There's been quite a flame-war going on over at TechCrunch, where Mike Arrington has claimed that the way Apple deals with invalid URLs for users' public iDisk pages makes it "a dead simple way for spammers to easily spider" Apple's iDisk site to compile a list of all MobileMe usernames (and, therefore, email addresses) for spamming purposes. TechCrunch readers are split about whether this is a serious problem or a non-issue. I think Arrington is right that this wasn't the best design decision, but the hyperbole seems unwarranted. In the first place, this doesn't give anyone a way to spider the iDisk site. All it enables is a brute-force dictionary attack, which is going to be a lot slower and will only catch those whose addresses contain dictionary words. Moreover, as various people have pointed out, similar criticisms could be levied at other companies that also provide ways the bad guys could determine the validity of email address—although Google's email validity checker does present the user with a CAPTCHA after about 10 tries.

I think it's important not to lose sight of the big picture here. No, we don't want to make it too easy for spammers to scrape our email addresses from the web. But at the same time, as the use of email becomes more and more pervasive, there are more and more ways for our addresses to "leak" into underground spammer communities. And once your email address has leaked out, a version of the darknet thesis takes over, and at that point you can just assume all the spammers are going to get your address sooner or later. So it's hard to get too worked up about the problem TechCrunch is identifying here. I've long since stopped trying to shield my primary email address from spammers, and relied on my client-side spam filter to weed out the spam for me. Apple should probably make some changes to the iDisk site, but this is not a serious privacy flaw, and it pales in comparison to the other problems MobileMe has been having recently.

Timothy Lee is an expert at the Techdirt Insight Community. To get insight and analysis from Timothy Lee and other experts on challenges your company faces, click here.

Permalink | Comments | Email This Story

It's been quite a difficult time lately for various online music efforts. Pandora on the verge of shutting down, Muxtape already shut down and now EA is apparently scaling back its online Sims On Stage karaoke offerings over a vague, but unexplained, song licensing issue. How dare people sing along online? You get the feeling that the recording industry would go after people singing in the shower if they could.

Permalink | Comments | Email This Story

I had a somewhat surreal experience a month ago. Out of the blue I received an email from someone from Rolling Stone magazine, saying that they wanted to know if I wanted to write a letter to the editor about an article in the upcoming issue -- and if I was interested they would ship me a copy of the magazine overnight. There were a bunch of things about this that didn't make any sense. First, they solicit letters to the editor?!? I had no idea. Second, they would overnight me a copy of the physical magazine? Just send me a digital copy. Finally, if I have something to say, I'm much more likely to just say it here than compose a "letter to the editor." The whole thing was so confusing that I emailed back to make sure that they were serious, and to ask if they always solicit letters to the editor. I didn't hear back for a bit, but a week later, a woman emailed back and said that they sometimes solicit letters from people to go along with the general letters they just get (she also pointed me to a URL since the article had been published in the interim, and there was no longer any need to overnight the magazine).

However, since then I've been thinking about what an out-of-date concept the whole "letter to the editor" is, so it comes as little surprise that Vice magazine skipped the Letters to the Editor this month, instead posting a whining rant online about how they don't get real letters any more:

You know what? No letters page this month. You know why? Because we aren't receiving enough real letters. We mainly get emails now, and people don't think when they write emails. They just pump them out, which makes them hard to reply to. We sat here and looked at like 50 emails we've gotten in the last couple days and it was really depressing. It's like trying to come back to a burp or a fart. What can you say? "Nice fart"? "Subpar belch, but try again"?

And we used to get great letters. They would arrive in decorated envelopes along with goofy little tokens, tchotchkes, gizmos, and gifts inside -- even cheap stuff like newspaper clippings or a photo or a drawing was nice. Now we just get retarded fucking emails...

I guess if that were the situation, I could see going out and soliciting better Letters to the Editor as well, but the fact is the whole Letters to the Editor concept seems pretty antiquated at this point. It was based on the premise that the magazine publishers and editors were the gatekeepers of the content, and if you didn't like it, you could potentially get your say in -- but only if they chose your comment out of a pile of others, and then it would likely be edited down anyway. It wasn't a conversation. It wasn't participation. It was letting the riff raff have their carefully moderated say as filler.

Of course, this sort of thinking can still be found in certain media industry folks who still pine for those "good old days" when people didn't really talk back. Witness a recent column in Toronto's Globe and Mail where the author trots out the tired complaints about bloggers that went out of style in 2004. It's the usual stuff about how most blogging is crappy, and how dare the riff raff think that they have a voice:

And now there is blogging, and comments. Readers may take 30 seconds to post a comment on a story or blog item that a writer dashed off in a minute. On The Globe website, our slogan is "Join the Conversation," but in the blogosphere, what follows isn't usually a conversation but a brief, ungrammatical shouting match. You can have more pensive chats in a bar fight.

And journalism wasn't meant to be a conversation, anyway. It was maybe a monologue, at its most democratic a carefully constructed dialogue. If readers didn't like or agree with the monologues in paper A, they bought paper B. What was most important about their opinions was that they thought enough to spend the coin.

There's also some nonsense about how people only have a finite number of things to say, and therefore you should save it for important publications like a magazine or a newspaper. In other words, please shut up and let us go back to telling you what's important. And then these old school media types wonder why we don't want to participate under their rules?

Permalink | Comments | Email This Story

In noting that the Entertainment Software Association (the ESA) had hired the RIAA's VP in charge of its litigation strategy, we wondered if the ESA was going to ramp up lawsuits against customers. After all, over in the UK, there's been news about law firms suing hundreds for file sharing games. But, in the comments, someone pointed to an interview with the boss of EA Sports, Peter Moore, saying that he doesn't think it's a good idea to follow the RIAA's litigious path:

"I'm not a huge fan of trying to punish your consumer... I think there are better solutions than chasing people for money. I'm not sure what they are, other than to build game experiences that make it more difficult for there to be any value in pirating games."

Of course, he also does make some other comments that suggest he very much views it as an "us vs. them" sort of thing, rather than looking for potential win-win solutions:

"We absolutely should crack down on piracy. People put a lot of blood, sweat and tears into their content and deserve to get paid for it. It's absolutely wrong, it is stealing."

That's a bit of a mixed message, but at least it sounds as though EA is not anxious to sue its customers -- and, of course, EA is a major member of ESA, so hopefully it can help keep ESA away from going down this path as well. The next step would be starting to figure out ways to set up better business models that use so-called "piracy" to the company's advantage. Those will come eventually. In the meantime, though, how sad is it when it's newsworthy that an entertainment industry exec says he doesn't think suing customers is a good idea?

Permalink | Comments | Email This Story

It still amazes us that people still fall for so-called Nigerian advance-fee 419 scam emails. I'd actually noticed that I'd stopped getting such emails offering me millions for helping smuggle gold out of the country, but in the last week there's been a new bunch of them -- and apparently people still fall for them. According to a Nigerian diplomat in Australia, he's just as amazed, and thus thinks the victims are equally to blame and deserve jailtime. He claims that the government "frowns" on these scams, and spends plenty of time trying to track down the scammers -- but we've been reporting on Nigerian gov't claims for years and years and they never seem to get very far in stopping the scammers. But, still, he claims that the victims are equally at fault.

While it's true that most of these scams prey on people's greed (they're basically roping people into "stealing" money), it's a bit extreme to claim they should be thrown in jail for being conned. If you read a book like Drake's Fortune, which describes a similar scam nearly a century ago that was incredibly effective, you realize how easily people are fooled into these things. And we've even seen cases where victims still believe the scammers after they've lost everything and the whole scam has been explained to them. That's how thoroughly convincing these scams can be.

Permalink | Comments | Email This Story

We wrote about the woman who was fined $30,000 for file sharing a pinball video game earlier this week, noting that the press seemed to be taking the word of the law firm that sued her, Davenport Lyons, as if it were fact. That seemed problematic -- and we should have realized that it was even more problematic than initially noted. TorrentFreak has turned up the fact that this was a default judgment against the woman, meaning that she didn't even show up in court to defend herself. Effectively, the court more or less had to decide this way. Davenport Lyons, of course, implied that she had fought the case and lost -- and thus, everyone else would be better off just paying based on the pre-settlement letters that the firm seems to send out in bulk. But that's not necessarily true. There's no indication how a court would rule if an actual defense were put forth.

Permalink | Comments | Email This Story

We already covered the judge's ruling about how copyright holders need to consider fair use before sending a DMCA takedown notice, but there's another part of Universal's position in this case that has been widely ignored (even by the judge in the case), but which Ethan Ackerman wisely calls attention to: Universal claims that the takedown letter doesn't violate the DMCA because it wasn't actually a DMCA takedown. Instead, they said it was just a friendly "request."

