Related
EVERYONE need to read this thread in the link below, please post this other threads related to this, BTW it discusses that this is James Young is a HOAX read the last couple of posts
http://forum.xda-developers.com/showthread.php?t=492330
Admins: Just talked with Microsoft being my profession and this was not sitting good with me since it was missing A. a contact phone number and for these cases it must also contain a Digital Signature with that being said they said it is fraud, I gave them the link here and they verified that they do not have a James Young employ and that the email extension [email protected] is not valid furthermore they said on there notices they will also have a phone number for the person(s) to call and correspondence is done through written. I will be receiving an email with the case number and contact information for the antipiracy case manager who verified the information and will forward it to the Admins here and at PPCGeeks as well. If one one the Admins here can PM there email addy so I can send the email to them for future verification on these types of notices.
Click to expand...
Click to collapse
More info on the Ms Hoax please pass this info along to all sites and admins...
http://pocketnow.com/index.php?a=portal_detail&t=news&id=7041
Microsoft Impersonator Sends Fraudulent Letters, Disrupts Community
Posted by Chuong Nguyen
March 13th, 2009 at 02:53 PM
It turns out that there may be an impersonator lurking around disrupting Windows Mobile communities. In response to an article that was posted this morning about Microsoft demanding that Windows Mobile 6.5 ROM images that were cooked unofficially be taken down, our own Microsoft MVP Adam Z. Lein spotted that the guy responsible for the letter to XDA-Developers may be a fraud, as was posted on PPCGeeks.
A similar hoax had occurred before at msmobiles in regards to Windows Mobile 6.5 screenshots. In the cease and desist letter to msmobiles, the gentleman claiming to be with Microsoft's legal department asked the site to remove screenshots of the forthcoming operating system
. The letter was sent after Microsoft had publicly announced and shown the very screenshots at Mobile World Congress 2009. According to msmobiles: "In any case, if it is genuine action on behalf of Microsoft, it is a case of extreme incompetence that this guy is showing because he is requesting removal of pictures of something that has been officially announced few days earlier." It should also be noted that pocketnow.com had posted screenshots and news of Windows Mobile 6.5 before, during, and after Microsoft's Mobile World Congress announcement and we did not receive a cease and desist letter.
The community over at msmobiles performed some additional investigations and found that the gentlemam, James Young, sent emails originating from IP addresses in London and not from Microsoft's corporate headquarters in Redmond, Washington, leading many to believe that he is not connected with the software giant. Additionally, emails were sent from [email protected], and not at a "@microsoft.com" email address.
Whatever the case may be, other forum members in our original post here at pocketnow.com made mention that only the Windows Mobile 6.5 cooked ROM made by ROM chef Da_G was affected and 6.5 ROMs for other HTC-made devices were seemingly okay.
i only hope it is a hoax
I f you read the links I posted you will see that some users and some who work for M$ verified that it was a hoax...
Thanks for this.
It has been raised in the Moderators Forum.
I'll closed this thread now because there are a few of them floating around, might as well keep the discussion focused.
Might I suggest that if this is found to be a hoax, the site admin (or a moderator maybe) will let you know. We would appreciate it if anyone who has had a takedown notice by the admin adears to it until further notice from xda.
Regards,
Dave
I'll re-open this thread for discussion.
Can I request that if Flar removed your ROM images / links that you do not re-add them until you here from Flar (or maybe a moderator).
The takedown notice for those images may be genuine.
Thanks
Dave
thank you Dave,
question, since this has affected several hosting sites, what would be the best way to get them to re-think there decisions ? To me I think is not going to be a easy task to do since they are now very unsure of where they stand..legally that is..I doubt the M$ is going to come right out and tell them "all is well"
Who ever this guy is..he hit a very tender spot and if it was not for a minor slip up this may not have been nipped in the bud as quick as it was..
I have unlimited bandwidth and file space to host...
I am just unsure of the "legality" of ROM images in the US on a file server.
If they are considered legit, and do not contain any illegal software in the ROM image itself, I would be more than willing to host on my 100MBit web server.
What a p*ss take but to be honest someone should have noticed the extension on the email address!!! Or even checked into it... "Just want to clarify not pointing the blame @ anyone"
I know now XDA has to do there research on this and comply with any thing that has happened till the all clear is called.
Just shame the ammount of disruption this has caused to chefs and users alike....
With regards hosting sites i think that they will be fines as i imagine the flagged ROMs were reported by the offender and most hosting sites do not have enough time to check every upload to there servers....
Not sure i got anything else to say except lets all get back to usual.....
stylez said:
With regards hosting sites i think that they will be fines as i imagine the flagged ROMs were reported by the offender and most hosting sites do not have enough time to check every upload to there servers... I have personally had to initiate a DMCA, send it, and follow up with individuals before, as well as removing illegal material from some of the websites our current and former clients have hosted.
Not sure i got anything else to say except lets all get back to usual.....
Click to expand...
Click to collapse
I can speak to that since I am a partner with a game and web hosting company. We do look at the individual files on the box to determine if the reported apps or media violates either our Terms of Service or any copyright laws. We also check into each "report" we get to determine if the report is legitimate, and we do investigate IPs and domains, to determine if they are valid.
In our arena, we do get gaming guilds who pretend to be official companies who try to get us to take down a competitors site or server.
