File Sharing Is Not Pollution, And You Don't Need An ISP 'Tax' To Deal With It
from the sorry,-will dept
I like Will Page, the chief economist for PRS for Music (a UK collection society), quite a bit. We’ve had a number of fun conversations about the music industry and music industry economics — some of which we’ve published here. While there are plenty of things I agree with him about, there are still many points on which we disagree. His most recent paper, advocating a mandatory ISP fee for file sharing (pdf) is a point where we completely disagree. Page’s paper is getting some attention, and he presented it at the same event where Peter Jenner just called for a blanket license as well. But I fear that Page’s paper, while it digs into some economic concepts, includes a few mistaken assumptions that drives the entire paper offline (though, in fairness to Page, he clearly states that for you to accept his thesis, you need to accept his assumptions).
The key assumption in the paper is the idea that file sharing creates a “negative spillover.” He’s basically saying that file sharing is pollution — creating a negative impact where the cost is borne by different parties than those responsible for the problem. Such situations are cases where there is a “market failure.” In theory (and there are some important recent challenges to some aspects of this theory), if the costs are not borne by those creating them, then it could create an inefficient outcome, potentially requiring some sort of intervention, either in the form of regulation or voluntary restraint. But, you have to be very careful in what you consider “pollution.” After all, one could argue that the creation of, say, email represented “negative spillovers” for the makers of fax machines. After all, it created a “negative impact” on fax machine makers, borne by a different party than those who created it (internet folks). But, of course, that’s ridiculous. That’s just innovation and competition at work.
And, the claim of “negative spillovers” really doesn’t hold up under scrutiny. Normal pollution generally involves companies doing the polluting and the public bearing the costs, in some manner. But that’s not the situation with file sharing at all. The public isn’t being harmed at all. In fact, they’re better off. And, according to Page’s own research, there’s no evidence that musicians are worse off either. Also, it’s not like the amount of music being created is going down. It’s actually going way up. The only “harm” being done is to a few companies that make up the recording industry. That really doesn’t sound like pollution. It sounds like competition and innovation. We should never mistake a more efficient market for pollution, but I fear that’s what Page is doing here.
Page’s report does suggest one other area where there might be some pollution: in the broadband networks. This is the somewhat ingenious part of the argument. He’s effectively making the argument that the pollution is that more file sharing will clog broadband networks, so it’s actually in the best interests of the ISPs to “tax” the behavior to decrease the clogging. ISPs have long resisted calls for any sort of blanket licensing, but they’ve also talked up supposed claims of “clogged” broadband pipes from too much traffic — usually in attempts to fight calls for net neutrality. So by saying that such a tax would decrease congestion in the networks, Page has sort of caught the ISPs at their own game, and given them a “solution” to the problem. The only issue? The “problem” of network congestion is more or less a myth, used mainly by lobbyists to ward off net neutrality legislation. The broadband providers don’t really have a congestion problem, and a music tax isn’t going to help solve this non-existent problem anyway.
Again, to be fair, Page more or less admits this in a paragraph towards the end:
We want to make it clear that neither of the above-mentioned options could be considered without accepting that some sort of market failure has occurred and that in consequence some form of regulation is required, and that regulation should seek to put incentives and structures in place so that a market-based solution to the value of media on networks can evolve.
But, of course, most people will miss that paragraph and won’t necessarily consider the assumptions being made.
I also think that the paper doesn’t recognize the inefficiencies and economic costs created by blanket licensing/collective licensing regimes (though, to be fair, that wasn’t the focus of the paper at all).
Either way, I chatted briefly with Page while writing this up, and he pointed out that the paper is focused specifically on the realities of the UK market under the Digital Economy Act, and that it shouldn’t be generalized for other markets — which, again, is a fair statement, though I’m not sure it changes any of the economic assumption questions (and, also could make the paper itself obsolete if the DEA is repealed, as some still believe will happen). Either way, we’re going to try to find some time in the near future to have a more thorough discussion/Q&A on the topic and see if we can dig into some of those assumptions.
Filed Under: file sharing, isp tax, pollution, uk
Comments on “File Sharing Is Not Pollution, And You Don't Need An ISP 'Tax' To Deal With It”
welcome to friday, techdirt style. i love the new tricks with the icons too, very much not in keeping with the idea of anonymous posting. thanks mike.
Re: Re:
As someone who regularly agrees with Mike, I have to agree with you on the icon thing. Applying it retroactively was either very very poorly thought out or it was disingenuous. I find it hard to imagine techdirt didn’t think about the potential unintended consequences much before retroactively inserting such unique identifiers. It’s one thing to insert them from this point onwards, but it’s rather mistrustful to insert them retroactively when people had an expectation that such posts will not easily be correlated with other posts.
Re: Re: Re:
Don’t get your panties on a knot. My earlier posts have different icons. I assume they are associated to IP addresses. Just reboot your modem and get a new IP crybaby.
If you are stuck on a fixed IP, then, if you wanted to even
try to remain anonymous, you should probably use some sort of proxy, or use tor.
Even if people bother to make a trace of all of your conversations, you can still avoid accountability by magically disappearing. Since you cannot be identified (you are still anonymous), you can just resurface later with a different IP address and keep causing mayhem.
Re: Re: Re: Re:
I was told by my ISP that my IP address is dynamic and does in fact change every so often (I was told it should change very day actually). Apparently it seems to be static because no matter how far back I’ve gone the icon is the same. So either my IP address is static or its dynamic but just hasn’t changed yet or techdirt is using some static aspect of my hostmask to identify me (which is done regularly on IRC to help enforce long term bans. but since I don’t memorize my IP address I don’t know).
Re: Re: Re:2 Re:
every day *
Re: Re: Re:2 Re:
The icons appear to be the same as the Gravatar icons. If so, they’re related to the E-mail address you use.
Re: Re: Re:3 Re:
An email address is not required to post anonymously.
Re: Re: Re:2 Re:
Your ISP was half right right. Your IP address is always dynamically assigned unless you have purchase a business account, and requested a static IP address. The reason you have not seen a change in your IP address is that on a DHCP IP address you have what is called a lease time. If you open up a command prompt and type ipconfig /all you will get a bunch of info. Scroll down till you see Lease Obtained, and Lease Expired. That will tell you when you got your ISP’s DHCP server handed out your address, and when you should expect to get a new one.
You don’t always get a new one when the lease time expires. If you leave your PC on all the time when the lease time expires, and you’re still connected online the DHCP server will usually hand out the same address.
Re: Re: Re:3 Re:
“open up a command prompt and type ipconfig /all you will get a bunch of info. Scroll down till you see Lease Obtained, and Lease Expired. That will tell you when you got your ISP’s DHCP server handed out your address”
What you are describing sounds like a direct connection to the ISP. This is not recommended. Most home setups these days involves a gateway which is really just a modem, some have a switch other have a router, most all have NAT. Anyways, the point being that your computer connects to the gateway and obtains an IPaddr from the gateway DHCP server, probably in the 192.168.x.x range. The gateway connects to your ISP and obtains a different IPaddr from the ISP DHCP server, this addr is not within the 192.168.x.x range. When you enter the command ipconfig /all at the command prompt on your windows box, the response describes your PC connection to your internal network, not the ISP network. – Unless you are directly connected, which is a very bad idea for many reasons. Hope this helps.
Re: Re: Re:
This has been, by far, our most requested feature: a way to keep AC’s straight (either that or ban all ACs). Multiple people actually suggested using the Gravatars as a “nice feature” for readers here.
Nothing in the way this was done diminishes your anonymity, as multiple people have pointed out. All it does is make it easier for people to keep conversations straight (a constant complaint from users).
Re: Re:
You’re still anonymous. There’s still no reasonable way to figure out who you are. Plus now I can follow conversations much easier. I don’t see what the problem is.
Re: Re: Re:
Exactly. Plus, now there’s some sort of accountability. TAM can’t just pretend he’s not TAM anymore.
(as a side not, look at me! I’m all sparkly!)
Re: Re: Re: Re:
Hey, I’m not sparkly 🙁
Re: Re: Re:2 Re:
Don’t worry. We’re all special AC’s in some way :p
Re: Re: Re:
People that wanted to identify themselves before had a very simple mechanism for doing so, and chose not to. People that still want to remain truly anonymous will find ways to do so no matter what. All this has done is make it harder for these users – these fans – to get what they want.
Too bad that this effort has been wasted in adding anonymity rights management (ARM) to the site, rather than focusing on innovation.
Re: Re: Re: Re:
“People that wanted to identify themselves before had a very simple mechanism for doing so, and chose not to. People that still want to remain truly anonymous will find ways to do so no matter what.”
In that case, what is the problem? Those who still want to be anonymous can be and everyone can follow conversations easier. The fact you post without encryption is far more of an issue for your privacy and anonymity than identicons.
Re: Re: Re:
“You’re still anonymous.”
There are a lot of corporate interests that would go through a LOT of effort and spend lots of resources to figure out who is who. If you are posting under a pseudo-name that you know made you are taking such into consideration before each post to ensure that it is very difficult for anyone to be able to collect enough information to ensure that the collective body of information on you is enough to uniquely identify one person. For instance I may know that Dark Helmet is from Chicago (and there are other things I know about him too) and that alone narrows down who he is a lot. but it’s still not enough to uniquely identify him and he is careful to ensure that he doesn’t present enough techdirt information on himself such that no one else could possibly fit the description. People are mindful of this stuff. While posting I was not mindful because it never even crossed my mind something like this could happen. I’m very upset and I’m about done posting here.
Re: Re: Re: Re:
that you made *
Re: Re: Re: Re:
Unfortunate to spend so much effort to reduce anonymity (and value) from users.
Re: Re: Re: Re:
k, bye!
Re: Re: Re: Re:
Don’t let the door hit you in the ass on the way out.
Re: Re: Re: Re:
You’ll be back…same way I will until TechDirt stops being interesting somehow.
Re: Re: Re:2 Re:
Heh, my icon is different now. I don’t see what all the fuss is about.
Re: Re: Re:3 Re:
“Heh, my icon is different now which is why I don’t see what all the fuss is about.”
There, fixed that for you.
Re: Re: Re:4 Re:
Dude, for someone that wants to remain anonymous, you sure are exposing yourself.
Use tor.
Use a secure proxy.
Use an alias and you won’t even _get_ an image. Change your alias sometimes so people can’t trace you.
You realize that, the more you post, the more you open yourself to a (supposed) attack don’t you? Just keep posting, and maybe some “detective” will find you an attractive target and start tracing you. According to you, that is.
Of course, someone smart could just crack the techdirt servers and access thousands of logs and get __actual__ data on people (IP addresses, emails, …). I think it would be a lot easier than manually compiling the posting history of several users.
(And I just realized that I may owe money or cookies to someone if I keep posting).
