Slashdot Mirror
Sony's EULA Worse Than Its Rootkit?
jaaron writes "If you think the Sony rootkit is bad, check out the accompanying EULA! From the EFF's summary: 'If your house gets burgled, you have to delete all your music from your laptop when you get home. ... Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. ... Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling.'"
By now I really think it's gotten to the point that it's more unethical to give money to a company like this than to download their music without paying. I'm not anti-copyright in general, but the music industry is just so evil these days.
Disclaimer: I hate Sony. Hate them, hate them, HATE them!
That said, I was a little put off by the article and suspected it was a bit hyperbolic, designed to whip the masses into an unwarranted (unwarranteed?) frenzy.
But, a funny thing happened on my way to show this critique a bit harsh. I read the actual Sony EULA. Wow! I'll still say there is a little hyperbole in the /. article but, on whole, it's
true! Holy Shit Batman (probably get a DRM ding for that!).
It's time to take SONY to the woodshed. Don't purchase anything with any SONY signature (this may require a little research, SONY makes ccd's for lots of digital cameras).
I am saddened a little more each new DRM'ed day and more thankful each day I was alive early enough to amass a comfortable 1000-CD collection of music I can freely copy, rip, etc.
I hope only better days for the X, Y, and Z generations. God Bless all of you.
(Seriously, if there were some visible and concerted effort to boycott one of these leading vendors, maybe there would be some softening of this death march to control content (most consumers, contrary to popular belief, are willing (and DO) to pay for their media, don't abuse fair use priveleges, and are NOT criminals). I can't contribute much more against SONY since I swore them off from the MiniDisk debacle -- sold all of my SONY equipment, won't buy ANY SONY equipment -- my house is as SONY-free as I've been able to make it.)
I'm just not going to pay $15 for the right to listen to music in a fixed order in a certain CD player on the second Tuesday of each month between five and eight PM. The things Sony is demanding go against the concept of fair use...and I get the feeling that thi story could do just as much damage as the rootkit one did, if not more.
Goo goo g'joob.
If you think the rootkit caused a backlash, just wait.
Has anything been heard from employees of Sony's consumer products arm? By and large, they manufacture high-quality kit - they have high standards, and one assumes they can't be happy to see this coming from their music arm. Not to mention the fact that, AFAIK, Sony BMG is essentially a US company, steeped in copyright culture, whereas the consumer electronics arm remains largely Japanese and engineering-led.
do we know about the relative profitability of the two arms? Is this likely to bring forward the day when the two companies go their separate ways?
Yet another stupid requirement to the EULA is according to this article here: "You must delete your songs if you move out of the country or if you file for bankruptcy."
I realize this comment is now making /. violate the DMCA, so if they feel like deleting it for legal reasons, fine.
The CDs "protected" by this scheme are very easy to copy and have no "skip-gap" style protections that break normal cd-copy mechanisms and theoretically work "fine" on normal cd players (experience has shown otherwise).
cdrdao can read the cds just fine (I used it on the G3 Live in Tokyo release that just came out last week), and quickly identifies the data/file-system tracks from the main. rip with cdrdao, edit the toc file to remove the data tracks, and burn away. the resultant cdrom can load anywhere and is easily ripped into mp3s for your *legal* right to listen to music you purchase your way.
in fact, the most rediculous thing about their "protection" of the G3 cds is that for the 2-cd set, the second cd isn't even "protected" with that filesystem. protecting the 2nd disk relies directly on the root-kit hack that detects and analysis when sony cds are inserted, that SONY expects you would have installed by sticking the cd-1 in first.
"But remember, most lynch mobs aren't this nice." (H.Simpson)
-- Joe
EULA's are just things nobody reads or pays any attention to that basically say the company isn't responsible for anything but that hasn't stopped them from being sued in the past so who cares about it.
For now. In the not so distant future the DRM will basicly stop you from doing anything at all and when you complain "it's in the EULA and has been there for 10 years, our hardware is simply enforcing the agreement". Once they have the means to back up all the ludicrous terms, you won't be ignoring it and you won't be laughing.
Live today, because you never know what tomorrow brings
http://dewinter.com/modules.php?name=News&file=art icle&sid=215
The Sony uninstaller is an ActiveX object marked safe for scripting (which means any website can use it in their code)
Its got some wonderful entries which still leave holes in your system (like rebooting your computer, and a method called "ExecuteCode")
The guys has only just started work, but has an expliotable test together which will reboot your machine.
Look here for more info about Sony uninstallation fun.
liqbase
I, the undersigned, agree to the following terms of the use of TooMuchEspressoGuy's money (hereafter referred to as "my money") as it has been spent on Sony music products:
1) If Sony HQ, any factories, or any other property owned by employees of Sony gets burgled, you must give me back my money.
2) You cannot keep my money in your pocket at work, or in any bank or online service such as Paypal.
3) If you move out of the country, you must give me back my money.
4) You must install any and all software that I decide should be on the computers of any Sony employee, or else give me back my money.
5) I reserve the right to install any backdoors on said computers stipulated in (4) in order to enforce my rights as proper holder of my money.
6) I will never be liable to you for more than exactly $5.00 for damages to you or your property through the use of any of the rights granted to me in this EULA.
7) If you file for bankruptcy, you must give me back my money.
8) You have no right to transfer (i.e. spend) my money, even along with the original coins, dollar bills, etc.
9) You may not use my money for personal use, including but not limited to: origami; flipping coins; lighting expensive Cuban cigars; et al.
As soon as Sony agrees to this EULA, or gets rid of its own, I will begin buying Sony music again.
Many Bothans died to bring you this sig.
I haven't got the full text back from my lawyer, but in future all of my transactions with Sony will be accompanied by a "vendor user license agreement":
...
IMPORTANT-READ CAREFULLY: By accepting my (hereafter: "CONSUMER") purchase of your product, you (hereafter: "VENDOR") will need to review and agree to be bound by an vendor user license agreement or "VULA", the terms and conditions of which are set forth below.
As soon as you have agreed to be bound by the terms and conditions of the VULA, this transaction will automatically install a small proprietary software program (the "SOFTWARE") into YOUR BOOKKEEPING SYSTEM.
...
From time to time CONSUMER will use the SOFTWARE to enforce his statutory rights, including checking the validity of any data held on him and updating it as he deems fit and in accordance with relevant privacy and data protection laws.
...
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
Music Label: We grant ourselves the authority to do anything we want inside or outside your house, to you and your family, with or without notice, including but not limited to: erasing your wedding photos, replacing all your music with Milli Vanilli's Greatest hits, recording you singing in the shower, ruining your kid's christmas, getting you fired from your job, anally raping your poodle with a steel toothbrush, and force-feeding you your own dead grandmother's ashes. You hereby agree to hold Music Label harmless and you expressly waive all rights to damages, compensatory and punitive, arising from Music Label's actions.
Joe Consumer: What is a rootkit? Is it dangero---WHOA NEW ALBUM ADVERTISED AT ME! MUST BUY IT NOW!!! MUST BUY IT NOW!!!
My friend sent me this bash.org quote link.
/. didn't like the uppercase: "Lameness filter encountered. Post aborted! :(
I would had copy and pasted in here, but
Reason: Don't use so many caps. It's like YELLING." and I am lazy to lowercase them manually, and EULA is all CAPS.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
That IS part of fair use and thats why there is a problem. The EULA stating that you lose rights to the "digital content" means that if you don't have the physical CD, then you're not allowed to have the music it contained. The original authors statement is an extreme case, but his interpretation of the license agreement is correct.
You are wrong, if someone steals your CD you must delete the copy. If you read the statement you will notice it uses OR, not AND like you seem to think. The use of OR actually makes that one statement two seperate ones. The statement "In the event that you no longer possess or have the right under such license to use the original CD product." can be rewritten as two seperate statements, "In the event that you no longer possess the original CD product." and "In the event that you no longer have the right under such license to use the original CD product." If the CD is stolen you no longer possess the original CD product therefore that clause is triggered.
So you are allowed to make backups of your CD's for safety (traditional fair use),
but now if you ever actually need to use those backups because you sat on your original CD, Sony says you must destroy them too. Nice.
Get used to using the word "info-feudalism", for that is what the corporations are creating. Think about it: under feudalism, the lord owned the land, the serfs worked on the land, and the serfs were not allowed to move away if they didn't like the deal.
Under info-feudalism:
Large corporations bribe legislatures to expand "intellectual property" to include many, many things that used to be open to all;
Government spends your money on basic drug research, but drug companies patent the results;
Copyright gets extended again and again so that works no longer pass into the public domain after the creator dies;
Your DNA gets patented by someone else without your say-so; authors patent story lines (!), corporations apply for ridiculously broad patents in an attempt to control what others can and cannot invent;
Police arrest scientists who publish papers on flaws in Digital Rights Management schemes;
You buy a song or a movie but never really own it;
Fair Use quotations are legally doubtful;
Crooked churches sue their critics because their 'bibles' are copyrighted;
Governments tell lies such as "piracy helps the terrorists;
News media are corrupted by their connection to cash-cow entertainment conglomerates;
And it's not like any of them truly invented the ideas all by themselves; all of society indirectly helped; yet they rob all of society by seeking monopoly. Oh, I could go on and on.
See this demolition of the whole idea of "Intellectual Property":
http://deoxy.org/aip.htm
As far as i can tell, these are merely statements with no force of law.
I think they're mixing two things together
1. The DRM software on the CD
2. The audio tracks on the CD
There is no EULA that applies to the audio tracks on any CD. If I disagree with their EULA, all it means is that I disagree to use their software to manage my experience. Unless I'm way off base* my reading of the EULA doesn't suggest otherwise.
They use CAPITAL LETTERS to make sure we know that the license we're being 'granted' is to
1(a). "install one (1) copy of software"
1(b). "install one (1) copy of any approved media player(s) contained on this CD"
1(c). use the software and any approved media player(s)
*I know the collective genius of
[Fuck Beta]
o0t!
