Slashdot Mirror
Using Spyware to Report Pirates?
An anonymous reader asks: "I have visibility to AUP complaints we receive at work, and we receive messages from a software vendor that make it obvious that their product is phoning home when it discovers it is running a cracked copy of itself." Apparently the software phones home, and then the publisher's legal department sends the administrator an e-mail. "The message goes on to detail the users IP, a timestamp, the product in question, the users PC name, username, and MAC address.
This falls under -my- definition of 'spyware.' What are your thoughts?" Software has been making surreptitious checks for "piracy" for over a decade, yet these checks are usually limited to the software itself, and not data on the user's machine. Do you feel software publishers should have the right to peer into users data, if their software suspects foul play on the machine, or should it do the easy and intelligent thing and just stop working?
Just WHO is this publisher?
"Flyin' in just a sweet place,
Never been known to fail..."
So that's why my copies of OpenServer and UNIXWARE keep pingflooding kernel.org...
You can't judge a book by the way it wears its hair.
Its been going on for quite some time now.
You use the illegal software, I don't see any reason why someone who's life work might involve *writing* said software would not want to catch you pirating/using is Illegally.
I'n not all that sure how I feel about the users computer information being fired off in an email, but I have always considered that a possibility in the past. Seems like I was right.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order- Ed Howdershelt Via Tass
I have no problem with this, as long as it is in the agreement box, or they make it clear that it till collect the user data and send it to the company if the software checks itself to be a crack.
You don't like it then don't use it.
DecafJedi
DecafJedi
my weblog: apropos of something
In any application where data is sent from within the company (or home) consent is vital. Perhaps you would argue that stealing the software removes the obligation to ask for consent, but the potential for the software to mistakenly think it is pirated is too high.
POPFile has an option to check to see if there's a new version available. It's incredibly innocuous: it hits a server and check it's version number, the server junks its logs daily. I keep no record. This was initially on by default but people were upset, it's now off.
The simplest solution is that a piece of software that thinks it is pirated start warning 30 days before it's going to shut itself off to give the user a chance to do something and finally disable itself. That is effective and friendly.
And get yourself a copy of ZoneAlarm so that you can see which apps would like to talk to the outside world.
John.
But, as someone who is innocent until proven guilty, what right do they have to {spy on, steal from, stalk} me? Seriously, if you're going to back the "stealing is a crime" part of the law, you also have to accept that the alleged thief is innocent until proven otherwise. No one (without subpoena or warrant) has a right to that kind of information without consent.
It's not spyware, it's a fucking anti-theft system. Don't like it? Don't steal it.
There's a legend that Microsoft actually encountered this back with Microsoft Word 1.0 - it formatted the hard drive if the CRC of the program changed. Bad karma there, hosing innocent users if they got infected. (BTW - I've seen Vesselin Bontchev reference it here and other places, but it could just be he picked up a convenient rumor. Anyone have verification of this story?
If it's not documented in the EULA for the product, it might even be a potential civil suit against the company. Doesn't Europe have fairly restrictive privacy laws that could come into effect here? Could be criminal there if so, especially if it misfired on an innocent user. Although of course - IANAL.
BTW - what product?
I write code.
Beware, Nugget is watching... See?
Ultimately if you get taken to court because of a copyright violation that was discovered because the cracked software phoned home, I doubt the court will grant you much leighway.
If the software's anti-theft tracking was being put in place by the police, that would be a violation of the fourth amendment. On the other hand, this is being done by a private corporation which has far more rights.
Think about LoJack, the car anti-theft mechanism, that tracks the car. Isn't that effectively the same thing? That's perfectly legal.
I don't like the notion of a company installing such spyware because there's little guarantee that they are only reporting pirates. Furthermore, what's to keep them from reporting subtle violations of the license agreement that aren't in fact illegal under copyright law. Once the spyware is there, there's effectively no limit on what it can do.
This sig has been temporarily disconnected or is no longer in service
Installing spy programs on someone elses computer and misapproriating their resources to send information about that computer back to you, OTOH, may certainly be a crime.
With the game Black and White that I own, the cd copy protection gave my computer so much problems and the only solution the publisher gave me was to install a new cdrom, so I was forced to install the cd crack to actually play the game. I'd hate to be labeled a pirate and taken to court because I actually wanted to play a game I legally purchased(Hell I preorded).
