Stealware: Kazaa et al Stealing Link Commissions

goombah99 writes "We all heard about spyware, well now Kazaa, Morpheus and LimeWire are sneaking a new type of nastiness onto your computer, software that - without you even knowing it - redirects commissions for online purchases you make from other vendors you make back to them. For example, if you buy a CD from an affiliate of Amazon.com, say some charity, the software fools Amazon into crediting the commission to Morpheus, not the charity! The story quotes a LimeWire Developer who admits 'While I agree that this is really a bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.' The insidious part is the stealware program remains even if you delete the original P2P software. And you supposedly gave your permission when you clicked through the EULA."

Fer Chrissake, it's FRAUD!

[R2.0]

'While I agree that this is really a bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.'

"While I agree that slapping my wife around isn't very nice, it does get me my dinner on time."

"While I agree that insider trading is against SEC rules, how else am I going to get the 2nd Aston-Martin?"

Re:Fer Chrissake, it's FRAUD!

Score: 4 - funny

WTF! This is funny it's serious and the poster is right this is dam right illegal, people are being defrauded and the government(s) should step in and shut these people down.

Do they not have any morals? How can they do this sort of thing and sleep at night?? You're STEALING money from charities FFS.

Re:Fer Chrissake, it's FRAUD!

[TekPolitik]

Isn't Kazaa owned by a Sydney based company now? This is definitely illegal in Sydney under the Crimes Act 1900 (NSW). AustLII's misbehaving at the moment so I can't find the links online, but:

s178BA - Obtaining money by deception - 5 years

s178BB - Obtaining money etc by false or misleading statements (it doesn't require the statement to be in writing, false claim as to referrer will definitely count) - 5 years

s180 - Causing payment etc by false pretence etc (the false referrer will count here too) - 5 years

This could be prosecuted under any one of these.

Re:Fer Chrissake, it's FRAUD!

[Psmylie]

What I wonder about this is that the end user installed the software that is doing this, and agreed to an EULA that said that is was OK. Does this make the end user liable for any infractions?

Re:Fer Chrissake, it's FRAUD!

[TGK]

No... it's not. For a number of reasons.

1.) You -=knew=- that the charity was not going to get the commission if you didn't buy it through their site

2.) You, the purchasing party, made that decision on your own. No one made it for you.

3.) All of the money involved was your own, and (again) it was your choice.

With this theftware, the situation is different. EULAs are paper tigers in court and we all know it. Even if they weren't, I'm not entirely sure tha this kind of scheme is legal in the first place, as there appears no way to cancel the contract once the software is uninstalled.

These companies are not putting up the money to buy the CD, they are taking it out of someone elses pockets. By any definition that is theft, particularly if you can demonstrate the irrelevancy of the EULA.

Re:Fer Chrissake, it's FRAUD!

[dclxv]

Does every indecent act require government action? I think it should be up to Amazon or whoever to police thier services, not the government. Let Amazon shut them down instead of an act of congress.

Re:Fer Chrissake, it's FRAUD!

[Fizzlewhiff]

1.) You -=knew=- that the charity was not going to get the commission if you didn't buy it through their site

EULA or no EULA this kind of sales tactic should never have been implemented. It is unethical. The charity doesn't know their commissions are being highjacked and Amazon doesn't really know the charity's commissions are being diverted. Thankfully Amazon is cutting off Morpheus for this.

Somewhere out there is a person or group of people who built this software. Shame on you. It is unethical practices like this that is going to force the acceptance of technologies like Palladium.

Re:Fer Chrissake, it's FRAUD!

[reallocate]

>> Does this make the end user liable for any infractions?

Unlikely, I'd think, since the user was also a victim of fraud and deception.

Re:Fer Chrissake, it's FRAUD!

[Beliskner]

My instinct is that this is not illegal. It's unethical, and gives me an uncomfortable feeling somewhere in the pit of my stomach, but not illegal. It also gives me the feeling that they could sell my pr0n browsing history, and credit card data. It could explain the extra SPAM I've been getting with my browser URL being

https://lcll.hotmail.com?login=hAcKoR@hotmail.co m&pass=screwyou&MicrosoftDRMkey=4783643&creditcard =46387326483264&expiry=12/67 yeah, great https NOT

So, if anyone with Micro$oft Windows wants to become President, expect Morpheus to release your lifetime URL history to the press, or blackmail you, yipee!

Well a least these dot coms have finally figured how to make *REAL* money.

Hollywood warned us that the corporations were gonna screw us one day, but did we listen? NOOOOOOOOO. From a point of view of law, a link can alter your URL, some javascript can alter your URL, some Java can alter your URL, etc. It's either legal or illegal to change your URL, we have pop-ups, redirections, META REFRESH, it seems to me that changing URLs happens all the time. IANAL

Re:Fer Chrissake, it's FRAUD!

[John+Hasler]

Why? The end user read the EULA.

Re:Fer Chrissake, it's FRAUD!

[reallocate]

This is why we have lawyers and courts, but it seems to me that the user is as much a victim as the affiliates. I don't know what the Kazaa EULA says, but I doubt it acknowledges that the user is agreeing to engage in illegal activity.

Re:Fer Chrissake, it's FRAUD!

[tomhudson]

Can you prove:

1: the end user read the eula

2: the end user was of legal age

3: the person surfing was the orignal end user

Re:Fer Chrissake, it's FRAUD!

[BrianH]

Hey, I'm a "big L" Libertarian myself, but I have to disagree with you here. There are certain areas where the government SHOULD get involved, and where we do need it's services. These include military defense, foreign relations, LAW ENFORCEMENT, and a few others.

At the minimum, this meets the legal definition of fraud (IANAL, but the guy down the hall is, and he just told me that this meets the "legal yardstick"). At the most, we may be looking at criminal theft. Either way, this consitutes a real crime and is the kind of thing that governments were meant to deal with.

Re:Fer Chrissake, it's FRAUD!

[corey_lawson]

Once again, a contract that "allows" one to commit an illegal act as part of the contract terms is not legally binding.

In this case, while the KaZaa EULA might "authorize" them to intercept the grant from your side (whether you read it or not), I'm pretty sure they did not get the permission from the party on the other side to do the same thing...

They aren't really ripping the KaZaa users off, but they are defauding the other parties they are denying the $$$ to.

Crap like this is going to Kill P2P

[FirstNoel]

IF this is true...

These guys are their own worst enemy. The RIAA doesn't need to do anything. These companies will end up destroying themselves. This is not the type of PR these guys need.

Sean D.

Re:Crap like this is going to Kill P2P

[N3WBI3]

Your absolutly right, there is no way I will use limeware or the like with this functionallity. Hopefull a fiels sharing program which is more on the opensource model will come up (I am sure there has to already be one) to prominance.

Is this unlawful?? I dont know. Its in the EULA so you agree to it... But it is in the end an aweful buisness decision..

Re:Crap like this is going to Kill P2P

[Ooblek]

This type of stuff probably won't kill them. I'm pretty sure a company can't go on forever when their sole means of income is banner ads and affiliate commissions. I'm sure at some point they are going to have to pay market salaries to some of the people, which their income model will likely not support. I know nothing about their staff or their qualifications, but I would guess they have a staff of developers that are more dedicated than they are interested in making a lot of money. As they grow older, the lean-and-mean startup atmosphere drags on them and they make their experience pay by going to another company for a market salary. This leaves the P2P software makers with less experienced people, and the turnover rate gets bumped up and so on.

Its sad, but unharnessed P2P file trading is just too cool a thing to last forever. So my wife sits at home and tries to fill up our new 80GB hard drive while I'm at work.

Re:Crap like this is going to Kill P2P

[nanojath]

The basic issue is pretty simple: free doesn't work very well as a business model for for-profit companies. You need to be able to provide some kind of value-add that people will pay for if you're going to make it. What are the alternatives? Pop-ups, Spy-ware, and Scum-Ware - of which this is the scummiest I've heard of yet. What's next? a software component that actually automatically programs your computer to steal candy from babies?

Kazaa, Morpheus et. al. are a simple concept: try to take advantage of people's enourmous predisposition to violate copyright laws via digital technology to skim some cash by any means whatsoever. It's a rotten business model and a rotten way to behave and it isn't much of a surprise that the rotten people responsible for it are as dishonest to their users as they are about what their software is really used for ("now don't use this to illegally copy protected media, kids, wink wink nod nod").

Re:Crap like this is going to Kill P2P

[ReelOddeeo]

These guys are their own worst enemy. The RIAA doesn't need to do anything. These companies will end up destroying themselves.

Yep, yep, and yep.

This is not the type of PR these guys need.

Wrong. This is exactly the kind of PR these guys need.

Crap like this is going to Kill P2P

Only commercial spyware, adware type P2P.

Re:Crap like this is going to Kill P2P

[MrResistor]

The PR is irrelevant.

15-year-old morons who have already destroyed their brains with drugs and alcohol (like, for example, my old bosses son) don't give a rip about this kind of stuff. They will still be installing Kazaa on their school networks, their dad's company's computers and where ever else they manage to get access to. It doesn't matter to them that Kazaa is stealing from the charity that their step-mom always goes to Amazon through. Hell, if they knew they'd probably think it was cool!

So, no, since that's pretty much their target market, the PR isn't going to do jack to them. The charity finding out that Kazaa is stealing their commisions and sueing them and/or sicking the FTC on them for fraud, however, just might be the straw that broke the camel's back.

It's a shame, really. There is so much legitimate possibility for P2P, it's really sad to me that it is now so tainted by this kind of scuminess.

Moral issues anyone?

[evil_one]

'While I agree that this is really a bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.'

That's part of it, it does affect the users - money that they may have WANTED to go to a particular affiliate is now going to these guys. Yay.

The other part is what about the affiliate contract? doesn't this violate it?

Re:Moral issues anyone?

[MushMouth]

I talked to Colin the head of the Amazon Associates program a few months ago, and they absolutely do not find this acceptable, however they have somehting on the order of 20,000 associates, so it takes a little while for them to see trends that would ferret this behaviour out. He said they had seen it before and told the companies to stop, or they would cancel their Associates account.

Re:Moral issues anyone?

[NineNine]

In the adult industry, as you can imagine, there are all kinds of "cheaters". The affiliate programs went to keep a good name, so something like this would be ended immediately, without question. Amazon needs to close their affiliate account, and not send them another dime. Generally affiliate programs have this agreement too (hey, you agreed not to cheap when you signed up, Kazaa, you fucking bastards). Also, if I were using Amazon as one of my affiliates, I'd dump 'em in a heartbeat and tell them why.

Kazaa Lite

[Gildenstern]

That's why if your going to use Kazaa you should really use Kazaa Lite. It's Kazaa without all the spy stuff installed.

Re:Kazaa Lite

[peptidbond]

I am not sure if this is scamware is removed in KazaaLite! I *think* normal Kazaa uses the Cydoor DLL for adware. Kazaa Lite replaces this DLL with a dummy. I can't see Cydoor putting this in their DLL. I think Kazaa probably added it to another part of the program. Just my thoughts. Anyone have clarification?

Re:Kazaa Lite

[oconnorcjo]

That's why if your going to use Kazaa you should really use Kazaa Lite. It's Kazaa without all the spy stuff installed.

Ok so you are saying to not do it yourself but to endorse the community around it. If the community grows (whether from "Lite" users or not), it will be good for the Kazaa company. Do you really want to support a company that is twisting the internet in such an underhanded way? At first I was like you. They put in some spyware and they said that they would take it out (which as far as I am aware, they never did) and so I downloaded the Lite and thought 'mostly harmless'. Yet now they are showing thier true colors. The Kazaa company thinks that any underhanded way they can possibly make money is fair game in bussiness and war. I don't want to support a company with no moral standard and embraces such a corporate culture. I want the whole kazaa p2p to whither and die and to be never heard of from again.

Re:Kazaa Lite

[BurKaZoiD]

I agree. I don't feel bad about pirating mp3s and stealing from a bloodless record label, but stealing from charity?!? Lines have to be drawn...

Re:Kazaa Lite

[mithras+the+prophet]

And all the while, the artist who actually created the MUSIC that all of you are taking gets NOTHING.

Does this strike anyone else as wrong?

If you want to use P2P, go ahead, but don't be surprised that the system breaks down if no one is paid by anyone.

Re:Kazaa Lite

[MrResistor]

No, you shouldn't use Kazaa at all. Even using Kazaa Lite supports Kazaa by expanding their installed user base, which ultimately means there will be proportionately more people using the non-Lite version.

What you should have said is: If you must use P2P, join a P2P community that doesn't support this kind of BS.

Re:Kazaa Lite

[Melantha_Bacchae]

mithras wrote:

> And all the while, the artist who actually created
> the MUSIC that all of you are taking gets NOTHING.
>
> Does this strike anyone else as wrong?

Yes, it is very wrong that the record labels steal the copyrights from the artists (using a "work for hire" law).

It is very wrong that the artists are so bound by contract that they cannot even use their own voices - they belong to the record labels.

It is very wrong that they are bound for an undetermined amount of time (by the number of albums which may never be produced), during which the label profits. In the end, the artists frequently are in debt.

The real thieves here are the labels that steal from the artists, and P2P companies that steal from charities. The kiddies that trade files are in gross violation of copyright law, but they probably wouldn't be buying many CDs anyway.

> If you want to use P2P, go ahead, but don't be
> surprised that the system breaks down if no one
> is paid by anyone.

The system as it stands is in desparate need of breaking down. The five major labels that have a strangle hold on the music industry need to be replaced - with small businesses that serve the artists. Then the artists can hold their own copyrights, make the profits they deserve, and the customer can have fair prices at last.

"They bind our hearts: 'Let's sell them again and again!'
Our plan understands the sea; we can wait for her coming."
From the song "Infanto no Musume" in the Japanese version of "Mothra" (1961).

The price of freedom.

[403Forbidden]

It's sort of a Catch-22 here. The user is using the software, agreeing to the EULA, and "illegally" (it's arguable) downloading music... What person out there would take a company to court that is allowing them to distribute and download music that a lot of the major companies don't want you to do?

I'm uneffected by this because i'm a happy WinMX user. I've never had a problem whatsoever, unlike AudioGalaxy and Bearshare (this is awhile ago) that deleted some of my system files, thus making me have to reformat!

Re:The price of freedom.

[Codifex+Maximus]

>What person out there would take a company to court
>that is allowing them to distribute and download
>music that a lot of the major companies don't want
>you to do?

Insightful.

>I'm uneffected by this because i'm a happy WinMX
>user. I've never had a problem whatsoever, unlike
>AudioGalaxy and Bearshare (this is awhile ago) that
>deleted some of my system files, thus making me
>have to reformat!

Yeah, isn't that something? It's faster to reformat a Window's partition than it is to deltree c:\windows and c:\progra~1. It takes hours to deltree and mere minutes (usually) to format.

I just boot LOAF (Linux on a Floppy) if I have to rm -fR the windows and the program files dirs on a windows partition... much much faster.

As for the stealing of commissions intended as charitable contributions, I have no first hand information on it but... if it is going on, it diminishes the spirit of charitable giving and probably breaks the law. Flame on!

Re:The price of freedom.

[nolife]

What person out there would take a company to court that is allowing them to distribute and download music that a lot of the major companies don't want you to do?

There is more to P2P then mp3 files. I have been using KaZaa lite for almost 6 months. I have NOT downloaded or shared a single MP3 file on it. I use it extensively for amature videos and pictures (not prOn either). Mostly car street and track racing and small movies. P2P is excellent for this as most people can not afford a monthly transfer fee from a hosting company, I do not have to browse through hundreds of pages with Google, and I do not have to use my monthly Giganews account.

I am assuming that KaZaa lite does not have this ill effect.

Re:The price of freedom.

[scrytch]

Not that I'm saying that DeleteFile is fast or anything, but mke2fs doesn't take as long as rm -rf / ... One just wipes out the superblocks and lays new ones down, the other iterates through every file and makes several system calls for each.

I'd imagine NTFS makes managing windows partitions from linux a whole lot harder...

Now how is this not stealing?

[shaping_innovation]

"Now, the company said, the softwareoffers a choice to the consumer before each purchase: whether to give the commission to the affiliate or to himself in the form of a rebate, with a portion of the rebate going to Morpheus"

What would happen if I walked into a car dealership, bargained a nice proce for my new Kia, and told the salesperson that instead of him getting a commission, I'm going to take that money as a rebate? Wouldn't that be stealing, or am I missing something here?

Re:Now how is this not stealing?

[403Forbidden]

Now how is this not stealing?

It's pretty funny to see everybody asking this, while they are only bitching because they can't get their free music without ads and spyware... Don't you think that that's the same thing the RIAA is saying? "how is this not stealing..."

Re:Now how is this not stealing?

[ShavenYak]

Don't you think that that's the same thing the RIAA is saying? "how is this not stealing..."

The difference: if the software tricks Amazon into awarding affiliate sales commission to Morpheus instead of the intended recipient, the intended recipient has lost money that they would definitely have received.

When you download "See My Boobies One More Time", Britney and her record company are only being deprived of income if you would have bought the album without the P2P service. In fact, with P2P you might check out more of the album, like it, and wind up buying it when you wouldn't have done so if your only exposure was the two overplayed songs on the radio.

To sum it up, what Kazaa, etc are doing takes the money away every time. The P2P user isn't always a true financial loss to the RIAA.

Note that I'm not saying this makes copyright infringement ok, I'm saying it's a "lesser evil" than the fraud being perpetrated on Amazon affiliates.

What's Next?

In other news, Limewire captures credit card numbers on the fly and charges 1$ for every purchase you make.

"We do think this is stealing, but they are stealing music anyways so it can't be wrong? Plus it pays our salaries."

Self Limiting?

[Christopher_G_Lewis]

One would think that the online stores would get wize to this:

"Last week, Amazon cut off affiliate payments to Morpheus, one site that employs the shopping software, said an online executive. Coldwater Creek, an online clothing store, has also blocked Morpheus."

Re:Self Limiting?

[Rader]

Yea, but maybe the company isn't called "Morpheus". Maybe it's Bob Shill. Who is Bob? There's lots of Bob's.

Re:Self Limiting?

[ceejayoz]

I'd bet Amazon.com can check where an affiliate is referring from. If someone refers from hundreds of different sites, I imagine it'll be noticed.

Amazon.com could fix this problem easily by having the affiliate enter their URL when they sign up... check the URL against the ID and see if they're the legit owner of that site.

Re:Self Limiting?

[aallan]

Amazon.com could fix this problem easily by having the affiliate enter their URL when they sign up...

You do enter the URL of your site when you sign up for affiliate status.

...check the URL against the ID and see if they're the legit owner of that site.

I'd always assumed that they did this already, obviously not...

Al.

Re:Self Limiting?

[ceejayoz]

Yes, they ask for the site URL, but they don't do any sort of checks on it. Hopefully that'll change pretty soon...

huh?

[Iamthefallen]

How is this not fraud or theft?

By the way, kinda strange that you can't really BUY many of the p2p apps, but rather they come only as ad/spy ware sponsored by the same few companies. The claim that the developers need to do this to make money is thus utter BS. Make a good p2p client and sell it instead of loading it with crap.

Re:huh?

[ShavenYak]

Make a good p2p client and sell it instead of loading it with crap.

The problem is, if you sell a P2P client, the RIAA lawyers will be on you like... like RIAA lawyers on Napster.

Re:huh?

[Rader]

It'll just show up cracked on the P2P network.

Just like Kazaa Lite shows up on the Kazaa network.

Other software in the "cracking" industry show up out there too, even though they think they can sell copies.

WinRar, CDClone, newsgroup readers, etc, always crack me up.

Whats all the fussin' and a-feudin' about?

[stratjakt]

If it's in an EULA, it must be legal.

I mean for crissakes - EULA is an ACRONYMN!

Re:Whats all the fussin' and a-feudin' about?

[Angry+White+Guy]

I think that from here on in, we should do exactly what the acronym stands for, and end user licence agreements!

Re:just great...

[Jucius+Maximus]

"i just installed Kazaa yesterday, having ignored p2p programs uptill now.. hopefully someoen will crack this.."

It's already been done.

Just Hold On a Darn Minute Here...

[LordYUK]

people with KaZaA actually buy CD's from Amazon??? Hmm... Who knew?

Humor folks, enjoy it. =)

Re:just great... (HOW TO REMOVE)

[Christopher_G_Lewis]

From the article's side-bar:

A Software Cleanup

Computer users who want to remove shopping software from their machines can do so in a few steps. Instructions for removing three of the most common programs:

BUYERSPORT - The shopping software with Morpheus:

Click the Start button.

Click on Find.

Click on Find Files or Folders.

Type in mbho.dll. Click on find now. When the file appears in the directory window, drag mbho.dll into the trash.

LIMESHOP - The software with LimeWire:

Click the Start button.

Click on Settings.

Click Control Panel.

Double-click Add/Remove Programs.

Click LimeShop.

Click Add/Remove.

SAVENOW - The software used by Kazaa:

Click on Start.

Click Settings.

Click on Control Panel.

Double-click on Add/Remove Programs.

Click SaveNow.

Click on Add/Remove.

i miss napster ...

[dlasley]

the moral and ethical rape was at least directed at an appropriate target in the RIAA

Gnucleus

[RailGunner]

It might not be as fast as the other p2p networks, but Gnucleus is free, open source, and not subject to any malware like Kazaa is...

Re:Gnucleus

[AlgUSF]

I run Linux, does it run well under Wine?

Re:Gnucleus

[dasmegabyte]

And used by nearly 7 people.

Seriously, if you're going to go with a free, open source, slow p2p network with nobody on it, try freenet. At least if you get caught they can't prove anything.

Unbelievable

[tmark]

Patrick Toland, a vice president for sales and marketing at TopMoxie, said that the company did not intend for its software to displace other affiliates' rights

Like so many claims surround P2P, this claim is utterly unbelievable: how do you build a program that hijacks sales and NOT know you're doing this ?

I just hope Amazon and whomever is affected by this sues their asses off.

You can beat them.

[casio282]

This is more than "a bit of a scam" -- it's immoral and undoubtedly illegal. There are ways to get defeat all their little scams and still use the Fasttrack P2P network. You can try Kazaa Lite, which is Kazaa without the spy/scumware. I'd also recommend using AdAware, a great little program that scans your registry, memory, and hard drives for spy/scum/adware components and gives you the option to delete them.

Using AdAware to delete cydoor.dll will likely leave your P2P client not working. That's where the dummy cydoor.dll comes in. It allows the client to start without providing any of the unwanted cydoor functionality.

For more info on spyware and scumware in general, check out the quite wonderful Counterexploitation site...

Hope this helps...

Re:You can beat them.

[oconnorcjo]

This is more than "a bit of a scam" -- it's immoral and undoubtedly illegal. There are ways to get defeat all their little scams and still use the Fasttrack P2P network.

But why endorse thier service at all? There are other p2p software and if something else becomes more popular and Kazaa dies, then we no longer have to "defeat all their little scams". It is just better to "JUST SAY NO!".

Re:You can beat them.

[duffbeer703]

Because it is cost-effective to pirate software, movies, cd's and porn rather then buying them.

Kazaa is the best P2P, because it has the most stuff on it.

Easy solution

[dcavanaugh]

Full disclosure of affiliates at the time the transaction is concluded. If Amazon and the others actually showed which affiliate was going to get a commision, people would spot the monkey business right away. The consumer doesn't have to know the amount, but knowing which affiliate is getting the credit would make this a self-policing situation. If the stealware people are so bold as to falsify Amazon's message back to the constomer, then it's time for the laywers.

I don't know if the big online retailers actually care about affiliate programs or not. If they do, then stealware is intolerable. Otherwise, the programs are useless.

Re:Easy solution

[dcavanaugh]

"And probably a member of the hitler youth."

I have no such affiliation. In fact, I'm not a fan of either Microsoft or Hitler.

Annoying the occasional moron makes it all worthwhile. Go play with your X box.

KaZaa Admits to Stealing Candy from Sick Children

[Saint+Aardvark]

New York (AP) -- KaZaa executives, insisting on anonymity, admitted today to sneaking into pediatric wings of at least three hospitals to steal lollipops, Tootsie Rolls, and Mars Bars in an effort to keep programmers on staff and happy.

"We knew it was wrong," said one vice-president, "but we had to keep the free snacks flowing for the programmers, or else we were screwed. We couldn't stop -- they'd all jump ship."

The executives insisted they had done nothing wrong. "Those kids are sick! What the hell are they getting candy for, anyway?" he asked rhetorically. "We left them instant cous-cous and bean soup. They've got it pretty good, if you ask me."

FSF founder and computer guru Richard Stallman was unavailable for comment. "He's out redirecting CDNow affiliate refferals to pay for his movie rental late charges," said an anonymous source close to the programmer.

I guess Amazon will be changing their contract...

[sdavid]

I'd imagine that Amazon et al will be chaning their contractual terms specifically preventing this sort of behavior. The whole 'affiliate' program is dependant upon the warm and fuzzy feeling one gets by helping out a site you use, giving additional sales to Amazon. If users begin to question who will get the commission, then it fails as a marketing scheme for Amazon (and the others, presumably). I don't think this will be around for long.

Kazaa

[CTRamsden]

I absolutely do not comprehend why people continue to use this software.

The very fact that it WAS spyware has kept me from using, even since they had supposedly gotten rid of it. Of course, I am a fairly paranoid individual. I see this as a good thing, however.

There are plenty of alternatives out there that are not spyware and don't go screwing with things they shouldn't be.

Suggestions for the not-so-techincally adept?

[BlackHawk]

I've installed and removed Morpheus on my machine. I installed Limewire, and it's still installed at the moment.

I can uninstall software; that's no problem... if I can find it. Can anyone direct us on how to remove the stealware from our systems? Oh, and I have Limewire installed on both Linux and Windows machines.

Re:Suggestions for the not-so-techincally adept?

[Bullschmidt]

Try adaware by lavasoft. Think of it as a virus scanner for spy/ad/stealware. Not a bad product.

Amazon won't stand for this

[Dudio]

If Amazon allows software companies to redirect affiliate rebates, the incentive for people to link to Amazon's catalog goes away. I can't imagine they won't shut down the accounts of vendors like Kazaa who circumvent the process, once the practice becomes public (as it now has).

Re:Amazon won't stand for this

[jayayeem]

I hope you are right... Hopefully amazon will add an intermediate screen to the order process, telling the user who is recieving their commission.

Re:Amazon won't stand for this

[Rader]

Maybe Amazon just hasn't secured the patent to it yet.

Furthurnet.com

[Bullschmidt]

I'd like to point people's attention to furthurnet.com. I'm sure it won't have the popularity of the other sharing systems, but its a legit system and you get unique material.

Furthurnet.com is a system where fans of bands which allow bootlegging of live concerts post full sets from those shows.

Pros:
*Free, no ads, no spyware, nothin
*Legal - music is only by bands who approve
*New stuff - you can get stuff no on CD's yet
*Live stuff - could be a plus or minus depending on the artist, but its a new perspective.

Cons:
*Bigger - they're recorded in a non-lossy format shn, so a full concert is anywhere between 200-600 meg
*Recording quality not as good - depending on the band, the recorder and show, the acoustics and equipment aren't as good as live CD's and certainly not as clean as studio.
*Fewer artists

I just discovered this a few days ago looking for Jack Johnson stuff. I love it. Take a look. Its on Win and linux (maybe Mac too, not sure)

Re:Furthurnet.com

[KelsoLundeen]

Furthernet is interesting, but because it purports to share only those bands *who encourage sharing* it effectively limits its audience and usefulness.

Granted, it's attempting to do the right thing, but in the world of P2P, the right thing is murky at best.

