Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Torrent Freak)   Florida judge rules that IP addresses are not equivalent to social security numbers   (torrentfreak.com) divider line 137
    More: Obvious, Internet Provider, IP addresses  
•       •       •

6615 clicks; posted to Main » on 25 Mar 2014 at 1:14 PM (48 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



137 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
ZAZ [TotalFark]
2014-03-25 11:33:49 AM  
The judge dismissed for improper venue, ruling that proving that an act took place in her district does not prove that the act took place in her district.
 
2014-03-25 11:54:30 AM  

ZAZ: The judge dismissed for improper venue, ruling that proving that an act took place in her district does not prove that the act took place in her district.


Geolocation information isn't reliable. Due to the VPN I'm on, the Interwebs think that I'm in Wisconsin, not Boston.

But that said, while this may look like a win for pirates privacy and freedom advocates, it only is in the short term... There are numerous cases coming out this way that are going to lead to one of two things: either ISPs will start including a line in the ToS that you agree that you are responsible for any infringing activity occurring over your connection and waive any arguments that you are not the infringer, or Congress will amend the copyright act to state that an IP address is prima facie evidence of an identity of an infringer, that can be rebutted only by an affidavit identifying the actual infringer. The latter has appeared in red-light camera statutes, where the owner of the car is responsible for the ticket, even if they weren't driving, unless they identify the person who was driving.

Simply put, the copyright lobby is not going to throw their hands up and say "gosh, pirates, you win because of this one legal loophole."
 
2014-03-25 11:59:08 AM  

Theaetetus: ZAZ: The judge dismissed for improper venue, ruling that proving that an act took place in her district does not prove that the act took place in her district.

Geolocation information isn't reliable. Due to the VPN I'm on, the Interwebs think that I'm in Wisconsin, not Boston.

But that said, while this may look like a win for pirates privacy and freedom advocates, it only is in the short term... There are numerous cases coming out this way that are going to lead to one of two things: either ISPs will start including a line in the ToS that you agree that you are responsible for any infringing activity occurring over your connection and waive any arguments that you are not the infringer, or Congress will amend the copyright act to state that an IP address is prima facie evidence of an identity of an infringer, that can be rebutted only by an affidavit identifying the actual infringer. The latter has appeared in red-light camera statutes, where the owner of the car is responsible for the ticket, even if they weren't driving, unless they identify the person who was driving.

Simply put, the copyright lobby is not going to throw their hands up and say "gosh, pirates, you win because of this one legal loophole."


But in the case of the red light camera, that car is most definitely owned by the plate owner and it's quite reasonable to assume that he knows who is driving his car at any given time. It's going to be almost never that someone is randomly driving your car.

An IP address is widely sharable, even inadvertently but often on purpose and for good, legitimate reasons. Such as a Starbucks but also many smaller businesses, hotels, public spaces.
 
2014-03-25 12:02:45 PM  

Barfmaker: But in the case of the red light camera, that car is most definitely owned by the plate owner and it's quite reasonable to assume that he knows who is driving his car at any given time. It's going to be almost never that someone is randomly driving your car.

An IP address is widely sharable, even inadvertently but often on purpose and for good, legitimate reasons. Such as a Starbucks but also many smaller businesses, hotels, public spaces.


But, on the other hand, the IP address is also tied to a particular modem or gateway at a particular time. Such as Starbucks' modem, smaller businesses' modems, hotels' modems, public spaces with free Internet provided by some organizations' modems, etc. There's some one point those communications are going through, and someone with control over that point... hence, equivalent to ownership of the car, even if you rent or loan your car out freely to others.
 
ZAZ [TotalFark]
2014-03-25 12:17:36 PM  
Barfmaker

None of these cases is about whether an IP address is proof beyond a reasonable doubt. At this stage a plaintiff has to show a reasonable suspicion of an act within the jurisdiction of the court. An IP address associated with you has previously been considered reasonable suspicion, except this judge got sick of all the nuisance cases and decided to be different.

First you get the IP address and find out who it belongs to, say the billing customer at a residence or the person who rented a hotel room. That gives you reason to suspect the person is responsible.

With suspicion and an active case you can force the defendant to explain under oath why the apparent connection is not real. All the usual excuses are in play: open wifi, kids with bad friends, never heard of this "internet" thing, etc.

Some of the excuses might even be true. Cases have gone down in flames when the ignorant owner made a persuasive case. There was suspicion in the form of an IP address, but not proof. In those cases the innocent (or even guilty-but-can't-prove-it) defendant wins attorney's fees.

All of the excuses might be false. The innocent music-free hard drive was installed after the case was filed. The tech-ignorant owner not only knew about Kazaa, she had an account. And the kids can deny guilt, and the alibi boyfriend can become a bitter ex, and so on.  And don't go thinking "no jury would convict" when we now know they would.
 
2014-03-25 12:31:07 PM  

Theaetetus: Barfmaker: But in the case of the red light camera, that car is most definitely owned by the plate owner and it's quite reasonable to assume that he knows who is driving his car at any given time. It's going to be almost never that someone is randomly driving your car.

An IP address is widely sharable, even inadvertently but often on purpose and for good, legitimate reasons. Such as a Starbucks but also many smaller businesses, hotels, public spaces.

But, on the other hand, the IP address is also tied to a particular modem or gateway at a particular time. Such as Starbucks' modem, smaller businesses' modems, hotels' modems, public spaces with free Internet provided by some organizations' modems, etc. There's some one point those communications are going through, and someone with control over that point... hence, equivalent to ownership of the car, even if you rent or loan your car out freely to others.


You could certainly track the IP but let's say it's a Starbucks. It's not reasonable or even possible to keep track of everyone who is using it.

All I'm saying is that the metaphor of the red light camera doesn't apply, a car owner reasonably knows who is driving their car, an IP address owner may not.
 
2014-03-25 12:38:27 PM  
Some one hacked my wireless network and downloaded infringing material.

Really.

Honestly.

Prove it didn't happen!

Plus, there is like, 20 people that know my password and use it.
 
2014-03-25 12:40:56 PM  
Barfmaker:You could certainly track the IP but let's say it's a Starbucks. It's not reasonable or even possible to keep track of everyone who is using it.

All I'm saying is that the metaphor of the red light camera doesn't apply, a car owner reasonably knows who is driving their car, an IP address owner may not.


Not at all. Every person who uses the car has to get the keys from you, right? Every person who uses your WiFi network has to get an NATed IP address from your router, right? And they even provide their ID, in the form of a MAC address. And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address - so you know exactly when they started sharing "Sexy Librarians 14".

Do you know their name? Probably not. Can you nonetheless provide identifying information via that MAC address that implicates them, rather than you, as the infringer? Absolutely. And the logs can be very tiny, particularly compared to how cheap storage space is now.

Hence, a person with an open access point should be able to easily rebut any accusation of copyright infringement, if they're not actually the infringer.

Your best counterargument is that the person isn't currently collecting detailed logs. And that's true, and why these cases are getting dismissed, but that's one of the things that will have to change as a result of these court decisions and the likely changes to the law that will result. It will not be a loophole forever.
 
2014-03-25 12:44:14 PM  
In other words,  currently an open access point is like leaving your car on the street, unlocked, with the keys in the ignition. And so if someone borrows it and runs a red light, you have a good argument that it wasn't you and you shouldn't be responsible.

But leaving your car on the street unlocked isn't reasonable, and as a result, many jurisdictions have passed statutes that say you're responsible for anything done with it if you can't prove it wasn't you. It's considered per se negligent.

Similarly, many jurisdictions will pass statutes that say you're responsible for anything traveling through your access point, if you can't prove it wasn't you.
 
2014-03-25 12:46:22 PM  
Also, just to forestall accusations of being a pro-copyright shill, I'm talking about how the law currently operates, and what is likely to happen in the future, particularly if the RIAA/MPAA/copyright lobby keeps paying Congress for changes to the law while the pro-piracy lobby merely gloats about each win. I'm not saying it's a good future outcome.
 
2014-03-25 12:48:24 PM  

Theaetetus: And they even provide their ID, in the form of a MAC address. And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address


MAC addresses can be spoofed.
 
2014-03-25 12:49:53 PM  

Theaetetus: In other words,  currently an open access point is like leaving your car on the street, unlocked, with the keys in the ignition


Except for the fact if someone steals my car, I'm very aware of it.

Few people can detect if their wifi is being hijacked.
 
2014-03-25 12:54:42 PM  

impaler: Theaetetus: And they even provide their ID, in the form of a MAC address. And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address

MAC addresses can be spoofed.


But not with another MAC address on the same network, because then the router will not know where to send them. And if your point, as the owner of the access point, is to show that the infringing packets didn't come from  your computer, then it's irrelevant if they came from a real or spoofed MAC address, as long as it doesn't match yours.

impaler: Except for the fact if someone steals my car, I'm very aware of it.
Few people can detect if their wifi is being hijacked.


Pfff, anyone  can detect if their wifi is being hijacked. Most people don't bother looking or don't know how. Again, that will be something that will change, once the law starts blaming you for anything that happens with your wifi router unless you can prove it wasn't you. Ignorance won't be a defense.

/although, more likely, each access point will come locked down as a default, and only knowledgeable people will be able to open them up... at which point, it'd be tough to claim you know how to disable security while not knowing how to read a log.
 
2014-03-25 01:13:53 PM  
I need the sip.
IP?
IP!
Do not flip.
IP?
IP!

/obscurities?
 
2014-03-25 01:17:33 PM  
How many people actually use a VPN? I've been using one for over a year, and I think it's worth every penny.
 
2014-03-25 01:18:34 PM  
But my computer is broadcasting its IP address!
 
2014-03-25 01:18:35 PM  
Short version: the judge said an IP address isn't enough to justify issuing a subpoena. That's kind of a big deal, because without the subpoena, you can't find out who exactly at an IP is downloading what, and sharing with whom.
 
2014-03-25 01:22:43 PM  
So does this mean that your IP address doesn't prove that you are the one that posted that somebody was a doodie head in a online libel suit?
 
2014-03-25 01:24:54 PM  
Good ruling, since IP addresses for most users of the internet are assigned by their IPS's DHCP server and a lease on the address can last only as long as the user is logged onto the computer.
 
2014-03-25 01:26:25 PM  
obligatory

img.fark.net
 
2014-03-25 01:26:50 PM  
from the EFF:  Malibu Media (porn company that runs X-Art website) files an average of 3 of these cases a DAY (1100 last year).  They usually include a list of movies they believe the person has downloaded, included films Malibu Media DOESN'T own the copyright of, and can't sue over.  It's an obvious scare/embarrassment tactic: pay up or we'll publicly shame you.
 
2014-03-25 01:27:13 PM  
Yup, my VPNs usually have me in IL or IA.
 
2014-03-25 01:27:52 PM  

ecmoRandomNumbers: How many people actually use a VPN? I've been using one for over a year, and I think it's worth every penny.


Not to sidetrack, but do you subscribe to a service or roll your own?
 
2014-03-25 01:28:24 PM  

JackieRabbit: Good ruling, since IP addresses for most users of the internet are assigned by their IPS's DHCP server and a lease on the address can last only as long as the user is logged onto the computer.


