Hacker News new | past | comments | ask | show | jobs | submit login
The Daily Mail Stole My Visualization Twice (flowingdata.com)
452 points by thehoff on Feb 19, 2016 | hide | past | web | favorite | 138 comments

A few years ago the Daily Mail ran an article about a visualization I made. They obeyed my CC license, so I have no complaint as serious as Yau's. But the article was just full of errors, including spelling my name wrong in three different ways. I wrote the article author and pointed out all the errors and he responded "No copy editing! It's a tight budget."

The Daily Mail truly doesn't give a shit. About quality, about copyright, about decency. It seems to be working for them.

The free market in action, I suppose.

Yes! Why is this a problem?

The Daily Mail is SHIT. The majority of people LOVE to read about shit.

It's not my thing, so I don't read it.

That's what free market means.

We have a closed market, however. It's free for incumbent massive media organisations like DMG who only exist because Lord Rothmere and descendents have The Right Friends. You and me, however, can pucker up, pay, and play by the rules the free ones make.

Keynsian economics does not equate to "good and right" - it equates to Keynsian economics - and nepotism. So much nepotism.

I know Keynes is the default bogeyman in some circles of economic thinking, but I'm really struggling to see the link between established corporations having brands and governments running countercyclical policy...

Bearing in mind most newspapers' circulation is crashing and Buzzfeed got very big very quickly peddling similarly lowbrow content, I'm not even convinced the market power of print media is that high.

I'm guessing the nepotism argument goes as so:

Keynes gov't economic stimulus is created by the gov't, and people with good connections to the gov't are the recipients of this stimulus, causing nepotism to flourish. The stimulus is not distributed evenly to the economy and thus increases economic inequality.

The entire bank bailout & QE seems like a similar situation in the USA. Who got all the QE cash? The banks, not everyone.

Correct - today it's a congressman or mp, 100 years ago it was a lord or governor, before that, the aristocracy.

We still have an aristocracy, or plutarchy, in fact. I come from deep within the belly of the beast and know the people who know the people and you would not believe how bent it all is. Everuthing happens behind closed doors, we just see the punch and judy show after the event.

This has absolutely nothing to do with Keynesian economics, unless you've redefined the term to mean "everything I do not like in the world".

Because the same people who absorb this garbage have an influence on public policy. "The best argument against democracy is a five-minute conversation with the average voter."

Does free market mean abusing someone else to host your stuff for free? Good thing we have REFERER in the browsers!

think a bit harder

they still need to adhere to the rules of society (no stealing etc)

also, publication of stories in a newspaper has implication wider than the readership of that newspaper

and besides, any free market also needs rules in order to function properly

The alternative would be a government committee deciding on what should or shouldn't be printed/displayed on the internet, I suppose.

Another potential alternative: large trustworthy media outlets form a committee themselves, develop some review process for adding a stamp to the top of their sites that says something like "American Online Journalist" and thereby encourage good journalism in a way that's good for business without interference with the free market.

Then what? People, who are reading Daily Mail, will say 'oh nooo it doesn't have the stamp'? No, doubt you care about these things if you're reading it.

And you know what? It's fine. If we don't like some things and don't see them right, doesn't mean that everyone else should. Some people like tabloids and that's alright.

We can't force people to like The Right Thing.

I absolutely agree with you. My idea is that perhaps the worst thing about a site that claims to report news but doesn't do good journalism is just that it claims to report news. I don't think people would or should stop reading sites that don't have the stamp, I just think there are ways to allow for macro-organizations without suggesting that "the way we do it is the only way, except for complete government control."

At which point, you open the door to a media cartel that decides what is and isn't worthy to write about. At which point, your stamp becomes worse than useless, it becomes a sign of 'quality' to the misinformed while really being simply a way to say it's been 'approved' by the large media companies.

What would stop Daily Mail from stealing this stamp and slapping it on their site?

Trademark law. A more significant problem is that mainstream media publications often actively dislike each others' editorial stance, so the last thing they want to do is agree on a way of mutually endorsing each others' content. The UK, for example, has one right wing broadsheet, one left wing broadsheet that repeatedly attacks allegedly sloppy journalism at the right wing broadsheet and one notionally centrist broadsheet (run by a media empire that makes a lot of money from tabloids). None of them are likely to be receptive to the idea of certifying each other as being more reliable than other news sources.

In most issues, between extremes there is, normally, a balanced approach.

The world doesn't run in binary variables.

The alternative is to pay teachers a higher salary in order to attract candidates who care enough to instill critical thought into their students.

Send the Daily Mail an invoice for their use of your work. Pick a reasonable price and bill them. Then if you don't pay you've got something tangible to sue them about.

This. This is a standard procedure for photographers.

Writing a blog post does not help anybody. Ask for money and you not only get money, they are more likely to not do it again.

IANAL, but this sounds like a great idea even if you don't plan to pursue payment: It's more likely to get a change from the scuzzy people in charge of the scuzzy business than polite letters to article-writers.

And if you do feel pissed, it nicely anchors things: "My client promptly sent a notification of infringement and an invoice, which they refused to pay for X months."

I use this plugin (also available for Chrome) to redirect to pictures of tea and kittens should I accidental click on a Daily Mail link. https://addons.mozilla.org/en-GB/firefox/addon/kitten-block/

It would be nice if this plugin could be configured to do the same for a list of websites, and not just the Daily Mail.

I would be better if it just dresses the link in CSS so you know never to bother clicking in the first place.

It would be better if he determined the ip space of the internal daily mail employees and whitelist them. That way it all looks great for them, internally, but everyone else looking at that page sees an anti-daily mail screed... or just the word 'poop'

What does the law say about putting a license on use of things like this "Embedding this content into your site without written permission from the author will involve a £100000 fee for it's use. You agree by embedding this content that you abide by these terms."

Is something like this enforceable?

I think the problem with this, like with most routes that involve a lawyer, is that this isn't about being enforceable or not, but whether you can actually pay in time and money to try to enforce it.

That's why typically only companies try to enforce licenses.

The author said that even writing the blog post was hard because he had not much time to spare.

Imagine what it would cost if you sue and demand a newspaper like The Daily Mail.

Ah yes; it's almost as if we live in some sort of serfdom where all the laws are set up to benefit only those who already have wealth, influence and power.


I haven't thought much about this but I wonder if a possible way around the problem is for multiple victims to pull resources and combine their cases against a single offender.

Someone would have to invest the time to create some structure to help the victims find each other but it should cost little to no money.

A lawyer might even find it lucrative to do this? It's like the advertisements I see asking if I've ever taken some drug or something if so I can join a class action law suit.

That is pretty much what a class action suit is, but there has to be some realistic expectation of money at the end (or a deep principle the lawyers care about) for anyone to take it on.

Finding each other is cheap, structuring such a case isn't.

I guess if it is lucrative, a lawyer will figure it out some day.

Daily Mail has lots of money I expect so there's probably plenty of lawyers who would do it on spec.

What if you just start invoicing their AP department?

Oh, that's interesting. What if included in the site, article, and as a comment surrounding the "poop. stolen." alert, were the licensing terms for those not granted explicit permission? Say, a $0.01 a view, or some such? Your compensation for their stealing your article might be quite handsome, likely enough at least to get a lawyer involved based on a shared percentage of recouped licensing fees. I imagine it would be fairly easy to prove, given all the locations the licensing information was available, including right next to the manual editing the employee had to do to get it to work on their site.

I'm a lawyer in the UK. Here, you can start your own claim online in a few minutes.

Yes, if it's under £5000 as I understand it?

I bet you if you sourced it well, made it look formal, and referenced the relevant articles, visualizations, etc. they might pay it rather than fight you if the price was reasonable.

