UPDATED: Read to the end.

That’s the question being asked because MobiTV has decided they are going to try to take down Howard Forums for posting a URL that they were too lazy to require authentication on.

The Digg post says:

It seems that MobiTV forgot to add any security to their SprintTV application. Now that the cat is out of the bag, it seems they are starting to send out cease and desist orders. Its amazing that a commercial app can be this unsecured.

Here is the rest of the story…

According to Howard Chui, and copied with his permission from an email list we both belong to:

I get take down notices all the time but I thought this one was kind of strange. Here’s part of an email I received today:

“Dear Mr. Chui and Inforium Interactive Inc.,
I am Corporate Counsel at MobiTV, Inc. Attached is the cease and
desist letter we sent to your attention yesterday regarding the post
located at

http://www.howardforums.com/showthread.php?t=1332161

which allows and facilitates unauthorized access to MobiTV’s proprietary service. As further discussed in the attached letter, MobiTV demands the immediate and permanent removal of this post on www.howardforums.com.

Please send this to Howard Forum’s legal department immediately and also confirm your receipt of this email… ”

Here’s the first post in the thread:

“Well, I found this in the Sprint forums and here we go:
qtv.mobitv.com/sprintTVlive.mcd
1. Copy and paste that link into the address bar.
2. Don’t run it but save it to your computer.
3. Find it on your computer and OPEN it up. Select to open it with
Internet Explorer or the browser of your choice.
4. There will be a whole bunch of links. Choose the channel you want to watch…
5. Get your LG Voyager and start up the browser.
6. Type one of the links into your Voyager and press OK!
There you go, live TV…
Ask more questions if you need help.”

Basically it turns out anyone can view MobiTv using their LG Voyager just by typing in a URL (that’s hosted on mobitv’s website) into their browser.

Normally, take down notices involve stuff like people posting zip
files with cracks in them and that sort of stuff. I feel this one is
different because mobitv is basically trying to get me to do their job
because they did a lousy job of securing their app.

Don’t they have any kind of authentication in place to prevent
unauthorized use?

My response was:
“That’s just a link to your company’s website “here we go:
qtv.mobitv.com/sprintTVlive.mcd”

I have no control over what information is posted at mobitv.com”

Their response:

“Howard -
All of the links on your page are links to our live feed and they
facilitate the unauthorized use of the MobiTV service. All of them need to be removed. We will take further action if this is not done. Thank you for your quick response.”

Howard later wrote:

Hey guys, it looks like things are getting pretty thick…

I hope you guys don’t mind me plugging my site but check it out:
http://www.howardforums.com/announcement.php?f=57

Mobitv has contacted my webhost. Looks like if nothing changes my site might not be around for a few days.

A company that lies about my site having violated copyrights affects everyone who runs a site.

What this company is doing is really wrong but there isn’t much I can do about it (besides letting HowardForums get taken down).

As Rich Brome (phonescoop) so succinctly said, and I am also quoting with permission:

The thing is, there’s a huge difference between simple security and no security.

MobiTV could have easily added basic HTTP authentication, or even just put some kind of security token in the URL that changes periodically.

That would be very easy to implement, impose ZERO burden on legit users, and make cracking just slightly too difficult for most “casual” users to bother circumventing.

I agree that crazy DRM and certain kinds of encryption can be pain for legit users, but I’m not even talking about that. I wish it were an example of consumer-friendly media, but it’s not. It’s an example of REALLY lazy programmers relying solely on security through obscurity.

It’s not even very obscure. It’s so easy that they’re practically
advertising the way to access it for free.

It’s as if HBO expected people to pay for their TV channel, but didn’t
technically require it, then sued people who published the fact that
it’s on channel 500 and you can access it by entering “500″ on your
remote control. That’s almost how easy it is with this MobiTV “trick”.
It’s insane that they would threaten to sue anybody over this.

If you agree with Howard (and Rich, and me), then add your Digg and tell MobiTV what you think!

Considering that this story was picked up by everyone, including the AP and slashdot, this turnabout should come as no surprise. Thank you to everyone who got the word out for Howard!!