So? If you make threatening phone calls from a hotel room phone, it's not reasonable to dismiss a case by saying that you only had the phone number for as long as you were renting the phone. Activity by the next or prior patron is irrelevant, since they're subpoenaing records about an IP address  at a particular time.
 
2014-03-25 01:30:54 PM  

Theaetetus: impaler: Theaetetus: And they even provide their ID, in the form of a MAC address. And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address

MAC addresses can be spoofed.

But not with another MAC address on the same network, because then the router will not know where to send them. And if your point, as the owner of the access point, is to show that the infringing packets didn't come from  your computer, then it's irrelevant if they came from a real or spoofed MAC address, as long as it doesn't match yours.

impaler: Except for the fact if someone steals my car, I'm very aware of it.
Few people can detect if their wifi is being hijacked.

Pfff, anyone  can detect if their wifi is being hijacked. Most people don't bother looking or don't know how. Again, that will be something that will change, once the law starts blaming you for anything that happens with your wifi router unless you can prove it wasn't you. Ignorance won't be a defense.

/although, more likely, each access point will come locked down as a default, and only knowledgeable people will be able to open them up... at which point, it'd be tough to claim you know how to disable security while not knowing how to read a log.


Many people turn their computers off when not in use. Many people have laptops that are frequently taken out of range. And maybe it was viruses. Prove to a jury of random people who would blame a power supply failure on viruses that it wasn't.
 
2014-03-25 01:31:24 PM  
www.macleans.ca
 
2014-03-25 01:32:27 PM  
Just download with uploading chocked to zero (leeching, not seeding - there are plenty of people outside USA that the torrent will always have seeders) and if ever get accused, buy an used DVD and tell them you were protecting your property.

/Do not pirate
//Hate patent trolls.
///Piracy is not a real problem for anyone. Most kids who pirates wouldn't have bought the item anyway (only about 2% would, but even that amount is offset by the free advertisements pirating does.
 
2014-03-25 01:33:47 PM  
All of this neglects air crack. I can secure my hotspot, removing me from negligence, but to any determined individual, its trivial security.

And what kind of person would have reason to crack into my hotspot? People who didn't want to be caught pirating music, movies, etc.

Granted in civil court you need a preponderance of evidence and not reasonable doubt, but a crafty lawyer can shred this pretty easily I bet.
 
2014-03-25 01:34:12 PM  
at any given time, there are between 6 and 25 devices on my networks.
my routers are crappy and don't have logging set up.
some of the people who use my network aren't all that tech savvy and might have a backdoor or proxy running without their knowledge.
 
2014-03-25 01:35:19 PM  

picturescrazy: Theaetetus: impaler: Theaetetus: And they even provide their ID, in the form of a MAC address. And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address

MAC addresses can be spoofed.

But not with another MAC address on the same network, because then the router will not know where to send them. And if your point, as the owner of the access point, is to show that the infringing packets didn't come from  your computer, then it's irrelevant if they came from a real or spoofed MAC address, as long as it doesn't match yours.

impaler: Except for the fact if someone steals my car, I'm very aware of it.
Few people can detect if their wifi is being hijacked.

Pfff, anyone  can detect if their wifi is being hijacked. Most people don't bother looking or don't know how. Again, that will be something that will change, once the law starts blaming you for anything that happens with your wifi router unless you can prove it wasn't you. Ignorance won't be a defense.

/although, more likely, each access point will come locked down as a default, and only knowledgeable people will be able to open them up... at which point, it'd be tough to claim you know how to disable security while not knowing how to read a log.

Many people turn their computers off when not in use. Many people have laptops that are frequently taken out of range.


I'm not sure how that would help. The packets are identified with either your MAC address or someone else's... Are you trying to claim that, while your computer was off or out of range, someone spoofed your particular MAC address and pirated a bunch of stuff, and then quickly disconnected before you powered up again or returned so that you never got an error?
In which case, that's a fine rebuttal for a jury to hear, but either way, you're going to lose attempt to dismiss before trial.

And maybe it was viruses. Prove to a jury of random people who would blame a power supply failure on viruses that it wasn't.

That's going to be even tougher, because now you're admitting that those communications came from your computer, but that it wasn't in your control. And maybe you can prove that, with a log of a hard drive scan showing the virus and an expert report about how that virus is part of a file sharing zombie swarm... but again, you won't be able to simply get a complaint dismissed on those grounds.
 
2014-03-25 01:35:25 PM  

Theaetetus: But not with another MAC address on the same network, because then the router will not know where to send them. And if your point, as the owner of the access point, is to show that the infringing packets didn't come from your computer, then it's irrelevant if they came from a real or spoofed MAC address, as long as it doesn't match yours.


Expect to see MAC address randomizers become popular bundled utilities with bittorrent clients.
 
2014-03-25 01:36:30 PM  

mayIFark: Hate patent trolls


This has nothing to do with patents.
 
2014-03-25 01:37:06 PM  

Theaetetus: But not with another MAC address on the same network, because then the router will not know where to send them.


If MAC address are wifi, that makes little difference. The packets are broadcast to all that hear. UDP is fairly easy to spoof using duplicate MACs. If the primary machine ignores ALL unsolicited traffic, you can even open TCP sockets on second machines with no problem. If the primary machine sends out FINs to all unknown TCP sockets, you just have to wait for someone to shut it down - which is common for people to do with laptops.
 
2014-03-25 01:37:50 PM  

JesseL: Theaetetus: But not with another MAC address on the same network, because then the router will not know where to send them. And if your point, as the owner of the access point, is to show that the infringing packets didn't come from your computer, then it's irrelevant if they came from a real or spoofed MAC address, as long as it doesn't match yours.

Expect to see MAC address randomizers become popular bundled utilities with bittorrent clients.


The access point owner may still be liable, depending on how the amendments to the laws get written. That's why the EFF should be involved in this process.
 
2014-03-25 01:38:00 PM  

JackieRabbit: Good ruling, since IP addresses for most users of the internet are assigned by their IPS's DHCP server and a lease on the address can last only as long as the user is logged onto the computer.


Not true. I don't believe ISP's use DHCP, but even if they do, your computer never logs on to that. It is your modem that does, and that is always on. Even if you turn off your modem, it will take a few days before that IP gets reassigned.
 
2014-03-25 01:38:18 PM  

Theaetetus: Pfff, anyone  can detect if their wifi is being hijacked.


That's an assertion that is not supported by fact. Perhaps you are unaware of the large, the very large percentage of people connecting to the internet daily who have no idea at all how it works? Many of them do not care, nor do they feel the need to know.
And not all of them are stupid or irresponsible. Most people think about their routers when they install them and never again unless a problem occurs. And usually some guy from their ISP does all the work for them, so it's not even an educational experience for most end users.
 
2014-03-25 01:38:34 PM  
Hack faster!
 
2014-03-25 01:40:02 PM  

JohnCarter: obligatory


Also obligatory
i659.photobucket.com
/ it's like "got the original of that? "
 
2014-03-25 01:41:53 PM  

Theaetetus: mayIFark: Hate patent trolls

This has nothing to do with patents.


Copyright trolls, anti-piracy advocates, MPAA/IRAA lobby.
 
2014-03-25 01:41:56 PM  

impaler: Theaetetus: But not with another MAC address on the same network, because then the router will not know where to send them.

If MAC address are wifi, that makes little difference. The packets are broadcast to all that hear. UDP is fairly easy to spoof using duplicate MACs. If the primary machine ignores ALL unsolicited traffic, you can even open TCP sockets on second machines with no problem. If the primary machine sends out FINs to all unknown TCP sockets, you just have to wait for someone to shut it down - which is common for people to do with laptops.


If it only occurs while your computer is off or out of range, then you can probably show it wasn't you. If, on the other hand, you're simply ignoring spoofed communications while your computer is on and in range, then if the law is amended the way I think it's going to be, you're going to have to prove that you're not the one responsible and that there was a ghost on your network.
 
2014-03-25 01:42:24 PM  

Theaetetus: Pfff, anyone  can detect if their wifi is being hijacked. Most people don't bother looking or don't know how.


Anyone can perform open heart surgery. Most people don't know how.
 
ZAZ [TotalFark]
2014-03-25 01:42:24 PM  
picturescrazy

Music industry lawyers have proved cases to juries of random people. In a real case, after it passes the threats and bluster stage, there is more evidence than just a server log with an IP address.
 
2014-03-25 01:45:28 PM  

Theaetetus: If it only occurs while your computer is off or out of range, then you can probably show it wasn't you


I swear your honor, I go to bed at 10pm every night. That 12am download couldn't possibly have been me!
 
2014-03-25 01:45:44 PM  

red5ish: Theaetetus: Pfff, anyone  can detect if their wifi is being hijacked. 

That's an assertion that is not supported by fact. Perhaps you are unaware of the large, the very large percentage of people connecting to the internet daily who have no idea at all how it works? Many of them do not care, nor do they feel the need to know.


This is why you should always read an entire paragraph before leaping to a response. What's the very next sentence? "Most people don't bother looking or don't know how."

The assertion is 100% true: anyone  can detect if their wifi is being hijacked. It's also completely irrelevant, as the paragraph goes on to explain.

If you would like to go back and read the rest of the post, I'm happy to reply to your more substantive arguments, if you have any.
 
2014-03-25 01:45:48 PM  

impaler: Theaetetus: Pfff, anyone  can detect if their wifi is being hijacked. Most people don't bother looking or don't know how.

Anyone can perform open heart surgery. Most people don't know how.


"We noticed in your access logs that you've streamed a great deal of Grey's Anatomy, House, and Scrubs, therefore..."
 
2014-03-25 01:47:14 PM  

Theaetetus: Barfmaker: But in the case of the red light camera, that car is most definitely owned by the plate owner and it's quite reasonable to assume that he knows who is driving his car at any given time. It's going to be almost never that someone is randomly driving your car.

An IP address is widely sharable, even inadvertently but often on purpose and for good, legitimate reasons. Such as a Starbucks but also many smaller businesses, hotels, public spaces.

But, on the other hand, the IP address is also tied to a particular modem or gateway at a particular time. Such as Starbucks' modem, smaller businesses' modems, hotels' modems, public spaces with free Internet provided by some organizations' modems, etc. There's some one point those communications are going through, and someone with control over that point... hence, equivalent to ownership of the car, even if you rent or loan your car out freely to others.


And if I steal your car, go out and run every red light in town, and then politely park it back in your driveway, what then?  Because hopping on someone's secured wifi really isn't that difficult for someone that knows what they're doing.
 
2014-03-25 01:48:31 PM  

impaler: Theaetetus: If it only occurs while your computer is off or out of range, then you can probably show it wasn't you

I swear your honor, I go to bed at 10pm every night. That 12am download couldn't possibly have been me!


"Then we'll let the jury listen to your explanation, and listen to their explanation, and decide which of you is more credible."

Again, none of this says you can't ever win at trial. It's that, if the law changes to presume control over communications via your access point, then you won't be able to simply dismiss a complaint.
It's the exact same thing if your car is found crashed into someone's front yard. They're going to come after you, and while you may be able to say "someone borrowed my car, I was asleep in bed at the time," you won't be able to simply say "you can't prove I was driving so therefore you have no case."
 
