Forgot your password?
typodupeerror
The Internet Your Rights Online

CNN Uses P2P Video & Adds Terrible EULA 254

Posted by CmdrTaco
from the you-gotta-be-kidding-me dept.
Futurepower(R) writes "CNN's use of software called Octoshape presents an incredibly abusive EULA. If you agree to the EULA, you agree that CNN can use your bandwidth, and that you will pay any costs. Also, you lose the right to monitor your own network traffic. You can't even use information collected by your own firewall. Quoting the EULA: 'You may not collect any information about communication in the network of computers that are operating the Software or about the other users of the Software by monitoring, interdicting or intercepting any process of the Software. Octoshape recognizes that firewalls and anti-virus applications can collect such information, in which case you not are allowed to use or distribute such information.' "
This discussion has been archived. No new comments can be posted.

CNN Uses P2P Video & Adds Terrible EULA

Comments Filter:
  • by Anonymous Coward on Thursday February 05, 2009 @11:45AM (#26738059)

    Does anyone actually believe that click-through licenses are valid? If asked, one could always say that they let their cat chase the mouse around until the software worked.

    • by Shakrai (717556) on Thursday February 05, 2009 @11:50AM (#26738151) Journal

      Does anyone actually believe that click-through licenses are valid?

      Who gives a shit if it's valid? Is the no-monitoring part enforceable? They gonna install DRM on my machine that makes sure I'm not capturing packets? They gonna push that DRM out to my gateway to make sure I'm not capturing them there?

      This is what happens when you let the lawyers draft the EULA without even consulting with the techies.....

      • by fuzzyfuzzyfungus (1223518) on Thursday February 05, 2009 @11:52AM (#26738195) Journal
        You will, if you get sued over it. Obviously, the terms are ludicrous and nigh-unenforceable. This doesn't mean that they won't be enforced; just that they'll probably be enforced selectively to, say, silence critical reviews.
      • by cdrguru (88047) on Thursday February 05, 2009 @12:05PM (#26738473) Homepage

        The issue is privacy. Since they are "borrowing" user's bandwidth this exposes other users potentially personally identifying information to the first user. Now you can track other user's activities (within a fairly narrow scope) by using information that can be gathered on your own computer.

        I suspect they had to put this in because of this potential. Would it fly if it was clearly exposed what was happening in EU countries? I doubt it. How about if they said:

        By using the CNN service you will be receiving information about other user's online activities as they will be receiving information about your activities. This is an essential part of the service that cannot be disabled. By accepting this agreement you acknowledge that no part of your activities on the CNN web site or other related services may be private, secret, anonymous or in any way protected from every other user of the CNN web site or other related services.

        Would that be better?

        • The issue is privacy. Since they are "borrowing" user's bandwidth this exposes other users potentially personally identifying information to the first user.

          Oh no. Is my computer broadcasting an IP address again?

          Seriously, that's all the personally identifying info it should be sending out. And rather than trying to stop other people from looking at such info, they should do the EULA the opposite way. Simply inform each user that other users may be able to determine which content they are watching (which the

          • I think you missed the point, Lord Kronos. The issue is not what information is there. The issue is that agreeing to the EULA means that it is illegal to read your own firewall logs. Maybe they would never prosecute, but maybe they would install software to prove you are looking at your logs. If they prosecuted, maybe you would win, after five years and tens of thousands of dollars in legal fees.

            The issue is that the EULA says you lose control over your network.
            • by LordKronos (470910) on Thursday February 05, 2009 @01:25PM (#26740031) Homepage

              No, I don't think I missed any point, but I think you missed mine? Why did they add this clause to the EULA? You think they did it to stop you from looking at your firewall logs? Huh? What do they have to gain from that?

              cdrguru made a relevant point. The most likely explanation for why they did this was to "protect" the privacy of their other users, since this is something like a bittorrent application. I was simply pointing out that since they can't actually protect anything, they should have just notified users of the shared info rather than pretending like they can legalese such shared info out of existence.

              I also was not saying you shouldn't worry about the EULA or anything. I was saying why their approach to setting up the EULA was backwards.

          • by LunarCrisis (966179) on Thursday February 05, 2009 @02:05PM (#26740877)

            Oh no. Is my computer broadcasting an IP address again?

