Facebook is abetting intellectual-property thieves

Summary: Facebook abets a shadowy, intellectual-property thief. This thief has stolen rights to all of my videos since June 2022.

Details:

I broadcast my bike rides. I throw a GoPro HERO9 on my helmet and live-stream the ride to Facebook. The camera uses my phone’s hotspot for data.

I know, it’s silly. It’s a gambit to get my Facebook friends to accost me for a $2 bill. (Only ten $2 bills have been distributed in the past 26 months.)

As self-created recordings of my own bike rides, these videos are my original creations. Despite that, since late June, every video ends up with a copyright notice:

Partial still of my video with a bogus copyright notice on top.

When I click on the notice, I get an error:

When I try to get more info on these bogus copyright notices, I often get an error. Did Facebook design this into the system to protect thieves?

Refreshing that page, I finally get useful info:

Facebook says a thief’s property matches part of my video.

Huh, so Facebook alleges that a thief’s fake property matches part of my video. Let’s click See details and find out more:

Faecbook says a recording of my bike ride has someone else’s “music”? 🤣🤣🤣

Facebook says the 14.72 minute recording of my bike ride has 93.25 minutes of someone else’s audio? 🤣 So many problems with this.

What are these 72 territories where the claim is asserted?

72 countries where my audio is muted, due to someone using Facebook to steal my intellectual property.

Heres’ the 72 countries where Facebook allows a thief to steal my intellectual-property rights:

  1. Andorra
  2. Netherlands Antilles
  3. Angola
  4. Antarctica
  5. Aland Islands
  6. Azerbaijan
  7. Bahrain
  8. Burundi
  9. Benin
  10. Saint Barthelemy
  11. Brunei
  12. Bonaire, Sint Eustatius and Saba
  13. Bhutan
  14. Bouvet Island
  15. Botswana
  16. Belarus
  17. Democratic Republic of the Congo
  18. Central African Republic
  19. Republic of the Congo
  20. Ivory Coast
  21. China
  22. Cuba
  23. Djibouti
  24. Western Sahara
  25. Eritrea
  26. Ethiopia
  27. Faroe Islands
  28. Gabon
  29. Greenland
  30. Gambia
  31. Equatorial Guinea
  32. Greece
  33. Guinea-Bissau
  34. Haiti
  35. Hungary
  36. British Indian Ocean Territory
  37. Iran
  38. Comoros
  39. North Korea
  40. Liberia
  41. Moldova
  42. Saint Martin
  43. Madagascar
  44. Marshall Islands
  45. Myanmar
  46. Mauritania
  47. Mauritius
  48. Maldives
  49. Mozambique
  50. New Caledonia
  51. Niger
  52. French Polynesia
  53. Papua New Guinea
  54. Saint Pierre and Miquelon
  55. Pitcairn
  56. Sudan
  57. Saint Helena, Ascension and Tristan da Cunha
  58. Slovenia
  59. Svalbard and Jan Mayen
  60. Sierra Leone
  61. Somalia
  62. South Sudan
  63. Sao Tome and Principe
  64. Syria
  65. Chad
  66. French Southern Territories
  67. Togo
  68. Timor-Leste
  69. East Timor
  70. United States Minor Outlying Islands
  71. British Virgin Islands
  72. Wallis and Futuna

This is a diverse group of countries: Second World, Third World, Axis of Evil, microstates, client states, failed states, and more. The only commonality I can fathom is they might not take intellectual property seriously, making it easy for thieves to use them as property-theft tools.

If I hit Continue (see two screenshots above), I pass through some perfunctory dialogs:

Perfunctory dialog explaining the basics of copyright.

Continuing, copyright tips that are inapplicable to someone who, like me, puts his original creation on Facebook:

Another perfunctory dialog giving irrelevant information to people who own the rights to their own media.

Finally, I get to do something:

Dialog allowing me to choose my next step: accept changes, submit dispute, or remove video.

Selecting Submit dispute then Continue brings more perfunctory dialogs:

Perfunctory dialog explaining what it means to dispute a copyright claim.

Now I can submit the dispute. I filled out the Submit dispute dialog:

Submit dispute dialog, filled out with relevant information.

Pressing Submit nearly always brings me to a final dialog, saying that my dispute was accepted and more information that is irrelevant to people uploading their original creation:

Dispute-accepted dialog.

Now the original support message says the audio was restored:

Facebook’s support message changed, now indicating that the audio is restored.

This is not an isolated occurrence. It has been happening since June 28. Here’s a screenshot of my Facebook support inbox:

Sampling of where Facebook aided a copyright thief many times.