We have also used copyright DMCA ourselves, and we do send email notification, but ONLY after a written certified letter is sent. The email is sent to the listed contact of the company and contains a copy of what was sent via certified mail.
We do this since we normally engage in unofficial conversation if someone has used our copy-righted material to save us money, as most of the time they use it without knowing they can't.
As far as the DMCA goes, we can send notice using our own attorneys, but we HAVE to hire local counsel to serve any legal action notice if we end up going that route. However, we do have a choice of mediation and litigation clause which allows us to use the laws of and conduct legal activity in the state our company is registered in. MS would have to do the same thing.
so when will roms be back? will everyone have to re post them therselves?
If it's truly found to be a hoax, I'd sure hate to be "James Young", or whatever his real name is. He may quickly become the target of thousands of hackers. I would imagine with the combined power of everyone effected, he could find himself with:
An Empty Bank Account
Homeless
Late Vehicle Registration/Stolen Vehicle
On the FBI's Most Wanted List/On MI6's Most Wanted List
His Face In Porn Movies/Beastiality Movies
A Failed Drug Test at Work
On People Magazine's Worst Dressed List
etc, etc...
More info from another thread.
By Dereth
this guy obiously has no life....
he sends these to the pirate bay all the time:
http://static.thepiratebay.org/ms-loveletter.txt
and read this email at the bottom it states the copyright on the email.
http://static.thepiratebay.org/sega_mail.txt
"IMPORTANT: The contents of this email and attachments are confidential
and may be subject to legal privilege and/or protected by copyright.
Copying or communicating any part of it to others is prohibited and may
be unlawful. If you are not the intended recipient you must not use,
copy, distribute or rely on this email and should please return it
immediately or notify us by telephone. While we take every reasonable
precaution to screen out computer viruses from emails, attachments to
this email may contain such viruses. We cannot accept liability for loss
or damage resulting from such viruses. We recommend you carry out your
own virus checks."
Click to expand...
Click to collapse
Tell ya what this guy been everywhere!!!
Last month, Ars reported that Microsoft's Windows Media Audio (WMA) digital rights management protection had been cracked, and a program called FairUse4WM had been written that would strip DRM data from purchased audio files. Microsoft was aware of the workaround, but did not seem too concerned, merely stating that "we designed the Windows Media DRM system to be renewable, so that if such events occur the system can be refreshed to address them." Now it seems that the company has gone a little further than that, sending out cease and desist orders to web sites hosting the FairUse4WM program. According to the owner of the web site BG4G, the orders came in via e-mail.
The notices are of a standard boilerplate format, claiming that the sites are "offering unlicensed copies of, or is engaged in other unauthorized activities relating to copyrighted works published by Microsoft." The copyrighted works are Windows Media Player 10 and 11, and the unauthorized activities are listed as "offering 'Cracks' or 'Product Keys', intended to circumvent technical measures that control access to Microsoft's copyrighted works and that protect Microsoft's copyrights in those works."
The "Demand for Immediate Takedown" e-mail comes from a James Young, "Internet Investigator," who claims to be acting on behalf of Microsoft Corporation. The interesting thing about the e-mail is that it makes no mention of the DMCA, which is the one law that would make FairUse4WM (which does not contain any copyrighted code, portions of Windows Media Player, nor any copyrighted music files themselves) illegal. The DMCA contains provisions against programs that attempt to circumvent copy protection. It also provides a "safe harbor" for Internet Service Providers and web hosts that take down files in a certain amount of time (usually 10 to 14 days) after a warning letter has been received.
The DMCA is a US invention and applies only in the United States, but many companies have attempted to use it outside their country's borders. The notice advising web sites to take down the FairUse4WM program came from the domain Microsoft-Antipiracy.com, which according to DNS records belongs to Microsoft but is actually administered by the ISP Nildram Ltd, which is based in the UK (the web site itself redirects to a page on microsoft.com).
Microsoft has not commented on the takedown notices, but they would be consistent with the sorts of notices given to web sites hosting cracks for other media-related copy protection. In the case of FairUse4WM, the problem may be somewhat more urgent from Microsoft's perspective, as the subscription-based model used by many DRMed WMA online music stores allows downloading an unlimited number of songs, but they can only be listened to for as long as the subscription is active
Click to expand...
Click to collapse
More reading regards this:
http://jamesholden.net/2007/04/25/microsoft-didnt-issue-takedown-notices-for-fairuse4wm/
Tell you what though there is a hell of alot of letters and some of them going back as far as 2004 from what i'm reading lets hope that XDA can nip this in the but...
this is all nice to be a freelance paid by M$ or ? black M$ funds haha. its way back to .... that this guy is scaring on the inet for them . SO XDA WHAT WILL BE RESPONSE TO ALL CLOSED THREADS
edit : i want my thread back restored from backup hehe red lines removed . WHEN ?
Use common sense, people! (Admins mainly)
IF Microsoft would have sent any of such letters, it would require you to remove ALL of their products, not just one - isn't it obvious?
I cannot imagine msoft asking xda to remove anything WM6.5 related, but not mentioning WM6.1 and WM6.0 ROMs and files
It's like Sony would have ask i.e. The Pirate Bay in a C&D letter to remove links to just 1 movie torrent and not mention links to all other Sony-owned movies present there.
