Astraweb removing UFC content

[enerdude]

I think ditching nzbs would really end the problem. ... Maybe a new header naming scheme could be used to encrypt or obscure the name. Maybe encryption mechanisms can be built into newsreaders.

The problem with the NZB is that it is an open standard and the usenet articles that it's composed of are listed in plain text and therefore easily readable by anyone.

A fairly simple solution would be to create a new NNTP 'release' protocol that encrypts the "NZBs" -- so only the news client can ever know the actual Message IDs that compose a file release -- a client that would by necessity also need to refuse non-SSL servers so the connection stream could not be sniffed.

A properly encrypted "NZB" system like that would be virtually bullet-proof and completely immune to any possible takedown -- the only thing the anti-P2P bad guys could do would be to attack the sites that index these encrypted "NZBs" -- but this kind of encrypted "NZB" system could be many years away.

Yeah but the weak spot then is still the headers that are left. Easy for them to take down something by just searching headers. And doing away with headers is like doing away with the whole usenet and starting a new "system" with new protocols...

[zot]

Yeah but the weak spot then is still the headers that are left. Easy for them to take down something by just searching headers. And doing away with headers is like doing away with the whole usenet and starting a new "system" with new protocols...

In the system I described above, headers would of course be useless because posts would need to use cryptic titles (as would the file names inside the rars if not password-protected) so the only way to download a file posted in this manner would be to get the "encrypted NZB" supplied by the actual poster.

It would not be a completely foreign new system, since almost from the very beginning, files have been posted using names other than the actual title of the movie, album, or software (for instance, you might have to look up the 'scene' name of the release first)

But if usenet takedowns get much more common, headers could become nearly-useless anyway, since they make it easy for a high-volume automated process to detect copyrighted files. (and let's face it, the vast majority of copyright takedowns these days [in general, not just Usenet] seem to be coming from bots crawling the internet)

[Sometwo]

I think ditching nzbs would really end the problem. ... Maybe a new header naming scheme could be used to encrypt or obscure the name. Maybe encryption mechanisms can be built into newsreaders.

The problem with the NZB is that it is an open standard and the usenet articles that it's composed of are listed in plain text and therefore easily readable by anyone.

A fairly simple solution would be to create a new NNTP 'release' protocol that encrypts the "NZBs" -- so only the news client can ever know the actual Message IDs that compose a file release -- a client that would by necessity also need to refuse non-SSL servers so the connection stream could not be sniffed.

A properly encrypted "NZB" system like that would be virtually bullet-proof and completely immune to any possible takedown -- the only thing the anti-P2P bad guys could do would be to attack the sites that index these encrypted "NZBs" -- but this kind of encrypted "NZB" system could be many years away.

SSL wouldn't help because the traffic would still be vulnerable to Man-In-The-Middle attacks with proxies like WebScarab.

Uploading encrypted files and giving the password on NZB sites would help some. They could take it down, but pirates have them out numbered and could upload it again a lot faster than they could find their content on all the NZB sites and file DMCA complaints. Unfortunately the files are both rarely encrypted and rarely re-hosted.

[zot]

The problem with the NZB is that it is an open standard and the usenet articles that it's composed of are listed in plain text and therefore easily readable by anyone.

A fairly simple solution would be to create a new NNTP 'release' protocol that encrypts the "NZBs" -- so only the news client can ever know the actual Message IDs that compose a file release -- a client that would by necessity also need to refuse non-SSL servers so the connection stream could not be sniffed.

A properly encrypted "NZB" system like that would be virtually bullet-proof and completely immune to any possible takedown -- the only thing the anti-P2P bad guys could do would be to attack the sites that index these encrypted "NZBs" -- but this kind of encrypted "NZB" system could be many years away.

SSL wouldn't help because the traffic would still be vulnerable to Man-In-The-Middle attacks with proxies like WebScarab.

True, Webscarab --or any other debugger-type application-- can be used to decrypt and analyse HTTPS traffic before it leaves the computer. But there are many ways to defeat this general type of attack. Compressing/encrypting/obfuscating the executable helps, as does having it look for any debuggers, and refusing to run if any are found. Also, a client spewing out a lot of false data (like bogus MIDs) will obstruct any attempts to accurately analyse the upload/download traffic stream.

If you wanted to make an application even harder to debug, you could have it installed on a self-contained live-CD bootdisk which analyses its own CD it comes on, so that all running processes on the PC must be approved, and the bootdisk itself must pass constant integrity-checking (not unlike some game CDs) -- basically making it a hermetically-sealed environment that the application must run in -- and a major project to try to crack.

Of course there is no such thing as 100% crack-proof security; the best you can ever hope to achieve is to make it very hard for them to crack.

Uploading encrypted files and giving the password on NZB sites would help some. They could take it down, but pirates have them out numbered and could upload it again a lot faster than they could find their content on all the NZB sites and file DMCA complaints. Unfortunately the files are both rarely encrypted and rarely re-hosted.