Re: Re: Re:5 Re:
By the way, this was the process I used:
Let *IP* be your ip address and *MD5* the hash of the IP address:
/begin python 2.5 code
import md5
#x is md5 hash value of *IP*
x = md5.md5(*IP*).hexdigest()
#Print it. Copy it…
print x
#…or save it to a file:
f=open(“file”,”w+”)
f.write(x)
f.close()
/end python 2.5 code
Then, use this url to generate the image:
http://en.gravatar.com/avatar/*md5*?d=identicon
(replace *MD5* with the hash value).
Re: Re: Re:6 Re:
Shit…this wasn’t meant to be here.
It was meant as an answer to this one:
http://www.techdirt.com/article.php?sid=20100715/01280010225&threaded=true#c746
Many apologies.
Re: Re: Re:5 Re:
“You realize that, the more you post, the more you open yourself to a (supposed) attack don’t you? Just keep posting, and maybe some “detective” will find you an attractive target and start tracing you. According to you, that is.”
No, because I’m not currently posting anything about myself so it won’t make a difference. Just like you currently aren’t.
Re: Re: Re:5 Re:
(though to some degree you are correct because by posting you are giving away the time of day you are posting and when you tend to post which can give away a lot more than you think).
Re: Re: Re:5 Re:
“Use tor.
Use a secure proxy.
Use an alias and you won’t even _get_ an image. Change your alias sometimes so people can’t trace you.”
Brilliant, if only I had done this many months ago.
Re: Re: Re:6 Re:
(I only needed to hire a psychic to tell me that this was going to happen ahead of time, right?)
Re: Re:
Wow. I was just thinking to myself, “this is actually a relatively bland Friday article, there’s no way e.e.trollings can come up with a “it must be friday” remark.”
And yet, you did it. Based on little more than a change of icons, no less.
Cudos, my frienemy. You are truly the envy of trolls everywhere.
Re: Re:
You wish to be able to contradict yourself?
I like it because I can now identify the rest of your posts and skip over them.
Re: Re:
Dear e e trollings (a.k.a. L-CAC):
If you really really wanted to remain anonymous, you would adopt a less distinctive writing and (lack of) punctuation style.
If your point against snowflakes was to allow you to do something where anonymity helps (whistleblowing), I’d have to agree. But your continued stylistic affections seem to contraindicate that.
If the point of your anonymity is to allow you to entertain us with sock-puppetry, I have little sympathy. Go Snowflakes!
if there were to be some form of blanket license then i as a payer of that license would do even more file sahring than i do now (i only ever DL past their lifetime not available to buy stuff). if a license were introduced id be showing my mom how to download, my neighbors, anyone who wanted to know simply because they’ve already paid for it.
Re: Re:
But they would make sure it’s still illegal, despite the fact that you’ve paid for it.
I do not download copyright material without authorization. Why should I be taxed as though I do? This is just another smash and grab as far as I’m concerned, certainly it is no solution.
What if I went back to dialup, would I still have to pay a tax as if I were downloading gigabytes of unauthoried copyright material?
We have nothing but the entertainment industries’ word that a “negative spillover” exists, and quite frankly it’s a massive assumption. To instate a levy (read: a tax) for these industries without a shred of evidence would be totally unfair on the ISPs and ultimately the British public who’ll have to pay for it.
Of course, I’m not saying a few million pounds in lobbying won’t convince our politicians, just like with the Digital Economy Act, but that won’t make it right.
What would the purpose of the levy be? Will they stop harassing UK netizens about copyright if the levy is introduced? Most likely not.
More crucially, if they can’t estimate the size of the “spillover”, or even its polarity, how are they going to decide how much the levy is going to be? Will they pull a number out of their arses like they usually do?
1 trillion quid will do, k tnx bai.
I really don’t think this will work.
Re: Re:
> Will they stop harassing UK netizens about copyright if the levy is introduced?
No — that is the brazen ugliness of it. Give the public absolutely nothing more, just charge extra! Hooray for the record industry!
We have all heard their civilisation-threatening estimations of ‘loss’: well, this is nothing less than a plan to convert that automatically into actual money.
Re: I agree 'it' wont work
Taxes and royalty’s have very opposite intentions and effects.
Royalties exist to reward the unusual; the successful- the competitive.
Tariffs,such as the one Mr Page is advocating, exist to protect uncompetitive industries.
‘it’ used to be called the British disease.
So when i saw the headline, I first thought awesome, if i am going to get taxed I might as well. Then i realized it was only for people who were file sharing. Course if they are going to tax me, doesn’t that make it legal?
Also will my symbol always bee the same?
The absurd? In Italy we have a similar tax (0.50€ for every CD-DVD-HD because there is the possibility that they would be used for storing copyrighted material), but this didn’t change anything: the SIAE continue to harass everyone.
Re: Re:
Does some connection exist between all these “national” bodies? To the uninformed, it would appear that quite a bit of collusion goes on, as the USA, UK, Dutch, Swedish and Italian (at least) versions of the RIAA seem to all have adopted close variants of the “sue everybody” stratigy.
It’s hard for me to believe that at least one national recording industry body wouldn’t do something other than try to maintain an extra-tight grip on popular culture. So, I’d have to say that I suspect that a lot of the “national” bodies of recording lables are actual puppets of the US’ RIAA or some variant.
Pirate Bay banned in Holland
Pirate Bay banned in Holland
http://tinyurl.com/3yx5hbt
Iconic
So that is what the icons are for.
