Open letter to IRC operators
Following contacts from several IRC operators, the following response E-mail has been sent to clarify IRSeek’s position:
–
In the past couple of days we’ve been contacted by many people, some supportive and appreciative, some surprised and concerned.
Due to the concerns of our users, we’ve decided that for the time being, until we figure out a satisfactory solution(s) to the user’s concerns, we have disabled the site.
Our bots have been designed to be non-intrusive and to only archive public channels, if we accidentally archived private or secret channels, it has been without our intent, and the content of these channels will be removed from our database. The purpose of IRSeek is to archive public chats that would be of interest to the entire Internet community.
Regarding awareness of the operators and users in the channels: we were under the impression that users in public chat-rooms are aware that their conversations are, by definition, public. Since people are allowed to go in and out of such channels, and anyone could be logging (and most likely automatically logging the conversations in their own IRC client) the channels, it will come as no surprise to users that their chats are available on the web. Also, we assume you are aware of the fact that IRSeek is not the first entity to place IRC logs on the web, and most likely not the last one to do it (ignoring the possibility that chat logs may be stored by others, and not made available to the entire community). We think that users/operators who believe that their discussions on public channels on IRC are private (except their IP, realname, fullname, nickname) are under a serious misconception, with-or-without IRSeek. With that, we read the responses of our users and realize that some are definitely concerned. Therefore, we are looking for ways to mitigate their concerns and find better ways to run our service.
It’s important to note that a lot of users contacted us and showed their support and appreciation of our service, and in many cases asked that we archive and index their channels.
At the present time, we are considering several approaches that have been suggested by users and by our advisers:
1. Do our best to anonymize the nicknames.
2. Allow channel operators to opt-out (by verifying their identity on IRC).
3. Make sure our bots only archive public channels that haven’t opted-out.
4. Make our bots detectable by nickname together with a link to our policies.
5. Better explain our policies on the website.
6. Do not index nicknames.
We would be happy to discuss this further with you and hear any suggestions you might have to making this service more acceptable to users and at the same time allowing users that are not familiar with IRC to learn about it and enjoy this wonderful knowledge base.
At the same time, we would seek the blessing of IRC operators in order to allow us to continue providing our service.
Looking forward to hear your thoughts about the matter.
Thanks,
Ariel and Eran.
B&C Advanced Solutions LTD.
December 2nd, 2007 at 12:34 pm
Instead of allowing channel operators to opt out, why not allow them to opt in? “Opt out” is the standard cry of the sleazebag marketing droid. Most of the several hundred pieces of e-mail spam I receive every day contain an opt-out link. If we want a logging bot, we will ask for it. If you wish to set up logging in our channel, perhaps you could join it and politely ask us instead of just indexing it without consulting anyone.
You are correct that these channels are de-facto public forums, but that doesn’t mean that you’re in the right. There is a large practical difference between being open to all, and being indexed and searchable on a large public web site without permission. The front of your house is also a public location. Is it also right for me to set up round-the-clock surveillance of everything you do in front of your house and publish and index it for all the world to see? Somehow I think you might object to this.
If a channel wants you to join, then they will invite you. Joining uninvited and unannounced is just a tacit admission that people would not actually want you in there if they knew what you were doing. Set up a request system, allow channel operators to opt in to your system, and I imagine you will get a fair number doing so. But not, I’m sure, nearly as many as you would have had if you had handled this properly from the start.
December 2nd, 2007 at 12:51 pm
I’m glad to see that I wasn’t the only other one who noticed this. To imply that it’s the channel operator’s responsibility to opt-out (rather than an opt-in) makes absolutely no sense under anything other than selfish reasons.
December 2nd, 2007 at 12:54 pm
There is a drop-dead simple solution to this:
Set up proper reverse-DNS so that your bots connect from hostnames like whatever.irseek.com. Then, any chanop that doesn’t want you there simply bans *!*@*.irseek.com. This can also be done at a network level, if desired.
According to Freenode, you have been using Tor, an anonymity tool. If your intention was not to be anonymous, then why were you doing so?
December 2nd, 2007 at 12:55 pm
“1. Do our best to anonymize the nicknames.”
Why not choosing an obvious and honest name like “IRSeekBot01″? This way the users could easily see that they are being recorded, which is just fair imho.
And I think mikeash is right, there should be definitely an opt-in and not an opt-out.
December 2nd, 2007 at 12:56 pm
First of all, this would be a great service. It’s unfortunate that privacy extremists have to ruin everything. An opt-in service wouldn’t work, because many people won’t know about the service. I think that properly identifying the service and creating an opt-out possibility should be enough for every open-minded operator.
