Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

RIAA Tracking Songs by MD5 Hashes

michael posted more than 11 years ago | from the speakeasy-dsl-sucks dept.

Music 779

aSiTiC writes "Apparently RIAA has obtained some technical experts in their prosecution of file swappers. Currently they are tracking traded mp3 files from the Napster network by matching MD5 hashes. This seems quite interesting but I was under the assumption that identical hashes could be created with identical rips and id3v2 tagging. Now may be the time to update your illegal mp3 file MD5 hash sums."

Sorry! There are no comments related to the filter you selected.

first post! (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6812605)

first post!

gee? (5, Funny)

Comsn (686413) | more than 11 years ago | (#6812611)

The RIAA, the trade group for the largest record labels, said it also found other hidden evidence inside the woman's music files suggesting the songs were recorded by other people and distributed across the Internet.

ya think? and here i thought it was the magical mp3 fairy who put mp3s on my hd...

Re:gee? (4, Informative)

squiggleslash (241428) | more than 11 years ago | (#6812771)

To put this in context, the RIAA was responding to the impression "Jane Doe" gave that the MP3s were rips of her own CDs:
Of course, the wording of the latter is ambiguous - it could mean nycfashiongirl meant she had downloaded MP3s of pieces of music that were also on CDs in her possession. A lot of amateur lawyers on Slashdot (ahem) claim this is fair use, and given it's non-commercial and wouldn't have an impact on the ability of the artist to make a sale, that may well be true.

(This wouldn't, though, be a defense for the central problem that she made all of these MP3s available for download by millions of anonymous strangers without the consent of the copyright holders. And assuming her identity is revealed and she is sued, if the "ambiguous" claim's alternative interpretation is correct, she'll be able to show the CDs to the Judge.)

Re:gee? (1)

TedCheshireAcad (311748) | more than 11 years ago | (#6812799)

It would still be possible for her to have music with an md5 hash the same as a file on the Napster network. If they were ripped with the same encoder/bitrate/id3 tag as the Napster version, it's possible for md5 to be the same.

This may actually be an interesting legal test on the security of md5 itself. I can see lawyers arguing over collisions in the algorithm, and how a collision can help a defendant escape conviction, or simply invalidate md5 as a hashing algorithm that's "court friendly".

napster?! (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6812614)

yeah, wayta go on the tracking napster users!
that service has only been gone how many years?

any bets as to when they'll start tracking kazaa mp3s? maybe 2056?

Re:napster?! (1)

Comsn (686413) | more than 11 years ago | (#6812664)

the point is that they tracked an mp3 that was circulating from back when napster was around. ah the power of digital media to survive lawsuits.

Now what? (1, Interesting)

Anonymous Coward | more than 11 years ago | (#6812617)

We will have to create a honeypot that spoofs md5 hashes as well. IANACS, so i don't know how.

MD5-hashes (2, Interesting)

Code-Cheetah (641158) | more than 11 years ago | (#6812618)

As far as I know, you will get indentical hashes from identical files with the same ID3. How can they track files with the help of MD5-hashes?

Re:MD5-hashes (1)

guile*fr (515485) | more than 11 years ago | (#6812649)

by stripping id tags before the md5sum?

Re:MD5-hashes (-1, Offtopic)

Bu Na Dan (575203) | more than 11 years ago | (#6812677)

so identical hashes from identical files - this proof of RIAA is as good as the SCO evidences of greek language or bsd firewall code against linux and the "facts" presented by the [former] iraqui secretary of mis-information (shaaf) :) perhaps all were trained by the same three letter organization ... (conspiracy)?

Re:MD5-hashes (3, Insightful)

whaley (6071) | more than 11 years ago | (#6812680)

I'm not sure what you mean, but they don't track mp3s by generations, they just look at the mp3 hash and compare it to the known hashes of files they found on the internet, so they 'know' you didn't rip the mp3 yourself.

Re:MD5-hashes (1)

Mor Griv (444253) | more than 11 years ago | (#6812766)

Why do they need MD5 hashes at all. It is much more efficient to compare (diff) the files themselves (with or without ID3 tags) Instead of computing the MD5 hash and then compare that.

Re:MD5-hashes (0)

Anonymous Coward | more than 11 years ago | (#6812802)

If they were to store all of the mp3s for comparison purposes, that would require a huge amount of space, verses saving a hundred byte hash or so.

Let's assume average MP3 size is 3 Megs or 3,145,728 bytes. Also, assume a moderate 1 million songs. You are up to 3,145,728,000,000. That's 3.1 terabytes. Now, assume they store a 128 byte hash. 128 * 1 million is 128,000,000. 128 Megs is a lot easier to store than 3.1 terabytes.

Re:MD5-hashes (1)

ShadeARG (306487) | more than 11 years ago | (#6812784)

Normalizing would alter the waveform, causing the MD5 to change. Bitrate also causes change. I suspect imperfections on a CD do the same as well.

That's just like DNA evidence! (-1, Offtopic)

Angry White Guy (521337) | more than 11 years ago | (#6812619)

And if you can't convict O.J. with it, you must acquit!

What if... (4, Interesting)

moehoward (668736) | more than 11 years ago | (#6812620)

What if I own the CD but got files off the Internet because I was too lazy to rip them? Would I still be expecting to be sent to the prison camp?

In other news, all songs produced by RIAA artists in the last 10 years all have the same MD5 hash anyway, because they're all the same.

Re:What if... (4, Informative)

DrEldarion (114072) | more than 11 years ago | (#6812663)

Yes, because for them to know that you have the MP3s, you have to be sharing them, which is the illegal part.

-- Dr. Eldarion --

Re:What if... (-1, Offtopic)

Asprin (545477) | more than 11 years ago | (#6812689)


+6 Funny. You made my day.

P.S. I hate the frickin lameness filter. After I typed that, the preview returned:

Lameness filter encountered. Post aborted!
Reason: Don't use so many caps. It's like YELLING.

No kidding! It's *like* yelling, because it's *supposed* *to* *be* yelling. Ugh.

Re:What if... (2, Insightful)

Anonymous Coward | more than 11 years ago | (#6812717)

In all seriousness, just the other day I wanted to rip an old CD of mine, but could not due to media damage. So, I went the net and got myself an mp3 of the track.
Is that illegal? Am I a fellon?

-- A.C.

Re:What if... (2, Insightful)

91degrees (207121) | more than 11 years ago | (#6812740)


Just like if I decide to borrow your car to drive home because I'm too lazy to walk to the other side of the carpark.

What happen if (5, Interesting)

Anonymous Coward | more than 11 years ago | (#6812622)

you just normalize or edit the begining or the end of the song? Does the MD5 Hashes still works?

Re:What happen if (1)

whaley (6071) | more than 11 years ago | (#6812651)

Changing something to the file after download (edit the id or alter the sound) should indeed change the checksum. Just use a tool that updates the id tags in batches..

Re:What happen if (5, Informative)

l1gunman (463233) | more than 11 years ago | (#6812685)

Any modification, to ANY bit of the file covered by the hash, will change the MD5 hash (that's how hashes work). If you assume the hash includes the ID3 tag info, then simply editing the info (putting something in the notes field, for example) would change the hash.

On the other hand, if I were the RIAA attempting to identify common files in this way, I might be inclined to exclude the ID3 tag from the MD5 computation since it is so easily modified.

Any changes to the actual content, though, will ripple into the MD5 computation.

Short answer: "normalizing" the file for volume, or even chopping off a few seconds of trailing silence with something like CoolEdit will certainly change the hash and make it distinct from whatever their baseline hash value is.

MD5 Cannot stand up in court. (5, Informative)

Organized Konfusion (700770) | more than 11 years ago | (#6812623)

The md5 hashing algorithm has been proven to contain flaws [] allowing two files to produce identical md5 sums.

Re:MD5 Cannot stand up in court. (2, Informative)

Libor Vanek (248963) | more than 11 years ago | (#6812670)

ANY hash can produce same result on two different files since the amount of information in hash is amount of information in files.

Re:MD5 Cannot stand up in court. (1)

l1gunman (463233) | more than 11 years ago | (#6812729)

The chances of this happening with a sophisticated hash like MD5 (and its 128-bit output) is statistically insignificant.

A weakness has been found in MD5 and is still being assessed, but it is still extrememely strong, cryptographically speaking. It has been estimated that our sun will have long since gone nova before you could find two different files that have the same MD5 hash.

I believe this will stand up in court as well or better than any DNA evidence statistics.

Re:MD5 Cannot stand up in court. (1)

guile*fr (515485) | more than 11 years ago | (#6812734)

i think that the flaw is that under some circumstances you can deduce the actual data from the md5sum

own rip identical to download (1)

whaley (6071) | more than 11 years ago | (#6812624)

Could be possible, but I think there will be a big chance of there being a difference in rips made by two different people. Audio rippers aren't always perfect AFAIK.

Re:own rip identical to download (3, Funny)

Asprin (545477) | more than 11 years ago | (#6812724)

Audio rippers aren't always perfect AFAIK.

... or even competent! How many rippers can't get the tagging right when the song and artist ARE PRINTED RIGHT THERE ON THE LOUSY CD COVERSLIP! Sheesh! Learn the difference betwenn Meat Loaf and Leo Sayer for cryin' out loud!

Yeah well! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6812626)

real pirates use sfv!

Napster? (0)

Anonymous Coward | more than 11 years ago | (#6812628)

Go ahead and let them try to track down as many files as they want on the Napster network...

It will keep them occupied while everyone else uses Kazaa.

MD5 Hash (5, Informative)

fruey (563914) | more than 11 years ago | (#6812629)

This seems quite interesting but I was under the assumption that identical hashes could be created with identical rips and id3v2 tagging.

The only way for two files to have the same MD5 hash is for them to both be encoded with the same encoder, from the same WAV file, with the same bitrate and all advanced options, and to have exactly the same ID3 information, the same filesize, and to be identical to the last bit.

Otherwise, the MD5 will be nothing like the same, for two perfectly identical songs where one has a spelling error in one field of the ID3 tag. I imagine for any one song, there are many many different MD5sums out there, although perhaps one or another good quality version would exists on hundreds of different PCs...

Re:MD5 Hash (1)

Dog and Pony (521538) | more than 11 years ago | (#6812662)

You could improve on it slightly if the encoder ignores the tags, and just go for the data. This means that any file shared could then be tracked around even if someone changes the tag info...

Even so, it sounds really impractical... unless they are trying to prove that "you got this file from that guy, that got it from that guy"...

Utterly useless in tryin to prove that any mp3 is in fact this or that song, without listening to it.

Re:MD5 Hash (1)

the Man in Black (102634) | more than 11 years ago | (#6812737)

unless they are trying to prove that "you got this file from that guy, that got it from that guy"...

