Today sees the second solo album released by Radiohead frontman Thom Yorke, but questions have been asked of the security of using Bittorrent.
Rather than putting his new solo album out on CD and vinyl, through retailers or MP3 download via recognised or band sites, Yorke made his music available through the peer-to-peer service, reported the Sydney Morning Herald.
Following on from Radiohead’s release of its 2007 album “In Rainbows” on a pay what you want basis, this is available for the equivalent of $6, considerably less than even standard download charges. The album is available via a specific URL – tomorrowsmodernboxes.com and in a statement written by Yorke, and producer Nigel Godrich, they said that they were doing this “as an experiment”
The letter said: “The new Torrent files have a pay gate to access a bundle of files. The files can be anything, but in this case is an ‘album’. It’s an experiment to see if the mechanics of the system are something that the general public can get its head around.
“If it works well it could be an effective way of handing some control of internet commerce back to people who are creating the work, enabling those people who make either music, video or any other kind of digital content to sell it themselves. Bypassing the self elected gate-keepers. If it works anyone can do this exactly as we have done.
“The torrent mechanism does not require any server uploading or hosting costs or ‘cloud’ malarkey. It’s a self-contained embeddable shop front. The network not only carries the traffic, it also hosts the file. The file is in the network.”
Asked if there is the potential for a scammer to dress malware up as an email and encourage downloads of it, Mark James, security specialist at ESET, said: “One of the biggest problems with torrents is the ability to insert malware into the file being downloaded. It’s very easy to take a ‘safe’ torrent, repackage it with added malware and offer it for download.
“It could include ‘extras’, keygens (files that generate codes to get around protection) or even bogus video files that require a specialist (false) codec to enable viewing. The codec itself could be included or linked and will infect the machine and in the case of music files we could see videos included or extras from the musician to entice you into downloading their ‘bonus’ versions. The originating author will have no control over what ends up in the modified torrent and it will most probably include the original music for authenticity’s sake.”
Asked if torrent sites can be safe, James told IT Security Guru that it is not the site as such that can or cannot be trusted, but rather the torrents themselves which are seeded (shared) by other users.
“As you download a torrent you make it available for others to download from you – that’s the attraction of torrents – the more people seeding the download the faster it can be obtained,” he said.
“These torrents can often be found by simple searches (Google, Bing, Yahoo) and it will be up to the user to decide if it is legit or not based on where it is located,
how many people are seeding it and making sure you read any comments associated with the download. The biggest problem users may encounter will be their ISP (Internet Service Provider) blocking access to torrent downloads or if they do allow it then limiting the speed of the download.”
I’ve reported in the past on how modern ways of delivering media can cause security headaches, and as a fan of Radiohead and Thom Yorke, this move is not especially surprising but at the same time, it could be pounced upon. Can modern technology and security sit side by side? Sometimes we may be seen as folk who say no, but we are also not the ones with our heads in the sand when it comes to safety.