l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
July 21: Defensive computing: Information security for individuals
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2004 Apr 04 00:00

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Content Sharing becomes Bandwidth Theft
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Content Sharing becomes Bandwidth Theft



Steps:

   1. They see an image on your website they like.
   2. They link to it as their avatar.
   3. Someone tries to see their avatar, but sees "do not steal my
      bandwidth" image instead.
   4. Your bandwidth is still stolen.

But I'm sure they test their avatar when they first make it, right?
They'll see that the avatar doesn't work then link to someone else's,
right?  Let's look at it from that perspective:

   1. They see an image on your website they like.
   2. They link to it as their avatar.
   2a. They test the avatar.  They see the cached image.  They think
      it works!  It's a keeper.
   3. Someone tries to see their avatar, but sees "do not steal my
      bandwidth" image instead.
   4. Your bandwidth is still stolen.

But wait... won't the avatar viewers report the broken image to the
bandwidth stealer?  Let's view it from that light:

   1. They see an image on your website they like.
   2. They link to it as their avatar.
   2a. They test the avatar.  They see the cached image.  They think
      it works!  It's a keeper.
   3. Someone tries to see their avatar, but sees "do not steal my
      bandwidth" image instead.
   3a. They don't care.  They don't say anything.
   4. Your bandwidth is still stolen.

Okay, so maybe that's not a good idea.  Let's try just blocking bad
referers altogether:

   1. They see an image on your website they like.
   2. They link to it as their avatar.
   2a. They test the avatar.  They see the cached image.  They think
      it works!  It's a keeper.
   3. Someone tries to see their avatar, but see a broken image
      because your server rejects bad referers.
   4a. Your bandwidth is safe[r]!

If you just wanna play some pranks on the bandwidth stealers, go ahead
with the "do not steal my bandwidth" image, but to really protect your
bandwidth it'd be better to just reject bad referers altogether.

-Mark


On Fri, 2 Apr 2004, Jeff Newmiller wrote:

> I just noticed that an image on my web page has been used by at least two
> individuals as their avatar image on discussion lists.  Their use of the
> image doesn't bother me... but the fact that they didn't put it on their
> own webservers means that they are freeloading on my website.  Every time
> someone reads their posts on those discussion lists, my site gets a
> useless hit.
>
> I am thinking of moving the file (and changing all my internal links), and
> replacing the file with a different image that communicates that this
> is not acceptable behavior.  Any suggestions for appropriate images? One
> of my calmer ideas was a yellow background with black letters that says
> "Don't use someone elses image URL for your avatar", but there has to be a
> better phrase or image...
>
> ---------------------------------------------------------------------------
> Jeff Newmiller                        The     .....       .....  Go Live...
> DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
>                                       Live:   OO#.. Dead: OO#..  Playing
> Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
> /Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
> ---------------------------------------------------------------------------
>
> _______________________________________________
> vox mailing list
> vox@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox
>

-- 
Mark K. Kim
AIM: markus kimius
Homepage: http://www.cbreak.org/
Xanga: http://www.xanga.com/vindaci
Friendster: http://www.friendster.com/user.jsp?id=13046
PGP key fingerprint: 7324 BACA 53AD E504 A76E  5167 6822 94F0 F298 5DCE
PGP key available on the homepage
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.