Orange claims that problems with the €2 ($2.47 USD) service to “reinforce your protection against illegal downloading have been fixed, but critics point out that “security is a whole process, not a product.”
Last September France sadly joined a growing list of countries that have given authorities the power to disconnect illegal file-sharers from the Internet. Ever since then the people there have had to face the stark reality that a “three-strikes” regime will eventually be implemented (it’s currently on procedural hold), and the ISP Orange has stepped forward to try and give them peace of mind by offering a tool to “reinforce” their “protection against illegal downloading for €2 ($2.47 USD) p/mo.
The only problem is that the program contained – Orange claims the problem was recently fixed – a glaring security hole that made all of the IP addresses using the service publicly available. It also listed the ones of people who had simply purchased and activated it as well.
“We knew that the soft security HADOPI would be a good time rock and roll, well, here it is! The IP of its clients are available on the Net,” writes Bluetouff on his blog.
“The software offered for sale by Orange is supposed to protect you from the use of software that could earn you the wrath of the HADOPI. In short, you pay 2 euros for not having the right to use P2P software, even if what you want to download is legal,” he continues. “But here, the climax is the establishment. The software communicates with a remote server, a java servlet actually located on the IP 195.146.235.67. All transmitted clear, and everything is PUBLIC … even IP customers who purchased this app and activated it, such as simple IP addresses of visitors to this page will also become visible.”
What’s of most concern is that this points to a disturbing development in the war against P2P. With customers now concerned about losing their Internet connection for illegal file-sharing, especially the “most vulnerable,” those least technologically proficient, their susceptible to services like this one from Orange that either expose them to unnecessary security risks or give them a false sense of protection.
It’s a new “new business bonanza that exploits people’s fears” says Bluetouff, and he’s right. ISPs, like any other capitalist-minded venture, will offer people services and products like this “Control Download” that they don’t really need, perhaps even resorting to the age old practice of using fear as an effective sales tactic.
If a person is really that nervous about accidental illegal file-sharing perhaps they ought to do what any sane person would do – monitor who uses the darn thing.
Stay tuned.
