Filed under: P2P

There's no exploitation in play here, just the wholesale harvesting and presentation of superficial data for roughly one-fifth of Facebook's half-billion strong user-base.

Ron Bowes, of Skull Security, posted the torrent to the Pirate Bay after realizing that his pet project had become something that others might be interested in. He had basically crawled the Facebook directory, and indexed the results. What he got was a list 171 million entries long, representing 100 million unique users, their names, and their Facebook URLs. He packaged it all into a database and posted the 2.8GB file as a torrent.

It's important to note that there isn't any other information in the database. Shortly after word got out about the torrent, the BBC posted a story about it, and quoted a random user in the comments section as stating that it was "awesome and a little terrifying." Honestly, the only thing terrifying about any of this is the thought of going through the Facebook directory. Seriously, I looked, and there are so many people with my name that I would never find myself.

Bowes has stated that, though there isn't any real information aside from names and a URLs in the database, any number of contact details may be present on a user's Facebook page -- it all depends on how that user has his privacy settings set. Basically, with this database in hand, a potentially malicious user could sift through all the names and come across the user he was looking for, see that user's Facebook landing-page (the little page with their name, picture, and a few friends) -- and that's about it.

But regardless of the harmless nature of the database, this torrent has become a big deal, because simply being in the cavernous Facebook directory is an option in itself. Now that there's a torrent containing the most basic contact information for 100 million users, that particular privacy setting has become null for the users on that list.

So, in the end, this is just one more reminder for everybody on Facebook to check their privacy settings.

In what will surely become a landmark case -- or at least a massive thorn in the MPAA and RIAA's clubbed, pygmy feet -- a judge has ruled that bypassing DRM via hacking, reverse engineering or any other means is not in itself illegal.

The case itself ruled that General Electric, in using hacked security dongles to repair some uninterruptible power supplies produced by another company, did not violate the Digital Millennium Copyright Act. Why? Because the end goal was legal. If the hacked dongles had been used for the forces of evil, the story would be different.

While this doesn't sound immediately applicable to DRM-protected software, music and movies, bear in mind that the DMCA is the foundation for every spurious copyright claim made by RIAA, MPAA and the myriad of other digital rights groups. In essence, this ruling means that you're free to break DRM on media that you own. No longer is it illegal to rip your own DVDs or crippled audio CDs onto your hard disk. I think there might also be some implication for the godawful DRM used on contemporary games like Assassin's Creed 2 (and if you're a lawyer, please leave a comment!)

In case you were wondering, this doesn't make piracy legal. It just means that bypassing DRM to reach a legal goal -- i.e. fair use of things you own -- is now protected by common law.

[via electronista]

From the putting-a-smile-on-your-newly-awoken-face department...

The aptly named Recording Industry vs. The People blog has done a little investigative journalism and produced some fantastic figures that truly illustrate just how pathetically pointless the RIAA is. Over the course of three years, the RIAA has spent a total of $64 million in the tracking down and prosecution of music pirates. The total amount recovered by the RIAA, in the form of settlements and fines, is a paltry $1.3 million.

The RIAA, if you weren't aware, is funded by the music industry. That $64 million --instead of going to the artists -- will have instead have been handed to the RIAA to be squandered inefficiently and, looking at the numbers, impotently.

Of course, the other way of looking at it is that music pirates are putting food on the plates of these poor, useless lawyers who can't litigate to save their asses.

The Pirate Bay's database of over 4 million registered users has been compromised. All user names, along with their associated email and IP addresses have been obtained and are now in the hands of three Argentinian 'researchers'.

Speaking to KrebsOnSecurity, and on his own blog, ringleader Ch Russo says that The Pirate Bay's defenses fell to a few simple SQL injections. He's even been kind enough to provide a video of the hack [direct FLV link], if you're interested in replicating it (though at the time of publishing, TPB is down for maintenance, so you'll have to find another site to try it out on!).

The plot thickens though. Justifying the hack, Ch Russo says: 'The community caused problems to huge companies and corporations.' He is, of course, talking about the RIAA, MPAA and any other rights-policing agency. But just one sentence later he says the hack was not borne out of anger, nor was it to seek commercial recompense. So... who knows!

If you had a registered account at The Pirate Bay, do let us know if you receive a legal threat in the next few days and weeks...

You may remember that, back in May of this year, the Swedish Pirate Party became the new ISP of the Pirate Bay. That alone was not only surprising, but proved to be politically spectacular in the rawest sense of the word. Now the Pirate Party wants to take their stand even further, and plans to use a section of the Swedish Constitution to allow them to host the seemingly indefatigable TPB from inside Parliament.

The Party announced their plan in a blog post at their official site on Friday. They state that while there shouldn't be a need for such drastic action, that hosting the torrent site from within the walls of Swedish Parliament would carry "an important symbolic value." There's not much doubt that they're right about symbolism there.

