Further examples of Copyright Infringement by Menshn

Following on from my earlier article on Copyright Infringement by Menshn and a find on Menshn co-founder Luke Bozier’s personal web site, I found a few more copyrighted images that Menshn are using without proper attribution.

When you create an account on Menshn, you get randomly assigned a profile picture from their library of, supposedly, Creative Commons images. Except, Menshn’s view of Creative Commons appears to amount to “I found it on the Internet so it must be OK”.

Here’s one of Eleanor Roosevelt, original image is owned by “onecle” with a license of “Attribution, Share-alike”. Menshn has no Attribution.

 

Here is another one of a cast of Susan B. Anthony, original image owned by “cliff1066TM”, again with an Attribution license.

Menshn’s other co-founder, Louise Mensch has at least taken some interest in my articles – so I expect they will be gone* soon.  (*rather replaced, because if they are deleted, many individuals are going to have a broken profile picture).

Now taking bets on how long it’ll take before I get bored of all this. (#joke, lest I fall foul of some gambling law somewhere)

 

First rule of Menshn is talk about Menshn, unless you are on Menshn.

  1. The first rule of menshn is you do talk about menshn. Please feel free to invite your friends, spread the word, and post about us on Facebook and Twitter.   (c) Menshn, Screenshot below:

Yet, if you do talk about Menshn within Menshn – you will get banned.

Yes, I got banned. I talked about Menshn in the Menshnabout room (and before that existed, the politics ones).

Here is Menshn co-founder admitting this (because all I ever posted in Menshn were messages about Menshn, mostly critical, or pointing out that they were committing Copyright Infringement offences).

 

Edit: Found a cool plugin that lets me import tweets as comments, so I have pulled in the relevant conversations from twitter. Louise did not post what you see below, I used the plugin to pull them in.

Let’s use Wikipedia’s page on Censorship, which defined it thus:

Censorship is the suppression of speech or other public communication which may be considered objectionable, harmful, sensitive, or inconvenient as determined by a government, media outlet, or other controlling body.

In this case, the controlling body is Menshn, or to be more precise, its co-founders and staff. The speech or public communication is criticism of Menshn. Menshn admits it will block this speech. Therefore, Menshn engages in censorship. Q.E.D.

Now, would any reasonable person be able to say Censorship does not exist on Menshn? I believe the evidence speaks for itself and the evidence is damning.

 

Why Menshn will fail

One of the driving factors of social media is the human need to be heard. The belief that somewhere, out there, someone is not just interested in what you say, but more fundamentally, has the ability to hear (or see) what you say (and write).

When the Social Media platform fails in that most fundamental of principles then you have to wonder about its long term prospects for survival.

I created several different accounts on Menshn, using different browsers and networks to simulate how multiple individuals would interact. (note that the rules do not prohibit this)

One thing stood out above all others – any posts by these accounts in any “room” or topic, does not appear in that room. Even when I wait hours, none of the posts appeared visible to the other accounts watching that room.  The posts are visible to the account who posted the message – just not anyone else. That, my friends, reduces the confidence in the service and as others begin to realise the futility of their efforts will result in the demise of the network.

When you lose the trust of the public, the network is doomed.

Abiding by the first rule of Menshn, please spread this article. 🙂

The first rule of menshn is you do talk about menshn. Please feel free to invite your friends, spread the word, and post about us on Facebook and Twitter.

 Final note: I did not, and do not, engage in any unauthorised intrusion attempts to collect any information in my research. All research is purely from observations that could be made by any individual.

Blog change to WordPress

Well, I thought after calling out Menshn for security flaws, I ought to check if my Movable Type was up to date. It wasn’t and one of the changelogs suggested I should upgrade.

However, the upgrade went badly leaving me unable to login at the blog level, or anyone to comment. Admin area was fine.

My upgrade path to Movable Type 5 was blocked because they decided to remove Postgres support. So it put it into the same camp as WordPress. Conveniently there is a PG4WP “plugin” (hack) that lets (most of) WordPress work on Postgres, yay!

Cut to the chase, WP + PG4WP installed. Blog exported/imported. Comments migrated – however I lost a few comments because of a bug in the WP Import incorrectly creating SQL for some articles. Didn’t like the <span style=”color: rgb(0, 0, 187);”> one little bit.I recreated the 4 missing entries manually, but the comments from the originals refused to import.

A mod_rewrite rule to strip the .html from the old MT page urls, and things should be up and running.

 

 

 

Luke Bozier of Menshn has form on Copyright Infringement

3rd in my series of articles about Menshn.

So, today (or last night), Luke Bozier blocked me on twitter. Seems like a pointless act since anyone not logged into twitter can read all his posts anyway.  However, it did cause me to google his name and I came up with two personal web sites of his for his blog at:
Out of interest I had a click through some articles and came across an image on:
Well no, not murder, but yes Copyright Infringement.
You see the image of the Chernobyl Guard is (c) Trey Ratcliff at http://www.fotopedia.com/items/flickr-433927398 (article https://stuckincustoms.com/2007/02/02/nuclear-winter-in-chernobyl/) and all he asks for the use of the image is Attribution. However, Luke Bozier does not provide that attribution.
Screenshot of Luke’s site at the time of this article (because Luke is quite efficient at removing the images when I call him out on his law breaking).

