Some 95 percent of all digital music downloads continue to be pirated, according to estimates released today by music industry trade group IFPI. Those numbers don’t translate well for online video, especially as streaming sites like Hulu start to see significant traction, but a quick look at the stats of sites like the Pirate Bay show that unlicensed video downloads are hugely popular as well. So how does the entertainment industry react to these trends? Apparently by curtailing anti-piracy measures.

Sure, trade groups like the IFPI and Hollywood’s MPAA continue to beat the anti-piracy drum. But take a closer look, and you’ll notice that the industry is starting to backtrack on many fronts of the war against piracy. It’s not that they wouldn’t like to continue to pursue pirates, spam P2P networks with fake files and press for copyright filters. It’s just that those things never actually worked that well, and are starting to look like luxury in tough economic times like these.

Both Hollywood and the record companies used to spend millions on polluting P2P networks and slowing down file sharers with corrupted data. However, technical anti-piracy measures like these require lots of servers and bandwidth, and critics have always argued that these technologies don’t really work. That message seems to be resonating with cash-strapped entertainment executives.

MediaDefender, an anti-piracy company specialized on polluting P2P networks that made headlines when its e-mail servers were hacked two years ago, suffered substantial losses in the second half of 2008. Filings from late 2008 show revenue declining almost 50 percent in the third quarter of 2008 compared to the previous year. “The (c)ompany believes that a significant contributing factor for the decrease in revenues in 2008 as compared to 2007 is general cost-cutting measures by companies in light of a weakening economy,” states a filing by MediaDefender parent ArtistDirect.

The weakening economy may also have been the real reason behind the RIAA’s decision to halt its lawsuits against P2P file sharers. Critics have long suspected that the music industry makes a lot of money with its $3,000 out-of-court settlements with file sharers, but most of this money has been going to lawyers and companies gathering evidence about file-sharing networks. Combine that with the growing number court battles and expenses like the $108,000 the industry had to pay to wrongly accused P2P defendant Tanya Andersen, and the lawsuits begin to look like anything but a cash cow.

The record labels are now looking to reduce these costs by getting ISPs to do some of the dirty work. The RIAA has announced that some major ISPs have agreed to warn infringing customers and potentially disconnect repeat infringers, and Hollywood would love to be part of that deal. However, no single ISP has publicly agreed to work with the RIAA; Verizon (s vz), for one, has said it won’t agree to any sanctions against file sharers without court orders.

Of course, this conflict isn’t just about missing court orders. Forwarding tens of thousands of infringement notices to customers, keeping track of their misdeeds and potentially dealing with disconnects costs a lot of money, which is why some ISPs now demand that reimbursements should be part of any cooperation with the entertainment industry. It’s safe to assume that these types of voluntary agreements between ISPs and rights holders will be the next idea to be scrapped in light of the continuing downturn.

For my entire career I’ve designed, developed, maintained and secured commercial software products. So it is definitely not lost on me that the revenue generated by sales of those software products is what pays my bills. If customers don’t pony up then my employers quit paying me. So believe me, I’m certainly not advocating that all software should be free (“as in free beer” to quote Mark Shuttleworth).

But at the same time I’m a software user. I use both open source software (free as in speech because I like to tweak it, and free as in beer because I’m cheap and I like beer) and commercial software that my wife thinks I spend too much money on. And I hate Digital Rights Management (DRM) software. Hate it. It’s inconvenient, intrusive and hey – I paid for the product and I don’t want DRM. For me that is reason enough.
Okay, I think most of us can agree that DRM is annoying and intrusive but how is that a threat to information security? Glad you asked. From a recent article on the Harvard Law Zeroday blog:

