[OneQuestion]

I keep getting those damned letters from my ISP accusing me of violating copyright laws, but hold on before you jump to conclusions...

I've received these notices before and I get it, I stop sharing the file cuz usually I didn't know it was illegal to share.

But this time the notice is different! I have *ABSOLUTELY NOOOO IDEA* what file they are referring to. Here's what I can tell you: It is in fact my IP address, it's even my user hash, but when I saw the file I was like WTF??? I sorted my shares by hash code and looked up the file hash in the notice and it's not there. When I punched in the KAD link it started to D/L.... I then punched a KAD link to a file I already have and it obviously said I already had that file.

So I searched around and found nothing, I've never heard of this happening to anyone. I thought my internet was being stolen but, first of all, I don't have wireless, and secondly how do you explain the matching user hash? I thought my emule was hijacked or I had a virus but scans came up clean.

For the love of eDonkey, can someone tell me how this is possible?! I don't want my internet to be cut off because of repeated wrongful accusations!
HELP!

[Meuh6879]

change your ISP, static IP will change ... and the problem would be solved.

[Nissenice]

1) Check if you can find a file with the same size as they are referring to. Sometimes when you search for a file a similar file with the same name and size can be found, but with a different hash. For some reason unknown to me the file has changed at the peer so that a different hash has been calculated. This has never happened to me personally afaik, but I can see that it happens to other peers.

2) Maybe your eMule (with highID) has been a buddy to a lowID client who has shared this file and the accusers have no clue about difference?

3) Maybe the accusers aren't painstakingly accurate and they just don't give a shit if they are accusing someone wrongly?

This post has been edited by Nissenice: 18 October 2011 - 01:08 PM

[OneQuestion]

Nissenice, on 18 October 2011 - 07:03 AM, said:

1) Check if you can find a file with the same size as they are referring to.

When I first got these notices that's exactly what I did, but file size isn't very accurate, and ofcourse there are files with sizes nearly matching. I think by using the KAD link I've already proven that it's not one of my shared files. I haven't even HEARD of some of these TV shows!

Nissenice, on 18 October 2011 - 07:03 AM, said:

2) Maybe your eMule (with highID) has been a buddy to a lowID client who has shared this file and the accusers have no clue about difference?

I get lowID about half the time I connect. I can get highID most times when I start everything from a complete system shutdown. If my system has been running for a while that's usually when I get a lowID. I always wondered about this.

Nissenice, on 18 October 2011 - 07:03 AM, said:

3) Maybe the accusers aren't painstakingly accurate and they just don't give a shit if they are accusing someone wrongly?

I'm starting to think that this "Vobile" (on behalf of Viacom) has it out for me and that they want my ISP to suspend my service. But if this were true then why don't they just accuse me of sharing the files I'm actually sharing? I've just recieved another 4 bogus notices since my original post, that's more than the legit notices that I've recieved in the last three years.

***Is it possible for eMule to be transferring a file that's not on my computer to another eMule client?***
In other words, can some remote user download a file I don't have using my eMule connection, without my knowledge?

[xilolee]

No, if (1) your pc is clean, (2) your connection is cabled (without wireless signal), (3) you aren't using remote desktop software (click).

If (1) is not true, scan heavily your system.
If (2) is not true, check your wireless settings (put/change wep/wpa key, mac address filters, change default gateway/username/password/SSID, disable upnp, etc).
If (3) is not true, remove them.

[fox88]

xilolee, on 20 October 2011 - 01:10 AM, said:

If (2) is not true, check your wireless settings (put/change wep/wpa key

Do not use weak WEP.

[OneQuestion]

xilolee, on 19 October 2011 - 03:10 PM, said:

No, if (1) your pc is clean, (2) your connection is cabled (without wireless signal), (3) you aren't using remote desktop software (click).

If (1) is not true, scan heavily your system.
If (2) is not true, check your wireless settings (put/change wep/wpa key, mac address filters, change default gateway/username/password/SSID, disable upnp, etc).
If (3) is not true, remove them.

(1) I've performed some additional aggressive scans and I did come up with a few weak threats, but nothing that can hijack eMule.
(2) Currently, I do not use wireless. The fact that my userhash is reported in the accusation letter means this is far more serious than simply a case of stolen internet access.
(3) I'm not aware of any remote desktop software on my PC. I'm running XP Home Edition, and I've never enabled any built-in remote features.

One thing that has me suspicious is that recently emule.exe is causing unhandled exception errors upon exiting. I have the latest version but I'm considering reinstalling.
emule.exe is exactly 5,758,976 bytes and its Created Date matches its Modified Date.
Does anyone know where I can look to see if the emule software has been tampered with? ...like a clue to finding some kind of hidden add-on or mod that would make it behave differently?

