Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Technology

Identification By Typing 222

crazy_speeder writes: "Musicrypt.com is developing a biometric identification system that captures user keystrokes to verify the user's purchase of specific copyrighted materials (i.e. downloaded music), and only that user can use it." I'm really skeptical about them getting something like this to work, I mean, I make typos in my 12 charachter password, but to be expected to type a sentence with the same rhythm? I still want retina scanners.
This discussion has been archived. No new comments can be posted.

Identification By Typing

Comments Filter:
  • I learned how to touch-type when I was very young. I'm even hesitant to say "learned." I learned how to touch type like I learned how to speak. I just grew into it. After 16 years, a friend of mine said something to me as I was working on the computer(this is about 4 years ago, now). I was writing a letter for her(she was dictating), and then she stopped, and looked a bit mad. She said "are you actually typing anything?" I was sort of dumbfounded, and said "Yes, of course, look." Anyways, the gist of it was that I apparently don't type in a usual way - I guess all the keypresses are more evenly spaced, and I use different fingers for different keys(but not like you're supposed to). So, if you could track, for a while, how a user types, you'll find interesting relationships, ie: 90% of a time, there's a 0.35 second pause in between hitting the "r" key and hitting the "t" key. This particular user often puts a space in "often", like "of ten", and doesn't notice until the word is written, at which point the user goes back and corrects it, hitting the backspace key approx. 2.4 times a second.

    I imaging these things are extremely individual. It really does make sense, you know.

    Dave

    P.S.: It'd be moderatly hard to reproduce someone's typing style, but it'd still be harder than re-producing their password :)
  • Though I don't drink, a good number of my online friend do, and I've personally watched their typing skills degrade as the night grew darker and their empty bottles accumulated. How is this supposed to help them?
    Also, I know my own typing varies from keyboard to keyboard dramatically, as I expect is the case for many others. I bet my mood alters it slightly too.
    Not that this thread needed more people downing the idea, but hey, it really is stupid.
  • I really do not think this will work. Because what happens if someone is a (newby)? y'know; the guy who types 1 word an hour with 2 fingers for the first 3 months that they start using their computer, once a little practice kicks in, their typing faster. Plus, what about factors like lack-of-sleep?! (c'mon, don't aim to tell me that you type the same from when your perfectly awake, and sober, and when the average 2AM hacker doodt has been sitting at the terminal for 36 hours straight. Typing styles ARE gonna change, and I for one think that it would be a royal pain-in-the-ass to TRY and CALCULATE a specific typing style whenever you want to validate for a download. Blech. My 2cents.
  • CAT LIKE TYPING DETECTED!

    Dammit! This happens every type I'm cybering the Hanson fans.
  • I know that credit card companies are trying to do this with those electronic pads you see in electronics stores, the idea is that any merchant can fake themselves as you, but they can't emulate your 'fist' so to speak. It uses some amthematical analysis stuff to see if you are moving the pen the same way with relation to time. My real question, probably completely off topic here, is has anyone read 'Holy Fire', by Bruce Sterling? His descriptions of a gestural passkey system sounds really cool to me, like a sort of pictogram combined with the above technology.
  • that little file that is the representation of your retina.

    Not really. The key in a file that represents your retina scan is not necessarily anything more than useless. Let me explain: Take, for example, the way passwords (non-shadow) work in Linux (probably other systems as well, but I only know this for sure). When a user first sets their password, the string is run through crypt() (note that this is a one-way function - the original password cannot be derived from the cyrpt()ed text) and save in a file. Then, when the user logs in, the login program runs the supplied string through crypt() and compares the result to see if it matches what's stored in the file. If it matches, that means the user entered the same string as was used to set the password.

    Now, to apply this to retina scanning, the scans would probably be converted to some sort of identifying number (or possibly just a bitmap image), which would then be one-way encrypted. The same procedure outlined before would be used to see if the same retina was being scanned.

    You can see, then, that it is possible to store a representation of the password that is not compromising if stolen (it can make brute-forcing easier, but it does not give away the actual password).

    It is trie that the signals from the scanner to the computer could be caputured, but remember that this would be the same as capturing the signals from a keyboard to a computer.

  • Umm, that would immediately prevent more than 50% of the population from being able to "log into something".

    Au contraire, ~50% of the population would be able to crack a sperm scanner with ease, as long as they could get to it within a few hours of the deed, and they had non-porous panties.
  • ...environment: Drugs, Alcohol, and other fun modifiers to your typing -- Not to mention, you're websurfing. How much typing are you doing?

    When I'm sober, I type fairly efficiently, with a minimum of backspacing, and I'm pretty speedy -- Something on the order of 75wpm. Hardly the fastest typist anywhere on the planet, but me and my IBM keyboard manage to band together and kick some a** for truth and justice! Er, whatever.

    After a couple Sapphire and Tonics, though, my typing goes to crap for short periods, and then I manage to get a few paragraphs out at like 90 wpm, perfectly clean, zero errors, just flow through it... right before my typing goes into the toilet.

    Now, there WILL be some common elements between my typing sober and drunk, but I think there's going to be more dissimilarities than anything else - Your brain just gets busy doing other things and it steals cycles from what you were supposed to be doing, like typing for example -- And this is going to introduce semi-random latencies, which is exactly the kind of thing which will break a system like this.

    Granted, it could probably learn your typing in those conditions as well, but it's going to think you're someone else until it's trained. It would be terribly amusing if the computer decided that you were your child when you were high -- It would certainly tell you something about your habits.

    In any case, the only way to really get around the lack of typing input which one will experience while websurfing is to make you type something when you sit down at the computer. Running you through some text that you would ordinarily type, and some that you wouldn't as well would be the optimal situation, though eventually the text you wouldn't ordinarily type is going to become familiar... Also, what happens when your keyboard dies and you get a different one? Suddenly, nobody is who they used to be.

  • Something which tells where you are?

    It's called, "wireless phone".

    Law enforcement in the UK has already used cell phone system logs (which track roughly where you are in relation to their towers) to disprove falsified alibis.

    "You say you were still in London that day?"
    "Yes."
    "...and you received a call from so-n-so?"
    "Yes."
    "That call, as logged, was answered by a cell phone operating through a wireless station in Edinburgh!"
  • by Old Man Kensey ( 5209 ) on Tuesday June 13, 2000 @08:47AM (#1005662) Homepage
    Seems like security methods are second only to management as the subject of quick changes in "fashion". First it was plain old passwords, followed by access cards. Then fingerprint scanners. Then it was voice-printing. Lately we're seeing retinal scanners and stuff like this, and few people are paying attention to actually designing systems and facilities to be secure.

    Part of this is expense. The most secure building that's still useful is one with one door and no windows. But that's an emergency-evacuation and traffic-control disaster waiting to happen, as well as a workplace-standards tragedy, so you add a freight dock, a rear entrance, a bunch of windows in the Managers' offices, a skylight with louvers that close automatically at sunset (oops, pardon me, too much MI:2...)

    Now you have to secure all these potential access points (windows count too, unless they're built like arrow-slits) and sheer numbers work against you -- the first time somebody leaves a window unlatched when the room is empty the probability wave of an undetected intrusion starts to spike.

    (You can think of intrusions in a quantum fashion -- given how long that access point was left unguarded, and the configuration of the facilities, and the traffic patterns, what is the probability that someone had access to various points and no one's noticed yet? Los Alamos take note...)

