Eduard Gasull

Malware on the installer, yes or not? how would you fight piracy?

Recommended Posts

Actually, they didn't necessary break any laws with that.

 

For once, it depends on where you actually buy the Software, in what country and so on.

German law certainly doesn't apply here, neither does dutch law. You might life there, but you didn't buy the product there.

 

And to break german law with that, the passwords and usernames would have to be stored encrypted. And i'm not sure Chrome actually does that. Id they weren't encrypted.... bad luck.

Let's just say it's complicated. :P

 

Also, is it unethical? Yes, but we don't really have the moral high ground to actually point at others and call their actions unethical. Unless you are living in a third world country, then you actually have the moral high ground. So...

 

 

 

What they did was bad, no question asked.

But it also revealed a few issues we got these days:

 

Browsers that can store passwords and usernames is one of the issues, seriously.... it's the worst idea in the hiostory of browsers.

You are constantly connected to the Internet with them, and download Data and send data to servers. There always have been security holes in browsers, and there always will be. It's just one of the worst places to store passwords and usernames.

 

Another issues is of course people accepting and using such Functionality, because no one ever told them about the security risk.

 

 

Those issues should be addressed, people should be made more aware of security risks. They should also made aware of things like WhatsApp and their parent company Facebook, and what they actually do with privat data they collect. And there is countless other companies that sell privat Data.... that People give them with their free will... just cause they don't know better.

 

Or accepting of about every Programm thats send with an eMail.

 

 

Making people aware of such risks, would decrease the threat a lot already. Sure it won't go away. But this maleware FSLabs used would never have existed if people weren't so careless with their Data.

Share this post


Link to post
Share on other sites
4 hours ago, Kizna said:

Actually, they didn't necessary break any laws with that.

 

For once, it depends on where you actually buy the Software, in what country and so on.

German law certainly doesn't apply here, neither does dutch law. You might life there, but you didn't buy the product there.

 

You are incorrect, for sure in the US and the EU.  The customer buys in the country where he is located (that was changed in the law when online sellers were forced to charge LOCAL vat rates, think that was 2013).  So if you are in Denmark and buy a product from us we have to charge Danish VAT and apply to their law. But that does not matter in fact. If we would install malware on your system as part of the install process this is a violation of the Danish law as the 'crime' is committed in Denmark.  

 

To say that this nasty episode would not have happened if people weren't so careless with their data is a very strange leap of the mind. 

Share this post


Link to post
Share on other sites
On 08/03/2018 at 3:49 AM, Fragged^2 said:

You can't combat one illegal action (=Piratism) with another (=Distributing malware and obtaining private information illegally). This is not how civilized sociality works. There are legal avenues for combatting piratism.

 

Mathijs is on the point with his post.

 

Agreed.  They could start by scouring google and youtube for all the very openly illegal sites and videos and reporting them.

Share this post


Link to post
Share on other sites
21 minutes ago, Mathijs Kok said:

 

You are incorrect, for sure in the US and the EU.  The customer buys in the country where he is located (that was changed in the law when online sellers were forced to charge LOCAL vat rates, think that was 2013).  So if you are in Denmark and buy a product from us we have to charge Danish VAT and apply to their law. But that does not matter in fact. If we would install malware on your system as part of the install process this is a violation of the Danish law as the 'crime' is committed in Denmark.  

 

To say that this nasty episode would not have happened if people weren't so careless with their data is a very strange leap of the mind. 

I think it goes further than that.  It is ilegal to contract a criminal act.  it cannot be got out of b puting it in a civil contract.  Any limitation on which law applies would also not apply to the criminal act.  It may arguably apply to a contract but in this case there is no contract as there cannot be for an ilegal act.  In your exazple the police in Germany could be interested and act as the putting of the illegal software on the net occurred in Germany.

Share this post


Link to post
Share on other sites
vor 3 Stunden , Mathijs Kok sagte:

 

You are incorrect, for sure in the US and the EU.  The customer buys in the country where he is located (that was changed in the law when online sellers were forced to charge LOCAL vat rates, think that was 2013).  So if you are in Denmark and buy a product from us we have to charge Danish VAT and apply to their law. But that does not matter in fact. If we would install malware on your system as part of the install process this is a violation of the Danish law as the 'crime' is committed in Denmark.  

 

To say that this nasty episode would not have happened if people weren't so careless with their data is a very strange leap of the mind. 

 

Would that be also applicable if Aerosoft would be sitting in China?

That's what i'm trying to say: depending on where they got their company sitting, we won't be able to do much against them but boycott them.

 

 

And i don't think it's a strange leap of mind when I say that such things would not happen if we weren't as careless.

 

The point is: Someone had a terrible idea about offering a service in something that is very well known to have security issues.

People accept that terrible idea and store their data in something that is (Not necessarily to them, because who would have told them?) known to have security issues.

 

 

I see it as hanging a nice piece of meat around your neck, and standing in front of some Lions, and expect not to be attacked.

