User Generated Content Ownership

Since the creation of the <form/> elements people have been wondering about the ownership and copyright of content created online. From email and message boards in Web 1.0 to blogs and Twitter in Web 2.0 the same fundamental questions remain.

Lately, Twitter has been the focus. Twitter is actually pretty clear about it’s claims to user generated content:

  1. We claim no intellectual property rights over the material you provide to the Twitter service. Your profile and materials uploaded remain yours. You can remove your profile at any time by deleting your account. This will also remove any text and images you have stored in the system.
  2. We encourage users to contribute their creations to the public domain or consider progressive licensing terms.

It’s pretty clear that Twitter is taking a hands off approach, but it doesn’t let users decide what they want. I’m personally a fan of Creative Commons so my suggestion would be to let decide in their account settings how they wish to license and choose between CC licenses. That of course makes retweeting complicated to put it nicely (it’s more like a minefield). That’s likely the reason they avoid the licensing issue. Sure you can put some sort of an icon next to the tweet to indicate the licensing, but what if someone retweets it? Or modifies it ever so slightly? Is it a new tweet? How many characters must change for it to be a new one? This is where it gets murky.

Yahoo owned Flickr choose to solve this problem by letting users choose what copyright they want to impose, and include a Creative Commons option. A very graceful solution though admittedly their situation is much simpler than Twitter’s since they don’t have to deal with complexities like retweeting which would make things very complicated.

WordPress.com isn’t as clear in regards to it’s claims (or lack of) to copyright. Though they are far from locking people in considering you can delete stuff at any time and download your entire blog and move it elsewhere. Matt‘s been pretty open about giving users choice including the ability to leave WordPress.com. There is of course room for improvement to clarify their stance on copyright ownership.

Even Google has been criticized for copyright concerns regarding services like Google Docs.

They could adopt the Richard Stallman stance to “intellectual property” (his airquotes), though that would alienate at least as many as it attracts.

While Twitter might be the hot topic today it’s hardly a problem exclusive to Twitter. It’s an issue for virtually any site out there that accepts third party content. It gets more complicated when content can be remixed and redistributed.

The reality is people should know what rights they are giving up by putting content on these or any other services, but people rarely do. Perhaps a great Creative Commons project would be to create the same simplified icon/license system but for websites that allow users to submit content. The licenses would indicate what the impacts of the Terms of Service jargon are in plain English. It’s essentially the inverse of what they do now. Label the service as well as the content.

So what’s the best solution?

First CVE

I just found out the other day I found my first bug worthy of being a CVE (Common Vulnerabilities and Exposures) Candidate: CVE-2008-3747. Low profile, but I guess still a potential vulnerability.

I must admit I didn’t know that the database is funded by the National Cyber Security Division of the United States Department of Homeland Security. I did know US-CERT was.

Summer Of Code 2008

Google announced the project lists for Summer Of Code 2008. Some of the more interesting projects from my perspective:

Adium

Dojo Foundation

FFmpeg

Gallery

Inkscape

Joomla!

The Mozilla Project

MySQL

PHP

Pidgin

WebKit

WordPress

Matt Mullenweg On Ads

Ran across this quote today which I just had to blog from WordPress.com’s Matt Mullenweg since I found it funny:

“We decided to show ads only on certain pages, only to the people who were sort of random drive-by visitors…if you use Firefox, you’ll never see an ad, no matter what, mostly because I like Firefox.”

Also kinda interesting from a business perspective. There’s been some suggestion over time that Firefox users are prone to ignore ads. Partially because of extensions that block ads (though products to block ads on the OS level, and in IE exist too btw), but partially because they are said to be more technical.

I wonder if a practice like this actually provides a higher click through rate. Because they only show ads in certain places, it’s not about total impressions (they control that by picking where to show ads, and when). They control how many impressions they run in a given period. By targeting those more inclined to click on ads, theoretically your ratio should be higher.

I’ve heard of quite a few different ways to target ads over the years, but this is a new one.

Secrets In Websites II

This post is a follow up to the first Secrets In Websites. For those who don’t remember the first time, I point out odd, interesting, funny things in other websites’ code. Yes it takes some time to put a post like this together, that’s why it’s just about a year since the last time. Enough with the intro, read on for the code.

Continue reading

Enhancing Security With Nonce

A little while back I read about how WordPress was implementing Nonce to help enhance security. What I like about this technique is that it doesn’t rely on referrer checking (which is faulty at best).

Today I implemented that on a project I’m working on, rather similar in style to WordPress. I think overall it’s a better approach to referrer checking. It seems the nonce approach is actually quite popular on the web looking at commercial sites, but not a technique often talked about.

Well done by the WordPress team. My implementation is pretty similar to theirs (my variables and salting is a little different based on the app) since it was pretty hard to improve upon. Not sure how long to make the Nonce, so I stuck with 10, which is what I believe they did as well. Not sure if I should go with something longer.

One of the great things about open source is the discussion of best practices and techniques. It also benefits closed source projects who can gain influence and knowledge from those discussions.