Distributed Computing Program Hidden in Kazaa 491
The_THOMAS writes: "A federal securities filing Monday revealed that the hugely downloaded Kazaa P2P (file sharing) software contains a piggyback program which will create a second, new, network controlled by Brilliant Digital. They plan to awaken the software, already on millions of computers, within the next four weeks. The program will be used to host and distribute other companies' content and may be used for distributed computing. Read the details here."
Better than Spyware... (Score:3)
Joe
Better than Spyware? Depends. (Score:2, Insightful)
How many of the installers actually read the agreement and what would you bet the software installs pre-opt-in? I'd like to see what anyone who has installed it has to say to describe this bit of up-front opting in. If it's buried in the end user agreement, then it's about as good as something Dr. Evil would dream up.
I'm currently fed up with what I'll call sneakware, that's pre-installed software on my 2 yr old laptop which has woken up and installed software and changed default settings. I caught Adobe Photo Deluxe changing itself when I went to edit some photos. I can't even figure out how to stop it, short of yanking the phone cord out of the modem when it goes to connect to websites. Bastards. Worst of it is that I actually need to use the software from time to time.
Fighting sneakware (Score:4, Informative)
You might have tried something like this already, but if not download or buy a package that monitors programs that try to access anything through TCP/IP and warns you when a program is trying to do something you haven't authorized over the network. Tiny Personal Firewall [tinysoftware.com] has worked out pretty well for me and is free for home use. It works in most cases, unless the application has a legit reason to use a particular port and also uses it for something you wouldn't expect. Adobe Photo Deluxe doesn't sound like it'd fit into that category, however...
Re:Fighting sneakware (Score:2, Insightful)
Zone Alarm from Zone Labs [zonelabs.com] is another free firewall that performs this job splendidly for my Win2K set up.
You forgot two things... (Score:2, Interesting)
As for without your opinion, how about looking over whatever license or installment agreement you just happened to click through quick just to get it up and running... Though they may not hold much water, it's another bit up the hill for you and your actual lawyer to run, when you go to prosecute.
Re:You forgot two things... (Score:2)
Does this $5000 threshold apply to each individual computer, or does it apply as an aggregate for the damages on all? trojaned computers. If the latter, it would be trivially reached. Oh, and btw, people have been indicted for similar offenses in the past. [freemcowen.com]
Re:You forgot two things... (Score:2, Informative)
Re:You forgot two things... (Score:4, Informative)
(b) You hereby grant BDE the right to access and use the unused computing power and storage space on your computer/s and/or internet access or bandwidth for the aggregation of content and use in distributed computing. The user acknowledges and authorizes this use without the right of compensation. Notwithstanding the above, in the event usage of your computer is initiated by a party other than you, BDE will grant you the ability to deny access.
You hit "I agree" on this thing in order to install the software. Thus, they are not exceeding the rights you have explicitly granted them.
Jouster
Re:You forgot two things... (Score:3, Insightful)
Excerpt (from your excerpt of the EULA)
Notwithstanding the above, in the event usage of your computer is initiated by a party other than you, BDE will grant you the ability to deny access.
The (not yet established as legally binding on the end user) EULA grants them their rights, but if the wording on the imminent pop-up is at all obsfucatory, then the users will have a case. They have not yet hit the "I agree" that matters, and a window that (months after they failed to read the EULA) pops up in the middle of an AIM chat is going to get clicked on immediately, simply to get it out of the way. The users will have a good case if they want one.
The story said that it was impossible to install without clicking yes, but that the trojan could be removed later without affecting the P2P preformance at all. Pray tell, did the EULA mention that? There's opt-in and there's opt-in. Deceptive practices simply blow. Any agreement that cannot stand up in the light of day is no agreement at all.
Re:The USA PATRIOT Act to the Rescue! (Score:2)
Except the EULA you agreed to. We can all argue how much weight an EULA has, however, this point concludes that you are no longer looking at a simple patriot act lawsuit, but a challenge against an EULA's legal power. I don't think a few CPU cycles from a now publically known "feature" will cause enough "damage" to constitute any sort of a lawsuit.
Re:The USA PATRIOT Act to the Rescue! (Score:4, Funny)
Thank god you are helping us all in our noble fight against terrorism.
Let's Roll.
Re:The USA PATRIOT Act to the Rescue! (Score:5, Informative)
4. Upgrades and Access.
(a) You acknowledge that BDE may from time to time provide future programming fixes, updates and upgrades to you ("b3d Updates"), including automatic updates to KaZaA and other software bundled with KaZaA, through automatic electronic dissemination and other means. You consent to such automatic updates and agree that the terms and conditions of this Agreement will apply to all such b3d Updates.
(b) You hereby grant BDE the right to access and use the unused computing power and storage space on your computer/s and/or internet access or bandwidth for the aggregation of content and use in distributed computing. The user acknowledges and authorizes this use without the right of compensation. Notwithstanding the above, in the event usage of your computer is initiated by a party other than you, BDE will grant you the ability to deny access.
Of course, EULAs have yet to be stress-tested in our court system, but are *you* going to have the money to win the court case?
Erik
Re:The USA PATRIOT Act to the Rescue! (Score:3, Insightful)
I guess the only place that one might readily attack this agreement of use, is the definition of "unused computing power". Now, IANAL, but, from my limited perspective, this seems to be a rather vague term. Is a CPU cycle unused if it is sitting in the "System Idle Process"? Probably. Is a CPU cycle unsed if the machine is not turned on? Are you then violating the EULA by having your machine turned off, or the program not running? Of course, I didn't agree to give them the power necessary to run those CPU cycles.
As for storage space, what constitues "unused storage space"? Would any empty space on my hard drive then be considered availiable for thier use? What if that empty space was allocated for future expansion of a program or database, this is not really unused, just unutilitzed for its intended purpose. Moreover, we all know how well Windows runs when you start running out of disk space, so, some of the free space on your drive must invariably be allocated for this use. So we are left with another vauge, and inadaquite term. I don't think that this part of this EULA is going to hold water if it ever gets challenged.
Re:The USA PATRIOT Act to the Rescue! (Score:3)
Unused cycles are "optimized out" by my CPU. In other words, it runs slower and consumes less electricity when not being used. Most modern CPUs go into a low-power-consumption mode when not actively performing real processing. If you doubt this, check your CPU temperature while it's been sitting idle with a blank screen for an hour or two. Compare that to the temperature after playing an hour of Quake III or even just running a graphics intensive screen saver for an hour. I know I could certainly feel the difference when I was running the distributed.net client at home.
So, I "hereby grand BDE the right to access and use the unused computing power" is another way of saying I will freely donate my electricity? Let's find out just how "free" that is.
First, let's assume that you pay $.10/kWh for electricity. Let's also assume that you leave the computer powered on constantly. Finally, let's assume that your computer consumes 60W when idle, but 120W when actively crunching numbers. So that's an extra 60W/hr you spend on behalf of Kazaa.
60W/hr x 8766 hours = 525960 watt-hours per year. .10/kWh = $52.60 per year.
525960 / 1000 = 525.960 kWh per year
525.960 *
Let's look at it a different way: Assume there are 2,000,000 KaZaa users.
60W/hr * 2,000,000 = 120,000,000 watt-hours.
Thats 120 megawatts per hour.
I think they need to file an Environmental Impact Statement before releasing this kind of crap.
It asks permision 1st (Score:2)
What some people won't do (Score:2, Funny)
Re: (Score:2, Funny)
reminds me of an old saying (Score:5, Funny)
Distributed computing = good
p2p + distributed computing = bad.
This reminds me of something my dad once told me regarding his school lunch as a boy. Just because kids like spaghetti, and kids like peanut butter, doesn't mean they'll like spaghetti and peanut butter.
Re:reminds me of an old saying (Score:3, Funny)
The French are funny. Sex is funny. Comedies are funny. Why is it that no French sex comedy is ever funny?
Re:reminds me of an old saying (Score:2, Insightful)
This is a bit more like taking a bite out of an apple and then seeing half a worm left it in.
Re:reminds me of an old saying (Score:5, Funny)
Applied to P2P this would be:
You can pick your peers. And you can pick your computations. But you can't pick your peer's computations.
Re:reminds me of an old saying (Score:4, Funny)
Well, if they're the kids of typical computer geeks, they'll be very familiar with Thai and Vietnamese food, so peanut butter on spaghetti won't strike them as the least bit odd. But they might complain that you left out the scallions and bean sprouts, and maybe it could use a bit of hot pepper sauce.
Sounds pretty neat (Score:2, Insightful)
I don't like the idea of this network siphoning MY bandwidth (that some may have a monthly limit on) for their purposes. And yes, I do understand that they said "with the owner's permission" but what's to say they're not just saying that as a "cover my ass" line?
Re:Sounds pretty neat (Score:2)
And yes, I do understand that they said "with the owner's permission" but what's to say they're not just saying that as a "cover my ass" line?
When you installed the software and agreed to the EULA, you gave them permission. That's what they mean.
Jesus, stop your damn whining (Score:3, Insightful)
You don't want to pay for your new NSync CD.
You don't even want to pay for the software that allows you to steal the new NSync CD.
Yet you complain that *somebody* in the chain is trying to make money? What socialist wet dream are you living in, anyhow?
Its real, alright. (Score:3, Informative)
Time to switch to giFT!
Re:Its real, alright. (Score:2, Interesting)
Well... no. KaZaA (or some other stupid capitalization) technically isn't using your CPU cycles... well, it is, but not for distributed computation. It's some other client, which (evidently) no one knew about. In any case, as far as I know, there was no such clause; no one knew about it. Plus, there need not be a clause, if the embedded program pops up a message box explaining what pushing "Yes" means. They don't need to include that in the license if you explicitly agree to it later.
