Re: [tlug] detect fake HTTP referrer

["Nguyen Vu Hung" <vuhung16plus+shape@example.com>]

2008/1/17, Stephen J. Turnbull <stephen@example.com>:
> I don't think any of these work, because NVH doesn't "own" the
> legitimate referrers, see below.
I don't mind if the referrers use the default HTTP referer, i.e, give
a credit to my site.

>  > You could add some pseudo-random string to the URL
>
> Ugh.  This is what cookies are for.  Yeah, I know, some people don't
> like to enable cookies.  If so, that pseudo-random string is just
> another form of user tracking they won't like, so life sucks all
> around.  Better to tell them up front that they need to enable cookies
> for your site.
>
I don't know how to use cookies in this situation, but so far, for the users'
conveniences, the only thing I use is Apache's mod_index.

When users come to my site, they see the list of files and pick the
files they want.

Adding an authentication method like what megaload or rapidshare do is possible,
but it will be annoying.

>  > The other way would be to record the IP address of the visitor when he
>  > accesses your d/load page
>
> The point of NVH's story is that for legit referrers, the visitor just
> downloads the file.  It's like an OEM agreement, I suspect: he lets
> "people he likes" rebrand his content (ie, by linking directly to it
> from their pages).
>
Yes, yes. My English is not good enough to explain this good :D

>  > BTW, the more common form of this "theft" is when pages link directly to
>  > image files stored on some other machine -- either out of laziness or a
>  > desire to keep their own bandwidth to a minimum by serving their images
>  > from someone else's site. I believe the correct term is "bandwidth theft".
>
> Actually, in the U.S. the correct term "obeying copyright law without
> checking the license".  If somebody puts up content on a public site
> with no access controls, then anybody may download it.  This *does
> not* mean that "anybody" may keep anything more than the "ephemeral"
> copies that are required to view it.  Let alone redistribute.
>
My site doesn't provide image files, only rar and zip files are there.

Some warez sites even add its domain to files name, protect files with
a password = domain name :D.

Is this a good idea?

> This is identical to the policy of most mailing lists that you do not
> copy a full text if there's an URL available.  Sure, it saves
> bandwidth, but the overriding reason (and the reason "inclusion-by-
> reference" cannot be prohibited by law or custom, but only controlled
> on a case-by-case basis) is to avoid the (high!) cost of verifying
> license policy.
>
Actually it went to the court:
http://www.efytimes.com/efytimes/fullnews.asp?edid=9018&magid=

-- 
Best Regards,
Nguyen Hung Vu ( Nguyễn Vũ Hưng )
vuhung16plus{remove}@example.com
An inquisitive look at Harajuku
http://www.flickr.com/photos/vuhung/sets/72157600109218238/