Slashdot Mirror
Microsoft To Court: Make Comcast Give Us Windows-Pirating Subscriber's Info (networkworld.com)
An anonymous reader writes: Microsoft is using the IP address 'voluntarily' collected during its software activation process to sue a Comcast subscriber for pirating thousands of copies of Windows and Office. The Redmond giant wants the court to issue a subpoena which will force Comcast to hand over the pirating subscriber's info. If the infringing IP address belongs to another ISP which obtained it via Comcast, then Microsoft wants that ISP's info and the right to subpoena it as well. "Defendants activated and attempted to activate at least several thousand copies of Microsoft software, much of which was pirated and unlicensed," Microsoft's legal team wrote. The product keys "known to have been stolen" from Microsoft's supply chain were used to activate Windows 8, Windows 7, Office 2010, Windows Server 2012 and Windows Server 2008. The product keys, Microsoft said, were used "more times than is authorized by the applicable software license," used by "someone other than the authorized licensee," or were "activated outside the region for which they were intended." Whether or not the IP traces back to a Comcast subscriber or was assigned by Comcast to a different ISP, as the The Register pointed out, "It would be a significant gaffe on behalf of the alleged pirates if the IP address data pointed to their real identifies."
So... Microsoft is protecting its intellectual property by using information that everyone knows is transmitted when Windows is activated? Why is this news?
I'm with M$ about this. Use Ubuntu and Libreoffice if you don't have the dough.
Saved by the NAT!!!
As proven before, IP addresses are a really poor way to identify someone. Considering the circumstances, it could very well be a zombie PC in a larger botnet being identified.
...well, unless they are a complete idiot.
I wouldn't do something like this from my own IP address. That would be quite daft. I would instead find an open Wifi, or use a VPN or some other network where it can't be traced to me.
This is just going to get the owner of the IP snared up in the court system for no good reason. Microsoft should just invalidate the keys that were stolen and move on.
Being most PC come with a Windows license and with a stupid restore ability, and it's defaults are full of junk. A lot of people may just want a clean OEM install. Not the Lenovo or Dell install.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Considering the circumstances, it could very well be a zombie PC in a larger botnet being identified.
"His name was James Damore."
Was already reported on TF https://torrentfreak.com/micro... last month.
Minimum threshold fixed. Thanks!
By extension. If you have a lock on your door, that I can break, you are fine with me taking all your shit?
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
They have seen thousands of attempted activation's come from the IP in question. They didn't give an exact number but said. This was a story on torrentfreak, "“Microsoft’s cyberforensics have identified several thousand product key activations originating from IP address" Its 1 think if they were after person for 2-3 copies but talking thousands from what is a Comcast business account since they did post the IP in question as well.
Microsoft suddenly cares about piracy of it's OS? That's new.
While MS should go after piracy on this scale, they should be denied their request, because:
product keys "known to have been stolen" from Microsoft's supply chain were used to activate Windows 8, Windows 7, Office 2010, Windows Server 2012 and Windows Server 2008.
If they were known to be stolen, then MS has a duty to limit losses. They can blacklist the keys and prevent further activation. If they were "known to have been stolen" then MS should have limited their losses as soon as they found out.
The product keys, Microsoft said, were used "more times than is authorized by the applicable software license,"
Again, MS has the ability to enforce this. Activation is their job, and if they allow a key to be activated thousands of times that's their fault. I commend them for being lenient - I've certainly relied on being able to activate a single key several times when building / upgrading PCs. But allowing thousands of fraudulent activations is a joke. More than a few a year should trigger alarm bells at Redmond.
used by "someone other than the authorized licensee," or were "activated outside the region for which they were intended."
MS can't prove either of these. Even if they know the authorized licensee, they don't know who is using the keys thousands of times. They can't know who it isn't without knowing who it is. If they knew who it is, they wouldn't need to subpoena for info. The same thing goes for the region.
It's also not the court's job to enforce the minutia of the license terms such as region, number of activations, transference, etc., especially when MS is so lackadaisical as to allow the keys to be stolen and for unauthorized activations to go on for so long.
As proven before, IP addresses are a really poor way to identify someone. Considering the circumstances, it could very well be a zombie PC in a larger botnet being identified.
could well be, given the clear illegal activiities the best way to find that out is through the court with subpeana's so they can check it which seems to be what they are doing. When such a massive clear violation has occurred they have to at least follow the process and check, would not be the first time a criminal has been a moron and shit in their own nest.