This usually works but not always. I am incapable of shoving the thief off of one of my June videos. Every dispute attempt on that video ends in an error:

I always get an error after disputing a particular June video.

Is this an example of Facebook providing even more aid and comfort to intellectual-property thieves?

This experience concerns me on several levels:

  • Facebook allows thieves to use its system to steal rights to others’ intellectual property.
  • Facebook does not tell me which part of my original creation is triggering the thief’s false claim.
  • Facebook does not identify the thief to me.
  • Facebook’s interface appears to be designed to assist the thieves, using error messages to thwart intellectual-property owners.
  • At what point will Facebook suspend my account due to too many intellectual-property issues?

Here’s the same video, on YouTube (no fake copyright violations!):

The video where Facebook lets a thief steal my intellectual property. Also, this is more than 2 minutes longer than Facebook’s video. I haven’t analyzed why.

I challenge you to spot a copyright violation in it.

Technical notes that may be inconsequential:

  1. The video that Facebook sees is the broadcasted video, which is what the GoPro sends to Facebook through my phone’s hotspot. The above YouTube video is straight off the GoPro’s SD card. Having artifacts of running through a hotspot with variable speed, such as occasional skips or glitches, the broadcasted video will be lower quality than the SD-card-sourced YouTube video.
  2. My videos are usually much longer. The one that is the subject of this post is short because the camera turned itself off during my ride. That happens once or twice a month in hot weather, possibly due to overheating. The battery was at 77% when I restarted the camera.
  3. On occasion, when I ride by someone who has a speaker going, my video may pick up a brief recording of whatever music is playing. This is again unusual and is a brief recording further harmed by a lot of wind noise. These possible incidental recordings have never before triggered a copyright notice, so I don’t think they explain this issue. I once inadvertently included an incidental recording into another video–not bike-ride related–and I remember Facebook identifying the copyright holder, unlike what happens in this incident.

Email is still the #1 marketing and communication channel

The “death of email” fad is over a decade old. It is wrong. Email is still key to marketing and communications (marcom).

“Death of email” supposes people move to other platforms. The “other platforms” part isn’t wrong. Social media platforms barely existed a decade ago, and now they are widely used. The “move” part is what’s wrong.

Email is effective

Email’s first strength: it reaches more people than any other platform.

If you search on this, two facts emerge:

  • Email is by far the #1 tool, measured by percent of people using it.
  • The pandemic has significantly increased email utilization.

Effective email communications should be a marcom starting point.

Other platforms

Email’s other strength: it’s a single platform.

Think about social media: some are on Facebook, some are on Twitter, some are on Instagram, some are on other platforms. Effective marcom on social media requires you to cross-post to several platforms. That’s a chore!

Other platforms can be secondary

For all important communications, email should be primary. That means what you need to communicate, or a link to this information, must be in an email. Other platforms must be secondary.

Want to also convey information over Twitter, Facebook, Snapchat, etc.? Go for it! Just be consistent and thorough with what you do. If a social media platform’s users become satisfied with communications over it, they may pay less attention to emails.

Exceptions

Targeted or non-important communications? Do what makes most sense. A geofenced communication to find prospects may make sense exclusively on social media.

What about communities that are simply part of a social-media platform, such as Facebook groups? In that case, using social media as the primary or even exclusive communications tools could make sense.

Finally, your organization may have a practice of using selected platforms for communications. For communicating with affiliates, exclusive use of the selected platforms could be fine. This assumes enough of your affiliates are willing to watch for information on that platform.

Summary

Email is the dominant communication platform. Allegations of change have been hoaxes.

For typical marketing and communications, email-first should be the rule. If it’s important, it must be in an email. Other platforms are generally best for complementing emails.

Heartbleed = overcomplexity + input validation failure

The Heartbleed vulnerability is because the OpenSSL code didn’t validate an input. It’s also because OpenSSL had unnecessary complexity.

OpenSSL has a heartbeat feature that allows clients to send up to 64 kilobytes of arbitrary data along with a field telling the server how much data was sent. The server then sends that same data back to confirm that the TLS/SSL connection is still alive. (Creating a new TLS/SSL connection can take significant effort.)

The problem is if the client specifies that it sent more data than it actually did, the server would send back the original data and some of its RAM. For example, suppose the client sent a 1K message but said it’s 64KB. In response, the server would send a 64KB message back, which was the original 1K message plus 63K of data from the server’s RAM, which could include sensitive, unencrypted data from other programs.

How this could have been prevented:

  1. Avoid pointless complexity: don’t require the client to also send the length of the arbitrary text. The server should have been able to detect the length of the text.
  2. Validate all input. The server failed to ensure that the client’s description of the text length matched its actual length. (The fact that the server could detect the message’s actual length further validates my view on #1.)