2014-03-25 01:48:37 PM  

mayIFark: Not true. I don't believe ISP's use DHCP, but even if they do, your computer never logs on to that. It is your modem that does, and that is always on.


That depends if your modem is performing NAT, or just passes IP traffic through.

All modems I've had don't do NAT, and my Wifi router gets an IP through DHCP. This was true with both Comcast and Time Warner.
 
2014-03-25 01:49:04 PM  

phenn: ecmoRandomNumbers: How many people actually use a VPN? I've been using one for over a year, and I think it's worth every penny.

Not to sidetrack, but do you subscribe to a service or roll your own?


A service. Their software has a built-in kill switch that shuts down all network activity if you, for some reason, lose your connection to the VPN.
 
2014-03-25 01:50:20 PM  

StrangeQ: Theaetetus: Barfmaker: But in the case of the red light camera, that car is most definitely owned by the plate owner and it's quite reasonable to assume that he knows who is driving his car at any given time. It's going to be almost never that someone is randomly driving your car.

An IP address is widely sharable, even inadvertently but often on purpose and for good, legitimate reasons. Such as a Starbucks but also many smaller businesses, hotels, public spaces.

But, on the other hand, the IP address is also tied to a particular modem or gateway at a particular time. Such as Starbucks' modem, smaller businesses' modems, hotels' modems, public spaces with free Internet provided by some organizations' modems, etc. There's some one point those communications are going through, and someone with control over that point... hence, equivalent to ownership of the car, even if you rent or loan your car out freely to others.

And if I steal your car, go out and run every red light in town, and then politely park it back in your driveway, what then?


Do you think you could suggest that as a response to a handful of red light tickets, and that, if they didn't have your face in the picture, you could get every ticket dismissed?

Because hopping on someone's secured wifi really isn't that difficult for someone that knows what they're doing.

Neither is turning on logging.
 
2014-03-25 01:52:22 PM  

impaler: mayIFark: Not true. I don't believe ISP's use DHCP, but even if they do, your computer never logs on to that. It is your modem that does, and that is always on.

That depends if your modem is performing NAT, or just passes IP traffic through.

All modems I've had don't do NAT, and my Wifi router gets an IP through DHCP. This was true with both Comcast and Time Warner.


But his point was that if your Wifi router stays on all the time, then it'll hang on to an IP address for a long time, if the ISP doesn't force renewal.

It's all irrelevant, though - the plaintiffs in these cases go to the ISP and say "who had this IP address at this time" and they point to the subscriber (once ordered, hopefully). No one cares who had it the day before.
 
2014-03-25 01:53:42 PM  

impaler: mayIFark: Not true. I don't believe ISP's use DHCP, but even if they do, your computer never logs on to that. It is your modem that does, and that is always on.

That depends if your modem is performing NAT, or just passes IP traffic through.

All modems I've had don't do NAT, and my Wifi router gets an IP through DHCP. This was true with both Comcast and Time Warner.


Most ISPs use DHCP to deter servers by making running server software more difficult (albeit only slightly in most cases.) Ask for a static IP and they'll generally either refuse, or refer you to their business bundles at a higher price.
 
2014-03-25 01:54:33 PM  
I think the hardest burden o prove is that most people are "intelligent". Once you clear that hurdle, it's uphill from there.
Wasn't there some cases a while back that copyright holders were suing some unfortunate schlubs who shared files that were legally obtained, but had names similar to some shiat they had the rights to? But they still maintained damage jad been done.
Truth be told, Many of the movies out there are not worth watching, just the effluvia of an indusrty bent on perpetuating its perceived relevance.
How many times have you gone to a movie, plonked down moeny for a "feature" that is tasteless at best, and if you want a coincession item, have to pay robbery prices for a pack of Skittles? I know it's how the venue "makes" its money, but damn, a bad business practice is just that.
Why pay exhorbitant fees to see a movie that's a crock?
I'd like to know of a way to hold theatres liable, and providing recompense of at least the ticket price, for a movie you find bad.
If I like a movie, I'll pay to see it on the big screen.But otherwise, I can delete it. 2 hours of my life is not worth wasting to see many of these films.
Good thing I've cracked most neighbors networks around me using Backtrack Linux. And not a single one has MAC filtering on. I keep my access point open, but the Mac filtering gets them. Plus, most people are too "busy" to implement it. Both IPV4 and V6
 
2014-03-25 01:54:45 PM  

Theaetetus: StrangeQ: Theaetetus: Barfmaker: But in the case of the red light camera, that car is most definitely owned by the plate owner and it's quite reasonable to assume that he knows who is driving his car at any given time. It's going to be almost never that someone is randomly driving your car.

An IP address is widely sharable, even inadvertently but often on purpose and for good, legitimate reasons. Such as a Starbucks but also many smaller businesses, hotels, public spaces.

But, on the other hand, the IP address is also tied to a particular modem or gateway at a particular time. Such as Starbucks' modem, smaller businesses' modems, hotels' modems, public spaces with free Internet provided by some organizations' modems, etc. There's some one point those communications are going through, and someone with control over that point... hence, equivalent to ownership of the car, even if you rent or loan your car out freely to others.

And if I steal your car, go out and run every red light in town, and then politely park it back in your driveway, what then?

Do you think you could suggest that as a response to a handful of red light tickets, and that, if they didn't have your face in the picture, you could get every ticket dismissed?

Because hopping on someone's secured wifi really isn't that difficult for someone that knows what they're doing.

Neither is turning on logging.


For the people that know what they're doing.  The average Facebook internet user isn't going to have a clue.
 
2014-03-25 01:54:50 PM  

Theaetetus: And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address - so you know exactly when they started sharing "Sexy Librarians 14".


No they don't.

On models where the stored log is limited to 128 entries,

And those models don't log legitimate traffic.
 
2014-03-25 01:55:14 PM  

ecmoRandomNumbers: phenn: ecmoRandomNumbers: How many people actually use a VPN? I've been using one for over a year, and I think it's worth every penny.

Not to sidetrack, but do you subscribe to a service or roll your own?

A service. Their software has a built-in kill switch that shuts down all network activity if you, for some reason, lose your connection to the VPN.


Interesting. I've been looking around for one so I can get to regional content, but they are all so flipping slow. Using a free version of SafeIP for the moment, but I'd really like to find one more reliable and speedy. That, I'd be happy to pay for.
 
2014-03-25 01:56:13 PM  

StrangeQ: Theaetetus: Barfmaker: But in the case of the red light camera, that car is most definitely owned by the plate owner and it's quite reasonable to assume that he knows who is driving his car at any given time. It's going to be almost never that someone is randomly driving your car.

An IP address is widely sharable, even inadvertently but often on purpose and for good, legitimate reasons. Such as a Starbucks but also many smaller businesses, hotels, public spaces.

But, on the other hand, the IP address is also tied to a particular modem or gateway at a particular time. Such as Starbucks' modem, smaller businesses' modems, hotels' modems, public spaces with free Internet provided by some organizations' modems, etc. There's some one point those communications are going through, and someone with control over that point... hence, equivalent to ownership of the car, even if you rent or loan your car out freely to others.

And if I steal your car, go out and run every red light in town, and then politely park it back in your driveway, what then?  Because hopping on someone's secured wifi really isn't that difficult for someone that knows what they're doing.


Absent proof that your car was, in fact, used without your knowledge during that time period, the judge would probably find you as the car owner liable for at least some of the tickets. They certainly wouldn't get dismissed based solely on your assertion that you didn't know who was driving your car that wasn't stolen, which is not an unreasonable position.
 
2014-03-25 01:56:51 PM  

impaler: Theaetetus: And they even provide their ID, in the form of a MAC address. And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address

MAC addresses can be spoofed.


This. IANAE but it seems to be that if you were identified by your MAC address you could easily argue that since MAC is not in any way unique or tied solely to your computer, that MAC address alone is insufficient as evidence.
 
2014-03-25 01:57:24 PM  

impaler: Theaetetus: And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address - so you know exactly when they started sharing "Sexy Librarians 14".

No they don't.

On models where the stored log is limited to 128 entries,

And those models don't log legitimate traffic.


OMG, that's it. From now on, I'm not responding to people who cherry pick one sentence from my posts when the post they're quoting contains an answer to their point.It's not just a waste of time, it's disingenuous.
 
2014-03-25 02:05:33 PM  

SecretAgentWoman: Some one hacked my wireless network and downloaded infringing material.

Really.

Honestly.

Prove it didn't happen!

Plus, there is like, 20 people that know my password and use it.


And you'd be responsible since you're letting them use it.
 
2014-03-25 02:06:13 PM  
This is like the 50th time this ruling has been made, all over the country. FTFA:

"The ruling is crucial as it's another unique order confirming that an IP address alone is not enough to launch a copyright infringement lawsuit."

Another order. But, still, thanks subby: it helps to list them all in your motion to dismiss when you get a crap subpoena.

/pirates a lot
//only ever been subpoenaed for stuff I didn't DL
///all have been tossed
 
2014-03-25 02:07:41 PM  

Theaetetus: Also, just to forestall accusations of being a pro-copyright shill


I'm not a pro copyright shill, I just so happen to show up in every single thread about the issue arguing the MPAA/RIAA position?
 
2014-03-25 02:15:52 PM  

phenn: ecmoRandomNumbers: phenn: ecmoRandomNumbers: How many people actually use a VPN? I've been using one for over a year, and I think it's worth every penny.

Not to sidetrack, but do you subscribe to a service or roll your own?

A service. Their software has a built-in kill switch that shuts down all network activity if you, for some reason, lose your connection to the VPN.

Interesting. I've been looking around for one so I can get to regional content, but they are all so flipping slow. Using a free version of SafeIP for the moment, but I'd really like to find one more reliable and speedy. That, I'd be happy to pay for.


I don't know what you consider "slow." I live in a rural area so my DSL is 6Mbps, which is fast enough to get Netflix in medium HD. On downloads, I don't feel that the VPN slows me down at all, but if I were used to 100Mbps, I'm sure I'd notice a bottleneck in the service.
 
2014-03-25 02:17:38 PM  
I disagree with Theaetutus contention that copyright holders will not throw in the towel. At the end of these type of lawsuits are legalized extortion. They are legalized extortion because the technically astute user is always going to have the upper hand, so the only way for the lawsuit to succeed is to shift the burden of proof from the copyright holder to the alleged infringer. His instance that "Congress is going to do something" is misplaced. Everything in the law right now from SCOTUS (see Windsor Trombley, etc.) and Congress is to make it harder to sue not easier. Courts in particular are going to find ways to toss these suits when they can. So over the long haul whatever the legal merits of the claims the underlying business model of shaking people down is not going to be profitable. It's also, FWIW, seen as increasing sketchy within the legal profession itself as has been well documented over at Popehat. I'll make one final point. No judge in a criminal case (as opposed to a civil one) would ever accept an IP alone as meeting the particularity requirement under the 4A. Cops know they have to show more than that these days, such as showing that the network wasn't open and that it's not a group house or something similar. As the civil law catches up it only going to become more and more expensive for copyright holders to litigate these issue.

