Posting Publicly Available URL Claimed a "Hack"

Urban Strata writes "Popular mobile phone community HowardForums.com is being hit with take-down notices from MobiTV. At issue is the fact that a HowardForums community member uncovered a publicly accessible URL for MobiTV's television stream. This URL is not encrypted or authenticated in any way, and yet MobiTV sent site owner Howard Chui a cease-and-desist letter for hosting a forum with the public URL, claiming that doing so is equivalent to hacking their service."

No just URL

Except it isn't just the URL they are complaining about.

Well, what did you expect?

[suso]

Is it a hack? Not really

Does it allow people to watch TV that they didn't pay for? Yes

Does it prevent Verizon and MobiTV from receiving revenue that they should from the streams? Yes

Is it wrong? Yes

Does MobiTV and Verizon have the right to send a cease and desist letter? Sure

See folks, whether its a hack or not doesn't change the fact that its just wrong. There are too many people freeloading nowadays. The Internet makes it so much easier to freeload. And its becoming a disease. When MobiTV fixes their stuff, I'm sure a bunch of people in these forums will yell and scream about it, but few of them will actually starting paying for the service that they started to enjoy. I do agree though that MobiTV should be ashamed of themselves for leaving their service wide open.

Re:Well, what did you expect?

[TheLostSamurai]

Is it stupid to make your stream available unencrypted from a publicly available URLYes

Re:Well, what did you expect?

[snl2587]

Is it wrong? Yes

No. There is nothing wrong with visiting a publicly available URL. No exceptions.

Re:Well, what did you expect?

[Perl-Pusher]

Is it against the law to print the address of a person and that person doesn't lock his garage? No

What makes you think this is any different? Immoral != Illegal.

Re:Well, what did you expect?

[KublaiKhan]

You're going to encounter a lot of resistance trying to convince people that freeloading in this fashion is "wrong". After all, everything else on the web that's publicly accessible is considered to be 'free'; if they've made this publicly accessible without even a username/password or SIM verification or whatnot, then they've made it equivalent to any other webpage out there.

Also, they're not -prevented- from receiving revenue. Those people who have subscribed and paid are still (unless they take the time to unsubscribe) subscribed and paying. They may not be receiving as much revenue per unit of usage, sure, but nothing has been done to -prevent- them from making money.

Re:Well, what did you expect?

[Harin_Teb]

likewise: Illegal != wrong.

The OP merely said that it was wrong, he did not say that it was illegal. Wrong is clearly a statement of whether something violates ones morals (in this context).

Just sayin...

Re:Well, what did you expect?

[dwlovell]

Is it wrong to walk into a public building? No

Is it wrong to walk into a gym where you dont have a membership and start exercising just because they dont bother to check ID's at the door? Yes

This is the same thing. It is not wrong to visit a URL. It is wrong to use a pay-service that you are not paying for.

Lets try to get this into your head: You are not entitled to everything you have "access" to. If you continue to live with this mentality, DRM will be shoved at you for every kind of content imaginable.

Re:Well, what did you expect?

Knowing nothing about the service, if someone emailed me a public url, how would I possibly know that I was "stealing"?? I mean certainly if you were selling a service, you wouldn't be dumb enough to just make it available without some sort of protection, right?

Re:Well, what did you expect?

[AK+Marc]

More like: Is it wrong to walk into a library without a library card?

Re:Well, what did you expect?

[Eharley]

well they're within their rights in asking you to stop.

Re:Well, what did you expect?

[spun]

What about a publicly available URL for child porn? What about a URL to make donations to a terrorist organization? What about a URL where, every time you go there, it sets off an automated script that pulls the trigger on a shotgun and shoots an adorable kitten in the face?

Visiting a public URL in itself is never wrong. What you do there may or may not be. We aren't talking about just 'visiting a public URL.' We are talking about taking a service you don't pay for.

Re:Well, what did you expect?

[natoochtoniket]

Is it a hack? No. It's an url.

