×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Tool Promises To Passively ldentify BitTorrent Files

timothy posted more than 5 years ago | from the checks-for-the-evil-bit dept.

The Internet 265

QuietR10t writes "A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers. 'Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,' says Schrader." I wonder if it can specifically identify legal content, too.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

265 comments

Last Post (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26832203)

Last Post...do not post after this.

Re:Last Post (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26832367)

Okay.

ATTN !! Is this a good thing or a bad thing? (0)

Anonymous Coward | more than 5 years ago | (#26832525)

I can't tell from the summary. Good being, good for us pirates, not good for law-abiding citizens who realize stealing is stealing, and you'd burn in hell forever, so if us pirates want to, to go right ahead.

this tool can lick my scrotum (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26832211)

hacked seed boxes for the win!!

Carrier Status? (1, Insightful)

oahazmatt (868057) | more than 5 years ago | (#26832231)

So, if for instance, Verizon or AT&T start using this tool, does that mean they lose common carrier status?

Re:Carrier Status? (5, Informative)

commodore64_love (1445365) | more than 5 years ago | (#26832293)

I wish people would stop repeating this urban legend. ISPs do NOT have common carrier status. I wish they did, but they don't.

Re:Carrier Status? (5, Insightful)

Jane Q. Public (1010737) | more than 5 years ago | (#26832403)

They SHOULD. As long as they do not alter or supply content themselves.

The whole concept of common carrier was to account for services such as ISPs. Of course telephone systems were the first real examples, but the concept is still the same: a communications channel, where a service can carry those communications from point to point, without altering, supplying, or monitoring content.

I know of no logical reason why ISPs should not be "common carriers". They are ideal candidates to be. As long as they keep their fat fingers off the content.

And THEY should be in support of the concept, because if they cannot claim the "common carrier defense" (i.e., no responsibility for content), then they have some very heavy legal liability issues that common carriers do not have to deal with.

Re:Carrier Status? (1, Interesting)

Anonymous Coward | more than 5 years ago | (#26832599)

ISPs have no interest in being considered common carriers, because they already get all the same legal protections, without needing to meet the requirements or possibly lose the protection if they fail to meet them.

Re:Carrier Status? (4, Informative)

Kjella (173770) | more than 5 years ago | (#26832697)

The short story: There's more to being a common carrier than lack of liability, and ISPs don't want it. ISPs have liability protections under USC 17512 [cornell.edu] which are very strong and thus under heavy lobbying attack, but they are *not* repsponsible for content today. Read it yourself, it's surprisingly clear.

Re:Carrier Status? (2, Interesting)

Anonymous Coward | more than 5 years ago | (#26832843)

"...then they have some very heavy legal liability issues that common carriers do not have to deal with."

I've always wondered how Earthlink, RR, etc. can get away with all the warez, music, movies, and porn hosted on their own usenet servers, and made available to their subscribers.

Re:Carrier Status? (4, Informative)

Wesley Felter (138342) | more than 5 years ago | (#26833335)

Usenet probably counts as a cache under section 512(b) of the DMCA; as long as ISPs process takedown notices correctly they have no liability. Also see ALS Scan v. Remarq. IANAL.

Re:Carrier Status? (3, Interesting)

click2005 (921437) | more than 5 years ago | (#26832449)

How would you start lobbying congress about making it reality? Common Carrier status in exchange for Net Neutrality.

When the phone companies switch to a fully IP based network like BT is doing over here in the UK, will they lose the common carrier status?
The difference between Telco & ISP is so thin these days already that i'm surprised the law has never been updated.

I'm not asking you specifically, just anyone who might know.

Encryption? (4, Insightful)

hansamurai (907719) | more than 5 years ago | (#26832245)

I'm assuming this has no chance of defeating encrypted connections?

Re:Encryption? (4, Informative)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#26832379)

TFA confirms it, near the end of the second page. It also only currently works at 100 megabits/second.

Re:Encryption? (3, Funny)

genner (694963) | more than 5 years ago | (#26832509)

TFA confirms it, near the end of the second page. It also only currently works at 100 megabits/second.

So my oc4 line is safe!

Re:Encryption? (5, Informative)

eldavojohn (898314) | more than 5 years ago | (#26832385)

I'm assuming this has no chance of defeating encrypted connections?

