Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 1 of 39
FACEBOOK, INC.,
PLAINTIFF,
V.
POWER VENTURES, INC. DBA POWER.COM, ET AL,
DEFENDANTS
___________________________________________
UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF CALIFORNIA
SAN FRANCISCO DIVISION
CASE NO. C-08-05780-JW
EXPERT REPORT OF BOB ZEIDMAN AND LAWRENCE MELLING
ZEIDMAN CONSULTING
DECEMBER 19, 2011
CONFIDENTIAL
I
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 2 of 39
Table of Contents
I.
SUMMARY OF FINDINGS .............................................................................................. 1
II.
BACKGROUND ................................................................................................................ 2
A.
PERSONAL EXPERIENCE AND BACKGROUND OF BOB ZEIDMAN ...................3
B.
PERSONAL EXPERIENCE AND BACKGROUND OF LAWRENCE MELLING......4
III.
DEFINITIONS.................................................................................................................... 4
A.
WEBSITE..........................................................................................................................4
B.
INTERNET BROWSER ...................................................................................................5
C.
CLIENT .............................................................................................................................5
D.
SERVER............................................................................................................................6
E.
PROXY SERVER .............................................................................................................6
F.
WEB SCRIPTS .................................................................................................................7
G.
WEB CRAWLER OR SPIDER ........................................................................................7
H.
COMPUTER DATABASE ...............................................................................................8
I.
SQL SERVER ...................................................................................................................9
J.
SOURCE CODE ...............................................................................................................9
IV.
SCOPE OF REPORT........................................................................................................ 10
V.
COMPENSATION ........................................................................................................... 11
VI.
ANALYSIS ....................................................................................................................... 12
A. DEFENDANT’S SOFTWARE USED TO CONNECT TO THE FACEBOOK
WEBSITE, SPIDER THE FACEBOOK WEBSITE, SCRAPE FACEBOOK USER
INFORMATION FROM THE FACEBOOK WEBSITE, DOWNLOAD FACEBOOK
USER INFORMATION TO THE POWER WEBSITE, AND TO “PROXY”
FACEBOOK ..............................................................................................................................13
B.
DEFENDANTS’ SOFTWARE USED TO INITIATE SPAM EMAILS .......................17
C.
POWER DATABASES ..................................................................................................24
D.
DEFENDANTS’ EFFORTS TO CIRCUMVENT IP BLOCKS ....................................26
E.
DEFENDANTS HAVE DELETED IMPORTANT DATA ...........................................29
F.
TECHNICAL ANALYSIS OF DECLARATION OF MR. VACHANI ........................30
G.
CONCLUSION ...............................................................................................................33
EXHIBIT A: RESUME OF ROBERT ZEIDMAN ........................................................................ 1
EXHIBIT B: LARRY MELLING RESUME ................................................................................. 1
EXHIBIT C: EXPERT REPORT SOURCE CODE INSPECTION LOG 2011-12-19 ................. 1
EXHIBIT D: CREATE_EVENT_FACEBOOK.XML .................................................................. 1
CONFIDENTIAL
II
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 3 of 39
EXHIBIT E: POWERCALLBACK.ASPX.EN.RESX ................................................................... 1
EXHIBIT F: POWERCALLBACK.ASPX.CS............................................................................... 1
EXHIBIT G: POWERMESSAGEMANAGER.CS ........................................................................ 1
EXHIBIT H: POWERMESSAGEFACTORY.CS ......................................................................... 1
EXHIBIT I: WRITE.CS.................................................................................................................. 1
EXHIBIT J: INSERTMESSAGESCRIPT.SQL ............................................................................. 1
EXHIBIT K: PN_SEND_SCRAP_FACEBOOK.XML ................................................................. 1
EXHIBIT L: HTTPPROXYCONFIG.CS....................................................................................... 1
EXHIBIT M: ASYNCSETUP ASYNCHTTPPROXY.CSV ......................................................... 1
EXHIBIT N: SERVERMANAGER.JAVA .................................................................................... 1
EXHIBIT O: CREATECAMPAIGNEVENT.CS ........................................................................... 1
EXHIBIT P: CONFIGURATIONPOWERPROXY.CS ................................................................. 1
EXHIBIT Q: UPDATESERVERLISTMANAGER.JAVA ........................................................... 1
EXHIBIT R: POWERPROXY.JAVA ............................................................................................ 1
EXHIBIT S: FRIENDLIST2.XML ................................................................................................ 1
CONFIDENTIAL
III
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 4 of 39
We, Bob Zeidman and Lawrence Melling, on behalf of Zeidman Consulting, provide the
following expert disclosures.
I.
SUMMARY OF FINDINGS
1. Based upon the review of Defendants’ source code for various code projects named
PowerScript, PowerNavigtor, PowerProxy, and spider, as well as other documentation
produced to date, we have concluded the following:
(a) Defendants developed proprietary software named PowerScript and spider in
order to crawl various social network websites, including particularly www.facebook.com
(“Facebook”), to extract or “scrape” website user information such as Facebook photo
images, wall content, friends’ lists, and the like, and to then reformat that user information on
Defendants’ own website, www.power.com (“Power.com” or “the Power website”), in order
to “proxy” Facebook and permit Defendants’ own website users to log into Facebook
through Defendants’ own Graphical User Interface (“GUI”), rather than through Facebook’s
interface.
(b) Defendants designed their proprietary PowerScript and spider software to
automatically post on the Facebook website new Events soliciting Facebook users to join
Power.com as part of what Defendants called the “Power 100” or “100x100x100” Campaign.
Defendants likewise designed their software to automatically post Power Invitations on
Facebook users’ Walls soliciting them to join Power.com.
(c) Based upon available information from Defendants’ databases, at least 39,137
users of the Power website also had Facebook accounts. Because of missing information
from those databases that is solely in the control of Defendants, we were unable to quantify
exactly how many Facebook Event or wall posting transactions took place between the
Power website and Facebook in which Facebook users were solicited to join Power.com. We
are able to state that both kinds of solicitations did occur, however, and were initiated by
Defendants’ proprietary software.
CONFIDENTIAL
1
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 5 of 39
(d) In addition to the electronic mail communications that Defendants’ software
automatically posted on the Facebook website when it created Facebook Events and when it
posted Facebook wall messages, the same proprietary software that Defendants used to
automatically create Event notifications and post Facebook Wall messages also would
initiate automated “spam” email messages being sent on Defendants’ behalf to Facebook
users as a result of the software’s ability to exploit Facebook’s own email notification
processes.
(e) Defendants designed their network architecture to circumvent technical
barriers – such as blocks of IP addresses – that Facebook and other websites put in place to
block the Power website’s continued access. Defendants’ source code includes routines that
create a list of proxy servers. These proxy servers were continuously monitored by
Defendants’ software to determine if they were blocked by a website like Facebook. When
blocked, the software could add a new host IP address for the PowerScript to access that
would be employed to ensure continued access to the blocking website.
(f) Defendants formerly maintained “Power_Logger” and Async databases which
logged information concerning the number of times Facebook users were contacted by the
Power website and/or Power users. Among the information that was formerly contained in
one or both of those databases was information identifying how many times Facebook users
were sent invitations, either through Event notifications or Wall posts, to join Power.com as
part of the “Power 100” or 100x100x100 campaign. That information, which was solely
within the control of Defendants to document in its databases, has been deleted, preventing
Facebook from knowing the true total number of spam invitations that were sent as a result of
the execution by Defendants of their PowerScript software.
