The Rebels Strike Back–And Shoot Off Their Feet

There’s an interesting article in Wired about an attempt to stop RIAA and Company from seeing what P2Pers are stealing.

This program is simply a modified spam filter. It blocks IP addresses.

This might work very well against anybody who keeps probing or sending from a static IP address.

But who is going to be so stupid as to do that, especially after they’ve been put on notice that such a program exists?

If I were the RIAA and Company, I would love this program, and I’ll tell you why.

All I’d have to do is sign up for a number of accounts from the most popular ISPs.

If you have a broadband connection, in all likelihood, you don’t get a static IP address. You get a dynamic IP address. That means you get a different one every time you connect.

So if I want to poke around or send lots of IMs, I can do my poking around, and after I’m done, I just refresh my IP connection and get a new IP.

Let’s presume this software picks up on what I’ve done, and adds the address to the blocked list. Fine by me, I’m not there anymore. Not so fine for a P2Per who later gets the IP address I had been using to do my dirty work.

If I do it long enough and often enough, I can probably get most of the IP addresses the ISP has to offer blocked, so all those leeching munchkins will get blocked out by the providers.

Great! Let the thieves do my work for me!

Could this program be configured to block out ranges of IP numbers? Hell, that’s even better, saves me a whole lot of time and effort.

Dumb, dumb, dumb.

The article goes on to talk about P2P going to “collaborative reputation systems” where users get rated on their usefulness.

For instance, leeches could be blocked out. If I’m RIAA and Company, oh please, pretty please, do that. That kills 70% of my problem. I have no problem with providing uploads when I’m up, I’ll just provide legal uploads. What are they going to do about that, toss out anybody who doesn’t provide illegal ones?

It might temper my IMing, but that’s hardly necessary. I don’t need to send a ton of IMs to get the evidence I need. For that matter, I don’t need to download a lot of files, either, just a list and a few representative examples.

I could have some fun with it, though. Remember, I have a lot of machines available, I can just grab a few files each from a number of machines.

So maybe I grab a hundred files from twenty machines, five each. What’s the software going to reduce, reduce the number of allowable downloads per site to four or less? Then I can go to three, two, and finally one.

More critically, collaborative reputation systems need a tracking system. Those P2Ping will have to lose at least some degree of anonymity for such a system to work. P2Pers aren’t going to like that.

Secondly, tracking information needs to be stored someplace. If it happens to be on your machine, that ought to be good for copyright infringement charges based on somebody else’s downloading.

So if I’m RIAA and Company, bring it on!!

P.S. This is just stuff off the top of my head. Imagine what people paid to think about this eight hours a day might come up with.

Seriously, Folks

You cannot run an anonymous P2P public network that can keep the RIAA and Company out. On the Internet, no one knows you’re RIAA. All that can be done is to make them change their tactics a little, and as the article shows, the cure can often be worse than the disease.

The Wired article quotes a peer-to-peer developer:

“Top-level users want this application to keep out connections from outside sources, particularly after the recent judgment that decentralized systems are legal,” said Jorge Gonzalez, founder of Zeropaid, a peer-to-peer developer site. “Users now have to think about defending themselves against attacks from companies coming after users.”

Can P2P networks be constructed that are much less vulnerable to RIAA and Company intrusion? Sure, but the only way to do that is to turn them into private, nonanonymous networks. (Of course they have to be at least somewhat nonanonymous, how else would you know whether you could trust somebody or not?)

This will make the private participants more secure, but at the cost of blocking most people out. Battening down the hatches achieves RIAA and Company’s purposes as well or better than anything they can do.

Email Ed

Be the first to comment

Leave a Reply