Blogger Threatened For Publishing JS Hack

An anonymous reader writes "Internet radio station Atlanta Blue Skye LLC has warned a Romania-based technology enthusiast that his blog has been 'copied' and turned over to its lawyers. The issue stems from his posting of a widely known workaround for bypassing JavaScript functions that try to disable a mouse's right-click context menu functionality, and the radio stream information gathered from the Properties function of Windows Media Player."

Lets just hope that

the Atlanta Blue Skye LLC company are irreparably harmed financially when they are hit with the clue stick. There is NO way to suppress information on the Internet globally, and those who try to are more ignorant of the facts than should be believable.

I'd like to think that's true

But the DMCA has other ideas:

http://www.eff.org/IP/Video/MPAA_DVD_cases/ [eff.org]

Attention Americans:

Your laws do not apply outside your borders.

Re:Attention Americans:

Dems fightin' words !

Re:Attention Americans:

in this case, though, publishing a javascript hack isn't a crime even in the US. if i'm legally provided with data, i'm free to render the data to myself however i want, and others are free to publish tips on how to render data.

Re:Attention Americans:

depending on the DMCA and how it gets applied, or more appropriately how the lawyers attempt to apply it. IANAL, but it could be argued that the JS protections built into the site to keep this information obfuscated falls under DCMA protections against hacking around protections.

As an aside, I am against the DCMA and think lawsuits like this are complete BS. Unfortunately, I am not in charge and so I have to deal with the laws as is until an appropriate opportunity to really affect change presents itself (those who would yell "Vote!" at me (either with my pocket book or in an election) simplify the issue and don't realize that it goes deeper than that.)

Re:Attention Americans:

Your laws do not apply outside your borders.

Actually, they sadly apply within Australian borders [slashdot.org], too.

You'll change your mind

Your laws do not apply outside your borders.

You'll change your mind when our fully operational Death Star is orbiting over your crapass country. Lord Cheney will deal with you personally with his Light Shotgun.

It's as if thousands of people cried out all at once...but since they don't speak English we didn't understand a word they said. They're fereners anyway. It's the price of Democracy.

Re:Lets just hope that

Suppose the Atlanta blue Skye LLC knew they were launching a claim that ignored basic realities, including basic realities of the internet, that is distribution of information and how-to; If this can be shown to be the case, then the Atlanta Blue Skye LLC should be open to frivoulous lawsuit charges. Here are the merits of such a case: 1) There are 1,420 web pages that include the term "Bypass Javascript" (from google.com) 2) As the other posts have mentioned, even major browsers have ways of disabling script. This clearly represents the realm of basic technical understanding. To not know this, and then suppose that doing so would be illegal, is to ignore what has long been established by the major shapers and designers of the modern internet. This is what counts for frivolousness.

Re:Lets just hope that

Still, though, just as a crackable WEP WiFi point is no longer a "open invitation", circumventing an access-control device that is easily circumvented does not mean that it was open.

I think a better argument would be that there was no "hacking" of a poorly-made access-control mechanism, because the mechanism was flat-out not an access control device in the first place.

Interpretation and execution of the JavaScript language that the right-click blocking used is an optional browser feature, so the blocking itself is inherently optional. Furthermore, the feature of JS that they were trying to exploit (the modality of the alert() box) is not specified as an access control feature, nor is it specified (and it's certainly not guaranteed) to function in a manner that would control access.

Shift key DMCA strikes again?

Isn't this kinda equivilent to the guy who received a DMCA notice for holding down the shift key while inserting a CD in order to not load the DRM installed on it?

Oh noes

Maybe they should turn this [mozilla.org] over to their intrepid band of lawyers.

Re:Oh noes

Or the entire Opera browser, which has a preference (enabled by default) that disallows scripts from handling right-click events.

Re:Oh noes

So does firefox... Tools, Options, Content, Javascript - Advanced

Re:Oh noes

True. However, it's easy to find out if a user has completely disabled JavaScript -- browsers like Firefox let you selectively disable various "features" of JS, so you can keep doing scripts from annoying things (resizing windows, eliminating the address / tool bars, right-click context menus, etc.) without disabling script behavior. This makes sure that your browser looks like one that's using JS, so it won't fail any "JavaScript is required to view this page!" asshattery, but you'll still be able to retain control of your browser.

They broke the law

They copied his blog? That's copyright infringement - and that's against the law. It's no different to walking into a store and stealing a CD.

BY-NC-SA

Mr Radu-Cristian Fotescu appears to have licensed his work under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 [creativecommons.org] license which would allow the radio station to copy his work.