            Seriously, that's all the personally identifying info it should be sending out.

            At the very least, you also have information on what content they are downloading.

        • Too bad we don't have methods of encryption that could work around that. It would never be perfect, but it's a lot better than a bad EULA and is already protected under the DMCA (which is retarded as well, but there you go).
        • by bennomatic (691188) on Thursday February 05, 2009 @01:25PM (#26740035) Homepage
          I actually think your wording would be better and more honest. Add to that something saying that by using the service you are agreeing not to use information that may be available to you regarding other users' activities for nefarious purposes would be good. Naive, maybe, but better than what I see here.
        • Re: (Score:3, Insightful)

          by billcopc (196330)

          "Borrowing" implies they give it back after they're done using it. There is no such thing as "borrowing" bandwidth. They are "using" bandwidth, other people's bandwidth, to deliver their content without having to foot the bill.

          Now I'm all for P2P and decentralized communities, but CNN does not fit the description. They are a corporate entity encroaching on other people's property.

          • by SanityInAnarchy (655584) <ninja@slaphack.com> on Thursday February 05, 2009 @03:17PM (#26742071) Journal

            I have no problems with corporations using P2P to cut costs.

            Where I have a problem is when they also want to revoke rights.

            If they just used BitTorrent to deliver streams, no problem, I applaud that. Maybe multicast would be better for some streams, but whatever. If it's really a problem, I can limit my upload, or block them from uploading at all.

            However, when their EULA prevents me from reading my own logs (much less any of the above shaping), that's when I have a problem.

      • by Firethorn (177587)

        They gonna install DRM on my machine that makes sure I'm not capturing packets?

        Given they specifically mentioned firewalls and not using/distributing the information, they should be aware that no DRM on the machine itself is going to work.

        Another topic would be a network with firewall/monitoring systems run by a non-agreeing party. Let's say I'm running a coffeshop that offer free wireless. Customer A comes in with said CNN program installed. Not having agreed to the terms of the EULA, I'm free to analyze the heck out of the stream.

        Or the usual fun - 'my 12 year old installed it',

      • Re: (Score:3, Informative)

        by _KiTA_ (241027)

        Does anyone actually believe that click-through licenses are valid?

        Who gives a shit if it's valid? Is the no-monitoring part enforceable? They gonna install DRM on my machine that makes sure I'm not capturing packets? They gonna push that DRM out to my gateway to make sure I'm not capturing them there?

        This is what happens when you let the lawyers draft the EULA without even consulting with the techies.....

        What are you talking about? It seems pretty self explanatory.

        1. They are using a Bittorrent type protocol for some reason or other. P2P.
        2. They don't want to get sued when some twit on a pay as you go Internet connection runs up a huge bill, presumably after leaving the client open (perhaps even overnight). This is the same reason MMORPG boxes say an Internet Connection is required and that yes, you have to pay the ISP bill, not Turbine/Sony/Blizzard/etc.
        3. They don't want you sniffing the IP addresse

      • by commodore64_love (1445365) on Thursday February 05, 2009 @02:46PM (#26741603) Journal

        >>>Who gives a shit if it's valid? Is the no-monitoring part enforceable?

        No it's not enforceable, because it's invalid. ;-) Yes I went-round in a circle, but let me back that up with a Supreme Court ruling, which invalidated Paypal's EULA back in 2006, and ultimately led Paypal o hand-out $50 or $200 refunds to its customers. The Justices determined that consumers can not sign-away their rights, and therefore large sections of the EULA were declared invalid/illegal. I suspect if the justices reviewed CNN's EULA, large portions of it would also be declared invalid because "citizens can not sign away their rights as protected by law".

        It's your bandwidth. It's your computer. And it's your home. You have a right to monitor what passes into & out of your own home, and no EULA can override that legally-protected right. Therefore if I ever use CNN, I'll just keep running my bandwidth meter and counting how many megabytes I used today. Screw em.

    • Re: (Score:2, Informative)

      by j0nb0y (107699)

      Yes. The US Legal system believes that they are valid. Does anyone else matter? I know its "common knowledge" on slashdot that they aren't valid, but find one US case that says they aren't valid. There are many that say they are...