Does it allow people to watch TV that they didn't pay for? Yes. The TV is offered for free. People who accept the offer can watch it for free.

Does it prevent Verizon and MobiTV from receiving revenue that they should from the streams? No. Verizon and MobiTV could just withdraw the free offer, and implement a different access-controlled method for the same video.

Is it wrong? No. Someone offers free goods. You accept the offer. You have not done anything wrong.

Does MobiTV and Verizon have the right to send a cease and desist letter? Yes. Anyone can write a letter. It means nothing.

Were MobiTV and Verizon stupid to offer this data online for free? Maybe -- It could have been done intentionally. Lots of people put video online, for free.

Were MobiTV and Verizon stupid to continue offering this data online for free, after they decided that they didn't want to? Yes.

Re:Well, what did you expect?

[Hillgiant]

How am I to know that membership is required if they do not ID? If I walk into a Gym and no one IDs me, I think "hey, cool. public gym. didn't know they still existed". If I stumble across a link to a TV stream, I think "hey, cool. free video. I wish they had stripped the ads." I feel it is unreasonable to expect the end user to determine if he or she should be paying for a service. If the service is pay only, it should have some method of access control. A lack of access control implies free (as in beer).

Re:Well, what did you expect?

[Shagg]

Your house is private property, which is why people are not allowed to enter. It has nothing to do with whether the door is locked or not.

This situation is similar to putting up a big sign in your yard that is visible from public property, and then complaining about people who look at it. If you want it to be private, then don't make it visible from public property. Same thing with a URL. If you want the content to be private, then don't make the link publicly accessible. If you do make it public, you can't complain when people look.

Re:Well, what did you expect?

[kisrael]

Oy, metaphor straining!

Is it more like walking into a library w/o a card and browsing the stacks and reading in the library, or like talking a book home?

You can't use your metaphor without answering which, and the answer explaining which is the more correct metaphor is probably more work that arguing the case itself.

That said this "everything that's not nailed down is ok for me to walk off with" mentality probably IS keeping the DRM race ratcheted up.

Re:Well, what did you expect?

[sm62704]

We aren't talking about just 'visiting a public URL.' We are talking about taking a service you don't pay for.

You're talking about leaving a cardboard box full of merchandise in a public park with a signs saying "take one, leave a dollar" and a cease and desist to a person who posts a sign saying "hey there's stuff in the park".

In short, we're talking about incredible stupidity.

Re:Well, what did you expect?

[KublaiKhan]

Browsing the stacks, in this case.

You're not preventing anyone else from browsing or checking out the books, and at worst you're taking up a little bit of space in the hall. The resources that you've accessed are still there for all the other patrons.

Re:Well, what did you expect?

[knight24k]

No, It is not the same thing and there is nothing wrong with entering said gym and exercising without paying for it if the employees ALLOW you to do so. That is the equivalent here. They are allowing this access not the site owner exposing their non-existent security. They are allowing anyone that attempts to access this url open and free access with no restrictions. There is no DRM, there is no logon requirement, nothing. This is the same as putting the wares for your store in the middle of the street and then complaining when people take them without paying.

They can ask him to take down the url all they like, but If I was the site owner I would tell them to go fsck themselves and go secure their site. IF this was a hack of their security that was being exploited, that would be another matter but it is not. Advertising that their IT staff are idiots is not wrong and as long as they do nothing to prevent access to this URL by unpaid customers they are tacitly allowing such access.

Re:Well, what did you expect?

[goldspider]

"I feel it is unreasonable to expect the end user to determine if he or she should be paying for a service."

It takes an unhealthy dose of willful ignorance to fail to make that determination on your own.

And yet you're puzzled by why digital content producers try so hard to prevent their works from being 'mistakenly' acquired by people who (according to you) can't determine if they are entitled to said works for free.

Re:Well, what did you expect?