Otherwise, you can always send them to collections for non-payment and/or hire a lawyer.

if a lawyer gets a percentage then it is hardly any work at all

Maybe, but there's also the cost of time, of actually finding that lawyer, convincing him of this, etc.

One of the things money seems to buy, which makes wealthy people/entities able to tackle problems that must of us realistically can't, is time.

I believe that in the end, the so-called rat-race is just a race to be free to have time, to do whatever you like to. Sure, some chains you will never be free of, but if you can shed enough chains off of you, you will have enough time to do other, more meaningful stuff, like defending your rights/intellectual property/privacy, etc.

In this case at least, it seems like the author finds it very hard to pursue this path, because in the end, what's in there for him? Maaaaaybe some money, after a long a emotionally tiring fight. On the other hand, you will lose time and money and potentially your health (since I don't see this route being stress-free).

In the end, like for most things, it ends up being a kind of personal-ROI thing. The return he sees is probably to low to be worth going after it, and the investment and risk too high.

And that's unfortunate, because in the end the abusive guys with money and time end up winning most battles :(

> Is something like this enforceable?

No, it's not, because 1) the user never agreed to the license, 2) a license by definition cannot cover unlicensed uses. Unlicensed uses are dealt with by statute, not by a licence agreement, so it would be up to a court to decide how much to reward you.

Note that for 1) without a written agreement you can't specify additional license terms beyond the usual statutory rights. Licenses and contracts have very different requirements for what makes them valid, the bar is set much higher for licenses.

It sounds like you are describing elements of both piracy/theft (in which the offender fails to obtain or adhere to a license) and a compulsory license (in which there is a predetermined usage fee but no consent is required).

With a compulsory license, the fee is pre-determined by law or arbitration. However, in the US they are basically only applicable to music and similar works involving royalties.

In cases of piracy, damages are sought through civil suit and ultimately determined by the court, not the plaintiff. Essentially your warning amounts to "I'll sue you for X amount if you steal this". There's no guarantee that the court would find in your favor or award the full damages sought.

I say "warning" because I doubt many courts would consider this a valid EULA to begin with. Contracts of adhesion are generally enforceable only if the terms conform to the reasonable expectations of the signatory (who has no control over the terms).

But even if it were valid, and you were allowed to set your own violation fee, you would still have to go through the court to enforce it.

Is something like this enforceable?

We'd better hope the general principle isn't, because otherwise every search engine, social networking site, traffic aggregator and directory service on the web is about to spend the rest of its very short existence fighting off lawsuits.

I suppose, maybe if you don't have a licence on things it's fair game, but I know the Daily Mail has ripped off Creative Commons Attribution-NonCommercial Licenced works.

On the contrary: if you don't have a licence on things, the default assumption should be that the copyright holder has given no permission, just as when the author of the article here didn't respond to a question sent in the middle of the night, that was not a grant of permission to do whatever the person asking wanted.

The complication with web sites is that there is inevitably some level of implied consent: if you put a site up and someone visits it normally, they are technically making various copies of your work along the way, without necessarily having any explicit permission from the rightsholder to do so. This is where lawyers argue technicalities about everything from hot-linking to uploading or downloading the latest Hollywood movie.

The copies made during visiting a website are treated as "incidental" copies under the law. What matters is that the author has decided to publish their work and that you are viewing their publication. Of course if you start duplicating their publication for your own ends, then it stops being incidental.

Careful: The law in this area isn't necessarily the same in all jurisdictions. Even within the EU there have been relatively few test cases so far and unless I've missed something recent the position with temporary copies is still not entirely clear.

Sadly, the past few years have seen lawyers argue the minutiae of EU directives and national IP laws to the extent that any original intention or moral or economic justification for copyright has long been forgotten. Basically, this has become exactly the kind of area that gets lawyers and legal systems a bad reputation, where sometimes quite significant amounts of power are being assigned based on obscure technicalities in how laws at different levels of government have been drafted.

Somebody already addressed part of it, but here's an introductory guide to how licensing works: http://cryto.net/~joepie91/blog/2013/03/21/licensing-for-beg...

