by Mike Masnick
Fri, Aug 10th 2012 7:39pm
by Mike Masnick
Mon, Jul 30th 2012 4:38am
from the punishing-your-paying-customers dept
So would it come as any surprise that it may now be facing a "rootkit moment" of its own?
As a whole bunch of folks have been submitting, some hackers have figured out that Ubisoft's Uplay DRM appears to install an unsecure browser plugin. The details came out over the weekend, first on a security mailing list, and were then followed up with some test exploit code posted to Hacker News.
Basically, it appears that Ubisoft's DRM is installing an accidental backdoor that makes it possible for any website to effectively take control over your computer. That's... uh... pretty bad.
From the details, the real problem sounds to be one of exceptionally poor coding, rather than maliciousness. Basically, they wanted to let you launch the game via a website, but failed to limit it to just the game -- meaning that a site can make use of the plugin to basically do a whole bunch of stuff on your computer (including things you don't want it to do). The browser plugin is easy to remove (and you should, um, immediately, if you've installed any Ubisoft games), so it's not quite as messy as Sony's rootkit, which was pretty deeply buried. But it's still really bad.
Yet another case of DRM really making life difficult for legitimate customers who paid money for your product. When will companies figure out that DRM does nothing to stop piracy, but makes life really difficult for the people who actually give you money?
by Mike Masnick
Fri, Apr 20th 2012 2:58pm
from the too-flipping-bad dept
In the meantime, if Playmobil does not want to be associated with the Pirate Party, perhaps it shouldn't sell Pirate Party Cups.
by Mike Masnick
Tue, Apr 3rd 2012 9:28am
from the entropy-is-not-a-bad-thing dept
One way to think about the War for the Internet is to cast it as a polar conflict: Order versus Disorder, Control versus Chaos. The forces of Order want to superimpose existing, pre-digital power structures and their associated notions of privacy, intellectual property, security, and sovereignty onto the Internet. The forces of Disorder want to abandon those rickety old structures and let the will of the crowd create a new global culture, maybe even new kinds of virtual "countries." At their most extreme, the forces of Disorder want an Internet with no rules at all.This is an interesting, and somewhat different way of positioning many of the battles that we normally talk about. I think that some of the descriptions in the article are overly simplistic (to downright misleading), but the framing is still interesting. I cringe a little at the use of "chaos" as being the opposite of control here, because I think chaos (and disorder) have negative connotations. Furthermore, when you set it up that way, you are effectively suggesting that order or control on the internet is possible. I don't think that those pushing back against the folks described in the article as seeking "order" are necessarily in favor of "disorder." It's more that they recognize the impossibility of controlling a system that is effectively uncontrollable, and that each attempt to do so has significant (sometimes intended, but frequently unintended) consequences.
A conflict with two sides is a picture we're used to--and although in this case it's simplistic, it's a way to get a handle on what the stakes are. But the story of the War for the Internet, as it's usually told, leaves out the characters who have the best chance to resolve the conflict in a reasonable way. Think of these people as the forces of Organized Chaos. They are more farsighted than the forces of Order and Disorder. They tend to know more about the Internet as both a technical and social artifact. And they are pragmatists. They are like a Resistance group that hopes to influence the battle and to shape a fitful peace. The Resistance includes people such as Vint Cerf, who helped design the Internet in the first place; Jeff Moss, a hacker of immense powers who has been trying to get Order and Disorder to talk to each other; Joshua Corman, a cyber-security analyst who spends his off-hours keeping tabs on the activities of hackers operating under the name of Anonymous; and Dan Kaminsky, one of the world's top experts on the Internet's central feature, the Domain Name System.
The people described in the article as seeking "Organized Chaos" are realists not because they compromise the principles of one side with the other, but because they recognize how the system has to function, and worry when those who don't understand it seek to tinker with what they clearly do not grasp.
The article centers on the upcoming attempt by certain countries to shift significant internet oversight to the ITU, in part to help countries like Russia, China, Brazil, India and Iran who seek greater control over the internet. This is going to become a bigger and bigger issue as the year goes on, but it is definitely part of a larger debate over what happens to the internet going forward. The article also discusses the SOPA/PIPA fight, and how politicians around the world are learning not to just mess with the internet blindly.
