Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Software Vendors Say to Public: "You Have No Rights."

By Dragomire in Internet
Wed Mar 12, 2003 at 06:04:52 PM EST
Tags: Freedom (all tags)
Freedom

Spyware. Adware. Back doors. We all know about them. We most likely all hate them. Many popular 'free' programs come with spyware and/or adware that must be installed for the programs to work.

These extra programs report back to the parent company users' web surfing preferences, what music/movie/other entertainment files might be on their hard drive, as well as any other information they are programmed to retrieve (email addresses, messenger clients, etc).

A bigger problem, however, might come in the form of back doors to popular programs, which may give software vendors complete access, and in some cases complete control, to an end user's system.


Spyware

Spyware is loosely defined as any program that monitors a user's activities on a computer, that then sends that information to a company so that they may then re-use, or re-sell, that information to try and advertise to the user (usually through spam email).

Spyware is almost universally reviled. Many people consider it an invasion of privacy, and I agree with them. To me what is on my computer, and to what degree I use my computer for my own uses, is no one else's business.

Many popular P2P programs, such as Kazaa, contain spyware, unbeknownst to many naive users. Many 'download accelerator' programs contain spyware as well. Even Microsoft's Windows Media Player contains spyware within it.

Unfortunately, installing the programs that contain the spyware installs the spyware itself. And, by agreeing to the licensing terms within these programs, many people have agreed to let the spyware programs be installed. Even uninstalling the offending program that a user originally downloaded often does not remove the spyware from the user's machine.

Adware

Adware is a form of spyware that afflicts the user with enormous amounts of pop-up and pop-under ads while the user surfs the web, or uses the program that contains it. These ads become tailored to the types of web sites that the user visits/uses of the program originally downloaded.

For example: if a user likes to visit porn sites, they will get ads for penis enlargement, or viagra-type sexual enhancers, or even porn sites themselves. If a user likes to visit computer hardware pages, they will get ads for computer upgrades and monitors. Etc.

Like normal spyware, many users do not realize that the 'free' program they have downloaded contains the adware. And, like normal spyware, the clickable license that the user agrees to states they agree to have this software installed. Again, uninstalling the program that contained the adware often does not remove the adware itself.

Kazaa is a program that actually uses normal spyware, as well as adware. The ads become tailored to the type of files the user downloads the most, as well as the types of web sites the user visits. Even web pages that don't have pop-up/pop-under ads will begin having them for users with Kazaa installed.

Many vendors defend the use of spyware and adware as a source of potential revenue. Some also say that in order to release the programs for free, they must allow the makers of the spy/adware to add these programs to their software; since the makers of the spy/adware programs often help to cover costs by contributing (sometimes large) sums of money to the development of the programs.

Back Doors

While spyware and adware are bad enough, there is actually a worse problem to worry about. Back doors left in programs that allow the software vendor complete access, if not complete control of a user's computer.

Microsoft is at the forefront of this movement.

When a user installs Windows XP on their system, upgrades their Windows 2000 to Service Pack 3, or even just upgrades their Windows Media Player to version 9, they all agree-- through a clickable license-- to let Microsoft have unrestricted access to their computer's hard drive. This isn't just for seeing what is on the drives, either; Microsoft has every right to change the user's hard drive contents as it sees fit, and with no liability to themselves for any damages this may cause to an end user's computer.

Part of the license agreement reads, emphasis mine: "You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer." Source.

Many businesses are refusing to upgrade to Service Pack 3 precisely for this reason. Businesses, however, are really the only users that read software licenses, especially clickable ones. They fear that Microsoft may use this ability to harm their business in some way, especially if they put forth a possibly competing product to one Microsoft makes (such as web browsers, email clients, user authentication software, media players, etc.)

Some businesses are actively looking for alternative networking solutions to Microsoft's products. They do not want Microsoft to have access to their networks, and as a result, their IP, customer database, and financial records. Others are just going to stay at Service Pack 2, even though SP3 fixes many possible security threats in Windows 2000.

General consumer end users, however, normally don't read these clickable licenses. It is the general consumer end user who is at most risk from Microsoft, and any other company that decides to add such a term to their license (as well as a back door into their programs).

Clickable Licenses

At this point, we've all seen them. Generally from downloads of updates from Microsoft, but also upon the instillation of many types of software from office suites to games.

Most of the consumers, however, don't read them. They simply click the "I Agree", or whatever term is used for the license in question (varies from publisher to publisher). However, this is why consumers stand to lose the most freedom and personal privacy.

So far, clickable licenses have held up in court as valid. No signature is required, but the licenses stand as long as you click the appropriate agreeing choice. Most software with such licenses will not install itself if the licenses are refused.

Even console games have similar licenses, but they are printed in the back of the instruction manual. These are considered binding as soon as you open the package.

Because most consumers don't read the licenses they are legally agreeing to, software vendors can put many things within these licenses that the consumer would most likely object to if they had read them. Back doors in programs (Windows XP, Windows 2000 SP3, Windows Media Player 9 for all versions of Windows), spyware (Kazaa, download accelerators, etc.), and adware (Kazaa, download accelerators, etc.) would normally not be agreed upon should these licenses be read.

Of course, being as the licenses are often written in legal terms, they may be somewhat hard for the average user to understand, even if they did read them.

Microsoft has stated that these wordings are purely to comply with future DRM agreements and to protect the IP of whoever owns it. The possibilities, however, are far more onerous.

Digital Rights Management

DRM is the new buzzword around corporate headquarters around the world. With the popularity of file sharing not dwindling down, content owners are ever increasing their desire to strictly control their property. And end user be damned if necessary.

The Recording Industry Association of America, or the RIAA for short, recently tried to get a proposal passed that would allow them to do almost anything short of sending computer viruses to users computers, to try and stop the use of file sharing programs. The proposal asked for the right to send Denial of Service attacks against file sharing networks (DoS); posting false MP3 files with no sound, or corrupted data, with the hopes that people would end up downloading them instead of the real MP3s of the songs; or even programs that would allow the RIAA access to people's computers to erase the traded MP3s.

Microsoft has been another leader in arguing that DRM protocols must be put in place in order to allow copyright holders the ability to control who uses their copyrighted content, where, and when.

The Windows Media Player has, since version 7, stored a file that it periodically sends to Microsoft's servers informing Microsoft of what DVDs, and CDs an end user uses with the program. It also uses an early form of DRM protocols which disable the use of WMA files ripped with the player to work on another computer (files may be re-burned onto CD for use in audio CD players, however).

With the release of Windows XP, Microsoft went a few steps further.

Using the new Product Activation feature in Windows XP, Microsoft has the ability to deny users the right to even boot up their own computer. Should you make a certain amount of hardware changes to your computer (for the purpose of upgrades, for example), then Windows XP will simply not boot up. Instead, you must contact Microsoft and get a new product activation code to allow the software to work. The stated reason for this is to keep users bound to the 1 machine per license Microsoft strongly enforces; if you make too many hardware changes, Windows XP assumes you have tried to put it on a second computer without buying a new license.

If you are connected to the Internet while using Windows XP, the OS tries to contact Microsoft's servers whenever you open a file or program. The purpose of this is to allow Microsoft to see what files or programs you are opening. It doesn't send a copy of the file, but it informs Microsoft of the file name and extension (.exe, .jpg, .mov, .mp3, etc.).

Adding this to their back door, and Microsoft now has the ability to enforce DRM upon consumers. Whether the consumer wants it or not.

Using their proprietary DRM protocol, Palladium, Microsoft hopes to entrench all users in the use of DRM signed media. This has content holders overjoyed, while privacy and fair use rights, and other civil rights activists outraged.

Part of the problem comes from the potential for Palladium to be used to further Microsoft's own agenda. Through the use of Palladium, it has been theorized that Microsoft could lock users out of their own created content. And Microsoft wouldn't be the only ones doing so.

Possible harmful uses for Palladium include:

  • Locking of all office suite documents so that only a Microsoft made office suite program will open them.

  • Allowing remote deletion of files deemed 'inappropriate' by corporations and/or the government.

  • Censorship of the public through remote deleting of files criticizing the government, Microsoft, or any other company that wishes to do so.

  • Locking out of third party programs so that only Microsoft, or their partners' versions will work.

  • Disabling of firewalls and other network protection resources to allow Microsoft, its partners, or the government access to the computer in order to check for Palladium compliance and to check for offensive files/material.

  • And many others.

    Some people have theorized that Palladium may be one reason the Bush Administration Department of Justice backed off of the anti-trust case. It is, according to the theory, entirely possible that Microsoft has given the federal government the full use of the features of Palladium in order for Department of Homeland Security to effectively work.

    In other words, the theory is that Microsoft has basically sold the federal government the ability to spy on its citizenry whenever it wishes, and in a way they might not have easily been able to do before.

    Other countries have also theorized this, hence the apparent large undertaking by many foreign governments to remove all versions of Windows from their official computers and networks. These governments include Peru, China, Germany, and France. They figure that if the US government can use Windows to spy on its own citizens, then surely the US government could do the same to them? They also aren't exactly excited at the prospect of Microsoft also having free access to their governments' official computers.

    Microsoft's next operating system, currently code named Longhorn, will be a fully Palladium compliant OS. In order to utilize this OS, businesses and consumers must purchase Palladium compliant motherboards, which contain an extra chip to utilize Palladium, currently called "Fritz".

    Microsoft is also heavily lobbying for a bill called the UCITA (The Uniform Computer Information Transactions Act), which would make software licenses binding, even if the end user is not allowed to see them. The UCITA could then be used to allow program vendors to insert clauses in the license making it a violation of the license to even criticize the program or company in print or in public; allow vendors to change the terms of the license and make it retroactively take effect; or install backdoors into programs that would allow the vendor to be able to seize control of the end users computer whenever they wish. See links at the bottom of this article for more information on the UCITA.

    It should be noted, however, that many groups oppose the UCITA, including the American Bar Association, The American Library Association, and the Computer Professionals for Social Responsibility. The bill has also failed to pass in many states; only Virginia and Maryland have passed versions of it. 26 State Attourney Generals also oppose the bill.

    Possible Solutions

  • Install a firewall, and not the one found in Windows XP, on your computer or network. Zone Alarm offers free simple firewalls to use, as well as more robust ones for purchase, as do other vendors. A Google search will find you more vendors.

    A firewall can be configured to alert you every time something tries to transmit data from your computer or network to something on the Internet. This can be used to block spyware, adware, and Windows XP's attempts to contact Microsoft. You may also set a firewall to ask your permission when something does want to transmit to an outside source. Deny this permission if you do not know what the program is, or do not want it to send the information even if you do know what it is.

  • Run an older version of Windows (95, 98, Me, 2000 up to SP2), do not download any security patches, and do not upgrade to Windows Media Player 9.

    If you do not upgrade your OS, download any security patches for the OS, nor install WMP9, then the new EULA found with these upgrades is not in effect for you.

  • Change computer's operating system.

    Switch to Apple Computer's Macintosh platform. As far as is known, Apple does currently not have these licensing terms in effect, nor has any plans to add them.

    Switch to a Sun Microsostems solution.

    Switch to an open source operating system. Linux, FreeBSD (and other BSD variants) and other open source operating systems do not have such infringing licenses upon them. Their source code is freely available, and able to be checked at will, as well as free to be modified to suit end users needs (provided the user has adequate knowledge to do so). These operating systems, however, do not carry a warranty. If switching, try and find a distribution house that will offer technical support for free or a small fee if problems arise.

    Switch business servers over to Macintosh, UNIX, or an open source operating system for the same reasons listed above.

  • Contact your representatives.

    Contact your representatives, and demand, in a tact manner, that they oppose any action taken by a company to infringe upon your rights to privacy, and free speech. Inform them that should they not do so, that you will organize voter rallies to support a candidate that will support your rights.

    Politicians want votes. If enough people are informed that representative X is supporting corporate or government agendas to limit voter's rights, then that representative will not become re-elected.

    More links on the subject of backdoors in programs:

    The Register

    The Register

    www.lugod.org (Multiple links within)

    InfoWorld

    InfoWorld

    Google can also find many more articles.

    More info on the UCITA:

    InfoWorld (Multiple links within)

    Affect Americans for Fair Electronic Commerce Transations

    ALA The American Library Association

    CPSR Computer Professionals for Social Responsibility

    Google Links to multiple references of the UTICA and articles about it.

  • Sponsors

    Voxel dot net
    o Managed Hosting
    o VoxCAST Content Delivery
    o Raw Infrastructure

    Login

    Poll
    Should Corporate and Government Interests be Allowed to Usurp Our Rights?
    o Yes. 15%
    o I don't know. 4%
    o No. 80%

    Votes: 182
    Results | Other Polls

    Related Links
    o Google
    o Kazaa
    o Microsoft
    o license
    o Source.
    o Recording Industry Association of America
    o Palladium
    o privacy
    o activists
    o Zone Alarm
    o Apple Computer
    o Sun Microsostems
    o The Register
    o The Register [2]
    o www.lugod. org
    o InfoWorld
    o InfoWorld [2]
    o InfoWorld [3]
    o Affect
    o ALA
    o CPSR
    o Google [2]
    o Also by Dragomire


    Display: Sort:
    Software Vendors Say to Public: "You Have No Rights." | 219 comments (188 topical, 31 editorial, 1 hidden)
    Sorry (2.51 / 33) (#1)
    by starsky on Tue Mar 11, 2003 at 01:22:34 PM EST

    but this is just fucking Linuz zealot bullshit.

    Please compare and contrast your two statements

    1. Microsoft has every right to change the user's hard drive contents as it sees fit, and with no liability to themselves for any damages this may cause to an end user's computer.

    2.Part of the license agreement reads, emphasis mine: "You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer."

    So, do you think anyone sane thinks 2 equates to 1, or do you think that sane people, whose OS choice is not more important than anything else in their lives, would say that you can sum up 2 as 'MS can read what applications you have on your hard disk and supply relevant upgrades'

    Corporate ethics (3.75 / 12) (#2)
    by Yekrats on Tue Mar 11, 2003 at 02:04:56 PM EST

    This is not just about Microsoft, but Microsoft is certainly part of the problem. It's also not just about Linux and open source. This is about corporate ethics, and lack thereof.

    A few companies out there are ethical, but I can probably safely say say they are not the norm. You don't have to give away software for free to be ethical. Likewise, giving something away for free doesn't automatically make you a good company.

    I use Microsoft products, grudgingly. (I'm required to do so at my job.) I would love to love Microsoft, if they would help the industry once in a while, instead of just helping themselves. If they would stick to standards rather than trying to corrupt them for their own use. They are too busy with their own agenda of squashing the competition, and I think it will be their downfall. When they stop producing software, I want something to fall back on.

    [ Parent ]

    Ethical Optimism? (4.85 / 7) (#10)
    by Gooba42 on Tue Mar 11, 2003 at 05:32:04 PM EST

    You seem to be arguing from a standpoint of naivete or optimism about the corporate ethics involved.

    Listen to the corporatists on the site and you'll have more to go on. Corporations do everything in their power to make money, bar none. Their power is limited by their physical capabilities and the laws which govern them.

    Just because no company has kicked down your door doesn't mean they wouldn't if they could do so without any repercussions.  With laws steadily decreasing the repercussions you can expect that with the profit monkey on their backs, they will come calling.

    [ Parent ]

    Listen up dude (2.50 / 2) (#120)
    by richardo on Wed Mar 12, 2003 at 08:46:55 PM EST

    Do you REALLY think a company is stupid enough to send the contents of your hard disk over the internet. Especially when you happen to be a HUGE company with all kind of governments, judges, SEC's, linux zealots, and random tin foil hat wearing freeks watching EVERY move you make?

    Let me tell you this - EVERY KIND OF TRANSMISSION from ANY kind of microsoft software has been tcpdump'ed to hell and back. I'm sure there are hundreds of drooling slashdot users who routinely run tcpdump on their microsoft boxes. If microsoft managed to send ONE WRONG THING - we'd know about it.

    Why people who come up with conspiracy theories about Microsoft sending evil things to home base have not thought about this is beyond me.

    [ Parent ]

    Tcpdump has limitations (5.00 / 1) (#151)
    by kcbrown on Thu Mar 13, 2003 at 07:42:33 AM EST

    Let me tell you this - EVERY KIND OF TRANSMISSION from ANY kind of microsoft software has been tcpdump'ed to hell and back. I'm sure there are hundreds of drooling slashdot users who routinely run tcpdump on their microsoft boxes. If microsoft managed to send ONE WRONG THING - we'd know about it.
    That's a nice sentiment. Too bad it's not terribly true.

    Microsoft uses SSL to establish connections to their servers in order to transmit data used for the update process. There's little reason to believe they won't use it for other things (e.g., WMP) as well.

    The people who wrote this article had to intercept the calls made using the Wininet API. Tcpdump is essentially useless for SSL connections -- and that's the way it should be (because otherwise SSL is useless as a secure transport mechanism).

    Now that Microsoft knows how they figured out what was going on, you can be they'll change their methods to make them even more difficult to trace.

    And we haven't even talked about Palladium yet...

    Microsoft is really bad about building end-user systems that are secure from outside attack. So bad that it makes one wonder whether that isn't by design. But don't make the mistake of assuming that the security of things that are truly important to them is just as bad as the security of their end-user solutions. They care a great deal about the former, and very little about the latter. I think you can figure out which they're likely to pay more careful attention to.

    [ Parent ]

    Can someone (1.00 / 1) (#152)
    by starsky on Thu Mar 13, 2003 at 08:32:30 AM EST

    explain to me why MS would care what is on my HD? It's like gimps that worry about the CCTV society, as if there's some higher authority desperate to observe exactly how often they stroke their bone to Japanese cartoons.

    [ Parent ]
    Not necessary that they care... (none / 0) (#219)
    by Gooba42 on Tue Mar 18, 2003 at 01:05:04 AM EST

    It's only necessary that there be a profit motive for them to keep an eye on it. If they see what's on my hard drive it probably doesn't matter to them except for the marketing and research opportunity it provides.

    If they see everyone using WinXP watches more MPGs than WMV, you think they might use that information to change their marketing strategies?

    It's cheating, it's using inside information which they collect without my knowledge or informed consent. The EULA exists but in all honesty how many lay persons can fully interpret the extent of their obligations in one of these?

    [ Parent ]

    The Key... (2.66 / 6) (#11)
    by kralizec on Tue Mar 11, 2003 at 05:54:39 PM EST

    I think the key to this is what actually Product means... it could be only the OS, and in that case it might be acceptable (though I personally would't like it at all).

    OTOH, Microsoft might think (and even worse, make a judge think) that in order to check the OS version they can have a look over all my hard disk. Please don't tell me they wouldn't be so mean as to do it... I don't believe it, and I don't think you are so nave to believe it, neither.

    So, I think this is overall a Bad Idea to allow any corporation to mess with your computer more than necessary.

