13 July 2006
Concerning SnertSoft “phone home” Code & License Disclosure
There has been recent comments and concern expressed in the
comp.mail.sendmail newsgroup about the “phone home” code present in SnertSoft products and whether or not sufficient disclosure is made.
All SnertSoft software are distributed as commercial or free source, and is intentionally not “open source” as defined and trademarked by the Open Source Initiative. The SnertSoft license that currently accompanies its software prohibits redistribution of the code, a typical restrictions found in almost all software licenses from commercial vendors.
In order to enforce that restriction, one or more measures are required to ensure adherence to the license. Most commercial software is distributed in binary form built for a specific operating system and CPU. One method to control or monitor illegal redistribution of the software is to add license activation code (that is both difficult and troublesome to remove) and issue each client their own unique license “key” that will unlock and enable the software. In addition, network capable software may choose to register the license activation with the software manufacture by “phoning home” details such as the product name & version, license key used, MAC address, IP address, host name, OS, and/or CPU. Microsoft, Symantec, and other software manufactures take such measures in their products with ever increasing frequency.
Since SnertSoft software works on a larger number of different operating systems and CPU architectures, such as AIX, Mac OS X, OpenBSD, Solaris, Linux, etc. using processors such as AMD or Intel 32 & 64 bit, MIPS, Sparc, PowerPC, etc., it is currently not practical to distribute pre-built binary products with license activation code for all possible platforms.
However, the need for some means of license activation or monitoring still remains in order to control illegal distribution. The choice SnertSoft made was to add “phone home” code to its code base and disclose this in the software license. The choice to use an activation key as well was deemed too cumbersome to implement and coordinate at the time and so was discarded. These choices may be revisited in the future.
In the SnertSoft software license, the clause “any and all code license checks and controls” are the terms chosen to refer to the collection of license control methods that might be used, such as license key activation and/or “phone home” code. For example from the LibSnert license version 1.3:
“… You may compile, install, and use this Package, with or without private modifications, exclusively on machines You legally own or rent from a third party, provided You retain this notice, the Author’s copyright notice, any and all code license checks and controls, and any links within the Package back to the most current online versions of this License and Disclaimer.
SnertSoft believes the wording is simple, clear, and sufficiently adequate without a lot of legal or technical jargon. A choice was made to keep the license as brief, yet legally correct, as possible so that clients might actually read and understand the software license agreement. The longer and more complex the wording, the more likely individuals will just ignore it and assume for the most part that it is correct, which occurs often with click-through licenses.
Clearly, given the court of public opinion, our desire for brevity and easy of understanding of the license was too earnest and SnertSoft acknowledges that some additional, though still short, companion text or alternative phrasing should be used in the next license revision to clarify or itemise some of the methods that might be employed for “license checks and controls”.
The “phone home” code implemented by SnertSoft takes the form of a simple email message sent by direct SMTP to our servers. It contains the product name & version, library version, IP address, host name, and a timestamp (see below). Since the software is distributed in source form, the client can review and see the exact nature of the communication, which is no more revealing than what would be found in an email sent to SnertSoft. The only difference here is that the “phone home” code sends a message once each time the software is started.
Claims of “spyware” or unethical behaviour on the part of SnertSoft are both unfair and unjustified. SnertSoft believes their actions in this regard to be honest, reasonable, and open to those who choose to read the software license and review the code. Contrast this with software products distributed in binary form, the client would be required to either disassemble the binary code, typically prohibited by the software license, and/or employ a network packet sniffer and then decode or decrypt the message contents if they can.
Lookup the definition of the word “spy” and the reader should find something
along the lines of “watch, observe, or inquire secretly”. SnertSoft believes that there is nothing secretive nor hidden about the behaviour of our software in contrast to other vendors.
We acknowledge that our chosen method of distribution in source form with its simple license control can be easily circumvented by simply deleting the “phone home” code, but such a blatant act would be construed as theft and would only result in legal action by SnertSoft when discovered.
SnertSoft has always strived to provide both useful quality products and professional service, and our goal is to continue doing so into the far future. To that end we have to protect our product and clients to ensure that future.
SIRET #489 259 937 00014
Sample of a received “phone home” message:
Return-Path: <MAILER-DAEMON@mx.snert.net> Received: from mx.snert.net (mx.snert.net [188.8.131.52]) by pop.snert.net (8.13.7/8.13.7) with SMTP id k6CLcs4e020333 for <firstname.lastname@example.org>; Wed, 12 Jul 2006 23:38:56 +0200 Date: Wed, 12 Jul 2006 23:38:55 +0200 Message-Id: <200607122138.k6CLcs4e020333@pop.snert.net> Received: from milter-sender by mx.snert.net (mx.snert.net [184.108.40.206]); Wed, 12 Jul 2006 23:38:54 +0200 Subject: milter-sender/1.12.905 (mx.snert.net [220.127.116.11]) Priority: normal libsnert=1.62.832