Google Says It Won’t ‘Manually’ Review YouTube Vids for Infringement

YouTube videos playing on the Guggenheim’s exterior Photo: NYCphotos-flickr / Flickr

Google-owned YouTube on Thursday corrected a statement it made the day before, and now says the company will not manually review copyright-infringement claims before its system automatically blocks disputed footage.

The mishap occurred when Thabet Alfishawi, rights management product manager for YouTube, wrote in a YouTube blog post: “We’ve improved the algorithms that identify potentially invalid claims. We stop these claims from automatically affecting user videos and place them in a queue to be manually reviewed.”

But what he meant to say was that some of the automatic matches will be sent to be reviewed “by the content owner” — not by Google, the search giant said Thursday.

YouTube five years ago engineered a filtering system enabling “content owners” — now numbering 3,000 — to upload music and videos they own to a “fingerprinting” database — 500,000 hours of reference files to date. When YouTube users upload their videos, the algorithm known as Content ID scans new uploads against the copyright database for matches.

The latest changeover was to cut down on Google’s algorithm erroneously removing newly uploaded videos, due to dubious matches.

Under the new policy, announced Wednesday and clarified Thursday, the new algorithm that flags videos will alert the content owner if the flagging is suspicious.

Google declined to elaborate.

When a video is sent for manual review, the content owner has the option to analyze the user-uploaded video and determine whether it is a breach of copyright before the video is removed. Google declined to go into detail on how this system works.

The announcement of the changes to the flagging system came a month after First Lady Michelle Obama’s speech at the Democratic National Convention was wrongly flagged by algorithms just after it aired. And the month before that, an official NASA recording of the Mars landing was blocked hours after the successful landing, due to a rogue complaint by a news network.

Android Phones Vulnerable to Loss of Data, Apps

Recently security researcher Ravi Borgaonkar discussed a vulnerability that caused a Samsung Galaxy SIII to return to a factory reset just by visiting a special website. Mobile phones have a number of useful codes (USSD/MMI) that can be typed on the dialer screen to bring up system information (IMEI, firmware version, etc.). Usually they are used by a phone technician to verify settings on your phone. In this case, a special code that you can type into your phone to wipe all the information off your device can also be entered by a malicious web site. Visit it with your Android phone and you end up with a factory reset.

There are really two parts to the remote wipe vulnerability: one is the existence of USSD codes that can erase all data on a phone; the other is the ability to enter those codes with a tel: URL, rather than typing them on the phone. This is not much more complicated than using the format command on Windows to erase the entire C: drive. We don’t normally call the existence of the format command a vulnerability. However, if a digital vandal comes along and remotely executes the same format command, it’s a different story.

Abusing the Protocol
Misuse of the tel: URL protocol isn’t new. An older variation of the attack–known as the DoCoMo 110 Dialer–appeared in the spring of 2000. When NTT DoCoMo customers visited an i-mode website, they were confronted with an image of a bomb and challenged to click it to prove their courage. Once they clicked, the phone immediately dialed the number 110. In Japan, the 110 number is the emergency number for the police. It was reported that due to this attack, real calls to the police were delayed by 3 seconds. Fortunately, most of these inadvertent callers immediately hung up. Eventually, a 20-year-old vocational school student was arrested in August of that year for setting up the malicious i-mode site.

Other Attacks
There are a few other attacks possible with the USSD/Android Dialer vulnerability, some destructive and some just costly. Depending on the phone model, attackers can use a code that redirects all phone calls to a toll number or to themselves. On the destructive side, the factory reset will give your phone that fresh out-of-the-box feeling minus all your contacts, email, text messages, and apps. An attacker can also lock your SIM card by entering a wrong password 10 times. Borgaonkar demoed an attack that combines the locking of your SIM card with the factory reset–giving the victim two headaches for the price of one.

Is Your Phone Vulnerable?
Determining if you’re vulnerable isn’t always easy. You would not want to enter a factory reset code yourself just to see if it worked. Losing all your personal information is a rather high cost. On the other hand, because the vulnerability is really enabled by the Android dialer, McAfee offers a test page where you can try out a nonmalicious code. If the page tells you your phone is vulnerable, download and install McAfee’s Dialer Protection app from Google Play.

Google Gives Up Fair-Use Defense, Settles Book-Scanning Lawsuit With Publishers

Photo: Amadeus ex Machina/Flickr

Google and five publishers said Thursday they are settling one of its long-running legal flaps over the media giant’s scanning of university library books without permission. The deal is a huge concession by Google, which up until now had maintained it had a fair-use right under copyright law and did not need permission from rights holders to scan the digital library of the future.

The case was being closely followed by the intellectual-property community, as it tested the limits of the fair-use defenses to copyright infringement.

“The settlement acknowledges the rights and interests of copyright-holders. U.S. publishers can choose to make available or choose to remove their books and journals digitized by Google for its Library Project,” the companies said in a joint statement. Google scanned copyrighted works under the theory that indexing and displaying portions of copyrighted works counted as fair use, with no permission needed.

Other terms of the deal remain confidential. The deal was brokered with some of the biggest names in publishing, including: the McGraw-Hill Companies, Pearson Education, Penguin Group, John Wiley & Sons and Simon & Shuster.