    Finally, this have just come across my mind... might Microsoft detect my LINUX installation in its "OS check", decide it's incompatible with Windows, and then proceed to erase the whole damn partition as an "Update"? I don't want to know if they will, just if they can... I don't trust their good willness, so I've got to care about what they can do.

    ---
    Un sot toujours trouve un plus sot qui l'admire
    [ Parent ]

    I think 2 is ~ 1 (5.00 / 1) (#13)
    by bjlhct on Tue Mar 11, 2003 at 07:29:56 PM EST

    and people say I'm sane. Maybe they're lying to me but I don't think so.

    *
    [kur0(or)5hin http://www.kuro5hin.org/intelligence] - drowning your sorrows in intellectualism
    [ Parent ]
    Thank you! (3.25 / 8) (#115)
    by coryking on Wed Mar 12, 2003 at 08:25:45 PM EST

    I too was wondering this leap of logic was made. This article is pure bullshit, and the Microsoft bashing has long since grown tired, I stomped reading half way through. It's really something you'd see on slashdot - made up crap to prove how evil "M$" is and how great linux is. Long live linux!

    Folks: People use Microsoft cause it works. Plain and simple. For %99.9999999 of the world - linux, and unix is too much of a pain in the ass to use. The saying "It's only free if your time is free" is very, very true.

    But you can mod me down now, cause this article is apparently from slashdot - and cause lord help me if I think Microsoft is a phenomenal company.

    [ Parent ]

    Software... (2.50 / 6) (#6)
    by steveftoth on Tue Mar 11, 2003 at 03:33:46 PM EST

    The problem with software after the internet is the marketing people realized that they can now install software on your computer as they wish instead of when you want to.  

    Since most people want single click install, they want the no questions asked instant solution that many programs offer.  Instead of investigating what a program actually does, most people just blindly download and install.  It's their own fault for using software at home that does things they don't want.

    Disagree (4.37 / 8) (#29)
    by BushidoCoder on Wed Mar 12, 2003 at 01:20:27 AM EST

    It's their own fault for using software at home that does things they don't want.

    No matter how many times you try to explain computing to my mother, she will never understand it. It is unreasonable to assume that every user will understand the ramifications of what they install. It is also unreasonable to assume that people have the responsibility to learn anything more than what they have to about computing in order to work. A secretary at a shipping company should not be expected to go out and drop a grand on a computer security course if all her job requires she know how to do is type the occasional Word doc.

    Like it or not, computing has been moving in the direction of "do it automatically without me" for years. The hardcore purists (most Linux guys now, but tons of others tossed in) don't help matters by refusing to approach Linux from the point of view of someone who's never heard of it before. As a result, these people are pushed towards Windows and Macs. You can't blame them for it.

    \bc

    [ Parent ]

    I think you're arguing around me. (none / 0) (#187)
    by steveftoth on Thu Mar 13, 2003 at 04:01:00 PM EST

    I agree that people do want one click installs.

    I think that things should be one click installs.

    However, I also think that products should do what they advertise, nothing more.  The problem is that almost every piece of software installs like twenty others that are compeletly unrelated to the thing you want.  Why does installing a game install game spy, AOL and a patch system?  Should it?  Maybe, but probably not.  
    Installing Kazza should not install spyware on my machine.  It should not cause my urls to be fed back to their servers or my keystrokes saved. (Gator?)  
    If you install these programs the fault lays on the user because they double clicked, before checking out what the program does.  
    Maybe this shouldn't be an issue.  But then again maybe people shouldn't install every screen saver in the world.  The worst programs, the ones that really mess up your computer are usually the ones that also cost nothing.  So it's your own fault for trying to get something for nothing.

    As far as work computers go, you should definatitly not install anything on your work machine that is not related to work.  The IT people should be in charge of your computer unless you are one of those people who develop software or do IT work.  The average Word processor shouldn't be installing crap on their computer because the quality of software is so low.  

    I feel that you are taking a risk everytime you are installing software these days.  In the Windows world of running as root, since you have so much control over your machine, and every program does too, it causes havoc to ensue if only one program errs.  When most software must edit the registry, and write files to system directories there is no telling what could happen.

    This is one reason I like Mac software.  To install the vast majority of mac software all you need to do is simply copy one file.  The application file.  And viola, it works.  True in the old mac enviroment, you were always running as 'root' but in OSX, you no longer have that problem.

    Computers should be simplier and more user friendly then they are today.  But that doesn't mean that the users should be dumber, not able to determine what their computer is doing.

    [ Parent ]

    Abuse of monopoly powers (4.40 / 15) (#7)
    by FlipFlop on Tue Mar 11, 2003 at 04:18:28 PM EST

    Copyright is a limited government granted monopoly. Copyright grants an author six exclusive rights:

    1. The right of reproduction
    2. The right to create derivative works
    3. The right to distribution
    4. The right to performance
    5. The right to display, and
    6. A digital transmission performance right

    Nowhere in there do I see the right to spy on users, change the contents of a user's computer, or prohibit discussion of the product. Congress does not have the authority to grant these rights, but copyright holders use their limited monopolies do demand them anyway. This is an abuse of monopoly powers. I think EULAs should be allowed to address the six exclusive rights spelled out in copyright law. However, congress should bar EULAs from demanding new rights which congress has not granted.

    AdTI - The think tank that didn't

    huh? (2.75 / 8) (#12)
    by Danse on Tue Mar 11, 2003 at 06:20:47 PM EST

    So we should just chuck contract law out the window then? That's all a EULA is, a contract. Now there are often problems with the way a EULA is presented, such as those that can't be viewed until after the product has already been purchased, but that's another argument.






    An honest debate between Bush and Kerry
    [ Parent ]
    EULA's aren't contracts (4.25 / 4) (#19)
    by vadim on Tue Mar 11, 2003 at 08:53:58 PM EST

    Or at least shouldn't be. First, a contract must be agreed on by both parties and signed. EULAs are in almost all cases requirement for the user to waive some rights, almost never giving anything in exchange, "no warranty", etc. IIRC, my ISP only guarantees the availability of 10% of the bandwidth I pay for.

    Second, I don't see how an EULA can be proved to have been accepted. What if it was on a textarea in a website and I edited it? Or if I copied the CD to my disk, replaced eula.txt with a blank file, and agreed to that? Or what if a 10 year old clicked on the "ok" button?
    --
    <@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
    [ Parent ]

    not sure about that (2.66 / 3) (#24)
    by Danse on Tue Mar 11, 2003 at 10:01:13 PM EST

    First, a contract must be agreed on by both parties and signed.

    Stores often print their exchange and return policies on their receipts when you pay with a credit card. When you sign the receipt, you are agreeing to their policy. Now they haven't signed anything. Only you did. Should that be unenforceable too?

    Second, I don't see how an EULA can be proved to have been accepted.

    There are laws regarding this as well, and it's up to the software companies to ensure that they use a system where they can prove that you agreed to the EULA.






    An honest debate between Bush and Kerry
    [ Parent ]
    Yup, it should be unenforceable. (3.50 / 2) (#35)
    by vadim on Wed Mar 12, 2003 at 05:38:10 AM EST

    You can print whatever policy you want in your shop, but that doesn't make it law. Here, the government defines rules that businesses must follows. For example, we have a minimum warranty, by law. You can stick all the "no warranty" signs you want, but if I come, and ask to change something on that warranty and you refuse I can sue you without any problems.
    --
    <@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
    [ Parent ]
    Sure (none / 0) (#49)
    by Danse on Wed Mar 12, 2003 at 11:39:25 AM EST

    But as long as their warranty or other terms do not conflict with the law, then they would hold up in court. Same goes for EULAs. If they contain terms that are not legal in your state, then that portion would not be enforceable. Other than that, they would probably hold up.






    An honest debate between Bush and Kerry
    [ Parent ]
    No, I don't agree. (4.75 / 4) (#76)
    by vadim on Wed Mar 12, 2003 at 04:19:35 PM EST

    Things like warranty and payment issues are discussed before buying the product. They're usually advertised, too. And they're strictly limited by law as well.

    Compare that with a software EULA. It will come inside a shrink wrapped box, often only on the CD. Then you insert that CD, and are presented with an agreement that says that I will agree not to reverse-engineer, decompile, or sometimes even sue the company that made it. There are a few problems here.

    First, the fact that I see the EULA only after having bought the product. When I'm say, entering a shop, and see a "No dogs allowed" sign on it, then that sends me a clear message that the owner doesn't want me to come in with a dog. What happens with EULAs though, is that I enter the shop, and somewhere far on the wall there is a "No dogs allowed" sign. Actually, it's even worse, because you don't get an easy explanation of what they want from you, they present it in legalese instead. That's almost like having a paper that says "By entering this shop you agree that you will not enter with any animal of the canine specie..." instead of a normal sign.

    Second, I'm asked to agree to a license provided by somebody who I may never have heard about. I enter "Jake's software shop", buy something, and at home see I have to agree to a license provided by Macrowidgets Inc. I can't just go to the shop and discuss that I don't like that "I won't sue your company" clause. They haven't written it.

    This is completely different from when I buy for example a hammer. When I buy a hammer at a shop I only need to deal with that shop, not with whoever made the hammer.

    Just the crap above should make EULAs illegal. I don't know anything else besides software that has anything similar. Imagine that on a book for example: "You will not use this book as a source of knowledge for your own books". Or a hammer: "You agree to use this hammer only with our nails"
    --
    <@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
    [ Parent ]

    Ok (5.00 / 1) (#99)
    by Danse on Wed Mar 12, 2003 at 06:54:03 PM EST

    I'm not saying that there aren't problems with the way things are right now. But they can be rectified without the banning of EULAs. See my post here for my explanation of this. The only part I didn't address is the fact that you cannot negotiate the contract. In the case of a EULA, you can simply consider that the author does not wish to negotiate, which is his right.






    An honest debate between Bush and Kerry
    [ Parent ]
    Your comment is OT... (5.00 / 1) (#74)
    by SPYvSPY on Wed Mar 12, 2003 at 04:14:00 PM EST

    Your comment pertains to the order of precedence as between a contract and certain laws. I can have a valid contract that has certain terms (or even all of its terms) overridden by statutory or regulatory rules that trump. On the other hand, I can also have a contract that trumps the statutory or regulatory rules.

    It all depends on whether the lawmakers/judges think that there is a public policy concern that places the contract below the law in the order of precedence. In most cases, parties to a contract are free to agree to whatever they want.

    For example, if I buy something from you without a contract, most US states will imply a number of warranties on the goods sold. On the other hand, if you and I agree to waive those warranties, we are free to do so. However, if the law says certain warranties cannot be waived, even by agreement between the parties, then the warranty applies *despite our still-perfectly-valid contract*. The contract is still a good one, but the law prohibits enforcement of the warranty disclaimer.
    ------------------------------------------------

    By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.
    [ Parent ]

    Trickery (none / 0) (#108)
    by Bios_Hakr on Wed Mar 12, 2003 at 07:35:06 PM EST

    If you have a recipt with the return policy on the back, you are signing the recipt, not the contract.

    The real problem is:  If BestBuy or CircuitShitty screws you, you don't have the power to fight them.  They can bring hundreds of lawyers to bear agianst you and crush you before you even have a chance to file in small claims court.


    [ Parent ]

    This is it. (5.00 / 1) (#212)
    by losthalo on Fri Mar 14, 2003 at 03:57:36 PM EST

    <<The real problem is: If BestBuy or CircuitShitty screws you, you don't have the power to fight them. They can bring hundreds of lawyers to bear agianst you and crush you before you even have a chance to file in small claims court.>>

    This is the real problem with laws and the US court system. It all comes down to money, money can let you smash people in court, even if you're in the wrong. Everyone just assumes this is the case, too, it's not as if it's some big secret. If ordinary people could stand on a footing with corporations, the US would be a whole lot more like the bastion of freedom it claims to be.

    (Losthalo)

    "If you want to see what God thinks of money, just look at all the people He gave it to."
    (Dorothy Parker)

    [ Parent ]
    Different case (none / 0) (#92)
    by pyro9 on Wed Mar 12, 2003 at 05:55:12 PM EST

    The return policy thing is a different case. The store normally has no obligation to accept returns at all unless the merchandise is defective. In general, the policy on your recipt is more leniant than that. In cases where it is not, they will not likely press the issue if you suggest going to court. That's because it wouldn't hold up if you did.

    So, go ahead and demand that they refuse to take the item back, they won't mind, but they will get a good laugh.

    Further, no matter what the reciept says, they must still honor the implied warranty of mercantability. You'll notice that their policy never says anything about not being allowed to publish negative reviews or transfer ownership.


    The future isn't what it used to be
    [ Parent ]
    Right... (none / 0) (#102)
    by Danse on Wed Mar 12, 2003 at 07:00:58 PM EST

    Further, no matter what the reciept says, they must still honor the implied warranty of mercantability. You'll notice that their policy never says anything about not being allowed to publish negative reviews or transfer ownership.

    But since there are different rules for intellectual property than for physical property, your example is irrelevant. You can't be prohibited from making your own copy of some product (only from selling it if it would violate patent or trademark laws). You can however be prohibited from making a copy of intellectual property. That makes all the difference here.






    An honest debate between Bush and Kerry
    [ Parent ]
    That's not contract law (none / 0) (#110)
    by pyro9 on Wed Mar 12, 2003 at 07:42:37 PM EST

    According to copyright law, I may make personal copies. I may not give or sell copies to others. Contract law has nothing to do with that.

    The fundamental difference betweel a EULA nad signing a return policy on your recipt is that the recipt is granting me rights I don't otherwise enjoy, so I'd be a fool to contest it (even though it holds little real weight). The EULA, on the other hand, does seek to take rights away from me that I do otherwise enjoy under copyright and first sale, in exchange for nothing.

    In the rare case that a 'recipt agreement' (for lack of a better term) seeks to take away rights I otherwise enjoy, it will be ruled invalid. The stores know this (as I said), so they don't press it.

    The question was should the 'recipt agreement' be invalid, and I informed you that not only should it be invalid, but it IS, in fact, invalid. That is in spite of the fact that unlike a EULA which is hidden until after the fact, the recipt is presented at the time of sale, and the transaction isn't complete until you sign it.


    The future isn't what it used to be
    [ Parent ]
    Nonsense. (none / 0) (#73)
    by SPYvSPY on Wed Mar 12, 2003 at 04:06:43 PM EST

    EULA = End User License Agreement. Agreement. EULA's that are composed and implemented in a manner that is consistent with general commercial laws, and that conform with any local laws/regulations governing online contracting, are valid contracts. Contrary to popular belief, a valid contract does not require two meatspace signatures on a dead tree.
    ------------------------------------------------

    By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.
    [ Parent ]

    What kind of agreement is that? (4.00 / 1) (#80)
    by vadim on Wed Mar 12, 2003 at 04:37:43 PM EST

    I mean, an agreement is when you ask me "Will you do $work for me" and I say "Will you pay $amount to me?" and we both agree on those terms.

    Whatever happens when you give me a CD with a paper that says "By playing this CD you agree not to make copies of it" is not IMO any kind of agreement. First, because you don't agree to anything. You're forcing me to comply with your terms. Second, because EULAs are usually directed at whoever opens the box. That may be a 10 year old kid, as I said, who by law can't enter a contract. Third, because there's no way of telling whether a CD was played or not. On the other hand, ink marks on dead trees, digital signatures, and other methods are easily verifyable.
    --
    <@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
    [ Parent ]

    Two responses.... (none / 0) (#162)
    by SPYvSPY on Thu Mar 13, 2003 at 10:00:16 AM EST

    1) The benefit to you is the ability to enjoy the software/music/website/whatever. There may or may not be commercial value to you; it doesn't really matter. The threshold for proper consideration supporting a contract is quite low. In fact, I would argue that almost no contracts are voided for lack of consideration these days. Also, the real lack of consideration is in the other direction. That is, where a vendor is giving away software, they might have an argument that you have not provided consideration, since you didn't pay. But they would never raise the point, since they are trying to enforce the EULA.

    2) You make an excellent point about minors. In many states, minors (the age of minority varies) cannot be held to contracts. I am not sure how this affects EULAs. I don't think this question has been litigated. If I were defending a thirteen year old in a warez prosecution, I would use this argument, I think.
    ------------------------------------------------

    By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.
    [ Parent ]

    Nonsense (none / 0) (#83)
    by dipierro on Wed Mar 12, 2003 at 04:48:56 PM EST

    First, a contract must be agreed on by both parties and signed.

    Uh oh. Someone better warn Amazon.com and all the other online e-commerce sites that their $869 billion in sales are all based on non-binding contractual agreements.



    [ Parent ]
    What do sales have to do with contracts? (none / 0) (#84)
    by vadim on Wed Mar 12, 2003 at 05:04:27 PM EST

    When I enter a shop and buy a product I'm not presented with an agreement, or asked to sign a contract. Are you?
    --
    <@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
    [ Parent ]
    Umm (none / 0) (#87)
    by dipierro on Wed Mar 12, 2003 at 05:26:50 PM EST

    A sale is a contract.



    [ Parent ]
    Hmm, you're right. [n/t] (1.00 / 1) (#89)
    by vadim on Wed Mar 12, 2003 at 05:38:44 PM EST


    --
    <@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
    [ Parent ]
    No it is not. (5.00 / 1) (#117)
    by cpt kangarooski on Wed Mar 12, 2003 at 08:31:50 PM EST

    If pure ordinary conduct such as that were a contract it would expand the meaning of a contract so much that it would be meaningless.

    A sale is a SALE. This is why, for example, there are seperate (though related) bodies of law for contracts (which are largely common law) and sales (which are largely statutory forms of the UCC).

    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]

    Maybe you should read the UCC (none / 0) (#128)
    by dipierro on Wed Mar 12, 2003 at 11:04:16 PM EST

    before you make inane comments about it. A sale is a contract.

    [ Parent ]
    Oh, I have. (5.00 / 1) (#136)
    by cpt kangarooski on Thu Mar 13, 2003 at 12:23:11 AM EST

    A sale can be accomplished by a contract, but it need not be. I suggest you look more closely at 2-103(a)(1),(4), 2-106(1), the official comment to 2-106(1), and to bear in mind that even where there is a UCC contract, it's different than a common law contract.

    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]
    I've read them (none / 0) (#155)
    by dipierro on Thu Mar 13, 2003 at 09:08:25 AM EST

    I don't see where it says that a sale is not a contract.

    [ Parent ]
    A brief interlude (none / 0) (#177)
    by cpt kangarooski on Thu Mar 13, 2003 at 12:44:39 PM EST

    Largely it's implied. IIRC, there is a point in defining seller and buyer that the transactions they're involved in can be a contract, but don't have to be.

    However, I'm flying to FL for my spring break in a couple of hours and I didn't bring my copy of the UCC with me. So if you like, we can resume this in a week and a half or so.