What I find interesting is the fact that they could distribute some other program -- even if it is a "stub" program -- inside of something as widely used as KaZaA is kind of impressive. Surely, some one would have noticed... but if they did, they must have remained pretty quiet. Has anyone heard about this before Brilliant Digital said something?
Additionally, as a sidenote, giFT [sourceforge.net] is pretty cool. Granted, the website does need some work, they actually have to release the new version (so you don't have to suck it out of CVS), and so forth. However, it's still pretty cool. Not the largest network, but if we were to get even 1% of Slashdot to join then OpenFT would be in excellent shape.
April Fools? (Score:2, Insightful)
Re:April Fools? (Score:5, Insightful)
Re:April Fools? (Score:2)
i doubt it (Score:2)
doubt it. they are supposed to be a serious site after all. And printing fake business news can get you in trouble.
nope its real.
Re:April Fools? (Score:3, Informative)
Re:April Fools? (Score:2)
"There Ain't No Such Thing As A Free Lunch"
If you're going to use a Heinlein quote for Evil, get it right, please...
And for the record, look at the date on the story, it's got to be an April Fools joke, possibly misreported a couple times over. If they actually tried that, they'd be DOS'ed out of existance...
Firestorm (Score:3, Interesting)
Re:Firestorm (Score:3, Insightful)
The devil's in the fucking details. That's for sure.
Huh? (Score:2)
What do you mean "hiding" something in the license agreement? If you read the agreement, as you are supposed to do, before clicking "I agree", then you would know what you were agreeing to. If you don't read it, then you deserve to get screwed.
Re:Huh? (Score:3, Interesting)
Furthermore, contracts aren't legal if one or more of the parties did not fully understand the implications of the contract (read up on cases where people just signed on the X without reading the contract in full view of a notary public--in almost all cases the contract was declared null and void).
If EULAs are found to be legal contracts, this should apply, should it not?
Re:Firestorm (Score:2)
Re:Firestorm (Score:2)
KaZaA is a program used exclusively to steal music, movies, and software.
You would have to remove the word "exclusively" from that sentence for it to have any hope of being considered accurate.
Re:Firestorm (Score:5, Interesting)
> KaZaA is a program used exclusively to steal music, movies, and
> software.
I wouldn't know about that, having (thankfully) never used it. I get my mp3's off my extensive CD collection (Manilow, Mozart, Mothra, etc. -and that's just the M's
> Windows XP is an operating system. It can be used for legitimate
> purposes.
Juno can be used for legitimate purposes. It started a distributed computing plan that required the user's computer to remain on at all times and connect to Juno regularly (at the user's expense if their access number was a toll number). That created a real storm of controversy.
Google can be used for legitimate purposes. Its toolbar is also a distributed computing application.
And please, do not think for a minute that Microsoft is far behind. Microsoft Research had a project called "Millenium" that called for distributed computing among other things. Millenium's marketing name appears to be ".Net". Ever heard of it?
If you have Windows XP, you have agreed to let Microsoft install any "upgrade" it wants to on your computer. That's all they need to sneak one of these applications on your computer and start harvesting CPU cycles, if they haven't already.
Ultimately, Millenium is to be a global super-cluster of all the Windows computers (if not all the computers period) in the world. Your data and applications will be stored where ever Millenium wants them to be stored (maybe even on one of your competitor's hard drives?!?). Both applications and multimedia content will run on a pay as you use basis (with digital rights management). The file system will be a universal data store based on SQL Server (say bye-bye to your favorite standard file formats). You will boot your new PC with the Millenium disk, and after a process similar to today's product activation, your computer will join (be assimilated by) the Millenium network. About the only thing different between
The above post is ***not*** an April Fools joke. It is based in part on documentation available on Microsoft's web site (http://www.research.microsoft.com/research/os/Mi
What happens when you embrace and extend Godzilla? Nuclear heartburn!
See "Godzilla 2000" (released in Japan as "Godzilla 2000 Millenium") for details.
Re:Firestorm (Score:3, Funny)
I hate rebooting my machine (every few weeks). I get assigned a new and usually "dirty" IP address - it takes a number of days for the Kazombies to go away!
I'm tempted to learn enough of the Kazaa protocol to be able to unload a "death packet" on the most persistent of idiots.
Well... I hope I'll be able to bill them. (Score:2)
I'll bet not.
Trojan horse (Score:5, Insightful)
Re:Trojan horse (Score:4, Insightful)
If you agree to terms that permit them
to do this, you don't have much to complain about.
Re:Trojan horse (Score:2)
Huh? What if I'm using an open source compiler? Hardware is another matter, but one that is dealt with differently. I don't sign (or click) an agreement when I buy hardware, so they would not be able to sneak in some sort of trojan legally as this company seems to have done. And if they can't do it legally, then it becomes a major liability for the company if it is discovered (and it would be discovered eventually), and someone would likely go to jail for it.