EA could help end DRM

The backlash over DRM has finally started to gather serious momentum. Everyday consumers started a campaign to give the highly anticipated game Spore one-star ratings on Amazon. Thousands of Amazon users labeled Spore a poor choice because of the SecuROM DRM system that is forced onto PC users machines that purchase the game. EA has backpedaled a bit and eased the restrictions on the number of installs per machine. They have even made a verbal (but unenforceable) promise to disable the DRM system by patch should they ever end of life the product. But so far EA refuses to give in to consumer demand that they simply get rid of the DRM system. They hold on to the claim that DRM helps reduce piracy. Yet 30 seconds of searching on a popular torrent site shows not only Spore but a cracked copy that totally removes all DRM from the game.
This is possibly the most insulting bit for consumers. People who are pirating the game actually enjoy more freedom in the sense that their system does not have SecuROM permanently installed onto the hard drive. In the recent class action suit the defendants publicly document how the DRM used in Spore remains installed even after the game has been removed from the users computer. SecuROM also operates at “Ring 0″ which is to say the core of the kernel layer which is clever in that it is hard to bypass the program yet dangerous because anything that goes wrong will completely destroy the users session. All of these facts are not made plain to consumers before purchasing the game. Only after they have purchased the game and start installation will they have the chance to read about the DRM system in the EULA. Retailers almost never allow returns on software once opened which leaves consumers who don’t agree with the surprise DRM in a very bad position.

I see, it’s that nasty malware that they foist on users’ machines that is the security threat. Sorry, good guess, but no cigar. That’s nasty for sure, but there is a very real and significant threat that is inherent to all intrusive DRM. To illustrate this I will defer to someone familiar with Electronic Arts (EA) software and who has way more gamer cred than me, my son Nick Webster. He reviewed the article above and responded thusly:

Atari implemented the same sort of system on Alone in the Dark. AITD didn’t get any cracks and remained untorrentable largely due to the suckiness of the game, crackers didn’t waste their time on such a poor excuse for a game.
That MIGHT be why EA is claiming DRM works, cuz no one stole Atari’s AITD. You can clearly see their logic, “They had this really BAD game that no one wants to play, but it had DRM so no one stole it. DRM MUST WORK!!!”. Assuming you haven’t suffered brain damage you can obviously see where their logic is wrong. The REAL solution to keep people from stealing your game WAS hit upon in AITD, though, just make the game BAD and have Yahtzee FLAME it that seems to help.
My general tactic with all of this is to just NOT EVER buy EA games. So far the only game I’ve  seen with any sort of REASONABLE DRM is UT3. They let you install it on as many comps as you want, you just can’t have more than 15 people logged ONLINE with your code at ONCE. Seems fair, right?
Or if you MUST be nasty about your DRM the BEST tactic is the old school one, leave some music on the CD that will be needed to load the game. Then the no-cd-cracks will hinder game play and frustrate the player, as Daemon Tools requires lots of work to get it to actually let you play games OFF the ISO.
Anyway… as a side note I DID go rate spore a 1 on Amazon the current rating for the game is like 1.5 stars… glad to see there are a lot of us out there.

Note: apparently Yahtzee doesn’t like Spore much either – so Nick could be on to something here!

Still not see it? I’m not surprised. It’s because Nick and the Zeroday author were both vague yet obvious in suggesting how to deal with intrusive DRM: They don’t – they torrent a cracked version of the software. This is where the very real and present security threat lies. Not only are warez sites notorious for purveying malware, but there are companies like MediaDefender that actually inject “spoof files into the [torrent distributors] network without permission … as part of its antipiracy efforts to dilute the pool of pirated content online”. Yikes! In fact this particular “antipiracy” effort caused a serious Denial of Service (DOS) attack on the popular – and completely legitimate – Revision3 network. So what happens when an employee decides to download a Spore crack from a warez site on your corporate network? Or what happens when your kid decides to grab it on your home network (note to self – check those firewall and IDS logs!).