However, it does not allow for commercial exploitation of his work so we enter a grey-area. Is the use of his work to prosecute a lawsuit for monetary damages a commercial exploitation of his work?

Re:BY-NC-SA

3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below:

      1. to reproduce the Work, to incorporate the Work into one or more Collective Works, and to reproduce the Work as incorporated in the Collective Works;
      2. to create and reproduce Derivative Works;
      3. to distribute copies or phonorecords of, display publicly, perform publicly, and perform publicly by means of a digital audio transmission the Work including as incorporated in Collective Works;
      4. to distribute copies or phonorecords of, display publicly, perform publicly, and perform publicly by means of a digital audio transmission Derivative Works;

You may not exercise any of the rights granted to You in Section 3 above in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation.

"Enthusiast"

"Romania-based technology enthusiast"

Is that what we're calling them now? ;)

Re:They broke the law

They copied his blog? That's copyright infringement

yes, WE laugh about that joke, because its such a ridiculous idea
but if he did the same thing vice versa, he'd be facing another lawsuit...

It wasn't Javascript the issue...

The fact that he worked out a 'Javascript hack' wasn't the issue. The issue was that people actually wanted to listen to their radio stations ;)

I don't want to license my stuff from anyone.

My electricity, my computer, my browser, my choice. If I don't want my browser to disable the context menu then that's my decision. And some company disabling the browser's context menu without Law to back them up really pisses me off. In the IP gold rush the US initiated, people are trying to own every little facet of information that we used to just take for granted being free. Locking everything up may or may-not benefit the economy but it sure-as-hell prunes cultural-enjoyment (ie. a more limited musical taste due to finite resources to acquire content) and development (ie. remixes and interpretations) in the long-term.

Fuck them.

I don't know if there's anything more annoying then some shitty website that tries to block secondary mouse button clicks (maybe those shitty websites that use the word-highlighting advertising that pops up some fucking shit when your roll over the words). For all the cool stuff that JavaScript can enable, sometimes I think it might be worth it to get rid of it if we could wipe stupid fucking shit like this off the face of the planet.

The web is about the user

The user is in control of web content or any code a website decides to run on the client, clueless bullshit like this isn't even funny.

In other news, the recent js dependent google.com facelift is less useful to me because I have javascript disabled. It seems that most sites expect users have javascript enabled these days, sad that google deliberately broke their site. If I don't know if I can even be bothered hacking a functional interface when there are other search engines that work perfectly.

The user is in control of their machine, not the web site!

Oh yea?

I have a method for bypassing advertisements on all forms of television currently in existence:

When the commercials start: go to the bathroom, get a snack/drink, perform small errands, talk to other people in the room.

Be careful, not scrupulously watching every single advertisement makes you a criminal pirate thief.

Re:Oh yea?

talk to other people in the room.

Be careful, some people get upset and tell you to be quiet, they're watching the ads.

Female people.

Stealing!!!!

When the commercials start: go to the bathroom, get a snack/drink, perform small errands, talk to other people in the room.

You're violating your contract [2600.com], don'cha know?

"Hacker Calisthenics"

Possibly the best thing to come out this will be the complainant's phrase "hacker calisthenics". Let's all use it!

Hey, let's all do the time warp...again!

What year is this, 1998? Trying to block right clicking as a means of 'protection'? That puts you on par with Geocities members pre-2000, and about one minor step above using js to spoof the status bar or hide the address bar. I suppose next they'll be petitioning the ISPs for surveillance to see who's been viewing their page source, claiming it as violation of 'trade secrets'.

Re:Hey, let's all do the time warp...again!

I suppose next they'll be petitioning the ISPs for surveillance to see who's been viewing their page source, claiming it as violation of 'trade secrets'.

FBI -> ISP: We need information on any individual who has had access to the html or js source of these websites
ISP -> FBI: Well, ahem, everybody who views the site has access to the html or js source
FBI -> ISP: Everyone?
ISP -> FBI: Well yeah, you see when the user visits a site the browser requests the page, and the server hosting the page will send the html source, then the browser will render the source to look nice for the viewer... you can hide some of the logic with php, jsp or asp and other server side...
FBI -> ISP: But if they can see the source then could they make copies...?
ISP -> FBI: Well yes but...
FBI -> ISP: They would know all the secret techniques used to make the site?
ISP -> FBI: Well yes, but as I was going to say...
FBI -> ISP: Well that makes it easier thanks. Bye

1 week later:

'The BBC has learned that a large number of extradition requests from the US government relating to British subjects and other non US-nationals breaching Trade Secret, Copyright and Terrorism laws, this is after it was alleged that people are illegally viewing web pages.