That is exactly what they're trying to prove. They have MD5 sums from files traded over the Napster network, and they are sneaking around comparing people's files to those. If you have a file that matches, then that means you have one of the files that was traded on Napster, which means you're going to JAIL. YOUR ASS = MEAT

My problem with this is the assumption that any file traded over the Napster network is illegal, but who asked me?

Re:MD5 Hash (1)

gl4ss (559668) | more than 11 years ago | (#6812679)

you mean like use a ripper with default options that gets the id3 tags it uses from a database like most consumers are expected to do?


Re:MD5 Hash (4, Interesting)

kzinti (9651) | more than 11 years ago | (#6812690)

The only way for two files to have the same MD5 hash is for them to both be encoded with the same encoder, from the same WAV file, with the same bitrate and all advanced options, and to have exactly the same ID3 information, the same filesize, and to be identical to the last bit.

If two people used the same ripping software set to all its default settings (as many unsophisticated users do), got a perfect rip off the CD, and relied on CDDB information for tagging the song, then it's possible that they got mp3s identical down to the last bit, and thus identical MD5 hashes. BUT to make this a plausible defense, you'd have to show that your rip was in fact perfect. In other words you'd have to be able to recreate the mp3 independently. If the old Napster mp3 had any ripping errors, then it would be hard to claim that the later rip just happened to have the same errors - assuming errors are essentially random.

Re:MD5 Hash (1)

stripes (3681) | more than 11 years ago | (#6812774)

then it would be hard to claim that the later rip just happened to have the same errors - assuming errors are essentially random.

But are they? Or are they tied to defects on the CD (scratches on the same place, or a bit error in the glass master?) Or are they tied to the model of CD-ROM used to read them? Or just plain random?

If it is tied to the CD-ROM one could argue that you ripped that CD with the same model CD-ROM as that other guy over there, but when the CD-ROM broke you got a new one (and it could even be true). (this isn't a claim I'll be needign to make, I actually ripped all my own MP3's, it's hard to find a good rip out there...and besides I'm on dial-up)

Re:MD5 Hash (1)

91degrees (207121) | more than 11 years ago | (#6812693)

The only way for two files to have the same MD5 hash is for them to both be encoded with the same encoder, from the same WAV file, with the same bitrate and all advanced options, and to have exactly the same ID3 information, the same filesize, and to be identical to the last bit.

There are only a handful of popular encoders used. Many people will produce a file by ripping straight from a CD, which , given the same CD, will result in an identical source file. Almost everyone encodes at 128kbps. Most people set the advanced options to the defaults. The ID3 information is often generated automatically by software, with information downloaded automatically from a public CD database.

If two people use the same software to rip the same CD, the MD5 has will be the same.

Where does it say MD5? (5, Interesting)

eddy (18759) | more than 11 years ago | (#6812702)

Are we sure they're actually using MD5? The article doesn't even contain the string "md5" that I can see. It mentions hashes though, but there's something called Robust Hashing [] which can be used to identify, or at least, compare content in a "fuzzy" way.

Re:MD5 Hash (1)

squaretorus (459130) | more than 11 years ago | (#6812713)

Stick a CD into my laptop, fire up Windows Media Player, hit Record CD, pick MP3 from the options, allow it to grab the track info etc...

I'm willing to bet that that will be being repeated tens of thousands of times for any one track - especially mainstream pop-crap like the lovelyiciouis Beyonce. Surely an identical MD5 comes out at least x% of the time!

Re:MD5 Hash (3, Insightful)

szemeredy (672540) | more than 11 years ago | (#6812749)

In other words, every lazy user that downloads lame with a frontend or some other encoder without modifying default settings and that leaves the ID3 tag alone (most use CDDB/Gracenote or freeDB to generate an ID3 tag, resulting in identical tags) will end up with the same MD5 hash when compared to someone else who did the same thing with the same CD. The only ways you're going to get a different MD5 checksum from an MP3 file is by: A) using a different encoder B) using a different version of an encoder C) modifying the ID3 tag D) deleting the ID3 tag E) changing the file name F) modifying the file in an audio editing program Don't forget that the RIAA is probably also using CRC checksums to identify specific albums, as many encoders also support inserting CRCs into MP3s by default (and these will be identical for rips coming from the same album regardless of bitrate)

Re:MD5 Hash (1)

Ambush (120586) | more than 11 years ago | (#6812765)

Oh right, so you haven't heard of CDDB (freeddb)?

If I buy a CD, and so does Fred 2000 miles away, and we both rip it with audiograbber (or any other common Windows ripper) using default options (incl *ddb), why would they not have the same MD5 hash?

Maybe I'm way off mark here, but I figure most people use the one O/S (even slashdot readers, no?), the same ripper, and default options on both.

Re:MD5 Hash (2, Interesting)

IRandom (219465) | more than 11 years ago | (#6812790)

Yes, but note that just changing the ID3 tag isnt enough since when you calculate the MD5 hash value you can just ignore it and then you will be able to find matches.

Although i wonder, if the WAV files on 2 CD of the same album are identical, the only thing you can prove from the fact that the hashes match is that you made the mp3 file using the same bitrate.
I cant say this is enough information.

BTW: A way to move around having the exact same copyit is by introducing small amount of random changes. one bit is enought the fool the hash

Or Perhaps... (1, Insightful)

Joel Carr (693662) | more than 11 years ago | (#6812634)

Now may be the time to update your illegal mp3 file MD5 hash sums.

Should that read: "Now may be the time to stop cheating people and start paying for your music!"