      • Re: (Score:3, Informative)

        by Ark Ku Mon (1469567)

        Yes. The US Legal system believes that they are valid.

        Actually the US case law is inconsistent and have only ruled on the validity specific EULAs not about them in general. There have been cases where EULAs have been ruled enforceable and valid and others to the contrary. So your statement is actually misleading.

        I know its "common knowledge" on slashdot that they aren't valid, but find one US case that says they aren't valid. There are many that say they are...

        In this case, the U.S. Court of Appeals for the Third Circuit held that a EULA disclaimer waiving all express and implied warranties, printed on the outside of the box, was not binding.

        http://en.wikipedia.org/wiki/Step-Saver_Data_Systems,_Inc._v._Wys [wikipedia.org]

        • by torstenvl (769732) on Thursday February 05, 2009 @01:12PM (#26739771)

          This post is wrongly moderated. It is not informative. It is misinformative, or uninformative at best. The argument that the recognition of particular EULAs is distinct from recognition of the validity of EULAs "in general" betrays an ignorance of the judiciary and of contract law. This is simply not the way that the legal system works; courts must rule on an actual case or controversy and are not permitted to announce "general" rules of law. Furthermore, Step-Saver is anachronistic and the Third Circuit is relatively unpersuasive. In fact, there are NO major legal markets and NO major software companies within the Third Circuit's jurisdiction. ProCD v. Zeidenberg, 86 F.3d 1447 (7th Cir. 1996), however, has higher persuasive authority because it is (a) newer, (b) out of a major circuit, (c) written by an enormously influential appellate judge. In addition, it is the law in the entirety of the Seventh Circuit, which includes Chicago. Others may point to Klocek v. Gateway, 104 F. Supp.3d 1332 (D. Kan. 2000), but Klocek is a district court case, and therefore has no precedential value beyond its persuasiveness, which is in turn less than that of ProCD.

          Trial courts don't make law. The only U.S. Circuit Court of Appeals cases on point hold, unanimously, that EULAs are enforceable. The law is relatively clear here, and is unlikely to change unless and until the Ninth Circuit or the Supreme Court take up the issue. I'm sorry, but you're just wrong.

      • by geekoid (135745)

        well... it depends. in some case some parts of EULAs have been allowed. That doesn't not mean ALL EULAs are legal or enforceable. Just like any contract.

      • by Joe Snipe (224958)

        So if I write a EULA that invalidates all other EULAS would that be valid?

    • Re: (Score:3, Interesting)

      by Budenny (888916)

      You need to put it much more precisely. Here is an attemnpt.

      Clauses in contracts entered into by click through may be binding and enforceable. You have, by clicking through, entered into the contract. So the question is, whether there is anything special about such contracts, and also, which clauses, even if they occur in contracts validly entered into, may not be enforceable.

      All click through contracts are contracts of adhesion. That is they are take it or leave it contracts. You will mostly consent to

      • by Todd Knarr (15451) on Thursday February 05, 2009 @01:47PM (#26740479) Homepage

        Except that that goes back to a situation we discussed in business law classes. Take the case where you've paid the seller for the goods, he's accepted your payment, and all that's left is for him to actually deliver the goods. If the goods are still in his possession, say on his loading dock, and he won't give you access to them, you have to go through the authorities to get them (or sue him for non-delivery, demanding your payment back). But if he's released the goods into your possession but is preventing your access, eg. he's shipped them to you but the shipping container's sealed with locks and he won't give you the keys, being owner and in possession of the goods you're allowed to call a locksmith to remove the locks and gain access to your property. You can't unduly damage the seller's property in the process, but you aren't helpless.

        Applying that reasoning to the case where the seller delivers the goods sealed with a piece of tape saying "By breaking this seal you agree to additional terms contained inside.", breaking that tape would be legally meaningless. You own the goods, the seller has delivered the goods into your possession, the seller has no more legal right to demand agreement to terms regarding your property.

        Another analogous situation: you pay for your groceries, take your bags and head to the door. On the way, a supermarket employee stops you and asks you to complete a survey. You refuse and he says "I'm sorry, we can't let you leave with your groceries until you do.". Not only can you ignore his demand, if he tries to stop you you can call the cops and have him arrested for unlawful restraint.

