Slashdot Mirror
CNN Uses P2P Video & Adds Terrible EULA
Futurepower(R) writes "CNN's use of software called Octoshape presents an incredibly abusive EULA. If you agree to the EULA, you agree that CNN can use your bandwidth, and that you will pay any costs. Also, you lose the right to monitor your own network traffic. You can't even use information collected by your own firewall. Quoting the EULA:
'You may not collect any information about communication in the network of computers that are operating the Software or about the other users of the Software by monitoring, interdicting or intercepting any process of the Software. Octoshape recognizes that firewalls and anti-virus applications can collect such information, in which case you not are allowed to use or distribute such information.' "
Does anyone actually believe that click-through licenses are valid? If asked, one could always say that they let their cat chase the mouse around until the software worked.
No.
Noticed how much upload bandwidth was being used and fired up Wireshark to figure out what was going on. Hang on a sec, there's a knock at the doo$*)&!&*()@*!)(*)(NO CARRIER
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
OK, then. Install it on your machine (and agree to the EULA, if you wish), and then plug your machine in to my network. I certainly didn't agree to the EULA, so I can and will make use of that information.
SJW n. One who posts facts.
The majority of CNN's demographic doesn't even know what a EULA is anyway. You could say the same thing if you replace CNN with Microsoft too.
I have left slashdot and am now on Soylent News. FUCK YOU DICE.
I did click Accept, but i did not inhale!
Does it really say "you not are allowed"?
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
Oh really.
Company creates abusive and unenforceable EULA, News at 11!
CNN is providing us a service, making sure that Big Brother can't monitor what news stories we are watching. The EULA is there for our protection. Thank you, CNN!
I send an extra header in my http streams that contains a Eula stating that by responding to the request, they acknowledge that any Eula they present to me is null and void.
Well.. maybe. Or Maybe not. But Definitely not sort of.
Who watches CNN. It's by far the most biased, full of propaganda news channel in existence. Why bother with them or their software.
I usually pay for the bandwith I use on torrent both download and upload, if I don't want to use it I'll shut it down, it's that strange that cnn wants to play on the safe side so that no wacko try to bill them for the upload they make? As for the rest I see it as 'you cannot use any of this information for selling or using against us'...
I could see the consumer protection factor involved (i.e. preventing some MPAA official from spying in) were the content illegal. But seriously, wtf?
Most users won't even know what the EULA was talking about and so are not capable of agreeing to it; and so I doubt there is actually a contract.
blog.sam.liddicott.com
I have Little Snitch on my mac and noticed all the OUTGOING bandwidth being used while watching their video stream. After I figured out what was going on, I went to MSNBC instead. The quality is great at CNN and the idea is decent, but unless I read the EULA (which I didn't beforehand), I wouldn't know my contribution to the cloud. My employer monitors outgoing bandwidth usage and I could have been in trouble for high flows if I would have watched the whole thing. Being at a university, we have a large pipe, but I think I needed to be asked first a little more explicitly if they could use it.
Wouldn't something like this be required because the EU has laws against tracking IP and content. Also, you wouldn't want someone to try and inject alternative data in the shared file. If you install a P2P program of course you have to let them use your bandwidth, and according to the article, it stops sharing shortly after you stop watching. I'm all for making sure companies aren't taking advantage of people, but isn't P2P for video a good thing?
here's a simple solution : Dump CNN.
Sorry for a newbie like question but anyone know how to uninstall this Octoshape plugin? I mindlessly clicked "agree" in a fleeting effort to watch live video on that plane that crashed into the Hudson river on one of my machines. For all I know I just signed away rights to my kidney and left "testie" too. Any info. would be appreciated... Cheers.
Don't let CNN or any of its software into your computer/network. This just adds to the list of reasons why I deleted the channel from my TV listings.
CNN probably realizes the bandwidth doesn't belong to the end user, but to the ISP. When Net Neutrality becomes a reality, ISP's will be forced to abandon the flat-rate service model and charge by usage. CNN is just trying to make sure that when the end user receives that four figure Internet bill, the end user can't sue them for theft of service or some such.
Most large ISP's already have usage based billing trials going on in various cities around the US, so it is coming.
I think people forget that in the early days, the Telcos wanted to charge ISP's by the minute for their dialup lines. That is the model the Telcos understand and like. The cable companies are coming around to that point of view as many have their own usage based trials. It will simply take an event that allows them all to change at once. I'm betting on the passage of a Net Neutrality bill to be that event. Independent ISP's are all but non-existant anymore, so who will oppose them?
