "cut" the file into N parts. I can then use resume on the P2P services and possibly fix the file. However, some files, like Serial Experiments Lain (AVI sub), 1 episode has a "divx freeze frame". That error'ed file has propigated on WInMX, Kazaa, Gnutella, and Nap-clones.
    5: Even with my modem, I download "weird" files in hopes of getting unreleased/changed song. You occaisionally see stuff like this when you search for a popular song. Then you see a "somewhat changed name" but usually longer. I usually get them. If they're bad, I can find out in the first minute(remember, I play as I download).

    I figure that this wont be as much helpful... It's just my skills I use in getting the "goods".
  • Consider the visual analog: a web photo album... pretty much every photo site automatically generates thumbnails (very small versions of pictures) for every full-size photo uploaded, so that a user may quickly see and find the photo desired without trial and error downloading.

    I propose P2P programs should as a feature, for every MP3 file shared, create the musical equivalent of a thumbnail pic: a very low bit-rate, down-sampled "preview" version of a MP3 file that could be nearly instanteously downloaded and listened to, to determine its authenticity, before a user actually takes the time to download the real version. This downsampling would be automatic and transparent.

    Prudent users would always "preview" before they download, and bogus files would be quickly identified thusly.
    • This is really a great idea! It is useful not only to verify the file. There are so many files, so many artists that it is next to impossible to find out even what genre the music belongs to. A small preview (of phone quality, 50 kB) would be easy to grab, especially for modem users. It is very disappointing to download a significant chunk of the file only to find rap there :-(
  • As they only seem to be doing it with Eminem and other recent releases. Since I don't listen to that crap, I ain't worried.

    Hell, I encourage them to continue doing this with Eminem, Britney Spears, and other modern music (stretching the meaning of the work "music"). Maybe it'll drive these kids to start listening to more talented acts.

    Every Eminem/Britney fan we prevent now is 1 less brain dead consumer that will take what the corporate establishment spoon feeds them. Oh crap, I'm starting to sound like a hippie!
  • #1. Many music companies hold the (sometimes exclusive) rights to distribute a musician's work ... but not the Copyright itself.

    #2. I believe a strong case can be made for one of these bogus or loop MP3s being a derivative work.

    If #1 and #2 hold, then the music companies are illegally creating and distributing derivative works, which puts musicians in a position to claim Copyright infringement and possibly damages.

    ...right? ;)

  • Ah, the BBS days... (Score:2, Informative)

    by Mastos ( 448544 )
    Reminds me of the BBS days where the good sysops would scan and personally run each upload to ensure quality....

  • by Skapare ( 16644 ) on Saturday July 06, 2002 @05:56AM (#3832090) Homepage

    What is needed to stop this is a moderating system which ranks the various traded products, as identified by their MD5 checksum signatures, according to some "measure of quality". By rank ordering, it cannot be used to entirely shutdown a trading network since everything would still be available. Products at 50 out of 100 would have received a ratio of good vs. bad moderations better than 50% of other products, and worse than the other 50% of products. It would not necessarily be a 50/50 good/bad moderation. Thus flooding of bad moderations across the board would have no effect, though it could be used to drive very specific classes of products down the list. But eventually, people would see the abuse and mod them back up. It would be sort of like moderation on slashdot, but everyone gets to play.

    Now would it be possible to have selective moderation like slashdot has? Only a central authority could do that the way slashdot does. The big question would be judging who gets moderation points. As far as I know, on slashdot, it's almost entirely automated. With product trading, it would be harder to measure the quality by automation, so someone has to manually make the judgement calls and that brings some risks as well.

    If individuals could be identified uniquely in some way, without the risk of exposing real identity, then meta moderation might work. One way to do that would be a slow rate of generating some kind of signed digital certificate that allows only so many to be generated at a time per network that receives it (and no personal identifying info included, and no records kept). Moderations and meta moderations would be signed by these anonymous certificates. You wouldn't know who moderated, but what you would know is that a group of moderations by the same certificate are probably from the same person and can be judged accordingly, good or bad. Excessive levels of moderation would also weaken your merit and derate your contributions.

  • This will just force the various P2P developers to scramble to develop counter-measures. The music companies are giving the developers a gift - not enough DoS to stop everybody from using P2P but still enough DoS to give the developers a decent target to aim at. The only realistic result is that the P2P programs will become "stronger" (ie, more resistant to future attacks).

    It's as silly as a criminal wandering around a bank and informing the staff that he's casing the joint for the heist next week.

