blank.gif (43 bytes)

Church Of The
Swimming Elephant

Search:

Software Registration & Your Privacy
A Cotse Editorial
August 26, 2003

John Holstein,
Cotse Helpdesk/Support

Recently on IRC, I entered into a private conversation with an individual with a slight problem, for this discussion, we'll call this person "Mr. Pike". Mr. Pike downloaded (GetRight) and installed it on his PC. Before purchasing it, this individual usually checks Asta La Vista for a software registration code (known as a "crack") to register the program. He explained that he does this so he can use the entire piece of software, not just in demonstration mode which is usually in a knocked-down version and not all of the features operate. True, it's technically illegal to do this, however, it will give the user a comprehensive means to test the piece of software.

After downloading and applying the "crack" to GetRight, he was immediately taken, via a pop-up Internet Explorer Window to this link (here's a screen shot of the page, just in case you don't want to leave your tracks on their not-so-privacy-conscience-site: Screen Shot). Mr. Pike is a Cotse.Net subscriber yet he wasn't using our Transparent Proxy. If Mr. Pike had the Cotse Transparent Proxy setup in his default browser, it's likely, when the pop-up occurred, the redirection would have taken place behind our proxy, shielding our user from this invasion of privacy and not reveal his IP address to the GetRight web logs.

There's a fine line between protecting intellectual property and invading someone's privacy in the process. True, the product is copyright material and susceptible to appropriate laws governing intellectual property. True, software piracy is a problem (although I hardly think it's anywhere close to being as bad as the manufacturer's claim). However, redirecting someone's browser, without their permission, is wrong. Invading someone's computer to check for copyright material, without a valid search warrant delivered by law enforcement, is also wrong (see MPAA, RIAA, etc).

What's next? We've already being threatened by the MPAA & RIAA toward invading our computers, looking for "copyright" material and the possibility of using measures to remove said material even if the method involves completely disabling the computer system.

Needless to say, it's appalling to think that private industry was almost granted powers greater than police officers have to invade our privacy. It's not yet over. Laws are still being introduced to broaden the collective power of the industry. It all starts with a simple web page redirect. Like all things subversive, a small step leads to an escalating transient toward a more restrictive environment to control the actions of the citizens.

Let's take a moment to theorize a bit. Let's throw a few "what ifs" into the equation. What if you decide scratching your valuable collection of CDs isn't something you would like to see happen? What if you decide to backup your legally purchased collection of audio (or for that matter, software or DVD's) cds? You take the time to backup your collection to ISO's (software) or mp3s (audio) or DVD's and make "copies", keeping these copies on your computer, as well as to other cd media. These audio cd copies are taken with you, rather than the originals, in your car, in an MP3 player, for your individual use. The mp3s are played on your computer, for your own listening pleasure. The copies of your original DVD's are placed in the DVD rack next to your TV where your kids can get to them. All of the originals are then stored in a safe place, such as a closet, away from potential scratching. There's nothing legally wrong with doing this. You are allowed to make a copy of legally purchased audio & software media. Now then, "what if" the music industry illegally invades your privacy by hacking into your computer then "disables" the backups or "disables" your computer? This is clearly illegal. What if you are reported to your ISP, or worse, to Law Enforcement for breaking copyright laws, yet you have done nothing wrong? What about your rights? What rights do you have? What rights do you want to keep? Money is absolutely no justification to give up your rights. Period. And that's exactly what's happening to you and this country.

What else is happening that you don't know about? See, therein lies the rub. Now we're speaking in the realm of total guess work. Anything is possible. Only time will tell, but chances are, if the current state of affairs goes unchecked, anything could become reality. What exactly does GetRight do when you legally register the piece of software, does it still phone home? I didn't read the End User License Agreement, the point isn't whether you allow it to happen, the point is, will the average computer user, uneducated in the legal terminology used in the EULA, understand what's happening? Would they condone such an action BEFORE they purchase the piece of software? If they purchase the software prior to reading the EULA, will the company refund their money?

What can you do about it? First, don't use cracked software (I had to stick that in there, because logically, it is the first step). Second, protect yourself through Privacy Resources such as Cotse.Net. Use software and operating systems that won't grant the same ease of subversion or redirection. Select higher security settings for Internet Explorer, personally, I've chosen to use Mozilla as my default browser. Use a personal firewall that checks outbound connections and allows you to set permissions on every aspect of software that connects to the Internet. For those a little more politically active, contact your congressional representatives and explain how worried you are about the course our government is taking by allowing our rights to be sold to private industry.

From a Reader:

Attached please find a .txt file with the source copied from the emails - first the email showing the registration, and the second, an accusation from the author of the software, regarding the hacked registration code. I was wrong about the order of things. We registered (according to his own email) on the 27th, and the 'crack' code was applied on the 28th (after we'd already paid for the software, but before we got the proper 'key' in the email.) We tried 'unlocking' it with the crack code, to see if it eliminated the problem I was having, since it took a while to get the actual registration via email (as you can see from the timestamp on the registration code email).

Also attached is a copy, made directly from within the (now aborted) installation, of the EULA. I went to CNet's Download.com and noticed the first "review" is this:

begin copy & paste from http://download.com.com/3302-2204_4-10189713.html> "spyware" Accepting the license allows the program to automatically transmit personal information. I wish there was a site that would screen out the spyware, buggedware, and garbageware. This is a very tedious business. I just want a simple program that will create quality standalone slideshows that actually work. "

end paste

So I went to the site, downloaded over 10MB of this program, just to see the newer EULA.

SURE ENOUGH....

copy & pasted from current EULA

PRIVACY. By installing this software you consent to the automatic electronic transmission of personal identification information to Voelker Software for the purpose of verifying your purchase and compliance with this license agreement. This information may include but is not limited to your name, e-mail address, hard disk serial number, IP address, computer name and network ID.

end paste

A full copy of the EULA in .txt format is also included. This copy & pasted section appears WAY down at the bottom, almost hidden amongst the legalese of the EULA.

I am assuming this was the result of emails such as the one my husband sent back, of which I can forward a copy later to you, as I do not have access to that at this time (it originated from his computer, therefore I don't have a copy).

Return-path: munged@digitalphotoslideshow.com>
Received: from mail.nshosts.com (mail1.nshosts.com) munged
by iswiz.com munged
with SMTP (MDaemon.PRO.v5.0.4.R)
for munged@iswiz.com; Mon, 03 Mar 2003 19:52:29 -0600
Received: from vs1 (unverified munged) by mail.nshosts.com
(Vircom SMTPRS 5.3.232) with ESMTP id B0038695348@mail.nshosts.com for <@iswiz.com>;
Mon, 3 Mar 2003 18:44:06 -0700
From: "James M. Voelker" munged@digitalphotoslideshow.com
To: munged@iswiz.com
Subject: Illegally Registered Software
Date: Mon, 3 Mar 2003 19:53:02 -0600
Message-ID: BFEAIICDNABKDJLMNFAOKEKEELAA munged@digitalphotoslideshow.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
X-Lookup-Warning: reverse lookup on original sender failed
X-MDRcpt-To: munged@iswiz.com
X-MDRemoteIP: munged
X-Return-Path: munged@digitalphotoslideshow.com
X-MDaemon-Deliver-To: munged@iswiz.com

On 2/28/2003 12:45:56 AM, you or someone using your e-mail address downloaded and illegally installed a hacked registration code to unlock Digital Photo Slide Show. The software was illegally hacked using the registration name: Lamb on a computer using the e-mail address: munged@iswiz.com. Details of this transaction have been logged.

This activity is illegal and is a violation of US Copyright Law and International Treaties. This activity may be punishable by fines, imprisonment or both. If you engaged in this activity you may be subject to criminal and/or civil prosecution.

To avoid any further illegal activity, you are required to purchase a legal license to Digital Photo Slide Show. You may do so at the following URL: http://www.digitalphotoslideshow.com/purchasing.htm

This e-mail message is not Spam. It is in response to someone using the above email address in the process of illegally hacking Digital Photo Slide Show.

If you did not participate in this illegal activity, then I hope you appreciate being informed that someone is either using your computer or your email address while engaged in this activity.

If you have any questions about this, please do not hesitate to contact me.

James M. Voelker
munged@digitalphotoslideshow.com

If something like this happens to you, let it be known. Either fill me in or put up a website and give me a link. I'll be happy to link from this page to your website with material relating to the subject matter.

John Holstein,
Cotse Helpdesk/Support

Cotse.Net

Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

 
.
www.cotse.com
Have you gone to church today?
.
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 Cotse.com.
Cotse.com is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609