    The rules for system security much resemble those for facility security in many ways:

    1. Don't have open access points you don't need. (closing off access to ports with ipfilter/ipchains and other such tools)
    2. Keep the ones you do have under close surveillance (logwatch, iptraf and such)
    3. Don't assume your perimeter is unbreachable. (keeping up with what binaries are setuid, who has which sudo permissions, etc.)

    Anyway, that's just rambling on a bit. The dominant paradigm of strong security is "something you have, something you know, and something you are". Any security system where one of these is sufficient to grant access is inherently insecure. Any system where all three are required in a specific form is probably very secure, but probably also very annoying to its users.

    A system where you have to satisfy, say, two of the three in one of various ways is probably going to be OK for most purposes. Say you can use a voice-print, retinal scan or fingerprint scan plus your electronic access card, or you can show another form of ID to the guard (there better be a guard) and he can optionally clear you in manually if the other check is passed. Filling out your I-9 form for Immigration (to prove you are allowed to work in the US) works sort of like this. Note also that by this method ordinary shell password authorization is very insecure, (right, we knew that) while the SSH model of key + password is relatively secure (unless you set your ssh up to authenticate solely off the key, in which case you should now go back to grinding out code for IIS you sick little monkey!)

    But real security takes real thinking and real money, and most companies don't want to expend either if they can help it. They'd rather have something that looks cool so they can brag about it. In this case they're not only using a single fallible authentication method, they're using one that, as pointed out before, has so much inherent noise in it that it's easy to defeat and thus nearly useless.

    The article doesn't say whether you're typing a set sample text or a user-selected passphrase. The "right" (well, not right, but at least better) way to do this is to have the software try to verify the user through both a passphrase (something you know) and the typing biometric (something you are). If they both match, fine. If either one matches perfectly and the other is close, that should by default allow use, not restrict it (which is to say, the system should "fail open" like an emergency door).

    But what are the odds of that happening?

  • http://www.plif.com/archive/wc207.gif [plif.com]

    Cat haters will understand.



    Observe, reason, and experiment.
  • The real issue is not whether this will work; it is whether such an idea could ever work for this specific application. What if I break/burn or otherwise injure my hand and want to listen to the soothing sounds of my favorite record while I recover? What about quadriplegics or those otherwise unable to type? In the cases where this technology has been used, for instance, the security of a workstation, it can be assumed that persons unable to type will not be at work. For the public sale of music, the technology is just not a good fit. Really, there is no way to apply this to recorded music. Let the idiots who don't know any better blow their time and money working on this. It will never gain acceptance.
  • I think what he is saying as to get through a retnal scan he only needs to get a scan of your eye, and then do someplace and replace the scanner with something that inputs your retnal scan.

    A retnal scanner is hardware that produces electrical signals. Those signals can be faked if you know what they are.

    While passwords are not very good, I generally know if I reveal one, and there is no way someone can build a machine to get my password from a distancce. (Baring brainwave scanners which currently we don't even think are possibal) Someone could build a retnal scanner that works from 20 feet, put it in a room where you are likley to be, and store your scan. There is no way to change your retnal scan, so once I build a device to impersonate you I can fool any machine.

  • Usually I don't respond to idiots, but in your case I'll make an exception.

    Doh! So, if I make all kinds of typos like Rob you'll respond, but if my brain shifts a bit out of phase and I misread something you type I become an idiot?

    Yep. My post was plain stupid when I read the original (I even quoted it for cryin' out loud). That doesn't make the one who posted it stupid. By your reasoning I'd have to judge you abusive and would urge you to get professional help.

    Thanks for finding me exceptional though!

    carlos

  • These guys are kidding themselves. I'm sure that by the time they release the software or soon after there will be available a program to bypass it.
  • I do not type consistantly from moment to moment.
    Right! When I'm coding, I type pretty fast; when I'm writing an email or a piece of literature, I type REALLY fast, and when I'm filling out order forms for online purchases, I type SLOW to make sure I'm not making any errors.
    Not only is the premise flawed, but the original idea is pretty silly, too. Now give me a good Wacom tablet and some handwriting recognition software...no, no, somebody could trace my sig. Retina scan, CmdrTaco? Sure...now is that pre- or post-LASEC? :-)

    The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk
  • 1) Digital IDs do not prove personal identity, they make it blydi unlikely that a link between particular identities is fake. ("I" is one identity of mine; I might own two keys, I have records with assorted authorities in the UK, there is a "me" who ordered from Apple computers, you name it. I can have *different* signatures for each of the above mails, as well.)

    2) Digital certificates are issuable by people for anyone for free. Try GPG for size.

    3) See part (1), but you can't *guarantee* anything. You need to double-check fingerprints of keys, but even then if they used telnet to access their mail remotely and somebody sniffed the private key password then all you'd know is that they are one of the people on the planet who can unlock that key (not the best example but the point holds. It's no *guarantee*.)

    4) DCs don't cost money. You accept my GPG key, you can talk to me. Nice, Free, free, open-souce, you name it.
    ~Tim
    --
    .|` Clouds cross the black moonlight,
  • I agree, if you worked at it, you could probably confuse the system. But for the majority of users, it will work!
    One of our instructors has on a couple of occasions related his experiments with similar password software (Don you reading? Fill in the details...) He stated that with the software on its most setting forgiving setting, and with him deliberately trying to vary his typing speed, it still recognized him most of the time, and foiled the majority of attempts by others in the lab to duplicate his keyrate (he had given them the password). On it's strictest setting, he, still trying to vary his keystrokes, got in about half the time, but no one else succeeded in doing the same.

    I think this could easily catch on. People will not go out of their way to foil it, and our typing patterns can be almost as individual as a retina scan.
  • by orpheus ( 14534 ) on Tuesday June 13, 2000 @06:45AM (#1005671)
    Damn, I got a nasty papercut on my index finger. Now I won't be able to listen to my music for a week.

    ...burns, jammed fingers, scraped knuckles, fingers caught in doors, arthritis flareups, changed keyboards, same keyboard but dirty, having a few beers -- even hand lotion can make me type a little different.

    There's no shortage of reasons why this won't fly.
  • I'm skeptical as well. I use the keyboard all day long, but I know I don't always type with the same rhythm. Perhaps for password entry since it's burned into my brain, but even then it varies when I'm jazzed on caffiene or if I'm on the phone and typing with one hand or if my son is in my lap.

    What about when typing on a laptop, or one of those ergonomic (not!) keyboards?

    Of course, this must be doomed to failure. I hope.

  • Just throwing this out there, but if you got the typing biometric somehow, wouldn't you also be able to find the password easily? I mean, if you use some sort of computer-based strategy to grab the biometric, would it really be that much harder to grab the substance of the keystrokes, as well as the pattern?
  • Great. Now we'll all have to load up a keystroke sniffer so we can record our rythim. After all, if my hand's in a cast, I'm still going to want to listen to music.
  • I can't imagine anyone actually paying good money for music with these kinds of restrictions.

    May their business die a slow and painful death.

  • by CountZer0 ( 60549 ) on Tuesday June 13, 2000 @06:46AM (#1005676) Homepage
    Not only is this a blatently bad idea, but it comes from the same great minds that brought us Net Nanny.

    I do not type consistantly from moment to moment. Heck, I don't even "type" I hunt and peck really fast... Sometimes I type one handed... sometimes two... This software has NO chance of correctly identifying me.

    Add that to the great "hit rate" that is consistant with Net Nanny, and you will find that this software will more often than not block legitimate users from accessing the music.

    Besides, as another user mentioned, this whole idea is based on a flawed premise. Music purchases are not tied to a single user. I may be buying this music as a gift. I may be buying this music to transfer to my car mp3 player (which has no keyboard) Or my Lyra (also no keyboard)

    When I buy music, I get FAIR USE RIGHTS ... BY LAW... Technology such as this is taking away my rights. I will never purchase any music that I can no longer exercise my fair use rights. If I can not copy the music to multiple media forms/playback devices, then I do not buy it. It's that simple. Until the music industry understands this (or is FORCED to acknowledge this) they will continue to throw good money after bad attempting to develop technologies that infringe on customers LEGAL rights.

    Copying music is NOT a crime. This is the reality. The RIAA is the fiction...

    -Count Zero
  • In case you don't know: I'm against such identification.
  • This is a loosing battle Recording a persons keystroke pattern and inserting it into a downloaded music file will only increase the popularity of MP3. On top of this - how long will it take for 'Keystroke Pattern Eliminator' software to spread like wildfire through Gnutella? Most multimedia formats that impose listening and/or viewing restrictions end up failing (DivX).. You can block a stream .. dam a river .. but what do you do with an ocean? - Jump In.
  • I'm thinking about all the factors that cause me to become a different typist. The first of course is keyboard layout. I usually use dvorak and can type about 90 wpm but I can use qwerty and can type about 50. When I use one, I make totally different errors than on the other and type with different patterns and speed. The music would have to be tailored for one, keeping me from listening to my music. When I'm not at one of my computers I usually don't have the option of switching to dvorak easily.

    I also hunt and peck for passwords most of the time so that I can keep my hand on the mouse. Or how about network lag between keystrokes over a slow network connection when using telnet, WinVN, or other remote access? Or how about as your typing changes over time as you get better, or as you develop carpal tunnel syndrom and it gets worse?

    I don't think I'll be buying music with this security. Sounds a bit too easy for me to lose it or not be able to listen to it.

  • What about someone like me that constantly (pause, thinking) either pauses in sentences randomly to think or do something else or someone that keeps getting better at typing? i rarely make a mistake in typing now but i use to all the time. Of couse i have to type on certain keyboard types to not mess up :)
  • So what do you do when it fails to detect that it's you 2% of the time? Unless they can achieve 100% reliability on this, I can't imagine it ever flying. Plus, what happens if you injure one or both of your hands, or, god forbid, you take a professional typing course. Presumably this will affect your typing rhythm, which means that suddenly, you can't access your own legally purchased music.
  • They do seem to be going to ever-greater lengths to stop people from copying music and videos, with more and more protective layers being wrapped around the media on the customer's machine. I wonder how long it would take from the launch of a system like this for a workaround to appear? Cue a repeat of DeCSS. There's a nice little article in the Cryptogram [counterpane.com] about how this sort of trusted client-side software always seems to come unstuck.

    Here's a quick extract which pretty much sums it up... "Against all of these systems -- disappearing e-mail, rights management for music and videos, fair game playing -- there are two types of attackers: the average user and the skilled attacker. Against the average user anything works; there's no need for complex security software. Against the skilled attacker nothing works. And even worse, most systems need to be secure against the smartest attacker. If one person hacks Quake (or Intertrust or DisappearingInc), he can write a point-and-click software tool that anyone can use. Suddenly a security system that is secure against almost everyone can now be compromised by everyone."
    An extract from the Crypto-Gram Newsletter [counterpane.com], ladies and gentlemen. A fine publication.

  • That's why the only good solution is an onboard urinanalysis machine, bolted to your computer's case. This will indisputably verify your identity, and will also help prevent you from buying products on Ebay while drunk. Of course, you will need a six-pack on hand by your computer if you want to listen to a long playlist, but then again, who doesn't have that already?

    Then we could hook that urinanalysis machine to the cpu heatsink and OC this baby! Be the first on your block to have a liquid cooled 1.8Ghz dual celeron system! Weeh! umm, no I meant - wee-wee! (btw - OC=over clocked)

  • PawSense[tm] [bitboost.com] detects whether cat or human is typing, and disables the keyboard if the former.
  • by borud ( 127730 ) on Tuesday June 13, 2000 @07:31AM (#1005685) Homepage
    The first time I heard about identifying individuals by the way they type was 7 or 8 years ago. The system was supposed to monitor workstations in order to detect if an unauthorized user was using the workstation and apparently they had a very high success rate.

    A more recent paper by Fabian Monrose and Aviel Rubin with the title Authentication via Keystroke Dynamics [nec.com] might enlighten those interested in this, and I am sure that you'll find some interesting references on the above web page.

    Scepticism is often healthy, but when it comes to new ideas, "new" being used in a very relative sense here since the idea is apparently "new" to Slashdot staff, one should be more keen to understand them before writing them off.

    -Bjørn

  • Speak'o'the devil. This is the second most recent article on CmdrTaco's page: TacoHell [slashdot.org]

    I'm baking this kellogs pastry thingee in a toaster oven. Now I'm a veteren of many a pop-tar, but this is a variation on the theme that I'm unfamiliar with... the little bell goes off and I excitedly whip the glas door open. I rish inside to grab the tasty treat, only to overshoot, and plunge my fingers into the surface.

    Now poptart frosting is made of some bizarre substance that nobody has ever quite reverse engineered. Scientists have heated it to thousands of degrees, yet it never leaves its solid form... I assumed that this pastry would behave similiar, but I erred with painful results. This frosting melted. I stuck my finger into it. It was hot. Real hot.

    I yelp and begin sucking my fingers and making hurt noises as loud as can be expected considering my mouth is full of crisped fingers. The frosting tastes good, but my hands hurt. CowboyNeal laughs at me and I stick my fingers under the tap and run cool water over the pain.

    Now I have burn blisters on 2 fingers. Damn pastry.


    Bad Taco! On behalf of the RIAA I hereby suspend your music privilages.
  • It's pretty interesting to hear that somebody is actually working on this seriously. I first heard about it back in the 80's. Believe it or not, it was a Michael Crichton story that mentioned the concept. Here's the link:

    Mousetrap [simplenet.com]

    I seem to recall that the article I read included this story as well as some sample code, probably in Applesoft BASIC, which attempted to implement the mousetrap technique. It was certainly crude, but it worked better than I might have expected...

  • Wow, this sounds like another company who's going to take a big hit when their product comes out.

    I mean.. seriously, when it comes to music transport over the net, it can very likely be said that mp3 is the currently favoured format. Introducing another format which only plays on a restricted system requiring an odd and at best, sometimes workable password/locking mechanism is doomed to failure.

    Given the differences in keyboards, styles, alternating hands, sometimes single handed or single finger typing, or for those of us too lazy to move the chair over a foot or two, typing with a stick. Or typing when exhausted or half asleep or loaded on coffee.

    It would be like: You entered the original pass phrase while you were standing up. But when you're in need of listening to the music, you're sitting down. Oops. What do you know, now you have just doomed yourself to having to enter the code in while standing up while using a particular keyboard.

    I mean seriously, is it REALLY that hard to figure out what will not work in the public? Privacey is an issue. Free transport/playback is an issue. A biometric scan of someone's keystrokes which can identify them is something that would be a privacy issue. Making it a requirement to play music is a free transport/playback issue. {free as in freedom, not beer}.

    Simply slapping on restrictions onto a custom player which offers NO BENFITS OR ENHANCEMENTS TO THE CUSTOMER is not going to work. Divx offered nothing benficial and actually resulted in lower quality because of all the encoding required. Sony's mp3 stick/wand/thing is like that as well. No real new benefits to the consumer but adding on a truckload of restrictions.

    Do companies think this sells a product? It's like selling a computer case that's made of cast iron with a lock that only the company can open and you need to make an appointment to do so. And to boot, they charge you a whopping extra for the case with nothing in it.

    Seriously, this is the kind of thing that makes me think that while the collective IQ of these companies may be formiddable, their collective understanding and common sense is sorely lacking.

    NO BENEFITS TO CONSUMER + RESTRICTIONS = BAD PRODUCT & NO SALES.

    I think the music industry is where that Sprint Representative in the black trenchcoat should go to offer those nice clearing up phone services. Maybe then, things will be clearer and better. But then again, that would be abuse to the poor representative.


    - Wing
    - Reap the fires of the soul.
    - Harvest the passion of life.
  • by Anomalous Canard ( 137695 ) on Tuesday June 13, 2000 @06:32AM (#1005689)
    It must be Rob, look at all the typos!

    Anomalous: inconsistent with or deviating from what is usual, normal, or expected
  • 2. This one is blatently obvious... run your sound output back into your input and make a perfect digital copy without the copy protection.

    Then they will probably try to hang you out to dry via the DMCA provisions about defeating a copyright control mechanism.


    ...phil

  • Why do I get the impression that some manager went to Comdex saw the bells and whistles presentation, the people at Net Nanny put on, heard all the usual buzzwords and said "That is for us".
    There is more details about this system at BioPassword [http]. There entire presentation looks like a smoke screen with a brief mention of Statistics and a frequently mentioned but no explaination of their pateneted method.

    The only advantage I see of this over say hand writing verification is that it does not require any special hardware, but what happens in all of these cases:
    1) I'm tired so I type slower.
    2) I have hurt my hand or I am suffering from repetitive strain injuries.
    3) I change my keyboard.
    4) I spill coffee on my keyboard and the keys are a little sticky.
    5) I have been working at my keyboard for months and my typing speed goes up (I have advanced from two fingers to four).
    6) Since this is only available for windows at the moment and windows has crashed on me again and I am mad, so I hammer the keys home when typing the password.

    I am sure others could add many more scenarios to this list.

    Every biometric system has its faults, the more accurate the system the more expensive, but this has to be the cheapest and least accurate.
  • by imac.usr ( 58845 ) on Tuesday June 13, 2000 @06:34AM (#1005692) Homepage
    One day, I'd probably come home to find I'd bought 337 copies of "Gilligan's Island Collector's Edition DVD Box Set" or something like that.

    Cat owners will understand.

  • Another fatal flaw, probably quite literally:

    "MIS! They copied my authentication! I need a new set of hands!"

    Oops.

    Oh yeah, by the way:

    "Slashdot requires you to wait 1 minute between each submission of /comments.pl in order to allow everyone to have a fair chance to post.

    It's been 60 seconds since your last submission!"

    Yes, I *do* type that fast.......
    ~Tim
    --
    .|` Clouds cross the black moonlight,
  • That this wonderful invention is also produced by NetNanny! Better hope your passphrase isn't "profane"!

    I can't type and I rarely do things the same way twice, I wonder if this would still work for me.

  • by tealover ( 187148 ) on Tuesday June 13, 2000 @06:34AM (#1005698)
    I worked for a company that was trying to implement the exact same technology. They found that differences in keyboards and ergonomics made a world of difference. I don't know if this other company has overcome these obstacles.
  • "Identification please: Insert Retna in slot below..." - eww.
  • Of course, knowing the software industry, the first product to include a license management scheme that locks you out if your keyboard skills change will be "Mavis Beacon Teaches Typing"...

    It would do it by default. By lesson 5 or so your typing style just might possibly change!

    "I'm sorry. You're not the same 'hunt-and-peck' typist that registered this product. Access Denied."

    carlos

  • I know what you mean in terms of certian words just "spitting" themselves out; however, different keyboard types make for different patterns. What if you're one of those people who likes to switch between different key layouts? (QWERTY vs more ergonomic layouts) Or someone who has a funky split-vertical keyboard at home and a standard bad-for-your-wrists one at work? Your patterns would be different. Switching keyboards could mean not accessing your accounts.
  • by Bob Ince ( 79199 ) <and&doxdesk,com> on Tuesday June 13, 2000 @06:48AM (#1005706) Homepage

    Sigh.

    Time for another /. round of "spot the holes in the crap copy protection system".

    The type-speed thing works on a specific pass-phrase rather than a computer-generated one-time "type this please" string, so typing speed should be easily duplicatable. Or one could set the input keypresses to a constant rate, to make it easy to fake.

    And I presume this system is just as vulnerable to the likes of unfuck as anything else. Not much use being resistant to distribution schemes "like Napster and Gnutella" if you can turn them into MP3s or OGGs at the flick on an audio capture.

    This is a particularly worrying part of musicrypt's 'technology' spiel (black text on a black background in my browser - nice):

    When a connection to the Net does become available, the Client software transparently issues a 56-bit secure "back-channel" communication to our central Server module in order to give and receive updates on new and existing licenses.

    Read: the publisher can at any time revoke your right to listen to the music you have purchased. And knows about every bit of music you listen to, but that's kind of obvious and expected these days, isn't it.

    Once again, musicrypt, you lose. Once again, legitimate customers, you lose. Pirates? Well you're kind of unaffected. Hey ho.


    --
    This comment was brought to you by And Clover.
  • Okay.

    What happens in the case where you haven't listened to the music in two years, and your typing skills have dramatically improved or changed?

    I can see how something like the authentication system you are talking about might work, but that is something that is used on an ongoing basis. If I change the way I type I can't access my music any more?

    Besides, what if I decide to switch to the DVORAK layout?
  • Hey!

    This program sounds stupid to me. They claim it's 98% accurate. That doesn't sound very good to me. Are 2% of thier customers going to be denied access to what they pay for?

    What's more, I think that 98% accuracy is a bit optomistic. In a test with lots of nice, fresh suit-and-tie computer programmers first thing in the morning at a work terminal it may be very accurate, but I type differently when I'm at home. Sometimes I turn sideways to watch TV and put my feet up. My typing style changes completely because my body is at a 90-degree angle to the keyboard. What if the user talkes a typing course? I bet they havn't tested things like this.

    My other thought on the subject is how anazingly easy this coul be to break... VERY simple scripting/programming language Visual DialogScript has the command:

    WINDOW SEND, ,

    WINDOW SEND sends the contents of to the specified window as simulated keystrokes. Text can be entered as ordinary text.

    People will write programs using a system like this to simulate typing. Feed that in as the initial input instead of your 'real' typing and you'd be past the security in no time. I think.

    Who knows? maybe I'm totally wrong.

    Michael Tandy



  • The thing about biometrics is that they rely on secure hardware/software. Ie, it's a great idea for ATMs because the bank has incentives to make it tamperproof.

    But for home computers in a hostile setting ("cmon, Johnny, help mom get rid of this annoying password scheme on my Bette Midler collection") it is completely unworkable. It is relatively easy to figure out where the biometric input is collected and collated (ie, after the NN has had a chance to guess on whether the variances in typing speed / retina patterns are pass/fail).

    It can't stand up to more than five minutes of reverse enginnering.
  • Right. We've performed experiments on this in our CS class (University of Karlsruhe, Germany). They showed that you can imitate a typing pattern of another person within reasonable tolerance. And you need this tolerance to allow for the "noise" in your own typing.

    Tough luck.
  • by Wellspring ( 111524 ) on Tuesday June 13, 2000 @07:35AM (#1005718)

    That's why the only good solution is an onboard urinanalysis machine, bolted to your computer's case. This will indisputably verify your identity, and will also help prevent you from buying products on Ebay while drunk. Of course, you will need a six-pack on hand by your computer if you want to listen to a long playlist, but then again, who doesn't have that already?