[Stradivarius]

Wrong analogy. It's more like printing the address of an office where a company is giving away free samples. By creating a web service that is available at the given address to anyone who asks, that is exactly what MobiTV has done.

It's ridiculous for them to then complain that someone dared advertise what the company itself was doing. If they don't want people to take the product for free, stop giving it away.

Re:Well, what did you expect?

[StarvingSE]

These meatspace metaphors just don't work when it comes to technology. It is wrong to walk into a library and take anything that's not nailed down. This is also preventing other library users from using those same resources. In this case, accessing the stream is not preventing paying customers from using the service. Therefore, the metaphor does not work.

Re:Well, what did you expect?

[devnullkac]

Yes, but public buildings and private gyms have clear demarcations as to what is public and what is not. If the gym has a dozen rooms and the first one I happen upon has no lock, no ID check, and no sign stating the requirement that you be a member, I cannot know to stay out; it could be demo equipment put there to entice me to become a member.

Similarly, if a URL doesn't have an authentication lock and doesn't say you must be a paying member to access, how can I distinguish pay content from a free giveaway?

Re:Well, what did you expect?

[Blkdeath]

Yes, but public buildings and private gyms have clear demarcations as to what is public and what is not. If the gym has a dozen rooms and the first one I happen upon has no lock, no ID check, and no sign stating the requirement that you be a member, I cannot know to stay out; it could be demo equipment put there to entice me to become a member.

Are you for real?

It has never been legally permissible to enter a building without the owners consent. There is no such thing as a "public building" - buildings are private property owned by individuals, companies or the government that in some cases deal with the public. You are not allowed to simply enter a building and start using the facilities provided.

This is just another example of the freeloading culture on the Internet and on Slashdot in particular. You are not entitled to everything the world has to offer. This television service made a mistake but they are well within their rights here and hopefully will learn a lesson and fix the hole. But what happens if another hole is discovered? At what point do we declare intent to be malicious rather than "weak security"?

Re:Well, what did you expect?

[Brian+Gordon]

How is it wrong to just visit a completely public URL? If they're losing money it's their fault; you can't just say that verizon losing money is wrong. How is that wrong? We're gaining value. Nothing has been destroyed here. This situation is purely verizon's affiliate being lazy and insecure, and you're just stupid for thinking it's wrong to take advantage of that.

Also, this reminds me of this story where reuters was accused of hacking for posting a publically-available but secret URL. Everyone thought it was a complete joke and reuters lined up its battalion of lawyers and pumped the plaintiff full of hot lead. How is this any different?

Re:Well, what did you expect?

[gnick]

If I walk into a Gym and no one IDs me, I think "hey, cool. public gym. didn't know they still existed". I've got to call BS on that one. You may think, "Hey - They failed to put up a members only sign or check ID. I can work out and, if they stop me, pretend that this is my first day in the modern world and didn't know that they expect payment." But you'd have to be really disconnected from society if you honestly thought that you just found a free gym...

Now, if you click a link to a site that was showing video and stuck around to see what they had, pleading ignorance may be a little more realistic. But, once you learn that you're only able to watch that video due to a huge oversight by the site owner, I'd say the gym analogy is apt.

Re:Well, what did you expect?

[VWJedi]

If you left your front door unlocked, would that entitle me to go inside, watch your TV, and raid the fridge? I think we'd all agree that in that case, a lack of access control does not imply free (as in the beer I found in your fridge).

The key question is "Did the user know he was not entitled to use this service?" Also, "Would an average person with no prior knowledge of the service assume that it is 'open to the public'?"

Re:Well, what did you expect?

[stimpy77]

It takes an unhealthy dose of paranoia to click randomly on a link in a forum and think you're not supposed to be there, when there are no authentication checks along the way.

Re:Well, what did you expect?

[astrotek]

More like: is it wrong to walk into a building open to the public but secretly requires membership and gives you no warning that they assume you are trespassing.

Re:Well, what did you expect?