December 2nd, 2007 at 1:07 pm
I have to concur with mikeash’s comment — ‘opt-out’ is a spammer trick, not a viable or ethically acceptable method for gathering data or gaining volunteers. Your goal is admirable, but your methods definitely need refinement; I would listen to the advice provided in that comment and in the blog article posted by the Freenode adminstrators.
December 2nd, 2007 at 1:22 pm
I vote for opt-in, and using bots that are not anonymous, but obviously yours. You’ve violated the TOS of hundreds of channels, and since you’ve been contacted by admins who do want your service, opt-in shouldn’t be a problem.
Opt-out is the refuge of spammers, scammers, and disrespectful people who don’t stop to consider the consequences of their actions.
December 2nd, 2007 at 1:35 pm
I do not see why people are so upset about this whole thing.
Typing in a public IRC channel is no different than going to a mall and shouting. It’s public. What you say and do will be seen and probably recorded by other people. There is no expectation of privacy.
Why is there no public outcry over bash.org? Logs there are taken from even private conversations, yet I don’t see anyone getting all upset.
If people want private conversations on IRC then they can use private messages, or create channels with keys.
Keep doing what you’re doing - there’s nothing wrong with it.
December 2nd, 2007 at 1:35 pm
Cute… the ‘community’ of irc users gets offended when this is done as a public service, whereas pretty much all irc traffic has been logged for years by private organizations.
December 2nd, 2007 at 2:01 pm
Exactly what mikeash said above. If a channel really feels the discussions taking place (help related etc) need to be archived, they should OPT-IN to the service. It should not be incumbent on every chan to instead opt-out. There should also be some provision for individual users in the chan to opt-out/opt-in to the service regardless of the overall channel policy.
December 2nd, 2007 at 2:02 pm
Further, using tor, using random nicks, users and gecos/realname fields and spoofing ctcp responses is just going to piss off the admins of the networks you connect to.
www.searchirc.com and netsplit.de are welcome members of the IRC community, and have bots connect many times a day on each network.
They play nice. Maybe you should learn from them.
December 2nd, 2007 at 2:04 pm
How about a logbot that actually identifies itself as such, instead of pretending to be a person? If you don’t run an underhanded business, don’t act like one.
December 2nd, 2007 at 2:09 pm
Oh… anonymizing the nicknames?
So you want to show the information which the people gave, but not their identity they have choosen?
Besides the fact that opt-out is the wrong way, you want to quote the users saying this, but not showing his choosen nick? Sounds like a real bad idea to me.
December 2nd, 2007 at 2:14 pm
The problem is that the index process usually rips the text (out) of the context / meaning. You can not index the context / real meaning of a conversation. So the big danger is, that conversations / indexed content can be misunderstood. Thats the biggest problem in data mining at all.
And now think about (our) governments (or stalkers etc) who increasingly try to get their hands on the buttons of the internet, its contents and the authors. Despite whether public or not, subjects are discussed in IRC channels, that might come into the focus of law enforcement….. This danger will be greater with the Data Retention act in Europe!
December 2nd, 2007 at 2:20 pm
Using TOR to hide the bots supports the opinion that you are trying to use the gained data with malicious intent. By using TOR, you are trying to bypass network policies ACTIVELY, which makes you liable.
Either the published log is your property - then YOU are liable for any damage done by publishing it or it is a derivative work from the work of the users that have been logged - and you need their agreement and consent then.
opt-out is absolutely no choice here.
I see no need to hide the bots. Give them clear and static nicks, realnames and idents and don’t hide behind TOR. That way you can gain trust from the users. Ask people wether they want to have this “service” BEFORE you add the bots to the network -> trust++.
Now you might say “But this way nobody would think of us or ask us at all”. You’ve gained a lot of publicity through slashdot now. I suggest having a submit form for users to suggest a network/channel, so you can ask the network operators / channel operators if they agree.
This might be the safest way to proceed from both legal view and user happiness for all parties.
December 2nd, 2007 at 2:39 pm
If you found out your work/school canteen had been recording conversations at each table with secret microphones since the canteen was built, although you would expect the canteen to be a public place and people just might bring in a microphone for their own reasons, wouldn’t you be outraged if your recorded conversations were made public without your consent and prior knowledge?
December 2nd, 2007 at 2:48 pm
# grey Says:
December 2nd, 2007 at 1:35 pm
Cute… the ‘community’ of irc users gets offended when this is done as a public service, whereas pretty much all irc traffic has been logged for years by private organizations.
As a community We have every right to be offended. These bots are logging our conversations without our permission, But i will make a deal with you. Let me record ALL of your phone conversations both public and private and i will not complain that you log my public and private conversations on irc.
