XFileSharing Pro - Automatic MD5 file hashtag for identifying individual users

Message
Author
sash
Posts: 3
Joined: Nov 02, 2013 9:29 am

Automatic MD5 file hashtag for identifying individual users

#1 Postby sash » Nov 02, 2013 10:02 am

I'm on a forum that is looking at using your product and it is looking very good to us right now.

Simple question is:
Is there a way to implement some type of MD5 hashtag for individual user file identification, using what you currently have or with some type of modifications?

End result:
We would like to potentially be able to identify the same exact files members d/l from our site, later on, and whose private MD5 hashtag is on it. Say for example: if there are 10 members d/l'ing fileX from the private section of our forum, if we were able to get a hold of the file again later after it was leaked out onto the Internet somewhere, we would like to be able to identify which member that file came from.

I did a search for MD5, security and all kinds of different combinations and was not able to find anything about it on your forum to see if you already had something for it. I found these, but didn't really eloborate enough to say whether or not it would do exactly what we want it to do:
http://sibsoft.net/forum/ban-file-signa ... hlight=md5
http://sibsoft.net/forum/perl-md5-error ... hlight=md5

Just in case I should have worded it differently, we are currently discussing manual methods to find users that are abusing access to certain files on the forum. But we have quickly have come to believe there must be a better way that can be automated. We would like to have a way of covertly marking the files for later comparison to see if files we know to have leaked from our forum, for matching the files back up with the member that compromised the files. In some instances, we know where the files are being leaked to and it would be an easy comparison. And in other cases, we are not sure if the files are being leaked elsewhere.

And believe me, we have googled the net and have brainstormed for some time over this, and continue to do so.

Perhaps using a MD5 hashtag is not the most optimized answer. I thought if I asked what we were needing as an end result, you might would be more flexible with helping to provide a solution that could utilize your product.

Any and ALL feedback would be very much appreciated.

Thank you ahead of time.

ankurs
Posts: 1054
Joined: Mar 10, 2009 2:34 am

#2 Postby ankurs » Nov 02, 2013 1:58 pm

Don't think this is possible.

universe
Posts: 67
Joined: Mar 20, 2012 12:13 pm

#3 Postby universe » Nov 03, 2013 9:55 am

What sort of files are you handling? Several kinds of files have included some sort of metadata in the file, such as the ID3 tag in MP3 files or the Exif data in photos where you can store any kind of information without destroying the file.

So if you use a metadata capable file format for your files you want to protect, you could simply add a unique identifier for each user in his downloaded file and if he redistributes it you could identify him. But if users get to know that you tag your files in such a way, the infringing users can simply remove your metadata before spreading the files elsewhere so it is a very weak solution in the end.

Nevertheless you will need to process each file before each download by a script that will put your unique metadata into the file and you will generate a lot more server load than simply creating a temporary symlink in the filesystem.[/url]

sash
Posts: 3
Joined: Nov 02, 2013 9:29 am

#4 Postby sash » Nov 04, 2013 4:34 am

Great information and just the kinds of things I would love to hear about.

To answer your question, these are training files. So, everything you can think of relating to that: PDF, MP3, MP4, DOC, PPT and the occasional odd ball file.

If ID3 is the personal metadata stuff, such as your name and etc, we are familiar with that but thank you very much for mentioning it. We are figuring on a worse case scenario. Thus, if you and I are aware of it and know how to circumvent it, then so are the people taking the content and selling it online. There are programs you can get to run batches to remove that type of metadata that is very good at cleaning things up in one clean swoop, such as Batch Purifier.

And you are right, even with the right script solution, we anticipate it would create a heavier load on the server. That kind of script could possibly have parameters to say how many simultaneous batch jobs could be run at once, adding script runs to a queue if more than 5 or whatever the 'sweet' number is.

Anyways, this is why I pose this question here to see if the owners of the site already had something in place for it, and or could see this as being an easy solution to implement on the next release, and or as a separate modification fee.

Thank you again for your time everyone.

universe
Posts: 67
Joined: Mar 20, 2012 12:13 pm

#5 Postby universe » Nov 04, 2013 8:48 am

First of all I think it is too specific for Sibsoft so they will not develop any extension for it - not even a paid one so you'll have to manage it yourself or find a skilled coder.

If you think, that someone who steals your work would also remove metadata (which is in fact easy if you know about it), you would need an even more complex solution like hidden (alpha-channel) watermarking on images and videos (which can be also embedded into pdf, doc and ppt files) and some kind of audio watermarking for your mp3 files (and also mp4 videos). Nevertheless your needs are very specific and maybe a commercial DRM solution would be better for you than developing it from scratch.

sash
Posts: 3
Joined: Nov 02, 2013 9:29 am

#6 Postby sash » Nov 05, 2013 3:54 pm

Thank you universe - you have been very helpful in your comments!

Any recommendations on a DRM script we could use with PHP then - something not cloud based?

Thanks again! :)