    But trust me, it's there. And even as a common sense matter, the act of picking up a newspaper at a newsstand and leaving a quarter... if this is a contract, it makes too many things contracts.

    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]

    Have a good spring break (none / 0) (#179)
    by dipierro on Thu Mar 13, 2003 at 01:12:37 PM EST

    I'm sure this discussion will be long forgotten when you get back :).

    [ Parent ]
    God I hope so. n/t (none / 0) (#203)
    by cpt kangarooski on Fri Mar 14, 2003 at 02:51:16 AM EST



    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]
    Still not the same (3.00 / 2) (#95)
    by pyro9 on Wed Mar 12, 2003 at 06:06:02 PM EST

    When you buy a book from Amazon, the exchange of payment (or at least promise of payment through a 3rd party credit card) in exchange for merchandise (or at least the promise of the merchandise).

    In a eula, you agree to waive many rights in exchange for...NOTHING.

    That's not a contract. If they want it to be binding, there'd better be a check enclosed. However, if you tear up the check, they're out of luck.

    NOTE: That's how it's SUPPOSED to be. I'm well aware that in the modern perversity of the courtroom, it doesn't always work out that way.


    The future isn't what it used to be
    [ Parent ]
    No they aren't (none / 0) (#183)
    by Happy Monkey on Thu Mar 13, 2003 at 01:46:50 PM EST

    The customer has a contract with the bank that supplies their credit card. The bank has a contract with a credit card company (Visa, Mastercard, etc). Amazon has a contract with the credit card company.
    ___
    Length 17, Width 3
    [ Parent ]
    I never signed (none / 0) (#195)
    by dipierro on Thu Mar 13, 2003 at 06:27:55 PM EST

    a contract with Mastercard. And they haven't signed anything either. There's just this little note on the back that says "Use of this card constitutes acceptance of the terms and conditions governing the account." Yet somehow they still get paid. Go figure.

    [ Parent ]
    How did you get (none / 0) (#196)
    by Happy Monkey on Thu Mar 13, 2003 at 06:29:48 PM EST

    your card?
    ___
    Length 17, Width 3
    [ Parent ]
    www.citi.com n/t (none / 0) (#200)
    by dipierro on Thu Mar 13, 2003 at 11:15:09 PM EST



    [ Parent ]
    Regarding EULA's (3.00 / 5) (#30)
    by Eater on Wed Mar 12, 2003 at 01:32:06 AM EST

    The whole EULA thing is just a means of exploiting a loophole - since actually selling the software wouldn't be good enough for these companies, they use the loophole of "contracts" to get customers to think they are buying a product but at the same tack on a bunch of crap to benefit themselves. The whole idea of software licenses is exploiting a legal loophole of sorts. After all, I don't sign a license when I purchase a book - I just have to abide by copyright laws and not sell copies of the book, but that's about as far as it goes, and that is not part of an agreement between me and the book publisher but between me and the government. I'm not sure how EULA's could be made illegal (and I am almost completely sure that in the present political situation something like this would be nearly impossible), but I have no doubt that they need to be.

    Eater.

    [ Parent ]
    nope (2.60 / 5) (#33)
    by Danse on Wed Mar 12, 2003 at 04:36:18 AM EST

    There is no loophole. If people think they're buying something, then they just haven't read the terms, or just aren't very bright. Nobody is forcing them to use the software or agree to the terms. They decide to do this themselves. There's no reason that someone couldn't decide to have you sign a contract in order to buy a book from them. They would make you sign before buying because they could not otherwise enforce the contract. In the case of software, they can make sure you "sign" before you use the software, which suits their purposes. If you don't like the EULA, then don't use the software. It's really quite simple like that. There isn't anything wrong with them attaching terms to the use of their software. It's quite a common thing to do in many industries. The customer simply decides whether he's willing to agree to the terms or not.






    An honest debate between Bush and Kerry
    [ Parent ]
    Well there's the crux of the matter (4.33 / 6) (#34)
    by squigly on Wed Mar 12, 2003 at 05:35:13 AM EST

    When I buy software, I make a contract.  I give money in exchange for a product, which implicitely gives me the right to use it.

    When I try to exercise that right, I am forced to make another contract which allows me to use the software I just purchased.  What are they offering me in exchange?  The right to copy to the hard disk and memory?  Surely this was implied when I bought the software.  If they're preventing me from using software that I've bought, then it's coercion.

    [ Parent ]

    Exactly. (3.00 / 2) (#42)
    by acceleriter on Wed Mar 12, 2003 at 08:16:28 AM EST

    I am forced to make another contract which allows me to use the software I just purchased.

    There is no consideration for "agreeing" to a EULA, and thus no contract.

    [ Parent ]

    Except it's not quite so clear cut as that (5.00 / 2) (#43)
    by squigly on Wed Mar 12, 2003 at 08:49:14 AM EST

    There's the fact that you are making a copy when copying to the hard drive, and that if you disagree with the contract terms, you can get a refund.  The company lawyers can probably come up with a few more arguments, but it boils down to the fact that you don't have to accept.

    Now, actually, you can't get a refund.  The agreement is between you and a software company, and therefore cannot be binding on a third party (the shop you bought it from).  Since IANAL, I have no idea what this means about the validity of the contract.

    [ Parent ]

    Refund? (4.50 / 2) (#45)
    by acceleriter on Wed Mar 12, 2003 at 09:36:18 AM EST

    The fact that you actually can't get a refund seems to me to nullify any contract that might have existed--even if the contract without any real consideration other than being allowed to use what the user already bought is by some miracle valid. IANAL either :).

    [ Parent ]
    yep (5.00 / 5) (#51)
    by Danse on Wed Mar 12, 2003 at 11:43:44 AM EST

    Well, IANAL either :) But I do agree that the user either needs to be able to read the EULA prior to purchasing the software, or needs to be able to return the software for a full refund if they do not agree to the EULA. If software vendor's want their EULAs to be considered valid, then they should have to allow those things. I was quite rightly pissed when Microsoft was refusing refunds, and I believe that if you are not able to refuse a EULA and get a refund, then the EULA should be nullified.






    An honest debate between Bush and Kerry
    [ Parent ]
    That's no consideration (5.00 / 1) (#122)
    by cpt kangarooski on Wed Mar 12, 2003 at 08:52:46 PM EST

    There's the fact that you are making a copy when copying to the hard drive

    Copyright does not extend to preventing owners of a copy of software from making copies as needed to use it, or backup copies as desired. Note that that's owners of a copy, as distinguished from owners of the copyright.

    Thus, you have a right to make a copy to the hard disk. And the MAI decision holding that copies in RAM are fixed copies as opposed to ephemereal copies is frankly wrong and argued about quite a bit. Certainly it indicates a total lack of understanding as to how the technology works. Not that it's a big deal here, but it's still a significant issue.

    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]

    You need to understand... (3.50 / 2) (#77)
    by SPYvSPY on Wed Mar 12, 2003 at 04:20:57 PM EST

    ...what you bought was the media upon which the software is etched. You did not buy the software. The software is licensed to you, since software is nothing more or less than intellectual property.

    Incidentally, there is consideration for EULAs. You'll see that most EULAs say either "in consideration for your payment of the license fee..." or "in consideration for your agreement to abide by the following terms" or "in consideration for your use of this site..." and so on. Don't forget, all it takes is a 'peppercorn' to constitute valid consideration.
    ------------------------------------------------

    By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.
    [ Parent ]

    Pshaw (5.00 / 3) (#121)
    by cpt kangarooski on Wed Mar 12, 2003 at 08:47:51 PM EST

    There is no difference between buying the medium and buying the copy. They are PRECISELY the same thing.

    So you're flat-out wrong, and the law is pretty plain on this subject. When you buy a disc containing software, you bought a copy of the software as well.

    The fact that it is a copy of a work is irrelevant. You may think so, having no real understanding of it, but buying software on CD is no different than buying text in a book or music on a cassette.

    Now, you didn't buy the work in toto; you did not acquire the copyright to the work by getting a copy, but that has nothing to do with whether or not you can use the copy you got. You absolutely, positively CAN.

    I encourage you to check out 17 USC 117(a) along these lines. It provides that if someone purchases a copy of a computer program, they have a right to make copies needed to use it. Clearly Congress would not have passed this law if they didn't foresee people buying copies of computer programs.

    This is then the argument against EULAs -- if you owned that copy, and had a right to use that copy, and a right to back up that copy, what the hell consideration is the EULA giving you? That it is a contract involved in a sale transaction invokes the UCC, which is very hostile towards post-sale contracts.

    The best hope a EULA has is the argument that the buyer knew that there would be a EULA and therefore it's considered a contract controlling the sale in the first place. But this is a very weak argument indeed; hence the basically failed attempts to amend the UCC with UCITA.

    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]

    Good lord... (none / 0) (#160)
    by SPYvSPY on Thu Mar 13, 2003 at 09:53:58 AM EST

    ...if you think that you own the software that you buy, you are sorely mistaken. You have been granted a limited right to use (and perhaps copy and do some other things), but that is entirely different from the full bundle of ownership rights.

    No need to encourage me to look at Title 17; I'm very familiar with it.
    ------------------------------------------------

    By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.
    [ Parent ]

    Stop shifting about (none / 0) (#175)
    by cpt kangarooski on Thu Mar 13, 2003 at 12:41:11 PM EST

    First you said that you cannot buy software because it is 'intellectual property,' by which I take it to mean because it is (if it is) copyrighted.

    Now you're saying that in practice I may not have been sold software, and you're not disagreeing with my contention that it is entirely possible to buy software.

    I agree that there is an argument to be made with regards to EULAs overriding what is otherwise a normal sale transaction.

    However I disagree that EULAs actually are effectual in the vast majority of instances. Due to copyright preempting contract rights under certain circumstances, and due to the UCC being involved.

    As an example of software that is sold -- well, conveyed at any rate -- please check out most GNU software. The GPL is not a EULA; it explicitly has nothing to do with use, and it is geared at rights that purchasers of any copy of any work are normally excluded from.

    You have been granted a limited right to use (and perhaps copy and do some other things), but that is entirely different from the full bundle of ownership rights.

    What's different? Under property, sales, and copyright law if I bought software outright I'd have an unlimited right to use, a limited right to copy that satisfies me (copies needed for use and copies desired for backup) and some other things, such as a right to comment, to resell, etc. It doesn't sound as though I'm getting much consideration from these EULAs at all, does it; which is odd since I already paid my money before the EULA ever appeared.

    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]

    I remember you. (none / 0) (#181)
    by SPYvSPY on Thu Mar 13, 2003 at 01:41:04 PM EST

    We had this dicussion on /. a long time ago. I guess we'll do this again.

    Yes, it is possible to own software. Microsoft owns Windows XP. If, for some reason, Microsoft wanted to sell you Windows XP, they would give you a copy, along with the source code, and you would write them a check for a few billion dollars. Obviously, buying a copy of Windows XP off the shelf is not the same.

    When 'buying' a copy of off-the-shelf software, you are (a) buying the media, and possibly some support services, and (b) buying a limited license to use the intellectual property (i.e., the executable version of the software) on the disc.

    The GPL is a license. It's right there in the name, dude. The GPL does not convey ownership of the software to the end user. If it did, the end user would be able to change the terms of the license. I don't care what you say, there are restrictions on the use GPL'd software: namely, the requirement that source code be passed on and properly attributed. If you owned GPL'd software, you would be free to ignore that requirement. You are not free to ignore that requirement. This is because the original authors of the software (technically, they are the collective 'owners' of it) are exercising their ownership rights by attaching conditions on your license to use it.
    ------------------------------------------------

    By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.
    [ Parent ]

    I hadn't remembered; no offense. (5.00 / 1) (#202)
    by cpt kangarooski on Fri Mar 14, 2003 at 02:50:45 AM EST

    Yes, it is possible to own software.

    Well, that's very similar to what I'm saying. I would only clarify by saying that it is impossible to own a work generally, but it is possible to own a specific copy of that work, and seperate from that it is possible to own a copyright as to that work.

    The work; the copyright on the work; and a copy of the work; these are all seperate things. See for example 17 U.S.C. §§ 201(a), 202, and various parts of 101.

    Microsoft owns Windows XP.

    No, MS owns the copyright to Windows XP. Windows XP in the abstract is unownable. Individual copies of Windows XP may or may not be owned by numerous people around the world who have bought them from Microsoft or an intermediary. That depends a lot on the nuances of local law. Within the U.S. it is arguable that lots of people own lots of copies of Windows XP, though copyright law limits what they can legally do with the copies they own.

    If, for some reason, Microsoft wanted to sell you Windows XP, they would give you a copy, along with the source code, and you would write them a check for a few billion dollars.

    I'd appreciate the source code, but if I'm merely interested in purchasing a copy of the binaries, I don't see why it would cost anything in particular. I would not be buying the copyright to Windows XP; only a specific copy.

    Similarly, if I go to the bookstore, I can buy a copy of a book. I own it, and it's simply not arguable that I do not. I do not own the copyright on the work, but I don't have to do so as a prerequisite for owning the copy. That's what § 202 is all about.

    Obviously, buying a copy of Windows XP off the shelf is not the same.

    It certainly is not the same as your example. I never said it was. But buying a copy of Windows XP off the shelf is arguably exactly the same as buying a copy of a book off a bookstore shelf. Each is a copy embodying a copyrighted work; in each instance, the buyer owns the particular copy, but not the copyright, and the work remains unownable by anyone at all.

    When 'buying' a copy of off-the-shelf software, you are (a) buying the media, and possibly some support services, and (b) buying a limited license to use the intellectual property (i.e., the executable version of the software) on the disc.

    Not at all. Maybe in certain rare instances, if we ignore the bits where you're flat-out wrong, but I don't think that you have summed up the essence of an ordinary consumer purchase of software in any way shape or form.

    If you buy a copy of off-the-shelf software, you are buying that copy of the work. You have not, per § 202 bought the copyright. Congress expects that people will ordinarily buy copies of copyrighted works.

    For example, in 17 U.S.C. § 109 we see this: [T]he owner of a particular copy . . . is entitled, without the authority of the copyright owner, to sell or otherwise dispose of the possession of that copy or phonorecord.

    If copies of works were not sold, and the ownership of those copies remained in the hands of the copyright holder, it would be meaningless to say that they could be sold by the owner without the copyright holder's permission, since they would be the same person. It is expected by the LAW that they will NOT be the same person.

    Historically, this arose in the early 20th century when people wanted to sell books that they had purchased from bookstores and the copyright holder was (wrongfully, the Supreme Court said, prior to the passage of this law) telling them that they could not sell the used books below the retail price.

    Clearly book purchasers were owning the books they bought off the shelf. Not the copyrights. Not the work altogether. Just the copies of the work.

    Another example, in 17 U.S.C. § 117(a), it is not an infringement for the owner of a copy of a computer program to make . . . another copy . . . of that computer program . . . .

    Clearly Congress expects that people will own copies of computer programs. And that the owners will not be the copyright holders, since a copyright holder cannot infringe against himself! Ergo the owners must be people who purchased COPIES outright. They didn't need to purchase special rights: just copies. Says so right in the code as it sets no other prerequisites to take advantage of this section.

    FURTHERMORE, copyright holders do NOT have a right to control the use of their work. The reason is that the ONLY exclusive rights of the copyright holder are laid out in §§ 106 and 106A. They include (and I'm summing up there -- there's some additional detail): the right to make copies; the right to make derivatives; the right to distribute; the right to publicly perform; the right to display; the right to digitally transmit; the right to claim authorship or deny authorship; the right to prevent intentional mutilation or destruction.

    So please, oh scholar: which section of Title 17 is it precisely that says that copyright holders have an exclusive right to use their works?

    No wait; you've never shown yourself to have any inkling of what this all means, so I'll handle it for you. There is no exclusive right in the copyright holder to use. Anyone can use a work.

    You have to come by the copy of the work that you want to use legally: if not it's a trespass to chattels or a conversion, most likely, since you're messing around with a piece of personal property that someone else still owns. (I'm referring here to the copy; works aren't personal property, nor any other kind)

    You can't copy the work, you can't make derivatives, or distribute it, display it, perform it, etc., subject to numerous numerous exceptions that allow you to depending on circumstances, some of which I've pointed out above.

    But you can sure as hell use it. And § 117 is there to let you make copies of software you own the copy of so that your right to use it is protected despite that you may have to make a copy as a step in using it.

    As for support services, the U.C.C. makes it surprisingly difficult to disclaim a warranty, and pretty easy for one to arise. Tech support seems like an attempt to mitigate harm to the developer since they'll be in a bit of trouble if warrantied software fails to work.

    You mention, incidentally, 'intellectual property.' This was a mistake. There basically is no such thing; at most it is a stunningly confusing way of referring to the related but seperate fields of patent, copyright, trademark, and trade secret law.

    A patent or copyright can indeed be property, I'd argue. At least a limited form of property since it does expire, and since that's due to a Constitutional mandate, it's not subject to a 5th Amendment taking claim. (the Constitution is a single document, you see -- no part of it overrides another part unless it is awfully explicit, e.g. the 21st Amendment)

    A trademark is less likely to be -- it's granted for the protection of consumers, not business.

    And trade secret law is not about any sort of property, it's a facet of unfair competition; spying on someone to learn their business secrets is not a fair way of doing business, so we prohibit the act of spying.

    And of course a mish-mash of Constitutional and state powers are at work in all of these to varying extents.

    But a work itself, such as the text of a novel, as distinguished from the book that the text appears in (which is a copy) and the copyright that applies to that work (which has a lifetime wholly distinct from the work and is evidently not synonymous with it), is not property. It doesn't act like property. If you want to claim that it is, then show me what test I can apply to a brick to know if that brick is property. Then apply that same test to a naked work and see if it comes out the same.

    Certainly the name, which serves merely to make lawyers sound sexier, has nothing to do with the reality.

    The GPL is a license. It's right there in the name, dude.

    When did I say the GPL wasn't a license? I dare you to point to where I said that the GPL wasn't a license. I'll pay you five dollars if you can catch me saying that.

    The GPL does not convey ownership of the software to the end user.

    You're uncharacteristically right again! To quote from the GPL itself, it says this: Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted . . . .

    Thus, the GPL is totally mute on the subject of ownership of a copy. In fact, you could convey ownership of a particular copy and the GPL would be left out in the cold, totally irrelevant.

    It certainly does not indicate that ownership is maintained in anyone, or that ownership or use is contingent on agreeing to the GPL. It says the opposite.

    If it did, the end user would be able to change the terms of the license.

    No. Not at all. Not at fucking all. That would only be true if getting a copy meant getting the copyright. For the millionth time, § 202 is totally clear that owning a copy has nothing whatsoever to do with owning the copyright.

    Now, I might get a CD straight from RMS containing Emacs or something (feh -- I like Pico, though really BBEdit is the best). And I could make a contract with you as a part of my giving you that copy. But the GPL has nothing to do with distributing existing copies, since § 109 says that I have a right as the owner of a copy to redistribute THAT copy however I want. Just as how you can sell your used CDs despite the RIAA hating that.

