By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,492 Members | 1,987 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,492 IT Pros & Developers. It's quick & easy.

Ethics of linking to a binary

P: n/a
I believe it is universally accepted that decorating your
website with images from someone else's, without permission,
is rude and unethical, even if the images are in the public
domain, because to do so is to steal bandwidth.

But I have run across a situation where people are linking
to other types of resources that I offer on my website
without my permission, and I was interested to know if there
is a consensus on the ethics of this practice.

I made some minor modifications to the (open) source of a
program used in scientific computing and compiled it for use
on Macintosh OS X. I did this because there was interest in
it and several people were having trouble compiling it or
couldn't find the appropriate sources. I made a page where I
explained what the program was, what other versions were available,
how to use it, and offered the modified sources and the compiled
binary for download. This page has been up for over a year and
gets a couple of hundred visits a day; downloads of the binary
add up to a good fraction of my monthly bandwidth of a little over
a gigabyte. Depending on how you spell "OS X", I'm either the
first link for this subject on Google or way down on the list.
That's all fine, but looking at my referrers I've
discovered that several people have built their own pages
where they mention the program and say something like "you can
download it here", with a direct link to the binary from my
site.

These all look like good, noncommercial (except for VersionTracker,
one of the linkers) pages that offer useful information (a couple
are in Japanese, but they look pretty serious, as far as I can tell).
I haven't complained to any of these sites' maintainers, because
I'm not sure they're doing anything wrong. This is just not something
I would consider doing myself, not without obtaining permission - it
strikes me as pretty closely analogous to the practice of image stealing.
It just seems odd and slightly, but I suppose unintentionally, rude.

Please notice that I'm not objecting to the practice of "deep
linking", which I think is perfectly normal. These are not links
to one of my pages, but direct links to a file for download, where the
authors have replaced the context I provide on my page with their
own context, with no mention of my site and no link to any of my
pages. For example, my page has an invitation to send me comments or
get in touch if there is trouble using the program, but someone who
follows one of these links will not know this. This has nothing to
do with revenue; there is no advertising on my site.

I am interested in any opinions.
http://www.lee-phillips.org
Jul 20 '05 #1
Share this Question
Share on Google+
27 Replies


P: n/a
"Lee Phillips" <le*@leeHYPHENphillips.org.invalid> wrote in message
news:sl****************@lees-computer.local...
Please notice that I'm not objecting to the practice of "deep
linking", which I think is perfectly normal. These are not links
to one of my pages, but direct links to a file for download, where the
authors have replaced the context I provide on my page with their
own context, with no mention of my site and no link to any of my
pages. For example, my page has an invitation to send me comments or
get in touch if there is trouble using the program, but someone who
follows one of these links will not know this. This has nothing to
do with revenue; there is no advertising on my site.

I am interested in any opinions.


I would add a note to the download page asking linkers to link to the page,
not the executable.

I would also send polite emails to those now offering links to the
executables, suggesting that they change their links to your page, and
explaining why.

You should also consider putting the executable file in a zip file (or in
several compressed file formats). This will reduce the consumption of your
bandwidth, and will also make it easier for users when XP SP2 comes out,
which will make it harder to download executables.

Jul 20 '05 #2

P: n/a
Lee Phillips <le*@leeHYPHENphillips.org.invalid> wrote:
I believe it is universally accepted that decorating your
website with images from someone else's, without permission,
is rude and unethical, even if the images are in the public
domain, because to do so is to steal bandwidth.

But I have run across a situation where people are linking
to other types of resources that I offer on my website
without my permission, and I was interested to know if there
is a consensus on the ethics of this practice.


Same issue as with images (bandwidth theft), unless they link to your
download page, that's perfectly acceptable.

--
Spartanicus
Jul 20 '05 #3

P: n/a

"Lee Phillips" <le*@leeHYPHENphillips.org.invalid> wrote in message
news:sl****************@lees-computer.local...
I believe it is universally accepted that decorating your
website with images from someone else's, without permission,
is rude and unethical, even if the images are in the public
domain, because to do so is to steal bandwidth.
If the images are in the public domain and people copy them to their own
site from someone else's and then serve them from their own site, it's
neither rude nor unethical. If you're serving them from someone else's site,
so that they get a lot of unintended requests, then obviously it's an
encroachment. But then, why would you do that instead of just serving them
from your own site?

But I have run across a situation where people are linking
to other types of resources that I offer on my website
without my permission, and I was interested to know if there
is a consensus on the ethics of this practice.

I made some minor modifications to the (open) source of a
program used in scientific computing and compiled it for use
on Macintosh OS X. I did this because there was interest in
it and several people were having trouble compiling it or
couldn't find the appropriate sources. I made a page where I
explained what the program was, what other versions were available,
how to use it, and offered the modified sources and the compiled
binary for download. This page has been up for over a year and
gets a couple of hundred visits a day; downloads of the binary
add up to a good fraction of my monthly bandwidth of a little over
a gigabyte. Depending on how you spell "OS X", I'm either the
first link for this subject on Google or way down on the list.
That's all fine, but looking at my referrers I've
discovered that several people have built their own pages
where they mention the program and say something like "you can
download it here", with a direct link to the binary from my
site.

These all look like good, noncommercial (except for VersionTracker,
one of the linkers) pages that offer useful information (a couple
are in Japanese, but they look pretty serious, as far as I can tell).
I haven't complained to any of these sites' maintainers, because
I'm not sure they're doing anything wrong. This is just not something
I would consider doing myself, not without obtaining permission - it
strikes me as pretty closely analogous to the practice of image stealing.
It just seems odd and slightly, but I suppose unintentionally, rude.
IMO the socially correct way would be to direct people to the page where
*you* have your download links, as you mention further down.

Please notice that I'm not objecting to the practice of "deep
linking", which I think is perfectly normal. These are not links
to one of my pages, but direct links to a file for download, where the
authors have replaced the context I provide on my page with their
own context, with no mention of my site and no link to any of my
pages. For example, my page has an invitation to send me comments or
get in touch if there is trouble using the program, but someone who
follows one of these links will not know this.


And not only is this a courtesy to you, but it's of benefit to those who
download the files.

Jul 20 '05 #4

P: n/a
On Thu, 27 May 2004 19:25:08 GMT, C A Upsdell <cupsdell0311XXX@-> did write:
I would add a note to the download page asking linkers to link to the page,
not the executable.

I would also send polite emails to those now offering links to the
executables, suggesting that they change their links to your page, and
explaining why.
Good suggestions, thanks.
You should also consider putting the executable file in a zip file
Oh, it's compressed.
make it easier for users when XP SP2 comes out,
which will make it harder to download executables.


Is that Windows? The binary is for Macs.
Jul 20 '05 #5

P: n/a
On Thu, 27 May 2004 15:50:44 -0400, Harlan Messinger <h.*********@comcast.net> did write:
If the images are in the public domain and people copy them to their own
site from someone else's and then serve them from their own site, it's
neither rude nor unethical. If you're serving them from someone else's site,
That's what I was talking about ...
so that they get a lot of unintended requests, then obviously it's an
encroachment. But then, why would you do that instead of just serving them
from your own site?
I guess people who do this either do it out of ignorance or
to save their own bandwidth at the expense of someone else's.
IMO the socially correct way would be to direct people to the page where
*you* have your download links, as you mention further down.


That would be more to my liking, certainly.

Jul 20 '05 #6

P: n/a
"Lee Phillips" <le*@leeHYPHENphillips.org.invalid> wrote in
comp.infosystems.www.authoring.html:
[compiled program, specifically]
But I have run across a situation where people are linking
to other types of resources that I offer on my website
without my permission, and I was interested to know if there
is a consensus on the ethics of this practice. Please notice that I'm not objecting to the practice of "deep
linking", which I think is perfectly normal. These are not links
to one of my pages, but direct links to a file for download, where the
authors have replaced the context I provide on my page with their
own context, with no mention of my site and no link to any of my
pages.


