Yahoo! Music Unlimited.
We’re heard from him again and once more, Yahoo is front and centre »»»»»»»»»»»»»»»»»»»»»»»»
"It has come to our attention …."
By Robert Chapin – Chapin Information Services
Two months ago, Yahoo released an update for its music video service to patch a server security problem. Internet hosts at yahoo.com had been accepting requests for video files in predictable locations, leaking out premium content and bandwidth.
Within minutes, developers of 3rd-party exploits fixed their tools and were working on mature updates. One week later, tens of thousands of users had downloaded new programs.
Websites designed to deliver these videos redirected visitors to the new Yahoo file locations. One of them charged a signup fee. Another registered 900,000 hits to one of the videos. A third site claimed one million hits daily.
This event brings to light the size of an anonymous user base exploiting Yahoo’s servers and driving traffic of between 40,000 and 100,000 music files per day.
At the heart of this growing community is an ethically complicated method of using a service that is otherwise legitimate. The question is, if a mainstream media service such as Yahoo! Music publishes premium content to a public Internet location, are anonymous non-subscribers bound to its terms of service?
NyxErebos grappled with this issue when he was served a cease and desist letter by one of Yahoo’s legal firms September 20. His home page, strix.org.uk, hosts a personal blog with image galleries, several clever scripts, and until recently a tool for downloading Yahoo music videos.
"It has come to our attention that you are providing a Website which enables its users to download Yahoo!’s audio and music video content without Yahoo!’s consent," the letter begins. "Yahoo! makes audio and video content available to its subscribers under licence subject to the terms and conditions governing use of the Yahoo! website."
Indeed, these users weren’t subscribed to the service and probably didn’t obtain the necessary license. NyxErebos removed the politically charged content from his home page, but he countered that the tool only revealed information that Yahoo has "made available to public Internet users on a public Internet server where no registration is required."
His open letter to Yahoo also takes issue with the phrase "stream ripping," which has the same meaning as "file saving" or "downloading" in this context.
In an interview, NyxErebos explained the focus of his 12-month-old website. "My research was not limited to [Yahoo]. It was just a side project in a greater exploration of the software used for streaming.
"My research was to culminate in the development of what I call the RAIS system. It was a modular, web-based system for creating playlist mashups from many different online sources and distributing them as different kinds of shows.
"After the legal threats from Yahoo I decided to discontinue development."
Action against strix.co.uk came on the heels of another cease and desist letter that shut down part of a Spanish blog September 6.
Shortly before that in August, the Yahoo Music Unlimited program exited beta despite an alert from Chapin Information Services (CIS).
In May, CIS discovered Yahoo Music was exposing audio files that lacked Digital Rights Management (DRM) protection. This created an opportunity for downloaders to bypass the subscription system and obtain both audio files and music videos.
These actions reflect the same ethically complicated use of service issue.
The question is, if Yahoo wants to limit the availability of its premium content, does it have an obligation to provide a certain level of security before shutting down would-be leachers?
NyxErebos takes a dim view of this topic, saying, "There is no such thing as a secure online system." While that may be pessimistic, he also suggests the Yahoo Music system, "stops search engines … from indexing the videos and makes it harder to use the videos in un-approved ways, but is fundamentally flawed as an authentication mechanism."
Yahoo declined to comment for this article.
Also See:
really were unlimited – Yahoo Music Unlimited hack, May 30, 2005