I don't think it ever happened that way.
And letter coming from microsoft-antipiracy.com ? That's a no brainer LOL! It's as credible as if it would have come from microsoftsucks.org
Sure it's a hoax.
You've been pwnd
http://who.godaddy.com/WhoIs.aspx?domain=microsoft-antipiracy.com&prog_id=godaddy
http://msmobiles.com/news.php/8059.html
http://pocketnow.com/index.php?a=portal_detail&t=news&id=7041
http://www.chillingeffects.org/dmca512/notice.cgi?NoticeID=4780
http://brian.carr.name/mscompln.htm
F2504x4 said:
More info from another thread.
By Dereth
this guy obiously has no life....
he sends these to the pirate bay all the time:
http://static.thepiratebay.org/ms-loveletter.txt
and read this email at the bottom it states the copyright on the email.
http://static.thepiratebay.org/sega_mail.txt
"IMPORTANT: The contents of this email and attachments are confidential
and may be subject to legal privilege and/or protected by copyright.
Copying or communicating any part of it to others is prohibited and may
be unlawful. If you are not the intended recipient you must not use,
copy, distribute or rely on this email and should please return it
immediately or notify us by telephone. While we take every reasonable
precaution to screen out computer viruses from emails, attachments to
this email may contain such viruses. We cannot accept liability for loss
or damage resulting from such viruses. We recommend you carry out your
own virus checks."
Click to expand...
Click to collapse
Click to expand...
Click to collapse
Interesting... the confidentiality notice is often a sub mail server attachment, meaning its attached to the email as it leaves the companie's mail servers, not when it leaves the users outbox... There are universal clauses out there, but since this one matches pretty much 100% it would be safe to say that the company James Young mailed it from and this company are one and the same, or connected through a parent or something like that. Here is the one that my company attaches once the emails leave our intranet and go out:
This message w/attachments (message) may be privileged, confidential or proprietary, and if you are not an intended recipient, please notify the sender, do not use or share it and delete it. Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of <removed>. Subject to applicable law, <removed> may monitor, review and retain e-communications (EC) traveling through its networks/systems. The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or error-free. This message is subject to terms available at the following link:
Click to expand...
Click to collapse
James probably worked there at the same company that sent the sony notice and got fired, so he's taking it upon himself. Maybe he got served a notice, and got mad that everyone else has it so he is sending out notices himself as a revenge plot... who knows... he has issues thats all.
Good news for xda developers :
http://www.duttythroy.net/component...crosoft-and-htc-say-ok-to-xda-developers.html
http://tweakers.net/nieuws/59043/microsoft-xda-developers-illegaal-maar-we-pakken-ze-niet-aan.html
Thanks and regards
This is a continuation of this thread: http://forum.xda-developers.com/showthread.php?t=567870, which covered cracking the original "basic" copy protection of Marketplace.
---
I have now cracked the "advanced" copy protection used by Marketplace. As you may know, this is a "better" protection than the original "CAB copy protection" Marketplace offered. This "advanced" protection uses license keys that are verified when you run the application, and given out and controlled by Microsoft.
Several developers are annoyed that Microsoft does not allow us to use our own licensing schemes, and are forced to use "no protection" (the original CAB copy protection) or use Microsoft's scheme which is essentially a single point of failure for all Marketplace protected apps.
This new "advanced" protection was released today by Microsoft, and as far as I know no app available already uses it at the time of this writing.
So I got the code snippets you are supposed to put in your app and it was simply jawdroppingly WTF. While it was not exactly easy to beat, it took me less than two hours to devise a "generic" hack, without modifying any files on the device. (Well hey, at least it's better than the 5 minutes it took for the "basic" protection, right?)
A "generic" hack? Yes, by this I mean that this single hack (actually, running an EXE in the background) will completely bypass the entire code snippet provided by Microsoft that is supposed to check and validate your license code, for all Marketplace apps that use this "advanced" protection.
I will not publish the code that performs this hack, so don't ask. My goal is not to crack Marketplace apps, my goal is to get MS off their ass and allow us to use our own licensing systems, like the good little resellers they're supposed to be. I will tell you that it has to do with runtime patching the crypto API, but that's it. All in all, I don't think it will take long for the warez people to duplicate this hack.
---
Some further reasoning about anti-piracy, solutions, etc can be found in post 13 on page 2.
if there are no apps that use it yet, how do u know your hack works?
Because the Marketplace portal provides code ("code snippet") you have to compile in your EXE, and that takes care of the whole licensing thing.
So you look at that source, spot the weak points, devise a hack. Then compile a program using said "code snippet" and try the hack on it.
If developers simply copy/paste the snippet they are given by the Marketplace portal, this hack will work.
Chainfire said:
This is a continuation of this thread: http://forum.xda-developers.com/showthread.php?t=567870, which covered cracking the original "basic" copy protection of Marketplace.
---
I have now cracked the "advanced" copy protection used by Marketplace. As you may know, this is a "better" protection than the original "CAB copy protection" Marketplace offered. This "advanced" protection uses license keys that are verified when you run the application, and given out and controlled by Microsoft.
Several developers are annoyed that Microsoft does not allow us to use our own licensing schemes, and are forced to use "no protection" (the original CAB copy protection) or use Microsoft's scheme which is essentially a single point of failure for all Marketplace protected apps.