Wasn't this because of a handful of addresses being responsible for the majority of the activations? As in pirating on a business scale and not the average guy who installed pirated windows a few times.
Only the State obtains its revenue by coercion. - Murray Rothbard
it's the only way to be sure.
Considering the circumstances, it could very well be a zombie PC in a larger botnet being identified.
If a bank robber used a blue Ford as a getaway car, that doesn't mean that the bank can subpoena the ownership records for every blue Ford so they can stop by their houses and see if that was the car that happened to be used in the robbery.
IP addresses are about as good as a car's paint color in identifying a malicious user.
If I had a backup copy of my entire house, I really wouldn't care so much about the "theft" aspect of a burglary. Of course you make the common mistake of confusing scarce things with non scarce ones.
"Ship, make me another copy of all my shit"
A Pirate and a Puritan look the same on a balance sheet.
If a bank robber used a blue Ford as a getaway car, that doesn't mean that the bank can subpoena the ownership records for every blue Ford so they can stop by their houses and see if that was the car that happened to be used in the robbery.
The bank can't do that, but the police said who investigate robberies can get the list for of blue Fords and compare the owner's names to known criminals. And to be a proper car analogy, they would be after a blue Ford with the license plate ABC123. If it turned out that the car was stolen for the bank job then that would be the same as a botnet that was using that IP address.
It's been awhile but I remember being told somewhere that Microsoft used information like the MAC address of a built-in NIC, so if only one changed Microsoft would use the other points to determine if the computer was the same one and at the time someone mentioned that replacing a motherboard might take away several points at once.
But in this case they know which garage the blue ford parked in.
That may be true but I'm not sure that I'm seeing what point it is that you're trying to make?
Are you saying that all these people didn't want OEM installs so took it to this one place, used this one particular IP address, and then activated Home, Professional, Server, Office, Enterprise, etc versions on this one particular IP address? I didn't know there was an OEM Server edition or OEM Office and they all had the same activation code.
Someone, probably, was activating licenses from Technet or MSDN and, from the looks of things, was probably selling boxes with them pre-installed. They might be VL and gone over that number - probably stolen, and probably sold boxes with 'legit' on 'em. Alternatively, they patched it to pipe a cracked version through one particular IP address and sold them as legit.
I mean, c'mon now... What kind of excuses are ya gonna make for this? "Oh, someone just didn't know how to find the decrapify application via Google and wanted to get a clean install instead of the OEM stuff." Sheesh...
"So long and thanks for all the fish."
While that's true I do think I recall RedHat turning around and counter-suing SCO way back when and I think Canonical has filed at least one trademark suit? Of course, they both kind of had to. But let's be realistic here...
Regardless of our moral views on copyright, regardless of how you and I might think, you've got to be pretty damned stupid (if legit) to activate a ton of unpaid for copies of Windows -- even Enterprise? (What are they, crazy?), Office, and whatever else form the same IP address and not expect to get your teeth kicked in by the MS law-squad. That's right retarded. Funny, but retarded. They should have put up a VM in China and pushed the data through there via a hardware firewall w/VPN capacity. MS wouldn't have done a damned thing.
"So long and thanks for all the fish."
And the botnet points to China. Oops, dead end.
Hopefully Microsoft will reimburse the taxpayers for the expense of a wild goose chase. If they want to protect their weak business model then they should bear the cost burden of trying to do so.
They found the IP address of someone who is using the activation keys that are known to have been stolen. Why didn't they turn this information over to the police and let them go after the person? That is supposed to be their job, not Microsofts. At the very least the person would be someone of interest in the theft of the activation keys and I'm sure the police would like to look at the possible large scale piracy of software going on.
If a bank robber used a blue Ford as a getaway car, that doesn't mean that the bank can subpoena the ownership records for every blue Ford so they can stop by their houses and see if that was the car that happened to be used in the robbery.
The bank can't do that, but the police said who investigate robberies can get the list for of blue Fords and compare the owner's names to known criminals. And to be a proper car analogy, they would be after a blue Ford with the license plate ABC123. If it turned out that the car was stolen for the bank job then that would be the same as a botnet that was using that IP address.
But it's not the police that's trying to get the name of Comcast subscribers, it's Microsoft.
"activated outside the region for which they were intended."
Most of the complaint sounds reasonably reasonable but this one really irks me.
. .