This may seem like a silly assertion or, at best, a minor side point, but it could become quite important. The DMCA has some very specific conditions that those sending takedowns need to meet -- but there's nothing really stopping anyone from sending a request that isn't specifically a DMCA takedown notice. For copyright holders, this would remove some of the power of the takedown notice, as it wouldn't require the service provider to react, like a DMCA notice does. However, if rulings like this one stand, adding some amount of liability to copyright holders sending DMCA takedown notices, some may actually find it safer to send non-DMCA takedowns on the assumption (probably correct) that most service providers will treat them exactly the same as a DMCA takedown. In other words, would copyright holders "opt-out" of the DMCA terms in order to avoid that liability? It will be worth watching.

Of course, in this case, the court just assumed that even if it didn't hit all the criteria, it was for all intents and purposes a DMCA takedown letter. But that won't always be the situation in future cases -- especially if copyright holders become even more explicit that the letters aren't DMCA takedowns, but some other type of takedown request. And, of course, this could expand as well -- where a total non-copyright holder could send such "requests" for takedowns, and they conceivably might not be violating the DMCA's provision against false takedowns, because they won't even fall under the DMCA. One way or the other, you can bet lawyers are going to be busy.

Permalink | Comments | Email This Story

So, in case you haven't been paying attention, the text of the 4th Amendment of the US Constitution reads:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Pretty straightforward and reasonable, right? Except we've seen an awful lot of erosion of that recently, what with Congress's decision to allow warrantless wiretaps and the Department of Homeland Security insisting that probable cause isn't needed to search your laptops at the border. Well, if it's not needed at the border, why is it needed at all?

At least that seems to be the theory being pushed by the Attorney General, who is asking Congress to approve a plan that would let the FBI begin an investigation and surveillance on someone without probable cause -- actually "without any reasonable basis" at all. That would seem to be in direct violation of the 4th Amendment, but apparently, ignoring the 4th Amendment is all the rage in Washington DC these days.

Permalink | Comments | Email This Story

It's no secret that both the MPAA and the RIAA have created so-called "educational campaigns" for students about copyright. These educational programs are incredibly one-side, of course, and it's amazing that many schools actually allow this sort of corporate propaganda to masquerade as educational material. Even more problematic is when an entirely separate organization, supposedly offering a non-biased educational campaign, starts parroting the propaganda. The nonprofit National Center for State Courts, whose charter apparently is as an "organization dedicated to improving the administration of justice by providing leadership and service to court systems in the United States," has done just that. As part of that, it created a set of "graphic novels" (more like a pamphlets) designed to teach students how the court system works. Except the first such graphic novel actually teaches a bunch of RIAA propaganda about file sharing that is mostly flat-out false.

Among the things that aren't true is a claim that file sharing is a city level crime that will get you arrested by the local cops, and that you can face a 2 year jail sentence and a criminal record for downloading songs. You would think that a pamphlet designed to teach kids how the courts would work would actually get the legal issues correct. But, instead, it's just a bunch of propaganda that is completely incorrect about the law.

Permalink | Comments | Email This Story

Consider me to be in a state of shock. For nearly half a decade Diebold has always responded in the identical way to every single report of a problem or security vulnerability with its e-voting machines: attacking those who pointed out the problem and claiming it really wasn't a problem at all. This has happened time and time again that I'm not even sure how to react when the company (renamed Premier to get away from the Diebold name stigma) has finally admitted that its machines have a flaw that drops votes. Oops. It's warning 34 states that use the machines of the problem which was highlighted in the lawsuit Ohio filed against Premiere/Diebold. Not only that, but it's admitting the flaw in the software has been in the software for the past decade.

So, uh, why was the company blaming anti-virus software just a couple months ago?

It should also make us question Premier/Diebold's longstanding claim that independent outsiders should not be allowed to inspect its machines for problems. Of course, Diebold execs are already downplaying all of this, claiming that they were "confident" that this hadn't actually impacted any elections, though they offer no proof of that. The company's president admits he's "distressed" that they were wrong in their previous analysis, but he fails to explain why the company is so against letting outsides inspect the machines to avoid such flaws. In the meantime, the company insists that the problem will be patched in time for the November election, and I'm sure we're all confident that there won't be any other problems with their machines, right?

Permalink | Comments | Email This Story