The article explicitly says it cannot recognize encrypted files as the method cannot identify them with a hash. Although, I doubt anyone could think of a good way to ID files in encrypted BitTorrent.

I thought my summary submitted this morning [slashdot.org] did a better job describing this but you should note that this has some key things to overcome before it can be used:

  • Has not been tested for false positives (explicitly stated by a researcher in the article). This has been known to totally render a technology unusable (face recognition, anyone?).
  • Their device only works on up to one hundred megabit per second before it starts to act as a choke point which makes it usefull only on a small scale (not for police/ISPs).
  • Does not work on encrypted files [slashdot.org].

They seriously need to overcome these obstacles before illegal file sharers should worry about it being used to target people.

Re:Encryption? (5, Insightful)

Dreadneck (982170) | more than 5 years ago | (#26832895)

They seriously need to overcome these obstacles before illegal file sharers should worry about it being used to target people.

I strongly disagree. People need to start raising hell about this Big Brother bullshit now. Technology like this operates under the assumption that ALL users are criminals until proven innocent and blatantly violates the 4th amendment(in the U.S. at least).

Furthermore, does anyone here honestly believe that this type of technology will only be used to stop copyright infringement and kiddie porn? This technology smacks of oppression and the quashing of political dissent.

Re:Encryption? (0)

Anonymous Coward | more than 5 years ago | (#26833479)

How much political dissent goes via BitTorrent?

Re:Encryption? (3, Interesting)

jandrese (485) | more than 5 years ago | (#26832423)

TFA specifially says that it doesn't work on encrypted traffic. In fact the whole thing seems to have some rather bogus qualities to it.

It uses a FPGA, but is stuck at a rather pokey 100Mbps. All it does is compare the encoded hash value in the Bittorrent header against a list of known illegal hashes. Hashes you have to program manually.

I've seen commercial boxes that you can already buy that do a lot more than this and faster. He made a big deal about it not disturbing the network, but that's a standard feature. Unless this thing is dirt cheap or something, I don't really see the application.

Re:Encryption? (2, Insightful)

El Torico (732160) | more than 5 years ago | (#26832727)

I've seen commercial boxes that you can already buy that do a lot more than this and faster. He made a big deal about it not disturbing the network, but that's a standard feature. Unless this thing is dirt cheap or something, I don't really see the application.

I think that the manufacturer will try to pimp this as an "IP Compliance Product" to ISPs and madly lobby every politician they can bribe, err, I mean donate to.

Evil Bit (5, Funny)

Lord Byron II (671689) | more than 5 years ago | (#26832251)

For the record, I have a rule in my iptables that specifically turns off the "evil bit" in any of outgoing packets. Thank God for Linux! =)

Re:Evil Bit (1, Funny)

pitterpatter (1397479) | more than 5 years ago | (#26832591)

Moderators, this is a textbook example of a "funny" post. On that basis, I think it deserves a 4 or 5. But it isn't otherwise that interesting, IMHO.

Re:Evil Bit (0)

Anonymous Coward | more than 5 years ago | (#26832773)

It was modded "interesting" because we found it to be a comment worthy of increased karma. Slashdot does not reward karma for "funny" mods, thus we have to mod it as "interesting". One of the others will mod it back to its proper "funny" category.

The Mod Squad

Re:Evil Bit (0)

Anonymous Coward | more than 5 years ago | (#26832789)

I read recently that slashdot doesn't grant karma for "funny" moderations but does for "informative" and the like, so if a moderator wants to grant karma, a humorous post gets modded "informative" despite the better option. This is largely because people think this sort of thing matters, which means the slashcode developers need to rethink the mechanism.

Re:Evil Bit (0)

Anonymous Coward | more than 5 years ago | (#26832811)

Oh yeah, evil bit jokes are the best, classic "nerd humor". Did you know they were invented by Al Gore?

Encrypted traffic... (1, Insightful)

bleh-of-the-huns (17740) | more than 5 years ago | (#26832257)

Till they come up with a good way to figure out whats going across the network encrypted, they will just be wasting their time.

