The paper, which claims to “provide an as objective as possible assessment of the countermeasures for P2P” initially left us skeptical. But, with one or two exceptions, it does what it claims to do. Other companies and politicians should take note of this. Below we look at the conclusions of the report – some we were actually moved to applaud, while others were slightly cringe worthy.

The Good

DNS Blocking

“Blocking of IP addresses could be an additional measure in a combination of different measures, but is not the salvation of the problem itself.“

Ipoque comes to the right conclusion here. Indeed, DNS blocking is not very effective. As has been proven by The Pirate Bay in their dispute in Denmark, these methods really don’t work.

URL Filters

“URL filters are widely available. Centrally hosted services such as Piratebay and even BitTorrent trackers could be blocked. An up-to-date list of URLs is a necessary prerequisite to make this measure effective. Unfortunately, it is nearly impossible to keep the URL database current. Affected sites could rapidly change URLs and propagate these changes. Ultimately, this would result in a never-ending cat and mouse game.“

Again the report is spot on. The Internet Watch Foundation in the UK showed that blocklists don’t work well when applied to known sites and content. On a sidenote, file-sharers who use blocklists like PeerGuardian to filter peers of uncertain identity, face the same problem.

Swarm Poisoning

“[The injection of counterfeits] have driven file sharers to the BitTorrent network, that is nearly immune against injection of fake files, mainly because content distribution is organized through web based torrent directories such as thepiratebay.org. Conclusion: The injection of counterfeits is no effective countermeasure anymore.”

They are right, it doesn’t. Not on well moderated torrent sites at least.

Fingerprint systems

“Due to its computational complexity, fingerprinting does not work in real-time for high-speed networks. Also, even though ever more file and compression formats are supported, fingerprinting is blind to encrypted archive files (e.g. password-protected ZIP files), and these are becoming more and more popular. Largescale deployment of fingerprinting technology would push the popularity of all kinds of encryption and render the whole technology useless as a countermeasure.”

This ties in with what we said last year about such systems and BitTorrent. These methods are highly ineffective.

DRM

“In the past, any DRM mechanism was hacked or otherwise circumvented. This is highly likely to happen to new systems as well.”

DRM doesn’t work, and has not worked. One person breaching it is all it takes, thanks to the Internet. Spore is a great example of how DRM only affects legitimate purchasers, and not the people it attempts to target.

The Summary

“First, and most importantly, content providers need to provide other high-quality, well priced and easily accessible online content. New business models are inevitable. In the long run, this will make illegitimate sharing of copyright-protected material through the Internet a lot less interesting.”

This is the crux. It’s why rights owners are burying their heads in the sand, in the hope it will go away. It’s not surprising, however, that rights owners do not wish to move to a model that gives a smaller return-per-unit.

The Bad

URL Whitelisting

“An example is Ipoque’s BitTorrent tracker whitelisting, that allows access to guaranteed legal BitTorrent content, while blocking access to all other P2P content. This approach works because nearly all legal P2P content is distributed over BitTorrent using dedicated and controlled BitTorrent trackers.”

Simply banning a huge number of BitTorrent trackers because they are open to all users doesn’t seem to be a good idea. One of the most eye-opening things about P2P is the sheer wealth of data it gives access to. Some may be in violation of civil or criminal law, but a lot isn’t. The same applications that can be used to share a game, can be used to promote a band, or distribute political protest by groups large and small.

Automatic detection tools

“Such systems can detect infringements nationally and internationally. The location is not important. Especially automatic detection systems work highly efficiently and produce court-proof evidence data. This measure is very difficult to circumvent”

Yes, the only problem is that these tools are not very accurate. They target dead people, printers, those that have never shared, and everyone else falsely accused. Strangely, they point this out themselves 2 paragraphs earlier:

“Active monitoring has garnered a bad reputation because content providers have in the past often tried to criminalize copyright infringers and imposed ridiculous penalties as a deterrent. In addition, there have been flawed lawsuits with verdicts about persons with no Internet access. Careful investigation along with adequate penalties are necessary to improve the reputation of this measure”

The Ugly

Using Exploits

“As for any computer system, attacks are possible, and there are commercial providers offering this as a service. An attack on eDonkey, for instance, may have the effect that the downloaded file is larger than the original, and the download never finishes. There are similar attacks for BitTorrent.”

Using exploits in file-sharing networks and clients is of course insane. Moreover, depending on the vulnerabilities exploited, this could be a violation of criminal law. At best, as with the Sony Rootkits, exploiting software systems like this is at least reputation-damaging. Of course, there’s also…

The Great!

Encrypted communication

“Encrypted communication and private file sharing networks can only be controlled by criminalistic methods involving a high effort.”

Again we applaud Ipoque for reaching the right conclusion. Not much we can say about this, except it’s the truth, and can’t be repeated often enough.

Is it a paper that is objective? Well, its the most objective one yet, but then that’s not saying much.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The Canadian Radio, Television and Telecommunications Commission (CRTC) is currently looking into the traffic management practices of Canadian ISPs, which came to a head as a result of a dispute between CAIP, and its wholesale provider, Bell. The core objectives of the investigation are to examine the Internet traffic management practices being used, and check that they are in accordance with the Telecommunications Act.

The CRTC is looking at the effects of filtering on both regular customers and wholesalers, and the results of the first round of questions are just in. Even though some of the responses are filed in confidence (summarized by Chris Parsons), there is enough information to conclude that all major ISPs slow down customers, with most specifically targeting peer-to-peer traffic.

In their response to the CRTC investigation, Bell, Cogeco, Rogers and Eastlink all admit to slow down P2P traffic, arguing that it negatively affects network performance. Shaw, one of the other big players, admitted that customers are slowed down, but most of its responses were filed in confidence and P2P was not specifically mentioned.

Bell was more open about its practices, and admits using deep packet inspection (DPI) to throttle its individual customers and wholesalers. On Bell Wireline, P2P traffic is slowed down between 4.30 PM and 2 AM. To cope with the increasing bandwidth demands of its customers, they further plan to disconnect heavy users and introduce metered plans where customers pay for the bandwidth they use.

Cogeco started to throttle P2P users back in 2001, when they were only using a tiny fraction of what they do now. However, it was seen as necessary because of the increasing load these users put on the network. Like other ISPs, Cogeco considered other options such as metered plans, but these would not solve the network ‘abuse’ by P2P users. Furthermore, the ongoing battle with P2P users who strive to evade their management solutions led the ISP to use deep packet inspection (DPI) as well.

Rogers claims it has to throttle P2P users to prevent their network from becoming “the world’s buffet,” as they like to call it. Not only does this affect their network, their bandwidth bills also increased due to the growing popularity of BitTorrent and other filesharing networks. Similar to Bell and Cogeco, Rogers is also known to use DPI. Upstream P2P traffic is slowed down across their entire network, regardless of congestion,

Shaw filed most of its answers in confidence, but provided a rather paradoxical statement which clearly shows that they slow down upstream traffic. “The traffic management technologies have reduced the rate of upstream consumption to a more manageable rate,” they write, claiming that this allows their customers to reach their full contract speeds. Similar to the other ISPs Shaw is predicting that bandwidth usage will grow, and that traffic shaping is essential to manage their network.

In summary, we can conclude that there is no such thing as net neutrality in Canada. All of the larger ISPs slow down their customers, with most of them specifically targeting P2P traffic through deep packet inspection. Because of this, P2P users can’t enjoy the speeds they were promised, and several legitimate businesses whose income depends on delivering content through BitTorrent or other filesharing networks are unable to compete with those who don’t. It’s now up to the CRTC to draw the right conclusions.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

One of the new weapons in this conflict, is called ‘Deep Packet Inspection‘ (DPI). An innocuous sounding name for a technology that basically means ‘Internet monitoring’. Deep packet inspection is a technology that some companies are salivating over, including advertisers and entertainment lobby groups like the MPAA. With it, their dreams can come true, some of them anyway.

There are various uses for deep packet inspection, such as its use by intelligence agencies (It’s a wiretap for the Internet) to intercept email and other web traffic, like in Sweden. However, there are two more sinister usages being rolled out that are not so good for the everyday Internet user.

With the ability to see the contents of data packets, it’s no surprise that it’s a prime candidate for traffic shaping and throttling. With ISP’s increasingly overselling their capacity, they are starting to spend money not on infrastructure, but on DPI equipment, to throttle BitTorrent traffic for example. Until recently, the processing power required to inspect data packets has made this prohibitive, as it required massive computers, and significantly slowed down network traffic. Now, though, companies like Procera Networks are selling systems capable of DPI on 40Gbps of traffic, per system. Think Sandvine, without the telltale RST packets.

The MPAA loves the idea of DPI as well. It, like other groups, figure, that if people can see the contents of packets, that it can tell if those packets contain copyrighted data. Of course, they’re oblivious to the idea that their material can be used in a non-infringing way, and staunchly against fair use (and don’t forget, Fair Use Day is only a week or two away). If this becomes a popular view, though, we may see multi-part rar files in torrents growing in popularity again.

The other, arguably more sinister usage of DPI, is the growing interest by advertising companies to use deep packet inspection to observe what Internet users are doing. Watching your browsing activity, you can gain all kinds of insights into the user behind the keyboard. Similar to spyware, but on your line not your system, it’s not a good thing, and impossible to remove. Worse, it may be able to tell who is behind the keyboard at the time, by identifying trends in connection behavior. In the case of a p2p lawsuit, these DPI-based advertising companies may end up being called to testify who their systems believe to be behind the keyboard at the time of the allegations.

With British Telecom in the UK having experimented with DPI based advertising , without telling the subscribers about it , and with Charter in the US looking into trialling it (or as has just been announced – discouraged from it) it is a pressing concern. Fortunately, some people are not exhibiting the apathy mentioned above, and are doing something about it. Alex Hanff (you might remember his tangle with the MPAA) has been studiously working against the likes of Phorm, and indeed, we linked to his dissertation on it last time. He is holding a protest outside British Telecom’s AGM next month, to protest this rape of user’s privacy for commercial gain.

While the protest might be mainly against advertising based systems, it’s a worry for all net users, and needs to be dealt with by something other than apathy. At least one torrent site admin has told me he will be there and I may be there, but the more that attend, the better. So, users of the world, it’s time to start acting for what you believe in, and stop just moaning about it.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.