In the preceding article, The Relative Cost of Internet Access, we looked at the differences in costs between various service tiers available from two Internet Service Providers. For those interested in a simple recap, here it is: the cost of a broadband Internet connection in Germany is (slightly) lower than the cost of comparable connection in the United States. But not only is the pricing more attractive in Germany, the speed of the connection is superior as well. Excluding special offers and discounts, customers in Germany have no trouble signing up for an uncapped connection of 32 Mbit/s down, while U.S. customers, looking to spend no more than their German counterparts, are limited to only 6 Mbit/s.

So now the question remains: why the hell is an Internet connection so darn expensive in the US, and why are so many ISPs now considering, or, worse yet, actually implementing, bandwidth caps?

In order to answer this question, let’s take a brief look at which ISPs are capping their customers and to what extent they are doing so:

• Comcast: 250GB cap on total bandwidth consumption per month.
• Time Warner Cable: Toying with the idea of total bandwidth caps at about 40 - 75GB per month.
• Cablevision: No explicitly stated cap; although some report that heavy usage is frowned upon.
• Verizon FIOS: No cap, whatsoever.

These four — Comcast, Time Warner Cable, Cablevision, and Verizon — represent practically the entire high-speed ISP industry as it exists today in the United States; so much for competition, right?

Notice anything interesting about the various caps that these four companies are imposing on their customers? Here’s a hint: look at what else they’re invested in.

Comcast and Time Warner both own a variety of actual TV networks. More specifically, Comcast owns E! Entertainment, The Style Network and G4. Similarly Time Warner also owns a plethora of channels, networks, and even a studio or two:  New Line Cinema, HBO, TBS, Warner Bros., Cartoon Network, and the list goes on.

But why should it matter what else these companies do, as long as they can provide us with a digital connection to the outside world? Well, a major part of the problem is that because these companies have been allowed to expand into so many different direction (without any proper oversight from either the government, or the executives heading the boards), they are now so big that they simple too cumbersome to be able to adapt swiftly to the latest industry tends.

If you’ve set up a business model around television stations, networks, and programming for said media, what is the one thing that your business relies on? Television viewership!

And what’s the biggest threat to television at the moment?

Why, it’s the Internet, of course.

So, at the end of the day, it all comes down to traditional television programming versus diverse, à la carte Internet content.

Now, one might make the observation at this point that there really shouldn’t be a problem here, since Comcast and Time Warner are two business that are well invested in both of these markets; that is, they both offer Internet access, and then both offer television services. Though correct, this observation misses a critical point. Companies of this caliber are, relatively speaking, old gaints, who have over the years gotten very used to a single, very lucrative business model, which, at the end of the day, boils down to nothing more than the number of people tuning in. Internet service for these companies, in comparison, is only a small branch in a much larger business model. Additionally, offering Internet access is not, by any stretch of the imagination, the same thing as owning a TV network, let alone several of them. With ownership comes the ability to dictate and create content, which is not the case if you’re only acting as a doorkeeper to a vast realm of content and knowledge.

Being used to seeing the majority of their income stem from television based content, companies like Comcast and, to a larger extent, Time Warner are scared out of their wits; the Internet is stealing away viewers and they have no clue what to do about it. There now exist services such as Hulu and Netflix, which have led thousands upon thousands of people to drastically reduce the time that they spend in front of an actual television — mind you, they’re still spending a lot of time in front of a screen; they’re just not putting their feet up and leaning back.

Due to services like Hulu and Netflix, less and less revenue is streaming into the coffers of Comcast and Time Warner. They might be providing the Internet access, but that really is all that they are doing. They see absolutely no additional income from what the consumer actually does with that access.

The simple fact is that people are watching less and less actual TV, and from the perspective of those invested in both the Internet service and television service industries, the only real short-term solution to this problem is to limit the amount of time that customers can spend using online services such as Hulu and Netflix. This is simply due to the fact that under the current model there is far less money to be made providing content over the ‘Net than through the tube.  For a lot of providers, the easiest way of reducing the time spent with a browser instead of a remote is simply to impose bandwidth caps and/or increase the price of pulling in the bits.

Of course, Comcast and Time Warner would be the last to admit that they are behind the times and that their coveted revenue models are antiquated and may be approaching extinction. The excuse typically peddled by Comcast and its ilk is that there are users — and by their own admittance, way less than 1% — who use exorbitant amounts of data on a monthly basis, and that these customers, in doing so, are spoiling the party for the rest of us. Without getting too far off topic, let me just say that I have a very hard time believing that.

If customers can only consume so many bits per month, then, logically speaking, there should come a point at which they will be forced to stop using the Internet to watch their favorite shows. And if they can’t watch their favorite shows on the ‘Net, customers will have to revert back to watching television instead, which is exactly what the cable companies want — and need.

Intuitively, one might assume that as technology advances and becomes more readily available that products and service should become ever more abundant and ever cheaper. One would presume that in the most populous state in America, where the boundaries of technology are continually being probed and pushed back, that something as basic as an Internet connection would be relatively cheap, certainly no more expensive than a connection somewhere in Europe, right?

Looking at the numbers, however, this is not necessarily the case, and reasons for this pricing discrepancy are not immediately apparent. In order to understand why the prices are what they are, one needs to understand the who the players are, as well as the state of the industry as a whole.

But, before we get too far into the analysis, let’s start out by looking at the numbers.

Internet penetration in the United States is at roughly 45 percent (according to a census taken last year), and with the number of services and devices what use the Internet increasing daily, this percentage is bound to skyrocket in the coming years. That being said, however, the United States is still way ahead in terms of Internet penetration when compared to the rest of the world, and as such, the rate of adoption in the U.S. is not quite as high as it might be in some other, more rapidly developing, parts of the world. In fact, while the percentage of Internet users in the rest of the world is at around 20 percent of a given population, Internet adoption (in the rest of the world) is growing at a rate of about 395% — compared to a growth rate in the United States of about 228%.

Despite the high penetration, however, the cost of service in the United States is rather steep, even when compared to other developed nations. To illustrate my point, let’s take a look at the cost of a high-speed Internet connection in Germany versus the available offers from Comcast, the most popular Internet Service Provider (ISP) in the United States.

With a quick hop across the pond with Google.de, it doesn’t take all that long to find an appealing high-speed Internet offer in Germany. I found a rather appealing (as you’ll soon see) deal from a company called Kabel Deutschland (Cable Germany, for those who care).

For the purposes of this comparison, I’m only interested in signing up for an Internet connection; in other words, I’m not interested in television or phone service, nor do I want any sort of bundle. So, let’s take a look, shall we…

The most basic service available from Kabel Deutschland at the time of writing is their so-called “Flat Easy 1000” plan. Although this basic plan isn’t likely to impress any Internet addicts, it nonetheless offer customers a download speed of up to 1Mbit/s, an upload speed of up to 128Kbit/s, in addition to a few more features (like 6 e-mail accounts, a free modem, et cetera). Again, this isn’t the most impressive package, but it’s probably more than enough if the computer isn’t the center of your world. Neglecting one-time installation costs and the like, the monthly cost for this service comes out to be €9.90 (about $13.15).

At this point, none of this is all too impressive; it is certainly possible to find a comparable deal in the United States. In fact, AT&T is currently offering a $10 per month plan for customers who have not had a high-speed Internet connection in the past 12 months. Ignoring special offers, however, AT&T cheapest offer is $19.95  for a connection featuring 768 Kbp/s up, and 384 Kbp/s down (with a 1-year contract); and Verizon offers 1 Mbit/s down, with 384 Kbp/s up for $17.99 (if you sign up for a 2-year contract).Verizon’s offer is arguably the closest to that of Kabel Deutschland, but it is still 36% more expensive than the German offer.

Where things start to get really interesting, however, is when one starts looking at the available offers for what has been coined “hi-speed Internet.” What becomes quickly apparent is that the cost of an Internet connection really skyrockets in the U.S. as speed increases, while in Europe the prices remain far more reasonable. Signing up for Comcast’s hi-speed connection quickly results in a monthly bill of (just) over $40 dollars. Now, that might be okay, depending of the speeds involved. Unfortunately, those speeds are not that impressive at all, especially when you start to consider the offers available in other first-world countries.

Although it is possible to attain speed of more than 6 Mbit/s, the vast majority of Comcast’s offerings revolve around a 6 Mbit/s down-speed. More to the point, Comcast is particularly fond of offering customers what they call “PowerBoost”; depending on the overall demand placed on its network, Comcast is able to offer customers access to a full 12 – or 16 Mbit/s (depending of the type of service), for short periods of time.

Going back to Kabel Deutschland, the situation is quite different. Their top offer is for a package that includes a 32 Mbit/s connection, with a 2 Mbit/s upload, 60 e-mail accounts, and a free wireless router to top it all off. But, wait, there’s more! Smack-dab in the middle of the page, in red text, it reads: “Kabel Internet mit Flatrate ohne Limit.” Now, you don’t need to know a lot of German to know what that translates to. Unlike Comcast, Charter, and almost every ISP in between, Kabel Deutschland does not place caps on the amount that their customers can use. If such a service were to be offered here in the U.S., it would be “competitvely” prices at well over $80, to be sure. However, the Germans are offering all this for a mere €22.90 per month for the first year — that’s $29.60! Thereafter, the price increases to €29.90, which translates to about $42.10.

Although it would seem that after a year of service both Comcast and Kabel Deutschland charge about the same, one ought to consider that Kabel Deutschland’s offer is far superior in speed and value. Not only does the German ISP offer a better connection, but they also guarentee that customers can download (and upload) as much as they please, without having to worry about any hitting any bandwidth caps — the same cannot be said for Comcast, with their 250 GB cap.

Now that we’ve seen the numbers, there’s still the lingering question of why this price descrepency exists, especially when one considers that Comcast, and in fact most ISPs in America, is also imposing a rather unpopular bandwidth cap on their users. The reasons for and implications of these simple facts will be discussed in the next article in this series.