        Which all comes to the question: if the seller has accepted your payment and delivered the software into your possession, does he have any legal right to demand you agree to additional terms at all? If he doesn't, what gives any legal force to the idea that doing what's neccesary for you to gain access to your goods constitutes agreement to a demand the seller has no legal right to make?

    • by torstenvl (769732)

      They are emphatically valid in most U.S. jurisdictions.

  • Dear CNN, (Score:4, Informative)

    by Anonymous Coward on Thursday February 05, 2009 @11:46AM (#26738065)

    No.

  • by Shakrai (717556) on Thursday February 05, 2009 @11:47AM (#26738103) Journal

    Noticed how much upload bandwidth was being used and fired up Wireshark to figure out what was going on. Hang on a sec, there's a knock at the doo$*)&!&*()@*!)(*)(NO CARRIER

  • OK, then... (Score:5, Interesting)

    by serviscope_minor (664417) on Thursday February 05, 2009 @11:51AM (#26738169) Journal

    OK, then. Install it on your machine (and agree to the EULA, if you wish), and then plug your machine in to my network. I certainly didn't agree to the EULA, so I can and will make use of that information.

    • Re: (Score:3, Funny)

      by BSAtHome (455370)

      But, but,... the license is viral. You are a slave of your users and especially big media.

    • by qoncept (599709)
      Sweet! I won't be watching CNN video, but I bet the things I am downloading would go a lot faster than on my 1mb connection.
    • Re:OK, then... (Score:4, Insightful)

      by Spatial (1235392) on Thursday February 05, 2009 @01:24PM (#26739999)
      I always wondered about stuff like that with EULAs in general.

      What happens if you replace the EULA with your own terms before installing, and therefore never agree to anything they said at all? It occurs to me that the agreement not to modify the software is actually in the EULA, so what are they going to do about it?
  • The majority of CNN's demographic doesn't even know what a EULA is anyway. You could say the same thing if you replace CNN with Microsoft too.
  • I did click Accept, but i did not inhale!
  • Really? (Score:3, Insightful)

    by dcollins (135727) on Thursday February 05, 2009 @11:56AM (#26738285) Homepage

    Does it really say "you not are allowed"?

    • Re:Really? (Score:5, Informative)

      by Anonymous Coward on Thursday February 05, 2009 @12:18PM (#26738741)

      It sure does.

      here is the official EULA [octoshape.com]

      Half way down in section three. What is it about EULAs that, despite being universally hated and legally toothless, inspires companies to make fucking assholes of themselves when writing them?

      • CNN and Adobe executives put a lot of thought into that software. They sat around at a 3-hour lunch drinking, talking about their million-dollar salaries not being enough, making rude remarks to the waitress, and wondering "How can we sink our companies, fast?"
  • by igotmybfg (525391) <slashdot@@@danielthompson...net> on Thursday February 05, 2009 @11:57AM (#26738313) Homepage

    At first glance, Ferrell adds, the multiple connections to his PC looked on his security alert system like some kind of SQL attack.

    Oh really.

  • by sstpm (1463079) on Thursday February 05, 2009 @12:03PM (#26738423)
    CNN is providing us a service, making sure that Big Brother can't monitor what news stories we are watching. The EULA is there for our protection. Thank you, CNN!
  • by Bill, Shooter of Bul (629286) on Thursday February 05, 2009 @12:04PM (#26738443) Journal
    I send an extra header in my http streams that contains a Eula stating that by responding to the request, they acknowledge that any Eula they present to me is null and void.
  • Safeguard?? (Score:2, Interesting)

    by pixie.pt (963700)
    I usually pay for the bandwith I use on torrent both download and upload, if I don't want to use it I'll shut it down, it's that strange that cnn wants to play on the safe side so that no wacko try to bill them for the upload they make? As for the rest I see it as 'you cannot use any of this information for selling or using against us'...
  • by DrewBeavis (686624) on Thursday February 05, 2009 @12:11PM (#26738577)
    I have Little Snitch on my mac and noticed all the OUTGOING bandwidth being used while watching their video stream. After I figured out what was going on, I went to MSNBC instead. The quality is great at CNN and the idea is decent, but unless I read the EULA (which I didn't beforehand), I wouldn't know my contribution to the cloud. My employer monitors outgoing bandwidth usage and I could have been in trouble for high flows if I would have watched the whole thing. Being at a university, we have a large pipe, but I think I needed to be asked first a little more explicitly if they could use it.
    • by geekoid (135745)

      Please contact CNN and let them know you aren't going to use this.