So in the long run my view is that the copyright holders will throw in the towel. The financial incentives to vindicate their rights simply won't exist except at the margin or outlier case.
 
2014-03-25 02:17:57 PM  

Theaetetus: impaler: Theaetetus: And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address - so you know exactly when they started sharing "Sexy Librarians 14".

No they don't.

On models where the stored log is limited to 128 entries,

And those models don't log legitimate traffic.

OMG, that's it. From now on, I'm not responding to people who cherry pick one sentence from my posts when the post they're quoting contains an answer to their point.It's not just a waste of time, it's disingenuous.


No you said the router CAN log. As if it's an option.

This goes directly to your other point where "anyone can easily detect if someone's hijacking their wifi."

No, they can't even do that.
 
2014-03-25 02:19:38 PM  

BullBearMS: I'm not a pro


Your amateur opinion is noted.

/isn't it annoying when people quote out of context?
 
2014-03-25 02:20:42 PM  

impaler: Theaetetus: impaler: Theaetetus: And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address - so you know exactly when they started sharing "Sexy Librarians 14".

No they don't.

On models where the stored log is limited to 128 entries,

And those models don't log legitimate traffic.

OMG, that's it. From now on, I'm not responding to people who cherry pick one sentence from my posts when the post they're quoting contains an answer to their point.It's not just a waste of time, it's disingenuous.

No you said the router CAN log. As if it's an option.

This goes directly to your other point where "anyone can easily detect if someone's hijacking their wifi."

No, they can't even do that.


Go quote the entire post, including the part where I answer this. Then I'll respond.
 
2014-03-25 02:26:11 PM  
If I may interject in here, while Theaetetus may say some rather absurd things on other topics, in this particular thread he's being very polite and reasonable. His thought process isn't complete, as his profession is law and not technology, but there's nothing unsound about his arguments, and he's not advocating a controversial personal opinion here, but trying to explain how things are likely to fall from a legal point of view - something he's more qualified than many to speculate on.

It is entirely likely that a legislative response will indeed ignore valid technical issues, and put a burden of proof back on the defense rather than on the prosecution (where it should be), as we've seen it before. He's not saying he agrees with that, just that it's likely to happen.

TL;DR, don't jump him because you don't like what he's said on other topics.
 
2014-03-25 02:28:28 PM  

mayIFark: Not true. I don't believe ISP's use DHCP, but even if they do, your computer never logs on to that.


Right, they employ a guy to sit there 24/7 typing in IP addresses every time someone connects. Brilliant!
Of course they use DHCP, and no one needs to "log onto that".

Good for this judge.  An IP is handy to ID things that want to be found. Otherwise, not so much in the reliable department.

/Network engineer
//Amused by this thread in ways you can't imagine.
 
2014-03-25 02:31:01 PM  

Theaetetus: OMG, that's it. From now on, I'm not responding to people who cherry pick one sentence from my posts when the post they're quoting contains an answer to their point.It's not just a waste of time, it's disingenuous.


Look, you may be a decent attorney, but you're not a very good geek.

There are simply not that many different brands of router out there in common use, and each brand tends to go with a slightly different address. Once I'm on your network, it's child's play to figure out what kind of router you have, and there's about a 98% chance that you didn't change the default user name and password combo of "admin". Once I'm in, I can do whatever the fark I want.

Hell, let's make my hacking life simpler- all I need to do is find a network named "2Wirexxx". That means AT&T U-Verse, and that means that the password is 10-digit numeric. Not even alphanumeric, just numeric. If I wanted to crack that, it would be child's play. And now I'm on your password-protected home network, doing whatever I want. And when you're in front of a judge and jury, trying to explain how it wasn't you downloading first-run movies, the lawyers from the RIAA and MPAA will ask the jury how someone just happened to have the one number out of a billion- A BILLION!- that would let them on your network.
 
2014-03-25 02:31:12 PM  

worlddan: I disagree with Theaetutus contention that copyright holders will not throw in the towel. At the end of these type of lawsuits are legalized extortion. They are legalized extortion because the technically astute user is always going to have the upper hand, so the only way for the lawsuit to succeed is to shift the burden of proof from the copyright holder to the alleged infringer. His instance that "Congress is going to do something" is misplaced. Everything in the law right now from SCOTUS (see Windsor Trombley, etc.) and Congress is to make it harder to sue not easier.


While I agree with the first part, I don't agree with the second... First, we're talking about two groups - the big, legitimate copyright owners (and their industry organizations); and the small copyright trolls like Prenda Law and Righthaven. Congress (and individual states) has taken steps to curb the latter, but has done nothing against the former... and consider how both Tenenbaum and Thomas-Rasset lost all of their appeals, including being denied cert by SCOTUS.

 Courts in particular are going to find ways to toss these suits when they can. So over the long haul whatever the legal merits of the claims the underlying business model of shaking people down is not going to be profitable. It's also, FWIW, seen as increasing sketchy within the legal profession itself as has been well documented over at Popehat. I'll make one final point. No judge in a criminal case (as opposed to a civil one) would ever accept an IP alone as meeting the particularity requirement under the 4A. Cops know they have to show more than that these days, such as showing that the network wasn't open and that it's not a group house or something similar. As the civil law catches up it only going to become more and more expensive for copyright holders to litigate these issue.

So in the long run my view is that the copyright holders will throw in the towel. The financial incentives to vindicate their rights simply won't exist except at the margin or outlier case.


Yes, to the abusive troll extortion letters. Not to the legitimate copyright owners like Sony or Capitol Records. Basically, the small "give us $5k or we'll expose a list of porn titles we're claiming you stole" letters will go away, as they should, but the "you distributed thousands of copies of the new Batman movie, so here's your lawsuit" complaints won't.  And the big guys are going to be the ones pushing for Congress to change the law to presume control and/or ISPs to change their ToS to waive defenses. They're going to have the leverage with the ISPs, too, particularly with the new priority carrier backroom deals coming out, and I really wouldn't expect Comcast to go to the mat for pirates.
 
2014-03-25 02:33:26 PM  

Gonz: Theaetetus: OMG, that's it. From now on, I'm not responding to people who cherry pick one sentence from my posts when the post they're quoting contains an answer to their point.It's not just a waste of time, it's disingenuous.

Look, you may be a decent attorney, but you're not a very good geek.


Why did you quote a post in which I say I'm not responding to people who are cherry picking from my post rather than responding to my actual arguments? Did you really think that would get a legitimate response from me?

Go quote what you're arguing against. It's only polite.
 
2014-03-25 02:37:03 PM  

Carousel Beast: If I may interject in here, while Theaetetus may say some rather absurd things on other topics, in this particular thread he's being very polite and reasonable. His thought process isn't complete, as his profession is law and not technology, but there's nothing unsound about his arguments, and he's not advocating a controversial personal opinion here, but trying to explain how things are likely to fall from a legal point of view - something he's more qualified than many to speculate on.

It is entirely likely that a legislative response will indeed ignore valid technical issues, and put a burden of proof back on the defense rather than on the prosecution (where it should be), as we've seen it before. He's not saying he agrees with that, just that it's likely to happen.

TL;DR, don't jump him because you don't like what he's said on other topics.


Thanks. Although I would disagree that my profession isn't technology... I was an engineer for 10 years before shifting to this, and I'm not on the litigation side of things - I  only deal with technology now. ;)
 
2014-03-25 02:37:13 PM  

Theaetetus: Gonz: Theaetetus: OMG, that's it. From now on, I'm not responding to people who cherry pick one sentence from my posts when the post they're quoting contains an answer to their point.It's not just a waste of time, it's disingenuous.

Look, you may be a decent attorney, but you're not a very good geek.

Why did you quote a post in which I say I'm not responding to people who are cherry picking from my post rather than responding to my actual arguments? Did you really think that would get a legitimate response from me?

Go quote what you're arguing against. It's only polite.


Because your actual arguments are not what I wanted to discuss. I wanted to discuss your lack of technical prowess.

See where the network engineer up there said he was amused by the thread? Same thing. You're talking about the law, and that's fine. That's good, that's what you know.

I'm telling you why that's the wrong conversation to have.
 
2014-03-25 02:40:36 PM  

Theaetetus: Go quote the entire post, including the part where I answer this. Then I'll respond.


Reread the quote. You didn't answer it.
 
2014-03-25 02:42:28 PM  

Gonz: Theaetetus: Gonz: Theaetetus: OMG, that's it. From now on, I'm not responding to people who cherry pick one sentence from my posts when the post they're quoting contains an answer to their point.It's not just a waste of time, it's disingenuous.

Look, you may be a decent attorney, but you're not a very good geek.

Why did you quote a post in which I say I'm not responding to people who are cherry picking from my post rather than responding to my actual arguments? Did you really think that would get a legitimate response from me?

Go quote what you're arguing against. It's only polite.

Because your actual arguments are not what I wanted to discuss. I wanted to discuss your lack of technical prowess.


Then quote me saying something showing a lack of technical prowess. For example, your earlier post was about how easy it was to crack into a home network. Go quote me saying it was difficult. I'll wait. Probably a long time, since I never said that.

And if you  can't quote me, then stop trying to put words in my mouth. As I said, it's disingenuous.

If the issue is that you haven't figured out how to use the quote button or to copy and paste, please let me know. I am always happy to help those who lack technical prowess in such matters.
 
2014-03-25 02:44:01 PM  

Theaetetus: Yes, to the abusive troll extortion letters. Not to the legitimate copyright owners like Sony or Capitol Records. Basically, the small "give us $5k or we'll expose a list of porn titles we're claiming you stole" letters will go away, as they should, but the "you distributed thousands of copies of the new Batman movie, so here's your lawsuit" complaints won't.


Yes, I agree with that but I also view the "thousands of copies" person as the outlier and frankly from a public policy point of view I don't have any sympathy for such a person. My concern is for the little guy.
 
2014-03-25 02:44:09 PM  

impaler: Theaetetus: Go quote the entire post, including the part where I answer this. Then I'll respond.

Reread the quote. You didn't answer it.


Seriously, why is it so impossible for you and Gonz to actually quote the person you're responding to? Is it because you know that, if you do, people will be able to read both parts and see how you're trying to twist their words?
Tell me, because I really would like to know why you insist on quoting out of context, even when repeatedly asked to stop.
 
2014-03-25 02:45:43 PM  

Theaetetus: Then quote me saying something showing a lack of technical prowess.


OK.

Theaetetus: And they even provide their ID, in the form of a MAC address. And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address


Theaetetus: MAC addresses can be spoofed.

But not with another MAC address on the same network, because then the router will not know where to send them.

 
2014-03-25 02:46:43 PM  

Theaetetus: impaler: Theaetetus: Go quote the entire post, including the part where I answer this. Then I'll respond.

Reread the quote. You didn't answer it.

Seriously, why is it so impossible for you and Gonz to actually quote the person you're responding to? Is it because you know that, if you do, people will be able to read both parts and see how you're trying to twist their words?
Tell me, because I really would like to know why you insist on quoting out of context, even when repeatedly asked to stop.


I reread your quote. I don't see it being answered. Why don't you just post what I quoted and your answer, because I can't read your mind.
 
