1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ethics Question

Discussion in 'White Hat SEO' started by ContentFarmer, Jul 27, 2008.

  1. ContentFarmer

    ContentFarmer Junior Member

    Joined:
    Sep 21, 2007
    Messages:
    122
    Likes Received:
    12
    Occupation:
    Owner
    Location:
    Reno, NV
    Home Page:
    Yes, I know, funny to ask such a question on BHW, but I believe a number of you are ethical and just don't mind breaking/bending TOS.

    So, I'm thinking about putting a kill switch into my software. This switch would have 2 powers, activatable by me: 1) Delete the DB connection and all other deletable files, 2) Wipe the whole DB too.

    Now, these would not be passed via a URL as that would mean any jackass I killed could kill anybody else's script. The kill codes would be hashed in the code so that no one would be able to figure out how to kill everyone else's script even if they hack the IONCube code.

    I could use these for stolen copies of the script which I find or for jerks that do chargebacks after their copy is permanently licensed.

    The question: Should I do this? What are your thoughts?
     
  2. the_punisher

    the_punisher Power Member

    Joined:
    Feb 6, 2008
    Messages:
    506
    Likes Received:
    115
    yeah but do warn them first. maybe they pay up after the warning :)
     
    • Thanks Thanks x 1
  3. Rambo

    Rambo BANNED BANNED

    Joined:
    Aug 30, 2007
    Messages:
    499
    Likes Received:
    88
    Everyones opinion on this situation will be different as everyone has different ethical standards but its totally up to you.
     
    • Thanks Thanks x 1
  4. workfromhome11

    workfromhome11 Registered Member

    Joined:
    Jan 17, 2008
    Messages:
    65
    Likes Received:
    27
    I say do it... Its your right! Some may disagree but its a great way to deter theft a bit and those bs chargebacks.
     
    • Thanks Thanks x 1
  5. boomboomer

    boomboomer Executive VIP

    Joined:
    Feb 7, 2008
    Messages:
    705
    Likes Received:
    865
    Dunno where the question of ethics arises here. It's your software. You are free to do all in your power to prevent it from being stolen.
     
    • Thanks Thanks x 1
  6. Uptownbulker

    Uptownbulker BANNED BANNED

    Joined:
    Oct 21, 2007
    Messages:
    960
    Likes Received:
    477
    This is something that you CAN do but just because a thing CAN be done, does not mean that it SHOULD be done.

    What you are planning is illegal as Hell and you could get serious jail time if you ever got caught doing it and here's why...........................

    Let me say that chargebacks piss me off as much as they do you but they are part of life on the internet and there are civil remedies as well as remedies in the TOS of the payment service.

    You have those rights but you do not have the right to destroy someone's computer because you are pissed off at them! Consider that an auto mechanic does work on someone's car and that someone does not pay the mechanic. Does the mechanic have the right to set the car on fire? No, of course not!

    This is essentially what you would be doing and to make matters much, much worse, what you are planning is a very serious federal crime.

    For starters, it's called "illegally accessing a protected computer" and since all computers are considered "protected" simply because they exist; firewalls or not, anti-virus or not, as soon as you set loose your little Dog of War, you become an instant felon.

    Your program cannot wipe the drives clean enough to prevent a good forensic computer cop from finding eh evidence and trace it back to you and if you use this program, you will eventually piss off the wrong person and you will be found and charged.

    There are about a dozen other state and federal charges which could be brought against you and all it takes is conviction on ONE of them to ruin your life.

    A "kill switch" is fine; many programs have them but the DB wipe thing will get your ass wiped!

    Don't drop the soap!
     
    • Thanks Thanks x 1
  7. catman08

    catman08 Junior Member

    Joined:
    Jan 11, 2008
    Messages:
    171
    Likes Received:
    109
    Occupation:
    IM
    Location:
    Europe
    ... whenever you do this there needs to be one more fact though that you need to think about.

