|
Software Registration & Your Privacy
A Cotse Editorial
August 26, 2003
John Holstein,
Cotse Helpdesk/Support
Recently on IRC, I entered into a private conversation with an individual with
a slight problem, for this discussion, we'll call this person "Mr. Pike". Mr.
Pike downloaded (GetRight) and installed
it on his PC. Before purchasing it, this individual usually checks Asta
La Vista for a software registration code (known as a "crack") to register
the program. He explained that he does this so he can use the entire piece
of software, not just in demonstration mode which is usually in a knocked-down
version and not all of the features operate. True, it's technically illegal
to do this, however, it will give the user a comprehensive means to test the
piece of software.
After downloading and applying the "crack" to GetRight, he was immediately taken,
via a pop-up Internet Explorer Window to this link (here's
a screen shot of the page, just in case you don't want to leave your tracks on
their not-so-privacy-conscience-site: Screen Shot).
Mr. Pike is a Cotse.Net subscriber yet he wasn't using our Transparent
Proxy. If Mr. Pike had the Cotse Transparent Proxy setup in his default browser,
it's likely, when the pop-up occurred, the redirection would have taken place
behind our proxy, shielding our user from this invasion of privacy and not reveal
his
IP
address to the GetRight web logs.
There's a fine line between protecting intellectual property and invading someone's privacy in the process. True, the product is copyright material and susceptible to appropriate laws governing intellectual property. True, software piracy is a problem (although I hardly think it's anywhere close to being as bad as the manufacturer's claim). However, redirecting someone's browser, without their permission, is wrong. Invading someone's computer to check for copyright material, without a valid search warrant delivered by law enforcement, is also wrong (see MPAA, RIAA, etc).
What's next? We've already being threatened by the MPAA & RIAA toward
invading our computers, looking for "copyright" material and the possibility
of using measures to remove said material even if the method involves completely
disabling
the computer system.
Needless to say, it's appalling to think that private industry was almost
granted powers greater than police officers have to invade our privacy. It's
not yet over. Laws are still being introduced to broaden the collective power
of the industry. It all starts with a simple web page redirect. Like all things
subversive, a small step leads to an escalating transient toward a more restrictive
environment to control the actions of the citizens.
Let's take a moment to theorize a bit. Let's throw a few "what ifs" into the
equation. What if you decide scratching your valuable collection of CDs isn't
something you would like to see happen? What if you decide to backup your legally
purchased collection of audio (or for that matter, software or DVD's) cds?
You take the time to backup your collection to ISO's (software) or mp3s (audio)
or DVD's and make "copies", keeping these copies on your computer, as well as
to other cd media.
These
audio
cd copies
are
taken
with
you,
rather than the originals, in your car, in an MP3 player, for your individual
use. The
mp3s are played on your computer, for your own listening pleasure. The copies
of your original DVD's are placed in the DVD rack next to your TV where your
kids can get to them. All of the originals are then stored in a safe place, such
as
a closet, away from potential scratching. There's
nothing
legally
wrong
with
doing
this.
You
are
allowed
to make a copy of legally purchased audio & software media. Now then, "what
if" the music industry illegally invades your privacy by hacking into your computer
then "disables" the backups or "disables" your computer? This is clearly illegal.
What if you are reported to your ISP, or worse, to Law Enforcement for breaking
copyright laws, yet you have done nothing wrong? What
about
your
rights?
What
rights
do
you
have?
What
rights
do
you
want
to keep? Money is absolutely no justification to give up your rights. Period.
And
that's
exactly what's happening to you and this country.
What else is happening that you don't know about? See, therein lies the rub.
Now we're speaking in the realm of total guess work. Anything is possible.
Only time will tell, but chances are, if the current state of affairs goes
unchecked, anything could become reality. What exactly does GetRight do when you legally
register the piece of software, does it still phone home? I didn't read the
End User License Agreement, the point isn't whether you allow it to happen,
the point is, will the average computer user, uneducated in the legal terminology
used in the EULA, understand what's happening? Would they condone such an action
BEFORE they purchase the piece of software? If they purchase the software prior
to reading the EULA, will the company refund their money?
What can you do about it? First, don't use cracked software (I had to stick
that in there, because logically, it is the first step). Second, protect
yourself through Privacy Resources such as Cotse.Net.
Use software and operating systems that won't grant the same ease of subversion
or redirection. Select higher security settings for Internet Explorer, personally,
I've chosen to use Mozilla as my default browser. Use a personal firewall that
checks outbound connections and allows you to set permissions on every aspect
of software that connects to the Internet. For those a little more politically
active, contact your congressional representatives and explain how worried
you are about the course our government is taking by allowing our rights to
be sold to private industry.
From a Reader:
Attached please find a .txt file with the source copied from the emails - first the email
showing the registration, and the second, an accusation from the author of the software,
regarding the hacked registration code. I was wrong about the order of things. We
registered (according to his own email) on the 27th, and the 'crack' code was applied on
the 28th (after we'd already paid for the software, but before we got the proper 'key' in
the email.) We tried 'unlocking' it with the crack code, to see if it eliminated the
problem I was having, since it took a while to get the actual registration via email (as
you can see from the timestamp on the registration code email).
Also attached is a copy, made directly from within the (now aborted) installation, of the
EULA. I went to CNet's Download.com and noticed the first "review" is this:
begin copy & paste from http://download.com.com/3302-2204_4-10189713.html>
"spyware"
Accepting the license allows the program to automatically transmit personal
information. I wish there was a site that would screen out the spyware, buggedware, and
garbageware. This is a very tedious business. I just want a simple program that will
create quality standalone slideshows that actually work. "
end paste
So I went to the site, downloaded over 10MB of this program, just to see the newer EULA.
SURE ENOUGH....
copy & pasted from current EULA
PRIVACY. By installing this software you consent to the automatic electronic transmission
of personal identification information to Voelker Software for the purpose of verifying
your purchase and compliance with this license agreement. This information may include but
is not limited to your name, e-mail address, hard disk serial number, IP address, computer
name and network ID.
end paste
A full copy of the EULA in .txt format is also included. This copy & pasted section
appears WAY down at the bottom, almost hidden amongst the legalese of the EULA.
I am assuming this was the result of emails such as the one my husband sent back, of which
I can forward a copy later to you, as I do not have access to that at this time (it
originated from his computer, therefore I don't have a copy).
Return-path: munged@digitalphotoslideshow.com>
Received: from mail.nshosts.com (mail1.nshosts.com) munged
by iswiz.com munged
with SMTP (MDaemon.PRO.v5.0.4.R)
for munged@iswiz.com; Mon, 03 Mar 2003 19:52:29 -0600
Received: from vs1 (unverified munged) by mail.nshosts.com
(Vircom SMTPRS 5.3.232) with ESMTP id B0038695348@mail.nshosts.com for <@iswiz.com>;
Mon, 3 Mar 2003 18:44:06 -0700
From: "James M. Voelker" munged@digitalphotoslideshow.com
To: munged@iswiz.com
Subject: Illegally Registered Software
Date: Mon, 3 Mar 2003 19:53:02 -0600
Message-ID: BFEAIICDNABKDJLMNFAOKEKEELAA munged@digitalphotoslideshow.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
X-Lookup-Warning: reverse lookup on original sender failed
X-MDRcpt-To: munged@iswiz.com
X-MDRemoteIP: munged
X-Return-Path: munged@digitalphotoslideshow.com
X-MDaemon-Deliver-To: munged@iswiz.com
On 2/28/2003 12:45:56 AM, you or someone using your e-mail address
downloaded and illegally
installed a hacked registration code to unlock Digital Photo Slide Show. The
software
was illegally hacked using the registration name: Lamb on a computer using
the e-mail address: munged@iswiz.com. Details of this transaction have been
logged.
This activity is illegal and is a violation of US Copyright Law and
International
Treaties. This activity may be punishable by fines, imprisonment or both. If
you
engaged in this activity you may be subject to criminal and/or civil
prosecution.
To avoid any further illegal activity, you are required to purchase a legal
license to
Digital Photo Slide Show. You may do so at the following URL:
http://www.digitalphotoslideshow.com/purchasing.htm
This e-mail message is not Spam. It is in response to someone using the
above email
address in the process of illegally hacking Digital Photo Slide Show.
If you did not participate in this illegal activity, then I hope you
appreciate being
informed that someone is either using your computer or your email address
while
engaged in this activity.
If you have any questions about this, please do not hesitate to contact me.
James M. Voelker
munged@digitalphotoslideshow.com
If something like this happens to you, let it be known. Either fill me in or put up a website and give me a link. I'll be happy to link from this page to your website with material relating to the subject matter.
John Holstein,
Cotse Helpdesk/Support
| 