    Only if I want to do something that I cannot legally do without agreeing to the GPL, such as making a copy of the CD and giving you that new copy, must I ever agree to it. For ordinary use, the GPL might as well not exist; it's got nothing to do with it.

    This is because the original authors of the software (technically, they are the collective 'owners' of it) are exercising their ownership rights by attaching conditions on your license to use it.

    And that goes a long way to explaining why the GPL explicitly states that it only applies to the acts of copying, distributing, or modifying the software. And how it says that it applies to nothing else whatsoever, such as, I don't know, perhaps. . . use? In fact it even says that it doesn't restrict the act of running the software! Furthermore, consider this quote: You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. Which goes out of its way to avoid saying that if you don't agree, you cannot use it along with not modifying or distributing it.

    Christ, this is an annoying conversation. And you say that we've had it before? Amazing.

    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]

    It's so simple. (none / 0) (#208)
    by SPYvSPY on Fri Mar 14, 2003 at 01:34:43 PM EST

    Title 17, Section 202:

    202. Ownership of copyright as distinct from ownership of material object

    Ownership of a copyright, or of any of the exclusive rights under a copyright, is distinct from ownership of any material object in which the work is embodied. Transfer of ownership of any material object, including the copy or phonorecord in which the work is first fixed, does not of itself convey any rights in the copyrighted work embodied in the object; nor, in the absence of an agreement, does transfer of ownership of a copyright or of any exclusive rights under a copyright convey property rights in any material object.
    ------------------------------------------------

    By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.
    [ Parent ]

    So... (none / 0) (#209)
    by SPYvSPY on Fri Mar 14, 2003 at 01:41:00 PM EST

    ...following from my Section 202 post:

    You keep trying to argue that you "own a copy". You don't own a copy. You own the media upon which the copy is manifest. The copy of the copyrighted work is licensed to you. Your use of the copyrighted work is limited by whatever license you get (whether by EULA or by operation of law). Whatever rights you have in the copy of the copyrighted work do not amount ownership. The only thing you own is the media. Your rights with respect to the content on the media are subject to the copyright owner's controls. If you owned the copyrighted work, you'd be able to do with it as you please. You are not able to do with it as you please. Therefore you don't own it. You license it.

    Has this been repeated enough to stick yet?
    ------------------------------------------------

    By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.
    [ Parent ]

    La Ti Doe... (5.00 / 1) (#210)
    by cpt kangarooski on Fri Mar 14, 2003 at 02:37:12 PM EST

    Did you read the definitions in § 101?

    ''Copies'' are material objects . . . in which a work is fixed. . . .

    § 202 clearly establishes that people other than the copyright holder are prone to and may own material object in which the work is embodied, viz. copies.

    You said: The copy of the copyrighted work is licensed to you.

    But between §§ 101 and 202, that's refuted. The copies of the work are inclusive of the media the work is fixed within, which is sensible, since you can't have a copyright on a work unless it has been fixed in something; that's a Constitutional requirement, per 'writings.'

    And as I took great pains to point out, the copyright holder has NO right to control the use of the work. If he did, it would be enumerated. It is not, therefore he has no such right. Once anyone lawfully acquires a copy of a work, it is theirs to use lawfully, just as if I lawfully acquire a car it is mine to use lawfully.

    If you owned the copyrighted work, you'd be able to do with it as you please.

    No one owns a copyrighted work. Works are unownable. One may own a copyright as pertaining to a work, but that is not the same thing as owning the work itself. Only fixed copies of a work, and copyrights pertaining to a work may be owned. I've asked already that if you want to keep claiming that a work, as distinguished from a copy into which it is fixed, and the copyright regarding that work, is property, to prove it is by showing me a test that can be used to determine if any given thing is or is not property.

    At any rate, if I owned the copy of the copyrighted work, I would indeed be able to do with it as I pleased, PROVIDED THAT I DID NOT ACT UNLAWFULLY.

    And this is the case. I went to the bookstore last night, and I bought a book. I own that copy of the book. The law precludes me, for a fixed period of time, from reprinting it, but that's no different than the law precluding me from driving my car in a school zone at a hundred miles per hour. That certain things are illegal doesn't mean that I don't own things. That's just crazy moon talk.

    Has this been repeated enough to stick yet?

    It'll take more than k5 posts to cause me to tell you that you're holding up five fingers.

    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]

    While there... (none / 0) (#211)
    by SPYvSPY on Fri Mar 14, 2003 at 02:57:11 PM EST

    ...isn't anyone that is allowed to speed in school zones in their cars (save for some cops in a hot pursuit), there are plenty of people who can reprint books as often as they like.

    The reason that you cannot reprint the book is that the copyright owner has not granted you that right. (They could if they wanted to.) The reason that you cannot speed in a school zone is a matter of public safety, and no one (except the legislature) is able to grant you the right to speed in a school zone.

    The other argument that you make, 'based' on Section 101, is so specious as to barely warrant a response. You argue that a "copy" is both the media and the copyrighted work. That is not the case. A copy is the media plus an *instance* of the copyrighted work. The fact that a work must be affixed in writing to get copyright protection does not mean that all instances of that work represent the entire bundle of copyright rights. Even if you bought the only printed copy of a novel, that doesn't mean you own the copyright to that novel. In fact, the copyright would remain the property of the author unless the author transferred the copyright to you explicitly.

    You also said that copyright owners have no right to control the use of their work. That is so false, it's almost disingenuous:

    106. Exclusive rights in copyrighted works

    Subject to sections 107 through 121, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following:

    (1) to reproduce the copyrighted work in copies or phonorecords;

    (2) to prepare derivative works based upon the copyrighted work;

    (3) to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending;

    (4) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and motion pictures and other audiovisual works, to perform the copyrighted work publicly;

    (5) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and pictorial, graphic, or sculptural works, including the individual images of a motion picture or other audiovisual work, to display the copyrighted work publicly; and

    (6) in the case of sound recordings, to perform the copyrighted work publicly by means of a digital audio transmission.

    ------------------------------------------------

    By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.
    [ Parent ]

    We covered this ground (5.00 / 1) (#213)
    by cpt kangarooski on Fri Mar 14, 2003 at 06:28:44 PM EST

    The reason that you cannot reprint the book is that the copyright owner has not granted you that right. (They could if they wanted to.)

    Um, not quite. The reason is because Congress has forbidden it. If Congress said 'go ahead' and the copyright holder objected, the copyright holder could kindly go to hell. Private people do not create law.

    By the same token, the government does permit the author to grant permission for others to reprint the work legally -- but again, they could have said that authors cannot, even if an author really wanted to.

    You argue that a "copy" is both the media and the copyrighted work.

    No I did not. A copy is not the work.

    That is not the case. A copy is the media plus an instance of the copyrighted work.

    That's what I've been SAYING.

    fact that a work must be affixed in writing to get copyright protection does not mean that all instances of that work represent the entire bundle of copyright rights.

    § 202 is painfully clear on this. No copies (instances of the work) represent ANY of the copyright rights. A copyright holder can sell every single copy of a work ever created, and be left with nothing... save the copyright, which he never ever sold.

    Selling a copy has no bearing at all on the disposition of the copyright.

    Even if you bought the only printed copy of a novel, that doesn't mean you own the copyright to that novel. In fact, the copyright would remain the property of the author unless the author transferred the copyright to you explicitly.

    Exactly. Except I never said that when I bought Windows XP off the shelf that I was buying the copyright. I said that I was buying THAT SPECIFIC COPY.

    You also said that copyright owners have no right to control the use of their work. That is so false, it's almost disingenuous

    Why did you quote § 106? Well, if you WANT to quote it, that's fine. I see the following exclusive rights: reproduction; derivatives; distribution; public performance (two types); and public display.

    Which one of those is use?

    For example, if I buy a book, which one of those rights prevents me from reading it? If I buy software, which one of those rights, bearing in mind § 117(a), prevents me from using it?

    I keep saying that use isn't anywhere in there, and that it is not limited to the copyright holder, but maybe you'll find something.

    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]

    Buying just a paper? (5.00 / 1) (#123)
    by jup on Wed Mar 12, 2003 at 09:19:54 PM EST

    So, actually, when I buy a book, am I actually buying just a paper it's written on? I always thought I did by my own copy of the text. I can look at that book in the store, decide whenever I like it or not and know exactly what I am getting.

    And, once I have the book, I have pretty much any rights over that copy of the book and, banning creation of other copies and few others, I am free to do whatever I wish with that book, even use it as a toilet paper, and nobody, not even copyright owner, has any right to complain about improper use.
    --
    Two beers or not two beers. That's the question.
    [ Parent ]

    Again... (none / 0) (#163)
    by SPYvSPY on Thu Mar 13, 2003 at 10:02:22 AM EST

    ...do whatever you want with the paper and the ink. But your right to the intellectual property (i.e., the words) is limited by the copyright laws (and other laws, too). You don't own the IP; you have purchased a limited right to use and copy it.
    ------------------------------------------------

    By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.
    [ Parent ]

    Uh huh (none / 0) (#204)
    by cpt kangarooski on Fri Mar 14, 2003 at 02:56:03 AM EST

    Okay, here's how this really works.

    If I purchase something, I own it in full. I can use it to the full extent of the law.

    You're saying that if I cannot legally use something in any way whatsoever, I don't own it at all.

    That's absurd. I don't own a piece of land because zoning laws prevent me from building a nuclear reactor there? I don't own a car because laws prevent me from operating it without a converter? I don't own a computer because laws prohibit me from using it to infringe copyrights?

    Please name something, anything, that I do own.

    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]

    Really? (5.00 / 1) (#143)
    by squigly on Thu Mar 13, 2003 at 04:59:17 AM EST

    The receipt says Windows XP.  The box that it was packaged in says Windows XP.  If I go into a shop and say "I'd like a copy of Windows XP please", they will give me a disc containing Windows XP.  Nowhere did anyone even imply that I am just buying the medium.  

    There is no other business that someone would sell you something, and then claim ownership because you only bought a part of what was in the package.  Why is software different?  The only difference I can see is that it gives a mechanism to request that you agree to a contract before it works.

    [ Parent ]

    Music... (5.00 / 1) (#161)
    by SPYvSPY on Thu Mar 13, 2003 at 09:55:08 AM EST

    ...is the same way. You don't own Norah Jones' songs because you bought the CD. You own the plastic, and you are granted a limited right to use the intellectual property on it.
    ------------------------------------------------

    By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.
    [ Parent ]

    But I already have certain rights (none / 0) (#169)
    by squigly on Thu Mar 13, 2003 at 11:05:59 AM EST

    I have the right to listen to music, and to play a legally acquired copy.  I also have the right to copy sections it for private use.

    These are all rights that I have under copyright.  What have I purchased from the seller?  Surely I own a copy.  

    [ Parent ]

    Yes, you have those rights. (5.00 / 1) (#182)
    by SPYvSPY on Thu Mar 13, 2003 at 01:43:31 PM EST

    But you lack other rights that the owner would have. For instance, are you free to distribute as many copies of the music as you want? No. The owner can do that. That is the owner's right, which you, as purchaser of a copy, do not have. Can you broadcast the music over television or radio channels? No, not without paying an additional license fee. Your rights to use and copy are limited, and therefore, you are a licensee, not an owner, of the music.
    ------------------------------------------------

    By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.
    [ Parent ]

    Didn't think it worked like that. (none / 0) (#198)
    by squigly on Thu Mar 13, 2003 at 08:02:56 PM EST

    I've always understood that you can own a copy, but this is different from owning the rights.  A licence is permission to make a copy.  

    If you own a copy, the law limits your right to make further copies.  The act of copying without permission is illegal, but this does not affect ownership.  You are free to use it (i.e. listen to a CD, read a book etc.) whether you have permission or not.  You are not free to make unlimited copies, not because you don't own it, but because the act of unauthorised reproduction is illegal.

    [ Parent ]

    there's some controversy over this (4.00 / 1) (#63)
    by Delirium on Wed Mar 12, 2003 at 01:52:54 PM EST

    You say that there's no reason someone couldn't have you agree to an EULA for a book, but certain types of EULAs for books have been struck down by the courts. In particular, books used to come with clauses prohibiting resale, which were held to be unenforceable by the Supreme Court in 1906 (the "first sale doctrine"). So there do appear to be certain types of contracts that are not allowed.

    [ Parent ]
    Correct (none / 0) (#100)
    by Danse on Wed Mar 12, 2003 at 06:55:51 PM EST

    Anything in a EULA that directly contradicts the law will be unenforceable. The example used earlier is that even if you agree to a contract that requires you to sell your first-born child, it will not be enforceable since it would be illegal.






    An honest debate between Bush and Kerry
    [ Parent ]
    this is a little different though (5.00 / 1) (#106)
    by Delirium on Wed Mar 12, 2003 at 07:26:00 PM EST

    Preventing you from reselling a book wasn't struck down because it was requiring anything illegal -- it was struck down because the court held that the grant of copyright didn't include the authority to bar reselling. Thus, contract law (at least in the form of an EULA) can't be used to extend copyright authority beyond what's provided by the copyright law. Or at least so the court thought 95 years ago.

    [ Parent ]
    What the hell are you talking about? (4.00 / 1) (#129)
    by dachshund on Wed Mar 12, 2003 at 11:16:35 PM EST

    If people think they're buying something, then they just haven't read the terms, or just aren't very bright.

    If people think they're buying something, then that's because they are buying something. They're buying a copy of a piece of software, printed onto a CD or some other media. This is exactly what customers think is going on, it's what the software reseller thinks is going on, and it's what the software developer thinks is going on.

    Go into CompUSA and ask whether or not you're "buying" that copy of Windows XP in your hand. If he says "no, you're licensing it", ask him/her what license you agreed to before paying your money to purchase a hunk of media. Ask him/her exactly what role the store is playing in this transaction.

    There's no reason that someone couldn't decide to have you sign a contract in order to buy a book from them. They would make you sign before buying because they could not otherwise enforce the contract. In the case of software, they can make sure you "sign" before you use the software, which suits their purposes.

    EULAs on books have been held unenforceable. The logic here has nothing to do with whether the publisher can "enforce" the contract. It has everything to do with the fact that you own the copy that you purchase, and nobody can take away your rights to use it if you fail to agree to an included license.

    If you do choose to agree to the license based on the false premise that you are legally required to do so, then the software company is guilty of fraudulently misrepresenting the facts of the case, and their contract should be unenforceable.

    [ Parent ]

    Copyrights are supposed to serve the public good (4.66 / 3) (#39)
    by FlipFlop on Wed Mar 12, 2003 at 07:30:01 AM EST

    So we should just chuck contract law out the window then?

    I support EULAs to some extent. I just think they should have some limits. We routinely invalidate illegal contracts. If you sign a contract to sell your first born son, the government is not going to enforce that contract.

    If the author wishes to depend entirely on contract law, that's fine by me. She can operate under the same rules as any other contract. But once she tosses the free market aside and claims a copyright on her work, she is negotiating her contract with the government's assistance. Without copyright law, I could create derivative works based on gossip about the original work. Or I could take advantage of somebody else's derivative work. If the author wants me to surrender those rights, she will have to make it worth my while.

    Since the author already has a government granted monopoly on derivative works, I have lost some bargaining power. If the government is going to get involved, it is only fair that it prevent copyright holders from abusing the very power they have been granted.

    Copyrights are supposed to serve the public good. What good are copyrights if authors use them to do the opposite? If authors wish to take advantage of government granted monopolies, they should be prohibited from harming the public good.

    AdTI - The think tank that didn't
    [ Parent ]

    Copyright is only part of it... (none / 0) (#61)
    by Danse on Wed Mar 12, 2003 at 01:45:17 PM EST

    Copyright is something granted by the government, true, but it does not preclude an author from entering into a contract with his buyers with terms over and above what copyright law gives him. If they violate those terms, then they are in breach of contract. Nobody made them enter into the contract. They did it because they wanted access to what the author created. Now, if he had simply published his work, then he would be protected only by copyright law. But, if he refuses to publish his work, and only allows those that enter into a contract with him to have access to it, then that's his right. It wouldn't violate any law that I'm aware of. Obviously though, any part of his contract that conflicts with the law would not be considered binding (e.g. selling your first-born).






    An honest debate between Bush and Kerry
    [ Parent ]
    Preemption (none / 0) (#119)
    by cpt kangarooski on Wed Mar 12, 2003 at 08:36:30 PM EST

    But, if he refuses to publish his work, and only allows those that enter into a contract with him to have access to it, then that's his right.

    True, but there is a substantial policy argument that unpublished works do not deserve copyrights unless they are at least in the process of getting to be published. Protecting a manuscript in progress is one thing; permitting a work to be unpublished, but available to any member of the public that agrees to an adhesive contract is quite different.

    At any rate, other contractual issues may be precluded. If a work was only ever sold on condition that the purchaser could never make use of it outside of the contract terms, nor transfer the copy away, then such a contract would be effectively extending the copyright forever. In such an instance, it would seem that contract law should fall by the wayside to copyright law which would require the work to enter the public domain at the proper time.

    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]

    heh.. (none / 0) (#127)
    by Danse on Wed Mar 12, 2003 at 11:00:11 PM EST

    You may have a point. While unpublished works probably shouldn't be protected by copyright, I'm not sure that that's an area of law that has been settled. As for providing for eternal copyright, Congress seems to be heading that way anyway. I have to wonder if they would even consider that a bad thing :)






    An honest debate between Bush and Kerry
    [ Parent ]
    It has been settled (none / 0) (#137)
    by cpt kangarooski on Thu Mar 13, 2003 at 12:24:31 AM EST

    It's just that Congress really needs to tear that section of the Act out and fix it.

    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]
    That's an interesting question (none / 0) (#176)
    by Control Group on Thu Mar 13, 2003 at 12:41:21 PM EST

    Is intellectual property legally recognized as property before it avails itself of governmental protection?

    I ask because your argument presupposes that intellectual property is like any other form of property prior to be being granted that status by law. I don't know whether or not this is true.

    For example - you're writing the Great American Novel, and accidentally leave your notes/working copy on a restaurant table in Schenectady. A friendly Schenectadian (Schenectadite?) picks it up, in hopes of returning it to you. Before she can find you, however, she reads it. Because it's so good, she is inspired by what she has read, and begins writing her own, similar work. She returns the materials to you as soon as she tracks you down, but the creative seed has been planted. In a muse-inspired fury of literary genius, she pens her own novel, sells it to a publisher, and makes millions.

    Is she legally liable to you for intellectual property theft? She acted in good faith the whole time (she believes her work to be distinct from yours, though you see it as obviously derivative), returning your property to you as soon as she could, not putting off finding you just long enough for her to copy your notes.

