EFF lambastes Sony over PS3 cracking suit

Let me tell you Big companies dont hate you, and they dont want to rip you off. Yes they want your money. thats business. If they rip you off, you notice and dont buy again, or you should... which destroys their company. PS If you havent noticed the download content is free when you buy the game...

i said "as far as im aware" about its position. We will have to agree to disagree, even though you argued with me then agreed in your argument. My point in finality, you cant stop hacking. Its there, doing it and showing people how to do it doesnt help in any way shape or form. Hacking into credit cards to show how easy it is to hack into them doesnt help at all. Working in banking i know how easy it is to hack etc and be defrauded. Its absorbed by the companies. They constantly evolve their security, its hacked, they evolve its hacked. If you hack it and show them how, you havent helped. You have just made the situation worse speeding up the cycle. You should be prosecuted for trying to hack. End of. If you care about it, create security. Simple. Be the one making the security, not thinking ways around it. I understand exactly how you and others who support hackers think. Its a similar mindset to stealing really from a big company, people feel there are no normal people suffering. Not understanding the loss is passed to the ordinary citizens. The pattern here is the pro hacker people have a dislike of big companies. Its the "Stick it to the man" attitude. You all feel hard done to and hurt by these companies.

@Dominicobaggio It seems like time and time again you misunderstand whatever I'm saying. 1) I'm not saying these are "a bunch of heros trying to help out by showing security issues". Far from it. They are a group of hackers that, at it's best interpretation, opened up the PS3 for the benefit of PS3 owners (not Sony, not for securing the PS3 even more, etc.). Their actions have nothing to do with improving security. I never ever said that. I said "What these hackers did, however, doesn't relate to security research at all, albeit the precedent this might set does." 2) It's a good thing if it sets a precedent that security researchers could be jailed for helping to improve security? Alright, I hope you're enjoying it next time your bank account is wide open because criminals know how to hack it yet no security researcher is permitted to investigate nor release information to the public (so that they know how insecure the credit cards are, which credit card companies hate). 3) I'm am NOT saying it's alright to release security issues to the world. Have you even read what I posted? What does "I agree hackers doing it for the sake of security should first tell the companies of the vulnerability and wait a reasonable amount of time before revealing it to the public (in case the company doesn't want to fix it, so that the public knows to fend for themselves, and also force the company to fix it)" tell you? That I'm saying it's alright to release everything wide open to the public first? I know completely stopping hacking is impossible, but that doesn't mean you should stop in securing your systems even more, or are you content with not even having the most minimal of defenses against the simplest of bugs and exploits (like being able to bypass the PIN request through a mere combination of keys pressed)? Trying to hack systems and then immediately telling the companies about the problems in their security has been the driving force in raising security standards until now. You would rather this stop and just implement gullible, vulnerable and weak security in our systems? Just because you make security research illegal will only stop those that help improve systems, while criminals will continue as they do now. Is that what you want? Also, let me break it to you: there is no such thing as secure algorithms. Anything on this world can be broken. What matters, though, is how quickly you can break it. Anything can be broken with a [url=http://en.wikipedia.org/wiki/Brute_force_attack]brute force attack[/url], however that can take centuries at the current processing power we have. In other words, our security algorithms are just fine right now. The problem, however, is how we implement them and how it all interconnects, because the complexity is huge, and this is exactly where hackers help. Figuring out new secure algorithms doesn't help at all when the ATM can just be made to bypass the PIN request, for example. Oh yeah, and figuring out new secure algorithms also implies a current understanding of today's algorithms, done through security research, which you would have made it illegal, btw. Hackers don't care about security? You know, there are 3 different types of hackers out there: [url=http://en.wikipedia.org/wiki/White_hat_%28computer_security%29]white hats[/url], [url=http://en.wikipedia.org/wiki/Black_hat]black hats[/url] and [url=http://en.wikipedia.org/wiki/Grey_hat]gray hats[/url]. Obviously, you know nothing of this and think prejudicial that all hackers are there to do evil (black hats). 4) No, what I'm talking about is the equivalent of trying to break into my house by seeing if I can bypass the alarm and security measures installed, then telling the alarm company that their alarm isn't working in those circumstances. If the alarm company doesn't do anything in like a year, then I publish the information online so that the public knows how insecure it is and force the company to rectify it, as the thieves are bound to know what I already know (if not now, then in the near future). That's if you're referring to security research. If you were referring to what Hotz and fail0verflow did (which is not security research), then it's hacking into my alarm to be able to make it do what I want, like for example set it to auto-activate at certain hours, and then informing others how they can do the same, thereby enabling the public to do what they want with their alarm. It's our own choice if you want to hack it or not, and Hotz or others can't access it by force. 5) So, as I take it, you're saying [url=http://arstechnica.com/gaming/news/2011/01/sony-granted-temporary-restraining-order-against-ps3-hacker-george-hotz.ars]California isn't in the US[/url]? Seriously, where do you get your info? And it doesn't matter where you are, the US pretty much makes up a lot of the "market" for security research. If it's illegal in the US, then it's illegal in the most prominent market out there, so security research will plummet and you WILL feel the effects of this (like being infected more often with unknown viruses and through unknown exploits, your credit card number being stolen more often, your identity being stolen, etc.). You'd be a fool to think that what happens in one corner of the world doesn't affect everyone outside. Basically anything in this universe has ramifications for everything in this universe. Just so you know, I'm not from the US, UK nor Canada, but that doesn't mean I don't have to care about what happens there, as these will effect me in the end, whether I know it or not. Conclusion: You've basically managed to misunderstand, misinterpret and/or skew basically everything I said, and even to say blatantly false stuff (like this not being in the US). You also don't have a clue about anything you're saying. Also, way to go avoiding all my other arguments (or avoiding to recognize your fault), which were backed up with articles as well. I don't know what you're smoking, but I want some.

