Independent Developers Fight Piracy & Lose

An anonymous reader writes "The author of the Echelon decided to take his fight against software piracy to the next level and then threw in the towel. After someone began posting new serial numbers on a well known hacking site, the author took matters into his own hands. With version 1.0, entering a hacked serial number causes the software deleted the user's Home directory. Yes, you read it right, the software completely erases it (aka rm -rf ~). A variety of people have voiced some some strong opinions on this. While some argue that piracy is good for established companies, a few large companies are battling piracy and having limited success. Small, independent developers, however, are recognising this is a serious problem and are generally stumped by what to do about it."

Too Far?

[Oculus+Habent]

I think deleting the entire user's directory is a little harsh. If I were going for vandalism, I'd go for things that cause problems, but shuouldn't do serious damage. Something along this line:

• Delete Perl
• Stop Apache, Samba, & nfsd and remove their startup scripts.
• Delete X
• Delete ftp, grep, ssh, or other important programs.

The key is to piss off the user. Each of these things are replaceable, but a PITA.

Re:Too Far?

[praxis]

Well, go ahead and do that, if the software is running with access to those things. If, for example, the software is running with only write access to the user's home directory, then what?

Re:Too Far?

[NemesisEnforcer]

Or how about something reasonable like deleting the software that the user was trying to pirate?

I don't think he'd have faced a lot of criticism if the software's reaction was that mild. However, he might have caught a lot of heat if it happened accidentally with a legit user.

Re:Too Far?

[Gudlyf]

At first glance, you might think, "Yeah! Serves 'em right! Delete their home dir!" The thing is, it's akin to setting up a trap in your car or home for burglars that hurts or kills them (although deleting ~user shouldn't be physically harmful, at least directly). In short, going on the offensive in an equally or more sinister way doesn't always make it the right thing to do.

Re:Too Far?

[rd_syringe]

Why is it harsh? If you crack the software, you pay the consequences. You're not owed anything at that point. As far as ethics is concerned, the app could do anything it wanted.

Warez is a result of this lame sense of entitlement that today's computer users have. Arguing piracy is "good" for companies doesn't matter--it's not provable, but more importantly you don't have the permission from the copyright owners to do it. Pirates are just freeloaders who get bitter when the free ride is taken away.

id Software lost over a million dollars to record-breaking piracy the weekend before Doom 3's release. Ask Carmack sometime how he feels about that.

We've already seen game companies transitioning more and more to consoles (and the games suffering as a result). They're doing this because of the extra protection from piracy. As more and more people pirate the fuck out of everything, the system will eventually completely crumble, and nobody will be able to make a living off of any software. We won't have the Photoshops or 3D Studio Maxes or Cubases of the world, because there won't be businesses behind them doing the development. It's not like OSS is answering the call or anything--all the major software revolutions have been spawned by capitalist endeavors. I'm a musician, and I can load up fantastic plug-ins like FXpansion BFD as a VSTi in Cubase. Piracy hurts innovation like that because there's no incentive for people to make developing software their career. Little college dorm room kiddies will just come along and download it and then run to boards like Slashdot and justify it as "free advertising."

At some point, the issue will come to head and a resolution will be reached, going either way--all-out piracy or full-on copyright protection. But right now, it's just a tense string being pulled tighter and tighter...

Re:Too Far?

[sparcnut]

I think even deleting system programs is way too far. Suppose you have a user (an eye dee ten tee) who has his only copy of his master's thesis in his home directory... you can imagine what happens next. You can make the argument that he deserved it, but it doesn't justify wiping out his thesis.

If the program instead followed your suggestion (never minding the permission issues - it would have to be run as root) and deleted system software, what would happen if the program was run on a production server? Sure, it really ticks off the user, but a lot of things on the server for all users would grind to a halt until the deleted files are replaced. You just can't justify doing something this drastic.

Re:Too Far?

[Oculus+Habent]

Perhaps grabbing files from the home directory and encrypting them. Contact the author for resolution.

Tools like these should also have a built-in sunset date. If, in fifteen years, someone is using this ancient copy of your software b/c they can't purchase it... just let it go.

Re:Too Far?

[jcr]

Have a look in Black's Law Dictionary for "extortion".

-jcr

Re:Too Far?

[vadim_t]

Well, to begin with, it's completely unreasonable, as the amount of damage is pretty much random. A *long* time ago, the idea of "eye for an eye" was established as reasonable punishment. Yes, reasonable, since before people would do things like "You break my arm, I set your house fire with your family inside". Eye for an eye set a reasonable upper bound which wasn't that bad in those times. Trying to go back to before that by this kind of completely unreasonable revenge is ridiculous.

Besides that you have a legal problem. I'm fairly sure that somebody could argue that even though they caused you a $100 of loss (or whatever it costs), the nuked home directory caused $10K of loss. That kind of thing could turn out *really* ugly.

Re:Too Far?

[operagost]

What's the point? The user's system is vandalized without reason. The loss of revenue does not equate to the destruction of the user's data. There is always the possibility that the user mistyped the serial number, or has a legitimate serial number which has unwittingly fallen into a pirate's hands.

Re:Too Far?

[Zangief]

Yeah, and then pirates just need to alter the date te software thinks it is really, and away they go.

Re:Too Far?

[gcaseye6677]

I realize that doing something like this may make the developer feel better, but it accomplishes absolutely nothing other than petty revenge.

The purpose of anti-piracy measures is, presumably, to reduce piracy. When you decide you're going to take revenge on anyone who pirates, all you are going to do is drive away people who might otherwise pay for the software. Nobody says "gee that guy wiped out my hard drive. I should pay for the software I stole from him." Would you do it if you were in that position?

The pirates will continue to pirate, while finding a way to make the program work without permissions to do anything harmful. The innocent user who enters the activation key incorrectly will likely be harmed by this. And the developer will lose future business, and rightly so. And if serious damage were caused, they will face a lawsuit.

If there are any developers out there thinking about doing something stupid like this, please reconsider. It will not help you in any way; it will only hurt you. I for one will never install software that has provisions to wipe out my home directory. What if it does so by mistake?

Re:Too Far?

[clifyt]

"Little college dorm room kiddies will just come along and download it and then run to boards like Slashdot and justify it as "free advertising." "

Whats funny is you mention this in the terms of being a musician.

I have worked on a number of music software applications over the last few years from anything from being a beta tester to designing the GUI for guys that have a great product, but a shitty interface.

And this is this same exact arguement used everywhere -- its just free advertisement. Or if I use it to make money, I'll pay for it. Or I'm just a little guy, and the pros should have to pay since I haven't had my first hit yet.

In this area, I've *NEVER* seen a pro pay for professional music software...if you are making money off of it, you will more than likely get it given to you for free. Hell, I haven't paid for 90% of the software I've been given -- and most of it sits in its box on the shelf as the software I *USE* is almost the inverse of this (for some reason, I'm more likely to use the stuff I pay for -- it has real value to me).

But the thinking goes, being a paid musician is like winning a spot on a basketball team -- there are only so many spots opening a year, and most likely its not going to be you. So the software is given to the professionals to advertise to the little guys...I don't know how many times folks will come to my studio and ask what I'm using, only to run out and buy it thinking that it means they can leave me outta the mix, so to speak...only to realize you can't buy talent out of a box -- it comes from years of hard work.

So honestly, the software is sold entirely to the guys that can't make a buck and most likely will never make a buck. Great guys -- and a lot with real talent, but really don't want to do anything but play on weekends with a bunch of friends.

Anywho, the companies advertise as they feel like advertising and need no help from anyone else. I wish there was a decent way to prevent piracy but the folks that want everyone elses hardwork without doing anything for it want to be rebels. Its like the fuckwad kids that think stealing their instruments make them an authentic punk band even though they are from the suburbs.

I love free software and have contributed to some of it -- in my day job we give away several packages I've solely designed and developed, but all in all, folks need to respect the opinion of those that provided the software...even if there were no laws preventing the copying of software or music or whatever, you'd think folks would have the decency to understand that if someone creates something they should have the ultimate say on how its used. If ya don't like that, you are free to develop your own...its not like the ideas are that hard to come up with, and an army of OSS programmers should be able to replicate anything who can give their software away under the ideals they wish it to be released...

Re:Too Far?

[Yartrebo]

It's quite common for me to loose the original packaging (and the SN#) to a game, and then get a serial number from online. I still have the CD.

Now if my hard drive were trashed by such a program, I would sue (yeah, it's probably in the EULA that they can do that, but there's a good chance that such a clause will be neemed null and void).

In normal (non-internet) society, such an action would be the revenge a phycho would extract by killing the person sleeping with his girlfriend.

Re:Too Far?

[Waffle+Iron]

If you crack the software, you pay the consequences.

In a civilized society, consequences are doled out by a court of law, not by vigilantes their software.

Re:Too Far?

[Cat_Byte]

That really sucks. The only pirated software I have is stuff that I actually own but would rather have a version that doesn't require the CD or something I own that the CD was damaged & I refused to pay $10 or whatever for a new CD. I have the license keys to back them up. If a pirated copy deleted my important calls you can bet I would be on the phone with support for hours until they restored all of my data they messed up.

Re:Too Far?

[strictfoo]

then you know that the user is attempting to steal from you

Untrue

It's not common, but when I lose my key to a software product I have paid for, I don't bother with the (sometimes) huge hassle of trying to get it again. Over the past 7-8 years I'm sure I've registered many different software packages with many different email addresses so I usually have no idea what one goes with what software package.

I am in no way stealing. This guy is out of line. Removing the home directory of a user is ridiculous. Just delete the f'en product directory.

Re:Too Far?

[PReDiToR]

to make sure that hacking requires maximum effort with minimum reward

IANAH, but I play one on hackthissite dot org.

I have spent hours learning to hack websites, applications and databases, I'm not great, but I found the process of learning fun.
I don't think you can dissuade people from cracking your apps by making it hard work, the harder it is, the more credibility you get in cracking circles.

The thing that gets to me is that coders and packagers can spend so long trying to lock up their apps that they spend time on that which could be spent debugging or advertising, fundraising for the next version or putting eye candy in the app so that the people who actually pay for software will find it attractive and pay for it because it looks professional.

Re:Too Far?

[Znork]

"If they don't want to get maimed or killed, maybe they should have picked a different job."

Does that go for any policemen, firemen, small children, spouses, relatives, housesitters, etc, who might actually have a reason to be there too?

Or have you invented a new form of trap that magically springs only on the guilty?

Re:Too Far?

[Fweeky]

"If you crack the software, you pay the consequences. You're not owed anything at that point. As far as ethics is concerned, the app could do anything it wanted."

Your software *thinks* I pirated it, ergo it can do anything it wants and get away with it? Nuh uh. What happens when a pirate releases a keygenned key that happens to match mine? What happens when I hit a bug in the key verification code? What happens when a cosmic ray flips a bit in the relevent code and a FALSE turns into TRUE?

"id Software lost over a million dollars to record-breaking piracy the weekend before Doom 3's release"

Says who? Based on what evidence? I pirated it, saw that it sucked, and then did exactly what I would have done anyway; I didn't buy it. Did they lose $60 on me anyway? Maybe they would have if I'd cancelled my preorder based on that, but then I'm just using my increased knowledge of the products available to spend my money more wisely. Is that still a bad thing? Maybe for Id, but not for me, and I don't think for the market either; mindless shooters with crappy atmosphere and insanely repetetive gameplay should not a blockbuster make.

"As more and more people pirate the fuck out of everything, the system will eventually completely crumble, and nobody will be able to make a living off of any software."

Kindly provide statistics and sources that show more and more people are pirating software, and that as a result the amount of purchased software is going down. Or are you just assuming that's what's happening?

Re:Too Far?

[thedillybar]

>If a pirated copy deleted my important calls you can bet I would be on the phone with support for hours until they restored all of my data they messed up.

Almost modded this funny, then I realized you weren't try to be funny. Anyone who does this isn't going to have a support number, and isn't going to put up with your BS if they do. Clearly they don't care about customer satisfaction if they're wiping home directories. What makes you think they'll be able to recover your rm -rf ~ better than you can anyway?

Re:Too Far?

[drakaan]

They said "hacked serial numbers", not "pirated copies". You would have used your (legitimate) serial number and would have been unaffected, presumably.

Re:Too Far?

[Carewolf]

The funny thing is, this has gotten to point where the only "vendors" of shareware you can trust was essentially warez-sites, as the crackers compete in removing all the spyware, nackware, crippleware, and other attached diseases.

When you download something of the official site, it will not work, spy on you, advertise random crap and now delete you home directory; but if you download it from a warez site, it is clean and functional. This counts even for software bought in shops, like Windows XP, which doesnt require "activation" in the cracked versions.

No wonder piracy is on a rise!

Re:Too Far?

[ifwm]

"You'd actually be able to sleep at night knowing you killed some poor drug addict who was strung out looking for a little cash for his latest fix"

Your emphasis is on the wrong guilty party there fella. While it is illegal to set traps to injure or kill people, no one MAKES junkies break into houses. If I did trap my place, I would sleep very well knowing they killed THEMSELVES.

Re:Too Far?

[XMyth]

That's the thing though...."extra sales" ? There will be none. No one is going to say "well, it deleted my home dir...maybe I'll buy it!" This is pure retribution...plain and simple. Very short sighted, IMHO.

Re:Too Far?

[hazem]

And what happens when a bit error causes a JNE (Jump Not Equal) to become a JE (Jump Equal), and the correct information leads to your data being erased? All these checks are great, but it all really comes down to:

if status=valid,
run normally
else
delete all files
end if

If the stupid program can tell when a fake number is entered, it should simply refuse to run.

Re:Too Far?

This actually isn't a new idea. I remember an early version of Lotus 1-2-3 (for DOS) that did something like this. If the program thought it had been pirated, it deleted its main .exe files. This forced you to have to re-install it (assuming you were the legal owner), but didn't damage any of your data or other programs.

At the time, they weren't using serial numbers as copy control. The floppy had some kind of copy protection on it (a "diskcopy" wouldn't work), and it wrote some files in the install directory that were marked system and read-only. You couldn't touch these files. If they got moved by a defrag program (for example), the program would zap itself. (I found that out the hard way. It was not mentioned anywhere in the manual.)

Doing this is probably the only legally defendable kind of destructive copy-protection. If the user pirates your software, he has done something illegal. That does not give you the right to do something illegal back to him. If he has no right to run your software in the first place, then there's nothing wrong with your software deleting itself, since he shouldn't have it in the first place.

As with my example above, when implementing destructive copy-protection, you must be very careful to make sure it won't backfire on legitimate users. I did own a legal copy of Lotus 1-2-3, which I had installed from the original disks. I didn't know that allowing the file to be moved by my defragger would cause the program to think it was pirated. Suppose Lotus had decided to delete my data files (no "home directory" on DOS) instead of just the 123 program? Then I would have lost my data even though I was a legitimate owner of the program and I was doing nothing wrong, according to the software manual. As it was, instead of losing my data, I only lost about half an hour of time performing a re-install.

Re:Too Far?

[rock_climbing_guy]

Hey everyone, my name is Bill Gates. I just wanted to let everyone here know that if you develop your new software for Windows Lower^h^h^hnghorn, we'll protect your software from piracy with strong DRM. We'll make sure those nasty pirates can't change their system date, unless we say so.

Re:Too Far?

[fucksl4shd0t]

Doing this is probably the only legally defendable kind of destructive copy-protection.

Actually, there is no legally defendible copy protection of any sort. A pretty important nit to pick, really. The DMCA itself should actually be declared unconstitutional, because it is.

You see, copy-protection violates the sacred arrangement that copyright represents: it prevents the software from entering the public domain upon expiration.

The DMCA should be declared unconstitutional for this reason exactly, because it protects a method that is used to prevent copyrighted materials from being copied without the owner's permission, more or less indefinitely. Copyright is supposed to expire, and unless your copyprotection accounts for it, you're in violation.

I'm still very much in favor of revoking copyright for people who use copy protection on their stuff and immediately forcing it into the public domain. So it should be legal to break the copy protection. If you want protection from the law, honor your end of the bargain and place the work into the public domain upon expiration of the copyright. If you don't want protection from the law, then go ahead and use copy protection. but don't whine about piracy, you had your choice.

Re:Too Far?

[drakaan]

If you can show the expense on the credit card bill, it shouldn't be hard to contact the software vendor and get a new key. Going to a site to get a hacked key is not only illegal, it's lazy and pointless, if you actually paid for it. If you're not savvy enough to have a copy of the serial number somewhere, does that mean the vendor should just say "oh, okay, use a hacked key"? How, exactly is he supposed to know that you bought the software but were too lazy to ask for a replacement key?

FADE

[thrill12]

I guess FADE is something comparable. But it didn't get out of the realm of the game (Operation Flashpoint in this case), but simply degraded controls and ammunition inside the game. It proved not to hold long (as any protection), but I think it enouraged some people to buy the game they liked.

Oh dear...

Imagine the developers face when he realizes that he forgot a ! in his if statement, while testing that piece of code.

Really immature.

[Azureflare]

What happened to making a fullscreen popup saying "Stop pirating my program!" or opening a browser to a page on your website telling the user they're using a hacked serial?

Anyway, this guy's product and any future products will definitely not be getting any of my money (and I certainly won't be downloading his apps).

Ha, who am I kidding, I wouldn't download it anyway. Open source all the way baby!

A Better Idea

Instead of deleting the files, they should encrypt the files.

The decryption key will be provided when the product is registered. :-)))))))

-Mike

Re:A Better Idea

[mpe]

Instead of deleting the files, they should encrypt the files.
The decryption key will be provided when the product is registered. :-)))))))

This is likely to be only slightly less illegal than deleting someone's files.
Effectivly you'd be holding someone's data to ransom.

Not portable

[Kippesoep]

Deleting a user's home directory is a bad idea. It's not portable. How about those poor folks running Windows 9x. They don't have proper home directories. Even the ones in WinXP are half-baked. You'd have to build in a routine that'll erase the C:\ drive for those poor saps.

Re:Not portable

[kannibal_klown]

Yeh, the most that would happen to me if they delete my PC's home directory is my settings, bookmarks, and a few other minor things. At most, I might need to perform a repair on SOME installs to get an app working correctly.

But I don't store anything in "My Documents," "My Pictures," or the like. Sure, some games default their saved games there, but boo hoo.

My Powerbook on the other hand, I'd have to kill someone. Seriously, I'd wring their little necks.

But I don't pirate software. I make enough money that if I need software X, I buy it, ESPECIALLY if it was designed / published by a small house.

Personally, I hate it when someone pirates software from a small software company. I mean, is it that friggin hard to pay $27 USD for "Gish" or some other delightful game gauranteed to keep you happy for days on end, or $30 USD for TextPad if you use it every day? MS Ofice I could understand (though I paid for mine), but little apps like Textpad are usually worth it.

These jerks had it coming.

A few things...

[telemonster]

First, at least he didn't start emailing parts of the user's mailspool to address book entries!

I always thought it was kind of ironic when the small people back the groups like SPA / BSA. Those "industry" groups represent those who fund them, and AFAIK will do nothing for the little guy. They are funded by the big players.

There have been a few other similiar cases. I believe one of the popular Windows CD recording packages would burn garbage CDs if you entered the wrong serial number, or entered one of the popular serial numbers found on google.

While I sympathize, this is going to far.

[Kenja]

I too have been stung by rampant piracy, however I would never do what these authors did for fear of the potential legal and ethical problems it could cause to knowingly sabotage someone's system. In my case the software in question is Net Weasel, a small HTML editor that has had millions of downloads, has several thousand active users bugging me for support and zero registrations (that's right, not a single person willing to pony up any money). Yet people still email me claiming to have a legitimate copy and demanding that I fix bugs or release a new version. As it happens I do have an updated version I use myself and I'm working on a 2.0, but until I come up with a way to stop people from writing cracks its just not worth my time to release. I'm already compressing and encrypting the executable, there's a point when the copy protection gets to be a bigger project then the application itself.

Re:While I sympathize, this is going to far.

[jandrese]

Have you ever considered that perhaps you're charging too much for your software? Also, if people are flooding you with support requests for shareware, there is a good chance that they won't actually plop down $$$ for the software until it works as advertised. No matter how much work you put into your anti-piracy system, people won't pay for crap.

I don't want to sound too harsh here, but if you take a hostile view of your customers, they will respond in kind. This might be a good opportunity to step back and see if there is anything you could be doing differently to make your product more buyable in the eyes of your consumers.

Re:While I sympathize, this is going to far.

[Dracolytch]

I find it hard to believe that nobody has bought your software with millions of downloads. I find that a really good program gets about a 1% (ouch) download/purchase rate.

I'm working on designing my site so that the keys are available on a web-based DB. Do an MD5 on the key, and match hashes with with the one on-line at program startup. No match, no save capability. Too many people going for one key? Disable that key.

Have the program run OK if it fails once or twice in a row, but the third time, the program dies until it can check its key.

People may still be able to crack your software (No real defense against people rewriting your program...), but keygens and re-used keys become a rarity.

~D

Re:While I sympathize, this is going to far.

[TedTschopp]

I don't want to sound too harsh here, but if you take a hostile view of your customers, they will respond in kind.

Ummmmm.... By definition, they are not customers becuase they haven't purchased anything yet.

Re:While I sympathize, this is going to far.

[Lumpy]

AMEN.

Here's an example,

there are gobs of DVD authoring apps out there, Most in the $199-$399 price range with the most expensive beign Scenerist at $30K+ All the cheap DVD authoring apps suck and make you do their "templates" that all look cheezy and crappy. So DVD authoring apps are pirated by most Indie and enthusiast movie makers.

A year ago I found DVDlab, something with almost as much power as Scenarist and it costs $99.00.

out of the 20 or so Indoe film Makers that had pirated versions of other DVD authoring apps, all but 3 of them have bought DVDlab.

why?

because it's affordable.

software price is the #1 cause of piracy. why the hell pirate something when it's easier and cheaper to simply buy it?

Most people are suspicious of software today. they are used to spending big $$$ for utter crap that only barely does what is promised. (Final Draft for example!) They are tired of being extored at every turn and paying huge $$$ to some guy that thinks being a programmer is worth more per hour than the engineers making high end bikes and other physical items that they know they own.

Software is overpriced, espically consumer grade software.

Typo in the headline!

[jvmatthe]

Should read;

"Independent Developers Fight Piracy & Lose Your Data".

The original version said "...Lose Your Pr0n Collection" but it was too long. The new shorter version is too terse.

Wow, what was his clickthru license like?

[mveloso]

I'd love to read his license agreement.

This guy is a criminal, and douche.

[autopr0n]

If anyone lost any critical data due to this 'feature', there could be serious consequences. I'm not sure if rm -rf ~ on OSX makes the files unrecoverable, but the author ought to be liable to pay to recover the data.

In fact, simply writing the software may have been illegal.

If someone steals some CDs from you, you don't have the right to burn their house down.

And, as a matter of fact the software in question may have been violating the GPL. It was basically a front-end to FFMPEG, which is GPL'd, and it may have come bundled with it.

So basically the guy wrote an easy to use front end to some free software, and then trashed people's work when he stopped getting money from it.

A New Slogan

[MankyD]

Echelon - Redifining the Meaning of BOFH (or perhaps BDFH?)

What the h*ll?

[Kalroth]

I'm a professional software developer myself and while the software I work on isn't piracy prone, I'd never go this far.
Disable your own software, do bad encodes, draw goatse/tubgirl images on the encodings, but dont, DONT mess with files that doesn't belong to your program.

This is just plain immature, not to mention very wrong.
And yes, it seems like the author already removed it, but putting it there in the first place is bad.

Illegal?

I've read that adding timebombs to commercial binaries was potentially illegal. Wouldn't willful destruction of property (rm -rf ~) be even worse as victims would have an easier claim for damages?

Mixed feelings about piracy

[31415926535897]

I have some mixed feelings about piracy. I believe that, at the core, software piracy is morally reprehensible (sorry about using the term piracy for those of you that quibble about that, but it is the term used in the summary).

As a software developer, I feel that I ought to get paid for the work I do. I do work for a company that pays me to develop, so it's really their responsibility to make sure their software isn't pirated (if they want to protect their business).

Nevertheless, I feel that piracy can be benefically to any company, regardless of size. I think that it may even help smaller companies more than larger companies, because piracy may be the vehicle in which a particual software package becomes very popular. However, one has to realize that 100% of software can't be pirated, otherwise nobody would develop anything meaningful (excepting the free software movement, but that's something pretty special [and I do wholeheartedly support it, even with LOC when I can]--I am speaking in a manner of business). Like most things in economics, it probably requires the right critical mass (you need to have the right number/ratio of people buying your software to make you profitable, but you need to have a certian number/ratio of people pirating it to make it popular).

I never think that software should ever use measures that destroy your property (digital or otherwise) as a means to prevent piracy. I am glad that the author of the software mentioned above took out the folder deleting technique--I cannot believe he did that in the first place.

Re:pirates and all

[AlexTheBeast]

The one point this guy makes is that piracy does hurt the small niche programmer.

I have always been amazed that the large companies probably get a big benefit from releasing their software into world... people learn to use and depend on it... and eventually as the rep gets better, then sales improved.

However, I have no doubt that piracy has really hurt programmers like this guy. He reports a 30% decrease in sells. I can understand why he is so desperate.

Do two wrongs make a right?

If you know a kid is going to steal a coke, is it okay to put poision in that coke?

I don't know what is morally right or wrong, but I can understand why this guy is so worried.

AlexTheBeast

Addendum

I'd like to add that back when I was using windows, the first program that I ran into this with, bulletproof ftp, was actually able to detect a keygen'd serial number. It displayed a nasty message in the bpftp program and then opened up IE and took me to the ordering page on the bpftp site.

I was impressed. I was maybe 16, and I wasn't necessarily using keygens because I hated companies or wanted to be malignant, I just had no money. This was the first program that had been able to detect a keygen'd serial. So, I actually bought a license for bpftp... (it was cheap anyway).

Maybe I'm the only one who feels this way, but I had to hand it to 'em. It's a respect thing, I guess.

Or maybe it was just adolescent "logic" running through my head. Nowadays it seems kind of dumb. Oh well, thank god I don't use windows anymore.

Completely Unacceptable

[spin2cool]

If the author of the software had simply deleted the software itself, or disabled it in some way, this could be acceptable, but deleting a user's home directory goes WAAAAY over the line.

A good general guideline for ethical behavior in CS is theACM Code of ethics. This violates several points, including:

1.2 Avoid harm to others.

1.3 Be honest and trustworthy.

1.7 Respect the privacy of others.

(1.2 is the most applicable here, I think)

Re:Completely Unacceptable

[yo303]

If the author of the software had simply deleted the software itself

Back in the days when we were cracking Commodore 64 games, I remember there was one game that did something similar.

The game floppy had its write-protect notch covered, as with most commercial software. We played around with the disk, changed some things, and then tried to run the game.

It turns out that the very first thing the program did was to attempt to format the floppy disk!! Of course, for most users nothing happened, because of the write-protect tab. But we had to go back to the store to get another copy. (First thing we did after that was to take out the format command.)

We were annoyed but respectful.

yo.

possibility

[Hanzie]

The bomb-code was only up for a few hours, and reputedly nobody got nailed, so why is this article in existance, anyway?

I mean, with MS you click "I Agree" to a box that says they can modify or delete anything on your PC anyway. I think the big licenses even include a "search anytime we want" language too.

Oh, wait -- This is a MAC program. They're not used to losing all their data instantly (viruses, hideous crashes... etc...)

Well, you Apple fans don't have any decent viruses yet, and you need something to share our pain...

Good for him

[MarsDefenseMinister]

I'm a big supporter of free software, and am totally against software piracy. A contradiction? No SIR!

Free software depends on adherence by users to an agreement with the developers not to illegally use the software in a proprietary manner. If we expect people to abide by free software licenses, we have to abide by commercial software licenses too.

In my opinion, the only thing he did wrong was to not put a clause into his license that when the user clicks on it specifically authorizes the code to delete the home directory if it chooses to.

Stop stealing music, software, etc. while at the same time expecting free software to remain free. It's hypocrisy.

Just a question for everyone

[rd_syringe]

I can guess how the majority of this discussion will go, so I just have one question. Why do people always try to apply the ideas of OSS to commercial software? It's like people get so used to being able to download anything they want for free that they for some reason take that set of principles and apply it to software they weren't given permission to download without paying for. That's completely the opposite of the free spirit of OSS, which is that someone is purposely giving away their effort of their own volition, and you can contribute back to it for the good of the community. Pirating doesn't contribute anything except lost sales for the people who make a living and feed their families. It's not free advertising, it's not try-before-you-buy (that's what demos are for), it is nothing more than people not wanting to pay for something. Same thing with MP3 piracy, movie piracy, etc.

hitting back is illegal all the same

[l3v1]

No matter if they killed your dog first, if you kill theirs back in revenge you'll just as culpable as they are.

On the other hand, I can understand the difficult situation of small companies defending theirselves (we've also had to deal with similar situations lately).

I just don't accept this course of action. It just doesn't make him any different. Acting like this just proves his ignorance and inability to come up with a suitable defense (has not to be perfect, just enough to generate some reasonable income).

Re:Check the EULA

[themassiah]

This may be a troll, but I'll bite. Just because something is in writing, doesn't mean it's legit or legal! I could put a clause in my EULA saying "If you read this, I can take all your money and all your children's money", but that doesn't make it legal or enforceable.

Re:Check the EULA

[ValourX]

No, that is not true. A license cannot violate the laws of your country, and in the U.S. a license cannot take away any of your constitutional rights.

A provision in a license does not give someone superpowers over you. The only remedy legally available to software distributors/makers/developers that have users who are breaking the terms of the license is: termination of the license. There is no way to legally destroy files on a user's machine no matter what they have done to you.

-Jem

Developers still don't get it

[Teddy+Beartuzzi]

Pirates *aren't* your customer base. They don't buy software. They may use your program without paying, but they aren't a lost sale.

Spending time trying to convert them into customers is completely wasted. Stop them from using your program with a perfect protection scheme, and all they'll do is use a different program.

Do it in a rediculous manner like this joker, and all you're going to do is drive away your legitimate customers. I wouldn't pay for this thing in a million years. Who knows what crap this thing could pull in the future? All it takes is one bug, and suddenly it thinks legit users are pirates...

This stunt he pulled has caused far more loss of sales for him than any software piracy.

Better yet...

[InThane]

Offer the codes for free. This way you get out of the extortion issue.

However, in order to get the code, the person in question must prove their own identity... Opening themselves to criminal and civil charges.

I like that.

How about enlightened self interest (Re:Too Far?)

[winwar]

Okay, so the person didn't have permission to use the software. I can certainly understand the urge to do something like this.

However, consider the consequences. The publisher could get sued. Sure, he probably will (might?) win, but it costs money to defend. Oops, there goes more profit. The publisher loses goodwill (hard to define-but not all publicity is good publicity....). Oh, and maybe the publisher gets hacked/cracked by someone he has pissed off (people pirating software may not have the strongest morals/ethics/logic but some may be good at computers). Oops. There goes more profit.

In short, I see a lot of downside and little upside. And I sure as heck wouldn't want to use a product as a LEGITIMATE user if I knew it was designed to screw up my system (even if only for illegitimate users).

Rediculous extremes

[87C751]

What ever happened to just not working when a bad S/N is entered? Not producing garbage output or destroying files, but just not working. If you're going to take the approach of pissing off the user, where's the justification in vandalizing the system to do it? Unless the programmer is trying to invite up-close-and-personal criticism.

Re:Rediculous extremes

[Just+Some+Guy]

What ever happened to just not working when a bad S/N is entered?

Or even a known-pirate S/N that the installer used because they left the legitimate number lying on a notepad on their desk at home, and need to get system at a remote site up and running now?

Back in the Windows 98 days, I found myself in the position more than once of having left the OS box with serial number at home, so I'd have to Google (well, AltaVista) for one of the popular warez versions so I could finish an install and go home. Note that I was not pirating anything; I had the legal right to install one copy of the OS, and I installed only one copy.

So now I'm visiting my mom's city on a long weekend, and helping my sister install Echelon so that she can burn copies of her vacation video. Dang, the legit serial number is sitting in my mailspool behind a ridiculously paranoid firewall 500 miles away. I know - I'll just grab a S/N from the 'net to get her system going until I get home. Oops, sorry 'bout that, sis! Hope you had backups!

Re:Rediculous extremes

[Just+Some+Guy]

Justify it all you want, it is still illegal. You have a serial number, misplacing it does not give you the right to use someone else's.

No, it's not. It may be against your particular Terms Of Service, but it's not illegal. First off, I can't imagine any software company in the world that would object to this as long as you stick to the correct number of seats / connections / whatever. Second, try explaining that to the judge:

Them: "Your Honor, the defendant paid $39.95 to buy this sequence of digits that would allow him to use our software, but he really used that sequence."
Judge: "And he using features that he wasn't entitled to, under the terms of the correct sequence?"
Them: "No."
Judge: "Oh. So, then he sold the 'legitimate' sequence while still using the one he downloaded from Google?"
Them: "No, Your Honor. The thieving pirate went home, printed out the legitimate sequence, mailed it to the customer whose machine he illegally installed our software on, then deleted it."
Judge: "Are you on crack, or does this really make sense to you?"

Most effective forms are-

[celerityfm]

First off I am dumbfounded that you have not sold a single copy of your software :( It looks really nice though and I'm sure if I had a need for an HTML editor I would consider your software!

But I believe we already have some glowing examples of effective anti-piracy measures:

#1) Counter-strike. The video game. Yes, Valve's CD-KEY system actually works here because in order to play the game you have to connect to a server. To be able to connect to a server your CDKEY has to match one of the keys in their database. To be able to play your EXE cannot be cracked/modified as MD5 checksums stop you from joining. I'm sure there are ways around this but I haven't read about anyone who has effectively cracked this mechanism for multiplayer yet. MMORPGs are another good example.

#2) Windows. Microsoft gave up on focusing on the individual user a long, long time ago as Bill Gates realized the real money isn't in individual sales as much as it is in contracts with pc manufacturers to have windows preloaded on new PCs. It would be a little harder for DELL to put a pirated copy of Windows XP on every single computer they sell, so Microsoft eliminates piracy here by making the user buy Windows before they get the computer. Of course, there are ways around this too.

#3) Extreme dongles. Forcing the users to attach a dongle to the computer while running the program makes things harder on the crackers. Not impossible to crack, but more effective then not having it.

But overall the most effective copy protections involve some sort of online "serial # check" or program integerity check of some kind. Since your users are web developers then they'll most likely be online anyways this may work. But another poster pointed out that as long as you are letting people download a "time limited trial version" that unlocks by simply entering a serial code then you've got a problem since the most effective crack is to simply fool your program into thinking trial mode never ends.

It may be better to just distribute a "crippled" version that cannot unlock and let people who buy the software get an "unlocked version" that pings you with a serial number. You start to see 2 serials pinging you, then you block the serial and tell the owner to contact you for a new #, etc.

Course people will think your software is spying on them by pinging back to you.. so definetely go out of your way to explain whats going on to the user.

Good luck!

Well....

[SerpentMage]

1) The shareware can charge whatever price they feel is right. If the price is too high then nobody will register. It is the shareware author's choice.

2) If you have a copy of the software that does not work as you expect it, then DON'T BUY IT, and don't ask for support. If you use the software then buy it! It is that simple.

3) Piracy has NO justifications whatsoever. If you don't like it, use open source and don't pay a cent. But don't pirate because you are a cheap ass.

Re:Well....

Piracy has NO justifications whatsoever.

Blanket statements are rarely true. I infringe upon copyrights routinely. I believe that copyrights should have limited terms, and that the terms should be sensible. Therefore, I have no problem infringing upon ~15 year old copyrights, while respecting younger copyrights.

Stupid kneejerk blanket statements, on the other hand, have NO justifications whatsoever ;)

Guilt Trip

[Kalak]

The best anti-piracy serial number solution I've seen was one (I can't remember the program) that, when you entered a known pirated serial number, it said "You just entered a pirated serial number. I know I can't stop you, but I can sure make you feel guilty. You can use the program now withouth the nagging now, you cheap bastard" (Or similar, it's been a while.)

It worked. I decided to delete the program until I could convince work to buy it for me. (New job, so the copy stayed with them.) I've never looked at pirating serial numbers the same since. I try hard to get work to buy the smaller software companies stuff that I use, or I delete it, or look for freeware so at least I'm being cheap but without the guilt.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Subject line?

[A+well+known+coward]

Shouldn't the subject line for this story read "Independent Developer Fight Piracy & Loses it?

chroot jail

[M51DPS]

You know guys, trying to delete the user's home directory or messing with them in other ways might seem clever, but what if they decide to run their program in a chroot jail?

Re:chroot jail

[jrockway]

My textbook "Exploiting Software" suggests that if you are able to overwrite the interrupt vector, you should do something malicious when a breakpoint is hit, like erase the disk. That should keep people from fucking with the internals of your program for a while. I see about 30 ways to get around this, but m0r0n h4c13r software cracker might not.

Still kind of funny that a textbook suggests this :)

Open Letter to Slashdot

[serutan]

Dear Slashdot,

I'm an independent car manufacturer. The cars I build are licensed to be driven only by the purchaser. Sort of like the airline industry selling non-transferable, non-refundable tickets. Recently I have been losing money to transporation pirates who loan their cars to friends. They keep defeating whatever user-identifying technology I build into the cars. Based on one new car purchase per unauthorized transport, I estimate that I lose $400 billion annually to these pirates.

I've already bribed Orrin Hatch to make it illegal to drive somebody else's car. I even got Congress to spend billions of taxpayer dollars to install anti-piracy, I mean anti-terrorism cameras on every freeway overpass, to photograph people driving other people's cars, in case they're terrorists. Transportation pirates soon discovered they could simply wear a paper mask of the car owner's face. Some driver-id protestors even wear opaque, featureless masks when they drive their own cars. I've tried randomly suing people, but the shock value wore off pretty quickly and I barely recovered my legal costs. But at least I proved that I'm right.

Accepting that my business model doesn't work in today's world and going into another line of business is not an option. I don't want to face reality, I want to change the world to be the way I want it to be, regardless of the side effects. I also want everybody to be on my side and admit that I'm right. What should I do?

yes

[zogger]

Totally illegal to set any sort of mechanical traps like that, BUT, there's a nifty loophole, it's called "rottweiler". Totally legal and effective in most cases.

Re:How about enlightened self interest (Re:Too Far

[dissy]

> The publisher could get sued.

More like -will- get sued.

I'd gladly admit to one count of copyright voilation and pay my dues if I could at the same time prove he deleted a million or two dollars worth of IP from my account.

Then on top of it, toss in any/all new malware and trojan horse laws at him, add a pinch of whatever they are calling 'cyber terrorism' nowadays, mix, stir, sit back and laugh all the way to the bank.

Worst part for the author about this, his software is 'out there'. It's not something he can easily take back.
One could spend a few months cleaning up any piracy connections they have, building/collecting this few million dollars in ligit IP, and install his software knowing what will happen. Its alot harder to prove someone isnt stupid than it is to prove this software author intended for his program to do this.

About the only recourse is posting a warning on his site that whichever version this is is seriously broken and will (read; WILL) cause damage to your system.
I'm sure there are even courts that will not look favourably at that, based fully on his intent.

Dude seriously needs some perspective.
It may feel good to pump 12 rounds into an unarmed tresspasser, but comon...

Suggestions

[metamatic]

Well, I just took a look at Net Weasel. It looks to me as if you've made a few fairly basic mistakes from the marketing perspective, so let me try and come up with some helpful comments as to why you're not getting the response you're looking for.

1. Firstly, as far as I can tell your product is an HTML editor with no CSS support. Well, these days that's like trying to sell a graphics editor that doesn't do PNG, or an e-mail program that doesn't handle attachments. Even people who don't want to do their entire site design in CSS still want to be able to do the neat stuff you can only do with CSS.

2. Related to the above, HTML standards have changed a bit in the last 5 years, and you haven't kept up to date by the looks of things. Not valid XHTML, no DTD statement, and so on.

3. You've chosen a field where there is massive amounts of competition, and that's never a good way to make money. Everyone and his dog has made a simple text editor that handles HTML and makes it a bit easier. So, even if you had the best HTML editor in the world, I still wouldn't expect you to be raking in big bucks, because you'd be up against at least half a dozen big companies with big advertising dollars, shelf space in every Best Buy, and major mindshare.

4. Think about who your target market is. You're not going to stand a chance of cracking the pro web designer market with the product you have; pro web designers need CSS, template libraries, DTD validation, image slicing, applet and plugin integration, and so on. At the opposite end, you're not going to get the Joe Sixpack market either, because they'll see raw HTML and recoil in horror. So, you're going after what I'll call the "dabbler" market--people who've learned a bit of HTML for fun and want to build a small personal web site. That's a pretty small niche to be in.

5. You don't have enough differentiation from the free offerings for that niche, in my view. Every half-decent free text editor can edit HTML with syntax coloring, and usually validate it and generate IMG tags too. You clearly know what your differentiators are, which is good: they're the table editor, the form editor and the frameset editor, and maybe the font dialog if it supported CSS, which it doesn't. Trouble is, dabblers generally don't need forms or tabular data--they use tables for layout, which it doesn't look as if your table editor is suitable for. They sometimes use framesets, but most of them know by now that frames suck. So, what can your product do that makes it an essential $20 upgrade from vim or jEdit? Nothing as far as I can see, and...

6. ...if I've missed some compelling must-have functionality your program offers, then your web site needs drastic improvement.

I don't honestly think that you can hope to make money in the market you're currently aiming at. To do so, you'd have to fix all the defects and shortcomings, and then come up with some "killer app" functionality to beat Mozilla Composer, jEdit and the rest.

So you'd have to get up to date with the standards, and support XHTML and CSS. Then you'd need to add all the other features the free text editors have that people just expect these days, like file browsers, folding, abbreviations/macros, regexp search and replace, autosave, bracket/tag matching, multiple cut/paste buffers, and spelling correction. And then, you'd need to add more compelling features, like a graphical color selector with tools to help users pick complementary colors, and something to search and replace across multiple pages.

That's a hell of a lot of work for a product which, realistically, people would still only pay $20 or $30 for. If I were you, I'd cut your losses and write software that does something nobody else has done yet, or nobody has done cheaply, or nobody else has done well.

Re:Oh, the irony...

[metamatic]

Yeah, damn right. His program was aimed at taking DivX and MPG movies in commonly downloaded formats, and turning them into DVDs.

So, he wrote a program whose main audience was people who violate copyright, and was then surprised to find people pirating his software? Oh, cry me a river.

I feel the same way about people who write shareware "file sharing" applications, and then act all irate when we share the registration codes for those applications. If you don't want your work to be ripped off, it'd help if you didn't go out of your way to assist people in ripping off the work of others. I've registered fifteen pieces of shareware, but I'm sure as hell not registering "file sharing" software.

Plus, the "meat" of his software was apparently GPLed projects such as ffmpeg anyway...

Re: Not far enough.

[ultranova]

Data Bombs and similar devices may not be the most effective detterants, but with all the brainpower behind the open source movement, there has to be something that can help closed source projects keep security intact without resorting to mass-lawsuit ventures. Without adequate protection, cracks come out within days, if not hours, and ISO's are released as soon as the CD's hit the market.

What, excatly speaking, does open source movement have to do with piracy ? Open source is all about making the source code of the program available to the end user; it has nothing whatsoever to do with removing copy protection from closed-source programs.

Furthermore, all the various stupid copy protections do is make cracks sometimes an absolutely neccessary part in getting the program to run. For example, the (legally bought) game Morrowind kept crashing on my machine at startup because of copy protection check; applying the no-cd crack solved the problem completely. Copy protection does not slow pirates in any significant way, it simply annoys legal users.

And deleting the users home directory simply ensures that no one will buy your products out of fear of them deleting their directories because of typos when entering serials or programming errors.

Ok well I'll thrown in my 2 cents

[Sycraft-fu]

Not about piracy, but about your program. I think the reason you aren't seeing registrations is because you've made a pretty much unmarketable product. Now I'm not going to go and extinsevly play with it, but it looks to me like a bit of a glorified text editor. Looks like you've added some things like syntax highlighting, a couple wizards for building tables n' such and, well, that's about it.

Ok, well that's nice. That is certianly more HTML related features than notepad, and even a bit more than my beloved UltraEdit. However, you still face the same problem: You have released a text editor. It has a couple nice features, but it's just a text editor in the end.

Well, that's the kind of thing that most people will take for free, but just aren't willing to pay for. I mean there are some nice features over a basic one, but I have a feeling if you made copying impossible, most people would just do without.

You aren't asking a lot, but then again, you don't give a lot. I mean your HTML wizards for tables and frames seem unique but, really, those aren't that useful. Your editor also lacks most of the advanced features that Ultraedit (slightly more expensive than you) or Textpad (slightly cheaper than you) have.

Finally, your stuff is out of date. Tables and frames are NOT the recommend way for doing layout anymore, layers are. If I was going to get an editor that could help me do something in HTML, layers would be my top choice.

So, what you need to do, if making money is your goal, is do something to make your editor more worth buying. Here are some directions you could take:

1) Go the text editor route. Flush it out with support for huge files, hex editing, regular expressions, alternate encoding, macron, etc. Make it a full featured text editor to comete with Ultraedit, but add something more, like your HTML wizards.

2) Go the wizards route, but have them for EVERYTHING. You list like 3 wizards (form, tables, frames). K, nice start, but you need to add a whole lot more. Layers, style sheets, DHTML, JavaScript, etc. Make it so that the wizards can more or less write anything for you.

3) Go the visual route. Try and make something like Fireworks, only probably less featured (And also less espensive). Something for those that want the pointy-clicky but can't afford a Macromedia product.

However where you are now, I'm not supprised that you aren't getting sales. Your product is nice, and maybe something I'd use for free, but I don't see that I'd want to pay for it, espically not instaead of Ultraedit or Textpad.

Not trying to justify the copying, just trying to explain it and give you some ideas.

Also, the whole OSS/GPL push doesn't help. People are becomming trained that little programs that are downloadable ought to be no cost. Software in a box costs money, not software on the web.

Also, don't feel like no one ever buys things like this. The University of Arizona has a site license for Textpad. People do buy text editors, but you need to find an angle that someone doesn't ahve, or do it better than someone is doing it now.

When someone else installs the warez on your PC

[sstidman]

I would probably tend to be one to side with the "crackers deserve what they get" folks, being that I always pay for my software and don't like the fact that folks take stealing software so lightly. However, about a year ago I had installed some shareware that was somewhat crippled until a valid license key was entered. A friend of mine took the liberty of going to a warez site, finding a key for the software and entered that key. He did not ask me nor did he tell me he had activated the software. I found out when I came back from the bathroom. Had that software deleted my entire home directory, I would have been seriously ticked at my friend and the author of the software. I might have been ticked enough to talk to a lawyer.