So after the news that the Recording industry will begin collecting evidence and preparing lawsuits against file sharers who illegally offer music online, I wanted to share some knowledge with people concerned about this latest news.
What exactly is going on?
I can only speculate on how the RIAA nerds are doing this, but you can bet the RIAA is pooling resources across ant-piracy technology. Nintendo wins case against pirates
You can bet they are watching KaZaA, so I recommend you use KaZaA as little as possible or not at all if you live in the United States. New bill injects FBI into P2P battle
Crafty programmers have been pimping out P2P data for years now distributing network stats to music VP’s. Senate committee to address ISP subpoenas They have an idea of what goes on and how much is transferred. ‘Hail to the Thief’: Radiohead sales unaffected by spread of illegal advance copies I am guessing they will be hitting the mainstream networks looking for some dumb smuck sharing 1 or > gigs of content. Warez leader get’s 18 months But they could come down on some 13 yr old pony tailed girl listening to Britney. Student accused of music piracy gets online support! What happens then? Networks such as gnutella Gene Kan: Old School Gnutella, WinMx, eMule might be in the mix of monitored networks as well. Mary Bono’s Raring to Run RIAA
What can I do?
If you have large collection, don’t share it only insecure networks or open protocols! Operation Buccaneer Bites Release Scene Again Don’t share large amounts of files on KaZaA or gnutella! Don’t leave your computer running with a P2P application running in the background for a long period of time. They will be looking for nodes serving content for extended periods of time and serving a large amounts of data. Privacy vs Internet piracy
New programs to look at
Freenet – “Free software which lets you publish and obtain information on the Internet without fear of censorship. To achieve this freedom, the network is entirely decentralized and publishers and consumers of information are anonymous. Without anonymity there can never be true freedom of speech, and without decentralization the network will be vulnerable to attack.
Communications by Freenet nodes are encrypted and are “routed-through” other nodes to make it extremely difficult to determine who is requesting the information and what its content is. Users contribute to the network by giving bandwidth and a portion of their hard drive (called the “data store”) for storing files. Unlike other peer-to-peer file sharing networks, Freenet does not let the user control what is stored in the data store. Instead, files are kept or deleted depending on how popular they are, with the least popular being discarded to make way for newer or more popular content. Files in the data store are encrypted to reduce the likelihood of prosecution by persons wishing to censor Freenet content.”
PeerGuardian – Free software called PeerGuardian creates a personal firewall that blocks the IP addresses of snoops. They can see the names of files being traded, but they can’t download the file to tell whether it’s a copyrighted file.
Earth Station 5 – sdES5 breaks new ground by providing fast file sharing and downloading with stealth technology to hide your ip address and prevent harrassment. ES5 uses proxy servers and SSL encryption (Secure Sockets) to transfer files. No one but you knows where a file is going and no one but you and your sharee know what was transferred. A wealth of other features include: Preview files while they are downloading to find out in minutes that you dont want a file that might take hours to download. Uses random ports so your ISP cannot limit your bandwidth by traffic type nor can anyone.scan your system and know you are using ES5. Uses SSL so your ISP or admin cannot know what you are transferring.
WASTE – WASTE is a software product and protocol that enables secure distributed communication for small (on the order of 10-50 nodes) trusted groups of users. WASTE is designed to enable small companies and small teams within larger companies to easily communicate and collaborate in a secure and efficient fashion, independent of physical network topology. Security: WASTE uses link-level encryption to secure links, and public keys for authentication. RSA is used for session key exchange and authentication, and the links are encrypted using Blowfish in PCBC mode. The automatic key distribution security model is very primitive at the moment, and may not lend itself well to some social situations. WASTE secures the links of the WASTE network by using RSA to exchange session keys and authenticate the other end of the connection. Once the hosts have authenticated each other and both have the correct session keys, the connection is encrypted using Blowfish in PCBC mode (using different IVs for each direction of the connection). The oversimplified process for bringing a link up is (see comments in the code and the code itself for a more in depth view):
Both sides exchange public key hashes, and verify that they know that hash
Both sides exchange session keys and challenge-response tokens encrypted with each others public keys.
Both sides decrypt and verify the challenge-response tokens, and begin encrypted communication (a stream of messages, each message is verified using an MD5).