Re:and how exacly would OS save them from this?... (Score:2)
User agreements for Free Software do not include provisions which allow software manufactures to spy on the users or misuse their computing equipment, otherwise it wouldn't be Free Software.
Like this: (Score:5, Funny)
void main()
{
doDownloadFiles();
doUploadFiles();
doSpyWare();
doDistributedComputing();
}
becomes
void main()
{
doDownloadFiles();
doUploadFiles();
doDistributedComputing(); */
}
Sure, it takes a high-school CS student to figure out what to comment out, but once its re-compiled and distributed on KaZaa, the modified version will spread like wildfire.
If the license is truly open source, this wouldn't even be illegal (not that KaZaa users really worry about that anyways).
Sounds like outright theft (Score:3, Insightful)
Unless they are hiding behind some ultra-fineprint legalese, I would say this is theft. They are stealing your computer resources, electricity and time without your permission.
I have always been suspicious of KaZaA so I never downloaded it. I am stragely glad that my coursework keeps me more busy than I need to be so I don't spend my time infecting my machine with spyware file sharing apps. (Must leave now ... assignment is due tomorrow.)
Re:Sounds like outright theft (Score:2)
The argument that they "agreed" to this before hand is bunk. I think it goes hand in hand with shrink wrap licensing. You can't agree to something when you don't know what that something is or it's too loosely defined and allows so many interpretations.
I'd like to see how enforceable a click through license is on a virus or trojan "I agree to allow (unknown entity) to install software on my machine that may or may not compromise the security therein. Additionally I grant (unknow entity) the right to use information provided by me for commercial gain and/or entertainment purposes. This information may be obtained from files or programs installed on my system. I hereby relinquish (unknown entity) from all legal responsibilities and refuse any further legal recourse should running this program cause damage to either the computer running it or to myself... > >" Then just write a harmless "flaw" in the program that makes ">" not work and VOILA! all nice and legal!
Re:Trojan horse (Score:2)
Re:Trojan horse (Score:2)
To my mind, people have downloaded a program, expecting it to do one thing, and really it has a payload that con do something completely different...
To my mind, this says people are stupid and should've read the damn EULA that they agreed to before they clicked "I agree."
Re:Bill Gates murdered??? (Score:2)
Wait a second... (Score:3, Interesting)
They should pay you (Score:3, Insightful)
At the very least, they should let you have a large discount on downloads when you opt-in. For example make them free. Plus a credit based on the bandwidth they steal *cough* use.
Re:They should pay you (Score:2)
what a joke! (Score:5, Insightful)
Sneaking software onto peoples computers to create a good relationship with users ? ... or did they mean a good relationship with b3d's clients?
Re:what a joke! (Score:5, Informative)
It's in their annual report [yahoo.com] and I don't think the SEC like jokes.
Re:what a joke! (Score:2, Insightful)
Suicide not guaranteed (Score:3, Insightful)
I disagree. What they've done sounds very rude and deceptive to me. But it may very well be legal and may result in them staking a claim in an emerging, lucrative market. Thus, the company's perceived value may increase and shareholders may be pleased. I'm not predicting that their stock price will rise with certainty, but I don't believe it's a foregone conclusion that this will tank it. Talk to a penny-stock promoter good at spinning publicity. He/she'll tell you that there's almost no such thing as bad publicity for an upstart. A piece of news (or even a rumor) like this that puts them on the map and on traders' tongues may be just what their stock price needed. Time will tell. Afterall, we only need to look to companies like Verisign with horrible, headline-making security and privacy goof-ups and deceptive practices to see that their rude actions and policies do not result in corporate suicide. (Unfortunately.)
If they've committed any type of "suicide", it's simply image-suicide in the eyes of a very small, elite crowd (ie, Slashdotters, privacy defenders, etc.) The market and shareholders may not care about this.
Revenge (Score:5, Insightful)
It doesn't matter whether we know what the data is or not, it just going to be a binary chunk with probably a checksum somewhere. Fill their servers with random data and see how long they want to continue using our resources
Re:Revenge (Score:5, Funny)
I'll _finally_ have my beowulf cluster.
- Jester
Sigh...business as usual (Score:5, Insightful)
Furthermore, it seems that the wasted cpu tiem is becoming a precious commodity, which I am currently donating to seti, with no financial compension (in other words I am not selling the cpu time). I wonder how long till the government will accept donated cpu time as a real donation, so i can put it on my tax return....hmmm, i am thinking about at least a dollar per unit, and i am now at 780 units, that makes it 780$ deducted from taxes, and if it is a dollar per hour....
that could be a hefty some for stuff donated to a good cause....
maybe someone at seti would give me a receipt...hey, that would mean more people doing units for them...could be beneficial to both sides...
