Philosophical issues regarding “hacking cases”

[-Shay-]

In a recent thread, there were some great, and unfortunately very accurate (yet troubling) points brought up in regards to the numerous “hacking cases” that are coming to light. While I personally prefer things of this nature to be black and white, open and shut cases – the sad reality is that they are not. It is long since time that we as affiliates take a “better” approach to this and other growing problems within our industry in the interest of protecting ourselves.

We can all (mostly) agree that we want to see the scammers (people who send fraudulent traffic for CPA deals or promise advertising placement for a fee and then fail to deliver), content scrapers (people who copy (“copyright infringement” against other affiliates) in the form of design theft, as well as content theft – be it outright plagiarism or the old copy “good content” and spin it, or even copying and displaying snippets (all without the permission of the copyright owner) to stop and be stopped. We also mostly want the “hacking” (unauthorized upload of content to someone else’s website – many of which doctors, schools, government websites with stolen content and links and deceptive redirects – you know the type that I mean). Many of us would even like to see these types of folks have their income sources cut off. I personally want to see affiliates of this ilk have their affiliate accounts shut off with no chance of reopening. I get irritated when affiliate programs and forum owners have instances of being alerted of a “hacker” or of wrong doing by an affiliate and they fail to “act” in a way that I personally would like them to act. Namely, I get mad when they do not suspend sponsorship (GPWA) and I get mad when the affiliate managers do not respond and/or shut down an affiliate account on the spot for something that is so painfully obviously “illegal” to me.


Now, here is the part that I begin to make myself ill. If someone steals content from affiliate A, illegally gains access to a hospital website and hundreds of other websites to post this content and it has your affiliate links in the content - can you prove that you did not do this?

One step further, if this person who we mostly agree is acting in a criminal manner steals content from affiliate A, illegally gains access to a hospital website, a government website, and hundreds of other websites to post this content that has your affiliate links and people at the GPWA forum are really leaning on the affiliate managers to take action… And the affiliate manager reaches out to you and says “you know... People want me to shut you down. They are your affiliate tags, mate. Help me out here” – how can you prove to your AM that this is not you doing these things? I mean, you know that you did not hack these sites, steal this content, or give anyone else permission to do so and you certainly did not give anyone permission to use your affiliate tags. How can you prove this to your affiliate manager? How can you help him to take the “right” action and save face in the forum? Actually, what is the “right” action in this hypothetical?

How would you feel if your affiliate manager had to make that “tough decision” to shut down your account – an account that was making thousands per month on its own (uncorrupted) before this accusation was thrusted upon you?

How can we as affiliate prove that something like this is not you? How can you determine who the real culprit is?

These are some really tough questions and it does not make me feel good at all thinking about them.

In the case of this “illegal hacker”, to me it is a clear cut matter of this person is knowingly acting in unethical and illegal ways. He is not (in my opinion) employing the tactic of using other people’s affiliate links in order to get other people shut down. It is painfully obvious (to me) that he is not doing this. However, it is currently too “easy” for an affiliate program to turn a blind eye and refuse to shut down an affiliate account, because there is not enough true “proof” of the affiliate account owner’s sanctioned and illegal actions. Sure, the affiliate account owner’s affiliate tags are involved in what I can agree is a “crime” but did the affiliate account owner sanction the crime, order the crime, or participate in the crime? Where is the proof?

If it was your affiliate account and you neither endorsed nor participated in said crimes, would you want the affiliate account closed? Would it be “right” or “just” of the affiliate manager to shut you down?

Should he kill the specific tracker that is being used? What if you only use a single tracker? What if the tracker being used was copied from your top money page? Should he disable that tracker and refuse to pay you for any of the players on that tracker even though it is five years old and earning for fun (legitimately)? What should an affiliate manager do?

We the victims – the people who are having our copyright protected content stolen need to stand our ground and we need to do so now. What exactly can we do and what exactly should we do? One thing is for sure, we need to do more than simply complain on a forum and expect affiliate managers to do right by us, that’s for sure. If and when I find my content on other people’s websites, I first file a report with Google to report the content. I also probably need to follow that up in all honesty and I need to file a takedown request naming the hosting account, the registrar, the affiliate programs, and the site owner who is involved and benefitting from copying my work. If I’m really honest with myself – I should send a cease letter to all of those parties as well. I have screen shots to prove my case that the content on their website has violated my rights. I should probably push that as far as I can and I should probably seek damages in a court of law for the copyright violation. I should probably require that they prove they did not steal from me and make them spend money right along with me to fight the lawsuit.

In fact, maybe if I bring suit against one of these doctor’s websites who has snippets of my content on it – maybe I should file a suit against them for displaying content that belongs to me and was hung on a pdf file on their website (probably without their knowledge). Maybe I should also name their hosting company, and their registrar in the suit. Maybe then I will get the server records from them and maybe that will lead me (eventually) to the person committing the crime.

