[vox] Content Sharing becomes Bandwidth Theft
Mark K. Kim
vox@lists.lugod.org
Fri, 2 Apr 2004 18:30:24 -0800 (PST)
Steps:
1. They see an image on your website they like.
2. They link to it as their avatar.
3. Someone tries to see their avatar, but sees "do not steal my
bandwidth" image instead.
4. Your bandwidth is still stolen.
But I'm sure they test their avatar when they first make it, right?
They'll see that the avatar doesn't work then link to someone else's,
right? Let's look at it from that perspective:
1. They see an image on your website they like.
2. They link to it as their avatar.
2a. They test the avatar. They see the cached image. They think
it works! It's a keeper.
3. Someone tries to see their avatar, but sees "do not steal my
bandwidth" image instead.
4. Your bandwidth is still stolen.
But wait... won't the avatar viewers report the broken image to the
bandwidth stealer? Let's view it from that light:
1. They see an image on your website they like.
2. They link to it as their avatar.
2a. They test the avatar. They see the cached image. They think
it works! It's a keeper.
3. Someone tries to see their avatar, but sees "do not steal my
bandwidth" image instead.
3a. They don't care. They don't say anything.
4. Your bandwidth is still stolen.
Okay, so maybe that's not a good idea. Let's try just blocking bad
referers altogether:
1. They see an image on your website they like.
2. They link to it as their avatar.
2a. They test the avatar. They see the cached image. They think
it works! It's a keeper.
3. Someone tries to see their avatar, but see a broken image
because your server rejects bad referers.
4a. Your bandwidth is safe[r]!
If you just wanna play some pranks on the bandwidth stealers, go ahead
with the "do not steal my bandwidth" image, but to really protect your
bandwidth it'd be better to just reject bad referers altogether.
-Mark
On Fri, 2 Apr 2004, Jeff Newmiller wrote:
> I just noticed that an image on my web page has been used by at least two
> individuals as their avatar image on discussion lists. Their use of the
> image doesn't bother me... but the fact that they didn't put it on their
> own webservers means that they are freeloading on my website. Every time
> someone reads their posts on those discussion lists, my site gets a
> useless hit.
>
> I am thinking of moving the file (and changing all my internal links), and
> replacing the file with a different image that communicates that this
> is not acceptable behavior. Any suggestions for appropriate images? One
> of my calmer ideas was a yellow background with black letters that says
> "Don't use someone elses image URL for your avatar", but there has to be a
> better phrase or image...
>
> ---------------------------------------------------------------------------
> Jeff Newmiller The ..... ..... Go Live...
> DCN:<jdnewmil@dcn.davis.ca.us> Basics: ##.#. ##.#. Live Go...
> Live: OO#.. Dead: OO#.. Playing
> Research Engineer (Solar/Batteries O.O#. #.O#. with
> /Software/Embedded Controllers) .OO#. .OO#. rocks...2k
> ---------------------------------------------------------------------------
>
> _______________________________________________
> vox mailing list
> vox@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox
>
--
Mark K. Kim
AIM: markus kimius
Homepage: http://www.cbreak.org/
Xanga: http://www.xanga.com/vindaci
Friendster: http://www.friendster.com/user.jsp?id=13046
PGP key fingerprint: 7324 BACA 53AD E504 A76E 5167 6822 94F0 F298 5DCE
PGP key available on the homepage