 

Share this post


Link to post
Share on other sites
31 minutes ago, Kizna said:

I see it as hanging a nice piece of meat around your neck, and standing in front of some Lions, and expect not to be attacked

 

So by this logic your are ok by gotten eaten by lions? 

 

This is not about storing or not your passwords in Google chrome. This is about somebody intentionally installing malware on your system to obtain private data from you which you had no intention at all to share with them. 

 

I am with you that many people are too careless nowadays with their data.

 

But that doesn't rectifies or excuses a crime. It is not like the lion wouldn't had another chance or in other words, another manufacturer wouldn't had another possibility to go after pirates. 

 

Share this post


Link to post
Share on other sites
46 minutes ago, Kizna said:

 

Would that be also applicable if Aerosoft would be sitting in China?

 

It would still remain a crime to install malware on your system regardless of where the criminal is in the world.
The moment he installs a malware and reads out data from your computer it is a crime commited in your place of residence.
You can sue him in your homecounrty for it.

 

What happens after the lawsuit is a different thing.

Somebody sitting in the Sahara, Russia or in China will surely not have many difficoulties getting away with it since the local police will hardly try to enforce the penality from the foreign country...

If this guy ever travels to your homecountry he'll be in trouble though.

Since the whole EU effectively acts as one country thanks to the Schengen agreement this means if somebody from China would enter any of the european states he would likely be arrested the moment he tries to enter that country.

Share this post


Link to post
Share on other sites
5 hours ago, Kizna said:

Would that be also applicable if Aerosoft would be sitting in China?

That's what i'm trying to say: depending on where they got their company sitting, we won't be able to do much against them but boycott them.

 

Absolutely. It's been a long fixed fact that where the crime is committed it can be followed up on. But indeed, the location matters a lot.

 

Let me explain. One of the task my department in Aerosoft has to fight piracy. My people find the YouTube videos with download links and we write YouTube to remove it. Several times a day. We spend a lot of money sending out these notices. The good thing is that companies like YouTube, Facebook, Google etc are very fast these days to remove that content and make life hard for the rats who put it there. But other sites are located in Russia, Turkey and other countries are simply ignoring anything you send them. Other sites do reply but ask you to jump through hoops dozens of times before they take any action. A Turkish site asked us this week to send them notarized proof, translated in Turkish that we are the copyright owners of the CRJ add-on.  I am 100% sure that if we did them they would not accept that as 'proof'.  China is different. It's pretty easy to get something removed there. Fast and efficient replies these days. 

So indeed, there is not a lot you can do often. But in this case FSL is located in the EU and thus bound by EU laws. Just as we are. If we install illegal malware on your system it does not matter where you are. You can use the EU law to go after us. 

 

Want a very simple trick to avoid getting ripped off on the internet? See if you can find a street address and a telephone number. If you are about to spend a lot of money call the number and see if the company picks up the phone. Or check the website if they use real names, see if you can find info on the CEO. A real solid company has nothing to hide. Of course some companies do not have office anymore and in that case just send them a mail. 'Sorry for sending this mail, just wanted to make sure somebody is reading email before I buy'. A good company will respond fast and nice. A good company will LIKE it when you send an email like that. They will be eager to let you know they are legit.

 

Of course a simple Google search will dig up a lot. FSL always wanted to go into the professional market but any pro customer does research and guess what will pop up first... That's why a reputation is so incredibly important. When I was talking to a big professional customer lately they had a whole load of printouts from upset customers they asked me to comment on. Not as problematic as having to explain malware of course, lol. Every company makes mistakes. for the smaller ones it is how you deal with it, for the real big legal ones it is often if you survive. 

 

 

  • Upvote 1

Share this post


Link to post
Share on other sites
46 minutes ago, Mathijs Kok said:

 

We deal with that a lot. Our 50 year old customer will not pirate but the 16 year old kid will be far more likely to fall for the temptation. What could go wrong right?

 

Well often things do go wrong and I end up talking to a parent who is about to skin his/her kid alive for doing something that stupid. But kids (teenagers) will be kids (teenagers) and I did some crazy stuff when I was 17. If we get a good report with he parents, you know what we often do? Send them a boxed copy of the product. For free. Not only because that pirate kid is hopefully a great customer for fs add-on companies later, but also because having the box in your hand seems to make it easier to understand it did cost a heap of money to make the files. For our Airbus project we now have 4,5 people working full time. For over 2 years.  And believe me, I'm not cheap, lol.

 

But in the end, you said the magic word, trust. if customer do not trust the add-on builders we all lose. And THAT is why I am so pissed off. I need to work harder to explain to professional customers that we don't pull stunts like what happened. I know a customers who deleted pre-orders because of this. I need to spend time writing an post like to to repair damage I did not cause. Basically it cost us money. 

 

Trust comes on foot but leaves on horseback. 

Well said Mathijs!

And your customer service efforts to deal with piracy in a Professional manner, not some back room, shady method that will impact the entire freaking community! (That fact is so lost on some...thinking ONLY FSL has to deal with this).

Trust is the key as you say...and to put your great comment into a computerisque' tone "Trust comes in years of effort building good customer relationships, but leaves in a microsecond NANOSECOND of complete and utter stupidity!" ;)

 

FSL not only obliterated trust for them, but for EVERY flightsim software vendor is impacted...having the eyes of the computing world examining us as recent, global computer enthusiast sites have picked up...our community is now viewed as a bunch of prepubescent kids trying the best way to get a copy of an airplane for free.  Not how we want to be portrayed to the rest of the world for sure.

  • Upvote 2

Share this post


Link to post
Share on other sites

Steve, you are so right. This is bigger than one malware invested installer.  If you would read the private skype groups where fs add-on devs are gathered you would read a lot of comments I could not post here. 

But in the end.... these kind of things are quickly forgotten. Not always good.

Share this post


Link to post
Share on other sites
1 minute ago, Mathijs Kok said:

these kind of things are quickly forgotten.

This is ONE issue that should never be forgotten as we all know....I hope if nothing else if it fades into obscurity, the justified actions were taken and the issue was dealt with accordingly (I feel we'd know that by seeing a certain website suddenly vanish with no explanation, all eCommerce activity suspended and eventually terminated) ;)

 

9 minutes ago, Mathijs Kok said:

If you would read the private skype groups where fs add-on devs are gathered you would read a lot of comments I could not post here. 

LOL I can only imagine the firestorm it created in the Dev back rooms.  I was a sailor for 11 years and I bet some of the expletives  heard on those private Skype sessions are ones even I never heard from my fellow sailors...ROFL!  (and we even made some up)

Share this post


Link to post
Share on other sites
On 18/03/2018 at 9:27 AM, Frank Docter said:

I would advise you to buy the product that may or may not have malware supplied with it. 

Was there any need for that Frank? 

Let's just get the facts right. As long as you did not enter a known pirate code the "malware" self deleted and was never on your system. Read that again as its very simple. But I think you already know that anyway.

There have been enough ill informed drama queens shouting out for attention on the topic.

Here we are weeks later and you come out with a loaded comment like that.

Lets just say from you that's very disappointing and totally uncalled for under a topic that should be for info on your A320 not having snipes at another for no reason at all. He was asking about your product. 

FSL A320 is and will be nothing like yours as you acknowledge many times yourself. Two different ways to do the same aircraft for a different type of simmer, there is room for both and each to their own. Your team have made huge strides to make your A320 a great product for the market your targeting. Is it to much to ask for that both you and each others fan base to just respect each other for what you have both done. 

I make no bones that am I huge FSL A320 user and fan. But at the same time I personally really respect what Aerosoft are doing with your new A320 and it looks like a great product if you have no wish to have a version like FSL. Why not just leave it at that?

  • Like 1
  • Upvote 3
  • Downvote 7

Share this post


Link to post
Share on other sites
36 minutes ago, walterg74 said:

 

 

So in other words, as long as there was nothing in your house that may be of their interest, the burglar left huh...? Sure....

To use your analogy, No your “burglar” alarm never went off and no “burglar” never came to your home. Because you nor your home was of zero interest to anyone. 

  • Downvote 2

Share this post


Link to post
Share on other sites
1 minute ago, Nyxx said:

To use your analogy, No your “burglar” alarm never went off and no “burglar” never came to your home. Because you nor your home was of zero interest to anyone. 

 

Except that’s not true. Alarms DID go off (or did you think people “magically”detected it..?), the bruglar certainly did enter my home,  The module is there, and you have absolutely no knowledge about the code whatsoever to know where it snooped or not. 

 

And besides all that, bottom line is what you (or I) think is irrelevant. It is illegal, period. 

  • Upvote 4

Share this post


Link to post
Share on other sites
1 minute ago, walterg74 said:

 

Except that’s not true. Alarms DID go off (or did you think people “magically”detected it..?), the bruglar certainly did enter my home,  The module is there, and you have absolutely no knowledge about the code whatsoever to know where it snooped or not. 

 

And besides all that, bottom line is what you (or I) think is irrelevant. It is illegal, period. 

Expect it is true.

You really need to know the facts. I installed it 8x due to other things, nothing was installed on my pc apart from my legal copy. Also it was the very pirates themselves that bought it to light and the main guy they was after did a huge runner closing his web site down and wiping himself of the web.

 

The only thing I will agree with you on is they should not have done it. The reason behind it I don’t blame them for. 

 

As long as you did not enter a pirate code into the installer you had nothing else installed, it really was as simple as that. Wrong yes but unless your stealing it, if your not then watching grass growing is more interesting. 

  • Upvote 2
  • Downvote 5

Share this post


Link to post
Share on other sites

Gents this topic stays closed. 

 

As always I believe we should stick to the facts and I what Frank wrote ARE the facts.  If you feel FSLs illegal behavior is acceptable or that you trust their comments is personal decision. 


How this all ends remains to be seen. Clearly there are investigations ongoing in several countries and it is not for us to predict the outcome. 

  • Like 1

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.