CNN plug-in: Immoral, dangerous software

By Phil Elmore

It may sound like a monster from a deep-sea horror movie. It might read like the villainous organization from a spy thriller. Octoshape, however, is neither. It is, instead, a genuinely dangerous reality compared to these harmless fictions. It is nothing less than a means by which your computer may be used by other computers, against your will and without your knowledge, to do whatever the authors of the Octoshape software would like that PC to do.

For several months know, it has been known that CNN’s website was prompting users to download the Octoshape plug-in. This is peer-to-peer (p2p) software that CNN says it is “using to deliver higher quality video.” The reality is that Octoshape is a security risk. That risk is not found in the software’s misuse; it is inherent, implicit and integral to what the software does.

Octoshape is, for that matter, closed-source software, meaning that you, the user, and even those software professionals who might understand the source code behind that software if they had access to it, have no way of knowing exactly how the software does what it does. The only people who know that are the folks who wrote Octoshape, and they’re not telling.

According to Christina Tynan-Wood, writing at Infoworld, she installed the Octoshape plug-in without reading the end-user license agreement (EULA). Just what does Octoshape’s EULA say?

You hereby acknowledge that the Software utilizes a grid streaming technology. With grid streaming technology, parts of the video and audio stream you watch may be delivered to your personal computer system via the personal computer systems of other end users of the Software, and the personal computer system on which you install the Software may also be used to deliver parts of the video and audio stream to other end users of the Software.

Accordingly, you hereby grant permission for Octoshape and other end users of the Software to utilize and share the processor and bandwidth of your personal computer system for the limited purpose of facilitating the communication between you and other end users of the Software, including Octoshape.

As Ms. Tynan-Wood’s column emphasizes, Octoshape is peer-to-peer software. The Screen Actors Guild’s “New Media Glossary” cheerfully defines a peer-to-peer system as “a group of methods for more efficiently delivering content to a consumer over the Internet. These systems make it possible for pieces of content to be simultaneously delivered from more than one distributor.” More technically, peer-to-peer “describes a mode of communication between two computers in which the same protocol is used to communicate and perform approximately the same function for their respective computers. In peer-to-peer communication, each computer has equivalent capabilities and responsibilities.”

Just what does this mean? It means, first of all, that CNN’s use of the Octoshape plug-in is shifting the cost of the bandwidth used from it, the provider, to you, the consumers. In the network of networks that is the Internet, bandwidth is everything. It costs money to transmit data, you see, and the increased use of networks to transmit an ever-larger ocean of data has prompted many business entities to try to stem the tide. It was concern over the cost of transferring bandwidth that drove a scheme by Time Warner to meter and cap users’ consumption of it. Octoshape makes it possible for every computer running the software to, in turn, deliver content to other computers in the network. This makes delivery of that content more efficient and spreads the cost around — regardless of whether you, the user, like the idea or are even aware of it.

The dangers of using peer-to-peer systems don’t stop there. Spyware, malware and adware are easily transmitted to your computer using peer-to-peer systems. It’s also very easy for hackers to use a peer-to-peer network to steal personal data from your PC. More critically, your PC, used in such a network, could conceivably be used as a supernode. This means your computer has been assigned, arbitrarily, to act as a network hub, sucking your machine’s disk space, bandwidth and processing power, overloading it with excessive data while further exposing it to the malicious actions of hackers around the world.

But wait, the scary implications of the Octoshape software and, more specifically, its EULA don’t stop there.

Octoshape may, in its sole discretion, modify or discontinue or suspend your right to use any of the Software at any time. … Octoshape reserves the right to remotely provide updates or upgrades to the Software installed on your computer. … Octoshape reserves the right to modify the terms and conditions of this Agreement in its sole discretion at any time by posting a revised version of this Agreement at http://www.octoshape.com or otherwise making it available for your review. … Your continued use of the Software after the revised version is made available constitutes your agreement to the revision.

In other words, after you’ve blithely downloaded a plug-in that shares your computer’s Internet connection and processing power with other, unknown computers, Octoshape might choose to alter just what it’s doing, how it’s doing it, or the extent to which it is using your computer, remotely updating the software on your machine to change it, and they’re not going to tell you. Oh, they’ll make a revision to the license agreement available on their website, sure – but when was the last time you actually read all of the details of any software agreement, much less reviewed revisions to the licensing agreements of every plug-in you’re running on your Internet browser? How many Americans simply click “OK” and wait impatiently for various software updates to run, trusting the source and thus assuming that there is no danger?

That is the real problem here. Hundreds of thousands of consumers trust CNN (despite the network’s history of egregious leftist bias, which is so pervasive that it comprises numerous acts of journalistic malfeasance). A complacent user who downloads such software is being abused by the source of that download. Using peer-to-peer software in this context is morally reprehensible, professionally irresponsible and technologically very dangerous.

Phil Elmore

Phil Elmore is a freelance reporter, author, technical writer, voice actor and the owner of Samurai Press. Visit him online at www.philelmore.com. Read more of Phil Elmore's articles here.