Messages

316

Getty Images Letter Forum / Re: We are the latest victim of the Getty Image extortion scam

« on: December 19, 2012, 12:14:28 PM »

Cool!!! Wow.

317

Hawaiian Letters & Lawsuits Forum / Re: Vincent K Tylor rears his ugly troll head...again

« on: December 16, 2012, 03:35:21 PM »

 All the images that they are accusing of us using have been "repined" through another user.

repinning sounds like hotlinking. Right now, someone who gets the letter should say "hotlinked" and site Perfect 10.  Maybe the troll can go after the first-to-pin, if they can identify a sufficient number of personal details to send that person a letter.  That might not be easy.  But the fact that might be difficult doesn't turn repinning into not-hotlinking.

318

Getty Images Letter Forum / Re: Another Newby Masterfile

« on: December 12, 2012, 03:38:53 PM »

joee --
Ahh! That clarifies.

Well... if you only hotlinked, you own zero. Nothing. Nada. At least according to precedent in the 9th circuit.

Admittedly, they could potentially hope to a different circuit court to disagree with the 9th (it's been known to happen!). They could hope to get the Supreme Court to rule differently from the 9th circuit. But there is no way they are going to pick you to try to fight a case involving 1 image to the US Supreme Court -- especially since they might find Google jumping in to file amicus briefs on your behalf! 

Your only potential worry is  if you have any doubt that you might have hosted the image on your server,  and it turns out you did host it on the server, they could potentially have evidence you did so. If they went to court, they would need this evidence.  But the screenshot of web pages they typically include in their extortion letter  is not evidence to rebut your statement that you hotlinked. At a minimum, they would need to supply *html*. 

As far as I am aware, Getty has not supplied html of those pages to anyone who has discussed the issue at this forum.

319

Getty Images Letter Forum / Re: We are the latest victim of the Getty Image extortion scam

« on: December 09, 2012, 09:52:44 AM »

Khan--
Whether or not someone has to "hack" to look at something on the web depends on the details of *how* the web admin limited viewing.  I understand it was jots *intention* to "forbid" someone from viewing, but he has not said *how* or *what* he did.  If all he did was put a 'suggestion' in robots.txt, and picscout didn't follow that suggestion, then picscout did not "hack".   If he used .htaccess to use hotlink protection, he might be able to characterize very simple referrer spoofing as hacking-- but honestly, I doubt anyone technically competent would consider referrer spoofing a "hack".   I do rather complicated things involving using .htaccess to redirect certain requests for images through a file called 'imageDiversion.php". I'm not sure someone would consider circumvention by *referrer spoofing* a hack. However, they would likely consider it a hack if someone broke into my server and altered my "imageDiversion.php" file.

So I am interested in learning some of the nuts and bolts details of *how* jot is "forbidding" access. Because unless he is doing something unusual, I doubt that the method of access would be considered "a hack".

320

Getty Images Letter Forum / Re: Picscout sighting.

« on: December 07, 2012, 11:05:07 PM »

Yep.  That's me.

But I can tell you that initially those things helped. But I'm pretty sure the humans programming the bots are doing more and more to make it more difficult to slow the scraping down. But last November, my site was *really* getting scraped like crazy! It was insane!  Things would just rip through and load every single image at my blog (at rankexploits.com/musings ) . 

321

Getty Images Letter Forum / Re: We are the latest victim of the Getty Image extortion scam

« on: December 04, 2012, 06:25:11 PM »

Correct....if they were only looking at the code of the page like most bots do, then all they would see would be a file name with a path to a folder. If the bot tried to access the folder, then would be blocked, so the bot or spider cannot access the files directly.  They use software that "tricks" the security measures that I had in place to think it is actually a user using a web browser, then they further trick the server to giving access to those hidden folders for access, then they download the image so they can compare the meta information. 

I'm trying to guess the specifics. Do you mean:
1) You limit viewing of the images to certain referrers and user agents and
2) You believe picscout spoofed the referrer and user agent?

I already know their browser add on presents a blank referrer and user agent.  Of course this can blocked by ordinary hot-link blocks in .htaccess.

