Monday, December 31, 2007

How to Use Dargens Music Downloads

  1. Click a picture on TV to INSTALL JAVA plugin.



  2. Search for MP3, AVI or other types of files.



  3. Click to download and play music, video or other types of files.

Sunday, December 09, 2007

New Version of Dargens - UPDATE


No not VB, its Java and Ruby on Rails. Damn these AI blog image finders.

New Version Update:

1)Works well with Firefox -GUI fully functional can search download and open from the web page.
2)GUI has an issue with IE6 - hope fully we can fix this within the week.
3)STUNT is not working well, needs to be re-done. Currently only working in one direction. This might take a couple of weeks to fix in between other jobs.

Please feedback bugs.

Saturday, December 08, 2007

Saturday, December 01, 2007

New Version of Dargens - ANts p2p Mod

New version of Dargens ANts p2p mod out now.

Now has first draft of web gui in use to search and download.

goto http://www.dargens.com/

Need you feedback and suggestions for website design.

Still fast, private and anonymous.

Friday, November 23, 2007

Dargens Download Free MP3s on the Train


Dargens works on the train.

As I write this I am downloading MP3s while on the 7:30am Waterloo to Portsmouth Harbour train.

As Dargens is a friend to Friend peer to peer service it keeps its connections and downloading speed despite the intermittent nature of internet connection while on the go.

Just need to sort out battery life now.

I have start working on a version of Dargens for Nokia N95 if anyone is interested.

Sunday, November 18, 2007

Download free MP3s | Anonymous p2p | Friend to friend network


CLICK on image in TV.
Then CLICK on START button.
Answer YES to pop-up questions to connect.

Download free MP3s | Anonymous p2p | Friend to friend network
Share unsigned new band MP3s with anyone.
No set-up | Connects through firewalls

See development blog (kerjodando a mod of ANts p2p)
Only people who know your private swarm page web address can connect to you.
You are 100% private and you can share with everybody.

Saturday, October 27, 2007

New Update - Darknet Functions Improved


The following have been done:


2007-10-23

make the upnp device send out info about kerj not ANTs p2p and gwren.


So modified UPnPDescriptor.java


2007-10-23

remove ants branding replace with branding from http://www.kerjodando.com/ website


So replaced all antsp2p.sourceforge.net


2007-10-23

Remove the warning of new version detected


So modified ConnectionAntPanel.java


2007-10-23

An exception on startup of the application


So modified this_componentResized() in FrameAnt.java


2007-10-24

Make STUNT work better.


STUNT A_ST2 timeout problem modified STUNT.jar


2007-10-23

Make STUNT work better.


A STUNT doesn't work problem modified Ant.java, no port conversion for STUNT URI


2007-10-18

For a logined user who has two swarms, must update its trusted peers in two swarms,must add peer ips to ipfilter.dat


So modified a lot, using session to control users' action


2007-10-16

For registered user, two swarms but only need one kerjo insteady of two kerjoes


So added five lines to jnlp_controller.rb, so that no two kerjos will be running.if count == 1 thenflash[:notice]="joined the swarm."redirect_to :backreturnend


2007-10-16

Logined users can not get a connection to other host


So modified jnlp_controller.rb,for logined users, the identity is wrongly set.replace_str <


2007-10-10

Not working with all version of Java


I'v spending many time to find the cause. Finally the jnlp is modified:1.jnlp is downloaded as random filenames2.set the $$href to empty.(Which will prohibit the new JWSes from downloading jnlp twice)


2007-10-10

Make STUNT work better.


STUNT has an unhandled timeout for state A_ST1 Add timeout and retry mechanism to A_ST1


2007-10-9

STUNT souce code is uploaded to google code


Will make reference to Dargens.com and Digiworld Ltd who paid for the work as well as Casper. Will put link on kerjodando development site.


2007-10-8

Make work with all versions of Java


The ObjectInputStream handshaking problem, this problem may exist in jre1.6.03The problem is stated at http://forum.java.sun.com/thread.jspa?threadID=649207&messageID=3820132 add keyAgreementOutStream.flush() to SecureServerSocketThread.java and SecureClientSocketThread.java


2007-10-8

Java problem


Jre 1.6.0_03 concerning problem1.setup environment, all peers should use the new java version


2007-10-8

Don't forget that this is also for week one:Try one connection method until connected.Only try to connect if not connected and then try internal, direct and stunt in that order. Also, make sure STUNT is working correctly by investigating error messages.


Added ConnectionThreadManager.java to solve this problem. Now, if one site is connecting, no more retries until the connecting process is finished.

Saturday, October 13, 2007

ANts p2p II


Now have swarm for ANts p2p network.

See here http://www.dargens.com/swarm/show_one/55523a67368a14ad903388a109df02f7

Click START to download and run.

Saturday, October 06, 2007

Test Anonymous Network for New Unsigned bands


New URL www.Dargens.com

Now has STUNT working firewall tunnelling and Upnp.

Sorry still only windows - working on mac and Linux compatibility.

Need folks to help testing.

A long way from finishing but making good steady progress.

Developer will be working full time from 8th October 2007.

Also, issue that JRE 1.60_02 and JRE 1.60_3 only work when jar is first downloaded.

JRE 1.60_01 and previous JRE versions work perfectly.

Friday, September 28, 2007

itsDargens Social Network P2P File Sharing (Testing)


Hi,

Ready to test (Sat 29th September 2007 Michaelmas).

Goto http://www.itsdargens.com/

Click on top left picture in TV.

(no need to login or register)


On next page, Click on START button where it says, "click here to start kerjodando:"

(IF YOU don't see START button but something else the download and install java from here.)

To get music you need to install the p2p thing by answering yes to install questions.

Then search for mp3* and right click to download music.

Then tell me if it works.

Thanks

(What's new is that it should now connect through firewalls).

Ez

Monday, September 24, 2007

Social Network P2P Filesharing


Please email me ( ezzy.elliott@gmail.com ) it you can help test the new firewall hole punching features of itsDargens social network p2p filesharing.

Friday, August 31, 2007

Nearly There with File Galaxy


STUNT is not working, Casper has had to rewrite a huge amount of code to get it working but we are nearly there.

Next steps are:

  1. Clean data on site
  2. Get site certificate to stop warning message when downloading client
  3. Finish explanation on how to use client on the site.
  4. Fix bug that stops client working with JRE 1.6_02 (works with 1.6_02)

Tuesday, August 21, 2007

Michel Bauwens Anonymous P2P Peer Production

I found this very interesting.

In the end users will make their own networks (friend to friend). These networks will be private and free.


Monday, August 13, 2007

Audio Galaxy


1. Testing has stopped on TCP NAT traversal due to Casper having to move City. Looking to re-start soon. A real pity as we were very close to completing project. C'est la vie - Suppose there is more to life than hacking code.

2. Web Gui to have three parts:

  • Search form (done)
  • Search results page and link to queue item for download (partly done)
  • Download queue page with progress indicator and link to open downloaded file
As Vincent has quit the project due to lack of free time I am looking for a new person to do this.

3. The completed kerjodando p2p will closely resemble the old Audiogalaxy website:
  • Web based interface
  • Queue files for later delivery and
  • Full parsing of mp3 meta data.

Monday, August 06, 2007

TCP NAT Traversal Testing for Anonymous File Sharing


Firewall hole punching implemented.

Now testing step by step.

So sometimes the test group http://www.itsdargens.com/swarm/show_one/86d1cca8104f981648eb1b1d0f0f3a39
might produce unexpected results.

Please try it we need more testers.

Thursday, August 02, 2007

Autonomous Anonymous P2P File Sharing


Let's be clear about this.

kerjodando p2p is an autonomous anonymous file sharing application.

To join the kerjodando network users bootstrap on to it using the www.itsDargens.com bootstapping service.

The bootstrapping service provides:
- a list of available public groups (private group details are only available from private user directly)
-a downloadable small java p2p application
-the ip address (uri) of other users in their group
-a blocking list to prevent non-group users connecting to group and
-a NAT traversal service so the two firewalled users can connect.

In computing, bootstrapping refers to a process where a simple system activates another more complicated system that serves the same purpose. It is a solution to the Chicken-and-egg problem of starting a certain system without the system already functioning.

An anonymous P2P computer network is a particular type of peer-to-peer network in which the users and their nodes are pseudonymous by default. The primary difference between regular and anonymous networks is in the routing method of their respective network architectures.

Tuesday, July 31, 2007

Bootstrapping to Anonymous P2P Networks


Even P2P overlays need some way to bootstrap in disconnected networks.

While DNS typically bootstraps with hardcoded IP addresses of the 13
root servers.

Ants p2p (version 2) kerjodando bootstraps using the itsdargens.com website.

Any user website can be set-up and used for this purpose.

Basically, all code is open source so that users can set-up own bootstrapping website.

The website replaces the current ANts p2p bootstrapping methods:
  1. irc (why use this method when a website is much more friendly)
  2. Gwebcache (this openly displays your ip address to strangers) and
  3. Random walk accross the ad-hoc network. This allows users who you are not connected to (and don't know) to find out who else is connected.

The itsdargens.com Ruby on Rails bootstrapping website will provides the following functions:
  1. Bootstrapping to a friend to friend group
  2. TCP NAT traversal

Monday, July 30, 2007

STUNT P2P TCP NAT Traversal on a Ad-hoc Overlay Network


I've been thinking about this TCP NAT Traversal (TCP hole punching a method that allows everyone to connect quickly without port forwarding).

I think the following changes are needed to kerjodando to make it work.

  1. Trusted Peers list (and itsDargens User database table) need to include two extra hidden fields, User ID (prob already in itsDargens database) and "use STUNT" flag. For example, if 100 users on a LAN connect to one group they will all have different user IDs although they have the same ip+port. Then when a user wants to connect to another user (after trying direct connection) they connect to STUNT using their user ID and signal (using SIPS) to another users ID. STUNT then tell them what ip+port to use to connect to that user ID. Also STUNT would set the "use STUNT flag" to yes.
  2. ItsDargens user database to change to include "use STUNT" flag
  3. Trusted peer file needs to download and use the included user IDs and "use STUNT" flag as well as ip+port.
The other thing I realised is that for signaling, users will have to maintain a connection to the STUNT server as long as they have a user (user ID) in their trusted peers list that they are not connected to.

However, once they have connected to all their trusted peers they can disconnect form the STUNT server.

Also, probably there will be some users that you can't connect to even with STUNT, maybe these should be marked as such in "use STUNT" flag and counted as connected when deciding if should disconnect form STUNT server.

To me a STUNT server consists of the following processes:
  1. Maintaing TCP user connections with many users (User IDs)
  2. Recording user (user ID) ip+port for at least two test connections from the user
  3. Calculating predicted ip+port for a user (User ID)
  4. Reply to a request to connect to a User ID with predicted ip+port
  5. Telling other User to also make a request etc
  6. Recording "STUNT flag" in user database table so that it can be included in downloaded trusted peers
  7. Recording if STUNT does not work


More About STUNT:

Found STUNT ( Simple Traversal of UDP Through NATs and TCP too) library in java:

http://nutss.gforge.cis.cornell.edu//jstunt-faq.php


What does the stunt.jar library provide?