I went to CNN and ran a live video and didn't get the EULA pop up. Just another reason to abandon Windows for Linux.
On inauguration day cnn.com live video was banned for using too much bandwidth. Now I know why. It was probably flooding the upload pipe.
Even if the EULA is bad.
Where's the open source P2P video streamer?
I'm on Linux, and as a test, I just watched some [boring] live video on CNN:
1. CNN did not try to install a P2P application on my PC
2. I was not offered any EULA
3. My upstream data traffic did not change
Obviously, CNN hates Linux. Good news!
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Imagine you didn't agree to these conditions. How do you expect CNN to deliver the service?
If you agree to the EULA, you agree that CNN can use your bandwidth, and that you will pay any costs.
Its a P2P service - so if you use it, you are sharing your bandwidth with other users. Or, top put it another way, CNN are using your bandwidth to deliver their material to their customers.
So if some joker leaves it running in his hotel room and gets charged $1 per megabyte, he shouldn't sue CNN. Sounds fair.
You may not collect any information about communication in the network of computers that are operating the Software or about the other users of the Software by monitoring, interdicting or intercepting any process of the Software.
So if I collected data about the other CNN customers who are sharing my bandwidth via the P2P service, their IP addresses, what they were watching, and when and published it, that would be OK, would it?
We take these things as read when we use P2P, but obviously some lawyer at CNN has done a bit of due dilligence and covered his arse in case some troll comes along and sues them.
The fuss about this is a bit like the scare stories photo-sharing sites requiring permission to reproduce/modify/sub license your photos: they need these permissions to run their service.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
Since the EULA requires me to be hands-off, is CNN then going to assume legal responsibility for my system. In the event that a vulnerability is exposed in their P2P software, are they responsible for patch management and compliancy assurance? Should my system become compromised and, say, used as a distribution point for kiddie porn because of their EULA requirements, can I assume their legal council will represent me? How about we turn this around on them. They've removed all responsibility for security from the user, so demand it from them.
And someone is running that software? I didn't agree to any EULA. I am not using the software. Those data packets are mine! I can monitor them all I want.
Is this correct?
"can use your bandwidth, and that you will pay any costs."
so, how is this different from skype, zattoo, skynet or any p2p stuff...?
This is atrocious, but I don't really care. CNN has long ago stopped being a worthwhile news outlet when they adopted Fox News style sensationalistic pseudojournalism. CNN TV is now full of garbage like Nancy Grace, Glenn Beck, and very light on actual news updates. Their website likewise has become less like a news site than like National Enquirer Online (don't forget you can buy this headline on a tshirt!) and there are hundreds of better internet and TV news sources. Add this stupid license and bandwidth theft to all that, and I have to wonder why any of you would consider cnn.com a web site to visit.
1. P2P Video is the best way to scale video feeds to tens or hundreds of thousands of viewers.
2. Because of how P2P works, it is unavoidable that you get direct IP addresses of other video watchers.
3. Legal language is necessary just to prevent (or make less inviting) outside agencies or users from spying, collecting IP addresses, and otherwise abusing all the other users of their P2P network. Isn't this a good thing for privacy? Would you rather grant every person/agency on the internet full permission to abuse their video customers instead?
Really, not every bit of legalese is a big attack on the average user.
All it says is, while you may see exactly what's going on through means available to you like firewalls and antivirus programs, you are not allowed to look too hard through it because that's tantamount to working out how our P2P protocol works.
I guess, you're not going to see a WireShark module for Octoshape protocol any time soon. Or maybe you will..
I think you missed the point, Lord Kronos. The issue is not what information is there. The issue is that agreeing to the EULA means that it is illegal to read your own firewall logs. Maybe they would never prosecute, but maybe they would install software to prove you are looking at your logs. If they prosecuted, maybe you would win, after five years and tens of thousands of dollars in legal fees.
The issue is that the EULA says you lose control over your network.
Funny.
Really, i dont understand most of the retards here. Kneejerk anybody?
The EULA ensues
a) that its a P2P service (you know, YOUR upload)
and
b) that you still have privacy when using it.
Both are required AND desireable.
True, you cannot really enforce it. But at least they did try to do the best for their customers.
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
The article says that CNN offers other ways to watch the video, but that is not always obvious.
You're confusing contractual obligation with actions that are illegal. It requires a law to make something illegal, not a contract. If you breach the contract, you are not a criminal, you have merely opened yourself to whatever actions open to the other party stipulated in the contract (which is what a license agreement is).
