Slashdot Mirror
Posting Publicly Available URL Claimed a "Hack"
Urban Strata writes "Popular mobile phone community HowardForums.com is being hit with take-down notices from MobiTV. At issue is the fact that a HowardForums community member uncovered a publicly accessible URL for MobiTV's television stream. This URL is not encrypted or authenticated in any way, and yet MobiTV sent site owner Howard Chui a cease-and-desist letter for hosting a forum with the public URL, claiming that doing so is equivalent to hacking their service."
Is it stupid to make your stream available unencrypted from a publicly available URLYes
I am Jack's complete lack of surprise.
"There are too many people freeloading nowadays. The internet makes it so much easier to freeload"
Jee, I wonder if you'd apply the same concept to OTA radio and Local TV with regards to magnetic recording media back in the 80s and 90s.
The fact of the matter is that they're claiming it is a hack, when it's their own stupidity and ignorance that allowed this to happen. Calling this a hack is just an attempt upon the person's character. People will begin to think the person that stumbled across this is a hacker, then they'll get that reputation, which in turn tarnishes the reputation of the non-hacker. It's character assassination and MobiTV should be nailed to the fucking wall while someone calls for their waaaaaahmbulance.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
No. There is nothing wrong with visiting a publicly available URL. No exceptions.
Is it against the law to print the address of a person and that person doesn't lock his garage? No
What makes you think this is any different? Immoral != Illegal.
Hey, you should have paid 5 dollars to view this comment. Please cease and desist, because you are stealing my revenue.
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
likewise: Illegal != wrong.
The OP merely said that it was wrong, he did not say that it was illegal. Wrong is clearly a statement of whether something violates ones morals (in this context).
Just sayin...
This is a classic example of a site trying to be "secure" through obscurity. The correct response would not be issuing a take down notice, thus publicizing the issue. An intelligent response would be to move the service to a secure site that required credentials.
What exactly is MobiTV trying to claim is their IP? The URL? I didn't think such short addresses were copyrightable. I don't think they realize how the internet works. If I type in a URL in a browser, I'm sending a request for data back. It's up to mobitv what to return. If they don't want us to have access to the data, don't return it. Simple.
Is it wrong to walk into a public building? No
Is it wrong to walk into a gym where you dont have a membership and start exercising just because they dont bother to check ID's at the door? Yes
This is the same thing. It is not wrong to visit a URL. It is wrong to use a pay-service that you are not paying for.
Lets try to get this into your head: You are not entitled to everything you have "access" to. If you continue to live with this mentality, DRM will be shoved at you for every kind of content imaginable.
More like: Is it wrong to walk into a library without a library card?
Learn to love Alaska
well they're within their rights in asking you to stop.
Is it a hack? No. It's an url.
Does it allow people to watch TV that they didn't pay for? Yes. The TV is offered for free. People who accept the offer can watch it for free.
Does it prevent Verizon and MobiTV from receiving revenue that they should from the streams? No. Verizon and MobiTV could just withdraw the free offer, and implement a different access-controlled method for the same video.
Is it wrong? No. Someone offers free goods. You accept the offer. You have not done anything wrong.
Does MobiTV and Verizon have the right to send a cease and desist letter? Yes. Anyone can write a letter. It means nothing.
Were MobiTV and Verizon stupid to offer this data online for free? Maybe -- It could have been done intentionally. Lots of people put video online, for free.
Were MobiTV and Verizon stupid to continue offering this data online for free, after they decided that they didn't want to? Yes.
How am I to know that membership is required if they do not ID? If I walk into a Gym and no one IDs me, I think "hey, cool. public gym. didn't know they still existed". If I stumble across a link to a TV stream, I think "hey, cool. free video. I wish they had stripped the ads." I feel it is unreasonable to expect the end user to determine if he or she should be paying for a service. If the service is pay only, it should have some method of access control. A lack of access control implies free (as in beer).