I didn’t notice because every time I post I get a different one.
Isn’t TOR great?
Fooling around
I just want to see the same icon again LoL
The problem with blanket licenses, is those like me who do not download music at all, are forced into paying for a subscription I don’t want and won’t use.
Re: Re:
that and the music companies try to sue you anyway.
Re: Re: Re:
“and the music companies try to sue you anyway.”
No doubt about that.
Letters of accusation will still target dead people, laser printers and those lacking a computer.
Clearly this is a smash and grab rather than a genuine attempt to curtail the activity for which they lament.
negative spillovers?
I am not as up to speed on the UK’s approach to handling the Internet “problem” as I would like to be. From what I have heard, it seems that they have not approached it with the same (relatively) hands-off approach we have had here in the US.
This may be one area where our strict adherence to the free market philosophy here in the US has actually benefited the public. Given that the Internet is a (huge)new marketplace. I am guessing that the powers that be here in the US thought that they could control it just as they have controlled so many other markets. Now they have realized that it is out of their control, and all of these lawsuits and calls for new legislation, regulation and taxes sounds a lot like sour grapes and whining to my ear.
I am not a fan of the term “negative spillovers” as it is applied in this context. Characterizing the advent of a new marketplace as a market failure only makes sense if you already had a good position in the formerly prevailing (traditional) marketplace. Even then, it seems that being open to new possibilities rather than stubbornly clinging to the familiar offers greater opportunities in thee future. From what I understand, the corporate form was constructed with the aim of encouraging greater risk-taking in order to generate greater profits. That a large number of existing established corporations are unwilling to take the risk of venturing into this new marketplace created by the Internet can also be called a “market failure.”
I am not opposed to having the FCC regulate the Internet here in the US. In my opinion, we would be better off having the government install the infrastructure than leaving it to private corporations who really do not care whether or not you have access at all, except that they want to collect your monthly fee.
The ISPs charge what the market will bear and not a penny less. They are corporations looking to make a profit. Not one of the big ISP players cares what you do through their connections unless it interferes with another of their business interests, which it generally does. AT&T did not like Skype because it cut into the market for person to person communications. Comcast would prefer that their customers not stream videos online because it cuts into their Cable TV revenues.
One last thought: Can it be true that the British still think the way to solve a problem caused by a new marketplace is to tax it? That strategy has not worked out so well in the past. Might be time for a new solution?
Quite informative article, thanks for sharing.
I have to say this. Mike Masnick is a bitch who doesnt care about the anonymity of his users. Seriously just fuck him. If you wanted to make it easy for people to know who they are interacting with, make it local to a fucking thread. Dont make it global. And those who are defending Mike, I hope RIAA finds who you are from your history of commenting and then fucks you over by suing you for millions worth. Bruce Ediger, I am looking at you. btw Mike if you think you are hot shit, then fuck you.
Re: Re:
You are seriously retarded. I have posted here for about three month or so. I’ll pay you money (or cookies if you prefer) if you can collect a history of 10 of my posts.
Get this through your thick skull: You are anonymous. I can’t (nor can anyone that posts here) know who you are. If you are seriously concerned with your anonymity, maybe you should have used measures to protect yourself.
In regard to the RIAA:
The RIAA can kiss my shiny a** because:
1- I’m outside of their jurisdiction. They have no power here.
2- They can’t find me unless Mike gives them my IP address linked to my posts. And even then, they would have to sweat to find me. And after all that, they would probably nail the wrong person. Notice that they could already do this (since TechDirt, like any decent operation, logs their traffic).
One last observation: I bet you’ll come back, despite this rant. Your types can’t resist trolling around here.
Re: Re: Re:
“I have posted here for about three month or so.”
That’s the problem, you’re new here.
“I’ll pay you money (or cookies if you prefer) if you can collect a history of 10 of my posts.”
You may have a different ISP setup than others where your IP address/hostmask changes more often than others. Don’t assume your circumstances are the same as others.
“You are anonymous.”
It’s not as difficult as you think for someone with the resources to collect seemingly disparate pieces of information and put it together to find someone. Detectives do it all the time.
Again, you’re new here so the collective body of information that you posted within a single hostmask/IP address maybe limited but don’t assume that of others. Techdirts decision to do what they did was very poorly thought out at best.
Re: Re: Re:
“1- I’m outside of their jurisdiction. They have no power here.”
Perhaps another reason it maybe difficult for you to understand why techdirt made a bad decision.
Re: Re: Re: Re:
(the implication is that all you’re thinking about is yourself)
Re: Re: Re:2 Re:
And you aren’t? Are you that dense?
Re: Re:
Temper, temper, The Anti-Mike. Swearing breaks the facade of well-mannered reasonableness that The Anti-Mike sock-puppet depends on for verasimilitude.
I’ll certainly confirm it with you if the RIAA (or any bar sinister sock-puppets thereof) attempts a reprisal by suing me.
Go Snowflakes! Cover all the trolls!
Re: Re: Re:
Being that he doesn’t seem too fond of the RIAA I doubt he’s TAM.
Re: Re:
Wow, need to up your meds.
Oh yeah, great idea! The public will love it! Let’s see how that would go down:
RECORD INDUSTRY: “We have this excellent new idea, backed by the finest economics: it’s this levy approach . . .”
PUBLIC: “Hmmm, you mean like flat-rate? That has some sense to it — we pay a simple overall amount, but in return everything is free, and can be freely used. It fits internet realities better.”
RECORD INDUSTRY: “Oh no! Nothing is free, you still pay everything you paid before, but now you pay extra!”
PUBLIC: “You are ******* joking?! Right???”
RECORD INDUSTRY: “Sorry, we forgot to tell you the good news part. The good news is: we get to pay ourselves higher salaries!”
Well done record industry!
so then shouldn’t the ISP pay a tax on all the bazillions they generate spamming the net with adverts slowing down my net connection????
Re: Re:
Your ISP spams you with ads?
I suggest that you find a better ISP.
Actually, this is great because Techdirt uses Gravitar to generate the icon. The icon is a MD5 Hash,
a very insecure algorythm. The U. S. Department of Homeland Security said MD5 “should be considered cryptographically broken and unsuitable for further use.
Researcher, M.M.J Stevens wrote about unencrypting MD5s as part of his Master’s Thesis.
http://www.win.tue.nl/hashclash/On%20Collisions%20for%20MD5%20-%20M.M.J.%20Stevens.pdf
Section 7.2 of his research can be adapted fairly quickly to IP addresses.
I would probably stay away from here if Mike’s going to run fast and loose with providing hashes to the general public of your IP address.
Re: Re:
Dear Chicken Little,
Contrary to what you have been told, the sky is not falling.
Actually, this is great because Techdirt uses Gravitar to generate the icon. See:
http://en.gravatar.com/site/implement/hash/
The icon is based on a MD5 Hash, a very insecure algorythm. The U. S. Department of Homeland Security said MD5 “should be considered cryptographically broken and unsuitable for further use.” But har har… it’s acceptable for TechDirt!
Researcher, M.M.J Stevens wrote about unencrypting MD5s as part of his Master’s Thesis.
See:
http://www.win.tue.nl/hashclash/On%20Collisions%20for%20MD5%20-%20M.M.J.%20Stevens.pdf
The Section 7.2 of his research can be adapted fairly quickly to IP addresses or whatever unique ID Mike is using.
I would probably stay away from here if Mike’s going to run fast and loose with providing hashes to the general public of your IP address.
The flaky goodness of outsourced snowflakes in July
Actually, this is great because Techdirt uses an oursourced company, Gravitar to generate the icon.
See:
http://en.gravatar.com/site/implement/hash/
The icon is based on a MD5 Hash, a very insecure algorythm. In fact, the U. S. Department of Homeland Security said MD5 “should be considered cryptographically broken and unsuitable for further use.” If Techdirt is sending your IP address in a MD5 Hash, it can’t be that hard to break.
In fact, researcher M.M.J Stevens wrote about unencrypting MD5s as part of his Master’s Thesis. He said MD5 Hashes can be obtained in about 6-8 seconds if it’s structured data, like a birthdate. See:
http://www.win.tue.nl/hashclash/On%20Collisions%20for%20MD5%20-%20M.M.J.%20Stevens.pdf
The Section 7.2 of his research can be adapted fairly quickly to IP addresses or whatever unique ID Mike is using.
I would probably stay away from here if Mike’s going to run fast and loose with providing hashes to the general public of your IP address.
Re: The flaky goodness of outsourced snowflakes in July
From my understanding, the hash value is used as a seed to generate the image. Now you have two problems:
1- You don’t know the value that is used in the hash calculation. It could be a randomly generated value (only techdirt can help us on this one).
2- You don’t know what algorithm is used to generate the images (only Gravatar can help us with this).
Without knowing any of this, you cannot easily extract any data from the image. You could try to break “some” hash value, but what value? Use the image as a bitmap and map the images “bits” into ASCII characters? It’s a possibility, but given that the image patterns are “nicely behaved” I really doubt that the actual hash value is encoded in the image itself.
I did download a random image file to (try to) analyze it and I noticed that they have (apparently) random names. I certainly hope that the file name has nothing to do with the hash value.
Mike (or anyone at techdirt), in the interest of openness and in the interest of the security of your readers, could you please explain how the images are generated? Is there any kind of information (IP address, for example) encoded in them that could be used to trace us?
Re: Re: The flaky goodness of outsourced snowflakes in July
Are you retarded?
Here test your privacy and see if your IP is all that important.
http://analyze.privacy.net/test.asp?bhjs=0&RequestCookies=&Requestdate=&refer=http://privacy.net/analyze-your-internet-connection/
You want to be anonymous do something dumb ass.
Use a proxy.
If you don’t everybody can collect a lot of information from you and it is all public, what are you waiting for? another Facebook event to realize that you need to take care of your privacy?
Re: Re: Re: The flaky goodness of outsourced snowflakes in July
They can see my browser, operating system, and ISP. What is it I’m supposed to be worried about, exactly? Not trying to be snotty, but really – based on that page, what is the problem you’re pointing out?
Re: Re: Re:2 The flaky goodness of outsourced snowflakes in July
I had NoScript on, and half of the tests failed. The site knows nothing more about me than what I already expected.
In fact, I think we can get all that information without digging in much. I haven’t developed webpages for a while, but I think there were basic ways of knowing the browser, resolution and OS of people that came to a site (not sure if it was done in pure HTML or Javascript). Anyone can do that with minimal effort, so I don’t see what the AC above is so freaked out about.
Re: Re: The flaky goodness of outsourced snowflakes in July
Ok, I tried making an MD5 hash of my IP address and generating an image at Gravatar. It has nothing to do with my current avatar, so that rules out using the IP address directly.
