Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Napster a little insecure?

From: jpr5 () BOS BINDVIEW COM (Jordan Ritter)
Date: Mon, 31 Jan 2000 12:11:36 -0500

On Mon, 31 Jan 2000, Maniac . wrote:

# He was stating an honest concern that Napster logs *YOUR* IP address
# when you download an MP3.

This concern is unfounded, and will be one of several points we talk about
in a FAQ soon to be posted on our website.

In Napster, transfers are initiated and completed by the client, to the
client.  Our service is not involved in the transfer of mp3 files, so we
cannot know if you ever successfully downloaded anything.  Therefore
there's nothing to log in that respect.

This is unlike an FTP or Web server, which will most certainly log
transfer information by default.

# With a court order, could the music companies not get this information
# from Napster?  Would this not give them enough of an audit trail to
# crack down on people?

As for Music Companies and the RIAA, I urge those truly interested in a
well-informed perspective on the upcoming suit to visit:

http://www.charles.soule.com/paper/page1.htm

I believe Charles is a third or fourth year law student at Stanford, and
has written and made publically available his thesis (above) on Napster
vs. the RIAA.

--jordan
Previous By Date Next
Previous By Thread Next

Current thread: