

Judge Allows Sony to Unmask Anyone Who Visited GeoHot Site - kenjackson
http://www.wired.com/threatlevel/2011/03/geohot-site-unmasking/

======
A1kmm

      $ telnet geohot.com 80
      HEAD / HTTP/1.1
      Host: geohot.com
      User-Agent: Dear Sony, I heard you would be reading this log. Because of the way you treat researchers like GeoHot, and your own customers, I will never buy a Sony product again.

~~~
ssebro
I was seriously just considering ps3 vs xbox 360, Sony's just made my decision
so easy. I'll never buy a thing from them again.

~~~
redthrowaway
It's too bad, too. They took a huge risk with Cell, and it's finally paid off.
This kind of behaviour is simply inexcusable, however. I have a ps3, but I
don't want to buy new games for it. Not really sure what to do.

~~~
idonthack
Crack it and run homebrew, obviously.

~~~
emehrkay
Crack and pirate.

Decisions like the one this judge handed out makes it more and more clear that
corporate interests trump those of everyday folks.

------
jseifer
Reading this article was really crazy. Sony has also subpoenaed YouTube for
information on _anyone who watched the video he posted_ and it was approved.
The rationale is that they're trying to sue in California and this will help
better prove distribution there. It does not say what Sony intends to do with
the information otherwise which is kind of scary.

------
SriniK
Who is up for protest against Sony? This is so lousy.

What is next? Telling every kid not to open 'a system' to figure out how
things worked? Or may be lets ban engineers to be engineers?

EDIT: #shameonsony twitter handler.
<http://twitter.com/#!/srinikom/status/43853556645761024>

~~~
smokeyj
Sony is acting like a company trying to maximize profits, it's our government
that's tasked with defending 'the people'. If the government is the enabler,
why not protest them?

~~~
sho_hn
Your government isn't just tasked with defending the people, but also with
acting on their behalf; given this, the persons that form the corporate entity
Sony are not absolved of personal responsibility and subject to criticism.

The government may be allowing them to do this, but it isn't making them do
it.

~~~
smokeyj
Sony can bitch all they want, it doesn't matter to Geohot until the government
gets involved. Now we're playing for keeps. dreamhost isn't complying with
Sony, they're complying with a US court order.

------
oniTony
I would imagine that a large portion of visits to GeoHot's website was due to
the publicity of Sony's legal case. If Sony is trying to provably demonstrate
“defendant’s distribution”, shouldn't there be a distinction based on the
intent of access?

E.g. IP hits from Google's bots out of Mountain View should not count as
"those who downloaded Hotz’ hack reside in Northern California".

~~~
marklabedz
...and likewise for those who accessed the site(s) after the suit was filed.

------
metachris
<http://geohot.com/>

------
mikecarlucci
Haven't a number of courts ruled that an IP address isn't a person? I feel
like that should apply here.

Edit: [http://arstechnica.com/tech-policy/news/2011/02/court-
confir...](http://arstechnica.com/tech-policy/news/2011/02/court-confirms-ip-
addresses-arent-people-and-p2p-lawyers-know-it.ars)

I guess they don't want to sue the visitors just reveal identity? This seems
like shaky ground for Sony.

~~~
Jach
Maybe they'll put a list of repeated identities in their next rootkit they
ship with their laptops and when it detects someone associated with an
identity it will signal the battery to explode...

~~~
jrockway
Ironically, they'll be guilty of the crime "battery".

Anyway, I think we all wish companies would take their revenge in the form of
actual violence so that they would actually get in trouble, but they are
smarter than that. Emotional pain hurts more than physical pain.

------
megaframe
How useful would that list even be, after all the attention this has gotten
wont that IP list be absurdly long? Maybe there trying to use it to form
conspiracies by association.

Well my IP is there. I don't own any Sony products, was considering a PS3
(since the price is right), and I almost never mod those kind of devices, but
out of principal I don't think I could justify getting one now.

~~~
uxp
I have a fantasy of every botnet in the world visiting his site DDoS style,
but without the DoS part, padding the list to be miles long of printed court
evidence.

GeoHot's blog, geohotgotsued.blogspot.com, specifically mentions that his hack
got very little attention outside of the standard homebrew hacker scene up
until the point he was sued and every tech blog and publication linked to him.
These actions are just absurd. GeoHot even states that he has come across
means to restore the cryptography on the device, which could effectively shut
out piracy. I doubt he'd ever hand it over though. There's no reason to be
nice to the guy who's kicking you in the crotch.

~~~
robryan
Really they should have hired him to work on console security, as well as
officially allowing the system to be modded to allow home brew, take away the
incentive for the homebrew people to further enabled piracy and get it seems
the best person to defend their console against piracy in the future.

------
smokeyj
I wonder what the judge almighty thinks about Sony's rootkit projects..

------
nu2ycombinator
Looks like the problem here is the judge. She doesn't even know how internet
works. "Retrieve all the code"

------
Rariel
Civil Procedure FTW! Or the loss. I'm not surprised the judge allowed this, it
is necessary to prove Sony was correct in filing in CA because the state has
jurisdiction over GeoHot. I _would_ be surprised if they granted personal
jurisdiction over a kid in NJ.