    I suppose accidentally leaving your notes out might be considered a form of publishing, though, so let's look at another example. In the privacy of your own home, you leave said notes on your kitchen table one day, with your grand outline on top of the stack. Of course, this is also the day you scheduled the plumber to stop by. He happens to see the stack of papers, and skims the top page while waiting for you to write him a check. Being yet another unknown literary genius, he writes a novel similar in outline to your work-in-progress, and gets it published. Is he liable?

    It seems to me (and, of course, IANAL) that in both cases, if intellectual property is recognized as property before seeking legal protection, then the potential violator is liable. If it isn't, however, then they aren't.

    So the question is whether copyright is granted by the government, or recognized by the government. This is a question to which I don't have the answer, unfortunately...

    ***
    "Oh, nothing. It just looks like a simple Kung-Fu Swedish Rastafarian Helldemon."
    [ Parent ]

    My (4.50 / 2) (#146)
    by CaptainZapp on Thu Mar 13, 2003 at 05:41:47 AM EST

    [...] If you sign a contract to sell your first born son[...]

    You must be one of the very, very few people actually reading those EULA thingies

    [ Parent ]

    Contract law and EULA (5.00 / 1) (#90)
    by pyro9 on Wed Mar 12, 2003 at 05:44:13 PM EST

    I argue that a EULA is NOT a contract so much as it's a hostage negotiation. You've paid for the software (often not refundable), and recieved product in return. Now, the EULA comes in, accept this or don't use the product you've already paid for. A contract is a negotiation between two equal parties where each willingly gives up something in consideration of the others offer. In a EULA, you give up some of your legal rights in exchange for being allowed to use the software that you've ALREADY paid for.

    It's no different than the bully who demands YOUR lunch money in exchange for YOUR book bag. Any finding of validity there isan extreme perversion of contract law.

    Beyond that, MS's case is unique in that they are a monopoly with a history of abusing their position. There are things most businesses can do that monopolists are not (and should not) be permitted. Surely, in a healthy and free market, nobody would hand total control of their system (and the ability to spy on them) to any company.

    The difference between MS and Intuit (for example) is that if Intuit doesn't lighten up on their copy prevention tactics, their customers will flee.


    The future isn't what it used to be
    [ Parent ]
    yes yes (none / 0) (#104)
    by Danse on Wed Mar 12, 2003 at 07:03:48 PM EST

    I did address that in another post






    An honest debate between Bush and Kerry
    [ Parent ]
    back it up (none / 0) (#81)
    by dipierro on Wed Mar 12, 2003 at 04:38:56 PM EST

    Nowhere in there do I see the right to spy on users, change the contents of a user's computer, [...]

    It doesn't matter. Absent a law against spying on users or changing the contents of a user's computer, it is legal to do so.

    or prohibit discussion of the product.

    True. If anything that's part of trademark law.

    Congress does not have the authority to grant these rights

    Sure they do (other than certain First Amendment protected product discussions). Why do you say they don't?



    [ Parent ]
    There are state laws against it (5.00 / 1) (#96)
    by FlipFlop on Wed Mar 12, 2003 at 06:16:49 PM EST

    It doesn't matter. Absent a law against spying on users or changing the contents of a user's computer, it is legal to do so.

    There is a federal law against computer trespassing. Most states also have similar laws.

    Congress does not have the authority to grant these rights

    Sure they do (other than certain First Amendment protected product discussions). Why do you say they don't?

    You want me to back up my statements. Back up your own. Where does congress get the authority to grant copyright holders the right to spy on people?

    The constitution limits congress's ability to grant copyrights. Rights must be for limited times, they must go to the author, they must promote the progress of useful arts, and they can only be exclusive rights to the author's writings. The right to spy on people doesn't seem to comply with these restrictions.

    Even if congress made copyright holders immune to federal computer trespass laws, congress does not have the power to overrule state computer trespass laws.

    AdTI - The think tank that didn't
    [ Parent ]

    Federal law trumps state law (none / 0) (#113)
    by dipierro on Wed Mar 12, 2003 at 08:13:11 PM EST

    It doesn't matter. Absent a law against spying on users or changing the contents of a user's computer, it is legal to do so.

    There is a federal law against computer trespassing. Most states also have similar laws.

    By installing the software (which specifically says what it is going to do) you are authorizing the access. It has nothing to do with the software writer having certain rights, it has to do with your authorization.

    Congress does not have the authority to grant these rights

    Sure they do (other than certain First Amendment protected product discussions). Why do you say they don't?

    You want me to back up my statements. Back up your own. Where does congress get the authority to grant copyright holders the right to spy on people?

    Hmm, how about the 9th Amendment. OK, maybe congress doesn't grant the rights, they merely recognize them, but that's semantics.

    The constitution limits congress's ability to grant copyrights.

    The right to spy has nothing to do with copyright.

    Even if congress made copyright holders immune to federal computer trespass laws, congress does not have the power to overrule state computer trespass laws.

    Wrong. The supremecy clause gives them exactly that power. "This Constitution, and the Laws of the United States which shall be made in Pursuance thereof; and all Treaties made, or which shall be made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the Constitution or Laws of any State to the contrary notwithstanding." [emphasis mine]



    [ Parent ]
    If it's valid... (5.00 / 1) (#131)
    by dachshund on Wed Mar 12, 2003 at 11:28:31 PM EST

    By installing the software (which specifically says what it is going to do) you are authorizing the access.

    If the EULA is held to be an enforceable contract granting authorization. Since EULAs are generally considered matters of local (state) contract law, that's up to the states (hence the software industry's push for state legislation in UCITA.)

    If the EULA is not considered to be an enforceable legal instrument, and is rather a false requirement preventing a user from utilizing purchased software without agreement, then the "authorization" could be considered invalid on the grounds that the agreement is not granted freely, but is coerced.

    IIRC, one of New York's high courts recently handed down a decision gutting the EULA as a legal instrument.

    [ Parent ]

    Not necessarily (none / 0) (#153)
    by dipierro on Thu Mar 13, 2003 at 08:51:23 AM EST

    If the EULA is held to be an enforceable contract granting authorization.

    No. It doesn't matter if the EULA is a contract per se. When I knock on someone's door and they open it and say "come in," that isn't a contract granting me authorization to enter the house. But at the same time, it is a grant of authorization.

    If the EULA is not considered to be an enforceable legal instrument, and is rather a false requirement preventing a user from utilizing purchased software without agreement, then the "authorization" could be considered invalid on the grounds that the agreement is not granted freely, but is coerced.

    It's definately not coercion. There's no threat involved, just a simple deal. You agree to let us use your computer, and we agree to let you use the program.



    [ Parent ]
    Not a good analogy (none / 0) (#171)
    by dachshund on Thu Mar 13, 2003 at 12:08:33 PM EST

    It's definately not coercion. There's no threat involved, just a simple deal. You agree to let us use your computer, and we agree to let you use the program.

    When I knock on someone's door and they open it and say "come in," that isn't a contract granting me authorization to enter the house. But at the same time, it is a grant of authorization.

    It's like putting a piece of tape on the front door of someone's house that says "by breaking this tape you authorize me to come in and steal from your refrigerator." Call it an authorization if you want, but it's hardly voluntary; you're taking someone else's purchased property and telling them that they can't use it until the agree to some arbitrary terms.

    My point is that a) you don't need to break that tape in order to go into your own house, and nobody has the right to sue you if you decide to go in the window, and b) since the agreement is made under duress (agree or sleep on the porch!), it's coercive.

    [ Parent ]

    It's not an analogy (none / 0) (#178)
    by dipierro on Thu Mar 13, 2003 at 01:09:56 PM EST

    It's a proof by example. You tried to claim that an authorization can only come through a contractual agreement. I showed an example of an authorization which did not come through contractual agreement, thereby proving your assertion incorrect.

    It's like putting a piece of tape on the front door of someone's house that says "by breaking this tape you authorize me to come in and steal from your refrigerator."

    No, it's not, because agreeing to allow someone to steal from your refrigerator merely by breaking a piece of tape is unconscionable. Agreeing to allow someone to monitor which websites you view in exchange for using their browser is not. Furthermore, in order to place the tape on the front door in the first place, you have to illegally trespass onto their property.

    Call it an authorization if you want, but it's hardly voluntary; you're taking someone else's purchased property and telling them that they can't use it until the agree to some arbitrary terms.

    What property is being taken? That's exactly the distinction I am making.

    My point is that a) you don't need to break that tape in order to go into your own house, and nobody has the right to sue you if you decide to go in the window

    Absolutely.

    b) since the agreement is made under duress (agree or sleep on the porch!), it's coercive.

    Again, absolutely. Like I said, the authorization doesn't come from clicking "I agree." The authorization comes from you installing software knowing full well what it is going to do. The clicking "I agree" is merely an acknowledgement that you know what it is you are installing.

    As for it being illegal to go in through the window, well, I don't know if the DMCA would apply or not. But the DMCA is irrelevant if it's the software user trying to sue the software maker for computer trespass, which is what I thought we were talking about.



    [ Parent ]
    Not at all (none / 0) (#201)
    by dachshund on Fri Mar 14, 2003 at 12:05:52 AM EST

    No, it's not, because agreeing to allow someone to steal from your refrigerator merely by breaking a piece of tape is unconscionable. Agreeing to allow someone to monitor which websites you view in exchange for using their browser is not.

    "In exchange for using their browser"? That's like Frigidaire granting me the right to use my (already purchased) refrigerator in exchange for letting them come in and steal lunch meat. Nonsense. I don't need to do anything "in exchange" for using a piece of property that I've purchased.

    Any quid pro quo occurs at the time of the transaction; the person who made my refrigerator or sells me my house can ask any price he/she wants; they can even impose legal conditions before it becomes my property. But they can't grant or withhold my rights to use the property after it belongs to me. Similarly, a software company is absolutely free to license their product to me, but they can't force me to grant them additional rights after selling me a copy.

    What property is being taken? That's exactly the distinction I am making.

    No property is being taken; but you are telling people what they can do with their own property.

    Like I said, the authorization doesn't come from clicking "I agree." The authorization comes from you installing software knowing full well what it is going to do. The clicking "I agree" is merely an acknowledgement that you know what it is you are installing.

    First of all, I don't know "full well" what the software is going to demand of me. The terms of the EULA are almost never enumerated on the box, and the Courts do not expect people to divine the nature of a contract/agreement they haven't seen.

    Furthermore, any legal power of a EULA comes from the fact that there is, allegedly, a legal agreement. That agreement, including any authorizations legally do come from clicking "I Agree", not from buying a piece of software that you think might have a EULA. At leasts, that's what

    But I invite you to take your theory to any experienced lawyer in the industry. Tell them that you think the "I agree" is nothing more than an acknowledgment that you know what you're installing, and I think you'll get a pretty swift disagreement.

    [ Parent ]

    re (none / 0) (#207)
    by dipierro on Fri Mar 14, 2003 at 11:37:57 AM EST

    ."In exchange for using their browser"? That's like Frigidaire granting me the right to use my (already purchased) refrigerator in exchange for letting them come in and steal lunch meat.

    I'm sorry. It's not. When you acknowledge the difference between stealing lunch meat and tracking clicks, we can continue this part of the discussion.

    Nonsense. I don't need to do anything "in exchange" for using a piece of property that I've purchased.

    By using a piece of property that you've purchased you "need to" agree that the property is going to work in the way which it says it is going to (at least barring something unconscionable like "product will explode in face upon use").

    Any quid pro quo occurs at the time of the transaction

    There's certainly an argument which can be made that this quid pro quo occurs at the time of the transaction. But this isn't even really a quid pro quo.

    First of all, I don't know "full well" what the software is going to demand of me. The terms of the EULA are almost never enumerated on the box, and the Courts do not expect people to divine the nature of a contract/agreement they haven't seen.

    Aren't we talking about free software here (Kazaa, WiMP, SP3, download accelerators)? I'm not saying you know "full well" what the software is going to do before you download it, I'm saying you know this before you run it.

    Even if you have bought the product though, you certainly have a right to a refund if the product does not conform to the specifications of the product you purchased.

    Furthermore, any legal power of a EULA comes from the fact that there is, allegedly, a legal agreement.

    We're not talking about the legal power of EULAs here. We're talking about spyware/adware and whether or not you can sue the provider for computer trespass. I fully agree with you that EULAs should not be enforcible (at least not when you buy the product from a third party).

    But I invite you to take your theory to any experienced lawyer in the industry. Tell them that you think the "I agree" is nothing more than an acknowledgment that you know what you're installing, and I think you'll get a pretty swift disagreement.

    Legally, according to precedent, it may be more. Depends largely on your state. All I am saying is that clicking "I agree" is at the very least an acknowlegement of what the software is going to do, at least inclusive of spyware/adware. Perhaps there is a binding agreement. Perhaps not. Perhaps you could agree to something more serious, like the destruction of your hard drive. More likely not.



    [ Parent ]
    Getting back on topic... (5.00 / 1) (#133)
    by FlipFlop on Wed Mar 12, 2003 at 11:36:17 PM EST

    By installing the software (which specifically says what it is going to do) you are authorizing the access.

    When you install an MP3 player, you authorize the software to play your MP3s. You do not authorize the software to track your web-browsing habits and report them back to the author. As far as the Computer Fraud and Abuse Act is concerned, exceeding authorized access is the same as gaining unauthorized access.

    The whole point of this thread is that copyright holders should not be permitted to make unethical demands in their EULAs. To say it's okay because they do so is circular logic.

    The right to spy has nothing to do with copyright.

    I guess that's more straight-forward than my argument.

    None of congress's other enumerated powers authorize congress to grant a right to spy.

    Hmm, how about the 9th Amendment. OK, maybe congress doesn't grant the rights, they merely recognize them, but that's semantics.

    So you're saying that spying on other people is an inherent right protected by the ninth amendment? Do you really believe that? That would make all privacy laws unconstitutional.

    Speaking of the ninth amendment, the Supreme Court has recognized an inherent right to privacy protected by the ninth amendment. See Roe v. Wade.

    Even if congress made copyright holders immune to federal computer trespass laws, congress does not have the power to overrule state computer trespass laws.

    Wrong. The supremecy clause gives them exactly that power.

    The federal computer trespass laws can overrule state laws as they apply to interstate commerce. The states still have a tenth amendment right to enforce computer trespass laws as they relate to doctor-patient privilege, state law enforcement, vandalism, and a plethora of other issues.

    Even if congress used the commerce clause and granted software publishers the right to spy on their customers in order to maximize their marketing power, the Supreme Court's ruling in Roe v. Wade would appear to make such a law unconstitutional.

    Of course, even if congress could grant a right to spy, it doesn't change the fact that copyright holders demand other rights which congress cannot grant; such as the exclusive right to reverse engineer.

    AdTI - The think tank that didn't
    [ Parent ]

    answers (none / 0) (#154)
    by dipierro on Thu Mar 13, 2003 at 09:06:05 AM EST

    When you install an MP3 player, you authorize the software to play your MP3s. You do not authorize the software to track your web-browsing habits and report them back to the author.

    I disagree. It is made perfectly clear when you install the software what it does. If you don't like it, don't install it.

    As far as the Computer Fraud and Abuse Act is concerned, exceeding authorized access is the same as gaining unauthorized access.

    Agreed.

    The whole point of this thread is that copyright holders should not be permitted to make unethical demands in their EULAs. To say it's okay because they do so is circular logic.

    I see nothing unethical about spyware, as long as it isn't used to actually steal anything from the user. And no, I don't consider "stealing" information as stealing. Corporate espionage, maybe, that's definately unethical. But tracking clicks isn't, IMNSHO.

    The right to spy has nothing to do with copyright.

    None of congress's other enumerated powers authorize congress to grant a right to spy.

    None of congress's enumerated powers authorize congress to grant a right to pee either. Unless congress or the state acts to take away a right, you have it.

    So you're saying that spying on other people is an inherent right protected by the ninth amendment? Do you really believe that? That would make all privacy laws unconstitutional.

    No. Perhaps it's more the 10th Amendment.

    Speaking of the ninth amendment, the Supreme Court has recognized an inherent right to privacy protected by the ninth amendment. See Roe v. Wade.

    Even if congress used the commerce clause and granted software publishers the right to spy on their customers in order to maximize their marketing power, the Supreme Court's ruling in Roe v. Wade would appear to make such a law unconstitutional.

    I fail to see how Roe v Wade is relevant. You seem to be taking a general principle and then applying it in every single case. Do you want to give me a quote from Roe v Wade?

    According to you, people's right to privacy can not be given up without entering into a binding contract. That's ridiculous. If it were true then I wouldn't be able to download a webpage with someone's personal information on it because that would be unauthorized access which invades someone's privacy. No. By installing and running the webserver they authorize access. Please explain to me the legal difference between the two situations.

    Of course, even if congress could grant a right to spy, it doesn't change the fact that copyright holders demand other rights which congress cannot grant; such as the exclusive right to reverse engineer.

    And it doesn't change the fact that "demanding" something is meaningless.



    [ Parent ]
    Federal gov't tightly restricted (none / 0) (#188)
    by wurp on Thu Mar 13, 2003 at 04:06:47 PM EST

    The constitution carefully enumerates the thing on which the federal government can rule.  Interstate commerce, treason, international relations, and that pretty much sums it up.  It also explicitly states that all else is the right of the state or the people.

    So, barring a new constitutional amendment, what you see in the constitution and the amendments clearly lists what the federal government can regulate, and the fact that it can't regulate anything else.
    ---
    Buy my stuff
    [ Parent ]

    But (none / 0) (#194)
    by dipierro on Thu Mar 13, 2003 at 06:25:01 PM EST

    spying through software you distribute over the internet would most likely fall under interstate commerce.

    [ Parent ]
    Microsoft (4.50 / 2) (#111)
    by Bios_Hakr on Wed Mar 12, 2003 at 07:49:25 PM EST

    OK, we all hate M$, but just bear with me.

    > The right of reproduction
    I have always used a copy of my official Windows disk.  I burn a bootable copy along with the latest security patches and drivers for my system.  Microsoft may not like it, but they don't go after sites that tell you how to do it.

    I haven't had a game disk in years that would work off a copy.  What's worse, they know the protection will be cracked.  It only inconveniences the legit customer.

    > The right to create derivative works
    Microsoft did not try and stop FVWM95, did they?  Do they try and stop people from skinning windows?  Do they go after KDE or GNOME for using a "start" button or a "task bar"?

    > The right to distribution
    The right to distribution lies with the copyright holder.  End of story.

    > The right to performance
    You can show off how windows works on your machine.  You can even use a projector to do a presentation for an entire auditorium.

    > The right to display, and
    Not sure about the diff between this and performance.

    > A digital transmission performance right
    At my company, I have a MS Office server.  I can have any computer on my network install Office from this computer.

    Likewise, I have a Win2k server that serves up windows install program.  Any Win98 user can go to this server and begin a Win2k install.

    My beef with copyright has little to do with software, and everything to do with Music and Movies.

