University-funded music subscription services failing

(via Freedom to Tinker)
The Wall Street Journal online provides some excellent details on how music services for students funded by colleges are failing. More importantly, there’s a lot of information on why these services are failing with the college crowd.

As a student at Cornell University, Angelo Petrigh had access to free online music via a legal music-downloading service his school provided. Yet the 21-year-old still turned to illegal file-sharing programs.

The reason: While Cornell’s online music program, through Napster, gave him and other students free, legal downloads, the email introducing the service explained that students could keep their songs only until they graduated. “After I read that, I decided I didn’t want to even try it,” says Mr. Petrigh, who will be a senior in the fall at the Ithaca, N.Y., school

I doubt most techies are surprised by this insite. We want movable bits. Free downloads to the hard drive are nice, but if we can’t move those bits to our portable MP3 players, burn them onto CDs to listen to in the car, or move them onto other computers we use, then we’re not so interested in those particular bits. Instead, we’ll find other places to get the bits in a format that lets us do what we want.

To stop students from pirating music, more than 120 colleges and universities have tried providing free or subsidized access to the legal subscription services over campus networks in the past few years. About 7% of all four-year schools and 31% of private research universities provided one of the legal downloading services, according to a 2005 survey of 500 schools by the Campus Computing Project, a nonprofit that studies how colleges use information technology

. . .

Purdue University officials say that lower-than-expected demand among its students stems in part from all the frustrating restrictions that accompany legal downloading. Students at the West Lafayette, Ind., school can play songs free on their laptops but have to pay to burn songs onto CDs or load them onto a digital music device.

There’s also the problem of compatibility: The services won’t run on Apple Computer Inc. computers, which are owned by 19% of college students, according to a 2006 survey of 1,200 students by the research group Student Monitor. In addition, the files won’t play on Apple iPods, which are owned by 42% of college students, according to the survey.

Hmmmmmm. Non-portable bits, disregard for 1/5 of the student body, and extra charges to get the format students want? Well color me surprised! I can barely fathom why the services aren’t doing well.

There is also little consensus among administrators about how successful the services have been in eliminating piracy. Although some say complaints from the recording industry have dropped sharply, no one can tell if that’s because fewer students are engaging in illegal file-sharing or if the industry simply doesn’t want to go after schools that are spending money to combat the problem. “The RIAA’s push to buy into these services strikes me as protection money. Buy in and we’ll protect you from our lawsuits,” says Kenneth C. Green, the Campus Computing Project’s director.

I buy this thought. I think most of the recording industry’s attacks on its own customers has been nothing more than a strong-arm tactic to get people to buy protection from the recording industry. Seems the mob might get a bit upset at the recording industry moving into their turf.

Here’s the kicker. What are students using for their music if not the freely available services? Oddly enough, it’s not the illegal services – Itunes seems to be the big daddy service, just like everywhere else. Imagine that – people will pay, if you make an effort not to screw them for staying legal.

Some schools that don’t offer free downloads dismiss the subscription services as too costly for the results they achieve, especially because so many students now buy music from Apple’s iTunes Music Store. “We were not in a position to offer an alternative to iTunes,” says Lev Gonick, the chief information officer at Case Western Reserve University in Cleveland. “The alternatives looked like they had more sizzle than steak.”

More sizzle than steak. I like that comment. And it seems about right.

[tags]MP3, Music downloads, Recording Industry[/tags]

Phishers getting more clever

(via Schneier’s security blog)

In an effort to fool more people, phishers have taken to using man-in-the-middle attacks.  In the past, if you thought a site was a scam or an email was a phishing attempt, you could enter bogus login information, see a success message, and know that the setup was a fake.  Now Washington Post has an article about phishers putting up a fake site and passing login credentials on to the real host site (in this case a bank, but also sometimes ebay, paypal, Amazon, and more) and using the response to determine what you see in response.  So if you enter bogus information, you will get a “Bad login” response from the fake host.  If you enter real information, you’ll end up forwarded to the real login success screen on the real host and the phisher will have a confirmed account.

The site asks for your user name and password, as well as the token-generated key. If you visit the site and enter bogus information to test whether the site is legit — a tactic used by some security-savvy people — you might be fooled. That’s because this site acts as the “man in the middle” — it submits data provided by the user to the actual Citibusiness login site. If that data generates an error, so does the phishing site, thus making it look more real.

By the way – Mr. Schneier predicted this last year (and really, it was a pretty obvious next step for phishers to take – I predicted it, too, but I’m not smart enough for anyone to listen to me).

[tags]Phishing, Online security, Computer fraud[/tags]