Re:Encrypted traffic... (1)

azgard (461476) | more than 5 years ago | (#26832383)

In theory, they could attack encryption with man-in-the-middle during the key exchange. If the protocol is known, the middle man can simulate the other end node for both nodes, and give each one a different key, so they can still see the traffic.

Re:Encrypted traffic... (3, Insightful)

Kjella (173770) | more than 5 years ago | (#26832547)

And if they did that, we could start having the tracker negotiate SSL keys for us. If they tried going after the tracker traffic, we could make that HTTPS. If they started faking the certs, we could move to OpenDNS or install a "trusted" torrent root cert. That is a battle they could not win.

Re:Encrypted traffic... (1)

azgard (461476) | more than 5 years ago | (#26832645)

Well, eventually, people would have to exchange the trusted torrent root certificates directly (i.e. not over the network). And they could be filtered by the network.

I think the scheme is in principle possible, but probably very much impractical. You could perhaps create an order of magnitude more music, movies and videogames for the sheer cost of the setup required to negotiate all the encryption keys in the central government server.

Re:Encrypted traffic... (2, Insightful)

headbulb (534102) | more than 5 years ago | (#26832829)

He was talking about using a man in the middle attack. Both parties think they are talking to eachother.

It doesn't matter if the tracker sends us a SSL key for us if a man in the middle attack can be used. The only way to be sure the key isn't altered is to get that key directly from the source. How you do that is up to you.

There isn't much that is open about "OpenDNS". OpenDNS is a bad solution for a non-issue problem. Please stop advertising for them.

What we should be fighting for is for isp's to be common carriers. Then there really isn't a market for this type of monitoring hardware. Other then for some company firewall.

Re:Encrypted traffic... (1)

Kjella (173770) | more than 5 years ago | (#26833135)

It doesn't matter if the tracker sends us a SSL key for us if a man in the middle attack can be used. The only way to be sure the key isn't altered is to get that key directly from the source. How you do that is up to you.

Wrong, wrong, wrong. Or well, if you don't trust the tracker then true but then the whole setup doesn't make any sense. If we both have a secure conneciton to the tracker then the tracker can swap keys for us and there's nothing a man-in-the-middle could do to prevent us from creating a secure peer connection. And if they tried attacking our connection to the tracker, we could use HTTPS and certificates to prevent that. It's you that don't understand.

Re:Encrypted traffic... (4, Interesting)

Sloppy (14984) | more than 5 years ago | (#26833067)

That's a lot of "we could"s. How about just using the global OpenPGP WoT, and stopping the problem in its tracks?

Once you have a distributed authentication system (which is what lets you exchange keys safely), email is just one of the applications you can build on it. Sounds like you guys have another. Whatever. The more things it's used for (the more people who connect to the WoT) the better it works for everyone.

Quit building a redundant but also specialized infrastructure, and instead, join the original.

Re:Encrypted traffic... (4, Insightful)

Shakrai (717556) | more than 5 years ago | (#26832695)

In theory, they could attack encryption with man-in-the-middle during the key exchange

In theory, isn't this (or shouldn't this) all be illegal under wiretapping laws anyway?

As a private citizen I don't have the right to start monitoring my neighbors phone calls (even if those calls are broadcast [wikipedia.org] into my house without encryption) just because I suspect she is dealing drugs. What gives my ISP the right to start monitoring my packets just because they suspect I'm pirating something?

Re:Encrypted traffic... (1, Insightful)

iminplaya (723125) | more than 5 years ago | (#26832849)

What gives my ISP the right to start monitoring my packets just because they suspect I'm pirating something?

The government. You know, those crazy baldheads that keep getting reelected all the time? You gotta vote for the right lizard.

Re:Encrypted traffic... (4, Informative)

Shakrai (717556) | more than 5 years ago | (#26832941)

New York State Penal Law:

250.05 Eavesdropping.
A person is guilty of eavesdropping when he unlawfully engages in wiretapping, mechanical overhearing of a conversation, or intercepting or accessing of an electronic communication.
Eavesdropping is a class E felony.

Re:Encrypted traffic... (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26833175)

The word "unlawfully" means that it all depends on who is holding the money.

