Every Website Needs To Re-register With The Copyright Office, Who Can't Build A Functioning System

from the are-you-serious? dept

As we mentioned last month, the Copyright Office -- despite being warned this was a bad idea -- has decided to implement a brand new system for websites to register DMCA agents, and has done so in a way that will undoubtedly fuck over many websites. It's already ridiculous enough that in order to be fully protected under the DMCA's safe harbor rules (that say you're not liable if someone posts infringing material to your website), you need to register a designated "DMCA agent" with the Copyright Office. The idea behind this is that by registering an agent, copyright holders will be able to look up who to send a takedown notice to. And, sure, that makes sense, but remember that this is the same Copyright Office that supports not requiring copyright holders to register their works, meaning that there may not be any legitimate way to contact copyright holders back.

The reason for the new system is that the old system was just ridiculous -- on that everyone can agree. You had to fill out a paper form, sign it, and send it in. The Copyright Office has been way behind on digitizing everything, so moving to a web based system is a good thing. Also, the old system required payment of over $100, while the new one is just $6. That's all good. The problem is twofold: first, the Copyright Office has said that it is throwing out all the old registrations, and if you want to retain your safe harbors, you need to re-register. There's a grace period through the end of next year, but plenty of sites who don't follow the Copyright Office's every move are going to miss this, and will no longer have an officially registered agent with the Copyright Office (it's possible that, should this issue go to court, a platform could reasonably argue that it still did meet the statutory requirements in the original registration, but why force site owners through that hoop in the first place). The second problem, is that this new system will toss out records every three years, so if you forget to renew, you once again can lose your legal safe harbors. This puts tons of websites at serious risk, removing key protections and opening them up to lawsuits from copyright trolls.

Either way, the Copyright Office opened the doors on the new system yesterday, and so I went ahead and re-registered Techdirt. And, let's just say, the Copyright Office has a reputation for being technically clueless, and boy, does it live up to that reputation with its new system -- though, to be fair, as the Copyright Office's General Counsel reminded me on Twitter, it's actually the Library of Congress that built the system. First off, to register a new agent, you need to first register with the Copyright Office's system. As Eric Goldman points out, the system is not designed for individuals or sole proprietorships, even though those people should be able to get DMCA safe harbor protections as well. Specifically, to register, it requires an organization name and a "second contact" name and information. I'm not sure what individuals should do, other than maybe make something up -- though, before you even get started, the system pops up a warning suggesting that you may face criminal charges under the CFAA if you do anything wrong (while it means if you try to hack the system, the wording may confuse many people not familiar with the law). Nice touch.

Oh, and then there's the password system. Like many people, I use a password manager, which also will generate strong passwords for you. I went through the process of filling out my info, and generated a strong password... and I got back an error message. It seems that the Copyright Office has taken what used to be considered best practices, and then took it to an insane extreme:
First of all, the US government, in the form of NIST, recently released new guidelines for password policies for any US government websites. And the Copyright Office ignores them, because whoever designed the new DMCA system seems to not give a shit and not be even remotely aware of good security practices these days. Here's what the new rules say:
No composition rules. What this means is, no more rules that force you to use particular characters or combinations, like those daunting conditions on some password reset pages that say, “Your password must contain one lowercase letter, one uppercase letter, one number, four symbols but not &%#@_, and the surname of at least one astronaut.”

Let people choose freely, and encourage longer phrases instead of hard-to-remember passwords or illusory complexity such as pA55w+rd.
So, yeah, nice job Copyright Office for ignoring what you're supposed to do. Second, even if those rules did make sense, by lumping together all of them, and then adding the absolutely ridiculous and bad security practice of saying "must not have any repeated letters, numbers, or special characters," you actually reduce randomness and make passwords less secure. This is just bad security.

To deal with this rule, I generated a much longer password, and then manually went through and removed any repeated letters, numbers or special characters, and made sure that all of the other rules were met. They were. I hit submit. The system rejected it, and gave me the exact same error message. I tried again. Same problem. I kept trying things for about 20 minutes until I figured out what the problem was. You see above, where it says "and special character "!@#$%^&*()""? Well, in my first attempt at a password I had two special characters: ? and >. I incorrectly assumed that when they say "special character" they mean any special character on the keyboard, and not just those limited to the ones above the number line on your keyboard. Once I realized that might be the issue, I still had a problem. And that's because my new password had " as a special character. I incorrectly assumed that was okay because it's in that list above, right? Except, no, it's not. It's just put around those symbols for no reason at all except to fool people. It would be nice if the error message actually told you that you could only use those characters and that the " wasn't included. Would have saved me a lot of time.

