CNN has a story today on how RIAA tracks downloaders. There are some pretty interesting details. We all know that they could run down your IP address and track your username, but what else does the RIAA do?
…the industry disclosed its use of a library of digital fingerprints, called "hashes," that it said can uniquely identify MP3 music files that had been traded on the Napster service as far back as May 2000. Examining hashes is commonly used by the FBI and other computer investigators in hacker cases.
By comparing the fingerprints of music files on a person's computer against its library, the RIAA believes it can determine in some cases whether someone recorded a song from a legally purchased CD or downloaded it from someone else over the Internet.
The recording industry also disclosed that it is examining so-called "metadata" tags, hidden snippets of information embedded within many MP3 music files. In this case, lawyers wrote, they found evidence that others had recorded the music files and that some songs had been downloaded from known pirate Web sites.