Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Tuesday, March 29, 2005

Spyware fighters fight each other

You know it's going to be bad when an article starts with a disclaimer, and here's mine:

I am in no way taking sides in this piece, and have many good friends from both of the sites involved. I am merely highlighting in as restrained a fashion as possible, something that needs to be documented as a sign of things to come. More of this will happen before 2005 is over, and more of us will suffer for it.

Still with me? Okay.

Sad to say, but security sites falling out seems to be the flavour of the month at present. After the numerous bust ups over Ad Aware which caused a massive spat relating to their status as a member of ASAP, and my own site's dukeroo with Spywareinfo.com, comes yet another war of the web guys - in the form of Bluetack.co.uk vs Hosts-File.net.

The issue this time round? A portion of a HOSTS file (used to block rogue sites from being served up, amongst other things) was used in the Bluetack HOSTS file, apparently without the permission of Hosts-file.net. There is a very grey area over whether or not the HOSTS file was clear about whether it could be reproduced or not. I'll cover this later. What I will say, is that there are the faint beginnings of a potential fallout between two sites that I greatly admire and respect for the work they have both done in the security world.

What's worse, these two sites are amongst a handful of groups that work with what is essentially a niche market - messing about with HOSTS files is a time consuming and dedicated craft. The problem here is how you define what is "up for grabs".

If the "stolen material" in question was a novel, a film or even a piece of music, then it would be cut and dried. However, because a HOSTS file is essentially a list of items consisting entirely of information that is common property (that is, publicly available - such as URLS used in a HOSTS file, which had to be "publicly available" to be gathered at all) they can not be copyrighted in any way. This is what prevents "Yellow Pages" and "Directory Enquiries" from suing each other every five minutes.

And by "copyright", I mean lay claim to "authorship", which is the real issue at hand here. The HOSTS file in question has been "copy marked" - that is, a technical method used to find out when someone is using their HOSTS file. This is not the same as copyright - more like a tracking device. However, what use is applying this kind of "copy marking" to something that cannot be labelled as "authored" as such, even though a lot of blood, sweat and tears went into it?

If you're going to produce a list like that, you have to go into it knowing full well the lack of legal weight the creation holds. Also, because end-users chop and change HOSTS files, as well as make additions and reductions, in effect, they're going one further than Bluetack by actually modifying the original work without the author's permission. If a HOSTS file site takes this stance with another site, it needs to take this stance with the end-users too, and make it 100% clear what everyone can (and more importantly) can't do with the HOSTS file.

This sort of problem is why sites like Creative Commons exists - to delineate exactly what is expected of your work once it goes public. To assume everyone will be able to second-guess your intentions is dangerous at best and inviting disaster at the absolute opposite end of the scale.

However - the good news is that, on this occasion, common sense has prevailed and it looks like a happy end is in sight. So it looks like there will be one less cross-site war to worry about and we can continue to fight the creators of Malware instead. It's getting to be as twitchy as the Cold War, these days.

A valuable lesson learned for all concerned then - at least with regards what we should and shouldn't be expecting when we go public with our creations. A lot can be learned from this mini-storm - more than ever, we need to recognise that that as security sites continue to overlap and boundaries blur, we need to ensure that our own individual contributions are clearly earmarked with regards what can and can't be done with them.

I'm now going to have a lie down. I'm pretty sure all that stuff with Cuba wasn't this stressful.

posted by paperghost at 2:05 AM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.