Slashdot Mirror
Software Deletes Files to Defend Against Piracy
teamhasnoi writes "Back in 2004, we discussed a program that deleted your home directory on entry of a pirated serial number. Now, a new developer is using the same method to protect his software, aptly named Display Eater. In the developers's own words, 'There exist several illegal cd-keys that you can use to unlock the demo program. If Display Eater detects that you are using these, it will erase something. I don't know if this is going to become Display Eater policy. If this level of piracy continues, development will stop.'"
And think of the even more egregious instance of a user acquiring a license that they think is valid only to find that this piece of crap has deleted their data. Additionally, is it possible that this piece of software could crap out and delete the data of a legitimate user (sorry, the only code I know is the Contra code for extra lives)? Also, a question, could a user backup up their home directory, install this crap software, and then restore their home directory and continue using the software?
Don't worry about the mule, just load the wagon.
It might just be an idle threat.
It seems there would be too much liability to try and pull of a scheme like this
At least here in the UK, I believe this would be a criminal offense. Of course the pirates might not want to report his crime, but he's still breaking the law.
It is probably a criminal offense in the USA too, falling under the category of unauthorized access to a computer system. Based on the general advice that contract developers should not use software timebombs to insure payment, it is probably a civil offense too.
Furthermore, to the best of my knowledge, using someone else's serial number is not a crime - you can't copyright a serial number and the DMCA shouldn't apply to a valid serial# since it isn't an "access control circumvention device" any more than something like a car key is, and even if it was an invalid serial# certainly could not be one since it doesn't even work.
I think this guy is setting himself up for a whole host of problems if he pisses off the wrong guy.
When information is power, privacy is freedom.
At least here in the UK, I believe this would be a criminal offense. Of course the pirates might not want to report his crime, but he's still breaking the law.
1. Purchase said application
2. Try to activate it using a pirated key because you have "misplaced" your real key
3. Sue the hell out of him
4. Get a microscopic slap on the wrist for the key thing
5. Get a massive damage award
6. Profit!
I can see so many ways to get the author in so much trouble over this. For example, send out SPAM advertising a 30-day free trial, using said serial number. He'll be drowning in criminal and civil lawsuits quicker than he can pull it from the market.
Live today, because you never know what tomorrow brings
Wouldn't this fall into the same category as boobytraps? You cannot legally boobytrap your car seat to injure someone that is trying to steal your car for example.
More specifically, deliberate destruction of another person' propety is not lawful even if they are in the act of committing a crime, whether or not the crime is against you or anyone else. For example, if you see a man run into a bank and the alarm bells start going off and you know he is robbing the bank, if you pull out your pocketknife and slash his tire to stop him from getting away, you will still be held liable for the damge to the tire.
I work for the Department of Redundancy Department.
I just wanted to say thanks for operating this way, and I hope you've received enough from registrations to make it worth your while. I don't use BlueBox, but I appreciate the thought.
I will admit that I have way too much pirated software on my system at home. Of course, I'm also not using most of it. For the most part, I prefer to demo software I've never used - it's just too hard to get through the marketing hype to determine if it really works for me. I must have thirty or forty apps for video conversion. I use three. No, scratch that - I'm down to two now. One is freeware, and the other I registered.
Sadly, 15 day - and sometimes 30 day - trials just aren't enough. Because I'm busy, I may install something to try it, and then not really get to try it out fully for a couple of months. Which means I either get a cracked copy to try it, or I pass.
While I may not have all the software I own registered, I make sure to register those that really help - even those that don't require it. Since I'm not a programmer, I do rely on these "little" apps to help out. Rename1-4a, IrfanView, and a couple of others I find indespensible. I always make sure I pay for anything I'm still using after 6 months. If I 'm still using it, it's got to be good enough to pay for. Oddly, I still have some crakced versions I use becuase I'm too lazy to enter the real SNs. I have two or three versions of Nero floating around, not all of them with legitimate SNs, but I have three consecutive version retail registry numbers I paid for, so I'm calling it even.
Anyway, thanks for being generous. Some of us out here really appreciate it.
Is it just my observation, or are there way too many stupid people in the world?
To see what the fuss is about, I downloaded the 'demo' and took a look inside the executable. (No way am I running the damn thing!) There are some really amateurish icons and bitmaps, and the the string table reads like it was written by an emo kid. I'd reproduce some of them here, but fucking slashcode seems to be eating the long strings.
Really, the whole thing looks like it was written by a goofy high-school kid. Since he is displaying the Apple Universal Binary logo on his site, I suspect he's in violation of the logo licence agreement, and I suspect Kagi, his payment processor, won't be too pleased with him, either.
www.lucernesys.comHorizon: Calendar-based personal finance
It is a very dangerous step. The risk you mention is there, and so are others. It is a step so insidious, so tempting, that it could change the entire viability of being involved in the software industry, putting one member of the developer/user pair at extreme risk, even to the point of going out of business or losing things dear to them. It is thoughtless, cruel, and unethical, yet the benefit is so tempting that this same member is unlikely to be able to resist it without at least some soul-searching. The idea of getting something so useful accomplished for just a tiny bit of extra work — regardless of the consequences to the other party — is compelling indeed. So profound is the benefit, it may be that the mantle of social stigma one presumes would be associated with this type of activity will be assumed with pride, perhaps even hats and t-shirts bearing some type of cultural touchstone that signifies the wearer supports this will be produced. Yes, it displays a level of disregard that is no less than appalling to those of us who would like to think that the developer/user relationship would be one based on ethics that should be deeply ingrained into both parties; but we know these characteristics are widespread throughout not only one society, but the world's societies. Because we have seen all of this before.
In the software piracy community.
I suspect that developers in general have worked up just about the same regard for software pirates as the software pirates have displayed for them over the last few decades. That would be... none. So if this gets a foothold, it may be that the only thing that can stop it will be legislation. The only salient difference here is that developers tend to be easily found and prosecuted, as compared to pirates, and utterly toothless though congress and the states have proven to be with regard to protecting the developer's interests, I rather doubt they'll allow the developers to act as judge, jury and executioner in the matter of people who appropriate IP from them without providing the asking price.
So this is probably a tempest in a teapot. It'd be nice if it made the pirates think about what they are doing, but if there is one thing I am sure of, it is that software pirates don't do a lot of deep thinking. These are people with the behavior patterns of small, scheming children. Knowing they are unlikely to be caught, nothing remains to hold them back; they are truly ethical simpletons. I am sad to see developers falling to their level. But I am not surprised.
I've fallen off your lawn, and I can't get up.
Well said sir. Anyone who thinks otherwise, just point them to that recent case of the Australian guy from DOD being prosecuted for COPYRIGHT INFRINGEMENT. The word "theft" is thrown around for copying software, but the charge is always COPYRIGHT INFRINGEMENT because A) that's the correct legal definition, and B) due to the corporations buying up the lawmakers, it carries sterner penalties.
I have on more than one occasion used a "illegitimate" key rather than hunt down the real key. I've purchased enough software to fill 3 boxes, but sometimes its faster to find a key or crack on the internet than try to hunt down the legitimate key. Hey, I'm unorganized, I admit it. I even try to keep a text file with legitimate keys on my computers, but even those seem to be misplaced over time.
If I had purchased this software legitimately, and used the wrong key, I wonder what my recourses would be if it deleted my files.
We bought a webcamming system from a company called Datetopia. If the php side of the software detected $_SERVER['SERVER_NAME'] wasn't the one it was registered to (eg: if you decided to buy video.mydomain.com and use that for it), then it would drop its tables in the database.
The softare was badly written (used register_globals, etc), and lots of the code was put in an eval() (potentially a security nightmare), and obfusicated (base64'd, etc). We decided to scrap it, rather than reverse engineer it, so we wrote our own.
Patently false. Hitting you in the face is an intentional tort: battery. But sign a waiver, put on boxing gloves, and enter into a boxing ring with me, and you'd be completely without legal recourse when the fight begins. Consent, if properly expressed by contract, is a very effective defense to an intentional tort.
Now you might argue that there's no valid consent here, that the contract is ambiguous or non-binding for a number of reasons, but that's a different argument entirely.
Back in 1981 my neighbor dropped about $1000 on Commodore 64 and an accounting package. He used it for about a year until one day the copy protection (floppy disk based, probably because of head mis-alignment) which the software vendor never once mentioned, falsely decided that his program was a pirated copy and wrote "PIRATEPIRATEPIRATEPIRATE" over all his business records. My neighbr went absolutely apeshit (yes, no backups), called his lawyer, and in the end an employee of the computer store spent two weeks re-entering the data from paper.
It was a stupid idea then and it is a stupid idea now.
FUD or not, I'd still be concerned that the Destroy function could go awry, and might delete files it had no business touching. That could be as simple a bug as failing to check where it's logged to before it starts killing files.
I'd also be concerned that a mere typo (or the program misreading the input) while entering a legit serial number could trigger this.
I remember some years ago a particular DOS app would delete all files in the %TEMP% directory at exit. Trouble was, it assumed that all users were savvy enough to have moved the TEMP variable away from the default, which happened to be C:\DOS. So when the program was run, at exit it proceeded to delete the contents of the user's DOS directory. (At the time the coder reacted by saying users who didn't change their TEMP variable were too stupid to live anyway... how is that his determination to make? and if so, why didn't he take steps to protect even stupid users' data??)
Several times, I've had legit software refuse to accept its legit key, and had to go find one somewhere on the net to make it work. Not just small stuff either -- in one case, the app was Win98!!
Anyway, my point is... see how easy it is for the coder to make a mistake that could cost legit users bigtime?!
~REZ~ #43301. Who'd fake being me anyway?
From what I recall, id claims to have used DES to encrypt the keys. I'm guessing they simply encrypted a serial number with a secret key (that only id knows). Only the authorization server checks the key -- the game only checks whether the key is in the right format. While DES isn't uncrackable, it's not that easy to break either. I think it's unlikely that a real keygen exists. A more plausible explanation is that your copy wasn't actually new. Game stores often have equipment and supplies to reseal a box, and I've known some employees to "borrow" a game from the store.
http://www.apple.com/downloads/macosx/video/displ
A piracy tool gets pirated. Why am I not surprised?
Hmmm, lets see, why would I want to capture a video on my screen to a quicktime movie? It must be because I do not legitimately own the video being displayed on my screen.
This guy was tempting fate from the start. Dollars to donuts its the MAFIAA that is pirating his product.
This product should have been underground to start with, and should have stayed there.
Or better yet, don't run it at all -- and then see how much profit this asshole makes!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Sure, he says that now, but which statement of his are we to believe? It doesn't look like the source code is available so the only way to test it is to install the program, find a pirated key, try it and see if you lose your home directory. I'd say it's far safer to just find another program and avoid this guy entirely.
Also note this:
Together these imply the deletion code was implemented and in the program prior to 2/7/2007. Based on the information available there's no way to tell how long it was in there, but it sounds like it was removed only on 2/7/2007.
So I don't think it was a hoax, I think the guy really did it, found out that it was the worst mistake he'd ever made and is now trying to do damage control. Personally I wouldn't use any program from him, at the least he lied about the code and has proven himself untrustworthy.
Hmm, I just wonder what sort of lawsuits would follow if someone bought a legit key but made a mistake in entering it, or the registry entry gets corrupted (something that obviously never happens..).
:-).
This is a simple breach of virtually any computer related laws I can think of. If you have a problem with piracy you're welcome to stop the program from working - you have, however, no right to act as judge and jury and become a vigilante, nor do you have right of access to the computing resources and information your code is near.
In short, if you do that you're no better than a virus author and thus deserve the same treatment.
You can't even plead temporary insanity (well, OK, maybe permanent insanity
Insert