Slashdot Mirror

← Back to Stories (view on slashdot.org)

Developer Draws Legal Threat For Exposing Indian Telco's Net Neutrality Violation

Posted by timothy on from the pressure-from-abroad dept.

knightsirius writes: Indian broadband and cellular operator Airtel was discovered to be injecting third-party JavaScript files into web pages delivered over their wireless networks. A developer was viewing the source of his own blog and noticed the additional script when viewed on a Airtel connection. He traced the file back to Flash Networks, an Israel-based company, which specializes in "network monetization" and posted the source on GitHub. Since then, he has received a cease-and-desist from Flash Networks and the code on GitHub has been removed following a DMCA takedown notice.

Readers may remember Airtel from its previous dubious record with network neutrality.

134 comments

  1. Of course, it's likely copyrighted. by Anonymous Coward · · Score: 0, Flamebait

    You can't just go posting other's source code on the web without permission. There are other, better ways to deal with this asshattery.

    1. Re: Of course, it's likely copyrighted. by Anonymous Coward · · Score: 2, Funny

      He didn't post it, it was injected ;)

    2. Re:Of course, it's likely copyrighted. by gstoddart · · Score: 5, Insightful

      You can't just go posting other's source code on the web without permission. There are other, better ways to deal with this asshattery.

      When they embed it in your blog ... fuck 'em.

      They modified his blog with code, which means it's now his code.

      Or are we pretending that when corporations do shit like this it's OK?

      I read this as "assholes embed code in pages, and then whine when that code gets made public to point out that it's happening".

      No sympathy. Not even a little.

      --
      Lost at C:>. Found at C.
    3. Re:Of course, it's likely copyrighted. by Atrox666 · · Score: 5, Insightful

      Technically they made a change to his copyrighted code and since he was paying them for the service the copyright should belong to him.

    4. Re:Of course, it's likely copyrighted. by Anonymous Coward · · Score: 2, Informative

      *Whoosh* to all who modded this down.

    5. Re:Of course, it's likely copyrighted. by Jason+Levine · · Score: 5, Insightful

      Not only that, but they made an unauthorized change to his code that displayed ads. If anyone else were to do this, it would be called "hacking his website" and the group responsible would (theoretically) be brought to justice. However, since it is an ISP, they get to call it "monetizing their service" (or some other weasel words) and the companies responsible for the ads get to sue for copyright infringement. Imagine if a group of hackers sued for copyright infringement because the code used in their hack was publicized. They would be laughed out of court.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    6. Re:Of course, it's likely copyrighted. by mark-t · · Score: 1

      While it's true that he might not have had any explicit permission to publish their source code on the web, I think an argument could be made that such permission was implicit.... since the company was already pushing the source code to every single person that used the serviice anyways (being javascript, and it needing to run in the client's web browser).... and it's not like he was publishing something that he was never entitled to access to, nor had any obligation to keep confidential.

      --
      File under 'M' for 'Manic ranting'
    7. Re:Of course, it's likely copyrighted. by leptechie · · Score: 1

      No, they changed his web page to insert the URL, so only the URL becomes part of the document. The linked script it refers to retains its' own copyright which, in the absence of a copyright statement, could only reasonably be assumed to be the carrier that modified his blog's transmission.

    8. Re:Of course, it's likely copyrighted. by Anonymous Coward · · Score: 2, Interesting

      He can probably one-up them and sue THEM for tampering with his code. I bet if you did something like this to a company's page, they'd sue you, guns blazing like the terrorist you are.
      They must know their code gets out there for everyone to see, the way they're doing it. It's trivial that it can be looked at and copied. If it's such a trade secret, keep it out of the public's face.

    9. Re:Of course, it's likely copyrighted. by Anonymous Coward · · Score: 1

      sue THEM for tampering with his code

      Won't work if the company granted themselves the right to tamper in the Terms of Service.

    10. Re:Of course, it's likely copyrighted. by neo256 · · Score: 1

      ... Without permission...

      If you fling shit through my window. And I pick it up with a towel and hang it on a billboard will you sue me for making money or claim revenue loss because I use your content as advertising?
      They forced their shit up his ass and he responded by putting up code that is apparently publicly available ... as he picked it from his browser as I understand. It's javascript as I understand, meaning any one could pick up that code and do what ever they want with it.

    11. Re:Of course, it's likely copyrighted. by leptechie · · Score: 2

      You can't just go posting other's source code on the web without permission. There are other, better ways to deal with this asshattery.

      There are two parts here, neither of which alone add up to the combined outrage (though both spurious): 1) Company A writes code to inject ads to documents, and Company B decides to inject these into pages from other people's services. Whether B got permission from A for this exact purpose we don't know, but it could just as likely be embedded in pages B serve themselves. Note, the injection part here is suspect, but unrelated to the DMCA notice. 2> Owner of said code (Company A) blows his lid that company property is openly accessible at GitHub. and uses appropriate tools to deal with it.

      If this is one party injecting their own code into a HTTP session without consent, then objecting to the subsequent source disclosure then fine, let rip, but the context here is critical, and without a view of the source we can't assume more than we know: This is a hostile act, intentionally modifying content in-transit, and more than just compressing JPEGs for mobile network consumption, it alters functionality and potentially the security of the user's device.

      He is well within his rights to ask for help from all and sundry in determining the potential harm, especially if (as it appears, I tried and failed) the file can only be downloaded from Company B's network and anyone willing to assist would be unable if not a subscriber. The Net Neutrality rules in India back him up, but unfortunately for him the DMCA covers GutHub under US law. It does protect him from the asshatted letter that makes threats if he continues to exert his rights under Indian law. Flash Networks' conduct here is mixed, but Airtel is incredible, and so far they remain uninvolved and unthreatened.