Re:Encrypted traffic... (0)

Anonymous Coward | more than 5 years ago | (#26833007)

Yes, but this is the Evil Internets (tm)! We cannot sit by and let out children suffer! Illegal child pornography and viruses could be spread by online predators and malware hackers using this black market in pirated Intellectual Property.

How can you be so naive? We must act now before it is too late!

Re:Encrypted traffic... (0)

Anonymous Coward | more than 5 years ago | (#26833419)

Great example of a comment deserving a 5 with a 0, based on the following criteria:

1) Funny, in that Orson Scott Card Way
2) Identifies the problem/reaction/solution method of political growth
3) Identifies the ridiculousness of the current implementations of such growth
4) Is very sexy

Here's a novel idea, DONT FUCKING STEAL SHIT (0)

Anonymous Coward | more than 5 years ago | (#26833173)

Then you won't have any problems whatsoever!!

Re:Here's a novel idea, DONT FUCKING STEAL SHIT (1)

Shakrai (717556) | more than 5 years ago | (#26833329)

Who says I steal anything? I'm a law-abiding citizen who happens to be outraged at the prospect of having my private communications searched through without a court order.

Re:Here's a novel idea, DONT FUCKING STEAL SHIT (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26833455)

And yet, you happily accept google's TOS which SPELLS OUT IN PLAIN LEGALIZE that it will read ALL YOUR FUCKING MAIL and keep it forever, knowing EXACTLY WHO THE FUCK YOU ARE, and you say, thank you, google, FUCK ME SOME MORE, I LIKE IT THAT WAY WHEN YOU DO IT TO ME!!

Not yet (1)

SciBrad (1119589) | more than 5 years ago | (#26832273)

According to the article the method is currently too slow to be implemented and fails for encrypted traffic. So not quite the BT killer yet.

Re:Not yet (1)

Rary (566291) | more than 5 years ago | (#26832369)

According to the article the method is currently too slow to be implemented and fails for encrypted traffic. So not quite the BT killer yet.

Which article did you read? The one linked in the summary says the method is fast, and it makes no mention of encryption.

Nevertheless, it sounds like encryption would do the trick here. All it's doing is looking for torrented files and comparing the hashes to a database of known "illegal" content. If it's a match, then it logs the IP address.

Re:Not yet (4, Funny)

blueg3 (192743) | more than 5 years ago | (#26832447)

He probably read page 2 of the article,.

Re:Not yet (3, Funny)

Rary (566291) | more than 5 years ago | (#26832745)

He probably read page 2 of the article,.

Ouch! Wow, do I feel like a retread.

Oh well. Allow me to turn this around and make it the website's fault instead of mine: who the hell decided that such a short article needed to be split into two pages? This isn't a print medium. Have they never heard of the scrollbar?

I'll go away now.

Re:Not yet (0)

Anonymous Coward | more than 5 years ago | (#26832885)

Ouch! Wow, do I feel like a retread.

You're not a retread, you're more Gregory Peck to blueg3's Cary Grant - not bad, but not preferred.

Re:Not yet (2, Informative)

pipatron (966506) | more than 5 years ago | (#26833119)

who the hell decided that such a short article needed to be split into two pages?

The guy who wants to get a lot of ad revenue by making you see more ads.

Re:Not yet (3, Funny)

Rary (566291) | more than 5 years ago | (#26833457)

who the hell decided that such a short article needed to be split into two pages?

The guy who wants to get a lot of ad revenue by making you see more ads.

Someone should point out to that guy that he put the same ads on both pages.

Re:Not yet (1)

baKanale (830108) | more than 5 years ago | (#26833545)

Ouch! Wow, do I feel like a retread.

Hey, it can always be worse than a retread tire. You could feel like a bald tire, or maybe one illegally dumped in the woods somewhere.

Re:Not yet (2, Informative)

rts008 (812749) | more than 5 years ago | (#26832713)

Which article did you read? The one linked in the summary says the method is fast, and it makes no mention of encryption.

Well, this article [technologyreview.com] claims that it is too slow @100Mb/s for ISP and law enforcement use. And it is defeated by encryption.(yes, that is the same article that is linked in the summary!)
FTA:

Even if the legal framework were to allow the technology, it is not quite ready to go. Tests of the system, details of which will be published later this year in a book called Advances in Digital Forensics V, showed that it was effective at detecting 99 percent of illicit files, but only at speeds of 100 megabits per second.

That's too slow for commercial or law-enforcement purposes, according to Anderson. Schulze agrees: "One gigabit per second or ten gigabits per second are required today to monitor a network." He also says that it is unclear whether the system might produce false positives, incorrectly labeling legitimate files as illegal.

Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.

[emphasis mine]

Admittedly, this was all on the second page of TFA, but it is there.

Re:Not yet (1)

myVarNamesAreTooLon (1474005) | more than 5 years ago | (#26832395)

No, previous methods are too slow because they examine the contents of each file, whereas the new system is completely passive and only looks at the hash.

A handful of network-monitoring tools can identify specific BitTorrent files, but the process is generally slow, since the contents of each file have to be examined. The time that this takes also increases exponentially as the number of files that need to be scanned grows. "Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,"

Encryption! (0)

Anonymous Coward | more than 5 years ago | (#26832281)

Just one more reason to encrypt my traffic.

It's called Port Mirroring (5, Informative)

alta (1263) | more than 5 years ago | (#26832291)

And my $200 24 port gigabit switch from Dell will do it. And that's a cheap piece of crap. For the 3 of you who don't already know, You specify one port on the switch to receive a copy of all traffic on the entire switch, a vlan or a specific port. Then you can hook etherial to that port and monitor all of the traffic without modifying the original. OOOOhhhh, magic eh?

Anyway, even after I RTFA, I still didn't see anything that this thing does that my cheap port and a P2 running etherial couldn't do.

Re:It's called Port Mirroring (0)

Anonymous Coward | more than 5 years ago | (#26832759)

Your right, if they are dealing with very little traffic their work is not very interesting. The only thing that makes their implementation interesting is the fact that it is done in hardware. Presumably, the fact that it is implemented in hardware makes it fast enough to scan lots of traffic.

Re:It's called Port Mirroring (1)

Pentium100 (1240090) | more than 5 years ago | (#26832847)

While I have no use for that switch, it still puzzles me - how do you cram all traffic that's going though the switch (up to 22gbps) to a single 1gbps port?

Anyway, this idea is older than that 1gbps switch. 10 and 100mbps hubs also have that feature :).

Re:It's called Port Mirroring (2, Insightful)

tijsvd (548670) | more than 5 years ago | (#26833083)

Two points.

One: the mirror port (aka span port) on your switch does not buffer the traffic, and will drop packets in any spike. That's true even for expensive Cisco switches. To get all traffic, you need a network tap on a line.

Two: getting the traffic isn't hard. It's basic sniffing. Analysing the traffic in realtime is what matters.

hmm (5, Interesting)

Anonymous Coward | more than 5 years ago | (#26832295)

More restrictions on content? More encryption.

Better cracking techniques? Better encryption.

Tyrannical government? Revolution.

Re:hmm (0)

Anonymous Coward | more than 5 years ago | (#26832455)

More encryption works to a point. Eventually, governments will just drop the other shoe and either outright ban encryption, or assume immediate guilt of criminal or civil charges if encrypted contents are found.

Completely Biased and Worthless (5, Interesting)

RingDev (879105) | more than 5 years ago | (#26832299)

Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.

If you make breathing illegal, only criminals with breath.

-Rick

Re:Completely Biased and Worthless (3, Insightful)

azgard (461476) | more than 5 years ago | (#26832707)

Or, everybody will become a criminal.

Re:Completely Biased and Worthless (0)

Anonymous Coward | more than 5 years ago | (#26832831)

I've never in my life, heard a whoosh as loud as a planet passing by...

Re:Completely Biased and Worthless (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26832833)

Logic Fail. If everyone becomes a criminal, then it is still true that the only people who are breathing will be criminals.

Re:Completely Biased and Worthless (1, Informative)

Anonymous Coward | more than 5 years ago | (#26833189)

I think you mean breathe.

Developed by the Air Force (0, Offtopic)

Ethanol-fueled (1125189) | more than 5 years ago | (#26832305)

No surprise there. [google.com] Air Force calls itself the "Ivy League" of armed forces, but they have their own methods of treating their own like shit. A guy I know had his computer yanked by OSI because he was suspected of possessing Cee Pee, but nothing ever came of it and the bastards didn't even return his computer.

The Gestapo-like OSI recruit airmen with special skills or college credit out of techschool to become professional rats. See that guy in your dorm party pretending to drink the same beer all night? That's the one. A guy in my unit walked free from drug use punishment because the OSI coerced an interrogation of out him without reading him his rights.

For those of you in the Air Force, don't believe the OSI hype. All they do is bust airmen for underage drinking and minor drug offenses when they're not sitting on Limewire all day looking for Cee Pee. Should they pull you in for questioning, simply be as vague as possible or say nothing at all. They pulled me in(just like in the movies - Mutt and Jeff interrogation with one-way mirror) to question me about others' drug use, but luckilly I was drunk at the time the alleged use occurred so I didn't remember ;)

Re:Developed by the Air Force (2, Informative)

jandrese (485) | more than 5 years ago | (#26832467)

For those of you who are wondering, my guess is Cee Pee is Child Porn.

Re:Developed by the Air Force (1)

Jah-Wren Ryel (80510) | more than 5 years ago | (#26832995)

For those of you who are wondering, my guess is Cee Pee is Child Porn.

Who knew that 3-CP0 was secretly a child pornographer, we need to outlaw shiny metal droids for the safety of the children!

Yawn (3, Interesting)

happyemoticon (543015) | more than 5 years ago | (#26832311)

From the article:

Then the system looks at the files' hash, a unique identifying code used to coordinate the simultaneous download of hundreds of file fragments by different users. If a hash matches any stored in a database of prohibited hashes, then the system will make a record of the transfer and store the network addresses involved.

I mean, you could easily scrape some torrent sites for hashes, but it seems like this system would be fairly easy to circumvent. All you'd have to do is come of with some system for changing the hash on a peer-specific basis.

Re:Yawn (5, Informative)

blueg3 (192743) | more than 5 years ago | (#26832357)

If I read the article correctly, what they're really doing is looking at the BitTorrent infohash, which is used when communicating with the tracker and other peers to identify the torrent. (The infohash uniquely identifies the torrent.) Having a different infohash for each peer would require significant BitTorrent reengineering, I would think.

However, it's defeated by encryption, cannot legally be used in the U.S. or Europe by ISPs, and relies on a blacklist of illicit torrents.

Re:Yawn (1)

Carlosos (1342945) | more than 5 years ago | (#26832629)

Don't private trackers already use different infohash for each user to track the stats of the users?
This would mean that looking at the infohash will only work for public trackers (which are slow most of the time anyways) and to get around that you would only need to use Tor for communication to the public tracker which is already supported by a few bittorrent clients.

Re:Yawn (1)

blueg3 (192743) | more than 5 years ago | (#26833243)

As it's a passive tool, all you'd need to do is encrypt the communication with the tracker.

Re:Yawn (1)

jandrese (485) | more than 5 years ago | (#26832483)

Changing the hash on peer basis would mess the protocol up pretty badly. It's a lot easier just to turn on the encryption stuff.

Re:Yawn (1)

BuckaBooBob (635108) | more than 5 years ago | (#26832627)

They should just use simple RoT13 or something else thats lame make it part of the protocol and copywrite it. then slap anyone that comes up with this type of technology with a DMCA Takedown/Cease and desist for circumventing the Packet inspection protection.

hashes are not the threat (1)

Khopesh (112447) | more than 5 years ago | (#26833413)

All you'd have to do is come of with some system for changing the hash on a peer-specific basis.

The hash is how data is verified. You can't just change the hashing mechanism on a peer-specific basis because you're sharing the same data with thousands of different peers. That would require every single peer to host a specific hash for each other peer, or worse, convert between hashes on the fly.

The flaw in this method is the hashes themselves; the only way to detect the so-called illicit content is by knowing the specific encoding. This stops camcorder films and screener rips because they are encoded by well-seeded individuals. This does NOT stop your standard DVD or TV rip. For example: Joe and Bob go and buy a DVD, splitting the cost. Each of them have the exact same model of computer and even the same versions of all their software. Joe encodes the DVD to a nice 700mb h264 MP4 file, then gives it to Bob. Bob encodes the DVD in the exact same manner before giving it to somebody else. Despite this, Joe and Bob's resulting files have different hashes. They're damn close to the same data (bit for bit!), but there is an ever-so-slight difference which makes the hash differ. You can't tell they're similar (by the hashes) at all.

