
FT.com sues company for sharing single subscription account - whyleyc
http://www.guardian.co.uk/media/pda/2009/feb/03/financialtimes-national-newspapers
======
fallentimes
Suing your customers and users usually doesn't end well. Just ask the RIAA.

Even if they win the lawsuit and scare some more people/companies in to
paying, I have trouble believing this will be a net win.

~~~
helveticaman
Yeah...eventually ill will catches up with you because even the judges think
you're an asshole. Don't shit where you eat.

------
numair
A lot of the commenters, and the writer of the article, seem to miss the major
point here. We are talking about BLACKSTONE, whose founder paid millions of
dollars to have Rod Stewart sing at his 60th birthday, among other ridiculous
displays of tacky financial dick-swinging. The company that paid 40-something
billion for Equity Office, and 20-something billion for Hilton Hotels. This is
the LAST company you'd allow to get away with this sort of ridiculous, cheap
behavior.

And for those spouting the usual information wants to be free nonsense, you're
probably not in the demographic of those reading the Financial Times. The FT
and WSJ are two publications that tend to have exclusive, market-moving
information that is extremely critical to the careers of many people (for
example, the interview with Wen Jiabao of China this week had a lot of people
involved in the Treasury market talking). This information is NOT available
all over the web. If a blogger were to obtain just a single day's worth of FT
scoops, he/she would be considered a genius.

------
whyleyc
I'm interested to know if HN can think of a technical solution to this problem
? (one that must be common to many sites).

It seems you could filter access based on IP address but that could be
problematic if users were all coming out of the same company network.

~~~
buro9
I worked on a premium rate video site (sport, not porn) and developed some
scheduled tasks for detecting sharing of logins.

Our scenario was based around users sharing details on forums and over MSN or
IRC.

It was simple enough to log every login, and at the time of login collect
basic identifiers which on their own are relatively useless identifiers (think
one bit of DNA), but added up become quite effective identifiers (think 30
bits of DNA).

We would then query the login against the number of login fingerprints spread
across the day (were they really awake 24/7?) and across the globe (could they
be in NYC and London at the same time?) and other such questions.

We ignored a reasonably high rate of abuse (one person could share the details
a few times) and only approached the accounts that were significantly
compromised.

To those that were compromised, the password would be automatically reset and
emailed to the registered account holder letting them know that we feared
their user credentials had been compromised and should it be compromised
multiple times we would view this a risk to the content and would close the
account. Note we did not accuse them, it's not good to do that to your
customers.

One thing we didn't do, but which was debated, was to publish under the
account login, the details of the account. Basically it was suggested that by
putting the personal details of the registered user in with the account, they
wouldn't want to share them... i.e address, phone number, part of the credit
card number... all under the payment details page and quite obvious from the
header. Yes it was designed, but no it never got launched.

Anyhow... detection and a way of handling it was both trivial and effective.

~~~
bestes
Sounds like a nice solution. It does not sound trivial to me, though. Do you
have any code to share or other pointers?Especially around the 'tuning' of
this system (like, how many hours was too many, how much distance was OK,
etc.)

~~~
buro9
It was trivial to collect the information.

First you start with what the server knows, and log each data point.

Then what can JavaScript tell us? Log each data point.

What can common plugins tell us? Windows Media player has a UID cookie, call
it twice from different IP's and see if we get the same number back. Flash
could tell us a bit more too.

Then there are the geospatial properties, where, when? Log those.

We logged everything we could, and then pushed them over to an MIS layer.

The MIS layer included views that ranked all users according to various basic
criteria (number of hours when login has been performed per day, total amount
of time spent on the system (windows media log files), number of unique
machines used to access content).

With those views the business could then use existing reporting tools to tweak
the criteria or investigate a more severe anomaly in a set of data points.

The result reports went back into the system and became the new benchmark for
the next set of scheduled de-activations or emails.

This way the computers could be left to do it 99% of the time, and people
could come in and tweak it visually for the 1% of the time.

We were purposefully tolerant of the issue as it is better to let a few people
through and gain that marketing and audience than it was to have false
positives and the bad marketing on the sport team forums.

I can't share the various bits of code I'm afraid, it's a while ago and
belongs to my employer at the time, though the technique I've outlined above.

~~~
teej
Thanks for posting this. For a long time, I've had the opposite issue:
detecting and disabling single users running multiple accounts. This is a much
more comprehensive way I could narrow down where requests originate and then
map that to clusters of user accounts.

------
lionhearted
"Full subscribers pay £199 per year" is $285 USD at current market rates, a
bit higher based on last year's rates. The Financial Times is huge - that
whole finance thing has never been my cup of tea, but this is England's Wall
Street Journal. Very prestigious, and probably a bit more recession-proof than
papers for the masses.

So I'm scratching my head, thinking why they're suing for relative peanuts.
Certainly a couple phone calls and Blackstone cuts them a check, no?

So I can only come up with two ideas on why they'd sue: Deterrence or
publicity. Probably both. I suppose you're not likely to have the sort of
backlash that anti-piracy measures generate from consumers, and the kind of
institutions that subscribe to the FT are unlikely to leave in protest. I
guess it's a good business play, though it did surprise me and seem a bit
strange at first.

~~~
jacquesm
I wonder if the FT will sue me because I gave their paper to a friend...

Scarcity of information is _not_ a good business model in a time when
transporting and copying information has a cost approaching 0.

~~~
electromagnetic
_"... when transporting and copying information has a cost approaching 0."_

The cost is _relatively_ approaching 0. The true cost of copying and
transporting information is phenomenal, I mean I want to copy a VHS it used to
cost me $400 max if I bought everything new! If I do similar for a DVD it's
running me at least past $1000.

However that's the actual cost, the relative cost is in fact near zero. We all
have computers/laptops now because we _need_ them, which means the extra cost
to rip a DVD now is all of about $2.99 for the rental fee from Blockbuster
with an additional like $0.50 to burn copies for people.

It's also the value of the object you're ripping. It'd still be considered
cost-effective if you bought a $1000 computer to use _once_ to rip the full
Adobe suite rather than actually buy the Adobe suite!

The FT shouldn't be suing a single user, it's absurd and will cost them money.
They should be using a business model that forces institutions to pay. Adobe
doesn't expect me to pay $2000 for CS3, they do however expect a design firm
to pay probably a hell of a lot more than $2000 to kit out all of their
computers.

------
chris11
I wonder if this is a sign that bugmenot.com might get sued.They have some
paid sites on there right now. In fact they have working ft.com
info.<http://www.bugmenot.com/view/ft.com>

------
josefresco
Why are they suing? Can't they just kill the account, or block the other
users?

~~~
whyleyc
I think it's a shot across the bows of any other companies thinking of doing
likewise (which would be a direct hit on FT revenue).