[ehrichweiss]

They're also just asking for the Streisand Effect to bite them in the ass, especially with their lack of security. It would have been better to simply fix the security issues and watch the freeloaders drop off like flies. Instead they chose the route that will actually cost them the most since everyone is now well aware of it so the bandwidth will go up, they will still have to put up security AND they get bad publicity. Sounds like sticking up for their "rights" worked out well.

Re:Well, what did you expect?

[ehrichweiss]

"But you'd have to be really disconnected from society if you honestly thought that you just found a free gym."

So that gym I go to every Saturday to take martial arts has been charging all these years? Seriously, I go to a free gym every Saturday to train; the name is the Black and Williams Neighborhood Center just in case you think I'm bullshitting. These aren't unheard of in most civilized countries so one has to wonder who is really disconnected from society as per your statement above.

Re:Well, what did you expect?

[mea37]

Oh, great.

Now you've opened up the line for yet another debate on the true meaning of "steal".

A lot of people don't accept that the legally-assigned right to profit from (propagation of) information (1) is a distinct thing from the information itself, and (2) can be and is destroyed / taken from the right-holder when unauthorized propagation of the information occurs.

I don't agree, and for that reason I don't have a big problem with the shorthand of calling it theft in casual contexts even though the analogy is imperfect.

Or rather, I wouldn't have a problem about it, except the reality today is it pushes the debate away from the issues as people wrangle about the semantics.

Re:Well, what did you expect?

[civilizedINTENSITY]

I'd suggest that your analogy could be extended thus:

A private, authenticated access system would be like having a dog show in a private venue. An open, public URL is like taking your dogs for a walk in Balboa Park. Everyone has the right to go there, and no one can stop you from looking at the other people and stuff there, too.

Re:Well, what did you expect?

[knight24k]

Exactly how is it taking advantage when a corporation places in the public domain a resource without any security whatsoever. This is no different then charging admission to an art show then leaving the windows open to the street and then complaining that a newspaper publishes the fact that all the art can be seen from the street through the window. Is it then immoral to stand outside and look at the art?

A url is no different than placing something in the middle of the public square for all to see. This was akin to placing their wares in a back alley, because not many people go there but that is still out in public. If you want to restrict access to something on the internet SECURE IT! Anything that is not restricted is in the public domain by definition. You could probably access this site completely by accident as a result of a search and you would know it is supposed to be pay only how? They have only themselves to blame that this url is not secured.

Re:Well, what did you expect?

[brassman]

I had a little trouble getting Apache BasicAuth to work on a new page last night. (Hey, it was late, I was tired....) Did I say to myself "Eh, nobody will hit this overnight, so I'll just come back and fix it in the morning"?

No. I stayed up and fixed it. There'd be no one to blame but myself if I hadn't.

Re:Well, what did you expect?

[Like2Byte]

If you left your front door unlocked,...

And therein lies the fault of your reasoning. THERE IS NO DOOR!

The Net is open. Period. If an engineer makes the decision (or in this case a business decision) to not put up a gate with a guard then MobiTV can expect anyone to enter.

Let's step back from the "home invasion" mentality. This is a business. Most businesses allow people to enter without ID. Take a SAMS Club or COSTCO, for instance, though. The doors are open but you need a membership to buy merchandise. You can look around for free, though. And guess what? They kick *everyone* out after business hours. So, you could spend all day in the store if you wanted to; but, you'd be asked to leave at closing.

You wouldn't be allowed to buy something until you were a member; so, you could watch TV all day in the store and no one would care. Eventually, someone would probably ask you to leave and you'd have to go. Bottom line is just get a membership before you try to buy that 50" LCD.

COSTCO and SAMS Club could tell people, "No ID? Get a membership before you come back." and they'd be justified to enforce that rule to perform their business this way if it was their choice.

With MobiTV - same thing. MobiTV needs to validate their users before serving media. They control the access and they are responsible for minimizing access to paying members only to protect their share-holders.