    Look at the box for Disney's Treasure Planet game.  Remind you of anything?  If you said Spelljammer, you win.  Disney has the right to do this.  But if you try to make a derrivative work of TP, Disney will crush you.  Disney is the master of taking derrivitave works and making them Disney Intelectual Property.

    [ Parent ]

    Spyware and popups (4.75 / 12) (#8)
    by NFW on Tue Mar 11, 2003 at 04:39:56 PM EST

    Since you mention the yuckware-laden Kazaa, I can't resist mention of the compatible but yuckware-free product known as Kazaa Lite.

    Ironically, the squatter at www.kazaalite.com (not URLified because you really don't want to go there) complains that my browser stifles his popups. :-)


    --
    Got birds?


    I am sick of this (2.10 / 29) (#14)
    by CaptainSuperBoy on Tue Mar 11, 2003 at 07:37:41 PM EST

    Take it to Slashdot, post it on your Linux blog, whatever. Just get it the hell away from here. Your anti-MS articles are hopelessly ridden with outright falsities.

    --
    jimmysquid.com - I take pictures.
    Such as? [nt] (5.00 / 1) (#18)
    by acceleriter on Tue Mar 11, 2003 at 08:49:54 PM EST



    [ Parent ]
    Random choice (5.00 / 3) (#25)
    by CaptainSuperBoy on Tue Mar 11, 2003 at 10:11:35 PM EST

    Picked from many untruths: If you are connected to the Internet while using Windows XP, the OS tries to contact Microsoft's servers whenever you open a file or program. The purpose of this is to allow Microsoft to see what files or programs you are opening. It doesn't send a copy of the file, but it informs Microsoft of the file name and extension (.exe, .jpg, .mov, .mp3, etc.).

    I don't feel the need to explain this any more- the author made this up. The only basis in fact this assertion could have, is where media player attempts to download a codec when you open a media file it can't interpret.

    --
    jimmysquid.com - I take pictures.
    [ Parent ]

    more (none / 0) (#32)
    by kesuari on Wed Mar 12, 2003 at 03:22:14 AM EST

    Or when you open an unassociated file and say that yes, you want to connect to MS's server and see if they know of a program that can open it. But they do ask first.

    [ Parent ]
    When sending a codec request . . . (none / 0) (#40)
    by acceleriter on Wed Mar 12, 2003 at 07:40:58 AM EST

    . . . does WMP send the name or hash or other indication of the file the user is opening? (This isn't a rebuttal, it's an actual question--I've never sniffed the packets, since I rarely use WMP.)

    [ Parent ]
    Probably not (none / 0) (#44)
    by CaptainSuperBoy on Wed Mar 12, 2003 at 08:58:17 AM EST

    I haven't sniffed the traffic either but I would be surprised if it sent anything more than the name of the codec.

    --
    jimmysquid.com - I take pictures.
    [ Parent ]
    DVDs (none / 0) (#78)
    by swr on Wed Mar 12, 2003 at 04:24:44 PM EST

    I wonder if he's referring to this (which only applies to DVDs)...

    Why is Microsoft watching us watch DVD movies?



    [ Parent ]
    Assuming of course (none / 0) (#93)
    by Crono on Wed Mar 12, 2003 at 05:55:14 PM EST

    That WMP knows the codec you need, eh? What if you have a random media file that WMP has never seen before. Kinda screwed then. Yes, It almost certainly does send some information on the file to the server.

    [ Parent ]
    Maybe just the fourcc code (5.00 / 2) (#105)
    by CaptainSuperBoy on Wed Mar 12, 2003 at 07:12:04 PM EST

    All AVI files have a four letter code attached to each stream indicating what audio or video codec is used. I would be surprised if it sent anything more than that code.

    --
    jimmysquid.com - I take pictures.
    [ Parent ]
    MS and Internet (none / 0) (#97)
    by ender81b on Wed Mar 12, 2003 at 06:23:12 PM EST

    I imagine that is to look for codecs and obviously the author did get a little carried away. But MS does do some really strange things. I am still trying to figure out why my keyboard driver (for my MS wireless keyboard) keeps connecting to the internet every few days.

    [ Parent ]
    Keyboard driver (4.00 / 1) (#140)
    by 0xA on Thu Mar 13, 2003 at 02:34:14 AM EST

    It's looking for an updated version of itself.

    You can shut it off.

    [ Parent ]

    Hrm. (none / 0) (#168)
    by ender81b on Thu Mar 13, 2003 at 11:02:34 AM EST

    That's kindof what I figured. I wonder why it just doesn't use Windows Update for it. Ah well.

    [ Parent ]
    Example? (5.00 / 2) (#20)
    by Viliam Bur on Tue Mar 11, 2003 at 09:05:17 PM EST



    [ Parent ]
    Unmitigated ass alert (5.00 / 1) (#112)
    by tonedevil05 on Wed Mar 12, 2003 at 08:01:49 PM EST

    You are so full of yourself you can't see anything else. You shout about the author making things up but, by your own admission, you haven't sniffed any traffic, you keep saying this is a lie or that is made up, but you don't present any proof just your own acromony. You seem to think it is cool to be the "pro-microsoft guy" in a world of "anti-microsoft guys". I can't say for sure that XP "phones home" everytime you open a file but when I have had computers running XP on my home network it sure initiates a lot of connections to MS, this per my firewall. I haven't inspected these packets any too closely just dumped the XP on my net. How about putting up, shuting up, or at least admit you are expressing your opinion just like the author.

    [ Parent ]
    Will you be quiet now? (4.00 / 1) (#197)
    by CaptainSuperBoy on Thu Mar 13, 2003 at 06:50:32 PM EST

    The following is a windump log. If you trust me not to fake it, you will see that Windows does not in fact phone home whenever someone opens a file. Now please stop stalking me, I don't need a fanboy.

    The command used was windump -l -x -X > windump.txt

    While windump was running I opened wmp9, played a couple of mp3s and a divx movie. I also ran an automated MP3 tagging program (doesn't contact the net on startup), Palm Desktop, and Mozilla (blank home page). I figured if MS would report anything, it would report that I'm using the competition's software.

    I am running Windows XP SP1. The UDP stuff is just my router. Aside from a random code red hit, that is all you'll find in this log.

    18:27:51.780867 IP 192.168.0.1.520 > 192.168.0.255.520:  RIPv1-resp [items 2]: {0.0.0.0}(1) {24.0.0.0}(1)
    0x0000     4500 0048 0123 0000 fe11 3931 c0a8 0001    E..H.#....91....
    0x0010     c0a8 00ff 0208 0208 0034 5f1e 0201 0000    .........4_.....
    0x0020     0002 0000 0000 0000 0000 0000 0000 0000    ................
    0x0030     0000 0001 0002 0000 1800 0000 0000 0000    ................
    0x0040     0000 0000 0000 0001            &nbs p;           ........
    18:27:52.313944 IP paul-home.ne2.client2.attbi.com.137 > 192.168.0.1.137: udp 50
    0x0000     4500 004e 077a 0000 8011 b1c9 c0a8 000a    E..N.z..........
    0x0010     c0a8 0001 0089 0089 003a be59 8079 0000    .........:.Y.y..
    0x0020     0001 0000 0000 0000 2043 4b41 4141 4141    .........CKAAAAA
    0x0030     4141 4141 4141 4141 4141 4141 4141 4141    AAAAAAAAAAAAAAAA
    0x0040     4141 4141 4141 4141 4100 0021 0001         AAAAAAAAA..!..
    18:27:53.813909 IP paul-home.ne2.client2.attbi.com.137 > 192.168.0.1.137: udp 50
    0x0000     4500 004e 077b 0000 8011 b1c8 c0a8 000a    E..N.{..........
    0x0010     c0a8 0001 0089 0089 003a be48 807a 0010    .........:.H.z..
    0x0020     0001 0000 0000 0000 2043 4b41 4141 4141    .........CKAAAAA
    0x0030     4141 4141 4141 4141 4141 4141 4141 4141    AAAAAAAAAAAAAAAA
    0x0040     4141 4141 4141 4141 4100 0021 0001         AAAAAAAAA..!..
    18:27:55.314698 IP paul-home.ne2.client2.attbi.com.137 > 192.168.0.1.137: udp 50
    0x0000     4500 004e 077c 0000 8011 b1c7 c0a8 000a    E..N.|..........
    0x0010     c0a8 0001 0089 0089 003a be47 807b 0010    .........:.G.{..
    0x0020     0001 0000 0000 0000 2043 4b41 4141 4141    .........CKAAAAA
    0x0030     4141 4141 4141 4141 4141 4141 4141 4141    AAAAAAAAAAAAAAAA
    0x0040     4141 4141 4141 4141 4100 0021 0001         AAAAAAAAA..!..
    18:28:23.240298 IP h0030f11433a7.ne.client2.attbi.com.2583 > paul-home.ne2.client2.attbi.com.80: S 1009019162:1009019162(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
    0x0000     4500 0030 f9ae 4000 7806 c873 185b 6798    E..0..@.x..s.[g.
    0x0010     c0a8 000a 0a17 0050 3c24 691a 0000 0000    .......P<$i.....
    0x0020     7002 4000 52d4 0000 0204 05b4 0101 0402    p.@.R...........
    18:28:23.821032 IP paul-home.ne2.client2.attbi.com.3010 > ns10.attbi.com.53:  49+ PTR? 152.103.91.24.in-addr.arpa. (44)
    0x0000     4500 0048 077d 0000 8011 e672 c0a8 000a    E..H.}.....r....
    0x0010     3ff0 4c13 0bc2 0035 0034 c124 0031 0100    ?.L....5.4.$.1..
    0x0020     0001 0000 0000 0000 0331 3532 0331 3033    .........152.103
    0x0030     0239 3102 3234 0769 6e2d 6164 6472 0461    .91.24.in-addr.a
    0x0040     7270 6100 000c 0001            &nbs p;           rpa.....
    18:28:23.890733 IP ns10.attbi.com.53 > paul-home.ne2.client2.attbi.com.3010:  49 1/6/6 (305) (DF)
    0x0000     4500 014d db11 4000 f011 61d8 3ff0 4c13    E..M..@...a.?.L.
    0x0010     c0a8 000a 0035 0bc2 0139 a543 0031 8180    .....5...9.C.1..
    0x0020     0001 0001 0006 0006 0331 3532 0331 3033    .........152.103
    0x0030     0239 3102 3234 0769 6e2d 6164 6472 0461    .91.24.in-addr.a
    0x0040     7270 6100 000c 0001 c00c 000c 0001 0000    rpa.............
    0x0050     0030            &nbs p;                           .0
    18:28:26.181037 IP 192.168.0.1.520 > 192.168.0.255.520:  RIPv1-resp [items 2]: {0.0.0.0}(1) {24.0.0.0}(1)
    0x0000     4500 0048 0124 0000 fe11 3930 c0a8 0001    E..H.$....90....
    0x0010     c0a8 00ff 0208 0208 0034 5f1e 0201 0000    .........4_.....
    0x0020     0002 0000 0000 0000 0000 0000 0000 0000    ................
    0x0030     0000 0001 0002 0000 1800 0000 0000 0000    ................
    0x0040     0000 0000 0000 0001            &nbs p;           ........
    18:28:26.221060 IP h0030f11433a7.ne.client2.attbi.com.2583 > paul-home.ne2.client2.attbi.com.80: S 1009019162:1009019162(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
    0x0000     4500 0030 fc26 4000 7806 c5fb 185b 6798    E..0.&@.x....[g.
    0x0010     c0a8 000a 0a17 0050 3c24 691a 0000 0000    .......P<$i.....
    0x0020     7002 4000 52d4 0000 0204 05b4 0101 0402    p.@.R...........
    18:29:00.681168 IP 192.168.0.1.520 > 192.168.0.255.520:  RIPv1-resp [items 2]: {0.0.0.0}(1) {24.0.0.0}(1)
    0x0000     4500 0048 0125 0000 fe11 392f c0a8 0001    E..H.%....9/....
    0x0010     c0a8 00ff 0208 0208 0034 5f1e 0201 0000    .........4_.....
    0x0020     0002 0000 0000 0000 0000 0000 0000 0000    ................
    0x0030     0000 0001 0002 0000 1800 0000 0000 0000    ................
    0x0040     0000 0000 0000 0001            &nbs p;           ........
    18:29:35.281376 IP 192.168.0.1.520 > 192.168.0.255.520:  RIPv1-resp [items 2]: {0.0.0.0}(1) {24.0.0.0}(1)
    0x0000     4500 0048 0126 0000 fe11 392e c0a8 0001    E..H.&....9.....
    0x0010     c0a8 00ff 0208 0208 0034 5f1e 0201 0000    .........4_.....
    0x0020     0002 0000 0000 0000 0000 0000 0000 0000    ................
    0x0030     0000 0001 0002 0000 1800 0000 0000 0000    ................
    0x0040     0000 0000 0000 0001            &nbs p;           ........
    18:30:09.981537 IP 192.168.0.1.520 > 192.168.0.255.520:  RIPv1-resp [items 2]: {0.0.0.0}(1) {24.0.0.0}(1)
    0x0000     4500 0048 0127 0000 fe11 392d c0a8 0001    E..H.'....9-....
    0x0010     c0a8 00ff 0208 0208 0034 5f1e 0201 0000    .........4_.....
    0x0020     0002 0000 0000 0000 0000 0000 0000 0000    ................
    0x0030     0000 0001 0002 0000 1800 0000 0000 0000    ................
    0x0040     0000 0000 0000 0001            &nbs p;           ........


    --
    jimmysquid.com - I take pictures.
    [ Parent ]

    I'll only gently nudge the dead horse (none / 0) (#206)
    by tonedevil05 on Fri Mar 14, 2003 at 03:31:51 AM EST

    A couple of thoughts:

    First, a bitchy reply to a bitchy post is not stalking. You pissed and moaned up and down the thread, giving your opinion as damning fact. I find that annoying and tried to convey that, end of story. Rest assured you have not made a fan.

    Second, ironicly I actually respect what you have done (it would be in the poorest of taste to suspect you of faking that log, and you can tell that to anyone who does). You provided the discussion with substance, not bile, not opinion, not even speculation, no good solid substance. I have something like that in mind myself, won't get to it till the weekend, yours is good and the first such I saw in this discussion, really, no kidding my hat tips to you.

    [ Parent ]

    theres a reason (none / 0) (#191)
    by phred on Thu Mar 13, 2003 at 05:28:14 PM EST

    you will read negative things about Microsoft. They're just not that nice a company. HTH.

    [ Parent ]
    Excellent article. A few points... (4.85 / 7) (#15)
    by Kasreyn on Tue Mar 11, 2003 at 07:53:40 PM EST

    1.) Zonealarm. Thank you for mentioning this product. I've used it for over 2 years and I can testify to its usefulness. It's not really airtight or top-of-the-line protection, but it is extremely easy to use and configure.

    2.) Palladium. Hmmm... anyone think Kevin Siembieda, of Palladium Books fame (known among some groups as a lawsuit-happy asshole), is lawsuit-happy enough to take on the big MS? Or did he license the use of the word? Or does the fact that DRM and roleplaying games are so different mean he wouldn't have a case?

    3.) Excellent article in ALL respects, and a very good guide to the issues for someone unfamiliar to it. I suggest a rewrite on the title to make it more appealing to the people it should be aimed at - those who don't have any idea what is happening on their own computers.

    4.) "Run an older version of Windows (95, 98, Me, 2000 up to SP2), do not download any security patches, and do not upgrade to Windows Media Player 9."
    Exactly what I've been doing, and excellent advice it is. To those who whine of Win98's instability, might I suggest taking what MS gives you or finding an alternative?

    All in all, great job. I foresee a +1 FP coming from me.


    -Kasreyn


    "Extenuating circumstance to be mentioned on Judgement Day:
    We never asked to be born in the first place."

    R.I.P. Kurt. You will be missed.
    OK, this is paranoid . . . (5.00 / 4) (#17)
    by acceleriter on Tue Mar 11, 2003 at 08:47:22 PM EST

    1.) Zonealarm. Thank you for mentioning this product. I've used it for over 2 years and I can testify to its usefulness. It's not really airtight or top-of- the-line protection, but it is extremely easy to use and configure.

    But do you really think that the folks who wrote the operating system, and particularly, the folks who wrote the operating system's interface with your network card, would have any trouble whatsoever sending out TCP or UDP packets with whatever the hell information they want out of your network interface, completely bypassing the documented IP stack and thus bypassing ZoneAlarm?

    I don't.

    True paranoia requires an external firewall--ZoneAlarm/BlackIce/whatever don't cut it. Check that--true paranoia requires doing stuff you don't want the world to know about (e.g. bestiality pr0n, Quicken, personal diaries) on a machine with an air gap where the network connection would be.

    [ Parent ]

    Not even close (5.00 / 6) (#21)
    by dennis on Tue Mar 11, 2003 at 09:23:01 PM EST

    No, true paranoia means you do your secret stuff on a disconnected laptop running OpenBSD with an encrypted filesystem, using battery power, in a windowless, shielded room, putting the laptop in a really good safe when you're not using it.

    Amateurs.

    [ Parent ]

    I concede :) [nt] (none / 0) (#22)
    by acceleriter on Tue Mar 11, 2003 at 09:26:13 PM EST



    [ Parent ]
    No (5.00 / 1) (#36)
    by Cloaked User on Wed Mar 12, 2003 at 05:43:09 AM EST

    True paranoia means never doing it in the first place.

    No matter how good your precautions, how can you be sure that They won't get to it anyway?
    --
    "What the fuck do you mean 'Are you inspired to come to work'? Of course I'm not 'inspired'. It's a job for God's sake! The money's enough and the work's not so crap that I leave."
    [ Parent ]

    Well, (5.00 / 4) (#101)
    by Keith Harper on Wed Mar 12, 2003 at 07:00:40 PM EST

    They're probably reading your thoughts anyway. Before they send them to your brain, that is.

    [ Parent ]
    Safe? (none / 0) (#107)
    by Bios_Hakr on Wed Mar 12, 2003 at 07:30:29 PM EST

    Why do you trust the company that made the safe?

    I'd say have /home/me on a USB thumbdrive with an encrypted file system.  Have no swap space on the machine.  Have /tmp mounted on a ramdrive.  Carry the thumbdrive with you at all times in one pocket.  Carry a rare earth magnet (from an old hard drive) in your other pocket.  In case of emergency, place the rare earth magnet and the thumbdrive in the same pocket.

    [ Parent ]

    You still need a safe (none / 0) (#215)
    by dennis on Sat Mar 15, 2003 at 11:16:09 PM EST

    Presumably, you need to decrypt your secret stuff from time to time. When you do, you'll be typing your passphrase into some sort of computer. Your risk here is that someone may have installed a keystroke logger in this computer...the FBI broke a Mafia guy's PGP this way. That's why the laptop stays in the safe.