Re:Or Perhaps... (0)

Anonymous Coward | more than 11 years ago | (#6812681)

And pay for "copy protected" CDs? No thanks.

I have plenty of money to buy my CDs but since the assholes decided that I can only play the CDs I bought on a dedicated CD player and not in my car or on my computer (unless I'm willing to install Windows and play the disc with the special software found on the CD). Fuck them.

I'll get my music from the net from now on.

Re:Or Perhaps you are an idiot (-1)

classic66coupe (684338) | more than 11 years ago | (#6812760)


Re:Or Perhaps... (0)

Anonymous Coward | more than 11 years ago | (#6812763)

Nope. If I translate your translation back it states "We demand you guys/girls stop sharing, and pay the price we conjured up, so we can keep our fat asses in our comfortable, high-payed chairs."

What gave you the idea that the price that should be payed is actually for the *music* ?

I don't mind to pay *the artist* for his/her music. It's the other part of the price I've got problems with :-)

Re:Or Perhaps... (5, Insightful)

perly-king-69 (580000) | more than 11 years ago | (#6812782)

Ummm, I paid for a CD the other day but I want to listen to it on my MP3 player. The CD is copy protected. I run linux. The only way I can listen to it via mp3 is to, yup, download an 'illegal' mp3! Whoever thought that up was a fscking genius.

Plumper porn (2, Funny)

Anonymous Coward | more than 11 years ago | (#6812637)

I only trade plumber porn pics. Should I be worried?

Re:Plumper porn (1, Funny)

martinthebrit (565913) | more than 11 years ago | (#6812707)

Is that pictures of men with pipes?

No, don't tell me, I don't want to think about it. It could involve builder's cleavage and everything.

Re:Plumper porn (0)

Anonymous Coward | more than 11 years ago | (#6812728)

plumber porn pics.

You trade pictures of hairy, gassy guys who smell of sweat and crawl on all fours so that their buttcrack shows and you call them to "fix your pipes"?

Yeah, you should be worried. Get some help!!

Oh, but did you mean to say "plumper pics"? Well, in that case... oh no, wait. What am I thinking? Of course you should get help!

morons tracking va lairIE/robbIE's corepirate nazi (-1)

Anonymous Coward | more than 11 years ago | (#6812640)

..associations. they just do it for the monIE eye gas. yuk.

soon, there will be music in the air, as the whoreabull felons see the light/succumb to their own evile MiSdeeds.

fuddles.con is running linux now. no DOWt about that.

fauxking phonIE payper liesense stock markup FraUD execrable that they remain.

that's right, after the walking dead finish exterminating themselves, & sadly enough, some of us, it won't take long to clean up this cesspool of greed/fear execrable.

we're calling it the planet/population rescue program (formerly unknown as the oil for babies initiatve).

the Godless wons are helping by continuing to show where their hearts lie.

what's wrong with folks selling their kode? if it causes convenience, & interoperates with all the other kode on the planet, we say, no harm, no foul, so long as you fail to employ gangsterious/felonious practices to asphyxiate the 'competition'. sabotaging your free version of anything is a tad dastardly. if there's value added, without FUDging up the compatability, we'll pay. same with music. no more gouging dough though.

fortunately, mr stallman et AL, etcetera, is now offering comparable/superior software, to the payper liesense spy/bug wear feechurned models, in almost every circumstance. there'll be few, if any more softwar billyonerrors, as if there's a need for even won. tell 'em robbIE. you are won of the last wons whois soul DOWt, right? .asp for va lairIE's whoreabull pateNTdead PostBlock(tm) devise?, used against the truth/to protect robbIE's payper liesense stock markup bosses/corepirate nazi 'sponsors'. yuk.

back on task.

what might happen to US if unprecedented evile/the felonious georgewellian southern baptist freemason fuddite rain of error, fails to be intervened on?

you already know that too. stop pretending. it doesn't help/makes things worse.

they could burn up the the main processor. that would be the rapidly heating planet/population, in case you're still pretending not to notice.

of course, having to badtoll va lairIE's whoreabully infactdead, pateNTdead PostBlock(tm) devise, robbIE's ego, the walking dead, etc..., doesn't slow us down a bit.

that's right. those foulcurrs best get ready to see the light. the WANing daze of the phonIE greed/fear/ego based, thieving/murdering payper liesense hostage taking stock markup FraUD georgewellian fuddite execrable are #ed. talk about a wormIE cesspool of deception? eradicating yOUR domestic corepirate nazi terrorist/gangsters will be the new national pastime.

communications will improve, using whatever power sources are available.

you gnu/software folks are to be commended. we'd be nearly doomed by now (instead, we're opening yet another isp service) without y'all. the check's in the mail again.

meanwhile... for those yet to see the light.

don't come crying to us when there's only won channel/os left.

nothing has changed since the last phonIE ?pr? ?firm? generated 'news' brIEf. lots of good folks/innocents are being killed/mutilated daily by the walking dead. if anything the situations are continuing to deteriorate. you already know that.

the posterboys for grand larcenIE/deception would include any & all of the walking dead who peddle phonIE stock markup payper to millions of hardworking conservative folks, & then, after stealing/spending/disappearing the real dough, pretend that nothing ever happened. sound familiar robbIE? these fauxking corepirate nazi larcens, want us to pretend along with them, whilst they continue to squander yOUR "investmeNTs", on their soul DOWt craving for excess/ego gratification. yuk

no matter their ceaseless efforts to block the truth from you, the tasks (planet/population rescue) will be completed.

the lights are coming up now.

