I will preface this post by saying I am a cyber security enthusiast and will take no sides regarding the ethical debate on sharing profiles, free or commercial. This is a thread for technical discussion for the sake of learning.
I came upon an interesting advertisement: https://www.ebay.com/itm/Offic…-JMP-Aldrich/323060279865
I noticed at the bottom of the ad there was this:
After purchase you'll receive a copyright protected specially encoded copy of the profile via E-mail, you will need a Kemper Profiling Amplifier with firmware 4.0 or newer to use this! If you need multiples of the same profile for multiple Kempers please let me know, please do not share these as each file is encoded to the buyer so we will know who it was sold to if it ever ends up on a pirate torrent or other type of pirate site.
I was immediately skeptical. So a quick google led me to: http://www.groomednoodlers.com….php?f=20&t=2247&start=10
where EXPcustom claims "I got a way to encode the file to the specific customer that buys the file so if one ends up on a torrent site or is somehow shared globally I can find out who did it..."
My immediate thought was to embed something in a text metadata field, generate the hash and store a database of the hash to the customer. But this is just as easy to work around as it is to implement.
Without any under the hood, Kemper implemented profile validation, eventually one has to get a single file to load into the KPA. As soon as you have that it's game over in my mind.
Are the claims of tracking down pirates just a big bluff? Or do they do something with the hash and hope nobody changes anything? Anyone else have any thoughts?