Have you ever been to a turkish prison?
Ok, so if the program is smart enough to discover that it's a cracked copy of itself, why doesnt it just not start up and prevent the user from using the cracked copy.
[alk]
you need to tighten up your firewall!
If you don't even know which software or machine is communicating with which outside hosts, don't be surprised when you find out some inside box is relaying spam or leaving out the welcome mat for unwelcomed visitors.
In any case, what exactly prevents you from naming the offending software? Why speak in generalities and obfuscation?
Given that you undoubtedly agreed to allow the proprietary software to do a full body cavity search on you when you clicked through the EULA, the publisher has the right to do just that. Even if you're using a "legal" copy.
YOU have the right to refuse to use binary-only, spyware infected, jump-through-hoops licenced programs. Use Free Software instead.
"But I depend on the proprietary software to do my job." Then support the Free Software movement so someday you won't need to depend on proprietary software anymore.
As someone who makes a living writing peer-to-peer software, I completely disagree that "STEALING IS STEALING" as you say.
I don't want to get into semantics with you, but here goes:
Stealing involves the deprivation of someone's property, removing thier ability to benefit from it. (paraphrase)
Information "theft" is not really theft or stealing.
Thousands of my users probably "steal" my software, but guess what! I DON'T CARE! It is information, which I CANNOT OWN!
Noone, corporation or individual, has a right to profit.
Everyone has a NATURAL right to consume and reproduce information. How do I know? Look how we are physically built, for crying out loud!
Let me close with this somewhat fanatical thought: Every month new ground is broken in the attempt to produce objects by piecing them together molecule by molecule.
Now, it will probably take longer than my lifetime to occur, but EVENTUALLY you all will be able build a generic THING from its component molecular pieces.
Consider this "future" world for a moment: No more scarcity, no more hunger, no more epidemics caused by lack of medicines.
Now consider the same world, with *your* "STEALING IS STEALING end of story" claim: Should the first person/company that creates a new molecular structure have a monopolistic control over said structure? Should you be able to produce (from scratch, not by "physically stealing") a replacement Brake Pad for your car without paying Ford for the privelidge? What about creating your very own "claritin-like" substance for your allergies? Should you have to pay Mosanto?
I stated before, and firmly believe, that information wants to be worthless, in an economic sense. Information has no "owner" that I recognize, and, as such, I do not consider the "copying" of information to be "theft".
If someone broke into my office and stole the computer I was writing my source code on, then THAT is theft of information, as it has deprived me of it.
If someone copies (without my permission) my program and uses it without paying me, oh well! I haven't been deprived of anything! I still have my program! The only thing I *may* have lost is potential profits, but NOONE HAS A NATURAL RIGHT TO PROFIT! NOONE!
(Thats why "Step 2: ???" is so common! heh)
In the above "idealistic copying world" example above, noone could profit! There would be no object scarcity, therefore (almost) no intrinsic value to *ANYTHING*, let alone "strictly informational things."
Time to end this rant, but PLEASE PLEASE consider:
The end result of personal "posession & ownership" of information, combined with monopolistic control, and the added "Lets consider artificial entities with the stated goal of financial wealth accumulation (corporations) the same as people, with the same 'rights' to own information, etc, is a CORPORATE FEUDAL SYSTEM, not the (what I consider) ideallic, everything-copying society that we COULD have then.
The road we are starting down today is leading us towards the scarier of the two, I believe.
-vDave-
{dave -at- bearshare -dotcom-}
Help me out, and use BearShare for all of your p2p (INFORMATION COPYING) needs!
The pig browse. With Google. Sigh is to the chicken. Chicken is fool. Giggle. The DailyWTF giggle.
Yes, it is. Funny you should say that and then follow it with:
Stealing is stealing. Infringing upon someone's copyright is NOT stealing, it's infringing upon their copyright. Stealing is stealing, and using cracked software is something else entirely. That's why each is prohibited by a different law. You can't ``steal'' software unless you grab a boxed set and run out of the store.
That may sound like a trivial distinction, but it's not: it is the heart of the matter. It's this sort of sloppy thinking that makes it so easy for Disney to get copyrights extended another 40 years every time Mickey has a birthday.