Once I finally finished that, the system sent me a confirmation/validation email (good), which I used to confirm my email and log into the system... only to discover that everything I had just done... was not actually registering a DMCA agent. It was just to register your account to use the Copyright Office's DMCA system. So I had to then go and fill out another form to register our DMCA agent (and I won't even get into the fact that once you've activated your account, the message telling you to "click here" to login to designate an agent makes it so that it's not at all where to actually click -- great design guys!).

Finally, once I'm all registered, and despite the fact that I'm very clearly registered in the United States, the system says I'm in Canada. Because, apparently, the genius IT staff thinks that the "CA", which everywhere else means California, means Canada in their own system. Because whatever, nothing matters.
So, yes, I eventually paid my $6 and got registered, but lots of people won't and lots of sites are now going to expose themselves to bogus lawsuits. And for those who do get through this process, you may end up in Canada. So anyway, off we go to this new era, in which websites are much more at risk of losing their safe harbor protections, and to make it more fun, the system you need to use to register yourself is buggy as hell with a bunch of bad design practices. It's almost as if they want websites to lose their safe harbors. Considering that the key role of the Copyright Office is to register stuff (the boss of the office is literally called "The Register"), it seems fairly ridiculous that they make it so difficult to register DMCA agents, and then force renewal every three years (while at the same time insisting that any renewal requirement for copyright holders would go against the natural order of things and bring famine and pestilence upon the land).
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: copyright office, dmca, dmca 512, dmca agent, library of congress, nist, passwords, safe harbors


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    aerinai (profile), 2 Dec 2016 @ 10:19am

    Same Rules Apply...

    So I have to register every 3 years for safe harbor protections... lets do the same thing for copyright!

    ... just saying...

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 2 Dec 2016 @ 10:52am

    Here is an idea...

    "And, let's just say, the Copyright Office has a reputation for being technically clueless, and boy, does it live up to that reputation with its new system -- though, to be fair, as the Copyright Office's General Counsel reminded me on Twitter, it's actually the Library of Congress that built the system."

    How about you guys get the FCC to do it for ya? I mean they are doing a bang up job right now! Go for it! Wait... they might get the axe soon! whooops!

    Boy unconstitutional and unnecessary regulation is so fucking awesome, is it not?

    link to this | view in thread ]

  3. icon
    DannyB (profile), 2 Dec 2016 @ 11:01am

    Password Requiremnts

    link to this | view in thread ]

  4. icon
    DannyB (profile), 2 Dec 2016 @ 11:04am

    Password Requirements

    Password must have at least 12 characters, with at least one lower case letter, upper case letter, number, and special character "!@#$%^&*()", and must not have any repeated letters, numbers, or special characters.

    Why no repeated characters?

    Disallowing repeated characters actually diminishes the universe of allowable passwords. Isn't the idea of the requirements of special character, number and upper/lower case to force passwords into a larger space so that they don't all fall into the small space of lower case only words from the dictionary.

    link to this | view in thread ]

  5. icon
    Ninja (profile), 2 Dec 2016 @ 11:05am

    "It's almost as if they want websites to lose their safe harbors."


    *puts on tinfoil hat*

    I wouldn't be surprised.

    link to this | view in thread ]

  6. icon
    Ninja (profile), 2 Dec 2016 @ 11:05am

    Re: Password Requirements

    Because they are incompetent?

    link to this | view in thread ]

  7. icon
    DannyB (profile), 2 Dec 2016 @ 11:06am

    Re: Same Rules Apply...

    Yes. That. It reminds me of some saying about the goose and the gander having compatible ports without need of a special adapter, or something like that.

    link to this | view in thread ]

  8. icon
    aethercowboy (profile), 2 Dec 2016 @ 11:07am

    I'm just saying, this is total BS. There's no reason why they have to charge (even if it's just $6) for this. I'm fully capable of listing the appropriate DMCA agent on my website, which, presumably, people wanting to make a DMCA claim against, are visiting.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 2 Dec 2016 @ 11:10am

    As Eric Goldman points out, the system is not designed for individuals or sole proprietorships,

    That a feature, the legacy industry does not want to compete with self publishing creators, and creating extra legal risks is a tool to push them back into the arms of the gatekeepers.

    /conspiracy, maybe

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 2 Dec 2016 @ 11:11am

    Re: Re: Password Requirements

    By now, it should be considered willful criminal negligence.

    Actual entropy in cryptography has a well established history of research, yet like most other types of science we prefer the pseudoscience side of things and go for straight fucking theater!

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 2 Dec 2016 @ 11:14am

    Re: Password Requirements

    I recently went on an email-writing campaign for a number of sites I use, some financial related. I sent some emails to their security departments pointing out how their password policies increased security risk, and thus legal culpability of the site in question. I explained the logic behind each of the restrictions they had in place, and then explained how their combination of rules mathematically cancelled out any perceived benefit they may have acquired by enforcing them.

    Amazingly, within two months, some of these sites actually changed their policies to increase security.

    My next step is to send out reminders CCd to webmaster, legal and info -- I figure that way, with four different potential departments involved, someone will recognize the liability they are taking on with this style of password restriction, and Changes Will Be Made on the other sites.

    I encourage others to do the same thing; linking to the new NIST guidelines would be an added bonus.

    link to this | view in thread ]

  12. icon
    Roger Strong (profile), 2 Dec 2016 @ 11:17am

    A New Reputation Managment Fraud Vector?

    Does the site do anything to confirm that you really are the "DMCA agent" for the site being registered?

    Or could a typical "Reputation Management" fraudster register a sock puppet as the DMCA agent if the real site owner is unable to, and use that to remove safe harbor protections? Even if the real site owner DOES register, could the fraudster then register the forum subdomain or individual pages? How does it handle SECOND person trying to register a given site, fraudster or real owner?

    You might want to test this. (I'm not in the US.)

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 2 Dec 2016 @ 11:17am

    Re:

    This makes perfect sense; the alternative would be to use the Whois DB for this purpose. I guess the reason they don't do this is that some sites put fraudulent contact info in both places. But that, I would think, would just result in DMCA compliance failure, with no cost to the copyright office.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 2 Dec 2016 @ 11:20am

    Re: Re: Same Rules Apply...

    The problem is the port is copyrighted, patented and trademarked.
    So, pay up!

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 2 Dec 2016 @ 11:23am

    Re: A New Reputation Managment Fraud Vector?

    "(I'm not in the US.)"
    It's okay, apparently Mike isn't, either!

    link to this | view in thread ]

  16. icon
    Nate (profile), 2 Dec 2016 @ 11:25am

    Re: Here is an idea...

    I don't see the problem with that; the FCC website is quite usable.

    link to this | view in thread ]

  17. icon
    Roger Strong (profile), 2 Dec 2016 @ 11:47am

    Re: Same Rules Apply...

    The major publishers might actually love this idea. They have the money and the staff for continual re-registering.

    For them, the internet is a disaster because it levels the playing field. Anyone can publish. So for example they periodically push for mandatory DRM schemes like SDMI to keep out small players who can't afford the licencing and technical costs.

    Disney is known for vacuuming up off-copyright works from the Brothers Grimm to Japanese animation, republishing it as "their own" creations, AND THEN fiercely protecting them with copyright. It might work in their favor to hand the small players the hassle and cost of continual copyright re-registering.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 2 Dec 2016 @ 12:04pm

    Re: A New Reputation Managment Fraud Vector?

    You might want to test this.

    One might want to test this, but given how poorly done the site is, I wouldn't put it past their IT department to consider that kind of exploitation to be "hacking" and start pushing CFAA charges.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 2 Dec 2016 @ 12:21pm

    Re: Re: Here is an idea...

    Usability is not really the problem, even if we can make all government websites usable by even the dumbest of assclowns, the problem is that they still do very little about things to actually resolve problems.

    Like the robo call bullshit they have yet to do much about, the Copyright Office does little about copyright issues. And in the case here, the Copyright Office just trashed everyone's past registrations only to force them to do them again.

    I am bitching about how effective these bullshit agencies have been in the grand scheme of things.

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 2 Dec 2016 @ 12:38pm

    In fairness to their web designers

    That awful experience actually seems pretty typical over the last couple of years. I've dealt with websites from a number of different companies where I was left with the impression that they had specific line items in their requirements document that the site should be unpleasant to use. Among the brokenness I've seen recently:

    1. Catastrophic failure if Javascript does not load, whether due to NoScript, Policeman, RequestPolicy, or just plain unreliable servers. Such pages often are missing most or all of their content, contain no explanation of what went wrong, and some of the time aren't even reload-safe, so just refreshing the page to try again causes problems. For extra fun, some sites rely on an unreliable third party server, which relies on another third party server, and then assume that all the Javascript and CSS from both of those other domains loaded quickly and correctly. If it doesn't, then splat, the page is broken with no explanation why.
      • I even encountered one site where reloading the page would be misinterpreted as a request to log out, whether you reloaded because the page failed to come up properly the first time or just because you bumped the browser's reload button.
    2. Weird redirect paths, like trying to redirect unauthenticated requests for publicly viewable resources to a login page because I have an expired login cookie from last week still in my browser. If I wanted an authenticated page, I would have asked for it or gone to the login page. I just want to see the publicly viewable resource without typing in my password.
    3. The ever-popular "We've timed out your session and lost all your form entries. Please log in again, start over from page 1, and be faster this time." This could be fixed by including the form data as input type=hidden fields in the error page, so that it can be resubmitted after the user logs in again. Add bonus points for generating the forms in a way that defeats the browser's normal ability to remember old forms.
    4. Replacing simple pages that could easily be stored statically on the server with complicated pages that are dynamically generated by client-side Javascript; such pages usually require several large Javascript libraries, and take seconds at full CPU to render on a modern desktop. By comparison, simple static server pages render so quickly I sometimes think they came from the browser cache. Yes, some pages only make sense when generated dynamically. Others can be rendered as well, if not better, by the server. Sadly, many web developers seem to think they aren't doing their job if they don't encumber every single page with useless scripting and client-side handling.
    5. Crazy custom ways of downloading Javascript without actually using a script tag, which seems to defeat the browser's ability to cache the (usually large) script, as well as producing confusing output in analysis tools.
    6. Automatic logout driven by client-side per-tab Javascript, so if you open a new tab to view some other content on the same site, even if you keep that new tab active, the old tab will log you out for being idle in that tab. Automatic logout is not inherently bad, but it needs to be based on whether the user seems active, not whether a given tab has been reloaded recently.
    7. Assuming optional headers (e.g. HTTP Referer [sic]) are actually mandatory, with complete brokenness if that assumption is violated. For example, JPMorgan Chase Bank currently runs some content servers that, for some resources and not others, will hard abort a connection if you fail to send a Referer header. You can put whatever you want in the Referer header and it will work (even if it's not a valid URL), but if you omit the header entirely, splat. Their general use pages then hard-require those resources (see #1, above), so if you can't get the supporting resource, you can't use the site - and you don't get any sort of sane explanation telling what's wrong. Even their homepage is affected. I stumbled on that one by accident because I had a multi-year old browser preference set not to send cross-site referer headers. They broke that early this year and still either do not know it is broken or simply do not care.
      • curl 'https://www.chase.com/c/111816/etc/designs/chase-ux/css/blue-ui.min.css' -> fails with curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
      • curl -H 'Referer: -' 'https://www.chase.com/c/111816/etc/designs/chase-ux/css/blue-ui.min.css' -> works and gives a minimized CSS document; as far as I know, - is not a legal value in Referer, but their server seems happy as long as the header exists.

    I could go on, but I have ranted enough for one post.

    This does not even get into the more questionable UI choices, like trying to make websites rendered in full-screen 1920x1080 browsers lay out as if they were on tiny mobile phones.

    link to this | view in thread ]

  21. icon
    DannyB (profile), 2 Dec 2016 @ 12:48pm

    Re: Re: Same Rules Apply...

    That is a good point.

    Disney can afford to automate the continued re-re-registering and at scale.

    link to this | view in thread ]

  22. icon
    DannyB (profile), 2 Dec 2016 @ 12:51pm

    Re: Re: Password Requirements

    Probably everyone has seen the joke memo that introduces company wide password requirements. Then adds more and more restrictions. Then goes over the top until it starts reducing the number of possible passwords. Finally only one possible password exists. Everyone is to start using this secure password at once. Managers will distribute it to their direct reports.

    link to this | view in thread ]

  23. icon
    DannyB (profile), 2 Dec 2016 @ 12:53pm

    Re:

    The best way to get rid of a bad law is to enforce it.

    Just wait until this bites the right hands who can fight it.

    In an effort to make a bad law worse, Hollywood may just well be instrumental in getting it overturned.

    link to this | view in thread ]

  24. identicon
    Digitari, 2 Dec 2016 @ 12:55pm

    So when

    you have to register to get DMCA protections,(but not copyright) is the next step registering for Constitutional protections?

    I think I see were this is headed.......

    link to this | view in thread ]

  25. identicon
    SpaceLifeForm, 2 Dec 2016 @ 1:05pm

    Need definition of website

    Is the LOC paying attention?

    This is all a ploy to get bad law codified by SCOTUS. To set precedent.

    First to get sued should contact EFF.

    link to this | view in thread ]

  26. icon
    Anonymous Anonymous Coward (profile), 2 Dec 2016 @ 1:05pm

    Automatic Reregistration

    There should be an App for that

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 2 Dec 2016 @ 1:16pm

    Re: Re:

    yeah except they will just get an exception for themselves added to the law.

    link to this | view in thread ]

  28. icon
    That One Guy (profile), 2 Dec 2016 @ 1:30pm

    Re: So when

    I believe it's been a few years, but I seem to recall at least one court ruling that was essentially just that, where they argued that your 'right' to stay silent only applied when you actively affirmed that you were using it.

    Don't say 'I am invoking my fifth amendment right against self-incrimination and staying silent' and they could use your silence against you.

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 2 Dec 2016 @ 1:31pm

    Don't play by their rules. Ignore the DMCA.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 2 Dec 2016 @ 1:32pm

    Remember back in the day when Techdirt was acting like copyright was something that was going to go away? That was funny.

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 2 Dec 2016 @ 1:33pm

    Re: So when

    Why not, when you buy a plain ticket you just registered to LOSE some Constitutional Protections.

    I don't see how this next step would be a surprise or something people are willing to lose their jobs or comfy lifestyles over.

    link to this | view in thread ]

  32. icon
    Vidiot (profile), 2 Dec 2016 @ 1:42pm

    Re: Here is an idea...

    Mandate from the new administration: No more oppressive Federal oversight... pass control to the states. How about 50 separate DMCA re-registrations? One or two have to be better-executed than the Federal version.

    link to this | view in thread ]

  33. icon
    That One Guy (profile), 2 Dec 2016 @ 1:44pm

    Cha-Ching!

    And just like that the Copyright Office turned what was a one time payment into a steady(though smaller in the short term) stream of easy income, throwing everyone under the bus in the process.

    If they follow through on their idea of a site of 'unregistered sites' then you can be sure that the extortion via copyright schemes will shoot through the roof as well, also thanks to their boneheaded and/or incompetent move.

    link to this | view in thread ]

  34. icon
    Roger Strong (profile), 2 Dec 2016 @ 1:45pm

    Re:

    No, I don't.

    I remember when it was acting like technology would make the worst of the copyright abuses and bad business models go away or be reduced to irrelevance.

    Funny, that.

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 2 Dec 2016 @ 1:47pm

    So you've got yourself an invalid registration now...

    ...and may not be protected. Because it says you're in Canada and you're not. Congratulations. Just the way the copyright office (and Hollywood) wanted it.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 2 Dec 2016 @ 1:50pm

    Re:

    > Remember back in the day when Techdirt was acting like copyright was something that was going to go away? That was funny.

    Put the crack pipe down. Easy, now, easy...

    link to this | view in thread ]

  37. icon
    Roger Strong (profile), 2 Dec 2016 @ 2:09pm

    Re: So you've got yourself an invalid registration now...

    I threatened to write my senator, and they told me Ted Cruz was also a Canadian.

    link to this | view in thread ]

  38. icon
    sorrykb (profile), 2 Dec 2016 @ 3:32pm

    Re: Re: So when

    link to this | view in thread ]

  39. identicon
    Anonymous Coward, 2 Dec 2016 @ 4:13pm

    Re:

    How's the Jim Hood fund coming along, bro?

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 2 Dec 2016 @ 6:17pm

    Re: In fairness to their web designers

    Yep. Random numbers and letters, EXCEPT apparently those used in escaping urls. This is probably caused by a limitation inherited from the API the developer selected.

    But Mike, this beef isn't with the Copyright office. This is a beef that goes back to the original HTTP and HTML RFC's.

    Really there have been dozens of moments in history where this could have been unfucked universally. The failure was in putting abstraction that should have been a protocol extension, into a document standard instead. But noOOoo. We've got to all act like fucktards, because none of us ever got around to looking at the http RFC and said: "Shit... Even _I_ can do better than this."

    Hey. We all get our screws torqued now and again. No harm no foul. But do me a favor Mike: Fix the adverts on your site that run outside of https. It is a little less hypocritical to bitch about somebody else's site when your is working properly.

    There is plenty of blame to go around. And in the general scheme of fucktard-neering that went into the Internet, this is a rather minor issue. There is much MUCH worse stuff out there.

    link to this | view in thread ]

  41. icon
    techflaws (profile), 2 Dec 2016 @ 9:51pm

    Re:

    Remember back in the day when the trolls posting at Techdirt tried hard (and failed still)?

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 3 Dec 2016 @ 12:27am

    The Chinese are coming, and they have familiarized themselves with east Texas.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 3 Dec 2016 @ 3:11am

    Re: Re: Password Requirements

    I mailed my credit union asking them to implement two factor authentication.

    My request made it to the head of IT security where I was informed they already implement two factor authentication by requiring a username, password and security questions.

    The whole idea of using two of the three factors, something you have, something you are or something you know is beyond their comprehension.

    link to this | view in thread ]

  44. icon
    Padpaw (profile), 3 Dec 2016 @ 3:41pm

    We canadians welcome all of our new online brethren.

    link to this | view in thread ]

  45. identicon
    Anonymous Coward, 3 Dec 2016 @ 5:44pm

    Re: Re: Re: Password Requirements

    Using additional factors that are non-volatile (like birthday, or name of first dog) is extremely bad security. If ever the cache of valid answers is compromised then the poor client can never change any of those facts. Their identity is potentially ruined forever. Yet a myriad of web sites insist on gleaning such data in the name of "security". The whole world has suddenly become so dumb ... I suspect some insidious undetected zika-like virus has been at work.

    link to this | view in thread ]

  46. identicon
    Anonymous Coward, 4 Dec 2016 @ 5:35am

    The Copyright Monopoly loves breaking the Internet.

    link to this | view in thread ]

  47. identicon
    Anonymous Coward, 4 Dec 2016 @ 7:06am

    Re: Re: In fairness to their web designers

    "The failure was in putting abstraction that should have been a protocol extension, into a document standard instead"

    To follow up:

    If plain text SQL schemas had been bound to HTML forms back in the 90's, it is likely that PHP, AJAX, and, maybe even Ruby would never have existed. AND things would be way more secure, since the security policy would be done fully server side in C, instead of the sieve that has been created by client side dynamic post formatting.

    There is the right way, and there is every other way. And the WWW has been done every other way, since it's inception. But when something is broken this long, it is probably broken because somebody wants it to be broken.

    So it would easier to fix it these days. But you'd have to be willing to suck Microsoft and Oracle dick for it to be portable. Otherwise they would EEE you, or just break your dependencies until you said uncle.

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 5 Dec 2016 @ 5:56am

    Re: Re: Re: In fairness to their web designers

    I appreciate these posts.

    link to this | view in thread ]

  49. icon
    John85851 (profile), 5 Dec 2016 @ 10:15am

    Re: In fairness to their web designers

    And in all fairness, it could be worse: the site could require the use of Flash to do anything on the site. It doesn't matter if you use FlashBlock or if your browser says Flash is a security risk: you either make it active or you can't use the site... and too bad if there are no other alternative websites to use.

    link to this | view in thread ]

  50. icon
    PaulT (profile), 6 Dec 2016 @ 1:10am

    Re:

    I'd say it's actually quite likely. It's well documented how close they are to the **AAs of the country, and it's well documented how much those people *hate* having to go after the people actually infringing rather than the nearest available scapegoat.

    This will backfire, in that sense, as all it will do is make the smaller sites shut down easier and faster, while consolidating more successful services with the likes of Google who have the resources to fight them. But, they've never been particularly good at doing things correctly.

    link to this | view in thread ]

  51. icon
    PaulT (profile), 6 Dec 2016 @ 1:10am

    Re: Re:

    "This makes perfect sense"

    ...which is exactly why they're not doing that.

    link to this | view in thread ]

  52. identicon
    Anonymous Coward, 6 Dec 2016 @ 3:24am

    Re: Re:

    Tried hard, or hardly trying?

    Half of nothing is still nothing.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.