Also, this is not a "hack". This is a copy paste job at best. Sure, the guy might know how to use Ethereal and an application (or hardware(doubtful)) to capture the data packets from a phone - that only puts him in the power-user category. Hacking security requires a lot more understanding of how MobiTV safeguards their data and maybe a method to bypass their security.
  But, none of that is being performed here - this guy simply stumbled across a URL that serves Streaming Video.

So, once again, someone's making a mountain out of a mole-hill. Plug your leak and move on.

Re:Well, what did you expect?

[knight24k]

Exactly how am I trespassing, standing on a public street looking into the exhibit that they failed to block?

Sorry, public urls are..well...public. If they do not want people accessing them they restrict them by placing login requirements. Similarly the zoo makes sure the exhibit is not viewable from the street and forces patrons to go through the entrance and pay the admission to view the exhibit.

Re:Well, what did you expect?

[router]

You are the CEO of a multinational corporation. You manage the company into the ground. You are fired, but the golden handshake provision of your contract entitles you to 150M$. Money you didn't, in the strictest sense of the word, earn. Are you stealing?

Look, if I leave a sofa on the curb in San Francisco, and don't look like I am moving, it will disafsckingppear in less than an hour. The internet is no different; you make a stream avail without any protection, I tap into the stream, you don't want me to, you block it. You don't block, you are ok with it. Like leaving the sofa out, implied consent to access unprotected content/stuff.

Your argument essentially distills into having a house with glass walls in the middle of a crowded city and then complaining when people look in. Don't want observers, don't use glass walls.

andy

Re:Well, what did you expect?

[suso]

Enough with the stupid analogies. The only analogy that really works is this example itself:

• Some person finds out that MobiTV doesn't properly protect its content and posts instructions for the whole internet to see how to exploit it to get free TV. Its clear from his post that he wants to help people watch TV without paying.
  
• A bunch of people reply back to his post saying thank you for helping them watch Live TV on their phones without paying for it.
  
• MobiTV sends cease-and-desist letter to try to remove the information from the forums that tells people how to exploit their service.
  
• Further into the future - MobiTV fixes their problem and then all the people who were stealing TV service get mad about it and look for some other place that doesn't lock down their TV service properly.
  

All the analogies in the world will not change the fact that you are aware that you are getting something that you shouldn't be. Nuff said. End of story. Goodbye.

Re:Well, what did you expect?

[mea37]

Ah, the parade of false analogies is here.

"You are the CEO of a multinational corporation. You manage the company into the ground. You are fired, but the golden handshake provision of your contract entitles you to 150M$. Money you didn't, in the strictest sense of the word, earn. Are you stealing?"

The CEO indeed did not steal, but the reason isn't that the company from whom he takes the money left it unprotected; it's that they gave explicit consent that in those circumstances, he would be allowed to take that money.

By contrast, putting content on a URL you don't publish is not accepted (by society in general -- outside of technical circles -- nor by the law) as giving explicit concent for everyone to access that content. It probably should be, but it isn't.

A better analogy would be, a company has poor security policies and the account numbers for their corporate holdings fall into every employee's inbox. If employees make withdrawels, are they stealing? Yes they are.

"Look, if I leave a sofa on the curb in San Francisco, and don't look like I am moving, it will disafsckingppear in less than an hour. The internet is no different; you make a stream avail without any protection, I tap into the stream, you don't want me to, you block it. You don't block, you are ok with it. Like leaving the sofa out, implied consent to access unprotected content/stuff."

Neither restating how you'd like the social norms to be, nor citing other situations where the social norms are how you think the should be, has any connection to the discussion at hand.

Leave your car unlocked in parts of St. Louis, someobody will take your car stereo. The argument has the same logical structure as yours, yet it doesn't lead to the conclusion that taking car stereos from unlocked cars is ok. Abstraction and analogy is fine, but when you abstract away differences that matter, it's just sophistry.

Re:Well, what did you expect?