I still hope techdirt can give a proper explanation of the process (if they deem us worthy) and put their anonymous users at ease.
Re: Re: Re: The flaky goodness of outsourced snowflakes in July
Did you try with dots vs without dots? Perhaps with spaces?
Re: Re: The flaky goodness of outsourced snowflakes in July
So the assumption here is that I can trust Gravatar. Who the heck is Gravatar that I should trust them? I thought I could trust techdirt not to give such information about me to third parties?
Re: Re: Re: The flaky goodness of outsourced snowflakes in July
No the assumption here is that you are dumb if you thought you had any privacy without working for it.
Re: Re: Re:2 The flaky goodness of outsourced snowflakes in July
“you are dumb if you thought you had any privacy “
Thank you Capt Obvious.
Not sure what I would do without your astute observations.
Re: Re: Re: The flaky goodness of outsourced snowflakes in July
Yeah, I know.
The name Gravatar comes from the post above. I was just pointing out that our entire security model relies on those two points: The string that is used to generate the hash value and the algorithm used to generate the image.
In answer to your other question ( http://www.techdirt.com/article.php?sid=20100715/01280010225&threaded=true#c788 ), I didn’t really try that. We would just be guessing anyway. There are millions of possibilities. Also note the the addresses could have been normalized (ie, 12.12.12.12 to 012.012.012.012, for example).
I (you?) “could” write a script to try all those possibilities. But that would be like a brute force attack, and a waste of our time.
Re: Re: Re:2 The flaky goodness of outsourced snowflakes in July
No… because if I know my IP address and I tried all those possibilities on my IP address how many practical renditions of my IP address could there be? Once I find how my IP address was rendered in the hash then I just follow that same rendition pattern upon trying to crack other peoples addresses if I assume that the IP address of others were rendered the same way.
To say that it’s similar to a brute force is not the same, if you know a lot about a key (ie: my IP address) and what you don’t know is only a very small aspect of the key then you are effectively only trying to crack the aspect of the key you don’t know. A brute force means you know nothing about what you are trying to crack and are trying to find it by trying everything. If you know something about what you are trying to crack it’s not a brute force.
Re: Re: Re:3 The flaky goodness of outsourced snowflakes in July
Once I find how my IP address was rendered in the hash then I just follow that same rendition pattern upon trying to crack other peoples addresses if I assume that the IP address of others were rendered the same way.
That may or may not be an accurate assumption. They could generate a random character string to hash along with your IP address (called “salt”). Each IP would have its salt stored (in a secure location of course) with it, and that would really throw a wrench into the kind of attack you mention. I’m not saying that’s what they’ve done, but it’s possible.
Re: The flaky goodness of outsourced snowflakes in July
Let me guess you are using MEOW MEOW?
http://online.wsj.com/article/SB10001424052748704799604575357073796077564.html
The war on drugs may affect the big pharma industry after all, with drug cartels getting the ability to produce chemicals they can find themselves battling a well funded, resilient group of people that don’t fallow laws anyways LoL
That could be the worst nightmare for pharma people, instead of doing drugs, drug dealers will be inundating the market with cheap drugs for ill people. They would buy in droves.
The flaky goodness of outsourced snowflakes in July
Also, I think this is quite ironic:
http://is.gd/dwlfX
Re: The flaky goodness of outsourced snowflakes in July
Lol show the rest of the post and I might believe you. It is obviously faked. The rest of Mike’s post and even the time stamp has been left out of the first image. And, anyone can fake an html page. You will have to do a little better.
Re: Re: The flaky goodness of outsourced snowflakes in July
Oh, relax.
That image obviously has no more accuracy than an icanhascheesburger motivational does. Less, in fact, since it’s not funny.
if you want my ip address come ask
oh and you mean the same md5 hash used by private torrent webites and torrent creation progs….
Re: if you want my ip address come ask
I hope he salted the hashsum. For those (like myself) who use IRC it would be easy for anyone to take the hashsum of my IP address and find which posts on techdirt are mine. and what is the hashsum of, the hostmask or the IP address?
If it’s the IP address it’s a 32 bit IP address, do you know how easy it is to brute force that? Especially after removing the combinations that are not included on the Internet (ie: ones that start with 192, 172, 10).
I really hope techdirt didn’t put so little thought into this as to put an unsalted hash of our IP addresses on here.
Re: Re: if you want my ip address come ask
(and, it goes without saying, the IP address immediately gives away approximately where we live to anyone who looks it up).
Re: Re: Re: if you want my ip address come ask
http://www.torproject.org/
Retarded person use a proxy.
Re: Re: Re:2 if you want my ip address come ask
Easy to say that in retrospect isn’t it?
Re: Re: Re:3 if you want my ip address come ask
Yeah! after the “Patriotic Act”, After “Facebook”, after “Google(many blunders)”, after a lot of judgments unmasking people, after a tone of lawsuits only the dumb still don’t do something about protecting their privacy.
Re: Re: Re:4 if you want my ip address come ask
That’s Patriot Act, not Patriotic Act. Gods, if you’re going to rail against something at least use the proper name.
Re: Re: Re:5 if you want my ip address come ask
Actually it’s USA PATRIOT Act. If you’re going to rail against something… 😉 Don’t mind me, just being a pedant.
Re: Re: Re: if you want my ip address come ask
actually it only gives away where the ip was registered last. I have had my location bounce 1500 miles from my current location.
Now the mac address of your modem is unique. So that would be a much easier way to track you as your MAC is always the same.