2014-03-25 02:49:14 PM  

worlddan: Theaetetus: Yes, to the abusive troll extortion letters. Not to the legitimate copyright owners like Sony or Capitol Records. Basically, the small "give us $5k or we'll expose a list of porn titles we're claiming you stole" letters will go away, as they should, but the "you distributed thousands of copies of the new Batman movie, so here's your lawsuit" complaints won't.

Yes, I agree with that but I also view the "thousands of copies" person as the outlier and frankly from a public policy point of view I don't have any sympathy for such a person. My concern is for the little guy.


Likewise, but I don't think Congress feels the same way... They haven't reduced the statutory damages levels, for example, or provided any mitigation for non-commercial infringement - nor have the courts accepted those arguments when raised.

The extortion letters are losing ground because, frankly, the plaintiffs in these cases are not very sympathetic. Prenda's a bunch of fraudsters apparently using forged signatures on their legal documents, and Righthaven sued over stuff they didn't actually own. The X-art people in this article are similarly listing a bunch of stuff they don't own, namely because X-art is so tame that threats of exposure aren't all that threatening.  I could even see the RIAA/MPAA folks helping write legislation  against copyright trolling, because they don't want to be associated with them... but at the same time, that legislation would have tons of carve outs for the big studios. And that's something that we really want to avoid.
 
2014-03-25 02:50:37 PM  

impaler: Theaetetus: impaler: Theaetetus: Go quote the entire post, including the part where I answer this. Then I'll respond.

Reread the quote. You didn't answer it.

Seriously, why is it so impossible for you and Gonz to actually quote the person you're responding to? Is it because you know that, if you do, people will be able to read both parts and see how you're trying to twist their words?
Tell me, because I really would like to know why you insist on quoting out of context, even when repeatedly asked to stop.

I reread your quote. I don't see it being answered. Why don't you just post what I quoted and your answer, because I can't read your mind.


Prove you reread my quote: copy and paste it here. Otherwise, go away and stop trolling me.
 
2014-03-25 02:56:56 PM  

Ex-Texan: I think the hardest burden o prove is that most people are "intelligent". Once you clear that hurdle, it's uphill from there.
Wasn't there some cases a while back that copyright holders were suing some unfortunate schlubs who shared files that were legally obtained, but had names similar to some shiat they had the rights to? But they still maintained damage jad been done.
Truth be told, Many of the movies out there are not worth watching, just the effluvia of an indusrty bent on perpetuating its perceived relevance.
How many times have you gone to a movie, plonked down moeny for a "feature" that is tasteless at best, and if you want a coincession item, have to pay robbery prices for a pack of Skittles? I know it's how the venue "makes" its money, but damn, a bad business practice is just that.
Why pay exhorbitant fees to see a movie that's a crock?
I'd like to know of a way to hold theatres liable, and providing recompense of at least the ticket price, for a movie you find bad.
If I like a movie, I'll pay to see it on the big screen.But otherwise, I can delete it. 2 hours of my life is not worth wasting to see many of these films.
Good thing I've cracked most neighbors networks around me using Backtrack Linux. And not a single one has MAC filtering on. I keep my access point open, but the Mac filtering gets them. Plus, most people are too "busy" to implement it. Both IPV4 and V6


Lol, you think MAC filtering is a real security feature.
 
2014-03-25 03:00:29 PM  

Theaetetus: BullBearMS: I'm not a pro

Your amateur opinion is noted.

/isn't it annoying when people quote out of context?


It's much more annoying when you show up in every single thread on this topic to argue the RIAA and MPAA's position while whining about people noting that you are a very obvious shill.
 
2014-03-25 03:00:44 PM  

Theaetetus: But, on the other hand, the IP address is also tied to a particular modem or gateway at a particular time.


In the literal sense of the term, this is correct. However, in the sense in which you are using it (that an IP fixes a particular computer owned by some known person to a particular model or gateway at some particular time) is not provably correct. It is merely often correct.

MAC spoofing, though, works more like my local parking garage. You park in a spot, walk down to the lobby, and purchase a ticket for the (hopefully correct) spot number. The security truck occasionally trolls through with their list of unpurchased spots and tickets people in unpaid spots. However, the ticket corresponds to the spot, not the vehicle. There's no check upon leaving the garage -- the system merely flushes the log of daytime ticket spots at 10pm. This means that there's no check to see if a given car left and a new car arrived later and parked in an already-purchased spot. This new car corresponds to a MAC spoof. It takes on the identity of a machine that has already established a spot in the network. The network doesn't check that the MAC corresponds to the correct machine, merely that there is a machine in that spot (IP) corresponding to that ticket (MAC).

So if I'm parked in the spot 118, and there's a ding on my driver's side door, I can subpoena who purchased the ticket for 117 (which was empty when I came to drive away), but I have no reasonable basis to conclude that vehicle dinged my door. I can't prove, and the log provides no evidence either way, whether that car was still there or had been replaced by a spoofer when the ding occurred.
 
2014-03-25 03:01:16 PM  

ds615: mayIFark: Not true. I don't believe ISP's use DHCP, but even if they do, your computer never logs on to that.

Right, they employ a guy to sit there 24/7 typing in IP addresses every time someone connects. Brilliant!
Of course they use DHCP, and no one needs to "log onto that".

Good for this judge.  An IP is handy to ID things that want to be found. Otherwise, not so much in the reliable department.

/Network engineer
//Amused by this thread in ways you can't imagine.


I don't know how it is done, but I'd imagine there can be something in between DHCP and manual labor. Such as assign an IP when a new customer joins and shift them with an algorithm once in a while. Would be more secure for them.

/What the heck is a Network engineer?
//I'm familiar with the concept of dialing 7 digits and someone in India answering it, but never heard them being referred as network engineer
 
2014-03-25 03:02:09 PM  

impaler: Theaetetus: Then quote me saying something showing a lack of technical prowess.

OK.

Theaetetus: And they even provide their ID, in the form of a MAC address. And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address

Theaetetus: MAC addresses can be spoofed.

But not with another MAC address on the same network, because then the router will not know where to send them.


Somebody doesn't understand the physical layer at all.
 
2014-03-25 03:02:30 PM  

Theaetetus: impaler: Theaetetus: Go quote the entire post, including the part where I answer this. Then I'll respond.

Reread the quote. You didn't answer it.

Seriously, why is it so impossible for you and Gonz to actually quote the person you're responding to? Is it because you know that, if you do, people will be able to read both parts and see how you're trying to twist their words?
Tell me, because I really would like to know why you insist on quoting out of context, even when repeatedly asked to stop.


Because I'm on mobile, and it's a colossal PITA to load up the full site, go to the post I want to quote, cut it down to just those words, and then reply.

My only other option is to quote everything, which puts up a wall of text, and that's just rude. Ain't nobody want to see that.

I'm not trying to twist your words, I'm just telling you that you aren't as spun up on tech as you are the law.
 
2014-03-25 03:08:54 PM  

Theaetetus: Prove you reread my quote: copy and paste it here. Otherwise, go away and stop trolling me.


I can copy and paste your quote without reading it. That doesn't prove I read it. What good does that do?

I don't see what I quoted being answered. YOU say you answered it. And you think it's my responsibility to paste your answer? I JUST TOLD YOU I CAN"T FIND IT?

WTF?
 
2014-03-25 03:10:22 PM  

This text is now purple: Theaetetus: But, on the other hand, the IP address is also tied to a particular modem or gateway at a particular time.

In the literal sense of the term, this is correct. However, in the sense in which you are using it (that an IP fixes a particular computer owned by some known person to a particular model or gateway at some particular time) is not provably correct. It is merely often correct.


Oh, I'm not using it in that way. As I said above, it's tied to a modem or gateway, which may be NATting for a whole pile of computers.

MAC spoofing, though, works more like my local parking garage. You park in a spot, walk down to the lobby, and purchase a ticket for the (hopefully correct) spot number. The security truck occasionally trolls through with their list of unpurchased spots and tickets people in unpaid spots. However, the ticket corresponds to the spot, not the vehicle. There's no check upon leaving the garage -- the system merely flushes the log of daytime ticket spots at 10pm. This means that there's no check to see if a given car left and a new car arrived later and parked in an already-purchased spot. This new car corresponds to a MAC spoof. It takes on the identity of a machine that has already established a spot in the network. The network doesn't check that the MAC corresponds to the correct machine, merely that there is a machine in that spot (IP) corresponding to that ticket (MAC).

So if I'm parked in the spot 118, and there's a ding on my driver's side door, I can subpoena who purchased the ticket for 117 (which was empty when I came to drive away), but I have no reasonable basis to conclude that vehicle dinged my door. I can't prove, and the log provides no evidence either way, whether that car was still there or had been replaced by a spoofer when the ding occurred.


Yep, I don't disagree with any of that. As I said, it may be a successful defense for a jury, but it's unlikely to get you a dismissal pre-trial, particularly not if the law changes to presume control over communications traversing the gateway by the owner unless proven otherwise: the burden will be on you, as the guy now parked in 117, to prove that it wasn't you who was parked there before.
 
2014-03-25 03:11:21 PM  

impaler: Theaetetus: Prove you reread my quote: copy and paste it here. Otherwise, go away and stop trolling me.

I can copy and paste your quote without reading it. That doesn't prove I read it. What good does that do?

I don't see what I quoted being answered. YOU say you answered it. And you think it's my responsibility to paste your answer? I JUST TOLD YOU I CAN"T FIND IT?

WTF?


You quoted one sentence in a post, Sparky. Quote the entire post. This shouldn't be a difficult concept for you to understand.
 
2014-03-25 03:11:55 PM  
In the long run there is only one identifying number that matters - your NSA hash code.
 
2014-03-25 03:14:05 PM  

Gonz: Because I'm on mobile, and it's a colossal PITA to load up the full site, go to the post I want to quote, cut it down to just those words, and then reply.

My only other option is to quote everything, which puts up a wall of text, and that's just rude. Ain't nobody want to see that.

I'm not trying to twist your words, I'm just telling you that you aren't as spun up on tech as you are the law.


Uh, okay. Since you can't quote anything in specific that you disagree with, then I'll just thank you for your general opinion and wish you a good day.
 
2014-03-25 03:15:29 PM  

lilbjorn: In the long run there is only one identifying number that matters - your NSA hash code.


Now, now... Fifty dollar WiFi routers have unbreakable security and there is no way that hackers or the NSA could possibly break into yours and do whatever the hell they like without your knowledge or consent.

I was told this by an MPAA RIAA shill of Fark, so it must be true.
 
2014-03-25 03:18:31 PM  
Theaetetus:
Likewise, but I don't think Congress feels the same way... They haven't reduced the statutory damages levels, for example, or provided any mitigation for non-commercial infringement - nor have the courts accepted those arguments when raised.

But in essence that's where the courts are going; they are just getting there through the back door. Do you really doubt that this case would have gone forward if the person had been accused of wholesale redistribution? The court's are doing their usual wink 'n' nod. They are not saying that one can't bring a case for non-commercial infringement, they are simply finding convenient legal excuses that just so happen to negatively impact the business model of those who are shaking down the small guy. I agree that it would be better if Congress fixed this problem simply for the sake of both honesty and legal efficiency.  But I think if Congress does nothing then over the long run the court system will evolve such that truly egregious cases will go forward and truly minor cases will fall by the way side.

Why do I think this? Because in my view this whole area is nothing more than a replication of what we see in the debt collection business. If the person has minor debts and the person defeats a motion for summary judgement the debt collector crawls back into the woodwork because it isn't financially profitable to spend more money pursuing a trial than can be collected. OTOH, if the debt is big (100K) then the debt collector will fight and go to trial. Over time I see a similar system evolving in copyright infringement cases--the truly nasty infringes will get nailed and the piddly stuff will fall by the wayside.   Maybe I'm too optimistic but that's my view.
 
2014-03-25 03:18:40 PM  

impaler: Theaetetus: Pfff, anyone  can detect if their wifi is being hijacked. Most people don't bother looking or don't know how.

Anyone can perform open heart surgery. Most people don't know how.


I know what you're saying, and I completely agree, but...

cdn.abclocal.go.com
 
2014-03-25 03:22:20 PM  

Theaetetus: You quoted one sentence in a post, Sparky. Quote the entire post. This shouldn't be a difficult concept for you to understand.


Why don't you just quote the sentence that you claim answers it? That's the logical thing to do. Not have me repost a wall of text and fling your fingers around claiming "somewhere in there."
 
2014-03-25 03:26:56 PM  

worlddan: But in essence that's where the courts are going; they are just getting there through the back door. Do you really doubt that this case would have gone forward if the person had been accused of wholesale redistribution? The court's are doing their usual wink 'n' nod. They are not saying that one can't bring a case for non-commercial infringement, they are simply finding convenient legal excuses that just so happen to negatively impact the business model of those who are shaking down the small guy.


But see Thomas-Rasset and Tenenbaum... They were the small guys, doing non-commercial infringement, and got smacked down hard. The difference between those cases and these are the plaintiffs, who, in those cases, actually did own the copyrights in question. But they did the same Capitol v. Doe fishing expedition, for example, until they could find the owner of the corresponding computer and account.

I agree that it would be better if Congress fixed this problem simply for the sake of both honesty and legal efficiency.  But I think if Congress does nothing then over the long run the court system will evolve such that truly egregious cases will go forward and truly minor cases will fall by the way side.

Why do I think this? Because in my view this whole area is nothing more than a replication of what we see in the debt collection business. If the person has minor debts and the person defeats a motion for summary judgement the debt collector crawls back into the woodwork because it isn't financially profitable to spend more money pursuing a trial than can be collected. OTOH, if the debt is big (100K) then the debt collector will fight and go to trial. Over time I see a similar system evolving in copyright infringement cases--the truly nasty infringes will get nailed and the piddly stuff will fall by the wayside.   Maybe I'm too optimistic but that's my view.


Quite possibly... It's sort of a free market solution to trolling, and supports the "don't bother responding to threatening letters" tactic. The counterargument is that, due to the $750-150k statutory damage range, the debt we're talking about is going to be around $20-40k per song, possibly higher for movies, and while they might not go after someone sharing one work, after five or six, that starts getting pretty valuable.
Tenenbaum was only 30 songs, and Thomas was 24, for example. I'd call them "piddly", but they were still major targets.
 
2014-03-25 03:28:10 PM  

impaler: Theaetetus: You quoted one sentence in a post, Sparky. Quote the entire post. This shouldn't be a difficult concept for you to understand.

Why don't you just quote the sentence that you claim answers it? That's the logical thing to do. Not have me repost a wall of text and fling your fingers around claiming "somewhere in there."


Because I want you to prove to me that you're not just a troll and that you  can actually quote someone without cutting any context out. At this point, you've got no credibility, so why should I waste time on a troll?
 
2014-03-25 03:30:36 PM  
 
ZAZ [TotalFark]
2014-03-25 03:31:25 PM  
worlddan

Judges are fighting back against bulk lawsuits because they interfere with more important business. This case feels like the judicial equivalent of jury nullification: a legally wrong decision that the decision maker felt was justified by circumstances. A different judge demanded a separate filing fee for each defendant to deter bulk lawsuits. That one was following the rules.

Judges are not fighting back against the principle of suing over not-for-compensation distribution. Or, rather, they said they thought damages should be five figures instead of six but the appeals courts reversed. The two main precedents agree that juries can hear about billions in lost profits and rule accordingly. (Thomas and Tenenbaum)
 
2014-03-25 03:33:53 PM  
Good ruling.     it about time Judges start realizing this fact.
 
2014-03-25 03:37:21 PM  

ZAZ: Judges are not fighting back against the principle of suing over not-for-compensation distribution. Or, rather, they said they thought damages should be five figures instead of six but the appeals courts reversed. The two main precedents agree that juries can hear about billions in lost profits and rule accordingly. (Thomas and Tenenbaum)


Yeah, although I believe they're wrong there... They're relying on the RIAA's interpretation of "willful" as "knowing or intentional" (understandably, since neither Thomas nor Tenenbaum ever disagreed with it), but I don't think that's correct. I believe that was Congress intended was something more like "malicious" or "for personal profit", like "willful" is interpreted in trademark infringement. But the RIAA certainly isn't going to suggest it, and if the defense never argues that they're wrong, then the judge has nothing to go on.
 
2014-03-25 03:37:26 PM  

Theaetetus: Barfmaker:You could certainly track the IP but let's say it's a Starbucks. It's not reasonable or even possible to keep track of everyone who is using it.

All I'm saying is that the metaphor of the red light camera doesn't apply, a car owner reasonably knows who is driving their car, an IP address owner may not.

Not at all. Every person who uses the car has to get the keys from you, right? Every person who uses your WiFi network has to get an NATed IP address from your router, right? And they even provide their ID, in the form of a MAC address. And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address - so you know exactly when they started sharing "Sexy Librarians 14".

Do you know their name? Probably not. Can you nonetheless provide identifying information via that MAC address that implicates them, rather than you, as the infringer? Absolutely. And the logs can be very tiny, particularly compared to how cheap storage space is now.

Hence, a person with an open access point should be able to easily rebut any accusation of copyright infringement, if they're not actually the infringer.

Your best counterargument is that the person isn't currently collecting detailed logs. And that's true, and why these cases are getting dismissed, but that's one of the things that will have to change as a result of these court decisions and the likely changes to the law that will result. It will not be a loophole forever.


You're talking about running a sniffer on the router's internal iterface, like tcpdump, capturing up to the IP headers, dumping it to a file, then correlating the infringing address with a machine's MAC. Not every router has a sniffer built in. And since this is all on the user's end, what's the prevent them from falsifying the logs?

Unless ISPs mandate only a certain category of router can operate on their network, one that captures internal traffic headers and forwards them to the ISP in a secure manner, I don't see how this is feasible to legislate.
 
2014-03-25 03:38:45 PM  

Theaetetus: But, on the other hand, the IP address is also tied to a particular modem or gateway at a particular time. Such as Starbucks' modem, smaller businesses' modems, hotels' modems, public spaces with free Internet provided by some organizations' modems, etc. There's some one point those communications are going through, and someone with control over that point... hence, equivalent to ownership of the car, even if you rent or loan your car out freely to others.


Theaetetus: But not with another MAC address on the same network, because then the router will not know where to send them. And if your point, as the owner of the access point, is to show that the infringing packets didn't come from  your computer, then it's irrelevant if they came from a real or spoofed MAC address, as long as it doesn't match yours.

Pfff, anyone  can detect if their wifi is being hijacked. Most people don't bother looking or don't know how. Again, that will be something that will change, once the law starts blaming you for anything that happens with your wifi router unless you can prove it wasn't you. Ignorance won't be a defense.


Theaetetus: Oh, I'm not using it in that way. As I said above, it's tied to a modem or gateway, which may be NATting for a whole pile of computers.


OK, hopefully this is quoting enough of you that you'll feel validated.

You look like a lawyer discussing how networking works. Each and every idea you've put out here is something that represents either a barrier that's simple to work around, or- especially in the case of MAC filtering- something that generally creates a larger security risk than it solves.
 
2014-03-25 03:39:52 PM  
beer4breakfast:
You're talking about running a sniffer on the router's internal iterface, like tcpdump, capturing up to the IP headers, dumping it to a file, then correlating the infringing address with a machine's MAC. Not every router has a sniffer built in. And since this is all on the user's end, what's the prevent them from falsifying the logs?

Unless ISPs mandate only a certain category of router can operate on their network, one that captures internal traffic headers and forwards them to the ISP in a secure manner, I don't see how this is feasible to legislate.


Yes, that would be the next step - as I said, the counterargument is that people aren't currently collecting those detailed logs. That's something that would likely change in the future, with a law that presumes liability unless you provide evidence, in the form of such logs, that it wasn't you.
 
2014-03-25 03:48:44 PM  

Gonz: Theaetetus: But, on the other hand, the IP address is also tied to a particular modem or gateway at a particular time. Such as Starbucks' modem, smaller businesses' modems, hotels' modems, public spaces with free Internet provided by some organizations' modems, etc. There's some one point those communications are going through, and someone with control over that point... hence, equivalent to ownership of the car, even if you rent or loan your car out freely to others.

Theaetetus: But not with another MAC address on the same network, because then the router will not know where to send them. And if your point, as the owner of the access point, is to show that the infringing packets didn't come from  your computer, then it's irrelevant if they came from a real or spoofed MAC address, as long as it doesn't match yours.

Pfff, anyone  can detect if their wifi is being hijacked. Most people don't bother looking or don't know how. Again, that will be something that will change, once the law starts blaming you for anything that happens with your wifi router unless you can prove it wasn't you. Ignorance won't be a defense.

Theaetetus: Oh, I'm not using it in that way. As I said above, it's tied to a modem or gateway, which may be NATting for a whole pile of computers.

OK, hopefully this is quoting enough of you that you'll feel validated.

You look like a lawyer discussing how networking works. Each and every idea you've put out here is something that represents either a barrier that's simple to work around, or- especially in the case of MAC filtering- something that generally creates a larger security risk than it solves.


Thanks for providing the quotes. Now, you say that each is either simple to work around or creates a larger security risk*, but you haven't said that any of them are  wrong. Yes, you can crack into someone's network, but since we were talking about unsecured networks generally, that's not an issue. And yes, you can spoof a MAC address of someone who is offline, but if they can show they were offline, then it doesn't matter. And yes, you can even spoof the MAC address of someone who is online, but unless their machine is configured in a very specific way, they're going to get very visible errors. And I have no idea why you quoted the third one.

Unless you actually disagree with one of those quotes, then I'm not sure how they support your contention that I lack technical prowess.

*I didn't mention MAC filtering... Did you mean that to refer to someone else?
 
2014-03-25 03:54:30 PM  

Theaetetus: even better than the car, your router can log each and every packet to/from that NATed IP or MAC address - so you know exactly when they started sharing "Sexy Librarians 14".


Name one home router that logs every packet that goes through it.

You seriously have no idea what you are talking about.
 
2014-03-25 03:57:09 PM  

Theaetetus: Yes, that would be the next step - as I said, the counterargument is that people aren't currently collecting those detailed logs. That's something that would likely change in the future, with a law that presumes liability unless you provide evidence, in the form of such logs, that it wasn't you.