There's nothing worse than do-good moralizers on either side of the issue, and Furthernet seems like one those do-gooders that sound (to me, at least) like nails against a chalkboard.

OTOH, I don't advocate theft. But I'm not entirely sure these days what's theft and what's not. I'm not convinced of RIAA's stance, and I'm irked by someplace like Furthernet that takes a moralistic approach. Besides, I'm not sure that Furthernet is any *more* legal than, say, Kazaa when it comes right down to it.

Just because a band encourages taping doesn't mean that the RIAA will abide by this. And it doesn't mean that sharing is legal. It's all nice and great that the Grateful Dead and all the aging hipster bands think they understand this cool crackerjack technobabble and want to give back to their fans for the many years of support and encouragement, but the RIAA could care less what the bands want.

Re:Furthurnet.com

[Bullschmidt]

I would argue that furthurnet isn't moralistic (in my 2 or 3 days of using it! ;-) but rather an extension of a much older culture of tape trading. AFAIK, I believe it more or less started w/ the Grateful Dead a long time ago. People would trade copies of tapes to each other from different concerts. I have an uncle who has a wall full of em. So my guess is that they're not trying to be moralistic, but rather are simply continuing a very old tradition.

But thats my $.01 (its not worth 2)

Re:Furthurnet.com

[jbolden]

If all the content is legal why use P2P proticols with all the anonymous overhead (roughly 50% of the network traffic) instead of just http, ftp...? I guess I'm trying to figure out what the point would be of doing this P2P?

Re:Furthurnet.com

[mosch]

bandwidth.

If you ever want to test a new 10mb connection to see if it can really do 10mb sustained, throw up some recent high-demand shows (record Phish New Years this year or something), and then send out an email giving your ftp server address and a login. You'll be burning bandwidth within the hour.

By going peer to peer, nobody has to find a way to pay for a huge amount of bandwidth (or a huge amount of centralized storage for that matter).

Re:Furthurnet.com

[Tackhead]

> Bigger - they're recorded in a non-lossy format shn, so a full concert is anywhere between 200-600 meg
>Recording quality not as good - depending on the band, the recorder and show, the acoustics and equipment aren't as good as live CD's and certainly not as clean as studio.

I've always wondered about this - I know this sounds like a troll, but it's a sincere question:

...but, like, WTF's the point of reproducing outdoor concerts in a non-lossy format? I mean, is it really that important, after the distance between that soundstage and tape setup has eliminated most of the high frequencies, that you losslessly capture every hand-clap and "yeeeehaw, you're taping all this, right, man?" from that drunken jackass beside your mic? :-)

(OK, that doesn't apply to getting the whole show straight off the soundboard, but still, you see where I'm coming from here, right? Is this all just an outgrowth of the tape-trading tradition of never adding generations unless necessary? I grok that - and likewise, would prefer to keep an "original" MP3 than burn it to WAV on CD, lest that WAV get re-ripped and re-encoded to a 2nd-generation MP3. But lossless for live recordings just seems bizarre to me.)

Re:Furthurnet.com

[MrResistor]

If the band encourages, or even allows, taping at their concerts then the RIAA can't do a damn thing about it. The label doesn't own copyright on live performances, because it's impossible to own copyright on the live performance itself. Copyright only applies to the recording, and if the label isn't involved in the recording process they get no say in how the recording is used.

If Furthurnet really does restrict their content to concert recordings of bands that encourage recording concerts, then Furthurnet is perfectly legal, and the RIAA can shove their "stance" on it right up their behinds.

Re:Furthurnet.com

[jbolden]

I guess it just seems like doubling the amount of bandwidth neccesary is an expensive way to distribute off the cost.

Re:Furthurnet.com

[jbolden]

I guess it just seems like doubling the amount of bandwidth neccesary is an expensive way to distribute off the cost. Glad to hear its working out well.

Re:Furthurnet.com

[jbolden]

In a real server setup its usually the client's speed that is the limitation not the server's (unless their are multiple people pulling it down in which case P2P tend to break down even faster).

Re:Furthurnet.com

[psamuels]

So, to touch on your fear that "sharing may not be legal" and that "the RIAA could[n't] care less what the bands want," in this case, the sharing is legal, and the RIAA can't do nuthin' about it. The RIAA does not have copyright on a live recording, simple as that. The copyright for that show belongs solely to the band that played

Are you sure about this? What about whoever wrote the music the band is playing? I think in most countries you need a license from the copyright holder of the music in order to put on a public performance of it. This is what ASCAP and BMI are all about, right?

So unless the band you are tape-trading (a) writes all their own music and lyrics and (b) didn't sign away those copyright interests in their label contract, I don't think the situation is as simple as you say.

Re:Furthurnet.com

[ameoba]

Why in the world would somebody use a non-lossy compression on poorly-recorded bootleg concerts?

Re:Furthurnet.com

[mosch]

I hear there's a shop down the road sellin' clues. Why don't I go and pick you up one.

The bandwidth requirement is nearly exactly the same. You're a fucking retard.

Is this true?

[jandrese]

Wow, that's a pretty shocking accusation, but how did all of the P2P folks get this without anybody noticing?

How does it work? How do you detect if you have it on your system?

While I normally trust the NYT (as much as I trust any paper), I'd kind of like to have some verification of these claims from the hacker commmunity because this sounds way too much like some sort of industry scare tactic.

Re:Is this true?

[jandrese]

This isn't spyware. This actively changes something about your browser (Referrer field?) when you go to certain sites. Oh, and it's in every major P2P client in use. Did you even read the writeup? This seems to go beyond normal spyware. That's why I'm a little dubious about the article. It sounds like someone just made it up to scare people away from using P2P clients.

Have we all be trolled?

Once again....use a virtual machine

[mccalli]

Every so often I post this when P2P comes up, but it always seems relevant.

File sharing companies are, at the very best, a dubious bunch. Experience has shown tht they will try to screw up your machine in some way.

So...let them. They'll find some way of doing it eventually anyway. The trick? Just make sure the 'machine' is a virtual machine. I personally use Virtual PC for Windows, but VMWare would do just as well.

Make a blank virtual machine, install your P2P clients on it and take a back-up of that file. Then use that machine for nothing but P2P. The result? Spyware is useless, because there's nothing happening to actually spy on. The machine gets too spyware-ridden? No problem - delete the current machine and restore from that fresh backup you took.

Cheers,
Ian

Re:Once again....use a virtual machine

[wunderhorn1]

Look, buddy -- I use P2P clients because I'm too damn cheap to buy a $15 dollar CD. What makes you think I'm going to spend hundreds on virtual pc or vmware?

;-)

But seriously, It IS an interesting idea, I just can't justify the initial investment.

Re:Once again....use a virtual machine

[scrytch]

Look, buddy -- I use P2P clients because I'm too damn cheap to buy a $15 dollar CD. What makes you think I'm going to spend hundreds on virtual pc or vmware?

Well, you can always warez vmware from those same P2P networks... I really draw a hard line there -- vmware inc doesn't engage in price-fixing, deception, bribery of legislators, or otherwise declare war on its own customers.

Isn't vmware for linux only around a hundred bucks?

Ok

[sdjunky]

"And you supposedly gave your permission when you clicked through the EULA."

You may have given somebody permission as far as your browser goes but that doesn't give you the right to change a link on a persons website... You can agree all day long but it isn't *your* link nor is it *your* commission being stolen.

I find this rather repulsive but I have to admit this is rather ingenious ( in an evil scientist kind of way ). However, the fact that a user accepts it in the EULA doesn't remove the fact that they don't have a contract with the website owner giving them permission to do this.

Re:Legal?

[shimmin]

This is one of the realities when dealing in quasi-legal business models. Morpheus et al have set themselves up in such a way that they are fundamentally difficult to sue. You, the user, like this because it makes it difficult for Sen. Hollings and pals to shut them down.

The flipside of this is they can screw you over in any illegal way they like and there's just about jack you can do about it. It's like owing your bookie money. Because the debt CAN'T be legally enforced, you have to pay it.

Use vmware

[qarnage]

For all the crapware i use vmware. Sure, you've got to pay for it, but then it'll save you lots of headaches dealing with this stuff. Just use a virtual machine for the crap, and the main one for the real stuff. Probably bochs would also do, though i didn't test it.

Re:Use vmware

[alyandon]

plex86 is an offshoot of the bochs project by the original author and offers native code execution (as opposed to bochs emulation of a x86).

Re:Reprehensible

[xsbellx]

IANAL but AFAIK, you cannot enforce a contract for commiting a crime. In other words, if two parties enter into an agreement where one party pays the other party to kill someone, this contract is not binding on either party (yeah I know, the parties will have other ways of dealing with a breach). As far as I understand the situation, the party that is supposed to receive the commission will not because of nasty P2P scum. Since the P2P guys have no direct involement with the "charity" and the P2P scum are diverting money from the "charity", this is at the very least FRAUD! As a crime is being commited, the EULA is no longer binding on either party.

In a truly civilized world these bastards would die a very prolonged, extremely painful public death.

Re:KaZaa Admits to Stealing Candy from Sick Childr

[morie]

Why did I read "an annonymous closed source"?

How to rid of it

[yadayadayada]

From an article at Speedy3D.com:

1) First run a search on your C: drive for the file bpboh.dll after the search has completed it should return one result.
2) Delete the file
3) Next it's a good idea (but not necessary) to run a search through the registry for all references to Morpheus and bpboh.dll.

Users wont care

[Mattygfunk]

The few users that do actually hear about this will, in the majority of cases, not care.

All of them know they are stealing already. The fact that the software they are using is also stealing from others wont faze them in the slightest.

BTW the mentioning of 'a charity' in the article was cheap as almost all affiliates will be merchants. It was mentioned to draw emotion, when the reality is different. Poor form.

------
smokey the bear loves wallpapers australia

LimeWire

[AlgUSF]

I installed Lime Wire for Linux a couple of days ago. It is such a piece of shit, 1/15 of the downloads even start (and now I find out that the piece of shit is riddled wit spyware). Is there a descent GNUtella client for Linux that doesn't include any spyware.

I tried gtk-gnutella and it wouldn't connect, I liked bearshare when I was using windoze, and setup my firewall to prevent spyware traffic.

It's against the affiliate agreement for amazon.

[evil_one]

Here's the link: http://associates.amazon.com/exec/panama/associate s/join/operating-agreement.html/104-2963693-286633 7

Section 5, at the end:
In addition, you may not: [snip] (b) read, intercept, record, redirect, interpret, or fill in the contents of any electronic form or other materials submitted to us by any person or entity;

Limewire on linux

[^chuck^]

Is there any proof that Limewire on linux does this? I've just started using, and suggesting people use it (it is a quality app). But this will seriously piss me off its mangling my mozilla browser in anyway. I love my mozilla the way it is.

Bastards

Re:Steal from charities???

[stratjakt]

> I see virtually no difference between this and reaching into one of those bell ringers donation buckets.

Alot are saying this. But yet they *do* see the difference between downloading an album versus shoplifting it from Best Buy.

KaZaa/Morpheus/etc all reek of get-rich-quick schemes based on the success of Napster.

I'm no more shocked than when I get an e-mail promising free porn, and then end up with 9000 popups eaching wanting to charge a dollar on my credit card for 'age verification purposes'.

You can always hide behind some legalese gobbledy-gook in an EULA. All hail the mighty litigator.

What did you expect

[frp001]

Without going into whether online music sharing is bad or good, music is a product, and taking a commercial product for nothing is called theft... (and by this description I may be described as a thief myself)

However I am surprised by all the posts coming in a massive outcry. There is nothing surprising : The the whole principle of p2p is based on ignoring traditionnal morality to bring personnal satisfaction at no cost or price. So this is not even taking it a step further it just another instance of a same concept!

So what?

Re:What did you expect

[arkane1234]

No... as has been reiterated ad nauseum and is legally correct, it is copyright infringement.

Please, stop calling theft. When I walk up to you, snag the cd from your hand and walk away, that is theft. When I walk up to you, borrow your cd, put it into my handy-dandy portable TiBook and rip it to OGG or MP3 and walk away, now that is copyright infringement. One involves a tangible object, the other is dealing with a something more abstract than a physical object.

Killing the Goose.

[A.+Brate]

Sad, really. You'd think that these companies would realize that their only defense, in the long term, from the giant established corporations that would love to see them disappear, is public good will.

So being sneaky and nasty is really not in their best interest.

It's truly strange to think that the age of Napster was not a portent of the future, but an aberrant burp; that we might be going toward K. W. Jeter's Noir , in which copyright "pirates" are tracked down by bounty hunters who suck out their brains, which are then embedded into radios or toasters for an existence of infinite torment and given to the artist whose works were infringed, instead of Distraction , in which infotech-based gift and reputation societies rise to pre-eminence in a United States, its copyright-dependent economy reduced to rubble when China flooded the world with copyright-free copies of the U.S.'s bounty.

Okay, either future would be strange, but they're excellent books.

Wonder who will get the commission on these links?

Adam Brate (ab at adambrate dot com)

Shocked!

[cgreuter]

I am shocked--shocked, I say--to hear that Kazaa, a fine purveyor of music-stealing software, would behave in such an unethical manner.

hey, nice idea

[Deton8]

Since this comission theft is apparently legal, I'm going to modify our GL system here at the office to re-code all our product sales as being sold by me, so I get all the commissions. Why should those pesky sales people get any of the money, anyway? If they want money, they should become c++ programmers instead of salesmen.

Re:hey, nice idea

[PunchMonkey]

Since this comission theft is apparently legal, I'm going to modify our GL system here at the office to re-code all our product sales as being sold by me, so I get all the commissions. Why should those pesky sales people get any of the money, anyway? If they want money, they should become c++ programmers instead of salesmen.

This is the dumbest idea i've ever heard of. Come on, you think you're not going to get caught? Puh-lease. All those salesman wondering why they aren't getting any commission checks anymore?

