What are the risks of downloading from Usenet
April 28, 2007 8:52 PM   Subscribe

Downloading from Usenet: what are the risks?

I'm trying to convince someone to *stop* downloading things (music, software) from Usenet. I think it's like stealing -- he thinks it's fine. My fallback argument: he could get caught. He says that's impossible. Aside from all the other issues about this being right or wrong -- just how likely is it that a person doing this would be caught?
posted by anonymous to Computers & Internet (20 answers total) 8 users marked this as a favorite
If by "got caught" you mean "punished", then it's virtually impossible. I'm not aware of a single case of someone downloading music or warez from usenet and having any legal repercussions. The worst thing likely to happen is a nastygram from your ISP for hogging bandwidth, but that's not unique to Usenet. Secondly, because he isn't distributing the material as he would be with a PTP file sharing program, the penalties would be very small.

If he isn't swayed by the moral argument (it's definitely copyright infringement) the getting caught argument is a loser.
posted by Justinian at 9:12 PM on April 28, 2007

To amplify, when you download from usenet, the only traffic is between your machine and your usenet server, radically unlike the situation with filesharing. Unless you're foolish enough to use news.riaa.com as a server, how are they going to catch you?
posted by ROU_Xenophobe at 9:22 PM on April 28, 2007

I don't know of any way he could be tracked. People can be tracked using peer to peer programs because everyone sharing the file can see the IP address of each other. Usenet is more like a drop box. The person posting the files is quite visible. But if you are just downloading, nobody outside of your ISP can know what you're accessing.
posted by ken_zoan at 9:23 PM on April 28, 2007

The biggest risk here is that he wouldn't be downloading what he thinks he's downloading. That's especially the case with software; a lot of stuff out there is infected with nasty stuff that can be a bitch to get off your computer. But that can happen with data files, too. There were some exploits a while back which used video files.
posted by Steven C. Den Beste at 9:34 PM on April 28, 2007

And to boot, most of the pay newsserver companies guarantee that they don't log your activity.

from Usenetserver.com

5. What do you mean by "anonymity"?

At Usenetserver.com, it is our goal to keep your personal information as private as possible. Our news servers remove the X-TRACE header and NNTP-posting-host header, thereby removing where you posted from. Other users only see from which UNS server you posted. We also do not monitor what you download. We only monitor how much you download in accordance to your chosen account. Please understand that we only see byte data and nothing else.

posted by i_am_a_Jedi at 9:36 PM on April 28, 2007

I have never heard of anyone prosecuted or sued for downloading from a Usenet service. It is not impossible to get caught, but Usenet is arguably less risky than BitTorrent or other peer-to-peer services, because unless the MPAA/RIAA/etc. has a court order and has set up a tap at your Usenet provider or subpoenaed their logs, they can't tell what you're downloading. Some Usenet providers promise they don't log your downloads, which would eliminate the subpoena threat, though whether this is actually true is impossible to know.

A few Usenet providers have been sued. Still, assuming your Usenet provider really doesn't keep logs, getting an actual wiretap to determine in real-time who's downloading what are would require approaching it as a criminal investigation, which so far the MPAA/RIAA have not done. Civil suits don't allow you to set up "stings" like that. That requires law enforcement involvement.

With peer-to-peer, on the other hand, anything you are downloading you are also making available to others, which means your IP address is exposed, so it is much easier for the authorities to figure out who all is downloading the files. A number of people have been sued for "just downloading" via peer-to-peer, which is certainly far higher than the number of people who have been sued for downloading from Usenet.
posted by kindall at 9:37 PM on April 28, 2007

For even more security, some newsgroup providers support nntps - nntp with ssl encryption, like https. This prevents anyone from sniffing the traffic en route.
posted by smackfu at 9:43 PM on April 28, 2007

In theory, it would be possible to sniff Usenet traffic and determine that a particular person was downloading copyrighted materials. That's not automatically illegal, however, unlike sharing, which virtually always is.

Some providers allow SSL transfers, usually for a little more money, which should make any such snooping very difficult. It would be possible to determine that you down- or up-loaded X gigs of data on a particular day and time, but determing what that data was would be nearly impossible, unless the news provider itself was in some way compromised.

