Webmaster Forum Rules | Posting Guide | Contact Us | Testimonials | Contributing Geek Program | Advertise on Geek/Talk
Welcome to the GeekTalk Webmaster Discussion Forums from GeekVillage.com

Click Here To Register. It's Free!

Go Back   geek/talk: Signature-free discourse for serious web publishers > YOUR REVENUE: Making Money On The Internet > Making Money with CPC and/or CPM Programs
User Name
Password
Register FAQ Calendar Search Today's Posts Mark Forums Read

Closed Thread
 
Thread Tools Display Modes
Old 09-13-2003, 05:23 PM   #31
lwrules
Registered User
 
Join Date: Jan 2000
Location: Richboro, PA, USA
Posts: 82
Default tos / laws

>ToS can't violate any known laws

Yes unless the law is based on consent. For example, if the TOS stated you could send commercial faxes in exchange for use of said software, then obviously the faxes wouldnt fall under the federal law prohibiting unsolicited faxes. So if the user consents to having a cookie placed on his computer and allowing software/web partners to use this information or any other information or method to change the default webpage, then the use of this pop-up cannot be consider illegal. But my other question still remains. Even if there was no consent - what laws are being broken?
lwrules is offline  
Old 09-13-2003, 05:42 PM   #32
Sashman
Registered User
 
Join Date: Aug 2002
Location: Dulles Virginia
Posts: 590
Default Re: laws

Quote:
Originally posted by lwrules
Everyone keeps saying these "exploits" are against the law -- would you care to give a link to this so-called law because US hacker laws 1029 1030 are pretty specific about intent to damage or breaking into governmental or banking computers with the intent to defraud / do damage. So how is changing someone's homepage default against the law with or without consent.
You'd be surprised what damages can acrue. We run a fairly large hosting / programming facility and when a security alert hits we spend a lot of time dealing with it. After discovering this ad we needed to inform our users and staff on how to prevent it from effecting their system, and go about changing settings on machines. Now that you've distributed the code to thousands of potential hackers, and shown that you have no hesitation in using it for profit this was something we had to do.

By simply running something where you have no rights is illegal, even for good. I remember awhile back there was a floppy virus, whose sole purpose was to remove other floopy viruses. It did no harm and took about 2k of diskspace in the bootstrap. Yet, the author was still sought.

You intentionally hid your code, bypassed a machine's security, and ran a program for money. How about the poor website that the computer's home page was originally set to? They lost out on money. You stole it.

Finally, how about my credibility with my userbase? I get emails and threads pop up on other boards when an ad provider simply runs a gator ad "accidently". Luckily I was able to stop your ads before the emails came in droves that I was running a program registering as a virus. We still did receive some heated emails and I potentially lost users.

You also may have given our resident MCSE a coronary .

Last edited by Sashman; 09-13-2003 at 06:31 PM.
Sashman is offline  
Old 09-13-2003, 06:15 PM   #33
lwrules
Registered User
 
Join Date: Jan 2000
Location: Richboro, PA, USA
Posts: 82
Default damages

One cannot argue damages based on preventative actions taken to protect against other potential uses of an exploit. Further the reason the floppy author was sought was due to the method in which he propogated the virus. Once again, I know you're not a lawyer, but with your resources I'm sure you can find a link to a law, if one exists, that would exist to prohibit this practice.
lwrules is offline  
Old 09-13-2003, 06:30 PM   #34
jokearound
Registered User
 
Join Date: Dec 2001
Location: UK
Posts: 739
Default

Quote:
When you download ad supported programs like kazaa or other freeware program, they place a cookie on your computer stating that you agree to their terms of service, which in the case of many freeware aps includes the right to change your default homepage using whatever technology they or their software providers choose to use. Those cookies can be called up by popup providers who partner with freeware companies to confirm consent.
What?! this is absolute rubbish..you cant access another site's cookies, just like I cant access (for example) a yahoo cookie from my site to see what your username is..