  • This has very little to do with anti-piracy and a lot to do with the intense, ongoing effort of the recording industry to do away with all of the "details" of copyright law that they don't like.

    The DMCA is designed to outlaw fair use. They don't like that you can legally use excerpts from copyrighted works, so they purchased a law that effectively allows them to "opt out" of fair use by simply encrypting their material.

    Now they are out to do away with the first sale doctrine. First sale means that once you buy a copyrighted work, you have the right to turn around and resell your copy. That's why used record stores are legal. That's why you can go to a used record store and buy an old record that is out of print.

    If the recording industry is successful in adopting biometrics (which I don't think they have a chance in hell of), then old music will, by design, wither away and die after it goes out of print. Think about it ... Right now if you want an album that is out of print, you can buy it on the used market. This new system will eliminate that. Once an album goes out of print, no one will be able to buy that album anymore. That album will in effect cease to exist when the last person passes away who purchased that album.

    The industry is well aware that their biggest competitor is their own body of old work. If people spend their time purchasing and listening to old music, that is less money and time they are spending listening to the brand new music that the industry wants us to pay attention to.

    That's what this is about ... it has nothing to do with "piracy."
  • If someone gets into the backend and gets your retinal hash (or whatever stored representation they used), that could the could conceivably use it as a "password-eqivalent" later to impersonate you.

    Can't change that shared secret once it's compromised, no sir. (well, maybe you could switch eyes, once)

    And then, even though more recent systems depend on the eye being alive to work, there are still the stupid uninformed goons who would go around gouging people's eyeballs out.

    Not to mention you're SOL if you have an accident or something.
  • This is a bit long winded, but bear with me here. I actually have a point, not only about technology but also about privacy.

    I used to work at a government related thing. One of the places had a very secure computing center.

    They discontinued using retinal scanners when it turned out that an identical twin had a better than 10% possibility of fooling the system. That was just as well. No-one wanted to have access to the "retina room." The thinking was that if the Russians or Libyans wanted in, they'd just borrow what they needed to open the door. Obviously, borrowing just your eye wouldn't work very well (it would damage a lot of delicate blood vessels), so we figured they'd borrow your whole head if they really wanted in. Well, that probably wouldn't work either, but we wanted to avoid the risk just in case they'd try it.

    So after the retina scanner went away, they put in a palm scanner. Evidently, early environment effects fingerprints sufficiently that a palm scanner (which gets prints from four fingers, and several different areas on the palm itself) has a higher discrimination, and can much more reliably detect tricks like identical twins. Of course, using the same logic we all used before, we tried to avoid having access. If we had to get signed up for that room, we'd ask if we could get our left hand keyed (at least those of us who are right handed).

    Of course, the actual risk was probably infinitesimal. But just the same, why should we have taken those risks? If the "enemy" wants your password enough, they'll get it, whether it's a phrase, body-part, typing pattern, DNA sample, or whatever. They may have to kill you for it, or threaten someone you love. But if they want it enough, and they have the means to access you, they'll be able to get your password.

    If we extrapolate out to music, it's a bit ridiculous. No-one's gonna cut your hand off so they can listen to your MP3s. But it's the wrong direction to be taking this. By emphasizing biometrics, we not only give credence to the idea that they're secure (which they're not), but we also start irrevocably linking our security to our selves.

    Think about it. The Evil entity snags your computer: if the data is protected by a password, there's no way that they can prove that the data is *yours*. You might know how to decrypt it, but the ownership is not provable by that fact. You could plausibly argue that the file was placed on the server by someone else. Now, if that same file was encrypted by your palm-print, that defense is gone. Suddenly, they KNOW that they're your DeCSS sources, or Metalica MP3s, or $cientology documents...
    -
    bukra fil mish mish
    -
    Monitor the Web, or Track your site!

  • Input Password:
    ***** - sorry, you missed a beat
    Input Password:
    ***** - ::zzzt:: your timing was a bit off
    Input Password:
    ***** - nope, i got at least a 5 ms discrepancy there
    Input Password:
    ***** - maybe it's just lag, but that one was WAY off
    Input Password:
    ***** - you just don't get it, do you
    Input Password:
    ***** - Keystoke rythm confirmed; password incorrect.

    At this point the user will be forced to find a new monitor after he puts his keyboard through the one he's using now.

    --Forager.

  • by Pig Hogger ( 10379 ) <pig@hogger.gmail@com> on Tuesday June 13, 2000 @06:52AM (#1005732) Journal
    Doesn't anybody else recall a story published some 15-20 years ago, probably in OMNI, where some kid sold trade secrets to a japanese competitor, only to be busted by a honeypot trap?

    The story emphasized the geek's contempt of older users and human-engineering issues; the kid was caught by an older engineer who identified his fake logins by his typing pattern.

    As soon as he was identified, he was switched to a honeypot where the trade secrets were replaced by porn files. His "customers" were pissed enough to leave the kid have a very intimate explanation with a sumo wrestler...

    --
    Here's my mirror [respublica.fr]

  • They can get the sequence of the characters you type, but can they get the time between the characters?

    If Quake can read the time (to within 15 ms) when you pressed a key, then this biometric software can.

  • try:

    ifconfig whatever whatever whatever hw ether any:mac:adresss

    You can have whatever mac you want, see man ifconfig.
  • This might be more useful to help someone log in w/o having to memorize long, obscure passwords.

    The login screen can just display a sentence or two, the user types those sentences (mistakes and all), and the biometric algorithm will allow them in or not.

    If you want to combine this with a normal password-type situation, then just don't display the sentences - expect the user to remember them. If you combine the entropy of the words in the sentence with the entropy of the biometric authentication, then you might have entropy for a decent password (even if you build in a little error correction for discrepancies in the biometric or typing the sentence).
  • I guess I am the only person in the world who uses several different computers with several different keyboards. Oh, and my typing patterns is absolutely identical across all of them. Not! Has anyone else had the misfortune of trying to play Rogue/Hack/Angband/etc. on an ergo keyboard that was clearly split by someone who doesn't understand that programmers type differently?
  • From Willy Wonka and the Chocolate Factory...
  • Hmm.. so if you get a new keyboard (with either a new feel or a new layout), you need to buy all new keyboards.

    If this takes off, I expect there to be an explosion of new types of keyboards on the market. A return of the IBM hard clicking keyboard (god I love these), "chicklet" keyboards (remember Atari 400 and ZX81?), ergonomic and "split" keyboards, and DVORAK layouts, etc. All secretly backed by RIAA's slush fund. :-)


    ---
  • The thing to understand here is that if you are making use of someone else's property, you should expect to abide by the conditions imposed on its use.

    That's true. However, if I play music in my house, chances are that my family will be able to hear it. If I turn up the volume REALLY loud, my neighbors will probably be able to hear it. However, they haven't paid for the rights to listen to the music; I have. Can I call the cops on them for breaking the copyright -- before they call the cops on me for disturbing the peace? ;)
  • From what I heard, people are backing away from retina scan. Though it is a very good identification method, it has an evil side effect: Your retina can tell a lot about your health. The problem is thus not reliability, but privary issues. You don't want retina scan as an identification when signing up for a life insurance!
  • Sounds like Cryptonomicon's theory of identifying morse code messengers by their "wrist" (is that the term he used?). Apparantly the individuals could be identified based on their morse-code styles.

