MD5 Hashes of the files is a fine way of identifying pirated music. In fact I'm pretty sure it's how most cloud services WILL do it. The real question here is how do you identify which hashes will be blacklisted? I think the best approach to that would be to go through some famous torrent and Gnutella sites and scrape the hash values from those torrent files and databases. I know torrents have a way of doing this as part of the .torrent file itself and I believe that the Gnutella protocol probably has a similar system of uniquely identifying files. This way you would not have to download all the files but could still know which ones are being shared illegally by logging all those hashes and comparing them to your files. I think it is technically feasible to do this, but extremely difficult. I would recommend cleaning your files instead by adding trash to the tags section in an unused field. This would confuse most common hash algorithms. I imagine the companies could have a much more sophisticated way of hashing the files such that it does not take tags into account, but to preform this form of unique ID the companies would have to manually download each song illegally and ID it. I don't think that's likely. I feel that cleaning your pirated files is the best solution.