    12. Re:Of course, it's likely copyrighted. by hey! · · Score: 2, Interesting

      Well, this is one of those things where copyright law doesn't necessarily behave the way people think it should.

      Take the famous case of science fiction author Marion Zimmer Bradley. For years she encouraged fan fiction in her Darkover universe -- until she wanted to use some plot ideas from a fan story she had read in one of her own novels. The author of the fan story successfully blocked the publication of MZB's novel.

      So it's clear that original authors don't automatically get ownership of derivative works. What they get is more like a veto power over various uses the derivative author can put his work to. Actually slinging around the word "ownership" in this kind of context tends to be misleading. Copyright is considerably different from the usual concept of "ownership", e.g., the way that you own your car or your pants. It's actually a kind of legal monopoly on certain activities as they apply to a work. That explains why an interlocking web of monopoly rights can lead to a work being simply unusable; that's a result which violates people's intuition that someone must "own" the work and therefore must be able to do whatever he pleases with it.

      In this case the best position for the developer to take is that his posting is covered in some way by fair use.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    13. Re:Of course, it's likely copyrighted. by gstoddart · · Score: 4, Insightful

      Won't work if the company granted themselves the right to tamper in the Terms of Service.

      What if my terms of service says you owe me a billion dollars if you modify my code?

      When the hell did we start thinking of terms of service as magical?

      --
      Lost at C:>. Found at C.
    14. Re: Of course, it's likely copyrighted. by Anonymous Coward · · Score: 1

      Java Script files are not encrypted. Anyone who went to the blog could have viewed the file's source so what does it matter if it is on GitHub or not. When the tables are reversed we would be told something like "there is no expectation that [insert subject matter] would ever be private so we the [insert corporation or government agency] are within our rights to use [insert subject matter] as we see fit."

    15. Re:Of course, it's likely copyrighted. by leptechie · · Score: 5, Insightful

      If anyone else were to do this, it would be called "hacking his website" and the group responsible would (theoretically) be brought to justice. However, since it is an ISP, they get to call it "monetizing their service"

      Even worse, this is a 3G network, so they're not just monetising, they're artificially inflating their customers' usage by forcing them to down content they didn't request on a service that is typically directly billed by utilisation.

    16. Re:Of course, it's likely copyrighted. by nitehawk214 · · Score: 0

      They injected code into his blog. So they made a derivative work of his, the code belongs to him.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    17. Re:Of course, it's likely copyrighted. by TheCastro1689 · · Score: 2

      When the US Government started letting companies use terms of service as a defense that normal citizens couldn't beat.

    18. Re:Of course, it's likely copyrighted. by Anubis+IV · · Score: 4, Insightful

      Except that your case is nothing like this one, because in this case the original work was replaced with the "derivative", with the derivative being misrepresented as the original one.

      This would be like if a fanfic author worked at the publisher for the author they loved and decided to change a bit of the text in one of their favorite novels so that it mentioned a product they sell on the side. The novel then gets passed on to bookstores with no one the wiser, and it's not until months later that the author is poking through some pages and realizes that this isn't the novel they wrote, even though it's being represented as such. If the publisher continues in misrepresenting that work as being the author's, then we'd have an expectation that the author would have just as much right to that altered text as to their original text.

      Of course, the analogy breaks down here, since authors routinely hand over ownership rights to their publishers, whereas web developers essentially never hand over authorship rights to their ISPs.

    19. Re:Of course, it's likely copyrighted. by currently_awake · · Score: 1

      Publishing on the internet does NOT extinguish your copyright. The author (web page owner) legally requires permission from the (slimeball) corporation to publish their copyrighted material. The author might be able to sue for impersonation (they pretended the stuff they served was from the author), and they (corp) might be liable for defamation (they served up adds on his website without consent and made it look like he (author) was doing it), but they most certainly have the right to block him publishing their code.

    20. Re:Of course, it's likely copyrighted. by Anonymous Coward · · Score: 0

      That's what I told all those damn "security researchers" when they posted my malware code. Served 'em up with a DMCA violation from my home country of Bulgaria. Those rotten bastards didn't listen.

      I'm with you man. Criminals of the world unite!

    21. Re:Of course, it's likely copyrighted. by rtb61 · · Score: 1

      No by providing the URL link to content they voluntarily provided that content the URL refereed to, they gave it to him. You can not provide a compulsory link so someone and then claim they infringed copyright when that link downloaded content. This is not different to delivery a package to someone with say a CD and claiming if they open the package they have to pay for the CD.

      --
      Chaos - everything, everywhere, everywhen
    22. Re:Of course, it's likely copyrighted. by gstoddart · · Score: 2

      Wow ... and the US government has control over what an Israeli company is doing in India ... why???

      This has nothing at all to do with US law, other than the DMCA was used on Github.

      --
      Lost at C:>. Found at C.
    23. Re:Of course, it's likely copyrighted. by Anonymous Coward · · Score: 1

      Actually this reminds me of those Direct Revenue assholes who hijacked Windows desktops to display ads: http://www.benedelman.org/spyw.... Bottom line is that regardless of copyright or DMCA issues, when ads are actively injected into anything people should always get pissed.

    24. Re:Of course, it's likely copyrighted. by Jason+Levine · · Score: 1

      I will agree that publishing on the Internet doesn't remove copyright. (Sorry to all those who think they can just use anything they find in a Google Images search.) However, in this case, it looks like part of the complaint is that publishing this damages the company's "name and reputation." They are claiming that calling them out on scummy things that they do is illegal.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    25. Re:Of course, it's likely copyrighted. by houstonbofh · · Score: 2

      On copyright grounds. His page was copyrighted. They modified it and distributed the derivative work without a license. He can use the DMCA to take down all of the modified pages.

    26. Re:Of course, it's likely copyrighted. by stephanruby · · Score: 1

      Well, this is one of those things where copyright law doesn't necessarily behave the way people think it should.