Also I recently noticed that my upload speed has not reached anywhere near its max. That's not entirely unusual but it does have me suspecting that the additional unused upload bandwidth is actually being used in the background for these "illegal downloads" (ie: I'm not downloading these files, someone else is downloading them THROUGH me and I get the blame when Vobile tracks it).

I'm going to look into this further by comparing Emule's upload speed to what my network is actually doing.

[fox88]

OneQuestion, on 20 October 2011 - 12:05 PM, said:

Does anyone know where I can look to see if the emule software has been tampered with?

First, clean up your system. Then use Downloads button at the top of the forum's page to get clean eMule.

OneQuestion, on 20 October 2011 - 12:05 PM, said:

I'm going to look into this further by comparing Emule's upload speed to what my network is actually doing.

eMule's upload may vary due to a number of reasons. Use speedtest.net to check your true bandwidth (while all other network activity is stopped).

This post has been edited by fox88: 20 October 2011 - 11:36 AM

[OneQuestion]

I still do not have a solution to this problem!

It's been over a year now and for a while things were fine but just these past few days I've received a record number of infringement notices, I think over 200, most of them South Park episodes in various languages.

THIS IS OUTRAGEOUS! IT'S REALLY PISSING ME OFF!

Once again I've confirmed that the IP and port ARE mine, the user hash IS also mine... but NONE of the files are mine! I've confirmed this over and over again with a good portion of these notices.

Here's a quote from my ISP in the forward:
"We use our connection logs to determine which user was assigned the IP address at the time of the violation."

I'm not a techno wizard, but something is obviously wrong here. My IP is dynamically assigned.
A couple observations:
When I restart my DSL I get a new IP, connection test passes, and I can connect to eMule with HighID but I get infringement notices during the connection period.
When I keep my DSL unit on and reconnect eMule, connection test fails, I get LowID and I've never received infringement notices during the entire length of the connection.
If I go to my firewall settings and change the exception to a new random port and reflect those changes in eMule, connection test passes and I get HighID.

All is okay when connection test FAILS and I only connect with LowID. This is what it looks like I'm being forced to do. I've run out of theories, it makes no sense to me anymore.

I know I'm not the only one with this problem because when I was searching for how to confirm my user hash THIS post was #1 on google results out of hundreds. That must mean it gets a lot of views or clicks or something, which is a bit weird for a dinky post that little old me put up years ago, wouldn't you say?

[syspect]

Hi all!
The same exact thing has just happened to me. And maybe with the same files, which, of course, I have never downloaded or shared.

Here I'm pasting some examples

South.Park.11x05-05.Le.Fantastique.Mystère.De.Pâque.FR.PDTV-CANALPLUS.[tvu.org.ru].avi
SpongeBob.Schwammkopf.-.(60).-.Der.Quatschtueten-Wuerger.-.Die.Geister.von.Bikini.Bottom.(DVB-S.Xvid.Ger.MP3).KHPP.avi


Maybe we should check if they are really the same (all or some of them)

I have to say that there are some differences respect the first post:

I'm using MLDONKEY, not emule
I'm in linux
I'm in a corporate network with fixed IP adress


If this is happening to more people, please, say it, I'm starting to believe that they are cheating with the file names.

thank you very much!

[fox88]

syspect, on 12 February 2013 - 06:45 PM, said:

If this is happening to more people, please, say it, I'm starting to believe that they are cheating with the file names.

File names do not used to distinguish the files in eMule's network. You could rename files whatever you like.
File ID is used.
Could your ISP give that information?

[syspect]

Yes they did, I have all the ed2k links with md4, size and all of this. I can paste them in here but I don't know if it is OK.
If it is not. Can I use "pastebin" and copy the link in here?

I used the filenames in my previous email because I found it quite curious that both "OneQuestion" and I are being accused apparently with the same titles (mostly South Park) maybe they are just sending the same mails to everybody they found with an ed2k client not even looking if we do really have them.


again, thank you all

fox88, on 12 February 2013 - 05:33 PM, said:

syspect, on 12 February 2013 - 06:45 PM, said:

If this is happening to more people, please, say it, I'm starting to believe that they are cheating with the file names.

File names do not used to distinguish the files in eMule's network. You could rename files whatever you like.
File ID is used.
Could your ISP give that information?

[fox88]

syspect, please avoid top-posting style and unnecessary quotations.

Sending links would not help, because I do not have your coumputer.
But you could exchange links with OneQuestion's to see if they are the same.

If you have File IDs and keep the history, you should check:
1) in the current list of shared files;
2) make a plain text collection file with all known files and see if there are any matches;
3) use global search in the form ed2k::hash_value. In that case the Known column would show non-empty status if you ever touched the file with that t file.
The third point is the most interesting, probably.

Finally, someone else could use your connection. For example, if you have WiFi.

This post has been edited by fox88: 14 February 2013 - 12:20 PM

[syspect]

Hi fox88, thanks for the advice.

I have already done all 3 points an some other checkings and no, none of those files have ever been downloaded and none of them are in my computer (I have used md4, filesize and partial filenames)

I do not understand why you say that posting links will not help, if they are sending the same mails they will have the same links in them if they are not sending the same mails but complaining for the same files, maybe the ed2k link will not be exactly the same, but the file size and the md4 will, isn't it?

There is no wifi, I'm in a corportate network. I'm completely sure that no one has download this files in my computer, I have never seen them in my queue which I check several times a day and there are no traces of them in the logs.

thanks!

[fox88]

syspect, on 15 February 2013 - 04:32 PM, said:

I do not understand why you say that posting links will not help

Guys.
Before posting any links you must read forum rules very carefully.

syspect, on 15 February 2013 - 04:32 PM, said:

There is no wifi, I'm in a corportate network.

Are you sure that you are the only eMule user in the company?
How exactly you were indentified?

[syspect]

Hi fox88
I'm 100% sure I'm the only user of an ed2k client in my computer and my computer has a routable IP so the IP that is shown in the mails is only main

About the links: I know, this is why I asked in my first post if it was ok to post them here or if I can paste them in pastebin and then paste the pastebin link here.

thanks again

fox88, on 15 February 2013 - 03:39 PM, said:

Before posting any links you must read forum rules very carefully.

Are you sure that you are the only eMule user in the company?
How exactly you were indentified?

[fox88]

You are still using top posting style. It's inconvenient for reading.

I don't know the rules in your office, but technically speaking: when you are away or your computer is powered off, it would not be difficult to use the computer or it's IP.

[syspect]

fox88, on 17 February 2013 - 06:33 PM, said:

I don't know the rules in your office, but technically speaking: when you are away or your computer is powered off, it would not be difficult to use the computer or it's IP.

Let's put it that way: I know It has not been downloaded from my computer, like the guy who started this forum.

[indignado7777]

Hi!
Where are you from? England?

How to detect the issuers of those letters copyright infringement?

Is the ISP who reports? o metadata are public readings on P2P networks?

Technically:
1) A user hash is copyable.

2) The remote IP determines the offender, but the holder to pay the bill. Through IP could be lapsing a universe without the owner was percatase it.

3) the hash file does not determine their content remotely. It is a simple calculation of one-way, used to verify that downloaded once generates the same hash.

Indignado
Sorry, i am using Google Translate.

[OneQuestion]

indignado7777, on 19 February 2013 - 12:36 PM, said:

How to detect the issuers of those letters copyright infringement?
Is the ISP who reports? o metadata are public readings on P2P networks?

Now that 'syspect' has told me his experience I know that:
* Viacom/Vobile (named in the notices) is just targeting KAD/ED2K/eDonkey users, (possibly at random)
* They collect userhash, timestamps of connection, IP address, port (all publicly known data, as you have mentioned)
* But they obtain or invent a filename, file hash, and file size which WOULD be in violation of copyright, if it were in fact shared.
* They then use your IP address to send a complaint notice to your ISP who in turn does their part to forward to owner of that IP at that time.
* This ofcourse is completely automated, and therefore I conclude is in error, perhaps some bug in their newtork searching software which incorrectly associates one user with another's file.

(Now this is just me ranting to whoever):

and because no actual PERSON gives a crap, the system continues to dish out these erronous notices to poor buggers like me and 'syspect' until one day when they mess with the wrong individual who REALLY knows their rights and is familiar with all the applicable laws and decides to take some counter-action AGAINST them (because there is no clause or disclaimer that says "we apologize if you receive this in error"). No they just threaten you with lawsuits and hide behind their big media corporation techno BS.

Your ISP could shut you down, but it would not be in their best interest to do this to a paying customer when anyone could just as easily go to another ISP. I'm sure the ISP's aren't thrilled with this anymore than we are. Their hands are tied, more or less.

Unfortunately, no one will stand up against the false accusers because your average KAD/ED2K/eDonkey user is not a law student, and probably HAS at one point downloaded questionable material themselves. You would have to have a fresh eMule install on a designated system, sharing clean files, THEN get the wrongful notices and work closely with your ISP to take counter actions. Unless there's (lots of) money to be made, no one is going to go to all that trouble to stop the bastards.

It would be totally fruitless, however, it seems to be working for them as I see the number of servers and users dropping over the last few years. Perhaps some people are actually being disuaded because of these threatening notices. I bet you never have to worry about this if you're using a torrent.

indignado7777, on 19 February 2013 - 12:36 PM, said:

Through IP could be lapsing a universe without the owner was percatase it.
Sorry, i am using Google Translate.

No worries, I understood all except this line about "lapsing a universe". I'm not sure what "percatase" meant.