Operation Boycott Sony? Really?
So, found this on the the, supposed, new blog of our favorite hacker, GeoHot.
I wanted to address a few things here, specifically each of the "Why?" items. So, without much fanfare, here we go.
Quoted: "Sony continually removes features from the Playstation 3 hardware that were a major ADVERTISED selling point for the system. This is a form of false advertisement and it is ILLEGAL."
Response: The _only_ feature Sony has ever removed from an advertised item is OtherOS, something they confirmed as being used than not even close to one half the percent of people and done because hackers found a way to use it to hack the software.
Removal of BC, extra USB ports, and similar in later models wasn't illegal as those models were updates and were not advertised as having those features.
So, the statement of "continually removes" is completely false. I will grant that there was the removal of OtherOS, but it wasn't a focus of advertising, used by even half a percent of the current users, and was removed because of the attempt for users to obtain data that is reliant on ensuring the security of every PS3 out there.
Quotes: "Sony places customer's security at risk by allowing credit card information to be transmitted over the internet in plain text every time someone signs into the Playstation network."
Response: Actually, all they know is that the information is stored in plain text. They still have not been able to detect how it is sent. It's far from unusual to store items in a text format on the client's end and then send it as a package of bits via the Internet.
While I agree it could be more secure, the information being sent isn't insecure. It's pointless information that does nothing to identify the person on the account or anything worthwhile that could be used to collect and use the CC data for fraudulent purposes.
Quoted: "Sony permanently bans Playstation 3 hardware from accessing the PlayStation Network for suspected (not proven) custom firmware."
Response: Actually, they can confirm exactly if you are running CFW or not. From comparing the local XML/text files (such as the ToS text file), to checking the digital signatures of installed software to make sure it's not running any that aren't found on their end, to even just detecting if the account has enabled previously disabled features, such as OtherOS. No one has been banned that hasn't run CFW. It's very easy to tell who is running CFW and who isn't, since if you're not, everything would match up exactly with what the latest FW put out. Any changes to this requires that you had installed or otherwise hacked your PS3.
As far as the leap that they are taking in saying that "hackers found a way to change the hardware id of the Playstation 3 hardware" in order to ban an honest user. Total pablum and a pipe dream. The exact same thing could have been done with the 360 by now since Microsoft utilizes the exact same method of banning accounts/consoles. The reality is that knowing that information is sent isn't the same as being able to properly spoof the necessary information being sent; which includes decrypting it, generating a method for creating new valid keys, and then re-encrypting the data to be sent; and then sending it to Sony via a PSN connection without it being recognized as spoofed data by their Intrusion Detection/Prevention Systems. So far, this is just fear mongering. An attempt to get legitimate PS3 users scared and angry at Sony by saying it's possible without even attempting it.
Quoted: "Sony secretly sends micro updates to the Playstation 3 firmware without the user's knowledge anytime a user connects to the internet in order to prevent the installing of customer firmware."
Response: Completely false. Like all things, Sony validates the access a console and account has upon each attempt to connect to PSN and updates any cached data used for validating this information on the PS3. This is the exact same as N4G validating you being logged in and updating a cookie in your temporary internet files to mark your last visit and that you are still logged in.
In order to install any new code onto your system, they must halt you from using the OS. The newly compiled code cannot just be placed on your system without having to restart the OS as well. This isn't taking a PHP or similar page and overwriting the new one. The C++ code that is used on the PS3 requires that it be compiled and that the necessary configuration and relative files be compiled with it and updated at once.
Again, more fear mongering to get legitimate users worried and angry at Sony without any substance to it.
Quoted: "Jailbreaking or custom firmware are legal and completely within your rights to use."
Response: Jailbreaking a phone is completely legal if used for custom programs and opening them up to use with different providers; jailbreaking is not legal for illegally obtaining the IP of others or adjusting any software that isn't related to allowing custom programs or unlocking the phone for use with a different service provider.
What is not legal at this time is jailbreaking a console nor taking Sony code (firmware) and modifying it as your own custom firmware. The reason behind this is that the CFW modifications made aren't illegal because they can run homebrew, they're illegal because they allow a person to bypass the security protocols and limitations set by Sony with the PSN code, which is illegal to modify.
Unlike phones, the firmware for the PS3 and similar consoles contains specific data for processing sensitive data and purchases on the provided network (XBL/PSN). The modification of this code is akin to customizing a credit card processing machine to send the person's personal information to a source not specified for the machine's design.
Furthermore, this isn't about allowing people to run homebrew, it's about A) the sharing of sensivite and secure information that is integral to Sony's ability to provide a secure environment for their business and therefore each of their users (metldr key data); and B) the modification of Sony IP, specifically the firmware code which also acts as the framework for PSN.
Conclusion: I'm not one to stop someone from boycotting. Go right at it, it's your right. But this stuff kind of pisses me off only because it's riddled with a lot of misinformation. It's fear mongering at its worst, knowing that the general public doesn't know enough to question what they're being told and immediately worrying if Sony is keeping their purchase and personal information safe.
The people who are spreading this information are liars or some of the most ignorant people I've yet to see on the Internet. I find it hard to believe that they don't know that what they are saying is false. I do know that they are, unfortunately, getting the attention they want, and this will only force Sony to have to work harder to fight against the poor publicity.
All of this because Sony needs to protect their business from people who didn't care how their actions would affect them or the legitimate customers of their hardware. And as gamers, we tell people every day to support the people who make the games we like. Looking at 2011 and what Sony is doing for the gamers, I wonder where people's heads are at the moment.