"While Warner Brothers does seem to be coming across heavy handed here and could have handled it in some other manner, remember that as computer security professionals, we are obligated to uphold intellectual property rights."Link
I disagree. I don't feel I'm obligated to uphold anything, save for common sense - and sometimes, intellectual property rights are excercised in ways that are incredibly damaging to the brand they're supposed to protect. I used to work as an artist. As a result, I have been / still am involved in many things that I have a personal and vested interest in with regards protecting various portions of my own IP rights.
In addition, I'm fairlywellknown (scroll down on that last one) as a comics blogger, and I write at length on the numerous strengths and weaknesses of the comics industry. I know many of the artists, writers, publishers - all sorts of people working in the field. The traditional comics industry is a niche genre, where there are no new readers coming through.
It's an industry with an increasingly aging - and likely slowly shrinking - audience.
Consequently, one of the last saving graces of the comics world - the one thing that really keeps it alive at all - is the Internet. The comics industry works hand in hand with comics bloggers, journalists and anyone else who gives a damn to turn a blind eye to what are effectively endless copyright violations, because they're keeping the punters coming back for more.
Sites such as Scans Daily are effectively breaking every IP law in the book, yet it is tolerated because it keeps the money coming in. Hell, many artists and writers from DC themselves have contributed to the site on many occasions. Comic memes are rife - whole comics are reproduced online with text altered, images changed - and the industry not only turns a blind eye to the infringements, but effectively encourages it by actively taking part in the IP violations.
Because it's the only way it can hope to keep the message out there that these comics actually exist, and actually, we'd like you to buy some too. This has become especially important since the "traditional" comics of Marvel & DC have pretty much vanished from newsstands, relegated to the shelves of Barnes & Noble and Waterstones while Manga fills the void they once occupied.
So that's the precarious state of comics circa 2008. And then you throw in the heavy handed actions of parent company Warner - who have never seemingly understood how the comics industry actually works, because the way they operate is not really how DC Comics operate - and you have something a little more complex than a straightforward reading of IP law and copyright violations.
One of the crucial things that Warner IP legal teams don't understand - a fundamental failing, if you will - is that they don't appreciate the possible impact of negative PR when pondering whether to swing the banhammer. They don't see it as an issue, and as such, are actually acting in a careless, negligent way towards the very brand they're supposed to be protecting. One commenter on another site replied to that notion with the following:
"Negative PR has nothing to do with the decision making process."
The reaction to the events that have taken place suggest otherwise. Someone working in IP should take into account the blowback from every decision they make, because it only takes one screwup to inadvertently damage your own brand with actions such as this. When your comics aren't selling huge amounts to begin with, positive PR is pretty much all you have to keep the punters coming back. Screw with that PR, and you're going to leak money at an alarming rate.
Someone working in IP that doesn't consider negative PR when shutting down a charity auction for kids with cancer just proves that point. A longtime purchaser of DC material (and beyond that, a consumer of things Warner related), I find myself sufficiently appalled to not want to buy or partake of anything DC / Warner related again unless (by some miracle) they try to fix this mess somehow.
I might have had another 20 or 30 years of purchasing power left in me for their products, and I spend a *lot* of money on those products. Suddenly remove that purchasing power, and you've impacted your earning power through not taking into account the negative impact of bad PR during the decision making process.
What happens if lots of people who feel the same way about this incident do the same thing? Comic readership is creaky enough as it is without lots of long term readers and buyers suddenly saying "Wow, cya!" Indeed, this story has ripped through many, many high visibility comics sites (including blogs by past DC writers) who have also chimed in with various comments expressing their shock / dismay / insert feeling here at what has happened. Many people have also commented that they won't be buying anymore products from DC / Warner unless something is done to correct this.
I'm pretty confident that removing the money that *would* have gone to DC from myself and all those other people over the next 20 or 30 years - perhaps more - is more damaging to their IP (along with all the negative word of mouth that now ensues) than an auction for some kids somewhere.
Yes, they "protected their brand". Hooray. At the cost of people continuing to pour money INTO that brand?
Doesn't sound so smart to me.
When you make a small circle of buyers even smaller and dilute the money value of your brand to nothing, your brand suddenly isn't worth protecting anyway. Especially as there are currently piles of bootleg / unlicensed DC paraphenalia for sale - for profit - right now. Gay naked Batman kissing Robin, anyone?
That auction has finished. Someone made a profit. Warner did not step in. There are many, many more like it. Any claims of them "preventing dilution of the brand" by their clamping down on a one-off charity auction is blown into the wind with a ceaseless stream of crap that is still being sold, right now, for profit.
As the title says - there is legally correct, but there is also common-sense wrong.
Sometimes, it is more beneficial to your IP to let things go. Sometimes, it does less harm and more good. Sometimes, realising that you have the power to be benevolent - and that that benevolence carries just as much weight as simply saying NO - is a good thing.
There are many times when I've seen things related to my own IP effectively being violated. Perhaps it's the arts background I grew up with - perhaps ultimately I just don't care - but I let those things slide, effectively at some potential financial cost to myself - because I could see how swinging the banhammer would be more damaging to myself in the long run.
Indeed, Warner have apparently already had someone wake up today and think "Oh shit", because sure enough - there has been an interesting new development. They know they can't do an about face and let everything back on the auction. However:
Dear Mr. Denton:
We made a exemption for the item that was relisted.
Thank you,
Craig M. Hoffman
Director
Worldwide Anti-Piracy and Technical Operations
Corporate Communications
Warner Bros. Entertainment Inc.
Would you look at that - though they'd never admit it, this basically says "we screwed up, this probably shouldn't have happened the way it happened and we'll throw you a bone".
Look at the image they allowed to be relisted. There is no real reason why they should have allowed this. The image contains numerous, recognisable DC Comics characters. Yet there it is.
We're currently doing some renovations to the Spywareguide Blog, so it currently looks a little.....different. We should be done tinkering soon(ish). Just in case anyone was wondering...
Warner Brothers Sez: Remove Your Cancer Charity Auction Right Now
Unbelievable. Someone gets a bunch of very well known comic artists to produce work for a children's cancer charity, the auction goes live on EBay and then some douchebag lawyer goes on a DESTROY IT NOW rampage. From Evan Dorkin (who provided one of the pieces):
The letter from e-bay that Thomas received states that it was the use of DC copyrighted characters that got them noticed and squelched the auctions, although I wonder if it was also the use of the Superman silhouette in the listings (and perhaps the accompanying text alluding to Superman?) that got them noticed. Only a corporate lawyer or a complete cretin could think that constituted DC's involvement or approval, but, that's life in the big wide business world. Cripes. You'd think someone could let this go, for a cancer-related charity, it's a limited deal, and there are hundreds of other DC-related fan art and pro commission auctions on e-bay set up for personal gain that they don't bring the hammer down on.
I think it's bullshit, and I know it's easy to have a knee-jerk "corporations suck" response like this, but, well, this sucks. If Thomas Denton overstepped his bounds, he was being naive, and he was trying to do a good thing that really isn't going to hurt poor Warner Brothers/DC, and someone in a suit could have made this right with a little work. Or quietly tossed in some bucks to the charity to cover the deal and been heroes about it even while stepping on someone's good efforts. I know, it only works that way in the movies.
It is bullshit. And it's one of the many, many, many reasons why I'm glad I don't work in the arts anymore, be it music, paint or film. Because for every smart and decent thing a creative individual does, there is always some idiot higher up the food chain blundering through life with insanely stupid actions like this, without any thought to the possible consequence of, oh, I don't know, bad PR such as articles entitled "DC Comics Hates Kids With Cancer".
Dumbest freaking thing I've seen all day. Enjoy your shitstorm, Warner. You have truly earned it.
Good Lord, it's a blog frenzy this week. Shall we get down to business?
* First Time For Everything: Janet Jackson sends me spam on a social networking site, and not a wardrobe malfunction in site.
* Roll Up, Roll Up, Get Your Passports Here: If you love handing over thousands of dollars to complete strangers on the internet, along with the prospect of flying to Africa and hoping some head guy hands you an official UN Diplomatic Passport, then this is the post for you. I've no idea if this is real or not, but for some strange reason there's a voice in my head, and its going HAHAHA.
* Scare Tactics: An odd little program apparently designed to make leet hax wannabes poo their pants. It's not mine, I swear (my patent involves a fist coming out of the monitor and punching them in the face).
* OkOk.exe is not Okay - Okay? My colleague writes about some horrible thing he found a few days ago. Maps networks, comes from China - it's all good. No wait, it's not. Ah well.
* Fake Windows Update Popup: It's Back (Again): Every now and again, this horrible wretch of a popup turns up on Myspace, and brings in its wake a trail of destruction and mangled PCs.
This time is no different, and here is the latest fake security alert you'll see if unfortunate enough to run the installer:
Yep, it looks like a NOD32 Antivirus alert. The bad guys are hosting the infection files right alongside a Myspace phish page too, so hey - it's like five writeups in one or something.
Ladies and Gentlemen, it's time to do what I do best:
Complain about crap.
The target: A Profile Tracker application on FaceBook.
Not because it actually does all sorts of horrible tracking gubbins - oh no. I'm complaining because it doesn't actually do anything, save for attempting to con you into signing up to - shock horror - more crap.
Allow me to elucidate, or maybe I'll just put a bunch of screenshots up and rant. That works too.
See, a few people mailed me about this. The application in question presents itself as something that allows you to see who is visiting your profile and when over a period of time. There's a long, lengthy babble all about what it is and what it does, but judging from the comments the application has received, nobody has bothered to read it and consequently most people think this really works. It doesn't, as you'll see later (along with its true purpose). Here it is after it's installed:
Wow, look! It's SO awesome it can guess how many people visited my page yesterday - before I installed it! Or, as they say on their FAQ:
Profile Tracker deciphers Facebook traffic patterns and outputs results that are relevant and pertinent to individual profile owners. Based on network averages, we approximate how many views your profile receives a day. Based on who is highly active in your network and who has a profile with high similarity ratings to your own, we make conjectures regarding who is likely to have viewed your profile and at what time.
Are you results anything more than educated guesses? No. Applications are not allowed to track who actually views your profile, what time views occur, or how many views you get each day. Therefore, we must rely on sophisticated algorithms, similar to those Google uses to power search queries, in order to make generalizations based on the nature of your profile, your friend group, and Facebook generally. Our results can be surprisingly accurate, but they are nothing more than educated guesses and no one should view this application as anything more than a game.
......yeah, you need a pretty sophisticated algorithm to have a bar chart go TWELVETY, LOL.
In fact, if you bother to read down, things get even more bare faced:
Where can I find an application that actually keeps track of profile views and does more than just guessing?
These applications, much like unicorns and dragons, do not exist. However, Profile Tracker is the best guesser in the game.
......so there you have it, in black and white. It does nothing more than pull random, twelvety-style numbers out of the sky. On the bright side, they admit it. On the down side, they don't really get into the real point of this nonsense.
And that would be, Mr Ghost?
Go back up and check out the picture. Go on, I'll wait for you. In fact, if you can't be bothered, here it is again. The gimmick - if you can call it that - is all based around "Keys". If you want to see pictures of who is visiting your profile - sorry, let me rephrase that - if you want to see randomly selected pictures of people who probably died a week ago but still appear to be visiting your profile, then you have to collect keys. And how do we do that, then?
The plot thickens, probably with a sort of muddy brown colour. You have to invite FOUR people to get ONE key to open up a randomly selected picture of someone (who died last week, probably). As you can imagine, that quickly adds up to a whole lot of people potentially touting this application.
We'll try and ignore the fact that once you've invited all your friends you can never get anymore keys, but ANYWAY.....all is not lost. You can, apparently, obtain magical Red keys. Red keys are supposed to be better than regular keys - not really sure why, they probably let you open up more pictures of pretend visitors.
How do you get these keys? Here it comes, kids....
Wha.....offers? Where? What?.....
BAMZO! And if Bamzo isn't a word, it is now.
Sign up to DVD offers! Diet patches! Ringtones and sports betting and Bingo and all the crap you can handle - some of which will probably cost you dough (and likely earn the application creator some cash in the process, of course).
As if you couldn't have guessed, the whole thing is exposed as nothing much more than a barefaced attempt to pull in affiliate wonga. Worse, there are a lot of people complaining that they signed up to deals touting Red keys and still haven't received any or they're having problems using them (I think their biggest problem is signing up to stupid deals for pretend keys that don't actually do very much but never mind). You can see a not-so-fun wall here (assuming you have a Facebook account), where you can listen to lots of people say how bad this application is. Random example:
.....that's one of the better ones.
Of course, if you scroll down to the bottom of the first page of this application, everything is (finally) revealed for the nonsense it is:
Oh, interesting. No mentions of "sophisticated algorithms similar to Google" anymore - I guess they probably know nobody is going to scroll right down to the bottom.
The lesson here, then, is that bottoms are awesome.
And that this application, sadly, isn't. Sure, it does label itself as throwaway and disposable - eventually, for anyone that can be bothered wading through reams of guff about patterns and algorithms - but for those that remember the old arguments about value propositions and content value, this just seems like something based on Ye Olde Adware model of "take everything, give nothing back in return".
Take my advice - save your time, effort and (more importantly) money and steer clear of applications like this that want nothing other than for you to throw money at crap.
I've taken great delight in having one particular boobs forum removed again....and again.....and again. Well, it seems to be having an effect - here's a screeny of something somebody just posted to Youtube:
.....here. Yep, I decided to throw in the odd blog entry every now and again on the FaceForward blog - nothing heavy duty in terms of posting frequency, just gives me a chance to write about something a little different from laughing at script kiddies and examining the latest leet hax tools. Here's my first entry, where I ramble on about stuff and talk about walking into fires or something.
I switched on the old Interwebs this morning to find a whole TON of hacking forums completely and utterly DOA, many of which are completely unrelated to each other with little to no crossover from member to member. They all seem to have been systematically nailed for spam, abuse, hacking, ToS violations.....all sorts of things. I'm not going to name any - I just wonder if anyone else out there who goes trawling forums has noticed any sites suddenly vanishing off the face of the Earth.
Seems like we have a few Dogs of War running riot...
* I just called, to say.....nothing, actually: Strange and annoying phonecalls. We all hate them, don't we? Especially when you can't decide if they're trying to sell you things (bad) or just steal all your personal data to sell on (worse).
* It's a trap: Hot chick adding herself to my Myspace friends list = Disaster. Mind you, I have plenty of real hot chicks on my list so that's okay.
* Hackmemes: Did you ever want to see a DDoS tool whose sole purpose for creation was as part of a meme war? Even better, a DDoS tool that's actually stuffed full of memes purely so it'll gain acceptance with the groups involved in the battle in the first place? Then here comes Christmas.
1) The comments on Spywareguide are working again, and you can now post as you see fit. Swear to God.
2) The day I posted this ramble complaining about Feedburner woes, Netvibes (who, judging from endless posts in their support group via Google, seem to have been the cause of endlessly fluctuating Feedburner stats) went and migrated all of their users to the new interface. Since that day, my stats have been back to normal and have actually gone up a little bit. Anyone else out there using Feedburner noticed a more regular pattern in their stats since a week ago?
All I want to know is, who comes up with this stuff?
See, I've been waiting.....and waiting......and waiting......for the sessions from RSA2008 to hit the web, so we can watch and listen and absorb or whatever. There's a lot of people who couldn't make it who have also asked me if / when my own presentation would be available to listen to. Last year, RSA seemed to be pretty open about who could get their hands on the talks (Hell, we still have one complete with funky Flash thing here).
Now? I get an Email from the RSA organisers last night pointing me to this page, with the following genius idea:
The information and ideas discussed at RSA Conference 2008 will have an impact on the information security industry for years to come. Be sure to capture all of the discussions by replaying the session recordings from this year's Conference. (Free for 2008 Full Conference attendees, $395 for non-attendees)
Wow, yes! What a brilliant idea! We'll have "an impact on the security industry for years to come" by.....letting all the same people who saw the talks originally watch them again!
Wooo!
Also, WTF and doh. Let's be honest and put the hyperbole aside for a second - nothing talked about at RSA will "have an impact on security for years to come", because nobody cares. It was a bunch of talks about stuff, and now it's over. Some were good, some were bad, same as it ever was. But hamming it up with over-the-topness just so we can justify charging lots of money to let people hear it who couldn't make it / afford it? Man, that sucks. That sucks ass, and is a terrible, exclusionary idea.
If there was anything of worth, of interest spoken about at RSA, how are we helping to spread those ideas by chaining them to full conference passes or extortionate amounts of cash after the event is long gone?
And why is it always just about the "security industry" anyway? There's a whole variety of people and initiatives that likely fall outside that narrow definition (purely because they're not running around yelling BUY THE BOX!) and yet they're just as active, just as important to the security scene as anyone else.
But of course, they didn't pay stupid amounts of money to attend and so don't count. Excuse me while I roll my eyes. How many people attending these conferences are only there because their company paid for them to go in the first place? And how many of those people wouldn't come within a hundred feet of security conferences if they actually had to pay up themselves?
Nobody can claim access to 365 session recordings for $395 is good value for money, because nobody in their right mind is going to listen to three hundred and sixty five sessions unless they are clinically insane.
Anyone with any interest in RSA2008 that didn't go is more likely to want to hear the odd handful of sessions - and here's a breaking newsflash, they are NOT going to pay out four hundred bucks just to hear them. I don't believe RSA have a "reduced fee" anywhere to listen to (say) five talks, but meh, even that would suck.
I really doubt half the people at RSA on free Full Conference Passes (courtesy of their company) would complain if people who didn't attend got to hear the talks for free after the event. Again, by this point nobody cares, right? It's now just a bunch of talks at some conference somewhere, and everyone is now too busy gearing up for the next conference in a few weeks or months time.
And if someone argues that it's not good form to have the great unwashed masses listening in for free when all those companies had to stump up tons of cash for full conference passes? Well, too bad for all those companies. Surely half the fun of the full pass is the chance to hear people speak in person that you always wanted to see present twenty feet away from you - not simply possession and apparent ownership of the words that came out of their mouth.
To me, security is all about protecting those same "great unwashed masses" with as much vigor and force as the companies at RSA devote to protecting enterprise and business customers - great unwashed masses that (currently) don't have a hope in Hell of hearing talks that might actually contribute to making them consider security a little more in their day to day lives.
It all seems a bit greedy and possessive to me, but then I only spoke at RSA.
Offtopic: Arbitrary Attacks on Videogames Annoy Me
Peter Hitchens wheeled out a predictable attack on videogames - namely Grand Theft Auto 4 - in the print edition of the Daily Mail today. His tortured logic spilled onto his weblog, so I left him the following reply:
"Could it possibly be bad for a child or a teenager to spend long hours impersonating a violent car thief?" (Hitchens)
Could it possibly be bad for you to write a "won't somebody think of the children" missive to whip up the usual sensationalist panic about videogames while (predictably) failing to mention the product in question is clearly labeled 18 for adults?
Rather than decry the game, perhaps it might make more sense to attack gamestores that happily sell products aimed at an older market to kids. Perhaps it might be better to attack the parents that thoughtlessly hurl products aimed at an older market at their children.
Unless, of course, you're *also* going to blame the collapse of Western civilization on every single activity aimed at someone over 18 along with the horrors of GTA4?
The gaming market has grown and aged with the products. I've played games for 25 years, and I don't particularly fancy playing "super happy hooray for everything" anymore.
Thanks for trying to limit my choice of personal pursuits via the agenda you're pushing without even bothering to try the product in question.
If you *had* actually tried the game, you wouldn't be writing it off as a senseless, lawless gunfest with no consequences, morals or anything approaching depth beyond "kill everything in sight".
It's mature, its intelligent, its - shock horror - actually very grown up, and at least one major videogame site said of this game in its review that the more realistic and serious nature of the lead character meant that they were actually *less* inclined to go on a gun rampage, because it "didn't feel like something the character would do".
To impress upon a player that sense of depth with regards a fictional character jumping around on a screen is pretty impressive. To do such a thing when it could be argued the basic mechanic of the title is to shoot people, even more so.
But of course, you're too busy wheeling out assumptions and blanket statements.
* Credit Card up for Renewal? Then Beware This Phish: A funky little diversion through a Phish scam that caught my eye simply because my credit card was due to expire.
* The Spectre of Rogue Facebook Applications, Back Once More: Ooh, it's all kicking off with Facebook applications again!
* Pinont.com - No Need to Panic: Aargh, it's an apocalyptic wave of.....viagra spam.
* Beware - New MSN Messenger Password Stealing Program in the Wild: This is a pretty slick application for scumbags everywhere - click a few buttons, and hey presto, a ready-rolled executable that can be used to steal your MSN Messenger login credentials. here's the Client:
And here's what the attacker will see with the click of a button, assuming the victim let the infection file execute on their PC beforehand:
Categories