The bottom line is this – at best DRM is ineffective and is counterproductive to the vendors antipiracy efforts. It is ineffective because people who want to steal your software and bypass the DRM can do it quite easily and it is counterproductive to your antipiracy efforts because it’s easier for users to deal with the pirates than it is to deal with the DRM. And what about the real sales lost due to DRM. Not the bogus sales lost to piracy (I posit that people who steal your software would not have paid for it, ergo they cannot be counted as lost sales), but the real sales. Some due in part to the free advertising you get from piracy. That’s right, I can’t count the number of software packages I have purchased after trying a “borrowed” copy. Nowadays I rarely have to resort to anything as nefarious as “borrowing” software since most shareware (I’m partial to small independent software developers) now employ a “try before you buy” model where I can try the full unencumbered program for several weeks before buying it. Just ask my wife how effective this model is – based on my software spending habits. But even though I can easily “borrow” a copy of Spore to try it out before I pony up $50 American, I absolutely will not consider it as long as EA insists on forcing the DRM on me. I may, however, go to Amazon and give Spore a 1-star rating.

But the point of this rant is: When your company implements a strictly self-serving mechanism that not only is ineffective in accomplishing it’s intended purpose, but has the (presumably) unintended consequence of promoting risky and (potentially) illegal behavior that increases the threat exposure on the network, I have a real problem with that. Sure we can disallow all P2P activity on our business networks – but what about users who need access to legitimate groups that rely on torrents to distribute their software like the Fedora project? Or we can teach our children that stealing software is wrong and they should always pay for it – but what about software that forcibly installs malware like EA’s SecuROM? I think the better lesson is “vote with your wallet” – don’t buy bad stuff that you don’t want – especially if it’s bundled with something you do want.

So how about it, EA? Why not do everyone a service and just say “no!” to stupid ideas like DRM. You won’t have to pay for it, and we won’t have to put up with it. Sounds like a win-win to me. And maybe I’ll consider buying your software instead of flaming you. Hey fifty bucks is fifty bucks. Or do you really need to suck up to Sony that badly. Whoa I better stop here – I feel a great conspiracy theory coming on.

Don’t really know what to make of Mediadefender. The L.A.-based “leading provider of anti-piracy solutions” floods P2P networks with fake files in an attempt to stymie (illegal) movie and music downloads. As reported on arstechnica.com: “Unlike DRM providers that focus on protecting the product, MediaDefender tries to protect the distribution channel—and only for a limited time.”

While I am aware that my Soul Sunday posts encourage file sharing, I like to think that these posts generate interest – and possibly also a few sales. The same goes for music I download; if I like the artist, I’ll buy some of her/his work. More importantly, we live in a hypermediated world where content ownership, authenticity and creativity have become fluid rather than fixed notions (cf. the work of David Weinberger, Mark Deuze and Michael Wesch, to name just a few).

With the recent news of MediaDefender (a pro-active anti-piracy company that’s paid by the RIAA and Software companies to track down pirates, trash P2P networks with fake files and make life hard for people who pirate movies, software and music), attacking Revision3 by DDOS’ng their bittorrent servers that are used for their own use for their own Revision produced media.

Apparently MediaDefenders anti-piracy tatic is to infiltrate bittorrent servers with fake files – any bittorrent website – when their fake files are removed, MediaDefender take this as an attack to remove fake files inorder to keep the non-fake pirated movies, software and music available. So MediaDefender attack Revision3 which is in tow ethically wrong to do and illegal in some cases.

Revision3 seem to have taken the decision to not take legal action against MediaDefender, in which if they did they’ll win because the attack caused the Revision3 server network to collapse and fall over which costed Revision3 to lose about $100,000 in advertising revenue.

I think if MediaDefender continue their pro-attack stance on piracy, any kind of piracy even and complete lack of understanding of how the internet works now, even though they use it effectively enough to attack the copyright holders of the copyright their indirectly paid by to protect the copyright, how effective will MediaDefender be in a few years.