      Why not? The blogger just needs to send github a DMCA counter-notice, and that's that. This is a very clear case of Fair Use. The company can try to sue in US court, but it would just lose and amplify the Streisand effect.

      Also, I'm not sure why the name of the CEO of Flash networks is edited out of the DMCA notice, but his name is Liam Galin according to their web site. Here is his linkedin. This guy is obviously an idiot where it comes to the internet and public relations. If he becomes unemployed one day, it would be foolish to hire someone like that for anything internet-related or public relations related.

      If you'd like to complain to the company itself. Here are the company's physical addresses and contact information in the US, Israel, Europe, and Singapore.

    27. Re:Of course, it's likely copyrighted. by Anonymous Coward · · Score: 0

      That would be like taking Back to the Future and replacing Coke with Pepsi without permission...

    28. Re:Of course, it's likely copyrighted. by TheGratefulNet · · Score: 2

      the issue is that some companies think that their code is 'execute-only', and if you try to READ it, they come after you, legally.

      does that make any sense?

      'here, run this code. each time you access your own page, run MY code. but don't DARE view it. we don't allow that and we don't allow you to explain what our code does.

      "JUST RUN IT, CITIZEN!"

      this is what their argument amounts to. you 'must' run our code but you 'must not' look at it.

      its how marketers think. we 'must' be allowed to inject our code in your stream and you 'must not' be able to run blockers to suppress our code in your stream.

      fine kettle of fish we have in this brave new world of ours...

      --

      --
      "It is now safe to switch off your computer."
    29. Re:Of course, it's likely copyrighted. by Coren22 · · Score: 2

      Oh no...now he'll DCMA /., why would you post all his copyrighted information to /. like that?

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    30. Re:Of course, it's likely copyrighted. by gnasher719 · · Score: 3, Informative

      They injected code into his blog. So they made a derivative work of his, the code belongs to him.

      It doesn't. Creating a derivative work may be copyright infringement, but it doesn't give the owner of the original code any rights to the derivative work.

    31. Re:Of course, it's likely copyrighted. by Anonymous Coward · · Score: 0

      He can use the DMCA to take down all of the modified pages.

      Wouldn't that effectively take down his blog?

    32. Re:Of course, it's likely copyrighted. by Stephan+Schulz · · Score: 1

      Publishing on the internet does NOT extinguish your copyright. The author (web page owner) legally requires permission from the (slimeball) corporation to publish their copyrighted material. The author might be able to sue for impersonation (they pretended the stuff they served was from the author), and they (corp) might be liable for defamation (they served up adds on his website without consent and made it look like he (author) was doing it), but they most certainly have the right to block him publishing their code.

      Making something available on the public net is generally considered to provide the user with an implied license to download and read the document. It does not extinguish copyright (i.e. you cannot freely copy it), but you sure can download it. Otherwise each website access would be a copyright violation. This principle is well established. Moreover, of course, in this case, publishing is fair use for commentary. Distribution of the code to expose their practices is not in competition with the companies' use (which is, after all, freely distributing the code). It is inconvenient for the companies to have their unethical and almost certainly illegal practices in the limelight, but keeping dirty secrets is not something protected by copyright.

      --

      Stephan

    33. Re:Of course, it's likely copyrighted. by Anonymous Coward · · Score: 0

      since authors routinely hand over ownership rights to their publishers,

      Only the stupidly naive ones, or those with stupidly naive (or dishonest) agents.

      Usually the author sells e.g. "book rights" or "paperback rights" or "english paperback rights" to a publisher (leases might be a more accurate term if the author is smart enough to include a reversion of rights clause in the contract). While there are exceptions (publishers are notorious for trying to grab "all rights" in the first contract they send to newby authors), authors typically retain movie rights, serialization rights, foreign language rights, game rights etc, etc. because they can sell those separately. There are a lot of slices to the rights pie, and a smart author tries to sell as many different slices as possible to different buyers (and in some cases, the same slice, over and over -- such as with options. (A movie rights option is a limited-time exclusive right to buy the movie rights; it's cheaper than the movie rights and typically lasts a year or two, then the author can sell it again unless the option-holder has bought the movie rights.)

    34. Re:Of course, it's likely copyrighted. by Lord+Kano · · Score: 1

      sue THEM for tampering with his code

      Won't work if the company granted themselves the right to tamper in the Terms of Service.

      That might save them from being sued by the users but not the publishers. They are creating unauthorized derivative copies of copyrighted works.

      That's illegal.

      A third party can't waive your right to defend your IP.

      LK

      --
      "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
    35. Re:Of course, it's likely copyrighted. by houstonbofh · · Score: 1

      Not if he words it right. It could for the take down of all modified pages. In other words, the Internet. Which would force the ISP to back off while this works out.

    36. Re:Of course, it's likely copyrighted. by leptechie · · Score: 1

      "They" who did the providing is Airtel, the 3G provider, and likely under a distribution agreement with Flash Networks, the copyright owner, for specific purposes. When the actual copyright owner (FN) found their content on GitHub, they sent the takedown. I think Flash Networks acted appropriately with the proper tool and, for once, the DMCA notification content is actually correct. Airtel are the ones who have things to answer for, not FN.

    37. Re:Of course, it's likely copyrighted. by lsatenstein · · Score: 1

      You can't just go posting other's source code on the web without permission. There are other, better ways to deal with this asshattery.

      When they embed it in your blog ... fuck 'em.

      They modified his blog with code, which means it's now his code.

      Or are we pretending that when corporations do shit like this it's OK?

      I read this as "assholes embed code in pages, and then whine when that code gets made public to point out that it's happening".

      No sympathy. Not even a little.

      I suppose that the only thing the code owner can do is add an appendix that does a realtime crc or md5sum check of the code that is his. If the code is corrupted, the service can take action as appropriate.