How can the change of homepage be "pre-agreed" when I havent even been to your site? let alone READ and AGREED to the TOS on there (which i havent..) - and you sure dont have any evidence that I do (did I check the box on your site that says "I agree with the TOS"? I think not)
jokearound is offline  
Old 09-13-2003, 06:34 PM   #35
lwrules
Registered User
 
Join Date: Jan 2000
Location: Richboro, PA, USA
Posts: 82
Default iframe

You obviously don't understand how iframes work.
lwrules is offline  
Old 09-13-2003, 06:36 PM   #36
lwrules
Registered User
 
Join Date: Jan 2000
Location: Richboro, PA, USA
Posts: 82
Default actually

To clarify, you dont understand how iframes work when used in conjunction with another site who provides you the means to access cookies that they placed through their domain.
lwrules is offline  
Old 09-13-2003, 06:37 PM   #37
Lil_Red
Registered User
 
Lil_Red's Avatar
 
Join Date: Dec 2000
Posts: 1,579
Default Re: nope

Quote:
Originally posted by lwrules
I don't work for them. I have known those guys for years and they are amazing at what they do and are always subject to the jealousy of others and anger of cheaters who get caught. Regardless, why make this personal? I am just stating the facts. The way I see it is the only thing MORE dangerous than a malicious exploit is the viral human distribution of malicious information.
What jealousy? I've used their products in the past and found them substandard and inadequate and would definitely not recommend them considering the superior alternatives that are available.
Lil_Red is offline  
Old 09-13-2003, 06:49 PM   #38
DiamondStorm
Registered User
 
Join Date: Sep 2003
Location: New England
Posts: 80
Default

I completely agree with a previous post that states without havin g been to the site, no terms can be agreed to in advance.

Now, having stated:

Quote:
iframes work when used in conjunction with another site who provides you the means to access cookies that they placed through their domain.
If this reads the way you intended, using frames from another site IS illegal!! And... I can and will quote specific laws regarding this. Please explain this quote further to educate how, if never cached, this pop-up is an agreement to change anything on my computer.
DiamondStorm is offline  
Old 09-13-2003, 07:03 PM   #39
jokearound
Registered User
 
Join Date: Dec 2001
Location: UK
Posts: 739
Default

yes, you are correct, I dont seem to get how the IFRAMES deal works..I cant quite understand how it works..can you please explain? I dont see any IFRAMES to kazaa or anywhere else on your site, except the one which goes to another page on the same domain (from there we get a pop which does the homepage setting if im correct..)
jokearound is offline  
Old 09-13-2003, 07:39 PM   #40
Sashman
Registered User
 
Join Date: Aug 2002
Location: Dulles Virginia
Posts: 590
Default

Actually, you cannot reference the cookies inside of frames/iframes directly unless the iframe is from the same domain or a trusted domain of the parent. Unless of course you have another hack up your sleeve.

You can however pass cookies along with a url redirect or pass it directly into an iframe. A page that has access can call an iframe or frame and pass the cookie by attaching the cookie as a url variable of the frame src. You can also do the same thing with images.

Here's a bug report I wrote in 2001 detailing an exploit to hack user names on Ubb using this method : http://cert.uni-stuttgart.de/archive.../msg00405.html . Replace image with IFrame. Strangely enough, vBulletin board had the exact same exploit. I got nice emails from both presidents for finding them. From SI, I get banned. Go figure .

Last edited by Sashman; 09-13-2003 at 07:40 PM.
Sashman is offline  
Old 09-13-2003, 08:04 PM   #41
Steve_S
I am a Contributing Geek. Are You?
 
Steve_S's Avatar
 
Join Date: Aug 1998
Location: Las Vegas, Nevada, USA
Posts: 5,224
Default

My answer to your question:

Changing your visitorís home page setting in their browser without their prior authorization is morally and ethically reprehensible. These are the same words I used 2 years ago and they were carefully chosen to eliminate certain ďdefensesĒ.

You canít abrogate this action with something in your TOS. If you do, itís still morally and ethically reprehensible since you havenít given your guest a clear and unambiguous way to either issue a denial or a authorization before you do it.

