Slashdot Mirror
Developer Draws Legal Threat For Exposing Indian Telco's Net Neutrality Violation
knightsirius writes: Indian broadband and cellular operator Airtel was discovered to be injecting third-party JavaScript files into web pages delivered over their wireless networks. A developer was viewing the source of his own blog and noticed the additional script when viewed on a Airtel connection. He traced the file back to Flash Networks, an Israel-based company, which specializes in "network monetization" and posted the source on GitHub. Since then, he has received a cease-and-desist from Flash Networks and the code on GitHub has been removed following a DMCA takedown notice.
Readers may remember Airtel from its previous dubious record with network neutrality.
Readers may remember Airtel from its previous dubious record with network neutrality.
He didn't post it, it was injected ;)
When they embed it in your blog ... fuck 'em.
They modified his blog with code, which means it's now his code.
Or are we pretending that when corporations do shit like this it's OK?
I read this as "assholes embed code in pages, and then whine when that code gets made public to point out that it's happening".
No sympathy. Not even a little.
Lost at C:>. Found at C.
Technically they made a change to his copyrighted code and since he was paying them for the service the copyright should belong to him.
*Whoosh* to all who modded this down.
Or it's political corollary: The cover up is always worse than the original crime.
excitingthingstodo.blogspot.com
Not only that, but they made an unauthorized change to his code that displayed ads. If anyone else were to do this, it would be called "hacking his website" and the group responsible would (theoretically) be brought to justice. However, since it is an ISP, they get to call it "monetizing their service" (or some other weasel words) and the companies responsible for the ads get to sue for copyright infringement. Imagine if a group of hackers sued for copyright infringement because the code used in their hack was publicized. They would be laughed out of court.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
What is with these /. articles mixing up terminology? This isn't net neutrality. They aren't performing any packet shaping or anything like a "Fast Lane". They are injecting ads in other peoples sites. Actually this is more shitty than packet shaping, but let's not confuse terminology.
Just in the last few days we had an article totally confusing what DRM is.
He can probably one-up them and sue THEM for tampering with his code. I bet if you did something like this to a company's page, they'd sue you, guns blazing like the terrorist you are.
They must know their code gets out there for everyone to see, the way they're doing it. It's trivial that it can be looked at and copied. If it's such a trade secret, keep it out of the public's face.
You can't just go posting other's source code on the web without permission. There are other, better ways to deal with this asshattery.
There are two parts here, neither of which alone add up to the combined outrage (though both spurious): 1) Company A writes code to inject ads to documents, and Company B decides to inject these into pages from other people's services. Whether B got permission from A for this exact purpose we don't know, but it could just as likely be embedded in pages B serve themselves. Note, the injection part here is suspect, but unrelated to the DMCA notice. 2> Owner of said code (Company A) blows his lid that company property is openly accessible at GitHub. and uses appropriate tools to deal with it.
If this is one party injecting their own code into a HTTP session without consent, then objecting to the subsequent source disclosure then fine, let rip, but the context here is critical, and without a view of the source we can't assume more than we know: This is a hostile act, intentionally modifying content in-transit, and more than just compressing JPEGs for mobile network consumption, it alters functionality and potentially the security of the user's device.
He is well within his rights to ask for help from all and sundry in determining the potential harm, especially if (as it appears, I tried and failed) the file can only be downloaded from Company B's network and anyone willing to assist would be unable if not a subscriber. The Net Neutrality rules in India back him up, but unfortunately for him the DMCA covers GutHub under US law. It does protect him from the asshatted letter that makes threats if he continues to exert his rights under Indian law. Flash Networks' conduct here is mixed, but Airtel is incredible, and so far they remain uninvolved and unthreatened.
Ummm ... tell me, what is the stereotype here?
"company+monitization" ... be that American, Israeli, British or Russian ... companies are pretty much there for one thing.
Are you somehow suggesting that the true fact that Flash Networks is an Israeli company makes this is a stereotype?
In which case, you're an idiot and don't understand the meaning of the word stereotype.
Nobody is saying "yarg, teh evil Jews did it" -- they're saying a corporation, who happens to be Israeli, did this in India.
What kind of whiny bullshit is it when pointing out an actual fact that it's an Israeli company is "stereotyping"? One with deluded idiots.
Lost at C:>. Found at C.
How many people routinely check the source of their own web page through different connections to look for such injections? If some major US cell network or ISP did this, how likely they will be caught? Would https stop them from messing around with injections?
So long as the injector can't issue SSL certs that the user will trust, yes, https will stop such injections.
If the injector *can* issue SSL certs that the user will trust (e.g. the ISP requires users install their local CA, or they somehow have a global wildcard from a trusted CA), all bets are off -- the injector can impersonate and inject content into any https-secured site.
Well, this is one of those things where copyright law doesn't necessarily behave the way people think it should.
Take the famous case of science fiction author Marion Zimmer Bradley. For years she encouraged fan fiction in her Darkover universe -- until she wanted to use some plot ideas from a fan story she had read in one of her own novels. The author of the fan story successfully blocked the publication of MZB's novel.
So it's clear that original authors don't automatically get ownership of derivative works. What they get is more like a veto power over various uses the derivative author can put his work to. Actually slinging around the word "ownership" in this kind of context tends to be misleading. Copyright is considerably different from the usual concept of "ownership", e.g., the way that you own your car or your pants. It's actually a kind of legal monopoly on certain activities as they apply to a work. That explains why an interlocking web of monopoly rights can lead to a work being simply unusable; that's a result which violates people's intuition that someone must "own" the work and therefore must be able to do whatever he pleases with it.
In this case the best position for the developer to take is that his posting is covered in some way by fair use.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
What if my terms of service says you owe me a billion dollars if you modify my code?
When the hell did we start thinking of terms of service as magical?
Lost at C:>. Found at C.
If anyone else were to do this, it would be called "hacking his website" and the group responsible would (theoretically) be brought to justice. However, since it is an ISP, they get to call it "monetizing their service"
Even worse, this is a 3G network, so they're not just monetising, they're artificially inflating their customers' usage by forcing them to down content they didn't request on a service that is typically directly billed by utilisation.
Right then, all of you that attack people using adblock as "stealing" content.
This is why we do it.
I'm a good cook. I'm a fantastic eater. - Steven Brust
When the US Government started letting companies use terms of service as a defense that normal citizens couldn't beat.
Except that your case is nothing like this one, because in this case the original work was replaced with the "derivative", with the derivative being misrepresented as the original one.
This would be like if a fanfic author worked at the publisher for the author they loved and decided to change a bit of the text in one of their favorite novels so that it mentioned a product they sell on the side. The novel then gets passed on to bookstores with no one the wiser, and it's not until months later that the author is poking through some pages and realizes that this isn't the novel they wrote, even though it's being represented as such. If the publisher continues in misrepresenting that work as being the author's, then we'd have an expectation that the author would have just as much right to that altered text as to their original text.
Of course, the analogy breaks down here, since authors routinely hand over ownership rights to their publishers, whereas web developers essentially never hand over authorship rights to their ISPs.
Even if the code was illegally inserted by hackers into your website? This is no different from a virus code; i.e. malicious code that affects the behavior of your program with no benefit to you.
I don't think copyright applies to viruses, otherwise how do you transmit that virus code to an anti-virus company for scan/virus removal development without the permission of the anonymous virus writer?
Is there a mirror of that javascript anywhere? I'd really like to look at it.
The ISP can't inject stuff like that if your site is encrypted. This may irritate the 5-Eyes, but this isn't really to prevent content from being read by the government (they can read the page like anyone else), but to keep it from being molested in transit.
Maybe the DMCA takedown was successful because he posted it on github. A source code repository isn't really an appropriate place to post content claimed to be fair use / political criticism. Think about it.
Blog that sucker instead.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
A computer virus is copyrightable, just like any other code. What the code is used for has no effect on the copyright status.
Wow ... and the US government has control over what an Israeli company is doing in India ... why???
This has nothing at all to do with US law, other than the DMCA was used on Github.
Lost at C:>. Found at C.
On copyright grounds. His page was copyrighted. They modified it and distributed the derivative work without a license. He can use the DMCA to take down all of the modified pages.
the issue is that some companies think that their code is 'execute-only', and if you try to READ it, they come after you, legally.
does that make any sense?
'here, run this code. each time you access your own page, run MY code. but don't DARE view it. we don't allow that and we don't allow you to explain what our code does.
"JUST RUN IT, CITIZEN!"
this is what their argument amounts to. you 'must' run our code but you 'must not' look at it.
its how marketers think. we 'must' be allowed to inject our code in your stream and you 'must not' be able to run blockers to suppress our code in your stream.
fine kettle of fish we have in this brave new world of ours...
--
"It is now safe to switch off your computer."
Oh no...now he'll DCMA /., why would you post all his copyrighted information to /. like that?
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Then why are anti-virus companies not sued for copyright infringement? They get a copy of the virus from a third-party, without permission of the virus author.
Because they can invite the copyright holder to meet them in court, and have the police waiting for him. This is like the guy who went to the police because someone stole his drugs. The police arrested both. Most virus authors are not _that_ stupid.
They injected code into his blog. So they made a derivative work of his, the code belongs to him.
It doesn't. Creating a derivative work may be copyright infringement, but it doesn't give the owner of the original code any rights to the derivative work.
Not only Airtel, Vodafone also injects Javascript code into 3G users in India. :
If you are browsing from such a connection, just "View Source" of ANY webpage that is not https
It shows a SCRIPT tag which includes the following files
http://223.224.131.144/scripts/Anchor.js in an Airtel connection
Vodafone uses the similar http://1.2.3.4/bmi-int-js/bmi.js *Happens on all http but not https websites(like banking and secure websites with a lock symbol)
*As of now injects an empty iframe which seems to be a toolbar in making
*It slows down the site loading
*Uses your 3G data
*It messes up with the structure of the site
*Has access to clients browser and content
*Can add more code to monitor your web activity on all these pages.
*Works even on Incognito mode, Private browsing
Perhaps someone should write a javascript library that can detect if this "ad injection" library has been injected to the page, counter/block its effects and display a notice to the viewer that their ISP is up to some jackassery. Now that would have value.
Sig withheld to protect the innocent.
Really, the GPL is perfect for solving problems like this. Stick a GPL notice in the source of one of your webpages. Download it from their network. They've just created a derived product by modifying your source, and all their additions are now GPL licensed themselves.
"I'm too busy to research this and form an educated opinion, but I do have time to tell everyone my uninformed opinion."