Slashdot Mirror
Posting Publicly Available URL Claimed a "Hack"
Urban Strata writes "Popular mobile phone community HowardForums.com is being hit with take-down notices from MobiTV. At issue is the fact that a HowardForums community member uncovered a publicly accessible URL for MobiTV's television stream. This URL is not encrypted or authenticated in any way, and yet MobiTV sent site owner Howard Chui a cease-and-desist letter for hosting a forum with the public URL, claiming that doing so is equivalent to hacking their service."
Is it stupid to make your stream available unencrypted from a publicly available URLYes
I am Jack's complete lack of surprise.
"There are too many people freeloading nowadays. The internet makes it so much easier to freeload"
Jee, I wonder if you'd apply the same concept to OTA radio and Local TV with regards to magnetic recording media back in the 80s and 90s.
The fact of the matter is that they're claiming it is a hack, when it's their own stupidity and ignorance that allowed this to happen. Calling this a hack is just an attempt upon the person's character. People will begin to think the person that stumbled across this is a hacker, then they'll get that reputation, which in turn tarnishes the reputation of the non-hacker. It's character assassination and MobiTV should be nailed to the fucking wall while someone calls for their waaaaaahmbulance.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
No. There is nothing wrong with visiting a publicly available URL. No exceptions.
Is it against the law to print the address of a person and that person doesn't lock his garage? No
What makes you think this is any different? Immoral != Illegal.
likewise: Illegal != wrong.
The OP merely said that it was wrong, he did not say that it was illegal. Wrong is clearly a statement of whether something violates ones morals (in this context).
Just sayin...
This is a classic example of a site trying to be "secure" through obscurity. The correct response would not be issuing a take down notice, thus publicizing the issue. An intelligent response would be to move the service to a secure site that required credentials.
What exactly is MobiTV trying to claim is their IP? The URL? I didn't think such short addresses were copyrightable. I don't think they realize how the internet works. If I type in a URL in a browser, I'm sending a request for data back. It's up to mobitv what to return. If they don't want us to have access to the data, don't return it. Simple.
well they're within their rights in asking you to stop.
Is it a hack? No. It's an url.
Does it allow people to watch TV that they didn't pay for? Yes. The TV is offered for free. People who accept the offer can watch it for free.
Does it prevent Verizon and MobiTV from receiving revenue that they should from the streams? No. Verizon and MobiTV could just withdraw the free offer, and implement a different access-controlled method for the same video.
Is it wrong? No. Someone offers free goods. You accept the offer. You have not done anything wrong.
Does MobiTV and Verizon have the right to send a cease and desist letter? Yes. Anyone can write a letter. It means nothing.
Were MobiTV and Verizon stupid to offer this data online for free? Maybe -- It could have been done intentionally. Lots of people put video online, for free.
Were MobiTV and Verizon stupid to continue offering this data online for free, after they decided that they didn't want to? Yes.
How am I to know that membership is required if they do not ID? If I walk into a Gym and no one IDs me, I think "hey, cool. public gym. didn't know they still existed". If I stumble across a link to a TV stream, I think "hey, cool. free video. I wish they had stripped the ads." I feel it is unreasonable to expect the end user to determine if he or she should be paying for a service. If the service is pay only, it should have some method of access control. A lack of access control implies free (as in beer).
-
Your house is private property, which is why people are not allowed to enter. It has nothing to do with whether the door is locked or not.
This situation is similar to putting up a big sign in your yard that is visible from public property, and then complaining about people who look at it. If you want it to be private, then don't make it visible from public property. Same thing with a URL. If you want the content to be private, then don't make the link publicly accessible. If you do make it public, you can't complain when people look.
Unix is user friendly, it's just selective about who its friends are.
Browsing the stacks, in this case.
You're not preventing anyone else from browsing or checking out the books, and at worst you're taking up a little bit of space in the hall. The resources that you've accessed are still there for all the other patrons.
In Xanadu did Kubla Khan
A stately pleasure dome decree
"I feel it is unreasonable to expect the end user to determine if he or she should be paying for a service."
It takes an unhealthy dose of willful ignorance to fail to make that determination on your own.
And yet you're puzzled by why digital content producers try so hard to prevent their works from being 'mistakenly' acquired by people who (according to you) can't determine if they are entitled to said works for free.
"Ask not what your country can do for you." --John F. Kennedy
These meatspace metaphors just don't work when it comes to technology. It is wrong to walk into a library and take anything that's not nailed down. This is also preventing other library users from using those same resources. In this case, accessing the stream is not preventing paying customers from using the service. Therefore, the metaphor does not work.
I got nothin'
Pssst! Listen up! I've just discovered that an address where you can access intellectual property for free! The address is 700 Boylston St., Boston MA 02116. You know what? Between 9 a.m. and 5 p.m. every day they leave the door unlocked! That's right! You can walk right in!
And you know what you'll find? Millions and millions of books, including current bestsellers like Stephen King's Duma Key. Yep, you can just take it right off the shelf, sit down, and read it right there. Instead of paying $17 to $28 dollars, you can read it for free!
In fact, with a Massachusetts driver's license and a little sweet-talk it's not at all hard to do social engineering on the guy at the security desk and talk him into giving you an access card that will let you take that book right through security, right out of the building! For three weeks or more.
Is it a hack? Not really.
Does it allow people to read books that they didn't pay for? Yes
Does it prevent Scribners from receiving revenue that it would otherwise have received? Yes.
Is it wrong? No.
"How to Do Nothing," kids activities, back in print!
How is it wrong to just visit a completely public URL? If they're losing money it's their fault; you can't just say that verizon losing money is wrong. How is that wrong? We're gaining value. Nothing has been destroyed here. This situation is purely verizon's affiliate being lazy and insecure, and you're just stupid for thinking it's wrong to take advantage of that.
Also, this reminds me of this story where reuters was accused of hacking for posting a publically-available but secret URL. Everyone thought it was a complete joke and reuters lined up its battalion of lawyers and pumped the plaintiff full of hot lead. How is this any different?
They're also just asking for the Streisand Effect to bite them in the ass, especially with their lack of security. It would have been better to simply fix the security issues and watch the freeloaders drop off like flies. Instead they chose the route that will actually cost them the most since everyone is now well aware of it so the bandwidth will go up, they will still have to put up security AND they get bad publicity. Sounds like sticking up for their "rights" worked out well.
0x09F911029D74E35BD84156C5635688C0
"But you'd have to be really disconnected from society if you honestly thought that you just found a free gym."
So that gym I go to every Saturday to take martial arts has been charging all these years? Seriously, I go to a free gym every Saturday to train; the name is the Black and Williams Neighborhood Center just in case you think I'm bullshitting. These aren't unheard of in most civilized countries so one has to wonder who is really disconnected from society as per your statement above.
0x09F911029D74E35BD84156C5635688C0
Oh, great.
Now you've opened up the line for yet another debate on the true meaning of "steal".
A lot of people don't accept that the legally-assigned right to profit from (propagation of) information (1) is a distinct thing from the information itself, and (2) can be and is destroyed / taken from the right-holder when unauthorized propagation of the information occurs.
I don't agree, and for that reason I don't have a big problem with the shorthand of calling it theft in casual contexts even though the analogy is imperfect.
Or rather, I wouldn't have a problem about it, except the reality today is it pushes the debate away from the issues as people wrangle about the semantics.
You are the CEO of a multinational corporation. You manage the company into the ground. You are fired, but the golden handshake provision of your contract entitles you to 150M$. Money you didn't, in the strictest sense of the word, earn. Are you stealing?
Look, if I leave a sofa on the curb in San Francisco, and don't look like I am moving, it will disafsckingppear in less than an hour. The internet is no different; you make a stream avail without any protection, I tap into the stream, you don't want me to, you block it. You don't block, you are ok with it. Like leaving the sofa out, implied consent to access unprotected content/stuff.
Your argument essentially distills into having a house with glass walls in the middle of a crowded city and then complaining when people look in. Don't want observers, don't use glass walls.
andy
There is a huge difference between this and logging into account. You have to have a url and some form of authentication to log in to an account and access the data. MobiTV has a url with readily available content but no authentication is required, thus there is no account to hack.
When you go to a url, one of two things happens:
1. The content is served regardless of who you are.
or
2. The server asks for some form of authentication and if the proper response is received, the server responds with the content.
It is hacking if you find a way to circumvent #2 but it is not hacking if #1 happens. When you go to the MobiTV urls, #2 is expected to happen but #1 is happening instead with no additional action on your part. There is nothing illegal about your actions when that happens, only stupidity on the part of MobiTV.