*I* only skim off 1% of their sales. I mean, sure it doesn't provide as much instant gratification, but at least it provides me with a steady income.

Re:hey, nice idea

[blazin]

Back in the mid 90s I was selling software at Incredible Universe. I think selling a Compaq or something got you between $75 and $300 in commission. We had little hand scanners that we could scan the box and the customer's card so the computer would be ready when they checked out... Freakin cashiers would void the one I entered and re-enter the code so they got the commission...

Bastards...

Be interesting to see Tiscali's reaction to this

[Zocalo]

Given the recent whiff of legitimacy KaZaA just garnered from it's partnership with Italian ISP Tiscali, I'm more interested in how Tiscali is going to react to this. Afterall, Tiscali is a paragon of virtue when compared with KaZaA, so I imagine they will be none too pleased with being the sponsor of a company that rips off charities.

Then again, when has ripping off/exploiting the impoverised ever stopped a corporate entity in its quest for an extra dollar of profit?

What version of LimeWire?

[brunes69]

I run LimeWire straight from console in Linux (and Windows) using "java -jar LimeWire.jar", mainly cause I don't trust their installer to not install spyware. You can download this platform-independant .jar from their website using "LimeWireLinux.tgz" or "LimeWireWinNoVm.zip". Does this spyware exist in the .jar version, or only in the .EXE installer version? And if it is in the .jar file, does it function in Linux (I seriously doubt it)? If so, how?

Re:What version of LimeWire?

[radish]

Seeing as a .jar is a Java ARchive, it's multiplatform, so any spyware in there will work on any platform. However, I assume the spyware isn't there - there's not much of interest you could do from inside a jar.

What you you have both installed?

[z_gringo]

What if you have installed Morpheus, and Kaaza? How does it decide which program gets to steal the comission?

Gnucleus

[C4-GodH8sMe]

Has nobody heard of Gnucleus?
http://www.gnucleus.com/
http://gnucleus.sourceforge.net/

And it's Not Evil. :)
Unlike many file sharing systems, Gnucleus is not run by a company. This project has been active for over a year and no one has made a dime of it. We do not want your money, we want your support in development and making this program something great. Few windows programs are open-source, this is one of the few, because of that it is impossible for us to ever charge you for this program or future versions. I make this program out of my need for a honest file sharing system.

better solution 'Bug traq'

[oliverthered]

Amazon write there affiliate program code so that you can't frig it; It's a piece of piss to do:

each affiliate has a key that they encrypt there product numbers, a hash and a few other standard authentication bits and bobs.

When you buy a product from an affiliate Amazon looks up the affiliate's ID in a database, un-encrypts the product ID and checks the hash.

The problem isn't that there's 'spy ware' spoofing Amazon, more like Amazon's shopping site has piss poor security.
Anyone fancy posting to Bug traq on spoofing affiliation with Amazon?

I really hope this isnt the same for Limevire PRO.

[miffo.swe]

I pay for every application i can in linux just to support them all. I would be very dissapointed if this scam exists in Limewire PRO wich i pay for and therefore shall not contain any advertising related software. Thats what i pay for.

Any Linux LimeWire developer who can answer my question?

Wait a minute...

[MoneyT]

I get how if you shop through the software and buy through their program how the reffering benefits go to the P2P company, and that's reasonable enough for me, but how does it change refferer status on other orders? If I go to a small vendor's site, fill out and online orderform and click buy, how does the P2P program change the refferer tag in the online form, unless that's a form defined by the user? Or am I misssing something here?

Solution

[TheSHAD0W]

It may not be illegal, but it's undoubtedly immoral, and I think we should be emailing Amazon asking them to terminate their affiliate accounts. I know I will.

Amazon.com?

[krs-one]

If this affects sites like Amazon.com, I'm sure that Amazon could sue they hell out of them. Sure, they've barely turned a profit, but they've got to have some awesome lawyers.

Why don't Amazon just shut them down?

-Vic

Re:just great... (HOW TO REMOVE)

[oconnorcjo]

You have shown, that it is easy to remove the money redirection software TODAY but in the next release, it might be more difficult. But even if it will always be that easy, do you really want to endorse companies who install stuff like this on your computer?

Clever, stealing something that nobody misses...

[dpbsmith]

...Well, you gotta to admit that if you're GOING to steal, that's the way to do it. Don't you have to admire the brazen, arrogant presumption of it? No question about it, this IS theft.

The only things I can think of to compare with it are

a) the apocryphal? urban legend? tales of programs that round all financial transactions to the lower penny instead of the nearest penny and divert all the fractional cents to the thief's account;

b) The $95 fee which some Massachusetts banks introduced about five years ago. The bank charges the fee for the "service" of terminating an inactive account and turning the money in it over to the Commonwealth. The person most concerned is whoever abandoned the account, who is probably either dead with no relatives or has Alzheimer's, and either way isn't going to complain.

Can anyone else think of anything comparable?

Can anybody confirm this?

[bwt]

I have a hard time believing that some bloke at the NYT would hear about a new form of rogue code before the story would break in the tech community.

Can anybody actually confirm first hand that this story is even true? The NYT story has no technical details, so as far as I know this is unverifiable. This is a good example of useless crap journalism, because even if it is true, the story doesn't really help you get rid of the software.

Re:Can anybody confirm this?

[bwt]

All of the articles I've seen are about spyware, not this new variant of "stealware", but since you didn't post any references to what you are talking about, and instead supply vulgarity and condescension, I'll just hope that somebody justs mods you down as you deserve.

You are the first named user person I've seen with 24 straight posts with a score of 1. Maybe you should take a hint.

If they're an affiliate,how many CDs did they sell

[mbourgon]

Hmmm... I wonder if Amazon would be willing to say how many CDs Kazaa users have bought? That might just prove (note that I said "might") prove that those filthy dirty music pirates are actually *gasp* big customers. Could be interesting.

Re:Way beyond the pale

[Schnapple]

Erm, they make a program for pirating movies and music. Do you think they'll give a damn that something else they do is seen as stealing?

Want to prosecute P2P systems? Get in line...

Re:You can beat them, but they make it HARD

[CapnGib]

I'd also recommend using AdAware, a great little program that scans your registry, memory, and hard drives for spy/scum/adware components and gives you the option to delete them.

I used my brother's computer the other day to show him how to crossfade tracks in Nero. Anyway I went to search something at Google and upon hitting search button was redirected to some shady search engine site for my results. The best part is that it lists the same shady porn/hacker links no matter what you search for (albeit in different order each time). So I tried Yahoo Excite and other sites, same hijacking. "That's it I'm downloading AdAware to fix this!" I go to www.lavasoft.com and wouldn't you know the bastardware re-directed me to the same friggin search engine site.

OK, now I go into Control Panel and removed at least 10 apps that I never heard of (suprised that they even show up in there) each time confronted with scary/threatening warnings about how removing this software will damage my computer or break my software etc. I installed Ad-Aware, Kazaa-lite and cleaned it up.

I assume these bastard-apps came bundled with the plethora of naked girl screensavers, dancing strippers etc. he installed. (He's 14 what do you expect)

Re:Um, does the phrase massive lawsuit mean anythi

[Zeinfeld]

Im not in favor of random lawsuits, but theyve got it coming.

IANAL but... The EULA claim is irrelevant. Even if the EULA were enforceable - which it obviously is not no contract between scumcorp and the user can affect the rights of the afilliate and Amazon.

The EULA is invalid for so many reasons it isn't funny. First no contract can in any case give a license to perform an illegal act. Second no EULA entered into through a clickwrap agreement has ever been enforced for a term remotely close to this.

But the EULA is in any case irrelevant because it is clear that Kazza is no more legit than Naster was.

Of course crooks of this type tend to be litigious and there is every chance they will bring nuisance lawsuits to try to silence their critics. I don't think it will work in this case since even the RIAA can probably see that it is in their interests to make sure that any scum lawsuits are fought.

I have argued on many occasions that the way to kill theftware is to go after their money supply. In particular make any company whose roduct is bundled with theftware liable for damages to the RIAA.

Re:Um, does the phrase massive lawsuit mean anythi

A. Software that you gave to me for free B. Something I agreed to take in the EULA

Come on, who REALLY reads a EULA? It's just the annoying thing you need to click "OK" on or the software quits the install program. Nobody takes that shit seriously. What we do take seriously is when viruses and trojans get installed on our computer all hiding behind some legalistic bullshit. If you put in your EULA that you can come to my house and kill my children and I passively click "OK" without reading it it's still illegal to come to my house and kill my children! There are still laws that have to be followed that override a EULA.

Re:It's against the affiliate agreement for amazon

[joe52]

I would think that all merchants would want to ban this activity from their affiliate programs. It's not like these companies are promoting the merchants in any way. They're just trying to get a cut on thousands of transactions that were going to happen without them. The whole point in an affiliate program is that the affiliate sends someone to a merchant to buy something. If the affiliate didn't even do that much than why on earth would a merchant agree to give the affiliate a cut of the sale?

Has to be said...

[zaren]

There is no honor among thieves...

and bonus points to anyone who pictures the artwork with that caption from the old D&D books (Dungeon Master's Guide?) when they hear that phrase :)

Re:Has to be said...

[Fiver-rah]

Damn. You beat me too it. I always thought that was a weird picture. Where's the other thief that he's screwing? What's the source of the dishonor?

One positive thing...

[Picass0]

Scams such as this could bring about the end of the click-through license. I think it has been well demonstrated recently that people do not read them.

These companies are going to have their asses handed to them if they think "the user gave us permission to steal these commissions" will stand up in court.

Re:I guess Amazon will be changing their contract.

[Koos]

I'd imagine that Amazon et al will be chaning their contractual terms specifically preventing this sort of behavior. The whole 'affiliate' program is dependant upon the warm and fuzzy feeling one gets by helping out a site you use, giving additional sales to Amazon.

I am in the amazon affiliate program with The Virtual Bookcase and I recently checked the whole operating agreement again. A search in that agreement gives:

you may not: [..] read, intercept, record, redirect, interpret, or fill in the contents of any electronic form or other materials submitted to us by any person or entity;

This should be enough to boot any account from amazon that has transactions coming from altering affiliate links. I'm starting to wonder how much my site 'lost' due to things like this.

Re:Way beyond the pale

[lannocc]

Erm, they make a program for pirating movies and music. Do you think they'll give a damn that something else they do is seen as stealing?

Actually they make a program for transfering files from machine to machine. Yes, one potential use of the program is to aid in the distribution of copywritten works (which is mostly what people use it for), but it is the users that priate the movies and music, not the program.

However, what they're doing with the commission-stealing is dispicable and most likely illegal... they should be punished for this. I'm glad I don't use any of the programs mentioned in the article.

The Dumbest Thing

[Washizu]

The dumbest thing about this is that if they really had been upfront about it to people, many probably would have agreed to send their Amazon referrals to KaZaa (or as my dad calls it, "Kaboozoo"), Morpheus, etc.

The key is being honest and ethical with your users and that's the difference between software and SleazeWare. Burying it in the EULA is almost as bad as not telling the user at all.

Re:The Dumbest Thing

[sweet+reason]

many probably would have agreed to send their Amazon referrals to KaZaa

when you buy a car, who do you give the saleman's commission to?

Re:The Dumbest Thing

[Washizu]

Good point. Maybe they should have just asked for all non referred purchases.

Re:The Dumbest Thing

[Washizu]

You have to admit, it's not much worse than KaZaa.

Re:The Dumbest Thing

[sweet+reason]

if you buy a house directly from the vendor, who do you pay the agent's commission to?

that's right, there is no agent and no commission.

why should amazon pay them a commission if they do not bring amazon business? if they falsely claim that they did (which is what they seem to be doing) then they are defrauding amazon, even if no one else has a claim to a commisson on the sale.

Re:The Dumbest Thing

[Washizu]

if you buy a house directly from the vendor, who do you pay the agent's commission to? that's right, there is no agent and no commission.

Amazon's system is set up to allow this. I could post a link right here to Amazon that would credit me with a sale. If Amazon is going to wildly accept referrals from their 'patented' referral program the authetication burden should be on them. The user may actually want KaZaa to get the commission and I think that's ok as long as it wasn't installed without the user's permission. For all we know the user may have never heard of the vendor until it was presented to them by KaZaa upon installation. (of course, this was the hypothetical honorable KaZaa I spoke of in my previous post and not the actual sleazy one).

Re:The Dumbest Thing

[sweet+reason]

if you buy a house directly from the vendor, who do you pay the agent's commission to? that's right, there is no agent and no commission.

Amazon's system is set up to allow this.

i didn't realize that. well, if that's how amazon set it up, it's their problem if they pay commissions for nothing.

Re:KaZaa Admits to Stealing Candy from Sick Childr

[arkanes]

Sadly, that's actually a highly accurate description of the way buisnesspeople and politicians speak :P

Rerport them to the DOJ

[LordNimon]

The DOJ has a web site dealing with Internet fraud here: http://www.ifccfbi.gov/. There, you can find a link to a page with instructions on how to report this. I suggest EVERYONE follows these instructions. If enough people do that, the DOJ will notice and take action.

Good News in the EULA fight

[pythorlh]

In fact, Kazaa's attempt to use an EULA in their defense of this practice might just provide enough legal leverage to get EULA's declared non-binding.

Go Kazaa!!!

Well, not really... but I see it as a win/win situation. Kazaa gets trampled for fraud, or EULAs get shown as worthless pieces of paper.

Re:Good News in the EULA fight

[jbolden]

I don't see it. The judge isn't going to have to declare EULA's worthless. Since Kazaa used the website without permission as part of an intent to defaud that paragraph is illegal. Its already law in any contract that you can't sign a contract to do something illegal.

I'd like some more test cases for EULAs (though every single time they lose in court) but I don't see this one as doing any good either way.

Re:Good News in the EULA fight

[jbolden]

What a customer is allowed to do in terms of filtering is very different then what a 3rd party can do in a commercial setting.