It's important to remember that property rights are natural rights, which pre-exist our constitution (that's what our constitution says). Copyrights, patents, and the like are privileges which the constitution allows but does not require Congress to grant. When we equate copyright violation to theft, we blur that distinction, and play into the hands of those who would like to enclose the commons of our cultural heritage.
See what I've been reading.
Seriously folks I think lately we've forgotten that stealing is stealing, and if you're stealing a piece of software you should be punnished for stealing a piece of software.
And for those situations where stealing doesn't mean stealing?
Two trivial examples that I suspect most us us could get "caught" for:
First, a friend purchased (completely legal, nothing unkosher whatsoever, not even grey-market) a copy of Age of Empires - AoK. It has a rather annoying copy protection scheme, however, which annoys legitimate users (whereas pirates just run a cracked version with no hassles at all). So the solution? He uses a cracked copy of the game. A stupid software test for known program cracks would flag him as "stealing", yet he did no such thing.
Second, and even more difficult to deal with - I have all of my CD collection on my HDD, since I only ever listen to them while at the computer. Legal format-shifting as allowed even by the DMCA. Yet, can I "prove" to some stupid spyware bot that yes, in fact, I really do own the CD? Nope. And even if I could, I shouldn't NEED to; my computer serves me, I do not serve my computer.
More important than false positives, though, we should consider the issue of why we buy software in general. If I buy a game, I buy it to play that game. If nowhere in the documentation (or preferably, on the outside of the packaging) does it describe its "RIAA-friendly anti-piracy technology", it damn well better not have any. I don't buy software to spy on me, I buy it to do the task it describes itself as performing. Nothing more, and nothing less.
Seriously folks I think lately we've forgotten that stealing is stealing,
fine then you dont mind us installing a new tracking device on your cars to tell the manufacturer and your loan company and officer where your vehicle is at all times.
if you aren't doing anything wrong then why are you against it?
get the idea yet?
Do not look at laser with remaining good eye.
- Unplug the phone jack/ethernet card
- Find out where its' sending packets to, and edit your hosts file on your proxy/firewall accordingly
- Remove the software (duh!)
Or, to take the parent posters' idea of a virus (actually, a worm) to the next step, have it scout the net looking for legit copies, and installing the crack on their machines. So even legit customers would end up "phoning home".Seriously, just remove the software. If it does something you want/need, you have three choices:
- buy a legit copy
- develop a competing product
- put up with the knowledge that it is phoning home
Mind you, if I wrote it, I wouldn't have it phone home, - I'd have it phone a (very) expensive 900 number (say, $50.00 a call) that I'd own, and you'd end up paying for your license when you got your next phone billSo the (alleged) spyware sends copies of certain information about your computer back to the company that produced the software.
The user still has all the information they started with. No one has been deprived of any information. All that has happened is that an additional copy of this information has been created and distributed.
In order to object to this, you have to admit that some information does have owners, and also that it is wrong to copy information without the consent of the owner.
Then, this being slashdot, you have to do a little song and dance, like this: "when other people create music and software and movies, and I make a copy of their stuff, it's fine. But when someone else makes a copy of information from me without my consent, that's wrong!"
Your information wants to be free; my information wants to be private. See?
My own beliefs are the same as Linus Torvalds: "He who writes the code chooses the license". If you don't like spyware, don't friggin run it. I don't.
True.
And gathering personal information about a user, without his/her consent without a legal warrant is...
Seriously, this information is NOT what anybody can get from public records. If I gathered this information about someone, and that someone found me out, I'd be charged with cyberstalking or whatnot.
Say you're a small shop. You have need of 3 copies of s/w package X.
You go down to BigBox store, and buy 3 copies of X.
Back at the office, you use one CD to load all the machines. Leave the other 2 in the shrinkwrapped boxes, on the shelf. Perfectly normal...happens all the time.
The running s/w sees 2 other copies of the same s/n on the LAN, and phones home. PIRATE! PIRATE!
You're 'legal'. You have paid your fees for the 3 copies. But Company X, due to their incorrect reporting and intrusive networking, thinks you are in violation. They send the BSA after you, with all the attendant fees.
At this point, you're guilty until you can prove your innocence.