I also know I've seen *tons* of scraping (and attempted scraping) by agents that present the top of the domain as referrer-- so they are spoofing: that is lying.   I've also see tons of scraping and attempted scraping by agents that try to present "http://the_top_of_the_domain.com/feed".   Presumably both are used to get around the hotlink block in .htaccess. (One can write a rule to deal with this too-- provided they either have no images in the feed and none at the top of the domain. Failing that, provided they know the names of the few images that can have referrers matching "http://the_top_of_the_domain.com/feed" or "http://the_top_of_the_domain.com/".

But... what I want to know-- is referrer and user agent spoofing what you are talking about? Or something else?

322

Getty Images Letter Forum / Re: Picscout sighting.

« on: December 04, 2012, 06:06:52 PM »

My impression is picscout-- or other image scrapers-- are now using servers all over the place.  Blocking them from images would involve a heavy investing in time watching things that load images only. It can be done-- but it's not easy. It also resource intensive for any blogger.

I do it. But.. nope. Not easy.  It's sufficiently difficult that I would have a difficult time sharing my method with anyone who isn't extremely motivated to keep the picscout like scrapers off.  (And I probably fail anyway.)

323

Getty Images Letter Forum / Re: Another Newby Masterfile

« on: December 04, 2012, 06:04:15 PM »

(I also remove the image from m blog media library)

Hmm... if it was in your blog media library, you may have made and displayed a copy.  If this continues, you will need to discover whether your blog displayed an image hosted on your server or an image hosted on someone else's server.  That is key. If the image is displayed  as a "link to another blog" that's legally different from an image displayed from a link to your own server (or some server region under your own control.)

324

Getty Images Letter Forum / Re: Another Newby Masterfile

« on: December 04, 2012, 06:00:43 PM »

  When emailing Geoffrey, I did say that it was a link to another blog. 

He stated that they had to pay the artist, so basically I have to pay up.

If the image displayed at your blog but only because it was a link to an image hosted on someone elses server, you need to read my response to Getty:

http://www.extortionletterinfo.com/forum/getty-images-letter-forum/recieved-a-demand-letter-today-what-do-you-think-of-my-response/msg9271/#msg9271


The part of particular relevance to you starts with "second" and I'll requote here:

Second: I have read over both the 2006 Ruling regarding  PERFECT 10, Plaintiff, v. GOOGLE, INC., et al., Defendants from   "United States District Court, C.D. California"  and that regarding Perfect 10, Inc. v. Amazon.com, Inc., et al. 487 F.3d 701, No. 06-55405 (9th Cir., May 16, 2007).   I note that DMCA is mentioned and discussed by the District court in footnote 10 of the District Court ruling where they say,

"Google also contends that it qualifies for protection under each of the four DMCA safe harbors, 17 U.S.C. § 512(a)-(d). In light of the ensuing analysis concluding that Google is neither vicariously nor contributorily liable, it is unnecessary for the Court to deal with the DMCA issues."

The plain meaning of the text indicates that any protection that might have been afforded Google by the existence of  DMCA was irrelevant the courts ruling because Google had not violated any of the copyright holders rights under copyright.  I  have not copied or displayed "Catalog Image No eb2511-001" as those terms are defined by US copyright law  So, whether Google, Amazon or I are or are not protected by DMAC in the event that we might inadvertently violate someone's copyright would seem irrelevant.  I'm puzzled that you brought your opinion about the applicability of DMAC up.

I would now like to point out that in my first letter I also brought up the issue of fair use.  In the event that GettyImages might believe contrary to court rulings that including html instructions to an image at a third party site constituted  infringing use under US copyright law, my particular use would in any case fall under fair use for reasons I mentioned in my first email to you. You have not address this point.
 
Because you have so far stated you do not consider the matter closed,  I believe must request information from GettyImages.  While continuing to maintain that I have neither copied nor displayed "Catalog Image No eb2511-001" as those words are defined by US copyright law, I request the following information regarding GettyImages "Catalog Image No eb2511-001" required to ascertain whether GettyImages has standing to pursue any claim or negotiate any settlement and to assess whether the suggested amount of the settlement would be reasonable.

My specific requests are below:

1) Please provide me with proof that the GettyImages "Catalog Image No eb2511-001"  has been registered at the US copyright office or copyright office in any country either individually or as part of a collection,  including any collection name, registration numbers, dates of registrations,  renewals of registrations, names of copyright holders and any and all records indicating the copyright ownership may have transferred to any new owner and on which dates copyright ownership transfer may have occurred.  Your Nov. 4th letter indicates that the photographer was "Mother-Daughter Press".  I believe such items should be easily accessible in files GettyImages maintains for the image in question; your obtaining and providing these should be little more than a clerical matter.

2) Please provide me documentation that Getty Images now holds and has held the exclusive license this image spanning whatever time period you believe is relevant to your allegation of a copyright violation related to the image discussed in your first letter to me. I believe such items should be easily accessible in files GettyImages maintains for the image in question; your obtaining and providing these should be little more than a clerical matter.


3) Please explain your basis for requesting $875 for whatever use you infraction you allege with regard to this image.

I believe there is reason to doubt Getty images holds an exclusive right to license images, and also suspect the settlement demand is excessive in light of a number of factors including, but not limited to the following:

a) A digital copy of what appears to be the image in question is available free of charge by visiting ("Mother-Daughter Press & Gay Bumgarner Images" ( i. e. http://www.gaybumgarner.com/)   , searching for "cardinals", clicking the image itself and then clicking "download" . The Mother-Daughter Press & Gay Bumgarner Images"  website appears to be owned and operated by the party listed as  "photographer" of your "Catalog Image No eb2511-001"  and the  57.5 kb available for free is larger than the 14kb copy hosted at the third party site I linked.  Absolutely no usages restrictions are indicated when that digital image is downloaded. (See attachment 1 below.)

b) A digital copy of what appears to be the image in question can be downloaded for free accessing it through  photoshelter.com's user interface.  Photoshelter.com lists the image as "PhotoShelter ID: I0000NJj3T3XcwKU"  (See http://www.photoshelter.com/lbx/lbx-img-show?L_ID=L0000f7CHJUlwcGk&_bqG=0&_bqH=eJxLjMot9wh1D0izLI3wzQgNdPKrKgxPNM02S_G0MrIyMrWy8on3dLH1MQCCNHNnD6_QnPJk92w1H8_4YP.gEFsg7Rzi6esKE4h38QyydQx2BvF9PN09Qpz8I7AaUFCQbmtkCgC88CZL&LI_ID=LI000.2F242ES7zc )

c) Much lower costs licenses permitting web display of larger higher versions of this image are available through photoshelter.com (see attachments  2  below.)

I believe that since GettyImages has already presented me with a demand letter for $875, providing records and an explanation of  the basis for demanding $875 along with records documenting who owns the copyright and your companies exclusive right to license the image should amount to little more than a clerical matter.

I close by noting that it remains my position that there has been no violation of the copyright holders rights to copy or display this image in the matter you described in your Nov. 24, 2011 letter.

Sincerely,
Lucia Liljegren

In the US, the 9th circuit court ruled that hyperlinking is NOT copyright violation. Whether Masterfile "has to" pay their photographer is irrelevant.  None of the other circuit courts have ruled on the issue. But given the fact that this is the highest court ruling to date,

1) If you are in the 9th circuit masterfile would have to be nuts to go after you for a hyperlink ruling hoping to get the SCOTUS wold overrule the 9th and
2) If you live in another circuit, they would have to be nuts to hope one of the other circuit courts would rule in their favor on this.

Get a copy of the two Perfect 10 rulings, read, and take a big sigh of relieve. (Well... provided you are in the US.)

325

UK Getty Images Letter Forum / Re: graphic from another site

« on: November 25, 2012, 07:20:57 PM »

rapidi--
I saw a "pounds" rather than $ sign on another thread. In the US linking is not copying. If you are in the uk... I don't know.

326

Legal Controversies Forum / Re: Use of copyrighted images for educational use - legal?

« on: November 24, 2012, 08:08:16 PM »

I don't know how to get rid of them. I suspect you don't need to worry about it though. The following is speculation-- about why they continue to appear when you use the add on.   It's based on what happens in the server logs when you use the add on.

Ok... now. If I put an image on my web page-- making sure both the page and image are new, and then visit my page using the Image Exchange add on, with the 'sidebar' showing, my web page loads.  Meanwhile, there is a pause in the Image Exchange.  Eventually, the image exchange might find a match which appears in the sidebar. (Some "matches" can be pretty funny. I'd love to show some-- but I'm not sure it's fair use. But it can be hilarious.)

Anyway, if I then open up my server logs, I can see the "hits" to my page. I know my own IP (and my own user agent)-- so I see hits associated with my visit.  Following a few seconds after my visit, I see hits from other IPs. When I've done the experiment in the past, these hits only hit the images, and moreover have blank user agents and blank referrers.

I diagnose these as being picscout.  And what I think picscout does is fetches the image, compares it to the library and then "remembers" that image match is on that page. It probably remembers by putting storeing information about the matches with that page. 

Now, what is the function of "remembering". Well, the other thing I notice is that if I visit the same page again, picscout does not visit unless I have added fresh images with fresh names.  So, I think what happens is that unless the visitors browser sends information about a new image, picscout just "remembers" whatever it thought matched images to that page. 

No, I"m guessing in your case, after you removed the image, picscout simply hasn't programmed anything to notice the image is no longer there, and it is still "remembering" an image supposedly matched what is there.  Mind you-- if it had had a stupid match, it would be "remembering" something that never matched well in the first place. (Because that happens. Seriously-- I've loaded simple images of cross hatches and had it match it to things like a bird on a wire running diagonally across the sky. I assume the slanted lines 'matched' and that was enough for picscout.)

So, if this is what is happening;
1) You probably can't get picscout to 'forget' what was there. Because it's programmed to remember what used to match.
2) You don't need to worry about it. Because picscout makes lots of mistakes. So... the fact that it claimed an image once matched something that is no longer there proves nothing about what used to be there. (Mind you... if the subject ever comes up, do not voluntarily admit that the match was once correct. Maybe ask here, and I might be able to find the images of really truly bad matches I've had before. Seriously hilarious!)

327

Legal Controversies Forum / Re: Use of copyrighted images for educational use - legal?

« on: November 24, 2012, 04:16:16 PM »

Once done, why is Picscout (or ImageExchange) still shows the deleted images?

How do you know Picscout/Image Exchange still shows deleted images?


Do you mean that if you visit with the image exchange toolbar installed, the image exchange toolbar suggests matches to images that were previously at the page?   That would be interesting.  If it is what you mean, I could speculate based on what happens in the server logs if you visit with the image exchange toolbar in place. But I don't want to do that unless that's what you mean.

328

Getty Images Letter Forum / Muso.bot: Another copyright bot for hire.

« on: November 16, 2012, 11:25:52 PM »

I've been compiling a database of things that got blocked by ZBblock. I noticed a connection that was blocked -- and it looks like an image copyright enforcement bot.  The useragent string is:

Mozilla/ 5.0 (compatible; musobot/ 1.0; [email protected]; +http:/ / www.muso.com)

Their services include

Piracy detection right to the furthest corners of the Internet, simultaneously scanning millions of blogs, message boards, streaming sites, websites and P2P channels.

Translation: The will send their bot to scrape your site.

Disrupt & destroy illegal file distribution by quickly removing each and every instance of illegal files discovered, with a market leading average removal time of 3.5 hours and over 50% instantly removed once discovered.

Translation... they claim they are going to remove illegal files. How? This sounds like it might not even be legal-- and it sure is scary.   
(OK.. it later reads "Automatically issue takedown notices direct to source - cyberlockers, p2p torrents, streaming and auction sites". If that's the mechanism for removing in 3.5 hours, it's not quite so scary!)
Other claims here
http://www.muso.com/home/services/

As I noted: I blocked this thing. The rule that blocked it was that it was using Amazon to crawl through the site. But I'm not blocking by user agent.  I advise others to do similarly. (Note: Bots can fake user agents, and the company can use other hosts. So this might not be effective. But if their business plan is to burn up my cpu and bandwidth, I'd prefer to make them do it using a high cost service rather than lower cost amazon.)

329

Getty Images Letter Forum / Re: Picscout sighting.

« on: November 15, 2012, 11:23:00 AM »

Blocking Israel is also not enough.   At a minimum, one must also do this:

Block all image requests with blank user agents.  Picscouts firefox add on will visit with blank user agent after someone uses it. But also, I see *many* visits to images using blank user agents only.  So images should never be served to these things.  This  should very, very rarely interfere with any honest visits because everything should present a user agent.  (Some people who are both stupid and paranoid buy privacy software that presents a blank user agent. But it's very, very rare. And those people should be told to turn on their user agent.)

These visits do not come from Israel. They are generally coming from larger servers.

Oh...today... I saw something try to visit

rankexploits.com/protect/wp-content/themes/images

This is definitely an attempt to find images that might have been uploaded to the 'theme' folder. There is nothing at that location.  Because I partially 'broke' my wordpress redirects, that attempt was sent to the "file missing" bin (404). I made my 404 page dynamic, and also run a script to ban things that are looking for <i>missing</i> things in 'wp-content/themes/'. So, that IP got banned.   

Here's the record of the 'ban'

#: 111365 @: Thu, 15 Nov 2012 07:09:38 -0800 Running: 0.4.10a1
Host: 91.229.125.213
IP: 91.229.125.213
Score: 2
Violation count: 1
Why blocked:   ; It looks like you are trying to call the theme directly.   (404) Fingerprint, scrape or hack behavior.    (2: wp-content/theme )   || ( ax=0)   [GB]   ( 404=1 )  ; ( 0 )
Query:
Referer:
User Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7
Reconstructed URL: http:// rankexploits.com /protect/wp-content/themes/images/arrows-ffffff.png

That image is not on my site.  But the fact that something tried to load it means either
a) They were trying to figure out if I have a particular image directory at that location or
b) They were hunting for a vulnerability -- that would be a threat unrelated to image sniffing.

I can't know which. But those worried about image scrapers should be worried about both. (To some extent, it is pointless to worry only about image scraping. You simply cannot block those things without blocking all the other stuff too. Leaving avenues for other types of scraping or hacking open will leave avenues for scraping open. Period.)

Anyway, here's are some details on the IP:

IP=91.229.125.213 is associated with
netname:        ITLAB-NET
descr:          IT Lab Limited

That looked like an interesting name, so I googled and discovered:

http://www.itlab.co.uk/

That is
a) a cloud service and
b) one that provides custom coding http://www.itlab.co.uk/services/consultancy-services/codelab/

I think the probability that IP was someone was devoting a lot of effort to hunt for images is near 50%. But that's a guess.  The alternative is it's a penetration tester-- which is just as bad.

Whois gives their domain range as
91.229.124.0 - 91.229.127.255
They are located in Great Britain and an Israel ban would not keep them out. 

Based on watching my logs have every reason to believe that crawlers looking for images are:
1) using a vast number of proxies-- both anonymous and transparent.  I often see blocked israeli IPs using non-transparent proxies.
2) using specialized cloud services located all over the world.

I see lots of hits from "The Planet", "Hostgator", "BlueHost", "voxility"  and all sorts of dedicated servers all over the world.  These are cheap services picscout or any picscout-like entity (e.g. tineye, idee etc.) could chose to run a scraper.  I suspect they do so.  I'm reasonably certain that if you think blocking Israel is enough, you are likely wrong.

I have a blog. I post lots of graphs-- most created by me-- but some by co-bloggers. All are constantly visited by agents with
a) referrers I know to be wrong.
b) blank or weird user agents.

To catch the scrapers, I'm doing rather complicated stuff. Specifically:
1) In .htaccess, I divert image requests with whacked out referrers or user agents to a script.  I also send requests for any images that are more than 3 months old to the script.
2) That script processes the request. If it fails quality checks, that IP is banned-- at Cloudflare. That means that IP cannot crawl anything at my site. If it passes quality checks, it is shown the image. If it's in between, it is shown a substitute image of a cat.

(Note the potential downsite of blocking a Hostgator/Bluehost/etc. IP at cloudflare is that if a blog on those services sent me a 'ping' I wouldn't see it. I'm willing to sacrifice that-- as it's really the only reasonable incoming connection from those services my blog might expect. )

This system is:
1) resource intensive because you have to run a script rather than just deliver an image.
2) requires willingness to fiddle with your .htaccess and customize in a way that makes sense. (In fact, you must edit each month if you want to check all requests for images older than 3 months.)

In addition, you need to make some decisions about what you are going to permit. For example: My /feed/ addresses do not display links to images if one loads those addresses directly in the browser. So, things that try to load images from http://myblogdomain/blogpost/feed  are banned. I've been doing this for months. I ban at least 20 things a day with that referrer and you know what? I have never, ever, ever had a human complain. That tells me those requests are not people.

I don't think there is any other way to block image scrapers. Moreover, I doubt if I even succeed in blocking all of them.  If someone or something wants to visit each post promptly providing a not obviously wrong user agent, and a not-obviously-wrong referrer, that someone or something will be indistinguishable from a real visitor. My system will let them view the images.   So, an image scraper could see every single image. (You might wonder why their bot doesn't do this?  It's because it takes more resources to monitor a blog for posting, and load a whole page rather than just try to watch what shows up on google image search and then load that image without knowing what the "right" referrer would be.   My guess is they show some obviously wrong referrers because they don't know the right one for the image.)

Oh-- and I'm doing more stuff. For example: I'm blocking all connections from TOR, and I"m blocking lots of connections from free public proxies listed on various web sites.  Doing the latter has drastically cut into the rate at which I see requests for images with blank user agents. (This is why I feel rather certain that lots of the image scrapers are using public proxies.)

Anyway... unfortunately, I can't give good easy advice on how to block picscout and picscout like scrapers. I know I've made it expensive for them to operate on my site-- that's the best anyone could do.

330

Getty Images Letter Forum / Picscout sighting.

« on: November 15, 2012, 09:15:38 AM »

I thought some of you would be interested in reading a log in my "kill" file:

#: 111122 @: Wed, 14 Nov 2012 06:13:24 -0800 Running: 0.4.10a1
Host: mailptr.picscout.com
IP: 62.219.119.15
Score: 1
Violation count: 1 INSTA-BANNED
Why blocked:   ;   Image scraper, sharing or copyright enforcing host      INSTA-BAN. You have been instantly banned!  |-|   (1: pics )  check host   || ( ax=0)    [IL]  ; ( 0 )
Query:
Referer: http://stackoverflow.com/questions/11215963/how-to-block-picscout-bot
User Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0
Reconstructed URL: http:// rankexploits.com /protect/2011/12/four-steps-to-slow-down-image-scrapers/

This is definitely picscout. Most likely, it's someone at picscout wanting to read my advice on how to slow down image scrapers.

Of course, one of the steps is: Block anything on a host containing the word 'pics' in it from your logs.  I do this-- which is why the host 'picscout' was blocked.

Other useful information: This IP 62.219.119.15 is on bezeq servers. Specifically, it's on

inetnum:        62.219.110.0 - 62.219.155.255
netname:        BEZEQINT-BROADBAND
descr:          FIXED-IP
country:        IL
admin-c:        BNT1-RIPE
tech-c:         BHT2-RIPE
status:         ASSIGNED PA
remarks:        please send ABUSE complains to [email protected]
remarks:        INFRA-AW
mnt-by:         AS8551-MNT
mnt-lower:      AS8551-MNT
source:         RIPE # Filtered

role:           BEZEQINT HOSTMASTERS TEAM

I block many bezeqint sites-- mostly because way back around the time I received a getty letter, I coincidentally had my site absolutely hammered by an IP on bezeqint. It took my blog to it's knees-- crashing and restarting all day. Naturally, I will now be blocking the full range above-- at Cloudflare.

(Unfortunately, I have concluded it's very difficult to block image scrapers. It can be done-- but it can't be done by people with near zero programming skillz. It also needs to be custom based on one's subject matter. But there are some things that really help.)