All in all a good read, but one that definitely underplays some of the significance of what's really happening, and (unfortunately) pitches it as a battle where either side has an equal chance of succeeding. That's not true. The fight is really more between those who understand the internet, and those who don't. The "pragmatists" listed in the article are really just those patient enough to try to drag those who don't get the internet far enough into the future that they don't muck things up too badly.
by Tim Cushing
Fri, Mar 30th 2012 3:37am
from the all-your-digital-purchases-are-belong-to-us dept
Digital distribution can be a good thing, eliminating shipping, packaging, printing, storage, etc. and allowing instantaneous order fulfillment. Unfortunately, it has its downside, especially when digital products are tied to "walled gardens." The possibility always exists that the product you purchased, for all intents and purposes, never really belongs to you. We've seen it previously with Amazon's decision to suddenly remove purchased e-books from customers' e-readers.
Stuart Campbell at Wings over Sealand has another example of this unfortunate byproduct of digital distribution: the fact that you don't own what you've purchased. This means that at any time, for nearly any reason, the product you paid for can be rendered completely worthless.
"According to the iTunes Store Terms of Sale, all purchases made on the iTunes Store are ineligible for refund. This policy matches Apple's refund policies and provides protection for copyrighted materials."In Campbell's case, the product in question isn't actually a bad piece of software, unlike the many clones and scamware inhabiting app markets. By his own account, he purchased and enjoyed the game (Touch Racing Nitro). After he purchased it, the developer (Bravo) went through a series of price adjustments, trying to find a sweet spot, ranging from £1.19 - £4.99. When this failed to make the impact on sales, Bravo offered a few free trial periods before marking it all the way down to 69p, which moved it back into the top 10 for a short time.
It's at this point that things get ugly.
Last October the game went free again, and stayed that way for four months. Then the sting came along. About a week ago (at time of writing), the game received an "update", which came with just four words of description - "Now Touch Racing Free!" As the game was already free, users could have been forgiven for thinking this wasn't much of a change. But in fact, the app thousands of them had paid up to £5 for had effectively just been stolen.Campbell's paid-for software suddenly became indistinguishable from the free version, despite his having anted up for the game months ago. He fired off an email to Bravo, asking the developers to explain their reasoning for removing previously paid for content and asking these same paying customers to pay up again in order to return the game to its previous state.
Two of the game's three racing modes were now locked away behind IAP paywalls, and the entire game was disfigured with ruinous in-game advertising, which required yet another payment to remove.
He received a reply a day later from Ana Hidalgo, Bravo's "Social Media Manager":
"Hi!For all the supposed "entitlement" game fans have attributed to them constantly, nothing quite matches the entitlement "radiating from Sra. Hildalgo." For starters, if a developer feels that making an app free was a "mistake," it only compounds its errors when it starts taking it out on paying customers, especially when those customers number in the thousands.
Thanks for contacting us.
I'm really sorry about that. I knew that this could happen. The team had no option but to do that.
We're not trying to make money from people who have already bought the game like you did. It is not an excuse, but only 4% of the 2MM downloads have been paid ones. Unfortunately, Apple doesn't provide with any methods to know when an user has paid or not for an app. We just want to monetize the game from that 96% who are enjoying the game for free. Our goal is to monetize them via advertisement. We understand that this is annoying for the players that have paid for it.
Yes, maybe we could have released a LITE version, but if we release a new free version, we couldn't monetize near 2 MM free downloads we already have. And why we have 96% free downloads? A very bad old decision.. We've begun a new phase at Bravo Games and we definitely need some revenues from those downloads.
At the moment all our efforts are focused in new projects. When we finish those projects, we'll evaluate the possibility of adding new content to previous games like Touch Racing Nitro.
I regret to hear that you never buy another of our apps."
If 96% of those were free downloads, that means that a whopping 80,000 people who paid money for Touch Racing have just been screwed. If we assume an arbitrary but reasonable average price of £1.19 (the second-lowest App Store price tier at the time most of the sales were made, though the app has cost at least twice that much for most of its life), that's just short of £100,000 that Bravo have extracted from consumers for what is in effect a "Lite" demo version of the game.Campbell is, unfortunately, right. Digital distribution puts control of purchased products completely in the hands of the developers and the distribution service. There are some game developers who would love nothing more than to go to 100% straight digital distribution, not only for the previously mentioned savings, but to allow them to retain complete control of their products. A fully digital distribution disguises DRM as a facet of the service (constant online connection, some or most content inaccessible offline) and helps eliminate the used game market which seems to rank very slightly below straight-up piracy in their minds.
Imagine if the rest of the world worked this way. Imagine you went to Tesco and bought three boxes of Corn Flakes on a "three-for-two" offer, only for a Tesco employee to turn up at your house one day a month later and confiscate not only the "free" box but also the second one that you'd actually paid for. There'd be riots, or at the very least a long court backlog of assault cases and battered workers. Yet apparently, for videogames it's the dynamic economic model of the future.
Whatever pluses there are for the consumer are greatly negated by these factors. Any dispute between the distributor and the developers puts purchased products in the firing line. Should a developer suddenly pull out of the walled garden, customers may find themselves without support or updates for their purchased products, or worse yet, find themselves without functioning products.
Campbell has adjusted his tactics accordingly:
WoSland is a pretty wily consumer, and currently has eight apps sitting in its iPhone's "update" queue which are never going to get those updates, because the "update" in question is in fact a downgrade, removing functionality and/or adding ads. We've deleted many others altogether for the same reason.Of course, this is far from convenient. Once you run into this situation, you're left with the choice of allowing all updates (even those that downgrade your software) or tediously updating all of your apps one at a time after verifying that said update won't remove functionality. Hardly ideal.
As he points out, console owners aren't so lucky. Most updates are forced, giving you the "choice" of updating or not playing your purchased game. And it's not just games and apps. As referenced above, e-books readers have been victims of distributor meddling in the past. Users of "services" like Ultraviolet and the "drive your DVD to the retailer to rip it to the cloud" may find their copies bricked if these services are shut down or (more likely) get caught in the middle of a contractual dispute.
If it's all about "control" with gatekeepers and walled gardens, digital distribution is playing right into their hands, turning what should be an advantageous situation for everyone involved into little more than a mixed curse.
by Mike Masnick
Mon, Mar 26th 2012 1:25pm
from the great-quote dept
Then the debate raged in the two HN threads over the basic ethics of the decisions by both individuals -- Dustin for locking up his system and Nathan for copying Dustin's idea. It won't surprise many where I come down on this. History has shown that copying often leads to useful innovation and can help expand a market. I find arguments to the contrary somewhat frustrating, because they seem to argue that there's some sort of moral right in an idea -- something that just doesn't make that much sense to me. If others can do more with your idea, why should we stop them? Now, some argue that Nate didn't do more with the idea, but I disagree. He made it open and usable -- by definition doing more with it. Furthermore, in doing that, he made it much easier for others to build on it as well.
But, really, the reason I'm writing this post is a fascinating must-read comment by a guy named Frank Chimero, responding to a blog post by Daniel Howells about this whole back and forth. The comment is a really excellent and succinct explanation of how creativity works and the fact that once you've created something and released it to the world, you've lost control over it -- and pining over that lost control is a fool's errand:
I think once you publish something, you lose control of it. At worst, you inspire mockery and parody. At best, you become material for future work, because what you’ve made is successful, interesting, or relevant. Usually, it is both.So many excellent points in such a short comment. In fact, economic studies have actually shown, in fairly great detail, that it's exactly these kinds of "spillovers" that lead to economic growth (in fact, they were regularly called spillovers, until the economic language finally clarified a bit further). The fact that you can build on ideas is a natural resource that only expands. It's not limited by scarcity, like many natural resources. It's the nature of an idea to be infinitely copyable at no cost that acts as a resource multiplier that leads to economic growth. That's what's so powerful about it.
All work produces spill-over repercussions that usually go against the will of the work’s creator. The creator wishes to retain authorship and control the work, while those in the culture wish to use, transform, and remix it. If the work is truly successful, it will defy authorship and turn into a shared experience for everyone. Those works are the hardest to control, because they diffuse, and spread wide by permeating into the air. The become a shorthand for those who make or enjoy similar work, becoming a shared vocabulary.