The Party references a section of the Swedish Constitution that protects MP's from prosecution if they're acting in accordance with their political mandate. In this case, hosting the Pirate Bay would not only fall under that wide umbrella, but would also provide a measure of immunity that would be much harder to crack than ever before.

Whether or not the Party will be able to pull this off hinges on the coming September elections, which as TorrentFreak points out, currently shows a 4% gap that needs to be filled for the party to get a seat. Given their success last year in winning a seat in the EU Parliament, I'd say they've got a decent chance.

uTorrent, one of the most popular torrent apps for Windows, is getting a stable release for Mac today. According to the uTorrent blog, it's been a years-long road toward a Mac client that has nearly achieved feature parity with its Windows counterpart. All of the protocol enhancements that make uTorrent fast are part of this Mac release, including (and this is straight off the blog, so I don't leave anything out) D HT, PEX, Protocol Encryption and the new uTP transport.

uTorrent looks like it might give Transmission a serious run for its money as the best Mac-ready torrent client. Both are lightweight and focused on speed, which makes them a lot more useful than some of the torrent bloatware out there (I'm looking at you, Vuze!).

And that uTP transport thing? That's the protocol which helps us get around ISP traffic throttling by dynamically giving you the best speeds possible based on network conditions, and it yields to your regular TCP traffic (think web browsing) so that running torrents won't cripple the rest of your online activities. Although it's somewhat controversial, many people in the torrent community see it as a very good thing.

The torrent community is thrilled with the outcome of the recent Viacom v. Google lawsuit, where Viacom sued the Big G for letting YouTube users upload its copyrighted material. Google won the billion-dollar case, but TorrentFreak says BitTorrent users are the real winners.

The ruling essentially says that if copyright holders want content removed for violating the DMCA, they must ask to have it removed. That means Google doesn't have to pre-emptively screen everything that goes up on YouTube, and it may also mean that torrent sites don't have to check their links for torrents of copyrighted material before allowing the links to be posted. That's TorrentFreak's interpretation, of course, not a judge's, but it's still very interesting.

TF goes on to point out that most torrent sites have ways for copyright holders to communicate and request a takedown of a link to their copyrighted material. Maybe they'll have to do that, now, before they sue to get a torrent site taken offline.

They may have had their pants sued off, but that's not stopping the half-naked crew at Limewire from making yet another foray into the digital music business. Yes, like a slobbering brain-hungry zombie that just won't die, Limewire is back from the dead and bent on taking over the world.

Well, the world of cloud-powered digital music, anyway. According to a report from Digital Music News, the reincarnated Limewire will boast all kinds of cloud integration features -- including pulling your iTunes up into the stratosphere.

"Users will have complete and instant access to their entire library and catalog across their desktop, devices, and in the cloud," said one Limewire exec. "By syncing iTunes playlists and content to the cloud, users' existing libraries are available to access and stream to a wide range of connected devices."

Well, good luck with that fellas -- and here's hoping you beat iTunes.com to the punch. It's set to launch in the cloud later this summer, in case you weren't aware.

Regardless, Limewire execs are saying the new service has been well-received by record industry bigshots. Hey, they'd have to like the new idea better than the old model where Limewire's users mostly just uploaded and downloaded songs they probably hand't paid for.

(awesome cloud icon courtesy the tutorial from FreePhotoshopTutorials.com)

You might not notice many of the changes unless you're a BT guru, but you'll certainly notice the speed improvements. Transmission is now smarter about the order in which it connects to peers, better at optimizing the number of connections so you get the best speeds for your bandwidth, and doesn't take as long to verify local data when you resume a download. It also fully supports magnet links. Basically, you want this update.

For Mac users -- and maybe this was just a pet peeve of mine -- Resume All no longer restarts your already-finished transfers. I know it's a small thing, but it was really bugging me, and I'm glad the team of volunteers working on Transmission are paying such careful attention to details.

In case you're not sold yet, here's the full list of changes in Transmission 2.00.

[via TorrentFreak]

It's pretty amazing what $6,000 USD can accomplish when there are enough people willing to work for free. That's how much the pilot episode of Pioneer One cost to shoot, and the entire amount was raised at Kickstarter. The series is the latest indie-project to be brought to the P2P universe by VODO, which stands for VOluntary DOnation.

VODO works to bring indie films -- that wouldn't otherwise be seen by a large audience -- to the public by unleashing them on the various P2P networks, legally, and free of charge. The projects are funded entirely by donation. Until now, these projects have been mainly indie-films and shorts, but VODO is trying to expand into music and books as well. Pioneer One is different in that it isn't just their first foray into TV-like programming; it's the first series made specifically for P2P audiences.

