German "anti-piracy" site has major privacy hemorrhage

Carsten sez,

The German movie industry's campaign to scare people from illegally copying movies and other copyrighted material ("Hart aber gerecht", translates to something like "tough but just") has experienced a real blow to its public image, again.

The image put forward by the campaign strongly contrasts with the supposed level of technical knowledge within the organization as well as their webhosters: for a period of about 21 hours the server's DocumentRoot was open to the public. Everyone interested could peek at (drastic, if not hilarious) anti-piracy campaign videos, server logfiles and such. German blogs already have been eager to analyse and comment.

Most delicate is the matter of eCards, though: the website offers a service to send "scary postcards" with campaign motives to people you chose – without any kind of sender oder receiver verification (no opt-in, which is de facto illegal in Germany). And of course, all the addresses used and texts sent via the card service since April 2006 were logged in cleartext, and have already attracted some considerable attention. ;-)

Needless to say there is no privacy disclaimer at all on the website…


(Thanks, Carsten!)