Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Spyware to Report Pirates?

Posted by Cliff on from the do-the-ends-justify-the-means dept.

An anonymous reader asks: "I have visibility to AUP complaints we receive at work, and we receive messages from a software vendor that make it obvious that their product is phoning home when it discovers it is running a cracked copy of itself." Apparently the software phones home, and then the publisher's legal department sends the administrator an e-mail. "The message goes on to detail the users IP, a timestamp, the product in question, the users PC name, username, and MAC address. This falls under -my- definition of 'spyware.' What are your thoughts?" Software has been making surreptitious checks for "piracy" for over a decade, yet these checks are usually limited to the software itself, and not data on the user's machine. Do you feel software publishers should have the right to peer into users data, if their software suspects foul play on the machine, or should it do the easy and intelligent thing and just stop working?

11 of 1,013 comments (clear)

  1. What we want to know... by Jeremiah+Cornelius · · Score: 5, Interesting

    Just WHO is this publisher?

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
    1. Re:What we want to know... by wo1verin3 · · Score: 5, Interesting

      I'd still like to know what publisher does this, and if my company is a customer of this company which decides to spy on our systems without permission then I would a) ensure we move to another software vendor and b) make the company aware of why we choose to move to another vendor.

    2. Re:What we want to know... by Tongo · · Score: 5, Interesting

      On my machines I run Sygate Personal Firewall. I have it set to block traffic based on application, not port number (although that MAY be possible also). If an application doesn't have defacto permission to access the internet it will ask me. The I set it to allow my most used applications through without prompting. Works quite well actually. It is amazing the amount of stuff that is trying to call out all the time.

    3. Re:What we want to know... by dolo666 · · Score: 5, Interesting

      What if it's wrong? What if you really paid for the software and someone *else* cracked it and passed it around?

      Some of the appz/games in stores get cracked and put back on shelves. It happens all the time. And how many of you keep your sales receipt, box or even CD? I have software running that is paid for but I don't have evidence that I bought some of it; I still have a right to run it.

      The problem is that while this monitoring is a good idea in theory, there are too many variables that would trigger reasonable doubt in court. This would tie up a court for quite some time with possibly unreliable evidence garnered as reasonable.

    4. Re:What we want to know... by DaCypher · · Score: 5, Interesting

      What if that application, say, an FTP client, requires access to the internet to do its job? So you allow it access to the internet for this purpose, but could it still sneak its connections in to its home server since the firewall assumes this is legitimate behavior?

    5. Re:What we want to know... by MrBlue+VT · · Score: 5, Interesting

      I run cracked versions of video games all the time. Why? Because I've stolen it? No, because I don't want to have to stick the damn CD in the drive everytime I want to play the game. Nothing is more annoying than the stupid "copy protection" that makes you hunt around for the particular game cd and then put it in your machine (heaven forbid you are using the cdrom at the same time to play music or burn a cd!).

    6. Re:What we want to know... by _xeno_ · · Score: 5, Interesting
      I'm disappointed by the replys so far. I keep on getting these two conflicting vibes from people on Slashdot - some people who seem to really want Linux to succeed on the desktop and therefore have companies write software for it (like, say, games or video codecs...), and people who seem to want to keep the "non-free polution off their system."

      If Linux is to succeed on the desktop, then third parties must be allowed to write closed-source applications for Linux. (If, for no other reason, than to allow custom buisness software to continue to run on the systems.) In that case, a vendor very well could include spyware, and being able to block just that application would be very nice.

      Can Linux block net access by individual program? I don't know - I think netfilter may be able to be hacked to do it, but I'm not 100% sure. (It looks like it might be possible to write a netfilter module to do it, but it may require modifying the netfilter system itself, which would involve kernel hacking. When I wrote this, www.netfilter.org was not responding, so I'm guessing based on documentation on other sites and what was available through the Google cache.)

      Does this make Linux on the desktop less secure than Windows? Well, erm, not really. The Windows default firewall only exists in XP (or maybe some SP added it to previous versions, I dunno), and it blocks based on ports. Third-party firewalls like ZoneAlarm and the aforementioned Sygate Personal Firewall can block based on application.

      So Linux is no more secure than Windows on its own. Add in some more software, and it can be. The next question is: if Windows had this feature, and Linux did not, would Linux on the desktop be less secure than Windows? I think the answer is yes, based on the idea that Linux on the desktop must be capable of using closed-source software, and that such software would be prevelant on a successful Linux desktop, and that there would exist users for the software.

      Dismissing Linux as safe because there currently is no real spyware out for the Linux desktop does not really address the question. Assuming there were, it would be nice to be able to block just one application. Blocking a port would not be enough (since it could just use 80, then no web browsing for you...). Blocking an IP is the obvious "right way" but it still might not be the best solution if that cuts your off from the webpage or other important service.

      So being able to block by a given application is probably better than only by packet info (like IP, port, flags, etc.). If the question were simply "OS/A can block net access by application, is it more secure than OS/B that cannot" would people still say "OS/A is more secure because it's open source?" Or is this an emotional response based on the fact that it was Linux vs Windows?

      --
      You are in a maze of twisty little relative jumps, all alike.
    7. Re:What we want to know... by Lshmael · · Score: 5, Interesting

      That's the point. That conflicts with the entire practice of people being innocent until proving guilty. Since it is a former attorney general saying it, the poster was implying that the government does not care about trampling on civil rights in its relentless pursuit for "justice." Meese was saying, "If we think you did something wrong, you did. No questions. Stop talking. 2 + 2 = 5."

      Where does the madness stop? What is the publisher had disabled the computer or reformatted the hard drive? Would that be justified? What is the software was actually *NOT* pirated?

  2. Another question... by Decaffeinated+Jedi · · Score: 5, Interesting
    Is it spyware if it's mentioned in the User Agreement that you accepted?

    DecafJedi

    --
    DecafJedi
    my weblog: apropos of something
  3. Re:why not? by vDave420 · · Score: 5, Interesting
    Troll, but I will bite anyway.

    As someone who makes a living writing peer-to-peer software, I completely disagree that "STEALING IS STEALING" as you say.

    I don't want to get into semantics with you, but here goes:
    Stealing involves the deprivation of someone's property, removing thier ability to benefit from it. (paraphrase)

    Information "theft" is not really theft or stealing.

    Thousands of my users probably "steal" my software, but guess what! I DON'T CARE! It is information, which I CANNOT OWN!

    Noone, corporation or individual, has a right to profit.

    Everyone has a NATURAL right to consume and reproduce information. How do I know? Look how we are physically built, for crying out loud!

    Let me close with this somewhat fanatical thought: Every month new ground is broken in the attempt to produce objects by piecing them together molecule by molecule.

    Now, it will probably take longer than my lifetime to occur, but EVENTUALLY you all will be able build a generic THING from its component molecular pieces.

    Consider this "future" world for a moment: No more scarcity, no more hunger, no more epidemics caused by lack of medicines.

    Now consider the same world, with *your* "STEALING IS STEALING end of story" claim: Should the first person/company that creates a new molecular structure have a monopolistic control over said structure? Should you be able to produce (from scratch, not by "physically stealing") a replacement Brake Pad for your car without paying Ford for the privelidge? What about creating your very own "claritin-like" substance for your allergies? Should you have to pay Mosanto?

    I stated before, and firmly believe, that information wants to be worthless, in an economic sense. Information has no "owner" that I recognize, and, as such, I do not consider the "copying" of information to be "theft".

    If someone broke into my office and stole the computer I was writing my source code on, then THAT is theft of information, as it has deprived me of it.

    If someone copies (without my permission) my program and uses it without paying me, oh well! I haven't been deprived of anything! I still have my program! The only thing I *may* have lost is potential profits, but NOONE HAS A NATURAL RIGHT TO PROFIT! NOONE!
    (Thats why "Step 2: ???" is so common! heh)

    In the above "idealistic copying world" example above, noone could profit! There would be no object scarcity, therefore (almost) no intrinsic value to *ANYTHING*, let alone "strictly informational things."

    Time to end this rant, but PLEASE PLEASE consider:
    The end result of personal "posession & ownership" of information, combined with monopolistic control, and the added "Lets consider artificial entities with the stated goal of financial wealth accumulation (corporations) the same as people, with the same 'rights' to own information, etc, is a CORPORATE FEUDAL SYSTEM, not the (what I consider) ideallic, everything-copying society that we COULD have then.

    The road we are starting down today is leading us towards the scarier of the two, I believe.

    -vDave-

    {dave -at- bearshare -dotcom-}

    Help me out, and use BearShare for all of your p2p (INFORMATION COPYING) needs!

    --
    The pig browse. With Google. Sigh is to the chicken. Chicken is fool. Giggle. The DailyWTF giggle.
  4. Re:why not? by pla · · Score: 5, Interesting

    Seriously folks I think lately we've forgotten that stealing is stealing, and if you're stealing a piece of software you should be punnished for stealing a piece of software.

    And for those situations where stealing doesn't mean stealing?

    Two trivial examples that I suspect most us us could get "caught" for:

    First, a friend purchased (completely legal, nothing unkosher whatsoever, not even grey-market) a copy of Age of Empires - AoK. It has a rather annoying copy protection scheme, however, which annoys legitimate users (whereas pirates just run a cracked version with no hassles at all). So the solution? He uses a cracked copy of the game. A stupid software test for known program cracks would flag him as "stealing", yet he did no such thing.

    Second, and even more difficult to deal with - I have all of my CD collection on my HDD, since I only ever listen to them while at the computer. Legal format-shifting as allowed even by the DMCA. Yet, can I "prove" to some stupid spyware bot that yes, in fact, I really do own the CD? Nope. And even if I could, I shouldn't NEED to; my computer serves me, I do not serve my computer.


    More important than false positives, though, we should consider the issue of why we buy software in general. If I buy a game, I buy it to play that game. If nowhere in the documentation (or preferably, on the outside of the packaging) does it describe its "RIAA-friendly anti-piracy technology", it damn well better not have any. I don't buy software to spy on me, I buy it to do the task it describes itself as performing. Nothing more, and nothing less.