Anyone who’s a Bank of America customer has probably gone through the process at one time or another. The site loads, you enter your username and state, and you hit “Sign In.” Waiting, waiting, waiting. Ok, next step: do you recognize this image? Huh, yeah, whatever; you enter your passcode and hit “Sign In” again. “Your request is being processed, Please wait…” Am I in yet? Oh, wait, what’s this. An ad? “Not now.” Ok, we’re in….

I wouldn’t have too much of a problem with the Bank of America login system, cumbersome as it might be, because it helps protect my banking information from those ruthless Nigerian phishers, right? Well, no; it doesn’t, actually. As it turns out, the implementation of the SiteKey system is nothing more than smoke and mirrors, or as Steve Gibson puts it, nothing more than a “touchy-feely sort of solution” that will look good in the papers.

According to federal law, any banking institution that wishes to provide an online service for “high-risk transactions involving access to customer information or the movement of information to other parties” must implement two-factor authentication (FDIC). So, what does all that mean? How will users be authenticated?

User authentication can be dealt with in a number of ways, but in order to have any confidence in the security of a system, multi-factor authentication is required. Multi-factor authentication deals with the notion of providing access after at least two of the following have been provided and verified:

• Something you know, like a password, a PIN, or an answer to a question. Please note that, requesting a username and a password still only counts as single-factor authentication.

• Something you have, such as an RSA security token, a credit/debit card, or some other physical device capable of providing some sort of information that only you might have access too.

• Something you are, meaning a fingerprint, a retinal scan, or some other form of biometrics.

Each of the methods mentioned above are quite easily foiled on their own—yes, even biometrics. So, in order to be the least bit sure that the connection between the client and the service is secure, a combination of factors needs to be used.

As it turns out, however, the “two-factor authentication” that Bank of America has implemented on its site is anything but secure; in fact it’s only multi-factor if you tinker with the definition a bit. The entire concept behind the Sitekey theatrics is that you provide the bank with your username and state, which is then used to look up the Sitekey image that you provided them when you set up the account. When this image is then presented to you, the site wants to know if you recognize the image and its corresponding title. If it’s the correct, you enter your passcode and you’re good to go.

The idea is that only the real Bank of America would have the correct image, and that there is no way that a phishing site could possible present you with the correct image. So, if you don’t see or recognize the image, don’t log in; it’s not the real Bank of America site.

Well, that’s not exactly true either; Bank of America might not be the only ones with access to the image. The SiteKey system can be and has been hacked, and it didn’t take MIT graduates to do it. A simple man-in-the-middle attack is all that’s needed to bypass the authentication system and gain access to users’ bank accounts.

Wanna set up your own phishing scheme? Here’s all you have to do: setup a site that looks and feels just like the real Bank of America site, and start attracting visitors; a common way of doing so would be to send out spam designed to look like it came from, say, a Bank of America representative, asking that the recipient please click on a false link (which looks valid) to the banking site to check on some critical information; maybe verify an address, or something like that. Once you get victims to the site, the hard part is already over. Just sit back and wait for the login information to roll on in. When the victim enters in his or her username and state, the fake site will head over to the real Bank of America site to enter in the exact same information, wait for the Bank of America site to present the SiteKey, so that it can be copied and presented to the victim, who will (gladly) validates it and enter the passcode. The fake site then goes back to the real site, enters the passcode and voilà, you’re in! Happy robbing!

Bank of America’s “security” measures have been seriously compromised, and, unfortunately, it doesn’t look like it’s going to change anytime soon. Not only is it broken, but most users probably wouldn’t even notice if the SiteKey image never even came up. According to a fairly recent MIT study, 97% of those tested went ahead and entered in their passcode even though the SiteKey image wasn’t present. Only two people had the presence of mind to realize that maybe, just maybe, there might be a security concern. So, if you don’t want to set up a complex system to check back and forth with the real banking site, just omit the image and simply have the victims enter the login information for your later use (and then, maybe, direct them to a page reading “OWN3D!!!” or something like that to rub it in).

The public was angry; they had had enough of the harsh oppression, the unrelenting control, and the panoptic supervision of the ruling elite. No longer was a distant monarchy going to exert its tyrannical oppression over the well-meaning individual; and the events that would soon come to pass where going to definitively prove that times were changing. Dressed up to disguise their identity, a passionate group of men boarded the HMS Dartmouth and dumped 45 tons of English tea into the harbor. The Boston Tea Party sent an unmistakably clear message to the British parliament: enough is enough; either policies start changing right away, or there will be far more serious consequences. The events of that day, the 16th of December, 1773, symbolized the final spark needed to light the fuse of unanimous revolt. Today, 233 years and 138 days later, a similar contempt lingers in the air, albeit in the digital realm.

Much like the Boston Tea Party, the revolt that Digg, a user driven social content website, is experiencing has not gone, and will not go, unnoticed. The rebellion is one of the first en masse protests against the forceful establishment of a DRM-driven society; a society in which everyone who wishes to use, sample, or share creative content must pay – over and over again. However, the enforcement of such a policy can only be truly effective through the placement of restrictions on the rights of the user, through the establishment of a system of Digital Rights Management, or DRM.