Re: Re: Re:2 if you want my ip address come ask
MAC addresses also have a relatively small pool. There are several computers/NICs that have the same MAC address but are nowhere near each other.
Re: Re: Re:2 if you want my ip address come ask
“Now the mac address of your modem is unique. So that would be a much easier way to track you as your MAC is always the same.”
MAC addr is not unique and is easily changed.
In addition, both the MAC and IP adresses are easily spoofed. Using either one as a means of identification is ignoring this fact.
I just wanted to see what my icon was. :O
Re: Re:
and note the URL
http://www.gravatar.com/avatar/7db8151609ab557838b3d26efcd45e97?d=identicon&s=20
7db8151609ab557838b3d26efcd45e97
What does that look like to you?
By the way guys, they’re not directly hashing your IP address. There’s obviously a salt, or even a pass through another encryption hash before running it through md5, which is required to generate the image via the Gravatar website.
Just look up your IP address, run a quick md5 on it, then compare the results with the image icon source on a post of yours.
Still, this does deprive an element of anonymity one would expect when posting anonymously. The fact that all of your posts, not counting dynamic IP changes, proxies, etc, which would of course either change or obfuscate your actual address, can be tracked with a unique post icon is hardly what one would consider true anonymity, or anything close to it.
I don’t think people are getting upset because they think that somehow, now, everyone will know who they are, but now all of their anonymous posts will be linked and identified via this post icon. The whole point of anonymity is not to be able to be identified, at all, in any aspect.
Anonymous posters don’t want to be a unique and beautiful snowflake, they want to be drowned in the sea of general population, and hopefully never found.
As a side opinion, though, this is a pretty cool feature. One that I’m sure could provide useful and interesting when applied in a different manner.
Ironic Alert
It seems that all of the people who are compaining about Techdirt recording their IP addresses, are the same ones who belive that OSP’s should turn over those same IP’s to private entities to fight “piracy.” And that this same data is proof of infringement.
Perhaps this is some sort of “meta-prank” by Mike?
Re: Ironic Alert
I believe no such thing and at least one other person at Jul 17th, 2010 @ 1:14pm seems to believe no such thing either based on his/her apparent dislike for the RIAA. I’m darn near an IP abolishionist though my position constantly changes from wanting the laws substantially diminished to wanting them destroyed altogether.
Re: Re: Ironic Alert
Please stop sniffing catnip!
Yeah I am the one who posted at 1.14 PM. Sorry I lost my temper there, but as I said it’s totally unnecessary to link to a global avatar. Of course now would be a test to see if the avatar is made from some cookies or via IP address, because I reside in a dynamic IP range. People have not considered it might be due to a number stored in my browser’s cookies. Even then Mike to qoute a fav 4chan meme “SON I am DISSAPOINT”. It doesnt matter who I am but rather what I post. Please dont forget that. There is no reason for people to piece together what I posted previously. If I am a faggot, so be it in this thread only. It has no relation to what I post later.
I am once again the one from 1:14PM. Bruce Ediger you must be the biggest troll in the history of Techdirt aren’t you? You have registered a profile and certainly gotten into the ranks of trusted Techdirt readers, arent you, while aiming to troll techdirt readers? If you dont agree with someone they are a troll really? Because if I am a troll then certainly you are the biggest troll possible, I salute you the Master Troll. I would like your advice on how to troll intelligent people from a tech website.
BTW It is confirmed now. Since I am still using the same browser without clearing my cache, the icon corresponds to the IP adresss only. So Mike I hope you urself remember telling to the MPAA that IP address is not enough to identify a person. So please implement your own fucking solution or else I will call you for who you are really i.e a HYPPOCRITE.
Re: Re:
If you’re not a troll, Mr Grumpyflakes, why do you keep threatening (a.k.a. “wishing for”) RIAA and/or MPAA reprisals for people who disagree with you?
I see two different icons, Grouchyflakes. The one for Jul 17th, 2010 @ 1:14pm has quite a different appearance than the one for Jul 18th, 2010 @ 3:29am. So it’s *not* confirmed. Further, my recollection of the 1:14pm Snowflake, viewed on Friday, is different that it’s appearance today. Color was a sort of pea-soup green, now it’s brownish, and much sparser.
So, BTN it is not confirmed now.
Furthermore, Crabbyflakes, I haven’t referred to a non-anonymous-coward as a “troll” at all. On TechDirt, I believe (although I can’t confirm, they are “anonymous” cowards, after all, despite the flakes) I have only told two different on-line identities they’re trolls.
But I will admit to asking some leading questions. The usual complaints about “how will the starving artists get paid!” when price of a copy of music drops to almost zero seem a bit odd when considered in the usual way that Free Market Economics considers this sort of thing. Innovations leading to drops in marginal cost of production are generally applauded as Good For Society. And competition usually drops the price of a good to the marginal cost of production. We, as a society, generally don’t prop up firms that refuse to adapt to a changed market. Heck, we even let American Motors get bought by Chrysler a few years ago, didn’t we?
Call me a troll all you want, but asking questions, even questions that are difficult to answer honestly without resorting to propagandistic usagges, doesn’t really constitut “trolling” in many people’s books.
I see what you did
What is the reason for all of this worry over the icons or snowflakes or whatever you want to call them? I think its weird that you are freaking out about this.
Perhaps one of the multitude of anonymous voices would like to explain why you find the identifying icons so outrageous. Personally, I find them helpful because many comments are posted by anonymous authors, and most of those posts are not titled. The result is a bunch of “Re: Re: Re:” replies to posts written by what appears to be one anonymous author.
