Developer Draws Legal Threat For Exposing Indian Telco's Net Neutrality Violation 134
knightsirius writes: Indian broadband and cellular operator Airtel was discovered to be injecting third-party JavaScript files into web pages delivered over their wireless networks. A developer was viewing the source of his own blog and noticed the additional script when viewed on a Airtel connection. He traced the file back to Flash Networks, an Israel-based company, which specializes in "network monetization" and posted the source on GitHub. Since then, he has received a cease-and-desist from Flash Networks and the code on GitHub has been removed following a DMCA takedown notice.
Readers may remember Airtel from its previous dubious record with network neutrality.
Readers may remember Airtel from its previous dubious record with network neutrality.
Re: Of course, it's likely copyrighted. (Score:2, Funny)
He didn't post it, it was injected ;)
Re:Of course, it's likely copyrighted. (Score:5, Insightful)
When they embed it in your blog ... fuck 'em.
They modified his blog with code, which means it's now his code.
Or are we pretending that when corporations do shit like this it's OK?
I read this as "assholes embed code in pages, and then whine when that code gets made public to point out that it's happening".
No sympathy. Not even a little.
Re: (Score:2, Interesting)
He can probably one-up them and sue THEM for tampering with his code. I bet if you did something like this to a company's page, they'd sue you, guns blazing like the terrorist you are.
They must know their code gets out there for everyone to see, the way they're doing it. It's trivial that it can be looked at and copied. If it's such a trade secret, keep it out of the public's face.
Re: (Score:1)
Won't work if the company granted themselves the right to tamper in the Terms of Service.
Re:Of course, it's likely copyrighted. (Score:5, Insightful)
What if my terms of service says you owe me a billion dollars if you modify my code?
When the hell did we start thinking of terms of service as magical?
Re: (Score:3)
Re: (Score:3)
Wow ... and the US government has control over what an Israeli company is doing in India ... why???
This has nothing at all to do with US law, other than the DMCA was used on Github.
Re: (Score:1)
Won't work if the company granted themselves the right to tamper in the Terms of Service.
That might save them from being sued by the users but not the publishers. They are creating unauthorized derivative copies of copyrighted works.
That's illegal.
A third party can't waive your right to defend your IP.
LK
Re: (Score:3)
Re: (Score:2)
Re: Of course, it's likely copyrighted. (Score:1)
Java Script files are not encrypted. Anyone who went to the blog could have viewed the file's source so what does it matter if it is on GitHub or not. When the tables are reversed we would be told something like "there is no expectation that [insert subject matter] would ever be private so we the [insert corporation or government agency] are within our rights to use [insert subject matter] as we see fit."
Re: (Score:1)
Actually this reminds me of those Direct Revenue assholes who hijacked Windows desktops to display ads: http://www.benedelman.org/spyw... [benedelman.org]. Bottom line is that regardless of copyright or DMCA issues, when ads are actively injected into anything people should always get pissed.
Re: (Score:2)
When they embed it in your blog ... fuck 'em.
They modified his blog with code, which means it's now his code.
Or are we pretending that when corporations do shit like this it's OK?
I read this as "assholes embed code in pages, and then whine when that code gets made public to point out that it's happening".
No sympathy. Not even a little.
I suppose that the only thing the code owner can do is add an appendix that does a realtime crc or md5sum check of the code that is his. If the code is corrupted, the service can take action as appropriate.
Re:Of course, it's likely copyrighted. (Score:5, Insightful)
Technically they made a change to his copyrighted code and since he was paying them for the service the copyright should belong to him.
Re:Of course, it's likely copyrighted. (Score:5, Insightful)
Not only that, but they made an unauthorized change to his code that displayed ads. If anyone else were to do this, it would be called "hacking his website" and the group responsible would (theoretically) be brought to justice. However, since it is an ISP, they get to call it "monetizing their service" (or some other weasel words) and the companies responsible for the ads get to sue for copyright infringement. Imagine if a group of hackers sued for copyright infringement because the code used in their hack was publicized. They would be laughed out of court.
