Getty Image in question is a modified image hosted by a 3rd party

[TylerDurden]

We got "the letter".  First, the image in question is not hosted on our website.  The only reason we have the image displaying to our website viewers is because we dedicate a page to each of our suppliers where there is a description of the Manufacturer.  It is usually cut and paste from the "About Us" page of each supplier's website.  In this case, the HTML hosted on our site just references the image hosted at the supplier's website.  We have already removed the HTML reference to the image.  I have collected a screenshot of the supplier's website with the "offending" image, and the recorded the URL of the "offending" image.   I may be able to collect dated proof that the HTML has always referenced the supplier's site. 

On top of all of this, the image in question is a modified version of the copyright image.  The original image almost seems to be intended for 'customization' by a graphic artist.  My supplier may have acquired it legitimately....or not.   I don't know if I should ask my supplier about it.  I imagine that I don't want them to remove the image in the event I need proof that the image was never on my site, etc.

Any thoughts?

[Robert Krausankas (BuddhaPi)]

If the image was hosted elsewhere, you have not infringed, read up on the perfect10 case. They have no case, I would not give them anything, in terms of information. I would simply state that the image in question was linked from another source, and advise them to leave you alone, or you may take legal action yourself...in other words fight fire with fire... Keep your source code as a reference, and any screen shots referencing where the image is coming from. I also probably wouldn't address this with where the image came from, let them fend for themselves..

[TylerDurden]

To follow up, I have been able to collect dated proof from Google's caching system that the site was only referencing the image at the 3rd party location.

[Robert Krausankas (BuddhaPi)]

You're pretty much golden, Getty doesn't tend to look at these things, nor do I think they even care, they just send out letters in the hope that people are ignorant, scared, nervous, and not willing to fight.

[Jerry Witt (mcfilms)]

First, TylerDurden is an awesome screenname for this site. Second, as BuddhaPi suggested, you are pretty much in the clear. They may continue to pester you a bit. But if you are emphatic and tell them if they continue to bother you there will be consequences. When you start throwing around the knowledge that they cannot collect on an hot-linked image hosted on another site, they will probably slink back into the shadows.

Now you need to ask yourself if you want to do a solid for your vendor and give them a heads up so if there is an issue with the image, maybe they can head it off.

[lucia]

Tyler--
Welcome to the "got getty letter for hotlinked image" club!

To document the image appeared elsewhere, use http://webcitation.org/archive .  I would advise documenting the page where your supplier showed the image and also documenting the image.  This will give you 3rd party documentation. Save that. Don't send to getty.

Write back. Cite Perfect 10.  They'll pretty much ignore that and comment on something else. (Possibly suggesting that you should realize DMAC doesn't cover you but would have covered Google or Amazon. This is a red herring. Amazon and Google did not win because of DMAC and it's not clear it would have covered them. What the 9th circuit ruled is hot linking is not a copyright violation.) Cite Perfect 10 again.  I think my email responses are on line-- but if you need them, I can dig them up.  You'll want to rework in your own language, but basically, keep repeating stuff from Perfect 10.

Because the 9th circuit is a circuit and not SCOTUS, do also keep your files of any evidence just incase Getty does go insane and decide that of all possible cases, they are going to try to convince the US Supreme Court to rule hot linking is a copyright violation (in a case that would surely have Google writing your briefs for you!)  So, do use webcite for any and all evidence of other images. Do, look for similar images-- keep a file. But don't volunteer all that to Getty. They don't need to see that in addition to it being a hotlinking case, they probably have a crummy case.

Oh. Do ask them to send you proof of copyright. You might as well.

[lucia]

I'm sure you don't all remember exactly where we left off. I had responded-- explaining that the fact that DMAC might have protected Amazon and Ebay was both undecided by Perfect 10 and irrelevant to Perfect 10, and then, I got another letter in the mail. I emailed that-- copying both "Same" and the more generic group that emailed the letter.  Very quickly, I received this email:

Lucia,
 
It would appear our recently-received letter was sent in error as your December 20, 2011 e-mail (received) is still under review in our department. I apologize for any confusion our recent mailing may have caused.
Regards,
SAM BROWN
Copyright Compliance Specialist
Getty Images License Compliance
[email protected]
www.stockphotorights.com
Copyright 101

That was January 30.  I have not heard from Getty since.  So, they haven't told me the case is closed, but I have heard nothing.

Meanwhile, I have been writing a plugin that will at least help the cause should it get adopted. And once I roll that out, I'll be posting advice on how to reduce the ease with which Picscout crawls your site.  I want the thing to be easy to implement-- so it's taking a bit of time. But I'm pretty sure picscout no longer races through my blogs.  (Cross fingers.)