Menshn does not censor, Allegedly.

Officially:

40-menshn-loiuse-nocensorship.jpg
However, my messages on menshn.com do not appear to be visible to others. Compare this screenshot of the same “menshnabout” topic/room.
On the left is Firefox – not logged in. On the right is Chrome – my account logged in.
42-menshn-hidden-messages-thumb-500x230-41.jpg
My message is only visible to me when logged in.
And, I checked…. Private Mode is Off.
Am I being singled out or is there a more widespread censoring going on?

Menshn and another security issue

On June 19, menshn.com launched giving me a couple of days to have a look around, but not enough time to write up any serious thoughts before going on vacation.  The site launched only in the US and visitors from the UK and elsewhere were greeted with a holding page. However, like many technically aware individuals, geographic barriers are no match to those with VPNs, VPSes or just a simple web proxy.

Initially, only three “topics” were available, a (US) Election2012 topic and one each for Obama and Romney.

Menshn has taken a bit of a battering on Twitter over, I guess, pretty much every aspect of the site imaginable.

Some don’t like the owners, one UK Conservative Member of Parliament, Louise Mensch, and a former Labour advisor Luke Bozier. However, the primary focus of much of the complaints are the web site’s numerous and shocking security flaws.

I believe I was one of the first (if not the first) to highlight the Cross Site Scripting Security flaws. Though I did not actively demonstrate (exploit) it having previously burned in this area, others such as James Coglan have demonstrated the complete lack of data validation that abounds on Menshn.

The site launched without using a SSL Certificate allowing passwords to pass in plain text – a flaw I missed – but ably spotted by Suggy and Andrew White.

Also prior to going on vacation I highlighted two examples of Copyright Infringement to both Louise and Luke. The first was the alleged unauthorised use of the Obama HOPE poster which I screen captured here:

I was completely ignored.


Then Menshn created a new topic “Women” for which they used another image of a “thoughtful woman”:

Note – screen cap of Menshn is on left; the same image I found on Elite Dating Agency site (using Google image search, honest!).  I tweeted to Luke, who responded that the image was Creative Commons. However, this I doubted as I can generally spot a professional image and eventually found the real source as a Premium Stock Image that they could have paid just $9.99 to use. The image soon disappeared from Menshn without further comment from Menshn.

Edit: Just found another image on Menshn – the image for the UKPolitics topic – that does not adhere to the Copyright owner’s license:

The original image is owned by Kevin Shakespeare with the license of “Attribution, Non-Commercial, and No Derivative Works”. Another Menshn fail.

I like to think I’ve educated them a little on Copyright law.

And finally, the straw that breaks the camels back.

Back from vacation, try to login, but of course I forgot the password and so used the “forgot my password”.  Now all normal security conscious web sites will create an encrypted, time limited, one-time use token or URL that you can use to reset your password and email that to you.

No, not Menshn. Menshn will email your actual password in plain text.

The horror. Not only does this mean your password flying through the world’s email servers (making it available to all sorts of Government interception) it also means that Menshn is storing your password inside its database using at best a two-way reversible encryption, or at worst in plain text.

Either way – it is a security disaster,  A breach of the web site means all users and all passwords are exposed in plain text (with the reversal key available from the forgot password code). Luke should read http://www.phptherightway.com/#password_hashing_with_bcrypt .

An awesome coder he is not.

Post publication edit: This article has been mentioned in Business Insider –

We Speak To The British Politician Behind The Controversial 180-Character ‘Twitter-Killer’ Menshn

 

Amusing, True Near Death Experience.

Those who know me will know that there have been two important events occurring in my life this week. 1) Tiling my kitchen, and 2) Trying to buy a HP TouchPad.

As part of tiling the kitchen, significant other wanted to replace all the standard white wall sockets with Stainless Steel ones to match the rest of the kitchen colour scheme. I was safely over half way through this task, having disconnected the socket mains supply, when a van pulled up bearing HP TouchPad goodness. Thus the next 30 minutes of my life was accounted for.

Upon returning to the kitchen tasks I came to the Cooker 40A switch. I disconnected the ring main from the switch and proceeded to move the wires so that I kept the supply and load pairs apart when BUZZZZZZ and 240 Volts of high energy goodness shot through my hand and up my arm.

Yes folks, TouchPad caused me to forget to flip the cooker ring circuit in the fuse box.

Cue me jumping back, dropping tools and collapsing to the floor in a bout of Arrrrgh.

Wife said “Stop it, you’ll scare the kids.”.

Kids run in asking what happened and wife explains that Daddy electrocuted himself.

Six year old Lauren asked “Could you see his bones?”.

Vodafone UK + HTC Desire + Android 2.2 FroYo = Fail.

Well, it looks like Vodafone UK royally messed up the timing of the HTC Desire OTA Update yesterday.  While most owners were eagerly expecting the announced Android 2.2 (FroYo) update that HTC have been pushing out, Vodafone decided to push out a 2.1-update1 which only provides Vodafone branding, apps, a few bugs, and even a couple of “adult” related bookmarks to everyone – and leaving them on Android 2.1 (Eclair).

Needless to say – Users are not happy at all. *Vodafone appears to have moved the thread here. [2010/08/06] Moved again to here (is Vodafone trying to hide the complaints?).

In work, we (coworkers and I) now have a total of 8 HTC Desires (out of 16 people) – even two iPhone users have converted! A few have been espousing the wonders of FroYo on their phone (some had rooted, and did it themselves, others had bought unbranded phones and got the stock HTC FroYo upgrade). I was jealous(ish) and wanted it myself.

Given Vodafone’s actions yesterday, it was likely that the FroYo update from Vodafone was minimum several weeks away, if not 3 months (as was intimated on the Vodafone forum – end of October) – it was also noted that the Vodafone FroYo update would include the Vodafone 360 branding and software.

Thus, last night it was time to embark on the adventure of flashing my HTC Desire to a stock image direct from HTC. I reasoned that my goal should be to flash HTC’s Android 2.1 (Eclair) image to the phone, and once there, the normal software update process should take me to 2.2.

And so it began…

I knew that I needed to create a gold card because the Vodafone image doesn’t let you install non-Vodafone images. This I discovered as I tried to simply apply a stock 2.2 download and using boot recovery update.zip – all attempts met with a complaint of a “Fingerprint error”.

I ended up at this page:
  [TUT]Complete upgrading guide(root, unroot, flashing ROM & updates)

and followed Post #3 which details a) How to make a Gold Card* . Ignore the rest of #3
and then Post #4 – the “unrooting” guide.

You then need to find a download of the correct stock HTC Bravo WWE image ROM – I chose the second WWE ROM from this link (140MB download):
  [ROM] Official HTC Desire RUU ROMS and OTA Update URLs
  RUU_Bravo_HTC_WWE_1.21.405.2_Radio_32.36.00.28U_4.06.00.02_2_release_126984_signed.exe

Proceed through the rest of Post #4 “How to Flash ROM” with the Goldcard inside your Desire, and plugged into your PC.

The phone will take 5-10 minutes to complete upgrading (or downgrading) to HTC Stock 2.1 image. When it reboots you will have to go through all the original setup sequences you did when you first unboxed your phone.

You can then perform a Software Update Check and you should find you have a Android 2.2 FroYo update (90Mb) waiting for you.  Proceed and let it do its thing.

Once done, welcome to FroYo.

All future updates will come direct from HTC – not from Vodafone, and you won’t ever have the Vodafone 360 branding rubbish foisted upon you.

* My GoldCard creation had a bit of a hiccup, in that it turns out that the 4GB Samsung card which came with my Desire does not work as a Goldcard despite formatting and following the instructions to the letter.  Trying an old 1GB Sandisk I had resulted in a good goldcard.

Aside from the goldcard hiccup – this all went surprisingly smoothly and painlessly.

Good luck.

Disclaimer: If you try any of the above – it is all your responsibility. I take no responsibility should you brick or damage your phone.

Amazon 1 – 0 Waterstones, aka this morning’s rant.

SWMBO asked me to order a book for her this morning, so being the tightwad that I am, I go hunting for the ISBN and the cheapest place to buy it.
Amazon has it for £17.24 and Waterstone’s for £18.49 (but if I order through quidco, then I receive another 8% cashback, making Waterstone’s cheaper).

Waterstone’s need me to create an account, fair enough and state “Also, please be aware that passwords are case sensitive, and must be a
minimum of seven characters long and at least one character must be
numeric.”  Again, all fairly standard.

So each time I try to enter a password which meets this criteria I’m hit with a javascript popup that claims: “Your new password must be at least 7 characters long and contain at least one digit.”

“But it is!”, I yell in frustration.

Using the Firefox “Web Developer” plugin I unhide the password boxes and see that my password doesn’t have digits… wtf!   I enter the digits again and find there is another hidden rule:

<input name="newPassword" type="password"
id="fPassword" size="40" maxlength="16" value="" />

Yes, an upper limit of 16 characters on the password.

Right ok, make a password of 16 chars or under and move on…

Add name, postcode to the next form and it finds my address ok – click continue to (I presume) proceed to the CC entry form and voila!

Well not quite.

“There has been a problem processing this request

Please use the refresh button on your browser to try again.

Thank you.”

A few refreshes later, it is apparent that Waterstone’s has no intention of working, sod it, for 20p more I can have less hassle at Amazon.

All content © Paul Gregg, 1994 - 2024
This site http://pgregg.com has been online since 5th October 2000
Previous websites live at various URLs since 1994