[milters] Archive

Lists Index Date Thread Search

Article: 1029
From: Taylor, Grant
Date: 2006-07-13 12:25:23 -0400
Subject: Re: Concerning SnertSoft "phone home" Code & License Disclosure

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support

David F. Skoll wrote:
> Hi, Anthony,
> I don't think many people will accept your response.  IMO, phone-home
> code is wrong, and a security risk (you didn't address my security
> concerns in your statement.)  I think you even knew in your heart it
> was wrong by not disclosing it clearly up-front.

My personal opinion is that people do not have to accept Anthony's response, just that
there should be one.  This way, people will be informed of the ""issue and can
decide if they like the software package as a COMPLETE package.  If people do not like it
then they can find some other product.

> I think you should remove it.  You will alienate far more potential
> customers with the phone-home code than any gains you'll make from
> preventing people from ripping you off.

Do you know any people that are running Windows with WGA installed so that they can
receive Windows Updates?  Do they still run Windows?  Do they have a viable choice to run
Windows verses something else.

> If people are determined to steal, they'll just do it, license be
> dammned.

This is true.  However, a fence will only keep honest people honest.  There has never been
a lock built that can not be picked.

> Let me ask you this: Has the phone-home code ever led to your successful
> recovery of funds from someone who was using your software illegally?

Has an expensive vault helped to prevent a bank robber from stealing money from a bank
branch office that has not opened yet?

> Also, what if someone buys out Snertsoft?  Maybe I don't mind my
> computer phoning home to Anthony Howe, but maybe I'd prefer it not to
> phone home to MegaCorp.  Or perhaps some cybersquatter or fraud artist
> will seize "milter.info" for nefarious purposes.  There's far too much
> danger in the whole concept.

There is also danger in having your mail server connected to the internet.  Heck, you
could be hit by a car just walking out to the street too.

> Finally, your assertion that your phone-home code is not spyware may
> be incorrect in some jurisdictions.  For example, see the definition
> of "spyware" here:
> http://www.nve.vt.edu/cias/Resources/glossary.htm#S
> I'm pretty certain a good lawyer could successfully argue that your code
> fits the definition.

I'm pretty certain that I could make an argument that a LOT of software would fall under
this definition.  What if I install Adoby Acrobat Reader and it checks for an update with
out my explicit permission to do so.  Sure, I could turn it off AFTER I'm made aware that
it will update.  However, by default it will update, or see if there is a new version and
then ask if it should update its self.  The point being that it does check in the back
ground with out the lay user knowing that it is going to do so and as such does so with
out "...explicit, informed consent for such use...".

Grant. . . .

Lists Index Date Thread Search