The situation requires things from both those who create the work, and those who wish to use it.
For the initial creator, they must resign most control upon publication, especially on the internet. Their work will be used to say and do things they don’t intend. Ideas, in truth, go further when others carry them, and this usually means they will go in directions the original author did not intend or imagine. For instance, I’ve had a quote of mine (“People ignore design that ignores people.”) taken out of context and used to justify two completely contradictory design methods. So it goes.
For those that use the things made by others, they should credit where possible, and have their work be transformative in some way. They can carry the ideas of others, but they must to take it further or a new direction. Then, they are obliged share alike. To not do both is to go against the goodwill initiated by the work’s creator.
And for both, we should recognize that all creative processes use materials from those who came before us, and respect the meaningful influence of others. We’re part of a long line of people who make things. It is a privilege to get to use the work of others in our own.
It's natural that the originator may get upset about how some of this works out, but contrary to the claims of some, if someone does something with your work, it doesn't do anything to the original. It just expands the overall market. You lose control, but that's not bad. The things that you did are based on the fact that others lost control of things as well.
Oh, and for a bit of irony, I only found this quote because Dustin Curtis highlighted it on his own (Svbtle) blog. Yes, the guy who had his work copied chose to highlight this particular comment... and add "great artists steal" to the end. Seems that he recognizes how all this works and perhaps isn't too upset about how things went down.
by Leigh Beadon
Mon, Mar 26th 2012 8:21am
from the copyright-cartels dept
According to rumors reported by Business Insider, music streaming service Spotify is currently working on raising another round of funding at a valuation of about $3.5 billion—a figure that is making some major investment firms skeptical, despite the service's considerable success at growing its customer base. Over at TechCrunch, Josh Constine points out the most likely reason investors are reluctant: they know that the recording industry uses its copyright monopoly to exact a "tax on success" from innovative music startups.
Unfortunately, this is why investing in Spotify may not be wise and why firms like Andreessen-Horowitz may have passed. It’s a great service with a big lead on other music streamers. But as it scales and gains traction, the record labels will increase their tax. There’s no way Spotify will pay the same fees if it hits 15 million subscribers as it does now. That will make it harder for Spotify to return the multiple most investors want any time soon.
In most industries, if a partner charges you too high a licensing fee you can go to one of their competitors. That’s not how it works in music. You can’t get a cheaper equivalent to Michael Jackson or Lady Gaga like you could for enterprise software. If you want “Thriller” you have to pay whatever the labels ask. And even if it does, Spotify isn’t getting exclusive access to that content.
Though the specifics of the deals between record labels and music streaming services are secret, many details have been leaked over time, and it's long been known that they are onerous and one-sided. Last year, Michael Robertson of MP3tunes explained how the general structure of the deals make growth and innovation extremely difficult, while collusion among the labels eliminates any last shred of competition and ensures that a service like Spotify can never negotiate better terms. Investors know that music startups essentially live or die at the behest of the legacy industry, and investors are smart—they aren't about to bet millions on record labels making good decisions.
Economically speaking, none of this is surprising, because copyright is a monopoly and this is what monopolies do. They distort the free market and allow the monopolists to control the competition. Adding insult to injury, recording industry defenders like to tout streaming services as examples of how the industry embraces innovation, and RIAA CEO Cary Sherman recently said he was surprised that Spotify wasn't generating more revenue for the labels. To anyone who understands how difficult the labels have made life for these startups, claims like these don't pass the laugh test—and Spotify's difficulty securing funding is just more evidence of this fact. Its numbers would make it a hot investment property if it operated in any space other than music, but because it is shackled to a dying industry with a long history of technophobia, investors take their money elsewhere. Who can blame them?
by Mike Masnick
Thu, Mar 22nd 2012 10:13am
from the oh-really-now? dept
“Easy access to information online is a huge safety issue,” said Von Palmer, the real estate board’s chief privacy officer. “There is a real possibility of break-ins and assaults; you only have to read the headlines to imagine what might happen. You hear stories about realtors getting attacked and killed. Can you imagine if we put that information out there about consumers? You can only imagine the headlines.”Also, they could just look south of the border. The information that the Canadians are now discussing putting online is, for the most part, already available online here in the US. And while I'm sure if they tried hard enough, somewhere, somehow, someone might be able to connect a real estate listing to crime, it's certainly not a common occurrence.
A spokesman for the Toronto Police Service said he wasn’t aware violence against real estate agents was a problem in the city.
It's pretty clear that the real issue is just one of control. The real estate agents benefit from being the gatekeepers to that information, and they fear what happens when people can start to route around them. A few months back, I did a talk at a real estate conference, where I compared the music industry to the real estate industry, and it was amazing just how many similarities there were between the two. They were two big legacy industries trying to hold back the tide of what the internet allows, and they were able to come up with all sorts of ridiculous scenarios to explain how horrible the world would be if the information they used to control was allowed to go free online. But it's tough to stop the free flow of information, and real estate agents will learn soon enough that a strategy of spreading FUD isn't a way to future-proof your business. Learning to adapt, and to take advantage of the spread of information by becoming an enabler rather than a gatekeeper, really is the key.
by Mike Masnick
Wed, Mar 21st 2012 8:16pm
from the is-this-about-piracy-or-fighting-competition dept
Public Knowledge has been fighting the FCC on this for a while and has an action page to let you send a note to the FCC about your concerns with this policy change. From all the indications and scuttlebutt around DC, it seems clear that the FCC has been leaning towards approving this waiver, though realizing that it would kill off an innovative product like Boxee has taken the commissioners by surprise.
Of course, this just highlights the dangers of having politicians make declarations that impact technologies -- especially when they appear to be wholly unfamiliar with the state of the art or the general trend lines of where the technology is heading. They make "simple" decisions without realizing the massive impact such decisions can have.
Boxee has ramped up its offensive against this effort by the cable companies, recently sending out an email urging supporters to voice their concerns with the FCC via the PK action page linked above:
Cable companies want to increase the cable bills of millions of Americans and to virtually eliminate competition from third party devices like Boxee. We want you to know because it will affect millions of people, non-Boxee and Boxee users alike, and we need your help to fight it.It should come as no surprise, of course, that cable companies are seeking to limit consumer choice and better control the market, and even less surprise that they're doing so by making "piracy" claims (next it'll be "for the children!") but that's no reason that the FCC has to simply roll over and break innovative devices and services like Boxee's.
For the past several months, Boxee has been forced into a legislative battle with cable companies. Right now, anyone can get basic tier cable. Attach your TV, computer, or Boxee Live TV tuner and everything just works. Cable companies want the federal government to end that, and to require every user to have ALL of their TVs attached to cable boxes. We’re concerned many users who have Live TV tuners and rely on basic cable will be hurt by this, but we’re also focused on how the issue goes far beyond Boxee.
Here are the effects of the rule:
1. It could more than DOUBLE the cost for the typical new basic cable subscriber.
2. If you have a TV that’s hooked up to cable without a box, you MUST rent a set top box for that TV.
3. If your computer’s TV tuner is connected to your cable connection without a box, it will no longer work unless it uses a CableCARD.
4. If you bought a DVR that does not include a CableCARD it will no longer work without an antenna. If you don’t get signal with the antenna, your DVR is now worthless.
by Mike Masnick
Tue, Mar 6th 2012 1:24pm
American Airlines Making Life Worse For Most Loyal Customers By Killing Useful Mile-Tracking Browser Plugin
from the lame dept
And American Airlines didn't like it.
It couldn't use the "security" argument this time, because everything was local. But, actually, it tried to use that same argument anyway, responding to a question from BoardingArea, saying that it shut down Award Wallet to maintain the company's...
...…long-held stance on how third-party websites access proprietary AAdvantage member details… Because travelers’ AAdvantage account numbers and passwords can be used to claim AAdvantage mileage awards out of their accounts and access personal details, American will always protect this information.But that falsely assumes that the browser plugin is a "website." It's possible that American is just confused... but the more likely situation is that American Airlines is still just worried about controlling the customer, rather than making sure they have the best experience for them. What services like Award Wallet do is make American's frequent flyer program more valuable to consumers, but apparently American doesn't want that if it means having less control.
We simply cannot permit websites that have not satisfied our security requirements the access needed to track AAdvantage balances or any other function that is otherwise secured behind AA.com login credentials.