Is that what you thought addressed my assertion that not all routers have the ability to log when you said "your router can log each and every packet to/from that NATed IP or MAC address"?

How soon will people with non-compliant routers have to buy new hardware to satisfy this law?

How long will they have to keep logs?

How do we verify these logs aren't tampered?

Yes, brilliant solution. Require everyone to become a network administrator.
 
2014-03-25 03:58:42 PM  
impaler:  Yes, brilliant solution.

Hey, thanks. I take back all of the stuff I said about how your constant quoting out of context makes you look like a troll.
 
2014-03-25 03:59:48 PM  

Theaetetus: Yes, you can crack into someone's network, but since we were talking about unsecured networks generally, that's not an issue.


24.media.tumblr.com
 
2014-03-25 04:01:42 PM  

impaler: Theaetetus: a law that presumes liability unless you provide evidence, in the form of such logs, that it wasn't you.

Yes, brilliant solution. Require everyone to become a network administrator.


Even better: he's requiring that the US legal system do a complete 180 into "guilty until proven innocent" territory.

That's right, an alleged lawyer just advocated for legislation that said citizens were guilty unless they could prove otherwise. Legislation that puts the burden of proof on the victim.

He's full of shiat, in every thread he enters. You guys are wasting your time.
 
2014-03-25 04:01:43 PM  

Theaetetus: And yes, you can spoof a MAC address of someone who is offline, but if they can show they were offline, then it doesn't matter.


How does someone show they were offline?
 
2014-03-25 04:03:58 PM  

impaler: Theaetetus: Yes, you can crack into someone's network, but since we were talking about unsecured networks generally, that's not an issue.

[24.media.tumblr.com image 479x361]


Hey now... Even though security experts are very clear that "secured" networks are easily broken into and most networks are unsecured anyway, it's still perfectly OK for the RIAA and MPAA to financially break people based on easily falsified data!

/Because shill!
 
2014-03-25 04:06:30 PM  

Scrotastic Method: impaler: Theaetetus: a law that presumes liability unless you provide evidence, in the form of such logs, that it wasn't you.

Yes, brilliant solution. Require everyone to become a network administrator.

Even better: he's requiring that the US legal system do a complete 180 into "guilty until proven innocent" territory.

That's right, an alleged lawyer just advocated for legislation that said citizens were guilty unless they could prove otherwise. Legislation that puts the burden of proof on the victim.


Psst - we're talking about civil law, not criminal.
 
2014-03-25 04:06:56 PM  

impaler: Theaetetus: And yes, you can spoof a MAC address of someone who is offline, but if they can show they were offline, then it doesn't matter.

How does someone show they were offline?


Take a picture of yourself at a water park... a picture with a 100% accurate tamper-proof timestamp.
 
2014-03-25 04:16:10 PM  

Theaetetus: And yes, you can even spoof the MAC address of someone who is online, but unless their machine is configured in a very specific way, they're NOT going to get very visible errors.


FTFY
 
2014-03-25 04:16:45 PM  
^^^ That's for home wifi, anyway.
 
2014-03-25 04:16:54 PM  

impaler: Theaetetus: And yes, you can spoof a MAC address of someone who is offline, but if they can show they were offline, then it doesn't matter.

How does someone show they were offline?


Thank you for asking that question, so I didn't have to quote a wall of text.

Because what seems to be argued here is that not only are you going to keep a detailed router log, but also physical, possibly off-site copies of your various system logs.

Not just a few, either. All of them. Is there going to be a time limit on how long I must maintain backup copies of /var/log? And that's just one overarching directory in Linux. We're going to need specific examples of each and every log that's required to be maintained, by OS.

Oh, yeah, and I have a VM running Haiku, which is an alpha release of an open-source copy of BeOS. Let's make sure we're comprehensive here.
 
2014-03-25 04:25:16 PM  
Such a geek: bookmarking this story 'cause I gotta go to class.

/ Pitiful
 
2014-03-25 04:27:52 PM  

Theaetetus: Carousel Beast: If I may interject in here, while Theaetetus may say some rather absurd things on other topics, in this particular thread he's being very polite and reasonable. His thought process isn't complete, as his profession is law and not technology, but there's nothing unsound about his arguments, and he's not advocating a controversial personal opinion here, but trying to explain how things are likely to fall from a legal point of view - something he's more qualified than many to speculate on.

It is entirely likely that a legislative response will indeed ignore valid technical issues, and put a burden of proof back on the defense rather than on the prosecution (where it should be), as we've seen it before. He's not saying he agrees with that, just that it's likely to happen.

TL;DR, don't jump him because you don't like what he's said on other topics.

Thanks. Although I would disagree that my profession isn't technology... I was an engineer for 10 years before shifting to this, and I'm not on the litigation side of things - I  only deal with technology now. ;)


My apologies - I actually should have said wireless security in particular. It's absolutely amazing what someone determined and skill can do to supposedly "ironclad" systems. I'm not security myself, but I establish policy and procedure for the corporate data on my systems, so I work closely with both the electronic and physical security departments, since my systems control a lot of sensitive information.

Regardless, I think you make some excellent points, and I didn't want to see people shout you down because they may have disagreed with you elsewhere, as I think happens too often on Fark.
 
2014-03-25 05:13:52 PM  

BullBearMS: impaler: Theaetetus: Then quote me saying something showing a lack of technical prowess.

OK.

Theaetetus: And they even provide their ID, in the form of a MAC address. And, even better than the car, your router can log each and every packet to/from that NATed IP or MAC address

Theaetetus: MAC addresses can be spoofed.

But not with another MAC address on the same network, because then the router will not know where to send them.

Somebody doesn't understand the physical

Data Link layer at all.

FTFY
 
2014-03-25 05:15:32 PM  
in jail lol wtf is a ip address smh dgaf #yolo
 
2014-03-25 07:04:55 PM  

Theaetetus: JackieRabbit: Good ruling, since IP addresses for most users of the internet are assigned by their IPS's DHCP server and a lease on the address can last only as long as the user is logged onto the computer.

So? If you make threatening phone calls from a hotel room phone, it's not reasonable to dismiss a case by saying that you only had the phone number for as long as you were renting the phone. Activity by the next or prior patron is irrelevant, since they're subpoenaing records about an IP address  at a particular time.


Multiple users can/often do use the same public IP at the same time.
 
2014-03-25 07:30:33 PM  

Kygz: Yup, my VPNs usually have me in IL or IA.


You're screwed buddy! They don't have internet in Iowa.

/got three warning emails for downloading True Detective (one per episode)
//because I was sharing
///no more emails after I stopped sharing, but still continued to DL
\\\suck it!
 
2014-03-25 07:32:48 PM  

elysive: Theaetetus: JackieRabbit: Good ruling, since IP addresses for most users of the internet are assigned by their IPS's DHCP server and a lease on the address can last only as long as the user is logged onto the computer.

So? If you make threatening phone calls from a hotel room phone, it's not reasonable to dismiss a case by saying that you only had the phone number for as long as you were renting the phone. Activity by the next or prior patron is irrelevant, since they're subpoenaing records about an IP address  at a particular time.

Multiple users can/often do use the same public IP at the same time.


Really? How does that work? Please explain, because clearly, no one in this thread knows and we haven't been discussing gateways and NAT for the past several hours
 
2014-03-25 07:52:32 PM  

mayIFark: JackieRabbit: Good ruling, since IP addresses for most users of the internet are assigned by their IPS's DHCP server and a lease on the address can last only as long as the user is logged onto the computer.

Not true. I don't believe ISP's use DHCP, but even if they do, your computer never logs on to that. It is your modem that does, and that is always on. Even if you turn off your modem, it will take a few days before that IP gets reassigned.


For many cable companies, modems usually receive a rfc1918 address. Connected hosts receive a public and it is assigned to that hosts mac (not the modems). This assignment is logged for abuse investigations including piracy.

You can get a static mapping setup to a host and have dhcp disabled.. meaning only that specific host will recieve a (the) ip. Done in this manner a hacker busting into your wireless will find himself high and dry unless he knows to ghost his machines mac to appear as the statically mapped host on isp dhcp server. Still vry much doable, just one more hurdle. Which is what most security comes down to.

There is rarely a question of not just what ip was used for the abuse, but even what specific device was the offendrr.

This doesnt change the fact that unless youve established by either law or binding contract claus associated responsibility... you still have no clue WHO clicky clickied the link. ( My guess is Col. Mustard in the ballroom with the Dell XPS)

/That said, pirate errything.
//Hack the planet
 
2014-03-25 07:55:10 PM  

Ex-Texan: I'd like to know of a way to hold theatres liable, and providing recompense of at least the ticket price, for a movie you find bad.


I worked at several movie theaters when I was younger. All of them refunded ticket prices to customers who left the movie early complaining it was bad. I don't recall any times someone sat through the whole movie, and then wanted a refund.
 
2014-03-25 08:32:22 PM  

Theaetetus: elysive: Theaetetus: JackieRabbit: Good ruling, since IP addresses for most users of the internet are assigned by their IPS's DHCP server and a lease on the address can last only as long as the user is logged onto the computer.

So? If you make threatening phone calls from a hotel room phone, it's not reasonable to dismiss a case by saying that you only had the phone number for as long as you were renting the phone. Activity by the next or prior patron is irrelevant, since they're subpoenaing records about an IP address  at a particular time.

Multiple users can/often do use the same public IP at the same time.

Really? How does that work? Please explain, because clearly, no one in this thread knows and we haven't been discussing gateways and NAT for the past several hours


I get that you have been talking about MAC logging and have made a few side references to NAT, but this particular analogy would apply more to NAT'ed IP if every room in the hotel had the same phone number and if it weren't just an issue of what time you made the call. Oh wait, you know, I'm pretty sure it often does. There's the public hotel phone number (public address) and then a room extension (private address). Internal call logs by whomever administers the network (MAC addresses if it's VoIP) might suddenly make it relevant when you were in your room. At least that's my rudimentary understanding of the telecom exchange.

I know you are insistent that soon equipment everywhere will keep extensive logs so that judges and LEOs can see who has been accessing what. That's a fine fantasy worth holding your breath for that wouldn't be a total waste of money or an undue burden on ISP and enterprise equipment that transfer ungodly amounts of data. Whether something of that nature comes to fruition or not, I wish media companies would decide to stop bleeding money with law suits, lobbying and chasing after ever-evolving piracy that they can't beat. They would do a lot better just to change their business model and sell something that people want to buy.

As for using logged MAC addresses as evidence against someone, how do you propose people's MAC addresses get revealed? Voluntarily? Verbally? Written? Physically produced? Does the person have to surrender their devices at which time the investigating party can snoop around for other evidence? Wouldn't that be putting the horse before the buggy? At least it's not terribly difficult to tell when people are making up MAC addresses. It is even easier when you know the manufacturer of the device. Would you believe I've had people who work in the networking industry give me MAC addresses with G's and H's in them? *shakes head*
 
2014-03-25 08:33:51 PM  
lol, cart before the horse. It's been a long day. I should just pack up.
 
2014-03-25 09:01:04 PM  

elysive: Theaetetus: elysive: Theaetetus: JackieRabbit: Good ruling, since IP addresses for most users of the internet are assigned by their IPS's DHCP server and a lease on the address can last only as long as the user is logged onto the computer.