    You could carry your input device around with you as well, you just have to decide whether you're more at risk from safecrackers or pickpockets.

    Incidentally, the magnet may not buy you that much...anyone who might remotely be capable of breaking strong encryption is also going to have hardware for reading erased storage media. For hard disks, one published paper concluded that to be safe, you'd need a magnet at least strong enough to bend the disk platter. RAM isn't necessarily safe either, if it stores the same data for a long period of time...PGP actually has a feature that flips the bits of any keys it holds in RAM, every minute or so.

    That said, if you have your computer in a safe and your thumbdrive in your pocket, it gets even more difficult for Them...

    [ Parent ]

    Not that paranoid (5.00 / 1) (#86)
    by pyro9 on Wed Mar 12, 2003 at 05:24:40 PM EST

    Because of the way networking in windows works, it is possible to bypass firewalls by directly interfacing with the network card driver. Though I don't do windows, it's my understanding that the necessary libraries are available.

    The best firewall (short of the 1 inch air gap method) is a seperate box that only accepts logins at the keyboard, and has as little software as possible installed on it. Various *nix are suitable. For home use, having the firewall on your primary machine is probably good enough as long as you never run as root unless youi have to.


    The future isn't what it used to be
    [ Parent ]
    on Win98 stability... (5.00 / 1) (#31)
    by x136 on Wed Mar 12, 2003 at 02:15:05 AM EST

    Check out 98lite. Gets rid of all the stupid crap that Microsoft installs with Windows and claims are unremovable. I've used the free version. It's pretty nice. Apparently the full version can be used as an installer, so that you can install Win98 without all of the extra crap ever making it to the hard drive.
    --
    hyaku san'juu roku
    [ Parent ]
    Palladium? (5.00 / 1) (#46)
    by Keith Harper on Wed Mar 12, 2003 at 10:03:03 AM EST

    Maybe the London Palladium could sue Microsoft. Or the periodic table. Or better yet, how about the OED? I bet they'd have a strong case.

    [ Parent ]
    Incorrect information (4.00 / 5) (#48)
    by jt on Wed Mar 12, 2003 at 10:52:08 AM EST

    The version of WMP that is included with Windows XP doesn't have the licensing agreement with a 'back door.'  It's Windows update Q320920 that contains the agreement, which is also a part of XP Service Pack 1.

    You have missed a point (4.94 / 17) (#50)
    by Big Dogs Cock on Wed Mar 12, 2003 at 11:40:28 AM EST

    The reason a lot of businesses are unwilling to upgrade to MS software which grants MS rights to their data is because legally they cannot. The easy example of this is the UK DPA (Data Protection Act). This states that, with personal data, only people who need to see that data have access. MS personnel don't come under this. Store personal data on a PC with 2K SP3 on it and you are breaking the law. Similar legislation applies throughout the EU.

    Ignoring personal data, most companies deal with data which their clients would regard as "confidential". My company certainly does. In the contract, there will be a clause stating this. By giving MS access to PCs, a company will not be exercising due dilligence. In short, most businesses cannot legally use this software.

    People say that anal sex is unhealthy. Well it cured my hiccups.
    We have a similar problem in the USA (5.00 / 8) (#57)
    by porkchop_d_clown on Wed Mar 12, 2003 at 01:32:42 PM EST

    Hospitals can't upgrade without violating medical privacy laws.


    --
    You can lead a horse to water, but you can't make him go off the high dive.


    [ Parent ]
    Not to sound like an idiot... (none / 0) (#75)
    by sacrelicious on Wed Mar 12, 2003 at 04:18:05 PM EST

    but how does SP3 violate confidentiality? Seriously, I'm interested, maybe I'll reinstall and only put SP2 on my home windows box.

    Is it related to this?:
    http://bioc09.v19.uthscsa.edu/pipermail/hsc-unix/2002-August/000224.html


    [ Parent ]

    That's it! (5.00 / 2) (#85)
    by pyro9 on Wed Mar 12, 2003 at 05:07:09 PM EST

    That is exactly the reason. You can't claim that a machine is under your administrative control if someone else (who has not entered into the necessary employment of at least confidentiality agreement) has the legal right to modify the system at will.


    The future isn't what it used to be
    [ Parent ]
    But does anybody know (none / 0) (#147)
    by pmgolz on Thu Mar 13, 2003 at 05:57:52 AM EST

    I work for a computer company and this is the first I've heard of this issue. How widely is this information disseminated. I would doubt many hospitals were aware of the consequences of SP3.

    ------
    Enthios
    [ Parent ]
    Feed my Frankenstein (3.14 / 7) (#53)
    by qhill on Wed Mar 12, 2003 at 01:00:08 PM EST

    A good article. A little heavy on the Microsoft bashing, but I can look past that.

    I'm using a minority platform, as the types of companies mentioned above don't bother to jump in bed with me.

    Plus, it feeds into my paranoid delusion that they really are after me, and my lucky charms.


    ---
    The greatest trick the devil ever pulled, was convincing the world he doesn't exist.


    backdoors in free programs (2.50 / 14) (#67)
    by farlukar on Wed Mar 12, 2003 at 02:42:31 PM EST

    Ah... you mean, like, OpenSSH and Sendmail?
    ______________________
    $ make install not war

    STOP! (2.16 / 6) (#114)
    by coryking on Wed Mar 12, 2003 at 08:18:11 PM EST

    STOP MAKING FUN OF OPEN SOURCE OR I'LL MOD YOU DOWN. The only company with security issues is clearly M$. Open Source is perfect in every single way. Jeeeezzz

    [ Parent ]
    Sorry... (1.50 / 2) (#125)
    by John Thompson on Wed Mar 12, 2003 at 10:15:24 PM EST

    farlukar wrote:

    Ah... you mean, like, OpenSSH and Sendmail?

    Sorry, bucko... those were exploits, not "backdoors." Backdoors are intentional, exploits are not.



    [ Parent ]
    Actually, they were backdoored (5.00 / 2) (#132)
    by Ebon Praetor on Wed Mar 12, 2003 at 11:33:22 PM EST

    openssh was compromised in July 2002 and files downloaded from the FTP server or any of its mirrors were affected.  

    http://www.iss.net/security_center/static/9763.php

    sendmail was compromised in the same way in September 2002.  Again, the FTP server was compromised and a trojan was included in the source.  

    http://www.iss.net/security_center/static/10313.php

    So yes, both have been backdoored; neither one was intentionally, and both were corrected, but the parent poster is right: both pieces of software were backdoored.

    [ Parent ]

    Yes and no... (4.00 / 2) (#135)
    by sjl on Thu Mar 13, 2003 at 12:16:48 AM EST

    The original source wasn't backdoored. A copy on the main FTP sites was. And, furthermore, these copies were only backdoored if you built them as root, IIRC. The main code itself was fine -- just the Makefile was modified to include a trojan.

    This is a very fine distinction to be making; you can argue it either way without too much difficulty. But I'd argue that the original source code was not backdoored as such.

    [ Parent ]

    Pardon? (2.50 / 4) (#126)
    by Arevos on Wed Mar 12, 2003 at 10:20:06 PM EST

    I'm not quite sure I get your point. The OpenSSH and Sendmail exploits were not deliberate (how could they be?), just bugs in the code.

    [ Parent ]
    Please document (4.30 / 10) (#68)
    by CaptainSuperBoy on Wed Mar 12, 2003 at 03:30:24 PM EST

    Please document this claim: If you are connected to the Internet while using Windows XP, the OS tries to contact Microsoft's servers whenever you open a file or program. The purpose of this is to allow Microsoft to see what files or programs you are opening. It doesn't send a copy of the file, but it informs Microsoft of the file name and extension (.exe, .jpg, .mov, .mp3, etc.).

    If you need help supporting this claim, I will be glad to run windump while opening a bunch of files on my Windows XP machine.

    --
    jimmysquid.com - I take pictures.

    Totally false. (4.50 / 2) (#103)
    by nstenz on Wed Mar 12, 2003 at 07:02:31 PM EST

    This may apply to WMP, but I'm fairly certain it doesn't apply to the Windows OS.

    I would have voted this story down just for that paragraph.

    [ Parent ]

    Good lord (4.50 / 2) (#141)
    by kimpton on Thu Mar 13, 2003 at 04:10:45 AM EST

    I had to go back to the article in disbelief to check he really had a said that. What a moron. How the hell did this get voted up.....

    [ Parent ]
    Untrue (5.00 / 1) (#184)
    by Gailin on Thu Mar 13, 2003 at 02:13:33 PM EST

    I can verify that this is untrue. I have multiple Windows XP/2000 SP 3 machines on my home network.  I also  log all packets coming in and out of my home network, and have yet to see packets to Microsoft when I open files.  The only communication I see between my network and theirs is when I run WMP or Windows Update.

    G

    [ Parent ]

    I remember (3.80 / 5) (#88)
    by Fon2d2 on Wed Mar 12, 2003 at 05:30:36 PM EST

    doing a lot of research on UCITA when I was in an advanced composition class in college. That thing is BAD.

    A bellyful of righteous fire (4.15 / 13) (#91)
    by Keith Harper on Wed Mar 12, 2003 at 05:52:58 PM EST

    You've really exposed some scandals here. Judging by your baseless speculation, this thing goes all the way to the whitehouse! You must have spent an awful long time digging for sources and hunting down clues. This article contains literally hours worth of regurgitated punditry. If only more people were working to repeat what everyone else already wrote about a year ago, Microsoft would be out of business.

    I wonder why articles like this never get published in the old media. Could it be a conspiracy? Could it be editorial standards? Can anyone link me to a blog which answers this question?

    -1: Malformed (2.00 / 6) (#98)
    by jabber on Wed Mar 12, 2003 at 06:37:58 PM EST

    I read this as an anti-Palladium article, fluffed up for breadth, to avoid anti-anti-Microsoft criticism.

    [TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"

    Could've been better (3.40 / 5) (#109)
    by hans on Wed Mar 12, 2003 at 07:36:49 PM EST

    I'm a bit sad how this got through the queue.  There's a broken link in there for chrissakes!  

    Dear Sweet Mother of Lord (1.64 / 14) (#116)
    by richardo on Wed Mar 12, 2003 at 08:31:26 PM EST

    Go the hell back to slashdot where they reward making shit up. This kind of zealotry makes me physically ill.

    Is this an article about different kinds of spyware and adware, or is this a convenient guise to wank off with your slashdot friends on how evil "M$" is and how cool you are cause you use open source (d00d)? Make up your mind.

    Trhurler once said in the title of his diary: "Socialism will never win because socialists are too stupid to win". I think this fits most Microsoft bashers too.

    M<aking it up (none / 0) (#205)
    by http on Fri Mar 14, 2003 at 03:26:54 AM EST

    erm...umm...What part of the article do you allege to be made up? It held very few surprises for me, and I do not get out much.
    Your vitriolic reply made me wonder, what operating system do _you_ use?
    -- I was once accused of pedanticism, but I responded with "Ahem, pedantry."
    [ Parent ]
    Best poll ever? (3.00 / 2) (#118)
    by srichman on Wed Mar 12, 2003 at 08:33:22 PM EST

    While I understand how folks can argue over whether this article is meritorious, I think everyone has to acknowledge that this is best poll ever on Kuro5hin. I can't wait to see how it turns out.

    Yes, excellent poll, thumbs up :) :) (none / 0) (#166)
    by bsimon on Thu Mar 13, 2003 at 10:40:13 AM EST

    I liked this poll because it was clear which answer I should choose. It's not like those nasty polls where I have to think, and carefully weigh the pros and cons. They make my head hurt.

    Umm... usurp means the same as 'upgrade', right?

    I'm certainly looking forward to having my rights 'usurped' by that nice Mr. Gates, I hope it happens soon.

    you have read my sig
    [ Parent ]

    Put this in the fiction section (4.11 / 9) (#124)
    by interjay on Wed Mar 12, 2003 at 09:46:40 PM EST

    This article is filled with so much false or misleading information that I hardly know where to start. Some examples:

    1. You say Microsoft grants itself unlimited access to the user's harddrive. However, your quote from the license agreement only says MS can check and update the version of Windows and its components, not other software.

    2. Windows Media Player sends information about the CDs you play in order to receive the names of the artist, album, and the tracks. The same is done by most major media players. If you think this compromises your privacy, you can turn it off in WMP's privacy settings (which are automatically displayed on installation).

    3. Your claim that Windows XP sends information about any file or program that is opened is completely unfounded.

    4. It's true that Palladium can be used for DRM and copy protection. However, I don't see how it has anything to do with remote deletion of files or disabling firewalls.

    There is some valid information mixed in between the falsities. Unfortunately, articles such as this can only hurt the credibility of more truthful anti-spyware arguments.

    Actually no (5.00 / 3) (#130)
    by salsaman on Wed Mar 12, 2003 at 11:22:33 PM EST

    1. You say Microsoft grants itself unlimited access to the user's harddrive. However, your quote from the license agreement only says MS can check and update the version of Windows and its components, not other software.

    Actually, that might not be quite true...

    2. Windows Media Player sends information about the CDs you play in order to receive the names of the artist, album, and the tracks. The same is done by most major media players. If you think this compromises your privacy, you can turn it off in WMP's privacy settings (which are automatically displayed on installation).

    Well yes, but it's not true that 'most' major media players do this.

    3. Your claim that Windows XP sends information about any file or program that is opened is completely unfounded.

    See 1.

    4. It's true that Palladium can be used for DRM and copy protection. However, I don't see how it has anything to do with remote deletion of files or disabling firewalls.

    Easy - Office could be altered so that documents could only be read once an MS key is retrieved. MS could easily limit itself to sending that key to only a 'Trusted' OS.

    The fact is, since only Microsoft and certain 'friends' can actually see the source code to Windows, they could be doing anything at all on your computer, without your knowledge.

    [ Parent ]

    Prove MS is called when you open a file or program (5.00 / 1) (#144)
    by bsimon on Thu Mar 13, 2003 at 05:13:23 AM EST

    The Slashdot link you provide (1) fails to refute Interjay's argument (3)

    3. Your claim that Windows XP sends information about any file or program that is opened is completely unfounded.


    See 1.

    The Slashdot story you link to says:

    ...a group in Germany has deciphered the information sent to Microsoft during an update using Windows Update and says that information on all software installed on your computer is sent, even that which is not Microsoft's own software.

    This is clearly not the same as your assertion that:

    If you are connected to the Internet while using Windows XP, the OS tries to contact Microsoft's servers whenever you open a file or program.

    Can you provide a link or some evidence that shows that XP tries to contact Microsoft's servers every time you open a file or program?

    As far as I've heard, the nearest thing to what you describe is Explorer (note: not Internet Explorer), which apparently tries to contact MS when you do a local search - and, I've read somewhere, sends the search term to MS.

    you have read my sig
    [ Parent ]

    OK, I admit point 3 may be an exaggeration (5.00 / 1) (#149)
    by salsaman on Thu Mar 13, 2003 at 07:07:44 AM EST

    OK, I admit I was wrong to back up the original poster's claim in point 3. (I was posting late at night, so I was a little tired at the time). But if you look here, you'll see that there are at least 16 times when XP *does* try to contact MS.

    E.g. 3) File Signature Verification



    [ Parent ]

    I wish you had written this story... (none / 0) (#164)
    by bsimon on Thu Mar 13, 2003 at 10:19:26 AM EST

    ...because you're prepared to politely acknowledge where you've made a mistake, and offer further evidence to support your arguments when you're challenged, unlike the guy who actually did write it.

    I agree wholeheartedly with the general idea that Microsoft is bad, and tends to collect data it shouldn't collect.

    But there are so many obvious factual errors in this story that it weakens the author's case rather than strengthening it. Which is especially sad because there's plenty of evidence out there - there's no need to make stuff up.

    Did the people who voted +1 FP on this actually read it all the way through? Anyone?

    you have read my sig
    [ Parent ]

    Digital Rights? What "Rights"?! (4.60 / 10) (#134)
    by Baldrson on Wed Mar 12, 2003 at 11:48:55 PM EST

    Start with the Bill of Rights before you go presuming there is anything called a "right" under US "law":
    1. There are laws directly regulating speech, and I'm not here referring to slander/libel laws but rather political speech. Enforcement mechanisms include increased probability of IRS audit. There are laws that make it de facto impossible for people to gather together in living experiments, in direct contravention of freedom of religion, if those experiments exclude any people on the basis of genetic endowment -- the origin of ancestral spiritualism of indigenous cultures throughout the world from sub Saharan Africa to Siberia. Enforcement mechanisms include selective administration of EEOC laws against privately held businesses both profit and nonprofit, as well as increased probability of IRS audit.
    2. There are laws directly infringing the right of the people to keep and bear arms for military intent despite the fact that it was clearly the intent of the framers of the Constitution that "bear arms" meant precisely equiped for military intent and "the people" always meant precisely that when mentioned in the Constitution -- "States" being mentioned when intended.
    3. Warrantless searches/seizures are now de facto acceptable policy via a variety of standard practices including obtaining intelligence from foreign intelligence operatives on US soil, under "plausibly deniable" malign neglect of the US government. Also any mandatory reporting of information to the IRS is a de facto demand for private information without probable cause.
    4. Any mandatory reporting of information to the IRS is a de facto demand for self-incrimination enforced by increased probability of audit for failure to testify against one's self.
    5. Prisoners are routinely informed by courts that if they demand their right to a trial that they will suffer greater penalties than those who do not go to trial and plead guilty or no contest.
    6. US courts are routinely and explicitly in contempt of "common law" on the grounds that statutory law overrides common law when, in fact, the 7th Ammendment to the Constitution specifies "common law" and the Constitution overrides statutory law.
    7. Cruel and unusual punishments are now routinely practiced in US prisons.
    8. The US government has routinely interpreted the Bill of Rights to be a enumeration of the rights granted to the people and States rather than an enumeration of rights most likely to be stolen by the government. The over-interpretation of powers granted to the government are so routine that no one even notices that they were never remotely implied by the Constitution.
    9. Just to make sure the government got the point straight about what the first 9 Ammendments to the Constitution meant the framers added a second statement that the powers and responsibilities granted to the government are both enumerated and derived from the sovereignty of the States and people. The government just can't take a hint -- even when explictly stated -- twice.
    So we have one right, the one in the third Ammendment, that may yet still be intact although with the Patriot act all bets are off.

    Just who do these corporations think they are to have any "rights" when the people and States have lost 9 out of 10 of those supposedly "guaranteed" safe from theft by having them explicitly mentioned in the Constitution as likely to be stolen by the government, with the remaining right in question?

    -------- Empty the Cities --------


    nice (none / 0) (#138)
    by j1mmy on Thu Mar 13, 2003 at 02:06:03 AM EST

    That was a really good summary of the sorry state of our Bill of Rights. Flesh it out and write an article!

    [ Parent ]
    Seventh Amendment (5.00 / 1) (#142)
    by The Alien on Thu Mar 13, 2003 at 04:39:22 AM EST

    Ammendment 7: In suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury, shall be otherwise reexamined in any Court of the United States, than according to the rules of the common law.

    I don't see where this says that common law trumps statuatory law. What I see here is provision for a jury in civil matters, in accordance with the common law of the time. Instead of stating that common law trumps statuatory low, it appears to pick out a specific piece of common law and make certain that it is retained in the new system. I admit I am no great constitutional scholar, but I have done a fair amount of reading on the subject and your statement does not seem correct to me.

    [ Parent ]

    Slipstream SP3 (4.00 / 1) (#139)
    by doormat on Thu Mar 13, 2003 at 02:06:07 AM EST

    If you slipstream Win2k SP3 onto a bootable CD (see http://www.nu2.nu), the EULA wont change, and you will not have agreed to let MS look at your computer.
    |\
    |/oormat

    One question... (4.00 / 1) (#145)
    by kralizec on Thu Mar 13, 2003 at 05:19:28 AM EST

    IANAL, but what would happen if I take the installation CD, uncompress and copy to disk by hand and then I'm (somehow) able to make the registry changes necessary to make it run?

    Or if, alternatively, someone has make a (free) installer (which still needs to run with the original disk) that doesn't show me the EULA? Would I still be bound to it?

    If I did that, Microsoft XP (for one) would still be doing its updates and other business even without my authorization, wouldn't they?

    Perhaps you find it almost impossible to get, well, at least it seems so with big programs, but sure there's at least one geek out there who can do it for some (more or less) popular piece of software... would be nice to see it, anyway.

    ---
    Un sot toujours trouve un plus sot qui l'admire

    also covered (none / 0) (#150)
    by pakje on Thu Mar 13, 2003 at 07:15:10 AM EST

    I think that is covered in the license too, in the some form which would mean "you are not allowed to make installers or modify registry."

    [ Parent ]
    Not binding? (none / 0) (#157)
    by kralizec on Thu Mar 13, 2003 at 09:20:41 AM EST

    A license I haven't agreed says I cannot bypass it... but heh, again, I haven't accepted it yet, so why should it be binding? Anyway, I seem to recall that you agree to the license merely by unpacking the product, or the CD at least (some print on the cover page), so there might be a point there.

    ---
    Un sot toujours trouve un plus sot qui l'admire
    [ Parent ]

    Remove the EULA (4.50 / 2) (#159)
    by Cameleon on Thu Mar 13, 2003 at 09:53:46 AM EST

    I did something similar to this for a lot of software I installed. Most installers unpack to the $TEMP$ directory before installing, and then display a 'Welcome to this installation!' screen before showing the EULA. I left this screen standing there, and then ran a script looking for EULA's in the $TEMP$ directory, deleting them if found. Continuing with the installation, I would agree to a blank screen or the statement 'EULA not found' and install the software. Sure, this may not help (much), but if I ever end up in court over a EULA, at least I can say truthfully that not only did I not read it (like everyone else) but I also did not click 'I agree' to it.

    [ Parent ]
    Well... (none / 0) (#165)
    by dipierro on Thu Mar 13, 2003 at 10:27:29 AM EST

    besides the fact that you'd probably be breaking the DMCA, I'd argue you've still authorized Microsoft to do its updates. Clicking "I agree" isn't what matters. Installing the software knowing what it's going to do is what matters. All just my unsubstantiated opinion, of course. I don't think there are any precedents either way.

    [ Parent ]
    Solution = Kids! (4.50 / 2) (#190)
    by reve on Thu Mar 13, 2003 at 05:28:05 PM EST

    In this country (US), minors arn't legally bound by contracts in the same way adults are.  Thus, upon purchasing new software you should give it to a deliquent child in your neighborhood rather than opening it yourself.

    If you have the minor open (shrinkwrap) and install (clickthrough) the offending software, all contracts are rendered null and void.

    Many neighborhood deliquents will perform such services for a little quid pro quo.  If you offer them, say, a pack of cigarettes or a six pack of beer for their services, you can avoid violating your contract -- and therefore breaking the law.

    (er...)
    < - r. m o s q u i t o - >
    [ Parent ]

    Anti-Spyware Alliance? (4.33 / 6) (#148)
    by ShiteNick on Thu Mar 13, 2003 at 06:38:02 AM EST

    I am wondering whether anyone will start to maintain a list of URLs (or regex's) that are related to data-collection by spyware applications.

    Then, it would be easy to write rules for squid to deny access to any of those URLs etc.

    Similary, for non-HTTP TCP data IP-Tables could have a set of dynamically updated (from a shared list, similar to the RBL) rules that deny data being sent outward, without a user's knowledge!

    Ok, I know all of this applies to Linux. But I am thinking along the lines of a Linux-based firewall sitting around protecting you from the monsters on the outside and the "trojans" that have creeped in.

    I mean, realistically, many of us are compelled to use Microsoft Operating Systems, esp. since many workplace rules demand it.

    As a collorary to this - will Linux and Linux users be outlawed one day? Why am I thinking Judege Dredd, Futurama and the like? Hidden societies in a manic world?

    Medication time.

    Linux (5.00 / 2) (#170)
    by CaptainSuperBoy on Thu Mar 13, 2003 at 11:10:29 AM EST

    will Linux and Linux users be outlawed one day?

    Possibly, yes. Although not for the reasons mentioned in this article. Palladium and industry-based trusted computing will not be used to destroy open source. Many of the alarmist myths that people have been spreading about Palladium are just that, myths. A Palladium-enabled computer will not require all your software to be trusted. Also, Windows Longhorn will not require a Palladium computer.

    The hardware industry would never willingly disable stuff like FreeBSD, just look at how many companies use Apache/FreeBSD to host their stuff. Look at all the Fortune 500 companies using Tomcat and Java on a free platform, and tell them that they now have to go back to the days of proprietary UNIX.

    The larger threat to free software is legislation like the CBDTPA from last year's senate. This would require, through the force of law, all computers to only run trusted code. Yes, that would kill Linux at least in the US.

    --
    jimmysquid.com - I take pictures.
    [ Parent ]

    it's hard to imagine (none / 0) (#218)
    by werner on Sun Mar 16, 2003 at 07:47:43 AM EST

    that europe would outlaw linux, seeing as many of our governments are busy investing in it in a hurry to eliminate their dependence on microsoft.

    Some companies may well throw enough money around the Capitol to get linux outlawed in the US, but it's hard to imagine any other country following suit.

    Except that idiot Blair. Still, he probably won't be around for much longer.

    [ Parent ]

    Circulation records. Public libraries. (4.00 / 1) (#156)
    by dsaklad on Thu Mar 13, 2003 at 09:15:26 AM EST

    1.
    How do our North American cities' public libraries protect circulation records with regard to the software companies access to these records?...

    2.
    How do our North American cities' public libraries protect other library records from software companies access to these records?...

    I think... (none / 0) (#158)
    by porkchop_d_clown on Thu Mar 13, 2003 at 09:31:12 AM EST

    that after the famous "Bork confirmation hearings" where Judge Bork's video rental records were made public, that there are now laws in the US making it illegal to release such records without a court order. In particular, I seem to remember that public library records are considered private.

    I *may* be wrong, however, it's been a while since this issue came up.


    --
    You can lead a horse to water, but you can't make him go off the high dive.


    [ Parent ]
    nope, bad government (none / 0) (#174)
    by mister slim on Thu Mar 13, 2003 at 12:31:09 PM EST

    Look here (publisher's weekly) The Patriot Act allows access to patron's library and bookstore records.
    __

    "Fucking sheep, the lot of you. Yeah, and your little dogs too." -Rogerborg
    [ Parent ]

    I had forgotten that. Thanks [nt] (none / 0) (#199)
    by porkchop_d_clown on Thu Mar 13, 2003 at 10:05:26 PM EST


    --
    You can lead a horse to water, but you can't make him go off the high dive.


    [ Parent ]
    The problem... (4.66 / 3) (#167)
    by alyosha1 on Thu Mar 13, 2003 at 10:55:35 AM EST

    ... is that my interests and the interests of my software provider do not always fundamentally coincide. I want my computer to provide me with certain functionality - to communicate with others, do my job, provide entertainment etc. This functionality is provided by software. The software provider's goals, however, might be very different from mine. They might include selling advertising space, controlling distribution of certain information or 'intellectual property', enforcing vendor lockin, basically anything that may contribute to the companies profits.

    So, faced with this conflict of interests, what am I to do? Two approaches suggest themselves.

    1) Choose my software provider carefully. For me, this means generally choosing open source software when possible. This isn't to say that my interests and the interests of the free software developer always coincide (I have this strange affinity to user-friendliness that isn't shared by every OSS developer (though there are many extremely well designed apps out there)), but the I think that generally my goal of 'have software that does what I need it to do' is fairly close to the open source developers motivation of 'write software that scratches my itch, shows what a good programmer I am, etc....'.

    2) Be less picky about software, but control the environment that it runs in. Unix provides this to a certain extent, with the root/user divide, the 'chroot' concept and so on. A simple, flexible way of saying 'install package SpyNGoodies from company FliBiNite, but only allow it access to certain O/S functionality' would be very nice. In practice, however, I guess that this would stop most questionable software from working at all.

    Thoughts, anyone?

    It's not just free software that installs spyware (5.00 / 1) (#172)
    by OneInEveryCrowd on Thu Mar 13, 2003 at 12:09:40 PM EST

    I picked up some spyware after installing the drivers for a new Logitech mouse using the CD that came in the box. It was easily removed using Ad-aware. I double checked to make sure that it was really the driver install that was adding the spyware. I can't understand the rationale for this, the mouse cost $39, it wasn't like I was downloading something for free.

    [ Parent ]
    Build a Server (5.00 / 3) (#173)
    by Nucleus on Thu Mar 13, 2003 at 12:18:38 PM EST

    If you can get your hands on a old computer or have one lying around, then the easiest way to protect yourself from backdoors being opened (The most serious threat mentioned) in your Personal Computer is to setup a server with a firewall between your PC and net connection that is NOT running win2k. Service pack 3 isn't the only thing capable of opening back doors.

    Get your hands on an old P.O.S (Piece of Shit) computer

    Example:
    -Pentium 200
    -32 MB RAM
    -10/100 Hub
    -2 Network Cards (1 Network and 1 Modem if dialup)
    -RJ-45 cables
    Download, or better yet, purchase a copy of Linux, Mandrake is the easiest. Install the default by clicking (Next-->Next-->Etc...)

    Setting up the firewall by closing all ports and allowing internet connection sharing is just a matter of pointing and clicking now-a-days.

    The threat of backdoors, such as found in MS Win2k Service pack 3 are essentially eliminated. Even if your PC has every possible port open, getting through the server firewall is next to impossible. Just plug the RJ45 Cable from the network card in your computer to the hub, then a RJ45 cable from the hub into the server, then plug your server into your cable modem(or dialup if that is the case). As for spyware and adware, be aware of the programs that use them...read about them on the net.


    Socialism for needs, capitalism for wants

    Outgoing connections? (none / 0) (#180)
    by srichman on Thu Mar 13, 2003 at 01:29:29 PM EST

    Setting up the firewall by closing all ports and allowing internet connection sharing is just a matter of pointing and clicking now-a-days.

    The threat of backdoors, such as found in MS Win2k Service pack 3 are essentially eliminated.

    I don't know much about how the yet-to-be-deployed evil Windows update backdoor works, but the Windows Update service on my computer makes outgoing connections only. It periodically polls Microsoft's servers, automatically downloads updates, and informs me when they're ready to install. I could alternatively configure it to install the updates automatically. Note that your posited port-blocking firewall does nothing to stop this. If they shipped Windows with the evil update backdoor threatened in the EULA, then it would be the same thing that Windows Update does now, but without the "my permission" element; your firewall would, again, do nothing to stop it.

    If you wanted to take steps to stop it, you could try instructing your firewall to block connections to the Windows Update server. Unfortunately, Microsoft needn't stick to known servers. They could change the server each time by, for instance, having the server send to your box the (encrypted) address of the server it should connect to next.

    [ Parent ]

    possible solutions on that matter (none / 0) (#185)
    by toop on Thu Mar 13, 2003 at 03:00:47 PM EST

    1) right now in XP you can disable the automatic updater. You can set it up as automatic notifier when updates are available or not let it check at all.

    2) then again you can use Snort or PF/firewall to find it out and block it on the IP way. Or use your own DNS server as 'DNS poison'. All done on a *NIX box, and do not underestimate the simplicity of a Linux floppy distro. No experience is needed.

    Yep, they change the DNS of windowsupdate. Then you install it and do't plug it on the net. If it's not plugged you can research the Windows behaviour on a LAN. The positive side is that this knowledge needs to be investigated only 1 time.

    In any case, it's imo better to not run MS Windows or MS software at all.

    [ Parent ]

    Not so easy. (none / 0) (#189)
    by srichman on Thu Mar 13, 2003 at 05:10:02 PM EST

    1) right now in XP you can disable the automatic updater. You can set it up as automatic notifier when updates are available or not let it check at all.
    I think I mentioned in my post that this is how I currently have it configured. I am quite happy with Windows Update in this configuration. We were discussing the big bad backdoor brother potentiality suggested by the SP1 EULA.
    2) then again you can use Snort or PF/firewall to find it out and block it on the IP way. Or use your own DNS server as 'DNS poison'. All done on a *NIX box, and do not underestimate the simplicity of a Linux floppy distro. No experience is needed.
    These are all things that would have absolutely no effect if Microsoft kept changing the IP of the server your box connected to, as I described in my post.
    Yep, they change the DNS of windowsupdate. Then you install it and do't plug it on the net. If it's not plugged you can research the Windows behaviour on a LAN. The positive side is that this knowledge needs to be investigated only 1 time.
    Firstly, we are nearly at a point where you can't install Windows without being connected to the Internet. You can currently do product activation over the phone, but Microsoft could discontinue that if they so desired.

    Secondly, I don't understand what sort of "investigation" you are suggesting. If you don't know the IP address that the update program will be connecting to next, then the best you can do is try to identify the update request at the application layer. And this doesn't work: I am a firm believer that an adversary can always change his protocol to make it look like another application that you don't filter. This is why there exist "firewall friendly" remote access products that can penetrate firewalls. They tunnel through channels that you allow, such as http and https. An extreme version of this sort of "protocol steganography" is Infranet.

    So, what solutions would work?

    Well, having a firewall much more restrictive than anything you'd want to use would work (e.g., whitelisting sites you can connect to). But that's no fun.

    Installing something on your Windows computer to stop the update requests would work too (e.g., a patch/crack). Nothing new here. If you're keen on MS paranoia, though, you might argue that Palladium will make that impossible by forcing you to have a "correct" software stack running on your machine.

    My point is, if Microsoft wants it make it difficult for you to circumvent this, they can do so so that no magic Linux distribution running on a NAT box can stop it.

    [ Parent ]

    Kids! (4.00 / 2) (#192)
    by redelm on Thu Mar 13, 2003 at 05:33:58 PM EST

    `Scuse me, but how are these EULAs valid when my 13 yo son clicks on them? To his great chagrin, he is not yet an adult and lacks the capacity to enter into a binding contract.

    UCITA isn't doing very well in the State Legislatures. It wasn't reintroduced this year in TX after failing two years ago. And with the ABA against it, it will have an uphill battle.



    We are slowly losing our rights (4.33 / 3) (#193)
    by Orion Blastar on Thu Mar 13, 2003 at 06:12:48 PM EST

    software is just yet another area that we are losing our rights to. The way it is worded, if you even use part of their program, you agree to the EULA. So if you just took out the EXE, some registry file updates, and DLL files and installed the program without reading the EULA you are still subject to the EULA. If your 13 year old clicked on it, you are still subject to the EULA by proxy. Even if "Fluffy" your cat walked on your keyboard and hit "Enter" while the highlight was over the "I Agree" key, you are still subject to it.

    Face it, we are losing our privacy rights. At least with Windows programs we are. Switch to a Mac, Sun, or Linux, or heck even OS/2 to avoid the Windows Spyware.

    I used to use Opt Out if I had an issue with Spyware. But now they have Ad-Aware
    *** Anonymized by intolerant editors at K5 and also IWETHEY who are biased against the mentally ill ***

    Every single one... (3.00 / 1) (#214)
    by SPYvSPY on Sat Mar 15, 2003 at 02:25:46 PM EST

    ..of the exclusive rights of a copyright holder under Section 106 limits the owner of a copy's rights to use the work.

    Owning a copy of a copyrighted work is a colloquialism for possessing a limited right to use. You seem to be working from a definition of "use" that does not include copying, broadcasting, distributing, etc. I wonder what you think use is.
    ------------------------------------------------

    By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.

    Only in a very broad sense (none / 0) (#216)
    by cpt kangarooski on Sun Mar 16, 2003 at 01:27:28 AM EST

    What does it mean to use a book?

    It means to read it, which is not prohibited by § 106. It means to learn from it, enjoy it, glean ideas from it, etc.

    With regards to software, it means to run the software, enter data into it and get data back out.

    You see, these are the things that the ultimate users of these works want. There are people that acquire warez just for the sake of having them, never putting them towards any productive use. But that's rare. Others get these things so as to resell them, such as investors or shopkeepers. But they're not the ultimate users, since they are just a step in the distribution chain, basically. (I've been studying the Internal Revenue Code lately -- not for fun, I assure you -- and it draws similar distinctions)

    Most people get a book so as to read it. Get a movie so as to watch it. Get a CD so as to listen to it. Get software so as to use it.

    Now, the very broad sense that I was talking about earlier is a conceededly inaccurate shorthand that I have sometimes used, NOT in referring to what rights purchasers of copies have, but rather in describing the interest of the public in establishing a copyright system generally.

    That is, copyright is intended to serve the public interest. The public has two interests: One, for the largest number of works, both original and derivative, to be created. Two, to have the full use of them. By which is meant, here and only here, to use them as above, copy them, keep them, create new works based upon them, and obtain them for as low a cost as possible ideally for free.

    But that's not the ordinary definition of use. The ordinary definition of use is the one that was given well above. YOU are the person using a non-standard definition of use. Which would be fine if carefully explained ahead of time and used appropriately, but that isn't happening here.

    --
    All my posts including this one are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
    [ Parent ]

    How to contact Dragomire by email. (none / 0) (#217)
    by dsaklad on Sun Mar 16, 2003 at 07:34:29 AM EST

    How do you contact Dragomire by email ?... Or please ask Dragomire to contact Richard Stallman rms@gnu.org

    Software Vendors Say to Public: "You Have No Rights." | 219 comments (188 topical, 31 editorial, 1 hidden)
    Display: Sort:

    kuro5hin.org

    [XML]
    All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
    See our legalese page for copyright policies. Please also read our Privacy Policy.
    Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
    Need some help? Email help@kuro5hin.org.
    My heart's the long stairs.

    Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!