Unfortunately, the DRM systems currently in place are fundamentally flawed in their implementations and are also completely obvious to the notion of Fair Use, and as such they only really present a hindrance to casual users in their futile attempts to eradicate digital piracy. A paying user ought to be able to play, store, back-up, and share the content that he has legally bought without having to worry about such idiotically restrictive laws as the DMCA – sure, the DMCA does have some legitimate uses, but for the most part it has only managed to piss off the casual, well meaning consumer.

The fact that not a single content protection system has yet been able to reliably do what it was meant to do, has seriously upset an extremely passionate and dedicated group of individuals. Most of these individuals have no intention of illegally distributing copyrighted content, but the fact that varies companies and organizations are in essence forcing their users to become pirates to do what they would only naturally want to do has really taken its toll.

Tuesday, May 1st, a single submission which contained a recently discovered decryption key code for the AACS content (…or should I say “revenue”) protection scheme used to protect HD-DVDs found its way onto Digg. In near-record time the story secured a place on the coveted front page of the site. It didn’t take long for the watch dogs over at the Advanced Access Content System consortium to take notice and react with yet another DMCA takedown notice. Jay Adelson, the CEO of Digg, was naturally concerned about the continued, hassle-free existence of the site and as such decided that it would be in everyone’s best interest if he followed his lawyer’s advice and removed the submission. Furthermore, Jay also made it abundantly clear in his blog post that the reason for removal of the story was purely legal in nature, and that it had nothing to do with censorship:

Whether you agree or disagree with the policies of the intellectual property holders and consortiums, in order for Digg to survive, it must abide by the law. Digg’s Terms of Use, and the terms of use of most popular sites, are required by law to include policies against the infringement of intellectual property. This helps protect Digg from claims of infringement and being shut down due to the posting of infringing material by others.

Our goal is always to maintain a purely democratic system for the submission and sharing of information – and we want Digg to continue to be a great resource for finding the best content. However, in order for that to happen, we all need to work together to protect Digg from exposure to lawsuits that could very quickly shut us down.

Unfortunately, the removal of the story did not go unnoticed – far, far from it. Within hours of the removal of the story, the entire Digg community seemed to be in uproar over the fact that their favorite news website would kowtow to bigger company. In response to the removal of the original story and also to illustrate to the AACS consortium how futile their efforts were, Digg die-hards flooded the front page with countless stories that in some way revealed the leaked hexadecimal key. Some stories were blatant in their purpose, while others found very creative ways to sneak the code in.

At first, the executives over at Digg tried to keep up their end of the law by deleting and preventing the submission of further stories about the key code. However, it soon became apparent that their efforts were just as futile as those of the government. This is where things took a surprising turn – supporters of a DMCA-free world might say this next event represented a small victory, but I contend otherwise. At 9 PM that evening, Kevin made a surprisingly stupid move; he actually posted the key code along with a concession that the efforts of the Digg community were beyond his power to control. Here is the post in its entirety:

Digg This: 09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c1

Today was an insane day. And as the founder of Digg, I just wanted to post my thoughts…

In building and shaping the site I’ve always tried to stay as hands on as possible. We’ve always given site moderation (digging/burying) power to the community. Occasionally we step in to remove stories that violate our terms of use (eg. linking to pornography, illegal downloads, racial hate sites, etc.). So today was a difficult day for us. We had to decide whether to remove stories containing a single code based on a cease and desist declaration. We had to make a call, and in our desire to avoid a scenario where Digg would be interrupted or shut down, we decided to comply and remove the stories with the code.

But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.

If we lose, then what the hell, at least we died trying.

Digg on,

Kevin

Kevin got far too caught up in the heat of the moment, and from a legal perspective he may very well have just killed Digg. In his post he blames the Digg community for not respecting the Terms of Use that Digg has in place. However, as this scenario unfolds the number of submissions to Digg that reveal the actual key code are irrelevant as long as Kevin, as one of the main honchos in charge of the start-up, is able to maintain that he and the rest of the executives did everything in their power to prevent the posting of the key. Not only does he admit that no one will be trying to prevent the posting of the code, he actually did it himself. If the AACS consortium or another company with a big stake in the prevention of piracy decides to press charges against Kevin’s site, they’d have a field day; Kevin would have a hard time “Digging” himself out of trouble.

The events that lead up to the Boston Tea Party in 1773 were, in many ways, quite similar to what we are seeing at the moment in the digital domain. The Stamp Act of 1765 and the Townshend Acts of 1767 had angered well-meaning colonists for years, much like DRMs are doing today. Eventually, the anger over the policies became so extreme that something had to happen; something had to illustrate to the British that the colonist were fed up with the restrictions and regulations. As Steve Jobs said in his essay Thoughts on Music, “DRMs haven’t worked, and may never work, to halt piracy.” If the current restrictive trend continues then we might very well see another “digital Boston Tea Party” in the near future – (Thanks to Forbes.com for noticing that quote in the numerous Digg comments).

