Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

Next Generation Piracy Tracking

By Eloquence in Internet
Fri Mar 23, 2001 at 05:26:00 PM EST
Tags: Freedom (all tags)

7 AM News reports, with screenshots, about "the recording industry's secret weapon". (The IFPI, whose logo is on the screenshots, is an international variant of the RIAA.) It is a program that tracks copyright violations on various networks (Napster, WWW, FTP, possibly more) and reports the respective users to their ISPs (one-click cease-and-desist letters).

While the source is questionable (Internet tabloid), if it's a fake, then it's pretty well done. I have verified the file sizes of some of the files listed, and checked some domain names; these are real data. Also note the blurred data and the JavaScript link in screenshot number 2, would you go to that effort for a fake? Also, it wouldn't surprise me that much. Last year, one copyright-lover released a free tool named Media Enforcer which tracked copyright violations on Napster & Gnutella (by simply using the same search results the users are using to get the files). It was very easy-to-use and created automatic lists of users who traded copyright-protected content. The guy who wrote this has removed the program soon after its release, and his new site has been quiet ever since -- he or someone like him would certainly be able to write a next generation tracking tool like the one depicted in the 7AM screenshots. And as I wrote in December, there are others who want to know what you're doing.

Currently it looks like the record companies primarily want to get the connections of major uploaders cut off. But what if, say, you want to use DSL and there's only one ISP that offers access, and that one bans you because you uploaded some DivX movies? Or what about countries where ISP access is monopolized? Or, a worst-case-scenario, what if signing up with an ISP requires a digital signature -- a non-anonymous ID that is also required by Yahoo, AOL and Microsoft? Then, copyright violations could be handled in a 'three strikes and you're out' manner. As all relevant information transactions of the future will take place online, being without Net access in the future will probably be equivalent to being homeless today.

Those who think they have nothing to worry about should consider that the notifications about copyright violations cannot be verified by the ISPs in practice. They will simply have to trust the IFPI, or the RIAA, if they want to comply with their orders (which may be necessary to comply with the DMCA). How much does it take to get a user kicked? How much will it take in the future? And how easy will it be to get back in?


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Should copyright violators lose Net access?
o Yes, immediately. Theft in real life is illegal, too. 2%
o Three strikes and you're out! 2%
o Only if they commit serious copyright violations. 19%
o No, but they should be fined / thrown in prison. 18%
o No, information needs to be free. 8%
o No, but the IFPI and the RIAA should. 41%
o What the hell are you talking about, foo! 8%

Votes: 98
Results | Other Polls

Related Links
o Yahoo
o 7 AM News
o screenshot number 2
o new site
o there are others who want to know what you're doing
o Also by Eloquence

Display: Sort:
Next Generation Piracy Tracking | 28 comments (25 topical, 3 editorial, 0 hidden)
Due process (5.00 / 3) (#2)
by Anonymous 242 on Fri Mar 23, 2001 at 10:39:50 AM EST

Currently it looks like the record companies primarily want to get the connections of major uploaders cut off. But what if, say, you want to use DSL and there's only one ISP that offers access, and that one bans you because you uploaded some DivX movies?
If a copyright holder can prove that an individual violated copyright law, I don't have a problem with an ISP revoking access from that individual.

Short of trial that returns a guilty verdict, however, I would be uneasy with this sort of situation. If all it takes is a cease-and-desist letter to get an alleged copyright violator to get cut off, we will soon have a very large problem. Just imagine if I wrote such a cease-and-desist letter to streetlawyer's ISP out of sheer pettiness. Even if the ISP is willing to investigate my allegations, it is likely far easier for me to falsify evidence or mislead the ISP than it is for streetlawyer to defend the innocence.

Does the punishment fit the crime? (5.00 / 2) (#6)
by cjm2 on Fri Mar 23, 2001 at 11:16:29 AM EST

I agree with due process. The courts need to deal with this, completely and properly. It should not be up to the RIAA or the ISP to take the law into their own hands.