  • Simple Solution (Score:2, Interesting)

    Of course, the simple solution is to just download songs that aren't owned by RIAA members and covered by their copyright. Then you can be sure that you won't get bogus files.

    It's not that much of a sacrifice because MP3 sharing systems are only ever used for fair use (where you know the origin, as it's just your home/work PC that you're fairly using from) or they're to promote unsigned bands for whom P2P is an important system.


    In next week's Ask Slashdot: "Dear Slashdot, I like fast cars but they're so expensive. Recently more and more of them are getting lowjacked. Isn't this a disturbing trend? What technical means are open to defeating this system? I only steal from big company showrooms so it's effectively victimless."

    Before you mod this down as a troll, think about what I'm actually saying. When did we lose the cool technology, the valid fair use claims and the arguments that these systems are useful promotional tools for those who want them... and reach the point where we're bitching about only being stopped from the unfair uses?
  • by SmileyBen ( 56580 ) on Saturday July 06, 2002 @06:06AM (#3832102) Homepage
    I'm surprised nobody has pondered the fact that this could be a Very Good Thing(TM). If they continue to do this, surely they'll be blowing big holes in any future court cases. They say "Napster [replace with future contentious system] can't feature songs which are copyright". Napster says "How do we tell?". Judge says "Fine, you have to filter by filename". Napster says "But wait a minute, half the stuff with filenames of copyright songs isn't those songs at all". The fact is, by engaging with these networks, even to undermine them, the record industry damages their own court defence. Basically they will single-handedly prove that these networks aren't just for exchanging copyright material which you might not have the right to do, but for just about anything. When a court realises that, their case is blown to hell... ...I guess it's wishful thinking to imagine they would notice, though...
    • "If they continue to do this, surely they'll be blowing big holes in any future court cases."
      Hey, fantastic point. You're a smart guy. But I fear that some of the folks behind this might also be pretty sharp -- ask yourself: why are they looping portions of the real songs? Perhaps because that's enough to still be protected by copyright and be accurately referenced by the title. They could have just used a warning message, noise, what have you. This way, they may have anticipated your argument....one I don't think was wishful thinking. It would probably be one of the first defenses in a Napster-like court case.

      I'm encouraged by the evidence of the posts in this thread that many slashdotters are taking the anti-piracy position on this matter. Communities such as this one are fighting the RIAA et al tooth-and-nail not because we are pirates, but because their efforts to combat pirates are extremely hostile to law-abiding consumers. For this reason, we're very suspicious of their protestations that all they're doing is trying to fight piracy.

      • ask yourself: why are they looping portions of the real songs? Perhaps because that's enough to still be protected by copyright and be accurately referenced by the title

        Actually, doesn't using real songs also work against them? If they are putting the title of a copyrighted song, and a small portion of that into the public domain on a P2P network, wouldn't that make enforcment of copyright on that 2 seconds void. If a portion of this body of work (song) and title are launched out by the owner of the work, they are starting down a dubious trail.
  • I generally have no problems with this, and it doesn't strike me as unlawful. If these people want to damage their brand name by putting out junk content under their artists' names, that's fine by me. This kind of nonsense will also be easy to circumvent technologically. What would the alternative be? More regulation of content on P2P networks? That's something we don't want.

    What would be a problem is if they started doing this for content they don't own. For example, if there was an artist that put his work on P2P networks, started competing with them, and then they tried to sabotage his popularity by putting out junk under his name. That, however, is probably already prohibited by current trademark laws.

  • I know that this concept may be unpopular to some, but before I get moderated down please hear this out. This could possibly be good for us, for two key reasons.

    1. With file sharing networks flooded with fake songs from RIAA brand name artists, it will become annoyingly difficult to pirate RIAA music. While illegal data becomes very difficult to find, notice that this does not detract from our ability to trade LEGITIMATE data. Legitimate independent labels can still be easily searchable.
    2. If no technological means can be found to curb rampant piracy, they will resort to dumb laws (DMCA, CBDTPA) and Microsoft Palladium to stop it. This would be a terrible hit to the American economy as well as cause serious trouble for Open Source Software.

  • by Cryogenes ( 324121 ) on Saturday July 06, 2002 @06:33AM (#3832141)
    Let the RIAA take out those services which are too weak to defend themselves, it will only make the others stronger.

    It is possible to design a filesharing service that defends itself against bogus files.

    It is possible to define a protocol that hides the file lists of individual users.

