

One Way to Deal with Internet Thieves - pzxc
http://pzxc.com/internet-is-still-wild-west

======
citricsquid
This guys website is just others content, HE is taking flash games created by
others and publishing them on his website FOR PROFIT. I spotted some friends
games on there that they are unlikely to gave permission to put on there.

Also, he has taken a popular t-shirt design, copied it and then is selling it
for profit here <http://www.cafepress.co.uk/playitontheweb> as advertised on
his website.

If the guy who posted this is reading, where do you get the games from you're
posting? Are you downloading them from other flash game sites and uploading
them? Are you scraping those sites? I bet it's the latter. You're only
slightly less shameful than this guy you're attacking.

irony eh.

~~~
averageJoe4
In addition, if you visit www.playitontheweb.com, you'll see in the right
column he prominently features Mario and Sonic flash games, games that make
unauthorized use of copyrighted and trademarked characters, as well as game
art and sound effects.

This guy really has some nerve complaining about someone copying his crappy
site design.

~~~
mattm
Indeed. Perhaps this is more of a case of "what comes around, goes around."

------
jedsmith
Okay, I'll take the alternative view: this is embarrassing for the OP.

What worries me is that the OP found the name Bart Burns on the WHOIS for the
domain, and assumed (a) that's who registered the domain, and (b) that the
information he found via a quick Google is actually Bart Burns. I can change
the information on my domain to be whoever I want, particularly if I'm a
scammer. Whatever I put in NameCheap's panel shows up minutes later. If
someone doesn't believe me, I'll alter the registration on one of my domains.
Just ask.

More interesting than that, however, is that the OP is completely aware that
there are avenues of recourse for this and that he is technically able to
determine who hosts the scraped domain. Rather than pursue those avenues of
recourse, however -- said facilities have been keeping the Internet from
devolving into a "wild West," at least in ARIN and RIPE regions -- this guy
had to take a play from 4chan's book and attack possibly the wrong guy. If
everybody did what the OP does, you're absolutely right: the Internet _would_
be a wild West.

As an administrator at a very large ISP, I am completely aware that some
people lose faith in abuse desk contacts. At my employer, we receive countless
abuse complaints and _we handle every single one_. This is a pattern you will
observe in ARIN and RIPE regions, but less so for APNIC and other parts of the
world (with exceptions). Particularly for someone hosted with JustHost, a DMCA
complaint gets the job done in hours. If it doesn't you can go after the ISP.
I was never a fan of the DMCA, but this is a prime example of a use case for
it.

Above everything else, though, even if the OP is right about the identity of
the scammer, calling out the scammer's employment means the OP could be
attacking his family. If I were the aforementioned company I'd cut my losses
and terminate the employee for bad PR. Now the OP has potentially hurt the
suspected perpetrator's family based on actions his family is _probably not
even familiar with_. Because he copied the HTML for a site I've never even
heard of. That's icing on the cake, to me, because I protect my family. With
teeth.

In short, I am totally unimpressed by the OP's vigilantism and I am equally
disappointed that it is so popular in this forum. Demonstrating this sort of
arrogance to Hacker News is probably a good way to burn your bridges at the
innumerable employers and business contacts that frequent the site.

~~~
JoachimSchipper
"WHOIS may be wrong" is a very good point.

However, if he were actually certain to get the right guy, what's _so_ bad
about "attacking his family" as you define it? Putting a thief in jail does
reduce the income of his/her family, but I wouldn't blame the victim for doing
so!

You _could_ argue that the punishment doesn't fit the crime, but that's a much
more subtle argument than you appear to be making.

~~~
jedsmith
> However, if he were actually certain to get the right guy, what's so bad
> about "attacking his family" as you define it?

Spoken like a bachelor. Two things I firmly believe in, _especially_ when it
comes to Internet squabbles, disagreements and such:

\- Don't mess with someone's livelihood.

\- Don't mess with someone's family.

They're related. You're going to sit here and tell me that it's justifiable
that the alleged guy lose his job over this, possibly taking food out of his
kids' mouths? If I copied your Web site and someone pulled a stunt like that
with my employer, I'd be out for blood. You hurt my family, I hurt you. You'll
understand when you have one.

You can't parallel this to putting someone in jail, because there wasn't
really a crime committed (I'd like to see a prosecution), and OP is not the
law.

~~~
JoachimSchipper
I upvoted your comment because you are contributing to the discussion, and
because I hope to understand you. You're right that I have no kids (I do have
a girlfriend, though). I've also explicitly assumed throughout that the guy
who was fingered really was the guilty party.

Under this assumption, though, I don't see what's so bad. First off, the guy
did do something that he shouldn't; secondly, the actual punishment is almost
certainly zero. Not only are we, indeed, not talking about jail time, we're
not talking "meticulously SEO johndoeisathief.com to the top of Google"
either; we're not talking "start a Twitter shitstorm until his boss fires
him"; we're not even talking "publicly call him out" - the data in the post
probably probably does identify exactly one person, but it's hard to actually
make that link. I do admit that blacking out some more data would be prudent,
but - what exactly would you be so upset about?

~~~
jedsmith
That's a different argument than you started with. You lost the plot
somewhere, which is that I think attacking his employment over this goes
beyond a line. There is only one reason to proudly put in your attack:

    
    
        Someone that works at X should know better!
    

What reason do you think that is? Now they need to take a hard look at their
decision to hire this guy; what is he up to in his private time? Suddenly, his
private actions have become publicly tied to our company.

There's a reason I don't have my employer in my profile -- I have personally
seen someone take a comment the wrong way, and spend days calling the employer
to report what a piece of shit the employee is, and how much he was into
drugs, and so on. Merely naming the guy's employer here casts them in a bad
light.

Think back to Noirin Shirley accusing the guy from Twitter of sexual assault
via her blog. When the media inevitably ran with it, it wasn't "an Apache
member accuses another Apache member," it was "a Google employee accuses a
Twitter employee," because that's a much juicier story. Now Google and Twitter
have been sideswiped in something that isn't even their business, and I
wouldn't have been surprised if Twitter had cut him loose over it. I don't
think they did, so that is a lucky thing for him.

In this economy, I'm just as stretched as everyone else. Anybody who goes
after my paycheck is playing with fire; that's all I'm saying.

~~~
JoachimSchipper
I see where you are coming from. I agree with you that e.g. phoning his
employer would be an overreaction; and I agree with you that my earlier
message was _very_ unclear in that respect, although I wouldn't have posted it
if he did, in fact, try to get the alleged thief fired.

Right now, though, "company X" does not seem to be heavily involved - the text
in the original is in an image and not indexed. Don't you think that the
actual damage is likely to be small?

------
dangrossman
I would've just sent the DMCA notice. It's not a "whole process", it's a
couple lines of text you copy/paste, put in the URL of your site and the copy,
change the date, and email to the host. It'll take you a few seconds to modify
and send out. Most web hosts have a specific mailbox for DMCA notices on their
contact page or in their AUP.

    
    
      Subject: DMCA Notice of Copyright Infringement
    
      The copyrighted work at issue is the text that appears on: [URL(s)]
    
      The URLs where our copyrighted material is located include: [URL(s)]
    
      You can reach me at [email] for further information or clarification. My phone number is [phone] and my mailing address is [physical address].
    
      I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.
    
      I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
    
      [your name]
      [today's date]
    

Never once have I had a DMCA notice not result in the material taken down
within 24 hours, even when the host was outside the US. _None_ of them want to
potentially be a party to a copyright infringement suit, however unlikely it
may be that you'd take it to court and drag the host into it.

~~~
cstross
_Never once have I had a DMCA notice not result in the material taken down
within 24 hours_

 _I_ have!

The culprit -- whose copyright agent [edit]appears not to[/edit] respond to
DMCA takedown notices unless they come on law firm letterhead -- is none other
than Amazon.com. (I've caught scumbags selling books of mine online as ebooks
via the Kindle store. Amazon don't listen unless you carry a big stick. My
solution was to grab the nearest big stick, in this case SFWA's Griefcom
process, but something like that's not really an option for most self-
published authors.)

(In contrast, Apple -- same situation, only in the iBook store -- were the
very model of efficiency and helpfulness.)

~~~
jedsmith
> The culprit -- whose copyright agent doesn't respond to DMCA takedown
> notices unless they come on law firm letterhead -- is none other than
> Amazon.com.

That's illegal. There are well-defined bullet points that make a valid DMCA
complaint that must be acted upon, and I doubt Amazon would open themselves up
to liability based on "big sticks". They'd lose safe harbor for not complying,
which is _extremely_ bad news for EC2 and any Internet hosting provider.

~~~
cstross
Legal or not, it's what they're doing. And it's not just me:

<http://nielsenhayden.com/makinglight/archives/012933.html>

~~~
jedsmith
If someone were to pursue it further and remind Amazon that not following
OCILLA means being liable for every single copyright infringement that they
host, whether on EC2, S3 (looking forward to that one!), or the Kindle store,
they might change their tune.

------
dctoedt
If the OP's planted information identified the wrong guy, then that guy, who
was wrongly accused of being a willful copyright infringer, might be able to
sue successfully for libel.

Otherwise, though, one legal irony about this posting sort of tickles me:

* Suppose that the (human) scraper were to sue the OP for libel. And leave aside for now the fact that (at least in the U.S.) truth is usually an absolute defense to a defamation action (although that's not the case in false-light or invasion-of-privacy cases).

* The OP should win, it seems to me, if for no other reason than that _it was the scraper, not the OP, who published the putatively-libelous information about himself._ Presumably, if the scraper himself had not copied and published (what he thought was) the OP's site, then the supposedly-libelous information would have stayed hidden in the OP's server, never seeing the light of day.

Of course, I could imagine some judges thinking that the case was like the
spring-gun cases you read about in first-year torts class: If you booby-trap
your vacant house with a shotgun to protect against burglars, you can be
liable to a burglar who gets shot, even though he's breaking the law by
breaking in.

------
Quarrelsome
I don't quite see the argument myself. As a former dancer in the breakdancing
scene the premise of "biting" (stealing) moves comes up a lot. After a lot of
consideration I came to the conclusion that if you perform something publicly
its pretty much fair game for copying. I don't think there is a benefit in
spending your time trying to hunt down these copycats. The time is much better
spent creating new works. The Open Source world teaches us that product is not
just the object the item being copied but the service, the knowledge, the
understanding of the product and the ability to create more. For creatives and
dancers it's the brand, and/or your name.

By all means if you think its worthwhile you can hunt down people ripping off
your stuff but if you're becoming tempted to just sit on your prior work and
prevent anyone else from touching it you're becoming stale. Case in point
would be Cliff Richard who the RIAA like to roll out whenever they want to
extend the terms of their copyright because apparently Cliff Richard relies on
this royalties as his pension. I often wonder why he didn't/doesn't have to
save for his retirement like everyone else.

~~~
m0dE
Yo, where did you used to break?

------
throwa_way
"I don’t make idle threats. I have all kinds of information about this person,
and I’m going to be keeping an eye on him, this particular domain, and any
other domains run by him or his host that access my servers."

^ Still the wild west indeed.

~~~
guylhem
??

So what's your proposal to deal with such a problematic behaviour?

The guy is quite nice - he only made the thieve risk his reputation by the
consequences of his own action. He didn't involve anything like law
enforcement, the hosting company or the banners network - which would have
cost them time thus money.

All he did is take some of his own time so that the scraper would get the
"accusing" version of the website next time. He fixed that at his own
expenses.

I believe many of us wouldn't have been that nice. And yes I believe he should
keep an eye on this thief, because from what he said (the games didn't play)
the guy didn't spend a lot of time on that borked job.

For all we know, this might be his full time job - copying websites, replacing
copyright notices and authors, making money out of it with banners. All he
needs is a process that scales well financially to be a "scamtreupreneur"
(Couldn't find a word so I made up one. Do I get karma claims on that word??
:-))

With bots, selecting target websites etc. it might be possible to make a
living out of it while true entrepreuneurs are starving in bootstrapped
companies :-/

~~~
RossDM
I don't know if the poster was criticizing the owner's response; I read it as
just an observation about the state of things. Also, you're right - the thief
got off easy.

------
DirtyAndy
Disclaimer: Most of my knowledge of the Wild West comes from the movies.

In the WW they used to quite like public hangings, both legal and illegal. Why
do you think they did this rather than just shoot people beside a grave and
roll them in? As a deterrent to others is my guess.

I appreciate jedsmith and others views, and do somewhat support them, but lets
say the OP had just issued a DMCA (and it was actioned). What has that
achieved. The copier loses his site, so from the OP's perspective for this
instance the problem is solved. Until next week the guy registers another
domain, and another, and another. And his friends do it too.

I bet the guy doing the copying is going to think about it twice next time,
and I bet one or two people will have read the blog post and rethought future
plans.

Don't underestimate the amount of stress, time and legal costs that some
people would spend trying to resolve a problem like this.

I know this Wild West killing is not the best approach but at this point in
the history of the internet I am seeing few alternatives to prevent (ie not
resolve post event) these things happening.