The litigation began in 2005, a year after Google made a deal with several universities to scan millions of books in their libraries, without the rights holders’ permission, and make “snippets” of those books available online via Google’s search engine. The Mountain View, California, search giant was subsequently sued by individual writers, publishers and the Authors Guild — litigation that has had a tortured history that resulted in a settlement a federal judge rejected last year.

But Thursday’s deal, an about-face by Google because it had long insisted it had the fair-use right to scan and publish about 20 percent of the works without permission, does not end the litigation pending with the Author’s Guild. That portion of the case — and how to deal with so-called orphaned books — is stalled on appeal.

Fair use is a defense to copyright infringement and may be invoked for purposes such as criticism, commentary, news reporting, teaching, scholarship or research.

In July, Google told the federal judge presiding over the case that “books exist to read” (.pdf) and that it does not need permission to copy the works, make them searchable or to provide brief snippets of them.

“Google made digital copies of books in order to create a searchable index linking each word found in any book to all books in which that word appears. That index provides a wealth of new information, allowing a user to find every book monitoring a particular topic or using a particular phrase together with up to three short snippets of text showing the context in which that term appears,” Google wrote.

Andi Sporkin, a spokeswoman for the settling publishers, said the deal grants Google the rights to display up to 20 percent of the work, and also grants Google permission to sell the books and journals via Google Play, its online and Android-based marketplace. Other terms of the deal were not disclosed.

“In terms of coming to an agreement on what was fair use, it was an agreement to disagree,” Sporkin said. “We were able to get beyond that and establish business terms. Did we come up with a universal definition of fair use? No.”

David Drummond, a Google senior vice president, said in a statement: “By putting this litigation with the publishers behind us, we can stay focused on our core mission and work to increase the number of books available to educate, excite and entertain our users via Google Play.”

Google declined further comment.

U.S. District Judge Denny Chin last year rejected a deal with the Author’s Guild and Google that would have allowed Google to scan copyrighted books (including ones whose copyright owners could not be found), sell them on the internet and have them pop up in search results, while allowing up to 20 percent of the text to display in a search.

The rights holders would have gotten 67 percent of the take and Google the remainder. But when it came to millions of so-called orphaned works, Google’s proposal went too far, Chin said. Under the deal, Google would also have been able to scan and sell titles whose rights holder could not be located, setting aside the proceeds if the author turned up later. In rejecting the deal for orphaned works, Chin said Congress, not he, should “establish a mechanism for exploiting unclaimed books.”

Litigation between the guild and Google is stalled, as a federal appeals court weighs the judge’s decision to certify the suit as a class action.

Juking Your Facebook ‘Like’ Stats Is as Easy as Sending a Message

For those looking to artificially inflate their Facebook stats to impress people or drive sales, there’s a new alternative to begging or bribing people for “Likes.” Now you or your friends can just simply send a raft of private messages that include a link to your page, and Facebook will add +2  to your page’s “Like” count for each message.

It’s long been known that Facebook scans internal messages for spam and security risks — and that it blocks users from sending links to torrent sites such as The Pirate Bay. But Facebook has never been clear how much data-mining its doing of users’ private conversations. It turns out, at least some is provably going on.

The Wall Street Journal‘s Digits Blog, with the help of researcher Ashkan Soltani, reported on a video showing the “Like” pumping and reproduced it:

The video, which was posted this week on Hacker News, showed a person who sent links in Facebook messages in order to inflate the number of “Likes” a page had received. Each time the link was sent, the page’s “Like” count went up by two, something that the Hacker News poster said allows people to “pump up to 1,800 ‘Likes’ in an hour.”

In addition to raising privacy questions, then, the video points to potential problems with “Like fraud.”

“If [you’re] visiting an online store and you see a lot of likes under the product then this might cloud your judgement,” one commenter wrote.

The video has since been taken down for violating YouTube’s restrictions on the depiction of “harmful activities,” but the behavior was also confirmed and recorded by Digits. There’s also a page that you can use to test this yourself. As of this afternoon, sending this link in a Facebook message boosted the “Like” count by two each time.

That’s a pretty great little hack, but evidently, it’s not a bug. It’s something actually noted in the documentation for developers.

Still, faked stats are better in my book than the bought ones – where companies give discounts or hide music/videos behind a ‘Like’ wall. But given that Facebook is now letting brands and even people pay to flood their messages onto others’ walls, it’s way too late to be crying that Facebook is supposed to be a genuine social space.

Update: Facebook’s PR firm writes in to add comment:

Absolutely no private information has been exposed and Facebook is not automatically Liking any Facebook Pages on a user’s behalf. 

Many websites that use Facebook’s ‘Like’, ‘Recommend’, or ‘Share’ buttons also carry a counter next to them.  This counter reflects the number of times people have clicked those buttons and also the number of times people have shared that page’s link on  Facebook.  When the count is increased via shares over private messages, no user information is exchanged, and privacy settings of content are unaffected. Links shared through messages do not affect the Like count on Facebook Pages.

We did recently find a bug with our social plugins where at times the count for the Share or Like goes up by two, and we are working on fix to solve the issue now. To be clear, this only affects social plugins off of Facebook and is not related to Facebook Page likes. This bug does not impact the user experience with messages or what appears on their timelines.
That said, user demographics of those who share via Facebook messages are included in the stats seen by page owners, according to Soltani.
Here’s a screenshot of what that looks like: