Putting aside that these claims are presented without any evidence, “most” of 50% of the US population is a minimum of 82M people. ~31M have contracted COVID so far. That we’re going to see almost 3x the number of cases, concentrated in half the population, as we enter summer, and with 3-4M vaccines administered per day, is a pretty bold claim.
You can hire a whole team of perfectly competent people and all it takes is one slip-up to ship the wrong version of a file. I have no love for the administration, but I find it frustrating that people are so eager to attribute every single error, regardless of impact, to one name.
If you go back one administration and search 'Obama clarifies' on google, you find the same thing. Turns out that press machines involving dozens of people are prone to human error.
In a hypothetical world where our competent president and his competent staff made an occasional error, it would be reasonable to give the benefit of the doubt.
This is one of three or four errors just in this address alone. An address that may literally be the most important of his presidency. It wasn't just some George W. tripping over his words, he said literally the exact opposite of what the policy actually was and just kept rolling.
This is too important to be grading on a curve.
edit: To be clear I'm not suggesting he misread the teleprompter intentionally. I am saying that he and his administration have a level of incompetence and neglect that would result in jail time in many private industries.
I respect your position and the desire for professionalism. I differ in regard to the expectations of people, however. Even under the best of circumstances with the benefit of a lot of time (we don't have a clue about the intelligence that triggered this, so we don't know if they put this together in a day or a week) I still expect errors. Perhaps I'm cynical, but I just assume human beings will break things and screw up whenever they are given the opportunity. In the case of the white house press corps, there's a lot of opportunity for that.
That's why Obama had to issue immediate corrections regarding troop deployments, economy, and policies. There's too many moving parts.
I feel that this administration is actively hostile to the well-being of the United States, but I've been telling people since day 1 that it's counter productive to make fun of Trump and nit pick at every error regardless of how tiny or inconsequential. At the very best it diverts attention from the actual problems with this administration and at worst deepens into the political chasm we seem to have in this country.
The photographer didn’t post the image on Twitter, someone else who presumably didn’t have a license to do so did. The sites then embedded that other person’s tweet.
If it had be the photographer that posted the tweet then the media companies would have been in the clear AFAIK since part of Twitter’s TOS allows for embeds.
This ruling doesn’t make a ton of sense assuming the media companies were acting in good faith. If they knew that the image was copyrighted and the Twitter user didn’t have the rights to post the image but embedded it anyway in an attempt To get around the copyright on a technicality then this seems more reasonable.
In general, outside of any safe harbors, you are responsible for infringement when you republish something, even if it was by accident.
IE if i reprint a newspaper article that fucked up and didn't clear an image, i am also a copyright infringer[1]
The main thing that makes this not true on the web is the DMCA safe harbor for hosting third party content
(which is inapplicable in this context).
This ruling, IMHO, is completely and totally consistent with every copyright ruling i've ever seen about republication.
[1] The circumstances in which you would have an innocent infringement defense would be something like: you having licensed, from the newspaper, the right the republish, and mistakenly, but reasonably, believed that they had the right to license you the image.
But in this case the media companies are not the ones publishing the photo, Twitter is. The embedded data was never produced or even passed through their servers. It is loaded directly from Twitter.
So, this is basically a technical argument based on a technical implementation detail.
These mostly are considered irrelevant and frequently fail (see, e.g., napster et al)
It's true, fwiw, the ninth circuit did reject visual incorporation tests in favor of a physical transmission test.
This is, IMHO, silly, and only some courts have chosen to follow it.
It seems like more than an implementation detail to me. If Twitter receives a DMCA notice and deletes the image, it will immediately be deleted from all of the sites embedding it. When the publishing, distribution, and unpublishing are entirely under someone else's control, it's really hard to justify treating a link as infringement.
BTW I know you're talking about the way judges actually tend to interpret these things. I'm talking about the way they would interpret things if they had any sense.
With your ebook example, if the ebook "auto-loaded and displayed that content for the user" then you're describing something completely different from what happens when a site links to a tweet. It's more like if the ebook reader parses "Encyclopedia Britannica volume B, page 38" whenever it appears in any ebook and embeds the contents itself. If Encyclopedia Britannica is violating someone's copyright on that page, it's just crazy to hold the ebook publisher liable.
Perhaps it helps to think about the physical equivalent...
Suppose your neighbor "hosts" some copyrighted material in their yard, either on a projection screen or a large poster.
If you decide your visitors may be interested in said content, and move your van out of the way so that your visitors may observe the content in your neighbor's yard as they walk to your front door, is that infringing?