      Enough people contact them, they will change the EULA. Not that I think they could enforce the parts about what yu can do on your machine.

  • Wouldn't something like this be required because the EU has laws against tracking IP and content. Also, you wouldn't want someone to try and inject alternative data in the shared file. If you install a P2P program of course you have to let them use your bandwidth, and according to the article, it stops sharing shortly after you stop watching. I'm all for making sure companies aren't taking advantage of people, but isn't P2P for video a good thing?
    • 1. P2P Video is the best way to scale video feeds to tens or hundreds of thousands of viewers.
      2. Because of how P2P works, it is unavoidable that you get direct IP addresses of other video watchers.
      3. Legal language is necessary just to prevent (or make less inviting) outside agencies or users from spying, collecting IP addresses, and otherwise abusing all the other users of their P2P network. Isn't this a good thing for privacy? Would you rather grant every person/agency on the internet full permission
      • Re: (Score:3, Informative)

        by AtomicJake (795218)

        3. Legal language is necessary just to prevent (or make less inviting) outside agencies or users from spying, collecting IP addresses, and otherwise abusing all the other users of their P2P network. Isn't this a good thing for privacy?

        No, it's misleading. No privacy is ensured because of some ckick-through legalese.

        Would you rather grant every person/agency on the internet full permission to abuse their video customers instead?

        Say it otherwise: what's the risk for the Internet user? Maybe these risks should have been clearly indicated within a notice before the installation. In all cases, those risks are still there.

      • Re: (Score:3, Insightful)

        by psydeshow (154300)

        Sorry, but multicast is the best way to scale video feeds to an unlimited number of viewers.

        P2p is only marginally better at scaling because you can decentralize the connections. There is still a 1-to-1 relationship between the number of viewers and the number of data streams on the wire.

        P2p gives you the same amount of traffic, in other words, just not all coming from one source. It's easy to imagine how that would be less efficient, since you're setting up many more connections per stream in order to disc

  • by chaosdivine69 (1456649) on Thursday February 05, 2009 @12:19PM (#26738749)
    Sorry for a newbie like question but anyone know how to uninstall this Octoshape plugin? I mindlessly clicked "agree" in a fleeting effort to watch live video on that plane that crashed into the Hudson river on one of my machines. For all I know I just signed away rights to my kidney and left "testie" too. Any info. would be appreciated... Cheers.
  • Simple solution... (Score:2, Informative)

    by Krojack (575051)

    Don't let CNN or any of its software into your computer/network. This just adds to the list of reasons why I deleted the channel from my TV listings.

  • No Eula on Linux (Score:4, Interesting)

    by GRW (63655) on Thursday February 05, 2009 @12:22PM (#26738809) Homepage Journal
    I went to CNN and ran a live video and didn't get the EULA pop up. Just another reason to abandon Windows for Linux.
  • by insomniac8400 (590226) on Thursday February 05, 2009 @12:27PM (#26738913)
    On inauguration day cnn.com live video was banned for using too much bandwidth. Now I know why. It was probably flooding the upload pipe.
  • by itsdapead (734413) on Thursday February 05, 2009 @12:32PM (#26739025)

    Imagine you didn't agree to these conditions. How do you expect CNN to deliver the service?

    If you agree to the EULA, you agree that CNN can use your bandwidth, and that you will pay any costs.

    Its a P2P service - so if you use it, you are sharing your bandwidth with other users. Or, top put it another way, CNN are using your bandwidth to deliver their material to their customers.

    So if some joker leaves it running in his hotel room and gets charged $1 per megabyte, he shouldn't sue CNN. Sounds fair.

    You may not collect any information about communication in the network of computers that are operating the Software or about the other users of the Software by monitoring, interdicting or intercepting any process of the Software.

    So if I collected data about the other CNN customers who are sharing my bandwidth via the P2P service, their IP addresses, what they were watching, and when and published it, that would be OK, would it?

    We take these things as read when we use P2P, but obviously some lawyer at CNN has done a bit of due dilligence and covered his arse in case some troll comes along and sues them.

    The fuss about this is a bit like the scare stories photo-sharing sites requiring permission to reproduce/modify/sub license your photos: they need these permissions to run their service.

    • by drspliff (652992)

      So if I collected data about the other CNN customers who are sharing my bandwidth via the P2P service, their IP addresses, what they were watching, and when and published it, that would be OK, would it?

      Why would it not be OK? Perhaps not morally justifiable, but it's no different from publishing web-server logs or putting a live webcam of your house on the internet. It's a legal way around something that's technically impossible to stop, and something which just happens to be an accepted part of every day life in the real-world.

      The consent is implied when the other person accesses your computer, knowingly or unknowingly, that it may be logged and may well pop up somewhere in future, so why should this pro

      • Re: (Score:3, Interesting)

        by itsdapead (734413)

        The consent is implied when the other person accesses your computer

        Yes, but they didn't know they were accessing your computer. They thought they were accessing CNN. If they complain, they're going to complain to CNN, not you. The program they ran was branded "CNN" not "John Doe's PC".

        This is defensive ass-covering from a big, deep-pocketed company which would be an attractive target for legal trolls. Nobody is going to be bothered to start a $20-million class action suit against your webcam.

  • by rindeee (530084) on Thursday February 05, 2009 @12:42PM (#26739187)
    Since the EULA requires me to be hands-off, is CNN then going to assume legal responsibility for my system. In the event that a vulnerability is exposed in their P2P software, are they responsible for patch management and compliancy assurance? Should my system become compromised and, say, used as a distribution point for kiddie porn because of their EULA requirements, can I assume their legal council will represent me? How about we turn this around on them. They've removed all responsibility for security from the user, so demand it from them.
  • And someone is running that software? I didn't agree to any EULA. I am not using the software. Those data packets are mine! I can monitor them all I want.

    Is this correct?

    • by rufty_tufty (888596) on Thursday February 05, 2009 @01:35PM (#26740237) Homepage

      Nope. You're completely liable for things outside of your control. This is thanks to the Because Act. This little known piece of international legislation is, in fact, at the heart of many of the most prominent legal actions in the world today. Much loved by the RIAA, MPAA and the US due to it's implicit allowal for random search and seizure, legal 'fishing trips', non-judicially warranted wire taps, and it's espousal of 'guilty until proven guilty' legislature; the entire text of the Because Act has been reproduced below:

      Because Act

      1. Because.

      1.1. Just, because.

  • All it says is, while you may see exactly what's going on through means available to you like firewalls and antivirus programs, you are not allowed to look too hard through it because that's tantamount to working out how our P2P protocol works.

    I guess, you're not going to see a WireShark module for Octoshape protocol any time soon. Or maybe you will..

  • Great EULA (Score:2, Troll)

    by imsabbel (611519)

    Really, i dont understand most of the retards here. Kneejerk anybody?

    The EULA ensues
    a) that its a P2P service (you know, YOUR upload)
    and
    b) that you still have privacy when using it.

    Both are required AND desireable.
    True, you cannot really enforce it. But at least they did try to do the best for their customers.

    • Re: (Score:2, Insightful)

      by LordKaT (619540)

      The problem is the wording. Essentially, the EULA prohibits you from doing any packet sniffing - on your own network - without CNN's express written consent.

  • They have the right idea I suppose.
    Why not use P2P if you can get the video faster?
    I guess they want to protect themselves from privacy issues.
    People that don't care about what's in the EULA probably don't want to know anything about IP traffic - they are the majority.
    The people who do know about IP traffic and do care about the EULA (./ers) are the minority, and CNN can probably give a shit what we think of the EULA
  • by Xest (935314) on Thursday February 05, 2009 @01:51PM (#26740559)

    Because then we can attach it to every P2P client on earth and it'd mean the RIAA was no longer allowed to collect any information on the files being shared whilst at the same time you could still just share CNN's content, win win!

    Oh well, we can always dream ;)

Uncompensated overtime? Just Say No.

Working...