Absolute BS, I say.
>Some people, especially young children, seem to have a difficult time grasping that although nothing physical is taken, theft has still occurred.
No, it hasn't. Most parents (including yourself, I'm sure) tell their children, once they're old enough to read, that they should check the dictionary. I hope you don't mind if I do it for you.
theft
\Theft\, n. [OE. thefte, AS. [thorn]i['e]f[eth]e, [thorn][=y]f[eth]e, [thorn]e['o]f[eth]e. See Thief.] 1. (Law) The act of stealing; specifically, the felonious taking and removing of personal property, with an intent to deprive the rightful owner of the same; larceny.
Note: To constitute theft there must be a taking without the owner's consent, and it must be unlawful or felonious; every part of the property stolen must be removed, however slightly, from its former position; and it must be, at least momentarily, in the complete possession of the thief. See Larceny, and the Note under Robbery.
I don't know how much clear it can be than that, sorry.
>it's not the physical manifestation that's holds the majority of the value of the item, it's the intellectual property.
The only real IP I know of is Internet Protocol. "intellectual property" is a buzzword used by various anti-piracy groups to scare users. IMHO, it rates right up there with "speed kills" and "this baby is crying because it's dad was killed by a drunk driver".
>So, your thinking that even though you took it, the fact that they still have it (wow, magic), let's you off the hook is just plain wrong.
I'm not saying that. What I am saying is that piracy is not only a lesser crime (IMHO) than stealing, as it only deprives the owner of an imagined profit, and, in fact, does not cause a direct loss like shoplifting, it really bears no relation to stealing. The similarity ends at the word loss. Speaking of which, murder would be a loss of life, and therefore has the same amount in common with stealing as does piracy.
Again, just my humble opinion.
That being said, I feel that piracy ISN'T a good thing, that it is illegal, but that it is overzealously punished in today's times where steamboat mickey is still copyrighted property. The only way what people will wake up and stop the insanity (put copyright terms back into the hands of the people) is if people stop making it out to be something it isn't.
>By the way, you're not even close in interpreting how copyright laws apply to these situations.
Uhh, seriously, read a law dictionary. Without something being missing from the victim, and without it being in the hands of the perpetrator (preferrably at the same time) there can be no theft.
While the crime of copyright infringement is generally punished in a federal court, and the crime of speeding violations in a municipal or provincial (or, in the US, a state) court, the style of offense is identical. They're both victimless crimes. Sure, you could say I *would* have bought a piece of pirated software rather than pirating it, but at the same time, if I get a stolen (for real) camcorder for $50 that sells for $5,000 do you think there's even a chance in hell I would have bought it if it weren't stolen? The fact is there is normally no specifically identifiable victim from piracy that can prove a loss, which is just like when you receive a speeding ticket -- nobody can prove a loss. It's just illegal, that's all.
It's always a lot more complicated to convince someone a crime is bad when there is no victim, and *THAT'S* why the BSA (et al.) want you to (wrongly) think copyright is theft. Because then they have their victim -- english teachers.
In fact, you'll find my previous dictionary definition a little lax. Merriam Webster says:
theft: 1 a : the act of stealing; specifically: the felonious taking and removing of personal property with intent to deprive the rightful owner of it b : an unlawful taking (as by embezzlement or burglary) of property
When dictionaries start saying specifically, and highlight it; I think they're trying to curb an improper usage of the term.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
"Seriously folks I think lately we've forgotten that stealing is stealing, and if you're stealing a piece of software you should be punnished for stealing a piece of software."
That's fine provided due process is followed. Calling home and saying "I'm cracked" is not evidence of guilt. I have a piece of cracked software on my laptop. Am I guilty of piracy? Have I stolen anything? Absolutely not! I paid for the software. However, I cannot have a dongle sticking out of the back of my laptop. It's not worth risking breaking of the dongle, or worse, the laptop.
End of story? Me thinks not. If somebody installs cracked software they haven't paid for simply to evaluate it, have they stolen it? Ethically speaking, no. The fact of the matter is that you cannot return software. The only people who are truely guilty of commiting theft are the people who acquire the software without paying for it, and make use of it.
I would advise not trying to oversimplify this down to black and white. It is nowhere near as 'end of story' as you're making it out to be.