My real thought on this issue is, does the punishment fit the crime? If I'm found guilty of sharing several MP3s on the net should my net access (a service I am paying for) be completely revoked? Net access tends to be looked up as a priviledge as opposed to a service (or utility) that we pay for.

If I received a speeding ticket would my drivers licence be revoked? What if I got a DUI? Depends on the severity of the action. What if I stole cable TV service? Am I then restricted from ever watching TV again, or am I just punished for the crime I committed?

Generally when a person's licence is revoked it isn't because they broke a rule, it's because they compose a risk to the rest of society. Driving under the influence puts peoples lives at risk, a parking ticket doesn't. And on the same token, an individual trading MP3s does not compose a risk to society. Whereas (for example) taking down the powergrid for a city does compose such a risk.

The punishment should fit the crime.

Just my 2 cents.

[ Parent ]
good point (none / 0) (#7)
by Anonymous 242 on Fri Mar 23, 2001 at 11:24:02 AM EST

I penned my prior post assuming that copyright holders would not be bringing criminal charges unless the violation of copyright was serious enough to warrant the time, effort and money into instigating legal procedings.

If violation of copyright is ever reduced to a ticketed offense like jaywalking, spitting in public, or driving an automobile with a busted taillight then the question of getting one's ISP revoked might look a little different to me.

[ Parent ]

even then it's bad (none / 0) (#13)
by SEAL on Fri Mar 23, 2001 at 03:14:17 PM EST

The burden of proof should not be placed on the accused.

If the recording industry presents my ISP with a FILENAME and nothing more, and says it is copyright, I can reasonably expect to have my service cut off. I would have to somehow prove to my ISP that what I was doing was legal, and hope that they would even listen to me.

This is wrong.

The recording industry should be required to demonstrate where the law was broken. In other words, they MUST download the file, play the music (if it even IS music), and verify that it is indeed a copyrighted work. A filename is not enough and makes an unfair presumption of guilt.


It's only after we've lost everything that we're free to do anything.
[ Parent ]
That was exactly my point (none / 0) (#26)
by Anonymous 242 on Mon Mar 26, 2001 at 03:14:46 PM EST

My original post pointed out that due process must be followed and that an ISP should only cut off a user after a criminal conviction for copyright infingement.

[ Parent ]
Good question. How easy is it to SE ISPs? (4.00 / 1) (#11)
by regeya on Fri Mar 23, 2001 at 11:36:25 AM EST

Even if the ISP is willing to investigate my allegations, it is likely far easier for me to falsify evidence or mislead the ISP than it is for streetlawyer to defend the innocence.

On that note, who wants some Microsoft Verisign certificates? ;-)

I wonder how many ISPs are gullible enough to fall for social engineering stunts like that. While there are some clueful people out there, there are a lot of clueless ones out there, too. :-) I've fallen for some minor stunts, but really, so many people really do take people on their word. A friend and I (and this is as far as I'll go; I'll only acknowledge the lame, harmless pranks ;-) It's kinda fun to get a couple of people in a room on computers, and hop in Geocities chat rooms. One needs the nickname Admin or something similar. Basically, the act is something similar to a good cop/bad cop act. It's amazing how worked up people can get.

People who work for businesses, I assure you, are just as gullible. Sound important, sound official, sound busy. Make 'em jump. It's amazing what you can do when you can do all that (have I said too much already? ;-)

[ yokelpunk | kuro5hin diary ]
[ Parent ]

What I'd love to do (4.00 / 6) (#4)
by FeersumAsura on Fri Mar 23, 2001 at 11:07:20 AM EST

One idea I'd love to get off the ground is to try and set up a free as in speech ISP. Due to the way capitalism works people would have to pay for their accounts, these accounts would also cost more than other ISPs.
It would be based in the UK (cos that's where I live) and would try to offer broadband and dialup. Hopefully all the servers would be running freeOSs and all things life mail/ftp etc would be encrypted.
All logs would be trashed after 24hours and user would get to decide between fixed and dynamic IP. Users wouldn't even need to let us know their details. They can pay in cash, postal orders or debit/credit cards. We'd send the details out to any address specified including P.O boxes. We would isse a public key and would expect all mail to/from us to be encrypted.
Unoftunately to keep costs down we would offer minimal tech support and would focuse more on real OS support. I don't care if most people use Windows they can use AOL we use Linux or *BSD.
I've never fully researched this idea so bit's might be iffy but I think overall the idea could work.

I'm so pre-emptive I'd nuke America to save time.
that could get hairy... (3.00 / 1) (#9)
by hurstdog on Fri Mar 23, 2001 at 11:30:36 AM EST

Since you'd be erasing logs every day or two, you would become a haven for crackers, among others. Also, I imagine if you were getting attacked, you'd want those logs, to see how they got in, or what they were trying to do. Other than that, sounds like a plan, now you need to make it happen, then open up a branch here in Davis, California ;-)

[ Parent ]
A more thought out idea (none / 0) (#24)
by FeersumAsura on Sun Mar 25, 2001 at 02:07:12 PM EST

I've thought more about this. Due to security concerns I would not offer access to access to Windows users (they could connect but I wouldn't put instructions on how to set it up) to raise the knowledge bar. Due to worries about people using mail servers as spam servers I would not offer any mail services. I would still offer webspace and news though. It would be more expensive as I'd liek to provide access to good kit.
The security aspect is a problem. I would love to delete logs after 24 hours but as it was pointed out this would make finding crackers harder.
So far my ideas are use *BSD with everything locked down for routing. Web servers will also be running *BSD with only HTTP turned on and CGI etc turned off. To protect user details I would use an airwall to seperate details from log on names and passwords. All user names will be 16 digit random strings as will passwords. This will annoy people with poor memories but ...
As I would have no sensitive info on public machines adn would have an image of the drives after an intrusion I would just replace wit hthe mirror. It's not worth teh time and money to do a full investigation. I would check to see roughly how they got in and try to stop them but it's not always possible. As for teh UK RIP bill I'm in the middle of mercilessly pestering MPs and future MPs with questions. I recently chased the tory candidate off my property for voting for agreeing with it.
Yes I know I will recieve attention from the government and newspapers but I'm not worried. I want free seech and I'm willing to face consequences.
One thing I am doing is sending encrypted mails with the express intention of being forced to reveal the public key. Waste time in the courts and then give in. It's legal and it wastes thousands. It might be childish but I'm happy.

I'm so pre-emptive I'd nuke America to save time.
[ Parent ]
Laws (3.00 / 1) (#10)
by Eloquence on Fri Mar 23, 2001 at 11:30:57 AM EST

All logs would be trashed after 24hours

Check your law on this. AFAIK, most countries require ISPs to keeps log for a certain time, from 30-60 days. I would expect to see the UK in the upper range here.

all things life mail/ftp etc would be encrypted

Check your law on this. According to the UK RIP law, you have to be able to turn out the key(s) to let authorities decrypt the content.
Copyright law is bad: infoAnarchy Pleasure is good: Origins of Violence
spread the word!
[ Parent ]

I found something like this.... (3.00 / 1) (#22)
by logiceight on Sat Mar 24, 2001 at 11:39:05 PM EST

I have found an ISP similar to what you are thinking

You can find it <a target=_top href="http://www.anonymizer.com/" >here

[ Parent ]
Too bad it wouldn't work. (4.00 / 3) (#8)
by Seumas on Fri Mar 23, 2001 at 11:29:25 AM EST

See, the thing is -- the complainant has to declare that the material is a copyright violation and then file the appropriate paperwork. Relying on a piece of code to go around deciding what is and is not infringing will result in so many false and completely unreliable claims that nobody -- including the law -- will take them seriously any longer and just toss the filed complaints out or fine the RIAA for every piece of crap that they dig up (just like you're find when your home or business alarm repeatedly goes off falsely).
I just read K5 for the articles.
Re: Too bad it wouldn't work. (4.50 / 2) (#27)
by WWWWolf on Tue Mar 27, 2001 at 11:56:20 AM EST

the complainant has to declare that the material is a copyright violation and then file the appropriate paperwork. Relying on a piece of code to go around deciding what is and is not infringing will result in so many false and completely unreliable claims