II.
BACKGROUND
2. This introductory section of our report gives information about our qualifications.
CONFIDENTIAL
2
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 6 of 39
A.
PERSONAL EXPERIENCE AND BACKGROUND OF BOB ZEIDMAN
3. Robert is an engineer and the founder and president of Zeidman Consulting, which provides
engineering consulting services to high-tech companies. Among the types of services Robert
provide are hardware and software design. My clients have included Fortune 500 computer
and technology companies as well as smaller companies and startups. A copy of my resume
is attached hereto as Exhibit A.
4. Robert holds a Master's degree from Stanford University in Electrical Engineering and two
Bachelor’s degrees from Cornell University, one in Electrical Engineering and one in
Physics.
5. Robert has been a computer software and hardware designer for over 25 years. Robert have
designed and developed a variety of computer hardware and software products. These
software products include Internet-based training courses and web-based course
administration software, an operating system synthesis tool, a source code comparison tool, a
network emulation software bridge, and a remote backup system whereby user data is
automatically transmitted and stored at a remote location. Robert have founded several
companies including eVault, a remote backup company; the Chalkboard Network, an elearning company; Zeidman Technologies, a company that develops software tools for
enabling and improving hardware and software development; and Software Analysis and
Forensic Engineering Corporation, a company that develops software analysis tools.
6. Robert has written a variety of papers, books, and presentations on computer hardware and
software and other engineering subjects. Robert am the developer of the Universal Design
Methodology, a process for efficiently developing reliable systems, about which Robert have
written extensively. A list of my publications is included in my resume attached as Exhibit A.
7. Robert holds a number of patents for software synthesis, hardware emulation, hardware
synthesis, hardware simulation, and software code comparison. Robert have created a tool
called CodeSuite® that incorporates BitMatch®, CodeCross®, CodeDiff®, CodeMatch®,
CONFIDENTIAL
3
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 7 of 39
CodeCLOC®, and SourceDetective® for detecting whether one computer program has been
plagiarized from another computer program.
8. Robert has consulted on matters involving intellectual property disputes, including instances
of alleged misappropriation and infringement. My work in this capacity has included, among
other things, reviewing and analyzing software source code, reviewing and analyzing patents,
reverse engineering hardware and software, writing expert reports, and testifying in court.
9. Robert has testified at deposition and at trial in a number of cases involving software
copyright infringement, trade secret theft, and patent infringement. The specific cases can be
found in my resume, attached as Exhibit A.
B.
PERSONAL EXPERIENCE AND BACKGROUND OF LAWRENCE MELLING
10. Lawrence is a research engineer at Zeidman Consulting. Lawrence has over 30 years of
executive management and engineering experience in developing new hardware and software
technologies and bringing them to market. Lawrence has been engaged in applications
engineering and marketing of electronic design automation (EDA) tools at major companies
and small startups. Lawrence has also been involved in the development of sophisticated
tools for source code and object code analysis for finding intellectual property infringement.
Lawrence has not previously testified at trial or in a deposition. My resume is attached as
Exhibit B to this report.
III.
DEFINITIONS
This section provides a discussion of technical terms needed to understand this report,
which we are prepared to further explain at trial.
A.
WEBSITE
11. A “website” is a location on the World Wide Web that contains a group of web pages
typically created using a popular programming language called the Hypertext Markup
Language (HTML). Websites are usually connected to each other using “hyperlinks,” and
CONFIDENTIAL
4
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 8 of 39
are made available to the public by an individual, company, educational institution,
government body, or other organization. These web pages are hosted on one or more
computers called “web servers” and are viewed by users on “client computers” that are
connected to the web servers via the Internet. The web pages are viewed using an Internet
browser, such as Microsoft’s Internet Explorer. In conjunction with this Expert Report, we
make extensive reference to two websites located at the Uniform Resource Locators
(“URLs”) http://www.facebook.com (the “Facebook website”) and http://www.power.com
(“Power.com” or the “Power website”).
B.
INTERNET BROWSER
12. An “Internet browser” or web browser is a typical client application used to navigate the
Internet. The browser accesses information such as web pages, images, videos, and games
from Internet servers. The URL is the “address” through which online information is located
and retrieved by the user from her client computer. Servers may provide static information to
an Internet browser or may dynamically generate the information that is transmitted to an
Internet browser based on input from the user and the internal state of the server. The
browser provides the graphical user interface (GUI) to the web pages on the server.
However, some websites make use of client-side software to offload processing from the
server to use the client’s computer. This is important because the browsers include
functionality to execute client-side “web scripts,” which concept we discuss below. Three
popular Internet browsers in use today are: Microsoft’s Internet Explorer, Mozilla’s Firefox,
and Google’s Chrome.
C.
CLIENT
13. A “client” is a computer that makes a service request to a server (defined below); the server
fulfills the request. Computer interactions using the client/server model are very common.
For example, when an individual checks a bank account from his or her computer, a client
CONFIDENTIAL
5
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 9 of 39
program in the individual’s computer forwards the request to a server program at the bank.
The bank’s program may respond, or it may, in turn, forward the request to its own client
program that makes a request to another bank computer. With regard to the World Wide
Web, the browser on an individual’s computer is a client program. A client application can
also be referred to as the “front-end” and the server application is often called the “backend.”
D.
SERVER
14. A “server” is a computer on a network (such as an internal corporate network or the Internet)
that is dedicated to a particular purpose; it stores information and performs critical functions.
For example, a “database server” could store all of an organization’s data on a single
machine, while providing database services to multiple users anywhere in the office, or even
the world, and while also allowing access and control over the data. A typical “database
server” will allow users to utilize their data from custom applications designed to meet their
specific needs. Server software refers to software running on the server computer that “serves
up” information to a client computer. With regard to the World Wide Web, a web server
responds to web client requests to view web pages. These pages can be static (content doesn’t
change) or dynamic (content is determined when requested).
E.
PROXY SERVER
15. A proxy server is a machine used to relay Internet transactions between clients and websites
such that the transactions with the website appear to originate from the proxy server's IP
address. An IP address is the Internet Protocol address used to identify a machine, such as a
server or proxy server, connected to the Internet. Proxy servers are used for a number of
purposes, including the following activities: (a) keeping machines behind the proxy (such as
the website’s actual host servers) anonymous; (b) speeding up access to resources frequently
used by multiple users behind the proxy by using caching techniques; (c) controlling access
CONFIDENTIAL
6
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 10 of 39
to website content or services; (d) accessing websites from a computer whose own IP
address otherwise would be blocked by the accessed website; (e) logging or auditing Internet
use; and (f) circumventing security procedures or controls aimed at limiting access to or
blocking a particular IP address.
F.
WEB SCRIPTS
16. “Web scripts” are written to generate dynamic web pages -- that is, web pages with rapidly
changing content and imagery or content that must be somehow calculated via software
mechanisms. For example, webscripts can be used to calculate and display the total visitor
count to a website. Such scripts are written in a variety of scripting languages such as PHP,
CGI, Perl, and JavaScript. Some scripts run on the web server (server-side), while other
scripts run on the user’s machine (client-side). Such webscripts also can be embedded within
HTML in order to affect the behavior of web pages. Of the languages mentioned, JavaScript
is the language of choice for client-side scripting and is supported by all the Internet
browsers popularly in use, while PHP, CGI, and Perl are popular for server-side scripting.
17. In Microsoft Windows systems, component-based scripting is implemented through a
technology called “Active Scripting,” and employs what are commonly called “script
engines.” One particularly popular form of a server-side Active Scripting engine is called
ASP, or “Active Server Pages,” which is used to develop dynamically-generated web page
content.
G.
WEB CRAWLER OR SPIDER
18. A “web crawler” or “spider” is a computer program used to browse the Internet in a
systematic, comprehensive way. Web crawlers are typically associated with search engines
and are used to collect website information for search engine indexing. Nonetheless, spiders
and web crawlers are now commonly being used to collect or “harvest” web page
information for non-search related applications such as web scraping. Web scraping can be
CONFIDENTIAL
7
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 11 of 39
used to locate input fields and variable fields that allow a program to automatically fill out
forms to login, send messages, request information, or any other website activity initiated by
the filling out of a form. Because web scraping often is employed by entities for unwanted or
unlawful purposes (like Defendants’ harvesting of user information such as “friends’ lists,”
and similar data from Facebook in order to later use that information to send “spam” email
and electronic mail messages), many website operators (including Facebook) publish Terms
of Use provisions that prohibit the use of web scrapers on their websites by their registered
users.
H.
COMPUTER DATABASE
19. Computer databases consist not only of data, such as user names and addresses, but also
consist of schema and procedures represented by source code. The term “schema” refers to
the structure of the database, including where to place the data, how to organize the data, and
the particular relationships between the data. For example, customer names may be placed in
a field called “Name,” and that name is referenced in a table called “Customers.” A table can
be visualized as a spreadsheet and the field would correspond to a particular column in the
spreadsheet. In a database there are many different tables. Each customer name may have an
associated table that has fields that contain the customer’s address, credit card number,
account balance, and comments about the customer. The table names, field names, types of
data in the fields, and relationships between different tables and different fields constitute the
schema of the database, which is described using a special programming language such as
the Structured Query Language, also known as SQL. Two popular forms of SQL servers are
MySQL, an open source relational database management system, and Microsoft SQL Server
(MSSQL).
20. Procedures for manipulating the data may also be stored in databases and are represented by
a special programming language such as SQL. These “stored procedures” can be used by
programs that access the database to manipulate the data in the database. For example, a
CONFIDENTIAL
8
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 12 of 39
stored procedure may exist to compute the average outstanding balance for a list of
customers. A program that is written to access the database could also access the stored
procedure in order to calculate this average.
I.
SQL SERVER
21. Microsoft SQL Server (MSSQL) is a relational database management system. A relational
database is a sophisticated method of grouping data together based upon common attributes
to provide greater speed and reliability for data access.
22. SQL tables will often involve common English words, but the sequence of items is usually
arbitrary. The tables are used to organize data, and do not have to be in any specific order to
function correctly. Each specific category of data is known as a tuple. There is no order
imposed upon how the tuples are organized. The order of tuples in a relational database is
arbitrary. If similar or identical sequences of elements are found in a SQL table, it can be a
sign of copying despite the elements having common names.
J.
SOURCE CODE
23. In computer science, “source code” is a kind of text that is written using the format and
syntax of the programming language that it is being written in, and typically is the only
format that is readable by humans. Computer programs can be written using complex
instructions that look like English. For example, the instruction a = b*c+2 tells the computer
to take the number stored in memory and represented by variable b, multiply that by the
number stored in memory and represented by the variable c, add 2 and store the result in
memory represented by the variable a. Similarly, the statement printf(“Hello world!”) tells
the computer to print the words “Hello world!” to the computer screen. These high-level,
English-like instructions are the “source code.” Computer programs are made up of many
lines of source code and the process of writing these lines of code is called programming.
Eventually these lines of source code are turned into instructions that a computer
CONFIDENTIAL
9
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 13 of 39
understands, consisting of sequences of electronic ones and zeroes. The process of turning
human-readable source code into a file containing computer instructions is called
“compiling” and is performed by a special computer program called a “compiler.” In some
cases, source code is run directly by a computer, without creating any file of computer
instructions.
24. Source code comes in a variety of programming languages, some of which are called “low
level” programming languages, and others which are called “high level” programming
languages. PHP, Perl, Java, JavaScript, and SQL all are examples of high level programming
languages. Other popular examples of high level source code programming languages are
ones called C, C++, C#, Smalltalk, APL, AppleScript, Ruby and Python.
IV.
SCOPE OF REPORT
25. Based on our background and experience, we have been asked to provide our opinions and
conclusions related to (1) whether Defendants’ source code contained evidence of attempts
by Defendants to access Facebook, scrape Facebook, download data from Facebook, contact
Facebook, and/or use information scraped/and or downloaded from Facebook to “proxy” the
Facebook website; (2) whether Defendants’ source code reflects evidence that Defendants
used their software to establish Facebook Events and/or wall messages inviting Facebook
witnesses to automatically receive electronic mail messages or email messages inviting them
to join the Power website; (3) whether Defendants developed technology to circumvent any
attempted block by Facebook of the IP addresses used by Power.com to connect with
Facebook; and (4) whether there is evidence that Defendants ever included information
related to their Power100 (or 100x100x100) marketing campaign in their Power_Logger or
Async databases. We have reviewed literally hundreds of thousands of lines of code to reach
our opinions. In addition, in reaching the opinions and conclusions discussed herein, we
received, considered, and/or relied upon the following materials, copies of which are not
attached but can be provided upon request:
CONFIDENTIAL
10
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 14 of 39
Power Source Code Documents, which now include 5,743,505 lines of code.
Sixty-nine SQL Server database backup files.
We used Understand by Scientific Toolworks, Inc. to help analyze the software.
Microsoft SQL Server 2008 to extract the databases from the backup files and to
review the database contents.
Fifty-five PowerScript Source files extracted from the PowerScript_bkp_full.bak
database backup file.
Numerous source code files provided as exhibits to this report.
The transcript and Exhibits from the July 20, 2011 deposition of Defendant Steve
Vachani, and the testimony from, and Exhibits used at, the December 14, 2011
deposition of Zak Mandhro.
The December 12, 2011, Declaration of Steve Vachani in Support of Defendants’
Oppositions to Facebook’s motions for summary judgment.
Facebook’s source code for “Create an Event.”
Emails, technical documents and marketing documents produced by Defendants and
third-party witnesses in discovery in this litigation, which are referenced in this
Report.
26. We have been retained to review and analyze the source code and databases produced by
Defendants in this action. We reviewed code and databases produced by Defendants on
August 25-26, 29-30, September 6-7, October 19 and 25, 2011, November 1-4, 7-9, 11, 16,
and 19-21, December 12-13 and December 15-16. Copies of our “Power Source Code
Inspection Logs” maintained in accordance with the Protective Order entered in this case are
attached hereto and combined as Exhibit C.
V.
COMPENSATION
For the work of Lawrence Melling on this matter Zeidman Consulting is being compensated at a
CONFIDENTIAL
11
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 15 of 39
rate of $200 per hour. For the work of Bob Zeidman, Zeidman Consulting is being compensated
at a rate of $750 per hour
VI.
