Slashdot Mirror
Developer Draws Legal Threat For Exposing Indian Telco's Net Neutrality Violation
knightsirius writes: Indian broadband and cellular operator Airtel was discovered to be injecting third-party JavaScript files into web pages delivered over their wireless networks. A developer was viewing the source of his own blog and noticed the additional script when viewed on a Airtel connection. He traced the file back to Flash Networks, an Israel-based company, which specializes in "network monetization" and posted the source on GitHub. Since then, he has received a cease-and-desist from Flash Networks and the code on GitHub has been removed following a DMCA takedown notice.
Readers may remember Airtel from its previous dubious record with network neutrality.
Readers may remember Airtel from its previous dubious record with network neutrality.
He didn't post it, it was injected ;)
When they embed it in your blog ... fuck 'em.
They modified his blog with code, which means it's now his code.
Or are we pretending that when corporations do shit like this it's OK?
I read this as "assholes embed code in pages, and then whine when that code gets made public to point out that it's happening".
No sympathy. Not even a little.
Lost at C:>. Found at C.
Technically they made a change to his copyrighted code and since he was paying them for the service the copyright should belong to him.
*Whoosh* to all who modded this down.
Or it's political corollary: The cover up is always worse than the original crime.
excitingthingstodo.blogspot.com
Not only that, but they made an unauthorized change to his code that displayed ads. If anyone else were to do this, it would be called "hacking his website" and the group responsible would (theoretically) be brought to justice. However, since it is an ISP, they get to call it "monetizing their service" (or some other weasel words) and the companies responsible for the ads get to sue for copyright infringement. Imagine if a group of hackers sued for copyright infringement because the code used in their hack was publicized. They would be laughed out of court.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
How many people routinely check the source of their own web page through different connections to look for such injections? If some major US cell network or ISP did this, how likely they will be caught? Would https stop them from messing around with injections?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
It is a javascript file. Every user of Airtel and every victim of companies using Flash networks to monetize the traffic will get these files when they visit websites. So it is very easy to get a copy of the code. So what did they achieve by this DMCA take down notice against git hub?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
What is with these /. articles mixing up terminology? This isn't net neutrality. They aren't performing any packet shaping or anything like a "Fast Lane". They are injecting ads in other peoples sites. Actually this is more shitty than packet shaping, but let's not confuse terminology.
Just in the last few days we had an article totally confusing what DRM is.
While it's true that he might not have had any explicit permission to publish their source code on the web, I think an argument could be made that such permission was implicit.... since the company was already pushing the source code to every single person that used the serviice anyways (being javascript, and it needing to run in the client's web browser).... and it's not like he was publishing something that he was never entitled to access to, nor had any obligation to keep confidential.
File under 'M' for 'Manic ranting'
No, they changed his web page to insert the URL, so only the URL becomes part of the document. The linked script it refers to retains its' own copyright which, in the absence of a copyright statement, could only reasonably be assumed to be the carrier that modified his blog's transmission.
He can probably one-up them and sue THEM for tampering with his code. I bet if you did something like this to a company's page, they'd sue you, guns blazing like the terrorist you are.
They must know their code gets out there for everyone to see, the way they're doing it. It's trivial that it can be looked at and copied. If it's such a trade secret, keep it out of the public's face.
Another reason to get rid of DMCA alltogether.
Thank you, Bradley Manning, Edward Snowden and so many others, for courageously defending humanity, my freedom and more!
Won't work if the company granted themselves the right to tamper in the Terms of Service.
... Without permission...
... as he picked it from his browser as I understand. It's javascript as I understand, meaning any one could pick up that code and do what ever they want with it.
If you fling shit through my window. And I pick it up with a towel and hang it on a billboard will you sue me for making money or claim revenue loss because I use your content as advertising?
They forced their shit up his ass and he responded by putting up code that is apparently publicly available
You can't just go posting other's source code on the web without permission. There are other, better ways to deal with this asshattery.
