Traffic management company Ipoque has just released a whitepaper, detailing pros and cons of different methods of dealing with piracy on P2P networks. Surprisingly, the conclusions in the paper are not straight adverts for their own products and services. We will highlight some of the Good, the Bad, and the Ugly conclusions.
Ipoque describes itself as ‘the leading European provider of deep packet inspection solutions’. Based on this statement, it would be expected that the company would take every opportunity to push their own products as possible solutions. However, in what could be the start of a new trend (but one we won’t hold our breath waiting for from others) a company interested in selling P2P throttling equipment has started to tell the truth about file sharing.
The paper, which claims to “provide an as objective as possible assessment of the countermeasures for P2P” initially left us skeptical. But, with one or two exceptions, it does what it claims to do. Other companies and politicians should take note of this. Below we look at the conclusions of the report – some we were actually moved to applaud, while others were slightly cringe worthy.
“Blocking of IP addresses could be an additional measure in a combination of different measures, but is not the salvation of the problem itself.“
Ipoque comes to the right conclusion here. Indeed, DNS blocking is not very effective. As has been proven by The Pirate Bay in their dispute in Denmark, these methods really don’t work.
“URL filters are widely available. Centrally hosted services such as Piratebay and even BitTorrent trackers could be blocked. An up-to-date list of URLs is a necessary prerequisite to make this measure effective. Unfortunately, it is nearly impossible to keep the URL database current. Affected sites could rapidly change URLs and propagate these changes. Ultimately, this would result in a never-ending cat and mouse game.“
Again the report is spot on. The Internet Watch Foundation in the UK showed that blocklists don’t work well when applied to known sites and content. On a sidenote, file-sharers who use blocklists like PeerGuardian to filter peers of uncertain identity, face the same problem.
“[The injection of counterfeits] have driven file sharers to the BitTorrent network, that is nearly immune against injection of fake files, mainly because content distribution is organized through web based torrent directories such as thepiratebay.org. Conclusion: The injection of counterfeits is no effective countermeasure anymore.”
They are right, it doesn’t. Not on well moderated torrent sites at least.
“Due to its computational complexity, fingerprinting does not work in real-time for high-speed networks. Also, even though ever more file and compression formats are supported, fingerprinting is blind to encrypted archive files (e.g. password-protected ZIP files), and these are becoming more and more popular. Largescale deployment of fingerprinting technology would push the popularity of all kinds of encryption and render the whole technology useless as a countermeasure.”
This ties in with what we said last year about such systems and BitTorrent. These methods are highly ineffective.
“In the past, any DRM mechanism was hacked or otherwise circumvented. This is highly likely to happen to new systems as well.”
DRM doesn’t work, and has not worked. One person breaching it is all it takes, thanks to the Internet. Spore is a great example of how DRM only affects legitimate purchasers, and not the people it attempts to target.
“First, and most importantly, content providers need to provide other high-quality, well priced and easily accessible online content. New business models are inevitable. In the long run, this will make illegitimate sharing of copyright-protected material through the Internet a lot less interesting.”
This is the crux. It’s why rights owners are burying their heads in the sand, in the hope it will go away. It’s not surprising, however, that rights owners do not wish to move to a model that gives a smaller return-per-unit.
“An example is Ipoque’s BitTorrent tracker whitelisting, that allows access to guaranteed legal BitTorrent content, while blocking access to all other P2P content. This approach works because nearly all legal P2P content is distributed over BitTorrent using dedicated and controlled BitTorrent trackers.”
Simply banning a huge number of BitTorrent trackers because they are open to all users doesn’t seem to be a good idea. One of the most eye-opening things about P2P is the sheer wealth of data it gives access to. Some may be in violation of civil or criminal law, but a lot isn’t. The same applications that can be used to share a game, can be used to promote a band, or distribute political protest by groups large and small.
Automatic detection tools
“Such systems can detect infringements nationally and internationally. The location is not important. Especially automatic detection systems work highly efficiently and produce court-proof evidence data. This measure is very difficult to circumvent”
Yes, the only problem is that these tools are not very accurate. They target dead people, printers, those that have never shared, and everyone else falsely accused. Strangely, they point this out themselves 2 paragraphs earlier:
“Active monitoring has garnered a bad reputation because content providers have in the past often tried to criminalize copyright infringers and imposed ridiculous penalties as a deterrent. In addition, there have been flawed lawsuits with verdicts about persons with no Internet access. Careful investigation along with adequate penalties are necessary to improve the reputation of this measure”
“As for any computer system, attacks are possible, and there are commercial providers offering this as a service. An attack on eDonkey, for instance, may have the effect that the downloaded file is larger than the original, and the download never finishes. There are similar attacks for BitTorrent.”
Using exploits in file-sharing networks and clients is of course insane. Moreover, depending on the vulnerabilities exploited, this could be a violation of criminal law. At best, as with the Sony Rootkits, exploiting software systems like this is at least reputation-damaging. Of course, there’s also…
“Encrypted communication and private file sharing networks can only be controlled by criminalistic methods involving a high effort.”
Again we applaud Ipoque for reaching the right conclusion. Not much we can say about this, except it’s the truth, and can’t be repeated often enough.
Is it a paper that is objective? Well, its the most objective one yet, but then that’s not saying much.