------
micah_moo
What about people who just saw it in a feed and out of curiosity looked :S

~~~
Hacktivist
I'm sure they don't care about people who just loaded up the home page. They
are more than likely after the IPs that downloaded the files that are posted
on the site (maybe they will try to tie them back to IPs used to acces PSN?)

------
asdfor
I can't figure out based on what grounds the judge granted access on the IP
logs. Also, what sony could do with the ip addresses?. Nothing, they are just
trying to force people away from any websites with such information. The user
base of the PS3 are underage teens, vulnerable to such scare tactics ....

------
jonursenbach
Where is the EFF during all this?

~~~
jevinskie
They filed a friend of the court brief [1] which the judge didn't seem to get
the point of [2]

[1]
[http://www.wired.com/images_blogs/threatlevel/2011/03/efflet...](http://www.wired.com/images_blogs/threatlevel/2011/03/effletter.pdf)

[2]
[http://www.wired.com/images_blogs/threatlevel/2011/03/speror...](http://www.wired.com/images_blogs/threatlevel/2011/03/speroruling.pdf)

------
rapind
Seems like a good time to be in the VPN / Proxy business.

~~~
nitrogen
I don't see how anybody trusts a VPN or proxy any more than their own ISP. It
seems to me that using a privacy-focused VPN (1) makes you stand out more to
anyone looking to bring down the proverbial hammer of justice, and (2) puts
all of your access history in the hands of a potentially-hostile third party
(the VPN/proxy provider, who could just as easily be subpoenaed, or even be
run by an intelligence agency, like Tor).

~~~
rapind
My understanding is that it is not actually _easy_ to subpoena records from
all the VPNs cloaking traffic to a specific site. In fact there could be a
significant cost attached to doing that. So while it might make you look
guilty in some situations, it can protect your innocent behaviour from being
snooped until you do something to justify appropriate suspicion.

As stated \--- The approved subpoena requires the company to turn over
“documents reproducing all server logs, IP address logs, account information,
account access records and application or registration forms” tied to Hotz’s
hosting. \---

I'm pretty sure they would need to apply for another subpoena in order to
uncover any IPs coming from a VPN. Now this could be done if it was warranted,
but most of the time I doubt it would be pursued and it might even be hard to
prove it was warranted for each VPN?

Now just for fun, let's say you're tunneled to a VPN that's tunneled to
another VPN, to another, etc. While you could still be chased down, it
probably not practical in most situations like this. I wonder if one company
could provide a service that uses multiple routings like this through
different registered entities requiring the authorities to request records for
each of the different entities in order to track down just one account. Then
implement this on a large scale...

------
jchonphoenix
Everyone not from CA run a script to access GeoHot.com?

This way Sony will have to try the case in NJ.

------
kmfrk
So, where would be a good place to host your site to dodge the jurisdiction of
this craziness?

~~~
timdorr
What Sony's trying to do is locate jurisdiction in the location where the data
ends up. So, it would be irrelevant as to where it came from. You could host
in Iran and they would still attempt to show it being under a CA court.

~~~
chc
I think kmfrk is trying to ask if there are any countries where you would
likely be safe from a judge turning over your users' data to Sony just to see
if any of them were in California.

------
rheide
Sony always gets what it wants. While they're not fundamentally wrong, since
it's their product, they're playing whack the mole with a large hacker
community. This can't end well.

~~~
fingerprinter
I'll admit that I haven't followed the story that closely, but from my
understanding, he hacked his PS3 and posted what he found, right? Wouldn't we,
as a reasonably logical technical community, see that as his system and he
would be free to do with it what he wants (the hack, probably not the post)?
Perhaps posting it is where they have a case (INAL), but I can't see any
justification for going after him for merely hacking/poking around his PS3
hardware and software.

I started to see this pop up in some posts recently:

* apple's hardware...they have the right to do what they want * sony's hardware...they have the right to do what they want

I don't exactly know when this started but I think it's worth correcting and
trying to stop. No reasonable person would assume that you could buy any
physical device and NOT be allowed to do whatever you want to it. There may be
usage restrictions (you can't modify your car w/ a jet pack and expect to
drive it on a public road...), but if you are doing something for
educational/experimental purposes, I can't see how it would be illegal.

Anyone care to comment? I'm open to having my position changed if someone can
show me why.

~~~
johngalt
Morally I agree that something you buy is yours to do what you want with, but
in practice there are routinely restrictions on what you can/can't do, each
with their own degree of right/wrongness.

For instance most people find it reasonable that you can't:

-Modify/bypass emissions equipment on your car.

-Saw off the barrel of your shotgun, or modify semi-auto -> Full auto

-Buy one copy of a movie then show it to the whole neighborhood and charge admission

~~~
fingerprinter
I think in all those cases you mentioned it would be usage restrictions rather
than actually being able to change the physical object you bought. And it
would be the government saying you can't do something, not BMW or Colt
handguns.

Again, INAL, but I thought you could modify a semi-auto and saw off the barrel
as long as they were used at the shooting range (for instance...probably a
state by state law as well).

And I'm fairly certain you can bypass the emission on the car to modify to
make it a track car, for instance, or make it farm equipment. Again, not
really up on the law, more anecdotes I've seen in my personal life.

~~~
chris_j
> And it would be the government saying you can't do something, not BMW or
> Colt handguns.

I think this is a key point. Is it the government telling you that you can't
do something (that is against the law) or a company using the law to prevent
you doing something that they don't want you to do. I would guess that the
former would be governed by criminal law and the latter by civil law - please
correct me if I am wrong.

In this case, it is Sony using the law to try to prevent people learning how
to root their PS3s and doing so through civil courts.