    I suspect the same would be true if we were all disciplined typists, like the stereotypical 1940's-era business offices crammed with female typists pounding on keyboards round-the-clock.

    I think this method would require that the person to be identified has been typing for some time. A newbie typist would require several months (years?) to develop a distinct style.

    But I can see where they got the idea.


    ---
  • I can think of a number of delightfully mean things to do with such software.

    1. If you type your Smashing Pumpkins passphrase in too perkily, the program forces you to listen to Brittney Spears instead.

    2. If you make a spelling error in your passphrase, you have to listen to Hason's "Mmm-bop" at least 4 times.

    3. If you type too slowly, you have to listen to Leonard Nimoy's redition of Proud Mary -- but only once.

    4. If your passphrase isn't politically correct, you have to listen to a Tracy Chapman song before your perferred choice.

    5. All other errors require the playing of Motley Crue at the highest possible volume.

    -- Diana Hsieh

  • You paid and own a laser-engraved piece of metal and plastic, but how does that make you the owner of its semantic content (at the very least, legally, it doesn't)?

    Strictly speaking, these sorts of "protection" schemes don't take that plastic disc away from you, they only limit the manner in which you may interact with certain aspects of its symbolic content.

    They aren't stopping you from playing frisbee with it, using it to resurface your roof along with your AOL CDs, or cleaning the toilet with it.
  • You're basically just worried about the right of first sale, aren't you?

    That's not specifically addressed or infringed by these technologies.

    It seems to me that the state of affairs that the record companies have brought about is this:

    When you buy a CD, you buy that round piece of laser-engraved metal and plastic, and you also buy a license to use its information content. (The latter accounts for most of the price of the CD)

    The piece of plastic is your property. The information content is just licenced to you.

    That's just how it works now.

    In this context, right of first sale just means that the license must be transferred with the CD, and nobody is allowed to prevent that.

    Where there IS no spoon .. er ... CD, and the licensed information is transmitted digitally, then the aforementioned "right of first sale" really doesn't have much meaning anymore. There's no physical media to tie the license to.

    Sorry.

    I'd also like to note that it's not really possible (semiotically or practically) to impose restrictions on the copying of information while simultaneously allowing its use in any way.

    (just try to come up with a 100% consistent definition of a practical "no copying" rule -- keep cacheing and related techniques in mind)

    It is relatively more practical to achieve some semblance of control over use directly, however, hence the sort of draconian things that the industry is suggesting.
  • There's an existence proof for this. R. Stockton Gaines developed a system called "Keyprint" at The RAND Corporation over fifteen years ago, in the days when RAND invented the MH mail system and other cool stuff (they've now assassinated all their high-tech efforts and gone in for policy analysis).

    We researchers had our reservations about that one, based on many of the same concerns shown here. Imagine our surprise when the blamed thing actually worked. There were enough degrees of freedom that the aggregate of the correlations it used was immune to "off days" and other such variations. This is described in Rand Report R-2526-NSF. [rand.org]
  • I guess what we really need to do is make a device that anylizes urine. Would'nt that be perfect at the office...

    I'm sure my cubicle-neighbors would just love that.

    "DEAR LORD, JASON WHY ARE YOU PEEING INTO THE COMPUTER?"

    "Relax. I just want to hear some music. I'm also signing in to post things on Slashdot."

    (confused employee runs away terrified, notifies security)
  • Last time I checked, IP was not really a time sensitive protocol. It makes sure the packets get there but not when, hence the trouble with webphones and streaming media in the early days. So to use this they're either going to have to record the whole string in a trusted client, a bad idea when security is an issue, or they are going to send the sentence letter-by-letter across the internet, where noise is going to cause serious problems with their time-based metrics. I sense possible implementation problems coming in the future...

    Still it might be an interesting way to encrypt stuff on your computer. Not only would you have to know the password phrase to type, but you would also have to be able to type it properly to get access to the data. It makes passwords lots harder to crack and the extra security is almost transparent to the user.

  • by BeBoxer ( 14448 ) on Tuesday June 13, 2000 @07:13AM (#1005786)
    Undoubtedly, it will. Why? It absolutely has to. All of these schemes such as typing rhythm, retina scan, fingerprint, are all nothing but disguised password schemes. It doesn't matter if your password is the word "secret", your credit card number, your SSN, a vector of your typing speed, or a GIF of your finger. In ALL cases, a program on the client gets the "password" and sends it to the server. In ALL cases, the client software has to be "trusted" by the server. In other words, any kind of open source is completely out of the question. Otherwise, the server can't stop someone from putting together a version of the program that reads it's input from a file instead of from the "legit" source. And how are you going to know whether or not the client is saving your ID to a file? Actually, you can't stop them even with a binary-only solution. It's just security thru obscurity.

    What's worse, is that all of these schemes rely on you giving the server all the information the server needs to impersonate you every time you sign in. What if your bank and your favorite pr0n site both use a fingerprint scan to ID you? Congratulations, the only thing keeping your pr0n dealer out of your bank account is their skill with a debugger! It's just like the crappy security on credit cards. Every single vendor you do business with has all the information they need to impersonate you. It's a testament to how honest the majority of people are that the entire industry hasn't gone belly up.

    But the biometrics are the absolute worst, since you can't change your password. At least you can close a credit card account and get a new one. I don't know where to buy new fingers or retina's, however. The only long term solution will be based on some sort of public-key algorithm. Anything else is just a scam. Actually, the one place where a fingerprint scanner might be handy is to authenticate you to a hardware smart-card that does your public key for you. Since the whole thing is built by a single vendor in hardware, it could be made pretty secure. At a minimum, a crook would have to steal the card and have a fair amount of hardware skill to get anything useful out of it. But this whole idea of using biometrics over the internet is just a bunch of snake oil. And poisonous snake oil at that. You're better off sticking with what you have now, at least then you can be concious of that fact that your security sucks.
  • Dear Mr. Moderator,

    May I know why this guy's posting was moderated as Flamebait ? He posted his idea on the subject and it seems to me that it's a valid point.

    I'd like to add that I don't like the idea of an identification system to listen downloaded music : it's a move in the wrong direction.

    The present system of audio CDs, which you buy once and on which you have property rights (usus, fructus, abusus) is far better than those fuzzy rights. For me it's OK to buy music I like, but please, don't turn my music experience in a techno-nightmare.

    Stéphane

    Have you checked out Badtech [badtech.com] The daily online cartoon?
    Have you checked out Badtech [badtech.com] The daily online cartoon?
  • The biggest problem with retinal scans is public acceptance.

    In addition to the fact you mentioned that it's possible to sureptitiously determine a great deal about the user's health and habits (alcohol, drugs, late night web binges, etc.) there's the more formidable problem that most people view the process as unsanitary. I read a paper about this some time back. (In The Lancet??) Bottom line, they noted these perceptions were the primary impediment to retinal IDs, and that people would not accept retinal scans as routine.
  • Speaking as a musician I know that:

    Repeating the exact same rhythm accurately is a skill that takes years to master. It sure doesn't happen by accident.

    Memory of rhythm fades rapidly. Unlike the patterns that grow on the ends of your fingers.

    Supposing that people did have characteristic patterns - by ear, a trained musician can easily copy and conterfeit them.

    On top of that, *nobody* is going to be happy about getting a retinal scan or anything remotely resembling that before they can play a piece of music they bought and paid for. This idea is so far out in left field that I can't see it as anything other than grasping at a straw - an act of desperation.

    I was reading a fine piece [osopinion.com] today that sums up exactly my thoughts, better than I could. The problem is defined perfectly, and the reasons why recorded music is *never* going to be expensive and restricted again, like it has for much of the 20th century. (The solutions he proposes for compensating musicians in that piece are too utopian, IMHO, but other solutions *will* work.)