I agree with you: I would have a problem with this. If they
mentioned your site and gave the URL of the enclosing page, I
wouldn't have a problem with that. But simply linking to the binary,
with no indication that it's on a different site, comes close to
stealing bandwidth.

You can deal with this, if you have an Apache server. See
<http://apache-server.com/tutorials/ATimage-theft.html>, "Preventing
Image Theft".

Otherwise, you might want to try notifying the linkers to please
link only to your explanatory page. (You should probably put a note
on that page too.) Then enforce your request by occasionally
changing the name of the binary file and updating the <a href> in
your explanatory page; this will break the outside links your binary
file. You may want to write a custom 404 page explaining the
situation, so that people who follow those broken links will
complain to the other webmasters and not to you.

--
Stan Brown, Oak Road Systems, Cortland County, New York, USA
http://OakRoadSystems.com/
HTML 4.01 spec: http://www.w3.org/TR/html401/
validator: http://validator.w3.org/
CSS 2 spec: http://www.w3.org/TR/REC-CSS2/
2.1 changes: http://www.w3.org/TR/CSS21/changes.html
validator: http://jigsaw.w3.org/css-validator/
Jul 20 '05 #7

P: n/a
Lee Phillips wrote:
But I have run across a situation where people are linking
to other types of resources that I offer on my website
without my permission, and I was interested to know if there
is a consensus on the ethics of this practice.


I think you should publish a policy asking people not to do this. Of
course, it won't make any difference, but it takes away lack of
information as an excuse.

If you run your own server, you could force a redirect from offending
referrers, or indeed from all referrers except your own download page. A
302 redirect from the binary URL to your download page would do the job
nicely.

I did this recently with a LiveJournal (blog) user who decorated one of
his journal entries with an image from my server. As I'm not providing a
"clipart for blogs" service from my DSL-connected server, I knocked up a
redirect to an image on a large ISP's server who wouldn't even notice
the bandwidth. Luckily for him, I chose a tame image (a cute little
kitten, in fact), but technically, I could have linked to something
quite unsavoury!

Look up the Apache documentation on mod_rewrite if you're using Apache.

--
Mark.
http://tranchant.plus.com/
Jul 20 '05 #8

P: n/a
"Mark Tranchant" <ma**@tranchant.plus.com> a écrit dans le message de
news:CH********************@stones.force9.net
If you run your own server, you could force a redirect from offending
referrers, or indeed from all referrers except your own download
page. A 302 redirect from the binary URL to your download page would
do the job nicely.


I don't think this is a good thing to redirect basing on the referer header
value. Nowdays the referer is blocked by a lot of systems. For the last
website I worked for, there was approximatly 10% of the users that don't
send the referer value (though there was a lot of them using their work
computer)

Jul 20 '05 #9

P: n/a
Lee Phillips wrote:

But I have run across a situation where people are linking
to other types of resources that I offer on my website
without my permission, and I was interested to know if there
is a consensus on the ethics of this practice.


You might be able to use htaccess in combination with a script which
checks the referrer string. What does this mean? When people click on
yoursite.com/your.exe from another site than yours, they will be
redirected to an HTML page. If they happen to right-click-save the link
from the other site it's bad luck for them as they will now have
downloaded an HTML file...

Another option? Always remove your old Exe and rename it so it moves to
a new position; but keep your info page in HTML in a static place. This
will reward people linking to HTML and will cause broken links to those
who use the exe-link. However you can have a fallback by using a nice
document-not-found message which leads straight to the exe...

As for morals: no, this is the Web, there is password-protection etc.
but not morals. If someone has the power to deep-link they may use it
and it's your job to protect yourself. Not to say that I think it's
fair e.g. to include an image from another page inline, and I also
wrote to others because they did do that on my site...

--
Google Blogoscoped
http://blog.outer-court.com
Jul 20 '05 #10

P: n/a
CJM

"Lee Phillips" <le*@leeHYPHENphillips.org.invalid> wrote in message
news:sl****************@lees-computer.local...
But I have run across a situation where people are linking
to other types of resources that I offer on my website
without my permission, and I was interested to know if there
is a consensus on the ethics of this practice.


