|
12/23/05 — Two months ago, Yahoo released an update for its music video service
to patch a server security problem. Internet hosts at yahoo.com had been accepting requests
for video files in predictable locations, leaking out premium content and bandwidth.
Within minutes, developers of 3rd-party exploits fixed their tools
and were working on mature updates. One week later, tens of thousands of users
had downloaded new programs.
Websites designed to deliver these videos redirected visitors to the new Yahoo file locations.
One of them charged a signup fee. Another registered 900,000 hits to one of the videos.
A third site claimed one million hits daily.
This event brings to light the size of an anonymous user base exploiting Yahoo's servers
and driving traffic of between 40,000 and 100,000 music files per day.
At the heart of this growing community is an ethically complicated method of using
a service that is otherwise legitimate. The question is, if a mainstream media service
such as Yahoo! Music publishes premium content to a public Internet location, are anonymous
non-subscribers bound to its terms of service?
NyxErebos grappled with this issue when he was served a cease and desist letter
by one of Yahoo's legal firms September 20. His home page,
strix.org.uk, hosts a personal blog with
image galleries, several clever scripts, and until recently a tool for downloading Yahoo music videos.
"It has come to our attention that you are providing a Website which enables its users
to download Yahoo!'s audio and music video content without Yahoo!'s consent,"
the letter begins. "Yahoo! makes audio and video content available to its subscribers
under licence subject to the terms and conditions governing use of the Yahoo! website."
Indeed, these users were not subscribed to the service and probably did not obtain
the necessary license. NyxErebos removed the politically charged content from his home page,
but he countered that the tool only revealed information that Yahoo has "made available to public
Internet users on a public Internet server where no registration is required."
|
His open letter to Yahoo also takes issue with the phrase "stream ripping,"
which has the same meaning as "file saving" or "downloading" in this context.
In an interview today, NyxErebos explained the focus of his 12 month old
website. "My research was not limited to [Yahoo]. It was just a side project
in a greater exploration of the software used for streaming.
"My research was to culminate in the development of what I call the RAIS system. It was
a modular, web-based system for creating playlist mashups from many different online sources
and distributing them as different kinds of shows.
"After the legal threats from Yahoo I decided to discontinue development."
Action against strix.co.uk came on the heels of another cease and desist letter
that shut down
part of a Spanish blog September 6.
Shortly before that in August, the Yahoo
Music Unlimited program exited beta despite an alert
from Chapin Information Services (CIS). In May, CIS discovered Yahoo Music was
exposing audio files that lacked Digital Rights Management (DRM) protection.
This created an opportunity for downloaders to bypass the subscription system
and obtain both audio files and music videos.
These actions reflect the same ethically complicated use of service issue. The question is,
if Yahoo wants to limit the availability of its premium content, does it have an obligation
to provide a certain level of security before shutting down would-be leachers?
NyxErebos takes a dim view of this topic, saying, "There is no such thing as a secure online
system." While that may be pessimistic, he also suggests the Yahoo Music system,
"stops search engines … from indexing the videos and makes it harder to use the videos
in un-approved ways, but is fundamentally flawed as an authentication mechanism."
Yahoo declined to comment for this article.
|