abma.x-maru.org Forum Index
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister   ProfileProfile
 Log in to check your private messages   Log inLog in 

Obfuscated file names [was Postings::RKS]
Goto page Previous  1, 2
 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    abma.x-maru.org Forum Index -> Newsgroups Misc
View previous topic :: View next topic  
Author Message
user



Joined: 19 Feb 2002
Posts: 72

PostPosted: Fri May 17, 2002 2:50 pm    Post subject: Reply with quote

xo wrote:
How does this idea sound: when posting possibly "tainted" titles, use a different nick, one that is on the animeusenet anonymizer list. This does nothing to protect against bots trawling the newsgroup proper, but it masks against using the database to bust people. Without a true link between that data and what's on Usenet, they should be hard pressed to make a connection that is legally substantial in away.


(playing devil's advocate)
Wouldn't it be just as easy for the lawyers to obtain a court order to see animeusenet's anonymizer list, just like what happened with anon.penet.fi?
I like Keikai's suggestion of leaving the poster's name blank in the DB; that way you can still record the other particulars of the post. I think the DB is useful even if the poster's names aren't present.

xo wrote:
As for obfuscation in the newsgroups: does rot13 of titles/subject lines seem like something that might work, or do you think ADVs hypothetical bots would evolve to unrot13? Also, are the common newsreaders able to handle rot13 with ease?


Most newsreaders can handle rot13 easily, and I think the code for a bot could be easily modified to decode rot13 as well. We should distribute a one-time pad of cyphers that can be used... Twisted Evil
Back to top
View user's profile Send private message
xo
Site Admin


Joined: 09 Feb 2002
Posts: 466
Location: Los Angeles [comcast]

PostPosted: Fri May 17, 2002 3:25 pm    Post subject: Reply with quote

user wrote:

Wouldn't it be just as easy for the lawyers to obtain a court order to see animeusenet's anonymizer list, just like what happened with anon.penet.fi?


My bad, I don't think I articulated very well. What I was thinking actually has little to do with the anonymizer function currently in place. Rather, the poster simply uses "anonymous" as their nick. Since animeusenet has no info on message-ids or nntp-posting-hosts, this works out to be untraceable from just the database.

user wrote:

I like Keikai's suggestion of leaving the poster's name blank in the DB; that way you can still record the other particulars of the post. I think the DB is useful even if the poster's names aren't present.


This is also a possibility and I agree that it's still useful that way. Still, I'd like to explore other possibilities first, as I think sometimes the name also provides information.

-xo
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Melchior



Joined: 19 Feb 2002
Posts: 190
Location: Vancouver, BC, Canada

PostPosted: Fri May 17, 2002 3:27 pm    Post subject: Reply with quote

user wrote:
Wouldn't it be just as easy for the lawyers to obtain a court order to see animeusenet's anonymizer list, just like what happened with anon.penet.fi?


I agree that the list would still be useful, even without poster's names. I refer to the list more often than I initially expected that I would, and I consider it to be a success based on that alone. There haven't been all that many times I've checked it to find out who a poster was, though.

Now here's a thought: rather than having an anonymizer list, how about having a completely opt-in system? By default, poster's names would be excluded from the database, unless a poster specifically states that they would not be against having their name *included* in the database. This way, if a legal situation should ever arise where ADV or some other company wants to subpoena an anonymizer list, there won't even be an anonymizer list in existence! That data simply won't exist!

If there are any concerns about getting a poor response to people getting their names included, then perhaps it could be set up so that by default, new poster's names are placed on the 'include' list, and then if they request to be removed, then their name is removed from the 'include' list. That would stop it from being opt-in, but then again, Usenet is a very public place...
Back to top
View user's profile Send private message Visit poster's website
Gorunova



Joined: 10 Feb 2002
Posts: 318
Location: Burnaby, B.C., Canada

PostPosted: Fri May 17, 2002 8:40 pm    Post subject: Reply with quote

As a followup to Matt and Xo's comments about animeusenet, I'm reminded that the real purpose of the database, and of my earlier weekly summary post, was to provide information about what has been posted recently, ostensibly to cut down on too-soon reposts.

Leaving aside the question of how effective it is, omitting licensed stuff from the database would entirely defeat that purpose. That is not the answer.

There are two problems leading to this discussion. One is that people are posting licensed stuff. That is no concern of animeusenet.org.

