Software Deletes Files to Defend Against Piracy

teamhasnoi writes "Back in 2004, we discussed a program that deleted your home directory on entry of a pirated serial number. Now, a new developer is using the same method to protect his software, aptly named Display Eater. In the developers's own words, 'There exist several illegal cd-keys that you can use to unlock the demo program. If Display Eater detects that you are using these, it will erase something. I don't know if this is going to become Display Eater policy. If this level of piracy continues, development will stop.'"

Aren't there laws against this?

[KDR_11k]

Considering that in our legal systems two wrongs don't make a right (and three rights make a Nazi demo...) vigilante justice like this should be punished. That developer better hope the court he'll face accepts EULAs as valid and he never travels into a country where they aren't.

Re:Aren't there laws against this?

[Dogtanian]

Flamebait? Odd "Nazi" comment aside, this is broadly sound.

I'm no rabid anti-copyrightist and I can understand the guy's frustration and desire to do something about piracy. However, his actions strike me as both ethically and legally dubious. Whether it's it's morally acceptable to damage someone's computer even if they pirate your software is one thing. Legality is another kettle of fish. There are issues as to whether he made the program's behaviour clear in the EULA, and even if he had whether this would make his actions acceptable.

Even if it were, this guy had better hope that his protection scheme doesn't go wrong and delete stuff when someone types in a key incorrectly (or types it in correctly and the program messes up anyway). We all know the BS some software goes through when it decides that what are supposedly legal keys are actually illegal; does anyone want to take that risk? What is his legal exposure if someone inadvertantly buys a copy with pirated keys from a dubious source?

Their responsibility? IANAL, but I wouldn't want to risk that line in a court of law.

He says that

I don't know if this is going to become Display Eater policy. If this level of piracy continues, development will stop. Someone else replies

Please stop writing code. You'll do the Mac community a huge favor by never showing your face here again. And I have to say that this pretty much sums it up.

Re:Aren't there laws against this?

[orkysoft]

Also, a question, could a user backup up their home directory, install this crap software, and then restore their home directory and continue using the software?

I don't think so. At the time the software "decides" to delete the user's files, it also "knows" that it is a pirated version, and that the serial number is invalid (that triggered the deletion). Hence, it also "knows" that it shouldn't allow itself to be unlocked from the demo version.

I think this is a very dangerous step: what if there was a bug that caused the software to delete your files without a pirated serial being entered?

Besides, if the author sells activation keys, he knows who bought which one, and thus whom to sue when one of those keys gets posted on warez sites. Unless he doesn't use online activation with arbitrary keys, but instead has an algorithm in his program that determines the validity of the key. That's just asking to be cracked.

Also, piracy tends to be a powerful weapon against your competition: you might not make money from the lost sale, but (1) your competitors won't either (2) the pirates gain familiarity with your software, and are more likely to choose it when placed in a situation where they can't use pirated software, or recommend it to friends, and your competitors don't gain this advantage. See also: Microsoft Windows/Office, Adobe Photoshop.

Re:Aren't there laws against this?

[v1]

Wouldn't this fall into the same category as boobytraps? You cannot legally boobytrap your car seat to injure someone that is trying to steal your car for example.

More specifically, deliberate destruction of another person' propety is not lawful even if they are in the act of committing a crime, whether or not the crime is against you or anyone else. For example, if you see a man run into a bank and the alarm bells start going off and you know he is robbing the bank, if you pull out your pocketknife and slash his tire to stop him from getting away, you will still be held liable for the damge to the tire.

Re:Aren't there laws against this?

[tomhudson]

It IS against the law: Computer Fraud and Abuse Act - and the penalties were increased under the PATRIOT Act.

Knowingly causing the transmission of a program, information, code, or command that causes damage or intentionally accessing a computer without authorization, and as a result of such conduct, causes damage that results in:

1. Loss to one or more persons during any one-year period aggregating at least $5,000 in value.
2. ...

So, why not complain and get this guy marked as a "terr'rist"? After all, what's your pr0nn^Wdata worth?

Re:Aren't there laws against this?

[rainman_bc]

what if there was a bug that caused the software to delete your files without a pirated serial being entered?

I recall a day where I bought myself a copy of Quake III Arena, and the key the game came with was already in use and identified as a pirate key - thanks to keygens.

Makes me wonder how bulletproof this is.

Re:Aren't there laws against this?

[fyngyrz]

I think this is a very dangerous step: what if there was a bug that caused the software to delete your files without a pirated serial being entered?

It is a very dangerous step. The risk you mention is there, and so are others. It is a step so insidious, so tempting, that it could change the entire viability of being involved in the software industry, putting one member of the developer/user pair at extreme risk, even to the point of going out of business or losing things dear to them. It is thoughtless, cruel, and unethical, yet the benefit is so tempting that this same member is unlikely to be able to resist it without at least some soul-searching. The idea of getting something so useful accomplished for just a tiny bit of extra work — regardless of the consequences to the other party — is compelling indeed. So profound is the benefit, it may be that the mantle of social stigma one presumes would be associated with this type of activity will be assumed with pride, perhaps even hats and t-shirts bearing some type of cultural touchstone that signifies the wearer supports this will be produced. Yes, it displays a level of disregard that is no less than appalling to those of us who would like to think that the developer/user relationship would be one based on ethics that should be deeply ingrained into both parties; but we know these characteristics are widespread throughout not only one society, but the world's societies. Because we have seen all of this before.

In the software piracy community.

I suspect that developers in general have worked up just about the same regard for software pirates as the software pirates have displayed for them over the last few decades. That would be... none. So if this gets a foothold, it may be that the only thing that can stop it will be legislation. The only salient difference here is that developers tend to be easily found and prosecuted, as compared to pirates, and utterly toothless though congress and the states have proven to be with regard to protecting the developer's interests, I rather doubt they'll allow the developers to act as judge, jury and executioner in the matter of people who appropriate IP from them without providing the asking price.

So this is probably a tempest in a teapot. It'd be nice if it made the pirates think about what they are doing, but if there is one thing I am sure of, it is that software pirates don't do a lot of deep thinking. These are people with the behavior patterns of small, scheming children. Knowing they are unlikely to be caught, nothing remains to hold them back; they are truly ethical simpletons. I am sad to see developers falling to their level. But I am not surprised.

Re:Aren't there laws against this?

[Goldberg's+Pants]

Also, piracy tends to be a powerful weapon against your competition: you might not make money from the lost sale, but (1) your competitors won't either (2) the pirates gain familiarity with your software, and are more likely to choose it when placed in a situation where they can't use pirated software, or recommend it to friends, and your competitors don't gain this advantage.

That is a very interesting point. I'd never thought of that before.

This developer should be ashamed of himself. Two wrongs don't make a right has been said. This is akin to taking a shotgun to someone stealing an apple. Absolutely reprehensible behaviour, and I hope he suffers dearly for this Russian Roulette style of copy protection.

And let's not forget... Typos... The developer may think "Oh yes, well the odds of someone typing a key wrong that happens to match the ones that trigger deletion is incredibly small..." To which I point to the 6/49 style lottery. Chances of winning, 16 million to one. People still win it though. Regularly.

Re:Aren't there laws against this?

[Zordak]

There are issues as to whether he made the program's behaviour clear in the EULA, and even if he had whether this would make his actions acceptable.

Destroying a user's data is an intentional tort. You cannot waive intentional torts by contract in any jurisdiction of which I am aware. So the author is pretty much toast here.

Re:Aren't there laws against this?

[smccurry]

I have on more than one occasion used a "illegitimate" key rather than hunt down the real key. I've purchased enough software to fill 3 boxes, but sometimes its faster to find a key or crack on the internet than try to hunt down the legitimate key. Hey, I'm unorganized, I admit it. I even try to keep a text file with legitimate keys on my computers, but even those seem to be misplaced over time.

If I had purchased this software legitimately, and used the wrong key, I wonder what my recourses would be if it deleted my files.

Re:Aren't there laws against this?

[Hamoohead]

In Soviet Russia, files delete YOU!

Re:Aren't there laws against this?

[ultranova]

or to be an actor in a "snuff film."

I knew it was a good idea to read Slashdot one last time before leaving for work !

Re:Aren't there laws against this?

[Goldberg's+Pants]

MAJOR criminal.

Okay, so if he's a MAJOR criminal, what does that make, to pick a name at random, Jeffrey Dahmer? I have no real sympathy for a pirate like that Australian one. He took a risk, got caught. But I DO have a major problem with your assertion that he's a MAJOR CRIMINAL. He's facing longer in jail than most rapists, or people responsible for manslaughter. If he'd broken into the office of the companies he copied software from, he'd be facing less time in jail.

So please, go ahead and explain how a womans body, or a human life, is worth less than some software.

I look forward to your justification of the term MAJOR CRIMINAL.

Re:Aren't there laws against this?

[pilkul]

Because we have seen all of this before. In the software piracy community. I suspect that developers in general have worked up just about the same regard for software pirates as the software pirates have displayed for them over the last few decades.

Since when do software pirates hack into developers' systems and delete their stuff? Even in the rare cases like the famous HL2 hack at Valve, code was copied out not deleted.

These are people with the behavior patterns of small, scheming children.

Small, scheming children hoard everything for themselves, they don't share everything freely with the world. (Whether the things shared are "stolen" is a separate matter.) Developers like this one, with callous, selfish antipiracy measures are the only ones resembling children here.

it is that software pirates don't do a lot of deep thinking.

I see you don't either, since your comparison is baseless and driven only by your obviously deep-seated visceral hate of pirates.

It is thoughtless, cruel, and unethical, yet the benefit is so tempting that this same member is unlikely to be able to resist it without at least some soul-searching.

I make my living as a developer and I am not tempted to implement this measure in my software one iota. The fact that you do (and project your feelings onto others) is telling about how irrational and hateful you are in this matter.

Re:Aren't there laws against this?

[Afecks]

You hit the nail on the head buddy. A long time ago I figured out that there are 2 kinds of people. Those that are willing to pay for software and those that aren't. No amount of threats, begging or trickery is going to make a dent in changing the ratio of those 2 groups. The only thing you can do is help prevent those that are willing to pay from bypassing you and getting it for free.

That is the only sane reason for any kind of copy protection. It must be done so as to make getting a free version more trouble than getting the legal paid version. You must put your paying customers on a pedestal above the pirates. If you treat them like criminals you may find them becoming more like them everyday.

I know several groups of software crackers and I understand the mentality behind them. They crack software because it's a challenge and there is some pride to be had. The last thing you want to do is piss them off or give them any room to think they are "doing the right thing". Yes piracy stings as a software developer but as long as you are making money it shouldn't sting enough for you to scorn your customers.

But go ahead make the customers into criminals and the pirates into heroes. Then when you have zero user base you'll finally realize where you went wrong.

Re:Aren't there laws against this?

[Zordak]

Competitive sports are a special class where generally all but intentional torts are waived. What you're missing here is that for there to be a tort, first there must be a duty to the aggrieved party (i.e., in general, I have a duty to not hit you). When you voluntarily step into the boxing ring for a match, there is no longer the duty not to hit your opponent. The nature of the sport is to hit him. In this case, society has expressed a policy in favor of allowing certain competitive sports, even where it conflicts with the policy of people not hitting each other.

In contrast, if you have an otherwise valid contract that says, "I am allowed to hit Bill Gates, and said Gates waives any recourse against me," and Bill himself signs the contract, and maybe you pay him a billion dollars for the privilege, you are still not privileged to hit Bill Gates at your whim. The contract is void as a matter of public policy because we have a strong public policy against people hitting each other, and there is no overriding policy that defeats it in this case. This is true of any intentional tort. If you can find a judge willing to hold that the policy of paying software vendors overrides our policy of not intentionally torting each other, I'm sure the BSA would like to speak to him.

And before anyone brings it up, yes, it's true that some morons in Congress once tossed around a law that said that the RIAA could destroy your computer if you downloaded music. They can get away with this because the statute, once passed, would trump the common law. So if you are rich enough to pay for a law, then you can have EULAs that allow you to destroy the user's home folder if he uses an invalid key. I doubt that this moron is.

Re:Aren't there laws against this?

[flosofl]

I followed the developer link from Apple. Has anyone actually gone there? It looks like this is a hoax created to "scare" people into not pirating his program. He admits that it has backfired and actually driven away legit users. Here is the statement from his site Reversecode.com

Public Letter: I hope the public will read this entire letter. There has been alot of confusion regarding the copy protection of the program called Display Eater. It is described here in:

There exists two illegal cd-keys that can be used to register the program without paying for it. When Display Eater detects these keys, it would delete your home directory.

However, this is not the case in reality. The whole purpose was to create a scare campaign. You can download, the file linked from the main page, which is now down(the link is still intact here), and check it for yourself. It has been this way since 2/7/07.

It was my hope that by creating a scare campaign, I could stop wasting time writing copy protection routines to be broken over and over. But, I was wrong, it backfired. People started buying multiple keys, which I never intended, and in the beginning when the protection was in place, people who did not even know they had committed piracy or what piracy was were left in the dark. Legitimate users started fearing the program, which I never imagined.

A reporter called me today, and suggested that I make it free, and then have users pay for support. Or open source the program. I will consider all of these. -Reza

Re:Aren't there laws against this?

[Maestro4k]

I followed the developer link from Apple. Has anyone actually gone there? It looks like this is a hoax created to "scare" people into not pirating his program. He admits that it has backfired and actually driven away legit users.

Sure, he says that now, but which statement of his are we to believe? It doesn't look like the source code is available so the only way to test it is to install the program, find a pirated key, try it and see if you lose your home directory. I'd say it's far safer to just find another program and avoid this guy entirely.

Also note this:

However, this is not the case in reality. The whole purpose was to create a scare campaign. You can download, the file linked from the main page, which is now down(the link is still intact here), and check it for yourself. It has been this way since 2/7/07.

It was my hope that by creating a scare campaign, I could stop wasting time writing copy protection routines to be broken over and over. But, I was wrong, it backfired. People started buying multiple keys, which I never intended, and in the beginning when the protection was in place, people who did not even know they had committed piracy or what piracy was were left in the dark. Legitimate users started fearing the program, which I never imagined. (Emphasis added.)

Together these imply the deletion code was implemented and in the program prior to 2/7/2007. Based on the information available there's no way to tell how long it was in there, but it sounds like it was removed only on 2/7/2007.

So I don't think it was a hoax, I think the guy really did it, found out that it was the worst mistake he'd ever made and is now trying to do damage control. Personally I wouldn't use any program from him, at the least he lied about the code and has proven himself untrustworthy.

Hope he likes prison

[0123456]

At least here in the UK, I believe this would be a criminal offense. Of course the pirates might not want to report his crime, but he's still breaking the law.

Re:Hope he likes prison

[Kjella]

At least here in the UK, I believe this would be a criminal offense. Of course the pirates might not want to report his crime, but he's still breaking the law.

1. Purchase said application
2. Try to activate it using a pirated key because you have "misplaced" your real key
3. Sue the hell out of him
4. Get a microscopic slap on the wrist for the key thing
5. Get a massive damage award
6. Profit!

I can see so many ways to get the author in so much trouble over this. For example, send out SPAM advertising a 30-day free trial, using said serial number. He'll be drowning in criminal and civil lawsuits quicker than he can pull it from the market.

convinced me

[gEvil+(beta)]

Wow. He's certainly convinced me to give his software a try...

No, development will stop as police take computers

[AHumbleOpinion]

"There exist several illegal cd-keys that you can use to unlock the demo program. If Display Eater detects that you are using these, it will erase something ... If this level of piracy continues, development will stop."

Uh, no. Development will stop as the police collect your computers as evidence that you are the developer and distributor of software that intentionally erases files without user permission.

Vigilantism

[xigxag]

That's vigilantism, pure and simple. Doesn't matter if the person was a pirate or not, you're not allowed to commit a crime to protect your "property."

Re:Do you suppose it really does delete things?

[paitre]

It's not.
Reading the linked discussion thread, this 'feature' was discovered when someone tried to pirate the software so they could review it against the product they were writing.

So... no, it's not an idle threat, and the author is a freaking asshole who deserves to have his reputation destroyed over this.

What a spoiled brat.

[BlueBoxSW.com]

I write a shareware program (BlueBox Invoices) that lots of people have registered over the course of the past 9 years it has been around.

It is a fully functional program WITHOUT registering, yet many people take the suggestion to register, and it pays for continued development.

If you're going to get your panties in a knot over some people using your software, you probably should be writing some software more innovative than a screen caputure utility. The world is already filled with those.

How to do this legally

[Henry+V+.009]

As I'm sure that the Slashdoters here aren't pirates worrying about getting punished for their piracy (they're law-abiding Slashdoters!), I think we should help this developer protect his weeks and months of labor legally. And here's how he should do it:

Attention Users! Version 2099.0999 X of my software now comes with a special new feature! File deletion! To enable this great new feature, please find a pirated software key on the web and enter it. Any files that you have in "C:\Documents and Settings" will be deleted.

FAQ for possible problems using this great new feature:

• Some of my personal files aren't in "C:\Documents and Settings" and weren't deleted! -- At this time any files not in the "Documents and Settings" folder must be deleted by the user manually. We are exploring a great new "Format Drive C:" function for a future release.
• But I have a tape backup of all my files! -- The best solution that our users have found for tape backups is fire. Be safe and go for your entire house just in case you've mislaid one or two tapes. Remember to save your pets! They aren't genetically related to you and can't pass on "pirate-genes."
• I used a pirated key, but your software didn't delete by files! -- We apologize. Please forward us the offending keys and we will include them in the next release. However, you can still delete your files manually. Be sure to use shift-delete! Also see the above instructions concerning fire.

Well, that sure backfired

[vadim_t]

Now the page shows it rated at the lowest value possible in all categories, and the comments are full of "don't buy this software" as well. I also noticed that searching for "Display Eater" on the site no longer returns anything, which seems to indicate they removed it from the listing.

Talk about a moronic idea -- if piracy was already a problem, the result of this will be much greater than the problems piracy ever created. And ironically enough, this will make pirating the product a safer proposition. Do you want to use a legal version, which has this file deleting "feature" that might one day go wrong and nuke something? O do you get the pirated version with the file deleting code removed from it?

This is a more extreme version of what happens with other sorts of copy prevention. There are games out there that run faster and more stable with the CD check disabled.

Re:Well, that sure backfired

[Quinn_Inuit]

Nah, I think this will work pretty well at getting people to using pirated copies of his software. In fact, no one will be using any copies of his software at all.

Hmmm...he seems to have developed the ultimate form of copy protection. Maybe the **AAs will give him a medal or something.

Thank you

[Overzeetop]

I just wanted to say thanks for operating this way, and I hope you've received enough from registrations to make it worth your while. I don't use BlueBox, but I appreciate the thought.

I will admit that I have way too much pirated software on my system at home. Of course, I'm also not using most of it. For the most part, I prefer to demo software I've never used - it's just too hard to get through the marketing hype to determine if it really works for me. I must have thirty or forty apps for video conversion. I use three. No, scratch that - I'm down to two now. One is freeware, and the other I registered.

Sadly, 15 day - and sometimes 30 day - trials just aren't enough. Because I'm busy, I may install something to try it, and then not really get to try it out fully for a couple of months. Which means I either get a cracked copy to try it, or I pass.

While I may not have all the software I own registered, I make sure to register those that really help - even those that don't require it. Since I'm not a programmer, I do rely on these "little" apps to help out. Rename1-4a, IrfanView, and a couple of others I find indespensible. I always make sure I pay for anything I'm still using after 6 months. If I 'm still using it, it's got to be good enough to pay for. Oddly, I still have some crakced versions I use becuase I'm too lazy to enter the real SNs. I have two or three versions of Nero floating around, not all of them with legitimate SNs, but I have three consecutive version retail registry numbers I paid for, so I'm calling it even.

Anyway, thanks for being generous. Some of us out here really appreciate it.

Actually... it doesn't delete your home directory

[remahl]

The article and submission build on a misunderstanding. I conducted some research of my own and I've found that it does not attempt to delete the full home directory. It only deletes the ~/Library/Application Support/display_eater/ directory, i.e. files created by the trial version of the program. In fact, the developer says that the program will delete something from the home directory, but doesn't say what.

While I didn't acquire one of the pirated serial numbers that trigger the behavior, I have disassembled the program and these are my conclusions: The deletion is done by a function destroy() at offset 0xd148 that takes a single argument specifying the path to delete. destroy is called from a single location in the program:

+276 0000d3e4 3863a020 addi r3,r3,0xa020 ~/Library/Application Support/display_eater/ +280 0000d3e8 4bfffd39 bl _destroy

destroy() loops over each thing contained by this directory and deletes it. I've invoked the function in this way, and it does not delete anything since that directory does not exist on my system.

So, while this anti-piracy tactic sure won't convince any potential pirates to actually pay for the software, it is not as egregious as the summary suggests.

It would be nice if someone would verify these conclusions, perhaps using a real pirated key.

No, it isn't like that.

[Scrameustache]

Isn't that like catching me trying to steal your wallet For CRYING OUT LOUD, enough with the "software copies = material theft" fallacy already!

Vigilante justice

[goombah99]

Considering that in our legal systems two wrongs don't make a right vigilante justice like this should be punished. Yeah, let's form a vigilante posse and punish him!

Inside the program ...

[tb3]

To see what the fuss is about, I downloaded the 'demo' and took a look inside the executable. (No way am I running the damn thing!) There are some really amateurish icons and bitmaps, and the the string table reads like it was written by an emo kid. I'd reproduce some of them here, but fucking slashcode seems to be eating the long strings.

Really, the whole thing looks like it was written by a goofy high-school kid. Since he is displaying the Apple Universal Binary logo on his site, I suspect he's in violation of the logo licence agreement, and I suspect Kagi, his payment processor, won't be too pleased with him, either.

Re:Do you suppose it really does delete things?

[vadim_t]

Oh great, it's the stupid analogies again.

But since you like them so much, I'll point that it's in fact illegal in many places to booby trap your property. So if you have any great ideas, like turrets that automatically shoot at intruders, or connecting AC to the window frame, you will find that if a thief gets hit with any of that they can sue you -- and win.

In your case, there's a crime being committed: trespassing, and breaking and entering. But that in fact gives you no right whatsoever to make a mechanism that pours boiling pitch on the intruder. Your right to shoot trespassers in most place applies only to *self defense* if you personally are present. In some places you're not allowed to kill the intruder if they're not threatening you personally, and I'm pretty sure no place allows attacking an intruder by any sort of automatic means.

In this case, there's a crime being committed: copyright infringement. But that also doesn't give the author the right to take revenge by deleting files.

Re:Do you suppose it really does delete things?

[Sancho]

Reporting the IP might be considered an invasion of privacy, but it would be a far cry from deleting data irrevocably. If I was doing something like this, I'd probably just have the program queue up a mail to the BSA stating that the user is a pirate.

Or maybe (hey, this is a crazy idea) the pirated key should just not unlock the program. Whoa! What a concept! That's so ingenious, I should go patent it.

Fact is, the program knows that the key is invalid and chooses to do something malicious rather than simply ceasing to function.

Video Flash Chat

[mattyrobinson69]

We bought a webcamming system from a company called Datetopia. If the php side of the software detected $_SERVER['SERVER_NAME'] wasn't the one it was registered to (eg: if you decided to buy video.mydomain.com and use that for it), then it would drop its tables in the database.

The softare was badly written (used register_globals, etc), and lots of the code was put in an eval() (potentially a security nightmare), and obfusicated (base64'd, etc). We decided to scrap it, rather than reverse engineer it, so we wrote our own.