DVDGuy’s Blog @ Digital Digest

Welcome to another edition of the WNR. Coming up with an introduction to the WNR is actually the hardest part of writing it, and I just cannot get my brain to come up with anything this week. I guess I would mention that the NPD stats for US video game sales in October has just been released, but I haven’t written up the analysis yet, so that’s that. Better get on with it then.

Let’s start with the copyright news, we start with the music industry lobby’s full attack on opposition to the Stop Online Piracy Act (SOPA).

The controversial SOPA, if passed, will give the music industry, amongst others, to avoid pesky things such as actual evidence when it comes to forcing the likes of PayPal or Mastercard from cutting off service to websites that the industry sees as a threat, as long as they can come up with some sort of explanation that the site is primarily involved in piracy. In fact, they don’t even have to do that. As long as the website is merely suspected of potentially wanting to hide their infringement activities, then SOPA will allow the rightsholders to intervene, even if at that point, it’s not even clear, let alone established by a court of law, that any infringement has even occurred. So potentially, all the industry have to say is that “I don’t like the look of that website”, and they can deal a potential death blow to that website. So no wonder opposition is coming in from all directions.

But RIAA says that all of this nothing more by hyperbole, and that the music industry needs these changes to survive. Survive from mass piracy, or survive the move from CD albums sales towards digital tracks, they don’t say of course, but SOPA could very well be used to destroy innovation by an industry that’s obviously not looking towards the future. Imagine a new start-up that offers a brand new service that hurts the existing business model of the music industry, the RIAA can use SOPA to fire off an infringement notice to say the financial providers of the start-up website. Trying to avoid trouble, the financial providers cease support for the website, and the website dies a quick death. Sure, the owners of the website can sue the financial providers, but that would require money, which at that point, the start-up probably doesn’t have much of. This may very be an extreme, but no law should give so much power to one side, against the other, and to replace civil court matters with agreements and dealings behind closed doors by private corporations. And with the economy the way it is, the country can ill afford to allow old business interests to kill off new innovations, that are really at the forefront of job creation.

And the RIAA have been busy not only defending “their” SOPA bill, but also attacking the old DMCA, which if you can remember, was their work as well. Apparently, the “safe harbor” provision that was added to protect online businesses is working too well and actually offering protection to online businesses, which the RIAA says was not the intention behind the provision at all. They blame it all on judicial branch of the government, the branch that’s the hardest to corrupt via lobbyist money, for interpreting “safe habor” wrongly. In particular, they want ISPs and websites to be the judge, jury and executioner and to take proactive action against infringing content, what they call “red flags”, which is a very vague notion of “you’ll know (it’s piracy) when you see it”. Except these types of actions will open up ISPs and web businesses to potential lawsuits for removing the wrong content, and it’s difficult to judge what is right and what is wrong when you don’t even know what content belongs to whom, without the rights holders getting involved. The RIAA says this shouldn’t be a problem, and it isn’t, for them! It seems web piracy is the gravest problem facing the music industry, and at the same time, it’s a problem that the industry shouldn’t have to do anything about – because the government, tax payers, web businesses should be doing all the work, taking all the risks, while the rights holders  receives all the theoretical and perceived benefits.

But then maybe it’s a good thing, because whenever the rights holders are given carte blanche rights to remove infringing content on the Internet, they tend to abuse those rights. Google revealed a few years ago that a third of all DMCA complains filed with the company were invalid, and the latest example is Warner Bros. abusing Hotfile’s infringing file removal tool. Despite being sued for promoting piracy, Hotfile actually had one of the stronger anti-piracy tools for rights holders, allowing them to basically delete any hosted files they want without any real limitations. Unfortunately, WB, when given access to the tool, abused it by deleting content that didn’t belong to them and even open source software, and this is not just Hotfile’s allegation – WB this week admitted to pretty much all of it as part of legal proceedings between the company. Once again highlighting why automated, technical solutions to piracy filtering doesn’t work, WB admitted that their piracy filters removed content that only shared a partial name to the content they were trying to remove. And doing a simple file name check implies WB definitely didn’t download the files and check whether it actually contained infringing content or not. WB also admitted to deleting a popular, open source downloading tool that they obviously had no rights to, and they justified it because the tool helped to speed up downloads, and of course, all downloads equals piracy in the eyes of Warner. And WB admitted to all of this “collateral damage”, and it seems they’re not too fussed about it either, as they’re still asking the judge to throw out Hotfile’s lawsuit against the studio for the allegation that the studio abused the DMCA, which Warner appears to have just confirmed.

Over to Europe and two ISP, and The Pirate Bay, related cases that could have implications everywhere else. With UK courts giving the okay for ISPs to start blocking websites for anti-piracy reasons, the BPI, UK’s branch of the RIAA, wasted no time in asking the same ISP, BT, to start blocking The Pirate Bay. Calling The Pirate Bay a “huge scam” (I would argue against that, since a website that has the word “pirate” in its title and domain name is not trying to fool anyone as to what the website is about), the BPI fearmongering engine went into overdrive. If you visit The Pirate Bay, apparently, your computer will get infected with viruses, trojans and herpes, your identity will be stolen, and you may even see “inappropriate content”. The BPI wasn’t clear what “inappropriate” meant, but since BPI specifically asked BT to use their child porn filter to filter out The Pirate Bay, the implicit suggestion is probably pretty clear. And of course, given the economy today, the talking point of “they toor ur jobs” was bought up, against suggesting that piracy destroys jobs, while creating none (and yet, the industry says ISPs, web businesses and individuals are making too much money off piracy).

The other story was in Dutch-land, where BREIN is at it again, this time asking two ISPs to also block The Pirate Bay. But the ISP, having already won a preliminary court case against this very matter, say that the proposed blocking method, by IP address and DNS, won’t work and may actually kill their network.

But before we get into the details, a little background info may be needed here. The way the web works, each server has one or more IP addresses assigned to it, and the server software can present the right website for you based on the IP address (sometimes, a single IP address can host several websites, and the server software can tell which site to serve up via the domain name you used to get to the IP address). Domain names are matched to IP addresses via Domain Name System  (DNS), which is basically thousands upon thousands of servers world wide that stores a constantly updated database of domain name to IP address translations (as well as mail server information, and all sorts of stuff). When the website owner starts a new website or changes the IP addresses, he/she changes his primary DNS server’s information, and that change is propagated to every other server on the Internet to ensure all data is synced. If data is not synced, and this does happen, then you may see different websites depending on which DNS server you connected to.

So back to the BREIN case. They want both an IP address/range ban, and also a DNS filter put into place so that if subscribers of these ISPs type in The Pirate Bay domain name, the DNS server would not return the right results. The first one is problematic because, to avoid filters, TPB could change IP addresses every couple of days, and this means the ISPs have to constantly track the IP addresses. And because IP addresses can be recycled/re-assigned, they may end up blocking the wrong website if they’re not quick enough with their detection, thus opening themselves up to lawsuits. The DNS filter method, which is also the one being proposed in the US by Protect IP and one that has come under much attack by anyone who knows how the Internet works, breaks the Domain Name System by destroying the sync between DNS servers, and slow down or stop the propagation of DNS changes, which will cripple the entire Internet. Net neutrality, which the FCC fought for and lost, would become law under PROTECT IP, as each ISP will now be able to tell you which websites you can and cannot visit, and may even redirect one domain name to another website (for example, thepiratebay.org ends up going to mpaa.org). But for the two Dutch ISPs, Ziggo and Xs4all, the immediate problem with both IP and DNS filtering is the effect on their own networks, with the constant changes requiring network reboots that can bring down the entire network. But BREIN doesn’t really care, and I’m just going to copy/paste what I wrote earlier, “because the government, tax payers, web businesses should be doing all the work, taking all the risks, while the rights holders receives all the theoretical and perceived benefits.”

