Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secret Kazaa Documents Revealed in Court

Posted by ryuzaki0 on from the stuff-to-read dept.

Dan Warne writes "A fascinating range of Kazaa's internal documents were revealed in Federal Court in the ongoing court case against the Australian-based company today. One extraordinary philosophical manifesto by the company's chief technical officer showed that he was aware that Kazaa's activities were a huge legal risk. He also feared being 'out-innovated' by other P2P programs that didn't come bundled with adware. "if consumers can connect to FT (as well as Gnutella 2, eDonkey and Bittorrent) and it has no ads or adware then it would seem a good choice," Philip Morle says in the his manifesto. The documents are full of all sorts of other admissions-that-you'd-be-crazy-to-put-on-paper like how Kazaa employees "hate" installing the Kazaa Media Desktop on their machines because all the bundled adware slows your machine down and can hijack your web browser."

18 of 273 comments (clear)

  1. Shock News Just In... by tabkey12 · · Score: 5, Funny

    Kazaa contains Spyware! Lock up your daughterboards!!!

    --
    Get a free iPod Nano 4GB!
    1. Re:Shock News Just In... by Bigthecat · · Score: 5, Insightful

      It's one thing for it to have spyware; it's something else for one of the company's head honcho to admit it.

  2. Currently... by gandell · · Score: 5, Interesting

    If you go to Kazaa right now, however, you'll note that they say that there's no spyware bundled with the software. Thanks, but no thanks...I'm sticking with bittorrent and Winmx.

    --
    Mercy was given to me by Christ...I must give the same to others.
    1. Re:Currently... by Ninjy · · Score: 5, Insightful

      Always be careful, thanks to the language ambigiouty, even the simplest statements can be turned around to form the opposite instead.

      Even in saying "Kazaa does not come with spyware bundled", followed by "Kazaa and the bundled software do not collect personal information" still leaves quite a large hole for them to just walk straight through. What if one of the bundled applications reroutes your HTTP traffic through third-party servers? All the application does is re-route your traffic, it doesn't collect any information at all. The information collecting may just as well happen elsewhere.

      Again, always remain on the look-out for these things, however minor they may seem.

    2. Re:Currently... by dioscaido · · Score: 5, Informative

      Because they have "adware", not "spyware". A ridiculous distinction that allows many companies to morally justify their inclusion of such horrible pieces of code in their products.

      Just peek at Messenger Plus v3 (an add on for MSN Messenger) -- they include LOP in their installer, which hijacks your browser, your searches, adds a toolbar, and adds icons to your desktop, and is one of the most annoyingly difficult things to clean on your own. The Plus 'company' justifies it in that it's "adware", not "spyware", and that the user opted in when installing by not un-checking the default install option. What comes next is a hellish exercise of peering into the most obscure parts of the registry to kill the re-spawners that make the spyware^H^H^H^Hadware come back on reboot when things look clean. /end rant

    3. Re:Currently... by Durzel · · Score: 5, Informative
      Straight from the installer's mouth.. What you agree to install...

      Step 1 of 4

      Kazaa file sharing application with: Bullguard Virus Protection, Altnet Topsearch.

      Kazaa is a free download supported by advertising from Cydoor, the GAIN Network and InstaFinder.

      Altnet PeerPoints Manager Package, an application that rewards you for sharing on Kazaa including My Search Toolbar and P2P Networking Application.

      Sharman Networks respects your privacy. Read the privacy policy. You must also agree to the user license agreements linked from below before continuing.

      [ ] I agree to the Kazaa Media Desktop End User License Agreement and Altnet PeerPoints Manager Package End User License Agreements.

      Seems it's just as polluted with spyware as it has always been.

  3. It just goes to show... by DaHat · · Score: 5, Insightful

    Never write anything in a letter, e-mail, diary, memo or any other quotable medium that you don't want the other guys lawyer holding up in court.

    --
    Help Brendan pay off his student loans
    1. Re:It just goes to show... by Eminence · · Score: 5, Interesting
      This sounds very rational. And this is probably what people should do. However, both the original poster and you assume that other fellow's lawyers' right to read anything that you've written is natural and obvious. But shouldn't there be a limit? If that would be technologically possible to subpoena someone's thoughts would you see it as natural and right? I really don't like the idea that anything I write or draw might be used against me - I thought this rule applied only to testimonies after being arrested.

      I understand that from the court's point of view such memos and letters are an important evidence that would allow them to judge not only the actions but also the intentions. Maybe that's what we should worry about? After all, it is really hard to prove intentions in cases like this - and even harder to judge them. An intention to rape & kill are obviously bad, but it is not as obvious with intention to develop a way for people to freely share files over the network. Here it depends on one's beliefs and interests whether he would see it the way I put it or as an intention to develop a way for people to steal precious and highly valued intellectual property of media companies. Are beliefs to be tested in court?

  4. No, really by Ignignokt · · Score: 5, Funny

    People would prefer programs without adware? What a stunning concept. At what point did "manifesto" replace "common sense"?

  5. Re:Sure there ain't no spyware... by tabkey12 · · Score: 5, Informative
    Note that their Skype website says: No Spyware, Adware or Malware
    Kazaa says: No Spyware

    Spot the difference, people!

    --
    Get a free iPod Nano 4GB!
  6. suprising, or is it? by Syini666 · · Score: 5, Insightful

    When your own employees hate installing the very software of their employeer you know its a recipe for disaster. With those kinds of feelings flowing around the office its suprising the documents werent 'leaked' earlier. For some odd reason I don't see anybody coming to Kazaa's defense in court now like Napster saw when they were up on the chopping block.

  7. Re:And slashdot keeps advertising skype, by Anonymous Coward · · Score: 5, Informative

    It's hard to take the word of someone who is stating incorrect information.

    Skype is created by the original developers of Kazaa, but the original developers did not include any spyware/adware in KaZaa. The spyware/adware was added to Kazaa after it was sold to Sharman.

  8. Eat your own dogfood by EvilTwinSkippy · · Score: 5, Informative
    Eat your own dogfood might be a better expression to describe it.

    A lot of tech companies use it to describe th practice of using their own products in house. That's also where to discover many of the problems that infuriate customers.

    --
    "Learning is not compulsory... neither is survival."
    --Dr.W.Edwards Deming
  9. Kazaa _must not_ fail by kahei · · Score: 5, Insightful


    <grumpiness size="extreme" style="curmudgeonly">

    If Kazaa goes down, there could well be a flood of low-quality Britney_Spears_naked111.mpg traders and leeches coming onto the good p2p systems. I don't think I want that.

    It'll be like AOL day all over again.

    Support Kazaa -- or America's highschoolers will be trading on your network!

    </grumpiness>

    --
    Whence? Hence. Whither? Thither.
  10. Re:I really don't understand this by oirtemed · · Score: 5, Insightful

    no, this is like suing a gun dealer because the gun he sold you had a gps device on it and the bullets were faulty. It doesn't matter that you were going to commit a crime with the gun. Kazaa purports to provide a legitimate product and service. If they are lying about it, they should be held responsible. Whether or not P2P is legal or illegal, or more importantly moral or immoral isn't relevant.

  11. So you've done your own audit then, yes? by Sycraft-fu · · Score: 5, Insightful

    You've gone over every line of the source code you use? All of it? The entire kernel, all the drivers, all the utilities, all the apps and so on? You've checked carefully, to ensure that there's no backdoors spread across a number of functions (you can have some thigns that are innocent and harmless on their own, that work together to do something bad)?

    Are you also sure about your compiler, have you checked it? Not the source I mean, but do you know that the binary is a faithful reproduction of the source? The problem with a compiler, is that you compile it with an old version of itself. What if it has a backdoor that exists only in binary form, never in the source, but propagates on compile (see http://www.acm.org/classics/sep95/)?

    There's nothing about OSS that inherantly protects you. This is espically true since I'm guessing indeed you have NOT done the audit I described. Few people have the programming skills necessary to do so in a useful way and even fewer have the mountain of free time it takes. Rather, you are taking it on faith that others have audited the software you use, done a good job when doing so, and have spoken the truth and been heard if a problem was found.

    A more realistic way to check to see if the software is all above board, and one that works equally well on closde source software, is to check the install. By that I mean log everything that is added, modified, or deleted. Then, when running the software, look for anomalous behaviour, like loading modules it shouldn't, trying to establish network connections, spawning other processes, etc. If you do that correctly, it's not hard to tell if something is acting evil or comes with stuff that does. It's also something that you could realisticly spend the time to do for all the programs you use.

    Even then, I doubt you'd bother unless you are super paranoid. I'm sure you generally trust that others have looked in to it, and you'd have heard about it if there were problems. I personally only check the install and operation of a program that I find suspicious. Retail software, OSS, and 99% of downloads I don't bother since experience shows that there's nothing to worry about. I take on faith that there's nothing bad in there, and if there is one of my cleaner tools will catch it soon enough.

    But my point here isn't to attack OSS, if that's what you are thinking, just to point out that this warm, fuzzy feeling that many people get from the openess is a false sense of security. They think because the code is open, and able to be checked, it means that there's nothing bad in there. Well, that's probably true, but only in the same way it's probably true that if you buy retail software it's also free of malware. Neither is a gaurentee of anything, and since 99.999% (or more) of people aren't actually using the openness to do their own audit, it's a false sense of security.

    Basically, when you get down to it, you can never be sure there isn't something lurking there, unknown to the general population. The only way you could feel confident is if you wrote your own assembler from machine code, your own basic OS and compiler from that, audited every line of code in the OS, compiler and apps you were going to run, and then proceeded to build them 100% from source using your own tools. Even then, you still might miss something. Remember: We find holes in software all the time, we call them bugs or exploits, meaning they weren't intended by the developers. This happens even to OSS, even to major peices of OSS that have been looked at thousands of times over. Sometimes, you just miss things.

    And none of these exploits were trying to be sneaky or hide on purpose.

    I'm not trying to say grab the AFDB and trust no one, that's pretty stupid clearly. I'm just pointing out that you should put the same amount of stock in OSS you haven't audited as in CSS you can't. Consider the source, and if it's suspicious, do a checked install, and have programs setup to watch how it runs. With 30 minutes of work you can generally tell if it's safe or not.

    1. Re:So you've done your own audit then, yes? by peg0cjs · · Score: 5, Insightful
      There's nothing about OSS that inherantly protects you. This is espically true since I'm guessing indeed you have NOT done the audit I described. Few people have the programming skills necessary to do so in a useful way and even fewer have the mountain of free time it takes.

      I love this argument. Of course the vast majority of people haven't pored over the source to find every detail. Similarly, few have opened their car engine's manual and pored over the specs to see if the Ford engineers got it right. But guess what, I can go to my mechanic and ask him: "What does this alternator thingy do?" and he can tell me. Not only that, but he can tell me how it does that. Not so with closed source.

      I sincerely doubt many people have even looked at the gcc source (I'm guessing under 1%). But you _CAN_ look at it. That says a lot, both about the people who wrote it and about the people who package it. Writing code that you know people will see is a lot different than writing code that will forever reside in some closet somewhere in the bowels of Redmond...uhh...Sydney.

      Do open-source bugs exist? Sure. Do open-source deliberate exploits exist? Unlikely. For one thing the exploit would have to be as you descibed, split over multiple calls & deliberately obfuscated to avoid casual detection. This level of complexity reduces the probability that such a thing exists and has avoided detection. It's not impossible, just unlikely. And that's good enough for me, cuz it's more than those closed source derivatives can say.

      --
      Karma: Excellent (Mainly due to Bill & Ted's Karma Adventure)
  12. Re:Sure there ain't no spyware... by B'Trey · · Score: 5, Insightful

    I'm assuming you're trolling but for those who may not recognize the fallacy in your comparison, I'll point it out.

    Kazaa says "Trust me. My software is clean. Please install it on your computer." I say "Ha! Prove that your software is clean and then maybe I'll think about installing it to my machine. If you're clean, yous shouldn't have anything to hide by showing me your source code." Kazaa says, "No, I don't won't to show you my source code." I say "Cool. You keep your source code secret and I'll keep it off my machine."

    Ashcroft says "We think you might be a terrorist. We want to come in and search through your hard drive for incriminating files." I say "I'm not a terrorist. I don't have to prove anything to you. You may not search my hard drive unless you have evidence and get a warrant." Ashcorft says "If you're not a terrorist, you have nothing to hide. The Unpatriotic Act III says I don't need a warrant. So when my secret agent takes his knee out of your back and lets you get up, please stay out of our way. You might be able to get your hard drive back in a year or two when we're done with it. Have a nice day!"

    Do you see just a tad bit of difference in those two scenarios?

    --

    "The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.