Slashdot Mirror
Secret Kazaa Documents Revealed in Court
Dan Warne writes "A fascinating range of Kazaa's internal documents were revealed in Federal Court in the ongoing court case against the Australian-based company today. One extraordinary philosophical manifesto by the company's chief technical officer showed that he was aware that Kazaa's activities were a huge legal risk. He also feared being 'out-innovated' by other P2P programs that didn't come bundled with adware. "if consumers can connect to FT (as well as Gnutella 2, eDonkey and Bittorrent) and it has no ads or adware then it would seem a good choice," Philip Morle says in the his manifesto. The documents are full of all sorts of other admissions-that-you'd-be-crazy-to-put-on-paper like how Kazaa employees "hate" installing the Kazaa Media Desktop on their machines because all the bundled adware slows your machine down and can hijack your web browser."
Never write anything in a letter, e-mail, diary, memo or any other quotable medium that you don't want the other guys lawyer holding up in court.
Help Brendan pay off his student loans
That maybe this chap wasn't -entirely- on side with the business strategy of the company.
To me this sounds like a techy complaining that the business is subverting the idea. In many cases this is because the techy doesn't understand the business model, but here it sounds more as if the business didn't understand the market.
An Eye for an Eye will make the whole world blind - Gandhi
When your own employees hate installing the very software of their employeer you know its a recipe for disaster. With those kinds of feelings flowing around the office its suprising the documents werent 'leaked' earlier. For some odd reason I don't see anybody coming to Kazaa's defense in court now like Napster saw when they were up on the chopping block.
Which is not to excuse his spyware-infested piece of crap. But where ever business memo must be written in such a way that you csn't tell the truth because it might be used against you in a court of law, your have a big problem with your tort system.
Lawrence Person (lawrencepersonh@gmailh.com (remove all "h"s to mail)
http://www.lawrenceperson.com/
Always be careful, thanks to the language ambigiouty, even the simplest statements can be turned around to form the opposite instead.
Even in saying "Kazaa does not come with spyware bundled", followed by "Kazaa and the bundled software do not collect personal information" still leaves quite a large hole for them to just walk straight through. What if one of the bundled applications reroutes your HTTP traffic through third-party servers? All the application does is re-route your traffic, it doesn't collect any information at all. The information collecting may just as well happen elsewhere.
Again, always remain on the look-out for these things, however minor they may seem.
At the risk of inflaming passions, ANY OS is only as secure as its user. With a little common sense and attention to detail, it is relatively easy to keep a Windows XP installation spyware/malware/virus free.
It's even easier in the workplace where XP can be locked down on the security front.
<grumpiness size="extreme" style="curmudgeonly">
If Kazaa goes down, there could well be a flood of low-quality Britney_Spears_naked111.mpg traders and leeches coming onto the good p2p systems. I don't think I want that.
It'll be like AOL day all over again.
Support Kazaa -- or America's highschoolers will be trading on your network!
</grumpiness>
Whence? Hence. Whither? Thither.
If they want me to believe their product contains no malware, spyware or adware, there is exactly one way they can convince me. And that's the same way that RMS, Linus and ESR convinced me that their software is clean.
If you have nothing to hide, you have nothing to fear.
Je fume. Tu fumes. Nous fûmes!
It's one thing for it to have spyware; it's something else for one of the company's head honcho to admit it.
If it was comon sense you wouldn't need to spin it in a "Manifesto", would you?
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
1) People install Kazaa because they want to pirate music, pictures, video and software from the Internet
2) Kazaa puts spyware crap in their product
3) Users think this is unfair
4) Kazaa is in court because of what they did
Am I crazy? Is there someone out there forcing people to install Kazaa? How many people were installing it for legit legal use?
You don't want spyware crap? Don't install shady programs.
This is like sueing a drug addict because he let you share his needle and you contracted HIV. I really don't get what all the fuss is about.
you mean there's someone out there still using Kazaa?
I don't see how you can make this statement - Gnutella is in no way synonymous with P2P file sharing; having used it myself and knowing others who have tried it the only thing I would associated the name Gnutella with is a software application which getting any file will take a relative lifetime.
Napster however is a different story. They had a product which was used by many and had an immense amount of content available to download and I bet in a survey of 100 people Napster would be the name they associate with filesharing moreso than Gnutella.
Backup not found: (A)bort (R)etry (P)anic
Some people, simply put, don't give a rat's ass about "correct" or about damage done. They only care about making money. Period.
If it weren't explicitly illegal, they'd even poison a town's water supply just for some money. Not an exaggeration: companies dumped toxic stuff into rivers right until the law forced them to stop. Or into the air. And even then, every time someone told them to use filters, there was endless moaning and bitching and lobbying about it.
Spam, tele-marketting, link-spam, spyware, etc, are just a symptom of the same thing: if it makes money and it's not illegal, hell yeah. Let's pollute and destroy another resource.
There was an interview with a link-spammer on The Register this week. Dunno, I found it surrealistic how the guy basically had _zero_ morals. Not even an "eh, it's wrong, but I need the money" kinda attitude. Nope. The general tone all over was along the lines of "who the damn has time to care about collateral damage? It makes money and it's not illegal. Period. If you have a problem with it, tough shit. Sucks to be you."
Basically it's the same with spyware. These people don't care, that's all. As long as it makes them a buck and isn't explicitly illegal, they'll clog your computer without thinking twice. If it was possible and made them a buck, they'd even make that computer explode without thinking twice.
A polar bear is a cartesian bear after a coordinate transform.
You've gone over every line of the source code you use? All of it? The entire kernel, all the drivers, all the utilities, all the apps and so on? You've checked carefully, to ensure that there's no backdoors spread across a number of functions (you can have some thigns that are innocent and harmless on their own, that work together to do something bad)?
Are you also sure about your compiler, have you checked it? Not the source I mean, but do you know that the binary is a faithful reproduction of the source? The problem with a compiler, is that you compile it with an old version of itself. What if it has a backdoor that exists only in binary form, never in the source, but propagates on compile (see http://www.acm.org/classics/sep95/)?
There's nothing about OSS that inherantly protects you. This is espically true since I'm guessing indeed you have NOT done the audit I described. Few people have the programming skills necessary to do so in a useful way and even fewer have the mountain of free time it takes. Rather, you are taking it on faith that others have audited the software you use, done a good job when doing so, and have spoken the truth and been heard if a problem was found.
A more realistic way to check to see if the software is all above board, and one that works equally well on closde source software, is to check the install. By that I mean log everything that is added, modified, or deleted. Then, when running the software, look for anomalous behaviour, like loading modules it shouldn't, trying to establish network connections, spawning other processes, etc. If you do that correctly, it's not hard to tell if something is acting evil or comes with stuff that does. It's also something that you could realisticly spend the time to do for all the programs you use.
Even then, I doubt you'd bother unless you are super paranoid. I'm sure you generally trust that others have looked in to it, and you'd have heard about it if there were problems. I personally only check the install and operation of a program that I find suspicious. Retail software, OSS, and 99% of downloads I don't bother since experience shows that there's nothing to worry about. I take on faith that there's nothing bad in there, and if there is one of my cleaner tools will catch it soon enough.
But my point here isn't to attack OSS, if that's what you are thinking, just to point out that this warm, fuzzy feeling that many people get from the openess is a false sense of security. They think because the code is open, and able to be checked, it means that there's nothing bad in there. Well, that's probably true, but only in the same way it's probably true that if you buy retail software it's also free of malware. Neither is a gaurentee of anything, and since 99.999% (or more) of people aren't actually using the openness to do their own audit, it's a false sense of security.
Basically, when you get down to it, you can never be sure there isn't something lurking there, unknown to the general population. The only way you could feel confident is if you wrote your own assembler from machine code, your own basic OS and compiler from that, audited every line of code in the OS, compiler and apps you were going to run, and then proceeded to build them 100% from source using your own tools. Even then, you still might miss something. Remember: We find holes in software all the time, we call them bugs or exploits, meaning they weren't intended by the developers. This happens even to OSS, even to major peices of OSS that have been looked at thousands of times over. Sometimes, you just miss things.
And none of these exploits were trying to be sneaky or hide on purpose.
I'm not trying to say grab the AFDB and trust no one, that's pretty stupid clearly. I'm just pointing out that you should put the same amount of stock in OSS you haven't audited as in CSS you can't. Consider the source, and if it's suspicious, do a checked install, and have programs setup to watch how it runs. With 30 minutes of work you can generally tell if it's safe or not.
... and for company employees to admit it's horrible.
"Intellectual property"
Publishers and lawyers like to describe copyright as "intellectual property"---a term that also includes patents, trademarks, and other more obscure areas of law. These laws have so little in common, and differ so much, that it is ill-advised to generalize about them. It is best to talk specifically about "copyright," or about "patents," or about "trademarks."
The term "intellectual property" carries a hidden assumption---that the way to think about all these disparate issues is based on an analogy with physical objects, and our ideas of physical property.
When it comes to copying, this analogy disregards the crucial difference between material objects and information: information can be copied and shared almost effortlessly, while material objects can't be.
To avoid the bias and confusion of this term, it is best to make a firm decision not to speak or even think in terms of "intellectual property".
The hypocrisy of calling these powers "rights" is starting to make WIPO embarassed.
From: Some Confusing or Loaded Words and Phrases that are Worth Avoiding
So-called "IP-Rights" are also rebutted in the article Tragedy of the Commons. From Wikipedia:
In Hardin's article, the Commons is a shared plot of grassland used by all livestock farmers in a village. Each farmer keeps adding more livestock to graze on the Commons, because it costs him nothing to do so. In a few years, the soil is depleted by overgrazing, the Commons becomes unusable, and the village perishes.
The cause of any tragedy of the commons is that when individuals use a public good, they do not bear the entire cost of their actions. If each seeks to maximize individual utility, he ignores the costs borne by others. This is an example of an externality. The best (non-cooperative) short-term strategy for an individual is to try to exploit more than his or her share of public resources. Assuming a majority of individuals follow this strategy, the theory goes, the public resource gets overexploited.
The tragedy of the commons is a source of intense controversy, precisely because it is unclear whether individuals will or will not follow the overexploitation strategy in any given situation.
A short example: Why should Disney have eternal monopoly on Mickey Mouse, when Disney benefit extremely much from folklore-tales like: Snow-white and the 7 dwarves, Alice in Wonderland, Pochahontas, etc?
In this case, Disney benefit from the Commons, without contributing back. This is so-called "IP-rights" in a nutshell: They take away from the Public Domain, without contributing back.
Sorry, but few brave sites don't make difference to me. Theyll be shut down soon enought, no matter how they laugh. riaa will simply force peers stop peering with their ISP. money can do a lot thnings
... whole mechanics of torrent download is made to ensure that .torrent file you gout somewhere so you are sure you are loading legal/ilegal material thus noone can spit out "i didnt know what i was downloading, thus im incocent" bullshit
And torrent was MADE with intention distribute LEGAL material
1] Host (Trackes) is easily indetificable and shut down should someone wish to do it thus killing all donwloads
2] File is verified upon downloading and you download using
3] there is zero privacy a no attempts to hide users are viable.
thus making it perfect for distros etc, but impractical for illegal stuff
Y know, greatest offensive on whole torrent sites is for me that it devalues torrent as legal way to distribute files and that IT GOES AGAINST WISHES AND INTENTIONS OF ITS CREATOR (sorry for caps, but its important)
thus based on above i as avid downloaders and p2per say that illegal torrents are dying, are destined to die and should die
--- this is to damned ot now
-- Technology for the sake of technology is as pathetic as eschewing technology because it's technology.
I'm assuming you're trolling but for those who may not recognize the fallacy in your comparison, I'll point it out.
Kazaa says "Trust me. My software is clean. Please install it on your computer." I say "Ha! Prove that your software is clean and then maybe I'll think about installing it to my machine. If you're clean, yous shouldn't have anything to hide by showing me your source code." Kazaa says, "No, I don't won't to show you my source code." I say "Cool. You keep your source code secret and I'll keep it off my machine."
Ashcroft says "We think you might be a terrorist. We want to come in and search through your hard drive for incriminating files." I say "I'm not a terrorist. I don't have to prove anything to you. You may not search my hard drive unless you have evidence and get a warrant." Ashcorft says "If you're not a terrorist, you have nothing to hide. The Unpatriotic Act III says I don't need a warrant. So when my secret agent takes his knee out of your back and lets you get up, please stay out of our way. You might be able to get your hard drive back in a year or two when we're done with it. Have a nice day!"
Do you see just a tad bit of difference in those two scenarios?
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
You'd really think, wouldn't you, that if your employees hate your product your customers might too?
Oh, right. They're just stupid kids intent on killing off the music industry throught their own needs for immediate gratification.
This CEO is not someone I'd ever hire to run my company.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Option 1
kazaa lite is like the holy grail of windows p2p clients. If you search near and far then you just might be able to get your hands on this piece of p2p goodness.
Option 2
grab giFT! This is the most amazing p2p client I've come across because you can install modules that allow it to connect to all the p2p networks! gnutella, fast track and others at the click of the mouse!
Is your company using Linux? You could be at legal risk to a SCO lawsuit. Collect personal data on your customers? You could be at legal risk if that data gets hacked. Run a bungee jumping business? Legal risk. It doesn't say "he was aware they were performing illegal activities", it says he was aware of a risk. That is simply awareness that a) there was a real chance a lawsuit would be filed against them, and b) there was a non-trivial chance that, if sued, they would lose. Risk awareness does not imply guilt.
Seen any BadMarketing lately?
If it weren't for Kazaa, there would be no Kazaa Lite, one of the most convenient filesharing apps around.
free speach
Did you mean: free speech
Who here actually uses Kazaa? No not 'lite or another cracked client but the actual original Kazaa client? I think I tried it once about 3-4 years ago, fact is, only idiots are using Kazaa (i was young and foolish), lesser idiots use Kazaa Lite Resurrection, and really you should be using something else as a primary P2P client or network.
This comment does not represent the views or opinions of the user.