Re:Good News in the EULA fight

[psamuels]

What a customer is allowed to do in terms of filtering is very different then what a 3rd party can do in a commercial setting.

Let me get this straight:

(a) Customer installs filtering proxy server which replaces banner ads with an unobtrusive GIF saying "Ad blocked by Junkbuster". Customer downloaded said proxy from some website.

(b) Customer installs software which filters amazon.com purchases to add referral credit for a specific third party (supplier of said software). This is not the primary user-visible purpose of the software, but during the installation, customer was asked whether he wants to support the third party in this manner, and he clicked [OK]. Due to either a bug or an intentional misfeature (hey, depends on whom you ask), software does not only add a redirect tag to independent purchases, but changes the redirect tag on purchases which would otherwise credit another referrer.

In both cases, the customer is running software obtained from a third party. In other words, it's running under local control - this isn't a virus or a remote-controlled DDOS agent or anything. Now, I think we agree that case (b) is a shady practice, not at all to be expected from a legitimate business whose primary interest is to help people commit copyright infringement, but how exactly are the two cases legally different?

Re:Good News in the EULA fight

[jbolden]

Where is the "lie" occuring. In case (a) the customer is aware that adds are blocked and because of this his system does not make a request to an http server. I.E. the customer is changing the behavior of his own software.
I'll use pop-up stopper because I know the product. A website like washingtonpost.com sends an HTML page with Javascript telling I.E. to open up another window and load page abc because of pop up stopper my copy of I.E. doesn't open up the windows and doesn't request page abc. Note that pop up stopper flashes to let me know it is doing this; there is disclosure.

In case (b) the washington post has a link to a book from amazon and induces me to lie and say I was referred by Kazaa not the washington post. The agreement is between the Washington Post and Amazon I'm not really part to their agreement. Kazaa's goal is not to change the behavior on my system but rather to change the behavior of Amazon's systems using me as a tool. Very very different.

In other words Amazon is going to give to Kazaa money under false pretenses (that they sold a book). They are able to do this because succesfully duped me. Kazaa did not sell the book the Washington Post did. That means that Kazaa defrauded Amazon and the Washington Post.

Second that question

[Arker]

An AC saying it's windows only with no documentation doesn't exactly satisfy me... I tried it out a few weeks back and didn't see any evidence of abuse, but then I wasn't looking for it, silly me I thought Limewire were the good guys. Grrr. I like Mldonkey a lot better anyway, but now I'm wondering if I may have gotten some bugs piggybacked on the Limewire client that I'm not even using. If anyone knows what to look for it would be appreciated...

Re:Second that question

[dubiousmike]

http://www.lavasoftusa.com/

Download and run Adaware and it will remove all said offending files.

You can try Freewire, who right upfront, say there is no evil programs thrown in...

http://www.freewirep2p.com/download.html

Re:Second that question

[Arker]

Download and run Adaware and it will remove all said offending files.

It works pretty well on windows machines, I've used it before. It does not, however, come in a mac version. Maybe you missed the fact that we were discussing the mac version? Freewire is windows only so far as prepared packages go too, although being a java app I could probably get it running if I cared, but...

Mldonkey is GPL, no garbage like that thrown in, and I like the edonkey network a lot better anyway, it tends toward verified packages with published hashes rather than this mess of misnamed trash I seem to find most of the time on Gnutella derivatives. Unfortunately mldonkey is not ready for Jaguar, but that should change any day now...

Re:just great... (HOW TO REMOVE)

[lynx_user_abroad]

do you really want to endorse companies who install stuff like this on your computer?

There you go again, thinking it's your computer. You may have laid out the cash to buy the hardware, paid the electric bill to run it, and paid someone to maintain it, but once you turned the processor over to someone elses software, your priorities took a second place to theirs.

Who's writing the software you use? What's their motivation for doing so? And how do you know you can really trust them?

Does this mean that....

[Asprin]

Does this mean that Kazaa Lite will let me redirect the donations to myself? :)

Just use winMX

[an_mo]

www.winmx.com
It's a much better client than morpheus/kazaa, its network size has passed the threshold to be useful.

Re:Just use winMX

[DrEldarion]

Except for the fact that to get anything but the most common files, you're sitting in a queue for 3 days.

-- Dr. Eldarion --

Scam?

[Gannoc]

Isn't this just old-fashioned stealing? You are LITERALLY trying to give money to a charity via your purchase, and they steal it. This is a direct criminal act, not some vague "internet ethics" thing.

News Flash: People who enable piracy are crooks

[Royster]

In other news, terrorism is bad.

Re:News Flash: People who enable piracy are crooks

[ReelOddeeo]

News Flash: People who enable piracy are crooks

Finally! This is what the RIAA has been trying to say all along! Finally someone on /. gets it.

We need to shut down the Internet. It enables piracy. All these ISP's are crooks, just selling something to enable piracy.

If we don't shut down the whole Internet, then at least shut down broadband. The only reason people get broadband is the same reason they get P2P: to do something illegal. (The same reason they got a PC in the first place, I might add.)


we now return you to your regular p2p downloading.

Re:News Flash: People who enable piracy are crooks

[Moonshadow]

Don't forget electricity. Or computers. Or guns. Those enable theft, too. And cars. And large bags. And food that feeds the criminals. And the air that they breathe. And the parents that give birth to them.

Ehh...screw the world. Just nuke it.

(Not intended seriously, for the humor impaired)

Re:News Flash: People who enable piracy are crooks

[taernim]

I hate to burst your bubble, but you are completely incorrect.

The reason why I got broadband is NOT for P2P.

- I like being able to work from home. It's not really possible via dialup.
- I like to be able to play multiplayer games online. Something about a 1200+ ping just makes it less fun.
- I like being able to download my LEGIT things at a decent speed.

Believe it or not, some of us just like to be fast. Do I need the connection 24/7? No, but shared between a roommate and myself, the cost equals just a little higher than a single dialup account for me would be. So why does this necessarily equate that broadband = P2P thief?

Re:News Flash: People who enable piracy are crooks

[dasmegabyte]

Also, we need to remove mute buttons. They enable people to steal TV without viewing the commercials as per the contract.

And friends who hum new songs. They're breaking the encoding of the cd using a psychoacoustic matric, which violates the DMCA.

Oh, and bad reviews! They're stealing money by giving away how dumb so many things are nowadays. Need to put them in prison with the rapists, murderers, bank robbers, jewlery theives and anybody who doesn't like Ashcroft's haircut.

Re:News Flash: People who enable piracy are crooks

[ReelOddeeo]

I hate to burst your bubble, but you are completely incorrect.

The reason why I got broadband is NOT for P2P.

Hey, that's exactly why I got broadband as well! (Probably the same for most other people here as well.) So, hmmm, maybe people who get broadband aren't crooks. But, broadband enables piracy. (Of course, so do computers and so do photocopiers.)

So now maybe you see why I posted such an obviously ridiculous reply to the original poster's opinion that those who enable piracy are crooks. This opinion is flawed. Just because something enables a crime does not make having it a crime, nor does it make the manufacturer a crook.

My reply just extended the stupid (IMHO) opinion that P2P makers are crooks because P2P can be used for piracy. Photocopiers can be used for piracy, so Xerox is a crook. The internet enables piracy. PC's enable piracy. Hard drives enable piracy. Microprocessors. But all of these things, including broadband, and P2P have legitimate uses. Heck, FTP enables piracy. Windows file sharing enables piracy.

One could argue that P2P is designed to enable piracy, where PC's and the Internet are not. But I would counter that P2P is just a file sharing tool. I can share legit files through p2p. P2P is just a more convenient form of putting up an FTP site, or web site, and saying to the world, come to my site and download some files. P2P just makes this much more convenient. Before P2P, people were using other technologies, HTTP, FTP, Usenet, floppy disks, to infringe copyright. So p2p is not the problem. It is just a tool. If people are using the most convenient tool of the day to infringe copyright, then this is a social problem, not a technological problem. There is nothing wrong with p2p, any more than with http or ftp. If this infringement is extremely widespread, just like drinking during prohibition, then maybe our social expectations need to change. Maybe some people have an outdated business model. Maybe it is wrong to hoard something that has an extremely low cost of duplication. (By hoard, I don't mean trying to make a living, but trying to charge extortionate prices for something that is trivially cheaply reproduced.) Maybe copyright in its current form is outdated and needs to be seriously reformed. Maybe it is nothing like the constitution originally envisioned copyright to be.

And yes, finally, maybe some P2P makers have less than ideal motives of trying to capitalize on the social phenomena that most people don't respect copyright. (Wonder why?)

Re:News Flash: People who enable piracy are crooks

[Swaffs]

Don't forget to poke out everyone's eyes and dig out their ears and chop off the fingers of those evil braille reading people.

Doesn't matter for students, really...

[Kirby-meister]

...all the bad things about KaZaa go in one ear and come out the other with freshmen college students. As the local "computer guy" for my hall, I've had to uninstall and regedit kazaa out of so many freshmen comps that it's not really funny. When a user calls and tells me something is wrong with their connection, I no longer ask if their ethernet cord is plugged in - I ask if they have KaZaa installed.

I've gotten quite a workout on my legs from running up and down the stairs getting to each computer in a 7 story building, though.

But seriously - I've gone so far as to do a free-pizza-if-you-come-here-and-listen-to-me presentation on how KaZaa is bad, and I'll still see KaZaa on every desktop I touch (except mine, of course).

The broader picture

[Steve+Franklin]

I have been noticing for a while now that many corporate entities seem to think that their own private rules somehow take precedence over the general laws of the localities in which they operate. A quick example. My old ISP kept sending me a bill in the mail for a yearly subscription to their services that I had not used in months and had decided not to renew. I finally called up and asked them why they kept sending me a bill. Their reply was that THEIR POLICY was to renew subscriptions automatically (fortunately, they didn't have my credit card number or I would have had to jump through all kinds of hoops to get out from under them). To which I calmly replied that it was MY POLICY not to expect to be billed for items and services that I hadn't requested. The above mentioned attitude of the writers of user agreements that they can specify any old nonsense they want is just a special case of the general tendency of modern companies and institutions to try to write their own rules in complete disregard for the laws of the land. This goes for the ubiquitous rent-a-cops who parade around with guns pretending to be law enforcement officers.

Re:If they're an affiliate,how many CDs did they s

[Niles_Stonne]

Very interesting thought indeed... This Stealware could be used against the RIAA! Think of it, if Kazza, etc. is one of the highest on the list of affiliates, doesn't that mean that more people purchase CDs after using something like it?

LimeWire without the Lime

[thatguywhoiam]

(While I have no idea what level the offending software is implemented at...)

If you're running OS X, you can get the Ultrapeer/swarm-downloading goodness of LimeWire without that bitter SpyWare aftertaste. Have a look at Acquisiton. It uses the LimeWire core with a Cocoa front-end. While still very early, using Acquisition after using LimeWire is like... using OS X after Xp (oooh! Bad troll! how'd you get in here?!?)

I don't know the guy who writes it or anything, but he's a fellow Canadian so I feel the need to plug.

Hilarious

[symbolic]

I'm not sure why this is even news- it seems to be little more than the next logical step within the whole get something for nothing mentality.

How can I uninstall this?

[Boone^]

Anyone know which dll's or files I should delete so my commissions going to the right place? This is, of course, assuming I *cough* installed kazaa in the first place...

Dancing with the devil

[dnoyeb]

What do you expect. They feel like their userbase are all criminals so they don't care about abusing them.

Not much different of an attitude from the RIAA.

Re:Dancing with the devil

[lunaboy]

"What do you expect. They feel like their userbase are all criminals so they don't care about abusing them."

They're not stealing from the users! They're stealing from miscellaneous affiliates who have not give ANYONE the right to take their commisions. The P2P software user doesn't have the right to give these companies permission to steal from affiliates!

I really hope this stops a lot of people from using these P2P networks, and causes the government to shut them down. There was a point when Napster could claim that it was the end-user breaking the law by downloading and/or sharing copyrighted material. Now it's the P2P software companies that are commiting fraud and outrightly STEALING! If the government was able to shut down Napster for simply providing a means to an end, then the government should absolutely have the power to shut down these P2P software vendors for outrightly DEFRAUDING and STEALING from millions of innocent people!

Re:Dancing with the devil

[thomas.galvin]

Not much different of an attitude from the RIAA.

You know, if this keeps up, the RIAA isn't going to need that pro-hacking bill; hacktivists are going to get so fed up with Kazaa that they take them down on their own.

Seriously, the more I deal with the computer and related industries, the more disgusted I become. I miss the days when people basically did what they want, and were mostly harmless. And I'm only 22.

Re:Dancing with the devil

[loply]

Funny how everybody dislikes stealing when they arent the ones doing it.

Re:Dancing with the devil

[MaxVlast]

Actually, that's about spot-on. It's remarkable how worked up Kazaa users get when spyware and commission-ware (stealware?) is installed on their systems. While they're acquiring media illegally.

Of course, I do it too. I just have a dedicated Windows PC that does nothing but that task. So they can spy on my all they like and install all the secret programs they want. It'll tell them that I use their product and reboot whenever the 2k Explorer goes to hell.

Re:Dancing with the devil

[Courageous]

The problem is, they made a mistake about who they were stealing FROM. They are stealing from the affiliates, this is outright fraud, and the shrink wrapped agreement is hardly relevant. Two parties cannot agree to relinquish the rights of a third party!!!

C//

Re:Dancing with the devil

[Suppafly]

You know, if this keeps up, the RIAA isn't going to need that pro-hacking bill; hacktivists are going to get so fed up with Kazaa that they take them down on their own.


Seriously.. I would love to see kazaa go.. their spyware alone is enough of a headache for me to deal with as a computer support person that I'd be willing to help shut them down, and I like stealing mp3's as much as the next person.

Re:Dancing with the devil

[Sancho]

But I use Kazaa to find songs from my favorite bands that /allow/ their songs to be shared. I'm using it legitimately. And they're stealing money that I pay amazon for the CDs of music I /don't/ steal!