Regardless of whether you’re into technology or not, you’ve probably heard various horror stories of how hackers have managed to commandeer the PCs of unsuspecting users to do their bidding. Traditionally a hacker would need to get a malicious piece of software – a.k.a. viruses and spyware – onto the intended victim’s machine before anything harmful can take place. Most computer users are aware of these dangers and have taken actions to prevent infection, such as installing anti-virus and anti-spyware software. The vast majority of users also hide behind some sort of request filtering system, be it a NAT router or even the standard Windows Firewall. Having these measures in place, along with some good computing habits, like not opening random links in e-mails, probably save many users a lot of potential hassle, and most likely also provide some ease of mind. Well, those days are over, because there’s a new hack in town.

A few weeks ago at the ShmooCon conference, Billy Hoffman, the lead engineer of SPI Dynamics, informed the security community of an exploit that had come to light along with a tool that he had developed that would be able to exploit the vulnerability to take advantage of any machine, running any browser, on any operating system, to do almost anything. The program, named Jikto, consists of a rather simple JavaScript that can be embedded in any Web page, and can be surreptitiously run upon loaded the page.Let’s start off with an example: With Jikto, a hacker could potentially scan a corporate network and “fingerprint all the Web-enabled devices found and send attacks or commands to those devices,” without any interference from a firewall, since all of this can be run directly from the browser. To a firewall it would this would be perfectly acceptable, since it would appear as if the user requested this to happen. Continuing with Hoffman’s example, once a hacker figures out the router brand and model it would be fairly trivial to send it a few commands to reconfigure the router to drop the encryption or change the password. And, to make matters even worse, it would also be possible for a hacker to mask the attack in such a way as fool the IT techs into thinking that the attack came from an insider, instead a hacker thousands of miles away.

So how exactly is Jikto supposed to do all this? Once a casual Internet surfer visits a site that has Jikto embedded in it, the JavaScript will execute. Jikto will essentially take over that browser and turn it into a scanning tool that can then scan other websites for cross-site scripting or SQL injection vulnerabilities and report any findings back to a third party, probably a hacker. Once a target is located, a hacker can then inject targeted code into the website through the vulnerability that Jikto has found. This code then has the potential to filter down from the website to the company’s network and into a specific Web-enabled device.

Not only will Jikto be able to find and report on cross-site scripting or SQL injection vulnerabilities, it will also be able to self-propagate, much like a worm, using these same cross-site scripting exploit. From this new location it will then be able to infect and commandeer the browsers of other unbeknownst users. Since Jikto only takes over the client’s browser, and does so silently without alerting the user, it does not affect any other part of the machine, which is part of the reason that traditional security applications will have a harder time catching it.

So, at the center of this potentially devastating exploit tool is Web 2.0, or more specifically, the ubiquitous use of JavaScript to enable AJAX—a programming technique designed to make sited more user interactive; think Digg.com. On the one hand, it may seems surprising that a tool like Jikto took so long to appear, since JavaScript as been used for almost a decade now, and the exploit that is now being used is certainly nothing new. But then again, a tool like Jikto can only be truly effective if a great number of sites have JavaScript enabled, forcing users to do the same. The success of Jikto depends on the number of PC that it can be run on, much like BitTorrent in a sense. As Steve Gibson explains, “Jikto runs in a web browser and distributes the bug-hunting task across multiple PCs.” What makes Jikto so incredibly dangerous is that it’s immune to all current anti-malware solutions. The only true way of stopping what Jikto is capable of would be to browse without JavaScripting enabled. Unfortunately, doing so would break a vast number, if not the majority, of websites today. Even for a simple blog, such as this one, to work correctly JavaScripting has to be enabled.

The reason that Jikto has managed to garner so much attention in the last few weeks is the fact that it’s a very clever way of scanning for vulnerabilities using a language that practically any browser can understand—even certain cell phone browser will succumb to its will. In the words of Billy Hoffman, “Jikto going to drastically change the scope of evil things you can do with JavaScript.” Continuing on, he states that “Jikto turns any PC into my little drone. Your PC will start attacking websites on my behalf, and you’re going to give me all of the results.” Coming from white-hat hacker Billy Hoffman, this probably sounds more sadistic than it really is, since he has refrained from releasing Jikto into the wild. Unfortunately, there have already been reports of sightings of the Jikto’s source code. The eventual appearance of Jikto, or rather some program like it, is pretty much inevitable. Once the hacker community knows that the exploit exists and how to implement it, writing a program to take advantage of it is really quite trivial.

For more information about the vulnerability of JavaScript check out Steve Gibson’s podcast Security Now! and also take a look at these webcasts for SPI Dynamics.

March 13 – Viacom announced today that it has filed suit against YouTube, and its parent company Google, for massive intentional copyright infringement. Viacom is seeking one billion dollars in compensation for supposed lost revenue and an injunction against any further infringements on the part of YouTube and Google.

Viacom, with a current market value of 24.99 billion dollars, is the media conglomerate behind numerous television networks and movie production houses, such as the MTV Networks, Paramount Pictures and DreamWorks movie studios. Considering what they own, it should come as little surprise that they are the copyrights holders to an extremely vast array of content, a lot of which has found its way onto YouTube.

Google recently spent 1.56 billion of its current 98.98 billion dollar market value to acquire the popular video sharing site YouTube. This acquisition might have made sense to Google at the time considering that the majority of Google’s annual earnings stem from targeted advertisements. The best way to make money via advertising is to get as much traffic as possible to the sites that host the ads, and YouTube arguably has the largest userbase of gullible, ready-to-click-anything teenage visitors of any site, save for MySpace perhaps.

While Google may have adhered to its philosophy of doing no evil, it may very well have inadvertently purchased a massive, multi-billion dollar thorn in its side. The biggest paradoxical problem that YouTube currently faces is that the site in not directly under Google’s control and that it is dependent upon its userbase for content and recurring visits. Most of the vital content that YouTube thrives upon is copyrighted and without it, YouTube would simply not be as successful as it currently is. In other words, if they were a hundred percent legit, they wouldn’t be as good.

In a press release related to the lawsuit, Viacom expresses their belief that “there is no question that YouTube and Google are continuing to take the fruit of [their] efforts without permission and destroying enormous value in the process.” While there may very well be a large element of truth to those allegations, it is also evident that Viacom is overlooking a critically beneficial aspect to the infringement of its TV shows and movies: YouTube is a magnificent promotional tool for televised Viacom content, and it’s completely free of charge.

Since YouTube does not allow the uploading of entire movies or television shows by significantly limiting the duration of clips, the uploading of short snippets of the actual show or movie poses little to no intrinsic threat to Viacom. If anything, seeing a short preview, if you will, of the full length content acts as a commercial and will most likely boost television ratings.

One, rather famous, example of this phenomena occurred back in December of 2005, when the Saturday Night Live skit “Lazy Sunday” made its way onto YouTube and instantly became a hit, garnering several million views in a matter of days. As soon as the presence of the skit on YouTube was brought to the attention of the promotionally-challenged upper echelon of NBC, the network didn’t think twice about unleashing its blood thirsty lawyers to have the clip removed. What NBC’s top guys failed to notice was that as a direct result of SNL’s exposure on YouTube the network suddenly saw a dramatic rise in the viewer numbers. NBC had essentially killed off the best free promotion that it had seen in years.

Since that debacle, there have been numerous studios and networks that have realized the power of the Internet in attracting new, young viewers, and they have made arrangements with YouTube to “leak” select content, hoping to win a few more eyeballs. In general, this strategy has worked quite well for those who realized what it was that interested YouTube visitors.

So, the whole question as to whether or not any significant damage was ever inflicted upon Viacom might get quite murky before any final judgments are made. If any damage was done, I doubt that it was anywhere near the tune of a billion dollars. In light of the lush market value that Google has, I think that it’s quite possible that Viacom just wants a share of the Google cake.

Adobe recently announced its plans to offer a free, online version of its popular image manipulation program, Photoshop. The service should be available by the fourth quarter of this year, and will be part of an every growing effort of numerous companies to get as many applications as possible off of the local machine and online.

With Google’s recent introduction of Apps Premier, a comprehensive suite of applications designed to assist in day to day office productivity, it is becoming quite apparent that many companies believe that future products should be highly Internet driven, if not entirely Internet based. With this announcement, Adobe wants to make sure that it is the first to have a quality image manipulator on the Net, before others, like Google, have the chance to beat them to it. It would be embarrassing to say the least for Adobe to beat at what is essentially their own game by a company that primary focuses on advertisements and Internet searches. Ironically, the way Adobe wants to make money off of this new service is to offer ads, presumably Google ads.

If Adobe does pull through with its plans for an online version of Photoshop, it would have to compete with similar products already being offered. One of these would-be competitors includes Picasa, an image organizer with some basic editing options, which is in its second iteration and also owned by Google. Although Picasa still needs to be run locally, it does include a lot of features, like image sharing and printing, that rely heavily on the use of the Internet.

The challenge for Adobe is going to be to design a product that will actually offer the features that people have come to expect from Photoshop, while mitigating the effects of Internet latency and the annoyance of advertisements.

With the gradual expansion of Internet bandwidth and compatible devices, it should be very interesting to see to what extent consumers will be willing to have their programs online. The case for web-based e-mail is easily made, but that same case is a lot harder to make for office applications and image editors. Internet apps generally have to put up with latency issues and downtime, which make them very hard to implement in a large scale business environment. Not only that, but the general contention is that Internet applications are a lot less secure than local desktop applications, which is not very comforting to a lot of privacy minded users. However, in all likelihood, the average consumer will make use of both Internet and locally driven applications, and the integration between these two will enhance the overall experience for many.

BitTorrent recently joined the ranks of companies trying to rent and sell legal movies and shows online. On Monday, the 26^th of January, the service became available to the public, but, unfortunately, it doesn’t look too promising.