So what about a community like Hacker News that combines community, karma, money and action.

Think of it like crowd sourced lawyers to even up egregious abusers of the public commons.

The community can somehow [1] filter actions up to the top and then automatically start a crowd funding campaign to take legal action based upon such things.

Might work against patent trolls and other organisations that we all feel are acting badly but we feel powerless to do anything about. I'd put £100 down now toward a class action lawsuit against the Daily Mail for constantly stealing peoples content.

[1] technical term meaning I haven't thought this through properly

I am not a lawyer, but one reason you can't do that is because you can't set punitive damages in a contract. The court would instead consider how much the unauthorised actions actually cost you and decide what damages are owed.

In other words, show monetary damages or GTFO. Count up how many cents in server bandwidth they used and bill them.

Copyright infringement is in the criminal code. They actually downloaded and modified the files. That's not just server fees!

Unlikely (IANAL) because it would be hard to argue the fee is reasonable.

You can specify that it is not available (but good luck seeing anything from a case about violating the license).

You might be able to do this with something like £100, though, and just invoice them. I'd guess staff lawyers would say just pay it.

> I made an alert pop up that said “poop” whenever someone loaded the Stuff.co.nz page. Like I said, I'm sophisticated.

I would probably have handled this much less maturely, haha. What would be the legality of displaying some really graphic image (like goatse) to only 10% of users when you detect you're within an iframe? :P

Ripping the source code of the visualization is so scummy though. I wish I could say I can't believe the Daily Mail, but this article isn't even surprising...

JWZ used to detect the hacker news referrer and redirect all links that originated on hacker news to goatse. Now it's only slightly less graphic.

I think the NZ Herald is worse than stuff. A meaningful percentage of their content is now Reddit stories.

Real journalism is dead.

What passes for journalism these days is just edits of media releases.

Sad state of affairs.

How would the Daily Mail feel about (and what would they do) if someone constantly scraped their website and redistributed the content? Perhaps a fun side project called TheLessAdsDailyMail.com?

That's a good idea! What if we repeatedly scraped their site and then display it to some of the users on our site. Then, we could charge them some small fee to click on the link.

We could sell them some of the data around who clicked on the link, and even charge their users after we segment them. We would probably have to crawl the site a lot of times and then display their content, but essentially we would own it.

Someone should try this. If it worked out, maybe you could expand to buzzfeed, techcrunch and then literally all of the sites on the internet.

Why didn't anyone think of this? You would just be able to charge websites (and their users) for providing you content!

edit: After thinking about it, it would probably be hard to do this. We could maybe create a standard and then show sites based on how well people listen to that, and then for the rest just see what are users look for and pick.

Copying an entire site is a bit different, if you copy one of their articles I doubt anything would happen. Maybe a sternly worded email.

If you copied their entire site, used their name, and removed their ads I'm sure they'd get lawyers involved.

Oh, but you could have something in the footer that says "full credit for content to daisy mayall", which is on par with their citations.

It's a fun idea though - seo bomb them until their bottom line aches.

I don't think (not a lawyer) that they could do anything if you put a disclaimer that it is a parody of their "creative work."

That should allow use of slightly changed (LessAdsDailyMail) trademarks, and proper citations could handle the rest.

We all know what they'd do. Respond with threats and litigation probably.

What I Would Do: Find out what law firm represented the Beastie Boys when they went after GoldiBlox.

Why I Would Do That: They were successful in their defense of the rights of the Beastie Boys and reached a settlement that included a public admission of guilt.

Long-Term Goal: To discourage such behavior through numerous examples of punishment using established rules.

Something tells me the Beastie Boys have a little more money to spend on lawyers than this guy does.

And that's a significant problem - most of the time organizations like the Daily Mail are ripping off small-time practitioners of data visualizations, comics, whatever... if it's something produced by a large company with lawyers you can bet they wouldn't touch it.

One of the reasons The Beastie Boys had money was that in 1983 they sued British Airways [1] for using a snippet of “Beastie Revolution” [2] without permission and received for $40,000 which they used to build a rent an apartment / rehearsal space / recording studio which they used to learn their craft.

[1] https://web.archive.org/web/20110826155454/http://samplingla...

[2] https://en.wikipedia.org/wiki/Cooky_Puss

Class action, if that applies then maybe?. I think if this is really a repeat behaviour enough people would come out of the woodwork to say they too were stolen from and signup.

As I understand it, we don't have class action in the UK.

Well I didn't list "sell all worldly possessions and file a lawsuit" as one of the options, I just figured they'd be in the best position to consult, at least from a US standpoint if that's of any help. If I'm not mistaken, The Daily Mail likely has pretty hefty insurance policies in place for damages against them for a variety of legal tests / cases.

The morally corrupt posing as moral guardians.

I know people who have had other things like photos from flickr stolen by them.

They are disgraceful!

Well, what does one expect - they are the hateful paper for hateful people. In the 30's they ran many pieces about the wonderful Mr Hitler and his brilliant solution to the Jewish problem - and today they trot out the same rhetoric re: Muslims and immigrants.

This is relevant because the kind of person who wants to work for a paper that espouses such views is very unlikely to care about your human, never mind intellectual property, rights.

The Daily Mirror also supported Hitler in the 30's.

They were also the first paper to publicly accuse the murderers of Stephen Lawrence.

This kind of thing is beyond rampant at all levels.

I think the people most concerned about following the rules are small-medium businesses that are big enough for someone to try to sue, but not big enough to have an army of lawyers that makes them practically invincible from all claims that don't originate from a similar Super-Massive-Corp. Business insurance is pretty meaningless for practically any claim that doesn't involve unsafe facilities, and they often include clauses similar to "If you lose in the wrong way, you owe us all the money we paid for your defense".

There's an impression that since big media outlets are such big targets, they're careful about this type of stuff, but it's not true at all. They're only careful when it's another SuperMassive's copyright. They know that a legal fight with them is not possible for any other creator, and they know that they can get an immediate benefit by violating your copyright. They'll rip your stuff off, they may take down the thing they didn't have a license for after you complain, and they'll just laugh at you because they know an attorney is going to charge tens of thousands to even start proceedings against someone as big as them.

We need to fix the way legal costs work.

You must be really good at creating visualizations. :) way to go sir!

autorespond *@dailymail.co.uk I hereby deny permission to reuse content from my website.

sounds like someone needs to set his X-Frame-Options header.

Thank you for this. I was unaware of such an option!

Here's a nice clickjacking cheat sheet I found after searching for more info:


Unfortunately that would not work in this case: in this case they created an unauthorized copy of the work on their own server for the purposes of redistribution; therefore they had full control over the HTTP headers.

Encode and eval the alert code so it's at least harder than searching the source for "alert"? It's not good, but it might be enough to annoy them into not doing it. Probably not.

It suddenly occurs to me that in addition to it being rude to deep-link someone's content via <iframe>, it may be dangerous to Daily Mail's security model.

I wonder if they've configured everything correctly to ensure that an embedded iframe can't find its way to the user's Daily Mail cookies or credentials?

The browser's built-in same origin policy will prevent the iframed content from being able to access cookies in the containing frame because it is being hosted from a different domain.

What about just changing what the Daily Mail is serving up? An image referring to the Daily Mail stealing content for example.

This reminds me of the days of flash. There use to be a ton of sites stealing other people's flash games. You could buy flash obfuscater and de-obfuscate programs. People would steal your game code and re-skin the game,etc. Then the new strategy was to put the ads inside the video game.

the daily mail is awful, I wish people would ignore their garbage.

They had a story about the Orion capsule project recently [http://www.dailymail.co.uk/sciencetech/article-3432512/Orion...], that included an infographic comparing rockets throughout space history.

Take a look at that last one; fans of space simulators will recognize it.