When they find out that Comcast static IP address(Houston, Tx) is a VPN node setup by some hacker, and the owner had no idea.
Or, it could be worse, and find out it's a Comcast public wifi IP addr that's been activating all those licenses.
.
I'll laugh if they trace the IP back to their own Azure cloud system.
Companies on the way up embrace the PR related to minor theft- it shows how popular the product is. Game of Thrones, the TV series, was not at all concerned with the massive pirating of their series; it was good publicity (PR) and they made more money than they could count.
Companies on the way down have a different perspective. It is theft, after all, and it can hurt. The PR that works for them is a very public warning that theft will not be tolerated. Spread the word and some users will go straight, others will reconsider or at least take better precautions when pirating.
Microsoft has been very lenient for a very long time. Their day may be winding down and it is wise to protect any remaining property of value while they look for a breakthrough miracle product.
...omphaloskepsis often...
Something many aren't aware of is if you change or upgrade your system you are subtracting numbers from a total allowed before your OS is no longer activated or legal and must be reactivated or re-purchased.
I use to know them for NT but it's been awhile. A CPU change I know counts as 2 points, a trick was to claim you had a NIC card as it added 2 points to the total.
“Significant” hardware changes can also trigger the Windows activation process again. For example, if you swap out multiple components on your PC at the same time, you may have to go through the activation process. Microsoft hasn’t explained exactly which hardware changes will trigger this.
http://www.howtogeek.com/18284...
Every now and then you have to reinstall MS Windows BECAUSE IT SUCKS. It gets bloated, infected, bugs out, whatever, and then you need a fresh damn re-install. Are you going to go after those people too?
After losing a laptop to UEFI, I dug deeply into the Windows 7 TOS, not an easy task as there are so many different ones.
I purchased a Windows 7 Pro CD for my custom built system, I can re/install it on the same computer as many times as I want, the trick is not to upgrade it too much or it's considered a different system; see my post below "Bet few knew this..."
This was probably just one guy, with one set of product keys, that had to keep reloading the software to try to fix a problem.
If someone stole a manuscript from Disney and got away in a blue Ford with a license plate of XXX-123 and then pirated the manuscript, it certainly would be within the court's power to allow Disney to subpoena the owner of that particular Ford to ask who was in control of the car at the moment of the theft. It might have been the owner's son, or neighbor, or it might have been stolen. But it's a legitimate request to ask the question.
Let us live so that when we come to die, even the undertaker will be sorry -- Mark Twain
Technically, it's a combination of hardware IDs on your computer. ID of the install HD, ID of the CPU, ID of the motherboard chips, ID of the video card, ID of the NIC... The strictness of the check depends on the type of license, but replacing things one at a time is generally safe. If you have an OEM license, you generally have to replace things with very similar parts; e.g. if your MB dies, you need to replace it with the same style MB.
Let us live so that when we come to die, even the undertaker will be sorry -- Mark Twain
But it's not the police that's trying to get the name of Comcast subscribers, it's Microsoft
That's because copyright infringement is not really a police matter, so it is quIte right for Microsoft to pursue this matter in court. The difference with the police doing it is that they can lookup the registration records without having to get a court order. Microsoft do not have that ability to simply examine the IP records for themselves so they have to go to court to compell Comcast to divulge the information (although the police would have to do that too since they don't have access to Comcast's private information).
Comcast were right in requiring Microsoft to get a court order to get the Customer details, and Microsoft were quite right for asking for them. If they aren't entitled to the details the the court will say no, but that won't be for the bogus reasons that have been stated here on Slashdot. Rather, it would be refused if they failed to show cause as required by the law.
And the botnet points to China. Oops, dead end.
It's likely not to be a botnet at that address, as they would be able to use a larger number of addresses to spread the activations. There have been instances in the past of small computer stores installing pirated copies of Windows and Office on computers which were also discovered by the activity at one IP address. That's what I predict will be the result of this too.
Since Microsoft controls all the activation servers, they didn't have to actually *ALLOW* the activation. At any time, they could have denied the activation because of the IP address it was coming from, or because the product key was a dupe, or because it was out of region.
Wasn't that the reason for inventing product activation in the first place?
I thought it wasn't theft unless something physical was stolen. Did you mean to say copyright infringement?
Captcha: wrongly
It's always impressive when the trolls master object permanence.
https://www.google.com/search?...