This new "advanced" protection was released today by Microsoft, and as far as I know no app available already uses it at the time of this writing.
So I got the code snippets you are supposed to put in your app and it was simply jawdroppingly WTF. While it was not exactly easy to beat, it took me less than two hours to devise a "generic" hack, without modifying any files on the device. (Well hey, at least it's better than the 5 minutes it took for the "basic" protection, right?)
A "generic" hack? Yes, by this I mean that this single hack (actually, running an EXE in the background) will completely bypass the entire code snippet provided by Microsoft that is supposed to check and validate your license code, for all Marketplace apps that use this "advanced" protection.
I will not publish the code that performs this hack, so don't ask. My goal is not to crack Marketplace apps, my goal is to get MS off their ass and allow us to use our own licensing systems, like the good little resellers they're supposed to be. I will tell you that it has to do with runtime patching the crypto API, but that's it. All in all, I don't think it will take long for the warez people to duplicate this hack.
Click to expand...
Click to collapse
amen
hallelujah
hit me now
YEAH
have given the issue some press : http://www.1800pocketpc.com/2009/11/13/marketplace-advanced-copy-protection-cracked-in-less-than-2-hours.html
anti-piracy protection is intended to stop ordinary users from transferring cabs between devices and it is successful at that. there is no protection that will stop apps from being pirated, certainly not for handheld devices. the new advanced protection is adequate and any further techniques are redundant and a waste of time, because no matter how 'strong' they are, they WILL be cracked.
Slightly if not totally off-topic: A mainstream consumer's view
mnet said:
anti-piracy protection is intended to stop ordinary users from transferring cabs between devices and it is successful at that. there is no protection that will stop apps from being pirated, certainly not for handheld devices. the new advanced protection is adequate and any further techniques are redundant and a waste of time, because no matter how 'strong' they are, they WILL be cracked.
Click to expand...
Click to collapse
I agree with you and your premise. Now a quick story.
I consider myself a mainstream consumer... but I have been a member of XDA for, what, i think 4 years, using 2 WM phones, first the T-Mobile MDA, then the Wing (HTC Herald), and I am about to switch to Android with the HTC Hero. I am reasonably savvy about tech, just not a coder. But I've done all the hard SPL, flashing ROMS, using beta software, and supporting developers here with pretty significant donations. I am also a User Experience / Usability designer for web as a profession. THAT'S MY BACKGROUND.
To date, my experience buying WM apps has been universally AWFUL. Whether it was, just recently, Resco Picture Viewer from PocketGear, or WM Defrag from Wizcode, or PocketPlayer from Conduits. I am more than happy to buy excellent software that works, and has a decent UI. But in each case, the process of buying the app and getting it onto my phone has been absurd, and frustrating beyond belief. Each provider makes all sorts of assumptions -- often wrong -- including "you must be downloading this from a PC, so we will download for you an executable that runs on a desktop PC then installs via active sync onto your device."
Whatever the percentage is, doesn't matter: A lot of people, like me, download all my cab files, and purchase apps, on my Mac... and either email myself the .cab file or .zip files, or place my microSD card from my phone into a USB reader. Thus, what a frikkin headache to end up getting PocketPlayer on my phone... but because i didn't download it from a Windows PC, I was screwed.
This stuff is archaic. This past week it has taken 5 days to get Resco Picture Viewer on my phone after purchasing from PocketGear.com . They have a completely retarded transactional process, a terrible UI, broken software in terms of user recognition and resetting username and password, and a completely phone-UNFRIENDLY site, with most sub-level menus not even accessible from browsers like Opera Mobile, Netfront, Iris ... They are dumbass pull downs using god knows what -- flash or javascript, whatever. But fact is: a simple navigation process to access the products on the phone itself can't even be achieved by these clowns -- yet everyone is in overdrive now trying to get their version of "THE" WindowsMobile app store online, while Microsoft stumbles.
The fact is: I would LIKE to see a uniform transaction process which is designed professionally, and supports great usability design, and once I buy the app, quit making me go through absurd backflips just to get access to the cab file. Stop requiring me to use a Windows PC. And stop all the "special OUR way" authentication processes. Because if they were so good, there wouldn't be the kind of problems I have described. I'll even grant anyone who wants to -- to say "well you're just a dumb**** user who doesn't understand their particular process"... I'll grant you that, and my answer would be:
If you plan to sell a lot of apps -- ie, make money via VOLUME transactions vs pricey apps -- a la iphone -- then it makes a hell of a lot of sense to make a uniform system of delivery if you're buying it through an app store, and for god's sake, cut the crap and figure it out. It's not so hard to send an authentication code via email or text message. But it's exactly WRONG to be having 1000 developers using 1000 special "our way" authentication processes, because the odds of 1000 app developers having a great, simple, effective UI and safe authentication system that prevents priacy of their app is pretty low, based on the experiences I have had to date with MAINSTREAM products for WM.
That's my view. But I see a whole lot of clumsiness from the Windows Mobile side of the fence pertaining to this whole new way of monetizing apps. There's a reason apple succeeds in that department -- even with their bloated catalog and draconian approval processes. They understand how to deliver products to consumers -- vs repelling them from a dumbass process, no matter how good that process may be in theory.
quicksite said:
I agree with you and your premise. Now a quick story.
