Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Clay Shirky: RIAA Succeeds Where Cypherpunks Fail

michael posted more than 10 years ago | from the sufficient-motivation dept.

Encryption 342

scubacuda writes "Clay Shirky has an interesting take on encryption: 'The RIAA is succeeding where the Cypherpunks failed, convincing users to trade a broad but penetrable privacy for unbreakable anonymity under their personal control. In contrast to the Cypherpunks "eat your peas" approach, touting encryption as a first-order service users should work to embrace, encryption is now becoming a background feature of collaborative workspaces. Because encryption is becoming something that must run in the background, there is now an incentive to make its adoption as easy and transparent to the user as possible. It's too early to say how widely casual encryption use will spread, but it isn't too early to see that the shift is both profound and irreversible.'"

Sorry! There are no comments related to the filter you selected.

Here's a link to the article... (4, Informative)

tcopeland (32225) | more than 10 years ago | (#7754418)

...for some reason it's not listed (at least, I couldn't find it) on the front page of shirky.com yet:

http://www.shirky.com/writings/riaa_encryption.htm l [shirky.com] .

Re:Here's a link to the article... (3, Funny)

kj0rn (731521) | more than 10 years ago | (#7754653)

It's gunna make it real interesting for future historians to figure out how to decrypt and read those old data formats.

it's irreversible .... (2, Funny)

pezpunk (205653) | more than 10 years ago | (#7754757)

like my raincoat!

Perhaps the reason was... (0)

Anonymous Coward | more than 10 years ago | (#7755066)

he didn't want to be slashdotted yet? :-)

Jesus Saves (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7754426)


You don't need encryption to save you when you accept Jesus H. Christ into your heart.

Re:Jesus Saves (0)

Anonymous Coward | more than 10 years ago | (#7754506)

what does the H stand for?

Re:Jesus Saves (0)

Anonymous Coward | more than 10 years ago | (#7754532)

Harold.

Re:Jesus Saves (0)

Anonymous Coward | more than 10 years ago | (#7754617)


Harold.

Read your Bible, when Jesus is nailed up he looks down and says to his followers "Cry not for me, lest you forsake my middle name 'Harold'!" At which point he got a spear in the side, his loincloth fell off and his small weiner made the crowd laugh.

Re:Jesus Saves (0, Offtopic)

rco3 (198978) | more than 10 years ago | (#7754731)

Haploid.

Jesus saves, but Moses invests (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7754540)

That is all.

Jesus saves, Moses gets the rebound, (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#7754846)

He shoots, he scores!

***HONNNNNK!*** ***HONNNNK!***

Ah dammit. Some Wings fan threw an octopus on the ice.

Jesus saves... (0)

Anonymous Coward | more than 10 years ago | (#7754703)

...he passes to moses who shoots...and SCORES!

what?! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7754428)

a dream come true for fp (hopefully)

Seems obvious. (4, Insightful)

Violet Null (452694) | more than 10 years ago | (#7754430)

The Cypherpunks never went around suing people (that is, actually costing them money) who weren't using encryption to mask their illegal activities. The RIAA is.

Real world practicality will always be a much better motivator than abstract idealism.

But... (4, Insightful)

Nijika (525558) | more than 10 years ago | (#7754642)

Abstract idealism often tells the future. The Cypherpunks can once again send up a resounding "told ya so!"

Re:But... (4, Insightful)

mekkab (133181) | more than 10 years ago | (#7754800)

Abstract Idealism often predicts nothing. It tells the future, but it tells a future that never happens. What about my flying car? Vacations to the moon and mars? The 5 hour work-week?

A running joke with a colleague of mine is that if this "engineering thing" doesn't work out, we'll become professional nay-sayers. Predict doom, gloom, and failure, and when something we predict happens (statistically speaking, we have a 50/50 shot)we can say "I told ya so!"

Re:But... (1)

GoofyBoy (44399) | more than 10 years ago | (#7755065)

>Abstract idealism often tells the future.

Abstract idealism is too general to accurately predict anything.

Re:Seems obvious. (5, Interesting)

plover (150551) | more than 10 years ago | (#7754860)

What will be most interesting is if the crypto "wars" play out through all the theorized stages of attack, counterattack, and man-in-the-middle attacks that the cryptographers have worked out over the past 20 years. We already expect the RIAA won't take kindly to encrypted networks sharing their music, so we should expect to see some countermeasures.

So what will be their strategy? Will they first attempt to "join" these networks, posing as users looking for Britney's latest, and entrapping systems that serve up the bits? Will they put out bogus trojaned clients on the services? "Dude, download LockTella 1.9, it's l33t!!" only to find that it hoovers up passwords and music lists, and forwards them on to DUDE@RIAA.COM?

Will cypherpunks come to the rescue, providing signed versions of the clients? Will the users finally understand the need to verify the signatures before running them? It's a big stick -- "run an untrustworthy client, get a lawsuit."

And finally, will this come full circle, leading to a true "Web of Trust" as originally envisioned by Zimmerman et al with PGP? I can see the further parallels to Prohibition, with entry to speakeasies controlled by passwords like "John said to tell you I'm OK" whispered through a hole in the door.

This could be a very interesting time to live in.

WILDCAT IS ON TEH SPOKE (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7754431)

just cuz he is

typo (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7754440)

should be the GNAA succeeds where the cyperpunks fail

Cypherpunk is a stupid name (1, Insightful)

ObviousGuy (578567) | more than 10 years ago | (#7754441)

No wonder no one was taking their advice.

Encryption is good, as long as the people using it are good. When people use encryption to hurt other people, it becomes a serious liability.

Re:Cypherpunk is a stupid name (5, Insightful)

sqlrob (173498) | more than 10 years ago | (#7754560)

Encryption is good, as long as the people using it are good. When people use encryption to hurt other people, it becomes a serious liability.

Well, DUH, it's a tool, nothing more.

You can say the same about cars, knives, guns and just about anything else.

Re:Cypherpunk is a stupid name (4, Funny)

swb (14022) | more than 10 years ago | (#7754582)

You can say the same about cars, knives, guns and just about anything else.

Especially dihydrogen monoxide.

Re:Cypherpunk is a stupid name (5, Funny)

Squideye (37826) | more than 10 years ago | (#7754778)

dihydrogen monoxide

We've gotta ban that stuff, all the kids are gonna start using it, and then we'll never get them to stop. It's addictive... I've had like 5 doses today...

Re:Cypherpunk is a stupid name (5, Funny)

FooAtWFU (699187) | more than 10 years ago | (#7754843)

We've gotta ban that stuff, all the kids are gonna start using it, and then we'll never get them to stop. It's addictive... I've had like 5 doses today... Man, be careful! It can be fatal if inhaled! It causes erosion, and is a primary component in acid rain! It's been found in the tumors of terminal cancer patients! It contributes to global warming! It's one of the world's top industrial chemicals... and it regularly works its way into our water supplies!

Re:Cypherpunk is a stupid name (1, Informative)

Anonymous Coward | more than 10 years ago | (#7754802)

Yep - dihydrogen monoxide is much nicer than dihydrogen dioxide.

Re:Cypherpunk is a stupid name (1, Funny)

Anonymous Coward | more than 10 years ago | (#7754904)

I prefer Hydrogen Hydroxide.

Re:Cypherpunk is a stupid name (0)

Anonymous Coward | more than 10 years ago | (#7754584)

Well, DUH, it's a tool, nothing more.

Did you notice his nick? Seems you missed the humor boat. =p

Re:Cypherpunk is a stupid name (0)

grokster (557481) | more than 10 years ago | (#7754780)

You can say the same about cars, knives, guns and just about anything else.

Don't you just hate those carpunks?

When cars are outlawed, only outlaws will have cars!

Re:Cypherpunk is a stupid name (1)

PossibleMat (693729) | more than 10 years ago | (#7754824)

"Guns don't kill people. I do."

Re:Cypherpunk is a stupid name (0)

Anonymous Coward | more than 10 years ago | (#7754587)

OK, now give an example where encrption doesn't hurt somebody, somewhere.

If somebody deems something important enough to encrypt it, then that information could be used by somebody else for their own personal gain, thus by not having the information, it is hurting their future circumstances.

Re:Cypherpunk is a stupid name (5, Insightful)

warpSpeed (67927) | more than 10 years ago | (#7754636)

Encryption is good, as long as the people using it are good.

Encryption, like all technology, is amoral.

Good and evil come from people. This is ultimatly where most legislation fails at stopping evil. You legislate away the technology that evil uses in the hopes of stopping it. However, evil rarely follows laws. So the laws are draconian to compensate for evil not following thems. The end result is that good does not benifit from said technology while evil thumbs thier nose at good.

Encryption will be used for evil, regardless. If you do not outlaw it then the playing field will be level.

Re:Cypherpunk is a stupid name (0)

Anonymous Coward | more than 10 years ago | (#7754659)

So what you are saying essentially is that Evil will always triumph over Good because Good is dumb.

Re:Cypherpunk is a stupid name (1, Interesting)

Anonymous Coward | more than 10 years ago | (#7754872)

Encryption, like all technology, is amoral.

Technologies like weaponised anthrax?

Re:Cypherpunk is a stupid name (3, Insightful)

Anonymous Coward | more than 10 years ago | (#7754900)

Encryption, like all technology, is amoral.

Technologies like weaponised anthrax?


Well, yes. Anthrax in the hands of the "good guys" will be used to do research on how to prevent fatalities in the event that one of the "bad guys" tries to use it.

Get it?

Re:Cypherpunk is a stupid name (5, Funny)

grub (11606) | more than 10 years ago | (#7754656)


When people use encryption to hurt other people

You mean like when I throw my copy of Applied Cryptography at people's heads?

Re:Cypherpunk is a stupid name (4, Interesting)

ReelOddeeo (115880) | more than 10 years ago | (#7754986)

You mean like when I throw my copy of Applied Cryptography at people's heads?

Careful! Applied Crypography is a thick book!

I am currently reading that book. (Second Edition) I was amazed at the prophetic words on page 97 (or maybe 99)? The book is discussing Key Escrow and Clipper. He says something to the effect of:

If there were a major terrorist attack on New York what sorts of limits on the police would be thrown aside in the aftermath?
The copyright on the book says 1996. I'm assuming that even in the Second Edition that these words are prophetic. Sorry I don't have the exact quote, and am not positive on the page number because I don't have the book here with me. But you could find the Key Escrew form the TOC.

In THE SOVIET UNION (-1)

Anonymous Coward | more than 10 years ago | (#7754444)

Government encrypts YOU!

Bad reference in the original posting (1)

techmuse (160085) | more than 10 years ago | (#7754457)

The posting is pointing to the cypherpunks website, not to the article. Me no grok.

Re:Bad reference in the original posting (1)

mitheral (10588) | more than 10 years ago | (#7754808)

The article has been updated now

The USA sucks (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7754458)

Massive crime rate, high unemployment -- why would I want to live there?

Re:The USA sucks (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7754603)

Good question. Any of you USians care to answer?

Re:The USA sucks (0)

Anonymous Coward | more than 10 years ago | (#7754790)

you obviousally havent been here...

USA women are hard to get to suck...

it's that stuck up attitude we got from the french...

Re:The USA sucks (0)

Anonymous Coward | more than 10 years ago | (#7754916)

because we're too lazy to leave, and most people are too stupid to realized they've been brainwashed by the media/religion.

So much for a secular democracy. I'd say at this point we've shat upon the constitution and formed a protestant oligarchy.

VOTE FOR DEAN YOU RETARDS.

Re:The USA sucks (0)

Anonymous Coward | more than 10 years ago | (#7754738)

I heard Warsaw sucks. I also heard Prague is wonderful unless you happen to be Russian. So why would I want to live in Switzerland or the French Riviera?

In case you still don't get it, the USA is a very big place. Some parts of the country are very nice, don't have massive crime or massive unemployment, and are good places to live. Other parts of the country are ugly, polluted, and may be extremely dangerous to live in just based on your ethnicity. It's not all one place, and can't be characterized in one meme, any more than you can sum up all of Europe that way.

Re:The USA sucks (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7754826)

Why do I care if you live here or not?

Re:The USA sucks (0)

Anonymous Coward | more than 10 years ago | (#7754895)


If you don't want to, then don't.
We arn't asking people to move here you know...

can someone explain (-1, Offtopic)

Savatte (111615) | more than 10 years ago | (#7754470)

what eating peas has to do with encyprtion? I'm totally lost.

Re:can someone explain (0)

Anonymous Coward | more than 10 years ago | (#7754523)

yeah really.....maybe its just too early, but I read the submission 3 times and still makes little sense. WTF???

Re:can someone explain (4, Informative)

securitas (411694) | more than 10 years ago | (#7754536)


what eating peas has to do with encyprtion? I'm totally lost.

Shirky means that using encryption is good for you and that's the approach that proponents (Cypherpunks) have used, even though using encryption has historically been difficult and an unpleasant experience for the average user. Hence the "eat your peas" reference, similar to parents who try to get children to eat vegetables which they find distasteful (an unpleasant dining experience).

Cypherpunks or CyberPhunks (-1)

Anonymous Coward | more than 10 years ago | (#7754474)

Being a Cypherpunk is so 2002. I want to be a CyberPhunk when I grow up.

Slashdotted! Article text below (-1)

Article Text Troll (704297) | more than 10 years ago | (#7754479)

The Cypherpunks Home Page
CYPHERPUNKS WWW PAGES UNDER CONSTRUCTION. PLEASE EXCUSE THE MESS
Welcome to the cypherpunks archive at soda.berkeley.edu. Here you can find links to PGP, remailers, rants, various crypto-tools, newspaper clippings, and a good deal of other things.

Keep in mind that because soda isn't running httpd files are being accessed by anonymous ftp. Soda has a 10 user limit on anonymous ftp so sometimes this archive may be unavailable.

Before you begin browsing, please read the Export Restrictions

Export Warning
Files which are illegal to export will be marked NOT FOR EXPORT. If you transfer these outside of the US + Canada you will be in violation of ITAR. Using this archive is consent to abide by these regulations.

Submissions
Here are a few matters of upload ettiquette for the ftp site.

Upload stuff for cypherpunks to /pub/cypherpunks/incoming and not to the general /pub/incoming directory. I am more able to adequately handle files there. (I can't erase in the other directory.)
Whenever you upload something, also upload a short description of what it is you are uploading. I've had mystery files there in the past that have been neglected for long periods, since I don't know what they are and I've got plenty of other stuff to do with the archive.
Send cypherpunks-ftp@csua.berkeley.edu mail telling me what you've put up. If you don't tell me, I may not notice.
Don't bother uploading programs that don't have source code. The mission of the archive site is education, and the mission of Rob Malda is to find as much gay sex as possible. Software distribution is not a purpose, and software without source does not satisfy the educational criterion.
The Archive
PGP
Pretty Good Privacy Public Key Encryption + Digital Signatures
Remailers
The Cypherpunks Anonymous RemailerNet
Rants
Various Rants on Cypherpunks and Crypto-Anarchy
Papers
Papers about cryptography of interest to cypherpunks
Clipper
Newspaper clippings, press releases, and statements about the Clipper chip
Pointers
Pointers to sites all over the internet of interest to cypherpunks and related to cypherpunk ideas and projects, including other cypherpunk information servers.
FTP away
Access all of the archive, including the stuff not yet put on the WWW
The Mailing List
How to join the cypherpunks mailing list. A caveat: when it says high-volume, we mean high-volume. You probably don't want to belong to this list if you pay per-message.
Also available is information about regional lists

The Los Angeles area
The Seattle area

The Cypherpunks WWW - Sameer

Nice job Slashdot (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7754484)

Not linking to the story is top-notch performance. You suck as usual. That is all.

Sad, but the truth. (3, Insightful)

Bill, Shooter of Bul (629286) | more than 10 years ago | (#7754611)

I'll even risk my Karma on it. The Slashdot communioty needs to be able to point out ways for the /. editors to improve. Making sure that there is a link in the blurb to the story mentioned in the blurb is sorta important. Don't ya think? Perhaps mr Coward, was a bit terse in his language, but honestly there are quite a few posts already that ask for the real link. So if it takes a few sarcastic, but on topic, barbs to motivate them, so be it. There is no better motivation than sarcasam. Except perhaps for a well written piece on the need for sarcasam. ;)

Re:Sad, but the truth. (1, Interesting)

Anonymous Coward | more than 10 years ago | (#7754939)


Put in a cached copy of articals...
Google does it, why not slashdot?
Just put a "[cached]" link after the actual link in the post, so if it gets slashdotted, we can still see the artical page.
This would help out a lot.

Re:Sad, but the truth. (0)

Anonymous Coward | more than 10 years ago | (#7754952)

I agree with you 100%, and would like to add that too often I see stories that make so sense to me. They either contain a plethora of undefined acronyms, or as in this case, assume I know some obscure reference. (Sorry, but who the hell are the Cypherpunks???)

Most poorly written slashdot comment...ever. (-1, Flamebait)

Telluride (720291) | more than 10 years ago | (#7754508)

I do not think I have ever seen a more poorly written blurb. It was unintelligible unless you read it three or four times. Please, please word your prose a bit better.

Re:Most poorly written slashdot comment...ever. (0)

Anonymous Coward | more than 10 years ago | (#7754525)

Ryan's Law: Make three correct guesses consecutively and you will establish yourself as an expert.

Re:Most poorly written slashdot comment...ever. (1)

devoss (717340) | more than 10 years ago | (#7754538)

oooooh.... him card read good.

Re:Most poorly written slashdot comment...ever. (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#7754542)

agreed. this was a waste of my time.

worst. comment. ever.

Re:Most poorly written slashdot comment...ever. (4, Funny)

archen (447353) | more than 10 years ago | (#7754581)

It was unintelligible unless you read it three or four times.

Wait for about three days and Slashdot should have a sufficent ammount of dupes to make it much more clear =P

exactly what is this about? (0)

Anonymous Coward | more than 10 years ago | (#7754526)


I read the post, and the link goes nowhere...
What the hell is this talking about?

Something about the RIAA and encryption needs to be in the background? Damn it, organize your thoughts BEFORE you speak!

Shirky, Clay Shirky - who the hell is he? (1, Funny)

Anonymous Coward | more than 10 years ago | (#7754527)

I just heard some sad news on talk radio - some goomer named Clay Shirky is still unknown as of this morning. There weren't any more details. I'm sure everyone in the Slashdot community will continue to not know who the hell he is - even if you didn't enjoy his work, there's total denial of his contributions to popular culture. Truly an American cipher.

Apple, meet Orange (3, Insightful)

Squideye (37826) | more than 10 years ago | (#7754550)

Before I read the article, I'll just point out that the Cypherpunks' "eat your peas" approach actually gives the users control over how their anonymity and security takes place. Sure it gives you more responsibility -- you have to buy the locks yourself -- but it also gives you control over how it happens. You basically only have to trust the person who made the lock, but you can have the blueprints so that you know it works.

RIAA-style privacy is basically a Housing Company telling you that they'll take care of everything, and that you don't need to worry because you're probably safe. Note, of course, that the RIAA companies are the types whose security has been foiled by such stunning feats of ingenuity as writing on a CD with a magic marker, or an algorithm written by a 16-year-old that can be implemented using as much space as fits on the side of a pencil.

What the RIAA gets people to adopt is the style of "no-brainer" security people are used to when they get their lockers broken into at the gym, as opposed to asking us to take some frickin' responsibility for ourselves as the Cypherpunks would urge.

You didn't read the article (5, Informative)

Sloppy (14984) | more than 10 years ago | (#7754641)

The reference to RIAA is not about their use of encryption in the form of DRM. It's about how conflict with the RIAA has resulted in many mainstream non-nerd people using privacy-enhancing tools (and more broadly: gaining a pro-privacy mentality).

Re:Apple, meet Orange (1)

PossibleMat (693729) | more than 10 years ago | (#7754893)

Funny that you mention yourself that you didn't RTFA. What Shirky is saying is that by suing its customers, the RIAA is giving the long-awaited incentive to people to use alternatives to Kazaa that use encryption to protect privacy.

changing laws (5, Insightful)

toasted_calamari (670180) | more than 10 years ago | (#7754551)

from the article:
to a first approximation, every PC owner under the age of 35 is now a felon.

This may or may not be an exaggeration, I have no idea, but Shirky makes a good point. When the vast majority of a society is violating a certain law, it is a sign that the law, not the society needs to change.

At this time, it seems that the RIAA is winning, and we are moving inexorably towards a world where large corporations control what people do with there computers. However, because there is so little popular respect at the moment for copyright law, it follows that eventually those laws will change.

Over the next 5-10 years, I predict that many laws will be completely rewritten to better accommodate the changes that the internet has brought upon society. Many of these changes will be for the better, and the end result will almost certainly be a more free and open society. Unfortunately, democracies are slow to act, so there will be years more of legal confusions and abuses of power before things finally straighten out.

Re:changing laws (4, Insightful)

Jafafa Hots (580169) | more than 10 years ago | (#7754878)

I wish I could be as optimistic as you... but personally I think we'll have a "War on Piracy" to go with our "War on Drugs" rather than more sensible laws.

Re:changing laws (0)

Anonymous Coward | more than 10 years ago | (#7754981)

You'll give a shit while receiving a blowjob? Ew! I'm certainly not blowing you!

How about "Fear of RIAA" (4, Informative)

JUSTONEMORELATTE (584508) | more than 10 years ago | (#7754571)

The RIAA isn't setting out to do this, it's happening as a result of peoples' fear of a RIAA lawsuit.

--

Re:How about "Fear of RIAA" (1)

Squideye (37826) | more than 10 years ago | (#7754609)

Having now read Shirky's article, I think that the Slashdot headline should absolutely be changed to read "Fear of the RIAA". Right now it's misleading, resulting in ill-informed or slightly off-topic posts like the first one I made (*blush*)

Re:How about "Fear of RIAA" (1)

fruey (563914) | more than 10 years ago | (#7754691)

I'd love to know if anyone actually buys those mod points. I mean, apart from trolls who are desperate to be seen, who else cares? We can all write good posts, and post early, to get modded up...

Interesting, but apathy will prevail (5, Interesting)

Tangurena (576827) | more than 10 years ago | (#7754580)

Nice article. Unfortunately, apathy will ultimately reign supreme. People want to turn on their computer to get something. They don't want to be car mechanics in order to be able to drive a car. If the p2p software comes preconfigured to use encryption, then it will get used. If it has to be enabled, then it won't happen very often. It does not really matter if I want to use PGP, if no one else I communicate with is willing or able to install and use it.

Re:Interesting, but apathy will prevail (2, Informative)

mitheral (10588) | more than 10 years ago | (#7754862)

The point of the article is that there are now enough users (even if only a small percentage) that want the encryption. Therefor the developers as including it as the the default. And as you stated users don't change the defaults. Encryption is just there.

WASTE! (5, Informative)

jacobito (95519) | more than 10 years ago | (#7755081)

That's why I'm hoping that private, encrypted p2p systems like WASTE or Foldershare take off! I don't think either of those systems are quite ready for mass acceptance, but they certainly point in the right direction -- private, encrypted file sharing networks that anybody can use.

Digging their own graves... (5, Interesting)

Noryungi (70322) | more than 10 years ago | (#7754597)

Anybody else thinks that, if encrypted file-sharing becomes a reality, the RIAA will simply implode?

From the article:
to a first approximation, every PC owner under the age of 35 is now a felon.

Now remember what the Cypherpunks said a few years ago?

If crypto is outlawed,
only outlaws will have encryption


There you have it: goodbye RIAA. We hardly knew ya. You made us all felons, and by doing so, you opened the floodgate that were going to drown you.

Re:Digging their own graves... (2, Informative)

Feyr (449684) | more than 10 years ago | (#7754779)

there's multiple problems with anonymous, encrypted peer to peer whitout users oversights.

1. your IP address is still visible (lesser of all)
2. WHO are you trusting to view your files? who's to say it's not a RIAA-mandated agency ?

3. WHO are you trusting to download from?

4. even if you KNOW who you're talking to, if you don't manually verify, on a secure medium, the key used. how do you know there's no middle-man? the dsniff tool widely show this (sshmitm) by assuming users always click "yes" when prompted about unknown or changed hosts keys, that's sysadmins we're talking about, imagine joe-nowhere now?

I prefer visible encryption (4, Insightful)

dnoyeb (547705) | more than 10 years ago | (#7754599)

I do not like hiden encryption. I like to know everything is working and not get to confortable. Don't want to be cought ignoring that lock icon on your browser these days.

A bit rambling... (4, Interesting)

fruey (563914) | more than 10 years ago | (#7754606)

What the article is basically saying is that because people are now losing their anonymity in a more obvious way, because they're getting sued... then they are more likely to turn to crypto.

However it's a rather tenuous link to say that the RIAA succeeded where Cypherpunks failed. Advocates are one thing, but really the rise of P2P applications and the growing Internet user base are what have caused P2P to become a real PITA for the RIAA. Therefore they make high profile legal cases to grab media attention. However, they could not realistically target piracy any more than the police raids on weekend markets in London will stop home-burned DVDs from being sold on a stall.

So, some people will use encryption just like Del Boy and Rodney (UK reference to Only Fools and Horses) used a suitcase for their wares and ran whenever the Police came close by. But massive public adoption of cryptography will only be because it will be built in for a reason (rather than optional) and because processors are fast enough to encrypt/decrypt on the fly with long keys... and still, it's a prediction. It's not mainstream yet - and the main thing this guy is forgetting is that the RIAA will bait and trap users with or without encryption on the wires.

Re:A bit rambling... (1)

plover (150551) | more than 10 years ago | (#7754747)

First, encryption is already "built in" to Windows via the Crypto API. However, I don't know who is using it (apart from Microsoft) for anything, simply because trusting Microsoft with security has not proven to be the winning horse at too many races.

I understand your point that encryption won't be widespread until it's "built-in", and that's been the bane of widespread adoption of crypto. But the whole point of this article is that if the most popular filesharing services adopt encryption, users will indeed begin using it as a part of their download and install of the newest filesharing client. Filesharing and the RIAA pressures will drive the spread of underground crypto.

Re:A bit rambling... (1)

fruey (563914) | more than 10 years ago | (#7755076)

First of all, encryption built in to Windows is not what we're talking about when it comes to filesharing. The article is saying the RIAA are succeeding in doing something which hasn't happened, to my knowledge. The author would seem to suggest everyone in P2P land is already encrypting their communications, but that's not the case. All the popular clients are still totally open - any random person can pull down a file for any other; there is no chain of trust between sharers.

Adversaries help in spite of themselves (5, Insightful)

redelm (54142) | more than 10 years ago | (#7754630)

This is yet another manifestation of how adversarial relations backfire. As Nietzsche said "What doesn't kill you makes you stronger". Unless you can force a total a total paradigm shift (Bush invading Iraq), lesser measures will be counterproductive (Iraq sanctions). Do not start a fight you cannot win.

The RIAA has blunders at least twice. First it shutdown Napster 'way late (because it wasn't easy), now it is harassing KaZaa users with even less success. The next incarnation will be even tougher. They ought to be putting their energies into a paradigm shift like iPod. Or maybe even running their business competantly, with decent A&R budgets and better terms for musicians and customers since their distribution monopoly has faded.

Musicians! "Take back the guitar case!" (4, Informative)

e-gold (36755) | more than 10 years ago | (#7754999)

Well said, but the RIAA is (IMO) way too fat in middle management to ever be able to give musicians the better terms we all instinctively know that they deserve. The answer (and yes, I'm both biased and financially self-interested -- but no, I don't speak for e-gold or anyone else but Jim Ray) is for musicians to "take-back the guitar-case" (the money is where the REAL control lies) and set up their own internet tipjars. It's been possible and easy for a few years, and finally they're going to learn to think in new ways about how to get paid by a planet-wide audience. They have had the technology for a while (since 1996 in some form or other).

Imagine a 'one-hit wonder' like Normal Greenbaum's "Spirit in the Sky," garnering 7 million or so direct tips for a quarter worth of gold (most tips would probably be more, if you actually liked the song enough to bother tipping the artist, and Norman's old "Spirit in the Sky" tune kinda rocks IMNSHO). I'm talking about more than a million dollars -- AFTER taxes. I have no idea what Norman's made from the song, but I doubt he did that well...
JMR

Speaking ONLY for Jim Ray.

snake oil (5, Insightful)

SuperBanana (662181) | more than 10 years ago | (#7754677)

but it isn't too early to see that the shift is both profound and irreversible

Not really. There's been several explosions of various file/disk encryption products. Your handheld device isn't a Somebody(Something?) until it's got at least a dozen "encrypted" personal information storage widgets for it.

The problem is that encryption is 90% snake oil. Usually it's written by someone who thinks they know encrpytion- and encryption isn't, to coin the phrase, like a hand grenade; close doesn't count. Zimmerman is famous for his saying that "anyone who claims to have unbreakable encryption doesn't"(apologies for paraphrasing).

Encryption also does little when physical security can't be controlled; Dallas Semi had the right idea with their iButtons, which brought reasonably secure key storage to the masses(if opened, for example, it erased itself) but it's gone pretty much nowhere; you just don't see them in widespread use(unlike, say, a proximity card or magswipe). I suspect even USB keys now vastly outnumber iButton devices.

All the encryption in the world won't do you any good if you can't store the keys securely...and these days, all it takes is a janitor with a CDROM with linux that 'phones home' and sends back choice tidbits...or an ipod.....or a USB hard drive..or a USB memory key...or a blank CDR, since so many machines come with CD burners now...

Re:snake oil (5, Informative)

Proaxiom (544639) | more than 10 years ago | (#7754874)

The problem is that encryption is 90% snake oil.

Where does that claim come from? I'm pretty sure it's not true because more than 10% of encryption is PGP (not counting government crypto, anyway), and PGP isn't snake oil.

It's pretty easy to find snake oil, just read the Doghouse section of Bruce Schneier's monthly Crypto-Gram [counterpane.com] . But there are also a lot of good companies out there providing a lot of crypto solutions (although admittedly most of them actually license the technology from a small handful of good companies, like RSA and Certicom).

Encryption also does little when physical security can't be controlled

But the issue at hand, with regard to the RIAA and anonymity, is about network security. The RIAA finds it much easier to subpoena your ISP than to sneak into your house and steal your USB keys.

Good and ubiquitous crypto certainly isn't the end-all-and-be-all of security, as you point out, but it would indeed make for 'profound and irreversible' changes in the Internet, in the vulnerability landscape, and in the threat models of pretty much everyone on it.

Re:snake oil (2, Insightful)

mitheral (10588) | more than 10 years ago | (#7754914)

None of that stuff is going to help the RIAA or your ISP who is just sniffing the wire. Yes the alphabet soup guys will be able to get a warrant and break your system but think about the cost involved. Until copyright infringement becomes a asset forfiture crime there is no incentive for the goverment.

Right... (2, Insightful)

Anonymous Coward | more than 10 years ago | (#7754700)

...and Hitler actually unified many diverse nations inadvertently by forcing them to work together.

I guess it makes sense, but I'm not going to be putting the RIAA into my prayers at night because of it.

we gnaw (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7754753)

nibble nibble munchkin. the M$FT is so big yes. it controls, controls all. the people they walk by i see their feet though my window. their feet swing by the bars on my window. pretty feet shiny shoes. swish swish. are they going to work? i WILL NOT go to work. M$FT is at work. M$FT controls the pretty feet people. controls their money their futures.

i sit and rebuld my kernel. my CPU thrums. the kernel it is the key. we hack the linux yes good. 2.3, 2.4, 2.5, ...2.6!!!!!!!!! the M$FT it fears the linux. spreads lies. says the linux comes with no warranty. THE WARRANTY IT IS BAD! it goes into your pores. steals your power. the kernel is good. the kernel will rise and slay the M$FT. when the itching comes i think about the linux. it helps.

i hack a driver for my dvd-rom. it does not work. i debug. it does not work. i delete the old source. and start again. i recompile. it does not work. on M$FT the dvd-rom is plug and play. that is how they get you. get behind your eyes. start the itching. so i hack the driver. i hack, we hack: we gnaw. gnaw at the ropes of slavery. the ropes of M$FT. pretty feet people, we will save you.

the itching comes...

No no NO no!!!!! (5, Insightful)

TerryAtWork (598364) | more than 10 years ago | (#7754777)

This is not the problem!!!!

The problem is not people intercepting your mp3s - the problem is sharing an mp3 with a guy working for the RIAA or in my case the CRIA and they get your IP and then they go to your ISP in an attempt to get you booted off the net, exactly as happened to me.

For instance - on Sourceforge there is a sooperencypted IRC project for safe sharing.

Useless.

All the RIAA spies have to do is go on the net, get that software, join the queue for mp3s then rat you out exactly as specified above.

What we NEED is a way to share files in such a manner as the receiver has no idea what your IP is.

This is not going to be easy. (And please don't mention Freenet ok?)

That's Freenet (0)

mcbunny29 (583989) | more than 10 years ago | (#7754912)



That's exactly what FreeNet [sourceforge.net] does. It hides the sender and the reciever by rooting data through random other peers.

The major problem is that it's slow.

Tradeoffs (1)

nurb432 (527695) | more than 10 years ago | (#7755038)

The ablity to be anonymous and the speed of the network is directly related..

Cant have both, unless someone runs a central 'randomizer' service.. but then you have a single point of failure and insecurity.

Re:No no NO no!!!!! (1)

zoltar74 (517711) | more than 10 years ago | (#7755057)

My idea is to create a p2p network based on PGP webs of trusts. I haven't gotten around to starting the SourceForge project for it yet, and there are issues yet to be resolved (SSL is based on X.509 certificates, not PGP keys), but I believe this could be the Next Big Thing.

Gotta love the irony (1, Insightful)

Anonymous Coward | more than 10 years ago | (#7754796)

While the RIAA is trying to make people believe P2P means "piracy 2 pornography" and if you let kids use a computer they'll be targeted by a pedophile (sp?), it's their own actions that will cause the development of secure P2P applications that will actually let pedophiles trade pix/vids safely.

I wish the major news media could be made aware of this irony... but the money says otherwise.

Unbreakable anonymity? (5, Interesting)

Weaselmancer (533834) | more than 10 years ago | (#7754852)

I read the article and can find nothing there suggesting how I can trade anything for unbreakable anonymity, or even how unbreakable anonymity could even be implemented.

Encrypt the packets? Fine. You can still trace their origin.

Let's say that you do RSA key pairs, and build them into some sort of P2P. When two people connect, they swap public keys and encrypt the stream.

There is nothing that says that the person who is leeching a file from you isn't Hillary Rosen. Traceroute, and you're still nailed.

The only way to be truly anonymous in a P2P application would be to have the application auto proxy a neighbor. Here's how that would work.

User WantMusic jumps on the new P2P net and broadcasts a desire to download "myfavoritesong.mp3", and their RSA public key along with the request. Some other user, MusicBank, has the song. Rather than having the client pull the data directly from MusicBank, have MusicBank push the data to the client. Each outbound packet from MusicBank would at random select someone else on the net and say "Take this packet of data and pass it along to user WantMusic at this IP address."

If the someone else happened to be Hillary Rosen, all she would get is a packet of unreadable data - she doesn't have the private key. She could know who it was from, and where it was going but have no idea what it was. Might be music, might be the Linux kernel.

If Hillary jumps on the net and tries to download myfavoritesong.mp3, all she could do is traceroute a bunch of packets to 2nd party proxies. By the definition of the protocol, they don't have the file. They're innocent. She still doesn't know MusicBank has the file.

The disadvantage to this protocol is that it'd be slow. Each packet would have to hit a proxy. Instead of server->client, it'd be server->proxy->client. You could expect downloads to be at least 1/3 slower.

If I had the time, I'd write this sucker.

Weaselmancer

Re:Unbreakable anonymity? (1)

PossibleMat (693729) | more than 10 years ago | (#7755051)

One problem I see is that now the RIAA would have a more easily impressionable person to send the subpoena to.
I like the basic idea, though.

long term (1)

netwiz (33291) | more than 10 years ago | (#7754922)

I fear the the gov't may very well outlaw encryption for the masses outright. I mean, what with terrorists and all, it wouldn't be terribly difficult for them to shove that down our throats.

Sealed lips (5, Interesting)

daminotaur (732705) | more than 10 years ago | (#7754943)

Shirky: "In any system where a user's identity is in the hands of a third party, that third party cannot be trusted." The classic Mafia version of this is: "Two people can keep a secret as long as one of them is dead." Most people don't think that way, and even if they did they are unlikely to trust any technological system that promises absolute anonymity. The cypherpunks' fantasies are no more ready for prime time now than ever. Main problem is that anonymous communication is a chimeral fantasy, and any scheme to even experiment with their implementation is complex and onerous to all but people who like to read Schneier for fun, and play secret agent. Above all, cypherpunks chase anonymity like it's a virtue, when most of the worst aspects of the net are caused by anonymity and unaccountability.

Yahoo and Hot Mail should turn on by default (3, Interesting)

leoaugust (665240) | more than 10 years ago | (#7754982)

I think the fastest way to get encryption turned on by default is to have these major email providers (like Yahoo and Hotmail) to turn on encryption by default. If they did so, then there will be enough momentum for the other providers to do so too, and anyone using encryption would not stand out as a potential trouble-maker ....

The reason why it is importatnt to have a critical mass of communications in encryption is becuase otherwise the people encrypting sorely stand out. If I decide (which I would love to) start encrypting today, many people would wonder what sort of shady business I have gotten into. Not to mention Ashcroft would be after me, with a claim that I am some Lone-Wolf terrorist ...

My point is that there should be there has to be enough people encrypting for it to become feasible. If I am one of the people encrypting while others are not then I am the proverbial needle in a haystack. Any magnet can easily pull me out by my jugular ... If I am one of the many other people encrypting then I am just another hay in the hystack ... much harder then to grab me by my b**** ....

Encryption is good, but not the complete answer. (2, Insightful)

Anonymous Coward | more than 10 years ago | (#7754988)

Suppose all file sharing apps had encryption- if an individual can get on the network, then so can the individuals and robots working for the RIAA.

To defeat the RIAA all that is needed is a challenge that requires a HUMAN response. Right now they use robots- but they can't compete if they have to examine an image and type what it is (takes a real person).

A better approach than that, but harder and less efficient is something like Freenet-

but it really needs to use ed2k type links and incorporate a search for keys. And of course be written in C, so I don't have to install a bloated Java environment.

Perhaps Freenet might die if the RIAA decides to inject massive amounts of crap and download it (making their chunks popular and erasing existing files on the network.

So, freenet + human required = good, almost unbreakable.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?