The plan is to offer movie rentals, which after purchase suffer from a 30 day download window before the user has to pay again. Upon completion of the download, the customer has 24 hours to watch the movie after he or she first clicks play. Besides full length features, the service will also be offering TV shows from a variety of mediocre broadcasters such as Fox, FX, G4, Nickelodeon, Speed, Spike, as well as from a few others. These shows will not expire, but, lo and behold, can only be viewed on a maximum of two computers. The movie rentals currently cost anywhere from $2.99 to $3.99, and the asking price for a TV show is set at $1.99.

Now, this all sounds really great, but why should the casual pirate be persuaded to hop over to the legal side of the fence, when all the material that he or she could possibly desire is at least just as readily available for free on the very same P2P network as the legal stuff? At this point there are actually more users sharing the illegal rips than the legal alternative. Not only are people being asked to pay for DRMed material that requires the use of Windows Media Player to be played, the content is currently only available to those within the US. International customers get nothing – except for the free alternative that is…

There are several problems with this service as it stands right now. First off, it’s DRMed! This whole notion of wanting to protect digital content might work for the average consumer, but this makes absolutely no sense whatsoever for the experienced BitTorrent user. Chances are that if you are familiar with BitTorrent and use it on a regular basis, then you probably know plenty of places that offer the content that you want without the restrictions, for free, and possibly even at a better quality.

Secondly, where is the incentive to actually share this content? You pay for the material, you download it, watch it, and then what? If you’re an average consumer who has never used BitTorrent before, then you’ll probably just shut down your torrenting application and that’ll be that. Computer novices will simply not appreciate the beauty of the sharing system as originally set up by Cohen. The average consumer will regard this BitTorrent service as just another distribution medium, without any regard for how it works, and the importance of keeping the files so that they can be seeded.

Apropos seeding, what happens when the DRM kicks in? The movie files will essentially kill themselves, and then there will be absolutely no reason whatsoever for the end user to keep that file. The user will delete the movie, and the sharing of that file will undoubtedly go with it.

So, what if you do understand how BitTorrent works, and want to share with the rest of the paying community? Is it worth it? After all, you’ve already paid for the movie, and now the expectation is that you’ll share a DRM-ridden file over your overpriced bandwidth. By the end of it all, you’ll have paid more than the original asking price of the movie. Surely, it’s only equitable and fair towards the community as a whole, so why not share? The problem is that the sharing concept was crippled as soon as movie industry decided to prevent us from sharing with their digital rights management systems. As iron as it is, if everyone does what the industry supposedly wants us to do, which is not share, then this system will fail.

Assuming that people will support this system, it works out great for the movie and distribution companies; they pay a little at the beginning of each new release to get the seeding process going and after that the community will be paying for all of the rest, and in the meantime the companies rake in all the money.

In order for this to actually succeed, there needs to be an incentive to share. For example, a price cut based on your overall download to upload ratio. Let’s say that you have uploaded twice as much as you have downloaded, wouldn’t it be more than fair if you were rewarded for this by paying less than those who merely leech? Too bad it’ll never happen. This entire concept probably looked golden on paper, but I doubt that it will have a lot of appeal to new or existing BitTorrent users.

Back when the first HD disc formats appeared, there were quite a few in the tech industry who declared that no one in their right mind would want to download a high definition movie off of BitTorrent. Well, they were wrong. As the popularity of HD-DVD and Blu-Ray increases in traditional brick-and-mortar stores, so does the number of available torrents on the digital black market.

Before the introduction of high definition, the average DVD rip available on the P2P networks was pretty reasonable in size, ranging from 700MB to a Gigabyte – yes, there were some exceptions, but let’s not dwell on those. An average movie of this size would take about a day to download on a standard broadband connection, and the quality was pretty much on par with that offered by the source DVD, with the exception of surround sound which was simply never there, unless the DVD .iso was made available.

For a lot of people the prospect of having to wait a day for a movie to download so that it can be watched on a computer was pretty disheartening, and was probably also the main reason that many proclaimed that larger file sizes might therefore never work. Well, that argument seems reasonable to most; waiting a day is doable, but any longer than that quickly gets extreme, right?

As it turns out, that is not the case for a lot of high school and college students, who appear to be the main consumer demographic of pirated content. As long as they don’t have to pay for the content that they want, it’s acceptable; regardless of how long it takes to download the content in question. Be it movies, games, music, or software, if they want it, they will get it.

Around the 15th of January, the first high definition movie hit the underground BitTorrent market. The movie: Serenity. The size: a hefty 19.6GB. This occurred barely a day or two after the now (in)famous Muslix64 managed to bypass the DRM protection scheme known as AACS (Advanced Access Content System) on HD-DVD. This very first HD movie was encoded using EnVideo, producing a 1080p .evo file complete with 5.1 Dolby Digital Surround Sound. If you’ve ever watched a 1080p trailer over at www.apple.com/trailers then you know how absolutely gorgeous this stuff can look.