Re:Of course, it's likely copyrighted. (Score:5, Insightful)
If anyone else were to do this, it would be called "hacking his website" and the group responsible would (theoretically) be brought to justice. However, since it is an ISP, they get to call it "monetizing their service"
Even worse, this is a 3G network, so they're not just monetising, they're artificially inflating their customers' usage by forcing them to down content they didn't request on a service that is typically directly billed by utilisation.
Re: (Score:1)
Re: (Score:2)
No by providing the URL link to content they voluntarily provided that content the URL refereed to, they gave it to him. You can not provide a compulsory link so someone and then claim they infringed copyright when that link downloaded content. This is not different to delivery a package to someone with say a CD and claiming if they open the package they have to pay for the CD.
Re: (Score:3)
the issue is that some companies think that their code is 'execute-only', and if you try to READ it, they come after you, legally.
does that make any sense?
'here, run this code. each time you access your own page, run MY code. but don't DARE view it. we don't allow that and we don't allow you to explain what our code does.
"JUST RUN IT, CITIZEN!"
this is what their argument amounts to. you 'must' run our code but you 'must not' look at it.
its how marketers think. we 'must' be allowed to inject our code in
Re: (Score:1)
Re: (Score:3, Interesting)
Well, this is one of those things where copyright law doesn't necessarily behave the way people think it should.
Take the famous case of science fiction author Marion Zimmer Bradley. For years she encouraged fan fiction in her Darkover universe -- until she wanted to use some plot ideas from a fan story she had read in one of her own novels. The author of the fan story successfully blocked the publication of MZB's novel.
So it's clear that original authors don't automatically get ownership of derivative work
Re:Of course, it's likely copyrighted. (Score:5, Insightful)
Except that your case is nothing like this one, because in this case the original work was replaced with the "derivative", with the derivative being misrepresented as the original one.
This would be like if a fanfic author worked at the publisher for the author they loved and decided to change a bit of the text in one of their favorite novels so that it mentioned a product they sell on the side. The novel then gets passed on to bookstores with no one the wiser, and it's not until months later that the author is poking through some pages and realizes that this isn't the novel they wrote, even though it's being represented as such. If the publisher continues in misrepresenting that work as being the author's, then we'd have an expectation that the author would have just as much right to that altered text as to their original text.
Of course, the analogy breaks down here, since authors routinely hand over ownership rights to their publishers, whereas web developers essentially never hand over authorship rights to their ISPs.
Re: (Score:2)
Well, this is one of those things where copyright law doesn't necessarily behave the way people think it should.
Why not? The blogger just needs to send github a DMCA counter-notice, and that's that. This is a very clear case of Fair Use. The company can try to sue in US court, but it would just lose and amplify the Streisand effect.
Also, I'm not sure why the name of the CEO of Flash networks is edited out of the DMCA notice, but his name is Liam Galin according to their web site [flashnetworks.com]. Here is his linkedin [linkedin.com]. This guy is obviously an idiot where it comes to the internet and public relations. If he becomes unemployed one day,
Re: (Score:3)
Oh no...now he'll DCMA /., why would you post all his copyrighted information to /. like that?
Re: (Score:2, Informative)
*Whoosh* to all who modded this down.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I will agree that publishing on the Internet doesn't remove copyright. (Sorry to all those who think they can just use anything they find in a Google Images search.) However, in this case, it looks like part of the complaint is that publishing this damages the company's "name and reputation." They are claiming that calling them out on scummy things that they do is illegal.
Re: (Score:2)
Publishing on the internet does NOT extinguish your copyright. The author (web page owner) legally requires permission from the (slimeball) corporation to publish their copyrighted material. The author might be able to sue for impersonation (they pretended the stuff they served was from the author), and they (corp) might be liable for defamation (they served up adds on his website without consent and made it look like he (author) was doing it), but they most certainly have the right to block him publishing their code.
Making something available on the public net is generally considered to provide the user with an implied license to download and read the document. It does not extinguish copyright (i.e. you cannot freely copy it), but you sure can download it. Otherwise each website access would be a copyright violation. This principle is well established. Moreover, of course, in this case, publishing is fair use for commentary. Distribution of the code to expose their practices is not in competition with the companies' us
Re: (Score:1)
If you fling shit through my window. And I pick it up with a towel and hang it on a billboard will you sue me for making money or claim revenue loss because I use your content as advertising?
They forced their shit up his ass and he responded by putting up code that is apparently publicly available
Re: (Score:2)
You can't just go posting other's source code on the web without permission. There are other, better ways to deal with this asshattery.
There are two parts here, neither of which alone add up to the combined outrage (though both spurious): 1) Company A writes code to inject ads to documents, and Company B decides to inject these into pages from other people's services. Whether B got permission from A for this exact purpose we don't know, but it could just as likely be embedded in pages B serve themselves. Note, the injection part here is suspect, but unrelated to the DMCA notice. 2> Owner of said code (Company A) blows his lid that compa
Re: (Score:1)
They injected code into his blog. So they made a derivative work of his, the code belongs to him.
Re:Of course, it's likely copyrighted. (Score:4, Informative)
They injected code into his blog. So they made a derivative work of his, the code belongs to him.
It doesn't. Creating a derivative work may be copyright infringement, but it doesn't give the owner of the original code any rights to the derivative work.
Re:STEREOTYPING IS BAD... (Score:5, Insightful)
Ummm ... tell me, what is the stereotype here?
"company+monitization" ... be that American, Israeli, British or Russian ... companies are pretty much there for one thing.
Are you somehow suggesting that the true fact that Flash Networks is an Israeli company makes this is a stereotype?
In which case, you're an idiot and don't understand the meaning of the word stereotype.
Nobody is saying "yarg, teh evil Jews did it" -- they're saying a corporation, who happens to be Israeli, did this in India.
What kind of whiny bullshit is it when pointing out an actual fact that it's an Israeli company is "stereotyping"? One with deluded idiots.
Re: (Score:1)
My god but you are a pointless fucking moron.
Nobody give a fucking shit about your stupid Greek Nazi bullshit.
Isn't a bit pointless to reply to a stupid pointless fucking moron Greek NaZi? Just "don't give a fuck" about my bullshit, and any of your issues with me are solved
Re: (Score:1)
Oh now I get it, you're one of those Golden Dawn dimwits. Well, how's that working out for you. Let me tell you, the jews, immigrants, whoever you choose to blame, have nothing to do with the fact that you GREEKS have dug yourselves into such a deep hole that no one is willing to help you out any more.
True story from Greece (about Golden Dawn): one of its members is arrested for his anti-immigration activities, and, among other things, he is accused as being an "anti-Semitic"... turns out his mother is Jew, and "magicaly" the prosecutor "forgot" to include him in the trial - he, the half-Greek/half-Jew Golden Dawn member, had no problem been accused, but then the prosecutor could not accuse the rest of the Golden Dawn members as "anti-Semitic"!
Streisand effect (Score:4, Insightful)
Or it's political corollary: The cover up is always worse than the original crime.
Re: (Score:2)
Airtel got caught, what about others? (Score:2)
Re: (Score:2)
I have yet to see a mobile provider running a web proxy doing https, although it's theoretically possible (at least devices they sell/control).
It is quite common in the US as the carriers also control the phones and can install their own certificates.
Re: (Score:2)
It is quite common in the US as the carriers also control the phones and can install their own certificates.
One of the benefits to running a rooted phone is that you can lock down the list of accepted root certificates and prevent the carriers from updating that list.
Re: (Score:3)
How many people routinely check the source of their own web page through different connections to look for such injections? If some major US cell network or ISP did this, how likely they will be caught? Would https stop them from messing around with injections?
So long as the injector can't issue SSL certs that the user will trust, yes, https will stop such injections.
If the injector *can* issue SSL certs that the user will trust (e.g. the ISP requires users install their local CA, or they somehow have a global wildcard from a trusted CA [arstechnica.com]), all bets are off -- the injector can impersonate and inject content into any https-secured site.
Re: (Score:2)
Re: (Score:2)
It doesn't need to be the ISP owning the server. It could be an ISP adding data to webpages being transferred to their users. So a user requests the Slashdot home page using $SOME_ISP. $SOME_ISP pulls the page from Slashdot's servers but adds some JavaScript code to it before transferring it to the user. The user sees Slashdot plus the JavaScript code that $SOME_ISP added. Slashdot's servers haven't been compromised at all, but the transmission has been.
If an individual did this, we might call it a man
Why DMCA take down notice? (Score:2)
Re: (Score:1)
Re: (Score:2)
How can a two line change to someone else's web page be covered by any sort of license?
Re: (Score:2)
Because DMCA takedowns are trivial to create, very difficult to remove, and very expensive to ignore. The law is hopelessly broken.
Re: (Score:1)
Re: (Score:2)
The owner is objecting to the user redistributing the file which is apparently subject to a license. In this instance GitHub (in USA) needs to apply their own laws in making the determination of fair use or exemption but I think the DMCA notice will stand - unless I'm misinformed there is no exclusion to DMCA for academic purposes as there is in India's safe harbour provisions.
The web site does not get to make its own determination, unless it want to lose the protection of the DMCA. The only way to keep it up is for the user in question to file a counter notice. In that case it become an issue between the user and the (alleged) copyright owner.
Re: (Score:1)
Re: (Score:2)
The owner is objecting to the user redistributing the file which is apparently subject to a license. In this instance GitHub (in USA) needs to apply their own laws in making the determination of fair use or exemption but I think the DMCA notice will stand - unless I'm misinformed there is no exclusion to DMCA for academic purposes as there is in India's safe harbour provisions.
I think the authors of each and every web page viewed by Airtel customers that have been modified by Airtel should sue Airtel for copyright infringement. Airtel is producing a derivative work of the original web page sent by the web server without a license to do so from the web page author. This is a willful violation of the web page author's copyright and is done so for monetary gain. The copyright holders should seek punitive as well as compensatory damages.
Re: (Score:1)
Every user of Airtel ... will get these files when they visit websites.
Exactly, which is why he would need to post to GitHub (or somewhere else) - not every person interested in or capable of analysing the code is a customer or Airtel (I know I'm not).
github (Score:3)
Maybe the DMCA takedown was successful because he posted it on github. A source code repository isn't really an appropriate place to post content claimed to be fair use / political criticism. Think about it.
Blog that sucker instead.
Re: (Score:2)
There is no "successful" here. A DMCA takedown notice must be adhered to in the US, or you have to pay the money to appeal against it. You can not merely ignore the take down order. Github versus a blog is irrelevant, both places must respond to the take down notice in the same way.
Re: (Score:2)
You can't merely ignore a takedown notice but there are a number of things you can do instead of complying if you believe it to be in error. The only thing that happens with refusal is that -IF- the material is later judged by a court to be infringing, you -might- be subject to damages for your refusal. That seems rather unlikely in this case.
I have no idea what you mean by "pay the money to appeal against it." How do you think DMCA takedowns work anyway? It's just a formulaic letter, not necessarily even f
Re: (Score:2)
It isn't; it's applied by an Israeli company against a U.S. company, github. It doesn't matter where github's customer is located, the take down notice is applied against the hosting company.
The put-back notice, should the gentleman in India choose to issue one, is also applied against the hosting company, in the U.S.
Re: (Score:3)
Even if the code was illegally inserted by hackers into your website? This is no different from a virus code; i.e. malicious code that affects the behavior of your program with no benefit to you.
I don't think copyright applies to viruses, otherwise how do you transmit that virus code to an anti-virus company for scan/virus removal development without the permission of the anonymous virus writer?
Re: (Score:3)
Re: (Score:2)
Then why are anti-virus companies not sued for copyright infringement? They get a copy of the virus from a third-party, without permission of the virus author.
Re: (Score:3)
Then why are anti-virus companies not sued for copyright infringement? They get a copy of the virus from a third-party, without permission of the virus author.
Because they can invite the copyright holder to meet them in court, and have the police waiting for him. This is like the guy who went to the police because someone stole his drugs. The police arrested both. Most virus authors are not _that_ stupid.
Re: (Score:1)
You're dodging the question.. Why do the AV companies copy the virus code without the virus author's permission? Two wrongs don't make a right. You have to agree that malware/virus does not enjoy copyright protection.
Re: (Score:2)
There are no copyright notices on the malware. Though in many jurisdictions you no longer need the notice (including the US I think).
On the other hand, are they actually copying the malware code or merely allowing the malware code to copy itself to their PCs after which they inspect it in a closed environment?
Re: (Score:2)
The virus victim hasn't signed any EULA that would prevent them distributing the binaries.
The AV company doesn't have the source.
The AV company doesn't distribute the binaries.
Anybody suing would be facing computer misuse charges before their case got laughed out of court.
Apart from that, it's a fair question :)
Re: (Score:2)
A typical bittorrent user downloading software or a movie also hasn't agreed to a EULA either. That doesn't mean he is free of copyright infringement.
Program machine code falls under copyright (just like binaries of commercial software) and the act of copying the virus binary from the virus victim's computer to a machine owned by the AV company is considered copyright viol
Re: (Score:2)
Bittorrent doesn't execute machine instructions without your permission, whereas a virus carries implicit transfer of ownership by dint of installing itself on your computer.
But that sidesteps your point.
As I said, it's a fair question.
Providing the JavaScript to an anti malware company so they could block it in the browser would be the more reasonable comparison.
Suing the ISP for computer misuse is possibly an option too.
Of course the Israeli firm may hold copyright on the original source but there's a der
Re: (Score:2)
However they sent the code to that user. If someone sent me a letter in the snail mail, shouldn't I be able to show it to other people? Legally I probably can't but it's not logical.
But regardless of that, the problem is the DMCA which can have take down orders that are devoid of any legal basis; if you get a take down order then it's your own money that must be spent to remove it.
Re: (Score:2)
You are very naive. I will leave this link here for you to ponder:
http://en.wikipedia.org/wiki/S... [wikipedia.org]
This isn't net neutrality (Score:4, Insightful)
What is with these /. articles mixing up terminology? This isn't net neutrality. They aren't performing any packet shaping or anything like a "Fast Lane". They are injecting ads in other peoples sites. Actually this is more shitty than packet shaping, but let's not confuse terminology.
Just in the last few days we had an article totally confusing what DRM is.
Re:This isn't net neutrality (Score:5, Insightful)
This isn't net neutrality. They aren't performing any packet shaping or anything like a "Fast Lane".
Altering the content is the very core of net neutrality violations. One could, debatably, argue that packet shaping and quality of service is part of what an ISP needs to do to maintain a good flowing network. But there is no excuse whatsoever for altering content, and it is far more dangerous. It is bad if getting to a competitors web site is slow. It is frightening if the competitors web site has different content on it.
Re: (Score:1)
This isn't net neutrality. They aren't performing any packet shaping or anything like a "Fast Lane".
Altering the content is the very core of net neutrality violations. One could, debatably, argue that packet shaping and quality of service is part of what an ISP needs to do to maintain a good flowing network. But there is no excuse whatsoever for altering content, and it is far more dangerous. It is bad if getting to a competitors web site is slow. It is frightening if the competitors web site has different content on it.
This^2.
Can you imagine...say...a hostile government, altering the content of a site critical to their position, so that it actually SUPPORTS their position? The blog writer can add whatever they want, but when someone views the site, they see a government shill.
This would probably be done by a corporation at the government's behest.
Re: (Score:2)
Just in the last few days we had an article totally confusing what DRM is.
Lots of people confuse the Derogatory Restriction Maker with a different technology which, from its name, would seem like it should help you export copyrighted material into a more useful format (as is your right).
Re: (Score:2)
If the web content is copyrighted... and then "modified" by third party code... is that a copy right violation and can be served with DMCA?!!
DMCA even has power over GitHub? (Score:2)
Re: (Score:1)
DMCA has power over any site that hopes not to have to hire an army of reviewers and moderators just to serve user-generated content. The problem isn't necessarily with the copyright takedowns process, which in this case seems to be quite justified (it's copyrighted, clear) but when it is abused by censorious thugs and their lawyers.
This one seems pretty clear, user infringed copyright.
Re: (Score:1)
The owner of the copyright did not send the DMCA Infringement notice to Airtel, India, they sent it to GitHub, San Francisco, California, where their copyrighted property was being served.
Re: (Score:2)
they sent it to GitHub
So, stop using GitHub and post it on your own blog.
Re: (Score:2)
Another reason to get rid of DMCA alltogether.
More like "another reason to turn your brain on".
Someone created a blog. He has a copyright on that blog. Someone inserted Javascript. Which created a derivative copyrighted work. Which (a) you are not allowed to store on Github, so that DMCA complaint and removal was 100% Ok, and (b) violated one of the exclusive rights of the blogger, namely the right to create derivative works, so he can take them to court for that.
Dear people that defend advertisers: (Score:5, Insightful)
Right then, all of you that attack people using adblock as "stealing" content.
This is why we do it.
In case you wanted to lookup the CEO who sent this (Score:2)
http://www.flashnetworks.com/E... [flashnetworks.com]
Re: (Score:1)
I am a former employee. Not surprised about this at all. I want to run the same tests on T-Mobile because FlashNetworks is embedded inside T-Mobiles infrastructure.
So... where's the mirror? (Score:2)
Re: (Score:1)
Even more reason to encrypt everything (Score:2)
Flash Networks Layer 8 product? (Score:1)
Net neutrality issue? (Score:2)
Is this really a net neutrality issue? Did anyone verify whether they are injecting across-the-board or only specific sites of competing services?
Disclaimer: I work for an ISP that does JS injection to notify users on quota-based accounts when they have used all of their data, the alternative is to hard redirect http and block all traffic until they log in to a portal.
Re: (Score:2)
Re: (Score:1)
"the alternative is to hard redirect http and block all traffic until they log in to a portal."
That is the only valid, legal and moral path. That and sending the user email/text/snailmail/phone whatever notification if they've asked for it. Injection is Just Wrong, whether you're the ISP or the vendor of a router that randomly does something similar (I'm looking at you, Belkin).
Exception -- the user has explicitly authorized (ie, opted in, not buried in the ToS) you to do injection for that purpose.
Airtel & Vodafone both inject Javascript in In (Score:2)
If you are browsing from such a connection, just "View Source" of ANY webpage that is not https
It shows a SCRIPT tag which includes the following files
http://223.224.131.144/scripts/Anchor.js in an Airtel connection
Vodafone uses the similar http://1.2.3.4/bmi-int-js/bmi.js *Happens on all http but not https websites(like banking and secure websites with a lock symbol)
*As of now injects an empty iframe which seems
Counter attack? (Score:4, Interesting)
Perhaps someone should write a javascript library that can detect if this "ad injection" library has been injected to the page, counter/block its effects and display a notice to the viewer that their ISP is up to some jackassery. Now that would have value.
Time for the GPL! (Score:3)
Really, the GPL is perfect for solving problems like this. Stick a GPL notice in the source of one of your webpages. Download it from their network. They've just created a derived product by modifying your source, and all their additions are now GPL licensed themselves.