    It is possible to build CDRs that play, copy and rip copy-preventing CDs.

    The pressure exerted by RIAA will turn these possibilities into realities - simple Darwinian evolution.
    • by javilon ( 99157 ) on Saturday July 06, 2002 @06:58AM (#3832175) Homepage

      And this is an interesting software engineering problem. It is the first internet protocol that has to be designed from the ground up for anonymity and resilience. And that will grow in a hostile enviroment.

      The TCP/IP stack was designed for resiliency and they did a good job, but this has to be even better, and we don't have the goverment on our side!

      There are a couple of attempts at this. One is www.freenetproject.org (that seems to be stalled) and the other one is gnunet [freshmeat.net].

      GNUnet is a decentralized network with confidential and authenticated communication. A first service implemented on top of the networking layer allows anonymous distribution and retrieval of content. GNUnet supports accounting to provide contributing nodes with better service.

    • except that in your case the ecosystem that existed before the internet file sharing was the one set by the majors. In this view, the predators are the p2p networks and you're beginning to see the second wave of reactions of the attacked system (the first wave was the legal actions: trials and laws).
      face it: if there isn't an alternative in their production model, that is: societies which produce, manage and distribute artists and respect those new ways to share music or movies, they will win. Because they have the money and therefore the political support. And also because, as you said, the p2p wave is making them stronger and giving them ideas of new ways to control their customers and milk them.
  • Checksums.

    Keep lists of good cheksums. Set up checksum servers. Add moderation. Stir.
  • by Anonymous Coward
    Share Reactor. [sharereactor.com] They release the files into the wild through edonkey2000, [edonkey2000.com] provide the MD5 checksums of the file you want to download, and edonkey2000 does everything for you. It already has a nice and juicy base of supporters (although I wouldnt say humongous, like Kazaa, specially because of the server "issue" in edonkey2000, but that is being taken care of anyways.)

    Its a great system, Share Reactor cant get sued, edonkey2000 doesnt have centralized servers, and I get much greater speeds than in any other P2P program. Sure would be great to see other people take advantage of the great possibilities that edonkey2000 (and other P2P programs) can offer like Share Reactor does.

    Needless to say, I highly recommend it.
  • From their homepage..

    "By penetrating P2P networks such as Gnutella, Open Napster, and FastTrack, our solution can use the power of P2P against abusers, instead turning software pirates into customers"


    P2P Networks turn "pirates" into customers. Obstructing the network simply ensures that network users will never become customers of authors who have hired the obstructors.

    All well-documented cases (think Baen Books for example) show that freely available works increase demand and improve artist-audience relations.

    I don't see how these guys can possibly succeed. They will have to continually develop technology to beat the bleeding edge of the P2P arms race, but unlike antivirus companies which enjoy a huge market and a growing pool of evangelists, Overpeer's only cashflow will come from the RIAA and anybody who has not yet learned about the positive commercial power of P2P networks.

    Yesterday I went to Networld+Interop in Tokyo. Best in 5 years easily. Wireless, Broadband, Streaming Video, it was all so huge they even rented the next building. The past President now statesman of NTT DoCoMo (most successful Japanese company, and partnered with AT&T) stood up in front of a thousand people and gave an extremely lucid presentation on the future of all this. Get this, they are DEPENDING on P2P!!

    This I mention as I noticed today an interesting little socket with tape over it attached to the cash register of my local convenience store (think 7/11). The tape said, DoCoMo service starts July 16. There is already a bank machine and maybe a loan machine (the mafia got wise) in most every convenience store and now the loop is finally being closed. All we need now (maybe available next week, if not I'll sure work on it) is paying for cryptgraphic passwords at the register. Now that networks carry so much data it is hard to tell when an mp3 or divx is coming over the wire, it is just going to be very difficult to stop.

    But I'm not talking about pirating. Overpeer (an oxymoron like "Big Brother" in case nobody noticed) is going to fail financially because the big boys need these P2P networks to work. Not a lot of people are making waves if it is just kiddiez and bored techies downloading a few mp3z. But P2P and open group-based data sharing is becoming important for business cooperation (think Groove), B2B (Enron was doing $1 billion/day of e-commerce transactions before they tanked), and distribution of large files and streams (think Akamai, the Perl CPAN, and FTTH - now a reality for Tokyo residents this year).

    When these networks start getting used for serious data as well, Overpeer is going to be messing with the value of a network resource that real companies have a stake in.

    Consider that if I already own an Eminem CD (not likely) I am completely within my fair use rights to use a digital copy of that. If I was paying for a P2P network to supply my fair-use needs, Overpeer might end up on the other end of the stick (in court).

    What's needed to put the RIAA in its place (bankruptcy court) and promote music and P2P?

    1. Use P2P for lots of legitimate data and services. For example DoCoMo phones will be used (actually are now) for ticket purchases. A P2P solution would have ensured all seats for the World Cup got sold correctly. (Hmm maybe I'll work on that one).
    2. Build a service and liscensing scheme specifically to support P2P and fair use.
    3. Tie unobstructed P2P networks to commercial profits.
    4. Create a reasonable system for end-user licensing that will decriminalize fair-use music owner's P2P downloads, and not incidentally reduce the price of music.
    5. Make commercial use of cryptographically secure, anonymous data networks with the ultimate goal of having large chunks of them hosted by giant corporate data centers.
    6. Create hash tables which identify in realtime abusers of P2P, which is going to very soon become a critical component of the global infrastructure.
    7. Create tangible benefits for artists who use these networks, or in some other way stop supporting the RIAA.
    I'm sure you guys can think of a few more ideas. Personally I don't see Overpeer as a very good investment move do you? I'd take my money out of Overpeer and hire some guys to build on P2P instead of obstructing it.
  • A simple boycott of the Overpeer'ed songs would be a good start. If you had a website that listed the songs in question, along with the suggestion to boycott, that's just plain old freedom of speech, right? It's not like anyone really needs to have these files anyway.

    IMHO, the key to making this Overpeer crap go away is to make it economically counterproductive. "Anti-crap" technical countermeasures are necessary also. The RIAA folks aren't the brights bulbs in the box; it may take them a while to realize how dumb Overpeer really is.

    • A simple boycott of the Overpeer'ed songs would be a good start. If you had a website that listed the songs in question, along with the suggestion to boycott, that's just plain old freedom of speech, right? It's not like anyone really needs to have these files anyway.

      Good idea! only I think you will find that boycotting the files is exactly what the RIAA wants. They want you to boycott the files and buy the smegging CD

      Only the P2P people are already boycotting the CD because they are a bunch of theives who steal it via P2P rather than buy it

  • web of trust (Score:4, Insightful)

    by medcalf ( 68293 ) on Saturday July 06, 2002 @08:50AM (#3832325) Homepage
    This method only works as long as all sites are equally trusted. If p2p software develops the idea of a web of trust, this method will fail quickly. Basically, a web of trust allows a user to mark a site as trusted or untrusted. You trust sites that sites you trust trust. In other words, I mark my client to trust foo.net and bar.com, because they always provide good stuff. They trust me as well, and a few other sites like fubar.cc. Since one or more of my trusted sites trusts fubar.cc, I trust fubar.cc.

    Eventually this evolves such that sites which post bogus music, low-quality rips and the like will not get used, because no one will trust them. And a good web of trust allows you to see the trust path that led you to a server, so that if you get something bad you explicitly can mark as untrusted the nearest site to that (since they didn't do a good screening job) even though they would otherwise implicitly be trusted.

    • This solves nothing. In general, trust is not transitive. My friend's friend need not be my friend. My enemy's enemy need not be my friend.

      All it takes for to spoil is the scheme is for the RIAA to set up two servers. One legitimate one, which you trust, and another spoof one, which the legitimate one trusts. Good luck fighting this unwinnable war.

  • So, only MP3s are currently being bogofied? (And, I would assume, primarily the Windows-only networks?) That's good, actually. Those of us who prefer to share and download Ogg Vorbis files on predominantly [sourceforge.net] Unix-based [apache.org] networks [faqs.org] will remain largely unaffected.

  • Helpful users have been finding out the IP address blocks owned by the "bad guys" and submitting them to create a "ban list" for search results.

    The new version of Gnucleus [gnucleus.net] has a feature that allows users to simply click and filter hosts that they suspect to be sharing bogus files (and spam etc.).

    There are plans [zero-g.net] to expand the distributed web-based host cache system in use in Gnucleus and a few other clients to also serve blacklists. Possibly there will even be a "vote" system that would allow users to dynamically change these ban lists to propagate information on "bad" hosts automatically.

    I think that using hash information is pretty useless, it's easy to stick the right hash on the wrong file. What you'd need is a PGP-like public-key encryption system with signatures and trust structures and the like, but that'd be going to the extreme.