Re:Sigh...business as usual (Score:3, Informative)
If such a message came from a company with not a bad reputation (winamp comes to mind), i would install the program
I guess you didn't realize that Winamp [winamp.com] is Nullsoft [nullsoft.com] is [http] America Online [aol.com] whom is also the proud owner of Time Warner [timewarner.com], among other things.
Is there really a reason to go about trusting, implicitly, this "winamp" organization of which you speak?
Open Source (Score:2)
I realize that this is an "opt-in" program, but it could just as easily been something else written by a disgruntled employee. And who would have known?
Re:Open Source (Score:2)
NSA backdoor keys work in IE6? Maybe 100?
Users accept this crap because Microsoft is a
trusted brand. That's fine for them. It works.
It may not be fine for you.
The situation with Brilliant Digital is exactly the
same. People trust the Kazaa brand. They agree to
the terms, and everyone is happy.
There's no scandal here. If you prefer not to
use the software, by all means, don't use it.
Brilliant isn't a monopoly, you know. You do
have choice.
And if you don't want to trust brands, you can
always fall back on peer-reviewed open source
software.
Re:Open Source (Score:2)
Let's see... The vast majority of users have the technical skill to read and comprehend the first couple of paragraphs of the EULA which clearly explain what the software does or what it may be used for. Or, the vast minority could spend unwanted hours wading through 1,000,000 lines of source. Heck, even if it was an Evil Company(tm) that didn't disclose this info in their EULA, it's not that hard (and a common practice of geeks) to packetsniff what's going in and out of your network. How do you think we found out about all of the Real spyware? Not with the source, Luke.
sad but true - it's real AND messy (Score:5, Informative)
The program hides itself in different locations all over your hard drive, including copies of itself in your OS root and
It's a bitch and a half to purge. There's no unistaller, and it's got dozens of registry entries to manually erase.
(Search for 'bde' and 'b3d' on your HD and your registry to make sure you get it all.)
I can only imagine the looks on people's faces when a gigantic 3D Cameron Diaz appears on people's computer screens and commandeers their system.
Time to stock up! (Score:3, Funny)
Download Kazaa now. Don't be left out!
IBHT, IHAGD (Score:4, Insightful)
Looks to me like this is just a new way for marketers to say "spyware".
Let's read the article.
An advertising company plans to use your machine to host and distribute other companies' (not user-selected) content, such as advertising or music [or next week's winning lottery numbers], or it might use the CPU power for something other than advertising.
Color me cynical, but I advertising think I know advertising what type of advertising content will be advertising hosted by this advertising new "network" hosted by an advertising company.
Gee, not only was I not too cynical, I wasn't cynical enough!
And of course, we all know that the description of the functionality won't say "we use your computer to serve banner ads!", it'll be "This is part of a new stealth P2P network! Join now!"
(This leaves aside the larger issue - namely, every spyware manufacturer makes similar claims. "It makes your cursor look cool!" "It enhances your web experience!" "It's like a buddy who helps you while you surf on the web!" Need I go on?)
And if you're really lucky, we'll send you some stuff. Sign up today! We don't have to send you anything or compensate you for the use of your bandwidth for our advertising network, but, uh, we might, if you give us all your personal data! Honest, we might!
Moral of the story:
It calls itself a new stealth P2P network that'll "turn on" millions of PCs. But it looks like a spyware duck, quacks like a spyware duck, and leaves runny turds that look an awful lot like duckshit.
I call it a duck.
Here we are, after spending a whole day bitching at the Slashdot editors for an April Fool's Joke about advertorials, and nobody notices an advertorial when it's staring them right in the face.
(Of course, if this is CNET's own version of the "Advertorial April Fool's Joke", I admit it - it's scummy enough to be believable, and the advertorial is from a source I believe to engage in advertorializing. So if it's a joke, I admit it - they got me fair and square. Wotthehell, I thought the idea of Teoma going after Google was an AF joke too ;-)
Re:IBHT, IHAGD (Score:3, Insightful)
Re:IBHT, IHAGD (Score:2)
Re:IBHT, IHAGD (Score:2)
Umbrella Corporation strikes again!
How long before they send Nemesis, Tyrant or Mr. X down the wire?
Where is Jill when you need her ?
graspee
Fun and games (Score:3, Funny)
Distributed computing, etc. (Score:2)
Well, the question is, could something like this be used for other less desirable purposes.
I am thinking of everything from the Classic Napster to DDOS, reverse engineering, or what ever.
The long term trust issue is the point here. pre distributing this capability in the client in advance of notifying me is annoying in the extreme.
I have added the following features without asking sounds like an MS tactic.
watch Passport become a distributed computer app for MS development projects, for example.
feh.
Can anyone argue why this ISN'T immoral? (Score:2)
I want to hear from intelligent and thoughtful people about why they think this should be okay?
When I run a program, it's because I expect a desired result. The result is generally expected and that's why I run it. Among such programs are web browsers, email clients, video players, etc. I also use Bearshare.