There are two parts here, neither of which alone add up to the combined outrage (though both spurious): 1) Company A writes code to inject ads to documents, and Company B decides to inject these into pages from other people's services. Whether B got permission from A for this exact purpose we don't know, but it could just as likely be embedded in pages B serve themselves. Note, the injection part here is suspect, but unrelated to the DMCA notice. 2> Owner of said code (Company A) blows his lid that company property is openly accessible at GitHub. and uses appropriate tools to deal with it.
If this is one party injecting their own code into a HTTP session without consent, then objecting to the subsequent source disclosure then fine, let rip, but the context here is critical, and without a view of the source we can't assume more than we know: This is a hostile act, intentionally modifying content in-transit, and more than just compressing JPEGs for mobile network consumption, it alters functionality and potentially the security of the user's device.
He is well within his rights to ask for help from all and sundry in determining the potential harm, especially if (as it appears, I tried and failed) the file can only be downloaded from Company B's network and anyone willing to assist would be unable if not a subscriber. The Net Neutrality rules in India back him up, but unfortunately for him the DMCA covers GutHub under US law. It does protect him from the asshatted letter that makes threats if he continues to exert his rights under Indian law. Flash Networks' conduct here is mixed, but Airtel is incredible, and so far they remain uninvolved and unthreatened.
Ummm ... tell me, what is the stereotype here?
"company+monitization" ... be that American, Israeli, British or Russian ... companies are pretty much there for one thing.
Are you somehow suggesting that the true fact that Flash Networks is an Israeli company makes this is a stereotype?
In which case, you're an idiot and don't understand the meaning of the word stereotype.
Nobody is saying "yarg, teh evil Jews did it" -- they're saying a corporation, who happens to be Israeli, did this in India.
What kind of whiny bullshit is it when pointing out an actual fact that it's an Israeli company is "stereotyping"? One with deluded idiots.
Lost at C:>. Found at C.
Well, this is one of those things where copyright law doesn't necessarily behave the way people think it should.
Take the famous case of science fiction author Marion Zimmer Bradley. For years she encouraged fan fiction in her Darkover universe -- until she wanted to use some plot ideas from a fan story she had read in one of her own novels. The author of the fan story successfully blocked the publication of MZB's novel.
So it's clear that original authors don't automatically get ownership of derivative works. What they get is more like a veto power over various uses the derivative author can put his work to. Actually slinging around the word "ownership" in this kind of context tends to be misleading. Copyright is considerably different from the usual concept of "ownership", e.g., the way that you own your car or your pants. It's actually a kind of legal monopoly on certain activities as they apply to a work. That explains why an interlocking web of monopoly rights can lead to a work being simply unusable; that's a result which violates people's intuition that someone must "own" the work and therefore must be able to do whatever he pleases with it.
In this case the best position for the developer to take is that his posting is covered in some way by fair use.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
What if my terms of service says you owe me a billion dollars if you modify my code?
When the hell did we start thinking of terms of service as magical?
Lost at C:>. Found at C.
Java Script files are not encrypted. Anyone who went to the blog could have viewed the file's source so what does it matter if it is on GitHub or not. When the tables are reversed we would be told something like "there is no expectation that [insert subject matter] would ever be private so we the [insert corporation or government agency] are within our rights to use [insert subject matter] as we see fit."
If anyone else were to do this, it would be called "hacking his website" and the group responsible would (theoretically) be brought to justice. However, since it is an ISP, they get to call it "monetizing their service"
Even worse, this is a 3G network, so they're not just monetising, they're artificially inflating their customers' usage by forcing them to down content they didn't request on a service that is typically directly billed by utilisation.
Right then, all of you that attack people using adblock as "stealing" content.
This is why we do it.
I'm a good cook. I'm a fantastic eater. - Steven Brust
http://www.flashnetworks.com/E...
When the US Government started letting companies use terms of service as a defense that normal citizens couldn't beat.
Except that your case is nothing like this one, because in this case the original work was replaced with the "derivative", with the derivative being misrepresented as the original one.
