Slashdot Mirror
Sony, Amazon Detail Rootkit CD Buybacks
An anonymous reader writes "Washingtonpost.com is reporting that Sony BMG today detailed a program that should allow customers who bought one of the 52 titles known to be tainted with the company's deeply flawed anti-piracy software to exchange them for CDs of the same title, sans rootkit of course. Oddly enough, Sony is offering those who want to return the CDs the chance to download MP3 versions of the discs, but only after Sony has received the returned discs. Amazon.com also is sending out e-mails to customers who bought the discs, offering to replace or refund them at no cost."
And how will we know Sony isn't trying something *ELSE* with their dissatisfied customers as guinea pigs?
I bet that the MP3's will be watermarked with the individual downloader's unique ID, so Sony/RIAA can later sue their customers...
That said, what bitrate, frequency and codec is used for the MP3s?
Regards,
--
*Art
A refund isn't enough - I hope to see some lawsuits go forward against Sony, as the very least to scare other companies from trying something like this.
I have owned Sony Walkmen, Playstation, Playstation 2, etc.
I have owned dozens of Sony CDs.
I have 6 Sony audio components.
I will NEVER buy another Sony product ever again, and I urge ALL of you to do the same.
If you "get" pointers add me as a friend (116)!
http://img169.imageshack.us/full.php?image=helloki tty6na.jpg
Nice of Amazon to do this, since it wasn't really their rootkit (or maybe they're thinking about potential liability, doesn't really matter).
It'd be great if Amazon and other big vendors refused to carry discs with this sort of horrible DRM. That'd probably get the music company's attention a little better than a few geeks organizing a boycott.
Why does Sony not simply provide an update for their rootkit? Improved security, expanded DRM, and distinguished keylogging, get it all now with Sony's rootkit 2.0. New and improved.
Always at your service
sincerely yours, Sony.
Windows is like decaf - it tastes like the real thing, but it won't get you through the day.
Sony seems to be in PR-damage control mode but they could care less about the customers. Sony *still* has failed to release any sort of uninstaller that truly cleans up the affected systems. Great move, there.
/dev/random
Step 1: Buy DRMed CD off a friend cheap.
Step 2: Return to Sony.
Step 3: Download free MP3s.
Step 4: ???
Step 5: PROFIT!
Let customers download the MP3s via a server side script which quietly puts their customer number for tracking and a hash for non-repudiation into the ID3 tags, which'll survive most transcoding. Then if it appears on a P2P network (not likely, unless it's not already there), they'll know who did it.
Recalling the CD's is merely a slap on the wrist. It doesn't cost Sony as nearly as much money as a lawsuit, costs Amazon money, and it does not repair the damage to numerous artists names by this rootkit.
If Sony actually would own up to their stupid mistake, the artists wouldn't be impacted so much. Look at Van Dant's CD on Amazon. 1.5 stars, 300 reviews, most mentioning the rootkit. Do you think that he'll fare so well in the future.
I have lost faith in Sony. Propietary formats and other things were a little odd, but I accepted them. But rootkits, a patent for games that only play on the console they were originally put in...seems like a ridiculous infringement on user rights.
Rather than losing money to pirates, people will turn to better solutions and Sony will be the loser.
It'd be easy to tell probably. If the disc lacks a data sector, you can be sure there isn't one. CDs have different kinds of sectors for audio and data. So if it's all audio, there's no possibility of malicious software since there's no software.
Dodged a bullet there. I thought they would be popular titles people would auctually buy. I sure feel sorry for those couple hundred people that have the rootkit on their system from buying the CD.
Click Click Bloody Click PANCAKES!
6. Bette Midler - Sings the Peggy Lee Songbook
Who in their right mind would subject themselves to such torture. And, what's more, someone paid for the privlege.
No no no! They got it all wrong. They should do what my friend's landlord did when he kept complaining that the dishwasher didn't work: They came, turned it on, and when it made noise, they said, "It works fine." And of course, it didn't: First, it smelled disgusting in there, like there was rotten food inside the machine. Second, just because it sprayed (dirty smelling) water doesn't mean it "works fine." Third, if you put a dish in there that was clean to begin with, it came out dirty. And I believe that such a dishwasher makes a perfect analogy for compact discs that contain defective software.
So what Sony should do is this: They should publicly offer customers who bought one of the flawed CDs to exchange them for identical ones! As if we're talking about workmanship in the production of the compact disc proper and not the contents. Hey, just act like you don't know a darn thing about technology when it comes to this type of thing! And when the customer complains that the replacement still contains the rootkit, just say, "It works fine."
Sony. Where do you want to go today? (Hell, they almost make Microsoft look good in comparison. Almost.)
If you bought it from Amazon...
How many people bought them at WalMart, Best Buy, Circuit City, Warehouse, etc...? Are they able to get a refund?
... 2 weeks waiting for my replacement disc, and when I opened my "Suspicious Activity" CD again, I just didn't really feel like listening to it any more.