So? If you make threatening phone calls from a hotel room phone, it's not reasonable to dismiss a case by saying that you only had the phone number for as long as you were renting the phone. Activity by the next or prior patron is irrelevant, since they're subpoenaing records about an IP address  at a particular time.

Multiple users can/often do use the same public IP at the same time.

Really? How does that work? Please explain, because clearly, no one in this thread knows and we haven't been discussing gateways and NAT for the past several hours

I get that you have been talking about MAC logging and have made a few side references to NAT, but this particular analogy would apply more to NAT'ed IP if every room in the hotel had the same phone number and if it weren't just an issue of what time you made the call. Oh wait, you know, I'm pretty sure it often does.There's the public hotel phone number (public address) and then a room extension (private address). Internal call logs by whomever administers the network (MAC addresses if it's VoIP) might suddenly make it relevant when you were in your room. At least that's my rudimentary understanding of the telecom exchange.


Yes, I know. That's why I suggested it. Most hotels have a PBX, either POTS or, more likely, SIP. Accordingly, your outgoing phone number may appear the same, it is nonetheless still traceable to your room at a particular time, with the hotel's internal routing logs.

I know you are insistent that soon equipment everywhere will keep extensive logs so that judges and LEOs can see who has been accessing what.

Nope, plaintiffs in discovery. We're not talking about criminal law.

That's a fine fantasy worth holding your breath for that wouldn't be a total waste of money or an undue burden on ISP and enterprise equipment that transfer ungodly amounts of data. Whether something of that nature comes to fruition or not, I wish media companies would decide to stop bleeding money with law suits, lobbying and chasing after ever-evolving piracy that they can't beat. They would do a lot better just to change their business model and sell something that people want to buy.

Perhaps, but we've been trying to sell the RIAA/MPAA on that for how many decades now? It's a fine fantasy that they'll suddenly sit up and say "gosh, piracy isn't an issue if we just sell product that people want to give us money for."

And where else has that model worked? Heck, look at the games industry, shifting to always-on connections and server-side DRM. If they won't embrace "no restrictions, just please give us money", then why do you think Hollywood would?

As for using logged MAC addresses as evidence against someone, how do you propose people's MAC addresses get revealed? Voluntarily? Verbally? Written? Physically produced? Does the person have to surrender their devices at which time the investigating party can snoop around for other evidence? Wouldn't that be putting the horse before the buggy? At least it's not terribly difficult to tell when people are making up MAC addresses. It is even easier when you know the manufacturer of the device. Would you believe I've had people who work in the networking industry give me MAC addresses with G's and H's in them? *shakes head*

Voluntarily, of course. See, if the law changes in the way that I think it's likely to, if you own the router in question that was distributing infringing works, you're responsible for that infringement... Unless you can show it wasn't you. And one way to do so would be by showing your logs. Or turning over your hard drive for investigation. Or any other such data that would lead a jury to believe that you're more credible than the plaintiff and that you didn't really do it.

This is civil litigation - the burden of proof is "preponderance of the evidence", not "beyond a reasonable doubt". If the plaintiffs establish your router was transmitting the packets (and the law changes to a rebuttable presumption that you are responsible for everything going out your router), then they've met their burden... then it's up to you to push that preponderance back by providing evidence that it wasn't you. And I think it's highly likely that the law will shift in that direction, if more of these decisions start going against the RIAA/MPAA rather than extortion trolls and fraudsters like Prenda, and if people like the EFF aren't pushing back to prevent that shift.
 
ZAZ [TotalFark]
2014-03-25 09:43:40 PM  
elysive

You are all making this way more complicated than it needs to be. In the normal case nobody is playing games with spoofing. The law is designed to handle the normal case efficiently. I could get a good fake license plate for my car. We trust license plates because most people don't.

If we as a society want all network traffic to be tied to a person, not anonymous, the solution will be cryptographic with secure hardware. If your logon smart card gets "stolen" we already have the answer from the motor vehicle world: you are strictly liable for misuse before it is reported stolen, not liable for use after (because it has been cut off from network access).

I don't think we'll want that because the current system mostly works and we value anonymous speech.

As for the specific question, how does a MAC address get revealed, the ultimate answer if you want to play tough is

1. In a criminal case a police officer puts a gun to your head (usually with a warrant) and pulls the trigger if you don't give up your phone / computer.

2. In a civil case the judge says give it up or you lose the case.

There are plenty of things to do before these steps. They could, for example, note that a MAC address appeared in the lobby right when you checked in, moved to your room, returned to the lobby when you checked out, then vanished. That's good evidence against you already and they don't even need to see if your phone has that address. It's still evidence if you produce a phone with a different address.

In at least one of the RIAA cases they did get an order to examine the defendant's computer. She tried to get clever by wiping evidence, but the forensic experts were more clever.

The people who get caught aren't the smart ones with VPNs, encrypted partitions, and seven proxies.
 
2014-03-25 10:43:29 PM  

ZAZ: There are plenty of things to do before these steps. They could, for example, note that a MAC address appeared in the lobby right when you checked in, moved to your room, returned to the lobby when you checked out, then vanished. That's good evidence against you already and they don't even need to see if your phone has that address. It's still evidence if you produce a phone with a different address.

The people who get caught aren't the smart ones with VPNs, encrypted partitions, and seven proxies.


I was trying to get at the ridiculousness of having to surrender devices with your MAC addresses. Unless an authority searches all of your person and your property, it speculatively requires you prove a negative. How do I prove I don't have a device with a particular MAC? Well, I can give them a different device. If I am innocent, will people not trust me? If I am guilty, why would I self incriminate and surrender a guilty device?

 Most tech savvy people own tons of devices. I could have a dedicated piracy computer and still surrender like 15-20 devices from our household without any connection to that dedicated device. Location-based tracking correlated with other evidence of your physical presence is probably more objective evidence, but it could be considered circumstantial (yes, preponderance of evidence and all) and that requires ridiculous amounts of logging. I'm still skeptical that the technology will ever go in that direction, not because of technological limitations but rather because networking resources need to be dedicated to more important things. If you really wanted to log MAC addresses and have reasonable accounting of device ownership, I think it would be more realistic to have required registration of all networking components.

Re: the networking resources required to store and go through MAC logs...well, I have debugged traffic on a wlan controller and I can't imagine the monotony of trying to go through logs of hundreds of thousands of frames or even packets transferred every hour. The NSA doesn't know what to do with all the phone call and email data it collects and those count orders of magnitudes fewer than the frames and packets transferred during the public's web browsing sessions.
 
2014-03-25 11:31:36 PM  

elysive: I was trying to get at the ridiculousness of having to surrender devices with your MAC addresses. Unless an authority searches all of your person and your property, it speculatively requires you prove a negative. How do I prove I don't have a device with a particular MAC? Well, I can give them a different device. If I am innocent, will people not trust me? If I am guilty, why would I self incriminate and surrender a guilty device?


ZAZ mentioned Thomas-Rasset having to turn over her hard drive. It's the same question - how do you prove you didn't download those particular files? Well, she gave them a different hard drive, one with an initialization time well after she was ordered to preserve evidence. That's why no one trusted her.
 
2014-03-25 11:33:47 PM  

ZAZ: The people who get caught aren't the smart ones with VPNs, encrypted partitions, and seven proxies.


The smart ones have all those things. The smarter ones, though...

Master Foo and the Script Kiddie

A stranger from the land of Woot came to Master Foo as he was eating the morning meal with his students.
"I hear y00 are very l33t," he said. "Pl33z teach m3 all y00 know."
Master Foo's students looked at each other, confused by the stranger's barbarous language. Master Foo just smiled and replied: "You wish to learn the Way of Unix?"
"I want to b3 a wizard hax0r," the stranger replied, "and 0wn ever3one's b0xen."
"I do not teach that Way," replied Master Foo.
The stranger grew agitated. "D00d, y00 r nothing but a p0ser," he said. "If y00 n00 anything, y00 wud t33ch m3."
"There is a path," said Master Foo, "that might bring you to wisdom." The master scribbled an IP address on a piece of paper. "Cracking this box should pose you little difficulty, as its guardians are incompetent. Return and tell me what you find."
The stranger bowed and left. Master Foo finished his meal.
Days passed, then months. The stranger was forgotten.
Years later, the stranger from the land of Woot returned.
"Damn you!" he said, "I cracked that box, and it was easy like you said. But I got busted by the FBI and thrown in jail."
"Good," said Master Foo. "You are ready for the next lesson." He scribbled an IP address on another piece of paper and handed it to the stranger.
"Are you  crazy?" the stranger yelled. "After what I've been through, I'm never going to break into a computer again!"
Master Foo smiled. "Here," he said, "is the beginning of wisdom."

On hearing this, the stranger was enlightened.
 
2014-03-26 12:03:58 AM  

Theaetetus: elysive: I was trying to get at the ridiculousness of having to surrender devices with your MAC addresses. Unless an authority searches all of your person and your property, it speculatively requires you prove a negative. How do I prove I don't have a device with a particular MAC? Well, I can give them a different device. If I am innocent, will people not trust me? If I am guilty, why would I self incriminate and surrender a guilty device?

ZAZ mentioned Thomas-Rasset having to turn over her hard drive. It's the same question - how do you prove you didn't download those particular files? Well, she gave them a different hard drive, one with an initialization time well after she was ordered to preserve evidence. That's why no one trusted her.


Yea, I read about it and the girl didn't sound particularly smart. Of course if she only had one computer and limited knowledge, she probably didnt see many options. I guess so long as the idiots continue to take the heat in cases like these, real nerds can relax a little.

/doesn't use file sharing, but these cases are obnoxious
//if the thefts were truly worth what companies claimed I'd probably be ok with criminal charges
 
2014-03-26 12:12:45 AM  
elysive:Yea, I read about it and the girl didn't sound particularly smart. Of course if she only had one computer and limited knowledge, she probably didnt see many options. I guess so long as the idiots continue to take the heat in cases like these, real nerds can relax a little.

/doesn't use file sharing, but these cases are obnoxious


Yeah, but the problem there is the old "bad facts make bad law". Thomas-Rasset destroys her hard drive, destroying her credibility before the jury and making them not want to spare her the giant damage awards. Tenenbaum gets a self-aggrandizing lawyer who farks up everything and pisses off the judge because he wants his moment in the spotlight, and gets slapped down by the jury. In neither case, did they attempt to mitigate the damage award by bringing in economists or other experts.  As a result, you get precedential decisions that suck.

Or here, you get terrible plaintiffs who don't actually own the copyrights in question, and as a result, you get decisions that may be right for them, but end up having unforeseen results down the line.

//if the thefts were truly worth what companies claimed I'd probably be ok with criminal charges

The problem there is that no defendant has argued about what a  distribution license would cost, and instead just say that the damages are $1, since you could buy it on iTunes for that. With one side pointing to a statute listing damages, and the other side saying something completely nonsensical, the judge goes for the more reasonable one, even if it's wrong. And that's how we end up with 2 damage ranges instead of the three that Congress prescribed.
 
Displayed 137 of 137 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
Advertisement
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report