Posting Publicly Available URL Claimed a "Hack" 555
Urban Strata writes "Popular mobile phone community HowardForums.com is being hit with take-down notices from MobiTV. At issue is the fact that a HowardForums community member uncovered a publicly accessible URL for MobiTV's television stream. This URL is not encrypted or authenticated in any way, and yet MobiTV sent site owner Howard Chui a cease-and-desist letter for hosting a forum with the public URL, claiming that doing so is equivalent to hacking their service."
No just URL (Score:1, Insightful)
Well, what did you expect? (Score:1, Insightful)
Does it allow people to watch TV that they didn't pay for? Yes
Does it prevent Verizon and MobiTV from receiving revenue that they should from the streams? Yes
Is it wrong? Yes
Does MobiTV and Verizon have the right to send a cease and desist letter? Sure
See folks, whether its a hack or not doesn't change the fact that its just wrong. There are too many people freeloading nowadays. The Internet makes it so much easier to freeload. And its becoming a disease. When MobiTV fixes their stuff, I'm sure a bunch of people in these forums will yell and scream about it, but few of them will actually starting paying for the service that they started to enjoy. I do agree though that MobiTV should be ashamed of themselves for leaving their service wide open.
Wow... (Score:1, Insightful)
Shame shame (Score:1, Insightful)
Other things MobiTV is doing. (Score:3, Insightful)
Seriously, this is probably something to draw attention to a service that few people knew about. Any publicity is good publicity, after all.
Re:Well, what did you expect? (Score:5, Insightful)
Freeloading (Score:5, Insightful)
Jee, I wonder if you'd apply the same concept to OTA radio and Local TV with regards to magnetic recording media back in the 80s and 90s.
The fact of the matter is that they're claiming it is a hack, when it's their own stupidity and ignorance that allowed this to happen. Calling this a hack is just an attempt upon the person's character. People will begin to think the person that stumbled across this is a hacker, then they'll get that reputation, which in turn tarnishes the reputation of the non-hacker. It's character assassination and MobiTV should be nailed to the fucking wall while someone calls for their waaaaaahmbulance.
Re:Well, what did you expect? (Score:5, Insightful)
No. There is nothing wrong with visiting a publicly available URL. No exceptions.
Re:Well, what did you expect? (Score:5, Insightful)
What makes you think this is any different? Immoral != Illegal.
This comment worth 5 dollars. (Score:4, Insightful)
Re:Well, what did you expect? (Score:2, Insightful)
Also, they're not -prevented- from receiving revenue. Those people who have subscribed and paid are still (unless they take the time to unsubscribe) subscribed and paying. They may not be receiving as much revenue per unit of usage, sure, but nothing has been done to -prevent- them from making money.
This is totally wrong (Score:2, Insightful)
What London Zoo should do is force people who walk through Regents Park to stare at the ground* so that they can't see the giraffes and thus have to pay to go and see them.
*Yes I know, 95% of London already stare at the ground whilst walking along the road.
Re:Well, what did you expect? (Score:5, Insightful)
The OP merely said that it was wrong, he did not say that it was illegal. Wrong is clearly a statement of whether something violates ones morals (in this context).
Just sayin...
Security through obscurity (Score:4, Insightful)
What exactly is MobiTV trying to claim is their IP? The URL? I didn't think such short addresses were copyrightable. I don't think they realize how the internet works. If I type in a URL in a browser, I'm sending a request for data back. It's up to mobitv what to return. If they don't want us to have access to the data, don't return it. Simple.
Re:Well, what did you expect? (Score:3, Insightful)
Is it wrong to walk into a gym where you dont have a membership and start exercising just because they dont bother to check ID's at the door? Yes
This is the same thing. It is not wrong to visit a URL. It is wrong to use a pay-service that you are not paying for.
Lets try to get this into your head: You are not entitled to everything you have "access" to. If you continue to live with this mentality, DRM will be shoved at you for every kind of content imaginable.
Re:what about google? (Score:3, Insightful)
Re:Well, what did you expect? (Score:0, Insightful)
Re:Well, what did you expect? (Score:4, Insightful)
Re:Well, what did you expect? (Score:5, Insightful)
Re:Well, what did you expect? (Score:3, Insightful)
Visiting a public URL in itself is never wrong. What you do there may or may not be. We aren't talking about just 'visiting a public URL.' We are talking about taking a service you don't pay for.