MediaDefender will continue to be on the attack unless they have been stopped, I expect that they will lose ALL support and alienate it self from legitimate Media organisations who embrace newer technologies like P2P & BitTorrent services to distribute themselves and they have to deal with companies like MediaDefender who are constantly paranoid to the point that they cant think about legitimate media ever being distributed via P2P networks because traditionally P2P networks were never used for such a type of use.

MediaDefender will die, not because of the business becoming obsolete by newer anti-piracy technologies but because the Media Industry themselves will pull ALL support for them and the cash flow will die!

Quer uma explicação do que se passou entre a MediaDefender e a Revision3 pela boca dos pessoas certas?

Ouça o último Twit!

O ataque aos servidores de BT da Revision3 mostrou que ninguém está imune à cegueira da industria do entretenimento, e fez-me pensar na seguinte comparação:

Um gajo se for rádio amador, tem que ter licença, as rádios piratas já acabaram há muito tempo, mas na altura ninguém disse que as emissões de rádio eram más.

Por outro lado se uma rádio começar a emitir por exemplo na zona de espectro da aviação civil vai ter sérios problemas com a lei.

Ora com o BT é a mesma coisa. Uma companhia tem uma emissão de TV distribuída por BT e outra tentou através de um DoS destruir o seu serviço.

O BT não é ilegal, lembrem-se políticos e juízes, da próxima vez que uma companhia como a MediaDefender aparecer nas notícias com falinhas mansas.

O BITTORRENT NÃO É ILEGAL

Ok so I apologize for not posting in awhile. Been kind of busy with everything, but here’s the latest episode.

Revision3 gets a denial of service attack, Comcast gets hacked, a lot of people aren’t ready for the digital tv switch, an idiot robs a store with a duct tape mask, thong robbers, and watch for scorpions in your watermelon!

Episode 23

Coleman

I did not notice this piece of news until today, when it showed up on Slashdot. Actually, I am a member of the Revision3 forums and watch some of their shows occasionally, as I followed many of the personalities since the TechTV/G4 days. Up to yesterday I was visiting Tekzilla and did not notice anything until now. The Revision3 website does feel a bit slow-loading today, but this may be due to increased hits brought about by this piece of news. You know what happens when stuff gets on Digg!

Jim Louderback made a blog post telling of the Denial of Service (DoS) attack that crippled their servers over the Memorial Day weekend. It’s a long read, but he goes into a lot of detail and explains technical terms associated with the attack, which makes it very-easily understood. Apparently, the culprit was MediaDefender, who, if you ask me, seemed to have been engaging in some very shady activity for a company that is supposed to be big on anti-piracy.

I will not go into much more detail because the blog post does this better. Check it out for yourself.

Online video studio Revision3 suffered web site outages over the long weekend and extending to Tuesday that it is now blaming on the anti-piracy outfit MediaDefender. Rev3 CEO Jim Louderback posted a long and well-written account of the events on the company blog this morning. Rev3 operates a BitTorrent tracking server to distribute high-quality downloads of its shows. MediaDefender, which distributes spoof files and also promotional content as part of its anti-piracy business, apparently exploited the configuration of that server to supply its own files.

After tracking the attack to MediaDefender, Louderback said he got ahold of the company’s executives, who admitted their involvement. It doesn’t seem that MediaDefender was trying to take Revision3 down, but rather had noticed the vulnerable configuration of the BitTorrent server and were plugging it in the name of anti-piracy (though Rev3’s uses were distinctly non-piratic). When Revision3 noticed someone using the server, they tried to block access, prompting MediaDefender’s apparent response (though they didn’t admit to this) of hitting Rev3’s server with upwards of 8,000 packets a second. That was enough to take down the company’s entire Internet infrastructure, including its corporate email server.

