p2pnet - rss feed: LimeWire: RIAA, MediaSentry ‘anti-pirate’ app
p2pnet news | RIAA News:- P2P file-sharing application LimeWire is routinely castigated by Vivendi Universal, EMI, Warner Music and Sony BMG and their RIAA (Recording Industry Association of America).
But, says Catherine Rampell in the Chronicle of Higher Education, neither the RIAA, the Big 4 nor their ‘investigator,’ MediaSentry, banned by the state police in Massachusetts, could get along without it.
Here’s her story>>>
To catch college students trading copyrighted songs online, the Recording Industry Association of America uses the same file-sharing software that online pirates love, an RIAA representative told The Chronicle at the organization’s offices during a private demonstration of how it catches alleged music pirates. He also said the group does not single out specific colleges in its investigations.
The demonstration was given by an RIAA employee who would speak only on condition of anonymity because of concern that he would receive hate e-mail.
The official explained that one way the RIAA identifies pirates is by using LimeWire, a popular peer-to-peer file-sharing program that is free online and used by many college students (there is also a more-robust version of the program sold for a small fee).
Here’s how the process works: The RIAA maintains a list of songs whose distribution rights are owned by the RIAA’s member organizations. It has given that list to Media Sentry, a company it hired to search for online pirates. That company runs copies of the LimeWire program and performs searches for those copyrighted song titles, one by one, to see if any are being offered by people whose computers are connected to the LimeWire network. For popular songs, the search can turn up dozens, if not hundreds, of hits. A search on Madonna’s latest release, “4 Minutes,” turned up more than a hundred users trading various copies of the song.
The LimeWire software allows users who right-click on any song entry and choose “browse host” to see all of the songs that a given file sharer is offering to others for download. The software also lists the IP address of active file sharers. (An IP address is a unique number assigned to every computer by Internet-service providers.) While the names of the people associated with particular IP addresses are not public, it is easy to find out which IP addresses are registered to each Internet-service provider. Using public, online databases (such as those at arin.net or samspade.org), Media Sentry locates the name of the Internet-service provider and determines which traders are located at colleges or universities.
Swift Detection
The process mimics how pirates themselves locate files but with a significant difference: speed. Media Sentry has automated the process by using scripting software that types in the songs, grabs the IP addresses, checks them, and forwards the information to the RIAA.
The RIAA’s first step against campus pirates is usually to send a Digital Millennium Copyright Act takedown notice, which asks the college to remove infringing content from its network.
In collecting evidence for those takedown notices, Media Sentry investigators do not usually download suspect music files. Instead, the company uses special software to check the “hash,” a sort of unique digital fingerprint, of each offered file to verify that it is identical to a copyrighted song file in the RIAA’s database. In the rare cases in which the hashes don’t match, the investigators download the song and use a software program sold by Audible Magic to compare the sound waves of the offered audio file against those of the song it may be infringing upon. If the Audible Magic software still doesn’t turn up a match, then a live person will listen to the song.
If there is a match, Media Sentry investigators will then engage in a so-called TCP connection, or an electronic “handshake,” with the computer that is offering the file to verify that the computer is online and is ready to share the song.
Based on that information, the RIAA will send a letter to the college asking for the song to be removed. The letter lists the name of the file and the date and time when Media Sentry investigators saw it available online.
On listservs and in interviews, some university administrators have recently questioned the validity of some of these takedown notices because they say they do not have any record of a download at the named IP address at the specified time. RIAA officials said this is because investigators performed only a “handshake.”
Seeking Settlements
In more serious cases of piracy, the RIAA sometimes decides to send out “prelitigation settlement letters,” which asks alleged infringers to cough up several thousand dollars in lieu of going to court and potentially facing a much more expensive punishment.
Before sending out the prelitigation settlement letters, Media Sentry investigators always download music files believed to be infringing on licensed songs. Live human beings then listen to those songs to verify that the files are infringing. A letter goes out to the college with the date and time when investigators saw that the song was available for sharing.
While the process for generating both takedown notices and settlement letters is largely automated, the RIAA said that before each warning is sent out, a full-time RIAA employee reviews each case to make sure the claim is legitimate and that the alleged pirate is in the United States. Thanks to the speed and ease of the automated process, though, the RIAA is “able to identify hundreds of instances of infringement on a daily basis,” according to RIAA spokeswoman Cara Duckworth. She also acknowledged that the RIAA can tell only when a song is being offered for users to illegally download; investigators have no way of knowing when someone else is actually downloading the song.
The organization does not perform similar automated investigations for file traders on commercial ISP’s (that is, Internet- service providers not operated by universities, such as Comcast). All notices received by commercial Internet-service providers are processed manually.
“The automated takedown notice program we have right now is solely university-focused,” said the anonymous RIAA representative. “We’re trying to make universities aware that they have an issue with peer-to-peer file sharing on their network, and so we don’t send automated notices to commercial ISP’s, I think because they are generally aware that there’s a problem.”
The RIAA said it does not single out particular academic institutions to be “made examples of.”
“We have no capability of targeting any school at all,” said the RIAA representative, who argued that there is a large “misperception” among university administrators that individual colleges are being picked on. “Technically we can’t do it. We find what we find with this process, and that’s what we send to schools.”
Catherine Rampell - Chronicle of Higher Education
[May 13, 2008 - Copyright © 2008 by The Chronicle of Higher Education, and re-printed with its permission.]
.
.Stumble It!
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe
to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.phpNet access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
May 13th, 2008 at 12:25 pm
As a college student, I find this very scary. Perhaps I’ll slow down on the downloading…
May 13th, 2008 at 12:41 pm
1. “We have no capability of targeting any school at all”
Ok, but they obviously have a way to toss out the universities that they don’t want to target; can you say “Harvard” or “Yale” anyone?
2. “She also acknowledged that the RIAA can tell only when a song is being offered for users to illegally download; investigators have no way of knowing when someone else is actually downloading the song.”
Yay! Finally official recognition that the RIAA has no case! The copyright law states that ‘distribution must take place’ in order to classify the civil offence of ‘distribution of copyrighted materials’ to have taken place. Thus, every case in the works now has a justifiable defense against the frivolous claims being made that the distribution component of copyright law has been broken.
3. “a full-time RIAA employee reviews each case to make sure the claim is legitimate and that the alleged pirate is in the United States.”
Interesting that an inadvertant slip of useful info was given out: they only process American IP addresses. That means that everyone using p2p software should enable the use of off-shore proxies to make their IP addresses appear to be foreign.
That also explains why IRC has remained untouched: most, if not all, IRC servers are out of the U.S. and thus beyond the easy reach of the RIAA. I’ve been touting the advantages of IRC for years now. I also highly recommend a program called “Peer Guardian” (Google it) for anyone doing p2p or IRC communications. Look it up, you’ll understand why.
Finally, I’ve also been saying this for years: someone needs to write a program that inaudibly changes the mp3 files slightly to alter their hash signatures. That will force MediaSentry, et al, to have to manually listen to *every* songfile they download. This is time-consuming in the extreme, and ensures the flood of DMCA Notices and subpoenas will be greatly slowed down.
May 13th, 2008 at 1:35 pm
1) The way they are using media sentry is using limewire is a beach of the Eula agreement and limewirw is enttitled to ask media sentry to stop using their software in this way.
2) media sentry is not authorized yo spy and investigate people because they are not licenced as an investigators and as such are breaking the lawe of many state.
3) By downloading only a portion of a file corresponding to an IP address does not mean that the given IP address is the source of the song. Why? Because the track is downloaded via multiple computers most of then not even sharing or having on their harddrive the song.
4) it is easy to make limewire at the source level to display an altered IP address even one that does not exist.
3 and 4 explain why they show up with so many IP address that ever does not exist, exist for a very short time or randomly fall on people that don’t evenrun any file sharing software. Of course nor the RIAA or medai sentry will admit this because this is the entire extortion operation that will cramble if they do.
Anyway it will cramble eventuly but by lying about it they are bying the time that is going to make the class action law suit big enough to put them out of business.
May 13th, 2008 at 1:41 pm
“a full-time RIAA employee reviews each case to make sure the claim is legitimate”
Obviously If the case is not legitimate they don’t care and begin the extortion process anyway because it give the feeling that they are working hard while they are just a bunch of lazy parasites.
May 13th, 2008 at 2:03 pm
“As a college student, I find this very scary. Perhaps I’ll slow down on the downloading…”
If you don’t share you are safe from them even without using any trick because there is no way they can get your IP. Just disable the sharing.
Even if you share your chance of being caught is extremly small. If you use peerguardian or an IRC proxy your chance are litteraly zero.
Dont’ feel guilty of you don’t share. Since this sharing thing is an exponetial to make an impact on the availability of file they will need to reduce file sharing to less that few percent. Since they are lowlife moron with no education or serious knowledge they don’t understand that!
I am running a server since more than 3 years sharing ton and ton of RIAA crap using the 3 majors p2p network at the same time, just to make them shit in their pans. And so far no news from them. I am not the only one to do this. Oh!!! and I am so scare!
Frankly if I was you I will not bother with what they sell and not even download it. Look at indies artists instead. Artists now can distribute their music themselves and no longer need the RIAA/MPAA mafia. Their is also some indies companies still selling great CDs and vyn at very very good price! Go withthem instead.
Use the RIAA radars http://www.riaaradar.com/ and the BPI radar: http://www.bpiradar.com/ To find out why not to buy.
May 13th, 2008 at 5:54 pm
PeerGuardian2 was my first though… it would work wonders
May 13th, 2008 at 11:18 pm
“As a college student, I find this very scary. Perhaps I’ll slow down on the downloading…”
Exactly what the RIAA want.
“Finally, I’ve also been saying this for years: someone needs to write a program that inaudibly changes the mp3 files slightly to alter their hash signatures. That will force MediaSentry, et al, to have to manually listen to *every* songfile they download. This is time-consuming in the extreme, and ensures the flood of DMCA Notices and subpoenas will be greatly slowed down.”
No, they’ll listen to ONE altered copy and then create a new digital hash for it which will then check for the altered copy of the song.
“PeerGuardian2 was my first though… it would work wonders”
The problem with PeerGuardian and other blocklists is that IP addresses can only be blocked AFTER they’re discovered. Media Sentry just needs to register some new IP addresses and suddenly, they’re not blocked anymore.
May 14th, 2008 at 2:27 am
The real problem with Peer Guardian and one you will not read about is that they add innocent folks to their blocklists and refuse steadfastly to remove them citing some nonesense about ISP’s in league with the RIAA dont deserve to be unblocked. when questioned further it becomes apparent they do not know how the p2p networks or p2p protocol’s works and end up adding valid and useful superpeer nodes to their lists thereby damaging p2p networks, they have also targetted individual p2p programs for blocking, filesharers friend ? … I dont thinks so.
The PG program itself is fine but while this blocklist lunacy continues it becomes the RIAA’s best friend, after all do any of you really believe the RIAA/MPAA have over 1/3 of all allocated internet addresses as this is what PG blocks.
May 14th, 2008 at 3:46 am
u mustn’t let your songs or IP address be viewed. If u can’t prevent it then use something else. To stop sharing is to ruin the p2p networks.
But I don’t see how each user can have a unique IP address. As far as I know ISPs don’t work like that. They assign a particular one to a range of users.
In any case the law now states that making files available doesn’t prove distributing. So if u get one of these notices, don’t worry. Make them prove it. And cite this important precedent. Learn the facts.
May 14th, 2008 at 4:03 am
You can force Peer Guardian to allow specific address blocks, like steam or arena net that get blocked by default. Peer Guardian is still a very good tool.
May 14th, 2008 at 11:17 am
Well you can Stray Mongrel but lets look carefully at how many are doing so, if its even 1% percent I would be surprised.
A poor list is of little value when it blocks many major ISP companies, I along with others have asked blutak who compile the PG lists to justify blocking dynamic IP ranges that are 99% consumer used, they have not done so, in fact they deleted the posts from their forum, so you have a choice , use a blutak compiled list that blocks filesharers or find another list specifically for the network you use, I prefer the latter route, smoke and mirrors is for those who are easily confused and it seems nothing will change until blutak block the entire internet in their ludicrous lists.
Blutak - The RIAA’s friend.
May 14th, 2008 at 8:10 pm
“But I don’t see how each user can have a unique IP address. As far as I know ISPs don’t work like that. They assign a particular one to a range of users.”
No, every user has a unique IP address. They *HAVE* to, or the net doesn’t know where to send the data. IP addresses are like phone numbers, if you don’t have a unique one, people can’t call you.
May 15th, 2008 at 2:05 pm
Perhaps Rekrul you need to add a little caveat to your posted information as many IP,s are allocated as and when needed by subscribers from a common pool help by the ISP company.
I personally have witnessed companies operating interdiction operations via such ISP companies acting in a proxy capacity, in fact I think its done on purpose.
The correct solution is to temporarily block the IP address as its what is well known as a “dynamically allocated IP” and likely to be in different hands in a short space of time often a week or two max.
Blutak fall over in their list making by adding such addresses as mentioned above to their lists for years and refuse to remove them regardless of them not even being in the hands of the enemy any longer than a fortnight, with anti file-sharing activities such as this occuring I urge no one to use blutak lists with PG.
I suggest trying to find one thats compatible with Peer Guardian but for the file sharing network you use as the smartest move, as I mentioned above blocking 1/3 of the internet (and rising) from filesharers is something the RIAA would be proud of.
May 15th, 2008 at 5:21 pm
“Perhaps Rekrul you need to add a little caveat to your posted information as many IP,s are allocated as and when needed by subscribers from a common pool help by the ISP company.”
True. What I meant, and what I probably should have made clear, was that every user has a unique IP address, at the time of use. A user may be assigned a different IP address every time they connect to the ISP, but whatever address they are assigned, will always be unique to them, for that session and can be tracked by the ISP. Of course if you pay for a static IP, it will always be the same.
The question of proxies did enter my mind and I was going to mention it, but I wasn’t sure if any ISPs send ALL traffic through a proxy, or just just certain protocols, like HTTP. I know I’ve seen the issue discussed with regard to hosting sites like Rapidshare (which uses IP addresses to identify non-paying users), but I can’t say I’ve ever seen it mentioned as an issue with P2P networks.
May 15th, 2008 at 9:53 pm
No, Rekrul not true. Multiple users sharing a home internet connection will all have the same internet IP, and each will also have their own internal network IP address. This is the situation where you have a wired hub or wi-fi access point. If the wi-fi is not secure, then unidentified leeches will likely share that same IP too.
What will differentiate one user’s session from the other are the different port numbers tied to the same IP address.
May 17th, 2008 at 6:47 pm
“No, Rekrul not true. Multiple users sharing a home internet connection will all have the same internet IP, and each will also have their own internal network IP address. This is the situation where you have a wired hub or wi-fi access point. If the wi-fi is not secure, then unidentified leeches will likely share that same IP too.
What will differentiate one user’s session from the other are the different port numbers tied to the same IP address.”
Ok, I admit that I didn’t think of that because I don’t have any real experience with local networks.
How about if I change it to; Each account has its own unique IP address at the time of use?