Slashdot Mirror
More on Kazaa and Brilliant Digital Spyware
Vertigo01 writes: "There is an interesting article from CNN.com on the current state of the Kazaa controversy, and Brilliant Digital's plans for the future. Interesting quotes from the article include a statement saying that 'Altnet's seeded software [will be] awakened some time in May' and that 'Brilliant is negotiating with music labels and movie studios to market their material as well. The files will be copy-protected in some way, using Microsoft's digital rights management encryption technology.'"
Well, there's nothing to worry about then, is there? Given Microsoft's track record with "copy protection" and "product activation" technologies the patch will be widely available before the official launch date anyway. ;)
UNIX? They're not even circumcised! Savages!
I found this interesting, although not surprising... If companies such as Brilliant and Sharman Networks were to release 'clean' versions of their products, and they were totally upfront in an easy to read EULA (who reads those anyway right?), would you use it? Would you swap bandwidth and disk for the privilege?
Furthermore, would the 'average' person? Spyware, what's that? etc...
They won't realise that their bandwidth and disk space is eaten away slightly, they wont care when they do cos they're still getting free music. It is far too hard for the average user to install a new sharing program let alone find the name and site of one. "It's all too hard and this program works and im confortable with it."
Anyway if they are using Microsoft's digital rights management encryption technology then I look forward to having a look at what they send.
considering the fact that most people use kazaa to illegally download music, which does (!) harm musicians, using your spare CPU-cycles and bandwidth to pay these guys isn't even that ridiculous.
Thinking that ANY of the money raised through these trojans will go into the hands of musicians is ridiculous thinking on your part. It will either go to bolster "Brilliant's" income or go into the RIAA anti-piracy coffers. The day people turn over and decide that letting someone install a trojan onto their system in return for using a supposedly legitimate piece of software is the day we should just pull the plug. The Internet is broken. Kick the commercial noobs off.
As a generic moderator-on-crack appears to believe wholeheartedly that the juxtaposition of this news article and a previous one is 'Offtopic', I feel it best to explain a potential 'Nightmare Scenario' on the horizon...
.exe itself hasn't changed, just a shared library that the exe uses.
Assumption One: Cancerware authors are amoral miscreants. Given the track record of the likes of Brilliant Digital, we can safely say that this is a given.
Assumption Two: One of the biggest advantages of a modularised Windows OS appears to be the ability to switch out the insecure MSHTML renderer as used in Internet Explorer to replace with Gecko and their ilk. Forcing Microsoft to publish the full API would enable a seamless changeover between rendering engines.
Let's follow this closely. The rendering engine runs as locally executed code, which brings with it additional security issues. I imagine, when push comes to shove, there will be plenty of Microsoft oriented warning messages along the lines of "It may be dangerous to change your rendering engine!" should a user want to make the switch.
However, fully expect the AOL / Netscape hegemony to complain loudly to the courts that this is FUD, and that it is PERFECTLY safe to switch to Gecko without notifying the user short of a generic EULA type click-through. Microsoft, having received a battering from all corners, will be forced to comply and take the warning out.
Which brings us back to Assumption One - Cancerware. Cancerware authors are forever looking for increasingly sneaky and devious ways to install their filthy code onto previously stable computers.
So, take one 'killer app', currently a P2P client, but who knows what the next one will be. Add a clause during installation that some vague 'browser enhancement' software will be installed as a requirement of the killer app. Many people will click through without reading, or just think "Enhancement - Cool!" and let it install.
What does this browser enhancement do? It acts as a fully functional replacement for the MSHTML module. Thanks to the efforts of Microsoft's competitors, it will install seamlessly, running code with local privledges.
What can it do? Anything that cancerware does already. Spying, gathering important data like CC numbers, taking control of your machine, uber DDoS, etc. etc. The possibilities rest purely with the devious malevolence of the author. It will, of course, be auto-updating, so even if it's caught out initially as being just another Purple Ape, it can download enhancements to itself to get past most security problems.
Remember that NO-ONE in the hacking community knew about Brilliant Digital's plans until they made their press releases. Sleeper cancerware, ready to awaken when the stars are right. As MSHTML is part of the Operating System now, for good or ill, it will be loaded on startup, even if the user doesn't open a browser.
But won't this be noticed by firewall software? Well, assuming consumer-grade firewalls work like Zonealarm, then no. Zonealarm checks for EXE files attempting to access parts of the net that they shouldn't be. But of course, Internet Explorer, being the most common Internet application, will be allowed through. The
And of course, the only way to uninstall this version of MSHTML would be to delete it, thus breaking anything that wants to use it. Like, err, everything!
Regardless of any non-Microsoft eliteness, the fact remains that Windows is the most popular PC Operating System for now, and shall be for a long time. This scenario outlined above is one of many potential fallabilities. I can assure you that minds far more devious than my own are concocting their own plans.
Cancerware is nothing more than barely-legitimized cracking. It seems that replacing "3133t hax0r sp33k" with the terse pseudo-legalese wording of EULAs makes this all acceptable. It isn't. And the sooner more people realise this, the better.
Of course, any company releasing something like this shall eventually become a target for the authorities. But the arrest of the author of the Melissa Virus didn't magically undo all the damage it caused, right?
"Why did they cancel my favorite Sci-Fi show? I downloaded ALL the episodes!"
If you haven't already checked out giFT check it out. It is an open source fast track network implmentation. It is no longer able to connect to the Kazaa network because they changed their protocol to come encrypted stuff, but it still rocks.
Yes it is still under heavy development, and last I checked you still had to grab the code out of CVS.
Their network needs a lot of users to test the software etc... go head and grab that source!
Using The Fish I was able to find two separate translations:
one: "All your base are belong to us!"
two: "Resistance is futile!"
