June 27, 2017

Archives for October 2007

Comcast Blocks Some Traffic, Won't Explain Itself

Comcast’s apparent policy of blocking some BitTorrent traffic, which has been discussed on tech sites [example] for months, has now broken out into the mainstream press. Comcast is making things worse by refusing to talk plainly about what they are doing and why. (This is an improvement over Comcast’s previously reported denials, which now appear to be inconsistent with the facts.)

To the extent that Comcast has explained itself, its story seems to be that it is slowing traffic from heavy users in order to keep the network moving smoothly. This would be a reasonable thing for Comcast to do (if they were open about it) – but it’s not quite what they’re actually doing.

For starters, Comcast’s measures are not aimed at heavy users but rather at users of certain protocols such as BitTorrent. And not even all users of BitTorrent are targeted, but only those who use BitTorrent in a particular way: uploading a file to non-Comcast users while not simultaneously downloading parts of the same file. (In BitTorrent jargon, this is called “seeding”.) To get an idea of how odd this is, consider that an uploader who is experiencing blocking can apparently avoid the blocking by adding some download traffic.

It would likely be easier for Comcast to simply measure how much traffic each user is generating and drop the heaviest users’ packets, or just to discard packets at random (a tactic that falls most heavily on those who send and receive the most packets).

Beyond its choice of what to block, Comcast is using an unusual and nonstandard form of blocking.

There are well-established mechanisms for dealing with traffic congestion on the Internet. Networks are supposed to respond to congestion by dropping packets; endpoint computers notice that their packets are being dropped and respond by slowing their transmissions, thus relieving the congestion. The idea sounds simple, but getting the details right, so that the endpoints slow down just enough but not too much, and the network responds quickly to changes in traffic level but doesn’t overreact, required some very clever, subtle engineering.

What Comcast is doing instead is to cut off connections by sending forged TCP Reset packets to the endpoints. Reset packets are supposed to be used by one endpoint to tell the other endpoint that an unexplained, unrecoverable error has occurred and therefore communication cannot continue. Comcast’s equipment (apparently made by a company called Sandvine) seems to send both endpoints a Reset packet, purporting to come from the other endpoint, which causes both endpoints to break the connection. Doing this is a violation of the TCP protocol, which has at least two ill effects: it bypasses TCP’s well-engineered mechanisms for handling congestion, and it erodes the usefulness of Reset packets as true indicators of error.

People have apparently figured out already how to defeat this blocking, and presumably it won’t be long before BitTorrent clients incorporate anti-blocking measures.

It looks like Comcast is paying the price for trying to outsmart their customers.

The ease of applying for a home loan

I’m currently in the process of purchasing a new house. I called up a well-known national bank and said I wanted a mortgage. In the space of 30 minutes, I was pre-approved, had my rates locked in, and so forth. Pretty much the only identifying information I had to provide was the employer, salary, and social security number for myself and my wife, as well as some basic stats on our investment portfolio. Interestingly, the agent said that for people in my situation (sterling credit, paying more than 20% of the down payment out of our own pocket), they believe I’m highly unlikely to ever default on the loan. As a result, they do not need me to go the trouble of documenting my income or assets beyond what I told them over the phone. They’ll take my word for it.

(In an earlier post, I discussed my name and social security number having been stolen from where they had been kept in Ohio. Ohio gave me a free subscription to Debix, which claims to be able to intercept requests to read my credit report, calling my cell phone to ask for my permission. Why not? I signed up. Well, my cell phone never buzzed with any sort of call from Debix. Their service, whatever it does, had no effect here.)

Obviously, there’s a lot more to finalizing a loan and completing the purchase of a home than there is to getting approved for a loan and locking a rate. Nonetheless, it’s striking how little personal information I had to divulge to get this far into the game. Could somebody who knew my social security number use this mechanism to borrow money against my good credit and run away to a Carribean island with the proceeds? I would have to hope that there’s some kind of mechanism further down the pipeline to catch such fraud, but it’s not too hard to imagine ways to game this system, given what I’ve observed so far.

Needless to say, once this home purchase is complete, I’ll be freezing my credit report. Let’s just hope the freezing mechanism is more useful than Debix’s notification system.

(Sidebar: an $18 charge appeared on my credit card last month for a car rental agency that I’ve never used, claiming to have a “swipe” of my credit card. I challenged it, so now the anti-fraud division is allegedly attempting to recover the signed charge slip from the car rental agency. The mortgage agent, mentioned above, saw a note in my credit report on this and asked me if I had “challenged my bank”. I explained the circumstances and all was well. However, it’s interesting to note that the “challenge”, as it apparently appears in my credit report, doesn’t have any indication as to what’s being challenged or how significant it might be. Again, the agent basically took my word for it.)

Radiohead Album Available for Free, But Fileshared Anyway

The band Radiohead is trying an interesting experiment, offering its new album In Rainbows for download and letting each customer decide how much to pay. You can name a price of zero and download the album for free, if you want, or you can pay whatever price you think is fair.

Now Andy Greenberg at Forbes is reporting that despite Radiohead’s free-if-you-choose offer, many users are downloading the album from P2P systems rather than getting it from the band’s site. Some commentators find this surprising, but in fact it should have been predictable.

Why are some people getting In Rainbows from P2P rather than the band’s site? Probably because they find P2P easier to use.

Radiohead’s site makes you click and click to get the music. First you have to click through a nearly content-free splash screen. Then you click through another splash screen telling you things you probably already knew. Then you click an “ORDER” button, and click away a dialog box telling you something you already knew. Then after some headscratching, you realize you need to click the “VIEW BASKET” button, which takes you to a form asking you to name your price, in U.K. currency. (They link you to a third-party site, offering a large collection of currency-conversion tools – several more clicks to find the one you want.) After choosing your price, you click “PAY NOW”, at which point you get to stare at a “You are currently in a queue” screen for a while, after which you set up an daccount enter some personal information (including your email address and mobile phone number) and agree to some terms of service (which are benign, but it’s more time and more clicks to verify that). Finally, you get to download the music.

It’s easy to see why somebody might prefer a P2P download. Leaving aside legal issues – and let’s face it, many people do – the moral argument against unauthorized P2P downloading seems pretty weak in this case, where downloaders aren’t depriving the band (or anyone else) of revenue.

This is an interesting natural experiment that tells us something about why people use P2P. If people normally choose P2P over authorized channels because P2P is cheaper, we would expect customers to shift toward the authorized channel when it offers a zero price. But if people choose P2P for convenience, then we’d expect a shift toward more P2P use for this album, because people have fewer moral qualms about P2P downloading this album than they would for a normal album. The clunkiness of Radiohead’s site improves the experiment by sharpening the ease-of-use factor.

It’s too early to tell how the experiment will come out, but news reports so far indicate that the ease-of-use factor is probably more important than some pundits think. This is yet more evidence that had the record industry embraced easy-to-use Internet music technologies early on, things would be very different now.

[UPDATE (Oct 21, 2007): Bill Zeller documents how technical issues completely prevent a large number of users from legally downloading In Rainbows from Radiohead’s site.]