December 2nd, 2007 at 2:54 pm
Why not just make public the hostname or even a unique user@ field used by the logging bots so that they can easily be banned from channels that don’t want them but also don’t want to set +s or +k or some other protection mode on the channel? That seems like a fairly reasonable compromise to me. Anonymizing the nicknames is probably not pointful for the most part if you’re going to log at all, but any information beyond that probably should be left out. Any channels I run that I wouldn’t want archived are set with some mode or another to prevent random individuals or random bots from seeing them - it’s called common sense. Nothing is to prevent someone with way less ethics and a bunch of proxies from doing the same thing these guys are doing, but posting IP addresses along with it, evading bans, and generally not caring about the IRC community at all as these guys clearly do.
I guess my point is why complain about some courteous and responsible people doing something when malicious individuals can and do do the same thing and much worse on IRC without regard to the feelings of the community?
December 2nd, 2007 at 2:59 pm
I support the idea for a service which logs and indexes irc channel conversations, but I’m against that it’s been done with anonymous and non-detectable bots. Name the bots so that they can be noticed, put info to their name fields and create a well defined way to either invite a bot to a channel AND to prevent any bot to log a channel, if the channel operators decides so.
December 2nd, 2007 at 3:03 pm
While there might be a valid market for a service as this, the way that IRSeek went about this was abominable. Using Tor for their bots to remain anonymous, in order to keep people unaware of their presence is an underhanded tactic. Perhaps irc users wouldn’t have been quite as offended if IRSeek was there openly instead of quietly hiding. It would have given freenode staff and channel ops a choice of whether to ban the IRSeek bots, instead of asking to opt-out AFTER the damage has already been done. A service such as this should have offered an opt-in policy instead of taking everything in their own hands.
I think that IRSeek should post a listing of the bot nicknames that have been used to record IRC activity so people can get an idea of whether their channel has been infiltrated. Makes me wonder how many channels with sppecific no unauthorised bots and no channel recording policy listed in the channel rules have been violated, as quite a few of these don’t list themselves as +s or +p.
December 2nd, 2007 at 3:27 pm
Here’s the problem. My channel is not public domain. I have operators that manage it. It’s a small community of like minded people, most of whom I know. So it’s public, but in the same way that a rented ball room at a hotel is. I have a reasonable expectation of privacy and recording from the guests. If someone crashes the party and records the guests, they’re violating my privacy.
That’s what you’re doing here. You’re sneaking into the ballroom, in a disguise and recording the guests without permission. Hiding behind the idea that “He didn’t specifically tell me I couldn’t” is disingenuous.
The fact that you didn’t immediately foresee these concerns tells me all I need about your company. Worthless and disreputable. Stay the heck off my servers. We don’t need vermin.
December 2nd, 2007 at 3:32 pm
“Public” and “for publication” are two different things.
Even in the middle of a busy shopping mall, you don’t expect someone making secret recordings of your conversations to broadcast later for everyone to hear.
Now if those recordings were made with permission (translate: opt-in), and overtly (translate: identifiable nicks), it would be a different matter.
December 2nd, 2007 at 3:54 pm
You can not remove the relation between the search hits (the query) and the channel in your business model.
Think about someone searching for ‘revolution’. He gets channel #cooking as result. Then all (current) chatters in this channel are associated with ‘revolution’. And know imagine someone, who (has to) think(s) that these chatters are actually chatting about revolution (and not about revolutionary recipes). (And now imagine, that this someone is W. Bush or some idiot from Homeland Security
I really like to have a search engine, that finds channels. But please, please do not index contents! Only index the topics. So no misconceptions are possible to be made!
December 2nd, 2007 at 4:33 pm
The issue isn’t the “logging” it is the pretenses of the logging. IRC is and is not a public medium. What I mean by this is that IRC, while open to the public, is in many ways an environment by invitation. IRC Networks are not “The Mall” or “The Subway”… As administrators we are running these networks from our own servers and at our own personal cost…
In that regard, we are inviting people into our “homes” and we have free reign to allow or disallow anyone we desire. It is not ethical to stand on the street and point your video camera into our “homes” just as it is not ethical to simply sit in our channels and log our conversations while contributing nothing under the pretense of being a member of the community.
IRC Networks tend to have fairly firm bot policies. We don’t allow botnets into our so called ‘public’ arenas, and for many of us “logging” bots fall under the label of being intrusive and disruptive. We all banned google when they were logging IRC as well as the others… google, to their credit, has apparently stopped the practice. If you truly believed you would be welcome and that your ’service’ was legitimate… instead of being akin to a wiretap… then you would have never misrepresented yourselves in the process.
There is no grey area of ethics in this situation. On my network, as well as others, these bots are prohibited and documented as such. By connecting to our services for the purposes of logging, you are in violation of our ToS/AUPs.
In short, stay out of my house.
December 2nd, 2007 at 4:58 pm
What do you mean with “verifying their identity on IRC”? Do you seriously think you can ask someone on IRC to identify him/herself? You aren’t any form of authority!
December 2nd, 2007 at 5:01 pm
IRSeek have no authority over this matter regardless of their goals or agendas.
It is in fact up to the networks (i.e. efnet, freenode) or servers (i.e. arcti.ca, servercentral.net) or the channels (i.e. #css) to make that call.
There can be no compromises. You must read and follow the rules and ask for permission before moving on. Trying to do this under the radar speaks in volumes about your intentions.
“Since people are allowed to go in and out of such channels, and anyone could be logging (and most likely automatically logging the conversations in their own IRC client) the channels, it will come as no surprise to users that their chats are available on the web.”
There is a huge difference between logging information (because one as a human participate in the community) for personal use and logging information (because one is a bot and does not participate in the community) to make public without the consent of the participants or service providers.
December 2nd, 2007 at 5:19 pm
It is a well known fact amongst the vast majority of educated IRC’ers that you should expect everything said in a public room to be in at least one log. There is obviously no way to know who/what is logging each channel so the method used to do this (such as tor) shouldn’t be of concern to anyone. I, for one, would greatly enjoy having a public search engine for various channels so I don’t have to share my logs when need be.
December 2nd, 2007 at 6:11 pm
Thank for IRSeek for your services. I hope websites like this will stay around. Im sure you are working hard to improve the website and sort out any problems. Best of luck in the future and the web wont be the same without this great service.
December 2nd, 2007 at 6:14 pm
@Gregory Haynes:
I don’t disagree with your statement that the function of IRSeek is useful; I think a lot of people would agree. I think the majority of folks that are upset about this are upset and concerned about the -tactics- used to gain the data. As I and several others have pointed out, the bots and methods used are discourteous the the channels being logged, underhanded, and just unethical. They should have spoken to Freenode admins (along with admins from any other network they’re on) and given a heads-up, and at the very least made their bots identifiable so channels could ‘opt-out’ of being logged by banning them.
December 2nd, 2007 at 7:36 pm
While looking at some of the conversations that were being shown on your site I noticed a number of email addresses in them. This to me is another big issue, with so many email harvesters running around the net, no telling how many were harvested and are now receiving spam.
December 2nd, 2007 at 7:59 pm
My concern is quite simple, what if employers look you up on irseek and see you pissing about and then hire some other bloke?
That _is_ a problem, and irseek people need to address it. There is some reasonable expectation that what goes in an IRC channel doesn’t spread very far without people knowing that’s going to happen.
This isn’t the same as just logging a channel, this is giving people direct access to things that they may not actually be wanting to share with people outside their tight-knit community. Why should those people have to use +s or +p? They _shouldn’t_.
December 2nd, 2007 at 9:20 pm
Hi. I think this is a great service. As you note in your article, anyone who thinks what they say on a public irc channel is in any way private is under a misaprehension. Publishing of irc channels has been commont for a very long time. Please do not anonymize nicks or stop indexing nicks. I understand concerns over data mining but the reality is the only way to prevent data mining is to not produce any data to mine in the first place.
December 2nd, 2007 at 9:47 pm
It is fully an invasion of privacy. Period. Users should be aware of its existence. Before they join such a channel. Give yourself a pat on the back for making crapware. A+
December 2nd, 2007 at 9:48 pm
agreed opt-in is the only acceptable option
as with opt out it means all maintainers would have to be already aware of your service {and any other act-alike} and spend days opting out of all of them
better to go with the less resource intensive option of allowing admins to opt in {and at the same time update their greeting message to advise users of same}
thus if your welcome on the channel you will find out pretty quick
also may i suggest using a standard nic like irseekbot-randomnumber
so that users that havn’t recieved a warning from an admin can note your presence, or it can auto-reply to direct questions with info regarding what it is
December 2nd, 2007 at 10:42 pm
mikeash: I agree with your opinion re opt-in vs opt-out, but your “front-of-your-house” analogy is pretty flawed. Large groups of random people don’t congregate out in front of your house all day to hold public discussions. While possible, it’s not normal or acceptable behavior so it’s a rather poor analogy for public IRC chat rooms.
A more accurate analogy is a public square or park. Kinda shoots your argument in the foot, regarding the round-the-clock surveillance point you were trying to make.
As PJB pointed out, I think the main issue here is the lack of disclosure/tactics.
December 3rd, 2007 at 12:42 am
Gregory Haynes:
I have no issue with someone recording my conversations, if I have something private I’ll move to a query. The problem for me is having this published online, and openly searchable. Not without the consent of the community the bots are intruding.
December 3rd, 2007 at 1:19 am
Hi, I’m here to log every website you operate. Since they’re available publicly on the Internet, I’ll be taking all of your content and making it searchable from my own site. Also, I’ll be slapping up ads and trying to make a buck from it.
If you don’t like that you can opt-out of course.
Pff… seriously…
December 3rd, 2007 at 2:35 am
Hi. A former irc.opoy.fi admin (2003-2005) speaking here. I do agree that IRC is by default a public medium, and anything said can be expected to be logged by one or more users. Gathering logs into a searchable archive is no problem; it’s already being done by others. It can even come in handy sometimes. The problem is not being open about it. In my personal opinion, I don’t mind a logging bot that is labeled as such, and can be invited it it’s wanted, or kicked out if it’s not, but I don’t like a logging bot that is actively trying to hide itself.
Just my personal opinion,
Juhana Siren
December 3rd, 2007 at 3:26 am
Has IRC been logged by individuals for years? Yes. Have the logs been publicly posted for years ? Yes. Is a search tool useful for such things ? Yes. Does it exist already? Yes. What is its name? A web search engine.
Seriously.
How is IRC normally logged - contextually? When you have a logged channel, the most common way is by common consent of those on the channel. Someone then sets up a logger, and often a way to avoid something being logged. The worst case version of avoiding being logged is to set up a shadow channel (#foo-nolog) (#foo-logged).
The way to view this is IMO is like a pub or cafe or other places people hold meetings in public. Having someone attend the meeting and log it, on behalf of those present, is a commonly useful thing. (Indeed, in an organisation this is formalised as “minutes”).
However, imagine the viewpoint of (say) every Starbucks in the world recording every conversation at their tables (because it’s public), and then making it possible to search by the name of the attendee and the content of what they say… Now take one step further, assume that Starbucks say that this is bad (as I’m sure they would), but someone sends robots into their cafes covertly to do the same thing. (if they were doing this covertly for a government this would get called “spying on your population”)
Would that be even *vaguely* acceptable?
Just because a conversation is in a public place doesn’t give you the automatic moral right to record everything, republish, index, and make searchable everyone’s conversations… Just because you can do a thing doesn’t mean to say you should do that thing.
I’m sure we’ll hear the cry “There’s nothing wrong with this unless you have something to hide” sometime soon… (Which like the term “opt-out” is one of the weakest, and most misguided, arguments that can possibly exist).
Now, that said. An opt-IN service would be incredibly useful - in exactly the same way the cia (open source dev tracking) service is. You’ve (hopefully) naively done something HUGELY offensive, now you can do the right thing.
December 3rd, 2007 at 5:05 am
I don’t know about the rest of the world, but in Norway, recording a conversation you’re *not* taking part in, is *illegal* — while conversly recording a conversation you are part of is legal.
An irc channel would be a bit of a gray area — if you’re speaking in a public place, in a room, you accept the possibility that anyone might be recording you. However they record this via chat-bots, not by the logfile from in their normal irc client.
I’m pretty sure this can be consdered illegal in most Euorpean countries.
Having an opt-in system, along with a motd that states so-and-so channels are being archived online, should be fine, however.
December 3rd, 2007 at 5:16 am
So by the same definition it is ok for me to record people’s converations on busses, trains and in malls, as they’re speaking in public and put them online, index them and then sell ad space on my site. Nice one.
December 3rd, 2007 at 5:52 am
The idea that IRSeek used TOR to stay anonymous, used anonymous names and never made their presence known to network ops just let us users give the idea that they will use the data in shady ways. On the bright side this makes IRSeek responsible for what is said there since they publish it without our approval from neither network ops, chanops or users.
However given the fact on how you people approached this idea of data mining I don’t think you will get much support from the community later on. Like Mikeash said you probably wont like us to sit in front of your house and publish what the hell you do on the net also. although we are allowed to do it. There are moral ethics involved which you violated.
December 3rd, 2007 at 6:36 am
[quote]The way to view this is IMO is like a pub or cafe or other places people hold meetings in public. Having someone attend the meeting and log it, on behalf of those present, is a commonly useful thing.[/quote]
). Or when we’re gossiping about someone not in the channel at that time, he would be able to look up what we were saying.. we don’t want this, do we?
That’s what’s it’s about: IRSeeK logs conversations, and makes them available to *anyone* on the web. My client does logging too, but only for the channels I join.
Logging conversations isn’t a bad thing, but only for the people who were there, in the channel, at that exact moment, so that they can re-read the discussion -or links posted- afterwards.
I don’t want to see this made available on a search engine, since my boss/employer could look for logs where someone (me, in this case) is talking about the company (in a bad way
December 3rd, 2007 at 8:05 am
@Michael Sparks:
Your Starbucks table analogy is flawed in the same exact way that mikeash’s is. At your Starbucks table there’s an implied privacy, same as the front of your house. If some stranger was lurking at your table, you’d notice & ask them what the hell they were doing. That’s not the case with public IRC channels (am I missing something?). It’s simply not normal or acceptable for a large group of random people to congregate at your Starbucks table. While it’s technically public, your table is not a public forum as public IRC channels are, so it’s a terrible analogy.
Go to any forum open to the public, and the vast majority are recorded in one form or another. If someone is in the back of the room (also a better analogy than your “covert robots”) taking notes or video, it’s a completely acceptable activity.
December 3rd, 2007 at 8:23 am
IRSeek have no authority over this matter regardless of their goals or agendas.
It is in fact up to the networks (i.e. efnet, freenode) or servers (i.e. arcti.ca, servercentral.net) or the channels (i.e. #css) to make that call.
There can be no compromises. You must read and follow the rules and ask for permission before moving on. Trying to do this under the radar speaks in volumes about your intentions.
“Since people are allowed to go in and out of such channels, and anyone could be logging (and most likely automatically logging the conversations in their own IRC client) the channels, it will come as no surprise to users that their chats are available on the web.”
There is a huge difference between logging information (because one as a human participate in the community) for personal use and logging information (because one is a bot and does not participate in the community) to make public without the consent of the participants or service providers.
December 3rd, 2007 at 9:35 am
The pro-indexing crowd is basically falling victim to a slippery slope fallacy.
Yes, IRC is public and indexed and logged, and sometimes searchable. But just because this is done on an ad-hoc basis by individuals does not automatically mean there is no problem if it is done on a large scale by an automated system. To claim exact equivalence between the two concepts is wrong.
If you want us to treat your activities the same way we would treat a human who’s recording logs, then act like a human who’s recording logs. Don’t mask your identity, and actually say something from time to time.
December 3rd, 2007 at 9:53 am
Dear IRSeek staff,
Please consider the following:
Federal and State laws may allow you to surreptitiously record conversations where the parties may reasonably expect to be recorded;
and Yes, you may be able to establish that in the case of public IRC channels (those which are not +i, +k, +s, etc.) the parties should reasonably expect that their conversations may be recorded (since most IRC clients come with a logging feature);
but No, the above facts do not automatically mean your business model is lawful.
I will highlight two issues that may be of concern to your business.
First: have you considered that a large part of the material you are publishing may be defamatory? You should know that any and all persons (including corporations) involved in publishing defamatory material are subject to civil liability and criminal penalties.
Second: have you considered that copyright may well apply to the IRC conversations you have been recording and that you are not the owner of those copyrights? You should know that the copyright owner retains the exclusive rights to publish any such works and to communicate them to the public. Infringement of copyright laws may also - as above - result in civil remedies and criminal punishment to both your firm and its employees.
Thank you, IRSeek staff, I know you will give proper consideration to these issues.
December 3rd, 2007 at 12:34 pm
“we were under the impression that users in public chat-rooms are aware that their conversations are, by definition, public”
Everything you do in the street is also, by definition. public. So, are you happy for me to set up a camera that records *everything* you do in the street and makes that easily linked to your identity?
No? Didn’t think so.
Putting this system online is a bit like setting up cameras in all major public places and making it all easily searchable. Wanna know everything that John Doe has been up to in the last 5 years? Just run a quick search. Oh dear, he was drunk one day and said something I don’t like. Better not hire him.
There is, still, in today’s world, a huge, mile-wide line between “public” and “recorded and searchable”. Perhaps that will change some day, but that’s still the case. Respect that fact. Get IRSeek offline.
December 3rd, 2007 at 2:55 pm
I just wanted to show my support for the IRSeek folk. We just opened up an IRC channel recently, and while we COULD setup a bot to do essentially the same thing it’s not our core focus. IRSeek is specializing in offering this service, and they will do an infinitely better job than we’ll ever do. It’s fantastically useful, and I really hope they’re back soon.
