This guys website is just others content, HE is taking flash games created by others and publishing them on his website FOR PROFIT. I spotted some friends games on there that they are unlikely to gave permission to put on there.
Also, he has taken a popular t-shirt design, copied it and then is selling it for profit here http://www.cafepress.co.uk/playitontheweb as advertised on his website.
If the guy who posted this is reading, where do you get the games from you're posting? Are you downloading them from other flash game sites and uploading them? Are you scraping those sites? I bet it's the latter. You're only slightly less shameful than this guy you're attacking.
In addition, if you visit www.playitontheweb.com, you'll see in the right column he prominently features Mario and Sonic flash games, games that make unauthorized use of copyrighted and trademarked characters, as well as game art and sound effects.
This guy really has some nerve complaining about someone copying his crappy site design.
Okay, I'll take the alternative view: this is embarrassing for the OP.
What worries me is that the OP found the name Bart Burns on the WHOIS for the domain, and assumed (a) that's who registered the domain, and (b) that the information he found via a quick Google is actually Bart Burns. I can change the information on my domain to be whoever I want, particularly if I'm a scammer. Whatever I put in NameCheap's panel shows up minutes later. If someone doesn't believe me, I'll alter the registration on one of my domains. Just ask.
More interesting than that, however, is that the OP is completely aware that there are avenues of recourse for this and that he is technically able to determine who hosts the scraped domain. Rather than pursue those avenues of recourse, however -- said facilities have been keeping the Internet from devolving into a "wild West," at least in ARIN and RIPE regions -- this guy had to take a play from 4chan's book and attack possibly the wrong guy. If everybody did what the OP does, you're absolutely right: the Internet would be a wild West.
As an administrator at a very large ISP, I am completely aware that some people lose faith in abuse desk contacts. At my employer, we receive countless abuse complaints and we handle every single one. This is a pattern you will observe in ARIN and RIPE regions, but less so for APNIC and other parts of the world (with exceptions). Particularly for someone hosted with JustHost, a DMCA complaint gets the job done in hours. If it doesn't you can go after the ISP. I was never a fan of the DMCA, but this is a prime example of a use case for it.
Above everything else, though, even if the OP is right about the identity of the scammer, calling out the scammer's employment means the OP could be attacking his family. If I were the aforementioned company I'd cut my losses and terminate the employee for bad PR. Now the OP has potentially hurt the suspected perpetrator's family based on actions his family is probably not even familiar with. Because he copied the HTML for a site I've never even heard of. That's icing on the cake, to me, because I protect my family. With teeth.
In short, I am totally unimpressed by the OP's vigilantism and I am equally disappointed that it is so popular in this forum. Demonstrating this sort of arrogance to Hacker News is probably a good way to burn your bridges at the innumerable employers and business contacts that frequent the site.
EDIT: See my response to jedsmith below. I didn't look at the altered site when I posted the following:
Well, it doesn't look like the OP has actually done any vigilantism (at least not yet):
I simply altered the code of my site so that the next time his scraper tried to access its content, it wouldn’t get what it expected. Within an hour, the homepage and every page of his site looked like this (redacted to protect the guilty)
What he did can only target the guilty party, as all he did was change his own site's content.
Intentionally altering your site so that the automated scraper pastes personal identity all over the target site is an act of vigilantism, and feeds the wild West that the author laments. Hell, digging up identity and then using it against a person is vigilante in itself -- the content of the site modification is extremely passive aggressive. 4chan calls this "dropping dox".
However, if he were actually certain to get the right guy, what's so bad about "attacking his family" as you define it? Putting a thief in jail does reduce the income of his/her family, but I wouldn't blame the victim for doing so!
You could argue that the punishment doesn't fit the crime, but that's a much more subtle argument than you appear to be making.
> However, if he were actually certain to get the right guy, what's so bad about "attacking his family" as you define it?
Spoken like a bachelor. Two things I firmly believe in, especially when it comes to Internet squabbles, disagreements and such:
- Don't mess with someone's livelihood.
- Don't mess with someone's family.
They're related. You're going to sit here and tell me that it's justifiable that the alleged guy lose his job over this, possibly taking food out of his kids' mouths? If I copied your Web site and someone pulled a stunt like that with my employer, I'd be out for blood. You hurt my family, I hurt you. You'll understand when you have one.
You can't parallel this to putting someone in jail, because there wasn't really a crime committed (I'd like to see a prosecution), and OP is not the law.
I upvoted your comment because you are contributing to the discussion, and because I hope to understand you. You're right that I have no kids (I do have a girlfriend, though). I've also explicitly assumed throughout that the guy who was fingered really was the guilty party.