@cloud737 i understand what you are saying but disagree on so many levels. For a start it has nothing to do with this case in any way shape or form. This is not a bunch of heros trying to help out by showing security issues. Second, yes if it does set a precedent and make people who are "testing" security have to pay for what they do with money or time in jail its another good thing. I dont see how you can think its valid to show up security issues by realeasing security issues to the world?!?!? Working in the financial industry i can tell you its impossible to stop fraud and hacking etc. Its just firefighting. It costs millions, showing others how to do it isnt helping. Figuring out new ways to hack it isnt helping. Why dont these hackers spend time finding out new secure algorithms? Sell them to companies and get rich? Becuase they dont care about security. What you are saying is the equivalent of me breaking into your house, stealing your car, telling 5 of my friends how your alarm at home isnt connected to the police so they can break in too. Then saying, well its your fault for not having a police response alarm. Doesnt make sense. Finally as far as im aware this isnt a US court case so wont follow that law you said about. N even if it is im in the UK and we wouldnt use any laws you made up as a result of this case. So for me there are no ramifications to my freedom.

@Xdz89: Terms of service (commonly abbreviated as ToS or TOS)[1] are rules which one must agree to abide by in order to use a service. Unless in violation of consumer protection laws, such terms are usually legally binding. It's from wikipedia so I dunno but still. http://en.wikipedia.org/wiki/Terms_of_service

@ maxwell97 You seem to be completely confused in your own logic and besides your comment is based on inaccurate fatcs. First of all I don't need to jailbreak a console to smash it in someone's face, i.e a pupil. My opinion is based on the fact that when you purchase an article it becomes your property. It's quite ironic that the DMCA recognizes explicitely the right to jailbreak a phone so when you mention the DRM rights you get deeper into an absence of logic . Hotz did not commit piracy and Sony themselves say: " [this] could open the door for the "use or playing of illegal copies of PlayStation 3 video games on the PS3 system." In that respect I am not aware of Sony being the owner of each and every game editor and therefore they cannot complain about facts that in their own words could be detrimental to other parties. Hotz was very clear in saying that his software does not give the ability to play pirated games. Finally the court made an injonction to Hotz. This does not by nature mean that what he did was illegal. They just asked him not to do it. If you don't see the fundamental difference that lies between a restraining order an a conviction then you should not even consider talking about the law.