      --
      Leslie Satenstein Montreal Quebec Canada
  2. Streisand effect by gurps_npc · · Score: 3, Insightful
    Worse, the idiots never heard of the Streisand effect.

    Or it's political corollary: The cover up is always worse than the original crime.

    --
    excitingthingstodo.blogspot.com
    1. Re:Streisand effect by Anonymous Coward · · Score: 0

      You're an idiot who never heard that it's means it is.

    2. Re:Streisand effect by UnixUnix · · Score: 1

      Streisand galloping indeed, the thing is multiplying like fruit flies, "we can post ' em faster than you can DMCA 'em". E.g. on pastebin, http://pastebin.com/ZP6r6ENK

  3. Re:STEREOTYPING IS BAD... by Anonymous Coward · · Score: 0

    Will you please shut the fuck up, go the fuck away, and spare us your endless fucking stream of bullshit and drivel?

    kthanksbye

  4. Airtel got caught, what about others? by 140Mandak262Jamuna · · Score: 1

    How many people routinely check the source of their own web page through different connections to look for such injections? If some major US cell network or ISP did this, how likely they will be caught? Would https stop them from messing around with injections?

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Airtel got caught, what about others? by Anonymous Coward · · Score: 0

      There's the how likely they would be caught issue and there's the how likely would something change if they were caught.

      To be caught requires checking and some savvy, although not all that much, mostly the checking part. You should know what source is yours and isn't (one or more of these things will not be like the others). As to what might happen, my guess is mostly lawyers would make some money, but whoever was doing it would take some PR hit.

      HTTPS can help if the...
      1) are not running a web proxy (government and large corporations are more typical cases of ones that use that because they control your device/desktop as well ... and hence your cert store). I have yet to see a mobile provider running a web proxy doing https, although it's theoretically possible (at least devices they sell/control).
      2) are injecting in transit (which is how I read that it is going on), not at render.

      Another way to deal with this is to direct your blog readers to use noScript (or something similar) and specifically blacklist the provider's js. They likely cannot take legal action against you on that.

    2. Re:Airtel got caught, what about others? by Anonymous Coward · · Score: 0

      Would https stop them from messing around with injections?

      Ideally, yes.

      In reality: maybe not. See https://en.wikipedia.org/wiki/Superfish

    3. Re:Airtel got caught, what about others? by heypete · · Score: 2

      How many people routinely check the source of their own web page through different connections to look for such injections? If some major US cell network or ISP did this, how likely they will be caught? Would https stop them from messing around with injections?

      So long as the injector can't issue SSL certs that the user will trust, yes, https will stop such injections.

      If the injector *can* issue SSL certs that the user will trust (e.g. the ISP requires users install their local CA, or they somehow have a global wildcard from a trusted CA), all bets are off -- the injector can impersonate and inject content into any https-secured site.

    4. Re:Airtel got caught, what about others? by currently_awake · · Score: 1

      Http should prevent code injection, provided the server that handles the http stuff isn't compromised. When the ISP that owns the server is the one doing the injection, the server is compromised.

    5. Re:Airtel got caught, what about others? by Jason+Levine · · Score: 1

      It doesn't need to be the ISP owning the server. It could be an ISP adding data to webpages being transferred to their users. So a user requests the Slashdot home page using $SOME_ISP. $SOME_ISP pulls the page from Slashdot's servers but adds some JavaScript code to it before transferring it to the user. The user sees Slashdot plus the JavaScript code that $SOME_ISP added. Slashdot's servers haven't been compromised at all, but the transmission has been.

      If an individual did this, we might call it a man in the middle attack. The ISP, for some reason, thinks they have the right to conduct man in the middle attacks to benefit themselves financially.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    6. Re:Airtel got caught, what about others? by houstonbofh · · Score: 1

      I have yet to see a mobile provider running a web proxy doing https, although it's theoretically possible (at least devices they sell/control).

      It is quite common in the US as the carriers also control the phones and can install their own certificates.

    7. Re:Airtel got caught, what about others? by Anonymous Coward · · Score: 0

      I'm waiting for the web devs to step forward and defend the advertisers yet again and badmouth the freeloaders who get in the way of monetization.

    8. Re:Airtel got caught, what about others? by Anonymous Coward · · Score: 0

      wget (or curl) and diff are your friends

    9. Re:Airtel got caught, what about others? by Fnord666 · · Score: 1

      It is quite common in the US as the carriers also control the phones and can install their own certificates.

      One of the benefits to running a rooted phone is that you can lock down the list of accepted root certificates and prevent the carriers from updating that list.

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  5. Why DMCA take down notice? by 140Mandak262Jamuna · · Score: 1

    It is a javascript file. Every user of Airtel and every victim of companies using Flash networks to monetize the traffic will get these files when they visit websites. So it is very easy to get a copy of the code. So what did they achieve by this DMCA take down notice against git hub?

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Why DMCA take down notice? by Anonymous Coward · · Score: 0

      Nothing. Their lawyers, however? Billable hours.
      Not that anyone that touched this decision within either of them probably knows that the way it works the code is just out there, because that's how it works.

    2. Re:Why DMCA take down notice? by leptechie · · Score: 1

      The owner is objecting to the user redistributing the file which is apparently subject to a license. In this instance GitHub (in USA) needs to apply their own laws in making the determination of fair use or exemption but I think the DMCA notice will stand - unless I'm misinformed there is no exclusion to DMCA for academic purposes as there is in India's safe harbour provisions.

    3. Re:Why DMCA take down notice? by leptechie · · Score: 1

      Every user of Airtel ... will get these files when they visit websites.

      Exactly, which is why he would need to post to GitHub (or somewhere else) - not every person interested in or capable of analysing the code is a customer or Airtel (I know I'm not).