Keep it simple! In addition to driving up creation and maintenance costs, needless complexity is more opportunities for things to break.

Google is not linking to HTTPS versions of everyone’s sites

In the University Web Developer’s (UWEBD) listserv today, a conversation took off about how Google was linking to the HTTPS version of Florida Gulf Coast University’s web site. It was a problem because of FGCU’s broken HTTPS channel.

I was surprised at the misconceptions that came over a technically astute email group. Here’s my statement:

Two inaccurate things have been said about Google.

Inaccurate statement 1: Google is securing others’ sites. Dangerous misconception! Google cannot “secure” your site. If Google’s link to you uses HTTPS, that does not “secure” your site. It just means Google is linking to your site’s secure channel. “Securing” a site includes transport security (HTTPS channel) among many other things. Most importantly, YOU, the site owner, do the “securing”, not Google.

Inaccurate statement 2: Google is en masse sending users to HTTPS channels on web sites. Nope. For example, Southern Methodist University has had both HTTP and HTTPS channels for www.smu.edu for over a decade. Google links to the HTTP version.

Starting late last year, Google encrypts traffic between the user and its search site. If you visit http://google.com, Google redirects you to https://google.com. That has no bearing on whether Google’s search results link to HTTPS or HTTP channels. However, it may limit site owners’ view of search keywords (reference); that isn’t related to the inaccurate statement.

You can still get unsecured Google search using http://www.google.com/webhp?nord=1 (note the highlight), but only if you’re not signed in. A search on Florida Gulf Coast University on the unsecured version still links to the HTTPS channel.

There’s are many reasons why Google is linking to FGCU’s secure channel, but it’s almost certainly not because of Google’s own change.

Beware of Drupal for enterprise WCM

A colleague at large university asked my thoughts on using Drupal for enterprise web content management (WCM).

Drupal has its uses, but I only recommend it for point solutions or, if in large-scale use, for cookie-cutter things where all the Drupal instances are configured almost identically and share little content. I generally do not recommend it for enterprise-wide WCM.

I wrote:

Drupal is a great solution for certain purposes, but I hesitate at recommending it for an enterprise CMS. Even though some tools make it easier to manage [edit: like Aegir], Drupal “enterprise”, especially for a college campus, is still essentially flying many individual instances in parallel, so I don’t consider that a real enterprise setup. No other “enterprise” system that I am aware of is so loosely-coupled on the application layer of the service delivery stack.

You’ll find other institutions with a different perspective. I think Stanford is one. Stanford, I believe, is widely using Drupal. [edit: yes, it is: https://techcommons.stanford.edu/drupal]

The problem with their setups is to run a massive Drupal installation, your IT department’s staff commitment to web content management (WCM) will be more heavily expressed in sysadmin skillsets and FTEs than developer skillsets and FTEs. The problem there is cultural: as practitioners of stability, minimizing cost, avoiding change, etc., sysadmins are culturally much further away from web marketing than developers.

And that’s what I like about Sitecore: as a true enterprise WCM, it frees me from much of the sysadmin burden that I would bear by running gobs of parallel instances. It allows me to instead invest in developer skillets and FTEs, which in the long term helps our marketing mission.

Now, there’s also an economy of scale. At some point, you may have sufficient staff resources that it may in fact be cost-effective to go with virtually any free CMS as a base product and develop whatever you want on it.

Three general pointers:

  • Customized code that is not expressed as a formal Drupal module or theme will cause update headaches. Drupal core and the modules have frequent releases, and I recommend staying on top of them because they often contain important bug and security fixes. If you customize Drupal core or customize a module, you’ll have to re-customize it every time there’s a new release. However, if you can implement your custom code as a formal module, it is much more likely to be able to exist unchanged while other modules or Drupal core change. It’s likely, though, that you’ll need to revisit your modules on major new Drupal releases, like v7 to v8.
  • Software costs are a small part of TCO of a system. Just because the software is free does not mean you’re going to get a gigantic savings over a commercial product. That notwithstanding, there are FOSS [edit: free and open source software] tools that make a lot of sense, like, say, Firefox, Chrome, WordPress, and even Drupal for certain situations. But sometimes, FOSS tools may require more FTEs or, like I said above, FTE types that may not be the best cultural fit for marketing.
  • Generally, academic-targeted CMSes are not that good. They seem to have their rabid supporters, but my general experience is that these supporters are suffering from confirmation bias, and that these academic focused CMSes cannot compete with the big players.