This comes after the US issued Arrest Warrants for 3.7 billion individuals globally on Monday. A Spokesman for the DHS is quoted as saying:

  "Well if everyone can see how stuff works, they could copy it, and if they copy it they could use it, and if they could use it they could mislead people. Misleading people is not nice and causes angst, angst is like fear, and fear is a bit like terror. Terror is caused by terrorists, therefore viewing web pages is terrorism. Also children may be harmed in some way."'

Sympathetic Defendant?

It's really too bad the blogger is taking this so personally, continuing to blog about it, and cannot spell. None of these make him a sympathetic defendant... and if it eventually gets to court that's going to matter a good deal. Like it or not, hackers have a bad public reputation, and if this punk gets in front of a jury and spouts off the way he has been on his blog, his case is sunk regardless of whether the written law is on his side. Each time he goes on a rant he gets closer to defamation and now it's a whole new ball game.

Word of advice to those who blog about corporate enterprises... if you get a notice from a company threatening suit for whatever you said, take it seriously and get some legal advice before you try the whole David and Goliath thing. Your conduct after the event in question is just as much at issue as whatever initially upset them. I'm not saying roll over and comply, but figure out how to best manage the situation to protect yourself and convince the corporate bully you're not some 22 year old idiot who is going to make the case ten times easier for them because you can't keep your mouth shut.

Re:Sympathetic Defendant?

Word of advice to those who blog about corporate enterprises... if you get a notice from a company threatening suit for whatever you said, take it seriously and get some legal advice...

Yeah... like checking if the legal notice actually applies to your jurisdiction. EU laws don't apply to the US and US laws don't apply the the EU.

Re:Sympathetic Defendant?

Rude assholes deserve protection of the law as much as anyone else.

Re:Sympathetic Defendant?

Repeat after me: Romania is not part of the USA. Defamation, jury and other shit like that doesn't apply.

Umm...

View -> Page Source? I mean, that's the main thing they usually wanna block by blocking the context menu anyways. Or how about CTRL+U? Let's see you block that!

Or how about Tools -> Options -> Content -> JavaScript -> Advanced -> Disable or replace context menus? That's even a more direct way to stop it!

Of course this is Firefox. I'm sure none of the other major browsers such as IE7 (Page -> View Source / View -> Source) or Opera 9 (View -> Source / CTRL+F3) have easy ways around this, thus the cause for concern over the "hack".

Let's also not forget that any JavaScript is essentially open source, since it can't be compiled (obfuscated, maybe, but even then you can usually figure it out) and new JavaScript functionality can be added and existing functionality changed (or "hacked" as it is so ineloquently put) and tweaked to suit a user's needs through tools such as Greasemonkey.

Re:Umm...

Actually, it doesn't.

"Open source" means you have the right to redistrubute the original work, or make derivitive works from the the original and redistribute those. "Free software" is open source software with the additional restriction that you must distribute the source code of any derivitive work made from similarly licensed work.

However, merely possessing, the source code, does not make it open source. It never has, and it never will.

I can make (and actually have made) proprietary Perl scripts. I simply tag them "Copyright 2007 ALL RIGHTS RESERVED." In order to run this code, you must have the source code. (Yeah I could obfuscate it, but let's say I didn't.) While you may have the source code, you are not allowed to redistrbute it, you are not allowed to make derivative works from it (i.e. hack it), and you can not copy portions of it into your own work (another kind of derivative work). Practically speaking, you could, but legally you are not allowed to. And if I found out that you did, I could bring a whole world of legal hurt down upon you.

Since the beginning of UNIX, source code was the prefered distribution method of all software, open and closed. The reason was that each environment was so different, it was simply impossible to distribute binaries for every permutation, so you just sent the source code and compiled it. Open source was just removing the artifical barriers to what many were already doing.

Anyway copyright is on the software itself, not the specific form it takes, source or binary. It's just a like a book. The story is what is copyrighted, not the fact that it's the story packaged in 6" x 7" pages filled with 10 point Times.

Romania?

Is that like one of those less known states in the USA?

Re:Romania?

Is that like one of those less known states in the USA?

Kinda like Idaho, but with lettuce instead of potatoes.

Idiots.

Soooo, lemme get this straight - some stupid radio station in Georgia is freaked out about some kid in Romania piddling with their javascript... And, I am sure the state of Georgia has all kinds of reciprocity agreements for local civil suits with the nation of Romania. Me thinks the icon for this article shouldn't be the black barred censorship guy, but the Monty Python Foot, as this suit is, at best, comical and pathetic. IDIOTS!