    4. Re:Why DMCA take down notice? by Anonymous Coward · · Score: 0

      In general, you can't redistribute text or code that you find on the Web even if it's easy to get a copy. You need a license.

    5. Re:Why DMCA take down notice? by gnupun · · Score: 2

      In general, you can't redistribute text or code that you find on the Web

      Even if the code was illegally inserted by hackers into your website? This is no different from a virus code; i.e. malicious code that affects the behavior of your program with no benefit to you.

      I don't think copyright applies to viruses, otherwise how do you transmit that virus code to an anti-virus company for scan/virus removal development without the permission of the anonymous virus writer?

    6. Re:Why DMCA take down notice? by currently_awake · · Score: 2

      A computer virus is copyrightable, just like any other code. What the code is used for has no effect on the copyright status.

    7. Re:Why DMCA take down notice? by gmack · · Score: 1

      How can a two line change to someone else's web page be covered by any sort of license?

    8. Re:Why DMCA take down notice? by gnupun · · Score: 1

      Then why are anti-virus companies not sued for copyright infringement? They get a copy of the virus from a third-party, without permission of the virus author.

    9. Re:Why DMCA take down notice? by gnasher719 · · Score: 2

      Then why are anti-virus companies not sued for copyright infringement? They get a copy of the virus from a third-party, without permission of the virus author.

      Because they can invite the copyright holder to meet them in court, and have the police waiting for him. This is like the guy who went to the police because someone stole his drugs. The police arrested both. Most virus authors are not _that_ stupid.

    10. Re:Why DMCA take down notice? by Cederic · · Score: 1

      The virus victim hasn't signed any EULA that would prevent them distributing the binaries.
      The AV company doesn't have the source.
      The AV company doesn't distribute the binaries.
      Anybody suing would be facing computer misuse charges before their case got laughed out of court.

      Apart from that, it's a fair question :)

    11. Re:Why DMCA take down notice? by Anonymous Coward · · Score: 0

      It would be the person delivering it that would be liable.

    12. Re:Why DMCA take down notice? by gnupun · · Score: 0

      Because they can invite the copyright holder to meet them in court, and have the police waiting for him.

      You're dodging the question.. Why do the AV companies copy the virus code without the virus author's permission? Two wrongs don't make a right. You have to agree that malware/virus does not enjoy copyright protection.

    13. Re:Why DMCA take down notice? by gnupun · · Score: 1

      The virus victim hasn't signed any EULA that would prevent them distributing the binaries.

      A typical bittorrent user downloading software or a movie also hasn't agreed to a EULA either. That doesn't mean he is free of copyright infringement.

      The AV company doesn't distribute the binaries.

      Program machine code falls under copyright (just like binaries of commercial software) and the act of copying the virus binary from the virus victim's computer to a machine owned by the AV company is considered copyright violation, under normal circumstances.

      So why can the AV companies copy the virus code to its computers, but we can't copy the virus/malware/whatever javascript code from Flash technologies?

    14. Re:Why DMCA take down notice? by Stephan+Schulz · · Score: 1

      The owner is objecting to the user redistributing the file which is apparently subject to a license. In this instance GitHub (in USA) needs to apply their own laws in making the determination of fair use or exemption but I think the DMCA notice will stand - unless I'm misinformed there is no exclusion to DMCA for academic purposes as there is in India's safe harbour provisions.

      The web site does not get to make its own determination, unless it want to lose the protection of the DMCA. The only way to keep it up is for the user in question to file a counter notice. In that case it become an issue between the user and the (alleged) copyright owner.

      --

      Stephan

    15. Re:Why DMCA take down notice? by Darinbob · · Score: 1

      Because DMCA takedowns are trivial to create, very difficult to remove, and very expensive to ignore. The law is hopelessly broken.

    16. Re:Why DMCA take down notice? by Darinbob · · Score: 1

      However they sent the code to that user. If someone sent me a letter in the snail mail, shouldn't I be able to show it to other people? Legally I probably can't but it's not logical.

      But regardless of that, the problem is the DMCA which can have take down orders that are devoid of any legal basis; if you get a take down order then it's your own money that must be spent to remove it.

    17. Re:Why DMCA take down notice? by Darinbob · · Score: 1

      There are no copyright notices on the malware. Though in many jurisdictions you no longer need the notice (including the US I think).

      On the other hand, are they actually copying the malware code or merely allowing the malware code to copy itself to their PCs after which they inspect it in a closed environment?

    18. Re:Why DMCA take down notice? by Cederic · · Score: 1

      Bittorrent doesn't execute machine instructions without your permission, whereas a virus carries implicit transfer of ownership by dint of installing itself on your computer.

      But that sidesteps your point.
      As I said, it's a fair question.

      Providing the JavaScript to an anti malware company so they could block it in the browser would be the more reasonable comparison.

      Suing the ISP for computer misuse is possibly an option too.

      Of course the Israeli firm may hold copyright on the original source but there's a derived work involved too, and if they do exert ownership then I'd be asking them why their code has been added to my website - again, that's against the law in the uk, not sure on the equivalent laws in India.

    19. Re:Why DMCA take down notice? by Fnord666 · · Score: 1

      The owner is objecting to the user redistributing the file which is apparently subject to a license. In this instance GitHub (in USA) needs to apply their own laws in making the determination of fair use or exemption but I think the DMCA notice will stand - unless I'm misinformed there is no exclusion to DMCA for academic purposes as there is in India's safe harbour provisions.

      I think the authors of each and every web page viewed by Airtel customers that have been modified by Airtel should sue Airtel for copyright infringement. Airtel is producing a derivative work of the original web page sent by the web server without a license to do so from the web page author. This is a willful violation of the web page author's copyright and is done so for monetary gain. The copyright holders should seek punitive as well as compensatory damages.

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
    20. Re:Why DMCA take down notice? by Anonymous Coward · · Score: 0

      Because the virus writers don't want their identities to become public.

      Duh!

    21. Re:Why DMCA take down notice? by leptechie · · Score: 1

      The content in question is likely not designed to be injected to a webpage on-the-fly, it is a standard script line that could have been provided to static pages or some other CMS presentation. Airtel is the one who decided altering content delivered to their clients, which they do not own, was appropriate. Flash Networks is blameless here, it's their customer who misbehaved.

    22. Re:Why DMCA take down notice? by leptechie · · Score: 1

      Good point, thanks

  6. And Again This Is Why... by Anonymous Coward · · Score: 0

    ...the web should be SSL everywhere.

    1. Re:And Again This Is Why... by Coren22 · · Score: 1

      You are very naive. I will leave this link here for you to ponder:

      http://en.wikipedia.org/wiki/S...

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  7. This isn't net neutrality by Anonymous Coward · · Score: 4, Insightful

    What is with these /. articles mixing up terminology? This isn't net neutrality. They aren't performing any packet shaping or anything like a "Fast Lane". They are injecting ads in other peoples sites. Actually this is more shitty than packet shaping, but let's not confuse terminology.

    Just in the last few days we had an article totally confusing what DRM is.

    1. Re:This isn't net neutrality by MobyDisk · · Score: 5, Insightful

      This isn't net neutrality. They aren't performing any packet shaping or anything like a "Fast Lane".

      Altering the content is the very core of net neutrality violations. One could, debatably, argue that packet shaping and quality of service is part of what an ISP needs to do to maintain a good flowing network. But there is no excuse whatsoever for altering content, and it is far more dangerous. It is bad if getting to a competitors web site is slow. It is frightening if the competitors web site has different content on it.

    2. Re:This isn't net neutrality by penguinoid · · Score: 1

      Just in the last few days we had an article totally confusing what DRM is.

      Lots of people confuse the Derogatory Restriction Maker with a different technology which, from its name, would seem like it should help you export copyrighted material into a more useful format (as is your right).

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    3. Re:This isn't net neutrality by Anonymous Coward · · Score: 0

      Exactly, someone please mod this up. The definition of net neutrality really is multifold because it should cover everything needed to limit an ISP to just a dumb pipe.

    4. Re:This isn't net neutrality by Anonymous Coward · · Score: 0

      What is with these /. articles mixing up terminology? This isn't net neutrality. They aren't performing any packet shaping or anything like a "Fast Lane". They are injecting ads in other peoples sites. Actually this is more shitty than packet shaping, but let's not confuse terminology.

      Just in the last few days we had an article totally confusing what DRM is.

      Mod parent up

    5. Re:This isn't net neutrality by zlives · · Score: 1

      If the web content is copyrighted... and then "modified" by third party code... is that a copy right violation and can be served with DMCA?!!

    6. Re:This isn't net neutrality by Anonymous Coward · · Score: 1

      This isn't net neutrality. They aren't performing any packet shaping or anything like a "Fast Lane".

      Altering the content is the very core of net neutrality violations. One could, debatably, argue that packet shaping and quality of service is part of what an ISP needs to do to maintain a good flowing network. But there is no excuse whatsoever for altering content, and it is far more dangerous. It is bad if getting to a competitors web site is slow. It is frightening if the competitors web site has different content on it.

      This^2.

      Can you imagine...say...a hostile government, altering the content of a site critical to their position, so that it actually SUPPORTS their position? The blog writer can add whatever they want, but when someone views the site, they see a government shill.

      This would probably be done by a corporation at the government's behest.

  8. Airtel is just following American ethics by Anonymous Coward · · Score: 0

    Is Airtel aware that their partner-in-crime is harassing an innocent well-wisher and activist for a crime he never committed? Is Airtel aware that injecting malicious scripts into unsuspecting user’s web browser is considered unethical throughout the world? Is Airtel taking things for granted? Is Airtel taking its users for granted? Will Airtel respond to this issue or decide to bury its head under the sand?

    Does Airtel even care as long as the cash keeps coming in.

  9. DMCA even has power over GitHub? by Roodvlees · · Score: 1

    Another reason to get rid of DMCA alltogether.

    --
    Thank you, Bradley Manning, Edward Snowden and so many others, for courageously defending humanity, my freedom and more!
    1. Re:DMCA even has power over GitHub? by leptechie · · Score: 1

      DMCA has power over any site that hopes not to have to hire an army of reviewers and moderators just to serve user-generated content. The problem isn't necessarily with the copyright takedowns process, which in this case seems to be quite justified (it's copyrighted, clear) but when it is abused by censorious thugs and their lawyers.

      This one seems pretty clear, user infringed copyright.

    2. Re:DMCA even has power over GitHub? by Anonymous Coward · · Score: 0

      DMCA is an American problem. What the fuck does it have to do with an Indian telco?

    3. Re:DMCA even has power over GitHub? by leptechie · · Score: 1

      The owner of the copyright did not send the DMCA Infringement notice to Airtel, India, they sent it to GitHub, San Francisco, California, where their copyrighted property was being served.

    4. Re:DMCA even has power over GitHub? by Anonymous Coward · · Score: 0

      DMCA has power over any site that hopes not to have to hire an army of reviewers and moderators just to serve user-generated content. The problem isn't necessarily with the copyright takedowns process, which in this case seems to be quite justified (it's copyrighted, clear) but when it is abused by censorious thugs and their lawyers.

      This one seems pretty clear, user infringed copyright.

      Would not the original author's blog also be under copyright protection?, and thus Airtel/Flash Networks is creating an unauthorized derived work?

    5. Re:DMCA even has power over GitHub? by gnasher719 · · Score: 1

      Another reason to get rid of DMCA alltogether.