ANALYSIS
Our analysis is broken into five sections:
We analyze how Defendants’ software was used to connect to the Facebook website,
spider the Facebook website, scrape Facebook user content and user information from
the Facebook website, download Facebook user information and user content to the
Power website, and to emulate or “proxy” Facebook as part of the Power website’s
social aggregation services.
We analyze how Defendants’ software was used to initiate spam emails via the
PowerScripts developed to create content on Facebook. We provide a detailed
analysis of the CREATE_EVENT_FACEBOOK and
PN_SEND_SCRAP_FACEBOOK scripts that were used to create Facebook Events
for the Power 100x100x100 campaign, and which were also used to post Power
invitations on Facebook users’ Walls.
We discuss how the Power databases identify Facebook information stored in the
databases. We also show why we were unable to determine how many Power.com
transactions occurred with Facebook users, because the relevant information was
deleted some time after it was originally stored.
We analyze Defendants’ efforts to circumvent Facebook’s IP Blocks: The Power
proxy system developed to manage and control a pool of proxy servers used to access
sites like Facebook in order to circumvent IP blocks like the ones put in place by
Facebook.
CONFIDENTIAL
12
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 16 of 39
We have also included a short section providing a review of the technical accuracy of
certain arguments made by Defendant Steve Vachani in his December 12, 2001
declaration.
A.
DEFENDANT’S SOFTWARE USED TO CONNECT TO THE FACEBOOK
WEBSITE, SPIDER THE FACEBOOK WEBSITE, SCRAPE FACEBOOK USER
INFORMATION FROM THE FACEBOOK WEBSITE, DOWNLOAD
FACEBOOK USER INFORMATION TO THE POWER WEBSITE, AND TO
“PROXY” FACEBOOK
27. In analyzing the Defendants’ source code, we determined that there were two core software
components developed to retrieve information and post information to social network sites
like Facebook. The two components are the PowerScript system and the PowerProxy system.
The PowerScript system is best described as a web scraping system. A web scraper is
software that can programmatically access web sites and perform operations intended to be
done by a person, such as filling out forms, sending messages, and reading content. Web
scrapers are also referred to as webbots, or simply “bots.” Web scraping is generally not
allowed under most websites’ terms of use, and is considered a form of pirating by those
websites. Also, because programmed transactions with a website can occur much faster than
human transactions, a website’s access can be slowed down or halted through a rapid
succession of programmed transactions. Web sites that do allow other sites to
programmatically access information would typically offer these services through a web
service interface or an API (application program interface), as Facebook does with its
Facebook Connect service, in order to manage and control these programmed transactions
and maintain a reliable website.
28. Because web scraping is prohibited by most websites, one challenge to creating a web
scraper is to avoid detection. One of the easiest ways to detect a web scraper is to look at the
number of transactions coming from a specific Internet Protocol Address (IP address). To
avoid detection it is common for sophisticated web scrapers to use proxy servers to scrape
information. A proxy server is a machine that acts as a relay, so the website sees the IP
address of the proxy server, and not of the actual machine running the scraper. By using a
CONFIDENTIAL
13
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 17 of 39
pool of proxy servers it is possible to reduce a website’s ability to detect the scraper by
dispersing the transactions across the pool of proxy servers. Additionally, if one of the proxy
servers is detected, the other servers can continue to maintain access even if the website
blocked access for the detected server.
29. Our analysis shows that the Defendants developed the PowerScript system and PowerProxy
system to scrape information from Facebook, proxy the Facebook website and avoid
detection when engaged in such activities. In addition, our analysis shows how Defendants’
programmed access initiated actions that resulted in unwanted commercial “spam” messages
being sent to Facebook users soliciting them to join Power.com.
30. We analyzed 33 out of 55 PowerScripts written to perform transactions with Facebook’s
website. PowerScript is a scripting language developed by Power to programmatically obtain
information from web pages, and write or post information, to web pages without requiring
user interaction. Table 1 categorizes the scripts we reviewed. Of those, scripts use HTTP
GET to read information from the Facebook website, and others use HTTP POST to post
information on the Facebook website. These scripts were developed by Defendants for
performing transactions on the Facebook site, are specific to Facebook, and would not work
if targeted to another site. The developers writing these scripts would have been required to
access Facebook via a Facebook user account to examine the HTML source in order to write
a script to get or post Facebook information.
PowerScript Name
PN_LOGIN_FACEBOOK
PN_VALID_CONTEXT_FACEBOOK
accept_friend_invitation_FACEBOOK
CREATE_EVENT_FACEBOOK
JOIN_COMMUNITY_FACEBOOK
PN_SEND_SCRAP_FACEBOOK
PHOTO_CREATE_ALBUM_FACEBOOK
PN_SEND_PRIVATE_MESSAGE_FACEBOOK
TUBESPREE.PutQuickEmbedInFacebook
CONFIDENTIAL
Function
Post to login to Facebook
Get logout link to verify login is active
Post to accept Facebook friend invitation
Post to create Facebook Event and invite list of friends
or all friends if no list is provided
Post to join a Facebook group
Post message to Facebook friend Wall
Post a new Facebook photo album
Post send private Facebook message to a Facebook
friend
Post new video link to Facebook
14
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 18 of 39
PN_SET_STATUS_FACEBOOK
PN_GET_FRIEND_PICKER_FACEBOOK
PN_GET_BIRTHDAYS_FACEBOOK
PN_GET_COMMUNITIES_FACEBOOK
Posts Facebook status update
Get Facebook friend id and name
Get Facebook friends' birthdays
Get Facebook group information (id, name, description,
photo link, number of members)
PN_GET_PRIVATE_MESSAGE_FACEBOOK
Get Facebook messages for subject, message, friend Id,
name, photo and message link, reply link, PrivateLock
PN_GET_ALBUM_LIST_FACEBOOK
Get Facebook photos for album id, name, date,
dateorder, image, link
PN_GET_ALL_SCRAP_MESSAGE_FACEBOOK
Get Facebook Wall posts and messages ‐ messages same
as PN_GET_PRIVATE_MESSAGE_FACEBOOK and wall
posts the same as PN_GET_SCRAP_FACEBOOK
PN_GET_FRIENDS_INVITATIONS_FACEBOOK
Get friend invitations for friend id, photo, name, and link
PN_GET_FRIENDSUPDATES_FACEBOOK
PHOTO_GET_ALBUM_LIST_FACEBOOK
GET_HTML_PAGE
GETALBUMLIST_FACEBOOK
OBTERIMAGEMFACEBOOK
Get friend update, name, id,fullname, and update link
Get list of photo albums
Get an entire HTML page
Get photo album list
Get photo page
Get profile information (id, name,photo link,
gender,birthday, email, phone, mobile phone,website
link, city, country, relationship status, interests, favorite
music, favorite TV shows)
GET_PROFILE_FACEBOOK
PN_GET_SCRAP_FACEBOOK
PN_GET_AMOUNT_COMMUNITIES_FACEBOOK
DELETEALBUMPHOTO_FACEBOOK
PN_DELETE_SELECTED_PRIVATE_MESSAGE_FACEBOOK
UNJOIN_COMMUNITY_FACEBOOK
PN_DELETE_SELECTED_SCRAP_FACEBOOK
PHOTO_DELETE_PHOTO_FACEBOOK
GET_VIDEO_FACEBOOK
PN_GET_FRIENDS_FACEBOOK
PN_LOAD_ATTRIBUTES_FACEBOOK
Get Wall for friends photo, ID, Name, Date of post,
content, encoded content, post id, post link, subject and
showPrivateLock
Get/counts number of groups
Post to remove a Facebook photo album
Post to remove Facebook message
Post to remove user from Facebook group
Post to remove Wall message
Post to remove a Facebook photo
Get a Facebook video (name, id, url, thumbnail, width,
height)
Get a list of friends(ids, names,and photo urls)
Gets name, id, photo url, gender, country
Table 1: PowerScripts analysis summary
CONFIDENTIAL
15
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 19 of 39
Figure 1: Power.com Screenshot including a Facebook friend
31. The Power.com screenshot (found on page 2 of the toolbar_en.ppt presentation in directory
SVN\apresentacoes\20081210 – toolbar) shown in Figure 1 is an example of how
information from Facebook, gathered using PowerScripts, including the ones analyzed in
Table 1, was included and framed inside the Power.com web page. In this example the
scraped information includes a Facebook friend’s photo (see red circle).