  • Game Over (Score:2, Insightful)

    So, everyone here is going on about how moderation, authentication, etc. is going to solve this problem. it would, if uploading and downloading songs wasn't usually illegal. A couple people have caught on to this, but most haven't.

    The problem has two aspects:
    1) If the systems has strong identities, then you have a confession from every uploader - as long as you can find them.
    2) If you don't have strong identities, then those who would interfere with your system can hijack the identity system.

    In the strong identity case, those few people who have uploaded most of the songs that are floating around suddenly find themselves targets. A well-funded attacker, especially one with the Law on their side, could use traffic analysis to track down the high-use users. Recall, they don't need enough info from the traffic analysis to get a conviction, just enough to get a warrant. Frankly, I don't believe claims that "my system is immune to traffic analysis." If the Law can tap into UUNet's big NOCs, they can watch the majority of US internet traffic. MP3's are pretty big, and a small population of users uploads most of the songs. It doesn't matter if your data is encrypted/chunked/whatever, the Law just looks for lots of traffic and tracks the big dataflows to their source. Once they find you, they find your secret key, and you're in jail. Secondly, a digital signature is forever. If you share a bunch of files in college, but then clean up your act and lead a respectable life (in the eyes of the RIAA), your digital signature stays behind. A gun that smokes until the statute of limitations runs out is a little scary.

    In the weak identity case, you're no better off than in the no-identity case. The people who want to stomp on your little piracy garden are better funded and less constrained in their action than you. Everyone has infinite moderation points? What's to stop the bad guys (good guys?) from modding everything totally randomly?Much faster than carefully listening to each song and clicking a button. Legitimate rankings get lost in the noise. Use hashes or song fingerprints? What's to stop someone from transmitting the hashes/fingerprints from non-bogus media?

    No, I'm afraid that the solution is the same as the solution to the wAr3z distribution problem. Small groups can share with full impunity (this is actually legal [hrrc.org] to do with music). But sharing music with perfect strangers is not just illegal, it means that the Man can play, too -- and do everything in his power to stop you.
  • by br00tus ( 528477 ) on Saturday July 06, 2002 @09:47AM (#3832452)
    I am a Gnutella developer [geocities.com] and contributor. I guess I'll split this comment into two parts - how I feel about this, followed by a technical explanation of how Gnutella and other p2p networks do and will handle this. P2P is attacked in many ways and this one does not bother me that much because it is only affecting material they hold the copyright to. Nonetheless, even though I perceive this as a minor problem, I do perceive it as a problem to be dealt with. I have an idealistic notion about p2p, that it will be used as a free, open publishing medium so that costs, in terms of bandwidth and so forth, are paid by the consumers, not by the publishers. I'm realistic enough to realize it is used primarily for trading Britney Spears mp3's, Warcraft III zip's, avi's of the Matrix and mpg's of Alley Baggett's Playboy videos. I don't mind this, but I am hoping it helps take publishing out of the hands of a few corporations, and I believe this is what the long-term planners of the corporations who fund the RIAA and MPAA really fear. My chagrin in aiding those sharing material copyrighted by corporations is more in aiding the spread of corporate published crap than in any respect of so-called copyright that these billion dollar multinational corporations hold. I hate large multinational corporations, their executives, and the people who own those corporations (the majority of stock and bonds are held by a tiny rich elite [federalreserve.gov] of heirs. I would like to diminish their power by any means necessary. I think the best way of doing this however is creating an alternative (p2p) to their publishing empires.

    So as I said, I do see this as one of the problems to be solved, although I feel it's of lesser importance. There are many ways of doing this. One of them is previewing - when downloading an audio or video file, when you're about 100k into it (100-200k if it's video), do a preview and see what you're getting. With this looping stuff you have to go farther than 100k however - preview one fourth to one third of the way into the audio files. Many Gnutella clients have a preview feature, as does Fasttrack (Kazaa).

    Another method is to ban IP's and IP ranges spreading this. This is already being done - it's only a minor fix because they will always get around it, but it will help somewhat, they won't be able to have big servers spewing this stuff 24/7

    The real way to fix this however is hashes. Which are already ubiquitous - they already exist and are known on Gnutella (Shareaza, Gnucleus, Morpheus, Bearshare, Limewire), Fasttrack (Kazaa) and Edonkey2000. On Gnutella (Shareaza) and Edonkey2000, you can click through or cut and paste these URI's (URLs) to files from web sites (or Usenet, IRC, e-mail, instant messengers, whatever) and start searching and downloading the files - for FastTrack (Kazaa), it is a little bit more time-consuming and complex, but worth it if you're going to be downloading a large file. The hash technology is already there, the key now is finding a trusted source for hashes which are both good and whose data is findable and downloadable on p2p networks, and for those sources to survive. I guess I'll detail how this is currently working with the various p2p networks, why not?

    There are four major p2p networks - Gnutella, Fasttrack, Edonkey and Freenet. Freenet is a publishing network, the others are all file sharing networks, which is what we're concerned with. Gnutella and Fasttrack are the two largest networks. Edonkey2000 specializes somewhat in large files however, so if it's 100MB+ files you're after, Edonkey2000 is on par, and perhaps better in some ways currently, than Gnutella and FastTrack. Edonkey2000 and FastTrack are closed networks - closed source server/clients and closed protocol networks. Gnutella is open, the protocol is open, and robust open source server/clients like Gnutizen exist for it. This gives Gnutella advantages, such as a choice of multiple clients for virtually every platform, as well as other advantages. Of all the file sharing p2p networks, Gnutella is my favorite and I believe Gnutella is the future of p2p. I think competition amongst p2p networks is healthy however as every can steal everyone elses best features and innovations.

    Gnutella files are hashed for HUGE with an implementation called sha1. You can read about the technical aspects here [yahoo.com] if you wish to. These hashes are useful for finding additional sources for found files so that one can resume downloads or download from multiple sources with integrity. Actually there's one caveat to that - if you are downloading from an honest client, it will tell you a truthful hash of it's data. A client could give a fake hash and then send other data - but you would have to directly download from the rogue. How clients deal with this is even more complex - Gnucleus downloads overlapping chunks - it downloads 1-2000 from one source and 1950-3950 from another - if 1950-2000 do not match from both sources, it marks both chunks as possibly bad. You can read more details about this in Gnutella documentation and discussion groups.

    Aside from this usage, these hashes can be used externally as well. Currently, Shareaza [shareaza.com], which is a pretty good servent (server/client), is the only one from which URI's (URL's) can be cut, paste, and clicked through to from the web/IRC/e-mail etc. I'm sure clients like Gnucleus will have this ability in the future. If you had Shareaza installed, you could click on a link like this - which is an, I believe uncopyrighted, Chomsky speech [gnutella], Shareaza would launch (if you don't have it already) and would ask you if you want to download the file or cancel. If you select download it would connect to GnutellaNet, search for the file, and if it found a host which has the file and which has upload slots open, would start downloading it. Actually, the Slashdot "allowed HTML" filters are pulling some necessary characters out of the above link, so you can't click through on /., although you can on a normal HTML web page. I can't post an URL that you can cut and paste either since /. forces a line break after 40 characters or so, if /. didn't do this and the below was in one line, you could have cut and paste it into Shareaza, I'll show it here for an example, imagine this was all on one line for you to cut and paste, or better was just a link to cut. You can do this on any HTML page, it's just the Slashdot HTML parsing messing it up -

    gnutella://sha1:HXHSJ6ATN3LQCCIOBGUEWV5FFCKP2KBL/N oam%20Chomsky%20-%20Audio%20Book%20-%20Noam%20Chom sky%20-%20At%20Johns%20Hopkins%20University.mp3/

    I would give the above link a rank of "7", because the last time I searched for it, 7 people replied they had it. I have several hashes with a score of 80-90, meaning you're more likely to find or download them, but the above is the only one I have that I have enough confidence in that the data is uncopyrighted.

    So now you have one link to a hash - where can you find trusted sources which tell you what hashes are ubiquitous, making it more likely you will find and be able to download them, are rated in terms of quality by multiple sources and so forth? Well for Gnutella, one source is Bitzi [bitzi.com]. You can search for data there, see what is the most reported, what things are ranked, see comments, see bit rates, file sizes, artists, titles and so forth. It is very cool. Most interaction is from Bitzi into Shareaza (the only Gnutella client that does this currently), but from within Shareaza if you find a file you can type "find Bitzi ticket" and see if the hash has been reported on already. One thing which I'm sure will soon be remedied is that Bitzi does not have direct clickthrough to Shareaza, I have to copy hashes to my clipboard, edit them to Shareaza format and paste them into Shareaza. I'm sure soon Shareaza and Bitzi will agree on a standard and remove this step so I can just click through. And soon Gnutella clients other than Shareaza will have this ability as well. Bitzi's data base is open to the public, you can read their open data policy on their web site, anyone is free to use the data as long as Bitzi is credited. Bitzi.com is the only large, good source of Gnutella hashes I know of. Edonkey2000 has had hashes for a while, and has several good, large sources for hashes such as Filenexus.com and Sharereactor.com. Since Gnutella is a larger network and it just implemented this ability, I'm sure it will have even more and larger sources in addition to Bitzi. And since Bitzi's database is open to all, if Bitzi goes down someone else can open the database up again somewhere else. I'm sure in the future, even the trusted rating system will become distributed.

    Gnutella uses the sha1 hash, Edonkey2000 uses another, and Kazaa uses another. Web sites exist that centralize the hashes for these. I'm sure soon web sites will exist that coalesces and translates all of this. Gordon Mohr, who runs Bitzi, wants to see a universal p2p tag, magnet, which is agnostic about which p2p backend it is using. Why not? We can have a tag that we (more or less) trust, and can retrieve the data from Gnutella, FastTrack, Edonkey2000 or Freenet. It's a great idea.

    I am less interested in other p2p networks than Gnutella but I'll discuss their hash and meta-data web sites a little. The most interesting one is Edonkey2000 [edonkey2000.com], which as I said, has come to specialize in large (100MB+) files, and which I have to admit is a pretty good way to download large files with some guarantee of integrity. There are two major meta data sites for Edonkey - Filenexus [filenexus.com] and Sharereactor [sharereactor.com]. There are other sites as well. If you're looking for large files, they do a pretty good job currently.

    Fasttrack (Kazaa) uses hashing, but the Kazaa client is not that friendly to this kind of thing. So Fasttrack/Kazaa is more of a pain in this respect than any of the others. Nonetheless, you can download a program called Sig2dat [geocities.com] that helps you copy and paste FastTrack's UUhashes. The you can go to web sites [fasttrackmovies.com] that give meta data, rankings and so forth to these hashes. Kazaa/FastTrack is unfriendly to all of this so it is much more of a pain - you have to install files that help you do this (sig2dat), you have to restart Kazaa for every file you want to download in this fashion and so forth. With Kazaa, all of this is a hassle, it's much easier to do in Gnutella (Shareaza), Edonkey2000 and Freenet.

    And lastly there is Freenet [sourceforge.net]. Freenet has been using hashes since the beginning. Freenet is a publishing network, not a file sharing network. That is nomenclature - file can be and are shared on Freenet - from html pages to gifs and jpgs, to mp3's, to avi's, although Freenet is the last place you want to look for large files, Freenet's bailiwick is small files. Even a 4 meg mp3 on Freenet is harder to find and slower to download than any of the other 3 networks. Small files are the domain of Freenet - HTML pages and images. The Freenet protocol is more rich than the other protocols in many ways, thus you have more than just audio and video files going over it, you have third-party applications utilizing it, thus you have things like Fproxy (A world-wide web equivalent which runs over Freenet) and Frost and Freenet message board (Usenet equivalents - both for text and binaries). One benefit of Freenet is it's hard to crack down on people for publishing information - because no one knows who data is coming from or going to. This is not absolute, but it is much safer than the file sharing p2p networks in this respect. Also, people publish data, so that what you put out is stored somewhere other than your computer, and if your web site or shared file or whatnot is popular, it will be out there all the time without your node needing to be connected. Freenet also used a lot of signatures, encryption and so forth, so you already have a pretty solid trust mechanism and data integrity. It depends on what hash is used - KSK hashes are insecure, but SSK are signed. So with Freenet there are large upsides and downsides - the downsides are downloading is much slower, since you're downloading via intermediaries, not directly, and the larger the file, the slower the download and the harder it is to find a complete file. The upshot of Freenet is that there is less of a legal risk with regards to sharing/publishing data, data is signed by the publisher which greatly helps integrity, and also Freenet's protocol allows extensions other than file sharing with it's own internal network - web and Usenet like applications, and I'm sure there will be more in the future.

  • And I keep finding the same SPAM over and over again. Often times, a search will reveal the same small file(s) using the exact search criteria you specify.

    It would seem to me that if an originator of such bogus files can be absolutely identified, that a peer black-list should be created to block these jokers out.

    I know there are some obvious pitfalls to the idea but I am sure the notion can be refined with some careful thought. The list can specifiy the degree of the offense, (spam-bot, looped files and video files that are actually just music, etc) and the client can have a quality filter setting.