I don't understand what you mean by "encrypted files" - I was talking about an encrypted "NZB" that could only be decrypted by the newsreader itself, so therefore rar passwords would be completely unneeded.

Regardless, the main thing is not to include the title or filename (or even any key words) in the NNTP post, since that makes it very easy for harvesters to find. Though it seems like the major NZB sites like NZB Matrix get a few evil eyes rifling through their index pages.

[sandman_1]

To me passwording the rar and creating Par2 files for the archive with the password in the nfo file, would be the best solution. Then the nfo file without the password would be posted to Usenet. That way if it is viewed by a search engine, the nfo doesn't have the password in it. The only way to get the password is to have the par2 files repair the nfo file after you have downloaded the files. Search engines can't view content inside of rars and you don't have to go to a site to get a password.

[heiska]

I think ditching nzbs would really end the problem. ... Maybe a new header naming scheme could be used to encrypt or obscure the name. Maybe encryption mechanisms can be built into newsreaders.

The problem with the NZB is that it is an open standard and the usenet articles that it's composed of are listed in plain text and therefore easily readable by anyone.

A fairly simple solution would be to create a new NNTP 'release' protocol that encrypts the "NZBs" -- so only the news client can ever know the actual Message IDs that compose a file release -- a client that would by necessity also need to refuse non-SSL servers so the connection stream could not be sniffed.

A properly encrypted "NZB" system like that would be virtually bullet-proof and completely immune to any possible takedown -- the only thing the anti-P2P bad guys could do would be to attack the sites that index these encrypted "NZBs" -- but this kind of encrypted "NZB" system could be many years away.

Given enough time and dedication, the hypothetical standard for encrypting contents of the NZB will be reverse-engineered by the anti-p2p folks thus making the whole effort useless. Plus it would obviously break the current NZB standard as we know it. So not a bulletproof or practical solution.

The only decent solution to this take-down issue is the first rule of Usenet. It's probably too late for that though, now that people have let the cat out of the bag.

[enerdude]

Given enough time and dedication, the hypothetical standard for encrypting contents of the NZB will be reverse-engineered by the anti-p2p folks thus making the whole effort useless. Plus it would obviously break the current NZB standard as we know it. So not a bulletproof or practical solution.

I agree. For somebody to create a newsreader with this encryption there would be some kind of documentation of the methods in order to let other developers create similar newsreaders. So keeping that secret wont last long.

Probably the best that can be done currently is if people used random (non obvious) header names and used password protection on the archives. Then next step can be to create a nzb file that points to these headers / articles and post the nzb on a private site, similar to private torrent sites. Which means current indexers /search engines like mysterbin / binsearch etc will become useless for most purposes.
Initially this method can maybe just be applied to content like UFC that is known to be taken down quick. Rest of the stuff can be posted as usual with obvious names names and public available nzbs - until they decide to do takedowns on ALL content posted to usenet I guess....

To me passwording the rar and creating Par2 files for the archive with the password in the nfo file, would be the best solution. Then the nfo file without the password would be posted to Usenet. That way if it is viewed by a search engine, the nfo doesn't have the password in it. The only way to get the password is to have the par2 files repair the nfo file after you have downloaded the files. Search engines can't view content inside of rars and you don't have to go to a site to get a password.

Also a good idea and alternative to using privates sites. And additionally non-obvious names should be used in the headers otherwise content can be taken down using header search.

[heiska]

I believe that the next logical step to avoid these take-downs is to upload the stuff with random nonsense headers, encrypted with a key. Those uploading would give out the key to decrypt these headers to the trusted members of the Usenet scene (e.g. #a.b.X and #gotnzb4u). Only the website admins who know people (e.g. the OPs of #a.b.X) on IRC would be given the key based on trust.

There is no bulletproof solution to this thing, given enough time and dedication the anti-P2P people will catch on. The thing that keeps attracting this DMCA stuff is the public NZB sites like FST, binsearch, nzbindex and mysterbin showing up on the first page of google when searching for a movie/music/software.

When the (private) NZB indexers are underground enough, it shouldn't make sense to dedicate so much time/money/effort on taking down stuff. But the catch-22 is that the current (consolidated) USPs rely on new source of income in order to keep up with the 1300+ days of retention provided by their affiliates (the public NZB indexers).

[mjmacky]

You guys are interested in turning usenet into the a scene similar to private bt? I can't see that as all that much of an improvement.

[Hole69]

You guys are interested in turning usenet into the a scene similar to private bt? I can't see that as all that much of an improvement.

I agree. Leave everything open. You can't take down everything and files will usually be re-uploaded anyway. Of course there will be always be torrents and there will be always be people sharing files, no matter what form it takes. Torrents are hilarious though. The whole piratebay can fit in a $5 USB stick and be re-hosted anywhere globally with the right servers. With Usenet, servers will probably need to be relocated elsewhere to escape US pigs in the future, but there again, there will be users and everything will go back to the way it originally was anyway. Piracy will just evolve and shift elsewhere. Private trackers are stupid though. What ever happened to sharing is caring?