32. Defendants sometimes misleadingly call their Power.com website a “browser.” For instance,
Mr. Vachani referred to Power.com as a browser both at his deposition and in his December
12, 2011 Declaration. We don’t believe that is an accurate description of Power.com’s
functionality. From our examination of Defendants’ source code, and as further discussed
below in conjunction with our discussion of Mr. Vachani’s December 12, 2011 Declaration,
Defendants developed software called Power Navigator which supported a browser style
interface where the Facebook website could be displayed within Power.com, as shown in
CONFIDENTIAL
16
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 20 of 39
Figure 2.
Figure 2: Screenshot of Facebook webpage embedded in Power.com web page
However, as we noted, the majority of PowerScript scripts directed to Facebook were not
directed to browsing functions, but instead were written to programmatically obtain and
post information to Facebook without user interaction. Such functionality cannot rationally
be called browsing..
B.
DEFENDANTS’ SOFTWARE USED TO INITIATE SPAM EMAILS
33. We also examined two of the PowerScripts (CREATE_EVENT_FACEBOOK and
PN_SEND_SCRAP_FACEBOOK) in more detail and found that each was responsible for
initiating a sequence of programmed transactions to create a Facebook Event and post
CONFIDENTIAL
17
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 21 of 39
Facebook Wall messages. These PowerScripts require Power’s software and infrastructure to
execute and, once executed, resulted in SPAM electronic messages being sent to Facebook
users. These scripts were developed for a specific purpose, and that was to automate the
creation of Facebook Events and posting of Facebook Wall messages.
34. The CREATE_EVENT_FACEBOOK script automatically set Power as the host of the event,
and identified Power as the “location” for the event in Facebook’s Event tool (see Exhibit D,
CREATE_EVENT_FACEBOOK.xml, at lines 37 and 41).
35. The script also generated a guest list if one was not provided. To generate the guest list,
Defendants’ software accesses the user’s Facebook “friendsList” and extracts the user ID of
each friend to create the guest list. See Exhibit D, at lines 46-51. The PowerScript executes
this code, if no guest list is provided, to automatically create a guest list from the user’s list of
friends on Facebook. Specifically, the PowerScript application checks a “variable” (a named
element to store information) called the Guestlist (“listaConvidados”), and then
executes a sequence of programming commands inside a “rule block,” identified by the
beginning tag “” and terminated by the ending tag “,” if it is empty.
Through this process, the PowerScript software creates a new variable called
“friendsList,” and another variable called “ids,” which combine to create the Event
guest list made from one Facebook user’s list of Facebook “friends.”
36. The script also automatically sends Facebook Event invitations to each Facebook user in the
guest list on behalf of the Power website (see Exhibit D, at lines 58-74), and these Event
invitations initiate spam messages being sent to the Facebook invitees.
37. We also looked to determine if Defendants, or the user, caused the Facebook “Events” to be
initiated. From the code that has been provided to date, we could not locate any code in
CREATE_EVENT_FACEBOOK that requested the user’s approval to send the “Event”
invitations. We also were unable to find any other code requesting that the user accept or
approve sending the Facebook Event invitations on behalf of the Power.com website.
38.
The PowerScript software also created the text used to invite Facebook friends to
CONFIDENTIAL
18
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 22 of 39
participate in the “100x100x100” campaign. The message contents were stored in resource
files, which are files used by Microsoft Visual Studio development tools to store
information for access by a program. Notably, in this example there were three resource
files found with the same content in three different languages: English, Spanish, and
Portuguese (see Exhibit E, PowerCallBack.aspx.en.resx, found in directory
SVN\power.com\Power.Com\Pub\Http\App_LocalResources, at lines 132137).
132
133 #BREAK##BREAK#I am competing for the $100
prize in the 100x100x100 promotion and recommend you to
participate too!#BREAK#Learn more at:
134
135
136 First 100 people who bring 100 new friends to
Power.com earn $100. Come and participate too:
137
These messages were created and authored by Defendants to promote joining Power.com.
When used with the CREATE_EVENT_FACEBOOK script, the messages would result in all
of a Power.com user’s Facebook friends being automatically invited to join Power.com,
and the friends then receiving spam emails as a result.
39. These strings include the actual language that was sent to Facebook users as a result of the
Power.com website’s execution of the “CREATE_EVENT_FACEBOOK” script. The excerpt
above shows that the text string stored for CAMPAIGNMESSAGE and another for
CAMPAIGNMESSAGE2 are both human-readable messages used in promoting the
100x100x100 campaign to Facebook users.
40. The html code for the Power.com web page that would initiate the creation of Facebook
Events for this campaign was not found in the software sources provided. We believe this
omission arises from the fact the Power 100 campaign was from an earlier date than the
source provided. Since the source repository that would allow us to return to earlier software
CONFIDENTIAL
19
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 23 of 39
releases was corrupted when we received it from Defendants, we were unable to find the
html code that initiated these campaign events. However, we know from other sources, such
as Mr. Vachani’s deposition and the PowerScript source code that we reviewed, that such
initiation of Facebook Events by the Power.com web page did, in fact, occur. For instance,
in Figure 3, we offer a screenshot that shows a Power 100x100x100 campaign message
posted on a Facebook user’s Wall. This screen capture image produced by Defendants
corroborates the occurrence of the Facebook Event and Wall posting transactions. See
facebook.jpg found in directory SVN\apresentacoes\20090120 - Intersite
Connect\Source\ícones image file:
Figure 3: Facebook Wall screenshot showing Power 100x100x100 campaign invitation
41. Additionally, we were able to examine some of the actual email messages sent when a wall
CONFIDENTIAL
20
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 24 of 39
message was posted in response to Defendants creating an Event to invite a user to the
Power100 or 100x100x100 campaign. The messages shown in Figure 4 are actual emails sent
to Defendant Steve Vachani when his friends used the Power.com site to execute the
PowerScript software made available through the html code to create Power 100 Events, and
to thereby invite their Facebook friends to participate in the campaign.