The only way to automate such policing would be to combine this simple method with a more complex one, such as participating in the p2p, downloading the media, and comparing it to a massive archive. This sort of thing is already available; check out Shazam [wikipedia.org], a free iPhone (et al) audio fingerprinting service, for example. Note it would need a longer sample time to account for fair use, and it would need some video equivalent to effectively detect movies (which is almost certainly being developed for YouTube). In fact, it's this use of that concept that scares me so much of it ... it's only a matter of time.

(also: why is every post I reply to these days titled "Yawn" ? can't we be more creative?)

Does it detect what's within? (0)

Anonymous Coward | more than 5 years ago | (#26832313)

Bit torrent isn't illegal, downloading copyrighted material is. If I use bit torrent to share ubuntu CDs, does that mean I'm as evil to this piece of software as a person who is uploading a Motion Picture?

Re:Does it detect what's within? (0)

Anonymous Coward | more than 5 years ago | (#26832481)

Downloading copyrighted material isn't illegal. Perhaps you should stop to think that a government that tells you information can be illegal is likely illegal in itself? Last time I checked, they cancel each other out.

Re:Does it detect what's within? (1)

MrEricSir (398214) | more than 5 years ago | (#26832507)

Presumably, Ubuntu CDs wouldn't be one of the hashes in their database of pirated stuff.

Re:Does it detect what's within? (1)

doti (966971) | more than 5 years ago | (#26832777)

Worse yet.

Remember, kids: when you're downloading Free software, you're downloading communism!

Re:Does it detect what's within? (1)

smchris (464899) | more than 5 years ago | (#26833061)

Does it matter? A free and open broadcast medium isn't something most governments will embrace gleefully, so you can pretty well figure business will get whatever it wants.

Depends how its done... (0)

Anonymous Coward | more than 5 years ago | (#26832325)

It depends on how they're identifying the illegal content.

If its by checking for known checksums/hashes for certain blocks then its not too hard to defeat.

But wouldn't it be possibly to catch them 'sniffing' your transfers & prosecute them.
If you create some content and grant everyone except the RIAA/MPAA and it's investigators a license to copy & use the media,
they'd be guilty of copyright infringement if they downloaded any part of it.

I'm off to start writing the script for 'Bilbo Potter and the Prizoner of the Two Crystal Towers'.

Wait, wait, slow down there... (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#26832353)

So, you're telling me that, given a set of hashes corresponding to "Prohibited content" and access to all the packets moving across a network, you can detect prohibited content? Why, it's a miracle of science!

Seriously, this is news? It has been possible, with the complicity of the router or physical access to the wire, to unobtrusively and undetectably tap a network since forever. That isn't news. And being able to identifiy files whose hashes you have ahead of time? Also not news, especially since bittorrent uses hashes extensively itself, and was never designed for subtlety or concealment.

I realize that Technology Review lost interest in technology years ago, and now spends most of its time fellating venture capitalists; but this is pathetic.

Can't even be Used? (1)

collywally (1223456) | more than 5 years ago | (#26832387)

Great. An article about a technology that can't be used not only for legal reasons but because of technological ones as well.

By the time this is fast enough to detect things at the speeds it needs to today, we'll be transferring stuff way faster... will it ever be able to catch up? And that's not even taking into account encryption.

New Technology? (1)

usman_ismail (1394927) | more than 5 years ago | (#26832731)

They use packet sniffing and maintain a database of hashes of "bad" files. Does this qualify as new technology? So this is where the air force (Air Force Institute of Technology) spends their R&D budget.

Fantastic! (1, Funny)

Anonymous Coward | more than 5 years ago | (#26832733)

I can hardly wait for this software to hit Demoniod!

Legal content? No such thing! (1)

chainLynx (939076) | more than 5 years ago | (#26832875)

At least, I'm sure that's what the copyright holding associations would argue / propagandize.

