Secret Kazaa Documents Revealed in Court 273
Dan Warne writes "A fascinating range of Kazaa's internal documents were revealed in Federal Court in the ongoing court case against the Australian-based company today. One extraordinary philosophical manifesto by the company's chief technical officer showed that he was aware that Kazaa's activities were a huge legal risk. He also feared being 'out-innovated' by other P2P programs that didn't come bundled with adware. "if consumers can connect to FT (as well as Gnutella 2, eDonkey and Bittorrent) and it has no ads or adware then it would seem a good choice," Philip Morle says in the his manifesto. The documents are full of all sorts of other admissions-that-you'd-be-crazy-to-put-on-paper like how Kazaa employees "hate" installing the Kazaa Media Desktop on their machines because all the bundled adware slows your machine down and can hijack your web browser."
It just goes to show... (Score:5, Insightful)
Anyone get the feeling... (Score:5, Insightful)
That maybe this chap wasn't -entirely- on side with the business strategy of the company.
To me this sounds like a techy complaining that the business is subverting the idea. In many cases this is because the techy doesn't understand the business model, but here it sounds more as if the business didn't understand the market.
suprising, or is it? (Score:5, Insightful)
Trial lawyers must not run Australia's economy (Score:3, Insightful)
Which is not to excuse his spyware-infested piece of crap. But where ever business memo must be written in such a way that you csn't tell the truth because it might be used against you in a court of law, your have a big problem with your tort system.
Re:Currently... (Score:5, Insightful)
Even in saying "Kazaa does not come with spyware bundled", followed by "Kazaa and the bundled software do not collect personal information" still leaves quite a large hole for them to just walk straight through. What if one of the bundled applications reroutes your HTTP traffic through third-party servers? All the application does is re-route your traffic, it doesn't collect any information at all. The information collecting may just as well happen elsewhere.
Again, always remain on the look-out for these things, however minor they may seem.
Re:VMware! (Score:4, Insightful)
It's even easier in the workplace where XP can be locked down on the security front.
Kazaa _must not_ fail (Score:5, Insightful)
<grumpiness size="extreme" style="curmudgeonly">
If Kazaa goes down, there could well be a flood of low-quality Britney_Spears_naked111.mpg traders and leeches coming onto the good p2p systems. I don't think I want that.
It'll be like AOL day all over again.
Support Kazaa -- or America's highschoolers will be trading on your network!
</grumpiness>
Re:Sure there ain't no spyware... (Score:2, Insightful)
If you have nothing to hide, you have nothing to fear.
Re:Shock News Just In... (Score:5, Insightful)
Re:No, really (Score:3, Insightful)
I really don't understand this (Score:5, Insightful)
2) Kazaa puts spyware crap in their product
3) Users think this is unfair
4) Kazaa is in court because of what they did
Am I crazy? Is there someone out there forcing people to install Kazaa? How many people were installing it for legit legal use?
You don't want spyware crap? Don't install shady programs.
This is like sueing a drug addict because he let you share his needle and you contracted HIV. I really don't get what all the fuss is about.
Hold on... (Score:1, Insightful)
Re:I really don't understand this (Score:5, Insightful)
Re:Why not much free software innovation? (Score:3, Insightful)
I don't see how you can make this statement - Gnutella is in no way synonymous with P2P file sharing; having used it myself and knowing others who have tried it the only thing I would associated the name Gnutella with is a software application which getting any file will take a relative lifetime.
Napster however is a different story. They had a product which was used by many and had an immense amount of content available to download and I bet in a survey of 100 people Napster would be the name they associate with filesharing moreso than Gnutella.
It's simple, real (Score:5, Insightful)
If it weren't explicitly illegal, they'd even poison a town's water supply just for some money. Not an exaggeration: companies dumped toxic stuff into rivers right until the law forced them to stop. Or into the air. And even then, every time someone told them to use filters, there was endless moaning and bitching and lobbying about it.
Spam, tele-marketting, link-spam, spyware, etc, are just a symptom of the same thing: if it makes money and it's not illegal, hell yeah. Let's pollute and destroy another resource.
There was an interview with a link-spammer on The Register this week. Dunno, I found it surrealistic how the guy basically had _zero_ morals. Not even an "eh, it's wrong, but I need the money" kinda attitude. Nope. The general tone all over was along the lines of "who the damn has time to care about collateral damage? It makes money and it's not illegal. Period. If you have a problem with it, tough shit. Sucks to be you."
Basically it's the same with spyware. These people don't care, that's all. As long as it makes them a buck and isn't explicitly illegal, they'll clog your computer without thinking twice. If it was possible and made them a buck, they'd even make that computer explode without thinking twice.
So you've done your own audit then, yes? (Score:5, Insightful)
Are you also sure about your compiler, have you checked it? Not the source I mean, but do you know that the binary is a faithful reproduction of the source? The problem with a compiler, is that you compile it with an old version of itself. What if it has a backdoor that exists only in binary form, never in the source, but propagates on compile (see http://www.acm.org/classics/sep95/)?
There's nothing about OSS that inherantly protects you. This is espically true since I'm guessing indeed you have NOT done the audit I described. Few people have the programming skills necessary to do so in a useful way and even fewer have the mountain of free time it takes. Rather, you are taking it on faith that others have audited the software you use, done a good job when doing so, and have spoken the truth and been heard if a problem was found.
A more realistic way to check to see if the software is all above board, and one that works equally well on closde source software, is to check the install. By that I mean log everything that is added, modified, or deleted. Then, when running the software, look for anomalous behaviour, like loading modules it shouldn't, trying to establish network connections, spawning other processes, etc. If you do that correctly, it's not hard to tell if something is acting evil or comes with stuff that does. It's also something that you could realisticly spend the time to do for all the programs you use.
Even then, I doubt you'd bother unless you are super paranoid. I'm sure you generally trust that others have looked in to it, and you'd have heard about it if there were problems. I personally only check the install and operation of a program that I find suspicious. Retail software, OSS, and 99% of downloads I don't bother since experience shows that there's nothing to worry about. I take on faith that there's nothing bad in there, and if there is one of my cleaner tools will catch it soon enough.
But my point here isn't to attack OSS, if that's what you are thinking, just to point out that this warm, fuzzy feeling that many people get from the openess is a false sense of security. They think because the code is open, and able to be checked, it means that there's nothing bad in there. Well, that's probably true, but only in the same way it's probably true that if you buy retail software it's also free of malware. Neither is a gaurentee of anything, and since 99.999% (or more) of people aren't actually using the openness to do their own audit, it's a false sense of security.
Basically, when you get down to it, you can never be sure there isn't something lurking there, unknown to the general population. The only way you could feel confident is if you wrote your own assembler from machine code, your own basic OS and compiler from that, audited every line of code in the OS, compiler and apps you were going to run, and then proceeded to build them 100% from source using your own tools. Even then, you still might miss something. Remember: We find holes in software all the time, we call them bugs or exploits, meaning they weren't intended by the developers. This happens even to OSS, even to major peices of OSS that have been looked at thousands of times over. Sometimes, you just miss things.
And none of these exploits were trying to be sneaky or hide on purpose.
I'm not trying to say grab the AFDB and trust no one, that's pretty stupid clearly. I'm just pointing out that you should put the same amount of stock in OSS you haven't audited as in CSS you can't. Consider the source, and if it's suspicious, do a checked install, and have programs setup to watch how it runs. With 30 minutes of work you can generally tell if it's safe or not.
Comment removed (Score:3, Insightful)
Words to avoid: "Intellectual "property" (Score:1, Insightful)
Publishers and lawyers like to describe copyright as "intellectual property"---a term that also includes patents, trademarks, and other more obscure areas of law. These laws have so little in common, and differ so much, that it is ill-advised to generalize about them. It is best to talk specifically about "copyright," or about "patents," or about "trademarks."
The term "intellectual property" carries a hidden assumption---that the way to think about all these disparate issues is based on an analogy with physical objects, and our ideas of physical property.
When it comes to copying, this analogy disregards the crucial difference between material objects and information: information can be copied and shared almost effortlessly, while material objects can't be.
To avoid the bias and confusion of this term, it is best to make a firm decision not to speak or even think in terms of "intellectual property".
The hypocrisy of calling these powers "rights" is starting to make WIPO embarassed.
From: Some Confusing or Loaded Words and Phrases that are Worth Avoiding [gnu.org]
So-called "IP-Rights" are also rebutted in the article Tragedy of the Commons [wikipedia.org]. From Wikipedia:
In Hardin's article, the Commons is a shared plot of grassland used by all livestock farmers in a village. Each farmer keeps adding more livestock to graze on the Commons, because it costs him nothing to do so. In a few years, the soil is depleted by overgrazing, the Commons becomes unusable, and the village perishes.
The cause of any tragedy of the commons is that when individuals use a public good, they do not bear the entire cost of their actions. If each seeks to maximize individual utility, he ignores the costs borne by others. This is an example of an externality. The best (non-cooperative) short-term strategy for an individual is to try to exploit more than his or her share of public resources. Assuming a majority of individuals follow this strategy, the theory goes, the public resource gets overexploited.
The tragedy of the commons is a source of intense controversy, precisely because it is unclear whether individuals will or will not follow the overexploitation strategy in any given situation.
A short example: Why should Disney have eternal monopoly on Mickey Mouse, when Disney benefit extremely much from folklore-tales like: Snow-white and the 7 dwarves, Alice in Wonderland, Pochahontas, etc?
In this case, Disney benefit from the Commons, without contributing back. This is so-called "IP-rights" in a nutshell: They take away from the Public Domain, without contributing back.
Re:BitTorrent is dying?! (Score:2, Insightful)
And torrent was MADE with intention distribute LEGAL material
1] Host (Trackes) is easily indetificable and shut down should someone wish to do it thus killing all donwloads
2] File is verified upon downloading and you download using
3] there is zero privacy a no attempts to hide users are viable.
thus making it perfect for distros etc, but impractical for illegal stuff
Y know, greatest offensive on whole torrent sites is for me that it devalues torrent as legal way to distribute files and that IT GOES AGAINST WISHES AND INTENTIONS OF ITS CREATOR (sorry for caps, but its important)
thus based on above i as avid downloaders and p2per say that illegal torrents are dying, are destined to die and should die
--- this is to damned ot now
Re:Sure there ain't no spyware... (Score:5, Insightful)
Kazaa says "Trust me. My software is clean. Please install it on your computer." I say "Ha! Prove that your software is clean and then maybe I'll think about installing it to my machine. If you're clean, yous shouldn't have anything to hide by showing me your source code." Kazaa says, "No, I don't won't to show you my source code." I say "Cool. You keep your source code secret and I'll keep it off my machine."
Ashcroft says "We think you might be a terrorist. We want to come in and search through your hard drive for incriminating files." I say "I'm not a terrorist. I don't have to prove anything to you. You may not search my hard drive unless you have evidence and get a warrant." Ashcorft says "If you're not a terrorist, you have nothing to hide. The Unpatriotic Act III says I don't need a warrant. So when my secret agent takes his knee out of your back and lets you get up, please stay out of our way. You might be able to get your hard drive back in a year or two when we're done with it. Have a nice day!"
Do you see just a tad bit of difference in those two scenarios?
You'd Really Think, Wouldn't You... (Score:4, Insightful)
You'd really think, wouldn't you, that if your employees hate your product your customers might too?
Oh, right. They're just stupid kids intent on killing off the music industry throught their own needs for immediate gratification.
This CEO is not someone I'd ever hire to run my company.
Re:So you've done your own audit then, yes? (Score:3, Insightful)
Re:So you've done your own audit then, yes? (Score:5, Insightful)
I love this argument. Of course the vast majority of people haven't pored over the source to find every detail. Similarly, few have opened their car engine's manual and pored over the specs to see if the Ford engineers got it right. But guess what, I can go to my mechanic and ask him: "What does this alternator thingy do?" and he can tell me. Not only that, but he can tell me how it does that. Not so with closed source.
I sincerely doubt many people have even looked at the gcc source (I'm guessing under 1%). But you _CAN_ look at it. That says a lot, both about the people who wrote it and about the people who package it. Writing code that you know people will see is a lot different than writing code that will forever reside in some closet somewhere in the bowels of Redmond...uhh...Sydney.
Do open-source bugs exist? Sure. Do open-source deliberate exploits exist? Unlikely. For one thing the exploit would have to be as you descibed, split over multiple calls & deliberately obfuscated to avoid casual detection. This level of complexity reduces the probability that such a thing exists and has avoided detection. It's not impossible, just unlikely. And that's good enough for me, cuz it's more than those closed source derivatives can say.
Re:So you've done your own audit then, yes? (Score:2, Insightful)
Neither OSS nor CSS can guarantee the abscence of malware, but to suggest that, if you do not do your own audits, that OSS and CSS are excactly equivalent in terms of malware risk is absurd.
Even if 99.999% of users are not auditing, as long as some users are auditing then OSS will be safer than CSS since auditing OSS is easier than auditing CSS and removing OSS malware is easier than removing CSS malware.
The difference may be small, but it is there. And I suspect it is not nearly so small as you suggest. Malware authors have a large incentive to use CSS to make their software harder to detect and remove and to protect their work from competitors.
So you are certainly right that OSS is no guarantee of safety, but definitely wrong that, without personal audits, it makes no difference at all.
Ways around Kazaa spyware (Score:3, Insightful)
kazaa lite is like the holy grail of windows p2p clients. If you search near and far then you just might be able to get your hands on this piece of p2p goodness.
Option 2
grab giFT! This is the most amazing p2p client I've come across because you can install modules that allow it to connect to all the p2p networks! gnutella, fast track and others at the click of the mouse!
Exaggerating "aware" of the "huge legal risk" (Score:5, Insightful)
Is your company using Linux? You could be at legal risk to a SCO lawsuit. Collect personal data on your customers? You could be at legal risk if that data gets hacked. Run a bungee jumping business? Legal risk. It doesn't say "he was aware they were performing illegal activities", it says he was aware of a risk. That is simply awareness that a) there was a real chance a lawsuit would be filed against them, and b) there was a non-trivial chance that, if sued, they would lose. Risk awareness does not imply guilt.
Re:It's simple, real (Score:3, Insightful)
I do however claim that _some_ people, even if they _knew_ they're poisoning others, they'd still just not care at all. If you gave them a choice explicitly along the lines of "do we do X, and gain nothing, or do Y and gain 10,000$ at the expense of killing 100 people", they'd choose Y every single time.
Not because they like killing people, of course. Because, worse yet, they just don't care. The only factor in choice Y they see is "and gain 10,000$".
And indeed, they are not comic-book super-villains. In comics, evil is a purpose in and by itself. Super-villains do evil stuff for no other reason than because they enjoy doing it.
Real life "evil" is more like the corporate kind.
It's Al Capone who killed people just for money and power. No hard feelings, nothing personal, just business. I want the extortion money from your half of town too.
It's the Third Reich planning in cold blood to exterminate every single citizen of Poland until the 70's to make room for German colonists. Nothing personal mate, we just want your land. And, totally incidentally, this means you all must go to the gas chambers. It's result, not motive, honestly.
It's the 19'th century factory owners sending armed men to _shoot_ workers on strike. And also those men who took arms and shot starving workers, just for money. Of course, neither was a super-villain, and neither did it just because they liked killing people. Nothing personal, really, just business. Awfully sorry that we must do something as messy as shooting you, really. Will just cost us even more to whitewash those blood stained walls again, you know. But between your life and a few thousands dollars profit, the few thousand dollars win every time.
In a sense, the real life "evil" is not the kind that hates all humanity and wants to cause pain, for pain sake. That makes for at most an idiot going psycho, gunning down 2-3 people, and then getting gunned down himself by SWAT. Not much of a super-villain.
The real life "evil" is the kind that doesn't care. If someone dies or suffers, it's merely result, not motive, but still no reason to stop making money that way.
I like Kazaa.. (Score:3, Insightful)
Who cares? (Score:3, Insightful)