The other is that there are fears that animeusenet.org can be used as evidence leading to the TOSing or worse of people who post licensed material. We can do something about that without defeating the purpose of animeusenet.org, simply by not logging poster's names any more. Anonymizing them as we currently do upon request may not be good enough, since the names are still in the actual database, and that could be siezed if ADV ever took actual legal action against a poster. To keep animeusenet out of the fray, we would have to delete the poster field entirely from the database.
Back to top
View user's profile Send private message Send e-mail
Gorunova



Joined: 10 Feb 2002
Posts: 318
Location: Burnaby, B.C., Canada

PostPosted: Fri May 17, 2002 8:46 pm    Post subject: Reply with quote

xo wrote:
My bad, I don't think I articulated very well. What I was thinking actually has little to do with the anonymizer function currently in place. Rather, the poster simply uses "anonymous" as their nick. Since animeusenet has no info on message-ids or nntp-posting-hosts, this works out to be untraceable from just the database.


The problem with that is that the logical conclusion is that all binary posts are by Anonymous. It would be confusing to people who wanted to request fills, and would deny posters that little bit of ego and cred.

Also, I point out that posters aren't already doing this.

I think deleting the names from the database is the better option.
Or we could simply stop entering names.

Of course, the problem with my idea is that the posters lose their history as recurded by us. I don't know how important that is to them.
Back to top
View user's profile Send private message Send e-mail
earthdark



Joined: 21 Feb 2002
Posts: 73

PostPosted: Fri May 17, 2002 10:15 pm    Post subject: Reply with quote

mmm....

I just looked at AnimeUsenet.org and... realized that having the poster info there or not wouldn't really obstruct a determined individual in finding an abuse email to fire off a threat letter to.

For example, let's say the poster info was there and I wanted to email their isp/usenet provider, I would of course note down the nick, title, and group, find the article in the newsgroup, look at the headers, and determine ISP.

Let's say the poster info wasnt't there. I go through the daily list, see a title my company has licensed, note down the title and group, find the article in the newsgroup, look at the headers, and determine ISP.

Removing the group info doesn't really help either, so I think that we're going the wrong way. My thoughts right now is "all-or-none," we can either remove all the fields enough so that AnimeUsenet becomes useless.. or we can just continue on, and let AnimeUsenet stay "lowkey" and let the posters crash and burn. Okay, maybe crash and burn isn't the right phrase, but take the risk face on?

At the beginning of this, I was thinking of playing games with the post title to throw off bots but now my thoughts are, if a company is getting someone to spend a hour or two each day skimming through Usenet posts, whether or not AnimeUsenet is there, the poster's ISP will still get an email...
Back to top
View user's profile Send private message
user



Joined: 19 Feb 2002
Posts: 72

PostPosted: Fri May 17, 2002 11:54 pm    Post subject: Reply with quote

Boy, this is turning out to be quite an interesting thread... Smile

earthdark wrote:
For example, let's say the poster info was there and I wanted to email their isp/usenet provider, I would of course note down the nick, title, and group, find the article in the newsgroup, look at the headers, and determine ISP.

Let's say the poster info wasnt't there. I go through the daily list, see a title my company has licensed, note down the title and group, find the article in the newsgroup, look at the headers, and determine ISP.


I think this method works only when the articles are still on the server. Once the articles have been expired from the spools, it will be harder to figure out where any given post originated just by using the database. (And I'm conveniently allowing for the off chance that someone may be posting from a different server each time.)

A person whose sole job is to monitor the groups all day every day would probably not need to consult the database; he'll be able to spot violations as they occur, or if he needs to go back a few days he can reload his headers and search within them (assuming he has a decent server.) No amount of obfuscation can stop him, since if any of us can download a sample of something to see what it is, so can he. The database would be useful to him when he wants to see who has posted stuff in the past, but I don't know if ADV or whoever are presently concerned with non-realtime violations. And I think (but am not sure) that most NSP's keep upload logs only for a short period of time.

On the other hand, if it were a bot who is doing the monitoring (or someone who isn't doing this full-time), then cryptic NFO's and URL's can be of use.

Having said all that, what if some delay was introduced between the time a post is made and when the DB is updated? This might give the relevant headers a chance to expire on some of the servers and lessen the chance of being able to track the poster. Of course, the disadvantages of this scheme are that now the DB is non-realtime; the maintainers always have a backlog; and there's no guarantee that the person doing the searching isn't using a higher-retention server. Hmm... I guess this idea wouldn't fly after all, but maybe someone can improve upon the concept?

Quote:
At the beginning of this, I was thinking of playing games with the post title to throw off bots but now my thoughts are, if a company is getting someone to spend a hour or two each day skimming through Usenet posts, whether or not AnimeUsenet is there, the poster's ISP will still get an email...