OT: I2P? (0)

Anonymous Coward | more than 5 years ago | (#26833019)

This reminds me - is anyone here using I2P? I had a go the other day and it's actually not that bad. At one point, I forgot to turn off my web proxy and was only mildly aware of things being slower than usual. Torrents go pretty fast too: I was getting about 28KBps overall with IPSnark.

Obsolete from the start (2, Insightful)

EdIII (1114411) | more than 5 years ago | (#26833147)

It also means that it's impossible for users to tell if a network is being monitored

"Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,"

This is nothing new and it's just meaningless marketing drivel. It's impossible to tell that *any* network is being monitored. It's not like you could buy an electronic device in a spy shop that can detect network monitoring. Throttling and "traffic management" are different since that is changing the network traffic.

There is only one type of network that can prevent a 3rd party from being able to copy the network traffic. Quantum communications provides that type of infrastructure by making it *impossible* to read the traffic without destroying it.

It's not like network monitoring is really a problem anyways. If you want privacy then just use encryption.

"Our system does not modify traffic in any way, nor does it interfere in the delivery of traffic either in or out of a network,"

Ohhh, you mean it's useless right? Everyone involved knows that a large amount of torrent traffic is infringing on various copyrights. The goal of the ISPs is to protect their profit margins. They sell unlimited but expect limited. They don't care whether traffic is illicit or not, just that it does not interfere with their business models. The MAFIAA is interested in the contents of the traffic and could care less about network congestion and bandwidth issues. Until the ISPs actually start caring about content, the goals of these two groups are not the same.

Enter Net Neutrality. Only when it is in the financial interests of ISPs to care about content will they start to listen to the MAFIAA. Obviously they could not reach an agreement since the MAFIAA is going to the whores in various legislatures to trade our freedoms for the protection of a few group's business models.

Note, that I don't support piracy on principle. However, I will not give up my rights to privacy and anonymity to protect someone else's copyrights either.

Schulze adds that the approach relies on having an up-to-date list of illegal files. "The system has to update a huge list of file hashes frequently," he says. "Somebody has to qualify the hashes as copyright infringements or other criminal content."

That sounds really easy doesn't? Of course there are only a few dozen really popular public trackers out there they can scrape the thousands and thousands of new torrents each day to update their tables. Don't forget about all the private trackers either that add a file or two that changes the hash to be different from the public torrents containing some of the same files.

Yep. This should be really easy. I can't possibly see how this task could not be reasonably accomplished with just a few salaried personnel on daily basis.

From a legal standpoint, Schulze says that privacy may be a more significant problem. "Neither the U.S. nor any European country would allow [anyone] to install a device that inspects the traffic of every user just to stop Internet piracy," he says. "In this approach, every user is considered to be suspicious."

I laughed so hard I almost peed myself at this point. Legal viewpoints change more frequently than the weather. If there is enough pressure from private interests in the U.S and abroad I don't think a little thing like privacy will stop them.

Even if the legal framework were to allow the technology, it is not quite ready to go. Tests of the system, details of which will be published later this year in a book called Advances in Digital Forensics V, showed that it was effective at detecting 99 percent of illicit files, but only at speeds of 100 megabits per second.

I just knew there was a pig with lipstick on it somewhere around here. Ahhh, here it is. A product that can only deal with a fraction of your network traffic.

Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.

That's turning into one ugly pig isn't? I hope they do deploy it with enough devices to monitor the amount of torrent traffic we have now. It might actually provide the impetus for us to move to something like Perfect Dark which raises the bar quite a bit higher (really high) to monitoring the content of network traffic.

Not New (0)

Anonymous Coward | more than 5 years ago | (#26833311)

There used to be a program called P2PWatchdog that passively identified P2P content and could name the content. They could even do this with encrypted streams. However, the DMCA put them out of business because they were decrypting the streams and someone objected. I still have a copy of the program. Using it back then we caught several child ponographers.

Unclear wording (5, Informative)

Rix (54095) | more than 5 years ago | (#26833359)

This doesn't identify someone downloading a file via bittorrent, it identifies someone downloading a *.bittorrent file (presumably via http).

This is a non-issue. If anyone actually starts using this, trackers will just start using shttp for their torrent files. They're small and (relatively) low traffic, so it would be a negligible performance issue.

The only notable thing about this article is that it points out how clueless tech journalists really are.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...