    The RIAA and their toadies are on the run. They may be able to attack dotcom's and bring them to heel, but they can't successfully overwhelm the entire net.

    Disclaimer: I would *never* encourage anyone to violate a copyright, even to hasten the demise of an evil cartel like the RIAA - instead, listen to the music of musician's that *want* you to, and don't unfairly restrict you.
    --

  • I dunno, I make a lot of typo's too, but I still think this would work. Even though I don't touch-type, certain words just "spit" themselves out when I'm writing something. The rhythm of those words is probably tied to my particular brand of hunting and pecking, and there's no good reason that couldn't be analysed.

    Saying it wouldn't work because people make typos might be like saying that gait analysis won't be able to identify people who stumble sometimes.

    My question would be, does it work better or worse on people who actually learned to touchtype "properly"?

    -Kahuna Burger

  • I remember the University of Louisville messing with this technology almost 10 years ago... they were using chips that were suppossed to better simulate Neural Nets so that they could "learn" how an authenticated person typed and then later recognize them by that typing. Glad to hear someone finally got this stuff to work.
  • by FascDot Killed My Pr ( 24021 ) on Tuesday June 13, 2000 @06:38AM (#1005801)
    What if I become handicapped (blind, lose arm/hand/finger)? Suddenly I can't use my software because I don't type the same?

    What about other people in the same house? What if I sell the software? What if what if what if?

    This is just dumb. Of course, knowing the software industry, the first product to include a license management scheme that locks you out if your keyboard skills change will be "Mavis Beacon Teaches Typing"...
    --
    Compaq dropping MAILWorks?
  • Anyone else use multiple keyboards?

    Anyone else type differently on each?

    Lessee...

    At work I have one of those nifty ergonomic jobs on the pc, and a generic extended board on the Linux rack.

    At home, one of those little iMac boards on my G3 tower, and an IBM 101key (better tactile/audio feedback than other brands) on the Linux box.

    Plus, I have an old beater of a Thinkpad, with keyboard oddities of its own, I use for email on the road.

    And by the end of the summer, I plan to have a new Powerbook.

    Five keyboards (now... six in a couple months), all with different feel and feedback, and almost certianly, all with different typing habits.

    I don't think it'll work.

    john
    Resistance is NOT futile!!!

    Haiku:
    I am not a drone.
    Remove the collective if

  • Actually, the term is "fist": the way in which a Morse code sender composes his dots and dashes. An operator with a good "fist" is easier to copy than a some "ham-fisted" operator.

    None of this applies to me, as I am a dirty stinkin' no-coder.
  • by zyqqh ( 137965 ) on Tuesday June 13, 2000 @06:38AM (#1005804)
    I'm really skeptical about them getting something like this to work, I mean, I make typos in my 12 charachter password, but to be expected to type a sentence with the same rhythm? I still want retina scanners.

    I would hope that the system they're developing does NOT expect the user to put conscious effort into typing with the "same rhythm." The process of typing a full sentence, with timing data, has much higher dimensionality than any human observer could possibly take advantage of. Whether or not there are relevant parameters to be extracted from this remains to be seen, but I would stay clear of making statements such as the above until a good learning algorithm spends some quality time with the data. The only way this will work is if a learning algorithm manages to extract parameters which uniquely identify the user no matter what the user "tries" to do.

  • The type-speed thing works on a specific pass-phrase rather than a computer-generated one-time "type this please" string, so typing speed should be easily duplicatable.

    Quick poll: How many of you use rather random passwords like "U{.Z!Li}"? How many of you type them slowly at first, but can type these very quickly after using them for a week or so? I though so.

    Yet another hole in this scheme, if it's a constant passphrase then you'll naturally become faster with practice, and then lose your access because your typing style has changed.

    -----

  • by Bowie J. Poag ( 16898 ) on Tuesday June 13, 2000 @08:05AM (#1005813) Homepage
    I'd give it... oh, I dunno..5 minutes before someone comes up with a Perl script to replicate someone's typing style?

    I remember doing this when I was like 12. Dialing into local Commodore 64 warez BBS'es acting like I had a terrible grasp of English, and typing terribly slow to convince the Sysop I was dialing in from l33t-land, Europe. A whole big charade to give me an unlimited ratio. Worked nearly every time.

    There are so many holes in a technology like this that i'd shitcan it before it even got off the ground. If you're going to identify someone, there are far, far better ways of going about it than this, i'm afraid.



    Bowie J. Poag
  • _I'm really skeptical about them getting something like this to work, I mean, I make typos in my 12 charachter password, but to be expected to type a sentence with the same rhythm?_

    The typos are part of that rhythm.

    If this were speech recognition, then every slur, drawl and lisp would be part of that rhythm. That's how biometric identification works: it doesn't measure and record EXACT patterns, it is looking for _rhythmic_ approximations that are typical, or representative, of user X. Further, it is amazingly effective. Think how often, when proofreading, that you discover exactly the same errors - teh instead of the - again and again and again. And that is just a trivial example. I'm sure there are many others.

  • The point that everyone seems to be missing here -- the RIAA especially -- is that we're talking about taking draconian measures to control access to art. Or, to put it another way: no one here is actually talking about "art"; instead everyone is talking about controlling the access to the art.

    And it's utterly absurd.

    Think about it: do we really need retinal scans and fingerprint scanners or biometric typing tutors to ... er ... listen to MP3s? Or even to watch "Big Daddy?"

    All of these "copy control measures" are in place solely to *guarantee* the flow of profits not to the artists but to the corporations that contract the artist.

    I mentioned this in today's Napster story, but -- and come on, where is Katz when we need him? -- no one is talking about what's really going on here: the fact that 'intellectual property' as the studios would have us believe it is dying a slow, expensive death.

    And, if that wasn't enough, all this should start people thinking about the notions of 'intellectual property' in the first place.

    Come on, Katz, for chrissake: write one of your grand editorials about this -- about how technology is (finally) questioning the very notions of "property" -- and what it is that makes this a so-called "property" in the first place.

    What we're witnessing with all this biometric nonsense and CSS absurdity is the very loud gasps of corporations attempting to stay afload on yesterday's notions of 'property' and 'profit.'

    This, finally, may be the single most important contribution of the internet: the paradigm shifting notion that yesterday's 'intellectual property' cannot survive in an age where 'democracy' plays itself out not in parchment 'constitutions' or 'declarations' but across fiber optic cables and digital switches.

    'Property' has always depended as much on the presence of an object as much as its absence. Property has value when, say, you have a Lexus and you know that not everyone else does. This makes your Lexus valuable in the marketplace. Everyone *could* have a Lexus, sure, but not every one does. Everyone *could* own a house, but not everyone does.

    But what happens when you realize that your highly prized commodity (as determined by an artificially designed marketplace) suddenly loses its intrinsic value?

    Short of the specific things we need for survival -- food, shelter, sex -- the value of everything else is artificially assigned by the culture in which it is commodified.

    You go ape shit and attempt to preserve its value. But the question is this: for whom is this value being preserved for? And, more importantly, why? Are you preserving its value because without value the object will disappear? Well, this is what Jack Valenti will have us believe. If there is no copy protection for the next Brad Pitt movie, there will be no Brad Pitt movies. (Now, if this means that there will be no more absurd films like 'Fight Club', I'd be delighted. But Valenti would have us believe that even another 'Seven' -- a brilliant film -- would never get made, which would, indeed, be a shame.)

    Of course, this is bullshit. Art won't stop if suddenly there are no more corporations to exploit it. All that will happen is that a lot of the dead weight will be jettisoned.

    My point is that the link between 'art' and its earning potential for corporations is an artificial link. Art will always exist -- and art will continue to exist, even when it loses its status a 'property' by the corporations that use it to make money.

  • Somewhere in a junk box in my garage is an old AT-style keyboard adapter box commonly called a "keyboard wedge". These are still used sometimes to do things like provide input from barcode scanners and the like.

    The one I've got has a small 8-bit micro in it that also has the ability to capture and replay keystroke sequences delimited by truly odd and awkward command key sequences. Heck, IIRC, someone even posted something here a while back about a keyboard with a built-in capture and playback buffer. One thing I noticed about the way mine works is that it preserves the timing of the input in order to make sure it doesn't get ahead of the applicaiton. Any such gadget would defeat this scheme.
  • even hand lotion can make me type a little different

    No kidding!

    Oh wait, we're not talking about the same thing are we?

  • There could be trouble if they encrypt porn files this way, unless you always type with one hand...
  • The fatal flaw is that if it records, it can be played back. Sorry guys, no dice.. digital protection is flawed for exactly one reason - you can't obscure whether the bit is there or not. Solve that and I have a quantum physicist that wants to talk to you.
  • by MenTaLguY ( 5483 ) on Tuesday June 13, 2000 @07:22AM (#1005828) Homepage

    [ begin devil's advocate mode ]

    What if a family memeber wants to listen to my music and I'm not at home?

    Then they should pay to hear it, the same as you.

    The thing to understand here is that if you are making use of someone else's property, you should expect to abide by the conditions imposed on its use.

    If you don't like the conditions, don't use it. It's not like this is food or anything: you don't need, say, Metallica's Black Album to keep breathing for another week.

    The music is the property of its owner. If someone wants to, they may let you or your family members use it for free if they want, but they shouldn't be forced to do so.

    It's only now that technologies like this are giving the owners an option in these matters. Forcing them to let people use their property for free is morally wrong and it's only now that we're beginning to see technology that can rectify the situation.

    [ end devil's advocate mode ]

    In my own opinion, while I believe that private property rights are a consequence of natural law (woo, look at the cute widdle 18th century philosophy), they are such only because of exclusivity. Two people physically can't posess or control a physical object.

    I don't think the notion of "property" should be perverted to include things that aren't naturally, in enconomic parlance, excludable, and I don't think scarcity should be imposed where there is naturally none soley for the sake of making a profit.

    If people get mad when someone creates artificial scarcity even in a naturally scarce good (e.g. OPEC with oil), why is making a naturally non-scare good scarce just for the sake of making money suddenly okay with everyone?

    Now, making sure artists eat is a different matter, but the record companies aren't generally doing any better -- the majority of musicians would be living in cardboard boxes on the street (and not eating) if they relied on revenue from the record companies for their livelihood.

    Personally, I think we need to start thinking more about artists as people who actually do WORK (they do, you know, composing ain't easy) for which they should be paid (they generally aren't now, except when they're paid for performing), rather than thinking of them as people who need to be subsidized by someone playing tollkeeper to their ideas.

    The new technology is also enabling schemes like the Street Performer Protocol area which are I think a good start in the right direction. I only hope more people pursue them, instead of strangling ourselves like we are now.

    We have real world scare resources that have economic value: scare creative talent (labor). There is no real need to make "pretend" scarcity in information-space to subsidize that labor, unless you expect <sarcasm>the lazy artists to do their thing for free (they're not really DOING anything, after all)</sarcasm>.

  • Actually, the ability to recognise Morse Code operators by their "fist" has been around for literally ages, and, IIRC, was described in a James Bond book ("Diamonds Are Forever")

  • I will just get a monkey to randomly mash and bash the keyboard with it's hairy paws, now that is security.

    But, say you wanted to crack this, couldn'y you just get a realtime video cam and record the rate system admin mashes the keyboard with his fat hands? Get the rhytem from the tape and then make a robtic device to mimic system admin bob's keystroke rate.

    Eye scanners would be cool, cause to crack though, you would have to cut out the users eye, remove your glass eye, insert their's into the empty socket and crack that puppy open like a nice cold beer.

    On thing I seriously though about doing is a IR interface that is embedded into the body and can send the signal automatic when a correct password is typed into the machine.

    Seriously though, the above is just bs. Let's thinkg about this, what if you are drunk or stoned and want to check email? do you think your type rate will be the same? What if you are intoxicated on large amounts of caffeine when you "insert" the password rythems, then when you wake up slow in the morning and try to see what is on slashdot, you type rate is differant. What if you finally get one of those big ass old sytle IBM "click" keyboards that slows down your type rated compared to your sleek space age "fluffy" keyboard?

    And most of all, what if you a typing class?

  • Quite often it is better to disable the keyboard if the latter.
  • ...but apparently some people don't.

    I suspect the goober will probably get smacked down in metamoderation, anyway.

    Family situations aside, though, there are a lot of things that we do now (e.g. campfire singalongs) that violate copyright, it's just that there isn't (currently) a good mechanism to enforce it in those circumstances. (except some ASCAP sabre-rattling now and then)

    People ignore the inequities in the law because it's not consistently enforced. Technology is changing that.

    Really, my only reservation is that I'd like to make sure there are other ways artists can get equitably paid for their work BEFORE the copyright system falls apart.
  • What I want is a Linux module that monitors the typing of whoever is logged in as root, and sends an email to a remote address of mine when a violation is detected. That would be extremely useful.

    Forget this music crap. If I can route it to my speakers, I can burn it to cd, make an mp3, or record it to tape and take it to my car. Let them develop the technology, then eventually we'll put it to good use.
  • by gcoates ( 31407 ) on Tuesday June 13, 2000 @08:14AM (#1005852)
    During WWII army intelligence were able to identify individual enemy radio operators from intercepted morse signals, due to the fact that each opererator had a distinctive style, known as a fist.

    Given that this was possible in 1940 with no computing power, biometrics based on keyboard style is probably not so stupid...
  • ... an anecdote from IBM's Yorktown Heights Research Center. When a
    programmer used his new computer terminal, all was fine when he was sitting
    down, but he couldn't log in to the system when he was standing up. That
    behavior was 100 percent repeatable: he could always log in when sitting and
    never when standing.

    Most of us just sit back and marvel at such a story; how could that terminal
    know whether the poor guy was sitting or standing? Good debuggers, though,
    know that there has to be a reason. Electrical theories are the easiest to
    hypothesize: was there a loose with under the carpet, or problems with static
    electricity? But electrical problems are rarely consistently reproducible.
    An alert IBMer finally noticed that the problem was in the terminal's keyboard:
    the tops of two keys were switched. When the programmer was seated he was a
    touch typist and the problem went unnoticed, but when he stood he was led
    astray by hunting and pecking.
    -- "Programming Pearls" column, by Jon Bentley in CACM February 1985
  • So if you lose your fingers in some accident, not only will you lose a lot of money, you suddenly can't listen to your own, legally bought, collection of music anymore.

    And to people like Stephen Hawking, they can forget about listening to music this way.

    And if I want to play a huge collection of songs, legally bought by myself, I must authenticate each and every time the song advances.

    Do the companies that think of this "innovative" stuff even bother to think about what they are doing? Are these people morons for thinking that such a thing would work?

  • See my post below about R. Stockton Gaines's work at RAND around 1978-1980. You don't happen to remember your instructor's name, do you?

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...