Re:Well, what did you expect? (Score:5, Insightful)
Is it a hack? No. It's an url.
Does it allow people to watch TV that they didn't pay for? Yes. The TV is offered for free. People who accept the offer can watch it for free.
Does it prevent Verizon and MobiTV from receiving revenue that they should from the streams? No. Verizon and MobiTV could just withdraw the free offer, and implement a different access-controlled method for the same video.
Is it wrong? No. Someone offers free goods. You accept the offer. You have not done anything wrong.
Does MobiTV and Verizon have the right to send a cease and desist letter? Yes. Anyone can write a letter. It means nothing.
Were MobiTV and Verizon stupid to offer this data online for free? Maybe -- It could have been done intentionally. Lots of people put video online, for free.
Were MobiTV and Verizon stupid to continue offering this data online for free, after they decided that they didn't want to? Yes.
Re:what about google? (Score:2, Insightful)
I would not go as far as saying that their buisness model is flawed; rather, I'm saying that you can in good faith come across that site without paying (as I did the first time).
Some sites serve obviously illegal content, other offer something which is to good to be legal (full recent games download, etc), but when it's just a video strem of a TV show, or an answer about some bash command question, you can't just blame the user saying he should have "guessed" it was illegal.
And the same applies to the "dumb" bots of google.
Re:Well, what did you expect? (Score:5, Insightful)
Re:Well, what did you expect? (Score:5, Insightful)
This situation is similar to putting up a big sign in your yard that is visible from public property, and then complaining about people who look at it. If you want it to be private, then don't make it visible from public property. Same thing with a URL. If you want the content to be private, then don't make the link publicly accessible. If you do make it public, you can't complain when people look.
Re:Well, what did you expect? (Score:3, Insightful)
Is it more like walking into a library w/o a card and browsing the stacks and reading in the library, or like talking a book home?
You can't use your metaphor without answering which, and the answer explaining which is the more correct metaphor is probably more work that arguing the case itself.
That said this "everything that's not nailed down is ok for me to walk off with" mentality probably IS keeping the DRM race ratcheted up.
Re:Well, what did you expect? (Score:4, Insightful)
You're talking about leaving a cardboard box full of merchandise in a public park with a signs saying "take one, leave a dollar" and a cease and desist to a person who posts a sign saying "hey there's stuff in the park".
In short, we're talking about incredible stupidity [uncyclopedia.org].
Re:Well, what did you expect? (Score:5, Insightful)
You're not preventing anyone else from browsing or checking out the books, and at worst you're taking up a little bit of space in the hall. The resources that you've accessed are still there for all the other patrons.
Re:Well, what did you expect? (Score:3, Insightful)
They can ask him to take down the url all they like, but If I was the site owner I would tell them to go fsck themselves and go secure their site. IF this was a hack of their security that was being exploited, that would be another matter but it is not. Advertising that their IT staff are idiots is not wrong and as long as they do nothing to prevent access to this URL by unpaid customers they are tacitly allowing such access.
Re:Well, what did you expect? (Score:5, Insightful)
It takes an unhealthy dose of willful ignorance to fail to make that determination on your own.
And yet you're puzzled by why digital content producers try so hard to prevent their works from being 'mistakenly' acquired by people who (according to you) can't determine if they are entitled to said works for free.
Re:Well, what did you expect? (Score:3, Insightful)
It's ridiculous for them to then complain that someone dared advertise what the company itself was doing. If they don't want people to take the product for free, stop giving it away.
Re:Well, what did you expect? (Score:5, Insightful)
Preventing receiving revenue ? wrong (Score:5, Insightful)
And you know what you'll find? Millions and millions of books, including current bestsellers like Stephen King's Duma Key. Yep, you can just take it right off the shelf, sit down, and read it right there. Instead of paying $17 to $28 dollars, you can read it for free!
In fact, with a Massachusetts driver's license and a little sweet-talk it's not at all hard to do social engineering on the guy at the security desk and talk him into giving you an access card that will let you take that book right through security, right out of the building! For three weeks or more.
Is it a hack? Not really.
Does it allow people to read books that they didn't pay for? Yes
Does it prevent Scribners from receiving revenue that it would otherwise have received? Yes.
Is it wrong? No.
Re:Well, what did you expect? (Score:3, Insightful)
Yes, but public buildings and private gyms have clear demarcations as to what is public and what is not. If the gym has a dozen rooms and the first one I happen upon has no lock, no ID check, and no sign stating the requirement that you be a member, I cannot know to stay out; it could be demo equipment put there to entice me to become a member.
Similarly, if a URL doesn't have an authentication lock and doesn't say you must be a paying member to access, how can I distinguish pay content from a free giveaway?
Re:Well, what did you expect? (Score:1, Insightful)
Are you for real?
It has never been legally permissible to enter a building without the owners consent. There is no such thing as a "public building" - buildings are private property owned by individuals, companies or the government that in some cases deal with the public. You are not allowed to simply enter a building and start using the facilities provided.
This is just another example of the freeloading culture on the Internet and on Slashdot in particular. You are not entitled to everything the world has to offer. This television service made a mistake but they are well within their rights here and hopefully will learn a lesson and fix the hole. But what happens if another hole is discovered? At what point do we declare intent to be malicious rather than "weak security"?
Re:Well, what did you expect? (Score:5, Insightful)
Also, this reminds me of this story [slashdot.org] where reuters was accused of hacking for posting a publically-available but secret URL. Everyone thought it was a complete joke and reuters lined up its battalion of lawyers and pumped the plaintiff full of hot lead. How is this any different?
Re:Well, what did you expect? (Score:3, Insightful)
Now, if you click a link to a site that was showing video and stuck around to see what they had, pleading ignorance may be a little more realistic. But, once you learn that you're only able to watch that video due to a huge oversight by the site owner, I'd say the gym analogy is apt.
Re:Well, what did you expect? (Score:3, Insightful)
If you left your front door unlocked, would that entitle me to go inside, watch your TV, and raid the fridge? I think we'd all agree that in that case, a lack of access control does not imply free (as in the beer I found in your fridge).
The key question is "Did the user know he was not entitled to use this service?" Also, "Would an average person with no prior knowledge of the service assume that it is 'open to the public'?"
Re:Well, what did you expect? (Score:2, Insightful)
Re:Well, what did you expect? (Score:3, Insightful)
Re:Well, what did you expect? (Score:5, Insightful)
Re:Well, what did you expect? (Score:5, Insightful)
So that gym I go to every Saturday to take martial arts has been charging all these years? Seriously, I go to a free gym every Saturday to train; the name is the Black and Williams Neighborhood Center just in case you think I'm bullshitting. These aren't unheard of in most civilized countries so one has to wonder who is really disconnected from society as per your statement above.
tollbooth (Score:3, Insightful)
The "Free" disease (Score:2, Insightful)
Re:Well, what did you expect? (Score:5, Insightful)
Now you've opened up the line for yet another debate on the true meaning of "steal".
A lot of people don't accept that the legally-assigned right to profit from (propagation of) information (1) is a distinct thing from the information itself, and (2) can be and is destroyed / taken from the right-holder when unauthorized propagation of the information occurs.
I don't agree, and for that reason I don't have a big problem with the shorthand of calling it theft in casual contexts even though the analogy is imperfect.
Or rather, I wouldn't have a problem about it, except the reality today is it pushes the debate away from the issues as people wrangle about the semantics.
Re:Well, what did you expect? (Score:4, Insightful)
A private, authenticated access system would be like having a dog show in a private venue. An open, public URL is like taking your dogs for a walk in Balboa Park. Everyone has the right to go there, and no one can stop you from looking at the other people and stuff there, too.
Re:Well, what did you expect? (Score:2, Insightful)
A url is no different than placing something in the middle of the public square for all to see. This was akin to placing their wares in a back alley, because not many people go there but that is still out in public. If you want to restrict access to something on the internet SECURE IT! Anything that is not restricted is in the public domain by definition. You could probably access this site completely by accident as a result of a search and you would know it is supposed to be pay only how? They have only themselves to blame that this url is not secured.
Re:Well, what did you expect? (Score:4, Insightful)
No. I stayed up and fixed it. There'd be no one to blame but myself if I hadn't.
Re:Well, what did you expect? (Score:3, Insightful)
And therein lies the fault of your reasoning. THERE IS NO DOOR!
The Net is open. Period. If an engineer makes the decision (or in this case a business decision) to not put up a gate with a guard then MobiTV can expect anyone to enter.
Let's step back from the "home invasion" mentality. This is a business. Most businesses allow people to enter without ID. Take a SAMS Club or COSTCO, for instance, though. The doors are open but you need a membership to buy merchandise. You can look around for free, though. And guess what? They kick *everyone* out after business hours. So, you could spend all day in the store if you wanted to; but, you'd be asked to leave at closing.
You wouldn't be allowed to buy something until you were a member; so, you could watch TV all day in the store and no one would care. Eventually, someone would probably ask you to leave and you'd have to go. Bottom line is just get a membership before you try to buy that 50" LCD.
COSTCO and SAMS Club could tell people, "No ID? Get a membership before you come back." and they'd be justified to enforce that rule to perform their business this way if it was their choice.
With MobiTV - same thing. MobiTV needs to validate their users before serving media. They control the access and they are responsible for minimizing access to paying members only to protect their share-holders.
Also, this is not a "hack". This is a copy paste job at best. Sure, the guy might know how to use Ethereal and an application (or hardware(doubtful)) to capture the data packets from a phone - that only puts him in the power-user category. Hacking security requires a lot more understanding of how MobiTV safeguards their data and maybe a method to bypass their security.
But, none of that is being performed here - this guy simply stumbled across a URL that serves Streaming Video.
So, once again, someone's making a mountain out of a mole-hill. Plug your leak and move on.
Re:Well, what did you expect? (Score:2, Insightful)
Sorry, public urls are..well...public. If they do not want people accessing them they restrict them by placing login requirements. Similarly the zoo makes sure the exhibit is not viewable from the street and forces patrons to go through the entrance and pay the admission to view the exhibit.
Re:Well, what did you expect? (Score:5, Insightful)
Look, if I leave a sofa on the curb in San Francisco, and don't look like I am moving, it will disafsckingppear in less than an hour. The internet is no different; you make a stream avail without any protection, I tap into the stream, you don't want me to, you block it. You don't block, you are ok with it. Like leaving the sofa out, implied consent to access unprotected content/stuff.
Your argument essentially distills into having a house with glass walls in the middle of a crowded city and then complaining when people look in. Don't want observers, don't use glass walls.
andy
The semantics in this are critical (Score:3, Insightful)
It isn't steal, it's copyright infringement. There are two different terms for very good reasons. Copyright issues are very 'hot' right now so diluting and / or confusing the issue doesn't help.
Re:Well, what did you expect? (Score:3, Insightful)
All the analogies in the world will not change the fact that you are aware that you are getting something that you shouldn't be. Nuff said. End of story. Goodbye.
Re:Well, what did you expect? (Score:3, Insightful)
"You are the CEO of a multinational corporation. You manage the company into the ground. You are fired, but the golden handshake provision of your contract entitles you to 150M$. Money you didn't, in the strictest sense of the word, earn. Are you stealing?"
The CEO indeed did not steal, but the reason isn't that the company from whom he takes the money left it unprotected; it's that they gave explicit consent that in those circumstances, he would be allowed to take that money.
By contrast, putting content on a URL you don't publish is not accepted (by society in general -- outside of technical circles -- nor by the law) as giving explicit concent for everyone to access that content. It probably should be, but it isn't.
A better analogy would be, a company has poor security policies and the account numbers for their corporate holdings fall into every employee's inbox. If employees make withdrawels, are they stealing? Yes they are.
"Look, if I leave a sofa on the curb in San Francisco, and don't look like I am moving, it will disafsckingppear in less than an hour. The internet is no different; you make a stream avail without any protection, I tap into the stream, you don't want me to, you block it. You don't block, you are ok with it. Like leaving the sofa out, implied consent to access unprotected content/stuff."
Neither restating how you'd like the social norms to be, nor citing other situations where the social norms are how you think the should be, has any connection to the discussion at hand.
Leave your car unlocked in parts of St. Louis, someobody will take your car stereo. The argument has the same logical structure as yours, yet it doesn't lead to the conclusion that taking car stereos from unlocked cars is ok. Abstraction and analogy is fine, but when you abstract away differences that matter, it's just sophistry.
Re:Well, what did you expect? (Score:2, Insightful)
If the URL resolves, it has been published by the host. It's a trivial matter to make that URL not work except from an internal referrer.
Re:Well, what did you expect? (Score:3, Insightful)
Me: Hey, I have this URL. Can I get any content from it?
Them: Sure, here's a video for you!
So, the gym analogy would be more like this:
Me: Hey, I saw this gym here. Can I work out?
Them: Sure, come on in!
If they don't want me to come in, they just have to say no. If MobiTv couldn't be bothered to say no or check IDs at the door, they have effectively allowed me in.
Re:Well, what did you expect? (Score:3, Insightful)
How do you know if your neighbor minds? Hell, I could be your neighbor.
If I put an old computer on the curb, it's free for the taking. It would be quite stupid to assume otherwise. And the law says your trash is public property once it's set out on the curb.
I see your argument running out of propellant.
Re:Well, what did you expect? (Score:1, Insightful)
Re:Well, what did you expect? (Score:3, Insightful)
Incredibly stupid business decisions should not be protected with a C&D to remove an entire forum thread. Free societies have already established that telling someone how to do something illegal is NOT the same as doing it. I can teach you how to circumvent security and not break any laws. If you use that knowledge to rob a bank, the crime is robbery and you will go to jail. I'm not going to be culpable for merely providing you with information on how security systems work. If people post about taking something that is a paid for service, then that is evidence of a crime, but the forum thread is protected speech.
Stealing is ingrained into our species. We steal when we can get away with it and always have. People steal on an individual level and on a group level. You are deluded if you think that theft will ever vanish from our species-it has provided an advantage to us for far too long. (Nations invade and conquer, thus stealing the land and resources of their neighbor; American settlers in the late 1800's "squatted" on public land and converted it into private holdings in violation of the law; Corporations regularly violate the law for economic or political gain as Enron and AT&T are both examples as is Microsoft.) These behaviors are neither unique to our times nor represent some sort of "moral decay" in human society. Nor do I suspect will such behaviors have any impact upon how our species will respond to any looming crises: We will do what we always do: fight, kill, steal, and generally survive. Those that are unwilling to do what ever it takes to survive a massive crisis will die. Same shit different century.
Re:Well, what did you expect? (Score:0, Insightful)
No, it is most definitely not stealing, because there really is no way to know if they "shouldn't be" getting the content.
If my cable company forgets to encrypt all their channels and I can view some that I do not pay for, then I'm not stealing, because there is absolutely no way to know if I am "authorized". Likewise, with a public URL and no encryption, there is no way to know who is "authorized".
Using the required-by-/. car analogy, if you purchased a new car and find that is has some feature that you never requested but you did not pay extra for that feature, are you stealing? You can't know, because it could be free with whatever other options you paid for. Since people viewing the MobiTV stream have paid for their Internet connection, maybe that's a free bonus. This isn't as far-fetched as it sounds, as I just found out that ESPN360 (live streaming TV) is free to me as a Verizon FIOS subscriber. Before that, I thought it was a "for pay" ESPN product, and just assumed there was some sort of free promotion going on.
Re:Preventing receiving revenue ? wrong (Score:3, Insightful)
How are books any different from recordings or video streams or what have you? The simple answer is, they aren't. The only difference is that the shock and impact of book technology occurred centuries ago, and the law and societal bargains about books were all hashed out and codified long ago.
Every time someone invents new media, the publishers of that media initially believe that this time they can strike a completely one-sided bargain. They're always wrong, and eventually they realize that their profits don't actually depend on it.
It's hard to believe it now, but theatrical showings of motion pictures are priced based on attendance, and, originally, the movie studios objected to home VCR showings even of prerecorded tapes, because, they said, "we have no way of knowing how many people are in the room." They would have liked to enforce a business model in which four viewers meant four rental payments.
Re:Well, what did you expect? (Score:4, Insightful)
Re:Well, what did you expect? (Score:2, Insightful)
Re:Well, what did you expect? (Score:3, Insightful)
You really don't get the point of a public URL. It's like a phone number. There's no law against calling a phone number, even if the answering machine is playing copyright songs.
Re:Cease! Desist! Grow Up! (Score:5, Insightful)
When you go to a url, one of two things happens:
1. The content is served regardless of who you are.
or
2. The server asks for some form of authentication and if the proper response is received, the server responds with the content.
It is hacking if you find a way to circumvent #2 but it is not hacking if #1 happens. When you go to the MobiTV urls, #2 is expected to happen but #1 is happening instead with no additional action on your part. There is nothing illegal about your actions when that happens, only stupidity on the part of MobiTV.
Re:Well, what did you expect? (Score:3, Insightful)
Both of these analogies involve physical theft. If I take your radio, or if I withdraw money from your account, you no longer have that item/money. While bandwidth is not free, using the WWW the way it was intended by downloading the content available at a publicly-accessible URL is not in the same ballpark. Morally, if those people knew the URL was intended to be private, they are guilty of freeloading, but it's certainly not equatable to theft.