I consider myself a mainstream consumer... but I have been a member of XDA for, what, i think 4 years, using 2 WM phones, first the T-Mobile MDA, then the Wing (HTC Herald), and I am about to switch to Android with the HTC Hero. I am reasonably savvy about tech, just not a coder. But I've done all the hard SPL, flashing ROMS, using beta software, and supporting developers here with pretty significant donations. I am also a User Experience / Usability designer for web as a profession. THAT'S MY BACKGROUND.
To date, my experience buying WM apps has been universally AWFUL. Whether it was, just recently, Resco Picture Viewer from PocketGear, or WM Defrag from Wizcode, or PocketPlayer from Conduits. I am more than happy to buy excellent software that works, and has a decent UI. But in each case, the process of buying the app and getting it onto my phone has been absurd, and frustrating beyond belief. Each provider makes all sorts of assumptions -- often wrong -- including "you must be downloading this from a PC, so we will download for you an executable that runs on a desktop PC then installs via active sync onto your device."
Whatever the percentage is, doesn't matter: A lot of people, like me, download all my cab files, and purchase apps, on my Mac... and either email myself the .cab file or .zip files, or place my microSD card from my phone into a USB reader. Thus, what a frikkin headache to end up getting PocketPlayer on my phone... but because i didn't download it from a Windows PC, I was screwed.
This stuff is archaic. This past week it has taken 5 days to get Resco Picture Viewer on my phone after purchasing from PocketGear.com . They have a completely retarded transactional process, a terrible UI, broken software in terms of user recognition and resetting username and password, and a completely phone-UNFRIENDLY site, with most sub-level menus not even accessible from browsers like Opera Mobile, Netfront, Iris ... They are dumbass pull downs using god knows what -- flash or javascript, whatever. But fact is: a simple navigation process to access the products on the phone itself can't even be achieved by these clowns -- yet everyone is in overdrive now trying to get their version of "THE" WindowsMobile app store online, while Microsoft stumbles.
The fact is: I would LIKE to see a uniform transaction process which is designed professionally, and supports great usability design, and once I buy the app, quit making me go through absurd backflips just to get access to the cab file. Stop requiring me to use a Windows PC. And stop all the "special OUR way" authentication processes. Because if they were so good, there wouldn't be the kind of problems I have described. I'll even grant anyone who wants to -- to say "well you're just a dumb**** user who doesn't understand their particular process"... I'll grant you that, and my answer would be:
If you plan to sell a lot of apps -- ie, make money via VOLUME transactions vs pricey apps -- a la iphone -- then it makes a hell of a lot of sense to make a uniform system of delivery if you're buying it through an app store, and for god's sake, cut the crap and figure it out. It's not so hard to send an authentication code via email or text message. But it's exactly WRONG to be having 1000 developers using 1000 special "our way" authentication processes, because the odds of 1000 app developers having a great, simple, effective UI and safe authentication system that prevents priacy of their app is pretty low, based on the experiences I have had to date with MAINSTREAM products for WM.
That's my view. But I see a whole lot of clumsiness from the Windows Mobile side of the fence pertaining to this whole new way of monetizing apps. There's a reason apple succeeds in that department -- even with their bloated catalog and draconian approval processes. They understand how to deliver products to consumers -- vs repelling them from a dumbass process, no matter how good that process may be in theory.
Click to expand...
Click to collapse
Couldn't agree more!
I'll add one more reason I wrap my head in ductape every time I download/install an app.
Think it's bad with every developer having their own authentication method? How about when each developer has a DIFFERENT authentication scheme for every app they make?
I like a rant - thanks for doing it for me as I agree with you 100%.
The top of my annoyance list (which you did include) are sites selling mobile software which are NOT mobile browser friendly, WTF is that all about?
Big Up, I still don't think anyone else would have done it in two hours.
Hey you warned them didn't you.
Haha Chainfire is there anything you cant do?
More in the Dutch press:
http://tweakers.net/nieuws/63713/nederlander-kraakt-nieuwe-beveiliging-windows-marketplace.html
While I do appreciate the "rant", I think you're missing my point - or perhaps I just don't agree. (Edit: that is in response to this post http://forum.xda-developers.com/showpost.php?p=4936479&postcount=7)
When I say "use our own licensing schemes", I do not mean codes sent back and forth through websites, screen you have to type stuff in etc. This is exactly not needed because Marketplace is also the delivery mechanism. In other words, the license code can be installed by Marketplace directly without the user ever seeing or hearing about it.
This is partly how the new system works, actually. However, if Microsoft supported license codes you give them things would be more secure (though granted, for a large part by obscurity).
Some authors will not care and simply not use it all, for example with the cheap apps it may not be worth their while. Others may wish to track license key usage, so that if suddenly 10.000 users start using the same key instead of the 1 who bought it, that key can be disabled, etc. Some may want the app to call home, some will not. Imagine that developers that do employ such anti-piracy measures will write their own verification / communication code, this beats the single point of failure we currently have. The crackers are back to having to crack each app independently and even then have a much lower chance of success.
Marketplace is the perfect opportunity to implement such a system that does provide some piracy security for the authors while for once it does not unnecessarily annoy the user.
