Hackers turn tables on file-swapping firms

For the past several weeks, programmers have been releasing versions of popular file-swapping programs online with the advertising and user-tracking features stripped out.

John Borland Staff Writer, CNET News.com
John Borland
covers the intersection of digital entertainment and broadband.
John Borland
5 min read
The record companies had their Napster, and the stream of file-swapping companies that followed. The file-swapping companies now have their "Dr. Damn."

For the past several weeks, the pseudonymous programmer, who says he's a male college student and declines to give his real name, has been releasing versions of popular file-swapping programs online with the advertising and user-tracking features stripped out.

He's done Grokster and iMesh. And he's not alone. His work, now available through the Grokster and iMesh networks themselves, joins that of other programmers who have previously "cleaned" programs such as Kazaa and Audiogalaxy in a campaign against "adware" and "spyware."

"I've never been a big fan of large companies spying on their users," Dr. Damn wrote in an instant messenger interview. "Especially me."

The college student and his "Clean Clients" site form just one part of a growing backlash against the software now routinely bundled with free file trading programs. These piggyback software packages, which include Gator, Cydoor, and others, often track computer users' activity online to show them targeted advertisements. In Altnet's case, the add-on promises to turn users' computers into links in a new for-profit peer-to-peer network.

The "clean" software movement, which threatens to pinch off the stream of advertising and bundling revenues that supports free software, has put the file-swapping companies in an awkward position. For years, record companies and movie studios have complained that Napster, Kazaa, Morpheus and others were contributing to the theft of their intellectual property.

Now those same companies, seeking revenue to support their own businesses, are complaining that their intellectual property is being hijacked. In almost every case, the hacked version of their software is even being distributed through their own file-swapping networks.

All of the software companies require people to accept terms of service, which bar users from hacking into the software. These "click wrap"-style agreements have generally been upheld by courts, unless the terms are deemed unreasonable.

Kazaa's agreement, for example, states: "Except as expressly permitted in this License, you agree not to reverse engineer, de-compile, disassemble, alter, duplicate, modify, rent, lease, loan, sublicense, make copies, create derivative works from, distribute or provide others with the KaZaA Media Desktop Software in whole or part or transmit the application over a network."

But the file-swappers' difficulties aren't drawing much sympathy from more traditional intellectual property circles.

"It's refreshing to see they're interested in fighting for intellectual property," said Amanda Collins, a spokeswoman for the Recording Industry Association of America.

Same great MP3s, less filling
The most popular of the hacked file-swapping sites, Kazaa Lite, has already attracted legal threats from Sharman Networks, the Australian company that owns the Kazaa software.

"We mean to stamp it out," said Sharman CEO Nikki Hemming in a conference call Tuesday.

Kazaa Lite was allegedly created by a Moscow resident who uses the name "Yuri." Few in the file-swapping community will admit to knowing how to reach this figure, and some have even speculated that he's an invention to protect the actual creators of Kazaa Lite. However, the software has been floating in various places around the Net for at least two months.

A manifesto allegedly written by Yuri, posted on one of the original distribution sites, describes the creator's motivation. In the message, he thanks Kazaa for creating good software, but says its bundling policy is misleading.

"The real workings of these third party software is not sufficiently explained to the end users," the message attributed to Yuri reads. "The legal notice is very long and difficult to understand, particularly for those whose native language is not English. Fact is that most users of KaZaA don't even know that there were some third party software installed by KaZaA, or more important what that software does."

One of the most popular distribution points for the software is KazaaLite.com, a site run by 18-year-old Scottish university student Shaun Garriock. He says he started the site in late February and receives software updates by anonymous e-mail from Yuri. Other people around the world have started e-mailing him versions of the software in other languages, he says.

Sharman Networks is fighting back. They've successfully had the Kazaa Lite software taken out of Download.com, a popular software aggregation site operated by News.com publisher CNET Networks. In a conference call Wednesday, Sharman's Hemming said the company was in the process of seeking cease-and-desist orders against everyone in the KazaaLite distribution chain--"the Muscovite and everybody," she said.

"They're essentially hackers and rippers," Hemming said. "Basically our brand name is being damaged quite significantly by these activities."

Not all file-swapping companies are as sensitive to the issue.

"I'm personally aware of it," said Michael Merhej, CEO of Audiogalaxy. "Have I thought about it for a second? No."

According to Dr. Damn, the "cleaned" versions of the software aren't hard to create. He says he just looked at what the official Grokster and iMesh installation programs were putting on his computer, and then built his own installer, and put only the ordinary Grokster and iMesh files inside.

The advertising software built by Cydoor is built more deeply into Grokster, Kazaa and several other software programs. But a "dummy" version of their software has been created by CounterExploitation, a pair of college students who have become online privacy activists. Their work is used in several of the hacked file-swapping programs.

The hacked software is just one thread of the Net's technological response to the explosion of bundled software. Lavasoft's Ad-Aware, a piece of software that can strip out adware and spyware components from other programs, has been downloaded hundreds of thousands of times.

But as the hacked software movement grows, it is being forced more deeply underground. Already Dr. Damn's ISP has told him it will no longer host his files. He's looking for another provider.

KazaaLite.com's Garriock says he's thinking of e-mailing Sharman Networks in hopes of repairing any damage done.

"Even if they take the site down the program will survive somehow," he wrote in an IM interview. "But I don't want to go to jail yet for the people."