It provides a way to establish unproxied TCP connections between two end-points, both of which can be behind a NAT. It returns a SocketChannel that can be used for blocking or non-blocking IO as the application desires.


How does one write a server-client or peer-to-peer applications with the library?

We have provided a simple server-client application consisting of an EchoServer ( http://nutss.gforge.cis.cornell.edu//EchoServer.java ) that accepts inbound connections from one or more EchoClient ( http://nutss.gforge.cis.cornell.edu//EchoClient.java ) applications.



Does the library require some infrastructure?

Yes. The library requires a rendezvous server (much like a directory server) where applications with one URI can find the application with another URI and coordinate to establish a connection. The library also requires some STUNT servers that help applications find out their external IP address and port for establishing the real connection.


Does the rendezvous server proxy data?

No. The rendezvous server only helps set up the connection. After that, all data is exchanged directly between the end-points and does not go through the rendezvous server.


Who provides the rendezvous and STUNT service? Who can use them?

We at Cornell University are providing a rendezvous and STUNT service for developers and researchers to use. However, if you wish to deploy your own application that uses the library, we ask that you set up rendezvous and STUNT servers only for your own applications such that you do not overburden the Cornell service (which is for research and development purposes) and so that outages and changes in the Cornell service doesn't affect your application. The rendezvous server ( https://gforge.cis.cornell.edu/frs/?group_id=15 )and STUNT server ( https://gforge.cis.cornell.edu/frs/?group_id=15 )code is freely available.


Is this library under active development? Will you implement feature X?

The library is a proof of concept that TCP NAT Traversal is possible and is intended to be a starting-poing for application developers who want to use it in a real-world deployable project. At the same time, it is a library that can be used more-or-less unmodified for research and quicky-development and prototyping of applications. Time permitting, I would like to implement various features that are requested; but I cannot promise that all features will be implemented in a timely fashion. I will do my best to make the library more suited to its primary goal -- show how the NAT TCP problem can be solved easily by applications.


I want to implement TCP NAT traversal in my application but don't want to use your library?

The TCP NAT traversal code is contained in the file STUNTCont.java ( https://gforge.cis.cornell.edu/plugins/scmcvs/cvsweb.php/old/stunt_java/src/net/nutss/stunt/STUNCont.java?cvsroot=cvsroot%2Fnutss ). It includes extensive documentation. Feel free to adapt the code to your application. The rendezvous service and the STUNT service are modular and may be replaced by your own implementations if you wish to use the rest of the library.



Also see http://en.wikipedia.org/wiki/STUN

Aslo see:

see STUNT

http://nutss.gforge.cis.cornell.edu/stunt.php

and

http://www1.ietf.org/mail-archive/web/p2prg/current/msg00789.html

and

http://en.wikipedia.org/wiki/NAT_traversal

and

http://reports-archive.adm.cs.cmu.edu/anon/isri2005/CMU-ISRI-05-104.pdf

and

http://emu.freenetproject.org/pipermail/tech/2005-September/011611.html

Saturday, July 21, 2007

kerjodando p2p - Your Own Private Internet


Hi

Now testing kerjodando p2p, your own private internet.

Search, download, enjoy.

  1. Goto test page here http://www.itsdargens.com/swarm/show_one/86d1cca8104f981648eb1b1d0f0f3a39
  2. Click START to open torrent file to download and install kerjodando p2p client
  3. Click RUN to accept kerjodando digital signature.
  4. When kerjodando opens wait for connection (3 minutes)
  5. Search
  6. Download by right-clicking on file and selecting download
Currently beta testing so email me back with comments.

Thanks

Thursday, July 19, 2007

TCP NAT TRAVERSAL and WEB GUI


I'm really excited at the moment.

Development is moving forward very quickly as my two developers and me are now working on ANts p2p everyday and they seem to be very enthused.

Once we have finished some house-keeping on the SVN and sorted out connections using trusted peers only we have two big things to work on.

They are working on are:

TCP NAT traversal and

Web Gui.

Both are very important for kerjodando as it is meant to be user friendly (web gui) and should be easy for small groups to use (TCP NAT traversal).

One big reason why ANts p2p version 1 does not work that well is because of human nature.

People in general (including me) are stupid and lazy.

So most people do not 'port forward' - so can only connect to those select few who do - this creates VERY BIG BOTTLE NECKS and security weaknesses.

Do you know how many people are connected to Ts**a and one or two others only - whereas Ts**a and one or two others have 20 connections!

Secondly, most people (even me ) can't be bothered to put their correct ip address in connections page - this stops them from being used by the random walk function, looking for peers with free slots, as it will show only user's internal ip address.

This leads to a very fragmented network with bottle necks.

Where there are no NAT issues for example on a LAN ANts version 1 works fine but put a NAT in and it doesn't for the reasons I mentioned earlier.

Well anyway TCP NAT traversal will make it possible for anyone to connect to anyone else this will mean that all peers will use up their maximum connections and so there WILL BE NO BOTTLENECKS ;-)

And the web gui will mean that ANYONE (who can code a web page) will be able to design a new GUI and that our GUI will be as EASY AS YOUTUBE or SEEQPOD to use ;-)

As for the new version of ANts p2p I am not convinced - it is either better or worse it can't be no change!

Monday, July 16, 2007

Firewall Tunnelling and Quicker User Connection


Tne next project is ensure that users connect quickly and easily to kerjodando. It has two parts:

1. Ensure that users connect quickly and easily to trusted peers ONLY (except for users using Upnp to connect to other LAN users)

Currently "Ants" has several methods of connecting these need to be removed leaving only trusted peers and Upnp.

There might be more than this but here are the methods I know:

  1. irc - REMOVED
  2. gwebcache - REMOVED
  3. peers - previous connections - LEAVE
  4. random walk across the network from peer to peer recording peers with free slots - TO BE REMOVED
  5. manual connect in advance tab - LEAVE
  6. trusted peers - IMPROVE SO THAT IT KEEPS TRYING UNTIL CONNECTION MADE WITHOUT ANY BANDWIDTH TESTING
  7. Upnp - LEAVE
This is important as with fewer users in each group quick connection is very important.


2. Using the itsDargens website as an intermediary develop a simple process to allow two peers with un-forwarded ports to connect.

I must admit that I don't fully understand the TCP/IP protocol but I would prefer if the solution involved a client connecting to website and then the website updating the trusted peers file to reflect the external port that was used. (This could be total rubbish on my part) The solution must be SIMPLE.

This is important as with fewer users in each group quick connection is very important and there is a high probability that both users may not have kerj ports forwarded.

Both jobs are urgent as the point of the application is to CONNECT and DOWNLOAD and currently about 50% of users can't connect!



The full list of things added and removed are:

Needed:
Own folder, separate from Ants - JAVA - OUTSTANDING
Client minimize to systems tray on opening - JAVA- OUTSTANDING
try to connect to trusted peers - JAVA- OUTSTANDING
itsdargens itermediate connection help where two users behind a firewall - RAILS - OUTSTANDING
ipfilter.dat - RAILS - OUTSTANDING
irc applet to website - RAILS- OUTSTANDING
email invite from google and IM on website - RAILS - OUTSTANDING


Not Needed:
Help page not needed as it is no help! - JAVA - DONE
Browser location setting no longer needed - JAVA - DONE
Monitor clip board for ed2k and ants links - JAVA - DONE
Random walk for new peers with free slots (must use trusted peers) - JAVA - OUTSTANDING
irc - JAVA - DONE
http tunnel - JAVA - DONE
ed2k hashes - JAVA - DONE
Search for peers on Gwebcache - JAVA - DONE
publish ip on gwebcache - JAVA - DONE
any restriction on peers connected to e.g. bandwidth - JAVA - OUTSTANDING

Tuesday, July 10, 2007

kerjodando Cutting it Back to the Core


2007-6-26 remove skin
SettingsAntPanel.java, jLabel18 and jComboBox4 removed.Four setLookAndFeel() have been modified. LookAndFeel were set to getCrossPlatformLookAndFeelClassName()
remove Trendy,Napkin,Liquid related jars

2007-7-9 http tunnel
HttpAntPanel class was totally removed, and other places where HttpAntPanel is used are also modified
HttpAntPanel.java modified, leaving only one static attribute 07-07-08
HttpPopupMenu.java removed. This popuo menu is only use in http tunnel tab

2007-7-9 ed2k hash
shared file no need to calculate its hashvalue
BackgroundEngine.java, leave sharedFilesIndexED2KHash as an empty object,DonkeyHashFile object removed
DonkeyHashFile.java removed
removed ants.p2p.utils.donkey.*, including Convert.java,DonkeyHashFile.java,DonkeyPacketConstant.java,MD4.java
In SharePopupMenu.java,jMenuItem2 was removed, generating a ed2k link is removed
FileInfos.java, calculating the ed2k hash of a file is replace with an empty string

2007-7-10 GWebCache
SettingsAntPanel.java: removed jCheckBox8 and jCheckBox9 and all concerning GWebCache
ConnectionManager.java: lastGWebCacheUpdate,lastGWebCacheFetch,publishIpOnGWebCache,searchIpOnGWebCache all removed
delete com.limegroup

2007-7-10 IRC bots
ConnectionManager.java, irc concerning things removed,org.jibble.pircbot.* not need again
SettingAntsPanel.java, a panel concerning IRC is removed
ConnectionAntPanel.jave,this.container.sap.* concerning IRC is removed,IrcBot related things removed
ICRbot.java deleted
ChatAntPanel.java deleted
ChatPopMenu.java deleted
UsersComparator.java deleted
SettingAntsPanel.java, checking if it is null before updating its look and feel

2007-7-10 Not monitor ed2k: link in clipboard
QueryLinkDaemon.java set ed2kFound=false;SettingAntsPanel.jCheckBox7.tooltips changed

Monday, July 02, 2007

You Can Use Any Port on ANts p2p version 2 (kerjodando)


The development team has just added a new option to use any port to connect to Ants p2p (kerjodando) YUM YUM!

See http://www.itsdargens.com/swarm/show_one/86d1cca8104f981648eb1b1d0f0f3a39

If you don't put a port then 443 is used.

443 is still the recommended port as it allows people behind firewalls to connect easily.

Please try it we need some feedback.

Friday, June 29, 2007

Port 443 in the Trusted Peer File


Currently kerjodando defaults to port 443 in the trusted peer file.

However, I have three computers on a LAN and so only one can use port 443.

So only one can be connected to from outside the LAN by using the trusted peer file.

This is now a very big issue.

I have received a lot of feedback from users (linux and Mac ) who can't use 443 so other users can't directly connect to them - they have to use an intermediary.

THIS HAS TO CHANGE.

So I propose that the developers add an input field on for port number on the swarm page e.g. http://www.itsdargens.com/swarm/show_one/86d1cca8104f981648eb1b1d0f0f3a39

Should put it below description but above start. Put the following highlighted text next to it.
Enter port for p2p client, if using a router this port must be forwarded (leave blank if not sure - default port is 443)

The default port should stay as 443. However if a user inputs a port number then this should be used instead of 443 in the trusted peers file that is downloaded every 5 minutes.

THIS TAKE PRIORITY OVER THE WEB GUI AS IT IS MY MISTAKE IN LOGIC THAT NEEDS TO BE FIXED.

NEED DO IT BEFORE CONTINUING TO WORK ON WEB GUI.

New Version of "Lucene" for ANts p2p


It is possible to use the new version of "Lucene".

See this web page "http://lucene.apache.org/java/2_0_0/"

The developers of ANts p2p version 2(kerjodando) are very busy.

They are working on:

1.Making the application smaller so that it loads faster and uses less "RAM".

2.Changing the "GUI" to make it easier for new Users to use.

(a) web browser "GUI";
(b) Alowing other ports other than 443 on www.itsDargens.co web site.

So there is no time to update Lucene.

However, it is an easy task for someone with a little Java experience and a lot of time.

See this page there is a clear upgrade path: http://lucene.apache.org/java/2_0_0/

If you want to help make "ANts-p2p" better email me at http://kerjodando.blogspot.com/ and see http://www.kerjodando.com/ "ANts-p2p" version 2

DOWNLOAD FASTER PRIVATELY

Tuesday, June 26, 2007

Concept Web GUI and Other Developments in the Pipeline


You can now view an alpha concept web GUI by launching kerjodando by clicking "Start" on this web page http://www.itsdargens.com/swarm/show_one/86d1cca8104f981648eb1b1d0f0f3a39
and then typing/clicking on the following, ONCE YOU HAVE CONNECTED TO A BUDDY GROUP (meet-up/swarm), http://www.itsdargens.com/webgui


Vincent is confident he can implement download function on web page in the coming weeks.

Casper is progressing well on the reduction in size of the client. Client size is now down to 4.3 mega bytes from 7.2 mega bytes. There are a few bugs but once these have been cleared then his code will be integrated with Vincent's on SVN!

Monday, June 25, 2007

Connecting to a P2P Network - ANts p2p and ANts p2p version 2 (kerjodando)

Port Needed to Connect to Ants p2p and Ants p2p version 2 (kerjodando)

Your Enviroment

Can You Connect?

Your Port

Port on Firewall Open?

Port forwarded?

YOU can connect TO OTHERS

OTHERS can connect TO YOU

443

Yes*

Yes

Yes

Yes

443

Yes*

No

Yes

Once you have connected to first user then others can connect to you.

Other Port

Yes

Yes

Yes

Once you have connected to first user then others can connect to you.

Other Port

Yes

No

Yes

Once you have connected to first user then others can connect to you.

Other Port

No

No

No

No

*This port is always open in firewalls;

Saturday, June 23, 2007

Feedback From Testing




Good:
Downloads fast
Uploads Fast
Loads of Content

Bad:
Lots of new users could not connect


Connection is the most important part of p2p. Once web gui is done and application made much small so quicker to download the next big priority is connection.

Currently you should have no probs if use port 443 and make sure that this is forwarded.

If you use another port (even if forwarded) then no one will be able to connect to you. You can only connect to others.

If you are behind a firewall or proxy and don't use 443 then you will not be able to connect.

So use port 443, make sure it is forwarded.

Use the proxy option if you're behind a corporate or university proxy like websence.

Tell you friends about it. Then you can make sure that you have someone to connect with and share with.

Wednesday, June 20, 2007

Smaller P2P - New Project Member Casper


The project now has a new team member, Casper.

He has been tasked to reduce the size and complexity of the kerjodando client.

He is starting work immediately.

His first task is make sure the admin of the project, svn etc is professional.

Sunday, June 17, 2007

kerjodando p2p updated with latest ANts p2p Code


I have updated kerjodando with the latest ANts p2p source code from Gwren. (see www.itsDargens.com)

For the next few weeks (months) while we are testing the meetups (private groups) have been switched off to make it easier to test.

The next update will be an example of the webgui showing searching.

Hopefully this will be tomorrow.

Saturday, June 16, 2007

Daily Updates of ANts p2p ver2 (kerjodando)


I am going to start publishing daily updates of ANts p2p version 2 (kerjodando) daily just as Gwren use to do now I've solved the signing problem.

The proposed versions are:
0.10 Current
0.11 Lastest source code as published by Gwren
0.12 Relaxing of restriction on speed of connections (so cable users will be able to connect to slower connections)
0.13 Relax bandwidth limits - so that more bandwidth can be used to download
0.14 Add extra connection types
0.15 Reduce the amount of bandwidth used for searches and super peers

0.20 Replace java GUI with a web browser GUI

0.30 Significantly reduce the size of the ANts p2p version 2 client (kerjodando)

0.40 Add email invites to allow users to invite their friend to their network

0.50 Significantly reduce the time taken to connect to the network

0.60 Launch personal file sharing networks (3rd phase); file sharing meetup places (2nd phase) and anonymous torrents (1st phase)

All the above are subject to change.

Friday, June 15, 2007

Learning Java


I feel confident enough to code in Java.

I just need to learn to sign Jars and then I will be able to publish updates weekly like Gwren use to do.

Monday, June 11, 2007

Source code of Latest Ants P2P Released


Project: ANts P2P (antsp2p)
Package: antsp2p developer
Date : 2007-06-11 03:51

Project "ANts P2P" ('antsp2p') has released the new version of package 'antsp2p
developer'. You can download it from SourceForge.net by following this link:
<https://sourceforge.net/project/showfiles.php?group_id=106782&release_id=515125
>
or browse Release Notes and ChangeLog by visiting this link:
<https://sourceforge.net/project/shownotes.php?release_id=515125>

Tuesday, June 05, 2007

Kerjodando Source Code and Gwren

Spoke on the telephone to Gwren (Roberto Rossi) yesterday. He seems to be enjoying life. He apologised for not publishing source code for a year for last update of ANts p2p. He promised to publish it as soon as he had time.

I have now published the FULL source code for kerjodando p2p on google code ( http://code.google.com/p/kerjodando/source ).

We currently have an issue with the web gui, it does not work, it won't return search results.

Vincent is working on it.

Hopefully, we will have a fix this afternoon.

Thursday, April 19, 2007

kerjodando goes to LRUG (London Ruby Users Group)

Attended the recent Ruby on Rails user group meeting in London. It was very useful. I made one contact. This is what I saw.

Friday, April 06, 2007

New Guide for Anonymous P2P


Quick

1.Goto www.itsdargens.com

2.Select a meetup

3.Click on start

4.Download kerjodando p2p client (click RUN)

5.Connect to other users

6.Search download enjoy


How do I start?

You'll need a computer with a fast internet connection and the latest version of Java, available free from here.

Then visit www.itsdargens.com and start downloading.

Check out the kerjodando Downloading Guide for more details.


Detailed

With kerjodando you can download and enjoy public domain and user created movies, TV shows, music videos, games and more. Here’s how:

You do not initially need to download the kerjodando client.

When you go to download a public domain and user created movie or TV show, you will be given the opportunity to automatically download and install the client then.

You will need the latest version of Sun's Java RE software to run kerjodando available from here (most computers already have this installed).

kerjodando works with Windows, Mac, and Linux.


1. Goto www.itsdargens.com (or some other Ant torrent indexing site) and click on image in TV or search for interesting networks (meetups).

No need to register or login.

However, creating an account will allow you to join more than two meetups (term used for mini network of friends) and to bookmark any intersting meetups that you find.

Find a cool meetup to join.

In this example, let's join an Indie rock and pop music meetup.

2. Click on start link on meetup page.

3. Wait while Java loads (10 seconds).

4.Wait while the kerjodando p2p client for that meetup downloads (1minute).

5.Click on RUN (wait about 30 seconds for p2p client to start).

6.Select language and OK.

7.Select Advance Mode and then OK.

8.To manually connect fill in "connect to neighbours" address and port from trusted peers and then click connect.

9.When connected (about 2 minutes to connect and 5 minutes to connect to super nodes) click on search tab.

10.Search, use search terms such as a*, mp3*, avi* or pdf* to get an idea of what is available for download.

11.Select a search result and right click and select download from sub-menu to download item.

That’s it!

Keep in mind that a number of the steps in this guide assume you have never downloaded anything before from a kerjodando meetup.

Once you are set up, it is normally just a matter of finding something, downloading, opening and enjoying it.

Also see Ants p2p guide for extra information.

Sunday, April 01, 2007

Privacy versus Intellectual Property: Detection Methods Used by Copyright Holders


Found this research paper on the web. I have marked the relevant parts in red.



Privacy versus Intellectual Property:

Detection Methods Used by Copyright Holders

Timothy M. Valdez

tim@idahovandals.com

Department of Computer Science

University of Idaho

Moscow, ID 83844

Dr. Paul Oman, advisor

February 2, 2004

Outline

I. Background

a. Intellectual Property versus privacy

b. Types: mp3’s, books; Napster, et al

c. Value of IP (loss of potential revenue) versus value of privacy

d. Methods of safeguarding IP

i. DRM

ii. Encryption

iii. Licensing (shrink-wrap, et al)

II. P2P and IM uses

a. Personal file sharing

b. Software and file backup

c. Community building

d. Freedom from electronic intrusions

e. Anonymous discussion and criticism

III. Detection and enforcement against infringing uses

a. RIAA hires outside firms for data mining

b. DMCA; Extravagant penalties

c. Legislation

i. Attempted law to legalize hacking into P2P computers

ii. H.R.2752 Author, Consumer and Computer Owner Protection and Security (ACCOPS) Act of 2003: “To encourage the development and distribution of creative works by enhancing domestic and international enforcement of the copyright laws, and for other purposes.”

iii. S.2048 Consumer Broadband and Digital Television Promotion Act (CBDTPA): “A bill to regulate interstate commerce in certain devices by providing for private sector development of technological protection measures to be implemented and enforced by Federal regulations to protect digital content and promote broadband as well as the transition to digital television, and for other purposes.”

iv. H.R.2517 Piracy Deterrence and Education Act of 2003: “To enhance criminal enforcement of the copyright laws, educate the public about the application of copyright law to the Internet, and clarify the authority to seize unauthorized copyrighted works.”

v. H.R.2885 Protecting Children from Peer-to-Peer Pornography Act of 2003: “To prohibit the distribution of peer-to-peer file trading software in interstate commerce.”

vi. H.R.5211 To amend title 17, United States Code, to limit the liability of copyright owners for protecting their works on peer-to-peer networks: “Amends Federal copyright law to protect a copyright owner from liability in any criminal or civil action for impairing, with appropriate technology, the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work on a publicly accessible peer-to-peer file trading network, if such impairment does not, without authorization, alter, delete, or otherwise impair the integrity of any computer file or data residing on the computer of a file trader.”

d. Offering monetary rewards for “information leading to...”

e. Denial of Service attacks on P2P networks

f. Napster-era file hashes

g. Flooding networks with fake files

h. Software written to sabotage P2P networks and computers downloading copyrighted music

IV. Problems with detection and enforcement methods

a. Loss of online privacy and anonymity

b. Possible trespass to chattels issue

c. Illegal subpoenas

d. Presumption of guilt

e. Loss of 5th amendment rights

V. Legislative activity regarding privacy and online freedom

a. Senator Norm Coleman (R-MN) letter to RIAA, follow-ups, congressional investigations

b. Pending legislation

i. H.R.107 Digital Media Consumers' Rights Act (DMCRA) of 2003: “To amend the Federal Trade Commission Act to provide that the advertising or sale of a mislabeled copy-protected music disc is an unfair method of competition and an unfair and deceptive act or practice, and for other purposes.”

ii. H.R.69 Online Privacy Protection Act of 2003: “To require the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals who are not covered by the Children's Online Privacy Protection Act of 1998 on the Internet, to provide greater individual control over the collection and use of that information, and for other purposes.”

iii. S.563 Computer Owners’ Bill of Rights. “To protect owners of computers, and for other purposes.”

iv. H.R.1066 BALANCE Act of 2003 (Benefit Authors without Limiting Advancement or Net Consumer Expectations) (formerly H.R.5522 Digital Choice and Freedom Act of 2002): “To amend title 17, United States Code, to safeguard the rights and expectations of consumers who lawfully obtain digital entertainment.”

v. S.692 Digital Consumer Right to Know Act of 2003. “To require the Federal Trade Commission to issue rules regarding the disclosure of technological measures that restrict consumer flexibility to use and manipulate digital information and entertainment content.”

vi. H.R.48 Global Internet Freedom Act: “Establishes in the International Broadcasting Bureau the Office of Global Internet Freedom to develop and implement a comprehensive global strategy to combat state-sponsored and state-directed Internet jamming and persecution of those who use the Internet.”

vii. H.R.3159 Government Network Security Act of 2003: “To require Federal agencies to develop and implement plans to protect the security and privacy of government computer systems from the risks posed by peer-to-peer file sharing.”

VI. Proactive methods and technologies to protect against network surveillance

a. Conversion of text file lists into graphic images to bypass automated detection

b. P2P file lists employing anti-bot images requiring user interaction

c. Randomize file and subdirectory names via script

d. Tarpits for bots

e. Use of Wi-Fi hotspots for anonymous connections

f. P2P file sharing software using encrypted communication protocols

g. P2P2P proxies

h. Changing MD5 hashes and/or CRC32 checksums of multimedia files

i. Use of darknets

VII. Conclusion

Abstract

Numerous methods are used by copyright holders in an effort to protect their Intellectual Property (IP) rights. In many cases those methods intrude on the real and perceived rights of Internet users to participate in private communications. This begs the question: at what point does privacy lose out against aggressive enforcement toward possible IP-infringing activities such as peer-to-peer file sharing? There is a monetary value attached to IP, and it is measured by the loss of potential revenue. There is also a value attached to an Internet user’s privacy, of which the loss is measured by the chilling effects imposed upon their online freedoms. There are many methods available for copyright holders to protect IP using Digital Rights Management that do not interfere with the privacy rights of individuals. While it has been shown that a few technologies such as peer-to-peer (P2P) and Instant Messaging facilitate IP-infringing activities, there are also many acceptable uses for these technologies. An example of a law that has privacy implications is the Digital Millennium Copyright Act (DMCA). This law has been the basis for many recent non copyright-related lawsuits. Copyright holders are connecting to the largest P2P networks and filing subpoenas with Internet Service Providers to obtain personal information about potential IP infringers. This leads to a loss of the expectation of privacy that Internet users are accustomed to. If the copyright holders electronically enter the hard drives of P2P users they may be held liable for possible trespass to chattels or other legalities. These actions deprive the P2P user of their due process rights and the expectation of innocence. Recognizing that copyright holders such as the Recording Industry Association of America (RIAA) may be too zealous in their detection methods, Senator Norm Coleman (R-MN) has begun proceedings to investigate the privacy implications of their information-gathering procedures. In addition, several bills have been introduced in an effort to curb the misuse of the DMCA. Before these new laws and amendments take effect, P2P users will need to take steps to protect their privacy from the detection methods employed by copyright holders such as the RIAA and its subsidiaries.

Background

The passage into law of the Digital Millennium Copyright Act (DMCA) in October 1998 has affected the balance between consumers’ right to use of resources, and copyright holders’ desire to control their property. This was a direct result of the creation of file-sharing software Napster by University of Michigan student Shawn Fanning in 1999 [6]. The Recording Industry Association of America (RIAA) has filed thousands of subpoenas and instigated hundreds of lawsuits against peer-to-peer (P2P) software users in an attempt to prevent the illegal online sharing of their intellectual property (i.e. music files). This conflict between content owners and content users is occurring due to the differing values attributed to the Intellectual Property (IP) of copyright holders versus consumers’ freedom to use purchased material in any method they wish. Music-purchasing customers are discovering that the implementation of certain Digital Rights Management (DRM) components in music CD’s prevents “fair use” of those works. A recent marketing attempt to distribute copy-protected music compact discs met with failure due to consumers’ inability to play them in their cars and computers; they had lost the freedom to use their purchased material as desired. The technical methods employed by this DRM were bypassed by customers with only a felt marker [5]. This example demonstrated to the industry that even highly technical DRM methods are not foolproof.

Section 107 of the Copyright Act of the United States defines a four-factor test for the fair use of IP, generally applied by the courts (when necessary) on a case-by-case basis:

  1. the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
  2. the nature of the copyrighted work;
  3. the amount and substantiality of the portion used in relation to the copyrighted work as a whole;
  4. the effect of the use upon the potential market for, or value of, the copyrighted work [4]

Historically, consumers have been able to legally make a copy of a VHS movie, and even software, for archival backup purposes. With new DRM processes and shrink-wrap licenses that capability can be prevented by the copyright holder, thus preventing fair use of the content. Recent court cases have upheld the legality of shrink-wrap licenses preventing the reverse-engineering of software [7], which is a programming technique used to enable market competition and product interoperability. You may be held liable for numerous offenses by reverse-engineering the protection on any DRM in an attempt to bypass or remove the protection to allow saving the content in a new format or simply backing it up.

Each of these mediums (music files, movie files, and electronic books) presents unique challenges to DRM systems. Adobe introduced an encryption scheme based on their Portable Document Format (PDF) to protect books converted into an electronic version. This “e-Book” design [8] used a weak password algorithm [9] to encrypt the contents of the book. This same technique was used to embed software tokens in the data stream which selectively enabled or disabled the ability to print out or copy the file. A company in Russia reverse-engineered this algorithm and began marketing a product [21] to break this protection. Simultaneously, it was discovered that by using a common open-source PostScript-management product one could remove these embedded tokens and some forms of file protection as well. This example demonstrates that the laws in the United States may not be enforceable in different countries such as Russia, where it is legal to sell copy-protection removal software.

IM and P2P

Both Instant Messaging (IM) and Peer-to-Peer file sharing have significant legal uses such as personal file sharing, archival software backup, commercial software support, and anonymous discussion, none of which infringe on any copyrights. IM technology provides the privacy necessary for the freedom of expression and debate of personal and sensitive issues within the Internet community. This anonymous method of communication is what has allowed the Internet to be widely regarded as having freedom from undesirable intrusions. The Supreme Court has consistently afforded first amendment protection to the anonymous posting of comments and “whistle blowing”: “Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent. Anonymity is a shield from the tyranny of the majority.” [1]

In Reno v. ACLU the Court further upheld anonymous free speech and updated their earlier decision to include the Internet:

Through the use of chatrooms, any person with a phone line can become a town crier with a voice that resonates farther than it could from any soapbox. Through the use of webpages, mail exploders, and newsgroups, the same individual can become a pamphleteer.” [2] In the conclusion of this case, the Court added: “As a matter of constitutional tradition, in the absence of evidence to the contrary, we presume that governmental regulation of the content of speech is more likely to interfere with the free exchange of ideas than to encourage it. The interest in encouraging freedom of expression in a democratic society outweighs any theoretical but unproven benefit of censorship.” [ibid]

Morpheus (a popular P2P client application) was sued for failing to prevent the IP-infringing uses of its software by customers. They won a motion for summary judgment primarily based on the decision in Sony v. Universal Studios (the famous Betamax case) where the Supreme Court declared: “…the mere capability of substantial noninfringing uses is all that is required to protect a new technology from an attack grounded on allegations of contributory copyright infringement.” [37] (emphasis mine)

Separately, in MGM v. Grokster (a case hinging on the possible requirement of a software company to produce a product that prevents infringing uses) the Court followed up with a similar decision:

The doctrine of vicarious infringement does not contemplate liability based upon the fact that a product could be made such that it is less susceptible to unlawful use, where no control over the user of the product exists.” [MGM v. Grokster, 259 F. Supp. 2d at 1045-46 (emphasis in original).] Additionally the Court said: “It is no surprise that – just as the studios initially resisted video tape rather than releasing prerecorded tapes – the established record and movie companies have resisted opportunities to exploit peer-to-peer technology. When one entirely dominates the existing means of distribution, one tends to resist change.” [38]. The Court further states: “In the case of the music and motion picture industries, permitting the incumbent leaders to suppress disruptive technologies will leave not just society, but copyright owners themselves poorer over the long run.” [39]

These court cases have shown that the judicial branch of our government is more savvy than anticipated. It is important to note that the future use of a product must be contemplated while determining if an infringing activity is taking place. An analogous case involving a P2P product named Madster (formerly Aimster) was lost because the defendant (Madster) used examples with copyrighted music files in their program documentation tutorials and also failed to produce any evidence of significant non-infringing product usage.

In an activity related to freedom of speech, the Sarbanes-Oxley Act of 2002 (as passed by the Senate, titled: Public Company Accounting Reform and Investor Protection Act of 2002) [10] which became law in the wake of the Enron debacle gives significant protection to whistleblowers. More recently a June 24, 2003, 9th Circuit Court of Appeals decision gave §230(c) of the Communications Decency Act [3] more protection to anonymous Internet posters than the First Amendment [ibid] and directly addressed “CyberSLAPP” lawsuits (Strategic Lawsuits Against Public Participation) [12] which attempt to prevent public criticism of companies and individuals. These “CyberSLAPP” lawsuits have been consistently dismissed by the courts, yet the newly-elevated subpoena provision of the DMCA allowed corporations and powerful citizens to issue similar “John Doe”-like subpoenas and thereby circumvent this trend, but only if the ISP actually stores the copyrighted materials on their servers and doesn’t just act as a conduit for P2P network activity. [32]

In an attempt to subjugate the anti-P2P actions of the RIAA, MPAA, and similar agencies, Sharman Networks, the creators of the KaZaA file-sharing software, modified their End-user License Agreement (EULA) in October 2003 to provide for their indemnification from any illegal or improper use of their software and network by end users:

2.11 Monitor traffic or make search requests in order to accumulate information about individual users; […]

2.14 Collect or store personal data about other users [55]

They also added verbiage that attempts to prevent the use of their software and network for the purpose of discovering or tracking users’ identities. Historically the courts have upheld shrink-wrap licenses, and it will be interesting to see if this new tactic holds up when it is challenged in the current court case wherein Sharman is suing the record labels and movie studios [56].

Detection Methods

I will concentrate on the current actions employed by the RIAA in their attempt to detect infringing uses of copyrighted materials. The RIAA has retained several companies such as MediaSentry, Cyveillance, BayTSP, and Vidius to broaden their detection and data mining capabilities. Possible detection steps [23] employed by the RIAA and its hired tracking firms are as follows:

  1. Use automated software agents known as “bots” to scan popular P2P networks for potentially-infringing file trading of copyrighted material;
  2. Once a probable list of files is located, download a certain number for later manual verification by a human;
  3. The bot logs the user’s screen name, protocol bring used, network address and looks up the ISP contact information presumably through a “whois” search;
  4. Each file will have a checksum computed and compared to a database of Napster-traded music file hashes (dating back to May 2000) searching for a possible match;
  5. The RIAA then prepared a DMCA discovery subpoena for the Internet Service Provider (ISP) in preparation for future legal action against the P2P user. Due to bad publicity they also started sending out letters to each suspected infringer with a settlement offer in lieu of court action.

Recently, the RIAA suffered a setback in their subpoena campaign when a Federal district court overturned a lower court’s decision on the DMCA subpoena process, stating that the DMCA was passed by Congress before P2P technology existed thus that activity is exempted from the subpoena provision [32]. Now they have the added expense of filing an actual “John Doe” lawsuit against the suspected offender, which then legally allows them to subpoena the ISP for any requested information on that IP address. Putting a twist on the outcome, RIAA president Cary Sherman stated this was an unfortunate event, since it now prevents them from sending letters to the people prior to filing a lawsuit against them.

This automated method is in addition to the brute-force approach of simply logging on to the P2P network with a compatible file-sharing program and searching for potentially-infringing material. In a white paper dated September 11, 2000, titled To Catch a Cyber Thief Arlington, Virginia-based Cyveillance introduces a system of Intellectual Property Protection Solutions they call NetSapien™ Technology: the most powerful business search and analysis tool available” which spiders the billions of web pages on the Internet for relevant content and assesses the meaning of that information for marketing intelligence, customer and brand loyalty [11]. This technology makes searching for unauthorized copies of intellectual property much smarter than blindly doing a keyword lookup on a web search engine [ibid].

A similar approach is employed by Los Gatos, California-based BayTSP; however they go further by actually sending infringement notices to the user and their ISP as well as monitoring for compliance of takedown notices (international infringement notification complies with the Berne Convention.) [24] The automated system runs 24x7 and according to their website “monitors all major P2P networks … global surveillance of the Internet, including web sites, FTP sites, P2P networks, IRC sites, newsgroups, and auction/retail sites.” [25] “BayTSP has patented technology that utilizes the extracted DNA of a specific digital file - still image, video, audio, etc.- which its spiders track on the Internet, FTP sites, peer-to-peer networks, IRC, Usenet, and auction/retail sites.” [ibid]

MediaSentry, a New York-based corporation, also scans the Internet looking for pirated copies of music and videos:

Using a sophisticated network of Internet-based software and data mining techniques, MediaSentry patrols the Internet for possible copyright infringements. Full support is offered for peer-to-peer file trading communities, IRC networks, websites, FTP sites, and newsgroups. A continuously updated catalog of infringements is cross referenced against a database of client materials… The core MediaSentry engine uses advanced heuristics, self-adapting searches, neural search algorithms, and probability ranking formulas, permitting an unprecedented ability to accurately detect piracy and ensure compliance with copyright laws.” [26]

MediaSentry is one of the most hated anti-P2P companies because they actively inject spoofed decoy files on P2P nodes while simultaneously downloading every available infringing file to prevent their download by other file sharers.

In a 75-page, 2001 study titled “The Copyright Crusade” Viant Media and Entertainment CTO Frank Andrew explored the influence of P2P file sharing on the business models of copyright holders [27]. His findings suggested that piracy and copyright infringement via the Internet are runaway activities that must be curtailed soon by copyright holders, and he offers some rudimentary statistics on several methods of Internet file trading such as common P2P clients and the use of Internet Relay Chat (IRC) channels. He concludes that using IRC is not easy for the majority of Internet customers, yet 22% of daily pirated movies pass through IRC servers [ibid]. So far, IRC has remained under the radar of the RIAA, MPAA, and their partners but that is certainly going to change soon.

Enforcement

The Digital Theft Deterrence and Copyright Damages Improvement Act of 1999 amended §504(c) of the U.S. Copyright Act to allow for fines of $750 to $30,000 per infringing act and up to $150,000 per each willful infringement (up to $250,000 per work for repeat offenders) [13]. The DMCA contains a safe-harbor provision that protects ISP’s from legal action if they willingly and promptly comply with subpoena requests. This has led to the ISP capitulating rather than risking criminal penalties, with a resultant loss of privacy and anonymity for their customers. Verizon Internet Services recently attempted to quash an RIAA subpoena seeking the identity of a subscriber who allegedly downloaded over 600 copyrighted music files via the KaZaA P2P network [22]. Verizon cited privacy, First Amendment, and due process issues, as well as the fact that Congress never considered P2P technology when drafting the DMCA “because that technology did not exist in 1998” [14]. The motion to quash was denied by the district court, but on appeal, and after another DMCA subpoena was served upon Verizon, the appeals court overturned those decisions and found for Verizon, calling portions of the RIAA’s argument “silly”:

The issue is whether § 512(h) applies to an ISP acting only as a conduit for data transferred between two internet users, such as persons sending and receiving e-mail or, as in this case, sharing P2P files. Verizon contends § 512(h) does not authorize the issuance of a subpoena to an ISP that transmits infringing material but does not store any such material on its servers. The RIAA argues § 512(h) on its face authorizes the issuance of a subpoena to an “[internet] service provider” without regard to whether the ISP is acting as a conduit for user-directed communications. We conclude from both the terms of § 512(h) and the overall structure of § 512 that, as Verizon contends, a subpoena may be issued only to an ISP engaged in storing on its servers material that is infringing or the subject of infringing activity. [] Finally, the RIAA argues the definition of ‘[internet] service provider’ in § 512(k)(1)(B) makes § 512(h) applicable to an ISP regardless what function it performs with respect to infringing material – transmitting it per § 512(a), caching it per § 512(b), hosting it per § 512(c), or locating it per § 512(d). This argument borders upon the silly. [] In sum, we agree with Verizon that § 512(h) does not by its terms authorize the subpoenas issued here. A § 512(h) subpoena simply cannot meet the notice requirement of § 512(c)(3)(A)(iii). [] We are not unsympathetic either to the RIAA’s concern regarding the widespread infringement of its members’ copyrights, or to the need for legal tools to protect those rights. It is not the province of the courts, however, to rewrite the DMCA in order to make it fit a new and unforseen [sic] internet architecture, no matter how damaging that development has been to the music industry or threatens being to the motion picture and software industries.” [32] (emphasis mine)

Per the decision above it is no longer appropriate for the RIAA to send discovery subpoenas to ISP’s requesting file sharing customers’ contact information when the ISP’s are merely acting as a conduit for P2P network traffic [ibid]. This is perhaps unfortunate, since it implies that the DMCA will soon have a large sum of “special interest” money thrown at it in an effort by large corporations to have this particular shortcoming amended.

Several bills have been independently introduced by the House and Senate to further protect the interests of big business IP owners and copyright holders from piracy and infringing uses of their property:

  • H.R.2752: Author, Consumer and Computer Owner Protection and Security (ACCOPS) Act of 2003: “To encourage the development and distribution of creative works by enhancing domestic and international enforcement of the copyright laws, and for other purposes.” [33] This bill, introduced in the House by John Conyers (D-MI) and Howard Berman (D-CA), makes a federal offense out of providing false information when registering a domain name, and in an attempt to prevent consumers’ computers from being searched without their knowledge it requires that file-sharing sites get consent before storing files on a computer or searching for content. It proposes penalties of up to five years in prison and a $250,000 fine for uploading a copyrighted file to a P2P network and also bans videotaping a movie in a theater. Pop singer Michael Jackson, among others, disagrees with this, stating “I am speechless about the idea of putting music fans in jail for downloading music. It is wrong to illegally download, but the answer cannot be jail...It is the fans that drive the success of the music business; I wish this would not be forgotten.” [34]

  • H.R.2517: Piracy Deterrence and Education Act of 2003: “To enhance criminal enforcement of the copyright laws, educate the public about the application of copyright law to the Internet, and clarify the authority to seize unauthorized copyrighted works.” [36] This Act purports to create an educational program to inform citizens of the benefits of the copyright system in America, as well as inform educational institutions and corporations of copyright law compliance. The FBI would be required to develop a program to deter citizens from copyright infringement. The Department of Justice would be required to hire and train at least one agent specializing in intellectual property crime investigation. Finally, the Bureau of Customs and Border Protection would be authorized to seize all infringing works regardless of whether they have been registered with the Copyright Office. The problem with these requirements is one of training and interpretation of the law. None of these programs has a clause requiring knowledge of the difference between legal and illegal uses of copyrighted works, the so called “fair use” clause of the Copyright Act. If this is not attended to, there will be more harm caused by the improper seizure of works than good.

  • H.R.2885 Protecting Children from Peer-to-Peer Pornography Act of 2003: “To prohibit the distribution of peer-to-peer file trading software in interstate commerce.” [40] The supporters of this bill believe that since P2P software is so popular, and since there is so much pornography being traded, then children need to be protected from inadvertently downloading it because the “production of pornography is intrinsically related to child abuse.” [ibid] Also, supporters believe that P2P software gives free and open access to users’ hard drives and most users do not realize this. Aside from the obvious flaws in this logic, there are more problematical issues at stake. The Act contains a requirement that all P2P software installation programs must look for and comply with a parental “do-not-install” flag on the computer, if it exists. This may not be feasible to implement, and most certainly would be easy to circumvent by most teenagers. There is also a requirement that the P2P software alert the user to any action that might breach their privacy or allow others to view files on their computer. Such activities include: bypassing personal firewall software, becoming a high-speed file sharing supernode on a P2P network, or even searching for available files to download. All of these mandated alerts would prove to be extremely burdensome to the average software user. The final requirement would be that non-U.S. residents that distribute P2P software must have a U.S. agent designated for process service. Since every popular P2P program has been written by either an individual or a non-commercial group, and most are off-shore, this would be a financial burden.

  • H.R.5211 To amend title 17, United States Code, to limit the liability of copyright owners for protecting their works on peer-to-peer networks: “Amends Federal copyright law to protect a copyright owner from liability in any criminal or civil action for impairing, with appropriate technology, the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work on a publicly accessible peer-to-peer file trading network, if such impairment does not, without authorization, alter, delete, or otherwise impair the integrity of any computer file or data residing on the computer of a file trader.” [41] This resolution attempts to make it legal for anyone to launch a Denial of Service (DoS) attack against a P2P network without repercussion if they believe that their copyrighted material is being traded over that network. Proponents state this is akin to making every copyright holder a judge, jury, and executioner without proper judicial oversight. Again, there is no way for the copyright holder to know for what purpose their works are being downloaded, since fair-use is permitted within certain guidelines.

Anti-P2P Actions and Detection

The RIAA and its hired tracking firms have several options at their disposal if they wish to lessen or prevent copyrighted content from being traded over P2P networks. It is known that some of the following techniques are currently being used or might be used soon, and at least one is being prepared for use:

  • Offering monetary rewards for “information leading to the identification of...”
  • Denial of Service attacks against P2P networks in an attempt to make them unusable
  • Flooding the P2P networks with fake music files containing white noise or anti-piracy messages
  • Using “original” Napster file hashes for comparison of traded music files with known pirated copies
  • Using software written to sabotage P2P networks and the computers downloading copyrighted music [15]
  • Embracing the technology and building a viable business model around it instead of alienating customers

If the RIAA or its agents access a P2P network with the intent to either flood the network with fake multimedia files or otherwise perform a denial of service action, they could be liable to a civil lawsuit under the “trespass to chattels” common law. This intentional tort (a wrongful act…that injures another and for which the law imposes civil liability) [18] is defined as: “…an intentional interference with a plaintiff's right of possession to personal property. This may occur if a defendant damages the property or deprives the plaintiff of possession of the property.” [19]

The use of software [15] written specifically to disrupt network communications or personal computers engaged in same may also fall under the trespass to chattels tort. This angle has yet to be explored in court.

Constitutional issues might also arise. The Fifth Amendment to the Constitution of the United States of America contains the following text:

No person shallbe deprived of life, liberty, or property, without due process of law; [The Fifth Amendment] can be asserted in any proceeding, civil or criminal, administrative or judicial, investigatory or adjudicatory; and it protects against any disclosures which the witness reasonably believes could be used in a criminal prosecution or could lead to other evidence that might be so used.” [20]

The “Due Process” clause affords many rights to the individual, yet the subpoena provision of the DMCA does not take those rights into account.

The methods employed by the RIAA for detecting materials being downloaded by web and P2P users, in conjunction with the associated presumption of guilt, intrude upon the privacy expectations of Internet patrons with the loss of online privacy and anonymity as a result. Some of these methods have been mentioned previously.

The issuance of subpoenas to a P2P-user’s ISP for possibly-infringing file trading activities, in the absence of solid evidence, could be construed as a privacy invasion. If it is later determined that no laws were in fact broken, the loss of anonymity, public integrity, and time spent dealing with the actions of the RIAA can not be regained. There is also no guarantee that the ISP will be able to identify the actual person who is performing the action. All they can potentially do is confirm that the logged-in account’s computer was connected at the time specified in the subpoena.

The subpoena process specified in the DMCA runs contrary to the accepted procedure known in legal circles as “Rule 45” (of the Federal Rules of Civil Procedure) which states: “If separate from a subpoena commanding the attendance of a person, a subpoena for production or inspection shall issue from the court for the district in which the production or inspection is to be made.” [16] (emphasis mine) This is how both Massachusetts Institute of Technology and Boston College successfully quashed the subpoenas from the RIAA attempting to obtain the identities of several students alleged to be conducting illegal file sharing [17]. In response, the RIAA simply filed the subpoenas again in the state of Massachusetts. Now that the DMCA subpoena process has become unenforceable for P2P network traffic, the media companies are going to have to find a new method for detecting the owners of any IP addresses suspected of trading copyrighted materials across P2P networks.

Legislation

Congress has recognized the problem of maintaining citizens’ online anonymity and privacy, and has been proposing legislation that appears to begin the process of balancing property holders’ and users’ rights. The most vocal proponent is Senator Norm Coleman (R-MN) who recently sent a letter to the RIAA [42] asking for the specific methods they use to identify illegal file sharing and what safeguards are in place to protect P2P users’ privacy. The RIAA responded to the request quickly [43]. This action was initiated due to the voluminous number of subpoenas the RIAA has filed in Washington D.C., currently holding at 382, which required extra court clerks to process the enormous tide of paperwork [42]. Each piece of proposed legislation has pros and cons, but all are designed to more equitably balance copyright law and empower the consumer with knowledge and rights. Senator Coleman is also holding congressional hearings in an effort to lessen the bludgeoning of citizens by the RIAA.

The House of Representatives has the following items on the table:

  • H.R.107 Digital Media Consumers' Rights Act (DMCRA) of 2003: “To amend the Federal Trade Commission Act to provide that the advertising or sale of a mislabeled copy-protected music disc is an unfair method of competition and an unfair and deceptive act or practice, and for other purposes.” [44] This bill attempts to correct two things: 1. it directs the FTC to ensure the proper labeling of copy-protected music CD’s to help avoid consumer confusion and disappointment prior to purchase; 2. it restores balance in U.S. Copyright Law. It reaffirms fair-use under the DMCA by allowing the circumvention of a protection mechanism as long as no copyright infringement is taking place. The BetaMax standard (Sony v. Universal) would be reaffirmed by enabling the use, manufacture, and distribution of software and hardware that bypasses protection mechanisms as long as it is capable of significant non-infringing uses. Finally, scientific research into methods of bypassing protection mechanisms other than encryption would be protected, as well as the creation of tools to facilitate such research.

  • H.R.69 Online Privacy Protection Act of 2003: “To require the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals who are not covered by the Children's Online Privacy Protection Act of 1998 on the Internet, to provide greater individual control over the collection and use of that information, and for other purposes.” [45] All online service and web site operators will be held accountable for any privacy leaks which occur as well as having to release a list, upon demand, of all persons and companies to whom they have released any personally identifiable information on a customer. A violation will be treated under the Federal Trade Commission Act as “a violation of a rule defining an unfair or deceptive act or practice” [ibid].

  • H.R.1066 BALANCE Act of 2003 (Benefit Authors without Limiting Advancement or Net Consumer Expectations) (formerly H.R.5522 Digital Choice and Freedom Act of 2002): “To amend title 17, United States Code, to safeguard the rights and expectations of consumers who lawfully obtain digital entertainment.” [46] This bill amends the Copyright Law in several areas:

(1) include analog or digital transmissions of a copyrighted work within fair use protections; (2) provide that it is not a copyright infringement for a person who lawfully obtains or receives a transmission of a digital work to reproduce, store, adapt, or access it for archival purposes or to transfer it to a preferred digital media device in order to effect a non-public performance or display; (3) allow the owner of a particular copy of a digital work to sell or otherwise dispose of the work by means of a transmission to a single recipient, provided the owner does not retain his or her copy in a retrievable form and the work is sold or otherwise disposed of in its original format; and (4) permit circumvention of copyright encryption technology if it is necessary to enable a non-infringing use and the copyright owner fails to make publicly available the necessary means for circumvention without additional cost or burden to a person who has lawfully obtained a copy or phonorecord [sic] of a work, or lawfully received a transmission of it.” [47]

  • H.R.48 Global Internet Freedom Act: “To develop and deploy technologies to defeat Internet jamming and censorship.” [48] This Bill:

Establishes in the International Broadcasting Bureau the Office of Global Internet Freedom to develop and implement a comprehensive global strategy to combat state-sponsored and state-directed Internet jamming and persecution of those who use the Internet. Requires an annual report from the Office to Congress on the status of state interference with Internet use and of U.S. efforts to counter such interference. Expresses the sense of Congress that the United States should: (1) denounce governments that restrict, censor, ban, and block access to information on the Internet; (2) direct the U.S. Representative to the United Nations to submit a resolution condemning such actions; and (3) deploy technologies aimed at defeating state-directed Internet censorship and the persecution of those who use the Internet.” [49]

  • H.R.3159 Government Network Security Act of 2003: “To require Federal agencies to develop and implement plans to protect the security and privacy of government computer systems from the risks posed by peer-to-peer file sharing. Requires the Comptroller General to review and report to specified congressional committees on the adequacy of such agency plans.” [50]

The Senate has not been sitting idle either; they have introduced these relevant bills:

  • S.563 Computer Owners’ Bill of Rights: “To protect owners of computers, and for other purposes.” [51]

Requires the Federal Trade Commission (FTC) to: (1) establish standards for the provision of technical support for computers and computer-related products by computer hardware and software manufacturers, as well as consultants and resellers that provide technical support (entities); (2) issue guidelines to encourage each such entity to collect and submit to the FTC information on the nature and quality of such technical support; and (3) establish a public registry in which any person or entity that does not seek to receive unsolicited marketing e-mail to a computer may register the e-mail address(es) of such computer for that purpose. Prohibits unsolicited marketing e-mail to registered computers.” [52]

  • S.692 Digital Consumer Right to Know Act of 2003: “To require the Federal Trade Commission to issue rules regarding the disclosure of technological measures that restrict consumer flexibility to use and manipulate digital information and entertainment content.” [53] This bill:

Directs the Federal Trade Commission (FTC) to issue rules to implement requirements that a producer or distributor of copyrighted digital content disclose the nature of restrictions that limit the practical ability of the content purchaser to play, copy, transmit, or transfer such content on, to, or between devices commonly used with respect to that type of content. Requires such disclosure in the case of limitations on: (1) the recording for later viewing or listening of certain audio or video programming; (2) the reasonable and noncommercial use of legally acquired audio or video content; (3) making backup copies of legally acquired content subject to accidental damage, erasure, or destruction; (4) using limited excerpts of legally acquired content; and (5) engaging in the secondhand transfer or sale of legally acquired content. Provides disclosure exceptions. Requires the FTC to annually review the effectiveness of such rules. Expresses the sense of Congress that: (1) competition among distribution outlets and methods generally benefits consumers; and (2) copyright holders selling digital content in electronic form for distribution over the Internet should offer to license such content to multiple unaffiliated distributors.” [54]

Many of these bills are currently wending their way through the House and Senate, and hopefully most will be ratified. This would be a boon for American consumers and go a long way toward bringing balance back to the application of Copyright Law.

Preventing the Loss of Privacy and Anonymity

Several methods exist to reduce the privacy loss facilitated by automated methods of search and discovery. Each of the following techniques exhibits both strengths and weaknesses against certain types of surveillance and monitoring techniques:

1. Conversion of text file lists into graphic images to bypass automated filename detection: The automated scanning of P2P networks can be reduced or even eliminated by conversion of available file lists into graphic images instead of plain text. This simple action would greatly increase the amount of human interaction required to visually confirm downloads. This might mean that existing P2P software or even the underlying network protocols will need to have major reworking in order to maintain ease of use for customers. Instead of connecting to a potential download client and receiving a plain text list of files in their shared folders, the P2P software will need to display a graphic image of the user’s available files. Compiler libraries exist to facilitate the creation of .GIF images in real time (that image format is now royalty free since June 20, 2003 [28]). This will prevent bots from scanning for potentially-infringing multimedia files on P2P networks, forcing humans to perform the search instead. This technique will not stop unwanted file list perusal or P2P network privacy incursions but it will certainly slow them down.

2. P2P file lists employing anti-bot images requiring manual user interaction to download: This technique is already in use today by web-based email providers like Hotmail and Yahoo! mail, which require a person to type in the value displayed by a random graphic image. This prevents any automated method of bulk account creation, which was frequently used by spammers. This would be a relatively easy function to implement in P2P client software, perhaps even being a server-side only component.

3. Randomize file and subdirectory names via script: For files sitting on a web or FTP server, web spiders for any search engine may access directories and their contents, adding them to a central database for public use. By randomizing the directory names as well as individual file names this risk is lessened but not entirely prevented. A simple Perl script can not only rename files and directories, but can also simultaneously update the web page or FTP links pointing to the files. If a search engine manages to spider one set of links, they will only remain valid until the next cycle of renaming occurs. Scheduling this renaming procedure at a high granularity will mitigate discovery.

4. Tarpits for bots: This technique is easily used against web-based bots and to a certain extent FTP-based bots. It could also be used against P2P-based bots on any of the current P2P networks, however this particular case would require some custom programming to implement (this case is covered later.) The basic idea behind a tarpit is to create a bunch of seemingly-real file links, either on a web page or in an FTP directory. When the bot follows this link, it merely leads to another web page or directory with another set of seemingly-real links. Each link can easily be randomly created by using a small database of common file names. This process continues ad nauseum. Intelligent bots would perform a breadth-first search, limiting their search depth to a small value such as five in order to prevent being "trapped" by this technique. However, this idea would still be valid; the file sharer would simply place the "real" files on the server at a level just below this artificial search limit, ensuring that the HTTP_REFERER environment variable points to the final fake directory that was generated in the current session. For a P2P network honeypot, the search results returned by the P2P client software would need to be modified to point to a fake set of filenames which in turn point to another set of fake filenames, etc. By forcing the P2P client user to enter a one-time password embedded in a graphic image at program startup, the network could determine if this was an automated bot or a real human and thus control the link types presented to the client. It is important to note that this honeypot technique is only valid against automated methods of file scanning, however there are so many file sharing locations on the Internet that everyone becomes anonymous simply by sheer numbers.

5. Use of Wi-Fi hotspots for anonymous connections: By using free wireless network connections for P2P file sharing the user is completely anonymous and thus immune to potential liability for alleged illegal activities. Such so-called "hotspots" are located all over: Manhattan's Union Square Park [29] in New York is a prime example of such a location. Funded by several large public and non-profit organizations, this location allows anyone to simply connect with a wireless-enabled laptop or PDA (802.11b) and use the Internet by entering the network ESSID and using DHCP for receiving an IP Address. These areas do not use WEP or any other form of encrypted communications because that reduces the usefulness of free and open connectivity for the public. Many fast-food chains like Taco Time and Arby’s as well as coffee houses such as StarBuck’s also offer free wireless connectivity to the Internet. While a wireless Internet connection somewhat reduces the usefulness of large file uploading activities due to the limited bandwidth available, generally about four or five Mbps, the user can certainly download as much as they want in a single sitting with no fear of being tracked.

6. P2P file sharing software using encrypted communication protocols: Two different directions can be taken with this technique: using existing protocols, or rolling your own. The benefit of using your own protocol is having complete control over every aspect of the data packets. This generally results in a much faster and secure transfer capability over existing protocols, yet requires extensive knowledge of low-level protocol programming. The benefit of using existing protocols such as SSL over HTTPS and SFTP is that these protocols usually bypass ISP and corporate firewalls. Palestine-based EarthStationV is one P2P program that uses existing secure protocols to not only connect to their secure P2P network anonymously, but also allow you to run a secure web server and private network from your own computer [30].

7. P2P2P proxies: This is similar in concept to anonymous email “remailer chaining” where all identifying header information is stripped from the message and forwarded to another remailer, until eventually being delivered to the recipient. In this case, the data stream for a downloaded file is split and sent to a random P2P client that forwards this portion of the download to another random P2P client, until eventually every packet reaches its destination. Each P2P client will not be downloading a complete file but only parts of it, and no one knows which client is requesting the file. This might affect certain legalities of copyright infringement because no single person ever downloads a complete file. AT&T built a free anonymous web browsing proxy in 1997 called “Crowds” based on this idea (now defunct), and the U.S. Navy built an anonymizing network service called “The Onion Routing Project” [31] also based on this principle. It ran for many years before finally being shut down on January 28, 2000 at the end of its proof-of-concept phase:

The Onion Routing [OR] research project is building an Internet-based system that strongly resists traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routers themselves). It prevents the transport medium from knowing who is communicating with whom -- the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network. [] Onion routing accomplishes this goal by separating identification from routing. Connections are always anonymous, although communication need not be. Communication may be made anonymous by removing identifying information from the data stream. Onion routing can be used by a variety of unmodified Internet applications by means of proxies (non-invasive procedure) or by modifying the network protocol stack on a machine to be connected to the network (moderate or highly-invasive procedure).” [ibid]

8. Changing MD5 hashes or CRC32 checksums of multimedia files: A person only known by the pseudonym nycfashiongirl who decided to challenge her subpoena in a recent RIAA case prompted an interesting discovery: the RIAA has been maintaining a large database of MP3 file hashes dating back to the days of the original Napster file sharing program. These file checksums are compared against the hashes of recently-downloaded music files to see if they are identical or not. If the checksums match, then this file is indistinguishable from one traded on the original Napster network. An obvious solution to defeating this type of “fingerprinting” is to simply change the file in a method that impacts the checksum but doesn’t affect the quality of the sound. The first thing to be done is either eliminate or rewrite the IDv2 or IDv3 info tag in the music file header, located in a fixed position in the MP3 file. There are mathematical methods to change certain bits throughout the MP3 file that affect the file hash yet have no audible affect during playback. A drawback to this solution is that some P2P networks may use the file checksum to identify a valid MP3 music file, instead of just by title. By changing this checksum these P2P networks will need to find another method for identifying known good files so users don’t waste their time downloading fake or corrupted files.

9. Using darknets: Creating and joining a hidden or “unplugged” network of P2P clients is probably the most private method of performing file sharing. Waste [63], MUTE [64], and FreeNet [65] are some proposed methods for performing this activity. These disconnected networks of peers are not open to the general Internet, and clients cannot connect without knowledge of a secret key or password. Thus these “darknets” are highly resistant to privacy incursions by the RIAA or similar agents. MUTE is one of the newer file sharing clients to appear, and seems to be highly-resistant to traffic tracing and logging. Each MUTE client generates a unique “virtual address” upon startup, and only that random ID is returned per client for all successful search requests. All MUTE traffic is also encrypted, thus rendering moot any packet sniffing attempts. And since each request packet (for searches) is routed through a network of peers only the next neighbor’s IP address could be discovered, which doesn’t matter because all file transfers are performed directly between peers.

Conclusions

The issues surrounding P2P file sharing freedoms and DRM are too complicated to offer a quick and simple solution. As technology becomes more complex and pervasive, it is obvious that copyright and intellectual property protection laws will always play catch-up. While copyright infringement runs rampant over the Internet, there exists a need for a secure DRM technique that also protects an individual’s privacy and allows for unfettered fair use of protected material. It is perhaps more important that a user’s fair-use rights be protected than that of a copyright holder’s control over their material. In this vein, the assumption of guilt for downloading copyrighted material must be changed to a presumption of innocence by the copyright holders such as the RIAA, MPAA, and their ilk. Until existing laws are amended to provide this much needed privacy protection, Internet users will need to protect themselves.

This protection would best be implemented as a series of concentric rings or levels around the user. Moving the privacy protection model from one that is network-based to one client-based might be a step in the right direction. IP-blocking tools like Peer Guardian and properly-tuned personal firewall software can prevent unwanted connections from any block of IP addresses desired. As new addresses to block are discovered they can easily be added to the blocking rules. Moving a level outward, the actual network traffic needs to be encrypted and proxies need to be employed so as to prevent sniffing tactics and name servers from returning useful trace data. Finally, by simply removing themselves directly off the Internet via the use of darknets, P2P users can ensure that the weakest link in their file trading hierarchy is themselves. By allowing only trusted partners into the darknet, they effectively prevent any outside privacy breaches from occurring. With a combination of new technology and new protective laws being ratified, the future of P2P file-sharing remains hopeful.

References

1. Supreme Court Decision: McIntyre v. Ohio Elections Commission (93-986), 514 U.S. 334 (1995).

Available from HTTP://supct.law.cornell.edu/supct/html/93-986.ZO.html (accessed Sept., 2003)

2. Supreme Court Decision: Reno v. ACLU (96-511), 521 U.S. 844 (1997).

Available from HTTP://laws.findlaw.com/us/000/96-511.html (accessed Sept, 2003)

3. 9th U.S. Circuit Court of Appeals Decision: Batzel v. Cremers (01-56380), CV-00-09590-SVW (2003). Available from HTTP://www.ca9.uscourts.gov/ca9/newopinions.nsf/AE0A858C82A2EA8F88256D4E007A736C/$file/0156380.pdf (accessed Sept, 2003)

4. U.S. Copyright Act, Title 17, Chapter 1, Section 107.

Available from HTTP://www4.law.cornell.edu/uscode/17/107.html (accessed Sept, 2003)

5. Leyden, John. “Marker pens, sticky tape crack music CD protection”. The Register, May 14, 2002.

Available from HTTP://www.theregister.co.uk/content/54/25274.html (accessed Sept., 2003)

6. Marcus, Sandra. “Napster and Peer-to-Peer Music Exchange”. December 6, 2001.

Available from HTTP:://web.utk.edu/~smarcus/History.html (accessed Sept., 2003)

7. Harbert, Eric F. “Signed, Sealed, Delivered: You're Mine”. UCLA Journal of Law & Technology Notes 12 (2003).

Available from HTTP://www.lawtechjournal.com/notes/2003/12_030730_Harbert.php (accessed Sept., 2003)

8. Unknown. PDF document: “Adobe and eBooks: Turning a new page in publishing”. September 1999.

Available from HTTP://www.adobe.com/products/acrobat/webbuy/pdfs/eBookWP12.pdf (accessed Sept., 2003)

9. Anonymous. “PDF 1.3 Encryption Explained”.

Available from HTTP://www-2.cs.cmu.edu/~dst/Adobe/Gallery/anon21jul01-pdf-encryption.txt (accessed Sept., 2003). See also Dave Touretzky’s webpage at HTTP://www-2.cs.cmu.edu/~dst/Adobe/Gallery/

10. Public Law 107-204. “Corporate and Criminal Fraud Accountability Act of 2002”. July 30, 2002.

Available from HTTP://thomas.loc.gov/cgi-bin/bdquery/z?d107:HR03763:|TOM:/bss/d107query.html (accessed Oct., 2003)

11. Grand, Rick. PDF document: “To Catch a Cyber Thief”. September 11, 2000.

Available from HTTP://www.cyveillance.com/web/downloads/To%20Catch%20a%20Thief.pdf (accessed Sept., 2003)

12. Beder, Sharon. “SLAPPs--Strategic Lawsuits Against Public Participation: Coming to a Controversy Near You”. Current Affairs Bulletin, vol.72, no. 3, Oct/Nov 1995, pp.22-29.

Available from HTTP://www.uow.edu.au/arts/sts/sbeder/SLAPPS.html (accessed Oct., 2003)

13. “Digital Theft Deterrence and Copyright Damages Improvement Act of 1999”. 106th Congress. June 22, 1999.

Available from HTTP://www.techlawjournal.com/cong106/copyright/s1257is.htm (accessed Oct., 2003)

14. Reply brief of Verizon, “Oral Argument Scheduled for Sept. 16, 2003”, No’s 03-7015, 03-7053 (consolidated appeals).

Available from HTTP://www.eff.org/Cases/RIAA_v_Verizon/20030717_verizon_reply_brief.pdf (accessed Oct., 2003)

15. Zolli, Andrew. “Monsters of Rock”. Wired, issue 11.09. Sept. 2003.

Available from HTTP://www.wired.com/wired/archive/11.09/start.html?pg=12 (accessed Oct., 2003)

16. Cornell University. “Federal Rules of Civil Procedure”.

Available from HTTP://www.law.cornell.edu/rules/frcp/Rule45.htm (accessed Oct., 2003)

17. Federal order granting MIT motion to quash subpoena. August 7, 2003.

Available from HTTP http://merlin.raisethefist.com/riaa/order-080703.pdf (accessed Oct., 2003)

18. FindLaw Legal Dictionary. Search for definition of “tort”.

Available from HTTP://dictionary.lp.findlaw.com/scripts/

results.pl?co=lawcrawler.findlaw.com&topic=71/71cf401e8052ec0c1c26e498c20fb9c3 (accessed Oct., 2003)

19. FindLaw for Business. Search for “trespass to chattels”.

Available from HTTP://sv.biz.findlaw.com/legal/tort3.html (accessed Oct., 2003)

20. Fifth Amendment to the Constitution of the United States of America. The 'Lectric Law Library's Legal Lexicon.

Available from HTTP://www.lectlaw.com/def/f083.htm (accessed Oct., 2003)

21. Katalov, Vladimir. ” Press-release: Advanced Acrobat eBooks are NOT Really Secure”. June 22, 2001.

Available from HTTP://www.planetpdf.com/mainpage.asp?webpageid=2393 (accessed Oct., 2003)

22. RIAA v. Verizon Case Archive.

Available from HTTP://www.eff.org/Cases/RIAA_v_Verizon (accessed Oct., 2003)

23. Associated Press. “RIAA Reveals Method to Madness”. August 28, 2003.

Available from HTTP://www.wired.com/news/digiwood/0,1412,60222,00.html (accessed Oct., 2003)

24. Cornell University. “Berne Convention for the Protection of Literary and Artistic Works (Paris Text 1971)”.

Available from HTTP://www.law.cornell.edu/treaties/berne/overview.html (accessed Nov., 2003)

25. BayTSP (Tracking-Security-Protection).

Available from HTTP://www.baytsp.com/solutions_copyright.html (accessed Nov., 2003)

26. MediaSentry.

Available from HTTP://www.mediasentry.com/about/technology.asp (accessed Nov., 2003)

27. Andrew, Beutler, Markham, et al. “The Copyright Crusade”. Winter/spring 2001.

Available from HTTP://www.ebcenter.org/download/Inf_Viant_CopyrightCrusade_feb02.pdf (accessed Nov., 2003)

28. Sperry Corporation Patent. “LZW Compression and GIF”.

Available from HTTP://www-cse.stanford.edu/classes/cs201/projects-99-00/software-patents/lzw.html (accessed Nov., 2003)

29. Union Square Wireless Map via www.nycwireless.net

Available from HTTP://www.nodedb.com/unitedstates/ny/newyork/view.php?nodeid=805 (accessed Dec., 2003)

30. Earth Station V P2P software.

Available from HTTP://www.earthstation5.com/benefits.html (accessed Dec., 2003)

31. The Onion Router Project web site, Department of Defense, U.S. Navy.

Available HTTP://www.onion-router.net/ (accessed Dec., 2003)

32. PDF document: “U.S. Court of Appeals decision reverses district court decision against Verizon, Dec. 19, 2003

Available from HTTP://pacer.cadc.uscourts.gov/docs/common/opinions/200312/03-7015a.pdf (accessed Dec., 2003)

33. “Author, Consumer, and Computer Owner Protection and Security Act of 2003”. 108th Congress. July 16, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:H.R.2752: (accessed Jan., 2004)

34. Naraine, Ryan. “Michael Jackson Slams ACCOPS Act”. July 21, 2003.

Available from HTTP://www.atnewyork.com/news/print.php/2238141 (accessed Jan., 2004)

35. “Consumer Broadband and Digital Television Promotion Act”. 107th Congress. March 21, 2002.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c107:S.2048: (accessed Jan., 2004)

36. “Piracy Deterrence and Education Act of 2003”. 108th Congress. June 19, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:H.R.2517: (accessed Jan., 2004)

37. PDF document: “Order Granting Defendants Grokster and StreamCast Networks Motions for Summary Judgement”. MGM Studios v. Grokster. Case numbers CV 01-08541-SVW & CV 01-09923-SVW.

Available from HTTP://www.eff.org/IP/P2P/MGM_v_Grokster/030425_order_on_motions.pdf (accessed Jan., 2004)

38. PDF document: “Defendant Grokster’s Memorandum in Support of Motion for Summary Judgement.” MGM Studios v. Grokster. Case number CV 01-08541 SVW. December, 2, 2002.

Available from HTTP://www.eff.org/IP/P2P/MGM_v_Grokster/GROKSTER_MEMORANDUM.pdf (accessed Jan., 2004)

39. PDF document: “Appellee StreamCast Networks, Inc.’s Opening Brief”. Ninth Circuit Court of Appeals. Case numbers CV-01-08541-SVW & CV-01-09923-SVW. September 17, 2003.

Available from HTTP://www.eff.org/IP/P2P/MGM_v_Grokster/20030917_morpheus_appeal_brief.pdf (accessed Jan., 2004)

40. “Protecting Children from Peer-to-Peer Pornography Act of 2003”. 108th Congress. July 24, 2003.

Available from HTTP://www.theorator.com/bills108/hr2885.html (accessed Jan., 2004)

41. “To amend title 17, United States Code, to limit the liability of copyright owners for protecting their works on peer-to-peer networks”. 107th Congress. July 25, 2002.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c107:H.R.5211: (accessed Jan., 2004)

42. PDF document: “Coleman to RIAA Letter”. July 31, 2003.

Available from http://www.senate.gov/~govt-aff/_files/ColemanRIAALetter.pdf (accessed Jan., 2004)

43. PDF document: “RIAA to Coleman Response Letter”. August 14, 2003.

Available from HTTP:://www.senate.gov/~govt-aff/_files/ACF5E9.pdf (accessed Jan., 2004)

44. “Digital Media Consumers' Rights Act of 2003”. 108th Congress. January 7, 2003.

Available from HTTP://www.theorator.com/bills108/hr107.html (accessed Jan., 2004)

45. “Online Privacy Protection Act of 2003”. 108th Congress. January 7, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:H.R.69: (accessed Jan., 2004)

46. “Benefit Authors without Limiting Advancement or Net Consumer Expectations (BALANCE) Act of 2003”. 108th Congress. March 4, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:H.R.1066: (accessed Jan., 2004)

47. Summary of the BALANCE Act of 2003. March 4, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/bdquery/z?d108:HR01066:@@@L&summ2=m& (accessed Jan., 2004)

48. “Global Internet Freedom Act”. 108th Congress. January 7, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:H.R.48: (accessed Jan., 2004)

49. Summary of the Global Internet Freedom Act. January 7, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/bdquery/z?d108:HR00048:@@@D&summ2=m& (accessed Jan., 2004)

50. “Government Network Security Act of 2003”. 108th Congress. September 24, 2003.

Available from HTTPhttp://thomas.loc.gov/cgi-bin/query/z?c108:H.R.3159: (accessed Jan., 2004)

51. “Computer Owners' Bill of Rights”. 108th Congress. March 6, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:S.563: (accessed Jan., 2004)

52. Summary of the Computer Owners’ Bill of Rights. March 6, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/bdquery/z?d108:SN00563:@@@D&summ2=m& (accessed Jan., 2004)

53. “Digital Consumer Right to Know Act of 2003”. 108th Congress. March 24, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:S.692: (accessed Jan., 2004)

54. Summary of the Digital Consumer Right to Know Act of 2003. March 24, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/bdquery/z?d108:SN00692:@@@D&summ2=m& (accessed Jan., 2004)

55. Dennis. “Kazaa changes its End User License Agreement to block RIAA”. October 16, 2003.

Available from HTTP://www.cdfreaks.com/news2.php?ID=8221 (accessed Feb., 2004)

56. raoulduke1. “Kazaa Owner Cleared to Sue Record Labels”. January 23, 2004.

Available from HTTP://www.boycott-riaa.com/article/10031 (accessed Feb., 2004)

63. Software. Waste”.

HTTP://sourceforge.net/projects/waste (accessed Feb., 2004)

64. Software. “MUTE”.

HTTP://mute-net.sourceforge.net/ (accessed Feb., 2004)

65. Software. FreeNet”.

HTTP://freenet.sourceforge.net/index.php (accessed Feb., 2004)

Appendix

List (as of August 2003) of companies providing P2P identification services to the RIAA/MPAA:

  • AntipiratbyrĂ„n
  • AOL/Warner Music Group
  • APG AntiPiratGruppen
  • Audible Magic
  • BayTSP
  • BigChampagne LLC
  • BREIN
  • BSA- Business Software Alliance
  • C&D Cop
  • CRIA- The Canadian Recording Industry Association
  • Cyveillance
  • DoD Network Information Center
  • DoubleClick
  • ESA- Entertainment Software Ass. (formerly IDSA-Interactive Digital Software Ass.)
  • FBI
  • FACT- Federation Against Corporate Theft
  • GAIN / GAIN CME
  • Grayzone
  • IIPA - the International Intellectual Property Alliance
  • International Federation of the Phonographic Industry
  • IO Group dba Titan Media Inc (porn company going after file sharers)
  • IRMA - the International Recording Media Association
  • Landwell (legal arm of pricewaterhousecoopers)
  • Mark Monitor, EMark Monitor
  • Media Defender Inc (disrupts illegal music downloads)
  • Media Force
  • Media Sentry
  • Media Signature
  • MPAA - Motion Picture Association of America
  • Name Protect
  • NetPD
  • New York Software Industry Association
  • Nuke Pirates
  • OverPeer
  • Ranger Online Inc
  • Retspan
  • RIAA - Recording Industry Ass. of America
  • SPA
  • SIIA - Software Information Industry Association
  • Vidius
  • Web Sheriff
  • WIPO - World Intellectual Property Association
  • Xupiter.com