I think it's a simple matter to include advertising in the client software and if it's free to use like Bearshare is, it's FAIR. I know it's there. It's pretty damned obvious. If I don't want to see the advertising I can either (a) not run it or (b) run the Borland resource editor and see if I can't pull the component out of the software causing me distraction. I don't to (b) because it's too much trouble and I don't mind it that much. I can't do (a) because I love getting random treasures from across the net from generous and often stupid people. (try searching for common filenames associated with personal files such as resumes or digital pictures... it's a hoot! Naked strangers! yeah!)
Anyway... I'm straying from my point. I'm writing to solicit intelligent and thoughtful rationales for adding 'secret software' into such programs.
Re:Can anyone argue why this ISN'T immoral? (Score:2)
A) It's not secret software. You agree to an EULA which clearly mentions this "feature".
B) Essentially, Kazaa is not free. Instead of paying money, you agree to paying CPU cycles. It's a simple form of bartering.
C) They're not a monopoly, and they're not leveraging an existing monopoloy to push this product. Therefore, they make the terms (read: Free Market), and as long as those terms are fully disclosed (as they are), there is no problem. It is of no burden for you to disagree with said terms and use a competitors product.
I hope that was at least semi-intelligent!
gnucleus (Score:2, Informative)
Wait, there's a good idea here... (Score:2, Interesting)
Of course, this would have to be with the user's consent.
The fact is this software DOES cause damage to artists and the RIAA/MPAA. Maybe this would be a good way of offsetting the damage without paying a tax/tarriff/fee.
Re:Wait, there's a good idea here... (Score:3, Interesting)
I want to coin a term for this (Score:2)
There's a subtle logic at work here (Score:5, Funny)
I download Kazaa. I download Kazaa because Napster doesn't work anymore. Napster doesn't work anymore because the music companies say it rips them off. I don't care about ripping off music companies. But that makes me think: I can see how I'm ripping off artists. Gawd I love Kazaa! But I feel bad about ripping off artists.
BDE through Kazaa wants to use my computer cycles? Well geez, I feel bad about getting all this great music for free... I owe somebody something... Oh alright, that's a fair exchange.
The power of guilt.
Mark my words, people will accept this barter, except for one small problem: the artists still aren't getting paid!
BDE is getting away with murder: benefiting off of artists by proxy, and benefiting off of consumers, through guilt.
Re:There's a subtle logic at work here (Score:5, Insightful)
With the current cd for cash model, the artist doesn't really get paid either!
EULA (Score:3, Redundant)
From the Kazaa EULA, addendum section on BDE:
4(b) You hereby grant BDE the right to access and use the unused computing power and storage space on your computer/s and/or internet access or bandwidth for the aggregation of content and use in distributed computing. The user acknowledges and authorizes this use without the right of compensation. Notwithstanding the above, in the event usage of your computer is initiated by a party other than you, BDE will grant you the ability to deny access.
Interestingly as well:
5. Term; Termination.
(a) This Agreement will be effective as of the date you accept this Agreement and will remain effective until terminated by either party ("Use Period").
(b) BDE may terminate this Agreement at any time by providing notice to you. You may terminate this Agreement at any time by ceasing use of the Software and Services and destroying or removing from all hard drives, networks, and other storage media all copies of the Software. Upon any termination, all licenses and rights to use the Software and the Services shall terminate and you must remove the Software from your computer equipment and dispose of all originals and copies of the Software in your possession. The following Sections shall survive any termination of this Agreement: 2, 3, 4, 5, 6, 7, 8, 9 and 10.
So you can't terminate once you've accidentally clicked "OK". Although you sort of wonder how they're going to apply section 4 once you've "destroyed or removed from all hard drives, networks, and other storage media all copies of the Software."
Double Screw Kazaa (Score:2, Informative)
http://www.kazaalite.tk/
It removes all spyware and inserts a fake file which looks like syware so that kazaa can't shut itself down. Kazaa: 'Your stealing my program!" Kazaalite"Stealing is a strong word, we're copy infringing on your program
Then heres the cool thing, edit your "hosts" file. Go ahead search for it. Good you found it. Now any server you don't want to connect to say ads.kazaa.com (just an example.)
type in your hosts file
127.0.0.1 ads.kazaa.com
Everytime kazaa tries to download an add from ads.kazaa.com it'll be looped back to your own computer. No ad!
Of couse kazaa could always just use IP addresses directly bypassing hosts. But they havn't yet.
Another thing, I have no idea whether kazaa lite has this distributed trojan active in it.
This is a disaster in the making (Score:2)
Maybe they're trustworthy. But who cares? How long do you think it will take before a pack of sixteen-year-olds with packet sniffers reverse-engineer the protocol and begin installing whatever "updates" they like on the tens of millions of systems infected with Kazaa?
I wish to hell I'd listened to my mother and become a lawyer instead of a programmer. I could retire on the class action suit that will come out of this.