you can pretend all you want. our advise is to be as far away from the walking dead contingent as possible, when the big flash occurs. you wouldn't want to get any of that evile on you.

as to the free unlimited energy plan, as the lights come up, more&more folks will stop being misled into sucking up more&more of the infant killing barrolls of crudeness, & learn that it's more than ok to use newclear power generated by natural (hydro, solar, etc...) methods. of course more information about not wasting anything/behaving less frivolously is bound to show up, here&there.

cyphering how many babies it costs for a barroll of crudeness, we've decided to cut back, a lot, on wasteful things like giving monIE to felons, to help them destroy the planet/population.

no matter. the #1 task is planet/population rescue. the lights are coming up. we're in crisis mode. you can help.

the unlimited power (such as has never been seen before) is freely available to all, with the possible exception of the aforementioned walking dead.

consult with/trust in yOUR creator. more breathing. vote with yOUR wallet. seek others of non-aggressive intentions/behaviours. that's the spirit, moving you.

pay no heed/monIE to the greed/fear based walking dead.

each harmed innocent carries with it a bad toll. it will be repaid by you/us. the Godless felons will not be available to make reparations.

pay attention. that's definitely affordable, plus, collectively, you might develop skills which could prevent you from being misled any further by phonIE ?pr? ?firm? generated misinformation.

good work so far. there's still much to be done. see you there. tell 'em robbIE.

as has been noted before, lookout bullow.

but will they target aol/tw? (4, Interesting)

Comsn (686413) | more than 11 years ago | (#6812642)

The RIAA has said it expects to file at least several hundred lawsuits seeking financial damages as early as next month. U.S. copyright laws allow for damages of $750 to $150,000 for each song offered illegally on a person's computer, but the RIAA has said it would be open to settlement proposals from defendants.

will they start sending subpeonas to aol/tw customers this time?

from the Napster network? (2, Insightful)

powerlord (28156) | more than 11 years ago | (#6812646)

Gee ... I would have thought that most people had moved on from Napster to BitTorrent, KAZAA or eDonkey/Overnet

Re:from the Napster network? (0)

Anonymous Coward | more than 11 years ago | (#6812700)

How do you search BitTorrent?

Re:from the Napster network? (1)

the_Bionic_lemming (446569) | more than 11 years ago | (#6812712)

Gee ... I would have thought that most people had moved on from Napster to BitTorrent, KAZAA or eDonkey/Overnet

Why? Myself? I'd stick with ftp sites - PTP software is too public right now to be safe.

Re:from the Napster network? (1)

wpmegee (325603) | more than 11 years ago | (#6812719)

You did read the article, right?

The RIAA started doing all this 3 years ago in May 2000, which sounds just about right for Napster.

Re:from the Napster network? (1)

hype7 (239530) | more than 11 years ago | (#6812755)

Gee ... I would have thought that most people had moved on from Napster to BitTorrent, KAZAA or eDonkey/Overnet

they have. that's the point. they've taken their music with them to the new services. the checksums on the mp3s don't change, however.

either everyone is using the same encoder with the same settings, or there must be quite a large element of piracy going on here. If the RIAA are getting joy from using checksums, then it means that a small number of files are being distributed a lot, as opposed to lots of people buying their own and ripping a new version (hence seeding lots of versions of the same song).

this does bring up one interesting issue for the RIAA though - what happens if the woman downloaded the song, went out and then went out and bought it. she may have still left the song available for download for others, but it would make for a nasty case for them PR-wise if they're trying to ping someone who actually does own the music.

-- james

Time for a new WinAMP Plug-in (1, Insightful)

GreenKiwi (221281) | more than 11 years ago | (#6812647)

I think that it's time for a new WinAMP Plug-in that changes the Hash number to a random value every time it's played.

Md5 hashes are also used for.... (5, Informative)

shione (666388) | more than 11 years ago | (#6812655)

hmm Isn't that how k-sig, built into Kazaa Lite K++, works, by tracking MD5 hashes so ppl get exactly the file they want.

Changing MD5 hashes on songs to avoid RIAA would also lessen the effectiveness of K-SIG. Trading hashes of know working files was one of the ways ppl on P2p avoided downloading those fake RIAA files.

Re:Md5 hashes are also used for.... (1)

t_allardyce (48447) | more than 11 years ago | (#6812748)

Does KaZaa look at the id3 tags aswell? it would be better if they didnt, there would be allot more files classed as "the same" - ie more download servers :)

Maybe its time to include an erasing utility with KaZaa/K++ Lite, so when you get that letter from the RIAA you can securely delete all your pirate music with one click..

BBC Link (1)

L-s-L69 (700599) | more than 11 years ago | (#6812658) 7695.stm Just in case anyone is interested.


Anonymous Coward | more than 11 years ago | (#6812695)

WHY do people post the url without the A tag? Its a pain in the ass to copy and paste AND remove the spaces inserted by slashcode. Learn to use the A tag.

Here is a clickable link! []

Condoning illegal activity??? (3, Insightful)

Kombat (93720) | more than 11 years ago | (#6812659)

Now may be the time to update your illegal mp3 file MD5 hash sums.

I sincerely hope this is tongue-in-cheek. For all the self-righteous, pompous sabre-rattling that goes on in here about how good Slashdotters only possess MP3's that are ripped from personal collections, I would certainly hope that we wouldn't stoop so low as to blatantly and openly be trading tips on how to avoid getting caught doing illegal things.

What's next? A HOWTO on setting up an encrypted file system for our child porn?