By now I really think it's gotten to the point that it's more unethical to give money to a company like this than to download their music without paying.
It is ironic but true that your computer is now safer to download pirate copys of entertainment than to buy the authentic thing. WTF was Sony/BMG thinking? Most of us are honest!!
Do keep in mind this tech can also be delivered on DVDs. Although I don't believe it has been done to the masses yet, there is no reason why it couldn't be on a DVD.
And I for one would have never thought to read the EULA verbose legal microprint to see if it would rootkit my PC. Fortunately I never put the BMG ones I have in my PC.
Which makes me think this industry just shot itself in the foot.
> ... flaws in Digital Rights Management schemes;
DRM stands for Digital Restriction Mechanism!
Rights are inherent. They don't need to be "managed".
If you disagree with me on social issues, then it's pretty clear that you are a narrow-minded bigot.
At least they don't say that you have to move out of the country if you delete the songs from your computer.
tone
tone
Actually, you distributed the NOT across the logical operations incorrectly. The original statement would've been ( !user.hasCD || !user.hasRightToMusic() ) to combine them, you would use DeMorgan's and come out with ( !(user.hasCD() && user.hasRightToMusic()) ) which says that unless you have the CD and have the right to the music, you must delete the digital copies. If someone steals the disc, they don't have the right to the music and would be in violation of the EULA if they made digital copies AND the original owner would have to delete their digital copies because they'd be in violation without the physical disc. This is probably exactly what Sony intended. If they caught you with digital copies and you don't have the original media, they could sue you for either pirating (you stole it) or violating the EULA (you were robbed and failed to delete).
I think the shocker for most people is waking up to find how much the playing field has been tilted in favor of the corporation against the individual. All the laws are on their side, Congress has played along with whatever draconian measures they want to dump on common people including pulling the FBI away from terror investigations to go after copyright violators, and instead of throwing out click-through EULA's the courts have tended to back them up. There is no inherent fairness in your relationship with service providers anymore, it's an uphill battle for equity. That's not limited to the entertainment industry, it's an issue here because Sony went far enough over the line. But this same unfairness is woven through all our service provider relationships.
I am doing something besides complaining. I'm working with the leader or our state house of representatives on a couple initiatives to even out the playing field a little. One is setting a higher standard for binding arbitration. The poster child I'm using for that one is car dealers trying to skirt consumer protection laws by legislating via contract, but that would also impact click-through EULA's. The other is making it more difficult to change the state venue of laws for products and services sold and delivered in this state. That got a surprisingly warm, almost enthusiastic, reception. My presentation line was asking why we were letting North Dakota dictate how we were going to do business. That provoked the legislative equivalent of a "Hell, yeah!" But there are legal issues associated with that one I didn't know about. It's not going to be as easy to change. The good news is I didn't get laughed at.
What surprises me is companies taking a hard line with their customers. That just seems like such a no-win proposition, even for a large, diverse company like Sony. You're looking at DVD players and like the Panasonic and Sony. What's going to make the difference? You think back on this incident and buy the Panasonic. You're making a choice between a Sony and Canon video camera, even though Sony makes the CCD's for many of the Canon models, you might go with the other brand. This small segment of that giant company taints everything they do. It can't be worth it.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
If you work for the DOD pleae read this.
I will be talking to the director of IT for the base and this is what I will be discussing. Sonys installation of a root kit on home or work computers poses a serios security violation to military and DOD property. This root kit can compromise computers that may contain sensitive government data. Also most people will not place the cd in TS rated computers but they may play the cds in home computers or non TS computers where sensitive derivative works may reside. Sony is indirectly installing software on dod computers that may constitute compromising DOD clasified and sensitive information. This may be a form of treason and subversion, and because of this we should exclude and prohibit the use of all Sony CD's in their work and personall computers.
I must agree with the poster that said he had amassed a 1,000+ CD library before copy protection and DRM started to come into play. While I don't have that many, I have quite a few. My wife and I just bought matching iPods yesterday (the 30 GB iPod Video unit), and I am currently going through this large library of CD's we OWN and am ripping them and uploading them to my iPod.
What does this mean for Sony and other music companies? Well, I can't speak for everyone out there, but my wife and I are being very selective about the CD's we buy. If there is any copy protection what so ever, we will not buy the CD. Since it is just the two of us, I doubt if it is going to hurt any of the record companies bottom line much, but at least we have made the conscious decision to not purchase DRM'd content.
I do feel for the younger generations that enjoy the new music. They are the ones that are going to have to fight the good fight with the record companies. My hat is off to you, and we will do what we can to help.
No matter where you go... there you are.
When you run the application that shows the EULA, it also runs the copy protection. If you accept the EULA the software is installed, otherwise it only remains running until you reboot.
Reboot and it will be gone.
Please mod this up. It doesn't install unless you say yes. I would never have implemented it if it worked the way the parent post describes.
--
ex sunncomm developer