[Moofie]

"By contrast, putting content on a URL you don't publish..."

If the URL resolves, it has been published by the host. It's a trivial matter to make that URL not work except from an internal referrer.

Re:Well, what did you expect?

[CopaceticOpus]

When I open a URL, there is a transaction between my computer and the host. Very roughly, it's like this:

Me: Hey, I have this URL. Can I get any content from it?
Them: Sure, here's a video for you!

So, the gym analogy would be more like this:

Me: Hey, I saw this gym here. Can I work out?
Them: Sure, come on in!

If they don't want me to come in, they just have to say no. If MobiTv couldn't be bothered to say no or check IDs at the door, they have effectively allowed me in.

Re:Well, what did you expect?

[KlomDark]

I run my access point completely unsecured. I don't find it rude at all when people use it.

How do you know if your neighbor minds? Hell, I could be your neighbor.

If I put an old computer on the curb, it's free for the taking. It would be quite stupid to assume otherwise. And the law says your trash is public property once it's set out on the curb.

I see your argument running out of propellant.

Re:Well, what did you expect?

But posting the location of the sofa on the internet is not theft and doubtfully illegal.

Re:Well, what did you expect?

[Casualposter]

TV delivered to your phone costs money if you use service X. You can watch TV for free with a TV. This isn't stealing anymore than taping a show on ABC is stealing. MobilTV wants to add a charge to free TV to cover the convenience of having it delivered to your phone. They do so in such a way that everyone can use the service without much trouble.

Incredibly stupid business decisions should not be protected with a C&D to remove an entire forum thread. Free societies have already established that telling someone how to do something illegal is NOT the same as doing it. I can teach you how to circumvent security and not break any laws. If you use that knowledge to rob a bank, the crime is robbery and you will go to jail. I'm not going to be culpable for merely providing you with information on how security systems work. If people post about taking something that is a paid for service, then that is evidence of a crime, but the forum thread is protected speech.

Stealing is ingrained into our species. We steal when we can get away with it and always have. People steal on an individual level and on a group level. You are deluded if you think that theft will ever vanish from our species-it has provided an advantage to us for far too long. (Nations invade and conquer, thus stealing the land and resources of their neighbor; American settlers in the late 1800's "squatted" on public land and converted it into private holdings in violation of the law; Corporations regularly violate the law for economic or political gain as Enron and AT&T are both examples as is Microsoft.) These behaviors are neither unique to our times nor represent some sort of "moral decay" in human society. Nor do I suspect will such behaviors have any impact upon how our species will respond to any looming crises: We will do what we always do: fight, kill, steal, and generally survive. Those that are unwilling to do what ever it takes to survive a massive crisis will die. Same shit different century.

Re:Well, what did you expect?

The people on that forum know that they are getting something for free that they shouldn't be. That's called stealing.

No, it is most definitely not stealing, because there really is no way to know if they "shouldn't be" getting the content.

If my cable company forgets to encrypt all their channels and I can view some that I do not pay for, then I'm not stealing, because there is absolutely no way to know if I am "authorized". Likewise, with a public URL and no encryption, there is no way to know who is "authorized".

Using the required-by-/. car analogy, if you purchased a new car and find that is has some feature that you never requested but you did not pay extra for that feature, are you stealing? You can't know, because it could be free with whatever other options you paid for. Since people viewing the MobiTV stream have paid for their Internet connection, maybe that's a free bonus. This isn't as far-fetched as it sounds, as I just found out that ESPN360 (live streaming TV) is free to me as a Verizon FIOS subscriber. Before that, I thought it was a "for pay" ESPN product, and just assumed there was some sort of free promotion going on.

Re:Well, what did you expect?

[mr_mischief]

A website isn't a private home. Your analogy is a complete failure. It's more like saying that my big-screen TV on my front porch can't be watched by anyone. Nobody set up a proxy into a private network nor did they give away a password. TFA doesn't talk about poor encryption or an obvious password. I didn't even notice anywhere it said that the site streaming the video had a proprietary content advisory. If something is made publicly accessible and not advertised, it's still publicly available.