      More like "another reason to turn your brain on".

      Someone created a blog. He has a copyright on that blog. Someone inserted Javascript. Which created a derivative copyrighted work. Which (a) you are not allowed to store on Github, so that DMCA complaint and removal was 100% Ok, and (b) violated one of the exclusive rights of the blogger, namely the right to create derivative works, so he can take them to court for that.

    6. Re:DMCA even has power over GitHub? by sabri · · Score: 1

      they sent it to GitHub

      So, stop using GitHub and post it on your own blog.

      --
      I'm not a complete idiot... Some parts are missing.
  10. Re:STEREOTYPING IS BAD... by gstoddart · · Score: 5, Insightful

    Ummm ... tell me, what is the stereotype here?

    "company+monitization" ... be that American, Israeli, British or Russian ... companies are pretty much there for one thing.

    Are you somehow suggesting that the true fact that Flash Networks is an Israeli company makes this is a stereotype?

    In which case, you're an idiot and don't understand the meaning of the word stereotype.

    Nobody is saying "yarg, teh evil Jews did it" -- they're saying a corporation, who happens to be Israeli, did this in India.

    What kind of whiny bullshit is it when pointing out an actual fact that it's an Israeli company is "stereotyping"? One with deluded idiots.

    --
    Lost at C:>. Found at C.
  11. Dear people that defend advertisers: by nitehawk214 · · Score: 5, Insightful

    Right then, all of you that attack people using adblock as "stealing" content.

    This is why we do it.

    --
    I'm a good cook. I'm a fantastic eater. - Steven Brust
    1. Re:Dear people that defend advertisers: by Anonymous Coward · · Score: 0

      If you want to advertise, host the ads inline on your own domain.
      If it's on MVPS hosts, it's invisible to me.

      p.s. just manually added 223.224.131.144 to my HOSTS file

  12. Laugh by koan · · Score: 0

    an Israel-based company, which specializes in "network monetization"

    Laugh...

    --
    "If any question why we died, Tell them because our fathers lied."
  13. In case you wanted to lookup the CEO who sent this by MrLint · · Score: 1

    http://www.flashnetworks.com/E...

  14. So... where's the mirror? by MarioXXX · · Score: 2

    Is there a mirror of that javascript anywhere? I'd really like to look at it.

    1. Re:So... where's the mirror? by SlashDotterOne · · Score: 1

      The file is supposed to behttp://223.224.131.144/scripts/Anchor.js But what I could find was only a jQuery plugin javascript. Nothing harmful. But apparently the coder found an IFRAME injection too. So what I found was a different file ?

  15. Even more reason to encrypt everything by thedavidcathey · · Score: 2

    The ISP can't inject stuff like that if your site is encrypted. This may irritate the 5-Eyes, but this isn't really to prevent content from being read by the government (they can read the page like anyone else), but to keep it from being molested in transit.

  16. github by Spazmania · · Score: 2

    Maybe the DMCA takedown was successful because he posted it on github. A source code repository isn't really an appropriate place to post content claimed to be fair use / political criticism. Think about it.

    Blog that sucker instead.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    1. Re:github by Darinbob · · Score: 1

      There is no "successful" here. A DMCA takedown notice must be adhered to in the US, or you have to pay the money to appeal against it. You can not merely ignore the take down order. Github versus a blog is irrelevant, both places must respond to the take down notice in the same way.

    2. Re:github by Spazmania · · Score: 1

      You can't merely ignore a takedown notice but there are a number of things you can do instead of complying if you believe it to be in error. The only thing that happens with refusal is that -IF- the material is later judged by a court to be infringing, you -might- be subject to damages for your refusal. That seems rather unlikely in this case.

      I have no idea what you mean by "pay the money to appeal against it." How do you think DMCA takedowns work anyway? It's just a formulaic letter, not necessarily even from a lawyer.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    3. Re:github by Anonymous Coward · · Score: 0

      I'm curious why DMCA (a US law, and a bad one) can be applied by an Israeli company against a citizen in India.

    4. Re:github by Spazmania · · Score: 1

      It isn't; it's applied by an Israeli company against a U.S. company, github. It doesn't matter where github's customer is located, the take down notice is applied against the hosting company.

      The put-back notice, should the gentleman in India choose to issue one, is also applied against the hosting company, in the U.S.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  17. Flash Networks Layer 8 product? by challman1 · · Score: 1

    This looks like their Layer 8 product: http://www.flashnetworks.com/L... The Layer8 platform helps mobile operators engage with their subscribers as they browse the web, and to offer them information and services that generate new downstream revenues from over-the-top affiliations. Layer8 is a clientless solution which appears over web pages on smartphones, tablets, and laptops. Does anyone know if the javascript was archived somewhere? I'd like to see it.

  18. Re:STEREOTYPING IS BAD... by Anonymous Coward · · Score: 0

    I get it now, this is one elaborate troll account.

    Well bravo, it took me a while to catch on.

  19. Net neutrality issue? by buchanmilne · · Score: 1

    Is this really a net neutrality issue? Did anyone verify whether they are injecting across-the-board or only specific sites of competing services?

    Disclaimer: I work for an ISP that does JS injection to notify users on quota-based accounts when they have used all of their data, the alternative is to hard redirect http and block all traffic until they log in to a portal.

    1. Re:Net neutrality issue? by TheDarkMaster · · Score: 1

      It is. I am a system administrator and more than once I had problems with one of my systems - which is restricted use and very important - caused by rogue javascript code inserted by ISPs or viruses on the user's computer (such codes could never harm the system server itself but prevented the affected user to use it). And as example, if it was you who put this rogue code on the user's connection I could have you arrested for interfering with state emergency services. Point is, injected rogue javascript can cause many, serious problems.

      --
      Religion: The greatest weapon of mass destruction of all time
    2. Re:Net neutrality issue? by Anonymous Coward · · Score: 1

      "the alternative is to hard redirect http and block all traffic until they log in to a portal."

      That is the only valid, legal and moral path. That and sending the user email/text/snailmail/phone whatever notification if they've asked for it. Injection is Just Wrong, whether you're the ISP or the vendor of a router that randomly does something similar (I'm looking at you, Belkin).

      Exception -- the user has explicitly authorized (ie, opted in, not buried in the ToS) you to do injection for that purpose.

  20. GPL3 your website code by Anonymous Coward · · Score: 0

    Then they have no complaint of violation anymore, as they modify and publish a GPL3 thing.

  21. Re:In case you wanted to lookup the CEO who sent t by Anonymous Coward · · Score: 1

    I am a former employee. Not surprised about this at all. I want to run the same tests on T-Mobile because FlashNetworks is embedded inside T-Mobiles infrastructure.

  22. Re:STEREOTYPING IS BAD... by Anonymous Coward · · Score: 0

    Oh now I get it, you're one of those Golden Dawn dimwits. Well, how's that working out for you. Let me tell you, the jews, immigrants, whoever you choose to blame, have nothing to do with the fact that you GREEKS have dug yourselves into such a deep hole that no one is willing to help you out any more.

  23. Legal vs Military by Anonymous Coward · · Score: 0

    many would consider any such action against their web pages to be an attack and if it takes place, they would be subject to a military response.

  24. Airtel & Vodafone both inject Javascript in In by SlashDotterOne · · Score: 2

    Not only Airtel, Vodafone also injects Javascript code into 3G users in India.
    If you are browsing from such a connection, just "View Source" of ANY webpage that is not https
    It shows a SCRIPT tag which includes the following files :

    http://223.224.131.144/scripts/Anchor.js in an Airtel connection

    Vodafone uses the similar http://1.2.3.4/bmi-int-js/bmi.js *Happens on all http but not https websites(like banking and secure websites with a lock symbol)
    *As of now injects an empty iframe which seems to be a toolbar in making
    *It slows down the site loading
    *Uses your 3G data
    *It messes up with the structure of the site
    *Has access to clients browser and content
    *Can add more code to monitor your web activity on all these pages.
    *Works even on Incognito mode, Private browsing

  25. Counter attack? by everett · · Score: 3, Interesting

    Perhaps someone should write a javascript library that can detect if this "ad injection" library has been injected to the page, counter/block its effects and display a notice to the viewer that their ISP is up to some jackassery. Now that would have value.

    --
    Sig withheld to protect the innocent.
  26. Re:STEREOTYPING IS BAD... by antiperimetaparalogo · · Score: 0

    My god but you are a pointless fucking moron.

    Nobody give a fucking shit about your stupid Greek Nazi bullshit.

    Isn't a bit pointless to reply to a stupid pointless fucking moron Greek NaZi? Just "don't give a fuck" about my bullshit, and any of your issues with me are solved

    --
    Antisthenes: "Wisdom begins by examining the words/names." - excuse my English, i am (slightly...) better with my Greek!
  27. Re:STEREOTYPING IS BAD... by antiperimetaparalogo · · Score: 0

    Oh now I get it, you're one of those Golden Dawn dimwits. Well, how's that working out for you. Let me tell you, the jews, immigrants, whoever you choose to blame, have nothing to do with the fact that you GREEKS have dug yourselves into such a deep hole that no one is willing to help you out any more.

    True story from Greece (about Golden Dawn): one of its members is arrested for his anti-immigration activities, and, among other things, he is accused as being an "anti-Semitic"... turns out his mother is Jew, and "magicaly" the prosecutor "forgot" to include him in the trial - he, the half-Greek/half-Jew Golden Dawn member, had no problem been accused, but then the prosecutor could not accuse the rest of the Golden Dawn members as "anti-Semitic"!

    --
    Antisthenes: "Wisdom begins by examining the words/names." - excuse my English, i am (slightly...) better with my Greek!
  28. Re:STEREOTYPING IS BAD... by Anonymous Coward · · Score: 0

    True story from Greece (about Golden Dawn): they really got their point across by stabbing a rapper. That'll show them pesky immigrants. Fight the power!

  29. Time for the GPL! by SoftwareArtist · · Score: 2

    Really, the GPL is perfect for solving problems like this. Stick a GPL notice in the source of one of your webpages. Download it from their network. They've just created a derived product by modifying your source, and all their additions are now GPL licensed themselves.

    --
    "I'm too busy to research this and form an educated opinion, but I do have time to tell everyone my uninformed opinion."
    1. Re:Time for the GPL! by Anonymous Coward · · Score: 0

      The GPL works because modifying your source and distributing the derived work is copyright infringement which is illegal, so their only way out is to obey the GPL.

      It's simpler to not use any license and not even give them a way out.

  30. is the legal threat viable? by Anonymous Coward · · Score: 0

    Just curious. If the company has no rep in India, will they be able to sue using Indian law?

  31. Maybe its time for HTML tampering tech? by Anonymous Coward · · Score: 0

    like https? :-)

  32. DarinBob = "Run, Forrest: RUN!!!" by Anonymous Coward · · Score: 0

    See subject "Forrest" & this -> http://tech.slashdot.org/comme...

  33. DarinBob = "Run, Forrest: RUN!!!" by Anonymous Coward · · Score: 0

    See subject "Forrest" & this -> http://tech.slashdot.org/comme...

  34. DarinBob = "Run, Forrest: RUN!!!" by Anonymous Coward · · Score: 0

    See subject "Forrest" & this -> http://tech.slashdot.org/comme...

  35. DarinBob = "Run, Forrest: RUN!!!" by Anonymous Coward · · Score: 0

    See subject "Forrest" & this -> http://tech.slashdot.org/comme...