Under this assumption, though, I don't see what's so bad. First off, the guy did do something that he shouldn't; secondly, the actual punishment is almost certainly zero. Not only are we, indeed, not talking about jail time, we're not talking "meticulously SEO johndoeisathief.com to the top of Google" either; we're not talking "start a Twitter shitstorm until his boss fires him"; we're not even talking "publicly call him out" - the data in the post probably probably does identify exactly one person, but it's hard to actually make that link. I do admit that blacking out some more data would be prudent, but - what exactly would you be so upset about?
That's a different argument than you started with. You lost the plot somewhere, which is that I think attacking his employment over this goes beyond a line. There is only one reason to proudly put in your attack:
Someone that works at X should know better!
What reason do you think that is? Now they need to take a hard look at their decision to hire this guy; what is he up to in his private time? Suddenly, his private actions have become publicly tied to our company.
There's a reason I don't have my employer in my profile -- I have personally seen someone take a comment the wrong way, and spend days calling the employer to report what a piece of shit the employee is, and how much he was into drugs, and so on. Merely naming the guy's employer here casts them in a bad light.
Think back to Noirin Shirley accusing the guy from Twitter of sexual assault via her blog. When the media inevitably ran with it, it wasn't "an Apache member accuses another Apache member," it was "a Google employee accuses a Twitter employee," because that's a much juicier story. Now Google and Twitter have been sideswiped in something that isn't even their business, and I wouldn't have been surprised if Twitter had cut him loose over it. I don't think they did, so that is a lucky thing for him.
In this economy, I'm just as stretched as everyone else. Anybody who goes after my paycheck is playing with fire; that's all I'm saying.
I see where you are coming from. I agree with you that e.g. phoning his employer would be an overreaction; and I agree with you that my earlier message was very unclear in that respect, although I wouldn't have posted it if he did, in fact, try to get the alleged thief fired.
Right now, though, "company X" does not seem to be heavily involved - the text in the original is in an image and not indexed. Don't you think that the actual damage is likely to be small?
But that is exactly what the scammer was doing! Person A does something wrong, person B catches them with their hand in the cookie jar, person A turns it around and said "person B is stealing my family's cookies!" Sorry, doesn't work like that.
FYI, the term for directing internet vigilantism at an innocent third party is known as a "Joe job"(http://en.wikipedia.org/wiki/Joe_job). It originated as a spammer's revenge tactic.
First of all, I both agree and disagree with you. :D
The OP's idea was sound - and not without precedence - but the execution was flawed. I say not without precedence, because people have been spitting in the eye of internet theft since the first person figured out how to configure their web server to behave differently based on the Referer header.
Many, many "hot-linkers" (including some fairly well known U.S. politicians...) have gotten an image that was unflattering, simply because they or their staff couldn't be bothered to download and host it themselves. (:
However, I do agree with you in that one cannot be certain about information lifted from WHOIS and Google. That brand of revenge is quite thoughtless, and could have severe repercussions on someone (and, as you pointed out, their family) who's completely innocent.
As such, while it may sound childish, replacing assets for scrapers to such an extent that they get something embarrassing is, IMHO, perfectly fine, so long as it's kept childish (e.g., they receive pages that state "I spent all that time on my scraper and all I got was this lousy GeoCities page", complete with ugly animated gifs), and not malicious, like posting someone's personal information.
-If OP altered his/her own site to list such things as personal address of target, phone, etc of the target before he scrape and if that altered data appeared on the non target's site with WWW access than target would have a case of misdemeanor B class suit in any state in the US.
I would've just sent the DMCA notice. It's not a "whole process", it's a couple lines of text you copy/paste, put in the URL of your site and the copy, change the date, and email to the host. It'll take you a few seconds to modify and send out. Most web hosts have a specific mailbox for DMCA notices on their contact page or in their AUP.
Subject: DMCA Notice of Copyright Infringement
The copyrighted work at issue is the text that appears on: [URL(s)]
The URLs where our copyrighted material is located include: [URL(s)]
You can reach me at [email] for further information or clarification. My phone number is [phone] and my mailing address is [physical address].
I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.
I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
[your name]
[today's date]
Never once have I had a DMCA notice not result in the material taken down within 24 hours, even when the host was outside the US. None of them want to potentially be a party to a copyright infringement suit, however unlikely it may be that you'd take it to court and drag the host into it.
Never once have I had a DMCA notice not result in the material taken down within 24 hours
I have!
The culprit -- whose copyright agent [edit]appears not to[/edit] respond to DMCA takedown notices unless they come on law firm letterhead -- is none other than Amazon.com. (I've caught scumbags selling books of mine online as ebooks via the Kindle store. Amazon don't listen unless you carry a big stick. My solution was to grab the nearest big stick, in this case SFWA's Griefcom process, but something like that's not really an option for most self-published authors.)
(In contrast, Apple -- same situation, only in the iBook store -- were the very model of efficiency and helpfulness.)
> The culprit -- whose copyright agent doesn't respond to DMCA takedown notices unless they come on law firm letterhead -- is none other than Amazon.com.
That's illegal. There are well-defined bullet points that make a valid DMCA complaint that must be acted upon, and I doubt Amazon would open themselves up to liability based on "big sticks". They'd lose safe harbor for not complying, which is extremely bad news for EC2 and any Internet hosting provider.
If someone were to pursue it further and remind Amazon that not following OCILLA means being liable for every single copyright infringement that they host, whether on EC2, S3 (looking forward to that one!), or the Kindle store, they might change their tune.
It's not illegal, you just can't claim the benefits of the limited liability section if you don't register a copyright agent and respond to DMCA notices.
The DMCA is a law. Not following the rules of OCILLA is not acting according to law, which is identified by the word illegal. Illegal has nothing to do with criminality.
Sorry, but no. The DMCA simply says "A service provider shall not be liable...if the conditions set forth...are met". It does not compel ISPs to make those conditions true. They're not "not acting according to law" by not actively creating the circumstances in which the DMCA provides the limitation of liability.
In almost every language, a research for "vlc" gives you either adwords for scams, adware, software+toolbars, software+homepage-changer or websites in the first page of Google results (using rings to get higher).
Most of the time, they don't offer the source, modify something and do not offer the source, or abuse trademarks.
Since Google refuses to remove them from index, or from adwords, the only way is to DMCA them.
I have literally sent hundreds of DMCA. It almost never works.
If the OP's planted information identified the wrong guy, then that guy, who was wrongly accused of being a willful copyright infringer, might be able to sue successfully for libel.
Otherwise, though, one legal irony about this posting sort of tickles me:
* Suppose that the (human) scraper were to sue the OP for libel. And leave aside for now the fact that (at least in the U.S.) truth is usually an absolute defense to a defamation action (although that's not the case in false-light or invasion-of-privacy cases).
* The OP should win, it seems to me, if for no other reason than that it was the scraper, not the OP, who published the putatively-libelous information about himself. Presumably, if the scraper himself had not copied and published (what he thought was) the OP's site, then the supposedly-libelous information would have stayed hidden in the OP's server, never seeing the light of day.
Of course, I could imagine some judges thinking that the case was like the spring-gun cases you read about in first-year torts class: If you booby-trap your vacant house with a shotgun to protect against burglars, you can be liable to a burglar who gets shot, even though he's breaking the law by breaking in.
I don't quite see the argument myself. As a former dancer in the breakdancing scene the premise of "biting" (stealing) moves comes up a lot. After a lot of consideration I came to the conclusion that if you perform something publicly its pretty much fair game for copying. I don't think there is a benefit in spending your time trying to hunt down these copycats.
The time is much better spent creating new works.
The Open Source world teaches us that product is not just the object the item being copied but the service, the knowledge, the understanding of the product and the ability to create more.
For creatives and dancers it's the brand, and/or your name.
By all means if you think its worthwhile you can hunt down people ripping off your stuff but if you're becoming tempted to just sit on your prior work and prevent anyone else from touching it you're becoming stale.
Case in point would be Cliff Richard who the RIAA like to roll out whenever they want to extend the terms of their copyright because apparently Cliff Richard relies on this royalties as his pension. I often wonder why he didn't/doesn't have to save for his retirement like everyone else.
"I don’t make idle threats. I have all kinds of information about this person, and I’m going to be keeping an eye on him, this particular domain, and any other domains run by him or his host that access my servers."
So what's your proposal to deal with such a problematic behaviour?
The guy is quite nice - he only made the thieve risk his reputation by the consequences of his own action. He didn't involve anything like law enforcement, the hosting company or the banners network - which would have cost them time thus money.
All he did is take some of his own time so that the scraper would get the "accusing" version of the website next time. He fixed that at his own expenses.
I believe many of us wouldn't have been that nice. And yes I believe he should keep an eye on this thief, because from what he said (the games didn't play) the guy didn't spend a lot of time on that borked job.
For all we know, this might be his full time job - copying websites, replacing copyright notices and authors, making money out of it with banners. All he needs is a process that scales well financially to be a "scamtreupreneur" (Couldn't find a word so I made up one. Do I get karma claims on that word?? :-))
With bots, selecting target websites etc. it might be possible to make a living out of it while true entrepreuneurs are starving in bootstrapped companies :-/
I don't know if the poster was criticizing the owner's response; I read it as just an observation about the state of things. Also, you're right - the thief got off easy.
Disclaimer: Most of my knowledge of the Wild West comes from the movies.
In the WW they used to quite like public hangings, both legal and illegal. Why do you think they did this rather than just shoot people beside a grave and roll them in? As a deterrent to others is my guess.
I appreciate jedsmith and others views, and do somewhat support them, but lets say the OP had just issued a DMCA (and it was actioned). What has that achieved. The copier loses his site, so from the OP's perspective for this instance the problem is solved. Until next week the guy registers another domain, and another, and another. And his friends do it too.
I bet the guy doing the copying is going to think about it twice next time, and I bet one or two people will have read the blog post and rethought future plans.
Don't underestimate the amount of stress, time and legal costs that some people would spend trying to resolve a problem like this.
I know this Wild West killing is not the best approach but at this point in the history of the internet I am seeing few alternatives to prevent (ie not resolve post event) these things happening.
This is interesting, because it works on the same principal as software piracy: The original isn't "stolen" it's merely copied. The original is still intact.
I'm wondering if the same people that are so zealous and pro-piracy would be fine with someone taking their site and duplicating it.
"The main argument for 'piracy is not stealing' is that there is still an original copy."
No, the main argument for 'piracy is not stealing' is that piracy is not stealing. Stealing is the substraction of property, which piracy isn't.
This isn't stealing either, this is plagiarism.
If we don't name things with their correct names, we create false associations, and that makes arguing about those things needlesly complicated. It's hard enough getting a consensus on anything related to IP as it is, so we should avoid ambiguous syntax wherever possible.
Violent agreement. You and GP seem to be saying exactly the same thing -- because the original still exists, there is no subtraction of property, and it is not stealing.
They are saying the same thing as far as that goes, but rick888 then uses that as a jumping-off point to misrepresent a (fairly OT) position he doesn't agree with. He's conflating the arguments of "piracy is not stealing" and "piracy is not necessarily bad," which are only thinly connected (being theft would make piracy almost certainly wrong, but not being theft doesn't confer any moral value either way).
I do think that's true, which is why I'd call this something like "plagiarism" rather than "stealing". The issue isn't that anyone's had an item removed from their possession (as with theft), but someone is trying to pass off someone else's work as their own. Like if I were to publish a novel, but lift large parts of the novel from an existing novel. I guess you could colloquially say that I've "stolen text" from that novel, much as people say that Microsoft "stole" the recycling bin from Apple's trash can, but plagiarism seems to get at the underlying issue more directly.
Very interesting comment. For me the line is profiting from the copied content/software. I am opposed to people selling pirated movies on the streets and not so to people downloading and watching them in their homes.
The name would be covered under trademark law, and the website/graphics copying could be considered plagiarism if you are attempting to pass them off as your own.
On the other hand, someone that copies a movie is neither:
1) Claiming to be the movie studio that produced and/or distributed the movie.
2) Claiming that they were the producer/creator of the movie.
Comparing the two situations doesn't work because the only common factors are that copying happened and that they're both related to the nebulous term 'IP.'
I wouldn't be surprised if the advertising provider requires and checks for real whois info. If not, there's probably a business model in there somewhere.
Small advertising networks are notoriously lax. The ad network in the screenshot, pogads.com, has this testimonial on their front page:
"I've been banned from adsense for advertising online with companies offering popups, I registered with pogads as an adsense alternative and I see the real money potential in my service
Roger, IL"
It's positioned as the first testimonial of several.
one sneaky thing you could have done is to modify your site very slightly so that his site would load your ads instead of his. He wouldn't have noticed ;)
Just adding some javascript that just made sure the right ads are showing would have been a much more subtle response.
I wonder if there is a possibility of a JS library that could detect this type of scraping and reserving automatically. Would probably leads to an interesting arms race with the scrapers.
Check web logs for regular visits from a specific IP address. Setup alternate site (eg: on a different port) and use firewall rules to direct http traffic from that IP to that port. Make a small change to the site and verify that the copied site is altered. Then have fun.
Setting up a new site is trivial to do and allows you to mess around with it without modifying your main site... which may not be so simple as your example if it's based on a CMS or other framework.
Agreed. The vigilante content of the switcheroo is whatever. I want to know how he actually pulled it off. The not-so-over-the-top-vigilante-ish alternatives are pretty endless.
Also, he has taken a popular t-shirt design, copied it and then is selling it for profit here http://www.cafepress.co.uk/playitontheweb as advertised on his website.
If the guy who posted this is reading, where do you get the games from you're posting? Are you downloading them from other flash game sites and uploading them? Are you scraping those sites? I bet it's the latter. You're only slightly less shameful than this guy you're attacking.
irony eh.