If you additionally set up a sign pointing at your neighbors yard, causing your visitors to look in that direction, is that infringing?
If you decide to make some money by selling advertising space on a sign you set up on your property, right next to your neighbor's display (which is still on their property), is that infringing?
Note that to a casual observer who doesn't know or care where the property line is, the end result is nearly indistinguishable from what would have resulted if you had set up the projection screen or poster in your own yard. (The only difference is that it's a foot further away and controlled by a different person.)
Anyway, while it certainly seems sleazy to profit from your neighbors illegal display, it seems bizarre to conclude that pointing your visitors at your neighbor's display is the same as displaying it yourself.
"BTW I know you're talking about the way judges actually tend to interpret these things. I'm talking about the way they would interpret things if they had any sense."
Gonna disagree, but if you live in the ninth, that's already how they think :)
(now, FWIW; i'm also differentiating between what i think the law, as written right now, is supposed to mean, and what i think it should be. I think, right now, as written, this should be interpreted as infringement. I think the law should be changed, not twisted/ignored)
The sites aren’t linking to a tweet, they’re embedding them. There’s a difference of intent between a plain old <a> link to a tweet’s URL, and the full set of tags, scripts, and configuration used to embed a tweet inline with your page. It would be unreasonable to hold you accountable for a simple link if I had a browser plugin that automatically converted them into embeds, but if you used the twitter markup such that they would be rendered as embeds on any standards compliant browser that’s a different story.
Embedding, a.k.a. hotlinking, a.k.a. transclusion is just another type of linking. Any of those terms would work just as well in my comment because they all share the property that the content is being published by someone else.
But there isn't much of a difference between hotlinks and anchor links in this discussion anyway, since sites (e.g. Google, Pirate Bay) also face legal liability for simple anchor links to copyrighted works. Just Google "[any popular book] pdf" and read the DMCA blurb at the bottom of the results.
But technically they’re not the same. Like, if you were to describe the DOM nodes generated in response to a hyperlink versus an embed tag, they’d be quite different, right?
Can we start suing Google then for Google cache or the WayBackMachine for the same? They are certainly republishing my pages without permission. That's copyright infringement according to this criteria too. In fact, they host the content on their servers so there isn't even this technicality. What about the snippets Google shows in its search results? What about Slack when it embeds part of my page when someone posts a link?
TheWayBackmachine is operated by a library which gives them special license under copyright law. That said they will not make your page available publicly if you tell them not to.
Google cache is copyright infringement however it may or may not be excusable under fair use depending on the circumstances.
"Can we start suing Google then for Google cache or the WayBackMachine for the same?"
Already happened.
Multiple times.
In fact, the precedent the EFF is talking about was "Perfect 10 v. Google", which was about caching, thumbnails, and framing in google image search.
> So, this is basically a technical argument based on a technical implementation detail. These mostly are considered irrelevant and frequently fail (see, e.g., napster et al)
"Details are irrelevant" is the argument you get from people who don't want to consider the implications of the details.
> I could simply avoid all liability by setting up a server/separate legal entity in a country with no copyright laws, place all images there, and then i've never published anything at all by your argument.
Is this not exactly the sort of thing companies do on a regular basis to avoid, for example, taxes? Or minimum wage laws or a hundred other things like that? If there is a jurisdiction where it's legal then it's legal to do it in that jurisdiction, no?
> Similarly, if i wrote a book, and on page 34 it said "for the text and images on this page, please see Encyclopedia Brittanica volume B, page 38", the law would probably be okay with that. If i had an electronic book that auto-loaded and displayed that content for the user, so the user did not have to do it, they'd probably consider it infringement.
This is where we're getting to the part where the technical details have relevance. A website isn't a device, it's a piece of information which is rendered by a third party device. You are just telling them where they can find the information. But the third party browser on the third party device has the capacity to fetch and display it for the user.
Consider a similar scenario: Devices improve to the point that they can parse the words "for the text and images on this page, please see Encyclopedia Brittanica volume B, page 38" and then automatically fetch and display the images. Has your sentence retroactively become infringing because the user's device has improved?
This sort of thing starts to have real salience when you get into things like content addressable storage, where the hash of the data both identifies it and can be used to locate, obtain and authenticate it.
""Details are irrelevant" is the argument you get from people who don't want to consider the implications of the details."
That's just a silly dig, considering i've spent years of my life and training considering the implications of the details of these very things.
"Is this not exactly the sort of thing companies do on a regular basis to avoid, for example, taxes? Or minimum wage laws or a hundred other things like that? If there is a jurisdiction where it's legal then it's legal to do it in that jurisdiction, no?