------
rick888
This is interesting, because it works on the same principal as software
piracy: The original isn't "stolen" it's merely copied. The original is still
intact.

I'm wondering if the same people that are so zealous and pro-piracy would be
fine with someone taking their site and duplicating it.

~~~
larrik
IS IT the same principle? Usually pirated software distributors don't claim
original authorship.

I'm not saying that the "merely copied" argument is correct, I'm just saying
that I think the situations are different.

~~~
rick888
The main argument for 'piracy is not stealing' is that there is still an
original copy.

Just like with the OP's site.

~~~
Fargren
"The main argument for 'piracy is not stealing' is that there is still an
original copy."

No, the main argument for 'piracy is not stealing' is that piracy is not
stealing. Stealing is the substraction of property, which piracy isn't.

This isn't stealing either, this is plagiarism.

If we don't name things with their correct names, we create false
associations, and that makes arguing about those things needlesly complicated.
It's hard enough getting a consensus on anything related to IP as it is, so we
should avoid ambiguous syntax wherever possible.

~~~
David
Violent agreement. You and GP seem to be saying exactly the same thing --
because the original still exists, there is no subtraction of property, and it
is not stealing.

~~~
chc
They are saying the same thing as far as that goes, but rick888 then uses that
as a jumping-off point to misrepresent a (fairly OT) position he doesn't agree
with. He's conflating the arguments of "piracy is not stealing" and "piracy is
not necessarily bad," which are only thinly connected (being theft would make
piracy almost certainly wrong, but _not_ being theft doesn't confer any moral
value either way).

------
russellperry
You'd also think a cisco engineer up to such shenanigans would know enough to
use an anonymous/proxy whois registration.

~~~
dwwoelfel
Or use someone else's name, which may be what the owner of the site actually
did. How can we know that the whois information is valid?

~~~
rhizome
I wouldn't be surprised if the advertising provider requires and checks for
real whois info. If not, there's probably a business model in there somewhere.

~~~
datasink
Small advertising networks are notoriously lax. The ad network in the
screenshot, pogads.com, has this testimonial on their front page:

"I've been banned from adsense for advertising online with companies offering
popups, I registered with pogads as an adsense alternative and I see the real
money potential in my service Roger, IL"

It's positioned as the first testimonial of several.

------
kapitalx
one sneaky thing you could have done is to modify your site very slightly so
that his site would load your ads instead of his. He wouldn't have noticed ;)

~~~
aquark
Just adding some javascript that just made sure the right ads are showing
would have been a much more subtle response.

I wonder if there is a possibility of a JS library that could detect this type
of scraping and reserving automatically. Would probably leads to an
interesting arms race with the scrapers.

------
techsupporter
Was leaving the domain name that easily identifies the person whose name and
other details were censored done intentionally?

------
boctor
It'd be interesting to hear the technical details of how the switcheroo was
accomplished

~~~
biot
Check web logs for regular visits from a specific IP address. Setup alternate
site (eg: on a different port) and use firewall rules to direct http traffic
from that IP to that port. Make a small change to the site and verify that the
copied site is altered. Then have fun.

~~~
datasink
It would be simpler to handle it in the application.

if ($ip == 'XXX.XXX.XXX.XXX') { require 'poison.html'; exit; }

~~~
biot
Setting up a new site is trivial to do and allows you to mess around with it
without modifying your main site... which may not be so simple as your example
if it's based on a CMS or other framework.

------
RossDM
Speaking of Internet thieves - check this out:

GearSpoke.com Derekfrye.com Badrobots.org

Why would anyone copy a website consisting of a single picture? Automated bot
scraper?

~~~
datasink
GearSpoke.com - 173.203.91.173

derekfrye.com - 173.203.91.173

badrobots.org - 173.203.91.173

And 173.203.91.173 is a Slicehost IP. Looks like someone just neglected to
update their DNS settings.

~~~
RossDM
Ah hah! Nice catch, didn't think of that.

------
bmaeser
well played, sir!

------
rorrr
Other fun ideas:

1) Redirect all of his traffic to your site

2) Put an iframe with his site in it. His hosting company would probably shut
him down very quickly.

3) Put goatse / tubgirl on all pages (for his scraper only).

------
slash7
Great!

------
prs

      updating, come back later...
    

The site in question has been updated quite quickly I suppose.

------
alanh
I keep trying to scroll up farther than the page allows