Re:Well, what did you expect?

[Vancorps]

Actually it sounds like you think there is an inherent difference. A URL even if it is just an IP address resolves to an owner just like a domain name would. Ping -a and whois the result. If the endpoint blocks reverse lookup then you just go to the last point which didn't and recover from there. It's quite easy. There are even products which automate all this for you.

Re:Well, what did you expect?

[WNight]

Sure. And the webserver is your property. And your property sent me a copy of your webpage.

You really don't get the point of a public URL. It's like a phone number. There's no law against calling a phone number, even if the answering machine is playing copyright songs.

Re:Well, what did you expect?

[smellotron]

A better analogy would be, a company has poor security policies and the account numbers for their corporate holdings fall into every employee's inbox. If employees make withdrawels, are they stealing? Yes they are.

Leave your car unlocked in parts of St. Louis, someobody will take your car stereo.

Both of these analogies involve physical theft. If I take your radio, or if I withdraw money from your account, you no longer have that item/money. While bandwidth is not free, using the WWW the way it was intended by downloading the content available at a publicly-accessible URL is not in the same ballpark. Morally, if those people knew the URL was intended to be private, they are guilty of freeloading, but it's certainly not equatable to theft.

Wow...

[neowolf]

I thought companies realized that "Security by Obscurity" doesn't work many years ago. What a bunch of idiots.

Shame shame

[downix]

if I leave my car doors unlocked, keys in the ignition, and a big sign saying "take me for a joyride" I can complain if someone does, infact, take my car, but the police will laugh at me in all likelihood when I report it.

Other things MobiTV is doing.

[AltGrendel]

• Standing outside the HowardForums main offices and throwing rocks.

• Sticking out their tongues and saying "Nya, nya, nya".

• Calling their mother and complaining.

Seriously, this is probably something to draw attention to a service that few people knew about. Any publicity is good publicity, after all.

Freeloading

[Khyber]

"There are too many people freeloading nowadays. The internet makes it so much easier to freeload"

Jee, I wonder if you'd apply the same concept to OTA radio and Local TV with regards to magnetic recording media back in the 80s and 90s.

The fact of the matter is that they're claiming it is a hack, when it's their own stupidity and ignorance that allowed this to happen. Calling this a hack is just an attempt upon the person's character. People will begin to think the person that stumbled across this is a hacker, then they'll get that reputation, which in turn tarnishes the reputation of the non-hacker. It's character assassination and MobiTV should be nailed to the fucking wall while someone calls for their waaaaaahmbulance.

This comment worth 5 dollars.

[Joe+the+Lesser]

Hey, you should have paid 5 dollars to view this comment. Please cease and desist, because you are stealing my revenue.

This is totally wrong

[Rik+Sweeney]

It's MobiTV's fault for leaving their service wide open, just like it's London Zoo's fault for letting people be able to see the giraffes from Regents Park.

What London Zoo should do is force people who walk through Regents Park to stare at the ground* so that they can't see the giraffes and thus have to pay to go and see them.

*Yes I know, 95% of London already stare at the ground whilst walking along the road.

Security through obscurity

[Trivial_Zeros]

This is a classic example of a site trying to be "secure" through obscurity. The correct response would not be issuing a take down notice, thus publicizing the issue. An intelligent response would be to move the service to a secure site that required credentials.

What exactly is MobiTV trying to claim is their IP? The URL? I didn't think such short addresses were copyrightable. I don't think they realize how the internet works. If I type in a URL in a browser, I'm sending a request for data back. It's up to mobitv what to return. If they don't want us to have access to the data, don't return it. Simple.

Re:what about google?

[Bryansix]

Ya, I hate Experts-Exchange and I can't understand why people pay for their stupid service but I love the google glitch. I get all kinds of great answers that way. I just wish these people would post these questions on a public forum in the first place.

