The German Emule P2P Filesharing Raids
Are 3500 German eDonkey file sharers really facing criminal prosecution?
Investigators had access to eDonkey server [update] - Original German
Investigators had access to eDonkey server [update] - German to English via Google
Investigators had access to eDonkey server [update] - German to English Via AltaVista
Basically they setup a fake server ( Lugdunum eserver ED2K Edonkey / Emule server formerly DServer from MetaMachine ) in Germany. I don’t think they falsified its stats or returned bogus results like the RIAA’s fake servers. I think it was a fully functional server sitting on the bottom of the list (assuming it is sorted by files or users). That makes the fake more difficult to detect at the expense of the ability to perform network sabotage (such as DOS attacks, fake file implantation, virus implantation, bogus search results).
They got 40,000 total IP addresses. I Don’t know if its 40,000 from logins only or if that included remote-server UDP queries, but I think its logins-only. A off-server UDP query to the fake does not reveal your share list but it does tell it some of the files that you’re downloading, if it tracks these requests (or even accepts the requests). Logging into a fake tells it EVERYTHING THAT YOU ARE SHARING AND DOWNLOADING though. Seems about 3,500 of them were unambigously German-only IP addresses (static IPs or the ISP doesn’t cross borders). 40,000 IPs total unique IPs over two weeks with 3,500 from a high-usage country suggests a very small server. They got search warrants for people sharing more than 500 files which amounted to only 130. So that means about 3200 of the 3500 people sued were sorry-ass leeches with maybe 50-100 of those leeches very high-bandwidth and active users. I also bet that 100 of the 130 people got got search warrants were high-turnover leeches, or just leave most of their share volumes in their incoming folder as they are too lazy to organize it. That would make their sharing disposition ignormance or apathy and not outright deliberate.
Proving release is extremely difficult, but passive incoming-sharing vs lazy or delibrate procrastination of removing from incoming vs deliberate permshare is easy after search/seizure or forsensic HD-copying. They can determine average age of a file in the incoming folder by the modified dates as no dates are retrieved from the server or other peers. Also, external media is irellevant as share-evidence unless the search warrent finds evidence of CD/DVD or external drive rotation - ie.. the drive leter for the CD/DVD-drive or a currently connected external hard drive is marked as shared in Emule and other DVDs/external hard drives have an obviously similar structure and/or naming patern.
I don’t know how they filtered for ‘music-only’. I guess they only looked for music file extensions or they also keyword searched archives (.RARed discoagrphies and albums). Going by the UK article (top link), it looks like only music file extensions were counted and archives neglected (ED2K works better with the archives). It is difficult to download every file they have or to count the .MP3s inside the archives without dowloading first as requesting an archive preview from a seeding peer (complete source, incoming or permashare) without having chunks first never seems to work. So i’m pretty sure it is a strict file count and I bet most people either were downloading and/or sharing individual .mp3s or unpack their album or discography archives from their incoming folder to their incoming folder and never clean up after it.
Search warrants for >500 file sharers that found very few shares on the actual seizures mean that they siezed a computer of a very active, high-bandwidth leech, and that the fake SpyServer counts global unique files and not max unique files of a single point-in-time. They download lots of shit and very promptly remove it from their incoming folder when the downloads complete and permashare nothing. They are leeches with lots of bandwidth. They suck but not as much as leecher-mod users which are activly hunted down and banned by many Emule-mods. The official emule doesn’t do this, which represents 85-90% of users on ED2K/KAD), but they do ban GPL violators, which is about half of the leecher mods and many of the creators of these GPL-violator mods are involved in fraudulant activity (charge money for free software and/or implant spyware or trojans)
And I’m pretty sure up to a dozen of the search warrants had one more more pedoporn or teenyporn files (more likely teeny) with maybe only 1 or 2 actually true pedophiles and these 1 or 2 pedophiles probably just watchers not the actual molesters or releasers and they probably would not be likely to rape or molest a kid themselves.
Most of the hardcore sharers keep their IP blockers up to date and don’t connect to lesser servers as they know how to set server priorities and look out for wierdness in the server stats. Too bad the police effort mostly cleansed the network of a small amount of leeches and noobs, especially if only music file extensions were counted and the MP3-filled archives neglected. They do make for better example-making though.
We need more indifferent sharers. Too many noobs, too many leeches, and too many people who download and share ONLY mainstream, in-trend piracy have moved over from bittorrent. I like the homemade stuff, abandonware, and viral marketing just as much as i like the pirated files and I like to download and share both indifferently (and actual ‘downloading’ for keeps/hoarding/offline viewing/burning is difficult through google or youtube they prefer you to stream).
