Slashdot Mirror
Distributed Computing Program Hidden in Kazaa
The_THOMAS writes: "A federal securities filing Monday revealed that the hugely downloaded Kazaa P2P (file sharing) software contains a piggyback program which will create a second, new, network controlled by Brilliant Digital. They plan to awaken the software, already on millions of computers, within the next four weeks. The program will be used to host and distribute other companies' content and may be used for distributed computing. Read the details here."
This actually sounds like a really cool thing, but my qualm with it lies in tha fact that they would be using MY bandwidth to "to host and distribute other companies' content, such as advertising or music. Alternatively, it might borrow people's unused processing power to help with other companies' complicated computing tasks."
I don't like the idea of this network siphoning MY bandwidth (that some may have a monthly limit on) for their purposes. And yes, I do understand that they said "with the owner's permission" but what's to say they're not just saying that as a "cover my ass" line?
There are only 10 kinds of people in this world... those who understand binary and those who don't
Are we sure this isn't april fools stuff?
Their explicit warning is similar to the cry heard on many newsgroups one asks a simple question: RTFM. They do put the "i agree" buttons at the BOTTOM of the page for a reason.
The devil's in the fucking details. That's for sure.
No sig is worth reading.
If a trojan program is useful, does that make it any less of a trojan? Where do you draw the line? To my mind, people have downloaded a program, expecting it to do one thing, and really it has a payload that con do something completely different... Makes me wonder what else the makers of this 'brilliant' scheme aren't telling us about it :-)
I am artificially intelligent.
At the very least, they should let you have a large discount on downloads when you opt-in. For example make them free. Plus a credit based on the bandwidth they steal *cough* use.
Sneaking software onto peoples computers to create a good relationship with users ? ... or did they mean a good relationship with b3d's clients?
Religion is a gateway psychosis. -- Dave Foley
Once the client starts receiving and transmitting data it shouldn't be hard to get a rough idea of what's being transmitted and then we can start sending duff data to their servers.
It doesn't matter whether we know what the data is or not, it just going to be a binary chunk with probably a checksum somewhere. Fill their servers with random data and see how long they want to continue using our resources
0xB
I find it very sad, that companies will trick the user into installing the software without the knowledge. I mean, how many users would mind a spare cycle burner to help the service they like. I mean if they included the abviosly visible message (not hidden inside license agreements) saying something like "We are providing this service free of cost to you, but in return, this service will install software that will use your computer while it is not being actively used by you, and only while kazaa is running. Unfortunately, if you do not wish to run this program you will not be able to run kazaa as our finances depend on it. We promise that no information about you or your files will be used." If such a message came from a company with not a bad reputation (winamp comes to mind), i would install the program, as would many other users, adn both parties gain. When it is done in secret, it only damages the company rep, thus making it even harder for them to make money..
Furthermore, it seems that the wasted cpu tiem is becoming a precious commodity, which I am currently donating to seti, with no financial compension (in other words I am not selling the cpu time). I wonder how long till the government will accept donated cpu time as a real donation, so i can put it on my tax return....hmmm, i am thinking about at least a dollar per unit, and i am now at 780 units, that makes it 780$ deducted from taxes, and if it is a dollar per hour....
that could be a hefty some for stuff donated to a good cause....
maybe someone at seti would give me a receipt...hey, that would mean more people doing units for them...could be beneficial to both sides...
badness 10000
Given that the supposed quote from the Terms of Service given in the page doesn't actually appear in the Terms of Use listed on the KaZaA site, it's probably safe to assume it's a joke.
Unless they are hiding behind some ultra-fineprint legalese, I would say this is theft. They are stealing your computer resources, electricity and time without your permission.
I have always been suspicious of KaZaA so I never downloaded it. I am stragely glad that my coursework keeps me more busy than I need to be so I don't spend my time infecting my machine with spyware file sharing apps. (Must leave now ... assignment is due tomorrow.)
How many of the installers actually read the agreement and what would you bet the software installs pre-opt-in? I'd like to see what anyone who has installed it has to say to describe this bit of up-front opting in. If it's buried in the end user agreement, then it's about as good as something Dr. Evil would dream up.
I'm currently fed up with what I'll call sneakware, that's pre-installed software on my 2 yr old laptop which has woken up and installed software and changed default settings. I caught Adobe Photo Deluxe changing itself when I went to edit some photos. I can't even figure out how to stop it, short of yanking the phone cord out of the modem when it goes to connect to websites. Bastards. Worst of it is that I actually need to use the software from time to time.
A feeling of having made the same mistake before: Deja Foobar
This is a bit more like taking a bite out of an apple and then seeing half a worm left it in.