Not everything having to do with BitTorrent is illegal — using it to save on bandwidth costs to distribute your own shows certainly isn’t — but it’s a gray enough area that companies like MediaDefender are able to play a guilty-till-proven-innocent game. Rev3 says it has brought in the FBI to investigate. Louderback didn’t say for sure whether or not he would be taking legal action, but starts to lay out his case in the post, noting that Rev3 “suffered measurable harm” through the lost business and lost holiday weekends of his staff, and adding that denial-of-service attacks are illegal in the U.S.

Disclosure: Revision3 produces The GigaOM Show (which is currently on hiatus).

The torrent client we all know, Oink, has always offered a degree of protection not afforded by most other torrent providers by keeping a tight circle of peers, requiring invitations, proper upload/download ratios equating to allowing 2 downloads to every song you upload.  Because the quality of every download was checked, it kept things like mediadefender out as well as their trackers.  If an invited user abused the system, Oink would not only expel that user, but also the user who invited that person.

Most importantly, Oink was THEsite for prereleased leaked albums, having leaked at least 60 albums prerelease this year alone (I suspect that number to be way low). 

Today, Cleveland police arrested the operator, and the site’s Dutch servers were shut down, with a message that now just reads “For reasons please visit news channels on google or related.“

Oink has millions of peers sharing on the network, and in light of the TorrentSpy decision, users of Oink could be in real trouble.  Oink logs all activity of its users because it needs that information to determine that user’s ratio and their privileges as possibly a power user.  Could they be forced to turn it over?

The story is developing here.
The initial report by BBC was here.

 See a screenshot of the homepage Here (in case it keeps changing).

UPDATE:

BBC has a video of the raid:

Also, the Oink Administrator has been released from custody.

Se avete assistito ad un momentaneo down del tracker BitTorrent di The Pirate Bay in questi giorni, non allarmatevi. Il popolare sito dedicato ai file torrent ha infatti deciso di spostare i propri server in un nuovo datacenter, aumentando sensibilmente la potenza della loro, già notevole, infrastruttura tecnica. Attualmente il loro tracker utilizza 12 server ed altri 4 sono stati aggiunti in questi giorni.

Il nuovo datacenter implementa migliori protezioni contro gli attacchi DDoS (Distributed Denial of Service) e gli spam-nets utilizzati dalle organizzazioni anti-pirateria.

E’ in corso però la progettazione di un nuovo tipo di tracker, capace anche di bloccare e loggare sistemi come MediaDefender, BayTSP, MediaSentry e EZ2net. Il nuovo tracker permetterà una migliore protezione per gli utenti ed una maggiore efficienza che si tradurrà in un maggior numero di peer e in un minore consumo di banda.

Το καλό με την ιστορία της διαρροής των emails της Media Defender, είναι πως πλέον υπάρχει και δεύτερο standard dataset για τη μελέτη της συμπεριφοράς των χρηστών του ηλεκτρονικού ταχυδρομείου.

Το πρώτο είναι το dataset της Enron.

[Technorati on Media Defender]

A  group of guys who call themselves The Pirate Bay – where not only is the clue in the name, but they also kindly have a link to TV Shows, just in case you thought they only hosted non-copyright infringing torrents – are suing some media companies for playing unfair.

You have got to be kidding me???

I’m sorry but I’m with the corporates on this one.

Feigning innocence is one thing.

Feigning outrage is just stupid.

Nachdem diverse Mails von MediaDefender geleakt wurden laufen die Klagen ausnahmsweise einmal in die andere Richtung – die Betreiber vom `Pirate Bay` haben Anzeige gegen MediaDefender und ihre `Auftraggeber` erstattet, da diese ihren Tracker systematisch und auf gewerbsmässiger Ebene attackieren. Es soll laut den Betreibern von DDoS-Angriffen über Exploits ihrer Server bis hin zu Spamming alles vorgekommen sein.

Schön, dass sich endlich jemand gegen die Filesharing-Spammer stellt. Während das BitTorrent-Netz noch halbwegs sauber ist, kann man den Muli vor lauter Fakes mit angeblichen 4000 Quellen nicht mehr vernünftig benutzen…