Seriously, they are garbage journalists. Editorial oversight and quality control is, at best, a hobby for that publication.

Wow. I can't believe this passes as a newspaper.

Where are the editors? Can't they even screen the things they steal at least?

they don't care

Yeah, I agree.

But still... I mean, if I'm going to steal a diamond, I would make sure it's the real deal, instead of some Snatch's moissanite...

I would suggest doing something like Nanex does with their graphs and images, use watermarks or some other identifying mark that is clearly unique to you. This way, they may think twice about clearly showing work that is not theirs.

The Oatmeal was recently linked to without permission by the Huffington Post. Matt Inman had a predictably brilliant response.


First things first: How did you even track who was using your Visualizations? Can you explain so others can learn from the lesson as well.

If they actually downloaded and republished your dikes, then that is clear copyright infringement. Which is both a crime, as well as cause for civil action. You could report them to the DA (or whatever is the equivalent where you or they live.) It would be interesting to see how that went!

The Flowing Data is great. Yau really builds great visual charts of various data.

Remember to disable your ad blocker when on dailymail.co.uk to fund this high quality content, it's not cheap to make! Wouldn't want them to have to close up shop!

Perhaps the solution would be to embed a link to your site within the content you create itself, be it visualizations or whatever else?

Why is it any worse to link to a page than to put it in an iframe? (The author's page header was still on there, so there's a clear attribution.) Why is the author so dissatisfied with his page getting so many views? I'd assume that's the point of putting things on the internet.

Who is saying that its worse to link to an iframe? The author's issue was that they asked permission, then took no response to mean "do as you will!" including downloading, modifying, and redistributing his work.

I highly doubt he'd complain if they just linked to his content. This is pretty straightforward copyright infringement.

They embedded/copied/proxied it. They did not 'steal' it.

Regardless of whether you find their behaviour acceptable, those are two very, very different things.

And when someone "steals" your identity, they didn't really steal it right?

If you put a lot of effort into a project and don't want it stolen, please REGISTER THE COPYRIGHT.

0. Register the copyright within 3 months after you publish the project.

1. Register online at https://eco.copyright.gov/ - it costs $35 (or so) and is not particularly difficult to do.

1.1 registration is not difficult, but it is tedious and involves navigating a super-old government website that kinda sucks.

2. You can also hire a lawyer to register for you, which costs around $200-300.

3. Once you have the copyright registration, you can write a polite letter to whomever is stealing your stuff (or write a nasty letter, depending on your mood).

4. You can force them to pay you compensation for stealing your copyrighted content.

5. If your stolen stuff is being hosted by a third party provider (like imgur or whatever), you can send the host a DMCA takedown request, and the host will quickly remove the offending content.

that is just US law. Milage may vary in other countries.

edit - a lot of downvoting on this comment. Too snarky? Too anti-open-source? i thought this is useful info. Sorry to offend!

You don't actually need to register in order to be protected by copyright laws. The benefit to registering is that it is needed in order to sue. [1]

1: http://thompsonhall.com/does-a-copyright-have-to-be-register...

I used to litigate copyright cases. While your comment is technically true, for 98% of cases, you will need the copyright registration for any amount of meaningful copyright protection.

35$ a visualization seems a steep price to pay.


Didn't you read the article at all? It's only a few paragraphs:

"So how did Daily Mail embed the visualization without the word “poop” popping up on an empty page? They downloaded all the files from my server on to their own server and deleted the snippet that brought up a poop alert. That way they didn't have to deal with those pesky safeguards I setup.

In other words, The Daily Mail deliberately stole my work."

Yes, but the parent poster isn't wrong; the bulk of the article is about iframe embedding, and it's a clear distinction people should draw in terms of responsibility.

In addition, DM crossed a line that they shouldn't have crossed by re-hosting the content. But conflating iframe embedding and content theft is a bad precedent.

> Didn't you read the article at all? It's only a few paragraphs:

This is an unhelpful comment to make. But if you're going to take that tack, one could plausibly make the same remark in response to your comment. Because farther down, the post talks about the other time the Daily Mail used one of his visualiations:

They didn't just screenshot the map. They didn't just embed the map itself. They iframed my entire site, which is why the FlowingData logo and header appear on their site.

So there were two instances. One in which they copied the code and removed the code snippet, and another in which they just iframe-ed the page. The charitable interpretation of the GP's comment is that they were referring to the latter.

Since the latter isn't the point of the article, the charitable interpretation is actually that the OP didn't read it

Dodgy as hell though, if you do it without attribution. And you are sticking the true owner with the bandwidth costs.

Also: "So how did Daily Mail embed the visualization without the word “poop” popping up on an empty page? They downloaded all the files from my server on to their own server and deleted the snippet that brought up a poop alert. That way they didn't have to deal with those pesky safeguards I setup."

He had, shall we say, "protections" in place to prevent his page from being embedded.

Daily Mail downloaded his source files, removed the protections, and then embedded their own iframe referencing the copied files with the protections removed.

I'd say that counts as stealing.

This sort of thing happens all the time with images though. It just sounds worse and different because it is a fancy visualization rather than a .jpg or .gif.

... and many photographers have successfully sued for various websites using their imagery without permission - regardless of whether or not it was publicly available on the author's website.

The fact that copyright is violated on a regular basis does not make this case any more or less excusable.

I agree with you but that didn't come across well in my comment. My point was to say that it is indeed the same thing, only it sounds different because it took more steps to accomplish.

It's worse! You still route traffic to the site and don't even pay for your own bandwidth, while reaping the benefits of their content.

Also, they didn't just embed an iframe - read the whole article.

Downloading all files and re-uploading them without attribution is pretty akin to digital IP theft however.

You can remove 'pretty akin to digital'. But also it's copyright infringement, not theft.

Though I agree and understand the difference (layman's mistaken terms aside), it's also a criminal version of copyright infringement which, if memory serves correctly, in the US is a more stiff penalty than petty theft even.

Downloading someone's website and re-hosting it one your own server without permission is surely a copyright infringement?


> You didn't read the article did you.

This comment breaks the HN guidelines: https://news.ycombinator.com/newsguidelines.html

More importantly, your two prior comments were personal attacks. Surely you realize that those are bannable offenses on HN. We hate to ban longstanding users. But please: no more uncivil comments or we will have to.

Well if you moderated comments/users that made threats of physical violence against me I wouldn't be tempted to make posts referencing them. You can't deny seeing the comment in question since you replied to it.

> I wouldn't be tempted

It's up to you (i.e. to each of us) to resist that temptation. Somebody else breaking the rules doesn't entitle you to as well.

Sounds like somebody didn't read the article.

I can't help but think that it would make sense for Mr. Yau to either (a) Change the server setting to emit the X-Frame-Options: DENY header or (b) monetize views on his graphic.

In general, you can't assume people won't deep-link your content, and that includes embedding. Taking steps to protect against or take advantage of traffic spikes is the responsibility of a content provider.

This, of course, wouldn't protect against DM just straight yanking all his assets and hosting them itself, which should be clearly immoral (and possibly illegal, depending on jurisdiction). But "framers gonna frame" is a fair thing to assume about the nature of web content, along the lines of "<img> tags are cheap and if people see something funny on your site, they're gonna use 'em to share it."

> I can't help but think that it would make sense for Mr. Yau to either (a) Change the server setting to emit the X-Frame-Options: DENY header

The article states that the Daily Mail scraped the files and uploaded them separately, to avoid his iframe detecting JS.

And "just monetize it" feels like a... simplistic approach. Even if the Daily Mail did a normal iframe embed, how would the author monetize, exactly?

> And "just monetize it" feels like a... simplistic approach. Even if the Daily Mail did a normal iframe embed, how would the author monetize, exactly?

Send them an invoice for using his material, with an additional fee for not getting permission in advance.

Then take it to small claims if DM doesn't pay.

This is a viable approach. Small Claims is a simple process, you don't need a lawyer, and you can claim for a non-trivial sum plus damages and costs.

The DM gets sued regularly, so it's not as if they're invincible.

Could an US citizen living take them to small claims court from the US?

As long as you're fiddling inside the HTTP server, why not just redirect requests from IP addresses known to belong to the serial offender sites to an infographic showing the number of times those blocked sites have copied valuable content without licensing it first?

It wouldn't be more than an inconvenience to them, but some people deserve to get rude gestures when they come 'round to mooch.

As noted in my original comment: yes.

However, he's had issues with multiple sites iframing his content against his will, not just Daily Mail. DM just went the extra mile to straight-up rehost the content, which crosses a line that directing a user's browser to mash up content from multiple servers isn't generally considered to cross (and can be controlled by content providers via use of existing cross-domain headers).

Not sure why you're getting downvoted so heavily. X-Frame-Options would help. At the very least, it would have forced DM to steal his previous visualization instead of having him foot the hosting costs.

It's basically his "poop" solution except properly done, and scales to all of his content instead of having to be a one-off.

In general, you can't assume people won't deep-link your content, and that includes embedding.

Technically, no, you can't with current protocols. However, this has been regarded as bad manners ("hot linking", "bandwidth theft", etc.) since forever.

Taking steps to protect against or take advantage of traffic spikes is the responsibility of a content provider.

The trouble is, with the increasing concentration of attention on the web in the hands of a few high profile traffic aggregators and social networking sites, this kind of argument holds less credibility than it used to. It's all very well saying if you put something on-line then you're responsible for supporting it, but the reality is that someone else suddenly diverting large amounts of traffic to your site is statistically indistinguishable from a denial of service attack.

If it's qualified traffic and being directed to somewhere you welcome the extra visitors, you might appreciate it. If it's unqualified traffic and overloading your servers at your and/or your normal visitors' expense, you probably won't appreciate it. If it's not even being directed to your normal site but instead deliberately freeloading on your servers and bandwidth via hot-linking, I think you're at least well into a grey area in terms of both ethics and legality.

Perhaps more accurate to say "Taking steps to manage traffic is the responsibility of a content host."

People make HTTP requests for all kinds of reasons. If you don't have someone managing your hosting, the responsibility defaults to you. That's one of the reasons there's an ecosystem of cloud providers now to shoulder the burden of this implementation detail that people don't want to know just to make content available online.

But the core point stands: It's the Internet. You can't trust the clients to behave; assume the worst of user input. Calling out Daily Mail as terrible (which they are, and which people should do at every opportunity ;) ) doesn't solve the root problem that nothing about the protocols restricts using <iframe> to pull in cross-domain content.

If you don't have someone managing your hosting, the responsibility defaults to you. That's one of the reasons there's an ecosystem of cloud providers now to shoulder the burden of this implementation detail that people don't want to know just to make content available online.

I think it is extremely dangerous to argue that anyone who wants to publish safely on the Internet should be required to do so via some huge cloud provider. We shouldn't conflate what is technically possible because our old protocols give too much trust with what we consider ethical or legal.

You can't trust the clients to behave; assume the worst of user input.

By the same argument, spammers and those PPI cold callers are OK, because we agreed to have e-mail accounts and phones. In reality, bad actors like this screw up the system for everyone, and dealing with people who screw things up for other people is why we have laws. Treating negligence or particularly actively hostile action as the victim's fault is usually a very bad idea.

As soon as you searched you saw that many other people had written this kind of thing, and yet that hadn't done any good. What made you think this post would make any more difference than the previous ones you found?

If you want to actually make a difference, talk to your solicitor. You might even get some money out of it.

That's a pretty silly thing to conclude.

I, for one, didn't know about any of this. So that's at least 1 more person aware of this practice because OP chose to write about it.

I imagine I'm not the only one.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact