Unfortunately that totally nulls the usefulness of a p2p network that checks hashes to download from multiple sources. If your hashes don't match, your p2p client won't resume the download. Therefore you're restricted to one single person sharing the file, which is pretty useless. You're less likely to try downloading a file that 1 person shares than a file that 10+ people share, so why share at all. And any "automated" predictable way of touching the hashes to change them would have to be "predicted" by all the other clients on the network to keep in sync, thus removing the purpose of the change. Tough problem. Ian Kayne Technical Specialist - IT Solutions Softlab Ltd - A BMW Company > -----Original Message----- > From: Dom De Vitto [mailto:domat_private] > Sent: 13 July 2002 10:25 > To: jasoncat_private; 'Kayne Ian (Softlab)' > Cc: 'Vuln-Dev' > Subject: RE: [7.8.2002 44916] Notice of Copyright Infringement] > > > Naaa, this won't work. > > Appending a single bit onto the end of the file makes a > different hash. > So if you're scared of the thought police, just echo "crap" >> > whatever.mpg > and you no longer match the hashes. Even better "touch" the timestamp, > and > zip it up. The p2p software could even touch zip timestamps > automatically, > if they are older than (say) a 24 hours, or always... :-) > > The only way to prove you're breaking copyright is to download at > least one frame and (fuzzy) pixel-compare that with every frame, in > every movie > you've got on record, a reasonable match is an copyright infringement. > > Real tricky :-) > > |-----Original Message----- > |From: Jason Coombs [mailto:jasoncat_private] > |Sent: Friday, July 12, 2002 8:50 PM > |To: Kayne Ian (Softlab) > |Cc: Vuln-Dev > |Subject: RE: [7.8.2002 44916] Notice of Copyright Infringement] > | > | > |Aloha, Ian. > | > |See: http://www.wipo.org > | > |The DMCA doesn't apply in the UK, but your government agreed > |to outlaw precisely the same activity using laws of local > |design. I don't know what the law is named in your country, > |but I bet if you look you'll find that it does exist. There > |was a deadline for passage of such legislation in order to > |comply with treaty. > | > |Your point is valid concerning the specific language of the > |threat letter your friend received, but that's little more > |than a typo. > | > |Sincerely, > | > |Jason Coombs > |jasoncat_private > | > |-----Original Message----- > |From: Kayne Ian (Softlab) [mailto:Ian.Kayneat_private] > |Sent: Thursday, July 11, 2002 10:28 PM > |To: Vuln-Dev > |Subject: RE: [7.8.2002 44916] Notice of Copyright Infringement] > | > | > |2 points about this thread. > | > |First, a lot of people have posted responses to the effect of > |"Unless xxx downloads the file that is supposedly breaching > |copyright, they can't tell if you *are* breaching copyright > |or not, thus breaching it themselves". Unfortunately this > |isn't true (at least for EDonkey). EDonkey creates a hash of > |the file on your hd, and compares it with the hashes on > |everyone elses hd. If you're in the middle of downloading the > |file, Edonkey can be sure it's resuming the same file from > |someone else (regardless of filename) by these hashes. > |Therefore to prove copyright infringment, all these companies > |need to do is to confirm your hashes are the same hashes as a > |"real" warezed version of whatever movie. Of course the movie > |house give the company legal permission to download etc the > |file, therefore they are not in contravention of copyright > |law. So all the company does is run a donkeybot or similar, > |scan the network and log all the people who are sharing a > |file with hashes that match a warezed ver of the movie. Until > |it becomes illegal to own a checksum of a file... > | > |As a side note, this hashing works against them too. They may > |have been flooding the p2p networks with "bad" versions of > |movies, but all any sensible person needs to do is to use a > |website (sharereactor.com, for > |example) and use the hash link off there. Providing the > |website is "true" (and there are enough of them), you'll > |always be garanteed to download the file you actually want. > | > |Secondly, companies & "entities" in the USA really need to > |get a damn grip of themselves. A friend of mine received an > |email from a company saying he was breaching the DCMA etc for > |exactly the same reason as Keith Tyler. The problem? He lives > |in the UK, just like me. Sorry to tell you, no matter how > |much you don't want to believe it (and how many times you put > |a Skylarov in > |jail) American law does NOT apply worldwide. > | > |All that said, piracy is of course a crime. Views are my own. > |Standard disclaimer applies etc etc. > | > |Ian Kayne > |Technical Specialist - IT Solutions > |Softlab Ltd - A BMW Company > | > ******************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use of the information contained within this email or attachments is strictly prohibited. Internet communications are not secure and Softlab does not accept any legal responsibility for the content of this message. Any opinions expressed in the email are those of the individual and not necessarily those of the Company. If you have received this email in error, or if you are concerned with the content of this email please notify the IT helpdesk by telephone on +44 (0)121 788 5480. ********************************************************************
This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 09:16:57 PDT