    Now I know it can just be worked around in some way, but the hard-core hosts of bad files will eventually get blocked to the point that their effort is useless. And while we're at it, we can block out all know MPAA/RIAA IPs too.

    Maybe it's a dumb idea... I can't be the first to think of it.
  • Gnucleus and BearShare currently use a hashing scheme to verify that one particular file is identical to another for the benefit of multisource downloads. If a user would be able to add a hash to a "block" list, these block lists could be updated frequently on the gnucleus web site and downloaded from a trusted source. All garbage files could be simply ignored.
  • by fmaxwell ( 249001 ) on Saturday July 06, 2002 @10:01AM (#3832508) Homepage Journal
    Overpeer.com is getting IP service through Telemerc who, in turn, gets service through Sprintlink.net. Accroding to the Sprintlink.net's Acceptable Use Police , the following are prohibited:

    7. Knowingly engage in any activities that will cause a denial-of-service (e.g., synchronized number sequence attacks) to any Sprint customers or end-users whether on the Sprint network or on another provider's network.


    9. Using Sprint's Services to interfere with the use of the Sprint network by other customers or authorized users.

    That's practically a description of overpeer.com's business model. They use their bogus material to interfere with the use of P2P services and to effectively create a Denial of Service attack against P2P services.

    I encourage Slashdot readers to contact Telemerc and Sprintlink at helpdesk@telemerc.net and abuse@sprintlink.net respectively and explain (in a civil manner) that you wish them to stop providing services to Overpeer because of the DoS business model.

  • Gentleman, you have your targets [sk.com]. I want a clean hit, with no civilian casualties... ;P

  • Does audio fingerprinting work? I have seen implementations of it that do not work. Are there any that do? This would immediately solve the problem, if there were a database of audio fingerprints.
  • by uncoveror ( 570620 ) on Saturday July 06, 2002 @01:41PM (#3833366) Homepage
    This action by overpeer, at the behest of the RIAA and the labels is harassment of music fans. What do they hope to gain by angering us? They stand to lose a great deal more. I call on everyone to Boycott the recording industry. [dontbuycds.org] Don't buy CDs, except used ones, which they get nothing from. If we put the corporate robber barons who hold the recording industry hostage out of business, then people who do it for the love of music can take the industry back.
  • by dh003i ( 203189 ) <dh003i@[ ]il.com ['gma' in gap]> on Saturday July 06, 2002 @06:20PM (#3834451) Homepage Journal
    Lawrence Lessig said "code is law". Namely, he was talking about code that business', ISP', and government's write on top of standard protocols to regulate our behavior.

    But code is also law for us.

    We are the one's who write the code for P2P services like Phex, LimeWire, BearShear, etc. Thus, we are the one's who create the "law" for those services.

    We have the ability to code away this problem, and any other problems presented to our P2P utopia.

    So how do you deal with bogus files? Well, one way to do it is by detection. Write protocols into P2P programs to detect bogus music files. How do you do that? By reverse engineering their technology. Lets say that their "bogus" files appear the same size as normal files, but about 1/4 of the way through have a hitch in them w/c causes your player to play over the part over and over again. So you write code to detect that.

    Another way to deal with it is the same way we deal with spammers: block unreliable sources. If a domain-name for e-mails often gives you spam, you block that domain name. Same thing w/ P2P networks with a little bit of ingenuity.

    The only thing to worry about is the red queen effect; namely, we take counter-measures to their measures, and they take counter-counter measures to our counter-measures, and so on and so forth. This results in a lot of wasted time for us, and also will eventually make our code bloated.

    Another alternative is the legal route. Contrary to what some say, there is a legal option. Their actions garble up the P2P network, which will negatively affect many who are sharing non-copyrighted files. Hence, a basis for a legal restraint.

    The other possibility is a counter-attack. They've screwing up our networks, so we screw up theirs and their systems. The best defense is a good offense. This would be DoS attacks on their servers, or virus'/worms aimed specifically at their computers.

    Another possibility is very simple. Rather than trying to weed out untrustworthy sources, try to find trustworthy ones. This is much easier as you'll get cooperation. Real netizens of the P2P community may put tags on their files, as identification, which would securely identify them; then, those files would be rated on two categories -- quality and completeness.

Man is an animal that makes bargains: no other animal does this-- no dog exchanges bones with another. -- Adam Smith