I should imagine you could hide your binary in an area that is publicly
accessible, and stream the binary from your download page. I know how to do
this in asp, but I'm sure it's equally possible in the scripting language of
your choice.

CJM
Jul 20 '05 #11

P: n/a
"Philipp Lenssen" <in**@outer-court.com> wrote:
You might be able to use htaccess in combination with a script which
checks the referrer string.
As Pierre seems to be aware of, this is a bad thing, referrers are
optional, and spoofable.
Another option? Always remove your old Exe and rename it so it moves to
a new position; but keep your info page in HTML in a static place.
Also not a good idea, a UA may use a not fully up to date version of the
html page, causing the download to fail.
This
will reward people linking to HTML and will cause broken links to those
who use the exe-link. However you can have a fallback by using a nice
document-not-found message which leads straight to the exe...


That would defeat the purpose no?

--
Spartanicus
Jul 20 '05 #12

P: n/a
CJM wrote:
I should imagine you could hide your binary in an area that is publicly
accessible, and stream the binary from your download page. I know how to do
this in asp, but I'm sure it's equally possible in the scripting language of
your choice.


I presume you mean "...area that is *not* publicly accessible..."

It's certainly possible in PHP, via readfile().

--
Mark.
Jul 20 '05 #13

P: n/a
On Fri, 28 May 2004, Spartanicus wrote:
"Philipp Lenssen" <in**@outer-court.com> wrote:
You might be able to use htaccess in combination with a script which
checks the referrer string.


As Pierre seems to be aware of, this is a bad thing, referrers are
optional, and spoofable.


You make a valid technical point, of course, but I think you may be
missing the key issue here. If site A creates web pages which
reference URLs from site B, contrary to the wishes of site B, with the
intention of them being used by clients from arbitrary sites X, Y,
Z..., then all that's necessary as a means of defence is for site B to
test the referer: if it is empty -or- a reference from site B, then
site B will allow the access; if it is anything else, then site B will
deny the access.

Sure, if a user at one of the sites X, Y or Z decides to block their
referer, or to spoof an appropriate one, then they can still get
access to the resource. But the real issue is for the author of site
A: he has no control over the referer headers that the users at X, Y
and Z will be sending, and therefore it will be ultimately futile for
him to try to reference these defended resources at site B from his
pages.

So, although you're right that referer-based defences cannot in
general be relied on, this is one of the special cases where it really
does work.

I'm not saying that I like it as a matter of general policy: I'd
prefer it if all web resources could be cited directly - but I
recognise that this ability has been misused (we found we were getting
tens of thousands of calls for one of our images which was being
pulled-in by a web page in Malaysia, which is the only time I've felt
strongly enough to implement this defence).

cheers
Jul 20 '05 #14

P: n/a
"Alan J. Flavell" <fl*****@ph.gla.ac.uk> wrote:
As Pierre seems to be aware of, this is a bad thing, referrers are
optional, and spoofable.


You make a valid technical point, of course, but I think you may be
missing the key issue here. If site A creates web pages which
reference URLs from site B, contrary to the wishes of site B, with the
intention of them being used by clients from arbitrary sites X, Y,
Z..., then all that's necessary as a means of defence is for site B to
test the referer: if it is empty -or- a reference from site B, then
site B will allow the access; if it is anything else, then site B will
deny the access.


Good point, although the way most would implement it is by checking that
the referrer is from their own download page, if not: deny the request.

It's fine if like you suggest a missing or empty referrer also gives
access to the resource, although that still leaves the issue that it
results in sabotaging valid links (albeit on other sites). I assume that
this drawback can be negated by directing people to a page explaining
the issue, and preferably a link to the original download page.

Problem is, when all that is implemented, there's probably no bandwidth
saved.

--
Spartanicus
Jul 20 '05 #15

P: n/a
dp

"Lee Phillips" <le*@leeHYPHENphillips.org.invalid> wrote in message
news:sl****************@lees-computer.local...
<snip>
That's all fine, but looking at my referrers I've
discovered that several people have built their own pages
where they mention the program and say something like "you can
download it here", with a direct link to the binary from my
site... <snip> ... This is just not something
I would consider doing myself, not without obtaining permission - it
strikes me as pretty closely analogous to the practice of image stealing.
It just seems odd and slightly, but I suppose unintentionally, rude.
I am interested in any opinions.
http://www.lee-phillips.org

Many people who develop free/shareware prefer to have control over what's in
the download. When you put that security fix into v99.xyz, you don't
necessarily want to wonder how many unpatched versions are downloadable. You
also don't want infected versions to start showing up.

The approach that works best for me has been to include a readme asking
people not to host the file, and listing approved download sites. I find
that people who use it and run across a download of it on an unapproved site
tend to contact me.

If bandwidth is a problem, virtually every computer technology area has a
few "top sites" that will be more than happy to host an approved download as
a traffic draw. For something like OS X, there's probably a couple of sites
that specialize in offering free/shareware.
dp
Jul 20 '05 #16

P: n/a
On Fri, 28 May 2004, dp wrote:
Many people who develop free/shareware prefer to have control over what's in
the download. When you put that security fix into v99.xyz, you don't
necessarily want to wonder how many unpatched versions are downloadable. You
also don't want infected versions to start showing up.


Right. This is the wrong place to be discussing policies for that
kind of thing, but ideally, I think you would have a number of mirror
sites (for efficiency reasons), and a crypto sum at the software's
home site (for accountability), and some convenient way to check the
one against the other.

cheers
Jul 20 '05 #17

P: n/a
"Mark Tranchant" <ma**@tranchant.plus.com> wrote in
comp.infosystems.www.authoring.html:
If you run your own server, you could force a redirect from offending
referrers, or indeed from all referrers except your own download page. A
302 redirect from the binary URL to your download page would do the job
nicely.


That might create problems when someone on your download page clicks
to download the binary!

Seriously, is there a way to do the redirect you suggest without
creating such infinite loops?

--
Stan Brown, Oak Road Systems, Cortland County, New York, USA
http://OakRoadSystems.com/
HTML 4.01 spec: http://www.w3.org/TR/html401/
validator: http://validator.w3.org/
CSS 2 spec: http://www.w3.org/TR/REC-CSS2/
2.1 changes: http://www.w3.org/TR/CSS21/changes.html
validator: http://jigsaw.w3.org/css-validator/
Jul 20 '05 #18

P: n/a
Stan Brown wrote:
"Mark Tranchant" <ma**@tranchant.plus.com> wrote in
comp.infosystems.www.authoring.html:
If you run your own server, you could force a redirect from offending
referrers, or indeed from all referrers except your own download page. A
302 redirect from the binary URL to your download page would do the job
nicely.

That might create problems when someone on your download page clicks
to download the binary!


No, because that time, the referrer will be the download page - if the
UA provides it at all. You should also let through requests with empty
referrers.
Seriously, is there a way to do the redirect you suggest without
creating such infinite loops?


As others have pointed out, this isn't ideal due to the non-robustness
of the referrer information. In my situation, I simply used Apache's URL
rewriting capabilities to rewrite requests for the image in question AND
a referrer URL of livejournal.com to another resource.

--
Mark.
Jul 20 '05 #19

P: n/a
On Thu, 27 May 2004 23:27:18 -0400, Stan Brown <th************@fastmail.fm> did write:
You can deal with this, if you have an Apache server. See
<http://apache-server.com/tutorials/ATimage-theft.html>, "Preventing
Image Theft".


Yes, I've seen these methods described, but they all require the
ability to modify the Apache configuration files, and I don't have
root permissions on my server.

Your other suggestions are excellent; thank you.
Jul 20 '05 #20

P: n/a
On Fri, 28 May 2004 08:17:13 +0100, Mark Tranchant <ma**@tranchant.plus.com> did write:
If you run your own server, you could force a redirect


I read about this method on Mark Pilgrim's site, but I'm not using
my own server for this. I wish there were a method that could be
used with user permissions, like .htaccess.
Jul 20 '05 #21

P: n/a
On Fri, 28 May 2004, Lee Phillips wrote:
On Thu, 27 May 2004 23:27:18 -0400, Stan Brown <th************@fastmail.fm> did write:
You can deal with this, if you have an Apache server. See
<http://apache-server.com/tutorials/ATimage-theft.html>, "Preventing
Image Theft".


Yes, I've seen these methods described, but they all require the
ability to modify the Apache configuration files, and I don't have
root permissions on my server.


Wrong assumption. Read the Apache manual, I'm sure you'll find that
most or all of the measures are equally applicable to the .htaccess
file.

While it's true that the server admin may have disabled or restricted
the range of facilities which you can use from the .htaccess file, I
have the impression from what you're writing that you haven't even
tried it yet. Have fun.
Jul 20 '05 #22

P: n/a
Lee Phillips wrote:
On Thu, 27 May 2004 19:25:08 GMT, C A Upsdell <cupsdell0311XXX@-> did
write:
make it easier for users when XP SP2 comes out,
which will make it harder to download executables.


Is that Windows? The binary is for Macs.


Yes, it's Windows. The poster you're replying to does not know to refer to
the Windows operating system as Windows instead of its "version number".

--
Shawn K. Quinn
Jul 20 '05 #23

P: n/a
"Lee Phillips" <le*@leeHYPHENphillips.org.invalid> wrote in
comp.infosystems.www.authoring.html:
On Fri, 28 May 2004 08:17:13 +0100, Mark Tranchant <ma**@tranchant.plus.com> did write:
If you run your own server, you could force a redirect


I read about this method on Mark Pilgrim's site, but I'm not using
my own server for this. I wish there were a method that could be
used with user permissions, like .htaccess.


Huh???

..htaccess _can_ force a redirect; I do it myself.

(NB "force" is hardly ever appropriate in a Web context, but I think
here it is. I await correction, if any.)

--
Stan Brown, Oak Road Systems, Cortland County, New York, USA
http://OakRoadSystems.com/
HTML 4.01 spec: http://www.w3.org/TR/html401/
validator: http://validator.w3.org/
CSS 2 spec: http://www.w3.org/TR/REC-CSS2/
2.1 changes: http://www.w3.org/TR/CSS21/changes.html
validator: http://jigsaw.w3.org/css-validator/
Jul 20 '05 #24

P: n/a
Stan Brown wrote:
.htaccess _can_ force a redirect; I do it myself.

(NB "force" is hardly ever appropriate in a Web context, but I think
here it is. I await correction, if any.)


Well, it causes the UA not to be able to access the resource at the
originally-requested URL and there's nothing the UA can do about it. I
guess that's force.

The UA is free to ignore the URL supplied with the 301/302 redirect and
fail the request, if it chooses.

That's just being pedantic, though.

--
Mark.
Jul 20 '05 #25

P: n/a
On Fri, 28 May 2004 19:10:25 +0100, Alan J. Flavell <fl*****@ph.gla.ac.uk> did write:
Wrong assumption. Read the Apache manual, I'm sure you'll find that
most or all of the measures are equally applicable to the .htaccess
file.

While it's true that the server admin may have disabled or restricted
the range of facilities which you can use from the .htaccess file, I
have the impression from what you're writing that you haven't even
tried it yet. Have fun.


You're quite right, I haven't, and I'm very grateful for this
information. Some quality time with the Apache manual is obviously
called for.

Jul 20 '05 #26

P: n/a
I want to thank everyone who responded. Nobody who did defended the
linking practice; all thought there was something wrong with it.
I think I shall implement the suggestion to change the URL of the
binary now and then and link the previous URLs to an invitation
to visit the appropriate page. This is simple to do and would seem
to be foolproof.
Jul 20 '05 #27

P: n/a
Mark Tranchant wrote:
The UA is free to ignore the URL supplied with the 301/302 redirect and
fail the request, if it chooses.


Wouldn't that be in violation of the protocol?

--
Brian (remove ".invalid" to email me)

Jul 20 '05 #28

This discussion thread is closed

Replies have been disabled for this discussion.