Slashdot Mirror
Secret Kazaa Documents Revealed in Court
Dan Warne writes "A fascinating range of Kazaa's internal documents were revealed in Federal Court in the ongoing court case against the Australian-based company today. One extraordinary philosophical manifesto by the company's chief technical officer showed that he was aware that Kazaa's activities were a huge legal risk. He also feared being 'out-innovated' by other P2P programs that didn't come bundled with adware. "if consumers can connect to FT (as well as Gnutella 2, eDonkey and Bittorrent) and it has no ads or adware then it would seem a good choice," Philip Morle says in the his manifesto. The documents are full of all sorts of other admissions-that-you'd-be-crazy-to-put-on-paper like how Kazaa employees "hate" installing the Kazaa Media Desktop on their machines because all the bundled adware slows your machine down and can hijack your web browser."
Kazaa contains Spyware! Lock up your daughterboards!!!
Get a free iPod Nano 4GB!
If you go to Kazaa right now, however, you'll note that they say that there's no spyware bundled with the software. Thanks, but no thanks...I'm sticking with bittorrent and Winmx.
Mercy was given to me by Christ...I must give the same to others.
Never write anything in a letter, e-mail, diary, memo or any other quotable medium that you don't want the other guys lawyer holding up in court.
Help Brendan pay off his student loans
just incase of the slashdot effect:
The Sale of Kazaa
Team Sharman came to court today with a strategic shift in direction: the revolution would now be a secret.
Their legal team presented a draft set of undertakings designed to suppress non-confidential documents from the media. It could have been a great plan if the Judge didn't think it was so crap, and with no supporting evidence for the basis of claim to confidentiality, Judge Wilcox swept away the majority of the claims for confidentiality by Altnet and Sharman.
There were 30 Altnet documents and four Sharman documents they didn't want publicised. We'll go through the Sharman documents today, and the Altnet documents later in the week.
The first item for discussion here at the Daily Dispatch is a 28 page contract between Kazaa B.V and Sharman, titled: Agreement for the Sale and Purchase of the Business and certain Assets of Kazaa B.V.
Buried within the most standard legal contract that makes you want to stab your eyeballs out, are the following nuggets of information.
When Kazaa's original Dutch owners got the jitters from pending US litigation by the music industry, the company was sold to Sharman for 600,000 Euros (about $1 million) to be paid in three installments. The purchase price included all company assets for the provision of p2p enabled software (which includes advertisement space for display advertising) to let users search and download files from other users.
Plus, all business and registered intellectual property rights, confidential information (defined as processes, methods, formulae, financial data, customer and supplier lists, marketing information, test results and reports, project reports, testing procedures, development manuals, training manuals, market forecasts, sales targets and stats, price sensitive information, research reports, business development reports), and all Internet domain names.
Bored yet? The sale took place in the Amsterdam offices of Van Doome at De Lairessestraat, and following the sale, Kazaa BV would have to change its name. Sharman was indemnified against all debts and liabilities and blah blah blah standard contract stuff. All employees were sacked after the sale (nice). Kazaa B.V ensured there was no Trade Union agreements or disputes in place at the time of sale. If there was, the leftie bastards would understand anyway, because every revolution starts a bit nasty. Of course, today Sharman enjoys the full support of a devoted staff that would never be treated so shoddily by their benevolent bosses if there were cause to up and move from a jurisdiction under legal duress. It's a revolution, it's Us against Them, it's Mabo, it's the vibe of the thing.
The Sales Agreement further confirms that when all employees were sacked, there was no way anyone could come back and haunt them to "assert any moral right in respect of any Business Intellectual Property Right." And if they did, then Zenstrom and Friis would be stung for it, not Sharman. So I'm guessing all employees were made to sign a contract as thick and dense as this one to make sure they kept quiet.
The original owners, Niklas "Skype" Zennstrom and Janus Friis were forbidden from competing with Sharman in any way for 3 years.
The deal was to be kept secret and not announced without the written consent of Sharman. The Sales Agreement was construed in accordance with the laws of England and subject to the non-exclusive jurisdiction of the English courts.
There were two clauses that seemed a bit odd. Under Schedule 3 of Vendor Warranties is the subheading Litigation. Clause 5.1 says:
Save as disclosed in the Litigation Letter, the Vendor (Kazaa B.V) is not a plaintiff or defendant in or otherwise a party to any litigation relating to the Business, which are in progress or threatened in writing or pending against the Vendor. So far as the Vendor is aware, no governmental or official investigation or inquiry concerning the Vendor is in progress or pending.
Th
People would prefer programs without adware? What a stunning concept. At what point did "manifesto" replace "common sense"?
That maybe this chap wasn't -entirely- on side with the business strategy of the company.
To me this sounds like a techy complaining that the business is subverting the idea. In many cases this is because the techy doesn't understand the business model, but here it sounds more as if the business didn't understand the market.
An Eye for an Eye will make the whole world blind - Gandhi
Kazaa says: No Spyware
Spot the difference, people!
Get a free iPod Nano 4GB!
When your own employees hate installing the very software of their employeer you know its a recipe for disaster. With those kinds of feelings flowing around the office its suprising the documents werent 'leaked' earlier. For some odd reason I don't see anybody coming to Kazaa's defense in court now like Napster saw when they were up on the chopping block.
I'm still amazed that the people in charge of companies like Sharman, etc. think that chocking their software full of crap programs that infect and make peoples' pcs run poorly (to say the least) is the correct way to go. I guess it just shows that in the end, a proper p2p program needs to be open sourced. It seems the only way we'll get something people will want (want is emphasized) to use. It takes real people to make software to be used by real people I guess.
Ubuntu, the way linux should be.
Try Ubuntu FREE! --
It's hard to take the word of someone who is stating incorrect information.
Skype is created by the original developers of Kazaa, but the original developers did not include any spyware/adware in KaZaa. The spyware/adware was added to Kazaa after it was sold to Sharman.
I don't know the answer, but I guess I'm more qualified to answer than many because I've been coding one on and off for the past three years. I guess the answer is it's hard work. You're also not "following head lights", as even the eDonkey clones do. And the programming is not easy - with C language it's socket programming, which means all kinds of strange things can come over the network which have to be defensively coded against, and since you're using multiple sockets that means threading. And it takes a lot of code to just get a decent app, never mind cool bells and whistles. One reason mine is GPL is, aside from liking the GPL, this is my first big software project so I don't feel I'm at a level where I can sell my code yet. I've also borrowed GPL code from a program called gnut which helped. I would borrow from one called GTK-Gnutella but it's so big and complex it's hard to directly borrow from.
Of course there are exceptions - Gnutella (although AOL/TW killed the eponymous one, leaving only the protocol clones), and Bittorrent. With the Gnutella protocol, Limewire and Bearshare are commercial companies, but they agree on an open protocol, which they share with some free clients (like mine).
There are so many innovations possible - Bittorrent is one of the recent ones - it built on what Edonkey did, allowing hundreds of megs of files to be transferred, except with Bittorrent, it added speed to the picture. So because Bittorrent exists, people now have a better chance of getting ISOs of Linux distros, Indymedia videos or whatnot. It's such a cool area I wonder why the propietary folks so often beat the free ones in terms of innovation. I guess it's a wash now with who innovates more. And also, with sockets, trheading and protocols that obsolete older versions as time goes on (ay de mi!), it takes so long to get a decent app together that innovation seems a long way off.
I suppose another reason is the RIAA/MPAA is suing p2p developers left and right - that might explain why people are hanging back somewhat. It's unfortunate this fear is stifling p2p innovation. In many ways it seems ridiculous to me - on BBSs in the 1980s you had a file section and a message board system. Sometimes you didn't even have a message board - just a file section. People have been trading and sharing files on computers for decades, all of a sudden such communal practices are tainted, with accusations flying on Slashdot on how people use p2p to break some new laws that the big corporations passed recently in Washington DC that protected their soi disant intellectual property. It's ridiculous - there were normal BBSs and warez BBSs back then, just as there is an equivalent nowadays on the Internet. It would be insane for US-legal (for now) things such as sharing ISOs or Indymedia videos is crushed by the evil capitalist bourgeois corporations.
At the risk of inflaming passions, ANY OS is only as secure as its user. With a little common sense and attention to detail, it is relatively easy to keep a Windows XP installation spyware/malware/virus free.
It's even easier in the workplace where XP can be locked down on the security front.
A lot of tech companies use it to describe th practice of using their own products in house. That's also where to discover many of the problems that infuriate customers.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
<grumpiness size="extreme" style="curmudgeonly">
If Kazaa goes down, there could well be a flood of low-quality Britney_Spears_naked111.mpg traders and leeches coming onto the good p2p systems. I don't think I want that.
It'll be like AOL day all over again.
Support Kazaa -- or America's highschoolers will be trading on your network!
</grumpiness>
Whence? Hence. Whither? Thither.
1) People install Kazaa because they want to pirate music, pictures, video and software from the Internet
2) Kazaa puts spyware crap in their product
3) Users think this is unfair
4) Kazaa is in court because of what they did
Am I crazy? Is there someone out there forcing people to install Kazaa? How many people were installing it for legit legal use?
You don't want spyware crap? Don't install shady programs.
This is like sueing a drug addict because he let you share his needle and you contracted HIV. I really don't get what all the fuss is about.
Ha.
I'd say I'm far from stupid - not a genius of course, but I do enough knowledge to administrate Unix and Windows systems, and write software. Yet I can't keep a Windows box spyware and virus free, unless that's specifically my objective.
I mean, it's certainly possible, if what you aim for is a spyware free box. Yes, I can use vmware, every virus and spyware scanner, try to make sure everything I install is 100% safe, and perhaps get a clean and hopefully useful box out of it. But no normal user does that, myself included. I'm certainly fairly paranoid and won't install random crap from the net, but nice looking useful tools can have spyware too.
If you want a real example, here's one. Go to this Azureus page. Well, actually that's not the Azureus page. It's a page that some jerks set up where you download spyware. The real page is on SourceForge.
The cost of forgetting to look with a critical eye at the fake page is to have your system infected with all kinds of crap that will then pretty hard to remove. And it's pretty hard, mind you. I could fairly easily have fallen for it, if I hadn't seen the official one before and wondered why they changed their design so much. Normal users don't run strings(1) on suspicious executables and google for information, though.
Now, you could argue that this kind of thing applies to Linux as well. True. However, there's a critical difference: On any sane Linux distribution, the official release of Azureus will be a package. And if the user downloads the software on their own, it'd be installed in their home directory. At least, while running under your account such crap is limited in what it can do, and has it much harder to wedge into your system as to make it hard to remove.
Kazaa says: No Spyware
Funny when companies have to explicitly mention they're not evil. Funnier is that Microsoft also says: "We're not saying there's no virus or malware in our product". Seriously... The MSN-Messenger license states that :
disclaimer of warranties. to the maximum extent permitted by applicable law, microsoft and its suppliers provide to you [...] as is and with all faults; and microsoft and its suppliers hereby disclaim [...] all warranties and conditions, whether express, implied or statutory, including, [...] lack of viruses, [...]
After 3 days without programming, life becomes meaningless
- The Tao of Programming
Some people, simply put, don't give a rat's ass about "correct" or about damage done. They only care about making money. Period.
If it weren't explicitly illegal, they'd even poison a town's water supply just for some money. Not an exaggeration: companies dumped toxic stuff into rivers right until the law forced them to stop. Or into the air. And even then, every time someone told them to use filters, there was endless moaning and bitching and lobbying about it.
Spam, tele-marketting, link-spam, spyware, etc, are just a symptom of the same thing: if it makes money and it's not illegal, hell yeah. Let's pollute and destroy another resource.
There was an interview with a link-spammer on The Register this week. Dunno, I found it surrealistic how the guy basically had _zero_ morals. Not even an "eh, it's wrong, but I need the money" kinda attitude. Nope. The general tone all over was along the lines of "who the damn has time to care about collateral damage? It makes money and it's not illegal. Period. If you have a problem with it, tough shit. Sucks to be you."
Basically it's the same with spyware. These people don't care, that's all. As long as it makes them a buck and isn't explicitly illegal, they'll clog your computer without thinking twice. If it was possible and made them a buck, they'd even make that computer explode without thinking twice.
A polar bear is a cartesian bear after a coordinate transform.
You've gone over every line of the source code you use? All of it? The entire kernel, all the drivers, all the utilities, all the apps and so on? You've checked carefully, to ensure that there's no backdoors spread across a number of functions (you can have some thigns that are innocent and harmless on their own, that work together to do something bad)?
Are you also sure about your compiler, have you checked it? Not the source I mean, but do you know that the binary is a faithful reproduction of the source? The problem with a compiler, is that you compile it with an old version of itself. What if it has a backdoor that exists only in binary form, never in the source, but propagates on compile (see http://www.acm.org/classics/sep95/)?
There's nothing about OSS that inherantly protects you. This is espically true since I'm guessing indeed you have NOT done the audit I described. Few people have the programming skills necessary to do so in a useful way and even fewer have the mountain of free time it takes. Rather, you are taking it on faith that others have audited the software you use, done a good job when doing so, and have spoken the truth and been heard if a problem was found.
A more realistic way to check to see if the software is all above board, and one that works equally well on closde source software, is to check the install. By that I mean log everything that is added, modified, or deleted. Then, when running the software, look for anomalous behaviour, like loading modules it shouldn't, trying to establish network connections, spawning other processes, etc. If you do that correctly, it's not hard to tell if something is acting evil or comes with stuff that does. It's also something that you could realisticly spend the time to do for all the programs you use.
Even then, I doubt you'd bother unless you are super paranoid. I'm sure you generally trust that others have looked in to it, and you'd have heard about it if there were problems. I personally only check the install and operation of a program that I find suspicious. Retail software, OSS, and 99% of downloads I don't bother since experience shows that there's nothing to worry about. I take on faith that there's nothing bad in there, and if there is one of my cleaner tools will catch it soon enough.
But my point here isn't to attack OSS, if that's what you are thinking, just to point out that this warm, fuzzy feeling that many people get from the openess is a false sense of security. They think because the code is open, and able to be checked, it means that there's nothing bad in there. Well, that's probably true, but only in the same way it's probably true that if you buy retail software it's also free of malware. Neither is a gaurentee of anything, and since 99.999% (or more) of people aren't actually using the openness to do their own audit, it's a false sense of security.
Basically, when you get down to it, you can never be sure there isn't something lurking there, unknown to the general population. The only way you could feel confident is if you wrote your own assembler from machine code, your own basic OS and compiler from that, audited every line of code in the OS, compiler and apps you were going to run, and then proceeded to build them 100% from source using your own tools. Even then, you still might miss something. Remember: We find holes in software all the time, we call them bugs or exploits, meaning they weren't intended by the developers. This happens even to OSS, even to major peices of OSS that have been looked at thousands of times over. Sometimes, you just miss things.
And none of these exploits were trying to be sneaky or hide on purpose.
I'm not trying to say grab the AFDB and trust no one, that's pretty stupid clearly. I'm just pointing out that you should put the same amount of stock in OSS you haven't audited as in CSS you can't. Consider the source, and if it's suspicious, do a checked install, and have programs setup to watch how it runs. With 30 minutes of work you can generally tell if it's safe or not.
I'm assuming you're trolling but for those who may not recognize the fallacy in your comparison, I'll point it out.
Kazaa says "Trust me. My software is clean. Please install it on your computer." I say "Ha! Prove that your software is clean and then maybe I'll think about installing it to my machine. If you're clean, yous shouldn't have anything to hide by showing me your source code." Kazaa says, "No, I don't won't to show you my source code." I say "Cool. You keep your source code secret and I'll keep it off my machine."
Ashcroft says "We think you might be a terrorist. We want to come in and search through your hard drive for incriminating files." I say "I'm not a terrorist. I don't have to prove anything to you. You may not search my hard drive unless you have evidence and get a warrant." Ashcorft says "If you're not a terrorist, you have nothing to hide. The Unpatriotic Act III says I don't need a warrant. So when my secret agent takes his knee out of your back and lets you get up, please stay out of our way. You might be able to get your hard drive back in a year or two when we're done with it. Have a nice day!"
Do you see just a tad bit of difference in those two scenarios?
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
Is your company using Linux? You could be at legal risk to a SCO lawsuit. Collect personal data on your customers? You could be at legal risk if that data gets hacked. Run a bungee jumping business? Legal risk. It doesn't say "he was aware they were performing illegal activities", it says he was aware of a risk. That is simply awareness that a) there was a real chance a lawsuit would be filed against them, and b) there was a non-trivial chance that, if sued, they would lose. Risk awareness does not imply guilt.
Seen any BadMarketing lately?