Kazaa Lite (Score:2, Interesting)
Will I be taxed? (Score:3, Insightful)
Distributed doubleclick? (Score:4, Insightful)
Well, this seems pretty much to be the end of ad blocking through firewall rules... Pretty easy to see why doubleclick would like this scheme.
You'd basically never know what host would be spamming your browser...
*sigh*
Incredible (Score:5, Insightful)
I used Grokster on my networked Win2K box at home. This box contains my personal files, such as financial info and I also use it to do online banking. So my privacy really matters. I also use this box for work and I have it streamlined and tweaked to run as efficiently as possible. No foolish system tray or startup apps etc...
Well it seems that P2P apps like Kazaa or Grokster work hard to breach my privacy and fudge my system. I've never known software to be so malicious. First, I see that Grokster has web-based ad support. Okay, that's tolerable, they need some form of revenue. But don't think I haven't noticed your "secret" stash of cached ads in my system directory, Mr Grokster. Then I notice the popup ads. Also annoying.. but again I tolerate. I didn't run Grokster for longer than a day and my system can handle twenty browser windows. But then, incredibly, it turns out that the required advert component also sends out information about me, including my browser history. Big no-no, Mr Grokster. Now I have to spend time to counteract this. I found a replacement set of libraries which do not send personal information. From that point on, I figured I was safe. Oh no... this weekend, after a Grokster session, I spotted a strange "extract.exe" on my desktop. Hmmm. How did that get there? I took a look inside and found various executables and libraries. How quaint. I most certainly did not download it. So I searched my system and lo and behold, it seems some ActiveX has automatically downloaded and run this program for me, spreading half a dozen files around my system. Looking through the registry I see that in fact it's installed a browser toolbar. Oh lovely.. just what I wanted. Took me a good half hour to rid my system of it's leeches.
The moral of the story, don't run Grokster. Well fine, I've learnt my lesson and I'm fortunate enough to have another disposable machine to unleash the Grok on. But my concern is the X million people who don't have a clue. The sort who click on "www.yahoo.com.exe". They see Grokster or Kazaa on download.com or whatever, download it and use it blissfully ignorant of what I consider to be a virus. In fact, the only difference I see between Grokster, Kazaa etc.. and viruses is a service. Package your virus as an application and you earn amnesty from antivirus software.
Slashdot articles and anti-spyware sites keep us geeks in the loop, but that doesn't help the masses. Only laws help the masses. There must be some law somewhere that states such practices to be illegal. Tricks used by these programs such as placing independent components in the system directory posing as actual system files, running programs without permission, not informing users of these hidden "features" and so on, are clearly malicious.
I'm for P2P networks, but clients such as these seriously rub me the wrong way and I'll be glad when the RIAA eats them. I just pray for a nicer client to take their place.
Try it this way ... (Score:3, Insightful)
The reason that they are evil tends to be because they are the creation of commercial entities that intend to make money by stealing you information. This is not inherent (though on the MS systems that I am familiar with there is no effective security to prevent this from happening).
Commercial entities need to have something to sell. If you want to get a service from them, then you will need to pay them in some way. The "freebies" that they offer will always be a hook. Always. You may not be the intended target, you may steal the cheese, but the hook is there. Red Hat is trying to get commercial companies to buy software maintenance and development services. As a commercial entity, they distribute Linux at not much more than cost to lure in potential customers. It isn't free, but the hook is still there.
Non-commercial entities need to be able to pay for the activities that they engage in. So do individuals. You can always take an economic view of an organization or individual, and it must always either balence or yield a profit. Or be drawing down assets.
If you buy a pig in a poke you are likely to end up with a cat instead of a pig. Open source is partially the requirement that one be able to look into the bag before buying it. But if you can't, then you should expect that the seller is going to take such advantage of the fact as he can. Becuase he frequently will.
This isn't to say that Kazaa is in this case acting unethically. They have indicated that they will ask permission before adding computers to the distributed computing system, so one should, perhaps, wait until we find out how they will interpret that before getting outraged. They might not just say "the license already gave us permission". But it's also true that we can't know what will occur later. The license that was reported seems to be similar to the MS XP license in that it essentially gave them permission to install arbitrary software. And I find it quite difficult to feel comfortable with that. Especially on a system that gives essentially no protection against rogue software. (Similarly, on Linux I'm uncomfortable with the programs that require being run with root permissions.)
criminal trespass (Score:3, Interesting)
While I doubt a serious argument could be made for damages, unless the EULA is upheld by some clueless court then using the spare cpu cycles of personal computers clearly constitutes criminal electronic trespass as outlined in the PATRIOT act. And, as we know, this automatically brands one as a terrorist.
I don't use Kazaa but I can't imagine that very many users will be happy to have their 'spare' cpu cycles appropriated for someone else's gain. Just another reason to dump this software in the electronic crapper.
