Decompression bombs vs. RIAA · Curiosity is bliss

Curiosity is bliss    Archive    Feed    About    Search

Julien Couvreur's programming blog and more

Decompression bombs vs. RIAA

 

I read recently about how the RIAA could use audio fingerprinting to identify copyrighted material on P2P file sharing networks.
I also heard about decompression bombs and thought about using that concept to protect P2P networks.

Is it possible to make the decompressing of a file expensive, using a standard compression algorithm?

This could be done using cryptography, either distributing the key along with the encrypted file or even having it bundled in a self-decrypting executable. But using a standard decompression algorithm like gzip or bzip2 would make distribution easier (only the compression would require a new tool).

This would make it costly for automated content analysis on a large scale, while not being a problem for individual users, the same way that hashcash and other proofs of work make it uneconomical for spammers but not casual users.

Update:
A related article was just posted at the NYTimes: A Software Program Aimed at Taming File-Sharing.

______________________________________

I don't see the point of an honest person in defending against such a scan by the RIAA (or any other copyright holder), unless you're thinking of how to enable the scan to not be bogged down by decompression bombs.

I find it repulsive that people actively seek to steal what doesn't belong to them from other people. Perhaps worse than that is helping other people to steal. I see no value in helping theives continue to steal property via p2p networks.

Posted by: Louis Parks (March 7, 2004 09:00 PM) ______________________________________

Thanks for your challenging feedback.

I am not advocating stealing, which by the way is different than unauthorized copying.
I do think the music industry currently has a broken model, which is not adapted the digital era. My point is that none of these technological patches is a good enough solution yet. The signature monitoring is only a small step up from the filename/metadata monitoring they already do (which fails to detect pig latin encoded titles).
As to whether I'm helping other people to steal, it reminds me of whether security experts should publish the flaws their research has uncovered. I believe they should, following a certain etiquette.

Posted by: Dumky (March 9, 2004 10:48 AM) ______________________________________

This "hoo ha" (are women allowed to say hoo hah?)
about millionaires and billionaires whining because they don't roll in more bling bling for the every combination of do re mi that they press onto a cd is absurd. It is time to do what is in the Constitution. You invent something then you get some time to develop it. After that it is fair game. There nothing about music. They want this music "protection" then create an amendment to the Constitution.
</ end rant

Posted by: Suzy (June 7, 2004 08:38 PM)
comments powered by Disqus