This is the problem.

Re:Dancing with the devil

[MaxVlast]

For when I listen to it on my Mac or my iPod? I'd be very impressed, indeed, if they were giving me secret cross-platform executable MP3s.

Re:Dancing with the devil

[btellier]

They're both illegal, the severity of the crime doesn't make it any more illegal, just more likely to be prosecuted. There's a reason the cops don't ticket everyone who jaywalks: they'd have to increase their police force by ten. Same thing for P2P. They can't realisticly arrest/sue and prosecute everyone who does it, but that doesn't make it legal, just easy to get away with.

P2P operates on the assumption that "It's only illegal if you get caught."

Re:Dancing with the devil

[Suppafly]

I wish dns providers would just have it resolve to some other site.. that would effectively kill it if enough people did it.

Re:Dancing with the devil

[Courageous]

One of our founding curmudgeons once opined that since all government was obviously evil, the less of it the better, except whatever minimum level of evil was actually necessary. Good point, though. This rule appears to not be adhered to at the level of group decision.

C//

Hmmm...

[SomeOtherGuy]

How does that old song go: "Stealing from a thief"

Help for webmasters

[mikeboone]

This site has some info and javascript code to detect spyware and warn users browsing your website that they have spyware on their systems. This might help if you are trying to get affiliate links from your site.

Re:Way beyond the pale

[Mark+Pitman]

OK, you're right, P2P is more than just music, movies and porn. It's all about copyrighted software too.

Internet Business Model

[merlin_jim]

Hmm. I hope someone takes them to court and gets them to stop stealing and stuff. The programmer openly admitted that this is a scam.

Oh wait, but he said they have to pay their salaries somehow. Remember the old 90s dot-com business model:

1. Register domain name
2. Make a cool website
3. [Do something here]
4. Make a profit!

We finally figured out what the missing piece was:

1. Register domain name
2. Make a cool website
3. Steal money from users
4. Make a profit!

Re:The broader picture

[drewpt]

About 2 years ago I signed up for DirecTV. It was in the middle of the NBA basketball season.

So they gave me the NBA package for free. I didn't even ask for it. But that's ok, it was free.

The next year, I get billed for it. But because our bill was on automatic payment, I didn't notice this until after the first week of the season.

I called up DirecTV, and said I didn't order this. They told me that since I had the package the year before, it got automatically renewed.

I'm no longer using automatic bill pay.

Rubbish.

[Jens]

I heard Smith+Wesson is making a tool to KILL PEOPLE. And Wal-Mart is also selling tools to KILL PEOPLE (knives, for example). Isn't that a bit more serious than copying MP3s? Come on, let's prosecute serious criminals for a change!

It's not the tool that does the deed, it's the user. Don't blame the tool, that's just stupid.

Re:Rubbish.

[Schnapple]

Well it's more like this: That MP3 I download can't be used to kill someone. I don't feel the need to have MP3's on my hard drive to defend against other people who have MP3's and might try to kill me with them.

As for the knives argument - knives are sharp and can hurt/kill if used improperly. Some things can't do their intended purpose without being dangerous. However since the intended use is not for that, no one is ever going to sue a knife maker. Not unless they go on about how their knives are resistant to blood and fingerprints.

The real point I was trying to make is this - this is a company that makes a software product that they know damn good and well is being used to pirate music. They do it in such a way that it is legally ambiguous but hell, we saw how Napster got handled. They have proven that they are willing to make money off of something whose main purpose is to break the law. They're willing to go toe to toe with the law on this one. With the Napster precedent they're probably not so cocky. But since no laws exist for commission manipulation via web (yet), the only thing they're testing the bounds of are ethics. And this brings me back to my main point.

Re:Rubbish.

[Jens]

Right. OK, maybe the comparison wasn't that good. My point was this: There's a company out there producing things whose (main? you decide) purpose is to commit a crime, which is much worse than violating copyrights. Why aren't they investigated? (Yes, this is a rethorical question.)

I don't share MP3s (but I do own some). I don't care (much) about P2P networks, other than that I think it is a good idea (think: internet-wide 'network neighborhood' with automatic replication and bandwidth management, NOT controlled by Microsoft ;) and I think it should not get the "it's just there for piracy" label, EVEN IF some people are using it for piracy.

After all, just suppose if somebody found out most criminals escape with BMWs after their job, do you sue BMW because they provided 'the means'? Because BMW 'knows damn good well' some people are using BMWs to escape from pursuing police? Perhaps if BMW started offering features that were especially targeted at criminals, not useful to anybody else, and advertising them that way.

I don't see any of the P2P companies doing this - they advertise "sharing files" and perhaps "sharing MP3s" but they do not advertise illegal media distribution specifically (or do they?).

And sharing MP3s isn't illegal, it's the copyright violation that is illegal (if it were, the world would have switched to OGG long ago).

Re:Rubbish.

[God!+Awful]

1. Guns don't kill people, people kill people.
2. p2p doesn't pirate software, people pirate software
3. knives don't stab people, people stab people
4. McDonalds coffee doesn't burn people, stupid people spill it all over themselves.

Umm... actually, McDonalds coffee does burn people, regardless of whether they are at fault for spilling it on themselves. And the people who spill it are more likely to be clumsy than stupid. Are you willing to take your argument to the logical extreme? E.g. pollution doesn't kill people, drinking polluted water does. The fact is, McDonalds coffee is obscenely hot, and somehow you expect this fact to be common knowledge. But how are they supposed to know that? Because they burned their tongue the first time they tried it? Because they carry a portable thermometer with them everywhere they go? Or because they read about the McDonalds case in the newspaper?

And guns may not kill people, but people who have access to guns are more likely to kill people. People who don't own guns don't risk having their kids find them. I actually know (casually) a guy who killed a man in a drunken rage. It only happened because he had easy access to a gun (his father owned one). Part of the purpose of law enforcement is to prevent crimes before they happen. It doesn't really help the guy who got shot to know that his killer will probably be caught.

Designing and operating a system that will be used primarily for music piracy is irresponsible and unethical. Regular /. readers don't have a problem crying foul when corporations commit other ethical violations, such as failing to disclose bugs or operating an illegal monopoly. Criminal facilitation is illegal, as is receiving stolen property.

-a

Never trust Kazaa

[kbroom]

After all the bad propaganda that commercial peer to peer software has gotten, I've learned to never trust it. Anti-spyware software is not enough, you never know what will they come up with next, that is why I run Kazaa on a safe sandbox. I have a vmware session with win98 whose only purpose is to run Kazaa or other programs that might be suspicious. That way I can take advantage of the service provided, while being sure that my main OS is clean (or at least cleaner).

Victimless crime?

[Lendrick]

What really gets me is their claim that this diversion of cash doesn't hurt the customer. Sure, it doesn't cost the customer any more money, but most of the sites that have funds diverted away from them are small, special-interest sites that provide their content for free, and use that income to pay for their bandwidth. If that money dissappears, then the sites dissappear as well, and voila, the customer is now hurt. I certainly don't want *my* favorite sites dissappearing just because some amoral jackass decided he needs the money more than they do.

Re:Victimless crime?

[JoeBuck]

Their diversion of cash does hurt the customer.

Many co-op preschools in my area, in order to be able to charge less tuition money, permit parents to agree to engage in a certain amount of fundraising. Among the options available is to sign up for Schoolpop, at which point the school gets a quite generous cut of commissions for purchases on Amazon and similar sites.

However, if the KaZaa folks steal the commissions, the parent is liable, since the parent must raise some minimum amount (yes, Schoolpop provides the data to the school so the school knows who's raised the money for them). In cases like this, which are quite common, the KaZaa folks and their hitchhikers are directly stealing from their users, as well as from schools and charities.

Re:Victimless crime?

[yomahz]

"Shoplifting is a victimless crime, like punching someone in the dark."
-- Nelson, The Simpsons

Of course this isn't shoplifting but it's still funny :)

Re:Victimless crime?

[csguy314]

I certainly don't want *my* favorite sites dissappearing just because some amoral jackass decided he needs the money more than they do.

Then stop using Kazaa to steal warez and moviez you amoral jackass!

RIAAAAAA can use this to their advantage

[xjerky]

If they were smart, they could blow this predicament out of proportion with an ad campaign that warns that P2P software spys on your every move and can fuck your normal computer operations.

Kinda like the "drug money supports terrorism" ads...

Finally

[Chetmurray]

I submittes stories on this last spring when they first started. How big of scum are these guys? After speaking out on affiliate boards against this company and personally talking some merchants into dropping them, wurldmedia/morpheus sent a goon to my house and threatened me. I am not kidding. They kept saying what I was saying was libelous and that one of their biggest investors was the second top cop in NY state and he could fast track any legal action against me.

Nice!

The idiot Kirk did create my favorite juxatposition of quotes:

Morpheus referred inquiries to Wurld Media, which operates its shopping rebates program. Kirk H. Feathers, the chief technical officer of Wurld Media, said that it had been wrongly accused of stealing and that the company would readily go to court to defend itself.

He acknowledged that an earlier version of the company's software did divert commissions away from other affiliate sites but said that new versions dealt with that situation.

So now he is threatening to sue people who quote him? He is a complete ass.

The stupidest thing out of all of this. The merchants who go with them see an increase in affiliate sales - sure, because they are paying affiliate comissions now even if someone just typed the site name into the browser! These companies do not drive traffic or promote the companies, they leave that to webmasters, they just step in at the last minute and grab the sale. In the long run this seriously impacts merchants and causes them to see a lower return on their affiliate programs, and then as affiliates leave since their commissions are being taken, the merchant is left with nothing.

The ad networks love this because they are paid a % on each comission. So what do they care? Comission Junction has gone from trusted third party, to scam that will do anything not illegal. I guess the idea of being ethical is beyond them? Phww.. Surprise, they are an idealab company.

Chet

The main point being missed

[dnoyeb]

The fact that this is even in the software tells you where kazaa Executives heads are at. This is something that;

1. Likely came out of a brainstorming meeting.
2. People agreed was a good idea.
3. Programmers coded and tested it.
4. Kazaa as a whole looked at it and said, "its a go, launch it."

Obviously they spend considerable time thinking up these schemes. Considering the Kazaa environment is defined, this is likely what their software 'engineers' spend their time working on.

EULA's

[sterno]

For the record, no contract, no matter how legitimate it's means of delivery cannot consent a party to commit an act that is legal. Doing so renders the contract (or at least that clause depending on how the contract is worded) illegitimate. If that wasn't the case, they could add clauses in there to claim your first born male child in exchange for their service.

It impresses me though when I think about this. The P2P companies are now actually more obnxious than the MPAA/RIAA. I mean WOW, the RIMPAA is a giant bunch of whores, but at least they aren't actively trying to defraud charities.

Sleaze and EwwwHellAze

[jefu]

If this is not illegal, it sure should be. In the meantime someone should drop the executives from those companies on their pointy, sleazy little heads a few times. And I (personally) think the coders should be treated similarly.

In a larger sense though, this points up some difficulties with the current way that shrink wrap, click through licensing, EULA's, "terms of use" and the like work.

Users agree to things that they may not understand (if it is couched in sufficiently baroque legalese), or to things that they may never even see. And the fact that sleazoids like these folks can hide behind an EULA is truly despicable and points up the fact that as long as companies are making enough money, they can pretty much do what they want.

I've seen such licences and the like exceed 1000 lines in length and recently saw one in both English and French - the French was essentially a translation of the English (at least for the first few lines). It seems quite possible that it was different and that the differences would commit a user to something fun.

Recently I have found a good one. Go to the abc tv web site and locate the "terms of use" link. (in most browsers is it even visible when you load the page?), then click through to the terms of use page . Interesting reading.

Firstly, not that most people will not even see the link to the terms of use page as it is probably below the bottom of browser windows. It is for me with Mozilla in full screen mode (yech).

Formatted for a 70 character line, this is about 500 lines long and just by visiting the first site, you are agreeing (legally? I think UCITA says yes) to all the terms.

To begin with, you're agreeing to a nicely sweeping claim:

... you signify your agreement to these terms of use. If you do not agree to these terms of use, please do not use the WDIG Site. We reserve the right, at our discretion, to change, modify, add, or remove portions of these terms at any time. Please check these terms periodically for changes. Your continued use of this WDIG Site following the posting of changes to these terms will mean you accept those changes.

In particular the seriously unethical ( like Kazaa et al) might bind you to whatever changes in their licenses they might want to make forever. Even if you don't know about them.

For a good chortle, search for "universe".

Most license agreements have something like this in them. IANAL so I can't even claim to understand the full ramifications of this, so how might a 13 year old who visits the site? Is a 13 year old legally capable of participating in a contract?

"You hereby indemnify, defend, and hold us and our affiliates and our officers, directors, owners, agents, information providers, affiliates, licensors, and licensees (collectively, the "Indemnified Parties") harmless from and against any and all liabilities and costs (including reasonable attorneys' fees') incurred by the Indemnified Parties in connection with any claim arising out of any breach by you of this Agreement or claims arising from your account. You shall use your best efforts to cooperate with us in the defense of any claim. We reserve the right, at our own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you."

If Kazaa and the like have similar claims in their EULAs, it might mean that even if you are peeved and try to take action against them, you are still responsible for paying for their defense in the legal doodly-doo that ensues. I've seen at least one EULA that seems to say that the user is responsible for any legal action taken against the company. If that is the case, and if M$ had such a clause in their EULA, then they could conceivably make monetary claims against any users of their software in order to pay for the antitrust suit.

For amusement value, as well as insight into the way the US congresscritters are selling their souls to the devil of profit, reading EULA's and the like is highly recommended.

Yeah, what about os x?

[cryptochrome]

I just ordered a bunch of stuff as a gift from amazon yesterday - it wasn't on commission, but boy am I annoyed.

some history

[mekkab]

I remember seeing some PBS special about the G. Dead and how Jerry Garcia came from the Blue Grass tradition where at live shows they would have these open patch bays where you could plug in a recorder and tape the whole show.