-
Your house is private property, which is why people are not allowed to enter. It has nothing to do with whether the door is locked or not.
This situation is similar to putting up a big sign in your yard that is visible from public property, and then complaining about people who look at it. If you want it to be private, then don't make it visible from public property. Same thing with a URL. If you want the content to be private, then don't make the link publicly accessible. If you do make it public, you can't complain when people look.
Unix is user friendly, it's just selective about who its friends are.
We aren't talking about just 'visiting a public URL.' We are talking about taking a service you don't pay for.
You're talking about leaving a cardboard box full of merchandise in a public park with a signs saying "take one, leave a dollar" and a cease and desist to a person who posts a sign saying "hey there's stuff in the park".
In short, we're talking about incredible stupidity.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Browsing the stacks, in this case.
You're not preventing anyone else from browsing or checking out the books, and at worst you're taking up a little bit of space in the hall. The resources that you've accessed are still there for all the other patrons.
In Xanadu did Kubla Khan
A stately pleasure dome decree
No, It is not the same thing and there is nothing wrong with entering said gym and exercising without paying for it if the employees ALLOW you to do so. That is the equivalent here. They are allowing this access not the site owner exposing their non-existent security. They are allowing anyone that attempts to access this url open and free access with no restrictions. There is no DRM, there is no logon requirement, nothing. This is the same as putting the wares for your store in the middle of the street and then complaining when people take them without paying.
They can ask him to take down the url all they like, but If I was the site owner I would tell them to go fsck themselves and go secure their site. IF this was a hack of their security that was being exploited, that would be another matter but it is not. Advertising that their IT staff are idiots is not wrong and as long as they do nothing to prevent access to this URL by unpaid customers they are tacitly allowing such access.
"I feel it is unreasonable to expect the end user to determine if he or she should be paying for a service."
It takes an unhealthy dose of willful ignorance to fail to make that determination on your own.
And yet you're puzzled by why digital content producers try so hard to prevent their works from being 'mistakenly' acquired by people who (according to you) can't determine if they are entitled to said works for free.
"Ask not what your country can do for you." --John F. Kennedy
These meatspace metaphors just don't work when it comes to technology. It is wrong to walk into a library and take anything that's not nailed down. This is also preventing other library users from using those same resources. In this case, accessing the stream is not preventing paying customers from using the service. Therefore, the metaphor does not work.
I got nothin'
Pssst! Listen up! I've just discovered that an address where you can access intellectual property for free! The address is 700 Boylston St., Boston MA 02116. You know what? Between 9 a.m. and 5 p.m. every day they leave the door unlocked! That's right! You can walk right in!
And you know what you'll find? Millions and millions of books, including current bestsellers like Stephen King's Duma Key. Yep, you can just take it right off the shelf, sit down, and read it right there. Instead of paying $17 to $28 dollars, you can read it for free!
In fact, with a Massachusetts driver's license and a little sweet-talk it's not at all hard to do social engineering on the guy at the security desk and talk him into giving you an access card that will let you take that book right through security, right out of the building! For three weeks or more.
Is it a hack? Not really.
Does it allow people to read books that they didn't pay for? Yes
Does it prevent Scribners from receiving revenue that it would otherwise have received? Yes.
Is it wrong? No.
"How to Do Nothing," kids activities, back in print!
How is it wrong to just visit a completely public URL? If they're losing money it's their fault; you can't just say that verizon losing money is wrong. How is that wrong? We're gaining value. Nothing has been destroyed here. This situation is purely verizon's affiliate being lazy and insecure, and you're just stupid for thinking it's wrong to take advantage of that.
Also, this reminds me of this story where reuters was accused of hacking for posting a publically-available but secret URL. Everyone thought it was a complete joke and reuters lined up its battalion of lawyers and pumped the plaintiff full of hot lead. How is this any different?