To make the obligatory bad car analogy that fails in many ways, take you car keys. Everyone thinks it's normal to have a car key, so people can't just take your car. Of course, in line with some of the arguments against anti-piracy measures, car keys aren't really that useful, as there's always a brick - the universal key, and a car thief that really wants your car will get it. (You also lock the doors on your house, right?)
Now, the current situation is pretty much that everyone has the same car key. How useful is a car key in that situation? They way I see it (and I'm sure I'm not alone in that), is more like the actual car key situation. Some car keys are laser etched, or have something RFID-like in them and a receive in the car, or simply use different shapes, etc. That's a lot more useful than everyone having the same car key.
Sure, no matter what you do, eventually things will get cracked and it is a cat and mouse game. One of the reasons this is easily doable is because of the open nature and the very few restrictions of Windows Mobile. This is a good thing. No developer in their right mind would want to get to a restrictive system like is the case on the iPhone or other mobile OS's. That is not the point. That doesn't mean anti-piracy measures are useless though, far from it. The longer you can keep a release from being warez'd, the less you lose.
There are two arguments I hear coming back in various places by various people:
(1) If the normal users can't just copy it, then that is enough (even MS says this)
(2) Piracy works as advertising, you get more eventual sales, etc. etc
Both of these, are from my own experience, completely untrue. The thing is if one person cracks it, it usually spreads on those warez sites pretty quickly.
The big thing here is, the average user is apparently tech-savvy enough to search the warez sites first before buying, and that is just how it is:
We have played the game with that one warez site, monitoring sales when (apparent) cracks were listed and when they weren't (they do remove releases on request). This made a 30-50% difference in sales (with the number being highest during the weekends, and lowest during weekdays). For me that is enough data to know that both (1) and (2) are complete nonsense in the case of mobile apps. No matter all the pretty reasons and perhaps seemingly logical reasons you may come up with for (1) and (2), the numbers don't lie.
So, how would you like to get a 30-50% paycut? It's not like us developers are getting rich here, you know. Can we be blamed for trying to prevent this?
Now, here we have the chance to implement a system that is completely transparent for the user and can be made reasonably safe (and updatable), an obvious win-win situation for everyone involved except the warez people. Why exactly shouldn't we be aiming for this?
What is also painfully apparent here, as Microsoft themselves claim reason (1), that they have no idea what they are talking about.
i am no programmer so excuse my ignorance but doesnt everything eventually get cracked. Is there any mobile platform which hasnt a non cracked market place or sites where you can download paid apps for free?
Well done Chainfire
Hello Chainfire,
I am the webmaster of the Tamoggemon Content network, and just covered you:
http://tamsppc.tamoggemon.com/2009/11/13/advanced-marketplace-drm-broken/
http://tamswms.tamoggemon.com/2009/11/13/advanced-marketplace-drm-broken/
Furthermore, an email went out to MSFT asking for a statement. but this is not the reason why I registered here (!!!) - I am instead here to vent a bit being a Symbian dev myself.
While I fully understand your frustration, I think that allowing every developer to run his own DRM is not gonna do the store good. The reason is that the store was made to make purchasing apps simple - and by allowing everyone to run his own DRM I dont see much of a venue to do this anymore.
Whenever some kind of backend gets involved, there is a single point of failure - the only trhing I can think off now would be a very complet system based on servers.
Or, of course, platform security like on S60. But trust me - we wont want that!
Thanks! However, if you read my other post carefully you'd see it wouldn't make any difference to the ease of using the store (it wouldn't make any difference for the user at all), just to a part of the backend. And of course, each DRM system has a single point of failure, but the difference is in my case there is a point of failure per app, while in the current case it's a single point of failure for everything. There is no perfect solution, but there are better solutions than the current one.
I've been contacted by a handful of big WM devs by now who are of somewhat the same opinion.
microsoft.... when it comes to security, they are clueless as usual.
only apple is worse.
I find they windows-7 VPN and "encryption" funny , is there anybody that would trust it ? - even if it was not for the backdoors ?
Just wondering, is anyone else having problems accessing the windows marketplace from the phone? I was able to download a couple of apps yesterday after I installed a custom ROM (TPC Pro Series V3.2), but today I get a message saying there is an update, it installs the update but then I get the following message:
"Windows Marketplace for Mobile cannot connect right now. Try again later."
Is this because of the custom ROM and the latest update to the marketplace, or is this something other people are experiencing?
Remember the days when purchased mp3s were DRM protected and some companies like Sony even put rootkits on music CDs? Did that stop piracy?
Hopefully Microsoft will not repeat these mistakes... There is no need for any further 'protection' for marketplace apps. If a developer isn't satisfied with this mechanism then he/she doesn't have to publish their apps on the marketplace. There's no point in having a centralized app store if every developer uses his/her own licensing scheme.
Hi,
Is flashing cooked Roms from the forums legal?
I know it will void my warranty, but that has already expired
Thanks
Badwolve1
Yep, currently being discussed over here: http://forum.xda-developers.com/showthread.php?t=598449
Just a remark on this poll:
Even if 100% of the votes would be for "legal", it would still be illegal, as a poll cannot change existing laws.
The question I ask myself currently, is if the concept of copyright and intellectual property is outdated.
Fact is that music, movies, software, books, etc., get illegally spread around the internet in mindblowing quantities. Almost all citizens do it.
This leds me to think that in a democracy, if politicians would have the courage, they should let the people decide if copyright is to be maintained.
