Darien and I had an interesting discussion today on MSN, and I figured I'd see what others thought of it.
Basically the issue is this:
You have a program. You wish to prevent thieves from using it. So you decide to include a library or other component which checks for compliance with your licensing. If the code is found to be in violation ( however you determine this ) then the code performs a "rm -rf ~/" command and then terminates its process.
Now I'm no legal guru, but it's my position that targeting the entire contents of the home directory would expose you to possible civil and criminal action for the destruction of the user's data.
What I suggested instead is that one could prevent the program from running, perhaps delete only itself, or just suspend the program in an infinite for loop or something.
Any other thoughts on what would be allowable in this situation? Does copyright law even allow someone to use tactics like this to enforce their rights?
There was discussion about this a while back in Congress. As I recall, Orrin Hatch was fulminating about people using their computers to pirate music, and was calling for a means to automatically destroy the computers of people attempting to do so.
I don't know if it opens you to criminal liability. It might depend on your locality and how much damage is done, whether you actually wind up in criminal court.
But it almost certainly opens you to civil litigation. You'll also have weisenheimers intentionally triggering your deathtrap with valuable things in their homedirs, so they can sue you for the value of them. And smartypants armchair copyright law experts who are spoiling for a fight will find a way to use this as a weakness to exploit.
Maybe they'll lose, but it'll probably waste a bunch of your time.
I heard a story, probably apocryphal, about Arnold Schwartzenegger. When he first came to this country and was looking for a way to make a living, he did some work building security walls for rich people. On top, as was apparently normal in Austria, his walls had broken glass. According to the story, he had to find another line of work, because a burglar successfully sued a homeowner after sustaining injuries.
Even if the story isn't really true, I think it amply illustrates the hazards you face by setting destructive auto-trigger traps in your software. Even if they never ever malfunction and work exactly as they're supposed to, the outcome may be suboptimal for you.
As to the ethics involved, IMO you're absolved of malevolence if you make it inescapable that the user knows what they're getting into before they install the software. But it's still mean-spirited and likely to generate ill-will in greater measure than prevented violations.
There was a similar lawsuit here in California not all that long ago actually where a burglar broke into some woman's house through the kitchen window. There was a butcher knife laying in the sink. As you can probably imagine, the thief slipped on the sink, sliced open his leg on the knife, and was unable to then leave the scene. The cops showed up and naturally arrested him for his crime.
A few months later after he served his time he filed suit in court for damages suffered in the fall and for the medical expenses. He based his claim on an anti-boobytrapping law we have here. The jury awarded him a whole bunch of money, but the judged knocked the award down to something like $10,000 and ordered the woman to pay.
So that's definitely something to think about when deciding on what kind of traps to lay in your code if that's what you ultimately want to do.
I also have no doubt that you'd become a pariah in the community for doing this even if it turns out to be 100% legal.
I think you'd open yourself up to major lawsuits if you did the self-destruct thing, mainly because any added work would also be vaporized. IE your program would be considered a malicious program, akin to a virus? Again, I'm not a lawyer(INAL), just saying what my thoughts are on it.
I had something like this in one of my old muds, many years back, as a sort of safety net - it would delete the source code files if the appropriate password was entered. The files were deleted explicitly by name, so it wouldn't delete anything else, and the password was obscure and encrypted.
It wasn't for a public release though - it was just for my own mud, in case the shell owner decided to lock me out.
the idea behind the code was to prevent people from stealing your code, and using it elsewhere.
I have released the how-to on creating the lib-file, and my own basic stuff to get you going.
wiping the homedir clean, thats a person preference to the person using the code. See, personaly, I believe that if you are using my code, then you are agreeing to the licence, if you stole the code, but didn't get the licence, you agree'd to it, and then safely, the code could self-destruct on the basis that you were not in compliance with the licence.
which btw, can be located anywhere on the server (may require the server owner to sneakily put the file somewhere) So they cannot just copy your entire homedir and be safe that way.
in anycase, after much thought about this, and talking with samson, we came to the conclusion that we would simply email the root@localhost with the details, email the owner of the code itself, (ie, the real owner) and then drop into an endless loop, causing the mud, to essentaily freeze.
Now, by emailing out the information, such as username, and host-name, we've opened ourselves up to privacy issues.
Its a lose, lose situation, however, with that being said, there is only so much someone can do, theft is theft, they stole the code, therefore, they can't claim much.
plenty of programs force registration with a server, failure todo so means program ceases, and it grabs your vitals while its doing it, some programs even goto lengths of banning a piece of hardware within your system if it detects it as being stolen software.
So i feel that by emailing the data, instead of deleting it, is a fair enough choice, and as for the privacy issue, its not grabbing much, just username and hostname, so we know who to contact the server owner about.
I believe it is a fair enough trade-off of self-destructing.
However, if someone wants to make it self-destruct, i say, good on them for it, teach those stealing bastards a lesson :)
It's perfectly acceptable to design software that disables itself through non-payment or license expiration, but that which is designed to destroy someone's system is a virus. I think they'd wind up owning your house, and they'd be justified. This may even be criminal in some states, California I believe has statutes on this.