Max
Some observations (Score:5, Interesting)
"Quickly" is mendatious. The majority of end users will have port 80 traffic cached by their ISP, and you can bet that cache will be juicy-full of DoubleClick stuff. My ISP routes all traffic via my local access point, even traffic to other people under that access point, and they run a cache at the access point. So even if I were to get ads from the guy next door, it would still be slower than getting them from the cache. All this would do would be to cut down DoubleClick's bills for uncached accesses, and (interestingly) stop me blocking DoubleClick using my hosts file. If this latter reason is actually material, then it's a sad indicator that the ad market has given up any pretence that ads are in any way connected to revenue. If I've gone out of my way to actively block your adverts, and you force them on me anyway, what exactly are your chances of gaining one red cent in revenue from me? Farcical.
Hey, opt-in, opt-out, what's the difference, eh? To apply an equally muddled metaphor, they'll probably burn that bridge when they come to it.
Ah. Anybody with a typical residential DSL/cable connection should check their contracts. There will almost certainly be a clause in there that prohibits providing services to third parties, and especially selling services to third parties. Most ISP's have tolerated filesharing up to now because it's (generally) an active use thing. And CETI@home is low bandwidth, fully opt-in from the user side, and non-commercial. But this might be different. It's a commercial company using ISP bandwidth to make profit, and pass some of that (a very, very little) back to residential users, who have only agreed in general to provide services, not on an active case by case basis. This might be where ISP's start to draw the line.
Don't want to bitch at this but... (Score:3, Interesting)
they remove it
a month later
"We're sorry for the spyware"
they remove it
goto 10.
As much as I love the P2P concept, if these guys go out of buisness or get the crap sued from them, I just hope EFF won't protect them in the name of P2P, because these guys aren't the Good Guys(tm). They are opportunists that are hiding behind ignorants and people that want to defend P2P to play their dirty scheme instead of being just dead honest.
It doesn't kill a buisness to mention any spyware or whatever, if people skip the warning and download it, well now It's their problem, but running it and acting like if you were transparent is just plain unethical, they did it many times, it simply piss me off. That's why I am using winMX since the first time I saw Kazaa doing crap to their users. It's been at least reported 2 times here if not more.
Again, being honnest about it won't change much, it'll just remove a FEW users like me and most of slashdot readers that want their privacy. Most of the people won't give a damn, so why being so dishonnest!? it could just trigger lawsuits against them for absolutely no gain.
The proof to this? well look at how many times you saw kazaa and spyware, and look at their userbase still growing (which doesn't make sense but again, MOST people just don't care, they'd sell their souls for free stuff).
Re:URL! Always look at the URL! (Score:2)
Re:URL! Always look at the URL! (Score:2)
Well, if you go to http://www.news.com/ [news.com] itself you see the same stories.
Of course, it's http://news.com.com/ [com.com] in a frame. So either C|Net got hacked, or that's how they're doing things now. Given that whois says CNET owns 'com.com', the latter is more probable.
Supicious URL -- but legitimate (Score:2, Informative)
But the Kazaa story is also on www.news.com.
It looks like cnet owns the .com.com domain, too:
Registrant:
CNET Networks, Inc (COM2994-DOM)
235 2nd Street
San Francisco, CA 94104
US
Domain Name: COM.COM
Re:URL! Always look at the URL! (Score:5, Funny)
oh wait..
Re:FYI, Kazaa License (Score:2)
"You hereby grant (Brilliant) the right to access and use the unused computing power and storage space on your computer/s and/or Internet access or bandwidth for the aggregation of content and use in distributed computing," the terms of service read. "The user acknowledges and authorizes this use without the right of compensation."
It doesn't. I've done a search, and those words aren't there. The word "Brilliant" isn't said once in the entire license.
I'm not saying this license is great, but its not all that bad either.
Most of it is unenforcible bullshit designed by KaZaA to cover their ass in terms of IP claims of violations.
They can terminate your account at the stop of a dime. But you can also easily create a new account at the stop of a dime.
They claim that any disputes must be resolved in their country. Unenforcible. US courts don't enforce decisions made by foreign courts, so foreign courts have no influence over US citizens.
And so on. Most "termination of license" crap is completely unfenforcible, neither legally nor practically.
Re:Geography (Score:2)
Re:This aint a good idea (Score:2)
The OS takes care of process scheduling. The two never see each other; at
any given instance, the running process has control over all system resources
(atleast memory and CPU, can't speak for devices with built in HW logic.)
Each process owns the system register set, some memory pages, and a desginated
stack area, for a time slice. As soon as its time is up, its context (registers,
memory page descriptros, stack pointers, etc.) is saved, and another process takes
over the system.
This happens too fast for you to notice, but the two processes never see each other.
The only time Kazaa can corrupt the resources of your "decompressor" is when the two
share persistant data (files, database tables/records, streams, etc.) and there is
no way to independently developed, and installed programs can reference the same file
(unless it was a system file, and they both know of its existance. But this is not the
case in windows, which has a registry, and each installed app has its own entry in the
registry, and thus there is no name clashes.)
--