[wainwright}
I'm so tired of America...
[/wainwright]

RS

No shit, this is frivolous

All they have to do is use a URL that changes continuously. This is trivial with the RealServer.
But serving anything except warm air with MS products shows a serious lack of clue. Which is why they sue.

Not reflecting the views of any corporation, solely my personal viewpoint.

non-news

this article is stupid. the kid rec'd an unsigned email. the email never uses the word lawsuit. it never uses the term reverse-engineering. nothing to see here folks, beyond the fevered imagination of some romanian kid who invents all manner of supposed motivation, places it in the minds of people he doesn't know for sure exist, and then explodes his own ego in a frenzy of scornful self-important superiority. bzzt. dipshit alert.

That's a hack?!?

bypassing JavaScript functions that try to disable a mouse's right-click context menu functionality

You mean opening Firefox's options, going to Content tab, clicking on Advanced for Javascript, an un-checking the third option (Allow scripts to: Disable or replace context menus)? There's something analogous in Konqueror, and probably lots of other browsers. I don't think IE has the specific feature but it's still damn easy to turn off scripting overall. The only reason people wouldn't do this is if they didn't know that it was a script trapping the right-click, and if people went through and checked all their settings whenever they got a new browser (or many other programs) they would have found the option anyway. Calling that a "hack" is almost worse than calling some script kiddie who breaks into an improperly secured machine a "hacker". I know the general public can't get the terminology right to save their life, but can we at least expect better from Slashdot? PLEASE?!?

Hell, this isn't even an extension like NoScript, let alone going into about:config or any such. Stuff of this nature is built right into the browser options, and anybody who knows about it can, will, and should use it. Suggesting that such knowledge makes makes one a hacker (presumably defined as somebody who hacks) is about as reasonable as trying to suppress the knowledge itself.

Might not even be a legitimate email

The original email message is posted here [beranger.org]. The message headers are as follows:

X-Originating-IP: [209.86.89.64]
Return-Path:
Received: from 209.86.89.64 (EHLO elasmtp-curtail.atl.sa.earthlink.net)
  (209.86.89.64)
by mta103.mail.re3.yahoo.com with SMTP; Mon, 14 May 2007 05:09:00 -0700
Received: from [65.37.133.42] (helo=NewLaptop.eathlink.net)
by elasmtp-curtail.atl.sa.earthlink.net with asmtp (TLSv1:AES256-SHA:256)
(Exim 4.34) id 1HnZMJ-0001Gv-Hd for xxxxxxxxxxx@yahoo.ca;
Mon, 14 May 2007 08:08:59 -0400
Message-Id:
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Mon, 14 May 2007 08:08:58 -0400
From: "Jazz Colors"

The Text of the message:

Your Blog, which we have copied, has been turned over to our lawyers.
You should plan on a response from them shortly and a visit to
Atlanta to be present in court. I am not allowed to make any further
statement regarding this matter at this time.

This doesn't look like a legitimate email to me in the least - from the earthlink origination to the cheesy wording of the message. Sounds like Slashdot has either been blog-spammed, or this guy is another chicken little [slashdot.org].

What the... heck?

You'd think a station would be all for something that brings it more listeners and thus more advertising revenue.

Are they completely out of their minds? If someone told me that the way my site is implemented prevented some people from listening, the FIRST thing I would do would be to fix my site, and the second would be to thank the person for getting me more listeners!

Idiots. Yet I'm still listening to their station, on my Mac, because they're actually playing pretty good music. :)

-Z

sue 'em back

I do believe they've just admitted to copyright infringement, did they not?

Right mouse button?

What's this "right mouse button" you speak of?

Sincerely,
Mac user

Um, isn't javascript optional?

My browser by default blocks all scrips unless I tell it to unblock one in particular. By default, this 'feature' would be disabled and I could right-click all I wanted to. Additionally, disabling the right click feature is as old as the internet and I've been able to work around it since I was 12 years old.

The ability to suppress a script is common knowledge and easy to do. I can view a page however I see fit, not only that, if I truly wanted a piece of content off that page, I wouldn't even need my right mouse button to save that content right to my computer. Once the page is loaded and content cached, it is part of my computer and I may do with it as I please, despite whatever copyright has been placed on it.

Next up

When are they going to sue the wget developers?

Judge

Atlanta Blue Skye LLC: "Your honor, we respectfully await your verdict." Judge: "After reviewing the evidence involved, I rule this case EL-OH-EL."