This means something, I just know it.
I don't understand this at all. When a university student launches a program out into the net, and that program sneaks onto your machine and mucks with your registry and steals your CPU cycles, it's a "virus." The kid is labeled a hacker and is arrested. And now, thanks to 9/11, the kid has the additional dubious classification of a "terrorist."
However, if this EXACT SAME THING is done by a corporation, in the name of profit, it is viewed completely differently! Why? What's the difference? It's a VIRUS! Software forces itself onto your machine and changes things without your permission. That's a virus. That's illegal. Why are we tolerating it???
Like woodworking? Build your own picture frames.
Most worrisome part of the article: Nikki Hemming, chief executive of Sharman Networks, advocates a copyright tax on all ISPs. So all ISP users will be forced to pay the RIAA!
And on the copying and fair use front, Hemming is lobbying Congress for an Intellectual Property Use Fee to settle the quandary of responsibility for distributing copyrighted material. The proposal calls for charging ISPs a fee to compensate copyright holders.
The IPUF would be a "universal levy that would be applied to everyone in the value chain that benefited from the content available" on the KaZaA network, Hemming says.
In an open letter to Congress, Sharman Networks writes:
"We suggest that it is time for Congress to step in and halt the 'whack-a-mole' litigation excesses of the music and movie industries through new legislative initiatives that compel content availability, while establishing a compensation scheme that requires a contribution from all the many industry sectors beyond P2P [peer-to-peer] software that benefit from content availability."
You flagged the correct paragraph, but I believe you flagged it for the wrong reason. The paragraph worries me because it's potentially a tax on all ISP usage, whether the person is using it to host a small website, SSH to a Unix box for multiplayer nethacking, play legally purchased copies of online videogames, or engage in P2P filesharing.
Furthermore, determining who's copyrighted material is being shared will be iffy at best: If we go off commercial sales then effectively protected works (such as online videogames require unique CD keys) would receive a disproportionately higher share of piracy compensation. If we go off of what's being shared then copyright holders would have an incentive to pretend to illegally share their own copyrighted works.
As to why I believe you reason (lack of compensation for creative artists) isn't relevant: The entire point of laws to protect intellectual property is to protect the person who holds the rights to that work. By default, that would be the person who created the work. However, sometimes the creator is unable to pursue the commercial use of the work. In this case, the creator can sell his ownership of the absolute rights of the work to a new party. Once he's done so, he's no longer a part of the discussion -- it's not the creator's work anymore.
Now in the case of the recording industry, the artists are "selling" their works in exchange for receiving royalties based on the future sales of that work. They probably have other rights relating to the work that they reserve. This entire arrangement is managed by the infamous "recording contract". However, if you have a problem with recording contracts screwing over the creative artists, the place to address would be some sort of anti-trust or anti-monopoly suit or legislation, not piracy compensation legislation.
What is to stop Kazaa and Brilliant Digital from using their software to scan the music & movie files on your hard drive, develop a signature and transfer that back to the RIAA and MPAA? Could Kazaa be a trojan horse company set up by music companies to spy on the p2p habits of music lovers? If they now claim that using the bathroom during a commercial break is a technical violation of the copyright laws, this doesn't seem to far fetched.
Strange women lying in ponds distributing swords is no basis for a system of government.
But disregarding that opinion for a bit, I must still oppose paying copywright holders instead of creators.
However, sometimes the creator is unable to pursue the commercial use of the work. In this case, the creator can sell his ownership of the absolute rights of the work to a new party.
Yes, but we must ask ourselves WHY this is the case. It used to be because in individuals weren't capable of distributing their music to the masses for sale. With the internet, this is no longer the case--anyone can put their mp3s on the internet. However, individuals have little ability to make a consumers receiving the mp3 conditional on their paying--so they still must sell their rights to the recording industry.
But if this potential legislation passes, it is an admision by the RIAA that it is no longer capable of providing this service on it's own! It can't stop consumers from getting songs without paying, it needs the government to bail it out. So it isn't needed to help distribute music, and it's no longer capable of restricting the distribution of music. Therefore the Recording Industry serves no purpose whatsoever, and the faster their employees are on the streets looking for jobs that actually accomplish something, the more productive our economy will become. However, if this pointless industry is kept alive by governmental fiat, like such piracy compensation legislation, it will be a great waste and a greater injustice.
In other words, because the ONLY remaining purpose of the RIAA members existance is to make people pay artists, the screwing over of artists MUST be addressed in piracy compensation legislation.
Of course, this all assumes that procedes to the copywright holders will be based on the number of times their song is downloaded--more likely, the government will just say "well, AOL Time Warner made X dollars before napster from record sales, so we can just assume they would make X inflation-adjusted dollars today if it were not for piracy". Thus, whether or not AOLTW actually produces more likable music, they still get paid, and THEN we'll see how much we can really screw over those artists!
This prospect offends me not merely because it is corporate welfare, but because it gives control of Art itself to an unelected, unappointed few.
So, both of you are right. The sentence he flagged was pretty evil, but everything else in the idea sucks too.
Matt Oppenheim, RIAA senior vice president of business and legal affairs.
"If I rob a bank, the fact that I haven't been arrested yet doesn't mean I haven't done something wrong," Oppenheim says. "Sharman Networks should take no comfort in the fact they haven't been sued yet."
Perhaps a better analogy would be...
Person A works in a bank. Person B is a friend of person A and says "Can you give me some of the money from your bank". Person A says "sure, come on over". So person B drives to the bank and person A gives him some cash from the vault.
The FBI decides that a theft has taken place and imprisons the Ford motor company for making the vehicle used by person B to drive to the bank.
You can't win Darth. If you mod me down, I shall become more powerful than you could possibly imagine
Pointing people there could save hours of explanation...