Christian Heilmann

An open letter to Sony: your Ultraviolet Film service teaches people to trust malware

Monday, January 14th, 2013 at 10:44 pm

Online piracy is a terrible thing. It is illegal. It does kill jobs and it does prevent products from being released and artists from becoming famous and being able to make a living. This is the truth, although when you hear it from labels and the film industry and seeing what is being promoted and sold it does lose some of its credibility.

Nevertheless, online piracy is a criminal actcivil matter (explanation) and should not be the norm. The best way to fight online piracy is to make it redundant. Purchasing a media and being able to watch it when I want as long as I want and as often as I want should be dead simple. This is what happened in the past when I bought physical media in the time of CDs and Vinyls and VHS tapes.

Even then the film industry made it hard for me to enjoy the things I bought. There were differences in TV formats (NTSC vs. PAL and the wonderful milky display of movies that were badly transferred) and different releases of vinyls in different countries had different tracks. Also, I was punished when I lived outside the US as I had to wait for half a year for a movie my friends on BBSes and later on in Newsgroups and IRC talked about.

I have not bought a CD in a while and I have not downloaded any pirated MP3 in years because of Spotify. I pay my monthly fee and I happily listen to as much music as I want. I download the music to play on my iPod in the gym offline and all is good. I pay, the artists get money, the labels get money, Spotify gets money and I can enjoy my stuff.

Now, on a flight lately I watched Total Recall, the remake (ironically released by “Original Film”) and I was almost ready to watch it on iTunes and buy it there. As it is a cool CGI movie, I thought I get the HD version and – if possible – check it on my Retina MBP. Then I thought that £13.99 is a bit much and as I want to see it next time I am in Sweden with my partner, I want to get it on the computer I take with me on Travels. Google Play was out of the question as it doesn’t let me access my UK account when I am out of the country.

So today I went to the shop and saw the DVD of Total Recall for £15 so I thought, OK, let’s buy a physical DVD. I could do it ironically and be a hipster about it. My plan was to rip the DVD to my computer and watch it with my partner whilst keeping the physical thing at home as none of my laptops have drives any longer.

But, oh wonder! You thought of this and gave me the awesome “Ultra Violet” film collection option. So I could go and get a digital copy of the movie I just bought for my convenience. Amazing! I was ready to download the hell out of this MP4 you’d offer me in a simple download, and went online to get the movie.

Now, the first thing I was asked to do was to fill out a form to sign up for your library. This form didn’t understand my perfectly valid 5 digit UK postcode and told me I need a 6 digit one – how dare I have a working address? It also asked me to have a password in a certain format after I entered mine twice instead of telling me after I entered it once that this will not do in your world of security.

OK, I signed up, giving you a wrong postcode to get in and a wrong birthdate as it is none of your business when I was born.

I then got to the download page which asked me to install Silverlight. Why is this not on the DVD pack? A simple “requires Microsoft Silverlight” would have told me that there is pain ahead.

I downloaded the Silverlight linked from the Download page and installed it. I restarted my Firefox and went to the download page and was asked to install it again. What? OK, I went to Safari, logged in and the login page told me my Silverlight is the wrong version. I installed the one not linked from your “download silverlight” button and hooray, I could now install the Sony Pictures Download Manager which is a secure and trustworthy and wonderful way of downloading movies I paid for. That is if it were a verified program file. As it was my browser told me that the publisher of this file is not verified:

unverified app

Is it yours? Is it malware? Should I be concerned that you tell me as Mac user that I should double-click the icon of the download manager once it is on my Desktop which it never will be? Should I install the .app file that my operating system tells me I downloaded from the internet and could be anything?

unknown application

I did, this is how much I am happy to meet you halfway here. So I installed the download manager and started the download. And I felt the laptop giving off a warm glow when it started, seeing that your download manager sucks up 17% of this very, very beefy computer whilst downloading the movie.

activity detected

I can only imagine what watching the movie will be like.

So here is my advise: hire a few researchers to download and watch pirated movies. Learn from the way pirates distribute and make things available and then make it easier. Today you lost me as a customer. This is the first and last movie I bought from Sony Pictures as your interest is neither safety nor my enjoyment.

What you do right now is:

  • Make legal customers go through a broken sign-up process with strange rules
  • Make legal customers install strange software without verified publishers (with one download linking to the wrong version)
  • Slow down my computer unnecessarily with a heavy download client whilst I already have iTunes and Google Play

You know what that is? The same thing shady download locker sites do to lure people into downloading malware after entering a captcha most likely used to get into another site. Instead of making it easy for end users who just want to legally watch a movie you teach them that nothing on the web can be trusted, so we might as well install whatever promises us movies to watch. As a security conscious person, I consider this bordering on aiding the criminals you so loudly proclaim to fight.

Let me repeat: you only fight piracy by making it unnecessary. All the money you spend on building overly complex and ridiculously locked-in systems like that is what kills movies and hurts artists. Learn from the people who attack your business and you will come out a winner.

Share on Mastodon (needs instance)

Share on Twitter

My other work: