Several times on this blog, I have mentioned my problems with hotlinkers. Since I post a large number of photos (more than many, fewer than some), and I keep those photos on my site indefinitely, I have to deal with people stealing those images. Now, I own almost all of the images that I post; if not, I note the source. But if I do use an outside image, one thing I make sure to do is to host the image on my own site. Why is that important? Let me explain.

When someone sets up a web site with their own domain name, they usually have to pay for “hosting” services. That means that they pay a service to give them disk space, maintenance services, and a 24/7 high-speed connection to the Internet. The web pages, images, and other files are kept on that hard disk. But the hosting service usually keeps track of how much bandwidth you use. For example, if I posted a 1MB picture on my site and 99 people downloaded it, that would equal 100 transmissions (1 up, 99 down) of that 1MB file; that would be 100 MB of bandwidth used. Since almost all accounts have a bandwidth limit (my own is 75 GB per month), it is a commodity which you are paying for.

Now, let’s say that someone wants to use that photo on their web site. So they put a command on their web site that embeds the picture into their own web page, so it looks like the image is part of their own page–but the address of the picture is kept as a reference to my web site. In other words, the photo looks like it’s on their site–but my site is where the image is taken from, so I get charged for bandwidth every time somebody views their web site.

This is called “hotlinking,” and I’ve mentioned it before. People will not only steal your images, but then they will hotlink them so you will be forced to pay money for their act of theft against you. Kind of like someone stealing your cell phone, then you get charged for their phone calls.

The one defense you have: the image file resides on your site, so you control it. So, when some thief steals an image and hotlinks it, what I usually do is to change the image file to something insulting or (if I’m really ticked off) obscene. One time, a travel agency hotlinked one of my China travel photos, so I replaced the image with a graphic calling them thieves and warning their customers to not to buy from them (they swapped images and hotlinked from someone else after a few days, but here’s what the site looked like for a while).

However, the real damage comes when someone hotlinks your image, and their site is heavily traveled–which means that you get swamped, and your site could even be in danger of exceeding bandwidth limits, which could get your site shut down. The worst incident I had was when an image on my site was hotlinked by Ain’t It Cool, a popular movie rumor-and-reviews web site. Before I could notice it, my site had suffered 30,000 hits, losing 1.5 GB of bandwidth (this was back when my limit was 15 GB, and I came close to exceeding it sometimes). So I swapped the image with a graphic advertising my site. “Ain’t It Cool” noticed the swap quickly, and then replaced the image.

So, why am I mentioning this? Because hotlinking has, at least momentarily, become an issue in the political arena. One of John McCain’s web techs set up his MySpace page–but when he did so, he hotlinked to an image on someone else’s site. When they made McCain’s page, they used a free template offered by NewsVine, which allows people to use their MySpace template so long as they give credit to NewsVine, and so long as they don’t hotlink.

McCain’s site didn’t honor either condition, so NewsVine’s CEO Mike Davidson swapped out the image McCain’s people were using with one announcing that McCain had reversed is opinion on gay marriage, “Particularly marriage between passionate females.” Since Davidson’s swapped image was on his own web site, and McCain’s people were the one’s who had placed it on their own web site, this was an “immaculate hack” that broke no laws whatsoever. Below are the real and hacked pages captures, the hacked one on the right.

image borrowed, but not hotlinked. Click on the image to visit the source.

Davidson writes about his decision to slap McCain’s hand on this one:

But then I read the article in today’s Newsweek about how politicians are all setting up MySpace pages in order to “connect” with younger audiences. McCain’s MySpace page is listed, as are the pages from several other candidates. I think the idea of politicians setting up MySpace pages and pretending to actually use them is a bit disingenuous, so I figured it was time to play a little prank on Johnny Mac.

Luckily, I had already set up a special .htaccess rule on my server which served my real “contact me” image if the image was referenced from my own MySpace page, and served up a sample image if it was served from anywhere else. This is the whole reason I even figured out what was going on. I had my real image in cache and upon loading McCain’s page, the real image showed up (including my special note that said “NO REQUESTS FOR DESIGN HELP PLEASE”). Thinking it was weird that McCain would get any requests for design help, I immediately realized what happened.

So, the only thing necessary to effectively commandeer McCain’s page with my own messaging was to simply replace my own sample image on my server with a newly created sample on my server. No server but my own was touched and no laws were broken. The immaculate hack.

Abortion? The Iraq War? Probably too heavy to joke about. Gay marriage seemed like a more of a non-lethal subject to center the prank around.

So with a few minutes in Photoshop and a quick FTP, a new John McCain was born…

…and The Straight-Talk Express isn’t just for straight people anymore.

Bravo! This is amusing to me on two levels–the political and the geek levels, to be specific. Well done, Davidson.