CNN and Adobe executives put a lot of thought into that software. They sat around at a 3-hour lunch drinking, talking about their million-dollar salaries not being enough, making rude remarks to the waitress, and wondering "How can we sink our companies, fast?"
That's quite a lot of fearmongering in this article.
If you agree to the EULA, you agree that CNN can use your bandwidth, and that you will pay any costs.
CNN is afraid of being sued by someone if that person's ISP makes them pay an overage fee.
Also, you lose the right to monitor your own network traffic. You can't even use information collected by your own firewall. Quoting the EULA: 'You may not collect any information about communication in the network of computers that are operating the Software or about the other users of the Software by monitoring, interdicting or intercepting any process of the Software. Octoshape recognizes that firewalls and anti-virus applications can collect such information, in which case you not are allowed to use or distribute such information.'
Well, you quoted the relevant bit. They're basically saying you cannot spy on other users of the network (standard EULA rule), and since this is P2P, other users data will go through your network so please don't snoop on other users.
Is this news?
Has anyone else notice the coincidental (?!) connection in sound and appearance of "EULA" and "eulogy"?
From Wikipedia: A eulogy is a speech or writing in praise of a person or thing, especially one recently deceased or retired.
So a EULA would then be a death speech for the software or device for which it is written. ...We think this is great software, but now due to this EULA, it's dead (or at least we are going to make it that way)...
Never meddle in the affairs of dragons,
for you are crunchy and good with catsup.
They have the right idea I suppose.
Why not use P2P if you can get the video faster?
I guess they want to protect themselves from privacy issues.
People that don't care about what's in the EULA probably don't want to know anything about IP traffic - they are the majority.
The people who do know about IP traffic and do care about the EULA (./ers) are the minority, and CNN can probably give a shit what we think of the EULA
Shameless plug alert: Game server control panel
No, I don't think I missed any point, but I think you missed mine? Why did they add this clause to the EULA? You think they did it to stop you from looking at your firewall logs? Huh? What do they have to gain from that?
cdrguru made a relevant point. The most likely explanation for why they did this was to "protect" the privacy of their other users, since this is something like a bittorrent application. I was simply pointing out that since they can't actually protect anything, they should have just notified users of the shared info rather than pretending like they can legalese such shared info out of existence.
I also was not saying you shouldn't worry about the EULA or anything. I was saying why their approach to setting up the EULA was backwards.
You don't need to monitor your traffic, Comcast will do it for you - and shut you down for exceeding their cap.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Crazy, isn't it? You'd almost think we were on some kind of news discussion site where people just wanted to talk about nerdly goings-on.
Because then we can attach it to every P2P client on earth and it'd mean the RIAA was no longer allowed to collect any information on the files being shared whilst at the same time you could still just share CNN's content, win win!
Oh well, we can always dream ;)
Ok, let's discuss then. If you don't like the EULA, then don't use the product. The "A" in EULA stands for "agreement". If you don't agree, don't use it. I get the whole nerdy discussion site, but THIS particular kind of story gets far too much attention relative to the seriousness of the issue.
"Obviously, the terms are ludicrous and nigh-unenforceable."
Also, there is another point. Slashdot editors change stories submitted to them seemingly at random, but retain the submitter's name.
The story as I wrote it mentions that Adobe is allowing Octoshape to use Adobe's Express Installer to install the software.
Basically, that means that if you allow rights to Adobe, you are also giving rights to anyone who pays Adobe. Adobe's updating software is very annoying, in my opinion, but this new situation takes the abusiveness to a much higher level. See the linked story, Watch a live video, share your PC with CNN, at WindowsSecrets.com.
Now when ISP's defend their practice of throttling/blocking P2P clients, we can say "screw you, we want our CNN!"
...and our Pirate Bay...
War as we knew it was obsolete
Nothing could beat complete denial
- Emily Haines
So if CNN is using P2P on my machine and I don't "break their EULA", but rather just switch the networks packets to be an RIAA song, then will the RIAA mafia boys sue CNN?
That whole argument hinges on the "RAM is copying" angle, which has not been consistently upheld. Copyright traditionally covers publication, not personal use.
Copyright owners have not traditionally had any say in what people do with their works, apart from specific things like publication and public performance.
I can read a discarded copy of the NY Times no matter what the publisher thinks. Authors don't get to decide who can read their books.
Software companies have aggressively tried to grab "rights" that have never before belonged to copyright holders.
Isn't is possible to use a software firewall to throttle your overall outbound bandwidth? Set that to 1K/s, and your employer won't be on your case about your outbound bandwidth, plus it's still within the EULA - you're not monitoring your traffic, you're controlling the flow of ALL outbound traffic...but the university will probably be on your case for installing software...damn.
>>>The issue is that agreeing to the EULA means that it is illegal to read your own firewall logs. Maybe they would never prosecute, but maybe they would install software to prove you are looking at your logs. If they prosecuted, maybe you would win, after five years and tens of thousands of dollars in legal fees.
>>>
I'd rather just aim a bullet at the head of whichever manager was trying to sue me. If I'm going to waste my time & money in court, let's make it for a REAL crime, not pissant stuff like EULA violations. Down with all tyrants, whether they be politicians or corporations.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Anyone care to explain how to uninstall/delete octoshape from our computers? I have Mac OS X and have no idea where it was installed or what other files it sprinkles throughout the system folder.
You can't sign (or click) away your rights. They've overstepped their bounds, but isn't that what EULAs generally do??
"...The smart and lazy ones I make my commanders." - Erwin Rommel
I get the whole nerdy discussion site, but THIS particular kind of story gets far too much attention relative to the seriousness of the issue.
If you don't like this kind of story and these kinds of comments, then take your own advice and don't read them! As if bitching about the content of the stories and comments on slashdot that you don't like is ever going to change anyone's mind about posting them.
You said, "Why did they add this clause to the EULA?"
I don't know. The language of the EULA is too broad:
"You may not collect any information about communication in the network of computers that are operating the Software..." Presumably they know the meaning of the words. Certainly they are allowing themselves the option of being far more abusive in the future.
Remember the Sony software scandal? Judging from that, there won't be any corrections to Octoshape's bad behavior until people start demanding that the CEOs of CNN, Adobe, and Octoshape be fired.
One of the worst issues about this abuse is that Adobe is using software that is meant for updating its own products to install 3rd part software of its own choosing.
The recent Myspace case in California resulted in misdemeanor computer trespass charges against someone for violating the MySpace EULA.
The prosecution theory was violation of the EULA resulted in her exceeding her authority to access the Myspace servers and was therefore a crime.
It is being appealed, but once 1 prosecutor succeeds with a theory, others will copy them.
Now can you be charged with Computer Trespass for accessing your own equipment and logs in violation of an EULA written by a 3rd party? I would think it was an overreach, but 20 years from now? Possible that overzealous privacy advocates could get the question framed in the form of when you agreed to the EULA, you agreed to turn off all of that kind of logging, by keeping the logs, you illegally intercepted the communications.
http://xkcd.com/501/
It is what a commander of naval forces might say when there's an unfortunate turn in the battle.
In Legalese the term will probably be "unconscionable" instead, which probably isn't exactly a less harsh way for the court to say it that no one in their right mind would knowingly sign such a thing.
better solution, don't go there
"NOT SUITABLE FOR CRITICAL USE The Software is build for personal entertainment use only. It should not be used in or allowed to communicate with any health critical applications or systems or any other vital, critical or valuable applications or systems."
The 20th was still a day to work. Many employees I am sure were hooked up to this that day. So it is not just the regular every day user that has to worry about the bill coming. Also many did not read the EULA. That includes the many on the job in the health profession, etc. So it is safe to say that many businesses will be getting a bill from hell as well.
[...] I would think it was an overreach, but 20 years from now?
"I would think it was an overreach, but 2 years from now?"
There, fixed that for ya.
Pi Ran Out
Can I create a bittorrent client with an EULA that allows me to put torrents on your system, hide them from the UI for a certain period of time, and forbid you from looking under the hood to see what's there?
Then if a copyright holder comes after you for sharing their stuff, you can claim that I put it there (they'll have no way of proving whether I did or you did), and there was nothing you could legally do to detect or prevent it. You have now attained carrier status and thus shielded yourself from lawsuits.
As for me, I'll live in Sweden, just in case.
Since the EULA requires me to be hands-off, is CNN then going to assume legal responsibility for my system. In the event that a vulnerability is exposed in their P2P software, are they responsible for patch management and compliancy assurance? Should my system become compromised and, say, used as a distribution point for kiddie porn because of their EULA requirements, can I assume their legal council will represent me? How about we turn this around on them. They've removed all responsibility for security from the user, so demand it from them.
You are kidding, right? They don't make these rules to put themselves in jeopardy. The serfs have to look out, not the masters. *They* have rights. *You* have responsibilities.
I remember a time when Slashdot editors would keep the summary people wrote and give credit to someone else. Now it's the other way around! Ah, how times are a changin'.
Hi All, living outside the US but anxious to watch the Obama Inaguration in all its glory I installed the octoshape application and used CNN, which was the most reliable video I found on my 1Mb DSL circuit. A few days later I noticed that my P2P would shut down after an hour or so, and I could not repair the internet connection. Have to reboot. I had not connected Octoshape with this behavior, but it started at about the same time and until this /. article I had not thought about Octoshape at all. (Thanks to FuturePower!).
Wondered if anyone else had seen this...? I googled and did not spot anything.
Thanks,
YJ14
EULA
By reading any part of this EULA or its entirety, you agree to be bound by its terms. This EULA is an agreement between you, hereinafter Garbage, and us, hereinafter The Important Party. Garbage agrees that Garbage is garbage and The Important Party is important. Garbage agrees that everything it has is now the property of The Important Party and is on loan to Garbage only until The Important Party decides otherwise, at which time Garbage must turn over the requested property. Garbage agrees that The Important Party has every right it chooses without limit. Garbage agrees that The Important Party has no duties or responsibilities of any kind. Garbage agrees that Garbage has every duty and responsibility as determined by The Important Party and as amended at any time by The Important Party. Garbage agrees that Garbage has no rights whatsoever.
As I read this, they understand that firewalls, antivirus, etc. will collect data. It also seems that they don't really care that you collect the data, but rather they want to make it illegal for you to use the data. They don't want you to collect information about the users of the software or even information on their computers. They even write in some lines for subverting the software to get this information.
Is it just me, or does it sound like some of their actions are making it incredibly difficult for the MPAA, RIAA, or like entities to carry out their standard practices to find people sharing content?
Ok, EULA aside, how is this a bad thing? Come on, /.! I read all the time how terrible it is that ISPs throttle/shape bittorrent/p2p traffic and read the praises upon high at how efficient p2p is.
How is this any different?
Disclaimer: The opinions and actions of the US Gov't are in no way representative of those held by this author or its ci
Since its founding, Turner Broadcasting has been a technical innovator working to deliver the very best media experiences to its consumers. As part of Turner and the first TV-affiliated news site on the Web, CNN.com likewise has worked to bring online news to millions of consumers in the most innovative and user-friendly manner since 1995.
As a natural extension of the innovation core to the DNA of both Turner and CNN.com, Turner selected Octoshape as a best-of-breed P2P technology to help provide CNN.com's users around the globe with what we believe is the best live webcast experience available on the Internet. Octoshape is an
established P2P delivery company, and has served several other media companies besides Turner.
Further, using P2P technologies to distribute commercial content on the Web is hardly new. Companies like the BBC, Joost, AOL and many others have delivered content using P2P technologies for years. P2P technologies are also used by millions of consumers daily for activities such as the transmission of files via instant messaging applications and Internet telephony.
Today, P2P technologies have evolved to the point where previously unattainable scale for live webcasts is now achievable. In preparation for high interest in viewing CNN.com's Live streaming of President Barack Obama's inauguration on Jan. 20, Turner anticipated that the resulting
stresses on the various CDNs and the Internet in general would make it extremely difficult - if not impossible - to serve such an unprecedented audience without the use of P2P technologies. In concert with CDNs, CNN.com was able to provide over 1.3 million simultaneous live video streams on Jan. 20 - and more than 650,000 of those simultaneous streams were delivered with P2P technology.
Turner has been forthcoming about the use of P2P technologies in the CNN.com Live video player - both with users and the public at-large. Since Octoshape was incorporated into the CNN.com Live player in Nov. 2008, users have been presented with the option to accept the P2P plug-in to enhance performance upon initial launch of the live player; and if they exercise that option, are presented with the end-user license agreement (EULA) that describes how the software operates. It also is important to note that users are not required to use the software in order to receive the requested video stream. All of CNN's video is available to consumers without the use or installation of a P2P plug-in.
There are also multiple ways to delete the Octoshape software from a user's computer. Within the CNN.com Live player's "Help" feature, users are referred to Octoshape's website and provided with instructions on how to uninstall the plug-in. Additionally, the software can be uninstalled via traditional Windows tools for adding/deleting software.
As Turner continues to deliver quality content to the largest audiences possible, we recognize that the Internet will continue to evolve, and methods for scalable delivery of Web content will necessarily evolve with it; and as a company, we will continue to work with industry stakeholders - including ISPs and privacy experts - to develop the latest, most innovative and user-friendly methods for scalable delivery of content on the Web.
Michael Wise | Group Technical Advisor | Platform R&D | Turner Broadcasting System, Inc.
Because they don't want you to see how nefarious they really are. It like trying to stop the police searching your vehicle.
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"