« links for 2007-01-29 | Main | links for 2007-01-30 »

Monday, January 29, 2007

Blog Platforms Should Embrace OpenID to Address Theft

Stephen Davies, my counterpart in London, has had his custom blog design ripped off not once, but twice. Both times the theft appeared to originate in Asia. Others have had the same issue. And one blogger had success using the Digital Millennium Copyright Act to get justice.

Blog designs, like any code, are really easy to steal. Just look at the source code and you have what you're looking for. Further, if you publish the full text of your blog in your feed, it's conceivable that someone can steal all your goods. Now might be a good time to do something about this before it really becomes rampant.

It seems to me like we can solve this problem with Open ID. The major blog publishing platforms should encourage their members to also sign up for OpenID (more information is on Wikipedia). Then they can have a mechanism in place that plants a special watermark on your blog once you've confirmed your ID. Basically, every time your blog is loaded it sends data to Open ID that then generate a special coded watermark on your blog confirming you're you. If it doesn't see the code then your content won't load. LiveJournal, Vox, Technorati and others do so but not in this manner.

Now I am not a web developer so perhaps this is naive of me. Maybe people can see the data flowing back and forth and still hack this. Thoughts?

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/12807/7686720

Listed below are links to weblogs that reference Blog Platforms Should Embrace OpenID to Address Theft:

» On OpenID from Jeremy's Blog
OpenID is getting a lot of [Read More]

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

I have given up long ago. I regularly have sploggers copy and paste my writing into their splogs.

Although, the OpenID idea is very interesting. I wonde if it is still possible for people to spoof the OpenID url, though. This is an issue that we'll be exploring soon at http://socialsynergyweb.net/cgi-bin/wiki/OpenidEcomm/HomePage wiki.

DRM for HTML and RSS? Really?

I don't think OpenID does what you think it does.

re: Open ID -- that would be more for blog content though, not blog design.

The best way I think to keep track of custom CSS designs is to have embedded tracking images. The thing is -- if you are using images in your design you're pretty much doing this anyways. You just need to check the server logs to see what other sites are pulling the images that are part of the design. Then follow with the public shaming, or more realistically a prominent link saying "design by".

"You just need to check the server logs to see what other sites are pulling the images that are part of the design. Then follow with the public shaming, or more realistically a prominent link saying "design by"."

That's pretty much what I've done but what good has it achieved? There should be some sort of copyright standard.

I don't believe OpenID does what you want.

You can put a meta tag in your blog template that references your OpenID page, essentially allowing your blog url to become a 'prettier' OpenID url than someuser.myopenid.net... A bit like all those vanity email redirection services that forwarded your mail to your ugly hotmail account C1998.

However there is no 'watermarking' function as you suggest. By the mere fact it's a meta tag in HTML, such a tag can easily be removed as quickly as it can be written in.

There's also nothing to stop a browser rendering a page based on the presence of an OpenID tag.

I guess theoretically the blog providers like WordPress.com and TypePad could enforce users insert an OpenID tag into their templates, but doesn't stop people stealing templates and removing the OpenID tag.

The issue of stealing HTML has been around since the Internet was invented. If people are going to steal your HTML, they will. But that still leaves them with a lot of work to reverse engineer it into a template.

The one vulnerability you can check for if you are using a non-PHP based blog system (such as MT) is whether your templates are located in a path referenced in your HTML (perhaps where the stylesheet lives). If so, check that upon loading this directory it contents are not revealed as this allows people to then download your template files one-by-one. If they are, you can place a blank index.html file in there to stop it happening.

Wordpress doesn't suffer this problem as the template files are PHP and thus the code is parsed out before it is served.

What dotBen said.

Your id won't work: it's the classic "trusted client" problem.

You can control code that runs on your machine, you can't control what code runs on other machines.

If people have enough access to your theme that they can copy it on to their own site, they have enough access that they can twiddle the check for a watermark to make it ignore that check.

As dotBen said, part of the solution is to move the code onto the server and not give it away to every browser that comes along. It's not as easy as just putting the templates into PHP though: the browser still downloads the html, javascript, and CSS that the PHP code on the server spits out, and that can all be copied to give the same look-and-feel to another site.

Steve...... stay clear of the crypto protocol design. Here be dragons.

Your protocol is pretty silly just based on the fact that you can strip out the watermark code when you go to steal the template.

What makes a lot more sense it to use a comment or some other identifier with a high degree of entropy.

Read this post:

http://www.feedblog.org/2006/12/tracking_google.html


Then put a word like this in teh comment of your template. Chances are it won't be stripped and then you can rely on the law to assert your rights.

Kevin

wow..another useful info for me..I should read this in the first place before I set up my very first website...

CMS and Blog Website templates, flash templates,WordPress Themes,Php-Nuke Templates, phpBB Templates for a economical rate web design products for a economical rate

The comments to this entry are closed.

My Photo

Search


Subscribe

My Lifestream

Contact Me

Recent Comments

Miscellany