Now pirates will think again to get windows system. On the other hand, Linux costs nothing?! Welcome to liberation army people!
Jesus, did IQs drop sharply round here or something?
God is dead, and you must be new here. There have always been idiots clicking submit.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
They should have put up a VM in China and pushed the data through there via a hardware firewall w/VPN capacity. MS wouldn't have done a damned thing.
Maybe these are installs in China and the activation is being proxied through a zombie PC? :)
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
What's the chances someone opened up a KMS server and said help yourselves?
Surely we can "Trust Microsoft(tm)"...
Seven puppies were harmed during the making of this post.
That's because copyright infringement is not really a police matter
Tell that to the guys who busted into Kim Dotcom's mansion in New Zealand with helicopters and automatic weapons. Or to the cops who arrested a founder of TPB in Cambodia. Apparently it's only a police matter sometimes. Other times it's not.
Seven puppies were harmed during the making of this post.
You can't go claiming it's like the police investigating criminal cases when you want MS to have police powers, then when it;s pointed out that it has to be the POLICE doing that, not a company or individual, go "But it's not a criminal case!".
The police line was about the bank robbery analogy. The claim was that you wouldn't have a bank being able to get the records for all blue Fords if one was used in a robbery, when that is actually incorrect (although it is the police that would do that). Microsoft do not have police powers. You don't need police powers to instigate a civil court case, which is what this is.
If it's not a criminal case, they can't go fucking fishing.
You are right, they can't go fishing. If that is what Microsoft is doing then the court would reject the request. However, it is not fishing they have evidence that someone at a specific IP address was engaging in copyright infringement.
You keep claiming that Microsoft can't do what they are doing, and yet they are perfectly entitled to do so under the law. The courts are not stupid, and they would not allow a case to continue if Microsoft had no standing in this case. So bleat on about it as much as you like, but you are wrong.
yet today? * piracy is stealing ships, right?
I second this * "copyright infringement" != "theft" FYI
Thousands of times?
"Are you saying that all these people didn't want OEM installs so took it to this one place, used this one particular IP address, and then activated Home, Professional, Server, Office, Enterprise, etc versions on this one particular IP address?"
That's quite often how it works, yes. If you actually had any idea about real life, you'd know this and not needed to have asked this question.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
They didn't have to but they did. I actually wouldn't have it any other way. Better to go after abusers after the fact than to risk not activating 1 user of legitimately purchased software.
I personally believe that this has always been MS's calculus. They would rather err on the side of caution and just activate.
My eyes reflect the stars and a smile lights up my face.
How was this marked in informative? By definition botnets depend on being installed unwittingly on peoples machines- so what does activation keys have to do with a botnet? Are you suggesting it re installs windows?
love is just extroverted narcissism
Mind you, since the license isn't being sold, only the copy, the value of what this person is selling is zero
Not true. There is the labor involved in developing the entire system, the cost of the CDN, the cost of the media the bits are resting on and the entire maintenance (update) apparatus, to name a few real world costs associated with software.
My eyes reflect the stars and a smile lights up my face.
Yeah, that OEM version of Server 2008 and 2012 comes with Dell stuff on and thousands of them get activated on a single IP address. Boy, that OEM version of Office has to be really... Wait, no, that OEM version of Office is the same as as any other version of Office. Hint: Anyone buying Server 2012 isn't sending it out to to have OEM stuff removed, same for 2008.
Have you ever been right? Seriously, ever? What is this *real* world of yours? Nobody, and I do mean nobody, is sending out an OEM Server 2012 box (all using the same keys or a few limited keys) to get DELL stuff removed from it. Nobody. Not even YOU are that inept.
"So long and thanks for all the fish."
In this case, yes, the license keys physically printed on the OEM stickers were stolen, so yes, something was physically stolen.
The product keys "known to have been stolen" from Microsoft's supply chain were used to activate Windows 8, Windows 7, Office 2010, Windows Server 2012 and Windows Server 2008.
There was actual real theft involved here.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
no we can't, and don't call me Shirley
If they really cared, the previous version would be 50+% off and the version(s) before that would be free. The same goes for Adobe and their ilk. You don't HAVE to offer any support, but if you sold older versions cheaper and/or free, you would have much less piracy. You know they're not going to buy the new version, so why not take what you can get for the older stuff? I was gonna buy a legit copy of 7 for my next build, but it's the same price it's been since launch, and that is 2.1 versions ago. Fuck that.
...