All the things you mentioned fall under the category of public nuisance. How is accessing your own computer in a way the manufacturer doesn't like a public nuisance? The computer fraud act has criminal penalties. It's patently absurd for a company to claim it's a crime to violate their terms of use and it has been rejected by courts several times.

@jm3811: Hmm, so, if you own something, you can do whatever you want with it? Let's expand that logic: I own a bottle of beer, so I can open it and drive around with it in my car's cupholder. I own a gun, so I can put it on my hip and carry it into a school. I own cigarettes, so I can smoke them in a bar. I own a motorcycle, so I can ride it down the shoulder of the freeway at 100mph. Obviously, there are LAWS against these things. The laws may be flawed, but they exist to restrict one person's ability to violate the rights of another. The same is true of the law against cracking DRM systems, a law which these folks broke. The DMCA, flawed though it is, exists to protect the rights of content creators to control the content they create. Like with any law, you can choose to break it, but there may be consequences, as this Hotz idiot is learning.

Sony are wrong and the EFF explains why. You buy a console, it's yours and you do what you want to do with it. That may sound shocking to most lobotomized gamers but if these same people were told that Windows forbids access to porn they would be the first to break such rules. Now I wonder why I don't sue all the companies who keep releasing games with so many bugs.

@method115 im not talking about sony im talking about a person changing my experience because they feel the need to hack and i do want a company to be able to tell a little brat that he cant become an invincible aimboter to ruin my online experience because its not like i just spent $60 or anything to enjoy the game so i dont know what your comment accomplishes

Go Sony, these guys publishing the codes has just resulted in tons of hackers in Modern Warfare 2, I want to play my games without someone on the other team using an aimbot.

Corporations are the ones that give you employment when you have it and theres a bunch of US workers at IBM's Fishkill New York fab making CellBE chips for PS3. A bunch of USA based game devs who make games for all console platforms and they bust their asses making these game and learning how to program advanced code programing to make PS3 games, if Sony cannot brick consoles don't complain when all of a sudden you are only getting games from Microsoft.

Eff off EFF... I'm backing Sony on this one, and I'm usually anti coorporation.

Sony is being quite heavy handed

Sure Sony is taking an extremely aggressive course of action but I have to say I back them all the way. Maybe it's just me but I don't want people screwing with the game and making it hard to play a fair game. Sure it's fun modding games on the PC but when people using modding to cheat and that garbage it gets real old. So feel free to stand wherever you want on this one but I'll stand behind having hack free games.

It wouldn't be much of a deal for me if they didn't interfere with my online experiences. COD games are near impossible to play besides Black Ops for now.

@GOR_TAK: Sorry, the courts don't agree. It's legal to make a backup of your material; but if the content is protected by DRM, the method for doing so is illegal. Yeah, it sucks, but stealing copyrighted material IS harming someone, and the law is written to prevent that (and, incidentally, the US is bound by international treaty to have such a law). Your right to do what you want with your hardware does not trump the rights of content providers to protect their property.

DMCA ensures the consumer the right to backup their media. But corporations try to take our right away through elaborate secrutiy measures. Bottem line. Once we buy a product we can do whatever the hell we want with it as long as it doesn't physically harm anyone. Sorry corporations. Your right to copyright protection does not trump my right to back up my media and use my devices as I see fit.

@method115: You can do what you want with your hardware, as long as you don't violate the law. The Digital Millenium Copyright Act "criminalizes production and dissemination of technology, devices, or services intended to circumvent measures (commonly known as digital rights management or DRM) that control access to copyrighted works. It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself." [from Wikipedia] Flawed though it may be, the DMCA (or its analogue outside the US) is the law of the land, and it exists for a good reason - the protection of intellectual property. So, if you don't like legal restrictions on what you can do with your console, you have the option of not buying the console. Deal with it.

@method115 The point is this is being used for piracy. That's why the PS3 was hacked. The people who hacked it should've never released the keys on the Internet. This potentially has massive financial repercussions for Sony and all the publishers who make games for the PS3. I agree, you should be able to do what you like with something you buy. However, you and I both know that you (if you use the hack) and most other PS3 owners wouldn't have been able to hack the PS3 by themselves. You're just using something that someone else discovered. Unfortunately, most of the people who use this hack will use it for piracy. The people who discovered the hack knew that it could be used for piracy and that's why the should've used a bit of self-control and not released it to the public.

@MW2ismygame I think the EFF is saying it's my console I can do what I want with it. Maybe your ok with companies telling you what to do with the things you buy (or your parents) but I'm not. In fact I wont be told what to do with my things. What you don't understand about things like this is it can lead to companies controlling more and more of the products you buy.

I think Sony is more concerned with enabling the PS3 to run pirated games than anything else, but this suit still doesn't sit right with me.

sony puts a lot of money in advertising not games. ps move? look at what is does and how it looks? nintendo wii controller with wireless nunchuck. nothing sony does is amazing they just sell it hard.

Sony is one of the most fundamentally vile company's in gaming today. Even the PS1 was only developed as an act of vengeance against Nintendo for breaking a contract to use their CD roms. Screw their precious investment! Sony's not a mega corporation because they play nice.

so the EFF is going to say that 1) its perfectly fine to hack the console so that the games that i pay for will be filled with hacking brats so i dont want to play anymore 2)that there is no difference between asking and not asking sonys permission to test its security there is no way i support the EFFeenn rights group i hope sony rips hotz a new one and shuts up the EFFeenn EFF and also for crowning hotz as a "security reasearcher" EFF can kiss my @**

Sony puts a lot of money into games and if those games dont sell because of piracy, Sony will put less money into it. What Im trying to say is that piracy destroys games because if people pirate them, sales will be low and sony will not put money into that particular game series. That means it could be the end of games like Killzone, Infamous and Uncharted. Online games will be finished as well because it will be open to hacking. Currently, Modern Warfare 2 PS3 version is having a hacker problem. So why anyone would support pirates is beyond me.

The argument of "Sony wants to protect their investment" makes about as much sense as trying to protect a sandcastle you've built on the beach from a Tsunami.

when you you buy a computer, it is yours, of course. but a console is not just a computer. sony provides a service with psn, therefore, they have something to say about what you do with their product, and how you use it. personally, i think these guys screwed ps3... i hope sony can get out of this mess laughing

What I find odd with GeoHot and other 'security researchers', according to the EFF anyway, is that they don't do this for security reasons as they hack any and every system and rather than give this data to Sony and let them solve the issue then prove they had done it (since apparently proving it matters so much to them) they instead chuck it to everyone else who subsequently uses the equivalent of a trojan horse to do whatever there desire is. Some claim they want homebrew which is fair, but to put it on the internet is completely irresponsible because there are plenty more hackers and pirates than homebrewers (example being just the single most popular star craft 2 torrent had over 3 million downloads and there was obviously more torrents for that game and many more games) and the damage caused by hacking and pirating is far worse than the pro's of homebrew. Not to mention home brew is available already on PC so why they need to hack the PS3 at all just again reinforces the idea they have to do it on every system out of some odd obsession. Seriously you can do homebrew on PC, stop messing up consoles with what is the equivelant of a trojan horse that will open up the console to the malware (online cheating on MP games via scripts, trophy cheats, piracy and other stuff). I'd trust the EFF more if they backed responsible researchers who help these companies rather than just chuck the trojan horse into the wild and take no responsibility.

It's this defiant and arrogant attitude that hackers like Hotz have that cause all these viruses and trojans to be made. They're so eager to prove something and they claim it's in the name of research to wash their dirty hands.

I've been looking it up and the closest that I can find to an actual response from the Air Force is their concern that, as the PS3s break, they won't be able to replace them because all the new PS3s will have the firmware updates. Even then, the responses are all "unnamed sources" with the USAF. (One would think that the USAF could fix it or just contract with Sony for the service.)

@Xdz89: Possibly, they were updating them to stay on the latest FW, but perhaps not. It would make sense at any other time to keep your console(s) up to date with the latest and best FW, they usually add features not drop them. this would not explain why they would HAVE to update, but to keep a machine running at optimal performance you usually want updates. Normally, that would be a good point but, if they were using it as an operating cluster, you generally don't need to update the firmware unless you're replacing the hardware frequently. Also, if they were using them as operating clusters, chances are they're running something that is incompatible with the PSN anyway. (Looking up the articles that initially reported this, it was said to be a proprietary LINUX-based system so it almost certainly wasn't compatible with the PSN update anyway.) So that brings me back to "Why would the military need it?" For that matter, the techs in the military are held responsible for how they're updating the item. Even if they somehow missed all the news that the update was going to pull the Other OS, it was right there in big letters at the beginning of the EULA. Even if they still missed that, the military depends on redundancy in their computing so they wouldn't have updated all of them at the same time. I don't know what the size of their blocks were but, while updating the second block of PS3s, someone would have had to notice "Hey, it isn't running Linux anymore."

@TevoxZi Okay, good. Let's do that.

Continued from previous post... @ Ravenloud: Today's hack is the result of GeoHotz attempt to bring back OtherOS alongside the FailOverFlow group. Their only intention is to bring homebrew apps and customization options. Sure hacks will be exploited by pirates eventually. But, to group hackers and pirates together is unfair. Hackers learn and teach how to get the most out of your hardware, while pirates learn and teach how to steal software. To a consumer with no interst in either, it may appear to be the same, but by definition, you can see there's a clear difference between the two. When I said that SCE is not above the law, I was referring to their EULA and their enforcement of it. SCE certainly has a legal right to ban a hacker from access to PSN after seeing a hack has circumvented the system. However, they have no legal ground to press charges for hacking hardware you bought and paid for. The industry learns from these hacks. Just take a look at the Kinect hacks and Microsoft's reaction to it. I'm sure it won't be long before we're controlling our computers with Kinects thanks to those hackers ;)

@ Ravenloud: Firstly, remarks to belittle me or others is a bit out of line, and I would prefer you keep our discussion civil. With that being said, let me get straight to the point. I am a BIG supporter of SCE and a Sony product enthusiast. However, I am also not afraid to admit something wrong has been done. The ORIGINAL hack by George Hotz was announced prior to completion and SCE reacted by removing OtherOS capability in a firmware update released April, 1st 2010. The hack was a bypass of the Hypervisor which allowed Linux users to gain access to the GameOS via Linux allowing users to customize the XMB and add applications to their liking. It also allowed access to the RSX chip as a result, which permitted Linux users to get more graphical power in their alternate operating system. If you want to learn more about the first hack... http://www.eurogamer.net/articles/digitalfoundry-geohot-ps3-update-blog-entry You can plainly see the route SCE chose to take. I can no longer refer you to GeoHotz blog to prove how many people started to visit his blog AFTER OtherOS was removed because he has taken his blog private after all this transpired. But, GeoHotz reported an incredible surge of traffic in his blog after the removal of OtherOS. Many of whom became new hackers on the scene or outraged customers that wanted to try and figure out how to get OtherOS back. ... to be coninued...

why on earth would Hotz publish his findings online??? thats just stupid! i'd keep all the knowledge to myself!

Sony does have a right to protect their investment. There shouldn't be a general rule that gives product manufacturers the right to tell people what they can/can't due with their purchased property. Instead, there should be a clause of some sorts that says in the case that a hack breaks a system to the point that all points of revenue (in this case the software/games) can be easily circumvented to run illegal software cannot be allowed. Or maybe when these manufactures make a system, they should just leave a part of the system open for hackers to play with so their not forced to release the ONLY security key on the system that can't be changed. Sony can lose a LOT of money on this as well as support from publishing parties. If PlayStation becomes a piracy playground (ala Dreamcast) then PlayStation goes the way of the Dreamcast... and that's not a good thing. This is a complicated grey area where their walking a thin line between protecting intellectual properties and intervening with people's rights.

How about they have a right to protect their investment. I keep seeing the same thing over and over again; "why won't Sony be swell guys?". If you poured a BILLION dollars into your busniess, you'd want to protect it too. It's naive to think otherwise. Gamers have deluded themselves into believing that the industry exists in a vacuum, well guess what? It doesn't. Just because you like it, does not make it exempt from the rules that any other business follows.

[This message was deleted at the request of a moderator or administrator]

I've already seen 2 people on my friends list running homebrew applications that I've never heard of... I don't know if this has anything to do with it, but if it does, then piracy might actually be a problem for Sony real soon...

@choasgod @warhawk-geeby The law contains an exclusion for reverse engineering where it is done to make a system interoperable with other systems. Look at Title 17, chapter 12, § 1201, paragraph f of US code.

@thepyrethatburn @TevoxZi I can't find the story right now(this could be from the story being a fabrication) but I do remember reading somewhere that it affected them. Possibly, they were updating them to stay on the latest FW, but perhaps not. It would make sense at any other time to keep your console(s) up to date with the latest and best FW, they usually add features not drop them. this would not explain why they would HAVE to update, but to keep a machine running at optimal performance you usually want updates. @Kabaro ToS/ToU are not legally binding contracts.

Bull. A load of men in suits talking complete nonsense out of their arse. It's about time they all saw the bigger picture. To you guys saying that "They haven't done the piracy so it isn't a crime" that's just plain arrogant. They've opened the door to piracy, and that should be enough. You should support the gaming industry, not the idiots trying to prove something.

If Sony doesn't win, all those that play for games loose. Cost of games will go up as many people will simply pirate the game with an open system format. Or the quality of game will go down as developers will stay away from the system as all that is needed to "hack" the system is a small program on a USB key. I'm all for doing what you want with the products you own, as long as others are not injured in the process, but people will be laid off their jobs over time as PS3 games simply won't make as much money. Thank you Mr. Hotz.

I would give my support to Hotz and the fail0verflow team. Fight against the corporate giant Sony.

What a load of crap. The EFF are trying to make it look like these hackers are security researchers. They hacked the PS3 so they and the rest of the world could pirate games. Simple as that.

@Kabaro It's just like that...only totally the opposite. Actually, I don't think you could have been more wrong. The reason pirating games is illegal has NOTHING to do with Terms of Use and EVERYTHING to do with copyright infringement. I strongly suggest you learn the difference.

Sony doesn't own the console I bought, even if they have full control of the software. That fact alone shows that what Hotz and crew did is not illegal, especially if they did not enable pirating. If others took advantage of his program to begin piracy, then they are responsible, but since hotz did not and failoverfl0w did not, Sony cannot win.

@tachsniper it's called terms of service/terms of use. like when you buy a video game you can just put the game in and never have to check off a box that you agree with anything, but you did actually agree to NOT pirate the game when you bought it. Samething for books and magazines and w/e else. By buying the Playstation you have already agreed to the terms of use/service. Now if Sony is complaining about something that is not in the ToS or ToU then they have no foot to stand on but if it is already in the ToS or ToU then you can't crack it. It's like when you open your console up, that voids the warranty. You never signed a warranty but you agreed to it when you bought it. Open the console and you violate it. It's the same principle here.

Its worth noting that while consumers own the physical hardware you only buy a license to use the software. Its just like if you tried to reverse engineer windows - thats illegal, so why shouldn't reverse engineering GAME OS be illegal ? Just because Geohot claims that he wasn't trying to promote piracy by creating custom firmware with the sole 'homebrew' feature being the ability to pirate game....