The greatful dead brought that out to a bigger scale and helped make tape trading "What it is today."

Re:some history

[leviramsey]

I remember seeing some PBS special about the G. Dead and how Jerry Garcia came from the Blue Grass tradition where at live shows they would have these open patch bays where you could plug in a recorder and tape the whole show.

Metallica is another band that has done just that, though you generally have to be a member of their fan club (which costs $40/year) to have a shot at getting the seats where you can do that. They've also been known to go to bat for the tapers.

Their objection was over Napster allowing distribution of studio releases.

Re:some history

[mekkab]

I still think it was weak of them re: napster since they seem so down with the live stuff. But I'm not in there shoes... wtf do I know.

We all need paid

[ttyp0]

I like how he cites that they need to pay their salaries. What about the legitimate websites that depend on their affiliate commisions? Are their salaries not as important as yours?

Re:Affiliate Companies IN on this too

[S.Lemmon]

Heh, it may work for a bit, but if they don't pay, people will just abandon the affiliate program altogether. Kind of defeats the whole reson to have it in the first place - which is to increase exposure and draw in more customers.

What it basically says...

[Karhgath]

It's totally illegal. What the EULA actually says is :

"By signing this contract you allow us to steal from your neighbor."

This is the same thing, period.

First, it asks the permission to someone not related to the contract's target, which is illegal. (You cannot have a contract that says: By signing this, you agree that your friend X owes us XX bucks.)

Second, stealing is illegal.

So, it doubly illegal!

This is just sick.

Re:What it basically says...

[loply]

The EULA (presumeably) implies that "You grant permission for software to be installed which allows you to choose products from a range of websites and have them purchsed from the Kazaa website automatically, on your behalf".
Fucking disgusting thing to do, but Im not convinced that its as clearly illegal as some people think. By aggreeing to the EULA, you agree to the installation and operation of this software and you know about its presence and function.

Re:What it basically says...

[reallocate]

Seems to me that language could be faulted for not explicitly stating that revenue from the purchase will accrue to Kazaa, not the original affiliate. By itself, that might support civil action. Certainly seems deceptive by omission.

As others have noted, language in a EULA stating that the user agrees to commit an illegal act does not legitimize the act or absolve anyone from legal liability.

Re:What it basically says...

[Amazing+Quantum+Man]

On the other hand, if you terminate the license by removing the P2P software, the stealware is still active. At that point, regardless of whether the EULA is legal and enforceable, it's now fraud or theft.

And no, we don't need new "digital" laws to cover this, existing laws cover it very nicely.

ObIANAL: IANAL

Re:What it basically says...

[epmos]

I suspect that rather than Canada getting the concept from US law, both the US and Canada inherited the concept from English law.

Re:Way beyond the pale

[Schnapple]

Actually, the Insane Clown Posse filmed a press conference for their upcoming album and encoded it as a QuickTime file. The conference was over an hour long and the four files made up some 550MB of video (they went a little overboard). When they tried to host it on their website, the demand completely hosed their server and their ISP. Not wanting to deprive fans of the video but being unable to host it themselves, they put it on Kazaa and after a while pretty much everyone was able to download it with no sweat.

So this would be a perfect example of how a P2P network can be used for good, and as a marketing tool. Interesting to note that this artist didn't seem to mind the notion that the legion of Kazaa users they probably just created might then go and pirate all their songs, but given that ICP charged some $100 to get in to this packed conference and convention, they've obviously found some alternative revenue sources.

The problem with the "it has legitimate uses!" argument is that there aren't enough examples like this to offset the illegal ones. Note to artists: don't webcast your concerts - no one can watch them anyway with server overload and no one wants to watch U2 in RealMedia anyway. Do this sort of thing instead.

Re:Terrible writing

[WebMasterJoe]

Someone needs to teach you the difference between a comma and a coma :) I love it when people complain about grammer/spelling but they screw it up themselves.


Yes, that was intentional.

Quicky quiz

[Traa]

Here is what we know:
- These companies are stealing money.
- But not your money.
- They do this with your knowledge. Not just the EULA, but you read about it here.
- You install this program anyway because you don't really care...hell, you want to steal music.

Count the amount of times you agree or disagree for the following statements:
1) Better then spyware.
2) "hell, everyone steals money, thats what money is for. Take a peek at CNN for cry'sake"
3) Not my money, not my problem.
4) "I hate Amazon anyway"
5) "I don't have any money, why do you think I'm installing this piece of sheet software"
6) As long as they tell me everything I consider it legal. It's MY CHOICE!

- 6 Agree
You are probably 12-16 years old and stumbled onto slashdot by accident.

- 4-5 Agree
Surprised you read this far, might as well moderate this up as 'funny'. Now go find that link to LimeWire.

- 3 Agree 3 Disagree
Let's wait and see what the other people think, hell this is probably just going to happend anyway so might as well read through the silly comments.

- 4-5 Disagree
I'm about to post some insightfull comments about why this is yet another 'end-to-the-internet-as-we-know-it'. Sigh, why don't people think before they code.

- 6 Disagree
Stop reading this, start writing that letter to your congressman!

All software could do it

[Beliskner]

Why doesn't Norton Antivirus do this to credit Symantec? Can Micro$oft do this if I buy products using their operating system? Hmmmm....

Say what you will

[forgoil]

But how can you be so upset about these companies/pieces of software which lives on stealing all of a sudden starts to steal themselves? You feel it is ok to download copyrighted material, but wrong to fool the amazon servers to get credit instead.

Newsflash, both are illegal and wrong. Don't use software that is made for the purpose of doing something illegal and you are safe.

What... The... Fuck...

[autopr0n]

'While I agree that this is really a bit of a scam, it is a way for us to pay salaries while not adversely affecting our users.'

Well fuck! Why not just rob banks? I mean, people's savings are insured up to $100,000 by FDIC and in most cases up to millions from secondary private insurance. No harm done!

Or perhaps insider trading is the answer. Just scan people's hard drives for sensitive financial information and use that on the stock market. Doesn't hurt a soul!

Re:Legal?

[MrResistor]

Two totally different things.

The network itself is set up so that the company isn't running the servers themselves, so they can't be held directly responsible for the content that is transfered using their software (in theory).

However, the money being directed is being directed to a specific account, not distributed across the net like the servers, so there is a central target which can quite easily be sued.

Adaware

[dubiousmike]

http://download.com.com/3000-2094-10045910.html

Free and will remove said offending insiduous files.

Test those EULA's: Find Lawyers and Sue the Worms

[reallocate]

You can't legitimize illegal actions by putting language in a EULA. If it's illegal, it stays illegal.

How about someone suing these guys? Eight hundred thousand Amazon associates ought to make for some nice class action litigation.

a new approach to EULA BS

[d3vpsaux]

Well, since some computer users don't bother to read through your pages and pages of technical jargon, I propose, KaZaA, Morpheus, etc. that you abuse nave users to the fullest extent. Dig: EULA You hereby agree... (3 pages of yadda yadda)......to the following: 1a. If you are male: The entire development team may utilize the resources of your girlfriend at any time. (read. sex) 1b. If you are female: The entire development team may utilize the resources of you and/or a girlfriend at any time.(read. sex) 2. We may acquire your residence for our yearly "Fuck the Consumer" bash. Clothing optional (esp. if you fall under section 1b) 3. You hereby agree that we are above the law. In that voice that Sly Stallone uses in "Demolition Man." Feel free to add your own!

Has anybody confirmed that ad-aware corrects this?

[emil]

Do you need to run ad-aware every time you run kazaa?

Re:Um, does the phrase massive lawsuit mean anythi

[reallocate]

Ever take you car to a mechanic and notice the signs that say something like "Customers Not Permitted in Work Area. Not Responsible for Damages or Injuries"? Well, that doesn't absolve the garage from legal liability if you walk into the work area and they drop a transmission on your head.

Ditto EULA's. Someone could walk into a bank and get a clerk to sign a license that says "Give Me All Your Money". Still illegal.

Any Open Source Code at Play? License Implication?

[reallocate]

Do these guys use any Gnu or open source code? If so, what are the implications? What do those licenses have to say about this kind of usage?

Re:If they're an affiliate,how many CDs did they s

[tmark]

Just because SOME P2P users are buying CDs doesn't mean that MOST of the rest of them are, or are not buying CDs. I don't doubt that P2P is helping to sell some CDs, the question is whether or not P2P is hurting CD sales overall.

Re:Same old story

[jilles]

Limewire is OSS too (GPL, no less). OSS is not guarantee that there's no spyware bundled. Actually bundling spyware is one of the few ways you can actually make a profit from an OSS product.

They Lied to EFF also

[plaidfishes]

on March 20 of this year, I wrote the following letter to Robin Gross of EFF expressing my dismay and anger at the activities of these spyware companies.

Dear Ms. Gross

I am writing to express my concern that my attempts to financially support EFF have been stolen by Morpheus and similar companies. I have long been careful to use the Amazon Affiliate Button on your front page for all of my book purchases. I have felt that doing this combined to support what I believe in simply and effectively. Since my purchases have been well over $1000 per year for at least the last two years, I know that it has to have been worth at least some money to EFF.

It has recently become apparent that Morpheus et al. have been placing software such as TopText and other scumware on users machines. These programs have the sole purpose of rewriting affiliate links. This effectively redirects the financial benefits of these links to the scumware operators. To put it bluntly, this is theft, no different than if they had stolen the affiliate checks and written their own names as payee.

I have supported the EFF for years. I supported Morpheus partly because of EFF's support of them. But I am frankly disgusted by this turn of events. As the Director of the Campaign for Audiovisual Free Expression, and a staff attorney for EFF for Fair Use and Intellectual Property, I believe that you may well be the single best person to let them know they have gone too far. To take a principled stand on Fair Use is one thing. To pump ads to users while using the software is also perfectly legit. To actively steal revenue from other people, companies and organizations, even after the user has supposedly removed the software, without notice is simply beyond comprehension.

Shortly thereafter, I recieved this reply from Robin

Thanks for your message and concern. We've been informed that was a very brief test and has been completely disabled. If the company wishes to do this in the future, they will be sure permissions are granted in advance of rerouting trafficking. Best, Robin

Perhaps Robin needs to revisit this issue with these scumbags.

opportunity theft vs. real theft.

[autopr0n]

This is a bit long winded, but you're right in that there is a huge difference between what's going on downloading MP3s and redirecting refers.

In business there's a concept called "Opportunity cost". It's the cost of not doing something (IIRC, I'm not an MBA :P).

Here's an example. Suppose Pharmagog corporation created a new drug that, erm... cures carpal tunnel syndrome. If Pharmagog doesn't advertise the only people who'll use it are those with doctors who keep up on all the publications, reports, and new treatments. If they do advertise millions of people with RSI will find out about it and ask their doctors for it. Suppose that the advertising campaign costs $30 million dollars, and will probably result in about $126 million in income over 10 years as opposed to $13.4 million otherwise. This means that the opportunity cost of not advertising is $82 million dollars.

When you download music from the Internet, you're not depriving anyone of anything, but, you're reducing the chance the record company has to sell you the CD later. In other words, you're actually stealing opportunity. Some people were never going to by the CD anyway (perhaps they couldn't afford it), for them, the opportunity cost to the record company is nothing. Others were planning to get the CD and continued to do so, despite already having the music. For them, the opportunity is also nothing. Other people download music and then don't get the CD. Those people do cost the record company money. A final group of people are actually more likely to get the CD after hearing MP3s. Those people are actually stealing negative amounts of opportunity from the record companies.

But anyway. When these p2p companies steal refer traffic, they are not stealing some unquantifiable opportunity, they are stealing money actual money from actual people who are doing the work to promote the item. And that's just fucking wrong.

Re:EULA- We will pay if they get sued.

[Fiver-rah]

No, that says that if they get sued for something you do, you'll pay.

disabling the theftware?

[valmont]

could anyone out there identify exactly what is happening when clicking on such a referal link?

i am curious if the spyware only switches a "partner id" from the legitimate site's id to their own.

or does it go further and redirects their request to one of their servers so they have more control over the redirection process.

if the request is indeed sent to one of their servers, i can see a number of ways how one could intercept such attempts on their own machine. hosts file anyone? redirect to localhost or some public-service server that runs a CGI or servlet that restores the request back to what it was supposed to be before redirecting the user. mmMMMmMMm. i don't have a PC so i can't figure out how it alll works.

Their cash register my store--complain to Amazon

[Kakurenbo+Shogun]

This is like them walking into someone else's store, setting up a cash register, and taking money for someone else's product. In the case of an Amazon associate, the "product" is not the product the consumer purchased, it's the referral that Amazon purchased from the associate. This they are stealing.

Anyone who is an Amazon associate (or an associate for any other company they're doing this with) should complain to Amazon.com (maybe make a petition) and have these people's associates account cancelled. I'm sure going to!

Are they idiots?

[Courageous]

Why do they believe that the user's agreement makes this legal? An agreement between two parties cannot, as a general rule, relinquish the rights of a third party. This is almost certainly felony fraud, earning the players 5-10 in the clink. I hope the players have good attorneys. As soon as the victims (hint: not the user) hear about this and file a complaint, charges will be filed. They're not going to be civil charges, and it's not going to be judge Judy.

Some people are really stupid about the internet! "Oh, this is the internet, therefore if I do something unethical, they must not have passed a law against that yet." Not so. God. DUMB!!!!!

C//

Best quote from the NYTimes article...

[geoswan]

"For some people, WWW stands for the Wild, Wild West"

Removing spyware

[fluor2]

Here are some links to programs that remove spyware like this:

http://download.com.com/3120-20-0.html?qt=spyware& tg=dl-2001

I would personally recommend Lavasoft Ad-Aware from Lavasoft.de. "Ad-aware is a free multi spyware removal utility that scans your memory, registry and hard drives for known spyware and scumware components and lets you remove them safely. It is updated frequently. If you are new to Ad-aware, we recommend you read the getting started tutorial."

