Can You Copyright a Publicly Accessible URL?
Posted on 06 March 2008, at 6:43 pm, by Judie Lipsett
UPDATED: Read to the end.
That’s the question being asked because MobiTV has decided they are going to try to take down Howard Forums for posting a URL that they were too lazy to require authentication on.
The Digg post says:
It seems that MobiTV forgot to add any security to their SprintTV application. Now that the cat is out of the bag, it seems they are starting to send out cease and desist orders. Its amazing that a commercial app can be this unsecured.
Here is the rest of the story…
According to Howard Chui, and copied with his permission from an email list we both belong to:
I get take down notices all the time but I thought this one was kind of strange. Here’s part of an email I received today:
“Dear Mr. Chui and Inforium Interactive Inc.,
I am Corporate Counsel at MobiTV, Inc. Attached is the cease and
desist letter we sent to your attention yesterday regarding the post
located athttp://www.howardforums.com/showthread.php?t=1332161
which allows and facilitates unauthorized access to MobiTV’s proprietary service. As further discussed in the attached letter, MobiTV demands the immediate and permanent removal of this post on www.howardforums.com.
Please send this to Howard Forum’s legal department immediately and also confirm your receipt of this email… ”
Here’s the first post in the thread:
“Well, I found this in the Sprint forums and here we go:
qtv.mobitv.com/sprintTVlive.mcd
1. Copy and paste that link into the address bar.
2. Don’t run it but save it to your computer.
3. Find it on your computer and OPEN it up. Select to open it with
Internet Explorer or the browser of your choice.
4. There will be a whole bunch of links. Choose the channel you want to watch…
5. Get your LG Voyager and start up the browser.
6. Type one of the links into your Voyager and press OK!
There you go, live TV…
Ask more questions if you need help.”Basically it turns out anyone can view MobiTv using their LG Voyager just by typing in a URL (that’s hosted on mobitv’s website) into their browser.
Normally, take down notices involve stuff like people posting zip
files with cracks in them and that sort of stuff. I feel this one is
different because mobitv is basically trying to get me to do their job
because they did a lousy job of securing their app.Don’t they have any kind of authentication in place to prevent
unauthorized use?My response was:
“That’s just a link to your company’s website “here we go:
qtv.mobitv.com/sprintTVlive.mcd”I have no control over what information is posted at mobitv.com”
Their response:
“Howard -
All of the links on your page are links to our live feed and they
facilitate the unauthorized use of the MobiTV service. All of them need to be removed. We will take further action if this is not done. Thank you for your quick response.”
Howard later wrote:
Hey guys, it looks like things are getting pretty thick…
I hope you guys don’t mind me plugging my site but check it out:
http://www.howardforums.com/announcement.php?f=57Mobitv has contacted my webhost. Looks like if nothing changes my site might not be around for a few days.
A company that lies about my site having violated copyrights affects everyone who runs a site.
What this company is doing is really wrong but there isn’t much I can do about it (besides letting HowardForums get taken down).
As Rich Brome (phonescoop) so succinctly said, and I am also quoting with permission:
The thing is, there’s a huge difference between simple security and no security.
MobiTV could have easily added basic HTTP authentication, or even just put some kind of security token in the URL that changes periodically.
That would be very easy to implement, impose ZERO burden on legit users, and make cracking just slightly too difficult for most “casual” users to bother circumventing.
I agree that crazy DRM and certain kinds of encryption can be pain for legit users, but I’m not even talking about that. I wish it were an example of consumer-friendly media, but it’s not. It’s an example of REALLY lazy programmers relying solely on security through obscurity.
It’s not even very obscure. It’s so easy that they’re practically
advertising the way to access it for free.It’s as if HBO expected people to pay for their TV channel, but didn’t
technically require it, then sued people who published the fact that
it’s on channel 500 and you can access it by entering “500″ on your
remote control. That’s almost how easy it is with this MobiTV “trick”.
It’s insane that they would threaten to sue anybody over this.
If you agree with Howard (and Rich, and me), then add your Digg and tell MobiTV what you think!
Considering that this story was picked up by everyone, including the AP and slashdot, this turnabout should come as no surprise. Thank you to everyone who got the word out for Howard!! 
6 Comments For This Post
4 Trackbacks For This Post
-
HowardForums: Your Mobile Phone Community & Resource - MobiTv and HowardForums and why HowardForums might not be available for a while Says:
March 6th, 2008 at 11:38 pm[...] http://www.geardiary.com/2008/.....sible-url/ More links in support of [...]
-
Your page is now on StumbleUpon! Says:
March 7th, 2008 at 11:38 am[...] Your page is on StumbleUpon [...]
-
Smartphone Thoughts: MobiTV vs. The Whole Internet: FIGHT! (A Retrospective) Says:
March 17th, 2008 at 9:25 pm[...] Gear Diary [...]
-
Pocket PC Thoughts: MobiTV vs. The Whole Internet: FIGHT! (A Retrospective) Says:
March 17th, 2008 at 9:47 pm[...] Gear Diary [...]
Leave a Reply
You must be logged in to post a comment.
March 6th, 2008 at 7:01 pm
O
M
G
!!!!
this is the craziest thing in the world. The company failed to secure their app, and instead of patching the app, they are going to sue the world for spreading the news about the hole?
Damn! I test software for a living…they should fire not only their development staff for writing that crap, but their QA people for not testing for it! Sheesh!
Attention MobiTV dudes… While I don’t sanction piracy of ANY kind, you’re going to have a really hard time containing this one. You need to get this hole plugged, an update out to the carriers that use your software, and then have them distribute it to all of their device users.
Picking on various websites for posting about the hole and how to exploit it is going to cost you WAY too much money…Money that could
1. Solve the problem (including any loss of revenue), and
2. Prevent it from happening again
Having your legal department hound blog site owners isn’t going to solve the problem. If this thing hits the Undernet (and, NO that is NOT a threat of ANY kind), then you may have a bigger issue. Word of mount (or internet sites) travels a lot faster than you might think…
I’m just sayin’…
March 6th, 2008 at 7:07 pm
What an absolute load of crap. Since when am I responsible for a companies lack of building decent code or security?!
I’d love to see them try to take Howard down because if they did, he could easily win in court and sue them into cyberoblivion….
Officially boycotting….
March 6th, 2008 at 7:23 pm
Hopefully Howard has about 12 lawyer volunteers by now. I love when these places send silly articles — which basically shines a big spotlight on the entire problem.
Boy I hope they take Howard down and then Mobitv will learn a quick lesson with all the people that they upset.
March 6th, 2008 at 7:24 pm
I really hope this gets the Streisand Effect!
March 6th, 2008 at 7:34 pm
Just tested — the HOFO thread has the actual URLS in the 2nd message — I’m not all that impressed with the content — half the channels seem to be throwaways.
March 6th, 2008 at 7:40 pm
Can’t wait to see this land on the top of DIGG and also start bouncing around techmeme — this is the worst thing that Mobitv could have done — from what I’ve seen at the HOFO threads at least another 6 sites were claimed to have posted the info before Howard — including Fatwallet and Slickdeals. These are all major and heavily trafficed sites.
Wonder what the Mobitv usage rate is tonight….bet they have a few more viewers than normal..