Uploading is more easily traceable, but most news providers, as listed above, take explicit steps to anonymize postings. They'll remove copyrighted material if anyone complains, but even they usually can't trace it back to a particular poster. At least, that's what they claim, and I've never heard of anyone successfully prosecuted for copyright infringement on Usenet.

As far as malware goes: your risk is probably a little higher because of the same anonymity. With P2P, you're more likely to get caught by the authorities, but a little safer from malware. Personally, I'd rate the legal problems as a far worse threat. You can clean a computer, but it's hard to get out of jail.

As Justinian says, if he's not buying the morality argument, the safety argument isn't likely to to fly.

I would suggest not networking with him, or if you share a line, get your own firewall and live behind that. If he does end up compromised, your machine will be much safer that way.
posted by Malor at 9:54 PM on April 28, 2007

You should probably do some research and see if there have been any prosecutions for downloading kiddy porn from usenet.

If there are sniffers or whatever to look for child porn then there is no reason they can't be extended to warez or music.
posted by MonkeySaltedNuts at 10:00 PM on April 28, 2007

Use Giganews and Newsbin. All of their traffic is SSL encrypted
posted by Lord_Pall at 10:11 PM on April 28, 2007

There is no non-moral reason to cease what he's doing. Downloading some sort of nefarious program is avoidable by the simplest of procedures and common sense (he does not need to purchase antivirus software but merely wait for the multitude of users to report on a problem, which they will, rather immediately). Again, assuming no "right or wrong" morality, it is on several quantities less likely he face the sort of physical harm (or financial loss) by getting into his car and traveling to the store and purcahing the CD. In fact, barring his complete and utter lack of deference for intellectual property laws, this is the best choice for his mortality and his economic outlook. This isn't even beginning to touch how he's helping the environment. It is exponentially cheaper to download from Usenet than it is to go to a store (in a motor vehicle I would assume) and purchase a piece of plastic in a piece of plastic in a cardboard box with a large booklet of paper and get a small piece of paper and a plastic and then driving back.
posted by geoff. at 11:11 PM on April 28, 2007

If there are sniffers or whatever to look for child porn then there is no reason they can't be extended to warez or music.

The reason is that law enforcement and the public are much less interested in catching copyright infringers than the distributors and viewers of child pornography.

Can you imagine it if infringement were sensationalized in the same way as child porn? We'd see shows like "Dateline NBC: To Catch a Copyright Infringer." Won't somebody please think of the record labels???
posted by grouse at 2:49 AM on April 29, 2007

AFAIK, it's not illegal to download material protected by copyright. It is illegal to distribute said materials, but only if you're not the copyright holder. This is why bittorrent is such a risky technology: by its very design, you are sharing what you download automatically. Thus you become a distributor, and can be subject to RI/MPAA thuggery. There's no way for you to know that the person who uploaded the files to USENET isn't the copyright holder.

I personally use EasyNews because of their stance on personal liberty and privacy, though I imagine GigaNews is probably just as safe.
posted by Civil_Disobedient at 6:45 AM on April 29, 2007

The downloading itself is a crime.

In the U.S., non-commercial copyright infringement is a crime when the infringement is "during any 180-day period, of 1 or more copies or phonorecords of 1 or more copyrighted works, which have a total retail value of more than $1,000." 17 USC § 506. So if you are only infringing small numbers of works, it isn't a crime.
posted by grouse at 7:53 AM on April 29, 2007

Mod note: a few comments removed, please stick to the question "Aside from all the other issues about this being right or wrong -- just how likely is it that a person doing this would be caught?" or take it to metatalk
posted by jessamyn (staff) at 7:58 AM on April 29, 2007

is only as good as the laws that protect users from a subpeona

No, it's also as good as their actual policy of stripping all your posts of their X-headers, never keeping http or nttp logs, no third-party cookies (actually, cookies aren't even required)... etc. Maybe you should actually RTFL next time before jumping to conclusions.

As for the law on downloading, I don't know the relevant case law and imagine there's a lot of gray area, though I do know that distribution (uploading) of copyrighted material is a big no-no.
posted by Civil_Disobedient at 8:33 AM on April 29, 2007

Well, technically, NOTHING is impossible given a long enough period of time... but the chances of getting caught downloading things from Usenet is next to nil. As other responses here have noted, its a 1-way transfer from the Usenet servers to you.. and alot of them dont log.. so the only viable way to catch someone would be to sniff the traffic. However because of the MASSIVE amount of usenet traffic every day/hour/minute.. sniffing is like finding a needle in a haystack.

"I'm trying to convince someone to *stop* downloading things (music, software) from Usenet. I think it's like stealing -- he thinks it's fine."

You may have a slightly better argument with the morallity of it, but even then, its a difficult case to prove.

I can say for a fact after 10 years of being an internet geek, downloading, filesharing and (mostly now) just using Usenet, that it has taught me many things and introduced me to much music and software that I would have otherwise never known. The internet was never founded/invented to be a place of commerce. Its about the FREE exchange of ideas and communication. We are in a transition phase right now .. soon technology will advance enough that we will look back on "buying things" as a very silly thing to do.

The best thing I can suggest, if you have a problem morally with what he is doing,.....is to find open-source/free alternatives to the software he is pirating and offer those up instead. (for example, I used to use a cracked copy of Photoshop, but I found Paint.NET and use it and Gimp primarily now because they are free, and I dont have to go through the hassle/risk of downloading/cracking/etc. )
posted by jmnugent at 9:53 AM on April 29, 2007

To determine if you're downloading from a torrent or other peer to peer service, you just need to connect as a client and pretend to have what you want to see people are downloading -- you'll get lists of IP's requesting segments from it.

To do the same with Usenet, you'd have to get a warrant for article download logs (and I suspect you'd be restricted to only the IP's you already have evidence for), and most likely all you'll receive is logs of how much you've transferred over a period. You could conceivably log each transfer, but there are 10 million new articles a day; multiply that by how many people are downloading (normally 4-8 articles at a time, each coming down in a couple of seconds), and over the entire retention of the server (up to 120 days) and you start to see why news services probably don't bother keeping logs with that sort of detail, at least not for very long. Your NSP's Privacy Policy should spell this out.

Conceivably you could track some NZB downloads from Newzbin if you had web access logs, but NZB's are as free to distribute as Usenet header information, and downloading a NZB for something specific doesn't mean you used it. You could just as easily use a NZB to generate cancel messages for a set of files, or to test your XML parser. Also these logs are wiped every 24 hours, so a court order would have to be damn fast.

It's not impossible, but it's exceedingly unlikely if he's not posting anything. As soon as you post, there's the potential for someone to take enough of an interest to try to find out who you are; ultimately if they have the willpower they could get a court to demand details, but a good NSP wouldn't even have the logs by this point.

Disclaimer: I own part of Newzbin, but I'm not speaking on behalf of Newzbin.
posted by Freaky at 10:27 AM on April 29, 2007 [4 favorites]

Unless you're foolish enough to use news.riaa.com as a server, how are they going to catch you?

Jack Valenti's ghost? No, seriously, I've heard this discussion a few times, and all the people who knew their shit said the same thing: the only realistic risk is downloading a virus, anything else -- esp if your service doesn't keep logs and they use encryption.

having said that, if your buddy downloads from Usenet info on how to build a nuke (I doubt there are newsgroups on that, but let's just say), I'm sure the NSA could bust him.

And the paedophiles, from what I've read, usually get busted because they trade stuff and, really, what you need to catch them is simply a non-technically-savvy paedo in the club, and there always is one.

to sum it up: your friend will be OK if he subscribes to a good service UNLESS

-- he's an Al Qaeda agent trying to nuke New York City and uses Usenet to accomplish that (I don't see the NSA using supersecret new technology to bust a kid who's into the new Linkin Park cd, frankly)

And if he uses Usenet to download paedo material because he's into children, well, he has bigger (mental and legal) problems in his life than worrying about the morality of downloading the new Mr Bean movie to avoid having to pay a movie theatre ticket
posted by matteo at 12:08 PM on April 29, 2007

AFAIK, it's perfectly legal in Canada and Sweden (to download from Usenet)

Isn't it?
posted by drstein at 3:42 PM on April 30, 2007

« Older Best methods (if they exist) for amending errors...   |   Ontario landlord selling building, making strange... Newer »
This thread is closed to new comments.