Yeah, but the most annoying (from record label point of view) people who distribute tons of music over Napster, FTP server and such have their stuff on large sitez. The steps the Big Ugly Copyright Enforcer (BUCE) does is this:

  1. The BUCE logs on the ftp site. (Gets the typical "24H, CaBlE, n0 RaTioZ!!!!1!!1!!!1! wu-ftpd for Windows 1.2 (23132312 exploits and growing!!!)" message on their screen.)
  2. The BUCE notes the d00d has several interestingly-named and well-ordered files there.
  3. The BUCE snarfs some files (1 to 10 or whatever) from there and listens to them to determine if they're what they say they are.
  4. The BUCE notes this is so and asks the d00dz ISP to pull the plug and tell where this crystallization of l33tness happens to live.

The record labels are after the Big Pirates. The "big pirates" are the entities who run big servers (or services, like Napster) that have several "pirated" pieces of music on fast servers. Prove that the big d00d has couple of illegally-distributed tunez, and they have grounds for a LART.

The tools to find big concentrations of suspicious files are just aid; they still require mammal intervention.

-- Weyfour WWWWolf, a lupine technomancer from the cold north...

[ Parent ]
give it up, you napster loving convicts (3.00 / 7) (#12)
by eLuddite on Fri Mar 23, 2001 at 11:41:37 AM EST

Those who think they have nothing to worry about should consider that the notifications about copyright violations cannot be verified by the ISPs in practice. They will simply have to trust the IFPI, or the RIAA, if they want to comply with their orders (which may be necessary to comply with the DMCA). How much does it take to get a user kicked? How much will it take in the future? And how easy will it be to get back in?

Under the DMCA infringing material will have to be removed, infringing users remain entitled to their day in court. If you remove the offending files from your upload directory (easily verifiable by the same Media Tracker software which originally nailed you, presumably), there is no longer any provision in the DMCA that would compel an ISP to punt your net access. The RIAA may as well "order" your ISP to knit a fur coat out of 101 dalmations.

Once the files have been removed, the artist, label, RIAA, IFPI, take your pick, can pursue you in court for copyright infringement. If you lose, net access is the least of your worries. If you win - say because you didnt infringe on a copyright - feel free to countersue all the way into retirement.

In other words, those who think they have nothing to worry about actually do have nothing to worry about. Considering how difficult it would be to prove infringement on the basis of logs produced by software running over a network (tcp) that has no facilities for authentication (ip4), you'd have to be a major league pirate before anyone hauled your ass into court.

In fact, 90% of lawyering is bluffing the opponent into doing the right thing. Ie, the real strength of this software is that it will put the fear of mom into the average 16 year old file trader.

Upon review of your article, I can only conclude from its unfounded, alarmist, shrill tone that it is a troll.

    Lionel Futz, sheister, shoemaker.

(I also have an opinion on Media Tracker, if you are interested.)

God hates human rights.

Don't delete the file, just fill it with 1s and 0s (2.00 / 1) (#16)
by DrEvil on Fri Mar 23, 2001 at 09:03:48 PM EST

Why delete a file when the RIAA come a knocking when you can just fill the file with arbitrary 1s and 0s? Just make sure the file length is the same! Then you can just say that you never had what they say you have. If everyone started doing this eventually they will have to give up, or atleast download every single file to verify they are what the filename says it is.

But then again, why make all this p2p services avaliable to the average user? Back in the day when it took hours to find the MP3's you were looking for there was no RIAA causing trouble. We need those good old days back again (while making it slightly better). I think we need to put these file sharing services on another network segment altogether. IPv6 would fit the bill nicely here. This will do two things:

1) Force people to move over to an operating system that supports IPv6 out of the box. Now assuming the RIAA is in cahoots with Microsoft with all the talk of media protection in WinXP the RIAA will be reluctant to move to a non-Microsft OS, so without 3rd party winsocks that support IPv6 they will be out of luck. This might prove to be the killer app for non-Microsoft OS's!

2) Eventually since everyone wants to get on the IPv6 bandwagon to use these file swapping services, Microsoft will be forced in to adding IPv6 support into thier products if they want to be able to access these new services which thier clients demand. This now will roll out IPv6 for everyone and we can move ahead into the future dropping support for IPv4.

Well it sounds good in theory anyway.

[ Parent ]
Re: Don't delete the file, just fill it with 1s an (4.50 / 2) (#18)
by eLuddite on Fri Mar 23, 2001 at 09:26:56 PM EST

It's extraordinarily easy to come up with technological foils against attempts at copyright protection. But here's the thing: at some point you will have to realize that justice is a balancing act between rights, not technologies. If you insist on disparaging the rights of music creators at the expense of music consumers, do not be surprised when the law must, a practical measure against your technological prowress, adopt and enforce draconian laws and punishments. You _will_ reap what you sow, one way or another, later if not sooner. Since it is not possible to excise a cancer from society with any degree of surgical precision, you will take a lot of other rights down with you as collateral damage. By sticking it to the man, you erode everyone's rights. For example, no one should be surprised at the passage of the DMCA and other reactionary copyright laws of late.

God hates human rights.
[ Parent ]

mojo nation (4.00 / 1) (#14)
by gps on Fri Mar 23, 2001 at 07:44:23 PM EST

Systems designed like mojo nation are much more difficult to run this type of tracking software on. The data is stored in tons of encrypted redundant small pieces all over. That's not grounds for someone's ISP to shut them down. (*) Note, mojo nation in its current incarnation is -not- tracking proof. In its current design it is still possible, by running a well used broker of your own, to figure out who published something when they send you one of those data blocks during publication. It requires sophisticated active monitoring.

(*) unless you accepted your ISPs agreement with a "users may not run servers" clause which if they wished could be interpreted as "users are not allowed to accept incoming TCP connections"

The meaning of "lover"... (1.21 / 32) (#15)
by joto on Fri Mar 23, 2001 at 08:05:19 PM EST

Last year, one copyright-lover released a free tool named[...]

Is this the same kind of lover as in nigger-lover? Got to love the english language...

Ability to moderate (4.33 / 3) (#28)
by Sheepdot on Thu Apr 05, 2001 at 01:02:15 PM EST

His comment was offensive, but it is a *really* good point. I suggest re-reading it. Substitute "child-porn" in place of the derogatory and offensive term.

Please note joto's bias was opposite what many of you think. He also had a decent record of high commented items.

Anyway, I'm doing a 3 cause it was a decent comment that many people overlooked simply because of the term "nigger"


James Baldwin has used the term in the past (even when referring to African Americans like himself, as you can see in the Dictionary.com comment) and was an avid speaker regarding civil rights. He's a man I admire too.

I'm a bit upset on the Political Correctness angle that has been taken here, it is as if even talking about the word is taboo. I guess we'll find out if people moderate my response here to zero.

Anyway, I suggest relooking at his comment, it is a very interesting one, and no, he is not racist, he's relating the term copyright-lover as if the person who said it is unfairly biased against copyrighting. Much the same way someone who says nigger-lover is biased against people due to skin color. It is a very powerful statement, unfortunately it uses a term that can't even be mentioned anymore in a strictly vocabulary context.

Ugh, the futility of arguing this really gets to me sometimes.

[ Parent ]
How does the legal side work? (3.00 / 1) (#17)
by jesterzog on Fri Mar 23, 2001 at 09:14:30 PM EST

The IFPI, at least from the screenshot, seems to be listing places where music is available to be downloaded. Probably it works in a similar way to Media Enforcer, by simply using the search protocols. (At least I can't think how else it could be tracked, unless they have a huge carnivore-type infrastructure.)

Does anyone have any legal experience about how effective a cease-and-desist order can actually be when there's no evidence of trading actually taking place? At least there isn't unless they manage to spy on two people actually trading the files, or if they try to download it themselves and manage to get it, proving that the person was making it available.

I'm aware that there's a good chance that the music being listed was probably pirated by the person sharing it anyway, but they probably don't have any definite evidence of that before ordering it down. Or is the whole thing just scaremongering backed up by expensive lawyers?

One of the things about Napster is that on installation, it tries to make every mp3 you have available by default unless you tell it not to. So if someone legally owns it and there's no evidence of it actually being traded, how does this cease-and-desist strategy hold up?

I guess kuro5hin isn't the ideal place to ask a legal-type question, but as long as the story's here....

jesterzog Fight the light

A C&D is just a letter (4.00 / 2) (#20)
by Keslin on Sat Mar 24, 2001 at 08:30:25 PM EST

A C&D is a letter, nothing more. It's not binding in any way. The effectiveness of a C&D is determined entirely by what the receiving party does when they get the letter.

The primary purpose of a C&D is to avoid litigation, by requesting compliance up front. A C&D is not, by itself, part of the litigation process.

-Keslin, the naked nerd girl.

[ Parent ]

Net access like being homeless.... (3.33 / 3) (#19)
by Blarney on Sat Mar 24, 2001 at 05:16:56 AM EST

If Net access becomes a necessary utility, like phone service is now, it'll be regulated like the phone system. A Net connection will be given to folks on welfare, and it will be kind of a right. Do they take away your phone if you make 3 prank calls? Nope, the phone is a necessity now. It would be like forbidding you to eat because they caught you throwing eggs.

Do wrong: accept the consequences (3.00 / 3) (#21)
by Keslin on Sat Mar 24, 2001 at 08:44:07 PM EST

Some of the comments in this story bring up the topic of due process, which is indeed an important point here.

Aside from due process issues though, this seems pretty simple to me. In the real world, if you steal from somebody, then you have consequences to deal with. Only sociopaths are incapable of comprehending the consequences of their actions. In online society, you are still responsible for your behavior. If you run out and intentionally steal from somebody, then you might be inconvenienced in the future when your victim finds you.

Whether you happen to think that you are in the right doesn't really matter. If a bank employee embezzles money from his employer and justifies it by rationalizing that he isn't really stealing since the bank is so big, that employee is still going to jail when he gets caught. That employee might have a warped ethics system, but the law doesn't care. The same is true online, if a Napster user rationalizes that he isn't really stealing from somebody when he pirates music, that doesn't really have a lot to do with how society will treat him if the victim comes forward to demand justice.

If there is some legitimate reason why simple societal rules should have special exceptions for online behavior, then that reason eludes me.

-Keslin, the naked nerd girl.

What "due process"? (3.00 / 2) (#23)
by darthaggie on Sun Mar 25, 2001 at 12:29:04 AM EST

RIAA (or equivalent) want's to be able to complain, and get you booted. What due process?

The standard ISP response should be: We're not qualified to judge whether or not our user is violating any relevant statutes. Send us a suponea, and we'll give you their contact information, and you can pursue this thru the normal channels. Like everyone else on the planet.

I am BOFH. Resistance is futile. Your network will be assimilated.
[ Parent ]

Right (3.00 / 1) (#25)
by Keslin on Sun Mar 25, 2001 at 05:05:34 PM EST

Well right, like I said, the biggest concern here is due process. That's a legitimate problem in this situation, and it's a complex one. I didn't comment on the due process aspect.

My point was that at a higher level, this is all about being responsible for your behavior. Whether online or in the real world, any citizen is responsible for the consequences of their actions. If you steal from somebody, then don't be surprised if you are sanctioned by society in some way. The original story seems to be written from the point-of-view that the online world is somehow different, that it should be an enclave where societal rules work differently and there is no accountability for misdeeds.

The system that the online world uses to sanction criminals is just being worked out now. It is complex and error-prone, and tying it into the legal system from the real world is creating a lot of problems. The due process issues are an example of that. We aren't going to abandon efforts to civilize online society just because it's complicated, though.

-Keslin, the naked nerd girl.

[ Parent ]

Next Generation Piracy Tracking | 28 comments (25 topical, 3 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!