This is basically a "laws should all be completely and totally logically consistent and judged by judgement automatons following finite state machines"
As much as the news and reddit may make that out to be what happens, it is not what happens in practice. In fact, in the very thing you are talking about, courts in various countries looked at it said "nope, not okay".
"But this is where we're getting to the part where the technical details have relevance."
IMHO, no, they don't
" A website isn't a device, it's a piece of information which is rendered by a third party device. You are just telling them where they can find the information. But the third party browser on the third party device has the capacity to fetch and display it for the user."
You can play this game all you want, i understand in detail the distinction you are trying to draw and pretty roundly reject it. It's just an attempt to abdicate intent and responsibility. The intent of the person who made the page is for the third party device to do what it did and display it. It did that.
If there was a <murder> tag that instructed devices to murder the person named by the text a loaded from the ref attribute, and i used the tag, you don't get to say "well, it was just a piece of information, interpreted by a third party device".
You intended it to murder someone when it was interpreted, and it did murder someone when it was interpreted.
The same way i wouldn't feel "All i did was give the third party murdering device a link to some instructions, not the instructions themselves" is not the kind of distinction i think makes a lot of sense to try to hang your hat on.
If the EFF/others want the law to be different, i'm actually all for it. I even think what i'm suggesting is a pretty shitty policy for the internet (and i spent years of my life fighting to push us towards a better copyright-free utopia ;P). But it's also what i think it says right now.
". Has your sentence retroactively become infringing because the user's device has improved?"
No, because that wasn't the intent at the time i did it.
> That's just a silly dig, considering i've spent years of my life and training cconsidering the implications of the details of these very things.
The silly dig is the argument that technical details are mostly irrelevant. It's possible for some details to sometimes be irrelevant, but it's hardly a generally applicable rule that gives you any useful information about when they are or aren't.
> This is basically a "laws should all be completely and totally logically consistent and judged by judgement automatons following finite state machines"
How is it that, and why is being logically consistent bad?
> As much as the news and reddit may make that out to be what happens, it is not what happens in practice. In fact, in the very thing you are talking about, courts in various countries looked at it said "nope, not okay".
If a company moves from the US to China and then doesn't pay US taxes on the operations in China and pay the Chinese workers the US minimum wage, they are breaking the law?
> The intent of the person who made the page is for the third party device to do what it did and display it. It did that.
You keep talking about intent when the problem is the precedent it sets. For example:
> No, because that wasn't the intent at the time i did it.
So what happens when you publish the same sentence with the same intent after it becomes public knowledge that devices can use the information to automatically fetch and display it? Is it no longer possible to perform the same action with the original intent?
If you're just requiring people to reconfigure things to give themselves plausible deniability about their intent then the whole thing is a waste of resources, but if you're going to prohibit people from identifying the information regardless of their intent then why are you making such a big deal about intent to begin with?
Fair use is seen as one of the more difficult laws to define in logical consistent terms, so lets start there. Can we create fair use definition in such way that a mathematical function separate all that should be defined as fair use, and all that should not based on unbiased measurable facts.
Common legal theory says that we can not do that. Fair use is inherently subjective and ruled on a balance of interests between copyright holders and the public good. The public good in turn is also extremely hard to define, and is usually seen as one of those things we know when we see it but can't attribute to logically consistent rules.
So this is a good example of what I'm talking about. You're talking about the difficulty of making a fair use determination, but the question in most of these cases isn't whether a specific action is fair use, it's whether any of the reasonable actions are. And you don't need to make an inherently subjective determination for that because the subjective cases are irrelevant if you can find any solid instance where the outcome isn't ambiguous.
The citation example makes the point pretty well. Suppose you make a citation -- this image is on page 34 of this book, using a standard machine-readable citation format.
There are multiple things the user and the user's browser could do with that information. It can show you links to stores where you can buy a print edition of that book, or it can look up the page in a location index and find electronic sources for the content of that page. Some of those sources and some of the uses of the content are plausibly unambiguous cases of fair use. Some of the sources and uses are plausibly unambiguous cases of piracy. They may even be the same sources but different uses.
If you want to evaluate one of the individual cases then you may have to make a complicated fair use determination, but we're not talking about an individual user, we're talking about the person providing the citation. Whether their intent is facilitating users buying the book, or using it in a clear case of fair use, or using it in a clear case of piracy, their action is the same. The action itself doesn't reveal their intent. You can't make the determination based on that because you don't know it.
The difference between this and the murder example is that the defendant's action isn't the directly prohibited thing. If you intentionally kill someone, that's what murder is. If you hire someone else to do it, you're still clearly intending that outcome.
The analogous thing would be selling weapons. Your obvious intent is to sell a knife, not to have someone murdered. That may secretly be your true motivation, but without any additional evidence of that there is no way to know, and certainly at least some of the people who sell weapons do so without the intent that they be used to commit murder.
It can be impossible to determining intent in some cases but that has not stopped law writers and politicians from defining intent and guilt in the absent.
The pirate bay case was actually a such example. The law that the judges cited in the case was based on the concept that if the majority usage of a tool is illegal then the owner of said tool can be held as an accomplish. The background text of that law was biker bars. The politicians wanted a way to confiscate the buildings, so they created the law. No intent needed of the owner, only establishing that the primary usage of the "tool" illegal and there you go. If you had a gun shop and the primary customers you got was murderers you could in theory be charged with assistance of murder in each case that the police can guess is likely to have happened. The pirate bay case also established that someone can be charged with with assistance even if the "original case" has not been proven.
Not saying any of that is good. The law is ugly, inconsistent and full of subjective aspects.
> The pirate bay case was actually a such example.
The pirate bay isn't in the US.
And in general, the fact that some bad laws exist that violate the general principles the legal system as a whole operates under is no excuse for condoning such laws or not construing them as narrowly as possible to mitigate the damage done to the justice system by naked populism like that.
If there are so many marijuana users that the majority of pipes sold are used for marijuana rather than tobacco, it makes absolutely no sense to punish the people selling pipes rather than either punishing the people actually using marijuana or just legalizing marijuana.
Yeah, to be clear when I said “makes sense” I was referring to what allows for a functional ecosystem of Twitter, users, media, etc. and not a legal evaluation. IANAL and all that.
In this case wouldn’t your innocent infringement example apply? As I understand it there’s an implicit license to use the content of tweets via an official Twitter embed. That would mean it would be fine to show the image via an embedded tweet from the copyright holder, as they agreed to that by posting the tweet in the first place and presumably could revoke that right by deleting the tweet. So the argument would be that the media sites had the rights to republish the tweet and thus believed that the author of the tweet had the rights to the contents of the tweet (which they didn’t). Is that logic not applicable here or is it that a media company should know better and thus it’s not a reasonable mistake?
Also wouldn’t the DMCA be applicable here as the method by which the photographer could get the photo removed from Twitter?
As far as whether or not Spotify is good to musicians, or takes too big of a cut, or distributes revenue fairly, I don't know. It's certainly possible that there's a better payment structure that would be better for musicians that results in no difference to the consumer.
But as a long-time paying user of Spotify I disagree with the premise of the article: Spotify is the product, the music is not.
For a fixed amount of money each month I can just play almost any song, whenever I want, regardless of whether I even know I want to, with zero friction. I don't have to decide whether or not a song is worth the money, I don't have to decide exactly which songs I will play, I can have shared playlists with friends where we can listen to music from our various overlapping tastes.
The extensive collection of music is a key aspect of the platform, but short of a massive dropoff in what's available, if an album isn't on Spotify the most likely outcome isn't that I'll go somewhere else to listen to the album, it's that I'll just listen to something else on Spotify.
This is like complaining that the rates at the airport currency exchange are worse than in your FX trading account.
Coinbase isn't a brokerage, it's more akin to a bank, and like a bank you're not going to get the market rate if you want to exchange currency. If you want to use a brokerage, use GDAX.
You are assuming the value of time spent on these activities is inherently positive.
If you like cooking or cleaning or taking out the trash then by all means you should do those things. But, if you don't like doing those things then the threshold for when it makes sense to pay someone else to do them is lower than most would think.
That is their theory, but I see a lot of trouble in their analysis.
A different take on their data is:
Not doing things is becoming ignorant and in the short term ignorance of the negatives in life is bliss. In the longterm, not knowing how to do the things that are happening so you can survive is a larger stress for people. Consequently, people are happy when they are choosing to outsource, but it does not last and they choose to cycle back. The noveau rich outsource willingly and the other rich outsource more reluctantly as they are more familiar with the eventual costs of short term stress reduction.
I am arguing it's not not inherently positive or negative, but you can become someone that views it as a negative or a positive. Many people enjoy walking as a time for reflection and to de-stress. Other types of repetitive motion like folding clothing can fill the same void.
However a big part of this is simply how much space your keeping up. An efficiency can be kept clean though habitat, a 1,000 acre estate takes a staff.
PS: That's not to say having groceries delivered is a bad idea, just maximum productivity is simply a wasteful goal.
In theory though, the market should address that right? e.g. a version of this that's $10k a year but can handle 10x the volume because you triage patients with competent nurses and PAs and save the expert's time for the cases where they can actually make a difference.
Yeah, I had the same thoughts when I was writing that. The key difference is that the current system is so convoluted that there is almost no meaningful market for consumers on the actual care side of things.
why is this market failure automatically attributed to too much regulation instead of the wrong kind of regulation. Wealthy elites paying 40k to set a broken bone shows exactly why deregulating would be disastrous, medical decisions are rarely made rationally. There is a quote from the article that implies that these elites would pay anything.
"But when you have kids, you jump the line. You just do. If you have the money, would you not spend it for that?"
Unregulated markets do not work for this type of irrational actor. Please stop spreading lies about how to fix this problem. Instead maybe look at countries that regulate it correctly(Spain).
Yeah, I think that's pretty much the case. The first 320 bytes of the two PDFs released by Google result in the same SHA-1 state. Once you're at that point as long as you append identical data to each of the files you're going to get identical hashes. This is just taking those same 320 bytes and appending the combined images of your choice.
edit: as versteegen points out it's 320 bytes, not 304.
I learned a lot from it. One thing is that this property is true of any Merkle-Damgård-type hash if the hash internal state is the same size as the hash digest. This is true of SHA-1 and of several other famous and widely-used hashes, but not true of every hash, including some of the most recent designs like several SHA-3 candidates and SHA-3 itself. In a hash without this property, you can have a collision condition H(X)=H(Y) (and len(X)=len(Y)) yet typically H(X+a)≠H(Y+a).
Edit: len(X)=len(Y) is also necessary because Merkle-Damgård hashes encode the message length into internal padding, so if you happened to have two colliding inputs that were different lengths, they will generally not produce a collision when the same string is added to each.
This is really good to be aware of, even if there were no collisions. I could imagine someone making for example a signed cookie scheme that is value,SHA1(secret,value). Someone could then change it to value+foo,SHA1(secret,value+foo) without knowing the secret, and it would verify as a valid signed cookie.
People sometimes overstate the impact of length extension attacks. If your format has a length prefix (really common) then you may well be "vulnerable" in the sense that appending arbitrary data is "valid", but a canonical form without the appended data is trivial to construct; and indeed most software would likely completely ignore that extra data.
HMAC is a neat trick to avoid length extension attacks (and other issues) in a generalized fashion, but that doesn't mean those risks actually apply in practice. (Some googling finds e.g. this paper: https://www.iacr.org/archive/fse2009/56650374/56650374.pdf which proposes an attack on length-and-key prefixed messages, using some sha1 weaknesses and merely over 2^84 memory and 2^154 queries - color me impressed, but not scared). Edit: just to be clear, I'm not suggesting anyone actally use LPMAC-sha1 given the current state of sha1.
For another example; in general it's unsafe to truncate a "secure" hash - hashes that satisfy most security requirements can be constructed that are not safe when truncated (e.g. sha3 prepended by zeros is still safe, but obviously not if truncate the sha3-provided bits off). But I don't know of any mainstream hash where this theoretical risk actually applies (e.g. no merkle-damgard hash suffers from such a risk); nobody constructs hashes intentionally with more bits than entropy.
It's probably still wise to stick with known-good constructions, but the risks seem overstated, and the difficulty is also overstated - assuming the primitives used aren't too flawed. Sure, it's cool that HMAC can use even flawed things like MD5 and retain safety, but typically nobody is forcing you to stick with md5. I guess the world is more complicated if you need to pick a protocol and then you're unable to change it, but most applications can (with some effort) be changed. You need something safe now, not for all eternity.
So, I think the rule is simpler: this has little to do with crypto per se; just don't be unnecessarily clever, in general. Crypto makes the consequences particularly nasty, often. But that's about it.
This was good meme that served its function well when it was needed - early enthusiasm for reusable cryptographic primitives and a failure to recognise the foot-shooting potential lead to many easily broken schemes.
Now, however, "don't roll your own crypto" is dogma, and if anything we have the opposite problem of monoculture and slow progress. I think a more nuanced view is required, one that encourages experimentation when the stakes are low and more competing implementations when the stakes are high (or perhaps we should call them "complementing" - a standard ought to have multiple implementations).
As Wikipedia puts it, "Mathematical analysis of [security] protocols is, at the time of this writing, not mature... Protocol design is an art requiring deep knowledge and much practice; even then mistakes are common." How are programmers to practice, if they are not allowed to fail?