Re:Condoning illegal activity??? (1)

L-s-L69 (700599) | more than 11 years ago | (#6812686)

Sorry but an encrypted file system may be used for other reasons than that mentioned. I would welcome a HOWTO on encrypted file systems, especially due to the RIP act in the UK.

Re:Condoning illegal activity??? (1)

geeveees (690232) | more than 11 years ago | (#6812733) d=6812698


earlier -test kernels had some corruption problems with cryptoloop.

All is fine now: [gvs@aeolus:~]$ uname -a
Linux aeolus 2.6.0-test4-mm2 #2 Thu Aug 28 15:04:45 CEST 2003 i686 unknown
[gvs@aeolus:~]$ sudo losetup /dev/loop0
/dev/loop0: [0302]:98315 (/dev/hdb1), encryption aes (type 18)

HOWTO: Encrypted partition (5, Funny)

geeveees (690232) | more than 11 years ago | (#6812698)

modprobe loop
modprobe cryptoloop
modprobe aes

losetup -e aes /dev/loop0 /dev/hdb1
(input password)

mke2fs -j /dev/loop0

mount -t ext3 /dev/loop0 /home/kombat/pr0n


Re:Condoning illegal activity??? (1, Funny)

iMMersE (226214) | more than 11 years ago | (#6812744)

So you are admitting to having child porn, both in the parent, and in your resume, under hobbies ("# Amateur photographer"), and in the same document your provide your work and home address?

You sir, are a dick.

Re:Condoning illegal activity??? (1)

sjwt (161428) | more than 11 years ago | (#6812747)

I download MP3s to replace the use of my dead and dieing vinal and tapes, and even cds..

why shouldnt i be able to download then or share then to someone else in the same boat..

Re:Condoning illegal activity??? (2, Insightful)

PontifexPrimus (576159) | more than 11 years ago | (#6812764)

Well, if that's what you're interested in: try this link [] .
Knowledge in itself is neutral. But it can be used for good or evil purposes. You might want to try, just as an exercise, to imagine five positive and five negative uses of encrypted filesystems or altered MD5 sums.

What!? (1)

winstarman (624536) | more than 11 years ago | (#6812665)

Some people have entirely too much time on their hands. sheesh.

So are the hashes the RIAA is tracking bigger than normal MD5 sums? In RIAA numbers I probably have somewhere around 572,947 hashes on my computer. I'm a bad boy.

Job opportunities (4, Funny)

Rosco P. Coltrane (209368) | more than 11 years ago | (#6812667)

Apparently RIAA has obtained some technical experts in their prosecution of file swappers. Currently they are tracking traded mp3 files from the Napster network by matching MD5 hashes

After all, in these dot-bust days, it's still possible to get a nice highly paid job and be called an expert by putting the right spin to strcmp() in your resume ...

hashes are kinda pointless (4, Interesting)

truffle (37924) | more than 11 years ago | (#6812668)

It is generally believed amongst file traders that it is legal to download an mp3 for a song, when you own the CD. In other words, you don't need to rip and encode songs from your own CD. However, this may not be true (I am not a lawyer).

The RIAA is using MD5 hashes as a basis for proof that the individual in question downloaded the files they are sharing, instead of ripping them from their own CD collection. This is supposed to show the individual is a willing participant in stealing and distributing music, instead of someone who is just sharing what they already own. But, see above.

I think this is mostly just a FUD tactic. They can talk to the media about how their MD5 hashes prove so-and-so is a big mean pirate hacker. MD5 hash certainly sounds scary, especially when the technology is described by the media as a tool used by hackers.

Re:hashes are kinda pointless (1)

Scarblac (122480) | more than 11 years ago | (#6812772)

The RIAA is using MD5 hashes as a basis for proof that the individual in question downloaded the files they are sharing, instead of ripping them from their own CD collection.

What's the point? It's the sharing that is illegal (you are not allowed to distribute the songs). It doesn't matter how you got the mp3, does it? It's just extra evidence.

Nearly? (0)

Anonymous Coward | more than 11 years ago | (#6812676)

The disclosures were included in court papers filed against a Brooklyn woman fighting efforts to identify her for allegedly sharing nearly 1,000 songs over the Internet.

Wow... 1000 songs! That's almost 5gb of music to have sitting around! Who does she think she is... trying to listen to music played in accordence with the pythagorean scale which has been around for centuries! It's a good thing every song put out on cd by an RIAA member sounds so different!

Tonight, on Slashdot Theatre.. (-1, Flamebait)

mumblestheclown (569987) | more than 11 years ago | (#6812678)

Tonight on Slashdot theatre:

Will the assorted slashdotters stick to the party line of "don't blame the technology, go after the users"


will they fall into the pattern of predictible cheap-shots against the RIAA?

Let's watch....

Hmm. Easy to hide then (1)

melevitt (31652) | more than 11 years ago | (#6812682)

I suspect this case will depend on whether people have a right to download music they already have on CD or if only copying it yourself is legal.

Given that the RIAA keeps implying that I don't "own" the music, just the right to listen to it, then surely once I've bought it in one format, I have the right to possess it in another format. I guess that means I'll never have to buy the White album again...

Pity the RIAA (5, Insightful)

heironymouscoward (683461) | more than 11 years ago | (#6812688)

They are really fighting a losing battle.

Exchanging music is not about piracy, it is about exchanging culture, just like when my grandfather leant me some old Jazz records and said, "here, you might like this".

Today culture moves at the speed of light and the RIAA believes it has the right to tax this movement. It cannot succeed except by destroying the Internet.

I'm starting to believe, watching this debate evolve over many years, that the file traders are right, for the wrong reasons.

Human culture depends on exchange of ideas and information, and music and films are a large part of this in today's world. No album, no movie scene, no written text is a personal creation, they are all taken from the pool of common culture, modified, and redistributed.

Seeking all means to do this faster than ever - and ignoring the barriers, such as "ownership", that stand in the way - is the prerrogative of today's world. We simply can't put the genie back into the bottle and start exchanging pieces of paper and vinyl discs again.

The debate is huge, but the results already seem clear: any laws designed to stop the process from continuing will be further and further ignored until they are seen by a majority of people to be useless vestiges of a material-obsessed past.

Re:Pity the RIAA (1)

Asprin (545477) | more than 11 years ago | (#6812773)

Exchanging music is not about piracy, it is about exchanging culture, just like when my grandfather leant me some old Jazz records and said, "here, you might like this".

The first time I read that paragraph, I misread your grandfather saying "here, you might need this." with great enthuisiasm.


That says it all, doesn't it.

Incitement (-1, Flamebait)

Evil Adrian (253301) | more than 11 years ago | (#6812701)

"Now may be the time to update your illegal mp3 file MD5 hash sums."

Now may be the time for the government to subpoena Slashdot for "aSiTiC"'s user info and arrest him for piracy. Jerk-off.

Re:Incitement (0)

Anonymous Coward | more than 11 years ago | (#6812803)

Now may be the time for you to go back to your job as "RIAA's bitch"

Sometimes the only way to get change is through illegal methods. American Revolution? Oh yeah, Americans went ahead and committed acts of blatant violence in the events leading to independence. Why? Because normal methods yielded no success. Happened/happens in other countries as well.

Normal methods will do nothing to the RIAA. Thus file sharing is a way of fighting back against the RIAA. And you know what, it is working. Now things like Apple's online music store are popping up which would never have started without file sharing. And eventually we hope that it will lead to the downfall of the RIAA, which unfortunately is still some time away.

And don't give that file sharing hurts the artists excuse. Did the Boston Tea Party hurt only the British? No it hurt the tea company who owned all that tea as well. Yet those who participated in the tea party are now considered "heroes". The tea company supported the British and were thus were just collateral damage. Same with the RIAA artists.

Easy (5, Informative)

sprouty76 (523155) | more than 11 years ago | (#6812705)

Just take a random id3 field that you don't use for anything, and fill it with a random number. You can probably write a srcipt in a few seconds. Bingo, different md5.

The only problem is that a lot of file sharing software uses the fact that 2 files (from different sources) have the same hash in order to swarm the download from multiple sources. If everybody goes around intentionally making their mp3s have different hashes, swarming basically won't work anymore.

Give up (5, Funny)

Rutje (606635) | more than 11 years ago | (#6812708)

Ok guys.. let's all give it up. Let's delete all our MP3's and start buying CD's now. The RIAA has clearly won!
Hail to the king!

RIAA Propaganda (2, Funny)

rnd() (118781) | more than 11 years ago | (#6812726)

I think this [] sums it up!

Excuse my ignorance (0)

Anonymous Coward | more than 11 years ago | (#6812727)

But I always wondered how an MD5 sum can verify files in the first place. Take for example, a linux CD ISO file. This file is ~650MB with an MD5 sum of 65 bytes. So, if you say that this 65 byte file verifies that the 650MB ISO is intact, that also means you should be able to creat the 650MB ISO from the MD5 sum alone. This can hardly be the case, since we still download 650MB ISO and not just the MD5 sum. Therefore I'm lead to believe that it wouldn't be that hard to have the same MD5 sum for multiple files (especially for files of large size).

Am I right on my assumptions? And if not, can someone explain it to me??

Re:Excuse my ignorance (1)

solidox (650158) | more than 11 years ago | (#6812780)

you could recreate a file with just an md5 sum, however it would involve brute forcing it. now if a 6char password takes quite a while... 650mb should take you till around about the time of the end of the universe. there would be several other combinations of bytes which could produce the same md5, the bigger the size, the more likely of two sets of bytes producing the same md5.

MD5? (3, Insightful)

barcodez (580516) | more than 11 years ago | (#6812732)

The article does not mention MD5 anywhere. So one can not assume this is the technology they are using in their proof. As the technical information in this article has more than likely gone through several iterations of "dumbing down" we can not say what technology is being used. It is quite feasible that they are comparing segments of the encoded information with files that where groked from Napster (pre 2001). Additionally as very few people change all the information contained within the ID3 tags ("meta information" from the article?) it maybe enough to show how unlikely they are to match unless the file is from the same source. For example if I insert the string "whateverbarcodezwashere" into some obscure tag with the ID3 tag of an MP3 and it arrears in an MP3 file on someone elses computer it is likely that they orginated from the same source. For the record it is conjectured that it is astronomically unlikely that two randomly choosen different byte sequences will produce the same MD5 hash.