You can grab the pilot episode of Pioneer One as a wonderfully large 720p H.264 Matroska video file, and there are several methods for downloading it at the main landing site. You don't even have to use a BitTorrent client if you don't want to -- they have direct download links as well.

I won't spoil it for those who want to watch the pilot, but I will say that it surprised me. It was actually pretty good, and I found myself wishing there were more episodes available when it finished. It's a bit like X-Files with a tinge of Stranger in a Strange Land, all wrapped in a modern campy approach to film-making. At the very least, it's definitely worth the download.

(Image: TPB)

After popularizing peer-to-peer piracy and single-handedly destroying the conventional-plastic-disc distribution channel, it's only fitting that the creator of Kazaa now plays a part in rebuilding the music industry. Enter stage left: Rdio, flanked by the creator of Skype. Sign up now, because you're going to want a piece of this pie when it leaves private beta testing.

CD sales are at an all-time low. Disillusioned consumers are fleeing to the digital realm -- where music is cheap, where music is bountiful, where music is good. And there, awaiting their arrival, is a new breed of in-the-cloud music providers. Spotify is perhaps the service that exemplifies such a business model, but Rdio looks set to blow it out of the water -- to put it another way, I think Spotify knew what was coming when it dropped its prices last month.

In essence, Rdio is like iTunes and Spotify on steroids. There are no real surprises when it comes to the feature set. It's simply taking things to the next step. It's like iTunes, only without limitations on moving your files around. It's like Spotify, but cheaper, and with better music discovery. The coolest bit is that you can see -- presumably in real time -- what your friends are listening to. I guess it's also like Last.fm in that regard.

Now, both iTunes and Spotify are certainly working on similar features, so I doubt Rdio will be unique by the time it leaves beta testing -- but it's competition. $4.99 per month for unlimited music downloads from a library of 5 million tracks is pretty damn good... and it's only going to get cheaper!

Peer-to-peer applications -- including torrent apps like BitTorrent and µTorrent -- are often given the smackdown by ISPs because they can be a little hard on networks. With the open-sourcing of their µTP protocol, BitTorrent hopes, despite the outcry from various private trackers, to usher in a new era of more gentlemanly P2P file sharing.

µTP is network-aware, detecting congestion and automatically reigning in bandwidth usage. That should, in turn, mean less traffic shaping by providers and healthier networks. BitTorrent reports positive results from their own testing so far, and its spokesperson Jenna Broughton told TorrentFreak "Informally, several technical insiders have confirmed a noticeable shift in traffic from TCP to uTP, and they seem generally positive about the deployment thus far. Universally, they commend the spirit of cooperation in helping manage congestion on the network."

No ISPs have been willing to offer formal statements, however, and some users report significantly slower downloads with µTP. It's still quite nascent, however. As the protocol matures, issues are resolved, and adoption picks up steam, µTP could play a major role in the next generation of peer-to-peer.

[via TorrentFreak]

µTorrent's WebUI has been providing browser-based management of your torrent transfers for quite some time, but setting it up can be a bit complicated for casual users. Port forwarding, dynamic DNS... it's a pain to sort out if you're not-so-skilled with routers and remote access.

The new µTorrent Web beta changes all that, adding totally hassle-free access to your queue from anywhere you've got a Web browser. Just download the Falcon beta, head to Options>Preferences>Web and enter a username and password you'd like to use, and press apply. Once connected, you can pull up your Web interface simply by logging in at http://falcon.utorrent.com.

Connections are SSL encrypted to keep your sessions secure. It's extremely handy for doing things like starting a 4GB Linux ISO download on your home computer while you're still at work.

To take Falcon for a test flight, download it now!

Starting this week, Irish ISP Eircom will begin the three-month pilot-phase of a new program in which they'll enact a "three strikes" rule against subscribers found to be file-sharing. In the program, any subscribers who use up their three warnings will have their broadband connections severed for one year. The move makes Ireland the first country to enact a graduated-response policy, and affects somewhere in the range of 750,000 users.

It's been barely a month since the court ruling that made it all possible. In that decision, an Irish judge also ruled that IP addresses aren't "personal" information. But, while we're on that legal note, it should be said that the subscribers who are called out for file-sharing aren't put through any sort of due-process. They're simply a list of IP addresses given to the ISP by a third-party company.

That company is called Dtecnet, which finds and tags IP addresses while rifling through P2P traffic on behalf of the record companies who comprise Irma, the Irish version of the RIAA. Dtecnet will supply Eircom with 50 IP addresses weekly until the end of the three-month trial run, and the subscribers who match them will be contacted and warned to cease and desist their evil practices post-haste, by Eircom representatives.

If the 50 IP addresses per week test-run works out well enough, Dtecnet will supply Eircom with as many as they can handle after the initial three-month period. At the very least, it should be interesting to see how this all pans out in the near future.