April 29, 2017

Has Apple Doomed Ads on the Web? Will It Crush Google?

Recently Apple announced that, for the first time ever, ad-blocking plugins will be allowed in mobile Safari in iOS 9. There has been a large outpouring of commentary about this, and there seems to be pretty broad agreement on two things: (1) this action on Apple’s part was aimed at Google and (2) for publishers this will be something between terrible and catastrophic.

I believe that people are making these assessments based on a lack of understanding of the technical details of what is in fact going on.

For the most part, the public does not appreciate the extent to which, when a web browser visits a typical site, the “page” being served comes from multiple parties. Go to a typical e-commerce site, and you will find pixels, trackers, and content from additional servers, from a few to dozens.  These produce analytics for the site owner, run A/B tests, place ads, and many other things. There is even a service that knows what size clothing to sell. It is these services that are the target of ad blockers.

The reason ad blockers work is that the industry has made a standard method of ad placement, which is trivial to implement for the publishers and e-commerce web sites. Ad serving is fully browser-based, so the publishers have to do nothing more than install a line of code in their html pages that pulls in a javascript file from the ad company’s server. Once the javascript is in the web page, the ad company takes care of the rest: it figures out what ad to display and injects it into the page.

Aside from the simplicity for the publisher, this architecture has an additional advantage for the ad company: they can track users as they go from site to site. Since the web page is pulling in a javascript file from the ad company’s server, that site is able to set a permanent cookie on the user’s browser, which will be sent every subsequent time that user goes to any site that uses the services of that ad company. Thus the ad company is able to accumulate lots of data on users, without most people knowing. In some cases, people’s objection is not to the existence of ads per se, but the secret and unaccountable way in which data is collected.

It is this architecture however that renders the ad vulnerable to the blocker. In fact, ad blockers have existed for desktop browsers for a long time.

So there is nothing really new under the sun, just the growing popularity of the tracker/ad blocking software. If the use of these plugins becomes ubiquitous, only one thing would have to change – the publishers would have to insert the line of code in some way on the server side, and the ad would just look as though it came with the rest of the page. At that point, the browser plugin is useless.

What would be the knock-on effects of this? The ad companies no longer have any way to track users as they move around the web. Absent some way on the ad companies’ part to implement a cross-site evercookie (which would be considered unethical and would quickly be blocked by browser authors if discovered), the ad companies will no longer have a way to connect users on one site to users on another. The ads you’d see on a given site could be based solely on the interactions you’ve had with that one site – which would be a boon to privacy.

This is a change, for certain, but probably not the apocalypse for publishing it has been made out to be. There will be a rush to develop ad-placement technology for the server side as there was on the client, but when all settles down it will be pretty easy for the publishers to implement.

It’s even arguable that in that world of anonymous web surfing, the better web properties would be able to charge higher rates – absent spying on the readers, decisions about the value of ad placements would be based on the demographics of the readers of the site – just as for offline properties.

That being said, if you ever reveal your identity to a web site (for example by entering your e-mail address) that site could set a cookie so as to remember who you are. From that point on, information could quietly be sent to the ad server, perhaps storing all the URLs you visit on that site.

So, in the end, this change actually may be a boon for Google. If it’s really true that tracking users is so valuable for ad placement, Google has an advantage the other ad companies do not: many millions of users using Gmail and the Chrome browser, both of which Google controls. If you use Google’s e-mail, Google knows what links you are getting sent from advertisers. If you click a link in a Gmail message going to a web site with Google serving ads on the back end, you can arrive at the site with Google already knowing who you are. (This can be done unobtrusively using the http referrer header.)

Even if you don’t use Gmail, you may sign in to Chrome to sync your data across devices. This uploads information to Google’s servers so it can be sent to other devices, such as your Android phone. One of the things that can be synced is the browser history. If this is done, Google – and no one else – will have the same information they would have collected with browser cookies.

If Apple is looking to damage Google, their plan may backfire. No one else, not even Facebook, has a chance of matching this.

The End of Gnutella?

Almost exactly 2 years ago, I wrote an essay that examined the case of Arista Records et al v. Lime Group et al. It was presented on Freedom-to-Tinker in a series of three posts (1, 2, 3). These articles presented an analysis which showed that any open filesharing network, such as Gnutella, is vulnerable to spamming. Lime Wire, without advertising as much, was acting as a spam cop for Gnutella, keeping the network safe for infringers. It was my view that the decision in the case could be made to turn on the actions that Lime Wire was taking to control spammers on the Gnutella network, and if the case were examined in that light, Lime Wire could be found liable for contributory infringement while still respecting the First Amendment rights of software publishers.

Since that time, a great deal has occurred in the world of filesharing. It is worthwhile to examine the the current state of affairs, which is predictable in some ways and yet quite surprising in others.

continue reading…

The Arista Records et al. v. Lime Group case has been a victory for the plaintiffs. On October 26, 2010, the court handed down an injunction that permanently prevents Lime Wire from distributing its software or running any servers that maintain the Lime Wire system.

Interestingly, the court largely sidestepped the technical issues as to whether Gnutella itself had non-infringing uses or not, or whether a Gnutella client can be legally distributed. The court’s decision instead turned on evidence submitted by the plaintiffs that LimeWire intended to facilitate filesharing.

As a part of the injunction, Lime Wire was required to “disable … all functionality of the Legacy Software”.

In response, Lime Wire took several actions.

  • Their website no longer advertises or distributes the LimeWire software. Instead, the entire site is replaced with fearsome notice of the court order, and the only thing downloadable now is a pdf file of the permanent injunction.
  • On Oct 26, 2010 LimeWire issued a final simpp.xml file. The simpp.xml file was used by Lime Wire to control various parameters of the operation of LimeWire clients. It contained, among other things, the ban lists – specific IP addresses of machines Lime Wire deemed to be engaged in “unwanted sharing”. No LimeWire client would connect to a machine on the ban list. The final simpp.xml file had an empty ban list, which had the effect of unblocking all files and IP addresses that had been banned from the network.
  • The simpp.xml file also controlled other aspects of LimeWire client operation – it could be used to inform running clients that a new version was available. In the case of LimeWire clients of version 5.5.11 or later, a feature had been added that shut down the client until the new version is loaded. No new version, however, was actually released. This had the effect of shutting off most LimeWire users.

This last action is rather significant. Many, if not most, modern programs include a feature that “phones home” to figure out when to inform the user that a new version has been released. Many allow automatic installations of the new version, without user intervention. It is most uncommon for such a notice to shut down the program if the user does not upgrade to the new version. It is doubtless unique among programs distributed under an open source license.

Indeed, this unusual feature of verson 5 of LimeWire was also accompanied by increased intrusiveness in Lime Wire’s ability to monitor the Gnutella network. Even before v5.5.11, in which LimeWire added this “kill switch” to the client, additional ability to inspect running clients had been added. It is interesting to contemplate just how intrusive these features were, all embedded in a very widely used open source program.

This state of affairs stands in sharp contast to what LimeWire told the court in its July 18, 2008 Motion for Summary Judgement:

[The simpp.xml file does not enable LW to] control what files users search for, choose to share, or download. Also, LW has no ability to alter, disable, or upgrade LimeWire remotely once it has been downloaded and installed by the user. If LW went out of business today, users could continue using LimeWire without interruption.

It appears that, behind the scenes, LimeWire knew it would be made to shut down its network well before the October injunction was issued. Version 5.5.11 was released on July 25, 2010, so LimeWire by that point was acting with the knowledge that it was going to be shut down.

Upon the demise of LimeWire as a useful client, many people simply stopped using Gnutella altogther. Though there are a large number of Gnutella clients, (see http://en.wikipedia.org/wiki/Gnutella#Software for a list) a substantial number of former LimeWire users switched to FrostWire, which got a great deal of buzz as a result. Unlike LimeWire, FrostWire does not embed ads in the client or distribute a “pro” version, and therefore the group that writes FrostWire does not have substantial revenue, as did Lime Wire.

Accordingly, the vigilant anti-spam activities that had been performed by Lime Wire disappeared from Gnutella. In a matter of short order, spammers of various sorts, including those whose intention was to block the sharing of infringing music files, managed once again to afflict the Gnutella network. In late June 2011, the FrostWire team announced that they would remove the Gnutella functionality from their code, and focus on improving the BitTorrent client. As argued before in this space, this outcome is exactly what should be expected of a filesharing network without effective spam policing.

Despite this victory over Lime Wire, and perhaps ultimately over Gnutella itself, it is unlikely that the RIAA and MPAA are raising the champagne glasses quite yet. In essence, the resurgence of BitTorrent as a music and video-sharing protocol brings the techical architecture full circle. The BitTorrent system resembles the original Napster more than Gnutella, as it has a centralized search and seeding system. The calculation made by the file-sharers appears to be that a game of legal whack-a-mole is sustainable in their favor, especially given the global nature of the hosting of trackers.

The next step for the copyright holders appears to be to get the ISPs involved in preventing filesharing, and to that end an agreement annouced on July 7 of this year between copyright holders and some of the largest ISPs is a step in that direction. Nonetheless, it is difficult to see how the relatively slow-moving copyright holders and ISPs will be able to shut down a network that is specifically intended to work as a darknet, hiding itself and moving from place to place.

A Freedom-of-Speech-based Approach To Limiting Filesharing – Part III: Smoke, smoke!

Over the past two days we have seen that filesharing is vulnerable to spamming, and that as a defense, the filesharers have used the IP block list to exclude the spammers from sharing files. Today I discuss how I think lawyers and laypeople should look at the legal issues. Since I am most decidedly not a lawyer, nothing I say here should be considered definitive. Hopefully, it is at least interesting.

An analogy:

Washington Square, in New York City, was for many years a place where drugs were sold. A fellow would stand around quietly saying to passersby “Smoke, smoke!” However, this so-called “steerer” held no drugs. His role was simply to direct the buyer to the “pitcher”, who had the drugs somewhere nearby, and who kept silent.

Even the strongest defender of free-speech rights understands that the “steerer’s” words are not just speech. His words are not similar to those of this article, though both simply say that someone in the park is selling. He is as legally responsible for the sale as the “pitcher”, because they are, according to legal terminology, “acting in concert”. He is a drug dealer who may never touch any drugs. Note also that the “steerer” receives payments from the illegal transactions – though it is not in fact legally necessary to be able to prove the payments to establish that he’s “acting in concert”. All that’s required is that the “steerer” and the “pitcher” share “community of purpose” in facilitating the illegal transaction.

In the Napster case, the court held that Napster, even though it did not have any copyrighted data on its servers, was liable for contributory infringement. To use Napster, a downloader would login to Napster’s central server, which connected the user to another user who had a file that was being searched for. Since it was Napster’s role to hook up the parties illegally exchanging files, it is reasonable to see this as analogous to the “steerer” in Washington Square – Napster didn’t have the infringing materials, but that really isn’t a defense.

The gnutella network is decentralized to solve the legal problem presented by the Napster decision. Nonetheless, there is something still centralized in gnutella: the IP block list. Users of LimeWire get their block list from LimeWire and only from LimeWire. Accordingly, if Napster was like the “steerer” in Washington Square, LimeWire furthers the “community of purpose” in a different way; it is someone who gives negative information rather than affirmative. He’s someone paid to stand in the park pointing out who are cheaters selling bad drugs, allowing the purchasers to find the good stuff.

What is a legitimate P2P spam filtering authority versus one that shares “community of purpose” with infringers? The former could legitimately act to keep the network from being flooded by those selling weight loss drugs, without facilitating infringing. There is probably no bright-line rule, but it is reasonably clear that LimeWire is well on the wrong side of any possible grey area.

It’s useful to compare gnutella spam cop LimeWire with e-mail spam cop AOL.

LimeWire does not clearly advertise its spam cop role as a feature of its software, and does not discuss its block list. (The LimeWire web site has only the cryptic description “We’re always working to protect you from viruses and unwanted sharing.”) There is no discussion anywhere about what sorts of sites and files it is blocking and for what reason. No notification is given by LimeWire to a site when it is blocked, nor is there any way given to contact LimeWire to remove yourself from the block list.

In comparison, blocking e-mail spam is, for AOL, a major selling point. AOL does not block bulk e-mailers (many of which are legitimate) on a whim. Every e-mail rejected by AOL is bounced with a notification to the sender, and there are detailed instructions to bulk e-mailers as to what they need to do to avoid running afoul of AOL’s filters. There is a way to contact AOL to remove oneself from the block list, if one is legitimate. The whole process is transparent.

It is clear that a legitimate spam cop cannot block spoofers, since any search for a non-infringing file would be unmolested by spoofs, yet it appears that LimeWire does block MediaDefender. In fact, LimeWire appears to be quietly promising to do so, when it says that it protects against “unwanted sharing”, whatever that is.

Lastly, it appears that LimeWire’s statements in court conceal what it is doing.

As we mentioned in the first post, there is an ongoing case, Arista v Lime Group. In its motion for Summary Judgement, LimeWire states

Likewise, LW does not have the ability to control the manner in which users employ the LimeWire software. Unlike the Napster defendants, LW does not maintain central servers containing files or indices of files. … LW’s system is like that analysed by the Ninth Circuit in Grokster, “truly decentralized”. … LW no more controls the actions of its customers than do any of the thousands of companies that provide hardware or other software used in connection with the internet.

This omits any discussion of LimeWire’s centralized block list. LW assuredly does control the manner in which LimeWire users employ the LimeWire software, because if a site is added to the IP block list, it is no longer visible to most LimeWire users. This is very far from the normal situation applying in other software used in connection with the internet.

Moreover, the plaintiffs’ attorneys appear to be unaware of the blocking of spoofs, as their reply motion makes no mention of it (nor the other hidden features of LimeWire software discussed yesterday).

While it might be possible to run a legitimate spam-blocking service for P2P networks, it would look rather different from what LimeWire is doing.

Conclusion

The best way to regulate filesharing effectively is to analyze the various players’ roles on free-speech grounds. The individual filesharers (when they share infringing material) are certainly violating the law, but in a small way that probably can’t be reasonably controlled. The publishers of the software that allows the network to run (including LimeWire) are exercising free speech – the fact that their code can be made to do something illegal should be irrelevant. However, LimeWire is facilitating infringing because of the way it runs its IP block list. If LimeWire were shut down, the gnutella network become useless for downloading infringing music. Because of their actions to keep the network safe for infringers – their “acting in concert” – LimeWire should be liable for contributory infringement.

This course will avoid free speech restrictions that trouble many. In terms of preventing infringing, it also will be far more productive than trying to target the small fish. It is an effective measure that respects rights.

[This series of posts has been a somewhat shortened version of an article here.]