Slashdot Mirror
Independent Developers Fight Piracy & Lose
An anonymous reader writes "The author of the Echelon decided to take his fight against software piracy to the next level and then threw in the towel. After someone began posting new serial numbers on a well known hacking site, the author took matters into his own hands. With version 1.0, entering a hacked serial number causes the software deleted the user's Home directory. Yes, you read it right, the software completely erases it (aka rm -rf ~). A variety of people have voiced some some strong opinions on this. While some argue that piracy is good for established companies, a few large companies are battling piracy and having limited success. Small, independent developers, however, are recognising this is a serious problem and are generally stumped by what to do about it."
I guess FADE is something comparable. But it didn't get out of the realm of the game (Operation Flashpoint in this case), but simply degraded controls and ammunition inside the game. It proved not to hold long (as any protection), but I think it enouraged some people to buy the game they liked.
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
First, at least he didn't start emailing parts of the user's mailspool to address book entries!
I always thought it was kind of ironic when the small people back the groups like SPA / BSA. Those "industry" groups represent those who fund them, and AFAIK will do nothing for the little guy. They are funded by the big players.
There have been a few other similiar cases. I believe one of the popular Windows CD recording packages would burn garbage CDs if you entered the wrong serial number, or entered one of the popular serial numbers found on google.
Southeastern Virginia REPRESENT!
The system I use with my applications is:
Client-server architecture, you login once with a CDKEY. Everytime the program runs, it sends your IP and cdkey to a server.
Now if TOO MANY PEOPLE use a CDKEY, you can cancel it out... Then when people login with that CDKEY they see,"You are using a pirated CDKEY, please get a legitamate one. Email X@X.com"
Sure advanced hackers can skip past the client-server authentication, but its tough and they need to do it for every released version. For the most part people are stumbled here.
Good points:
1)You can track if your software is being pirated at all.
2)You cut people off who have used your software, so its like a free trial and if they like it, they can pay you for a copy... And they may not have bought the software to begin with.
www.geocities.com/James_Sager_PA
God spoke to me.
If the author of the software had simply deleted the software itself, or disabled it in some way, this could be acceptable, but deleting a user's home directory goes WAAAAY over the line.
A good general guideline for ethical behavior in CS is theACM Code of ethics. This violates several points, including:
1.2 Avoid harm to others.
1.3 Be honest and trustworthy.
1.7 Respect the privacy of others.
(1.2 is the most applicable here, I think)
Yeah, opening a website or having a nag popup will really stop the spread of piracy; just see how effective *that's* been in the past. Hell, someone will just code a nag crack to remove even that! Lame.
What's really immature is pirating the software to begin with. But hey, someone protecting their software from theft means they're the bad guy, right?
Anti-piracy sabotoge has been around for a long time - it dates back to the days of some manufacturers using 5.25 inch floppies that included an unused disk track containing sandpaper - attempting to copy the master disk would result in moving the floppy read head over the sandpaper covered track, thus destroying it.
This was stopped for probably the same reasons as discussed in the home security thread regarding booby traps. Destroying somebody's PC is illegal, even if they are making illegal copies of your software. Besides, what if they were using somebody else's PC to do it? And who would want to purchase a product that could destroy your PC if you make a mistake? Kind of like purchasing a car with a built in self-destruct as an anti-theft device. God help you if it malfunctions.
My rights don't need management.
It simply moves it into /tmp/.
/tmp/ is cleaned and the data is lost.
When the user reboots, however,
Pokey The Penguin!
RTFA. It's a Macintosh program. So there's no reason to expect that programs like X and Apache are even installed. (They can be installed, and a few are by default, but users might not care)
However, depending on how the installer is run, the application might not have write permissions to do that kind of damage. The home directory is both more likely to be vulnerable, and much much more important to the victim.
Here's some other, milder ways to punish the offender:
Bad Idea if you end up hurting a paying customer.
Back in about '82 an acquaintance bought a C64, floppy drive and accounting software. Painstakingly entered data for his employees, customers etc. Took him about 2 weeks of hunt and peck. Program ran great for about a month and then one day when he loaded it up, his master data file had every record replaced with "PIRATE","PIRATE","PIRATE"...
It turned out that the copy protection could be triggered by a slightly misaligned drive head. The program thought it was a pirated copy and activated its anti-piracy code. OOPS!
Buddy was not impressed, since it cost him much time and money. After several nasty letters from lawyers the developer ended up having to pay to have the data re-entered, as well as supplying a version of the software without the anti-pirate code.