Unfortunately, that is all unlikely to happen. It all takes time and money to do this “the right way” if in fact there is a “right way” to handle it. There’s a fine line between taking the right action and ensuring that everyone’s rights are protected. I would not want an affiliate program to close me down because some competitor decided to roll me in a hacking campaign and use my links – hoping that the program will shut me down and thus, squeeze me out of the market so that he can move up to take on the next biggest affiliate in the space. If I would not want that for myself, then how can I truly expect an affiliate program to do that for another affiliate based on the same evidence? This sucks. There has to be a better way to end this ****. Thoughts?

[Roulette Zeitung]

"If someone steals content from affiliate A, illegally gains access to a hospital website and hundreds of other websites to post this content and it has your affiliate links in the content - can you prove that you did not do this?"

It assumes that the efforts of the criminals are nothing else than acts of revenge because they have no other benefit from those websites if ref-links from strangers generates the money.

Here the principle of obviousness comes into play.

In general view and looking carefully at the entire process some offences are so obvious, that it needs no final proof.

On the other side one essential point demonstrates the obviousness of innocence of the revenge act victim in your scenario: A true innocent webmaster would put up a defence against it, because this is a natural instinct designed to keep us alive. The webmaster would use also the unspoken but latent present invitation to public defend itself, e.g. here in this forum. This would change the situation dramatically.

So far no one of the "switched off" webmasters have complained about it. The famous notorious silence once again can be interpreted as an admission of guilt. As a result there is no doubt, that until today every disconnected account was opened or at least initiated by a true criminal who is guilty.

Because the criminals are working for reasons of money greed and probably not for reasons of revenge, the chance, that an innocent webmaster drifts into line of fire, is vanishingly small. Latest with a public confrontation in a forum an innocent webmaster secures chances for full rehabilitation.

This is the difference.

A person who is guilty, sits in the cave in the dark.
An innocent person strikes a match at the waistband of his sitting counterpart and searches for the exit.

Leopold

[universal4]

I agree that in most cases there will most likely not be many "innocent" victims having their content placed on hacked pages in order to target them for retaliation by hackers but it could happen.

In those cases one would hope the hacked servers could supply enough logs to show a pattern of where the uploaded content came from.

Filing reports as you mention, although many do, filing with the Registrar is not near as important as the web host and domain owner. Registrars are responsible for the the domain names and dns servers and seeing that the dns information makes it to the root servers, and they have most likely done their job correctly. Yes they have terms that domains should not be used for fraud etc, but their hands are pretty much tied without court orders.

Now the host, and their upstream providers, have much more sway and usually direct contact with the site owner or developer so it makes more sense to make sure they are notified along with site owners or developers.

In cases where it is even somewhat obvious that the site was hacked, I think it is silly to file a suit, and you would get much more satisfaction and much further trying to help site owners understand what happened etc, and they would likely remove hacked content much quicker. Plus adding site owners to any suits could open a can of worms that you may or may not want to be involved with, depending on what jurisdiction the site is in and the jurisdiction that the bulk of their traffic comes from.

The site owners of the hacked pages are "usually" the innocent victim in these cases, and are often the ones that need to taught what happened, and how to try and protect themselves better in the future.

Following the money, or in this case the tracker of the links on the hacked pages, is one of the best lines of defense we have. I do not know of any current cases that hacked pages ended up containing any innocent parties' links, but if it did happen, that would certainly be a tricky situation, so I am not sure how that would best be handled but it would most likely have to be between the affiliate program and the affected affiliate.

If something like this would ever arise, the affiliate program would be put in a very VERY sticky situation, since most affiliates would not likely believe the story that the affiliate affected was innocent and my guess is many would call for naming and shaming. (I personally think a little more of that should be taking place now)

Rick
Universal4

[Roulette Zeitung]

"most affiliates would not likely believe the story that the affiliate affected was innocent"

The witch trails here in Europe during the Medieval period, where thousands and thousands of innocent people were killed, shows that the believe of the "most" sometimes is more a curse than a blessing.

Human mass hysteria is one more example. For the "most" there is nothing more exciting than attacking as a group a supposedly weaker person to isolate him.

Our time-honoured fear of empty space s not entirely unfounded, because we are built of atoms, and every atom consist almost exclusively only of empty space. Surprisingly, this applies also to the brain.

The good news: For some that isn't actually empty but contains a lot of energy.

So what to do with the "most"?

Well, Voltaire's wisdom is also my conviction:

"I hate what you have to say, but I'll defend to the death your right to say it."

And so also the few - with energy - have something to say ... can and will take a position to defend an innocent person.

Leopold