Slashdot Mirror
Using Spyware to Report Pirates?
An anonymous reader asks: "I have visibility to AUP complaints we receive at work, and we receive messages from a software vendor that make it obvious that their product is phoning home when it discovers it is running a cracked copy of itself." Apparently the software phones home, and then the publisher's legal department sends the administrator an e-mail. "The message goes on to detail the users IP, a timestamp, the product in question, the users PC name, username, and MAC address.
This falls under -my- definition of 'spyware.' What are your thoughts?" Software has been making surreptitious checks for "piracy" for over a decade, yet these checks are usually limited to the software itself, and not data on the user's machine. Do you feel software publishers should have the right to peer into users data, if their software suspects foul play on the machine, or should it do the easy and intelligent thing and just stop working?
There are clauses in some EULAs that note these features. Shareware/crippleware uses "call home" functionality with a good rate of success since the software is not modified by pirates/crackers who simply supply a serial or keygen and a link to download the crippled version.
You're joking, but SCO OpenServer does actually scout your network for other unlicensed copies of OpenServer and other SCO products. As far as I know, it just causes an output to console every few minutes warning you of the unlicensed software.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Beware, Nugget is watching... See?
Acceptable Use Policy - a document you sign that states regulations, etc. for the system/network you're part of. My school makes me sign one that disallows, for example, installing software on school computers and other stuff like that.
I meta-mod all positive moderation Unfair, because it's abuse of the system.
EXACTLY RIGHT beamdriver. I think we have some RIAA trolls who love to say that pirating software = theft
Given that you undoubtedly agreed to allow the proprietary software to do a full body cavity search on you when you clicked through the EULA, the publisher has the right to do just that. Even if you're using a "legal" copy.
YOU have the right to refuse to use binary-only, spyware infected, jump-through-hoops licenced programs. Use Free Software instead.
"But I depend on the proprietary software to do my job." Then support the Free Software movement so someday you won't need to depend on proprietary software anymore.
Personal Firewall is the best approach to keep software from "phoning home".
You need to use your best judgement - when and why an application connects to the internet. Deny all connections by default.
>STEALING IS A CRIME... end of story.
Right, but copyright infringement isn't stealing. END OF STORY.
To steal, you must remove the property from the owner's hands *AND* have it in your possession.
ie: If I stole windows from microsoft, they would NEVER be able to sell windows against until they caught me, because I'd have all their copies. If I pirated it, I'd have a copy, and they could continue to sell it.
But that's a different crime. Copyright infringement is more like a speeding ticket. Nobody is directly hurt, but it isn't appreciated by a small segment of society, and no matter much the rest of us want to change it, we're stuck with the law because, on some level, it makes sense. However, nobody says you stole the extra speed unless your car is jacked.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
Yes, it is. Funny you should say that and then follow it with:
Stealing is stealing. Infringing upon someone's copyright is NOT stealing, it's infringing upon their copyright. Stealing is stealing, and using cracked software is something else entirely. That's why each is prohibited by a different law. You can't ``steal'' software unless you grab a boxed set and run out of the store.
That may sound like a trivial distinction, but it's not: it is the heart of the matter. It's this sort of sloppy thinking that makes it so easy for Disney to get copyrights extended another 40 years every time Mickey has a birthday.
It's important to remember that property rights are natural rights, which pre-exist our constitution (that's what our constitution says). Copyrights, patents, and the like are privileges which the constitution allows but does not require Congress to grant. When we equate copyright violation to theft, we blur that distinction, and play into the hands of those who would like to enclose the commons of our cultural heritage.
See what I've been reading.
Dunno about France, and IANAL, but at least in the United States you cannot be bound by an agreement written in a language which you don't understand. (Unfortunately, the major loophole to this is that the legal system still seems to think that Legalese is understandable by English speakers. :-(
And, found more in depth info from Bontchev - seems he just misremembered later.
I write code.
The multiuser / site licenses don't check for duplicates.
when you are under police investigation, such as being followed or having your phones tapped, it has to be decided by a judge that you are dangerous enough, or enough of a threat to the law or society, that they should violate your privacy for the sake of others.
and in ALL OTHER CIRCUMSTANCES (barring, of course, anything in the latest patriot act), they are required to let you know what's going on. when you get a job that requires a criminal background check, they let you know. when you are asked for additional ID, well.. of course, you know.
that's reall the difference. should companies put spyware in to spy, or should they just outright tell people what's going on? it might even act as a deterrent to pirates who don't want to be caught. they will just use some other software, instead.
I'd have to agree. I think this is especially true for schools and the educational community. For small and medium sized schools and districts, there is simply no real decent licensing agreements that allow purchasing new applications. I know of at least 3 districts that still run Office 97, for example, because they couldn't afford the upgrades every 2 years, even at the educational price.
In civil cases, the standard is "a preponderence of evidence." Remember, civil cases involve two private entities coming to the state to settle a dispute. At the outset, the law has no judgement about which private party is correct; final judgement is issued based on who presents the most compelling evidence to support their side of the story.
Yep, and then they started making the manuals with dark blue text on burgandy paper (well, the code number sections, anyway) so that you couldn't photocopy it. By the time you can actually read the code number to enter to play the game, you've completely screwed up your vision. :)
:)
I had two Konami games on the C64 that used this method. After about five times of going through this pain, I cracked the damn games. What was great was that the copy protection code in both games was the same, and they even ever so nicely made it easy to find the protection (the border color changed after the code was correctly validated). Three byte patch (JMP $XXXX) and hacked game.
Ahhh, the days of 8-bit computing.
-- Joe
Here is a page of links for such lists.
Uh, I'm not sure what Apple software you're referring to. The OS has never done this; in fact, I'd be suprised if the OS even had a serial number somwhere in it.
You may be referring to third-party apps. If that's the case, recall that the Mac version of Office _stopped_ doing this after one of the updates.
The last app I remember that did this was Adobe Premiere 4.2. I'm not sure if the "latest version" still checks.
iptables CAN create rules based on the application.
--cmd-owner name is the option to do so.
you can also make a rule based on uid.
Of course you can mix things up, for example you can allow an app to connect to some ports rather than to some others.
And of course an application cannot use port 80 (server socket) if it's not uid 0 or suid.
For example
iptables -A OUTPUT -p tcp --dport 80 -m owner --cmd-owner mozilla-bin -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j DROP
would let only mozilla connect to port 80 of a remote server.
I can tell you: you have got no idea how powerfull is iptables!
I don't want to start any blasphemous rumors but I think that God's got a sick sense of humor. DM
I dunno, I run the same pirated copy of Norton Antivirus and Norton Internet Security on every windows pc I've got, and the Live Update works correctly on all of them
Most OEM versions of AV expire in 90 days, retail in 365, but most computers just come with the 90 days worth. The goal being to get you to pay the $10 to extend your access to their network for another year. Personally, I just set the clock back a year when i run update. I guess you could boot your new computer with a floppy the first time, and set the clock ahead two years before it fires up, so the AV software time stamps that it expires two years and 3 months from now.
Or buy the retail version and set your clock ahead while you install, and put it on all your computers.
Or just uninstall and reinstall the AV every year (if its retail version and you have the disk)
Yea, there are lots of ways to pirate it. But they still really want you to pay THEM directly to update for another year, since they don't have to share that money with retailers. They pretty much give away that 90 day version anyway.
Tequila: It's not just for breakfast anymore!
You're wrong, for several reasons.
"if they choose to contact the individual or institution and there was just a flaw in the code that made it think that it was cracked when it was infact legit, all the acused would have to do to clear their name is prove that they have a legaly purchased copy"
In the US, we have a "innocent until proven guilty" court system, where the burden of proof is not on the accused to prove they are innocent, but on the accuser to prove that they are not. Secondly, it might not be that easy for a user to prove they have a legit copy. A few examples of this would be if the user's machine was compromised, and the key stolen and distributed, or if the user was part of a large corporation and had no idea of anything to do with the installation of the software, or if the user had bought a used computer with the software already on it.
"it's not like it gives out top secret information"
Again, wrong. RTFA, "The message goes on to detail the users IP, a timestamp, the product in question, the users PC name, username, and MAC address. " This information could be VERY harmful in the wrong hands. With a known IP, timestamp, PC name, username, and even MAC it is now very easy to locate a user's physical location within an organization. With some social engineering and a bit of luck, you can now do all sorts of nasty things (sneak a keystroke logger and BOOM, they're 0wn3d!) to someone. Also dangerous, since MACs are bound to the hardware, if someone could reverse lookup a certain piece of hardware bound to a MAC and then find a vulnerability in the hardware, they're in. And since I doubt this information is encrypted, and since it is obviously sent over the public internet, the right person sniffing the right packets can now grab all of it.
More importantly, I doubt that this "feature", if you can call it that, is well publicized. This is very important because without knowledge of such practices it could be hard for a sys/netadmin to account for the grossly insecure transmissions.
Let's get one thing perfectly clear, I did not vote for George W Bush, and I do not endorse what he does or says.
"
In this case, MacOS informs you that person x is using a copy of the software and then it quits the application until you close down the other copy or log off the network. I don't see /. breaking out the hayforks over this though.
Maybe because there is no Apple software that behaves as you describe?