In my view, a prior authorization means exactly this:

You require an explicit check box select/action from the user. This action appears below a clearly worded statement in 12 point type on exactly what you will do to their Home Page browser setting if they agree by turning on the check box and also includes a clearly worded instructions on exactly how they may change this if they so desire. This statement should also be easily available via a translate button in the other primary languages of the world like Spanish, Latin, French, and many more.

If you want to send the guest to never never land if they donít agree to the change via turning on the check box, thatís your right because itís your site.
Steve_S is offline  
Old 09-13-2003, 08:42 PM   #42
hammer
Registered User
 
Join Date: Jan 2001
Posts: 313
Default

Thanks Steve, you echo my feelings on this.

And Sashman, as far bringing this to the attention of publishers, I don't believe you did anything wrong.

Although I don't use the popup service mentioned, I still believe the decision to inform publishers in this forum of the problem pop was the right thing to do, and it's something I would want to know. Especially if my visitors were having their homepage changed without notice.
hammer is offline  
Old 09-13-2003, 08:56 PM   #43
Czar

Webmaster
 
Join Date: Aug 1999
Location: Gold Coast, Queensland, Australia
Posts: 9,506
Default

Quote:
Originally posted by Steve_S
This statement should also be easily available via a translate button in the other primary languages of the world like Spanish, Latin, French, and many more.
Hmmm...Latin's still a primary language of the world? Why do I get the feeling that Dr Steve is part of a clandestine secret society with plans for ritualistic world domination?
__________________
Czar

Follow Geek/Talk's Twitter Feed and Facebook Page to stay up to date with new discussion threads and online ad industry highlights.

Important GeekVillage Links: Home | Rules | Posting Guide | Report Trouble | Feedback | Advertise on GV
Czar is offline  
Old 09-13-2003, 09:08 PM   #44
Sashman
Registered User
 
Join Date: Aug 2002
Location: Dulles Virginia
Posts: 590
Default

Quote:
You require an explicit check box select/action from the user. This action appears below a clearly worded statement in 12 point type on exactly what you will do to their Home Page browser setting if they agree by turning on the check box and also includes a clearly worded instructions on exactly how they may change this if they so desire. This statement should also be easily available via a translate button in the other primary languages of the world like Spanish, Latin, French, and many more.
Don't forget a question asking for the age of the individual. These programs apparently write cookies tracking an individual, which is illegal for children 13 and under without a parent's written consent.

Last edited by Sashman; 09-13-2003 at 09:08 PM.
Sashman is offline  
Old 09-14-2003, 01:31 AM   #45
lwrules
Registered User
 
Join Date: Jan 2000
Location: Richboro, PA, USA
Posts: 82
Default steve

Steve, I don't believe you completely understood my question - or I didn't ask it right...

You wrote:

>You require an explicit check box select/action from the user.
>This action appears below a clearly worded statement in 12
>point type on exactly what you will do to their Home Page
>browser setting if they agree by turning on the check box and
>also includes a clearly worded instructions on exactly how they
>may change this if they so desire

So let me rephrase my question. Let's say you insall kazaa on your system and Kazaa does EXACTLY what you wrote above and in addition to that they state they will place a cookie on your system so that websites they partner with can verify your agreement to the terms and then change your homepage. You check the box and agree to said terms and then I come along and change your default homepage by indentifying a Kazaa cookie, with their permission, that represents that you checked the box. Would you feel that I broke any laws or acted incorrectly by changing your homepage without your explicit consent?
lwrules is offline  
Closed Thread

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Popup suggestions scnofx Making Money with CPC and/or CPM Programs 2 06-02-2001 10:15 AM
frameless popup script + popup = fully loaded popup demae Making Money with CPC and/or CPM Programs 2 05-29-2001 09:17 PM
Script to manage multiple popup companies Darkness Web Design and Webmaster Issues 1 04-23-2001 12:00 PM
This tricky popup demae Making Money with CPC and/or CPM Programs 4 04-01-2001 07:11 AM
new popup script Knix Web Design and Webmaster Issues 8 08-05-2000 11:02 PM

Please support our advertisers. They ensure our survival.

All times are GMT -5. The time now is 07:37 AM.


GeekVillage.com is copyright © 1998-2015 Curiosity Cave - Science gifts for clever kids. All rights reserved.
Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.