"Deep Linking" Controversy Renewed in Texas

DaDigz writes "Wired News is reporting on a cease and desist letter sent to an independant news site by Belo, corporate parent of The Dallas Morning News, forbidding them from linking to individual stories within the site. They claim that the author can only link to the site's homepage, and attempting to link to stories within the site violates their copyright." Next week Time Magazine will require you to read pages 1-36 before reading the article you want on page 37. Don't complain, it's their copyright ;)

Technical Solution

[DeadSea]

The solution for this case is technical, not legal. If you don't want people to link to you, have your server check that their browser sends a referrer url from your site. If it doesn't redirect them to your front page or an error page.

Re:Technical Solution

[ReelOddeeo]

There are other technical solutions.

You could use an expiring url. That is, encrypt an expiration timestamp into the url. Now, your main page could have links which work, for an hour, into stories in your site. But if you bookmarked those links and use them after they expire, then those expired links simply give you back the main page again. Suppose you use 3DES to encrypt the expiration timestamp, you just keep the key private. Since only your server knows the key, only you can decrypt it. Or use other crypto.

Another possibility is through the use of sessions. Some web systems keep track of you by a "session", such as a shopping site might need to do. Within the session, links to stories within the site have the session id (or some function thereof) embedded into the url. Once the session has expired, or the user has logged out of the site, or even closes their browser window, the old links no longer would work.

Other techniques could be used with varying degrees of success. Instead of sending a <a href="story382728.html"> tag, send some javascript which is heaviliy obfuscated, but which eventually writes into the document the actual link. All kinds of code obfuscation techniques could be used, including implementing a small code interpreter with the actual code to write the url written in the interpreted code, with a layer of crypto thrown in just to make analysis of the interpreted bytecode more difficult. (The crypto decode key must be part of what is downloaded, so this doesn't defeat analysys, just complicates it.)

Other techniques include a challenge/response system implemented in Javascript. If they're on your main page, then clicking on the link to the story, creates a hidden layer (or frame) and sends a tiny <form> to the server with variables requesting a challenge. The script on the server generates some challenge code. The javascript computes a response and encodes the response into the url link to the story. Now the difficulty here is that you must hit some other magic url via. a form with hidden variables and a POST request in order to obtain the challenge code, before you compute a response to it to include into the url. The story links could expire fairly quickly so that the Javascript code has only 60 seconds to compute and hit the url with the correct response code before it expires. This makes it very difficult to try to even hit the story using netcat connected to port 80 of the server. Again, you would have to analyze the javascript code.

I'm sure I could think of other techniques if I thought about it longer than it took to write this message.

BarkingDogs' answer to BELO

[kindbud]

Here it is, enjoy!

Tim Berners-Lee

[discHead]

"The ability to refer to a document (or a person or any thing else) is in general a fundamental right of free speech to the same extent that speech is free. Making the reference with a hypertext link is more efficient but changes nothing else. . . . There is no reason to have to ask before making a link to another site."

--Tim Berners-Lee