A feeling of having made the same mistake before: Deja Foobar
You might have tried something like this already, but if not download or buy a package that monitors programs that try to access anything through TCP/IP and warns you when a program is trying to do something you haven't authorized over the network.
Zone Alarm from Zone Labs is another free firewall that performs this job splendidly for my Win2K set up.
You don't want to pay for your new NSync CD.
You don't even want to pay for the software that allows you to steal the new NSync CD.
Yet you complain that *somebody* in the chain is trying to make money? What socialist wet dream are you living in, anyhow?
the artists still aren't getting paid!
With the current cd for cash model, the artist doesn't really get paid either!
So Brilliant Digital is providing me with a service, the Kazaa network, in return for another service, use of my computer's storage and spare CPU cycles... First of all, it's a great idea. But I wonder whether or not users of this service will be legally required to pay taxes on their barter income, and more importantly, whether Brilliant will have to mail out 10,000,000 1099-Bs (along with collecting 10,000,000 social security numbers).
Under this plan, an ad that a person sees on a Web site might be hosted by a nearby computer running Brilliant's Altnet instead of on a central ad server, as now typically happens with DoubleClick.
Well, this seems pretty much to be the end of ad blocking through firewall rules... Pretty easy to see why doubleclick would like this scheme.
You'd basically never know what host would be spamming your browser...
*sigh*
Blearf. Blearf, I say.
Am I the only one who thinks these P2P apps are evil?
I used Grokster on my networked Win2K box at home. This box contains my personal files, such as financial info and I also use it to do online banking. So my privacy really matters. I also use this box for work and I have it streamlined and tweaked to run as efficiently as possible. No foolish system tray or startup apps etc...
Well it seems that P2P apps like Kazaa or Grokster work hard to breach my privacy and fudge my system. I've never known software to be so malicious. First, I see that Grokster has web-based ad support. Okay, that's tolerable, they need some form of revenue. But don't think I haven't noticed your "secret" stash of cached ads in my system directory, Mr Grokster. Then I notice the popup ads. Also annoying.. but again I tolerate. I didn't run Grokster for longer than a day and my system can handle twenty browser windows. But then, incredibly, it turns out that the required advert component also sends out information about me, including my browser history. Big no-no, Mr Grokster. Now I have to spend time to counteract this. I found a replacement set of libraries which do not send personal information. From that point on, I figured I was safe. Oh no... this weekend, after a Grokster session, I spotted a strange "extract.exe" on my desktop. Hmmm. How did that get there? I took a look inside and found various executables and libraries. How quaint. I most certainly did not download it. So I searched my system and lo and behold, it seems some ActiveX has automatically downloaded and run this program for me, spreading half a dozen files around my system. Looking through the registry I see that in fact it's installed a browser toolbar. Oh lovely.. just what I wanted. Took me a good half hour to rid my system of it's leeches.
The moral of the story, don't run Grokster. Well fine, I've learnt my lesson and I'm fortunate enough to have another disposable machine to unleash the Grok on. But my concern is the X million people who don't have a clue. The sort who click on "www.yahoo.com.exe". They see Grokster or Kazaa on download.com or whatever, download it and use it blissfully ignorant of what I consider to be a virus. In fact, the only difference I see between Grokster, Kazaa etc.. and viruses is a service. Package your virus as an application and you earn amnesty from antivirus software.
Slashdot articles and anti-spyware sites keep us geeks in the loop, but that doesn't help the masses. Only laws help the masses. There must be some law somewhere that states such practices to be illegal. Tricks used by these programs such as placing independent components in the system directory posing as actual system files, running programs without permission, not informing users of these hidden "features" and so on, are clearly malicious.
I'm for P2P networks, but clients such as these seriously rub me the wrong way and I'll be glad when the RIAA eats them. I just pray for a nicer client to take their place.
My life is one big siesta in which I'm dreaming I wished my life was one big siesta.
Then they have just committed corporate suicide. Glad I don't hold any of their stock...
I disagree. What they've done sounds very rude and deceptive to me. But it may very well be legal and may result in them staking a claim in an emerging, lucrative market. Thus, the company's perceived value may increase and shareholders may be pleased. I'm not predicting that their stock price will rise with certainty, but I don't believe it's a foregone conclusion that this will tank it. Talk to a penny-stock promoter good at spinning publicity. He/she'll tell you that there's almost no such thing as bad publicity for an upstart. A piece of news (or even a rumor) like this that puts them on the map and on traders' tongues may be just what their stock price needed. Time will tell. Afterall, we only need to look to companies like Verisign with horrible, headline-making security and privacy goof-ups and deceptive practices to see that their rude actions and policies do not result in corporate suicide. (Unfortunately.)
If they've committed any type of "suicide", it's simply image-suicide in the eyes of a very small, elite crowd (ie, Slashdotters, privacy defenders, etc.) The market and shareholders may not care about this.
For such domination to work, one must agree to it.
As such, it is important that people be aware that they are being used; they must be aware of spyware and corporate manipulations, they must in fact have the choice of not opting in.
And not opting in, I notice in this case, has become harder than just hitting the 'Decline' button on the install page. It has gone deeper; choosing is now predicated on there being a general awareness that corporate entities always want something in return for free goodies even if the string is all but invisible. (Though, not so invisible that it isn't reported on popular news forums. .
The meat just doesn't taste right if it isn't agreeable.
-Fantastic Lad
how will you know? you didn't know when it was downloaded to your machine.
The current implementations of P2P computing tend to be invasive and, ok, evil. (I'd rather save that word for more intense areas, but the concept's the same.)
The reason that they are evil tends to be because they are the creation of commercial entities that intend to make money by stealing you information. This is not inherent (though on the MS systems that I am familiar with there is no effective security to prevent this from happening).
Commercial entities need to have something to sell. If you want to get a service from them, then you will need to pay them in some way. The "freebies" that they offer will always be a hook. Always. You may not be the intended target, you may steal the cheese, but the hook is there. Red Hat is trying to get commercial companies to buy software maintenance and development services. As a commercial entity, they distribute Linux at not much more than cost to lure in potential customers. It isn't free, but the hook is still there.
Non-commercial entities need to be able to pay for the activities that they engage in. So do individuals. You can always take an economic view of an organization or individual, and it must always either balence or yield a profit. Or be drawing down assets.
If you buy a pig in a poke you are likely to end up with a cat instead of a pig. Open source is partially the requirement that one be able to look into the bag before buying it. But if you can't, then you should expect that the seller is going to take such advantage of the fact as he can. Becuase he frequently will.
This isn't to say that Kazaa is in this case acting unethically. They have indicated that they will ask permission before adding computers to the distributed computing system, so one should, perhaps, wait until we find out how they will interpret that before getting outraged. They might not just say "the license already gave us permission". But it's also true that we can't know what will occur later. The license that was reported seems to be similar to the MS XP license in that it essentially gave them permission to install arbitrary software. And I find it quite difficult to feel comfortable with that. Especially on a system that gives essentially no protection against rogue software. (Similarly, on Linux I'm uncomfortable with the programs that require being run with root permissions.)
I think we've pushed this "anyone can grow up to be president" thing too far.
(b) You hereby grant BDE the right to access and use the unused computing power and storage space on your computer/s and/or internet access or bandwidth for the aggregation of content and use in distributed computing. The user acknowledges and authorizes this use without the right of compensation. Notwithstanding the above, in the event usage of your computer is initiated by a party other than you, BDE will grant you the ability to deny access.
I guess the only place that one might readily attack this agreement of use, is the definition of "unused computing power". Now, IANAL, but, from my limited perspective, this seems to be a rather vague term. Is a CPU cycle unused if it is sitting in the "System Idle Process"? Probably. Is a CPU cycle unsed if the machine is not turned on? Are you then violating the EULA by having your machine turned off, or the program not running? Of course, I didn't agree to give them the power necessary to run those CPU cycles.
As for storage space, what constitues "unused storage space"? Would any empty space on my hard drive then be considered availiable for thier use? What if that empty space was allocated for future expansion of a program or database, this is not really unused, just unutilitzed for its intended purpose. Moreover, we all know how well Windows runs when you start running out of disk space, so, some of the free space on your drive must invariably be allocated for this use. So we are left with another vauge, and inadaquite term. I don't think that this part of this EULA is going to hold water if it ever gets challenged.
Necessity is the mother of invention.
Laziness is the father.
Excerpt (from your excerpt of the EULA)
Notwithstanding the above, in the event usage of your computer is initiated by a party other than you, BDE will grant you the ability to deny access.
The (not yet established as legally binding on the end user) EULA grants them their rights, but if the wording on the imminent pop-up is at all obsfucatory, then the users will have a case. They have not yet hit the "I agree" that matters, and a window that (months after they failed to read the EULA) pops up in the middle of an AIM chat is going to get clicked on immediately, simply to get it out of the way. The users will have a good case if they want one.
The story said that it was impossible to install without clicking yes, but that the trojan could be removed later without affecting the P2P preformance at all. Pray tell, did the EULA mention that? There's opt-in and there's opt-in. Deceptive practices simply blow. Any agreement that cannot stand up in the light of day is no agreement at all.
I spent a year in Iraq looking for WMD and all I found was this lousy sig.