This would be like if a fanfic author worked at the publisher for the author they loved and decided to change a bit of the text in one of their favorite novels so that it mentioned a product they sell on the side. The novel then gets passed on to bookstores with no one the wiser, and it's not until months later that the author is poking through some pages and realizes that this isn't the novel they wrote, even though it's being represented as such. If the publisher continues in misrepresenting that work as being the author's, then we'd have an expectation that the author would have just as much right to that altered text as to their original text.
Of course, the analogy breaks down here, since authors routinely hand over ownership rights to their publishers, whereas web developers essentially never hand over authorship rights to their ISPs.
Is there a mirror of that javascript anywhere? I'd really like to look at it.
The ISP can't inject stuff like that if your site is encrypted. This may irritate the 5-Eyes, but this isn't really to prevent content from being read by the government (they can read the page like anyone else), but to keep it from being molested in transit.
Maybe the DMCA takedown was successful because he posted it on github. A source code repository isn't really an appropriate place to post content claimed to be fair use / political criticism. Think about it.
Blog that sucker instead.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
This looks like their Layer 8 product: http://www.flashnetworks.com/L... The Layer8 platform helps mobile operators engage with their subscribers as they browse the web, and to offer them information and services that generate new downstream revenues from over-the-top affiliations. Layer8 is a clientless solution which appears over web pages on smartphones, tablets, and laptops. Does anyone know if the javascript was archived somewhere? I'd like to see it.
Publishing on the internet does NOT extinguish your copyright. The author (web page owner) legally requires permission from the (slimeball) corporation to publish their copyrighted material. The author might be able to sue for impersonation (they pretended the stuff they served was from the author), and they (corp) might be liable for defamation (they served up adds on his website without consent and made it look like he (author) was doing it), but they most certainly have the right to block him publishing their code.
No by providing the URL link to content they voluntarily provided that content the URL refereed to, they gave it to him. You can not provide a compulsory link so someone and then claim they infringed copyright when that link downloaded content. This is not different to delivery a package to someone with say a CD and claiming if they open the package they have to pay for the CD.
Chaos - everything, everywhere, everywhen
Wow ... and the US government has control over what an Israeli company is doing in India ... why???
This has nothing at all to do with US law, other than the DMCA was used on Github.
Lost at C:>. Found at C.
Actually this reminds me of those Direct Revenue assholes who hijacked Windows desktops to display ads: http://www.benedelman.org/spyw.... Bottom line is that regardless of copyright or DMCA issues, when ads are actively injected into anything people should always get pissed.
I will agree that publishing on the Internet doesn't remove copyright. (Sorry to all those who think they can just use anything they find in a Google Images search.) However, in this case, it looks like part of the complaint is that publishing this damages the company's "name and reputation." They are claiming that calling them out on scummy things that they do is illegal.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
On copyright grounds. His page was copyrighted. They modified it and distributed the derivative work without a license. He can use the DMCA to take down all of the modified pages.
Well, this is one of those things where copyright law doesn't necessarily behave the way people think it should.
Why not? The blogger just needs to send github a DMCA counter-notice, and that's that. This is a very clear case of Fair Use. The company can try to sue in US court, but it would just lose and amplify the Streisand effect.
Also, I'm not sure why the name of the CEO of Flash networks is edited out of the DMCA notice, but his name is Liam Galin according to their web site. Here is his linkedin. This guy is obviously an idiot where it comes to the internet and public relations. If he becomes unemployed one day, it would be foolish to hire someone like that for anything internet-related or public relations related.
If you'd like to complain to the company itself. Here are the company's physical addresses and contact information in the US, Israel, Europe, and Singapore.
the issue is that some companies think that their code is 'execute-only', and if you try to READ it, they come after you, legally.
does that make any sense?
'here, run this code. each time you access your own page, run MY code. but don't DARE view it. we don't allow that and we don't allow you to explain what our code does.
"JUST RUN IT, CITIZEN!"
this is what their argument amounts to. you 'must' run our code but you 'must not' look at it.
its how marketers think. we 'must' be allowed to inject our code in your stream and you 'must not' be able to run blockers to suppress our code in your stream.
fine kettle of fish we have in this brave new world of ours...
--
"It is now safe to switch off your computer."
Oh no...now he'll DCMA /., why would you post all his copyrighted information to /. like that?
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
You are very naive. I will leave this link here for you to ponder:
http://en.wikipedia.org/wiki/S...
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
They injected code into his blog. So they made a derivative work of his, the code belongs to him.
It doesn't. Creating a derivative work may be copyright infringement, but it doesn't give the owner of the original code any rights to the derivative work.
Is this really a net neutrality issue? Did anyone verify whether they are injecting across-the-board or only specific sites of competing services?
Disclaimer: I work for an ISP that does JS injection to notify users on quota-based accounts when they have used all of their data, the alternative is to hard redirect http and block all traffic until they log in to a portal.
Publishing on the internet does NOT extinguish your copyright. The author (web page owner) legally requires permission from the (slimeball) corporation to publish their copyrighted material. The author might be able to sue for impersonation (they pretended the stuff they served was from the author), and they (corp) might be liable for defamation (they served up adds on his website without consent and made it look like he (author) was doing it), but they most certainly have the right to block him publishing their code.
Making something available on the public net is generally considered to provide the user with an implied license to download and read the document. It does not extinguish copyright (i.e. you cannot freely copy it), but you sure can download it. Otherwise each website access would be a copyright violation. This principle is well established. Moreover, of course, in this case, publishing is fair use for commentary. Distribution of the code to expose their practices is not in competition with the companies' use (which is, after all, freely distributing the code). It is inconvenient for the companies to have their unethical and almost certainly illegal practices in the limelight, but keeping dirty secrets is not something protected by copyright.
Stephan
I am a former employee. Not surprised about this at all. I want to run the same tests on T-Mobile because FlashNetworks is embedded inside T-Mobiles infrastructure.
Not only Airtel, Vodafone also injects Javascript code into 3G users in India. :
If you are browsing from such a connection, just "View Source" of ANY webpage that is not https
It shows a SCRIPT tag which includes the following files
http://223.224.131.144/scripts/Anchor.js in an Airtel connection
Vodafone uses the similar http://1.2.3.4/bmi-int-js/bmi.js *Happens on all http but not https websites(like banking and secure websites with a lock symbol)
*As of now injects an empty iframe which seems to be a toolbar in making
*It slows down the site loading
*Uses your 3G data
*It messes up with the structure of the site
*Has access to clients browser and content
*Can add more code to monitor your web activity on all these pages.
*Works even on Incognito mode, Private browsing
Perhaps someone should write a javascript library that can detect if this "ad injection" library has been injected to the page, counter/block its effects and display a notice to the viewer that their ISP is up to some jackassery. Now that would have value.
Sig withheld to protect the innocent.
Really, the GPL is perfect for solving problems like this. Stick a GPL notice in the source of one of your webpages. Download it from their network. They've just created a derived product by modifying your source, and all their additions are now GPL licensed themselves.
"I'm too busy to research this and form an educated opinion, but I do have time to tell everyone my uninformed opinion."
Won't work if the company granted themselves the right to tamper in the Terms of Service.
That might save them from being sued by the users but not the publishers. They are creating unauthorized derivative copies of copyrighted works.
That's illegal.
A third party can't waive your right to defend your IP.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Not if he words it right. It could for the take down of all modified pages. In other words, the Internet. Which would force the ISP to back off while this works out.
"They" who did the providing is Airtel, the 3G provider, and likely under a distribution agreement with Flash Networks, the copyright owner, for specific purposes. When the actual copyright owner (FN) found their content on GitHub, they sent the takedown. I think Flash Networks acted appropriately with the proper tool and, for once, the DMCA notification content is actually correct. Airtel are the ones who have things to answer for, not FN.
When they embed it in your blog ... fuck 'em.
They modified his blog with code, which means it's now his code.
Or are we pretending that when corporations do shit like this it's OK?
I read this as "assholes embed code in pages, and then whine when that code gets made public to point out that it's happening".
No sympathy. Not even a little.
I suppose that the only thing the code owner can do is add an appendix that does a realtime crc or md5sum check of the code that is his. If the code is corrupted, the service can take action as appropriate.
Leslie Satenstein Montreal Quebec Canada