[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6.1.2.0.0.20050407153121.01c38df0@localhost>
Date: Thu Apr 7 21:42:04 2005
From: lists at domain-logic.com (Randall Perry)
Subject: Re: Case ID 51560370 - Notice of Claimed
Infringement
At 03:21 PM 4/7/2005, you wrote:
>Dear Thomas Sutpen,
> >> More nice will be if this .iso file is just 451,486k of /dev/random junk.
> >> Any proves that this file __IS__ Sybase Powerbuilder 9 Enterprise.iso?
> >> MD5? Something?
>The problem is much simpler, if 200 persons are sharing this ISO and if
>it is confirmed to be a "pirated" version by downloading from ONE of
>these users you can tell that the other 199 are also sharing the same
>pirated versions, knowing that most (all) p2p applications use hashes to
>identify the files. In other words, if 200 sources are listed all of
>them are sharing the exact same file, at least if you trust the p2p
>application code. (Which you can't proof does indeed work flawlessy
>in this regards, but you get my point).
No, it isn't quiet that clean.
The initial post was regarding eDonkey/eMule client.
The files are broken into chunks.
The files are 'verified' by a one-way hash.
By merely having a single chunk with the same hash is enough 'evidence'
that you are in complete possesion of that file.
(whether or not it is a successful full copy on your machine, they will
ONLY know if ALL sources came from ONLY YOU and they were able to rebuild
the entire ISO from all those chunks FROM ONLY YOU).
Otherwise, it is _possible_ to have a chunk with the same fingerprint and
make it appear that you have said chunk of their iso.
(of course a 256 or 512 string would be more accurate and less to chance of
being false positive).
It's like saying that a brown Brinks money bag was stolen from the bank.
You possess such a brinks money bag, but that doesn't mean it is theirs.
(those with cryptography experience can better explain than myself).
I am not very comfortable with this grey area being enough 'concrete'
evidence to condemn criminals.
What kind of computer training course do their attorneys even go through?
(or do they assume these hashes are 'fingerprints')
http://www.domain-logic.com
Powered by blists - more mailing lists