Of course, an abolition of copyright would have many consequences:
- no more commercial movies being done (at least with the current financial model)
- no music industry as we know it
- either cleverly protected software or just open source software and no commercial applications
As drastic as it may sound, I think the world could easily adjust.
And lets face it, if 100% of all those using an illegal content (music, movie, software, ebook, etc.) would be prossecuted, then almost every citizen of the western world would be convicted.
I think it is an interesting issue that will have to be discussed sooner or later. I don't believe in DRM and sever protection laws, as they will end up not working.
Companies will continue to make profit out of service (support, maintenance, training), but the intellectual property will sooner or later not be protected anymore.
Just my 5 cents...
Cheers,
vma
PS: Apparently Google chose not to file patents for their search engines, because they think it is safer if kept in secret. A patent will expire after a given period...
That shows me the future direction.
Too bad EU politicians are so dependant on lobbies.
I think everybody is well aware of the pain that software thieves like DavinciDevelopers and Chris Burchett is putting us through. Until Google cleans up their market policy and starts implementing some basic regulation, these robbers are going to continue stomping upon the intellectual property of the developers here.
As we all know, software thieves almost always exploit a very simple loophole: they delete signatures off the apks and then publish them to the Android market as a paid app under a different name, and everyone will be none the wiser. They make a quick buck from unsuspecting users who chance across the app and purchase it, and thus they profit off the labours of hardworking developers here. It matters little to them whether a thousand or a million users pass by their application page without choosing to install it, because every single user conned into paying for the app is a profit to them.
I strongly recommend that developers who publish their APKs here insert a pop-up into their application that appears on the first boot, stating very clearly that this app is freely published here (insert thread URL) and instructing the user to immediately seek a refund if he has paid for it, and to report the issue to Google.
In other words, probably something along the lines of:
PLEASE TAKE NOTE
This app has been freely published on XDA-Developers, and can be found at .
If you have paid for this app, PLEASE SEEK A REFUND IMMEDIATELY AND REPORT THE SELLER TO GOOGLE.
Click to expand...
Click to collapse
Additionally, you might also want to insert this in the "About" section of the app, if applicable.
Software thieves may be capable of deleting signatures, but they can't remove app elements. With users alerted to these dishonest actions, they will not only distrust them but send a flood of complaints pouring into Google, and sooner or later they'll have to pack up shop and think of actually doing something productive for society.
I'm sorry if this has already been suggested, but given the severity of this issue, I thought that it would be important to highlight this to all developers in here and out there. Not everyone may be aware of the dangers making the dive into application development, and fewer still might actually think of doing something about software pirates and intellectual property thieves.
Remember, this is only a short-term measure to help starve these software thieves of their ill-gotten gains (and perhaps also to create awareness for you and your thread). It does not preclude the usage of other anti-piracy measures, and it could be circumvented by the more tech-savvy of the thieves. In the long haul, we will still need to get Google to overhaul its Android Market policy to respect the intellectual property rights of developers.
Mods, please feel free to delete this or lock this thread if I am repeating what others have already proposed.
Madrenergic said:
Software thieves may be capable of deleting signatures, but they can't remove app elements. With users alerted to these dishonest actions, they will not only distrust them but send a flood of complaints pouring into Google, and sooner or later they'll have to pack up shop and think of actually doing something productive for society.
Click to expand...
Click to collapse
Just wanted to point out that this is not true. I've also seen people say that the package name cannot be changed. That's not true either.
A skilled developer could often easily delete app elements (Using obfuscation like proguard is a good deterrent). A crappy one might still manage, pirates do (Sure they'll add bugs in the process, but they don't care because they don't have to deal with the bug reports, you do).
A non-malicious example of hacking the internals of an app is how I enable long-press of Search on the Droid X/2 in my HomeSmack app (https://market.android.com/details?id=com.teslacoilsw.homesmack). Motorola hard-coded long-press of search to launch com.google.android.voicesearch/com.google.android.voicesearch.RecognitionActivity. So my solution replaces Google's VoiceSearch.apk with a modified one where I renamed Google's RecognitionActivity to RecognitionActivityReal and created my own RecognitionActivity. I kept RecognitionActivityReal functional so VoiceSearch can still be used.
It'd also be possible for the theifs to upload using your app signature. The disadvantage of course is that they can't modify it at all, even in the future.
As Louis Rossmann keeps pointing out, the devices we buy today are no longer fully owned by us. It has almost become like we only pay for purchasing the hardware, but pretty much everything after that isn't under our full control, including the decision to replace a component (if it is broken).
The software that drives the hardware requires a whole lot of permissions (many of which are unnecessary for core functions) to be granted, and the hardware would be useless if those permissions aren't granted. The user is completely unaware of this when buying the hardware. So the money he paid for the hardware would be completely useless if he doesn't agree to the things that the software forces him to agree, AFTER THE SALE/ PURCHASE!
And then on top of everything is the Privacy Policy! Alteast 50% (and I'm being extremely conservative here) of the features you would want from any app is locked behind a Privacy Policy that:
1. No one reads or understands
2. Most of these Privacy Policies are simple copy-paste from standard templates. The makers of these apps too have no idea (forget control) about them.
3. 'Data collected and shared with 3rd parties will be handled in accordance with their respective Privacy Policies' is a total rubbish statement.
Even the most basic apps such as the gallery, file manager, music player, video player, etc. are locked behind Privacy Policies, and the apps won't work if you don't agree to them. This is ridiculous. And more so because these are new 'agreements' that are presented to you 'post the purchase'.
This is like going to a car dealership, paying for a car in full and taking delivery of the car. Now when the user starts the car, he is presented with a legally binding agreement that he MUST ACCEPT in order to be able to drive the car. Was the user aware of this agreement BEFORE the purchase? The answer is NO!
GDPR passed by the EU is a welcome step in protecting user privacy, but is completely ineffective. All it does is to force OEMs or app developers to show a Privacy Policy message (that no one reads or understands), and then everything is the exact same as before.
Should data collection be stopped completely? But if not, should there be very strict regulations on what data can be collected? Should stock apps and software be allowed to collect data or have any sort of privacy policies, given that the customer paid to use the hardware out of the box, without having to agree to new contracts/ agreements he is completely unaware of at the time of purchase?
One of the very 1st screens that you see when you setup a phone (such as a brand new phone or a factory reset phone) is the OEM Privacy Policy. This is an agreement you weren't aware of when you bought the new phone.
This is an agreement you MUST agree to use a product that you already paid for. There isn't a choice available here.
Agreements must be presented BEFORE a payment is required, not after!
It is only a handful of companies that are the end users of data collected, such as Google, Facebook, and the OEM themselves. All the apps that collect data are essentially just a medium for these companies to collect user data. Most app developers themselves have no use for the data collected, except for passing them on to these companies in return for some payment.
Their declaration that 'Data is collected to improve the app or service provided' is mostly a lie.
Regulating what data is actually collected, and whether services such as those offered by Meta (formerly FACEBOOK) should even be allowed is something regulators must seriously look at.
First, what do you mean by "GDPR has been effective"?
There are differences between
1. GDPR does not include all the aspects of privacy violation, for example, your specific case is not included in GDPR;
2. GDPR is not properly enforced, ie. your privacy is violated under GDPR, but you cannot use GDPR as a weapon for your defense.
If 1, you can do nothing about it. It's legislators' job.
If 2, you have to look into the definition of privacy violation and articles of relevant sanctions in GDPR.
For me, if you are targeted by personalized contents (based on your personal data), with or without your knowledge, and have no way to opt out, I believe, your privacy is violated, and the third parties should be sanctioned for that.
wenyendev said:
First, what do you mean by "GDPR has been effective"?
There are differences between
1. GDPR does not include all the aspects of privacy violation, for example, your specific case is not included in GDPR;
2. GDPR is not properly enforced, ie. your privacy is violated under GDPR, but you cannot use GDPR as a weapon for your defense.
If 1, you can do nothing about it. It's legislators' job.
If 2, you have to look into the definition of privacy violation and articles of relevant sanctions in GDPR.
For me, if you are targeted by personalized contents (based on your personal data), with or without your knowledge, and have no way to opt out, I believe, your privacy is violated, and the third parties should be sanctioned for that.
Click to expand...
Click to collapse
GDPR, from what I know, is ONLY ABOUT OBTAINING USER CONSENT for collecting data about the user. Or atleast that is how the implementation has been.
Without user consent, data cannot be collected, which essentially results in the individual not being able to use the device, as that is how companies have ensured compliance.
This is like going to a car dealership, paying for a car in full and taking delivery of the car. Now when the user starts the car, he is presented with a legally binding agreement that he MUST ACCEPT in order to be able to drive the car. Was the user aware of this agreement BEFORE the purchase? The answer is NO!
This defeats the purpose of ensuring user privacy that one would expect from a regulation like the GDPR.
Has GDPR been formulated in a way that protects user privacy? It is safe to say NO! All that it has done is to present the user with a policy statement that must be accepted, and there is no choice that the user has in respect of being able to use the device without accepting those.
More importantly, as pointed out in #3, the data is being collected by hundreds and thousands of apps, which by themselves have no control or use for the same. And all data ends up with a handful of corporations who process them in ways that are not clear to the user.
For example, most smartphones now come with Meta Services pre-installed. What is this service doing? I don't see an option to opt-out of it and still be able to use the device. OEMs don't allow for such services to be uninstalled either, so user has to rely on 3rd party tools to have them removed, and the process almost always has a negative implication on warranty.
It is time regulators all over the world start working in implementing laws in genuine ways that prevent corporations from abusing user privacy.
Then, that is not a question of consent, but of bowing your head or not.
Submit to my terms, and you will get this or that. Otherwise, you cannot use my apps, services.
It's like legalizing lynching, your privacy is violated, and the third parties remain unpunished, laws like GDPR are merely cosmetic.
At philosophical level, what we have discussed above could possibly (and humbly) be summarized in one sentence "which is to be master", from Lewis Carroll's "Through the Looking-Glass".
“When I use a word,” Humpty Dumpty said, in a rather scornful tone, “it means just what I choose it to mean — neither more nor less.”
“The question is,” said Alice, “whether you can make words mean so many different things.”
“The question is,” said Humpty Dumpty, “which is to be master — that’s all.”
Click to expand...
Click to collapse
A relevant legal case in history was Liversidge vs Anderson during WWII.
Liversidge v Anderson - Wikipedia
en.wikipedia.org