Jason Dunn
03-18-2008, 12:00 AM
<em>The following is a story that started and finished in a matter of days - but I thought it was worth informing you about because I felt everyone should know what MobiTV tried to do, and what some of the challenges are that online community leaders face.</em><br /><br />On March 4th, the people at <a target="_blank" href="http://www.mobitv.com/index2.php">MobiTV</a> make a mistake - a very big mistake. Here's the story, quoted from the <a target="_blank" href="http://en.wikipedia.org/wiki/MobiTV">MobiTV Wikipedia entry</a> (with URLs inserted by myself for added clarity to the story)<br /><br /><em>"On February 23, 2008, a member of HowardForums <a target="_blank" href="http://www.howardforums.com/showthread.php?t=1332161">obtained the means elsewhere</a> to gain access to MobiTV streaming video feeds without any paid subscription.[1] It was done by obtaining an XML file at a <a target="_blank" href="http://qtv.mobitv.com/sprintTVlive.mcd">publicly accessible URL</a>. This file contained the RTSP links to different unsecure program feeds including MSNBC, Bloomberg TV, Discovery Channel, etc, which were offered in the Sprint TV Xtra subscription. With internet connection and compatible media playback applications like RealPlayer or Apple QuickTime Player, these unsecure 38kbps streaming video feeds could be watched on many cellphones and computers.<br /><br />MobiTV's legal counsel issued a letter dated March 4, 2008, demanding Howard Chui, owner of HowardForums, to remove the displayed links to the proprietary file because MobiTV's intellectual property rights had been violated according to the DMCA.[2] In the letter, MobiTV's legal counsel also suggested that they have been contacting HowardForums' site host and registrar regarding this matter. They would pursue legal actions if Chui did not comply."</em> <MORE /><br /><br />Let's break that down a little bit. If you look at the post in Howard Forums, you'll see that the poster mentions he found this over on the Sprint forums. Did MobiTV threaten sprint with a lawsuit? I doubt it. Further comments I've read indicated that this "secret" URL was being discussed in public forums as far back as November 2007. Yet Howard Chui, operator of the hugely popular forums where many of MobiTV's customers probably first heard about the service, gets a bullseye painted on his back. The root problem here, of course, is that MobiTV relied on security through obscurity: rather than protecting the content that their partners entrusted them with, they though that no one would ever bother to look at what URLs were loading on their phone. People are curious. Geeky people are <em>extra </em>curious, and if anyone is gone to find something hidden, it's going to be a geek.<br /><br />Once MobiTV realized their "security" had been exposed, they went on the offensive and tried to force Howard to take down the post with the "secret" URL (here's a <a target="_blank" href="http://www.dslreports.com/r0/download/1283810~dd678eede1baa66d71d01e4cd9074711/hf.pdf">PDF of the letter</a>). Guess what happened next? The story got picked up all over the place. It got double-digg'd (<a target="_blank" href="http://digg.com/tech_news/MobiTV_threatens_to_Shut_Down_HowardForums">here</a> and <a target="_blank" href="http://digg.com/security/MobiTV_to_Hofo_Take_down">here</a>). A fellow I met at a Mobius event, who goes by the name UrbanStrata, submitted the story to Slashdot <a target="_blank" href="http://yro.slashdot.org/yro/08/03/07/163232.shtml">and it got picked up</a>. The Associated Press <a target="_blank" href="http://apnews.excite.com/article/20080307/D8V8RQO80.html">wrote up a story on it</a>, which mean it would get published in thousands of Web sites across the 'Net, and likely make its way into a few newspapers. Many of my more on-the-ball peers picked up the story as well. Here's a sampling of what I found:<br /><ul> <li><a target="_blank" href="http://blogs.zdnet.com/mobile-gadgeteer/?p=930">The Mobile Gadgeteer</a></li> <li><a target="_blank" href="http://www.geek.com/mobitv-trying-to-shut-down-howardforumscom/">Geek.com</a></li> <li><a target="_blank" href="http://www.geardiary.com/2008/03/06/can-you-copyright-a-publicly-accessible-url/">Gear Diary</a></li> <li><a target="_blank" href="http://www.phonemag.com/mobitv-tries-to-pull-plug-on-howardforums-over-poor-security-highlight-031566.php">PhoneMag</a></li> <li><a target="_blank" href="http://www.theunwired.net/?item=off-topic-mobitv-wants-to-shutdown-howardforums">The::Unwired</a></li> <li><a target="_blank" href="http://www.mobileburn.com/news.jsp?Id=4292">MobileBurn</a></li> <li><a target="_blank" href="http://www.mobiletechreview.com/ubbthreads/showflat.php?Cat=0&Number=29749">MobileTechReview</a></li></ul>Lastly, just to make MobiTV's back-fired maneuver go down in the annals of history, within a day of this issue being public, it was all annotated in the <a target="_blank" href="http://en.wikipedia.org/wiki/MobiTV">MobiTV Wikipedia entry</a>. Who knows how long it will stay up, but I got a chuckle out of it being so quickly added to Wikipedia. I couldn't find one article written supporting MobiTV's position, or defending their action. It was like the whole of the Internet rose up against them. Do people have the right to use MobiTV content and server resources without paying for it? No, absolutely not. But is it illegal to post an URL online, and to hold a forum owner responsible for the actions of his community? No, absolutely not. <br /><br />So how did this all end? Last week Howard received a phone call from Paul Scanlan, Co-founder and President of MobiTV. This was an email that was sent as a follow up to that conversation:<br /><br /><em> "Howard, great catching up today. Again, we're big fans of the sight [sic] and our intention was never to bring your entire sight [sic] down or to "censor the Internet" like we're being accused. The irony is that is quite the opposite type of company we are and as one of the leaders in new media, we couldn't be more supportive of the rights of sights [sic] like yours. Please know that our first priority is always to fix any security issues with our system and we're doing that. Additionally, we also have a responsibility to our content and carrier partners to reduce the impact of any breaches to the system once they occur and that was really the basis for the correspondence you had with our legal team. I look forward to continuing to find interesting and vibrant insights from HowardForums."<br /><br /></em>Do you believe a word of that? I sure don't (the spelling errors sure don't help). MobiTV as a whole botched this badly - whomever was advising them on the proper tactics to deal with something like this was giving out the wrong advice. When something like this happens, you do NOT sent out the lawyers. No one likes getting a threatening letter from a lawyer, and I can't think of an incident like this when the lawyer or the company involved has come out ahead, especially where public opinion is concerned. What MobiTV should have done is immediately, but quietly, shuffled their URLs around to break the service that people were tapping into without paying for. That tactic would only be to buy time to implement a real security system. Going public and attacking an online community full of their own customers was the worst possible action they could have taken, and MobiTV is going to be feeling the repercussions of this for months, if not years, to come.<br /><br /><em>Jason Dunn owns and operates <a href="http://www.thoughtsmedia.com" target="_blank">Thoughts Media Inc.</a>, a company dedicated to creating the best in online communities. He enjoys mobile devices, digital media content creation/editing, and pretty much all technology. He lives in Calgary, Alberta, Canada with his lovely wife, and his sometimes obedient dog. He hates it when companies try to bully the little guy with their lawyers.<br /></em>