None of them can see the clouds; The polished wings don't care.
Anyone remember Jeff Arnold's CDRWIN program? His program was popular years ago for its ability to copy Playstation games. As his program became popular target for pirates, he implemented something similar. But as I recall, the user outrage was enormous, and he had to remove the new "feature". Even then, people didn't trust his software for a long time afterwards.
In Soviet Russia, articles before post read *you*!
You know guys, trying to delete the user's home directory or messing with them in other ways might seem clever, but what if they decide to run their program in a chroot jail?
Totally illegal to set any sort of mechanical traps like that, BUT, there's a nifty loophole, it's called "rottweiler". Totally legal and effective in most cases.
and software you and your company writes will never EVER be purchased by me or my company. NOR will I be able to honestly reccomend your software to anyone based on that "time-bomb" you use.
you can not guarentee to me that you will exist in 10 years, or that you wont decide to ru a "forced upgrade" on users by killing all key's or the server it's self.
I have users that are using critical software that is over 10 years old (I know they are evil and steaking from the developer's mouths.... yadda,yadda)
Anything that requires external authentication to install or run is unacceptable and get's put on a blackball list that I distribute to associaltes and clients.
And people wonder why OSS get's more and more popular with companies pulling crap like this on the paying customers.
Do not look at laser with remaining good eye.
That's how NDAs and other evil contracts work; there's no freedom of speech clause that would override NDA, for example.
It may be that EULAs would be non-binding for host of other reasons, but constitutional rights have little to do with EULAs, except if EULA was imposed by the government.
For those who didn't want to RTFA
This post below is from one of the developers friends. It's mostly a sob story about how broke the developer is. If you didn't bother to read the app automates encoding movie files which is, I must admit, a cool thing to write. The windows world doesn't have much of this. discreet makes Cleaner (purchased from Terran) but it costs way more then $20. For the price it really is a decent piece of ware. the closest the windows world has is TMPEG but last I checked it doesn't work with nearly as many formats (divx, etc).
"I happen to know the developer in question, and while I don't agree with what he did, I empathize with his frustration over this whole matter. He's spent many months getting ready for this release, and the next day, some brainless low-life had reverse-engineered his serial gen code, and released several working serials for it. Since the numbers were posted, registrations for his app completely stopped, and he's now facing the grim situation of possibly halting all development on this very useful program. He's in debt, and broke, and getting nothing for all his hard work. Seeing all his hard work getting flushed down the toilet made him understandably angry, and he was mainly trying to get revenge on the cracker, and to scare people away from attempting to pirate his software. That being said, he's already seen the error in his ways (so to speak), and the current build of his app has the home directory wiping code removed. If you download it now, the serials won't work, but it won't wipe your home directory anymore. He's contemplating less drastic measures, and new ways to protect his app, but won't be destroying user data anymore, even if they are just pirates. I think this was something that was done in the heat of the moment, in the frustration of seeing the thoughtless acts of a cracker destroy his income from this work, and went a bit overboard. I wouldn't be so hard on him, as I'm sure it's something many developers have thought of doing, and wished they had the balls to actually carry through. I think many in his position would have done something similar. At this point, the offending code is gone, and the pirates' data is safe, however the future of the (extremely useful) app is very uncertain, as registrations have all but stopped. I hope he doesn't have to stop development due to lack of support, but the actions of that cracker who shall not be named may well have forsaken this app's future."
Posted by: WiseWeasel on September 7, 2004 04:51 AM
Another of the developers friends fingers the cracker in another post
"C'mon. As its been stated, the scheme in question only targeted the cracker (iDave) and his cronies...and the specific serials created. What's more, since slava misreported this, the app didn't really delete the home directory; it obfuscated it. Only by further PIRATE THIEF ACTION would it actually have been wiped."
Posted by: JackHandy on September 7, 2004 12:25 PM
Yeah, damn right. His program was aimed at taking DivX and MPG movies in commonly downloaded formats, and turning them into DVDs.
So, he wrote a program whose main audience was people who violate copyright, and was then surprised to find people pirating his software? Oh, cry me a river.
I feel the same way about people who write shareware "file sharing" applications, and then act all irate when we share the registration codes for those applications. If you don't want your work to be ripped off, it'd help if you didn't go out of your way to assist people in ripping off the work of others. I've registered fifteen pieces of shareware, but I'm sure as hell not registering "file sharing" software.
Plus, the "meat" of his software was apparently GPLed projects such as ffmpeg anyway...
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
I'm surprised I haven't seen someone comment on this (or I'm too lazy to search the entire thread for this comment) is that the original US PATRIOT act included provisions that made it possible for copyright holders to hack your computers and even possibly due damages if they felt you were infringing on their copyrights. The "Deterrence and Prevention of Cyberterrorism" portion of the act would criminalize any act of hacking that caused damages or losses of over $5000 would be considered an acto fo terroism. The RIAA lobbied for a bypass so they could hack/destroy without any worries of criminal charges.
With this ammendment, they can hack into peoples computers, search for infringing materials, and add them to their "TO SUE" list. Not only that, they were wanting to be able to be proactive, in a sense find people that are supposedly using P2P software and hack their systems so that they are unable to trade copyrighted material, or delete any offending materials.
This ammendment did get knocked down, but then the MPAA tried a similar amendment. i believe this didn't make it either, but both these organizations have kept bringing up new forms of these bills in one way or another.
Sound familiar?
Here's more details...
Technically - yes, it is and you could go to jail. But your example is a little off - really, a better example would be you built many of these devices and sat them out in front of your house with a tip jar to pay. Then it blows up if they didn't drop in the tip jar.
A slightly different take: If you "boobytrap" your house with a shotgun and a burglar enters... and gets their head blown off, it's illegal.
Building an explosive device and sending it into the public is illegal. Boobytrapping with malicious intent, even in self defense, is illegal.
"[Update: This article is attracting heavy traffic from Slashdot... server load is quite low now, although it was probably higher earlier, but it turns out that eZ publish is very inefficient with respect to MySQL. I've changed the (persistent) mysql_pconnect calls to (non-persistent) mysql_connect calls, so hopefully there shouldn't be any more "too many connections" errors. Ironic that in the very article where I describe how piracy is seriously affecting my ability to pay the bandwidth bill, I get a wave of traffic from Slashdot. This server is hosted in Australia, where bandwidth still costs over 10 cents a meg. Incredible, I know...]
It looks like the pirates have won the war on Synergy.
Since the software was released, there have been occasional serial number leaks which have harmed sales, but the problem has more or less remained under control. It looks like it is now out of control.
Please read on to learn more about what's happened and how I'll be responding to it. Unfortunately, it's all bad news.
Throughout the month of August, a fake license was "doing the rounds" unchecked on a popular serial-sharing forum. Sales dropped 20-30% in response, starting on the day of the leak, and stayed low for the entire month.
On Saturday, I released a major update to Synergy, version 1.2, and was dismayed to see that the very next day a crack was being made available and advertised on the same forum. When the crack was taken down by Apple, who had been unknowingly hosting it, the very next day a "100-user" license for Synergy appeared on the same forum.
I have never sold a 100-user license of Synergy. The license if a fake. The serial number algorithm has been reverse engineered, and the pirates can generate new serial numbers at will. There seems to be very little that I can now do, and it seems certain that the 30% depression in sales will continue indefinitely.
I never made much money from Synergy. It's only 5 (Euros) (evidently too much for the pirates). Nevertheless there are bills to pay. Domain name costs, bandwidth charges, tax on the income earned from the licenses. It's no exaggeration to say that the current piracy problem, if it continues, will put an end to the business.
The business (and myself) are just two of the victims. The collateral damage ends up directed at the customers who've bought licenses in the past.
If the business closes, then there'll be no more updates for those registered users. No more updates for the pirates either.
If the business doesn't close, things still don't look good. Unfortunately, every alternative I consider for addressing the problem has a downside attached to it for legitimate users.
Perhaps the pirates don't stop to think and realize the consequences of their actions, and that their behaviour adversely affects everyone involved. These are just some of the consequences that piracy can provoke:
1. Higher license prices. If pirates won't pay a reasonable fee like 5, then the licenses must go up in price to cover the running costs of the business. The bystanders who foot the bill are honest people, made to pay more because the dishonest people didn't want to pay at all.
2. Less time spent on improving the software and developing new products. If I can't pay the bills from license sales, then I have to spend more time working on things other than software.
3. Less time spent on tangible software features and more time spent on anti-piracy technology. While most users would prefer to see new features and bugfixes, piracy diverts development time towards intangible things which honest end users never get to enjoy (things like improved license code algorithms).
4. Less convenience for honest end-users. Thanks to piracy, honest customers have to deal with