MySpace Private Pictures Leak

Martin writes "We all heard about the MySpace vulnerability that allowed everyone to access pictures that have been set to private at MySpace. That vulnerability got closed down pretty fast. Unfortunately though (for MySpace) someone did use an automated script to run over 44,000 profiles that downloaded all private pictures which resulted in a 17 Gigabyte zip file with more than 560,000 pictures. The zip file is now showing up on popular torrent sites across the net."

Legality of downloading this?

[Anonymous Coward]

Who owns the copyright to all those pictures? Myspace or the individual users? And can they come after anyone downloading this?

I want to grab it myself actually. I'm being serious when I say it's to check to see if anyone I know might need to be concerned some of their pictures are now in the wild. I just know some of them are stupid enough to put up stuff they should not have.

Re:Trap!

[Firehed]

I know the legal answer is yes, but should it really count if they take and post the pics themselves?

Re:Trap!

[Anonymous Coward]

From what I have seen, who actually took the photo isn't the problem. It is the actual possession of the photo that is the problem.
Can't find article (actually can find some references, but can't find actual article, hey found a Register [theregister.co.uk] reference) of a 15 year old who took photos of self, then posted them, and got charged with child porn. That person got charged with both possession of child porn, as well as distribution of child porn.

So in this case, person who took photo, myspace, seeders and lechers all would have problems (possession or at the very least distribution for every one except maybe some jerk lechers).

Re:Solution:

[mstahl]

Really? I think it just shows that MySpace is not (nor is it intended to be) a high security repository.

With underage kids able to post whatever photos they want without moderation, it needs to be, though. If myspace can't hold their shit together with this then they're going to either have to start moderating photos somehow, start verifying ages somehow, or not allow youngin's to join at all. I doubt any of those is particularly palatable with them, but really this is just a consequence of appealing to the super-young crowd anyway. It's become a haven for all manner of shadiness.

Re:Trap!

[MBGMorden]

Ironic. It's little known that parents are explicitly allowed to have nude photos of their kids as long as they are obviously not being abused and the pictures are not distributed. It keeps all the parents with the pictures of babies in the bathtub from going to jail. Kinda stupid that your parent can have a picture of you naked but this girl gets charged with child porn charges for having pictures of HERSELF.

Re:Dueling compression algorithms

[syukton]

Those multiple .RAR files most likely originated on Usenet [wikipedia.org], where corruption-resistance is very important (indeed, the .RAR files are often accompanied by .PAR parity files as well).

The .torrent was probably just created from a usenet download, omitting the .PAR files (which are unnecessary when using Bittorrent).

Re:Static Content Server

[Bri3D]

Yes. This is how MySpace, Facebook, Photobucket, etc. are designed. It'd be very database-intensive and difficult to handle sessions/permissions every single time someone requested a static image.
It's not a big deal in the case of MySpace and Facebook; the images are randomly-enough named that I don't think anyone's figured out the scheme (if there is one). Basically all it does is let you and your friend trade images of people one of you already knows, which isn't too bad considering that anyone who posts images anywhere on the internet with any expectation of privacy is pretty silly to start with.
However, in Photobucket (which is insecure in general; they still store plaintext passwords amongst other issues), which doesn't rename uploaded images, it results in an amusing hobby called "fuskering" where common image sequences (i.e DCIMxxxx.JPG, etc.) can be sequentially requested from a user's account until one matches.

Re:Trap!

[aminorex]

Do you mean that Rupert Murdock is distributing c.p.?

Re:Trap!

[Anonymous Coward]

"Child pornography" is generally considered bad because in order to make it, you have to have a minor in front of your camera who's posing erotically or having sex. Since the law presumes that minors are incapable of knowing whether or not they want to pose erotically or have sex, this means that producing these photos or videos involves an act that's equivalent to rape: putting a minor in that situation without her (legally recognized) consent.

Except that "child pornography" definitions do not correspond with ages of consent. Thus you have the really daft situation where people can consent to sex (in some cases with anyone of any age) but any photographs/videos of their perfectly legal activities are illegal.