He who knows best knows how little he knows. - Thomas Jefferson
Son, if you're into Celine Dion and Bette Midler, your rights aren't the only things being violated.
The world's burning. Moped Jesus spotted on I50. Details at 11.
The article seems to indicate the offers cover CDs with First4Internet's XCP crap, but that's it. There's apparently similar ugliness with CDs using Sunncomm's MediaMaz copy protection (see http://www.freedom-to-tinker.com/?p=925) which is not covered. I guess that one hasn't gotten enough mainstream media coverage yet...
On the Sony site, they are talking about a secure updater which removes the rootkit:
If you obtain regular security updates from a major anti-virus service, you should receive an update through that process. You may also download the update yourself from http://cp.sonybmg.com/xcp/english/updates.html.
The update its talking about simply removes the rootkit, but does not remove the copy protection portion.
Therefore, I believe these disks will still be executable in format (besides, any with images/videos on will need the media player software as well...)
Just read the home page on the sony site, they still don't get it:
Going forward, we will continue to identify new ways to meet demands for flexibility in how you and other consumers listen to music.
We just want true cds without any bullshit, plain and simple.
liqbase
Well the Devil had a brand new plan,
"I don't want any ordinary DRM!"
So he called his boys at Sony Corp,
"I'll make this fast and I'll make it short."
"There's a Limey company, as evil as hell,
They've got a rootkit they're waiting to sell.
So grab some cash, make it quick,
There's a half million networks we just gotta fix."
Now Sony knew the Devil well,
Why these guys were already half way to Hell.
So off they went to England fair,
And bought themselves a rootkit there.
To protect themselves and their evil scheme,
They wrote a EULA that would make you scream.
"No problem," they said, "we can do as we please,
We're all scummy bastards, so what's some more sleaze?"
But not all were asleep when they played Van Zant,
And the racket grew so loud Sony just had to recant.
"We'll take back all those discs, we really were wrong,
Oh, and you Mac users, your turn's coming before long."
The world's burning. Moped Jesus spotted on I50. Details at 11.
There are 10 kinds of people in the world - those who understand binary and those who don't
The best part is that that sony will charge the recall costs against the artists royalties so sony won't be out a penny and the artists get ripped off.
Easy, just check that it has the logo "Compact Disc Digital Audio" . If they put that on anything that is not compliant to the Red Book standard - that is, not a pure audio CD - Philips can sue them for trademark infringement.
Circumcision is child abuse.
Even without the root kit, Sony is being obnoxious with the DRM shit. I got a copy of Chevelle's new album and couldn't even rip it into MP3 without installing some damn proprietary Sony software, and then it would only rip into locked down WMA format. The CD was so screwed up that an older car CD player of mine wouldn't play it, Linux wouldn't recognize it, Windows kept trying to autorun it, but wouldn't recognize the audio side of it. Mac was the only one that would, for some reason, play it just fine. I finally got pissed off and downloaded the whole album via P2P. It was more file sharing than I've done in the last year. Congratulations Sony, now you're going to insent the legitimate people into sharing the files! To me, a CD I can't get into MP3 is useless and defective. I only listen to music on my car stereo in MP3 format, or on my computer in MP3 format, or on my Zen in MP3 format. The original CDs get stored away for safe keeping. I only have two words for Sony... BITE ME!!!
My software never has bugs.
It just develops random features.
I'm curious about one aspect of having .mp3 replacements of the defective CDs that you've purchased. TFA says you have to physically return the CD to Sony in order to get access to a set of .mp3 files for that disc. So what becomes of your license? I mean, we've been making a big deal for days now about how your .mp3 files are only legal if you've got the original disc, as well. So, what, are they going to send you some kind of certificate that says you have a right to own these .mp3s? Or how could you possibly prove that your files were legal?
.mp3s with a particular customer. But then who has the proof that your files are yours? Sony? I'd feel a lot more comfortable with a new, DRM-less CD that I could rip to my computer, so I'd have proof that I own the CD.
.mp3s using bogus contact information. You UPS a disc to Sony with completely unverifiable and incorrect return information, they email your brand-new Hotmail account with the .mp3 download URL, you get the files on a public terminal, walk away, and never look back. You can share these .mp3s with anyone you want to, and Sony will never be able to identify you as the originator. Though all of that seems like more trouble than it's worth, since you could accomplish the same thing by getting a DRM-less copy of the CD, ripping it, and distributing it.
There's muttering here about digital watermarks or somesuch to uniquely identify each set of
On another note, the digital watermark doesn't seem like it would be effective. It wouldn't take a rocket scientist to send in a real copy of the CD and download the
Oddly enough, Sony is offering those who want to return the CDs the chance to download MP3 versions of the discs, but only after Sony has received the returned discs.
They probably want to determine what percentage of the people who were sufficiently outraged by XCP to go to the trouble of sending back the CD are interested in a MP3 version instead (and therefore the sort of people who would've probably tried circumventing said copy-protection in the first place) vs those who actually had genuine technical issues with it.
Good market research for them really.