[Jerry Witt (mcfilms)]

Lucia,

If I were you I would squeeze them for a reply. If they are going to waste your time sending you a letter about a hot-linked image, they owe you the courtesy of a follow up. Pointing out that you have been waiting for a determination for FOUR MONTHS and that you find it very unprofessional considering they gave you a matter of days to respond to their initial letter. Ask them if you should just call the CEO directly.

[lucia]

Oh... I figure I can wait to send the letter.

I'd rather spend my time getting my plugin working. If I work things right and get sizable numbers of people to use it, we may be able interfere with the picscout browser add-on from working as well as getty might like and reduce a lot of image scraping generally. That would be more fun than exchanging letters.

(Speaking of which, I need to fire up the getty ad on and see if it still leaves no user agent and no referrer. I assume that picscout will tweak what they do over time.)

[lucia]

BTW: I recommend people block:
1) all requests for images that show a blank user agent and blank referrer.
2) all requests for images with IPs in and around 72.26.211.xxx.

(2) may be overly broad, but it's safe for now.  (1) is actually conservative. I block all requests for *anything* that comes in with a blank user agent whether or not it has a referrer. There is very little reason for things to arrive with a blank user agent.   I also block lost of image requests with "stooopid" referrers but my method for diagnosing "stoopid" is too difficult to explain in a forum post.

There are many ways to block-- .htaccess, cloudflare, at a firewall etc. So, I'm not going to give specific directions because some people will want to do things one way, others another way. (Which methods are possible can depend on your hosting and degree of control of your server. I have access to .htaccess and also route things through cloudflare.)

[Moe Hacken]

Lucia, thanks very much for sharing your bad-bot research. I'm very interested in the progress of your plugin.

[SoylentGreen]

Yes, thanks Lucia, for shedding light on these issues.
Most have no clue of what's really happening, or how to stop these bots.

S.G.

[lucia]

Soylent--
When I first started looking at how to block, I thought it would be easy. But I kept watching my logs.... and the number of image bots is rather amazing. Also, as I blocked things, other seemingly 'adaptive' behavior became evident.  For example, after I began banning lots of obvious image bots, suddenly, I see images being loaded by something with the user agent "TraumaCadX". Someone is browsing with a user agent designed to read Xrays? Really?  After blocking that, suddenly people are visiting my images with Playstations.  Really?  Then I start seeing visits with user agents indicating that the visits are from a server that is optimized to save images. Do I believe that's a human visiting my blog? No. I do not.

To screen image stuff, I'm mostly using ZB Block but with a tweak to get most image scrapers diverted into php. (This tweak is required because images are static and ZB Block only applies to php. I'm not really sure how I'm going to explain it to people so that it's easy to use without screwing up your blog!  )

If you use ZBblock, I'd be glad to discuss which custom sigs seem especially useful for image stripping. 

The "image" or "suspected" things I am blocking has expanded . Below, I'll show some of the lines of code-- but with the useragent bolded for the first few so you get the idea what's important to block.
# bandwith sucking pictures/copyright  bots
$ax = $ax + (inmatch($lcuseragent,"psbot","; psbot ua Images. INSTA-BAN."));
$ax = $ax + (inmatch($lcuseragent,"picsearch","; picsearch ua Images.. INSTA-BAN."));
$ax = $ax + (inmatch($lcuseragent,"playstation","; playstation ua : images   INSTA-BAN."));
$ax = $ax + (inmatch($lcuseragent,"pixray","; Pixray ua image bot  INSTA-BAN. ")); //   Pixray-Seeker/1 (Pixray-Seeker; http://www.pixray.com/pixraybot; [email protected])
$ax = $ax + (inmatch($lcuseragent,"phantom.js bot","; Phantom.js Images Scraper:   INSTA-BAN. ")); //
$ax = $ax + (inmatch($lcuseragent,"upictoBot","; Presumed Image Scraper(?): upictoBot.  INSTA-BAN. ")); //
$ax = $ax + (inmatch($useragent,"TraumaCadX","; TraumaCadX is in your user agent. image.  INSTA-BAN.")); //
$ax = $ax + (inmatch($useragent,"Copyright","; iCopyright Conductor 1.0 Nasty. INSTA-BAN.")); #
$ax = $ax + (inmatch($lcuseragent,"getty","; Image UA:getty.   INSTA-BAN. ")); //
$ax = $ax + (lmatch($useragent,"Extreme Picture Finder","; Extreme Picture Finder Scraper UA. images.  INSTA-BAN. ")); //
$ax = $ax + (inmatch($useragent,"BPImageWalker","; BPImageWalker. INSTA-BAN. ")); //
$ax = $ax + (inmatch($lcuseragent,"cydral","; cydral Image .  INSTA-BAN. ")); //
$ax = $ax + (inmatch($lcuseragent,"doubanbot","; doubanbot Image Scraper.   INSTA-BAN. ")); //
$ax = $ax + (inmatch($useragent,"CoverScout","; Album Cover Searching. images. INSTA-BAN."));
$ax = $ax + (inmatch($useragent,"ImageProHD","; ImageProHD: not a browser (3)  INSTA-BAN."));
$ax = $ax + (inmatch($useragent,"WikioImagesBot","; WikioImagesBot: unknown untraceable bot.  INSTA-BAN."));
$ax = $ax + (inmatch($lcuseragent,"tineye","; tineye Image ua  INSTA-BAN. ")); //
$ax = $ax + (inmatch($lcuseragent,"wesee.com","; wesee.com images. I approve of filtering for adult content, but I also don't trust you. Go away. Nasty. ")); //68c '   http://www.wesee.com/en/support/bot/
$ax = $ax + (inmatch($lcuseragent,"digimarc","; Copyright bot Digimarc. images. INSTA-BAN.")); //
$ax = $ax + (inmatch($lcuseragent,"bitvo","; bitvo.com Image scraper. images. INSTA-BAN.")); //
$ax = $ax + (inmatch($useragent,"NSPlayer","; NSPlayer Images  (?) ua. images.  INSTA-BAN.")); #  This is always just scraping and switches user agent back and forth to vlc/. (Sometimes playstation.)
$ax = $ax + (inmatch($lcuseragent,"nsplayer","; NSPlayer Images  (?) ua. images. INSTA-BAN.")); #  This is always just scraping and switches user agent back and forth to vlc/. (Sometimes playstation.)

$ax = $ax + (inmatch($lcuseragent,"vlc/","; vlc/ Images scraper (?) ua. images.. INSTA-BAN.")); #   This is always just scraping and switches user agent back and forth to NSPlayer.
$ax = $ax + (inmatch($lcuseragent,"webcollage","; webcollage images.  INSTA-BAN.")); //http://www.webcollage.com/ there is no reason to let *someone else* use webcollage on my server.
$ax = $ax + (inmatch($useragent,"Mozilla 3.01 PBWF (Win95)","; imagelock: now defunct. Shouldn't be visiting. Nasty. INSTA-BAN.  ")); #'
$ax = $ax + (inmatch($useragent,"Corp_Device_User","; Corp_Device_User. Nasty. images.?")); # I have no idea what this bot is doing. It looked like the GAP looking at images.
$ax = $ax + (inmatch($useragent,"mShots","; mShots. images.")); # this is a plugin that takes screenshots of your page over and over.

$ax = $ax + (inmatch($hoster,"getty","; getty: Image host. INSTA-BAN.")); //
$ax = $ax + (inmatch($hoster,"picscout","; picscout: Image host. INSTA-BAN.")); //
$ax = $ax + (inmatch($hoster,"tineye","; tineye: Image host INSTA-BAN.")); //
$ax = $ax + (inmatch($hoster,"prioritycolo.com","; prioritycolo.com Image host INSTA-BAN.")); //
$ax = $ax + (inmatch($hoster,"bezeqint","; bezeqint: Home of picscout.  Bad all around.  INSTA-BAN.")); //
$ax = $ax + (inmatch($hoster,"istockphoto","; istockphoto: Image host.  INSTA-BAN.")); //
$ax = $ax + (inmatch($hoster,"pingdom.com","; pingdom.com: Image host. INSTA-BAN.")); //
$ax = $ax + (inmatch($hoster,".ethz.ch","; .ethz.ch: Might be image host(?) INSTA-BAN.")); //
$ax = $ax + (inmatch($hoster,"copyscape","; copyscape: Copyright service.  Nasty. INSTA-BAN.")); //
$ax = $ax + (inmatch($hoster,"googlealert","; googlealert: Copyright service; <i>is not</i> google.  Nasty. INSTA-BAN.")); //
$ax = $ax + (inmatch($hoster,"pixray","; pixray:  Image host.  INSTA-BAN.")); //
$ax = $ax + (inmatch($hoster,"baidu","; baidu:  either real or spoofed.  INSTA-BAN.")); //

$ax = $ax + (inmatch($lcuseragent,"portalimage","; bad ua 5 Nasty. images. ")); // http://www.webmasterworld.com/search_engine_spiders/4398144.htm
$ax = $ax + (inmatch($useragent,"SUSE",";image stripping linux browser. INSTA-BAN. ")); // look for SUSE here http://www.useragentstring.com/pages/Firefox/
$ax = $ax + (inmatch($lcuseragent,"superlumin",";image video proxy. INSTA-BAN. ")); // http://www.superlumin.com/nemesis.php http://www.superlumin.com/video.php

But there are all sorts of other bots, crawlers spiders etc I don't trust.   But depending on how you run your site, you need:
1) A way to block IPs, useragents and hosts.
2) A way to block these things for *images*. (.htaccess, ZBblock if tweaked, firewall, whatever.)
3) Lists of user agents, IPs and hosts to block.

In my code above, you can see user agents to block and/or hosts to block if you know how to read the command.