Edit those ID3 tags... (1)

cplater (155482) | more than 11 years ago | (#6812735)

and remove the creditz from your "scene" released MP3s -- Better yet, go out and get your hands on a real, physical CD, and just rip the songs yourself.

so many diffrent possibilities (1)

solidox (650158) | more than 11 years ago | (#6812739)

not every mp3 comes from the same source, there must be thousands of people who all rip the same track, thus creating thousands of diffrent mp3s, most with their own unique md5sum's, then you get the people who rename the id3 tags, and the people that burn to cd which gets passed around and ripped somewhere else. oh and not forgetting borked/aborted transfers, where mp3s are missing a few bytes at the end.
"The source for nycfashiongirl's sound recordings was not her own personal CDs," the RIAA's lawyers wrote.

and what if she was the original ripper and the mp3s were downloaded by nasty nasty men with too many shoes? altho i'm not sure if that puts her in a better or worse light.

and of course, people that download tracks which they own simply because it's easier (especially when vinyl is concerned)

their idea is flawed, sounds like a scare tactic to me.

Why MD5 hashes? (1)

Stormthirst (66538) | more than 11 years ago | (#6812743)

I suspect the reason they are using MD5's is:
1) MD5s are small, and if you are going to do a file compare, the MD5s are much quicker to compare than the original file.

2) If a song has been ripped, and then shared out - all the *copies* will have the same MD5's (correct me if I'm wrong someone). So the RIAA can now track how many times that song you ripped has been copied. How many of us who have downloaded a song, have made any changes to the ID tags? I would argue a very very large proportion have not, especially the less technically minded people using the 'net.

The damages that the RIAA are seeking are based on the number of times that file has been downloaded. So now they can seize machines, get MD5's of all the songs on that machine, compare it to their list of MD5's they've got already to see where you got those files from.

It's all about evidence gathering.

Traced to the source? (1)

91degrees (207121) | more than 11 years ago | (#6812759)

It's possible (albeit unlikely) that this woman was the person who originally uploaded those songs to Napster, and was the original source for the pirate download sites.

Probably not a very good defence to try though. Claiming to be responsible for a vast conspiracy of glabal music piracy will not look particulalrly good for the defence.

Share this! (1)

dimer0 (461593) | more than 11 years ago | (#6812770)

Now, if the RIAA would share this database, I could finally have the dream product I've been wishing for: Something to point at my library of 60k mp3s (all ripped from my own collection of 9k CDs), and bashed on MD5 hash, fix my damn filenames and ID3 tags!!!

Same technique CDDB uses, just with mp3.

Ahahah loosers, easy to get around that... (1)

cheekyboy (598084) | more than 11 years ago | (#6812775)

Ill just make a program that adds 2 bytes of '0xFUCKYOU' or '0xf0cu' to each mp3 file , then the hashs are different

Stupid lamers!!!

besides im not in usa prix

Protection (2, Insightful)

rf0 (159958) | more than 11 years ago | (#6812776)

Just change the ID3 tag on all the files and that will break any existing MD5 checksums. Even addiing a capital will do it


embracing technology? (1)

pointbeing (701902) | more than 11 years ago | (#6812777)

What I don't get is why RIAA doesn't just embrace the technology instead of fighting it.

They're fighting a losing battle. Corporate America can't keep up the technology - so rather than see profits eaten by file sharing, why not make the technology work for them instead of dragging a buncha people into court?

I'd pay for a high-quality digital copy of an album.

Stealing means someone no longer has it? (2, Insightful)

Lasuuco Tulkas (598141) | more than 11 years ago | (#6812787)

Comparing the Brooklyn woman to a shoplifter, the RIAA told U.S. Magistrate John M. Facciola that she was "not an innocent or accidental infringer"

And what, pray tell, did she steal?

Question (1)

darkstar949 (697933) | more than 11 years ago | (#6812796)

This might be a bit offtopic, but I have a quick question regarding mp3 files. I like music from foregin bands (Mostly Japan), and as such I download music from the bands and share it online so that someone else might get like it. 40$US to import a CD that costs about 10$US in the native country is a bit steep to end up not liking the band or the music, hence the downloading.

Now heres the quesion: Are US copyright laws, and as such the DMCA applicable to foregin music, or do I get to laugh at the RIAA if they come knocking on my door.

How About An MP3 Outguess? (4, Interesting)

thecampbeln (457432) | more than 11 years ago | (#6812798)

Lets see someone put together an app that flips bits here and there within MP3s to make each one it runs against unique enough to create a new MD5 hash!? (I would, but I can only program in a pseudo-language [] ;) It could even be as simple as adding in a trailing byte to all of your MP3s, though that could be easily filtered. Hell, if you can hide messages within compressed JPEGs [] without noticeably affecting their quality, why not do something similar to MP3s just to jack up this sort of tracking!?

Legal Theory (1)

The Famous Brett Wat (12688) | more than 11 years ago | (#6812800)

Copyright lawyers said it remains unresolved whether consumers can legally download copies of songs on a CD they purchased rather than making digital copies themselves.

Sheesh -- what a mind-bender. The theory goes that a person can make an MP3 copy of a work for their own use if they own a properly licensed copy of the work (on CD, for example), but they can't obtain exactly the same copy from another person with exactly the same right. Ow! Ow! Damn you lawyers -- you're giving my brain a cramp!

I wasn't aware that this point was open for discussion, but I guess lawyers are lawyers, and the RIAA's lawyers are paid to make things happen the RIAA's way no matter what kind of specious legal theories need to be invented. I can see that a lot will hinge around whatever legal language grants the right to make "personal" copies in the first place.

The sad thing about this is that it's such an obviously cynical ploy -- not that anyone was expecting any different from the RIAA, but sad in any case. Technology is making it easier and easier for the public to obtain their copies of things any which way they like. The RIAA is using cynical legal theories to quash that convenience any which way they can for as long as they can.

God speed the inevitable demise of the RIAA and others like them.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?