Stand by your work.
Without the icons, you all look the same to me.
Re: I see what you did
I don’t have a problem. I find it somewhat useful. And my anonymity is still preserved.
The main concern right (well, from the one person that complained, not counting with tam and his cousin) now seems to be that people can easily go back and make a history of posts you thought would be anonymous and untraceable.
My opinion is that people shouldn’t go around saying things that they might regret in the future. And if they are (for example, whistle-blowing), they should take measures to protect their identity.
“My opinion is that people shouldn’t go around saying things that they might regret in the future. “
Hi I am the 1:14 PM guy and I have only 1 thing to say to this- “think of the children”. Seriously, you are saying that I should not say what I might regret in the future. Fuck You. You should be the new Palin of the Republicans. You are the person who would be supporting the patriot act and carrying of ID for any job whatsoever, and denying food to those who refuse to reveal their identity. I hope you find yourself in Communist China, then you will know the consequences of what you are saying. At this point, the assclown Mike needs to come out and defend himself, or else he is that i.e a HYPPOCRITE!
Re: Re:
Is there a non-communist China?
And the situation in China is completely different. If the case was the same here, you would know your name, age, address, bank account number, size of pants, etc.
Here, all we know is that some blue snowflake hates Palin and republicans. And that some (I’m going to assume) purple snowflake doesn’t know if there is a non-communist China (me).
Re: Re:
Seriously, you are saying that I should not say what I might regret in the future.
That seems pretty basic. If you’re not willing to accept the consquences of your actions, you’d better be darn sure you’ve protected yourself against them. Where “I hope Mike doesn’t change the privacy features in a way I don’t like” doesn’t qualify as darn sure. It just seems really strange that anyone so rabidly concerned about privacy doesn’t already use some kind of anonymous proxy.
So that’s what my icon looks like. Yay green!
Consulting?
Why is everyone arguing? sheesh, it’s a blog….
Thanks for th article mate! Oh wait……haha
Conviction of your words
If you dont have the balls to actually put a name to your comments, why would you expect anyone to read, or take notice of what you say?
Or are you so ashamed of what you are saying, that you dont want to be identified ? And that if someone actually finds out who you really are it will be in some way embarrasing or damaging to you ?
Like for copyright, this is a right Mike has decided you should not have.
You dont have a right to profit from your own invention, and you dont have a right to remain anonymous should you wish too.
So dont come here expecting that you have any rights.
The only right you have is the right to own up to your statements and stand by them, not hide behind an AC.
I guess it depends on if you want to be taken serious or not.
Or if you have enough conviction to put a name to your words.
Re: Conviction of your words
“Like for copyright, this is a right Mike has decided you should not have”
– A bit presumptuous – no ?
“You dont have a right to profit from your own invention”
– I do not recall Mike ever stating this, possibly you could provide a citation. My guess is that you are throwing out wild and baseless accusations because you feel that Mike does not share your views regarding what has become known as intellectual property.
“you dont have a right to remain anonymous “
– Again, I do not see where this comes from. Perhaps you could enlighten everyone how your anon status has been compromised beyond what it was prior to the icon.
“So dont come here expecting that you have any rights.”
– Visitation of this website has not removed any of my rights. WTH are you talking about? If you want to get upset about removal of your rights, I think you are looking in the wrong place.
“The only right you have is the right to own up to your statements and stand by them”
– Now this is just retarded.
“I guess it depends on if you want to be taken serious or not.”
– Can you guess whether I take you serious?
Re: Conviction of your words
Okay, “darryl”, I think your a moron who loves strawmen. Dear God, that was so liberating.
If only people would get this riled up about the actual issues this blog discusses – now wouldn’t that be something. It never ceases to amaze me how some people can pour so much energy into things that are so trivial in the grand scheme of things, rather than directing that energy toward something productive.
Like TAMs mom?
I can’t find any posts on this site from Monday, July 5. What’s up with that?
Re: Re:
Bank holiday. I know, it surprised me, too. No 5am pick-up for a medical appointment because the buses were on holiday schedule.
“Is there a non-communist China?”
China claims to be communist but in reality they are a dictatorship
Many of the registered users of this site dont usually add much to the discussions, mostly it’s the anons who bring much to the discussions. The only think happens if you register with TD is that you guys think that you are somehow more elite or your opinions matter the most. And somehow even though the registered users claim to be more intelligent like the poster above, they always end up feeding the trolls. In short anonymous is the way of life. Though I guess with Mike not responding, he must be the hyppocrite everyone talks about.
Go Ahead... Levy the Tax.
I currently purchase all my music through iTunes (Unless the artist is doing something right (Trent Reznor, Radiohead, etc.). This’ll save me a TON of money in the long run. Hell, I’d be paying for it: why not torrent it? Plus I can throw in my TV shows and movies, because it’d be a blanket media license right? Treat me like a child and I will respond as a child…
Re: Go Ahead... Levy the Tax.
Makes perfect sense to me. If you pay for something, you might as well use it. To hell with iTunes and all that paid streaming nonsense.
Re: Go Ahead... Levy the Tax.
it’d be a blanket media license right?
I’m sure they would forget the part where they extend a license to all the levy payers. The levy would get passed but oops, they can still sue you for downloading.
I don’t see what the big deal about the icons is. I’m guessing none of you have ever posted on a regular internet messageboard before where avatars are a common feature.