CONFIDENTIAL
21
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 25 of 39
Figure 4: Screenshots of emails sent as a result of creating a Facebook Wall post and Facebook Event to
invite friends to join Power 100 campaign
CONFIDENTIAL
22
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 26 of 39
42. We also found another promotional message authored by the Defendants in the same
resource file referenced above that was also used to invite Facebook friends to Power. See
Exhibit E, at lines 147-149.
147
148 Hi ##friendname##,#BREAK#How would you
like all your friends in just one place?#BREAK#Login
to Power.com to discover all of its advantages and
enhance your Internet experience.
149
43. This message includes a placeholder to insert a “friendname.” In this case, we were able
to find the Power.com software that would initiate sending these messages. The function that
uses this “INVITEMESSAGE” string is named “SendMessageInviteToPower().” See
Exhibit F, PowerCallBack.aspx.cs, found in the directory
SVN\power.com\Power.Com\Pub\Http, at line 2623. The code excerpt below
shows that the “INVITEMESSAGE” is used to form the body of the message to be sent as
part of the invitation (see Exhibit F, at line 2681):
dataMessage.BodyMessage = Translate("INVITEMESSAGE")
.Replace("##name##", name)
.Replace("##friendname##", friendName)
44. This line of code retrieves the appropriate language translation for the “INVITEMESSAGE”
(English, Spanish, or Portuguese) message, and then replaces the “friendname” placeholder
in the text of the message that is sent with the actual friend’s name in order to complete the
content of the invitation to join Power.com. See Exhibit F, at line 2716, it calls the following
function to send the message:
PowerMessageManager.SendMessage(dataMessage);
45. How the invitation is sent depends upon the network (e.g. Facebook) to which the invited
friend belongs. The PowerMessageManager.SendMessage() method, which can be
used to send invitations to users on Facebook, can be found starting at line 24 in the
CONFIDENTIAL
23
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 27 of 39
PowerMessageManager.cs file found in the directory
SVN\power.com\Power.Message.Core, which is attached hereto as Exhibit G. The
related SendMessage() code is responsible for calling the
PowerMessageFactory.CreatePowerMessage(), see Exhibit G, at line 42.
Further, a CreatePowerMessage() method that appears in the code uses the relevant
network name (e.g. “Facebook”) to determine how and where to send the electronic invitation.
For the case where the network is Facebook, the following code would be executed (see Exhibit
H, PowerMessageFactory.cs, found in the directory
SVN\power.com\Power.Message.Core, at lines 45-50). This code shows Defendants
would actually send an electronic message to someone from Facebook inviting them to join the
Power.com website. The code to send the message uses a PowerScript which posts the message
to the Facebook Wall of the friend to be invited. The code to retrieve and execute the
PowerScript can be found in Exhibit I, Write.cs, found in the directory
SVN\power.com\Power.Message.Core\Engines, at lines 87-94.
46. The code identifies the name of the PowerScript PN_SEND_SCRAP_FACEBOOK as that
which was used for initiating the electronic invitations to join Power.com. The code was
retrieved from a database where it was added by using the following SQL command (see
Exhibit J, file InsertMessageScript.sql, found in directory
SVN\power.com\Power.Message.Core\Database, at line 7). The
PN_SEND_SCRAP_FACEBOOK script itself was retrieved from the PowerScript database
(see Exhibit K, file PN_SEND_SCRAP_FACEBOOK.xml, at lines 1-23).
47. The PowerScript automatically posts the message content from the INVITEMESSAGE string
to the Wall of a Facebook friend. Using these automatically generated messages, Defendants
initiated electronic invitations for Facebook users to join the Power.com website.
C.
POWER DATABASES
48. In addition to the code analysis, we also examined the related databases provided in an effort
CONFIDENTIAL
24
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 28 of 39
to determine how many Facebook Event or Wall electronic mail messages were initiated by
the PowerScript software. We determined that while certain of the databases were the ones
of interest in which we would have expected to locate information about the numbers of
electronic invitations that were sent by Power.com to Facebook, the databases produced by
Defendants that should contain logs of the number of Events and Power.com invitations sent
actually do not contain the information for the time period in question.
49. For instance, the Power.com database named Async is a log of PowerScript jobs run. The
Async log would contain the information related to the number of electronic messages sent
by the PowerScript software. The Async database found on the SQL 7 DVD only logged
jobs from 2/19/2011 to 4/1/2011, and the Async database in SQL 6 DVD was corrupted.
However, the disk that was provided that fixed the corrupted version only included logs from
08/03/2007 to 11/23/2008 – which does not cover the December 2008 period when the
Facebook activity was seen. We understand that, according to information received from Mr.
Timothy Fisher, Defendants stopped logging the PowerScript transactions into the database
in November of 2008 as a result of migration of the company’s servers to amazon.com as a
host for the website. Whether true or not, the loss of information is prejudicial to Facebook,
as only Defendants ever maintained such database logs.
50. In addition, we reviewed the content of the Power_Logger database in the expectation that it
might include the information about the number of Facebook Events and Wall messages that
the PowerScript software initiated. We did so because this database appears to include tables
to log information about messages sent, including 10 MessageLog tables, a
MessageLogHistory table, 10 Scraplog tables, and a ScraplogHistory table. Nonetheless, all
of these tables were empty except for the ScrapLoghistory, which only had 141 entries from
12/6/2009 to 11/9/2010, all on the Orkut network.
51. Again, we understand that based on information received from Mr. Fisher, Defendants
ceased daily operations sometime in April of 201l, at which time Defendants transferred all
files onto a separate backup service. We further understand that, according to Mr. Fisher, the
CONFIDENTIAL
25
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 29 of 39
Power_Logger database was supposedly too large to transfer, and therefore was removed. In
our opinion, by deleting the Power_Logger database, Defendants effectively erased arguably
the most relevant and useful information concerning the number of electronic mail messages
that Defendants initiated through execution of their PowerScirpt software associated with the
100x100x100 campaign.
52. Because the information about Events and Wall messages sent to Facebook during December
of 2008 was not included in the databases we received from Power, we were unable to
determine precisely how many wall messages were posted and how many “Power 100”
campaign Event notifications actually were sent to Facebook users.
53. However, we also examined the Power database of the Power website’s users, and we were
able to determine that there were at least 39,137 Power.com users with Facebook accounts in
the database. These database records include the stored email addresses used by the
Power.com users in order to login on Facebook, and the stored passwords for their Facebook
accounts.
D.
DEFENDANTS’ EFFORTS TO CIRCUMVENT IP BLOCKS
54. We have found that the Power.com website utilized a pool of proxy servers to connect with
social network sites, including Facebook, through different IP addresses. The Power software
allowed the Defendants to configure a list of proxy servers for each social network site (see
Exhibit L, file HttpProxyConfig.cs, found in the directory
SVN\powerinfra\Projectos\Power.PowerNetwork.Core\bll, lines 107141).
55. In one of the databases provided by Defendants, we were able to find an entry for the proxy
server used to access Facebook. The IP address for the server was 174.129.224.81, and
a reverse directory lookup of this IP address identifies the host as ec2-174-129-22481.compute-1.amazonaws.com. This IP address is associated with Amazon Web
Services (see Exhibit M, file AsyncSetup AsyncHttpProxy.csv, extracted from the
CONFIDENTIAL
26
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 30 of 39
database SQL 7\AsyncSetup_full_bkp.bak, database AsyncSetup, table:
AsyncHttpProxy, row: 1). However, since the database only included a single IP
address, and we understand that there were other IP addresses that Facebook attempted to
block in December of 2008, it is clear this is not a complete list of the IP addresses that
Defendants used to access Facebook. Additionally, the database did not include any history
of which IP addresses were used for the critical time period of December of 2008 prior to
when Defendants switched to Amazon Web Services. Based upon the proxy system
software, it is clear that the Defendants could remove servers from service and replace
servers both manually and automatically to circumvent IP blocks, such as those employed by
Facebook.
56. The Defendants’ software includes a command processing system to manage the server pool
(see Exhibit N, ServerManager.java found in the directory
SVN\powerinfra\trunk\Java\powerproxy\com\powerscrap\proxy\mana
ger, lines 43-84). This command processing system is used to check status and make
changes to any of the servers in the pool which may be blocked by a website such as
Facebook, (“BLOCK SERVER”) and to obtain a new server IP address when such a block is
detected (“GETNEXTIP”). The commands can be issued either programmatically or
manually. The command processing system effectively permitted Defendants to circumvent
any attempts by websites like Facebook to block access by Defendants to those websites.
57. We also uncovered further evidence that Defendants implemented technology to circumvent
Facebook’s efforts to block the Power.com website by tracing the execution of the software
used to create Facebook Events. Specifically, the latest delivery included the source code
files that run the CREATE_EVENT_FACEBOOK script (see Exhibit O,
CreateCampaignEvent.cs from directory
SVN\power.com\Power.Com.Core\Campaign100x100x100, at lines 25-40. In
this code, the PowerScript retrieved and executed the “CREATE_EVENT_FACEBOOK” script
from one of Defendants’ servers. Significantly, the IP address of the relevant server that
CONFIDENTIAL
27
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 31 of 39
executes the “CREATE_EVENT_FACEBOOK” script is set by the Defendants’ proxy server
software. This functionality shows that the PowerScript software is intentionally monitored
by the Power.com system to ensure that it is not being blocked by Facebook as a result of the
software creating Facebook Events.
58. Additionally, we investigated certain routines in Defendants’ source code to determine
whether Defendants employed tools that allowed Defendants to circumvent technical barriers
– such as blocks of IP addresses – that Facebook or other websites put in place to block
Power’s access to their own websites. Certain ones of these routines create a list of proxy
servers, which are continuously monitored to determine, among other matters, if they are
blocked by a website like Facebook. We have been able to identify connection-type methods
in the source code that allow Defendants to use a proxy server to change the IP addresses
used by the Power.com website that are visible to and are detected by third parties like
Facebook. By tracing the execution of a PowerScript, we found that part of the process was
to use ConfigurationPowerProxy to get a proxy server to use for connecting with
Facebook. The code found shows how an array of proxy servers is created from a list
provided by the proxy manager and then the server is selected randomly from that list. See
Exhibit P, ConfigurationPowerProxy.cs found in the directory,
SVN\powerinfra\trunk\Projetos\src\configuration, at lines 20-26.
59. The Defendants’ source code includes routines we have identified that create a list of proxy
servers, which are continuously monitored to determine, among other matters, if they are
blocked by Facebook. The updateServerListThread shows the server list is updated
on a regular interval stored in the timeToUpdate property (see Exhibit Q,
UpdateServerListManager.java, found in the directory
SVN\powerinfra\trunk\Java\PowerInfra\powerproxy\com\powerscrap
\proxy\manager, at lines 107-118).
60. While the previous routine is used to update the server list on regular intervals, there are two
other methods that are used to update the server list. The definirServidor method is
CONFIDENTIAL
28
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 32 of 39
used to add a server to the list. The removerServidor method is used to remove a server
from the list (see Exhibit R, PowerProxy.java, found in the directory
SVN\powerinfra\trunk\Java\PowerInfra\powerproxy\com\powerscrap
\proxy, at lines 82-108 and lines112-135, respectively). Finally the listen method at
Exhibit R, lines 144-165 monitors each proxy server and calls the removerServidor
routine if it detects a block of the Power.com website. The IP address of the Power.com
website can then be replaced with another IP address from the Power Proxy Manager. In this
way, Defendants ensure that they can circumvent deliberate blocks of its services by entities
such as Facebook.
61. Based on the code examined it is clear that significant effort went into the design and
development of the proxy system, and that one of the objectives of the system was to
reconfigure IP connections if one of Defendants’ proxy server’s IP addresses used to connect
to a website like Facebook was blocked. From our own understanding of the technology, we
know that it is common for entities like Power.com to employ proxy pools to circumvent the
blocking of IP addresses, especially when such entities are also employing scraping programs
to obtain web content. As shown in our analysis above, the PowerScript scripts used by
Power to create Facebook Events and write on Facebook friends’ Walls are such web
scraping programs. Moreover, Defendants’ proxy pool infrastructure was designed to
support these scraping activities.
62. Starting with the random selection of a proxy server to run each PowerScript, through the
server list maintenance software described above, to the pool management command
software and proxy server monitoring code also discussed above; Defendants’ proxy system
clearly was specifically designed to circumvent IP address blocking by entities such as
Facebook.
E.
DEFENDANTS HAVE DELETED IMPORTANT DATA
63. Since first getting access to some code on August 23, 2011, we have continually found
CONFIDENTIAL
29
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 33 of 39
deficiencies in the scope of code produced by Defendants. For instance, as noted, despite
repeated and diligent requests, we still have not received all of the Power database
information associated with how many invitations were sent by Power. From
correspondence from Mr. Fisher, we now believe this highly important information was
deleted after this litigation was underway.
F.
TECHNICAL ANALYSIS OF DECLARATION OF MR. VACHANI
64. Finally, we offer some observations about the obvious technical errors contained in
statements by Defendant Steve Vachani in his December 12, 2011 Declaration. For instance,
in paragraph 3 of Mr. Vachani’s declaration, he states:
Specifically, Power created a browser that allowed users to
login and access all of their various social networking
accounts at once. Users could update their photos,
messages, music, and videos, and these updates would be
portable across various social networking sites.
65. We believe Mr. Vachani’s statements reflect his lack of technical acuity and programming
skills to functionality understand the functionality of the PowerScript software. From our
CONFIDENTIAL
Figure 5: Screenshot of Facebook Wall page included on a Power.com webpage
30
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 34 of 39
examination of the code, we did find that Defendants’ software included a function that does
resemble a browser – but only slightly. That software is contained in one of the many
software directory trees and is named “Navigator.” The software provided the user with
the ability to open another web page and display it inside a Power.com web page. In Figure
5, a screenshot of the Power.com web page with a Facebook page embedded is shown (see
FBPOWER00099). The screenshot, we believe reflects the functionality Mr. Vachani is
referring to in his statement. However, while one function of this software was to allow the
user to enter a message, the description of it as a “browser” does not capture the software’s
programmed crawling and scraping of websites. The Power software that provides this
functionality is the “PowerScript” software, scripts, and infrastructure. As we have shown in
our analysis above, PowerScripts were written to programmatically perform all the functions
required to get and save photos, get and send messages, and get and save video, so as to
“proxy” a website like Facebook. This functionality is directly related to a web scraper or
webbot, and not a browser. That is so because the program or scripts perform the operation,
rather than a user.
66. Also in paragraph 22 of his December 12, 2011 Declaration, Mr. Vachani states:
Power did not access any nonpublic portion of Facebook’s
website. Power merely offered users a different and
potentially superior browser through which they could
access their Facebook accounts to copy, update, and/or port
their own “User Content.” And users did so by entering
their own valid usernames and passwords, which Power
never copied or stored for any purpose. Power did not
obtain any software, data, or other content of value from
Facebook. The only data accessed through Power’s utilities
were user’s own “User Content,” over which Facebook has
disclaimed any ownership.
67. Again this statement is misleading because it represents that the user was controlling the
access to public portions of Facebook’s website. What actually occurred is that Defendants’
software programmatically created Facebook Events. Unlike a browser, Defendants’
software can programmatically create an Event, creates the list of friends to invite, and
execute or send the Event invitations, without requiring any user interaction.
CONFIDENTIAL
31
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 35 of 39
68. In addition, Mr. Vachani incorrectly states that Power never copied or stored Facebook
usernames and passwords, whereas our examination of the “power” database found 39,137
Facebook login names and passwords stored there. An example of three network connections
for one Power.com user is shown in Table 2. As can be seen from the table headings, this
user belonged to three social networks: Facebook, LinkedIn, and Orkut. It also shows the
username and password for each was stored within Defendants’ databases. See power
database, dbo.account table.
id
iduser
17243056 977586
17134637 977586
906629 977586
Nameaccountnetwork
FACEBOOK
LINKEDIN
ORKUT
username
luiz.grecco@gmail.com
luizg@sebraesp.com.br
luiz.grecco@gmail.com
idnetwork
NULL
1288243
1.35E+19
password
giF9l6JMQK8=
q5HQ0dzE0bo=
giF9l6JMQK8=
Table 2: List of three social network accounts, usernames and passwords stored in power database
69. In the same “power” database, we also found that friend lists were also stored. We found
225 records of Facebook friend lists that totaled 31,515 Facebook friends. An example of one
of the 225 Facebook friend lists can be found in Exhibit S, friendlist2.xml from the power
database, dbo.FriendsAccount table. This example friend list contains data for 253
Facebook friends and stores their Facebook IDs, Names and links to their Facebook profile
photos.
70. Finally, in paragraph 11 of Mr. Vachani’s December 12, 2011 declaration, he states:
Power did not undertake any effort to circumvent that
block, and did not provide users with any tools designed to
circumvent it. Nevertheless, Facebook’s IP block was
ineffective because it blocked only one outdated IP address
Power had used, and did not block other IPs that Power was
using in the normal course of business.
71. From our analysis of the Power Proxy infrastructure, Defendants developed a flexible system
for operating, managing, and maintaining a pool of proxy servers that could be assigned and
removed from use easily. Because Defendants fundamentally relied on their software’s
ability to scrape information from other sites, the Power Proxy infrastructure limited the
number of transactions coming from any one proxy server to reduce the likelihood of
CONFIDENTIAL
32
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 36 of 39
detection by the websites being scraped. Defendants also put in place monitors to detect
when errors occurred on one of the proxy servers, which included the ability to remove a
failed proxy server from the list of servers. This type of proxy pool is not commonly used by
websites, but is commonly used by web scraping services.
G.
CONCLUSION
72. Based upon the review of Defendants’ source code for various code projects named
PowerScript, PowerNavigtor, PowerProxy, and spider, as well as other documentation
produced to date, we have concluded the following:
(a) Defendants developed proprietary software named PowerScript and spider in
order to crawl various social network websites, including particularly www.facebook .com ,
to extract or “scrape” website user information such as Facebook photo images, wall content,
friends’ lists, and the like, and to then reformat that user information on Defendants’ own
website, www.power.com, in order to “proxy” Facebook and permit Defendants’ own
website users to log into Facebook through Defendants’ own Graphical User Interface, rather
than through Facebook’s interface.
(b) Defendants designed their proprietary PowerScript and spider software to
automatically post on the Facebook website new Events soliciting Facebook users to join
Power.com as part of what Defendants called the “Power 100” or “100x100x100” Campaign.
Defendants likewise designed their software to automatically post Power Invitations on
Facebook users’ Walls soliciting them to join Power.com.
(c) Based upon available information from Defendants’ databases, at least 39,137
users of the Power website also had Facebook accounts. Because of missing information
from those databases that is solely in the control of Defendants, we were unable to quantify
exactly how many Facebook Event or wall posting transactions took place between the
Power website and Facebook in which Facebook users were solicited to join Power.com. We
are able to state that both kinds of solicitations did occur, however, and were initiated by
CONFIDENTIAL
33
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 37 of 39
Defendants' proprietary software.
(d) In addition to the electronic mail communications that Defendants' software
automatically posted on the Facebook websites when it created Facebook Events and when it
posted Facebook wall messages, the same proprietary software that Defendants used to
automatically create Event notifications and post Facebook Wall messages also would
initiate automated "spam" email messages being sent on Defendants' behalf to Facebook.
73. It is our understanding that discovery in this case is ongoing. Accordingly, we reserve the
right to supplement or amend our opinions in light of any additional evidence, testimony, or
information that may be provided to us after the date of this report. We also reserve the right
to supplement or amend our opinions in response to any expert reports served by any other
party in the lawsuit.
Dated: 19-Dec-2011
Robert Zeidman
Lawrence Melling
CONFIDENTIAL
34
Case Document 396 Filed 05/29/14 Page38 of 39
73.
CONFIDENTIAL
Defendants? proprietary software.
In addition to the electronic mail communications that Defendants? software
automatically posted on the acebook websites when it created Facebook Events and when it
posted Facebook wall messages, the same proprietary so?ware that Defendants used to
automatically create Event noti?cations and post acebook Wall messages also would
initiate automated ?spam? email messages being sent on Defendants? behalf to Facebook.
It is our understanding that discovery in this case is ongoing. Accordingly, we reserve the
right to supplement or amend our opinions in light of any additional evidence, testimony, or
information that may be provided to us after the date of this report- We also reserve the right
to supplement or amend our opinions in response to any expert reports served by any other
party in the lawsuit.
Dated: 19-Dec?201
Robert Zeidrnan
dawn?.
Lawrence
34'
Case 5:08-cv-05780-LHK Document 396 Filed 05/29/14 Page 39 of 39
Exhibit A: Resume of Robert Zeidman
Exhibit B: Larry Melling Resume
Exhibit C: Expert Report Source Code Inspection Log 2011-12-19
Exhibit D: CREATE_EVENT_FACEBOOK.xml
Exhibit E: PowerCallBack.aspx.en.resx
Exhibit F: PowerCallBack.aspx.cs
Exhibit G: PowerMessageManager.cs
Exhibit H: PowerMessageFactory.cs
Exhibit I: Write.cs
Exhibit J: InsertMessageScript.sql
Exhibit K: PN_SEND_SCRAP_FACEBOOK.xml
Exhibit L: HttpProxyConfig.cs
Exhibit M: AsyncSetup AsyncHttpProxy.csv
Exhibit N: ServerManager.java
Exhibit O: CreateCampaignEvent.cs
Exhibit P: ConfigurationPowerProxy.cs
Exhibit Q: UpdateServerListManager.java
Exhibit R: PowerProxy.java
Exhibit S: friendList2.xml
CONFIDENTIAL
1