Heh... maybe we should ask some of the hardcore warez posters how they manage to keep afloat... Wink
Back to top
View user's profile Send private message
xo
Site Admin


Joined: 09 Feb 2002
Posts: 466
Location: Los Angeles [comcast]

PostPosted: Sat May 18, 2002 1:36 am    Post subject: Reply with quote

earthdark's logic is pretty hard to deny. There's really nothing available on animeusenet that isn't readily available to the determine newsgroup monitor, and from all appearances, ADV and their like are determined enough that anything we do is moot.

For me, then, the question remains if there's some way to deal with newsgroup posts in a less cumbersome manner than requiring a download of an info. Something that can be applied directly to the subject line while still confounding bot harvesting?

I suppose IMDB ids aren't that bad, I can adjust my parsing script to fill those in off a local hash, but I imagine many anime titles are not to be found at IMDB (I'm thinking ahead to a time where this might become an issue in the "main" groups). Is there a reliable source for all anime titles with an easy to use and readily available unique ID? Or, would setting up our "own" database be worth pursuing?

Hope I'm not sounding like a broken record.

-xo
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Neuralblastoma



Joined: 19 Feb 2002
Posts: 109
Location: Ottawa Ontario Canada

PostPosted: Sat May 18, 2002 9:35 am    Post subject: Reply with quote

user wrote:

A person whose sole job is to monitor the groups all day every day would probably not need to consult the database; he'll be able to spot violations as they occur, or if he needs to go back a few days he can reload his headers and search within them (assuming he has a decent server.) No amount of obfuscation can stop him, since if any of us can download a sample of something to see what it is, so can he. The database would be useful to him when he wants to see who has posted stuff in the past, but I don't know if ADV or whoever are presently concerned with non-realtime violations. And I think (but am not sure) that most NSP's keep upload logs only for a short period of time.


Easynews dosen't keep logs.

I agree it's unlikely that ADV would be concerned about non-realtime posts. If you're not reported within a day or two of posting something, then you aren't going to be.

As for the DB, I'm for deleting the nicks as Gorunova suggested.

user wrote:

On the other hand, if it were a bot who is doing the monitoring (or someone who isn't doing this full-time), then cryptic NFO's and URL's can be of use.


Exactly. I'm simply copying what other posters in other groups have been doing for quite some time. It's worked well for them, so why shouldn't it work well for everyone else? This is assuming we are and always will be dealing with bots.

The worst that can happen is your NSP cancels your account. I don't want to lose my Easynews account, but in the end it's no big deal. It's very easy to just get another NSP. Post licensed stuff through an NSP. This way, you protect your ISP account and your ISP from any legal hassles.
Back to top
View user's profile Send private message Send e-mail Yahoo Messenger MSN Messenger
user



Joined: 19 Feb 2002
Posts: 72

PostPosted: Sat May 18, 2002 11:06 am    Post subject: Reply with quote

xo wrote:
Is there a reliable source for all anime titles with an easy to use and readily available unique ID? Or, would setting up our "own" database be worth pursuing?


Animenation (www.animenation.com) and AnimeonDVD (www.animeondvd.com) are pretty good but not necessarily complete. Or for those (rare?) R1 releases which exactly match the R2 versions in the number of episodes per disc, you can use the R2 catalog numbers (ie. SDDV-00002) from CDJapan (www.cdjapan.co.jp).
Back to top
View user's profile Send private message
earthdark



Joined: 21 Feb 2002
Posts: 73

PostPosted: Sat May 18, 2002 9:59 pm    Post subject: Reply with quote

mmm, from my vantage point, I see two possibilities to deal with. One is that they're using an automated program to filter through post subjects, flag down possible violations, save header + attachment filename info, and have a human go through those, and email appropriately.

Or perhaps, they're getting some guy (possibly that AvatarADV guy) to skim through filters daily and do basically do the same thing as above.

Obfuscated subject posts (+ filenames) can help against the first possibility. The simplest form would be inserting extra periods into the name, or type out alphanumeric characters using the Japanese character set (A, B, C。。。). I don't particularily like the "RTFN" (Read The Fine NFO) method cause I would basically have to do a two pass scan of each newsgroup, one to download all the nfos, and then another pass to grab what I want after reading the nfos. Anyhow, someone mention about it evolving into a cat and mouse game of detection and anti-detection but judging from the warez groups, it looks like a pretty slow game though...

As for the second possibility, what can we do? Post entire double (or triple) disc sets without any indication of what it is other than some obsecure codename (like "goatse.cx.volume.one") and have peeps go into the respective channel or newsboard to decipher the post? I don't really think this will work.. at least I hope not.

If deleting the poster nick from AnimeUsenet gives some comfort, I'm all of it, otherwise, I think other than some obfuscation of post names by the paranoid peeps, the current system is what's best at the moment.
Back to top
View user's profile Send private message
user



Joined: 19 Feb 2002
Posts: 72

PostPosted: Sat May 18, 2002 11:06 pm    Post subject: Reply with quote

earthdark wrote:
The simplest form would be inserting extra periods into the name, or type out alphanumeric characters using the Japanese character set (A, B, C。。。).


I've seen posters in other groups use the extended ASCII (above 128) character set in their subject lines (an 'e' with an umlaut replaces a standard 'e', etc.) I don't really like these methods because not everyone's OS interprets those character sets in the same way.

Quote:
As for the second possibility, what can we do? Post entire double (or triple) disc sets without any indication of what it is other than some obsecure codename (like "goatse.cx.volume.one") and have peeps go into the respective channel or newsboard to decipher the post? I don't really think this will work.. at least I hope not.


Assuming that a person and not a bot is the one doing the searching, all they have to do is download one or two parts of the archive, unpack it and then rekey the video segment to determine what it is.

You know, I was going to suggest that if I post half of the parts for a commercial episode and then someone else posts the other half, then technically neither of us actually posted a whole ep and thus we couldn't be TOS'ed. But then I remembered NB's unfortunate experience with the Spriggan fills and so now I take it back. While that argument may stand up in court, an ISP or NSP is probably not going to want to spend the effort to argue with you and just TOS you instead. Evil or Very Mad
Back to top
View user's profile Send private message
(inc)



Joined: 18 Feb 2002
Posts: 356
Location: San Diego

PostPosted: Mon May 20, 2002 12:24 pm    Post subject: Reply with quote

I get a headache just thinking about resorting to obfuscation of the subject-line in aba/abma, not from necessarily having to do it myself, but from the *newbie factor*. Uping the learning curve for both leeches and new posters will not be fun.

And I wonder just how much it is needed; just how many warnings have actually been received by anyone doing posts to a premium server? And if warned, how extreme was it -- has anyone in aba/abma actually lost a premium account because of what material was in their anime posts? I just get the feeling that warnings, of whatever severity, have been very few relative to the number of what could be interpreted as *infractions*. So, unless there is a major increase in the rate of warnings/actions verse actionable posts, I'm inclined to suggest the groups proceed as is for now, but (actually, a big BUT) also continue discussions here of processes to follow if conditions change.

As for poster's names in the db, just a personal observation, though I use it multiple times a day (much more then I thought I would), what I use least by far is the posters nick -- I don't think I'd miss it if it were gone. And I agree with G -- it's all or nothing; filtering out episodes by type of source material would defeat the purpose.

(inc)
Back to top
View user's profile Send private message
oblio



Joined: 20 Feb 2002
Posts: 106
Location: Detroix, MI

PostPosted: Tue May 21, 2002 6:10 am    Post subject: Reply with quote

A suggestion on the topic of programmaticly identifying licensed/non-licenced anime: There are a number of non-commercial or semi-commercial sites dedicated simply to anime information (I tend to you animenfo.com, but whatever). Many of them are certainly database driven, and it may be easiest to just talk to a couple of their web masters and see if they would be interested in providing a licenced/unlicenced query url. Or the sites could just share data in a friendly (read: xml) format.

Of course, as someone not implementing this, its easy to throw out ideas. But this path may be worthy of investigation...

I'm frankly not TOO worried about the issue (thanks again Melchior ^_^), but I think that some people are within reason to take precaution- and as Neuro has said, munging subject names has been VERY successfull over the last year, despite how trivial it seems to us coders to crack.

Anyway, regards,
Back to top
View user's profile Send private message Send e-mail
Tobias Rieper



Joined: 18 Feb 2002
Posts: 41
Location: Berlin, Germany

PostPosted: Wed May 22, 2002 8:52 pm    Post subject: knock on wood... Reply with quote

(inc) wrote:

And I wonder just how much it is needed; just how many warnings have actually been received by anyone doing posts to a premium server?
(inc)


Well, I'm continuing with the old posting style, just to see if something happens...

About my Escaflowne posts in ABAV nobody seems to care. Maybe because I'm non-US, but Escaflowne is licensed here too. (The domestic MTV is airing a german dubbed version.) And I doubt, that the NSPs care about the nationality of their customers. To them their local laws apply.

Or maybe Newscene is more "forgiving" than Easynews...

My vote for Animeusenet:
Don't change anything, just delete the posters or shut it down completely. Anything other doesn't make sense.

T.Rieper
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    abma.x-maru.org Forum Index -> Newsgroups Misc All times are GMT - 8 Hours
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group