Re: [p2pi] Somewhat OT: Anti-piracy strategies and P2P was Re: OT ? : Consultation on legislative options to address illicit P2P file-sharing

Nicholas Weaver wrote:
>
> On Sep 18, 2008, at 6:50 AM, The 8472 wrote:
>
>> Well, from a technical perspective this is trivial, ISPs cannot
>> distinguish illegal from legal content, assuming a minimal amount of
>> encryption/obfuscation. The content industry could only tell the ISP
>> "user XY is doing something illegal, do something about it" and the ISP
>> would have to believe that without being able to verify it. Most
>> regulation proposals we currently see are after-the-fact measures, i.e.
>> disconnecting the user's internet connection after he has been
>> identified and warned about illegal filesharing.
>> Not to mention that some ISPs have an interest in preventing illegal
>> filesharing on their own as they offer VoD, streaming and similar
>> services or are owned by media companies.
>
> Actually, for P2P bulk data (big stuff like movies, rather than small 
> stuff like audio), it is possible for the content provider to say not 
> that "user X is doing something illegal", but that "Users X, Y, Z, A, 
> B, C represents a graph of something illegal, block JUST that 
> communication between these pairs of users".  And for open-world 
> piracy,  this information can be found and verified by crawling the 
> P2P swarm.
>
> The ISP still has to trust that the content provider is telling the 
> truth, but this is far more actionable information and information 
> that can be distributed and acted on in real time to disrupt the 
> pirate flows without significantly impacting other traffic.
that would require the ISP to maintain infrastructure to join swarms. 
not to mention that real-time blocking without verification by an 
independent instance could be seen as a source of potential censorship. 
It has happend before that hosters/ISPs took down content they didn't 
like (such as the worker's union website of their employees) instead of 
illegal content.
>
>> As far as i can see this concerns ALTO in that it should not reveal any
>> information about the user and his sharing behavior as it would be a
>> singinficant dis-incentive for adoption if any data could be used
>> against the users.
>
> The problem is this impacts utility: in order to make a decision you 
> have to know some information about the users, and content IDs that 
> the user is participating in is significantly important.
>
> But as long as any form of content ID represents a random NONCE 
> provided by the P2P coordination mechanism (not a hash, it MUST be a 
> NONCE), an opponent could only use it to tie a user to a piece of 
> content if the opponent is also able to access the swarm coordination 
> mechanism in order to map the meaning of NONCE to content ID.
>
> Thus it would represent an information leak, but it is probably safe 
> to assume that if the adversary has access to the P2P coordination 
> mechanism sufficient to get the NONCE (necessary to tie a user to a 
> piece of content in ALTO), the adversary could also contact the 
> coordination mechanism to get a participant list.
yes, i agree. if the effort necessary to gather information from ALTO is 
equal to the effort to gather information about the swarm without ALTO 
then that's acceptable.
>
>> Another issue is that such schemes might drive
>> illegal filesharing deeper underground, e.g. onto darknets which provide
>> pseudonymity and plausible deniability at the cost of increased
>> bandwidth consumption, another network overlay and data being bounced
>> through random nodes, which is completely the opposite of what we want
>> to achieve.
>
> There are two plausible transitions:  Deniability, and to private 
> (closed-world) piracy.
>
> Deniability on distribution is not necessarily going to fly, because 
> the big strength of BitTorrent is substantial noninfringing uses.  
> Deniability loses much of this benefit: it becomes far easier for 
> content providers to argue that the software itself should be blocked: 
> that using a deniable P2P file sharing tool is nefarious behavior 
> because deniability is not a benefit for LARGE legal content.
i am operating under the assumption that blocking specific applications 
is not an option if the justification is just copyright infrigement, as 
deniable p2p would have other uses too, especially when the 
deniability-layer is decoupled from the filesharing layer. think 
bittorrent over i2p. I mean there even is child porn on freenet but 
freenet is not being blocked just because it contains some illegal 
content and cannot be traced.
>
> The transition to closed-world piracy, however, is actually a win for 
> the content providers.  The goal should not be to block all piracy, 
> but to up the hastle so that casual users aren't tempted to pirate 
> material.  Let the hardcore file sharers exchange information through 
> secret torrents, they'd never be customers anyway.  Rather you want 
> the casual users however to keep buying DVDs or pay for downloads from 
> Amazon/Apple/whoever.
>
>> Experience shows that fighting filesharing only makes filesharing
>> networks more resiliant against attacks.
>
> There are however, limits.  Bulk data P2P is just that, bulk data and 
> P2P, and will always be detectable as such.
>
> And open-world piracy is just that, open-world.  If you relax these 
> constraints (eg, make it closed-world, or eliminate the bulk data by 
> changing it to point-to-point), you can build some real robust 
> defenses against a copyright-enforcing adversary.  But you lose a lot 
> of the utility present in being bulk data, P2P, and open-world.
>
well, the point is enforcement of copyright, not the enforcement of a 
general p2p-blocking. If you draw a line between these then the latter 
is far more complicated with current systems and impossible with darknets.
_______________________________________________
p2pi mailing list
p2pi@ietf.org
https://www.ietf.org/mailman/listinfo/p2pi