Re:what about google?

[aleph42]

Well, the fact is, "experts" get some kind of reward for posting there (I don't think they get money, but it happens on some other sites).

I would not go as far as saying that their buisness model is flawed; rather, I'm saying that you can in good faith come across that site without paying (as I did the first time).
Some sites serve obviously illegal content, other offer something which is to good to be legal (full recent games download, etc), but when it's just a video strem of a TV show, or an answer about some bash command question, you can't just blame the user saying he should have "guessed" it was illegal.

And the same applies to the "dumb" bots of google.

Preventing receiving revenue ? wrong

[dpbsmith]

Pssst! Listen up! I've just discovered that an address where you can access intellectual property for free! The address is 700 Boylston St., Boston MA 02116. You know what? Between 9 a.m. and 5 p.m. every day they leave the door unlocked! That's right! You can walk right in!

And you know what you'll find? Millions and millions of books, including current bestsellers like Stephen King's Duma Key. Yep, you can just take it right off the shelf, sit down, and read it right there. Instead of paying $17 to $28 dollars, you can read it for free!

In fact, with a Massachusetts driver's license and a little sweet-talk it's not at all hard to do social engineering on the guy at the security desk and talk him into giving you an access card that will let you take that book right through security, right out of the building! For three weeks or more.

Is it a hack? Not really.

Does it allow people to read books that they didn't pay for? Yes

Does it prevent Scribners from receiving revenue that it would otherwise have received? Yes.

Is it wrong? No.

Re:Preventing receiving revenue ? wrong

[dpbsmith]

OK, let me spell it out for you. Taxes pay for the library to buy _one_ copy of the book. _Twenty_ people read that copy, but the publisher only gets paid _once_. That's not wrong, that's the way the established laws regarding books and libraries and copyrights and "right of first sale" play out.

How are books any different from recordings or video streams or what have you? The simple answer is, they aren't. The only difference is that the shock and impact of book technology occurred centuries ago, and the law and societal bargains about books were all hashed out and codified long ago.

Every time someone invents new media, the publishers of that media initially believe that this time they can strike a completely one-sided bargain. They're always wrong, and eventually they realize that their profits don't actually depend on it.

It's hard to believe it now, but theatrical showings of motion pictures are priced based on attendance, and, originally, the movie studios objected to home VCR showings even of prerecorded tapes, because, they said, "we have no way of knowing how many people are in the room." They would have liked to enforce a business model in which four viewers meant four rental payments.

tollbooth

[Joe+The+Dragon]

Hear is one you drive up to open tollbooth and there is no one to take your toll and the lane had it's green light on?

The "Free" disease

[suso]

From reading the responses to my own post, I can clearly see that we have a major problem in society today. The ability to casually get stuff that isn't yours and get away with on such a wide scale has severely eroded people's morality. At some point the cycle of money driving the ability of companies to give things away or be taken away will dry up. What will happen then?

The semantics in this are critical

[geekoid]

bacause they are used to convince law makers and the general public to pass draconian laws, and lock people up for unreasonable amounts of time.

It isn't steal, it's copyright infringement. There are two different terms for very good reasons. Copyright issues are very 'hot' right now so diluting and / or confusing the issue doesn't help.

Re:Cease! Desist! Grow Up!

[T-Bone-T]

There is a huge difference between this and logging into account. You have to have a url and some form of authentication to log in to an account and access the data. MobiTV has a url with readily available content but no authentication is required, thus there is no account to hack.

When you go to a url, one of two things happens:
1. The content is served regardless of who you are.
or
2. The server asks for some form of authentication and if the proper response is received, the server responds with the content.

It is hacking if you find a way to circumvent #2 but it is not hacking if #1 happens. When you go to the MobiTV urls, #2 is expected to happen but #1 is happening instead with no additional action on your part. There is nothing illegal about your actions when that happens, only stupidity on the part of MobiTV.