Don't forget to download the Reference file Updater v2.01 for Ad-aware.

Re:Let me get this straight...

[gerardrj]

P2P is not illegal. If it where, every web site would be shut down and the web browser would be removed from every desktop. The same for FTP and email servers. All are forms of peer-to-peer data transfer. Hell, LAN servers would need to go, as they are merely peer-to-peer with one server and lots of peers.

The contract/EULA is enforcable in that it only affects the parties of the contract: you and the software people. Via the contract you agree that any affiliate links you use will be replaced with ones for the software vendor. No money is ever redirected, the link is redirected. The most wrong there is possible copyright infringement.
Copyright infringement is hardly something most users of these softwares should get up in arms about.

Use this EULA as a precedent!

[statusbar]

This EULA can be fairly easily attacked in court, and maybe doing this, the precedent would help weaken EULA's everywhere. Maybe?

--jeff++

Re:Test those EULA's: Find Lawyers and Sue the Wor

[statusbar]

Yes! And as I mentioned way above, maybe this court action would form a legal precedent, effectively weakening EULA's in general!

--jeff++

Re:(HOW TO REMOVE) on Other OS

[MillionthMonkey]

I've used the JAR with no problems. If you use Limewire you should really run the JAR version because all the crap is in the installers. Stuff like that is difficult to write in Java anyway. Which is probably why they're so mentally disconnected from it- after all it isn't in their code.

There is a link for it on Limewire's site somewhere. Just go there and look for downloads for "operating system - other".

Set up a JRE on your computer first so you can download the JAR only.

Re:The broader picture

[ergo98]

The ISP makes the same claim to the judge about changing the TOS anytime they want. The judge states that the TOS that *I* signed doesn't contain any clause about changing the TOS at ALL, and dismisses the claim entirely.

The flip side of this is that a lot of TOS/service contract type agreements do state that they can be changed at any time without agreement or even formal notice (you were lucky, or informed, that this one didn't). Personally I find that hard to fathom as being legal: If a contract is signed, there should be no method that it can be altered without both parties resigining a new contract.

Re:Way beyond the pale

[reflector]

Erm, they make a program for pirating movies and music.

and you use a computer for hacking, you drive a car for running people over, and use a knife for stabbing people. i guess that makes you immoral and untrustworthy, as well.

Do you think they'll give a damn that something else they do is seen as stealing?

copyright infringement is copyright infringement, it's not stealing. just because the riaa says it is doesn't make it so, don't be the riaa's ass-puppet.

Re:If they're an affiliate,how many CDs did they s

[geoswan]

All other things being equal, if Kazaa (et al) had not done all of this, assuming that their customers really do purchase CDs (which I will happily concede) then their numbers would have placed them somewhere on the list of affiliates.

Agreed.

A numerically meaningful place on the list.

Agreed.

But if they steal units from other affiliates then they artificially inflate their own numbers are deflate other affiliates'.

I thought this too, at first. But if Amazon only broke out the bounties given to KaZaA, Morpheus, etc, for the purchase of CDs, videos and DVDs, you still get a useful number. KaZaA and Morpheus claim the bounty on any CD puchased online from anyone who downloaded their software.

Many people, including, if I understood her properly, Janis Ian, believe that downloading music online is one step many music fans use prior to making an online CD purchase. Music industry types have claimed that the music stores near colleges and universities have experienced a drop in sales, due to downloading music, because that client base had a greater access to the internet.

It has been pointed out that that client base also has a greater access to online means of purchasing their CDs online.

So, learning the total number of CD's purchased by someone who has used morpheus, even once, is the stat we want, not whether the user clicked through a banner on a KaZaA site.

Well -- that settles it

[Catbeller]

Hmp. Just installed KaZaa to see what it was all about.

2 million users, lots of files... seems good... and then this happens.

This is about greed. Even if they achieved a steady state profit engine, they just have to crank it up another notch, then another, and another. Come on, isn't there such a thing as enough money?

Time to perform the semi-annual reformatting of the hard drive. I HATE software that refuses to un-install.

God, I miss Napster, and those innocent days before the men in suits showed up.

Re:The broader picture

[Steve+Franklin]

Well, you have a lot of agreements nowadays that stipulate that they can change the terms of service. They do have to notify you, whether it says so in the agreement or not, otherwise they could raise the price to US $1000000 and take your first born child as collateral. Also, I'm no expert at this, but I would imagine there's something in basic English common law that says you can't force someone to buy something because he didn't specifically tell you he didn't want it. The clerk at the local Sam's Club: "Gee, Sir, you didn't specifically tell us you didn't want a metric ton of asparagus, so we're going to have to bill you for it after we deliver it to your house Railway Express." There's some point at which common sense takes precedence over legalistic idiocy.

As for them suing you in foreign court, I think we'd all like to know who these guys are so we can avoid them, though I suppose you'd be hesitant to tell us for fear of being sued for doing that! What losers.

The Difference.

[Grendel+Drago]

When you download the album, Best Buy still has it.

When you steal from the bell-ringer, he doesn't still have his money.

Understand now?

--grendel drago

Re:The broader picture

[hexx]

Their reply was that THEIR POLICY was to renew subscriptions automatically

The funny thing about this, is it's fine, legal, and dandy.

If they want to "renew your subscription", then they can ask for payment. You are certainly under no obligation whatsoever to pay it, but they can spend the 20 cents it costs to bulk mail you a request to pay for a new subscription.

As long as they carefully tread the fine line between intimating that you can pay them for services, and claiming that you contractually owe them money, it's legal (IANAL).

(right?)

Re:Using a REFERER HTTP header?

[ShaunC]

How are they doing this?
The article didn't explain it for a technical perspective

My guess is that the software installs a system hook to watch Internet Explorer's message queue. When it's determined that IE has been pointed at an interesting site, the destination URL is simply rewritten and pumped back to the queue.

Think of it as a man in the middle attack at the very core of Windows (though fully supported by the API - there are plenty of legit uses for these sorts of hooks). This isn't very difficult, it's how many of the "Net Nanny" and "Spy on your Wife" programs figure out where you're browsing to and who you're talking with on AOL, and it's the same principle that Windows keyloggers have been based upon forever. You tap into the message queue, ignore anything you don't care about, and mess with anything that interests you.

The problem is that Amazon's affiliate URLs are in a fairly constant format and easy to fudge. For example, consider the following:

http://www.amazon.com/exec/obidos/ASIN/B00006FI0T/ winfosec-20/

It would be very easy to catch such URLs, because they're always in the same format:

http://www.amazon.com/exec/obidos/ASIN/PRODUCTID/a ffiliate-id

...replace the affiliate-id with your own, send the "Go to this URL now, please" request on to IE, and you're set.

As an aside, message queue peeking and system hooks are usually the reason why having spyware (especially multiple spyware apps) installed can slow your system down or even bork it completely. Imagine the above scenario, except with 10 different spyware programs all trying to intercept and reformat the same messages for the same program at the same time...

Shaun

Nah. The big retailers don't care...

[geoswan]

I don't know if the big online retailers actually care about affiliate programs or not. If they do, then stealware is intolerable. Otherwise, the programs are useless.

I think I can offer a case history that answers this question.

I have a buddy who has a small site that offers a legitimate service. She works hard at providing this service, and gets a small trickle of money, from banner ads, just a bit more than she would need to break even.

Chapters was the bookstore chain with the largest number of storefronts in Canada. They also had a large online bookstore. She was an affiliate. Their rule was that they would not mail her a check until their bookkeeping showed that she had earned $100 worth of bounty. After more than a year of being an affiliate she was within a couple of bucks of getting her first check.

Then Chapters was bought out by Indigo, the second largest Canadian bookstore chain, but the one with deeper pockets. They had their own affiliate program. She was an affiliate of Indigo as well. But Indigo did not transfer in her Chapters bounty. No did they cashout her $99. They just kept it.

If chapters had gone bankrupt, and Indigo purchased the name and inventory from the receivers, they would not have been obliged to honour the outstanding bounties. But, officially, it was a merger .

Re:Nah. The big retailers don't care...

[dcavanaugh]

If your friend's experience is any indication, then affiliate programs are about as reputable as Multi-Level-Marketing (MLM). I guess the answer is to avoid signing up unless the retailer pays in advance. Given the number of sleazy or bankrupt retailers these days, it's foolish to extend credit to them.

Logical Fallacy

[LionMage]

Many of the people posting on this topic have written a slew of repetitive comments, some of them clearly written as an attempt at humor, implying that it's hypocritical to hold these companies to a higher ethical standard because their primary products are either intended to promote music piracy, or else they easily facilitate music piracy.

I'd like to analyze this for a moment. First off, many are equating the theft of music with the theft of monies targeted at charities. It seems clear to me that stealing copyrighted work is a form of theft, but obviously not in the same category as stealing money outright. My reasoning is as follows: When you copy an MP3 from someone else, an MP3 which may be a song you don't already own a legitimate copy of, you are not depriving the record label of actual revenue. You are depriving them, at best, of potential revenue. I'll get back to this concept in a moment, but bear with me. When these companies install sleazeware to redirect actual dollars intended for charities into their own coffers, they are no better than a pickpocket (a poor analogy) or a bank robber (better analogy). Sure, the end user doesn't get harmed, but the intended charity is irreparably harmed. Funds have been diverted; these are REAL dollars and cents.

Getting back to the idea of actual profits versus potential profits: The RIAA argues that music piracy costs them millions of dollars annually. This argument is based on a logical fallacy. The people who steal music aren't going to pay for that music if the vehicle for theft is taken away. They'll either rely on slower vehicles (personal copies from a friend's CD collection, for instance, or direct file trading from one person to another without an intermediary service -- both very difficult to trace) or they'll consume less music overall. Oh, sure, some people will pony up the dough for music that they can't easily find copies of, but in those cases, it's usually music that's out of print or hard to find. (I snagged MP3s of two October Project CDs from a friend of mine months before I found copies of those CDs in a Zia Records in Tucson.)

Bottom line: You can't assume that people who pirate music would otherwise pay if that means of piracy were taken away. Besides, piracy will always find an avenue. File trading still runs rampant on IRC and various instant messenger services.

Therefore, record companies reporting losses due to piracy are tallying up imaginary numbers. They have no reason to believe they would have received those monies if the so-called 'pirate networks' didn't exist.

Having said all that, I would like to reiterate that although the Gnutella network is often used for illicit file trading, it has significant non-infringing applications that cannot be overlooked -- many universities rely on Gnutella for disseminating files to faculty and students. (It seems to work very well for a finite, closed network.)

A few months ago, Slashdot ran a story about the major Gnutella client developers banding together to figure out how to 'lock out' less well behaved Gnutella clients. One of the biggest complainers was LimeWire. Now we learn that LimeWire is one of the companies involved in theft of funds from charities. They're also very quick to lay the blame for poor network performance at the feet of many open sourced clients such as Gnucleus. (Yes, the LimeWire core is also open sourced, but they're still trying to capitalize off of it in a for-profit manner. Gnucleus, AFAIK, is totally free-as-in-beer and free-as-in-speech.) Makes you wonder if their complaints about 'badly behaved' clients are just a ploy to lock down control of the Gnutella network -- followed of course by closing their source tree to outsiders and then making future revisions of the Gnutella spec only available to those who pay to play with the big boys.

Affiliate program is flawed then

[SCHecklerX]

If it is easy to 'steal' commission by replacing yourself as the affiliate, there seems to be an authentication issue in the way the affiliate program works in the first place, no?

While sad that it takes something like this, and even sadder that someone would exploit it, it will force a better system into existence.

Re:Legal?

[shimmin]

However, the money being directed is being directed to a specific account, not distributed across the net like the servers, so there is a central target which can quite easily be sued.

Under what nation's laws? The Virgin Islands'? The whole thing was set up as an offshore deliberately to make it more expensive to pursue legal action against.

And really, as for tracking the beneficiary of all this through the account number, my bet is the account (which only Amazon knows until someone bothers to file a John Doe lawsuit to force it out in discovery) is a front company somewhere with no easy-to-prove relationship to any of the filesharing networks. Sue it, it can vanish overnight and be resurrected under another name by the end of the week.

Trying to pursue it that way is even more of a game of legal whack-a-mole than trying to get rid of the networks themselves.

Re:Can be used for theft != Will be used for theft

[ReelOddeeo]

Via which means?

• FTP: exclusively non-theft. (Whatever that means.)
• HTTP: exclusively non-theft. (Whatever that means.)
• Usenet: exclusively non-theft.
• OpenNap: almost exclusively theft.

I'm making assumptions about what you mean by "theft".

Do you mean out of print obscure non-mainstream music that you'll never hear on mainstream radio stations? Yep. My tastes are very particular. Honest. No doubt some of what I listen to is available for sale in your local christian bookstore.

Do you ever photocopy copyrighted material, say in a public or university library, without buying the book?

Do you read articles in magazines on the rack without buying? Or parts of books in a bookstore?

Do you ever download or collect pr0n? (Almost exclusively copyright violations.)

Do you run Windows? Do you have ANY pirated software? Is your system absolutely pure as the driven snow? Any non-paid for shareware?

I run exclusively Mac and Linux at home. No pirated sofware on Linux. Zero. My Mac has mostly fallen into disuse and what pirate software I once had is long gone. A nice feeling to be piracy free for years now. Some of the biggest pirates I know are Windows users.

As for p2p, what counts as "theft"? What I would call theft is what the RIAA members do to artists and consumers, and what Microsoft does. But this debate has been had over and over before. Nobody is going to convince anyone else. Oh, and I have bought more than my fair share of books (see bookshelf) and CD's and vinyl before that.

My point still stands. You did not address it at all. P2P is just a tool. P2P did not introduce the concept of piracy. It just made it convenient. The fact that it is widespread is a social phenomena. Why? The answer to why says a lot.

Hrm...

[autopr0n]

can I please quote you?

Hrm... what do you think?