December 3rd, 2007 at 3:56 pm
It is a general misconception that IRC servers are a public free for all place. IRC servers are like someone’s club, which is open for everyone to visit. But still, as it is owned by someone or a group, this means that there are houserules that apply. The mere fact that you can enter a server or network does not give you the right to do whatever you please. Just like i will not take a microphone to your company and log whatever is being said there… and make it searchable online.
Sure, people log conversations, but in general they keep those conversations private. If i have a channel where 50 people are a guest, then you will normally not expect that whatever is said in there is viewable by more than those 50 persons.. let alone a possible audience of some 4 billion people!
Logging a channel for people outside that channel, is fine only if the channel operator is okay with it, and that it preferrably is also known by the participants of the channel.
And last but not least, like people above already stated… if you insist on logging, then at least make sure we can identify your logger bots… so we can ban them from the network.
December 3rd, 2007 at 8:00 pm
If I see your bot on my channel, I’ll ban it and report it to an ircop. Your proposed service is rediculous and intrusive.
How can you fail to understand that, although some IRC channels are public, bots that log conversations without consent are not welcome.
And having an opt-out system is arrogant and completely retarded. Come back when you understand the internet.
December 3rd, 2007 at 8:29 pm
whooooaa!
December 3rd, 2007 at 10:16 pm
I agree with many comments already here and disagree with some. Basically, I do believe that this is a great idea and that public channels are public, BUT they should not be logged/indexed on the web without people knowing of it.
My idea for a solution should help satisfy the opt-in/opt-out worries of everyone and the privacy issues. Think of a search engine (like google) that uses a robots.txt file on websites to know what to index and what not to.
Now, take this concept and put it onto the IRC Network for IRSeeK.
It’s very simple, all that needs to be done is a simple addition to the ‘motd’ file, which I’m sure every IRCd has, if not I’m sure they have some sort of ‘on connect’ message that’s easy to edit.
The line could be as simple as: “##IRSeeK: allow #mychan, #thischan, #otherchan”
The bot would read this line on connect and go into those channels, no others. It could also be used with deny, and joins all other channels but those listed (the allow list seems more practical though).
If the line does not exist, it would get admin info, even oper names and send a message to a Project Admin to get in touch with that network and see if they want to be part of this project or not.
With this type of system in place, a simple addition to the motd and even channel topics informing all users of the new logging/indexing bot would take away all privacy concerns as everyone would be warned and it would not be a hidden thing.
Of course the bot should also have a recognizable nickname and host.
December 4th, 2007 at 2:01 am
I do think an opt-in would be much better then a opt-out idea and I believe you should not just have it for channels but whole servers/networks because it may be against a TOS agreement for that server/network. I believe you may even be liable like a search engine’s bot that indexed a ladies site that said on her site “This site may not be indexed by bot or human.” She was winning the court battle last I heard because a robot ran by company is still as liable as human and its not her fault that the robot couldn’t read her site or source code to determine this. I know she could have had a robots.txt but she didn’t and shouldn’t have too. With your bots you can’t even have this feature of opting out.
December 4th, 2007 at 3:15 am
Too bad. Cool service.
December 4th, 2007 at 3:41 am
@Wick
The problem with your suggestion that the house surveillance concept is flawed…is that there is no implied privacy at all. If there is an implied privacy, what is Google doing with Street View on Google Maps taking photos of streets?
December 4th, 2007 at 4:17 am
Ack, my comment didn’t come out the way I’d liked it to.
All I mean to say is that a fair number of IRC users are expecting this sort of implied privacy you keep mentioning - that if they felt the need to record a conversation at Starbucks or take a photo in front of our homes, that the person would come up to them and ask to do so.
The implied privacy idea is nice but doesn’t entirely work - unless IRSeeK was logging +p/s channels, which I highly doubt. However, plenty of channels, servers and networks had mentioned something in the TOS about logging, i.e. in the case of the entire Freenode network. This is where most people take offense to what was being done. It’s that rules were flagrantly broken to index and archive ephemeral conversations for the profit of some completely random company.
And I don’t know where you go to, but at plenty of events, conventions and gatherings I’ve been to, you were generally informed in one way or another that “logging” of some sort was going on. Usually a fairly obvious camera, or some notice of some sort, or an announcement. What IRSeeK was doing was tantamount to coming in unannounced with a hidden camera under false pretenses.
Speaking of which, a pretty decent analogy would be what happened at the past Defcon. NBC reporter came in with a hidden camera in her purse trying to out people for the very sleazy Dateline show, lying about who she was and why she was there. So, let’s say you were there and you met a few people and talked to them. It’s one thing if they said they were recording this for some random security-related video podcast. It’s another to chat with someone you’ve never met before (read: this random female at Defcon carrying around this purse trying to talk you into saying too much) and then seeing a recording of your entire conversation detailing some new evil-sounding exploit on Dateline NBC the next week. (Thankfully that didn’t happen…)
Unfortunately, all the options listed in the above blog post are pretty awful. This service should be opt-in. I can see it being of great benefit if it was opt-in and there was a “maintainer” for each channel, adding enough metadata to random conversations to make the logs useful. Otherwise…well…what a headache. Should I be expecting secret channels requiring keys and a registered nickname to join? Frustrating.
Networks I’m an oper on are probably too insignificant and well hidden for irseek to give a *&#% about, but if a bot ever showed up, I’d be glad to gline with record speed.
December 4th, 2007 at 9:31 am
@Jane:
My point was that some of these analogies are so far off base, they’re not helpful to the conversation. As you may have realized (re your 2nd post), your comparison with Google Street Maps takes the poor “house” analogy further & misconstrues the action. With Google’s one-time snapshot, your house remains private except for a brief fraction of a second, very different from mikeash’s more accurate analogy of “round-the-clock surveillance”. I’m sure if IRSeek’s bots had joined each public channel only once & logged for a second (similar to Google’s actions), likewise, no one would care.
Poor analogies aside, I whole-heartedly agree with you regarding IRSeek’s lack of disclosure. I addressed that in a comment I made previous to the one you responded to, which unfortunately is still waiting moderation (??).
As you said, at public venues where the proceedings are being recorded in some way, that fact is either made clear or is very apparent to the casual observer. That clearly wasn’t occurring in IRSeek’s case & as you pointed out, violated TOS in many cases.
December 4th, 2007 at 9:58 am
Ironically, http://www.overheardinnewyork.com has a Starbucks conversation (overheard at the counter) as the top entry at the moment.
December 5th, 2007 at 8:00 am
I do not agree with the argument “if others do it then why do you care about what we do”. Try to think using it for other situations and you will see its absurdity.
So, the fact that other people have been logging IRC channels without consent and published logs on the Internet does not make it (in any way) right. Also, there is a difference between being public IRC and public Web, and your service wants to remove this difference.
When I talk on a public IRC channel I am aware of the users inside it, I am aware my discussion is available to _them_ and not other people. That is important to note, because even if one of them logs it and publishes on the Internet (which is a bad thing to do anyway as I said above) it is at least a an exceptional situation, I can say they are faked logs and such. If however a well established IRC logging site does that the argument that they are fake does not hold much water because the site being popular automatically has more credentials then my words (as opposed to some random user doing it).
So in conclusion:
1. public IRC means you talk to the people on the channel at that moment and not to others
2. if one logs and publishes without consent it is a wrong thing to do but it is an exception and it is very less likely his log will affect me in any way (as it will be by some random user on some random site)
3. if instead there is a well known site that does this then the problem at 2 is amplified 100 times
December 5th, 2007 at 2:33 pm
is a nice idea, been done a few times before.. but yeah, I think a opt-in service would be better, and for the network admins, they should add there network to be index’d and then individual users could opt-in, as long as the bot announced itself onjoin.
December 9th, 2007 at 8:47 pm
Opt-out is fine, but anonymizing by default would be terrible. Perhaps an opt-anonymize for individual users.
December 10th, 2007 at 9:39 pm
@Wick, sorry for the delayed response, but:
Google maps street view is effectively not round-the-clock surveillance as mentioned by mikeash, but what happens with the images taken is that they become available for anyone to see from anywhere. I’m sure you’ve heard of plenty of little gems found in street view - cats, naked people, random people who are surprised to see themselves in the photos… So, it’s not EXACTLY the same as irseek, but the idea is that street view is logging (although only a fraction of a second’s worth) and putting that up online for everyone to see…google’s main source of profit isnt from street view, but irseek’s will be from the multitudes of logs that have been recorded in a very disturbing manner - not the act of logging itself, but rather, the lack of disclosure, the flagrant ignoring of possible network, server and channel rules, and the manner in which it chose to disguise the bots.
December 20th, 2007 at 7:17 am
I couldn’t understand some parts of this article Open letter to IRC operators, but I guess I just need to check some more resources regarding this, because it sounds interesting.
January 4th, 2008 at 8:48 pm
What’s the point of this blog post if you don’t cover the base requests?
Who allowed you to get back into the channels with your bots?
Did you ask for permission?
See this: http://www.irseek.com/blog/?p=3#comment-31
You are now banned from Efnet #CSS permanently as far as I’m concerned and will keep an eye out for your future attempts.
Please remove the logs from your site!
Thanks.
-Sarven