July 25, 2003
Once More On Downloading
Now that I seem to have all these tech-savvy people visiting and answering my technical questions, let me put this on the table again: is it possible to track the destination of a file as it is being downloaded on a P2P system? I know the RIAA is suing sharers, but it could it sue downloaders, too? Is that contingent on being involved in the transfer (that is, having the RIAA being the uploader)?
Filed by Derek Slater at 3:22 pm under General news
5 Comments
Hey guy, I guess I’ll answer in the comments so that more tech-savy people can beat me down… the only way (I think) that you can monitor a download like you are saying is to know which pipes the packets (TCP/IP frames) are going through… that’s tough… you could install some software on a machine/router near a particularly heavy sharer… and monitor the IP addresses that downloads were going to… even then, you probably wouldn’t be sure what they were receiving… I think it would be tough.
Actually, now that I think about it… the RIAA itself could set up a “honeypot” and monitor all the Kazaa users who download stuff from the honeypot, then subpoena the PII of certain IP addresses and then get a warrant for a computer search… this seems pretty obfuscated… I guess that’s why it’s so easy to go after sharers… you know what they have and you can get to them. If a downloader quickly moves stuff out of their shared folders, you’d need to hack into their computer (interdiction) or get a warrant for dicovery.
Someone please add to this!!!
Yeah – the way I was thinking about it was: we use encryption on Amazon and such to keep people from viewing transactions, right? Well, that must mean those transactions are viewable if someone has enough info. Wouldn’t a similar idea apply to P2P? Of course, viewing those transactions could still violate some sort of computer crime/fraud law. So, while technically possible, it might not be legally possible for the RIAA to do so.
Cracking SSL encryption (which is what we use when at Amazon or Wells Fargo) is a pain in the ass. You’ve literally got to search key space [1] which takes days. So even lightweight encryption is “a good thing”®. I think a better idea would be a widely distributed p2p proxy server… this would mean that you would appear to be surfing from all over the world in a single session… and it would be really hard to figure out who’s who.
[1] Check out this guys quote:
But let’s say there’s no SSL encryption – how easy is it then?
you’d have to intercept packets coming from a sharer going to a “downloader” (not sitting on a proxy)… that in itself is probably pretty illegal (right? at least without the proper warrant). Then you’d have to determine what was being sent from the sharer to downloader and if this infringes your copyrights.
A far easier way (but more specific) would be to get the address of a sharer (which is being done as we speak by the RIAA) and park close enough to determine if they have a wireless network… if so, then you could sniff the wireless packets (wireless encryption is pretty weak) and tell what’s going in and out of the sharer’s network. Determine what files are being sent, and who to… subpoena the downloader’s IP address (it’s just so easy isn’t it?) and send them a c&d. I don’t want to get too far into territory that is too technical for me… someone else should chime in.