If you left your front door unlocked, would that entitle me to go inside, watch your TV, and raid the fridge? I think we'd all agree that in that case, a lack of access control does not imply free (as in the beer I found in your fridge).
The key question is "Did the user know he was not entitled to use this service?" Also, "Would an average person with no prior knowledge of the service assume that it is 'open to the public'?"
They're also just asking for the Streisand Effect to bite them in the ass, especially with their lack of security. It would have been better to simply fix the security issues and watch the freeloaders drop off like flies. Instead they chose the route that will actually cost them the most since everyone is now well aware of it so the bandwidth will go up, they will still have to put up security AND they get bad publicity. Sounds like sticking up for their "rights" worked out well.
0x09F911029D74E35BD84156C5635688C0
"But you'd have to be really disconnected from society if you honestly thought that you just found a free gym."
So that gym I go to every Saturday to take martial arts has been charging all these years? Seriously, I go to a free gym every Saturday to train; the name is the Black and Williams Neighborhood Center just in case you think I'm bullshitting. These aren't unheard of in most civilized countries so one has to wonder who is really disconnected from society as per your statement above.
0x09F911029D74E35BD84156C5635688C0
Oh, great.
Now you've opened up the line for yet another debate on the true meaning of "steal".
A lot of people don't accept that the legally-assigned right to profit from (propagation of) information (1) is a distinct thing from the information itself, and (2) can be and is destroyed / taken from the right-holder when unauthorized propagation of the information occurs.
I don't agree, and for that reason I don't have a big problem with the shorthand of calling it theft in casual contexts even though the analogy is imperfect.
Or rather, I wouldn't have a problem about it, except the reality today is it pushes the debate away from the issues as people wrangle about the semantics.
I'd suggest that your analogy could be extended thus:
A private, authenticated access system would be like having a dog show in a private venue. An open, public URL is like taking your dogs for a walk in Balboa Park. Everyone has the right to go there, and no one can stop you from looking at the other people and stuff there, too.
I had a little trouble getting Apache BasicAuth to work on a new page last night. (Hey, it was late, I was tired....) Did I say to myself "Eh, nobody will hit this overnight, so I'll just come back and fix it in the morning"?
No. I stayed up and fixed it. There'd be no one to blame but myself if I hadn't.
"Ain't no right way to do a wrong thing."
You are the CEO of a multinational corporation. You manage the company into the ground. You are fired, but the golden handshake provision of your contract entitles you to 150M$. Money you didn't, in the strictest sense of the word, earn. Are you stealing?
Look, if I leave a sofa on the curb in San Francisco, and don't look like I am moving, it will disafsckingppear in less than an hour. The internet is no different; you make a stream avail without any protection, I tap into the stream, you don't want me to, you block it. You don't block, you are ok with it. Like leaving the sofa out, implied consent to access unprotected content/stuff.
Your argument essentially distills into having a house with glass walls in the middle of a crowded city and then complaining when people look in. Don't want observers, don't use glass walls.
andy
A website isn't a private home. Your analogy is a complete failure. It's more like saying that my big-screen TV on my front porch can't be watched by anyone. Nobody set up a proxy into a private network nor did they give away a password. TFA doesn't talk about poor encryption or an obvious password. I didn't even notice anywhere it said that the site streaming the video had a proprietary content advisory. If something is made publicly accessible and not advertised, it's still publicly available.
There is a huge difference between this and logging into account. You have to have a url and some form of authentication to log in to an account and access the data. MobiTV has a url with readily available content but no authentication is required, thus there is no account to hack.
When you go to a url, one of two things happens:
1. The content is served regardless of who you are.
or
2. The server asks for some form of authentication and if the proper response is received, the server responds with the content.
It is hacking if you find a way to circumvent #2 but it is not hacking if #1 happens. When you go to the MobiTV urls, #2 is expected to happen but #1 is happening instead with no additional action on your part. There is nothing illegal about your actions when that happens, only stupidity on the part of MobiTV.