Granted, this first rip of Serenity was quite big; probably due to the fact that it was to serve more as a proof of concept that no matter what the industry tries to do to protect its content, every last bit of data will eventually be ripped to create perfect replica that will be distributed for free. When this very first movie made its way onto the P2P networks, it only served as fuel to the fire for those convinced that no one would want to waste their time and bandwidth downloading close to 20 gigs for a single movie.

In the case in point, the pundits might have been right. For most people, this file was overkill in the sense that most people don’t have a 5.1 setup hooked up to their computer, and probably can’t even display 1080p at full resolution on an average 17” monitor. However, those who thought that these issues might strangle the demand for hi-fidelity video neglected a few critical points.

1080p with Dolby Surround is the crème de la crème, and this will by no means be the standard by which most pirated HD movies will be distributed. Let’s look at it rationally: since most people won’t even be able to take advantage of the full glory of 1080p and surround sound, it would be interest of (almost) everyone if the resolution were to be downscaled and if the sound were only to be offered as stereo. Do this, and the file size will drop dramatically, and the footage will still look better than a lot of the HD offerings that Comcast makes.

The average PC user has a screen resolution of about 1280 by 1024 pixels or less, which is not even remotely close to “True HD,” at 1920 by 1080 pixels. The next step down at 720p is far more feasible for the average pirate, scaling in at a nice 1280 by 720 pixels. Going from 1080p to 720p constitutes a reduction of about 55% in terms of file size. So now, instead of having a file size of 20GB, we’re at about 11GB.

Next, let’s substitute the Dolby Surround for decently encoded stereo. Assuming that if the six audio channels that Dolby Surround uses are each encoded at 128kps, then that would equal 768kps. Since the vast majority of PC users only have a stereo speaker setup or headphones, it would make little sense to offer more than two channels of audio for the average ripped movie. Going from six independent channels to two would decrease the size required for audio storage by about 66%. Now, again, assuming that the audio takes up about 10% of the actual file, we could knock off another gig or two, reducing the file size of the average pirated HD movie to about 9GB.

Obviously there are more factors to consider than merely bitrates of audio and resolution of video. The choice of codecs can also greatly affect the final size of the file. I bet that we’re all pretty much familiar with the most prominent codecs floating around the web these days: DivX, XviD, H.264, MPEG-4, etc. All of these codecs (COder-DECoder) have their own unique way of dealing with the data that they receive in order to produce the desired quality and file size for a given piece of material. By choosing an efficient codec like, say, Theora, it wouldn’t be completely unthinkable to slim the file down by another gig or so.

Now, as proof that I’m not just pulling all of this out of thin air, here are a few torrents that I found of HD movies that are well below 20GB in size:

• Saving Private Ryan in 720p at 7.92GB
• Minority Report in 720p at 6.86GB
• The Fifth Element in 720p at 4.33GB
• The Fifth Element in 1080i at 11.15GB

(Note: For obvious legal reasons, I am not linking to any of these torrents, nor do I encourage the downloading of pirated material…and so on.)

Now, I think that it is perfectly reasonable to assume that a 6.5GB 720p HD movie is well within the realm of patience for the vast majority of those who download movies. Let’s be honest, the 700MB movies were good enough to get the job done, but by no means did those movies ever look great. Considering the major increase in resolution that 720p offers over those old DVD rips, I predict that the number of HD movies seen on underground networks will greatly increase the coming year, and that in the long run, they will come to replace those iffy 700MB rips.

If you have ever wanted to just browse to a single page and see all of the news from all of the sources you like best, then Yahoo! Pipes is for you. Pipes is brilliant in its simplicity in that anyone can log on and create their own feed network that will display just the news that they want and none of the clutter.

The interface is quite intuitive. Simply by adding pre-configured modules, setting a few variables and dragging “pipes” between the various modules, any user can have their own custom feed up and running within minutes. Once a Pipe feed has been created, it can be saved and called upon like any other feed on the net, from whatever RSS client you like best. One of the nicer things about the new service is that feeds can be easily shared with friends, who then have the ability to clone and modify it to fit their exact needs.

You could, for example, create a feed that automatically goes out to all of the major news sites, like CNN.com, NYTimes.com, et cetera, and aggregates all of the main news stories so that they can all be presented to you in a single unified feed that automatically sorts them by the publication date. Obviously you can get far more creative than that – the possibilities are endless, as cliché as that sounds…

Another neat example that can be found on the main Pipes page, is matching Flickr photos with New York Times articles so that the titles of the stories are used as keywords to perform searches for matching photos, which will then be displayed side-by-side with the text.

As simple as the concept is, it’s surprising that no ones has come up with this particular solution before. The concept of “piping” isn’t new per se, but it has never before been done for the web. The original concept dates back to the early world of UNIX where data from one application could be linked to that of another, so that the inputs, actions and results of one would automatically influence the rest of the applications that were piped in to maximize efficiency.

Enough with the chatter, here is the all-important link:

Yahoo! Pipes

Oh, and by the way, check out my quick piping job: