Author Archives: wunderbarb

Identifying providers and downloader in BitTorrent

Posted on by
1

A team of five INRIA researchers presented an interesting paper at 3rd Usenix workshop on large Scale Exploits and Emergent Threats: Spying the World from your Laptop – Identifying and Profiling Content Providers and Big Downloaders in BitTorrent. The title says everything.

Using a single machine and some “flaws” in BitTorrent protocol, they collected and analyzed 148 million IP addresses involved in more than 2 billion instances of downloads. Then, they tried to identify the content providers and the big downloaders.

For instance, for the content providers (i.e. the person who generated the first torrent of a content), they spied the tracker sites to identify new torrents. If a torrent appeared with only one source address, then it was the address of initial content provider!

With no surprise, they discovered that most of the illegal contents are provided by a limited number of content providers. The distribution shape is very long tail oriented. The top 100 contributors provide about 30% of the contents on BitTorrent! The hosting centers of the initial seeds are mostly in France and Germany but the content providers themselves were from other countries.

Interestingly, they discovered that big downloaders where often hidden behind proxies, Tor or VPN. They also identified some monitoring “sites”.

A nice view of the P2P activity.

YouTube won against Viacom

Posted on by
Reply

I regularly report news on the litigation between Viacom and YouTube. Wednesday, 23rd June was the latest event.
Judge Louis Stanton, in an extensive 30-page report, ruled in favor of Google. Judge Stanton selected a law that protects ISPs from copyright infringements if they quickly banish the infringing pieces of content. For instance, he explained that YouTube removed in one day the 100,000 videos that were cited in a Viacom takedown notice. It took Viacom several months to collect these infringing samples.
The lawsuit highlighted some embarrassing behaviours when analyzing the email exchanges. For instance, two founders of YouTube pleaded the third founder to stop posting infringing content on YouTube (at the birth of YouTube). Some documents showed that Viacom expected to acquire YouTube before Google. And many other stories…

As usual, the two opponents sides are orthogonal. I would suggest reading both point of views. For instance:

Is it the end of the story? No, Viacom goes on appeal.

IEEE P1817: a new DRM standard?

Posted on by
Reply

In February, I reported about a new concept Digital Personal Property. IEEE is launching a project to develop this DRM, so called Consumer-ownable Digital Personal Property. It is P1817.

The main goal is to mimic the features of a physical good. In other words, if you would be able to enforce the uniqueness of the instance of a digital good, then there would be no serious reason to limit drastically. In other words, you would be able to act like with a physical book. You could lend it, or sell it. In economic terminology, the challenge is to turn a digital good into an excludable good. By nature, digiatl goods are non-rival and non-excludable.

The main technical concept is that the piece of content is encrypted and can be distributed freely. But the decryption key will be

moveable but uncopiable

. Actually, the decryption key, so called playkey, will be double, one in a server repository and the other one for the user. To lend a piece of content, Alice will hand herplaykey to Bob… To return the piece of content,Bob will send back her playkey. Meanwhile, Alice should not have anymore her playkey.

I see several issues with this proposal.

  • – There must be only two instances of the playkey (one in a server, and one at the consumer). The technical challenge will be the moveable but uncopiableplaykey. One of our Holy Grails. Some enforcements are foreseen.

    Counterfeit Handling
    The playkey banking system facilitates the identification of counterfeited playkeys.
    Playkey pair synchronization occurs, during which the system checks the validity of the playkeys with the issuer and the registrar. There are at least two approaches to handling counterfeits: (1) The consumerʼs player is notified, after which the user interface always highlights the item as counterfeited, and (2) the consumerʼs playkey vault is directed to
    invalidate the device playkey, notify players of its invalid status, and refuse to provide further services for that playkey. The first approach leaves the counterfeit usable, and depends on the social stigma of owning and using forged goods to discourage its further use and encourage reporting of the forgery to vendors and publishers. The second approach prejudges intent and guarantees that the consumer victim pays the price of
    the illegal activity. Either way, there exists the opportunity for vendors or publishers to offer rewards for information leading to the identification of the counterfeiters.

  • How to handle the multi format issue? Today, many customers complain about non compatible format protected by DRM content. For instance, if you use different resolution or codec. Take as an example a Blu-Ray disc and a SD file for Windows player. This does not nicely map in the physical world. A book has no incompatibility of format with your eyes. If we would like to push the comparison, the challenge would be to be able to provide the same book but with different languages.Currently, the foreseen answer by the industry is the digital rights locker.

Will it succeed? I don’t know. In any case, I will be very interested to study the solution making a digital data structure “moveable but uncopiable”.

SF: The Collapsium

Posted on by
Reply

This book from Wil MacCarthy is in the category of Hard Science Fiction. Hard Science Fiction means that science is at the heart of the story. Without surprise, Wil McCarthy is a high level scientist. It is the CTO of Galileo (the project that should provide a satellite system competing GPS)

The main idea is that in the future it is possible to create cristals of black holes!! One genius will have to fight against a mad genius who misuse this technology.

McCarthy is a good scientist but a poor writer. The story is weak, repetitive. The characters are caricatural…

Don’t read it!  :I-m-Bored:

SMS: Nice piece of social engineering

Posted on by
Reply

This morning, I received on my cellular the following SMS (translated from French):

Info: This caller tried to call you at 09:47 without leaving a message. Unknown Number in your directory > Call the 0899190721 to identify him

Obviously, this number will be surcharged. How many gullible people will fall in this trap?

It is a nice piece of social engineering. The caller has not left a message. You may want to know who called and why he called. They give a solution to answer these questions… Bingo.

The attack would have been even better if you would have had a failed call just before.

The scammers are really very creative!

A database of 44 millions game accounts!

Posted on by
Reply

Symantec has located a database server holding 44 million accounts of online gamers. The information in itself is already interesting. But more interestingly is the companion of the server. The database holds credentials, most probably collected by some malwares. But are these credentials still active? For that purpose, the hackers have created a dedicated Trojan that once installed receives a set of accounts to test. If it succeeds to log on one account, it correspondingly updates the database. Using a Trojan on a botnet has the following advantages:

  • go faster by using many concurrent computers
  • Bypass eventual limitations of failed login using the same IP address

You may say: “Game accounts! Who cares? It is not as if it was something serious such as bank account”. In that case, you’re clearly not a gamer. More seriously, I would suggest that you take a look at the site player auctions. Wov! You’re not dreaming. This is about real money. And not a few cents!

Once more, we see that hackers are more and more money driven, less visible and not looking for fame.

Thanks MM for the pointer.

Societies of authors and rights collectors

Posted on by
Reply

This site lists some of the societies that are in charge to collect the fees for the rights owners in the music industry. I suppose that each country has its own way to collect the fee and the method of calculations. The list seems limited to societies that have a Internet site.

Funnily, some countries, such as France, have more than one!

Interesting pointer if you need such information.