Game publishers, especially PC game publishers, like to complain a lot about piracy, but it always seemed odd to me that they never actually listen to the people that may know a thing or two about what makes consumers buy games – the retailers! Steam, in particularly, has been talking a lot about DRM and pricing (maybe less talk, and more action on security would have helped … I kid). And this week, it’s Good Old Game’s turn to diss DRM. Nothing we haven’t heard already though, DRM only affects legitimate paying customers, it doesn’t stop piracy … all the usual things you’ve read on here. But it seems publishers have it in their head that they need to make it as hard as possible for the pirates by using DRM, which kind of makes sense, but “hard” is a relative thing and it’s mostly quite easy for the piracy groups to crack DRM. The other ways is to tie in non-intrusive DRM with value-added services, such as in-game browsing, chatting, cloud saves, and achievements, which is what Steam has done with success. A lot of success it seems, as GOG also revealed that even for games published by their own company, Steam sells many more copies than on the official GOG service, 5 times as many and 20 times more than all the other digital distributors combined. But even with their power, publishers still hold a lot of power over Steam, particularly in terms of pricing (and regional pricing), so the next time you complain about something being too expensive on Steam or the overseas version of the store carrying cheaper prices, the publishers are to blame, not Steam, which has time and time again presented evidence that cheap games => more revenue.

Skipping HD/3D, and moving quickly onto gaming, mainly because the next story is also about Steam, and it’s not a good one for the company. Steam was hacked over the last week, at first it was only the forum, but it seems the hackers have got into the main Steam database as well and accessed, possibly not downloaded, the database including user details, hashed/salted passwords and even encrypted credit card numbers.

Obviously, getting hacked isn’t good, but with Steam relying on a third party forum software (vBulletin), it was always going to be a risk. But the emerging details seems to show that the database was at least somewhat secured, with both hashed/salted passwords and encrypted credit card numbers. The former simply means that the password, unlike with the PSN database, was not stored as plain text and stored as a hash, a supposedly unique representation of the password, but unlike encryption, it’s one way and (theoretically) cannot be reversed. A salt was also used to make the hashing much harder to reverse back to plain text, if at all possible. And the CC number encryption, assuming it was strong enough, should prevent hackers getting any meaningful data, which is probably why they didn’t bother to download the database.

And if you use Steam’s Steam Guard service (I know, the one everyone hates), your account should be even more secure as the hackers would need access to your email account to access your Steam account. Not that it isn’t possible, because if you used the same password for both Steam and your Steam associated email account, then that’s how a hacker might get in, in the small chance that they could reverse the password hash (quite easy if you’re using a dictionary word, I’m told). So if you value your Steam account, and we currently have a poll asking you how many games you have on Steam, then it might be wise to change your password, remove any stored credit card numbers on the Steam system (just enter it every time instead of saving it, if you’re like me and likes to shop online, you’ve got it memorized anyway), and maybe have a bit more respect for Steam Guard. Just a bit more, mind.

And, we’re already over the word limit, but I would just like to offer a preview of the October US video game sales analysis. The Xbox 360 won again, Wii sold nearly 150,000 units less than the 360, and Sony refused to divulge any data again, but from statement maths, the PS3 either just narrowly beat the Wii, or was actually slightly behind, not great going into the holiday period. Battlefield 3 killed everything other game like a level 43 camper against a team of rushing noobs, with a record 10 million copies shipped on all formats (but Modern Warfare 3 might have something about this next month). The full analysis will be upped in the next day or so.

Alright, that’s enough words from me. See you next week.

This entry was posted on Sunday, November 13th, 2011 at 8:23 pm and is filed under Computing, Copyright, Gaming, News Roundup, Nintendo Wii, Wii U, Switch, PS3, PS4, Xbox 360, Xbox One. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.