    What happens when for some weird reason that you can not forsee soemthing looks like your cutomer uses a unlisenced version of your software ... do you wipe out their whole DB although they might have not done anything wrong?

    another marketing question:
    Do you think people would install your script if they know that their is such a "Killer function" included? -> i doubt so ... many people would be scared -> leads to less or no customers.

    Better be nice to your customers and they won't fool you ;-) And the ones taht still do it ... screw them

    But well these are just my 2 cents :)

    P.S. also think about legal factor & worst case scenario: What happens when you wipe out an assexpensive DB that someone created. Maybe his whole busines sis screwed up and he lost 100000 or more? If he sues you ... who would win? You that says he stole my script! Or the other guy that says .. he wiped out my DB although he had no right to do that? Interesting isn't ...
     
    • Thanks Thanks x 1
  8. ContentFarmer

    ContentFarmer Junior Member

    Joined:
    Sep 21, 2007
    Messages:
    122
    Likes Received:
    12
    Occupation:
    Owner
    Location:
    Reno, NV
    Home Page:
    Thanks for the feedback. Very much appreciated.

    Now, an alternative that I thought of discussing this with the wife: How about activating a prepending to each post that linked back to my site and indicated that it was stolen? Doesn't destroy anything, gets me links back, deters theft, and ... less illegal?

    I'm asking b/c I want to aggressively protect myself while respecting my customers and staying legal.

    BTW: I will not construe anyone's advice here to be legal advice. Don't want my asking to backfire. I know I need to consult an attorney for legal advice. I'm just asking for your educated, experienced advice.

    And, thank you again!
     
  9. boomboomer

    boomboomer Executive VIP

    Joined:
    Feb 7, 2008
    Messages:
    705
    Likes Received:
    865
    I'm no legal expert but I think mentioning this in the terms of use of your software should be good enough since anyone using your software would have to agree with it ..
     
    • Thanks Thanks x 1
  10. catman08

    catman08 Junior Member

    Joined:
    Jan 11, 2008
    Messages:
    171
    Likes Received:
    109
    Occupation:
    IM
    Location:
    Europe
    Well ... i would suggest:

    1.) Make that your script autodissables itself.
    2.) Make your script post a follow backlink to your page ... or make you script stuff his visitors with cookies

    --> in this way you are protecting yourself .. and the guys that do not take your script off their page even give you some backlink or you get additional commisions for the cookiesstuffs you did (piggybacking his traffic)

    ==> this brings you way way more in the long run and ... this guy can not sue you ... cause all he has to do is either buy a legit version or not use your script.

    :)

    If you have a way of doing this let me know .. i am coding on something similar ;-)
     
    • Thanks Thanks x 1
  11. Uptownbulker

    Uptownbulker BANNED BANNED

    Joined:
    Oct 21, 2007
    Messages:
    960
    Likes Received:
    477
    The thing that you may have forgotten here is that you will not be able to sell anything on this forum under your present username as this series of posts has killed your ability to do so.

    You might be the nicest guy on the planet but no one is going to risk losing their box to software which might well contain a time bomb.

    Additionally, the software which you are designing, could (And don't even bother trying to tell me that it could not!) develop a glitch and just start eating boxes, left right and centre.
     
    • Thanks Thanks x 1
  12. samloron

    samloron Junior Member

    Joined:
    Apr 16, 2008
    Messages:
    184
    Likes Received:
    201
    Location:
    Õ°°°°Ø
    I agree with Genjutsu. Plain and simple.
     
    • Thanks Thanks x 1
  13. Mudvaine

    Mudvaine Registered Member

    Joined:
    Apr 6, 2008
    Messages:
    64
    Likes Received:
    79
    Location:
    Disney World
    you also have to consider the time and energy that you're contributing to keeping a small percentage of people out there from "eating your lunch," mean while you're waisting precious time on building your empire, alienating another percentage that could have very well would have purchased.

    I know that many BH'ers (Myself included) use software on here to see if it's all what's it's "cracked up to be" (pardon the pun) and I've purchased more than a few pieces that I felt were quality and completely served my purposes. I know this isn't everyone but I know more a than a few upstanding members in here have encouraged us to purchase after we've found value. ESPECIALLY if we've made money from it.

    I wonder if a lot of the so called "big Guru's" worry about this shit so much as apposed to contributing it to "a part of business" and factor it into their loss of doing business.

    I know you're working your way up and have bills to pay so I sympathize with you, at the same time I'm looking at the other side of the coin and wonder if you're not hurting yourself in the long run by focusing on the few when out there, there are many.

    Just my 2 cents worth as well.
     
  14. sikandar

    sikandar Senior Member

    Joined:
    Mar 15, 2008
    Messages:
    1,097
    Likes Received:
    1,003
    Well, as a seller you have every right to prevent theft or unauthorized use of your software. You can make it very simple by having a database of authorized users and their passwords on your server. Whenever somebody uses the software they have to access that database for verification. Whenever there is a chargeback, all you need to do is disable the record for that email id.
     
    • Thanks Thanks x 1
  15. MaxSteve

    MaxSteve Junior Member

    Joined:
    Jul 6, 2008
    Messages:
    167
    Likes Received:
    253
    Occupation:
    Network Owner
    Location:
    Ottawa, Ontario, Canada
    Home Page:
    Instead of having a kill switch, could you not have your software call out to your own server to verify that a valid account exists? If the person didn't pay and an account was not created on your side, the software wouldn't work. You'd obviously need to make it a bit more complex than I've described, but you'd avoid the legalities of trying to access someone's computer. Not only that, most people have a firewall on their PC, which you'd probably not be able to get through to disable your software.
     
    • Thanks Thanks x 1
  16. ContentFarmer

    ContentFarmer Junior Member

    Joined:
    Sep 21, 2007
    Messages:
    122
    Likes Received:
    12
    Occupation:
    Owner
    Location:
    Reno, NV
    Home Page:
    Thanks again for all of your feedback. I think the emotions expressed were the most helpful. After reading this all, I have decided not to install such a kill switch, primarily due to what will be public perception when someone finds a way to exploit it -- don't build a bomb you can't control (can you really control any bomb?)

    And, for the guy who said that by asking I have damaged my reputation: Perhaps, but I knew that to be a risk when I asked. I would prefer to question myself than take actions which might result in worse consequences for myself, even if in so doing I may hurt myself a little, its much less than a poor decision being executed.

    And, I'm sure the next version will be cracked and someone will look ever so much closely at the code to see if it's really there and find only awesome code.

    For the ones who suggested calling out to the server for validation: I did that in a version awhile back and found that people actually block access to the install except for authorized IPs. Logical reasons, of course, but as I get frustrated with hosts every so often and change them, my IP changes and that resulted in people's installs being devalidated. After about 9 months of that, I sent out an upgrade which disabled that aspect of it because to me taking care of my customers is more important than being super secure (if there is such a thing).

    Now, when they register, their sale is validated and the license key is IONCube-generated and bound to their server. I think that's about as good as I'll get, but you all tell me: For PHP scripts what do you use?

    The problem is that there isn't a 100% secure method, so as a number have pointed out, that's just the cost of doing business.

    Again, thanks to all as you helped me come to a solid decision I can be comfortable with, though remaining annoyed.
     
  17. urbanzen

    urbanzen Junior Member

    Joined:
    Jul 16, 2008
    Messages:
    122
    Likes Received:
    11
    I'm sorry, but as uptownbulker has mentioned, you will get the few % of jackasses that will get by your system, no matter how well thought out, and secure you want it to be. Look at all the cracked .exes out there in the net.

    "The problem is that there isn't a 100% secure method, so as a number have pointed out, that's just the cost of doing business."
    Yeah, you just gotta bite the bullet, and expand upon your market reach, to attract more sales instead.

    For PHP, we usually use a Zend-Optimized thingy, whereby Zend is a Unix server environment technology that optimize performance for your scripts by "compiling" your scripts, so to speak in layman's term.

    But then again, it's not 100%. It can be reverse engineered by dedicated jackasses.

    Hope that helps.
     
    • Thanks Thanks x 1
  18. ContentFarmer

    ContentFarmer Junior Member

    Joined:
    Sep 21, 2007
    Messages:
    122
    Likes Received:
    12
    Occupation:
    Owner
    Location:
    Reno, NV
    Home Page:
    Thanks. I know about Zend, but have IONCube. I don't know that either is more secure than the other, though there's something to be said about Zend's knowledge of the PHP core. :)

    I really do think that the advice, as reiterated by you, to "just deal" is the best.

    I'm really glad I asked. It was a great learning experience to see the reactions on here to just the suggestion of doing it. That was probably what was sitting in the back of my head telling me not to do it, but it really helps to see others' reactions.

    And, I totally agree with you about the hacking of exes. I always tell my clients that as soon as you hit the keys to enter something into your system, you should assume that it could be seen by anybody. If you really want security, then encrypt a message using OTP by hand, type it in that way, and have the recipient with their hand-held decryption key decrypt it on their end by hand. Then -- and only then -- can you assume 100% security (assuming the decryption localities and the one-time pad haven't been compromised of course).

    Again, thanks to everyone. It's very much appreciated. I was about to make a collosal mistake and you all protected me from myself.

    I have given everyone on this thread thanks and for a couple of posts added rep (the ones w/o visible thanks). I can't express my appreciation enough.
     
  19. catman08

    catman08 Junior Member

    Joined:
    Jan 11, 2008
    Messages:
    171
    Likes Received:
    109
    Occupation:
    IM
    Location:
    Europe
    I agree that is way of doing it. Its fair and you won't do harm to other that brings them and you into additional trouble.

    If you software is good at the end ... they will buy in this case anyway because they do not want to miss out on this one.

    So better forget about al the "Killer Function and TimeBombs" ... it will do you more harm than good.

    Just Imagine M*i*c*r*o*s*o*f*t would do that...

    I am sure they woudl run out of business very, very quick ...

    Cheers
    catman
     
    • Thanks Thanks x 1
  20. bhnoobz

    bhnoobz BANNED BANNED

    Joined:
    Jul 26, 2008
    Messages:
    395
    Likes Received:
    107
    I believe in protecting your investment. There are plenty of unscrupulous people that would steal your software than pay for it. Not to mention a charge back hurts because of the merchant fees associated with it on top of the reputation you have with your processor. Visa regs only allow for 1% charge back rate.. If you go over that consistently , you will lose your merchant account. It only really happens if you have an amazingly shitty product with even shittier customer service.


    To protect your merchant account and to help with charge backs, you should come up with a very specific purchase agreement mentioning your refund policy, software licensing and such. If you plan on selling a decent amount and are really concerned with charge backs, send out your product on CD or other physical medium. Physically delivering a product will help you while disputing a charge back by a lame customer. You can provide proof they received the product , as with digital downloads it is next to impossible . The merchant processor will usually side with the customer in such a case of a digital download. For fraudulent charges, I would suggest a 3rd party scrubber.

    The software I sell , which is mostly to computer deficient 'consumers' has protection built in that communicates with my server. My server maintains their license by email address. The software checks in every 5 - 7 days , sending their email address. This way I can disable refunded, charge backs, and the occasional asshat fraud monkey.

    I wouldn't destroy the software or the database tied to the software, that may be illegal in some states and could open you to civil and criminal liability. As long as you mention in your purchase agreement and licensing agreement what will happen to the software in event of a dispute, charge back or fraud, you should be able to disable access to the software without recourse.

    Perhaps to further protect the software and data, you could research some form of encryption for the tables. This way you would be able to further protect your software without causing harm to the end users' computer.

    But remember with more protection comes more performance degradation, end user frustration and possible problems later on.. It's a delicate balance between protecting your software while not frustrating the customer with security methods.
     
    • Thanks Thanks x 1